Re: [PHP] Sometimes I wonder why I even started programming...
At 12:36 PM -0500 2/28/08, Eric Butera wrote: And I'd appreciate it if you kept all your posts about wearing dresses to yourself but it isn't going to happen. :) What ain't going to happen-- him posting or wearing dresses? tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
At 1:18 PM -0500 2/28/08, Daniel Brown wrote: There is a time and a place to presume at least a small piece of intelligence on behalf of the poster. And when does that happen? It never happens when I post things. :-) Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
2008. 02. 28, csütörtök keltezéssel 20.25-kor Nathan Rixham ezt írta:
Robert Cummings wrote:
On Thu, 2008-02-28 at 19:37 +, Stut wrote:
On 28 Feb 2008, at 19:17, Wolf wrote:
Jason Pruim wrote:
My editor automatically replaces like 4 spaces with a tab... Is
there a reason not to use tabs instead of spaces? :)
I use spaces since when I indent with 4 spaces it is significantly
easier to read the code then with 4 tabs...
4 spaces are before this
4 tabs are before this
Pretty easy to follow code that does
{
{
{
{
}
}
}
}
Versus the alternative, especially with the character wrapping in vi
and other text editors.
At least, that's IMO
YMMV
Except that if I inherit your code and I find it easier if it's
indented to 8 spaces you've taken that choice away from me. Tabs are
configurable on nearly all editors that exist in the world. If yours
doesn't let you change the tab width, get a new one. But if you don't
care about people who might end up working on your stuff, keep using
spaces. Just hope you never change your mind.
It's almost a standard across the industry to use spaces. But hey, if
you wanna take away my choice to use spaces whenever I work on your code
down the very long line, that's fine. I'm just gonna use my JOE editor
to fix them and purify any mixed tab/space indentation. If your editor
can't do that then you should get a better editor ;)
Cheers,
Rob.
I use tab's in all my code, and replace them with spaces when
posting/mailing for legibility.
couldn't imagine ever hitting space 4/8/12/16+ times to write a line of
code when i can just tab/shit+tab to indent.
I use spaces for indentation but never hit the space bar. my editor
converts my tab hits to the configured number of spaces, that's it.
greets,
Zoltán Németh
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
2008. 02. 28, csütörtök keltezéssel 22.42-kor Robert Cummings ezt írta: On Thu, 2008-02-28 at 23:52 +, Nathan Rixham wrote: Robert Cummings wrote: On Thu, 2008-02-28 at 20:43 +, Nathan Rixham wrote: [snip] Eric Butera wrote: I can hit tab and shift/tab too and it puts in spaces for me. [snip] Robert Cummings wrote: Uhhhm, I hit the tab button also and it does the right thing (namely inserts 4 spaces). Also, when I hit enter it auto tabs. [snip] *kicks zend studio* [and nano and textpad and dreamweaver] :( what ide's editor's do you two use? zend's use of javaw is killing my win2k3 dev machine anyways. I don't use an IDE. I use JOE. It's a terminal based editor. Works the same whether I'm local or remote. The nice thing about linux is how easy it is to make things work the way you want. My browser source viewer links to a PHP wrapper script that pops up a gnome-terminal with the specification to load the JOE editor on the page source. My default editor in linux is JOE. It just works. Plain, simple, 100% keyboard, keystroke macros, etc, etc. I love it. You probably won't :) couldn't be further from the truth! sounds perfect - I spend most of my life in putty anyways, generally using nano to type. I did say probably... you may be the only one ;) When working I click an icon on my taskbar, it opens three terminals in my favourite layout. I usually use one to edit HTML, one to edit whatever module I'm working on, and another for whatever else needs to be done (CVS commits, CVS updates, SSH, etc). see I've only recently started using versioning software all the time, I'm currenly svn'ing, how does CVS weight up against it? I need to look into SVN. I've been meaning to take a look at it for over a year now but the motivation isn't terribly strong since CVS does everything I need and I have a lot of stuff in CVS. The main problem with CVS I see is that it can be pig-assed slow when updating. Also it has deficiencies when handling directories. I imagine whenever I get around to taking a look at SVN I'll also have a poke at GIT. I strongly recommend git. it has several great advantages above cvs or svn. for example, it does not store whole copies of the whole tree if you make a branch, but stores only the differences. it is much faster, and losing a commit is really hard even if you screw things up seriously (I know I've done that a couple of times when I was new to git, but I could manage to restore everything) greets, Zoltán Németh I use a workspace to the right of my dev workspace in which I load my browser for checking layout and JavaScript etc. To the left I have a workspace where I keep a tails on my log files. I rarely tab through more than 3 windows in a workspace and I rarely use the mouse. Cheers, Rob. snap, keyboard for 99% of things, I seem to have my left hand glued around ctrl/shift/tab/z/x/c/v/q cheers for giving away some of your set up, I'm going to give joe a try! No problem. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Feb 27, 2008, at 4:51 PM, Jochem Maas wrote:
Jason Pruim schreef:
So I was supposed to go home a half hour ago but that didn't
happen... I hate deadlines! :P
in my home language Pruim means prune ... you sound like you've had
to suck on
one to many ;-)
Can someone tell me why this code works for setting the table name:
dunno. lets rewrite the thing shall we? let cutdown on variable
usage, shorten some
names and use a verb rather than a noun to name the function ... and
let's learn
about 'by reference' parameters (notice the '' before '$table')
function authenticate($user, $pass, $table)
{
// do you want to stop/catch 're-authentication'?
if ($_SESSION['loggedin'])
return;
// escape your data!
$pass =
mysql_real_escape_string(md5(someThingOnlyDanBrownCouldGuess.
$pass));
$name = mysql_real_escape_string($user);
// only select what you need (no semi-colons [needed] to delimit
the query)
// name + password should be unique! so no real need for the LIMIT
clause
$res = mysql_query(SELECT tableName FROM current WHERE
loginName='{$name}' AND loginPassword='{$pass}' LIMIT 0,1);
// I think a die() is overkill
// rather an abrupt end to the script, such errors can be with more
grace
if (!$res)
die(Wrong data supplied or database error .mysql_error());
// nobody found - bad credentials, authentication failed
if (!mysql_numrows($res))
return false;
// grab data
$row = mysql_fetch_assoc($res);
// set session data
$_SESSION['user'] = $user;
$_SESSION['loggedin'] = true; // use a BOOLEAN ... because
NO equates to TRUE!
// no idea what this 'table name' is about but ...
// let's set the 'by reference' variable to the value we found
$table = $row['tableName'];
// user authenticated!
return true;
}
which you would use like so:
$spoon = null;
if (authenticate(Jochem, MySecret, $spoon))
echo authenticated! table is set to $spoon;
else
echo authentication failed, there is no \$spoon;
I think the real question is... why are you using tabs instead of
spaces? =D
~Philip
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Wed, Feb 27, 2008 at 5:12 PM, Daniel Brown [EMAIL PROTECTED] wrote:
On Wed, Feb 27, 2008 at 4:55 PM, Jason Pruim [EMAIL PROTECTED] wrote:
So I was supposed to go home a half hour ago but that didn't happen...
I hate deadlines! :P
You whine like a mule.
[snip!]
function authentication($user, $pass, $authenticated, $table){
// Keep in mind, PASSWORD has meaning in MySQL
// Do your string sanitizing here
// (e.g. - $user =
mysql_real_escape_string($_POST['user']);)
$salt = salt;
$salt1 = $salt;
$salt1 .= $pass;
$password = md5($salt1);
$loginQuery = SELECT * FROM current WHERE
loginName='.$user.'
AND loginPassword='.$password.' LIMIT 0,1;;
$loginResult = mysql_query($loginQuery) or
die(Wrong data supplied
or database error .mysql_error());
while($row1 = mysql_fetch_array($loginResult)) {
$_SESSION['user'] = $row1['loginName'];
$_SESSION['loggedin'] = YES;
$authenticated = true;
$table = $row1['tableName'];
}
return $table;
return $authenticated;
} \
I recognize that code, Jason! At least the base of it (and the
comments). ;-P
See in the first block how you're using $_SESSION? That's why
you're able to read it later because you have two return $xxx
lines in each function.
As soon as a function reaches a `return` statement, it returns
that data and exits, so the second `return` is never processed.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Guess all your posts stating to sanitize data just really don't have
an impact, huh? Perhaps you should stop posting code that doesn't
validate/escape as it will be copied and pasted as I've told you
before.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Feb 28, 2008, at 11:11 AM, Philip Thompson wrote:
On Feb 27, 2008, at 4:51 PM, Jochem Maas wrote:
Jason Pruim schreef:
So I was supposed to go home a half hour ago but that didn't
happen... I hate deadlines! :P
in my home language Pruim means prune ... you sound like you've had
to suck on
one to many ;-)
Can someone tell me why this code works for setting the table name:
dunno. lets rewrite the thing shall we? let cutdown on variable
usage, shorten some
names and use a verb rather than a noun to name the function ...
and let's learn
about 'by reference' parameters (notice the '' before '$table')
function authenticate($user, $pass, $table)
{
// do you want to stop/catch 're-authentication'?
if ($_SESSION['loggedin'])
return;
// escape your data!
$pass =
mysql_real_escape_string(md5(someThingOnlyDanBrownCouldGuess.
$pass));
$name = mysql_real_escape_string($user);
// only select what you need (no semi-colons [needed] to delimit
the query)
// name + password should be unique! so no real need for the LIMIT
clause
$res = mysql_query(SELECT tableName FROM current WHERE
loginName='{$name}' AND loginPassword='{$pass}' LIMIT 0,1);
// I think a die() is overkill
// rather an abrupt end to the script, such errors can be with
more grace
if (!$res)
die(Wrong data supplied or database error .mysql_error());
// nobody found - bad credentials, authentication failed
if (!mysql_numrows($res))
return false;
// grab data
$row = mysql_fetch_assoc($res);
// set session data
$_SESSION['user'] = $user;
$_SESSION['loggedin'] = true; // use a BOOLEAN ... because
NO equates to TRUE!
// no idea what this 'table name' is about but ...
// let's set the 'by reference' variable to the value we found
$table = $row['tableName'];
// user authenticated!
return true;
}
which you would use like so:
$spoon = null;
if (authenticate(Jochem, MySecret, $spoon))
echo authenticated! table is set to $spoon;
else
echo authentication failed, there is no \$spoon;
I think the real question is... why are you using tabs instead of
spaces? =D
~Philip
My editor automatically replaces like 4 spaces with a tab... Is there
a reason not to use tabs instead of spaces? :)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Feb 28, 2008, at 11:28 AM, Eric Butera wrote:
On Wed, Feb 27, 2008 at 5:12 PM, Daniel Brown [EMAIL PROTECTED]
wrote:
On Wed, Feb 27, 2008 at 4:55 PM, Jason Pruim [EMAIL PROTECTED]
wrote:
So I was supposed to go home a half hour ago but that didn't
happen...
I hate deadlines! :P
You whine like a mule.
[snip!]
function authentication($user, $pass, $authenticated,
$table){
// Keep in mind, PASSWORD has meaning in
MySQL
// Do your string sanitizing here
// (e.g. - $user =
mysql_real_escape_string($_POST['user']);)
$salt = salt;
$salt1 = $salt;
$salt1 .= $pass;
$password = md5($salt1);
$loginQuery = SELECT * FROM current WHERE
loginName='.$user.'
AND loginPassword='.$password.' LIMIT 0,1;;
$loginResult = mysql_query($loginQuery) or
die(Wrong data supplied
or database error .mysql_error());
while($row1 =
mysql_fetch_array($loginResult)) {
$_SESSION['user'] =
$row1['loginName'];
$_SESSION['loggedin'] = YES;
$authenticated = true;
$table = $row1['tableName'];
}
return $table;
return $authenticated;
} \
I recognize that code, Jason! At least the base of it (and the
comments). ;-P
See in the first block how you're using $_SESSION? That's why
you're able to read it later because you have two return $xxx
lines in each function.
As soon as a function reaches a `return` statement, it returns
that data and exits, so the second `return` is never processed.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Guess all your posts stating to sanitize data just really don't have
an impact, huh? Perhaps you should stop posting code that doesn't
validate/escape as it will be copied and pasted as I've told you
before.
The code for escaping and sanitizing the input is in a different
module of the program. I actually do it right before sending it to my
authentication function. I didn't see the need to post it since it
wasn't related to the problem :)
And the comments were from Mr. Brown who gave me the code originally
that has now been adapted to use in a different program :)
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Thu, Feb 28, 2008 at 11:28 AM, Eric Butera [EMAIL PROTECTED] wrote:
Guess all your posts stating to sanitize data just really don't have
an impact, huh? Perhaps you should stop posting code that doesn't
validate/escape as it will be copied and pasted as I've told you
before.
I'm not really 100% certain who you think you are, Eric, but I'd
appreciate it if you'd keep some of your sanctimonious and
apparently-all-wise comments on your 127.0.0.1.
That is all.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Thu, Feb 28, 2008 at 11:59 AM, Daniel Brown [EMAIL PROTECTED] wrote:
On Thu, Feb 28, 2008 at 11:28 AM, Eric Butera [EMAIL PROTECTED] wrote:
Guess all your posts stating to sanitize data just really don't have
an impact, huh? Perhaps you should stop posting code that doesn't
validate/escape as it will be copied and pasted as I've told you
before.
I'm not really 100% certain who you think you are, Eric, but I'd
appreciate it if you'd keep some of your sanctimonious and
apparently-all-wise comments on your 127.0.0.1.
That is all.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
And I'd appreciate it if you kept all your posts about wearing dresses
to yourself but it isn't going to happen. :)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Thu, Feb 28, 2008 at 12:36 PM, Eric Butera [EMAIL PROTECTED] wrote:
And I'd appreciate it if you kept all your posts about wearing dresses
to yourself but it isn't going to happen. :)
Heh. It is a bad visual, isn't it? ;-P
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Thu, Feb 28, 2008 at 11:57 AM, Jason Pruim [EMAIL PROTECTED] wrote:
On Feb 28, 2008, at 11:28 AM, Eric Butera wrote:
On Wed, Feb 27, 2008 at 5:12 PM, Daniel Brown [EMAIL PROTECTED]
wrote:
On Wed, Feb 27, 2008 at 4:55 PM, Jason Pruim [EMAIL PROTECTED]
wrote:
So I was supposed to go home a half hour ago but that didn't
happen...
I hate deadlines! :P
You whine like a mule.
[snip!]
function authentication($user, $pass, $authenticated,
$table){
// Keep in mind, PASSWORD has meaning in
MySQL
// Do your string sanitizing here
// (e.g. - $user =
mysql_real_escape_string($_POST['user']);)
$salt = salt;
$salt1 = $salt;
$salt1 .= $pass;
$password = md5($salt1);
$loginQuery = SELECT * FROM current WHERE
loginName='.$user.'
AND loginPassword='.$password.' LIMIT 0,1;;
$loginResult = mysql_query($loginQuery) or
die(Wrong data supplied
or database error .mysql_error());
while($row1 =
mysql_fetch_array($loginResult)) {
$_SESSION['user'] =
$row1['loginName'];
$_SESSION['loggedin'] = YES;
$authenticated = true;
$table = $row1['tableName'];
}
return $table;
return $authenticated;
} \
I recognize that code, Jason! At least the base of it (and the
comments). ;-P
See in the first block how you're using $_SESSION? That's why
you're able to read it later because you have two return $xxx
lines in each function.
As soon as a function reaches a `return` statement, it returns
that data and exits, so the second `return` is never processed.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Guess all your posts stating to sanitize data just really don't have
an impact, huh? Perhaps you should stop posting code that doesn't
validate/escape as it will be copied and pasted as I've told you
before.
The code for escaping and sanitizing the input is in a different
module of the program. I actually do it right before sending it to my
authentication function. I didn't see the need to post it since it
wasn't related to the problem :)
And the comments were from Mr. Brown who gave me the code originally
that has now been adapted to use in a different program :)
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
[EMAIL PROTECTED]
Your escaping should be right before you run the query, not somewhere
else. What if you change something around and take off the escaping
function? Or what if you decide to change your database connection?
Having it all in one spot makes it easier to make changes and know it
isn't going to bust.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Feb 28, 2008, at 12:39 PM, Eric Butera wrote:
On Thu, Feb 28, 2008 at 11:57 AM, Jason Pruim [EMAIL PROTECTED]
wrote:
On Feb 28, 2008, at 11:28 AM, Eric Butera wrote:
On Wed, Feb 27, 2008 at 5:12 PM, Daniel Brown [EMAIL PROTECTED]
wrote:
On Wed, Feb 27, 2008 at 4:55 PM, Jason Pruim [EMAIL PROTECTED]
wrote:
So I was supposed to go home a half hour ago but that didn't
happen...
I hate deadlines! :P
You whine like a mule.
[snip!]
function authentication($user, $pass, $authenticated,
$table){
// Keep in mind, PASSWORD has meaning in
MySQL
// Do your string sanitizing here
// (e.g. - $user =
mysql_real_escape_string($_POST['user']);)
$salt = salt;
$salt1 = $salt;
$salt1 .= $pass;
$password = md5($salt1);
$loginQuery = SELECT * FROM current WHERE
loginName='.$user.'
AND loginPassword='.$password.' LIMIT 0,1;;
$loginResult = mysql_query($loginQuery) or
die(Wrong data supplied
or database error .mysql_error());
while($row1 =
mysql_fetch_array($loginResult)) {
$_SESSION['user'] =
$row1['loginName'];
$_SESSION['loggedin'] = YES;
$authenticated = true;
$table = $row1['tableName'];
}
return $table;
return $authenticated;
} \
I recognize that code, Jason! At least the base of it (and the
comments). ;-P
See in the first block how you're using $_SESSION? That's why
you're able to read it later because you have two return $xxx
lines in each function.
As soon as a function reaches a `return` statement, it returns
that data and exits, so the second `return` is never processed.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Guess all your posts stating to sanitize data just really don't have
an impact, huh? Perhaps you should stop posting code that doesn't
validate/escape as it will be copied and pasted as I've told you
before.
The code for escaping and sanitizing the input is in a different
module of the program. I actually do it right before sending it to my
authentication function. I didn't see the need to post it since it
wasn't related to the problem :)
And the comments were from Mr. Brown who gave me the code originally
that has now been adapted to use in a different program :)
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
[EMAIL PROTECTED]
Your escaping should be right before you run the query, not somewhere
else. What if you change something around and take off the escaping
function? Or what if you decide to change your database connection?
Having it all in one spot makes it easier to make changes and know it
isn't going to bust.
It's actually just before I call the function... The database
connection is in a completely separate function from everything that
we have been talking about... And all that's in that file is:
$link= false;
function dbmysqlconnect($server, $username, $password, $database) {
$link = mysql_connect($server, $username, $password, $database) or
die('Could not connect: ' . mysql_error());
mysql_select_db($database) or die('Could not select database: ' .
mysql_error());
return $link;
}
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Thu, Feb 28, 2008 at 12:38 PM, Daniel Brown [EMAIL PROTECTED] wrote:
On Thu, Feb 28, 2008 at 12:36 PM, Eric Butera [EMAIL PROTECTED] wrote:
And I'd appreciate it if you kept all your posts about wearing dresses
to yourself but it isn't going to happen. :)
Heh. It is a bad visual, isn't it? ;-P
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
All my point is that I've been on this list for a while. I've posted
code and watched people just copy and paste it. I've watched other
people copy and paste their examples. I used to say sanitize your
data and watch the same exact thing in their new function coming back
at me without any sanity checks whatsoever.
So my point is that people don't know how to do it. If you decide to
help people out with their issues you need to also help them
understand how to filter/escape their data. Otherwise keep in mind
those people are going to copy your code with the comment saying
sanitize it, and it isn't going to be escaped. Maybe that is okay
with you but I see that as a problem. I know Jason said he is doing
it elsewhere, but that is the rare case.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Thu, Feb 28, 2008 at 12:57 PM, Eric Butera [EMAIL PROTECTED] wrote:
All my point is that I've been on this list for a while. I've posted
code and watched people just copy and paste it. I've watched other
people copy and paste their examples. I used to say sanitize your
data and watch the same exact thing in their new function coming back
at me without any sanity checks whatsoever.
Right, but my point is that the rules and spirit of the list
apply: we're not going to hold your hand and write your code for you.
If you want to be smart enough to put together a PHP page, you should
be smart enough to at least ask *how* to sanitize the code. I'm not
deliberately setting people up for failure, I'm taking into account
that - while it's not as common as it should be - the poster has
common sense. Quite honestly, we all learned the hard way, I'm sure.
It's what makes us better programmers: experience. If I had asked for
people to write things for me and blindly installed them and ran the
code, I'd never have learned anything. Plus, if you provide
immaculate code, you're potentially taking a chunk of time out of your
day, without pay, so that someone else can potentially (and I'd hazard
a guess at likely) make a few bucks on your work.
So my point is that people don't know how to do it. If you decide to
help people out with their issues you need to also help them
understand how to filter/escape their data. Otherwise keep in mind
those people are going to copy your code with the comment saying
sanitize it, and it isn't going to be escaped. Maybe that is okay
with you but I see that as a problem. I know Jason said he is doing
it elsewhere, but that is the rare case.
I agree completely and that's what I do. If I tell someone
that they have to sanitize their code, then I've done my job in that
respect. There is absolutely no reason whatsoever that I should feel
forced or even compelled to take an additional five minutes for a
one-minute post to explain that they should use
mysql_real_escape_string(), run an arrayed regexp for filtration,
and/or escape all single, double, and backtick quotes. When they read
my sanitize input string and ask about it, then I'm more than happy
to help, but presuming someone doesn't know how and writing a
dissertation on input sanity - while it is the safe road - is
redundant and potentially insulting to the person. Especially if it's
someone who's been on the list for a while (as is generally the case
anyway).
Summarizing, I'm not disagreeing by any means that you do have a
valid point; contrarily, I'm absolutely concurring. I'm just stating
that it's not entirely applicable to the posts to which you refer.
There is a time and a place to presume at least a small piece of
intelligence on behalf of the poster.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Thu, Feb 28, 2008 at 12:56 PM, Jason Pruim [EMAIL PROTECTED] wrote:
On Feb 28, 2008, at 12:39 PM, Eric Butera wrote:
On Thu, Feb 28, 2008 at 11:57 AM, Jason Pruim [EMAIL PROTECTED]
wrote:
On Feb 28, 2008, at 11:28 AM, Eric Butera wrote:
On Wed, Feb 27, 2008 at 5:12 PM, Daniel Brown [EMAIL PROTECTED]
wrote:
On Wed, Feb 27, 2008 at 4:55 PM, Jason Pruim [EMAIL PROTECTED]
wrote:
function authentication($user, $pass, $authenticated,
$table){
// Keep in mind, PASSWORD has meaning in
MySQL
// Do your string sanitizing here
// (e.g. - $user =
mysql_real_escape_string($_POST['user']);)
$salt = salt;
$salt1 = $salt;
$salt1 .= $pass;
$password = md5($salt1);
$loginQuery = SELECT * FROM current WHERE
loginName='.$user.'
AND loginPassword='.$password.' LIMIT 0,1;;
$loginResult = mysql_query($loginQuery) or
die(Wrong data supplied
or database error .mysql_error());
while($row1 =
mysql_fetch_array($loginResult)) {
$_SESSION['user'] =
$row1['loginName'];
$_SESSION['loggedin'] = YES;
$authenticated = true;
$table = $row1['tableName'];
}
return $table;
return $authenticated;
} \
Guess all your posts stating to sanitize data just really don't have
an impact, huh? Perhaps you should stop posting code that doesn't
validate/escape as it will be copied and pasted as I've told you
before.
The code for escaping and sanitizing the input is in a different
module of the program. I actually do it right before sending it to my
authentication function. I didn't see the need to post it since it
wasn't related to the problem :)
And the comments were from Mr. Brown who gave me the code originally
that has now been adapted to use in a different program :)
Your escaping should be right before you run the query, not somewhere
else. What if you change something around and take off the escaping
function? Or what if you decide to change your database connection?
Having it all in one spot makes it easier to make changes and know it
isn't going to bust.
It's actually just before I call the function... The database
connection is in a completely separate function from everything that
we have been talking about... And all that's in that file is:
$link= false;
function dbmysqlconnect($server, $username, $password, $database) {
$link = mysql_connect($server, $username, $password,
$database) or
die('Could not connect: ' . mysql_error());
mysql_select_db($database) or die('Could not select database:
' .
mysql_error());
return $link;
}
Jason,
Keep in mind that data validation and escaping are two different
concepts. Data validation should happen as soon as you read the value
from the user to make sure that user names are long enough/not too
long, phone numbers or e-mail addresses contain only valid characters,
etc. That part should definitely be happening outside your function.
However, escaping should really only happen at the point it is needed,
and Dan's comments suggest a very good place for this to happen. (I
often put it even later - directly at the point it gets merged into
the string either through concatenation or through a function like
sprintf.) This is because the escape sequences are not part of the
actual data. Your application may need to use any of several different
character escaping functions (or no escaping at all) on the same value
depending on whether that value is going to a browser, a database, a
socket, an LDAP query, etc. This prevents you from having to write
lines like this:
$user = mysql_real_escape_string(stripslashes($user));
or this:
echo htmlspecialchars(stripslashes($my_text));
(This is one reason magic_quotes is such a Bad Idea[tm].)
[BTW - Who trademarked all these phrases on this list anyway? :-)]
What you have done may work and be quite safe. However, Eric pointed
out some very good reasons to keep the character escaping inside this
function.
Andrew
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
Eric Butera wrote:
On Thu, Feb 28, 2008 at 12:38 PM, Daniel Brown [EMAIL PROTECTED] wrote:
On Thu, Feb 28, 2008 at 12:36 PM, Eric Butera [EMAIL PROTECTED] wrote:
And I'd appreciate it if you kept all your posts about wearing dresses
to yourself but it isn't going to happen. :)
Heh. It is a bad visual, isn't it? ;-P
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
All my point is that I've been on this list for a while. I've posted
code and watched people just copy and paste it. I've watched other
people copy and paste their examples. I used to say sanitize your
data and watch the same exact thing in their new function coming back
at me without any sanity checks whatsoever.
So my point is that people don't know how to do it. If you decide to
help people out with their issues you need to also help them
understand how to filter/escape their data. Otherwise keep in mind
those people are going to copy your code with the comment saying
sanitize it, and it isn't going to be escaped. Maybe that is okay
with you but I see that as a problem. I know Jason said he is doing
it elsewhere, but that is the rare case.
Eric,
You do make a valid point about people copy and pasting code, and that
we should all take a bit more care; however we also have to remember
that not all posts are going to newbies, when a solid software
engineer posts a short query on here, I'm sure they don't expect a fully
santised application back, when a short snippet of code would more than
suffice.
One thing I don't understand, why did you go all out and personal on
Dan? I'm not even going to go into it, you were bang out of order order
and you owe the man an apology; no need to explain what you meant, we
all got it the first time. Further, if you felt the need to challenge
somebody or give them advice why do it public?
Hell I'm not even involved and that kind of ill-mannered post even
managed to put me in a bad mood.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
All my point is that I've been on this list for a while. I've posted code and watched people just copy and paste it. I've watched other people copy and paste their examples. I used to say sanitize your data and watch the same exact thing in their new function coming back at me without any sanity checks whatsoever. So my point is that people don't know how to do it. If you decide to help people out with their issues you need to also help them understand how to filter/escape their data. Otherwise keep in mind those people are going to copy your code with the comment saying sanitize it, and it isn't going to be escaped. Maybe that is okay with you but I see that as a problem. I know Jason said he is doing it elsewhere, but that is the rare case. That's why you never see me post WHOLE code on this list. It's not that I can't make whole code, it is because I don't want people to take what they were too dumb to figure out and copy my stuff. For those who stumble aren't dumb, they are trying. We've all been there (Jason and Dan when they woke up in their own beds and dresses) and we've all hit a I've tried to do x and keep ending up with y. But the ones who post and then copy and paste are dumb to use stuff without understanding it and sanitizing it. Frankly, they will learn when they have to explain that their application is the cause of their company website being defaced and their personal/private data leaked due to insecure apps. Is it enough to write your sanity check should go here? You bet your @$$ it is, though *I* may not choose to put it there. We all code differently. We all sanitize/escape/safe our apps in different ways. But don't read code I post to the list and expect it to work out of the box in yours and be secure. Otherwise, this list needs to turn into the PHP Freelancers and we all make $1 per post and then use Dan's script to make sure we get the right $$$ every week. And you DO own Dan an apology Eric. And no Jason, you aren't dumb, I've seen your other coding and you haven't just copied/pasted everything. Wolf HowTo: Sanitize user input http://www.phpbuilder.com/columns/ProPHPSecurity_excerpt_part3.php3?print_mode=1 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Thu, Feb 28, 2008 at 1:39 PM, Nathan Rixham [EMAIL PROTECTED] wrote:
Eric Butera wrote:
On Thu, Feb 28, 2008 at 12:38 PM, Daniel Brown [EMAIL PROTECTED] wrote:
On Thu, Feb 28, 2008 at 12:36 PM, Eric Butera [EMAIL PROTECTED] wrote:
And I'd appreciate it if you kept all your posts about wearing dresses
to yourself but it isn't going to happen. :)
Heh. It is a bad visual, isn't it? ;-P
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
All my point is that I've been on this list for a while. I've posted
code and watched people just copy and paste it. I've watched other
people copy and paste their examples. I used to say sanitize your
data and watch the same exact thing in their new function coming back
at me without any sanity checks whatsoever.
So my point is that people don't know how to do it. If you decide to
help people out with their issues you need to also help them
understand how to filter/escape their data. Otherwise keep in mind
those people are going to copy your code with the comment saying
sanitize it, and it isn't going to be escaped. Maybe that is okay
with you but I see that as a problem. I know Jason said he is doing
it elsewhere, but that is the rare case.
Eric,
You do make a valid point about people copy and pasting code, and that
we should all take a bit more care; however we also have to remember
that not all posts are going to newbies, when a solid software
engineer posts a short query on here, I'm sure they don't expect a fully
santised application back, when a short snippet of code would more than
suffice.
One thing I don't understand, why did you go all out and personal on
Dan? I'm not even going to go into it, you were bang out of order order
and you owe the man an apology; no need to explain what you meant, we
all got it the first time. Further, if you felt the need to challenge
somebody or give them advice why do it public?
Hell I'm not even involved and that kind of ill-mannered post even
managed to put me in a bad mood.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
HI Nathan,
Sorry I soured your day. This is a public mailing list and it is my
position that people who commit code to it should really make sure
that it is reasonably sound. These emails get archived forever and
people can search them to find results, so what we put on here is
long-lasting.
I was just trying to hammer home the fact I've seen people use code
as-is. Ask random people in the IT world what they think about PHP.
I bet you'll hear lots of FUD about it being insecure. Why is it
insecure? Because people don't handle data right. I'm guilty of it.
I was hoping by providing consistent examples on how data handling
should be done people would learn best practices. Even if it isn't
their thread lurkers may see something new and start using it from
here on out.
I really get irritated by the whole deferring security issues to
somewhere else. It isn't just Dan, but most how-to articles or
examples in general. Yes I realize that an example needs to be clear
and simple to show the idea and not the implementation. However, in
the real world if you have blatant holes in your code automatic bots
and other nastiness on the net is going to find it exploit it.
I thought I was helping to raise the bar. I've tried talking to Dan
about this before and got more or less the same set of responses. At
the end of the day though, it will never sit right with me to see a
query on here that isn't escaped. Perhaps I'll try to be more civil
about it in the future. :)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Thu, Feb 28, 2008 at 1:39 PM, Nathan Rixham [EMAIL PROTECTED] wrote:
One thing I don't understand, why did you go all out and personal on
Dan? I'm not even going to go into it, you were bang out of order order
and you owe the man an apology; no need to explain what you meant, we
all got it the first time. Further, if you felt the need to challenge
somebody or give them advice why do it public?
I don't think he owes me any form of apology. In my opinion, it's
because he's passionate about doing the Right Thing[tm]. And while I
think it may be misdirected in the context of this particular case, I
admire people like that. Hopefully next time it will be more of a
generalized statement, though, so at least I can save some face in the
archives. ;-P
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Sometimes I wonder why I even started programming...
[snip] Sorry I soured your day. This is a public mailing list and it is my position that people who commit code to it should really make sure that it is reasonably sound. These emails get archived forever and people can search them to find results, so what we put on here is long-lasting. [/snip] This is true but I have seen and written the warnings for years. Also there is a lot of pseudo-code. Not to mention teach a man to fish... As an all volunteer list we all try to do what we can for others and I appreciate you trying to raise the bar. Because of your actions others may choose to do so as well, but I wouldn't expect it to be all-encompassing. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
Jason Pruim wrote:
On Feb 28, 2008, at 11:11 AM, Philip Thompson wrote:
On Feb 27, 2008, at 4:51 PM, Jochem Maas wrote:
Jason Pruim schreef:
!--Snip --
I think the real question is... why are you using tabs instead of
spaces? =D
~Philip
My editor automatically replaces like 4 spaces with a tab... Is there a
reason not to use tabs instead of spaces? :)
I use spaces since when I indent with 4 spaces it is significantly
easier to read the code then with 4 tabs...
4 spaces are before this
4 tabs are before this
Pretty easy to follow code that does
{
{
{
{
}
}
}
}
Versus the alternative, especially with the character wrapping in vi and
other text editors.
At least, that's IMO
YMMV
Wolf ;)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
Eric Butera wrote: HI Nathan, Sorry I soured your day. This is a public mailing list and it is my position that people who commit code to it should really make sure that it is reasonably sound. These emails get archived forever and people can search them to find results, so what we put on here is long-lasting. Guys, I haven't been following your little rapid-fire exchange, so apologies if I'm just repeating what's already been said. IMHO, when somebody posts a snippet of code to a mailing-list it should essentially be considered pseudo-code only. I was just trying to hammer home the fact I've seen people use code as-is. Their problem, not mine. Anyone who blindly copies somebodyelses work is asking for it. Ask random people in the IT world what they think about PHP. I bet you'll hear lots of FUD about it being insecure. Why is it insecure? 1) it's (mostly) interpreted 2) it's type-weak /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
Jason Pruim wrote: My editor automatically replaces like 4 spaces with a tab... Is there a reason not to use tabs instead of spaces? :) Yes. The length of a space does not vary from one system to another. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Thu, Feb 28, 2008 at 2:22 PM, Per Jessen [EMAIL PROTECTED] wrote:
Yes. The length of a space does not vary from one system to another.
Though the width can. ;-P
Think fixedsys on a terminal versus Trebuchet TTF with hinting and
antialiasing.
Just going geek a bit on that.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Feb 28, 2008, at 2:17 PM, Wolf wrote:
Jason Pruim wrote:
On Feb 28, 2008, at 11:11 AM, Philip Thompson wrote:
On Feb 27, 2008, at 4:51 PM, Jochem Maas wrote:
Jason Pruim schreef:
!--Snip --
I think the real question is... why are you using tabs instead of
spaces? =D
~Philip
My editor automatically replaces like 4 spaces with a tab... Is
there a reason not to use tabs instead of spaces? :)
I use spaces since when I indent with 4 spaces it is significantly
easier to read the code then with 4 tabs...
4 spaces are before this
4 tabs are before this
Pretty easy to follow code that does
{
{
{
{
}
}
}
}
Versus the alternative, especially with the character wrapping in vi
and other text editors.
I had never thought about it from that perspective but it makes
sense... I think I might try and find if I can change that in my
editor :)
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
And the kerning.. OH THE KERNING!
- Original Message -
From: Daniel Brown [EMAIL PROTECTED]
To: Per Jessen [EMAIL PROTECTED]
Cc: php-general@lists.php.net
Date: Thu, 28 Feb 2008 14:26:29 -0500
Subject: Re: [PHP] Sometimes I wonder why I even started programming...
On Thu, Feb 28, 2008 at 2:22 PM, Per Jessen [EMAIL PROTECTED] wrote:
Yes. The length of a space does not vary from one system to another.
Though the width can. ;-P
Think fixedsys on a terminal versus Trebuchet TTF with hinting and
antialiasing.
Just going geek a bit on that.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On 28 Feb 2008, at 19:17, Wolf wrote:
Jason Pruim wrote:
My editor automatically replaces like 4 spaces with a tab... Is
there a reason not to use tabs instead of spaces? :)
I use spaces since when I indent with 4 spaces it is significantly
easier to read the code then with 4 tabs...
4 spaces are before this
4 tabs are before this
Pretty easy to follow code that does
{
{
{
{
}
}
}
}
Versus the alternative, especially with the character wrapping in vi
and other text editors.
At least, that's IMO
YMMV
Except that if I inherit your code and I find it easier if it's
indented to 8 spaces you've taken that choice away from me. Tabs are
configurable on nearly all editors that exist in the world. If yours
doesn't let you change the tab width, get a new one. But if you don't
care about people who might end up working on your stuff, keep using
spaces. Just hope you never change your mind.
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On 28 Feb 2008, at 19:19, Per Jessen wrote: Eric Butera wrote: HI Nathan, Sorry I soured your day. This is a public mailing list and it is my position that people who commit code to it should really make sure that it is reasonably sound. These emails get archived forever and people can search them to find results, so what we put on here is long-lasting. Guys, I haven't been following your little rapid-fire exchange, so apologies if I'm just repeating what's already been said. IMHO, when somebody posts a snippet of code to a mailing-list it should essentially be considered pseudo-code only. Most definitely. It's certainly worth noting that including adequate filtering, error checking and escaping in a code snippet can be anti- productive by making the snippet far harder to understand than it would otherwise be. Unless the filtering, error checking or escaping is fundamental to the point being made IMHO it's best to leave it out and just make a clear statement that it's missing but should be included for production usage. The techniques involved are so fundamental to developing web- based applications that IMHO everyone doing it should understand how to do it before the write a hello world script. I was just trying to hammer home the fact I've seen people use code as-is. Their problem, not mine. Anyone who blindly copies somebodyelses work is asking for it. Completely agree. Ask random people in the IT world what they think about PHP. I bet you'll hear lots of FUD about it being insecure. Why is it insecure? 1) it's (mostly) interpreted 2) it's type-weak There is nothing inherently insecure contained within either of those features. Whatever language you're developing a web app in, from C to C#, you will always get all variables you're passed from the user as strings. Proper validation is always a requirement. As for being interpreted I fail to see how that's a security risk so long as you adequately lock down your servers, something that applies regardless of the language you're using. Stop adding to the FUD. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Thu, 2008-02-28 at 19:37 +, Stut wrote:
On 28 Feb 2008, at 19:17, Wolf wrote:
Jason Pruim wrote:
My editor automatically replaces like 4 spaces with a tab... Is
there a reason not to use tabs instead of spaces? :)
I use spaces since when I indent with 4 spaces it is significantly
easier to read the code then with 4 tabs...
4 spaces are before this
4 tabs are before this
Pretty easy to follow code that does
{
{
{
{
}
}
}
}
Versus the alternative, especially with the character wrapping in vi
and other text editors.
At least, that's IMO
YMMV
Except that if I inherit your code and I find it easier if it's
indented to 8 spaces you've taken that choice away from me. Tabs are
configurable on nearly all editors that exist in the world. If yours
doesn't let you change the tab width, get a new one. But if you don't
care about people who might end up working on your stuff, keep using
spaces. Just hope you never change your mind.
It's almost a standard across the industry to use spaces. But hey, if
you wanna take away my choice to use spaces whenever I work on your code
down the very long line, that's fine. I'm just gonna use my JOE editor
to fix them and purify any mixed tab/space indentation. If your editor
can't do that then you should get a better editor ;)
Cheers,
Rob.
--
..
| InterJinn Application Framework - http://www.interjinn.com |
::
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`'
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
Stut wrote: Ask random people in the IT world what they think about PHP. I bet you'll hear lots of FUD about it being insecure. Why is it insecure? 1) it's (mostly) interpreted 2) it's type-weak There is nothing inherently insecure contained within either of those features. Whatever language you're developing a web app in, from C to C#, you will always get all variables you're passed from the user as strings. Proper validation is always a requirement. As for being interpreted I fail to see how that's a security risk so long as you adequately lock down your servers, something that applies regardless of the language you're using. It's perhaps also a matter of opinion, but IMHO a type-weak and interpreted language is far more prone to errors that could become security risks than a type-strong, compiled language. The latter can do a lot of checking at compile time - none of them will make it inherently more secure, but an inexperienced programmer will be less likely to make mistakes with serious consequence for security. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
Eric Butera wrote:
HI Nathan,
Sorry I soured your day. This is a public mailing list and it is my
Ahh it's okay - I think I may have read into it a little too much
anyways; likewise apologies.
position that people who commit code to it should really make sure
that it is reasonably sound. These emails get archived forever and
people can search them to find results, so what we put on here is
long-lasting.
Yeah that's half the reason why I took a little offense - although I
should remember it more myself aswell!
I was just trying to hammer home the fact I've seen people use code
as-is. Ask random people in the IT world what they think about PHP.
I bet you'll hear lots of FUD about it being insecure. Why is it
insecure? Because people don't handle data right. I'm guilty of it.
I was hoping by providing consistent examples on how data handling
should be done people would learn best practices. Even if it isn't
their thread lurkers may see something new and start using it from
here on out.
yeah I see that all too often, peeps taking code and posting it as there
own on popular forums, people google, c+p and it all get's in a big old
mess.
I really get irritated by the whole deferring security issues to
somewhere else. It isn't just Dan, but most how-to articles or
examples in general. Yes I realize that an example needs to be clear
and simple to show the idea and not the implementation. However, in
the real world if you have blatant holes in your code automatic bots
and other nastiness on the net is going to find it exploit it.
Sigh, indeed, and php is the bot programming language of choice too!
I thought I was helping to raise the bar. I've tried talking to Dan
about this before and got more or less the same set of responses. At
the end of the day though, it will never sit right with me to see a
query on here that isn't escaped. Perhaps I'll try to be more civil
about it in the future. :)
civil : think we all can be a bit more civil, probably best to keep
names out of anything negative (unless there's an obvious need)
I couldn't agree more on the whole escaping thing, one of my biggest
gripes is the lack of if(function_exists('mysql_real_escape_string') +
magic quotes etc.
I hardly ever see any use of function_exists(), file_exists(), defined()
and really think that needs promoted more too!
All in what you wrote wasn't that bad, it just hit a nerve with me for a
time, for some reason no longer known to me!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
Robert Cummings wrote:
On Thu, 2008-02-28 at 19:37 +, Stut wrote:
On 28 Feb 2008, at 19:17, Wolf wrote:
Jason Pruim wrote:
My editor automatically replaces like 4 spaces with a tab... Is
there a reason not to use tabs instead of spaces? :)
I use spaces since when I indent with 4 spaces it is significantly
easier to read the code then with 4 tabs...
4 spaces are before this
4 tabs are before this
Pretty easy to follow code that does
{
{
{
{
}
}
}
}
Versus the alternative, especially with the character wrapping in vi
and other text editors.
At least, that's IMO
YMMV
Except that if I inherit your code and I find it easier if it's
indented to 8 spaces you've taken that choice away from me. Tabs are
configurable on nearly all editors that exist in the world. If yours
doesn't let you change the tab width, get a new one. But if you don't
care about people who might end up working on your stuff, keep using
spaces. Just hope you never change your mind.
It's almost a standard across the industry to use spaces. But hey, if
you wanna take away my choice to use spaces whenever I work on your code
down the very long line, that's fine. I'm just gonna use my JOE editor
to fix them and purify any mixed tab/space indentation. If your editor
can't do that then you should get a better editor ;)
Cheers,
Rob.
I use tab's in all my code, and replace them with spaces when
posting/mailing for legibility.
couldn't imagine ever hitting space 4/8/12/16+ times to write a line of
code when i can just tab/shit+tab to indent.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
Nathan Rixham wrote:
Robert Cummings wrote:
On Thu, 2008-02-28 at 19:37 +, Stut wrote:
On 28 Feb 2008, at 19:17, Wolf wrote:
Jason Pruim wrote:
My editor automatically replaces like 4 spaces with a tab... Is
there a reason not to use tabs instead of spaces? :)
I use spaces since when I indent with 4 spaces it is significantly
easier to read the code then with 4 tabs...
4 spaces are before this
4 tabs are before this
Pretty easy to follow code that does
{
{
{
{
}
}
}
}
Versus the alternative, especially with the character wrapping in
vi and other text editors.
At least, that's IMO
YMMV
Except that if I inherit your code and I find it easier if it's
indented to 8 spaces you've taken that choice away from me. Tabs are
configurable on nearly all editors that exist in the world. If yours
doesn't let you change the tab width, get a new one. But if you
don't care about people who might end up working on your stuff, keep
using spaces. Just hope you never change your mind.
It's almost a standard across the industry to use spaces. But hey, if
you wanna take away my choice to use spaces whenever I work on your code
down the very long line, that's fine. I'm just gonna use my JOE editor
to fix them and purify any mixed tab/space indentation. If your editor
can't do that then you should get a better editor ;)
Cheers,
Rob.
I use tab's in all my code, and replace them with spaces when
posting/mailing for legibility.
couldn't imagine ever hitting space 4/8/12/16+ times to write a line of
code when i can just tab/shit+tab to indent.
Most editors that I've used allow you to use the tab key, the editor
just uses spaces (4 normally) instead of tab if that is your preference.
I never use the SHIT+tab key though :-)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Thu, 2008-02-28 at 20:25 +, Nathan Rixham wrote: I use tab's in all my code, and replace them with spaces when posting/mailing for legibility. couldn't imagine ever hitting space 4/8/12/16+ times to write a line of code when i can just tab/shit+tab to indent. Uhhhm, I hit the tab button also and it does the right thing (namely inserts 4 spaces). Also, when I hit enter it auto tabs. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Thu, Feb 28, 2008 at 3:25 PM, Nathan Rixham [EMAIL PROTECTED] wrote:
Robert Cummings wrote:
On Thu, 2008-02-28 at 19:37 +, Stut wrote:
On 28 Feb 2008, at 19:17, Wolf wrote:
Jason Pruim wrote:
My editor automatically replaces like 4 spaces with a tab... Is
there a reason not to use tabs instead of spaces? :)
I use spaces since when I indent with 4 spaces it is significantly
easier to read the code then with 4 tabs...
4 spaces are before this
4 tabs are before this
Pretty easy to follow code that does
{
{
{
{
}
}
}
}
Versus the alternative, especially with the character wrapping in vi
and other text editors.
At least, that's IMO
YMMV
Except that if I inherit your code and I find it easier if it's
indented to 8 spaces you've taken that choice away from me. Tabs are
configurable on nearly all editors that exist in the world. If yours
doesn't let you change the tab width, get a new one. But if you don't
care about people who might end up working on your stuff, keep using
spaces. Just hope you never change your mind.
It's almost a standard across the industry to use spaces. But hey, if
you wanna take away my choice to use spaces whenever I work on your code
down the very long line, that's fine. I'm just gonna use my JOE editor
to fix them and purify any mixed tab/space indentation. If your editor
can't do that then you should get a better editor ;)
Cheers,
Rob.
I use tab's in all my code, and replace them with spaces when
posting/mailing for legibility.
couldn't imagine ever hitting space 4/8/12/16+ times to write a line of
code when i can just tab/shit+tab to indent.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
I can hit tab and shift/tab too and it puts in spaces for me.
The reason I prefer spaces over tabs is because in my experience fonts
on different platforms and sizes seem to render tabs slightly off. So
on some font combinations my code lines up fine, while on others it
doesn't. Perhaps it is something stupid I'm doing. At work I use
monaco 14 point. At home I use Bitstream Vera Sans Mono ~8 pt. Aside
from that I could care less about this holy war. ;)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
[snip] Eric Butera wrote: I can hit tab and shift/tab too and it puts in spaces for me. [snip] Robert Cummings wrote: Uhhhm, I hit the tab button also and it does the right thing (namely inserts 4 spaces). Also, when I hit enter it auto tabs. [snip] *kicks zend studio* [and nano and textpad and dreamweaver] :( what ide's editor's do you two use? zend's use of javaw is killing my win2k3 dev machine anyways. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
Nathan Rixham wrote: [snip] Eric Butera wrote: I can hit tab and shift/tab too and it puts in spaces for me. [snip] Robert Cummings wrote: Uhhhm, I hit the tab button also and it does the right thing (namely inserts 4 spaces). Also, when I hit enter it auto tabs. [snip] *kicks zend studio* [and nano and textpad and dreamweaver] :( what ide's editor's do you two use? zend's use of javaw is killing my win2k3 dev machine anyways. I used Zend and am now moving to Eclipse/PDT. In Zend go to toolspreferencesediting (tab). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
Nathan Rixham wrote: [snip] Eric Butera wrote: I can hit tab and shift/tab too and it puts in spaces for me. [snip] Robert Cummings wrote: Uhhhm, I hit the tab button also and it does the right thing (namely inserts 4 spaces). Also, when I hit enter it auto tabs. [snip] *kicks zend studio* [and nano and textpad and dreamweaver] :( what ide's editor's do you two use? zend's use of javaw is killing my win2k3 dev machine anyways. Zend Studio can be configured to use spaces. Nano/Eclipse can as well. I've been using Nano recently, and I think I liked Zend Studio better. Maybe it's just me, but Eclipse is a memory hog... even worse than Zend Studio. I've also been having problems with Shift+Tab not working, or working only on certain types of files. Those are the only two gripes I have though. Other than that I use vim/gvim (you can get gvim for Windows) or Kate. I've tried Quanta as well, but I use Linux for my desktop. -- Ray Hauge www.primateapplications.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
I use spaces, but just configure my editor to substitute spaces for TAB. That is, I still use tab/shift+tab, but they come out as spaces (how many ever I configure it to use.. currently I prefer 4). Good points were made for using tab vs spaces though, I may have to reconsider. Just something 'dirty' about tabs even if you can configure the size of the tab. But that's another one of those preference things that can go either way. :) -TG - Original Message - From: Nathan Rixham [EMAIL PROTECTED] To: php-general@lists.php.net Date: Thu, 28 Feb 2008 20:25:02 + Subject: Re: [PHP] Sometimes I wonder why I even started programming... I use tab's in all my code, and replace them with spaces when posting/mailing for legibility. couldn't imagine ever hitting space 4/8/12/16+ times to write a line of code when i can just tab/shit+tab to indent. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
Should always use a monospace font in editors, so you should never have a problem with font size differences. A space is as wide as an I, etc. I don't remember what the default was, but my main editor is set for Courier New, Notepad in Vista defaults to Lucida Console. I have a friend who uses Consolas in Vista. -TG - Original Message - From: Eric Butera [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: php-general@lists.php.net Date: Thu, 28 Feb 2008 15:39:21 -0500 Subject: Re: [PHP] Sometimes I wonder why I even started programming... I can hit tab and shift/tab too and it puts in spaces for me. The reason I prefer spaces over tabs is because in my experience fonts on different platforms and sizes seem to render tabs slightly off. So on some font combinations my code lines up fine, while on others it doesn't. Perhaps it is something stupid I'm doing. At work I use monaco 14 point. At home I use Bitstream Vera Sans Mono ~8 pt. Aside from that I could care less about this holy war. ;) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Thu, Feb 28, 2008 at 3:43 PM, Nathan Rixham [EMAIL PROTECTED] wrote: [snip] Eric Butera wrote: I can hit tab and shift/tab too and it puts in spaces for me. [snip] Robert Cummings wrote: Uhhhm, I hit the tab button also and it does the right thing (namely inserts 4 spaces). Also, when I hit enter it auto tabs. [snip] *kicks zend studio* [and nano and textpad and dreamweaver] :( what ide's editor's do you two use? zend's use of javaw is killing my win2k3 dev machine anyways. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php I use Eclipse PDT with the AnyEdit Tools plugin. :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
Zend Studio does everything mentioned there. Tabs as spaces, tab/shift-tab, auto-indent. -TG - Original Message - From: Nathan Rixham [EMAIL PROTECTED] To: php-general@lists.php.net Date: Thu, 28 Feb 2008 20:43:07 + Subject: Re: [PHP] Sometimes I wonder why I even started programming... [snip] Eric Butera wrote: I can hit tab and shift/tab too and it puts in spaces for me. [snip] Robert Cummings wrote: Uhhhm, I hit the tab button also and it does the right thing (namely inserts 4 spaces). Also, when I hit enter it auto tabs. [snip] *kicks zend studio* [and nano and textpad and dreamweaver] :( what ide's editor's do you two use? zend's use of javaw is killing my win2k3 dev machine anyways. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On 2/28/08, Nathan Rixham [EMAIL PROTECTED] wrote: what ide's editor's do you two use? zend's use of javaw is killing my win2k3 dev machine anyways. # dd if=/dev/tty of=/dev/hda1 And then sometimes I also use vim. -- Greg Donald http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Thu, Feb 28, 2008 at 3:57 PM, TG [EMAIL PROTECTED] wrote: Should always use a monospace font in editors, so you should never have a problem with font size differences. A space is as wide as an I, etc. I don't remember what the default was, but my main editor is set for Courier New, Notepad in Vista defaults to Lucida Console. I have a friend who uses Consolas in Vista. -TG - Original Message - From: Eric Butera [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: php-general@lists.php.net Date: Thu, 28 Feb 2008 15:39:21 -0500 Subject: Re: [PHP] Sometimes I wonder why I even started programming... I can hit tab and shift/tab too and it puts in spaces for me. The reason I prefer spaces over tabs is because in my experience fonts on different platforms and sizes seem to render tabs slightly off. So on some font combinations my code lines up fine, while on others it doesn't. Perhaps it is something stupid I'm doing. At work I use monaco 14 point. At home I use Bitstream Vera Sans Mono ~8 pt. Aside from that I could care less about this holy war. ;) They are mono spaced fonts. I used to think the same thing too, but at different sizes font sizes a tab was not always the same distance in my experience. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Thu, 2008-02-28 at 20:43 +, Nathan Rixham wrote: [snip] Eric Butera wrote: I can hit tab and shift/tab too and it puts in spaces for me. [snip] Robert Cummings wrote: Uhhhm, I hit the tab button also and it does the right thing (namely inserts 4 spaces). Also, when I hit enter it auto tabs. [snip] *kicks zend studio* [and nano and textpad and dreamweaver] :( what ide's editor's do you two use? zend's use of javaw is killing my win2k3 dev machine anyways. I don't use an IDE. I use JOE. It's a terminal based editor. Works the same whether I'm local or remote. The nice thing about linux is how easy it is to make things work the way you want. My browser source viewer links to a PHP wrapper script that pops up a gnome-terminal with the specification to load the JOE editor on the page source. My default editor in linux is JOE. It just works. Plain, simple, 100% keyboard, keystroke macros, etc, etc. I love it. You probably won't :) When working I click an icon on my taskbar, it opens three terminals in my favourite layout. I usually use one to edit HTML, one to edit whatever module I'm working on, and another for whatever else needs to be done (CVS commits, CVS updates, SSH, etc). I use a workspace to the right of my dev workspace in which I load my browser for checking layout and JavaScript etc. To the left I have a workspace where I keep a tails on my log files. I rarely tab through more than 3 windows in a workspace and I rarely use the mouse. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
Ah.. yeah, since I almost always use spaces, I wouldn't have run into the different sized tab issue. Very odd. Thanks for the heads up on the possible weirdness. -TG - Original Message - From: Eric Butera [EMAIL PROTECTED] To: TG [EMAIL PROTECTED] Cc: php-general@lists.php.net Date: Thu, 28 Feb 2008 15:58:49 -0500 Subject: Re: [PHP] Sometimes I wonder why I even started programming... The reason I prefer spaces over tabs is because in my experience fonts on different platforms and sizes seem to render tabs slightly off. So on some font combinations my code lines up fine, while on others it doesn't. Perhaps it is something stupid I'm doing. At work I use monaco 14 point. At home I use Bitstream Vera Sans Mono ~8 pt. Aside from that I could care less about this holy war. ;) They are mono spaced fonts. I used to think the same thing too, but at different sizes font sizes a tab was not always the same distance in my experience. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
Except that if I inherit your code and I find it easier if it's indented to 8 spaces you've taken that choice away from me. Tabs are configurable on nearly all editors that exist in the world. If yours doesn't let you change the tab width, get a new one. But if you don't care about people who might end up working on your stuff, keep using spaces. Just hope you never change your mind. -Stut I use vi for most of my editing, as well as pice, nano, gedit, nedit, and textpad, depending on the system I am. ;) Wolf -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
Robert Cummings wrote: On Thu, 2008-02-28 at 20:43 +, Nathan Rixham wrote: [snip] Eric Butera wrote: I can hit tab and shift/tab too and it puts in spaces for me. [snip] Robert Cummings wrote: Uhhhm, I hit the tab button also and it does the right thing (namely inserts 4 spaces). Also, when I hit enter it auto tabs. [snip] *kicks zend studio* [and nano and textpad and dreamweaver] :( what ide's editor's do you two use? zend's use of javaw is killing my win2k3 dev machine anyways. I don't use an IDE. I use JOE. It's a terminal based editor. Works the same whether I'm local or remote. The nice thing about linux is how easy it is to make things work the way you want. My browser source viewer links to a PHP wrapper script that pops up a gnome-terminal with the specification to load the JOE editor on the page source. My default editor in linux is JOE. It just works. Plain, simple, 100% keyboard, keystroke macros, etc, etc. I love it. You probably won't :) couldn't be further from the truth! sounds perfect - I spend most of my life in putty anyways, generally using nano to type. When working I click an icon on my taskbar, it opens three terminals in my favourite layout. I usually use one to edit HTML, one to edit whatever module I'm working on, and another for whatever else needs to be done (CVS commits, CVS updates, SSH, etc). see I've only recently started using versioning software all the time, I'm currenly svn'ing, how does CVS weight up against it? I use a workspace to the right of my dev workspace in which I load my browser for checking layout and JavaScript etc. To the left I have a workspace where I keep a tails on my log files. I rarely tab through more than 3 windows in a workspace and I rarely use the mouse. Cheers, Rob. snap, keyboard for 99% of things, I seem to have my left hand glued around ctrl/shift/tab/z/x/c/v/q cheers for giving away some of your set up, I'm going to give joe a try! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Thu, 2008-02-28 at 23:52 +, Nathan Rixham wrote: Robert Cummings wrote: On Thu, 2008-02-28 at 20:43 +, Nathan Rixham wrote: [snip] Eric Butera wrote: I can hit tab and shift/tab too and it puts in spaces for me. [snip] Robert Cummings wrote: Uhhhm, I hit the tab button also and it does the right thing (namely inserts 4 spaces). Also, when I hit enter it auto tabs. [snip] *kicks zend studio* [and nano and textpad and dreamweaver] :( what ide's editor's do you two use? zend's use of javaw is killing my win2k3 dev machine anyways. I don't use an IDE. I use JOE. It's a terminal based editor. Works the same whether I'm local or remote. The nice thing about linux is how easy it is to make things work the way you want. My browser source viewer links to a PHP wrapper script that pops up a gnome-terminal with the specification to load the JOE editor on the page source. My default editor in linux is JOE. It just works. Plain, simple, 100% keyboard, keystroke macros, etc, etc. I love it. You probably won't :) couldn't be further from the truth! sounds perfect - I spend most of my life in putty anyways, generally using nano to type. I did say probably... you may be the only one ;) When working I click an icon on my taskbar, it opens three terminals in my favourite layout. I usually use one to edit HTML, one to edit whatever module I'm working on, and another for whatever else needs to be done (CVS commits, CVS updates, SSH, etc). see I've only recently started using versioning software all the time, I'm currenly svn'ing, how does CVS weight up against it? I need to look into SVN. I've been meaning to take a look at it for over a year now but the motivation isn't terribly strong since CVS does everything I need and I have a lot of stuff in CVS. The main problem with CVS I see is that it can be pig-assed slow when updating. Also it has deficiencies when handling directories. I imagine whenever I get around to taking a look at SVN I'll also have a poke at GIT. I use a workspace to the right of my dev workspace in which I load my browser for checking layout and JavaScript etc. To the left I have a workspace where I keep a tails on my log files. I rarely tab through more than 3 windows in a workspace and I rarely use the mouse. Cheers, Rob. snap, keyboard for 99% of things, I seem to have my left hand glued around ctrl/shift/tab/z/x/c/v/q cheers for giving away some of your set up, I'm going to give joe a try! No problem. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
Jason Pruim wrote:
So I was supposed to go home a half hour ago but that didn't happen... I
hate deadlines! :P
Can someone tell me why this code works for setting the table name:
function authentication($user, $pass, $authenticated, $table){
// Keep in mind, PASSWORD has meaning in MySQL
// Do your string sanitizing here
// (e.g. - $user = mysql_real_escape_string($_POST['user']);)
$salt = salt;
$salt1 = $salt;
$salt1 .= $pass;
$password = md5($salt1);
$loginQuery = SELECT * FROM current WHERE
loginName='.$user.' AND loginPassword='.$password.' LIMIT 0,1;;
$loginResult = mysql_query($loginQuery) or die(Wrong data
supplied or database error .mysql_error());
while($row1 = mysql_fetch_array($loginResult)) {
$_SESSION['user'] = $row1['loginName'];
$_SESSION['loggedin'] = YES;
$authenticated = true;
$_SESSION['table'] = $row1['tableName'];
}
return $table;
return $authenticated;
}
But this code doesn't:
function authentication($user, $pass, $authenticated, $table){
// Keep in mind, PASSWORD has meaning in MySQL
// Do your string sanitizing here
// (e.g. - $user = mysql_real_escape_string($_POST['user']);)
$salt = salt;
$salt1 = $salt;
$salt1 .= $pass;
$password = md5($salt1);
$loginQuery = SELECT * FROM current WHERE
loginName='.$user.' AND loginPassword='.$password.' LIMIT 0,1;;
$loginResult = mysql_query($loginQuery) or die(Wrong data
supplied or database error .mysql_error());
while($row1 = mysql_fetch_array($loginResult)) {
$_SESSION['user'] = $row1['loginName'];
$_SESSION['loggedin'] = YES;
$authenticated = true;
$table = $row1['tableName'];
}
return $table;
return $authenticated;
}\
the query that I'm using is simply this: $query = SELECT * FROM
.$_SESSION['table']. order by .$sortOrder.;
Or this: $query = SELECT * FROM .$table. order by .$sortOrder.;
Depending on if you use the working or the non-working code :)
Any ideas?
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
[EMAIL PROTECTED]
The only difference I'm seeing is you're assigning the
$row1['tableName'] to $table rather than $_SESSION['table']. Is that
intended? $table isn't defined in the top function, so it would most
likely return null.
Also, since you're only expecting one result, you could do away with the
while loop and just run $row1 = mysql_fetch_array($loginResult). It
would accomplish the same goal (nitpicking... sorry).
Also, why are there two return statements? The second will never run.
Maybe I missed something though.
--
Ray Hauge
www.primateapplications.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Wed, Feb 27, 2008 at 4:55 PM, Jason Pruim [EMAIL PROTECTED] wrote:
So I was supposed to go home a half hour ago but that didn't happen...
I hate deadlines! :P
You whine like a mule.
[snip!]
function authentication($user, $pass, $authenticated, $table){
// Keep in mind, PASSWORD has meaning in MySQL
// Do your string sanitizing here
// (e.g. - $user =
mysql_real_escape_string($_POST['user']);)
$salt = salt;
$salt1 = $salt;
$salt1 .= $pass;
$password = md5($salt1);
$loginQuery = SELECT * FROM current WHERE
loginName='.$user.'
AND loginPassword='.$password.' LIMIT 0,1;;
$loginResult = mysql_query($loginQuery) or die(Wrong
data supplied
or database error .mysql_error());
while($row1 = mysql_fetch_array($loginResult)) {
$_SESSION['user'] = $row1['loginName'];
$_SESSION['loggedin'] = YES;
$authenticated = true;
$table = $row1['tableName'];
}
return $table;
return $authenticated;
} \
I recognize that code, Jason! At least the base of it (and the
comments). ;-P
See in the first block how you're using $_SESSION? That's why
you're able to read it later because you have two return $xxx
lines in each function.
As soon as a function reaches a `return` statement, it returns
that data and exits, so the second `return` is never processed.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Wed, Feb 27, 2008 at 4:55 PM, Jason Pruim [EMAIL PROTECTED] wrote:
So I was supposed to go home a half hour ago but that didn't happen...
I hate deadlines! :P
Can someone tell me why this code works for setting the table name:
function authentication($user, $pass, $authenticated, $table){
// Keep in mind, PASSWORD has meaning in MySQL
// Do your string sanitizing here
// (e.g. - $user =
mysql_real_escape_string($_POST['user']);)
$salt = salt;
$salt1 = $salt;
$salt1 .= $pass;
$password = md5($salt1);
$loginQuery = SELECT * FROM current WHERE
loginName='.$user.'
AND loginPassword='.$password.' LIMIT 0,1;;
$loginResult = mysql_query($loginQuery) or die(Wrong
data supplied
or database error .mysql_error());
while($row1 = mysql_fetch_array($loginResult)) {
$_SESSION['user'] = $row1['loginName'];
$_SESSION['loggedin'] = YES;
$authenticated = true;
$_SESSION['table'] = $row1['tableName'];
}
return $table;
return $authenticated;
}
But this code doesn't:
function authentication($user, $pass, $authenticated, $table){
// Keep in mind, PASSWORD has meaning in MySQL
// Do your string sanitizing here
// (e.g. - $user =
mysql_real_escape_string($_POST['user']);)
$salt = salt;
$salt1 = $salt;
$salt1 .= $pass;
$password = md5($salt1);
$loginQuery = SELECT * FROM current WHERE
loginName='.$user.'
AND loginPassword='.$password.' LIMIT 0,1;;
$loginResult = mysql_query($loginQuery) or die(Wrong
data supplied
or database error .mysql_error());
while($row1 = mysql_fetch_array($loginResult)) {
$_SESSION['user'] = $row1['loginName'];
$_SESSION['loggedin'] = YES;
$authenticated = true;
$table = $row1['tableName'];
}
return $table;
return $authenticated;
} \
the query that I'm using is simply this: $query = SELECT * FROM .
$_SESSION['table']. order by .$sortOrder.;
Or this: $query = SELECT * FROM .$table. order by .$sortOrder.;
Depending on if you use the working or the non-working code :)
Any ideas?
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
[EMAIL PROTECTED]
Why do your functions have two returns? Only the first one will be
executed. In your first function, $table is unaltered and returned as
the result of the function, while $_SESSION['table'] gets the value of
$row1['tableName']. In the second one, $table gets the value of
$row1['tableName'] and then gets returned.
In both, you are setting $authenticated to a string true when you
should probably use a boolean TRUE; however, neither function actually
returns the value since both functions exit on the previous return
statement.
Andrew
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Feb 27, 2008, at 5:12 PM, Daniel Brown wrote:
On Wed, Feb 27, 2008 at 4:55 PM, Jason Pruim [EMAIL PROTECTED]
wrote:
So I was supposed to go home a half hour ago but that didn't
happen...
I hate deadlines! :P
You whine like a mule.
I know... But I get good answers when I do :P
[snip!]
function authentication($user, $pass, $authenticated, $table){
// Keep in mind, PASSWORD has meaning in MySQL
// Do your string sanitizing here
// (e.g. - $user =
mysql_real_escape_string($_POST['user']);)
$salt = salt;
$salt1 = $salt;
$salt1 .= $pass;
$password = md5($salt1);
$loginQuery = SELECT * FROM current WHERE
loginName='.$user.'
AND loginPassword='.$password.' LIMIT 0,1;;
$loginResult = mysql_query($loginQuery) or
die(Wrong data supplied
or database error .mysql_error());
while($row1 =
mysql_fetch_array($loginResult)) {
$_SESSION['user'] =
$row1['loginName'];
$_SESSION['loggedin'] = YES;
$authenticated = true;
$table = $row1['tableName'];
}
return $table;
return $authenticated;
} \
I recognize that code, Jason! At least the base of it (and the
comments). ;-P
As well you should!
See in the first block how you're using $_SESSION? That's why
you're able to read it later because you have two return $xxx
lines in each function.
As soon as a function reaches a `return` statement, it returns
that data and exits, so the second `return` is never processed.
so the return $table; line doesn't ever get processed?
Is there anyway to make it get processed? :) I'm attempting to rewrite
code so I don't HAVE to use session variables... Hoping I can make it
work :)
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On Wed, Feb 27, 2008 at 5:16 PM, Jason Pruim [EMAIL PROTECTED] wrote:
I (Dan Brown) wrote this stuff:
As soon as a function reaches a `return` statement, it returns
that data and exits, so the second `return` is never processed.
so the return $table; line doesn't ever get processed?
Is there anyway to make it get processed? :) I'm attempting to rewrite
code so I don't HAVE to use session variables... Hoping I can make it
work :)
Check the archives for More than one values returned?
originally posted on last week (18 February) and continued until
yesterday. That should give you some insight.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
Jason Pruim wrote:
On Feb 27, 2008, at 5:12 PM, Daniel Brown wrote:
On Wed, Feb 27, 2008 at 4:55 PM, Jason Pruim [EMAIL PROTECTED] wrote:
So I was supposed to go home a half hour ago but that didn't happen...
I hate deadlines! :P
You whine like a mule.
I know... But I get good answers when I do :P
[snip!]
function authentication($user, $pass, $authenticated, $table){
// Keep in mind, PASSWORD has meaning in MySQL
// Do your string sanitizing here
// (e.g. - $user =
mysql_real_escape_string($_POST['user']);)
$salt = salt;
$salt1 = $salt;
$salt1 .= $pass;
$password = md5($salt1);
$loginQuery = SELECT * FROM current WHERE
loginName='.$user.'
AND loginPassword='.$password.' LIMIT 0,1;;
$loginResult = mysql_query($loginQuery) or
die(Wrong data supplied
or database error .mysql_error());
while($row1 = mysql_fetch_array($loginResult)) {
$_SESSION['user'] = $row1['loginName'];
$_SESSION['loggedin'] = YES;
$authenticated = true;
$table = $row1['tableName'];
}
return $table;
return $authenticated;
} \
I recognize that code, Jason! At least the base of it (and the
comments). ;-P
As well you should!
See in the first block how you're using $_SESSION? That's why
you're able to read it later because you have two return $xxx
lines in each function.
As soon as a function reaches a `return` statement, it returns
that data and exits, so the second `return` is never processed.
so the return $table; line doesn't ever get processed?
Is there anyway to make it get processed? :) I'm attempting to rewrite
code so I don't HAVE to use session variables... Hoping I can make it
work :)
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
[EMAIL PROTECTED]
You could return an array with string keys.
$array['table'] = 'asdf';
$array['authenticated'] = false;
return $array;
That's just one option, but it would work.
--
Ray Hauge
www.primateapplications.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...RESOLVED
After some comments from people, and some reading and looking... I got
it to work... Once I took the return $table line out and set $table
= $row1['tableName'] it worked like a charm!
So thank you all who pipped up! You guys are the reason I keep
fighting with learning to code! I think I'm making progress though... :)
On Feb 27, 2008, at 5:16 PM, Jason Pruim wrote:
On Feb 27, 2008, at 5:12 PM, Daniel Brown wrote:
On Wed, Feb 27, 2008 at 4:55 PM, Jason Pruim [EMAIL PROTECTED]
wrote:
So I was supposed to go home a half hour ago but that didn't
happen...
I hate deadlines! :P
You whine like a mule.
I know... But I get good answers when I do :P
[snip!]
function authentication($user, $pass, $authenticated, $table){
// Keep in mind, PASSWORD has meaning in MySQL
// Do your string sanitizing here
// (e.g. - $user =
mysql_real_escape_string($_POST['user']);)
$salt = salt;
$salt1 = $salt;
$salt1 .= $pass;
$password = md5($salt1);
$loginQuery = SELECT * FROM current WHERE
loginName='.$user.'
AND loginPassword='.$password.' LIMIT 0,1;;
$loginResult = mysql_query($loginQuery) or
die(Wrong data supplied
or database error .mysql_error());
while($row1 =
mysql_fetch_array($loginResult)) {
$_SESSION['user'] =
$row1['loginName'];
$_SESSION['loggedin'] = YES;
$authenticated = true;
$table = $row1['tableName'];
}
return $table;
return $authenticated;
} \
I recognize that code, Jason! At least the base of it (and the
comments). ;-P
As well you should!
See in the first block how you're using $_SESSION? That's why
you're able to read it later because you have two return $xxx
lines in each function.
As soon as a function reaches a `return` statement, it returns
that data and exits, so the second `return` is never processed.
so the return $table; line doesn't ever get processed?
Is there anyway to make it get processed? :) I'm attempting to
rewrite code so I don't HAVE to use session variables... Hoping I
can make it work :)
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
On 27 Feb 2008, at 22:16, Jason Pruim wrote:
On Feb 27, 2008, at 5:12 PM, Daniel Brown wrote:
On Wed, Feb 27, 2008 at 4:55 PM, Jason Pruim [EMAIL PROTECTED]
wrote:
function authentication($user, $pass, $authenticated, $table){
// Keep in mind, PASSWORD has meaning in MySQL
// Do your string sanitizing here
// (e.g. - $user =
mysql_real_escape_string($_POST['user']);)
$salt = salt;
$salt1 = $salt;
$salt1 .= $pass;
$password = md5($salt1);
$loginQuery = SELECT * FROM current WHERE
loginName='.$user.'
AND loginPassword='.$password.' LIMIT 0,1;;
$loginResult = mysql_query($loginQuery) or
die(Wrong data supplied
or database error .mysql_error());
while($row1 =
mysql_fetch_array($loginResult)) {
$_SESSION['user'] =
$row1['loginName'];
$_SESSION['loggedin'] = YES;
$authenticated = true;
$table = $row1['tableName'];
}
return $table;
return $authenticated;
} \
As soon as a function reaches a `return` statement, it returns
that data and exits, so the second `return` is never processed.
so the return $table; line doesn't ever get processed?
Nope, only return $table will get processed since that ends execution
of the function.
Is there anyway to make it get processed? :) I'm attempting to
rewrite code so I don't HAVE to use session variables... Hoping I
can make it work :)
To return multiple values from a function it's usually best to return
an array. There are other ways to do it such as out parameters but
returning an array should be sufficient in this case.
Replace your two return statements with the following...
return array($table, $authenticated);
Then call the function like this...
list($table, $authenticated) = authentication(blah, blah, blah);
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sometimes I wonder why I even started programming...
Jason Pruim schreef:
So I was supposed to go home a half hour ago but that didn't happen... I
hate deadlines! :P
in my home language Pruim means prune ... you sound like you've had to suck on
one to many ;-)
Can someone tell me why this code works for setting the table name:
dunno. lets rewrite the thing shall we? let cutdown on variable usage, shorten
some
names and use a verb rather than a noun to name the function ... and let's learn
about 'by reference' parameters (notice the '' before '$table')
function authenticate($user, $pass, $table)
{
// do you want to stop/catch 're-authentication'?
if ($_SESSION['loggedin'])
return;
// escape your data!
$pass =
mysql_real_escape_string(md5(someThingOnlyDanBrownCouldGuess.$pass));
$name = mysql_real_escape_string($user);
// only select what you need (no semi-colons [needed] to delimit the
query)
// name + password should be unique! so no real need for the LIMIT
clause
$res = mysql_query(SELECT tableName FROM current WHERE loginName='{$name}'
AND loginPassword='{$pass}' LIMIT 0,1);
// I think a die() is overkill
// rather an abrupt end to the script, such errors can be with more
grace
if (!$res)
die(Wrong data supplied or database error .mysql_error());
// nobody found - bad credentials, authentication failed
if (!mysql_numrows($res))
return false;
// grab data
$row = mysql_fetch_assoc($res);
// set session data
$_SESSION['user'] = $user;
$_SESSION['loggedin'] = true; // use a BOOLEAN ... because NO
equates to TRUE!
// no idea what this 'table name' is about but ...
// let's set the 'by reference' variable to the value we found
$table = $row['tableName'];
// user authenticated!
return true;
}
which you would use like so:
$spoon = null;
if (authenticate(Jochem, MySecret, $spoon))
echo authenticated! table is set to $spoon;
else
echo authentication failed, there is no \$spoon;
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
