Re: [PHP] Making thumbs same size
Morning :o) This is what I am using --- SNIP $ratio_orig) { $width = $height*$ratio_orig; } else { $height = $width/$ratio_orig; } // Resample $image_p = imagecreatetruecolor($width, $height); $image = imagecreatefromjpeg($filename); $dest_path = "../_images/news/"; imagecopyresampled($image_p, $image, 0, 0, 0, 0, $width, $height, $width_orig, $height_orig); $dest_file = $dest_path."thumb_".$file; // Output imagejpeg($image_p, $dest_file, 100); ?> - SNAP --- If I read it now, I must admit that it might be hard to understand (even I am having a hard time reading it... I guess there is some useless stuff in there, too)... but I haven't had coffee yet, so I might be able to explain that stuff to you a bot late. But maybe this code example does help you... if not, please ask. :o) I will try my best then ... hopefully you just needed the calculation part :oP Cheerio mate Chris - Original Message - From: "Humani Power" <[EMAIL PROTECTED]> To: Sent: Monday, June 04, 2007 8:44 AM Subject: [PHP] Making thumbs same size Hey hi!!. I have a few pages that uploads images to the apache server and makes a registry on a mysql database. Everything is going well just for a few details. When I make the upload for an image, it creates me a thumb image, but not as I want. For example, if I have an image that its of 2000 x 2000 px, the thumb created is 200 x 200, If I upload another with 300x300 px, my thumb will be 30x30 px, making look the gallery pretty bad. The only thing that I need is that all my thumbs were on the same size. I've tried to modify the thumb width and height size, but doesnt work.. Probably I am not undersatnding hoy to use the resampling() tool. here is my code. thanks for your help -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is the GD module standard?
On 6/4/07, Greg Donald <[EMAIL PROTECTED]> wrote: On 6/3/07, Robert Cummings <[EMAIL PROTECTED]> wrote: > Every host I've ever used has had GD installed. If they didn't offer GD, > I'd switch. I think it's a safe bet to assume most realistic hosts have > GD. Same here. Been using it for years, never had to ask for it to be installed. -- Greg Donald http://destiney.com/ For paid hosts, it should be installed, but if you want to use it on free hosts too, there's a little chance that they have GD installed. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Error logging
I suggest each student adds the line error_reporting(E_ALL); This will echo the errors and will not affect the php.ini settings. Hope that will work for you cheers On 5/31/07, Clark Alexander <[EMAIL PROTECTED]> wrote: We have the following php.ini settings: error_reporting = E_ALL display_errors = Off display_startup_errors = Off log_errors = On log_errors_max_len = 1024 ignore_repeated_errors = Off ignore_repeated_source = Off report_memleaks = On track_errors = Off on a SuSE 10.1 server and the errors are being logged to /var/log/apache2/error_log (although I can't seem to find a setting that is making that happen.) parse errors ARE being logged to this file and that would be extremely useful information for students to be able to have when trying to find problems in their scripts. I can't just make that file readable to them. So, I had students create a "logs" directory within their file area and set the permissions so that the server can to it. I have them adding the following to the script(s) that they wish to troubleshoot: ini_set("log_errors", "On"); ini_set("error_reporting", E_ALL); ini_set("error_log", "logs/error_log"); Parse errors are not being written to their personal log file, though. Why not?? About the only going in there are NOTICE level entries. Thanks. Clark W. Alexander -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Tumwijukye Vincent Programmer & Software Architect Future Link Technologies Plot 17 Bukoto Street, P. O. BOX 14697, KAMPALA - UGANDA Tel: +256(0)774638790 Off:+256(0)41531274 Website: www.fl-t.com
Re: [PHP] Single Sign On
At 8:06 AM +0530 6/4/07, Sudheer Satyanarayana wrote: Hi, We have three web sites a) example1.com b) example2.com c) my.example2.com Our sites include exclusive pages for registered users. All user account management tasks are handled by my.example2.com including registration, modification, cancellation, etc. We would like to create a single sign on system for all the three web sites. The user would sign on with a single username and password to all three web sites. For example, when the user visits a membership page in example1.com he would be prompted to sign on to his account. His credentials are stored in my.example2.com. my.example2.com is now fully functional. After the successful sign on, the user would be redirected to original membership page in example1.com. How would I pass the information from my.example2.com to example1.com about the authentication status of user? We use MySQL database to store and retrieve user account details in my.example2.com. The web host does not allow remote database connections. If you have some control over software installation/web server configuration, you may find Pubcookie - http://www.pubcookie.org/ - useful. steve -- +--- my people are the people of the dessert, ---+ | Steve Edberghttp://pgfsun.ucdavis.edu/ | | UC Davis Genome Center[EMAIL PROTECTED] | | Bioinformatics programming/database/sysadmin (530)754-9127 | + said t e lawrence, picking up his fork + -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Making thumbs same size
Humani Power wrote: Hey hi!!. I have a few pages that uploads images to the apache server and makes a registry on a mysql database. Everything is going well just for a few details. When I make the upload for an image, it creates me a thumb image, but not as I want. For example, if I have an image that its of 2000 x 2000 px, the thumb created is 200 x 200, If I upload another with 300x300 px, my thumb will be 30x30 px, making look the gallery pretty bad. The only thing that I need is that all my thumbs were on the same size. I've tried to modify the thumb width and height size, but doesnt work.. Probably I am not undersatnding hoy to use the resampling() tool. Shockingly, the following lines which multiply the image width and height by 0.1 to create the thumb width and height mean that your thumb is always 10% of the size of the image. $thumb_width=$width*0.10; $thumb_height=$height*.10; Make these real numbers (taking account of aspect ratio), and you'll get what you're after. There are lots of tutorials out there explaining how to create thumbnails from images using GD, I suggest you Google for one. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Single Sign On
Sudheer, Another simple alternative is to pass the id to each site, and then make a cookie out of the id. If the user has the cookie then they authenticate, else, send them back to sign in at my.example2.com Sincerely, rob http://phpyellow.com === Sudheer wrote: >Date: Mon, 04 Jun 2007 08:06:52 +0530 >From: Sudheer Satyanarayana <[EMAIL PROTECTED]> >To: php-general@lists.php.net >Subject: Single Sign On >Hi, > >We have three web sites >a) example1.com >b) example2.com >c) my.example2.com > > >Our sites include exclusive pages for registered users. All user account >management tasks are handled by my.example2.com including registration, >modification, cancellation, etc. We would like to create a single sign >on system for all the three web sites. The user would sign on with a >single username and password to all three web sites. For example, when >the user visits a membership page in example1.com he would be prompted >to sign on to his account. His credentials are stored in >my.example2.com. my.example2.com is now fully functional. After the >successful sign on, the user would be redirected to original membership >page in example1.com. > >How would I pass the information from my.example2.com to example1.com >about the authentication status of user? > >We use MySQL database to store and retrieve user account details in >my.example2.com. The web host does not allow remote database connections. > >Thanks, >Sudheer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] undefined GD function
Hi All, I am testing some GD functions, but I'm getting "undefined function" errors. I checked php.ini and changed ;extension=php_gd2.dll to extension=php_gd2.dll The php.ini file contains: extension_dir = "c:/php/ext" and this directory does contain php_gd2.dll (version 5.2.0.0) I am using Windows XP, PHP 5.2.0 and IIS 5.1. The function getimagesize($filename); is okay, but imagecreatetruecolor($width, $height); says "undefined function". I would appreciate some hints. TIA, Cor
[PHP] Re: Making thumbs same size
$thumb_width=50; //change this number to your preference $thumb_height=50; -- itoctopus - http://www.itoctopus.com ""Humani Power"" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hey hi!!. > > I have a few pages that uploads images to the apache server and makes a > registry on a mysql database. Everything is going well just for a few > details. > > When I make the upload for an image, it creates me a thumb image, but not > as > I want. For example, if I have an image that its of 2000 x 2000 px, the > thumb created is 200 x 200, If I upload another with 300x300 px, my thumb > will be 30x30 px, making look the gallery pretty bad. The only thing that > I > need is that all my thumbs were on the same size. > I've tried to modify the thumb width and height size, but doesnt work.. > Probably I am not undersatnding hoy to use the resampling() tool. > > here is my code. > > include("connection.php"); > //make variables avaliable > $image_caption = $_POST['image_caption']; > $image_username = $_POST['image_username']; > $image_tempname = $_FILES['image_filename']['name']; > $image_date = date($_POST['image_date']); > $today= date("Y-m-d"); > //upload image and check for image type > $ImageDir="/var/www/apache2-default/images/"; > $Imagethumb=$ImageDir."thumbs/"; > $ImageName=$ImageDir . $image_tempname; > if (move_uploaded_file($_FILES['image_filename']['tmp_name'], > $ImageName)) { > //get info about the image being uploaded > > > list($width, $height, $type, $attr)= getimagesize($ImageName); > > //insert info into the table > $insert= "insert into rsiis_images >(image_caption,image_username,image_date,image_date_upload) >values >('$image_caption','$image_username','$image_date','$today')"; >$insertresults=mysql_query($insert) >or die(mysql_error()); >$lastpicid=mysql_insert_id(); > > >$newfilename=$ImageDir . $lastpicid .".jpg"; >if($type==2){ >rename($ImageName, $newfilename); >} else { > if ($type==1){ >$image_old=imagecreatefromgif($ImageName); >}elseif ($type==3){ >$image_old=imagecreatefrompng($ImageName); >} > >//"convert the image to JPG > >$image_jpg=imagecreatetruecolor($width,$height); >imagecopyresampled($image_jpg,$image_old, 0, 0, 0, 0, $width, > $height,$width,$height); > >imagejpeg($image_jpg,$newfilename); >imagedestroy($image_old); > imagedestroy($image_jpg); >} > > $newthumbname=$Imagethumb.$lastpicid.".jpg"; > //get dimensions of the thumbnail > > $thumb_width=$width*0.10; > $thumb_height=$height*.10; > > //Create thumbnail > $largeimage=imagecreatefromjpeg($newfilename); > > $thumb=imagecreatetruecolor($thumb_width,$thumb_height); > imagecopy($thumb, $largeimage, 0, 0, 0, 0,$width,$height); >imagecopyresampled($thumb, $largeimage, 0, 0, 0, 0, > > $thumb_width,$thumb_height,$width,$height); > imagejpeg($thumb,$newthumbname); > imagedestroy($largeimage); > imagedestroy($thumb); > > > $url="location:showimage.php?id=".$lastpicid; > header($url); > > > } > > > ?> > > > > thanks for your help > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Is the GD module standard?
The GD module is an option that most sys admins install with php (It also installs by default on OS such as Centos, Ubuntu, etc...) -- itoctopus - http://www.itoctopus.com "Dave M G" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > PHP General, > > I have been using the imagepng() function in my local testing environment > for a while now to make CAPTCHA images. > > In my testing environment, I hadn't done any customization to my PHP set > up. I went with the default set of installation options that Ubuntu offers > for a LAMP server. > > Recently, I uploaded my site to a web hosting server, and the CAPTCHA > would not display. > > At first, I didn't understand that it was a module issue, because I > thought the imagepng() function was standard in PHP. > > However, by using the phpinfo() command on my hosting service, I realized > they don't have the GD module installed. > > So my assumption that imagepng() will be available on any standard > installation of PHP is wrong. > > However, I'm surprised that it wouldn't be as common as, say, the MySQL > module. > > Is it that my Ubuntu installation comes with an unusual amount of bells > and whistles? Is it that my web hosting server is lacking in what can be > expected for standard PHP features? > > I want to write code that most people can expect to run on their hosting > services without having to reconfigure their PHP installation. So, can I > expect that most servers would have the GD module? If not, what do people > usually do to manipulate images? > > Thank you for any advice. > > -- > Dave M G > Ubuntu Feisty 7.04 > Kernel 2.6.20-15-386 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is the GD module standard? [SOLVED]
Tijnema, Greg, Robert, Thank you all for your advice. After the responses here convinced me that the GD libraries should be expected, I've contacted my hosting service to inquire why it's not already installed. My hosting service allows me to make custom configurations to PHP. Fortunately it turns out it's only a matter of making a check box selection and then clicking a button to install. Thank you for helping me understand what to expect out of a normal PHP installation. -- Dave M G Ubuntu Feisty 7.04 Kernel 2.6.20-15-386 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Security for uploaded PDF files
I have an application, with mild security, that approved users can upload pdf files. Obviously, the security for executables with a simple pdf extension bothers me. I's like some suggestions on how I can protect against errant files with a pdf guise? Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: undefined GD function
C.R.Vegelin escreveu: Hi All, I am testing some GD functions, but I'm getting "undefined function" errors. I checked php.ini and changed ;extension=php_gd2.dll to extension=php_gd2.dll The php.ini file contains: extension_dir = "c:/php/ext" and this directory does contain php_gd2.dll (version 5.2.0.0) I am using Windows XP, PHP 5.2.0 and IIS 5.1. The function getimagesize($filename); is okay, but imagecreatetruecolor($width, $height); says "undefined function". I would appreciate some hints. TIA, Cor The function getimagesize() does not require the GD image library. Check your system with: -- ' . $xt . ''; echo ""; print_r ( $funcs10 ); echo ""; } ?> IF the GD libray was listed, use: "; print_r ( $gdfuncs ); echo ""; ?> To see all the active GD funtions. -- zerof http://www.educar.pro.br/ Apache - PHP - MySQL - Boolean Logics - Project Management -- Você deve, sempre, consultar uma segunda opinião! -- Deixe todos saberem se esta informação foi-lhe útil. -- You must hear, always, one second opinion! In all cases. -- Let the people know if this info was useful for you! -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Making thumbs same size
At 1:44 AM -0500 6/4/07, Humani Power wrote: Hey hi!!. I have a few pages that uploads images to the apache server and makes a registry on a mysql database. Everything is going well just for a few details. When I make the upload for an image, it creates me a thumb image, but not as I want. For example, if I have an image that its of 2000 x 2000 px, the thumb created is 200 x 200, If I upload another with 300x300 px, my thumb will be 30x30 px, making look the gallery pretty bad. The only thing that I need is that all my thumbs were on the same size. I've tried to modify the thumb width and height size, but doesnt work.. Probably I am not undersatnding hoy to use the resampling() tool. here is my code. Humani: -snip- Don't scale, resample. See here: http://www.webbytedd.com/b/thumb/index.php Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: undefined GD function
On Mon, 2007-06-04 at 10:16 -0300, zerof wrote: > C.R.Vegelin escreveu: > > Hi All, > > > > I am testing some GD functions, but I'm getting "undefined function" errors. > > I checked php.ini and changed > > ;extension=php_gd2.dll > > to > > extension=php_gd2.dll That doesn't mean you actually have the extension installed, only that if you do have it installed, it's now enabled. > > The function getimagesize() does not require the GD image library. > Check your system with: > -- [-- PURGED LENGTHY OUTPUT SCRIPT --] Just use: Then check for the GD extension in the installed extensions list. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Making thumbs same size
On Mon, 2007-06-04 at 09:50 -0400, tedd wrote: > > Don't scale, resample. See here: > > http://www.webbytedd.com/b/thumb/index.php Hi Tedd, In your script you have: ini_set( 'register_globals', '0' ); The line is pointless, it can't be reached until after such globals have been registered. Also you have: ob_start(); Why use output buffering? You don't actually do anything with the buffer other than flushing it :) Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Double checking - I should turn off "magic quotes"
PHP General, I've read on the manual that it's "preferred to code with magic quotes off and to instead escape the data at runtime, as needed": Recently, while configuring my PHP so as to install the GD libraries, that the default option was to have magic quotes turned on. I just want to double check here what to do. Should I disable magic quotes on my server? Also, I'm developing code that I hope others can use. For the purposes of portability, is it safe to assume that most environments will have magic quotes off, and build for that? So I should disable magic quotes on my testing environment and do my own escaping? While I'm asking about escaping, is converting characters like apostrophes and ampersands to hex characters before storing them in a MySQL database a safe way to go? Thank you for any advice. -- Dave M G Ubuntu Feisty 7.04 Kernel 2.6.20-15-386 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Double checking - I should turn off "magic quotes"
On Mon, 2007-06-04 at 23:02 +0900, Dave M G wrote: > PHP General, > > I've read on the manual that it's "preferred to code with magic quotes > off and to instead escape the data at runtime, as needed": Indeed this is preferable. > Recently, while configuring my PHP so as to install the GD libraries, > that the default option was to have magic quotes turned on. That's because there's a lot of bad scripts out there. > I just want to double check here what to do. Should I disable magic > quotes on my server? Not unless you're certain you don't have any script that rely on magic quotes. If you do, then they will become open security holes. > Also, I'm developing code that I hope others can use. For the purposes > of portability, is it safe to assume that most environments will have > magic quotes off, and build for that? No, you should check the ini setting in your code and react accordingly. > So I should disable magic quotes on my testing environment and do my own > escaping? Yes. > While I'm asking about escaping, is converting characters like > apostrophes and ampersands to hex characters before storing them in a > MySQL database a safe way to go? No, use the proper escaping mechanism offered for your particular database. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Double checking - I should turn off "magic quotes"
Robert , Thank you for your quick reply. If it's okay, I'd just like to clarify the points you raise. I just want to double check here what to do. Should I disable magic quotes on my server? Not unless you're certain you don't have any script that rely on magic quotes. If you do, then they will become open security holes. The only scripts I have are the ones I put there myself. So if I conform to the no magic quotes standard, then I should be safe, right? Also, I'm developing code that I hope others can use. For the purposes of portability, is it safe to assume that most environments will have magic quotes off, and build for that? No, you should check the ini setting in your code and react accordingly. Sorry, I don't quite follow you here. If I turn magic quotes off on both my testing environment and my server, as is "preferable" according to the manual, then my ini file will conform to that. But I don't see how that relates to the portability of the code. As much as possible, I'd like to have others be able to run my scripts with minimum hassle. If I make my development environment and my own web hosting server conform to the "preferable" set up, but most servers default to having magic quotes on, then won't my code break on most people's servers? So I should disable magic quotes on my testing environment and do my own escaping? Yes. Okay... but I'm still confused as to how this impacts the potential for my code's portability as described above. While I'm asking about escaping, is converting characters like apostrophes and ampersands to hex characters before storing them in a MySQL database a safe way to go? No, use the proper escaping mechanism offered for your particular database. Since my database is MySQL, does that mean using addslashes() and stripslashes()? In other words manually doing what magic quotes was doing automatically? Just for my own education, is it insecure to use hex codes to store apostophes and other special characters in the case of MySQL? Can someone inject a workable MySQL command into my database if all apostrophes and other non-alphanumeric characters are converted to hex? -- Dave M G Ubuntu Feisty 7.04 Kernel 2.6.20-15-386 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re[2]: [PHP] Double checking - I should turn off "magic quotes"
Hi Dave, Monday, June 4, 2007, 3:25:25 PM, you wrote: >> No, you should check the ini setting in your code and react accordingly. >> > Sorry, I don't quite follow you here. If I turn magic quotes off on both > my testing environment and my server, as is "preferable" according to > the manual, then my ini file will conform to that. > But I don't see how that relates to the portability of the code. As much > as possible, I'd like to have others be able to run my scripts with > minimum hassle. > If I make my development environment and my own web hosting server > conform to the "preferable" set up, but most servers default to having > magic quotes on, then won't my code break on most people's servers? In your code you check to see if magic quotes is enabled or not: http://uk2.php.net/manual/en/function.get-magic-quotes-runtime.php http://uk2.php.net/manual/en/function.get-magic-quotes-gpc.php You can check if magic quotes is on, and if so you can strip the incoming data accordingly. You cannot disable GPC quoting unless you have access to set php values (ini file, htaccess, etc), but you *can* disable runtime quoting (which is what happens when data is fetched from a database). On the basis that you can't disable GPC quoting you only need to know what state the data you receive will be in, and treat it accordingly. Cheers, Rich -- Zend Certified Engineer http://www.corephp.co.uk "Never trust a computer you can't throw out of a window" -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Double checking - I should turn off "magic quotes"
On Mon, 2007-06-04 at 23:25 +0900, Dave M G wrote: > Robert , > > Thank you for your quick reply. > > If it's okay, I'd just like to clarify the points you raise. > > >> I just want to double check here what to do. Should I disable magic > >> quotes on my server? > >> > > > > Not unless you're certain you don't have any script that rely on magic > > quotes. If you do, then they will become open security holes. > > > The only scripts I have are the ones I put there myself. So if I conform > to the no magic quotes standard, then I should be safe, right? Yes... as long as they all properly escape data. > >> Also, I'm developing code that I hope others can use. For the purposes > >> of portability, is it safe to assume that most environments will have > >> magic quotes off, and build for that? > >> > > > > No, you should check the ini setting in your code and react accordingly. > > > Sorry, I don't quite follow you here. If I turn magic quotes off on both > my testing environment and my server, as is "preferable" according to > the manual, then my ini file will conform to that. > > But I don't see how that relates to the portability of the code. As much > as possible, I'd like to have others be able to run my scripts with > minimum hassle. > > If I make my development environment and my own web hosting server > conform to the "preferable" set up, but most servers default to having > magic quotes on, then won't my code break on most people's servers? If you want other people to run your scripts then they may come from different hosting configurations. Some will have magic quotes enabled, some will not. Since you want a minimum of hassle, and you want to reach the widest possible group, YOU need to check the magic quotes ini setting in your script and do the right thing based on what you receive. For instance if magic quotes are disabled, you know to escape any questionable data coming from $_GET, $_POST, etc. However if your code is run on a server with magic quotes enabled, then single quotes and stuff will already be escaped. This has a couple of issues: 1. It's not safe since it doesn't use your database's specific escaping policy. This is important due to character sets. 2. If you just balatantly apply the databases escaping policy some characters will get escaped twice meaning you'll actually see the escape character added by the magic quotes mess. The best way to handle this is to remove magic quotes escaping from retrieved values and then apply your database's escaping mechanism. If you cannot ascertain the source of the data being used in a query, you're better safe than sorry and should apply your database's escaping even if it means you'll get double escaping. > >> So I should disable magic quotes on my testing environment and do my own > >> escaping? > >> > > > > Yes. > > > > Okay... but I'm still confused as to how this impacts the potential for > my code's portability as described above. Your environment is not necessarily everyone else's environment. See above :) > >> While I'm asking about escaping, is converting characters like > >> apostrophes and ampersands to hex characters before storing them in a > >> MySQL database a safe way to go? > >> > > > > No, use the proper escaping mechanism offered for your particular > > database. > Since my database is MySQL, does that mean using addslashes() and > stripslashes()? In other words manually doing what magic quotes was > doing automatically? Neither! It means using mysql_real_escape_string(): http://www.php.net/manual/en/function.mysql-real-escape-string.php > Just for my own education, is it insecure to use hex codes to store > apostophes and other special characters in the case of MySQL? Can > someone inject a workable MySQL command into my database if all > apostrophes and other non-alphanumeric characters are converted to hex? Escaping handles the security implications. If you want to go ahead and do something weird like converting quotes and stuff to hex codes that's fine. But understand that'll you're just creating you're own escaping system since whatever you use to denote a hex converted character will need to be escaped when it should be considered literal. As such, MySQL is backed by fast and time/user-tested C code. Your method will be prone to errors and inefficient implementation and still may have issues due to character set issues. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily.
[PHP] Removing a row from an Array
Hey - - - - - - -- To do this, I am: - looping through the array - copying the rows that I want to *keep* to a temp array, and - replacing the original array with the "temp' one. Seems convoluted, but I couldn't find any function to remove a row of an array. Am I missing something (other than a few brain cells)? thanks - - - Ken -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Removing a row from an Array
[snip] To do this, I am: - looping through the array - copying the rows that I want to *keep* to a temp array, and - replacing the original array with the "temp' one. Seems convoluted, but I couldn't find any function to remove a row of an array. Am I missing something (other than a few brain cells)? [/snip] http://us2.php.net/manual/en/function.array-pop.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Removing a row from an Array
Using array_pop wouldn't do it, as it just removes the last element. You could use unset() for the rows you don't want to keep. Best regards, Peter Lauri www.dwsasia.com - company web site www.lauri.se - personal web site www.carbonfree.org.uk - become Carbon Free > -Original Message- > From: Jay Blanchard [mailto:[EMAIL PROTECTED] > Sent: Monday, June 04, 2007 9:25 PM > To: Ken Kixmoeller -- reply to [EMAIL PROTECTED]; php- > [EMAIL PROTECTED] > Subject: RE: [PHP] Removing a row from an Array > > [snip] > To do this, I am: > > - looping through the array > - copying the rows that I want to *keep* to a temp array, and > - replacing the original array with the "temp' one. > > Seems convoluted, but I couldn't find any function to remove a row of > an array. Am I missing something (other than a few brain cells)? > [/snip] > > http://us2.php.net/manual/en/function.array-pop.php > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Removing a row from an Array
Can't you just unset() the values you don't want? Ken Kixmoeller -- reply to [EMAIL PROTECTED] wrote: > Hey - - - - - - -- > > To do this, I am: > > - looping through the array > - copying the rows that I want to *keep* to a temp array, and > - replacing the original array with the "temp' one. > > Seems convoluted, but I couldn't find any function to remove a row of an > array. Am I missing something (other than a few brain cells)? > > thanks - - - > > Ken -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Removing a row from an Array
On Jun 4, 2007, at 2:25 PM, Jay Blanchard wrote: http://us2.php.net/manual/en/function.array-pop.php Thanks, Jay --- I did see that function, but forgot about it when I asked the question. I should have added that *any* array row among many could be the one that needs to be removed. I couldn't figure out how to reorder the array so that POP would work. Ken -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Removing a row from an Array
On Jun 4, 2007, at 3:29 PM, Peter Lauri wrote: You could use unset() for the rows you don't want to keep. Ah --- yes, that looks like it would do it. I was expecting something to find something array-specific. Thank you, Pater and Roberto -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Removing a row from an Array
What determines the rows you want to keep? Ken Kixmoeller -- reply to [EMAIL PROTECTED] wrote: Hey - - - - - - -- To do this, I am: - looping through the array - copying the rows that I want to *keep* to a temp array, and - replacing the original array with the "temp' one. Seems convoluted, but I couldn't find any function to remove a row of an array. Am I missing something (other than a few brain cells)? thanks - - - Ken -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Removing a row from an Array
On Jun 4, 2007, at 3:27 PM, Al wrote: What determines the rows you want to keep? User selection. The array is essentially a "shopping cart"-type of object. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Fwd: php5 and sendmail
Hello all, Firstly, I'm not subcsribed so please CC me. The issue, I'm running FC6 with php5 and sendmail. I can use mail and send mail with client inlc telnet sessions. However, mailing with php is just not working. This is what I'm using. Anyone got a clue?
Re: [PHP] Fwd: php5 and sendmail
Arvind Autar wrote: Hello all, Firstly, I'm not subcsribed so please CC me. The issue, I'm running FC6 with php5 and sendmail. I can use mail and send mail with client inlc telnet sessions. However, mailing with php is just not working. This is what I'm using. Anyone got a clue? Well, a little more information would be nice, like OS and what is your setting in your php.ini file for sendmail set to? Suggestion, maybe you need to set headers? Valid from line might help. Are you sure that it is not working? Maybe GMail is flagging it as spam. -- Jim Lucas "Some men are born to greatness, some achieve greatness, and some have greatness thrust upon them." Unknown -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Fwd: php5 and sendmail
Arvind Autar wrote: I defiend the distrobution of linux, FC6 (fedora core 6), my php.ini is set correcty afaik [mail function] ; For Win32 only. SMTP = srv1.mydomain.nl smtp_port = 25 ; For Win32 only. sendmail_from = [EMAIL PROTECTED] ; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). sendmail_path = /usr/sbin/sendmail I'm not that keen with php, so could you help me out? 2007/6/5, Jim Lucas <[EMAIL PROTECTED]>: Arvind Autar wrote: > Hello all, > > Firstly, I'm not subcsribed so please CC me. > > The issue, I'm running FC6 with php5 and sendmail. I can use mail and send > mail with client inlc telnet sessions. However, mailing with php is just > not > working. > > This is what I'm using. > > // The message > $message = "Line 1\nLine 2\nLine 3"; > > // In case any of our lines are larger than 70 characters, we should use > wordwrap() > $message = wordwrap($message, 70); > > // Send > mail('[EMAIL PROTECTED]', 'My Subject', $message); > ?> > > Anyone got a clue? > Well, a little more information would be nice, like OS and what is your setting in your php.ini file for sendmail set to? Suggestion, maybe you need to set headers? Valid from line might help. Are you sure that it is not working? Maybe GMail is flagging it as spam. -- Jim Lucas "Some men are born to greatness, some achieve greatness, and some have greatness thrust upon them." Unknown I would comment out the windows only parts and restart apache and see if things work then -- Jim Lucas "Some men are born to greatness, some achieve greatness, and some have greatness thrust upon them." Unknown -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Removing a row from an Array
Can you be more specific? Show us a line of code, or so. There are lots of functions that may fit your needs, array_filter(), array_walk(), preg_grep(), etc. I've found array_grep() to be super in many cases. Returns the array consisting of the elements of the input array that match the given pattern. OR, that don't match the pattern. Most require array_values() to resync the keys. Ken Kixmoeller -- reply to [EMAIL PROTECTED] wrote: On Jun 4, 2007, at 3:27 PM, Al wrote: What determines the rows you want to keep? User selection. The array is essentially a "shopping cart"-type of object. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Fwd: php5 and sendmail
Arvind Autar wrote: Hello all, Firstly, I'm not subcsribed so please CC me. The issue, I'm running FC6 with php5 and sendmail. I can use mail and send mail with client inlc telnet sessions. However, mailing with php is just not working. This is what I'm using. Anyone got a clue? Check your mail server logs to see if it makes it to the mail server and then what happens to it. It could be that it's being flagged as spam because of the content as Jim suggested. -- Postgresql & php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] uploading big images.
Hi, me again. I need to tell you that im completely new in LAMP, so please don´t get tired with my silly questions :-). I was able to upload and create thumb images with the same size. But now, I am realizing that I can´t upload images bigger than 1 MB, I don´t know why. I load the image through the upload image.php, then I check it with the check_image.php file, and then, I show the result in the browser with the Show image file, but as I told you, only works with files less than 1 mb. With bigger images, I only get a blank page without any errors. I think it is a PHP.ini file configuration or something. Can you help me? Thanks in advance.
Re: [PHP] uploading big images.
Yamil Ortega wrote: Hi, me again. I need to tell you that im completely new in LAMP, so please don´t get tired with my silly questions :-). I was able to upload and create thumb images with the same size. But now, I am realizing that I can´t upload images bigger than 1 MB, I don´t know why. I load the image through the upload image.php, then I check it with the check_image.php file, and then, I show the result in the browser with the Show image file, but as I told you, only works with files less than 1 mb. With bigger images, I only get a blank page without any errors. Create a phpinfo page and see what your upload_max_filesize is set to. -- Postgresql & php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Urgent::Implementing PKI in PHP
We have a website in PHP where we want to implement PKI. The scenario is that there would be some registered dealers who woud have to buy Digital signatures. When they come to our website they would input several information through PHP designed forms and use the digital signatures to sign the data. We wanted to use OpenSSL for the same. However what I fail to understand is how to implement the OpenSSL functions for implementing the client side of this, which would involve encryption using Private key etc, since PHP would be parsed at the server only. Please respond, it is an urgent requirement Thx Renuka
Re: [PHP] Double checking - I should turn off "magic quotes"
Robert , PHP General, Thank you for replying and explaining the situation clearly. Neither! It means using mysql_real_escape_string(): http://www.php.net/manual/en/function.mysql-real-escape-string.php I have now made it so each and every queries to the database pass through mysql_real_escape_string. I've also turned off magic quotes on my host and on my testing environment, and made it so my code tests for the existence of magic quotes before adding and stripping slashes. I was wondering if there are some recommended tests I can try to see how well I am protected against MySQL injection. I was searching via Google because I thought I had seen before a site that listed 10 common injection attacks. But I can't find it now, and seem to be only coming across proprietary software for sale. Can someone recommend some MySQL code that I can use to test my code? -- Dave M G Ubuntu Feisty 7.04 Kernel 2.6.20-15-386 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Printing MSSQL-Query ERROR description in PHP
Hi, Is there any way to print the reason why the query has been failed, like the way MySQL-PHP has mysql_error()? Regards, KARTHIK. - Download prohibited? No problem! CHAT from any browser, without download.
[PHP] TableName with space
Hi, How can I create a table with spaces "Order details" in MSSQL using PHP? I am able to create manually the table name with space by providing the name in Double Quotes. Is there a way out to do this using PHP? Thanks Karthik. - Download prohibited? No problem! CHAT from any browser, without download.
Re: [PHP] TableName with space
karthi keyan wrote: Hi, How can I create a table with spaces "Order details" in MSSQL using PHP? I am able to create manually the table name with space by providing the name in Double Quotes. Is there a way out to do this using PHP? Put double quotes around it in php - rather simple really. $qry = 'create table "my table name" '; -- Postgresql & php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Removing a row from an Array
I've never heard of, nor seen array_grep() before and AFAIK it's also not a built-in php function. Check it at http://www.php.net/array_grep, it doesn't exist. No need to advise that which does not exist :) - Tul Al wrote: Can you be more specific? Show us a line of code, or so. There are lots of functions that may fit your needs, array_filter(), array_walk(), preg_grep(), etc. I've found array_grep() to be super in many cases. Returns the array consisting of the elements of the input array that match the given pattern. OR, that don't match the pattern. Most require array_values() to resync the keys. Ken Kixmoeller -- reply to [EMAIL PROTECTED] wrote: On Jun 4, 2007, at 3:27 PM, Al wrote: What determines the rows you want to keep? User selection. The array is essentially a "shopping cart"-type of object. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php