php-general Digest 25 Oct 2010 11:54:27 -0000 Issue 7005
Topics (messages 309045 through 309052):
Re: Stripslashes redundancy question.
309045 by: Adam Richardson
Re: I need some thoughts on code duplication and separation
309046 by: Rico Secada
Re: Reminder On Mailing List Rules
309047 by: Paul M Foster
309049 by: Gary
Best practice for if (!$stmt->execute())
309048 by: Rico Secada
309050 by: Tommy Pham
309052 by: Rico Secada
Re: Interfacing with telnet using curl
309051 by: HM 2K
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
On Sun, Oct 24, 2010 at 6:29 PM, Gary <gp...@paulgdesigns.com> wrote:
> In my form processing scripts, I usually have the variable set as so:
>
> $email = stripslashes($_POST['email']);
>
> I have discovered that the program that I use has a pre-written function of
> this:
>
> // remove escape characters from POST array
> if (get_magic_quotes_gpc()) {
> function stripslashes_deep($value) {
> $value = is_array($value) ? array_map('stripslashes_deep', $value) :
> stripslashes($value);
> return $value;
> }
> $_POST = array_map('stripslashes_deep', $_POST);
> }
>
> I just put this in a script that I have been using, leaving the original
> stripslashes in the variable. The script still works, but is there a
> problem
> with redundancy, or does one cancel the other out?
>
> Also, which do you think is a better method to use?
>
> Thank you
>
> Gary
>
>
>
> __________ Information from ESET Smart Security, version of virus signature
> database 5560 (20101024) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Hi Gary,
Calling stripslashes() more than once on the same string can cause issues.
That said, I'd point out that as of PHP 5.3, the use of magic_quotes_gpc()
has been deprecated:
http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc
<http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc>This
was after many criticisms were leveled against the use of magic quotes:
http://en.wikipedia.org/wiki/Magic_quotes
So, my inclination is to turn off magic quotes if they're on by using
php.ini -OR- htaccess (if at all possible) rather than checking if they are
on and strip them if needed.
Adam
--
Nephtali: PHP web framework that functions beautifully
http://nephtaliproject.com
--- End Message ---
--- Begin Message ---
On Thu, 21 Oct 2010 10:55:14 -0400
Paul M Foster <pa...@quillandmouse.com> wrote:
> On Thu, Oct 21, 2010 at 04:05:50AM +0200, Rico Secada wrote:
>
> > Hi.
> >
> > I am working on a small system where I am both trying to avoid code
> > duplication and at the same time I am trying to keep the
> > presentation logic separated from the application logic.
> >
> > I am using sessions and are avoiding "headers already sent" problem
> > by keeping the HTML out of the application.
> >
> > For example, I would like to have a common header.php file, but it
> > is difficult to create this since one file needs to have some
> > specific Javascript located in the <head> </head> tags, but the
> > other files doesn't need this.
> >
> > Another file needs to have a specific "onload" call in the <body>
> > tag, while yet another file also needs to have an "onload" call,
> > but with different attributes.
> >
> > I have been looking around in other systems to see what kinds of
> > solutions are being used - as inspiration.
> >
> > I have been thinking about the following solutions:
> >
> > 1. Create only ONE header.php file that contains a lot of
> > conditionals depending on what file is including it - the output of
> > HTML/Javascript changes.
> >
> > I believe this would turn into a very ugly hack. Difficult to
> > maintain.
>
> Not really. Here's what I do. I have a page controller which defines
> variables and such, and then calls the header.php file. The page
> controller will contain something like this:
>
> $meta['jsfiles'] = 'onload.js';
>
> The header.php will contain code like this:
>
> <?php if (!empty($meta['jsfiles'])): ?>
> <?php include $meta['jsfiles']; ?>
> <?php endif; ?>
>
> The page controller can also contain a variety of other settings,
> like:
>
> $meta['content'] = 'cust_add.php';
>
> and the header.php will contain:
>
> <?php include $meta['content']; ?>
>
> This directs the proper internal content for the header.php, which is
> really like a "template" file.
>
> Also remember that at the bottom of the page controller, you do a like
> like this:
>
> include 'header.php';
>
> You can change this as you like for any given page controller.
>
> Paul
>
> --
> Paul M. Foster
Thanks Paul! It's a nice way to do it.
--- End Message ---
--- Begin Message ---
On Fri, Oct 22, 2010 at 12:35:43PM -0400, tedd wrote:
> At 4:54 PM -0400 10/21/10, Marc Guay wrote:
> >Toilet seat. Up or down. Same thing? Sort of.
>
> No, everything down (seat and top) is the rule in my house.
>
> You should see how women often react when I tell them to put the top
> down -- it's like my dog hearing a high note.
I used to do that just to aggravate women who hassled me about leaving
the seat up. I've softened a bit in my old age, and no longer insist on
it.
Paul
--
Paul M. Foster
--- End Message ---
--- Begin Message ---
Paul M Foster wrote:
> I've softened a bit in my old age
You can get pills for that ;-)
--- End Message ---
--- Begin Message ---
Hi.
I have been doing like this:
if (!$stmt->execute()) {
return false;
} else {
... some code
return true;
OR
return $foo; // Some int, string, whatever.
}
I am thinking about changing the "return false" with a:
if (!$stmt->execute()) {
die(DB_ERROR);
This way making sure that every single db execute gets a valid check
and at the same time return some kind of valuable db error to the user
and end the script.
How do you deal with db execution checks?
Thanks in advance!
Best regards.
Rico.
--- End Message ---
--- Begin Message ---
> -----Original Message-----
> From: Rico Secada [mailto:coolz...@it.dk]
> Sent: Sunday, October 24, 2010 9:06 PM
> To: php-gene...@lists.php.net
> Subject: [PHP] Best practice for if (!$stmt->execute())
>
> Hi.
>
> I have been doing like this:
>
> if (!$stmt->execute()) {
> return false;
> } else {
>
> ... some code
>
> return true;
> OR
> return $foo; // Some int, string, whatever.
>
> }
>
> I am thinking about changing the "return false" with a:
>
> if (!$stmt->execute()) {
> die(DB_ERROR);
>
> This way making sure that every single db execute gets a valid check and
at
> the same time return some kind of valuable db error to the user and end
the
> script.
>
> How do you deal with db execution checks?
>
> Thanks in advance!
>
> Best regards.
>
> Rico.
>
Rico,
Shouldn't you consider this as "what happens, while in production, should
the script fails?", whether its DB related or not. In that case, how would
you want to handle the error? Do you, or the system admin, want to be
notified one way or another of the failure? Do want to implement a backup
in case that failure happens as an 'automatic recovery' mechanism? As a
system/network admin, I go by 3 guidelines:
1) Prevent failure as much as I can (either system hardware, software
applications, hacks/exploits/vulnerabilities, etc.).
2) In the event that 1 fails, what's the recovery process? How fast can I
recover from it?
3) If 2 fails, then there's something wrong with the whole process, which I
need to expand my knowledge & skillset.
In my past experiences, I haven't yet got to stage 2 because there
precautions you can take to detect when a failure is about to happen so that
stage 2 will never happens. What you need to consider is how important is
this? Is it mission critical?
Regards,
Tommy
--- End Message ---
--- Begin Message ---
On Mon, 25 Oct 2010 00:26:23 -0700
"Tommy Pham" <tommy...@gmail.com> wrote:
> > -----Original Message-----
> > From: Rico Secada [mailto:coolz...@it.dk]
> > Sent: Sunday, October 24, 2010 9:06 PM
> > To: php-gene...@lists.php.net
> > Subject: [PHP] Best practice for if (!$stmt->execute())
> >
> > Hi.
> >
> > I have been doing like this:
> >
> > if (!$stmt->execute()) {
> > return false;
> > } else {
> >
> > ... some code
> >
> > return true;
> > OR
> > return $foo; // Some int, string, whatever.
> >
> > }
> >
> > I am thinking about changing the "return false" with a:
> >
> > if (!$stmt->execute()) {
> > die(DB_ERROR);
> >
> > This way making sure that every single db execute gets a valid
> > check and
> at
> > the same time return some kind of valuable db error to the user and
> > end
> the
> > script.
> >
> > How do you deal with db execution checks?
> >
> > Thanks in advance!
> >
> > Best regards.
> >
> > Rico.
> >
>
> Rico,
>
> Shouldn't you consider this as "what happens, while in production,
> should the script fails?", whether its DB related or not. In that
> case, how would you want to handle the error? Do you, or the system
> admin, want to be notified one way or another of the failure? Do
> want to implement a backup in case that failure happens as an
> 'automatic recovery' mechanism? As a system/network admin, I go by 3
> guidelines:
> 1) Prevent failure as much as I can (either system hardware, software
> applications, hacks/exploits/vulnerabilities, etc.).
> 2) In the event that 1 fails, what's the recovery process? How fast
> can I recover from it?
> 3) If 2 fails, then there's something wrong with the whole process,
> which I need to expand my knowledge & skillset.
>
> In my past experiences, I haven't yet got to stage 2 because there
> precautions you can take to detect when a failure is about to happen
> so that stage 2 will never happens. What you need to consider is how
> important is this? Is it mission critical?
>
> Regards,
> Tommy
Thank you for some very important thoughts! Creating an extended error
handling function seems appropriate.
Regards,
Rico
--- End Message ---
--- Begin Message ---
Before I report this as a bug, can anyone provide an example of how to
interface with a telnet server using curl?
Here's what I've tried, with various results:
<pre>
<?php
error_reporting(E_ALL);
ini_set('display_errors','On');
function curl_telnet($query,$server,$proxy=false,$timeout=10) {
if (!function_exists('curl_init')) {
user_error('"curl_init()" function does not exist.', E_USER_WARNING);
return false;
}
$ch = curl_init($server);
if ($proxy) {
curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);
curl_setopt($ch, CURLOPT_PROXY, $proxy);
}
curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $query);
$output=curl_exec($ch);
curl_close($ch);
return $output;
}
$tests=array();
$tests['rainmaker.wunderground.com:23']="\r\n\r\nx\r\n";
$tests['telnet://rainmaker.wunderground.com:23']="\r\n\r\nx\r\n";
$tests['towel.blinkenlights.nl:666']='';
$tests['telnet://towel.blinkenlights.nl:666']='';
$tests['whois.iana.org:43']="com\r\n";
$tests['telnet://whois.iana.org:43']="com\r\n";
foreach ($tests as $server => $query) {
$result=curl_telnet($query,$server)?'good':'fail';
echo "$server=$result\n";
}
?>
This results as following:
rainmaker.wunderground.com:23=good
telnet://rainmaker.wunderground.com:23=fail
towel.blinkenlights.nl:666=good
telnet://towel.blinkenlights.nl:666=good
whois.iana.org:43=good
telnet://whois.iana.org:43=fail
The obvious issue is that when you're not using the telnet:// protocol the
HTTP request is always sent. However, in some cases, when a query is sent,
using telnet:// will fail.
Is this a bug or is anyone else able to get telnet with curl to work as
expected?
Thanks.
--- End Message ---
