Re: [PHP-DB] currency out of postgresql
While the proposed solution below may very well indeed work for this situation it's a far better practice to strip the variable down to "known to be good" values rather than "known to be bad" ones. Rather than strip $ and , marks from the variable it's far better to strip out anything other than 0-9 and the '.' character. In this given situation it may or may not have any advantage -- just a different paradigm; and one that often improves application security. Rather than think of what's disallowed think only of what is allowed. A "recent" example of this would be to follow the BugTraq postings on the Unicode directory transversal exploits of MS IIS toward the latter end of 2000. The patch was released to prevent certain attacks from coming through but it proved to be patch developed by somebody with rather elementary security skills. They preventyed only -known- attacks from working; workarounds surfaced within a day, if not hours. Eventually they put a competent coder on the job and things were fixed. But, like I said, this probably isn't a security issue here -- just one of robustness. The two are rather similar in practice though. As I said before, the original poster's idea may very well work 100% of the time, but I thought I'd take the opportunity to point out the difference. I posted a private reply to the orignal author that went something like this: Strip out anything except 0-9 characters (after formatting), add them, divide by 100 and reformat. I don't imagine any locale settings that would cause this to error. I don't mean to nit-pick at anybody here, that's my last objective. Just something to think about when coding. Admittedly I've done the exact opposite approach (stripping known bad vs. allowing known good) many times and have been burned because of it. Justin Buist Trident Technology, Inc. 4700 60th St. SW, Suite 102 Grand Rapids, MI 49512 Ph. 616.554.2700 Fx. 616.554.3331 Mo. 616.291.2612 On Fri, 14 Sep 2001, David Balatero wrote: > I suppose you could just remove the $ and/or the comma with a regexp... > www.php.net/eregi_replace -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] currency out of postgresql
I suppose you could just remove the $ and/or the comma with a regexp... www.php.net/eregi_replace -- David Balatero - Original Message - From: "Rick Eicher II" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, September 14, 2001 3:00 PM Subject: [PHP-DB] currency out of postgresql > After I do the add $money comes out to be 0. The data comes out as $0 and > $5,217.00, I need to add these two to get $5,217.00. How do you add money > with the dollor sign in the data? > > rick > > -Original Message- > From: Bas Jobsen [mailto:[EMAIL PROTECTED]] > Sent: Friday, September 14, 2001 7:24 AM > To: Rick Eicher II > Cc: [EMAIL PROTECTED] > Subject: Re: [PHP-DB] currency out of postgresql > > > > $formatted = sprintf("%01.2f", $money); > > printf ("%01.2f\n", $formatted); > > maybe twice, try: > $formatted = sprintf("%01.2f", $money); > echo "$formatted\n"; > > > - Original Message ----- > From: "Rick Eicher II" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, September 14, 2001 6:48 PM > Subject: [PHP-DB] currency out of postgresql > > > > I am trying to get two currency values from out of the database, add them > > together and print the to the screen. I am using the following code. > > > > $money = $myrow[6] + $myrow[7]; > > $formatted = sprintf("%01.2f", $money); > > printf ("%01.2f\n", $formatted); > > > > $myrow[] is the array that I load the database records into. > > > > I can echo $myrow[6] & $myrow[7], which will show like $4.00 and $4000.00. > > But when I add them together the come out as 0 every time. The columns in > > the database are of type money. This is a postgresql database. > > > > Does any one see the errors of my ways? > > > > thanks, > > Rick Eicher II > > www.pbol.net > > > > > > -- > > PHP Database Mailing List (http://www.php.net/) > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] currency out of postgresql
After I do the add $money comes out to be 0. The data comes out as $0 and $5,217.00, I need to add these two to get $5,217.00. How do you add money with the dollor sign in the data? rick -Original Message- From: Bas Jobsen [mailto:[EMAIL PROTECTED]] Sent: Friday, September 14, 2001 7:24 AM To: Rick Eicher II Cc: [EMAIL PROTECTED] Subject: Re: [PHP-DB] currency out of postgresql > $formatted = sprintf("%01.2f", $money); > printf ("%01.2f\n", $formatted); maybe twice, try: $formatted = sprintf("%01.2f", $money); echo "$formatted\n"; - Original Message - From: "Rick Eicher II" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, September 14, 2001 6:48 PM Subject: [PHP-DB] currency out of postgresql > I am trying to get two currency values from out of the database, add them > together and print the to the screen. I am using the following code. > > $money = $myrow[6] + $myrow[7]; > $formatted = sprintf("%01.2f", $money); > printf ("%01.2f\n", $formatted); > > $myrow[] is the array that I load the database records into. > > I can echo $myrow[6] & $myrow[7], which will show like $4.00 and $4000.00. > But when I add them together the come out as 0 every time. The columns in > the database are of type money. This is a postgresql database. > > Does any one see the errors of my ways? > > thanks, > Rick Eicher II > www.pbol.net > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] currency out of postgresql
> $formatted = sprintf("%01.2f", $money); > printf ("%01.2f\n", $formatted); maybe twice, try: $formatted = sprintf("%01.2f", $money); echo "$formatted\n"; - Original Message - From: "Rick Eicher II" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, September 14, 2001 6:48 PM Subject: [PHP-DB] currency out of postgresql > I am trying to get two currency values from out of the database, add them > together and print the to the screen. I am using the following code. > > $money = $myrow[6] + $myrow[7]; > $formatted = sprintf("%01.2f", $money); > printf ("%01.2f\n", $formatted); > > $myrow[] is the array that I load the database records into. > > I can echo $myrow[6] & $myrow[7], which will show like $4.00 and $4000.00. > But when I add them together the come out as 0 every time. The columns in > the database are of type money. This is a postgresql database. > > Does any one see the errors of my ways? > > thanks, > Rick Eicher II > www.pbol.net > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] currency out of postgresql
I am trying to get two currency values from out of the database, add them together and print the to the screen. I am using the following code. $money = $myrow[6] + $myrow[7]; $formatted = sprintf("%01.2f", $money); printf ("%01.2f\n", $formatted); $myrow[] is the array that I load the database records into. I can echo $myrow[6] & $myrow[7], which will show like $4.00 and $4000.00. But when I add them together the come out as 0 every time. The columns in the database are of type money. This is a postgresql database. Does any one see the errors of my ways? thanks, Rick Eicher II www.pbol.net -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]