2009/10/18 Paul M Foster pa...@quillandmouse.com
On Sat, Oct 17, 2009 at 01:41:03AM -0400, Brian Hazelton wrote:
I am in charge of an email newsletter list and making sure it gets sent
out in time. My problem is I have never done broadcast emailing and
right now we have 400 subscribers
Hi all.
I know this question has been asked a thousand times on the list, but
my searches in the archives are not being nice to me. So... please
don't kick me.
Currently, we use DOMPDF to generate PDFs from HTML. However, it's no
longer maintained and it has a few bugs that we just can no
On Tue, 2009-10-20 at 12:58 +0200, Dotan Cohen wrote:
Dotan,
You are making this thing harder then it has to be.
All you need is to replicate the escaping of the same characters that
mysql_real_escape_string() escapes. Simply do that. They are listed on the
functions manual page
Dotan,
You are making this thing harder then it has to be.
All you need is to replicate the escaping of the same characters that
mysql_real_escape_string() escapes. Simply do that. They are listed on the
functions manual page on php.net
http://php.net/mysql_real_escape_string
Here is
Your only option might be to do something smart. You can't use the
proper mysql functions without a connection to a database, but you
refuse to connect to a database until after you perform validation...
You do realise you can have several db connections open at one time, so
you could
On Tue, 2009-10-20 at 14:20 +0200, Andrea Giammarchi wrote:
Your only option might be to do something smart. You can't use the
proper mysql functions without a connection to a database, but you
refuse to connect to a database until after you perform validation...
You do realise you
From: Ashley Sheridan
On Tue, 2009-10-20 at 14:20 +0200, Andrea Giammarchi wrote:
Your only option might be to do something smart. You can't use
the
proper mysql functions without a connection to a database, but you
refuse to connect to a database until after you perform
validation...
On Tue, 2009-10-20 at 08:43 -0400, Bob McConnell wrote:
From: Ashley Sheridan
On Tue, 2009-10-20 at 14:20 +0200, Andrea Giammarchi wrote:
Your only option might be to do something smart. You can't use
the
proper mysql functions without a connection to a database, but you
refuse to
Your only option might be to do something smart. You can't use the proper
mysql functions without a connection to a
database, but you refuse to connect to a database until after you perform
validation...
More accurate to say that the file in which the function is stored
does not know if
Yes, the mysql_real_escape_string() function uses the databases character
encoding to determine how to encode the
string, whereas the older deprecated version mysql_escape_string() required
no connection as it always assumed
Latin-1 (as far as I know)
Is there such a function that always
Hi,
did anybody read the book Securing PHP Web Applications by Tricia
Ballad William Ballad?
(http://www.amazon.com/Securing-PHP-Applications-Tricia-Ballad/dp/0321534344/ref=sr_1_1?ie=UTF8s=booksqid=1256042083sr=8-1)
Any opinions?
L
--
PHP General Mailing List (http://www.php.net/)
To
On Tue, 2009-10-20 at 14:58 +0200, Dotan Cohen wrote:
Yes, the mysql_real_escape_string() function uses the databases character
encoding to determine how to encode the
string, whereas the older deprecated version mysql_escape_string() required
no connection as it always assumed
If says:
Returns the escaped string, or FALSE on error.
So all you have to do, is have warnings turned off (as it generates an
E_WARNING if you have no active connection) and then look at the return
value of a call to the function:
if(mysql_real_escape_string($variable) === false)
{
even better
$error_reporting = error_reporting(0);
if(mysql_real_escape_string($variable) === false)
{
error_reporting($error_reporting);
// create a default DB connection
} else
error_reporting($error_reporting);
unset($error_reporting);
From: an_...@hotmail.com
To:
Hi,
I'm using the function file_get_contents($url). If the url is invalid the
function displays a warning message while I am using my own customized
message. I want to get rid of the warning message.
Thank you
http://php.net/manual/en/language.operators.errorcontrol.php ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Oct 20, 2009, at 10:34 AM, resea soul wrote:
Hi,
I'm using the function file_get_contents($url). If the url is
invalid the
function displays a warning message while I am using my own customized
message. I want to get rid of the warning message.
Thank you
@file_get_contents(...)
On Tue, 2009-10-20 at 11:34 -0400, resea soul wrote:
Hi,
I'm using the function file_get_contents($url). If the url is invalid the
function displays a warning message while I am using my own customized
message. I want to get rid of the warning message.
Thank you
How do you mean an
How do you mean an invalid URL? A URL that is not valid as in $url =
poo or a valid formed URL that doesn't exist?
Thanks,
Ash
http://www.ashleysheridan.co.uk
Does it really matter? In both cases the file_get_contents() wont be
able to open the URL and it will produce a warning or
resea soul wrote:
I'm using the function file_get_contents($url). If the url is invalid the
function displays a warning message while I am using my own customized
message. I want to get rid of the warning message.
This should do it:
@file_get_contents($url)
--
John
Gott ist eine
On Tue, 2009-10-20 at 19:01 +0300, Thodoris wrote:
How do you mean an invalid URL? A URL that is not valid as in $url =
poo or a valid formed URL that doesn't exist?
Thanks,
Ash
http://www.ashleysheridan.co.uk
Does it really matter? In both cases
http://php.net/manual/en/language.operators.errorcontrol.php ?
A better idea would be suppressing the error messages in a production site:
ini_set('display_errors',0);
--
Thodoris
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Ashley Sheridan wrote:
On Tue, 2009-10-20 at 19:01 +0300, Thodoris wrote:
How do you mean an invalid URL? A URL that is not valid as in $url =
poo or a valid formed URL that doesn't exist?
Thanks,
Ash
http://www.ashleysheridan.co.uk
Does it really matter? In both cases the
On Tue, 20 Oct 2009 14:58:32 +0200, Dotan Cohen wrote:
Yes, the mysql_real_escape_string() function uses the databases
character encoding to determine how to encode the string, whereas the
older deprecated version mysql_escape_string() required no connection
as it always assumed Latin-1 (as
On Mon, 19 Oct 2009 15:39:40 -0700, Jim Lucas wrote:
I have no idea if it will work, [...]
Well, you're right so far...
?php
function clean_string($input) {
/**
* Character to escape...
* \x0 \n \r \ ' \x1a
**/
$patterns = array( \x0,
No, and you clearly missed the point about that function being pretty much
dead anyway.
I understand that mysql_escape_string() is depreciated. Asking about
other similar functions does not seem out of line.
You mentioned also in your last email that you would make a DB connection if
2009/10/20 Andrea Giammarchi an_...@hotmail.com:
even better
$error_reporting = error_reporting(0);
if(mysql_real_escape_string($variable) === false)
{
error_reporting($error_reporting);
// create a default DB connection
} else
error_reporting($error_reporting);
Dotan Cohen wrote on 2009-10-20 20:06:
if(mysql_real_escape_string($variable) === false)
{
// create a default DB connection
}
Here, the key seems to be to turn the warning level down, which I do
not have privileges to do on this server. But it fact this seems to be
the key that I was
);
if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {
header(location: http://www.google.com/;);
exit();
} ?Gary
__ Information from ESET Smart Security, version of virus signature
database 4526 (20091020) __
The message was checked by ESET Smart Security.
http
)) {
header(location: http://www.google.com/;);
exit();
} ?Gary
__ Information from ESET Smart Security, version of virus signature
database 4526 (20091020) __
The message was checked by ESET Smart Security.
http://www.eset.com
--
PHP General Mailing List (http
= array(111.111.111, 222.222.222, 333.333.333);
if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {
header(location: http://www.google.com/;);
exit();
} ?Gary
__ Information from ESET Smart Security, version of virus
signature database 4526 (20091020
?
?php
$deny = array(111.111.111, 222.222.222, 333.333.333);
if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {
header(location: http://www.google.com/;);
exit();
} ?Gary
__ Information from ESET Smart Security, version of virus signature
database 4526 (20091020
)) {
header(location: http://www.google.com/;);
exit();
} ?Gary
__ Information from ESET Smart Security, version of virus
signature database 4526 (20091020) __
The message was checked by ESET Smart Security.
http://www.eset.com
--
PHP General Mailing List (http
On Tue, Oct 20, 2009 at 02:31:53PM -0400, Gary wrote:
I have several sites that are getting hit with form spam. I have the script
set up to capture the IP address so I know from where they come. I found a
short script that is supposed to stop these IP addresses from accessing the
form page,
On Tue, 2009-10-20 at 15:36 -0300, Jonathan Tapicer wrote:
That will work just for one IP, but they could spam you from another
IP. I suggest you add a good captcha to the form and that way you can
avoid spam forever.
Regards,
Jonathan
Firstly, in_array() is used in his example, so it
On Tue, Oct 20, 2009 at 3:39 PM, Ashley Sheridan
a...@ashleysheridan.co.uk wrote:
On Tue, 2009-10-20 at 15:36 -0300, Jonathan Tapicer wrote:
That will work just for one IP, but they could spam you from another
IP. I suggest you add a good captcha to the form and that way you can
avoid spam
signature database 4526 (20091020) __
The message was checked by ESET Smart Security.
http://www.eset.com
__ Information from ESET Smart Security, version of virus signature
database 4526 (20091020) __
The message was checked by ESET Smart Security.
http
Jonathan Tapicer wrote:
I suggest you add a good captcha to the form and that way you can
avoid spam forever.
You can find a question/answer based CAPTCHA system here.
http://www.network-technologies.org/tiny.php?id=1
The system can be used to protect comment forms, email forms or act as a
Smart Security, version of virus
signature database 4526 (20091020) __
The message was checked by ESET Smart Security.
http://www.eset.com
A few things immediately spring to mind:
How are you being hit? Is it through an automated process (bot) on your
form, or a real person
Gary wrote:
I believe they are human spammers as all the input fields are correctly
filled out (phone in phone, address in address etc).
As I said they are mostly the same IP.
Would it be better to include this script in the processing script rather
than at the top of the page?
If it is
signature database 4526 (20091020) __
The message was checked by ESET Smart Security.
http://www.eset.com
__ Information from ESET Smart Security, version of virus
signature database 4527 (20091020) __
The message was checked by ESET Smart Security.
http
If you're sure that all your data is UTF-8, and that
all user-supplied data is *actually valid* UTF-8 (and
not deliberately or accidentally malformed), then
mysql_escape_string() should be just fine [1].
I cannot ensure that the users will not be malicious, even if it is
all internal
Dotan Cohen wrote:
2009/10/20 Andrea Giammarchi an_...@hotmail.com:
even better
$error_reporting = error_reporting(0);
if(mysql_real_escape_string($variable) === false)
{
error_reporting($error_reporting);
// create a default DB connection
} else
Hi,
Thanks. I'll probably do the addEmail method. I was hoping to do as with
the other non-array properties.
On Sun, Oct 18, 2009 at 1:00 PM, Andy Shellam (Mailing Lists)
andy-li...@networkmail.eu wrote:
Hi,
$u-emails[] = $e;
I would hazard a guess because $u-emails isn't a concrete
On Oct 19, 2009, at 4:21 PM, Floyd Resler wrote:
Nope. I've never had any troubles with it. I've been able to
produce all kinds of PDFs including loan agreements, inventory pick
lists with barcodes, and various others. I find it incredibly
powerful and easy to use.
Take care,
Floyd
if(@mysql_real_escape_string($variable) === false)
Perfect! The @ symbol suppresses the error and I can structure the
code according to whether or not there is a connection.
Thank you!
--
Dotan Cohen
http://what-is-what.com
http://gibberish.co.il
--
PHP General Mailing List
__ Information from ESET Smart Security, version of virus signature
database 4526 (20091020) __
The message was checked by ESET Smart Security.
http://www.eset.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net
Hi Tommy,
I've found both approaches (using setter/getter) as
recommended/non-recommended in documentation so this will be a difficult
decision.Unfortunately I'll not be able to take your way since the Email
class (simplified in the example) is going to be used in other classes as
well.
On
As far as I know ezPDF can't do what you want it to do. Of course,
you could always modify the code the suite your needs. Since it
already draws tables it probably wouldn't be too difficult to modify
it draw row backgrounds of different colors.
Take care,
Floyd
On Oct 20, 2009, at 3:25
On Tue, 20 Oct 2009 20:04:51 +0200, Nisse Engström wrote:
On Mon, 19 Oct 2009 15:39:40 -0700, Jim Lucas wrote:
/**
* Character to escape...
* \x0 \n \r \ ' \x1a
**/
$patterns = array( \x0, \n, \r, \\, ',\, \x1a);
$replace = array(
Jim Lucas wrote:
Dotan Cohen wrote:
2009/10/19 Kim Madsen php@emax.dk:
Dotan Cohen wrote on 2009-10-18 21:21:
I thought that one could not test if a database connection is
established or not, this is the most relevant thing that I found while
googling that:
On Oct 20, 2009, at 2:40 PM, Floyd Resler wrote:
As far as I know ezPDF can't do what you want it to do. Of course,
you could always modify the code the suite your needs. Since it
already draws tables it probably wouldn't be too difficult to modify
it draw row backgrounds of different
On Tue, 2009-10-20 at 15:46 -0300, Jonathan Tapicer wrote:
On Tue, Oct 20, 2009 at 3:39 PM, Ashley Sheridan
a...@ashleysheridan.co.uk wrote:
On Tue, 2009-10-20 at 15:36 -0300, Jonathan Tapicer wrote:
That will work just for one IP, but they could spam you from another
IP. I suggest
On Tue, 2009-10-20 at 21:01 +0200, John Black wrote:
Gary wrote:
I believe they are human spammers as all the input fields are correctly
filled out (phone in phone, address in address etc).
As I said they are mostly the same IP.
Would it be better to include this script in the
On Tue, Oct 20, 2009 at 4:12 PM, Ashley Sheridan
a...@ashleysheridan.co.uk wrote:
On Tue, 2009-10-20 at 21:01 +0200, John Black wrote:
Gary wrote:
I believe they are human spammers as all the input fields are correctly
filled out (phone in phone, address in address etc).
As I said they
Hey Gary
Gary wrote on 2009-10-20 20:31:
I have several sites that are getting hit with form spam. I have the script
set up to capture the IP address so I know from where they come.
I see that a lot suggested CAPTCHA, I don't like those either.
The IP solution will give you a constant
with that value, so if there is one send back a 404
message to the bot and dump the record
--
Bastien
Cat, the other other white meat
__ Information from ESET Smart Security, version of virus
signature database 4527 (20091020) __
The message was checked by ESET Smart
Philip Thompson wrote on 2009-10-20 21:58:
I got it to draw the different background colors successfully. However,
drawing borders is not as straight forward. I'm sure I could get it
working as well... but I'd rather it work *out of the box*. Thanks for
the suggestion. ;)
Well, you're
, no spam for 3 years :-)
--
Kind regards
Kim Emax - masterminds.dk
__ Information from ESET Smart Security, version of virus
signature database 4527 (20091020) __
The message was checked by ESET Smart Security.
http://www.eset.com
__ Information from ESET
Gary wrote on 2009-10-20 22:55:
I like that idea,so in other words they have to get to the form from another
page on the site, and you set a time limit for a minimum amount of time they
spend on the page(5-10 seconds)?
I don't set any time, just the session to prevent direct hits from a
spam
-Original Message-
From: Dotan Cohen [mailto:dotanco...@gmail.com]
Sent: Friday, October 16, 2009 8:46 AM
To: php-general.
Subject: [PHP] How to pronounce PHP code over the phone?
How would you read this out loud if you were to read it to someone
over the phone?
- Original Message -
From: Ashley Sheridan a...@ashleysheridan.co.uk
To: Dotan Cohen dotanco...@gmail.com
Cc: Jim Lucas li...@cmsws.com; php-general.
php-general@lists.php.net
Sent: Tuesday, October 20, 2009 4:02 AM
Subject: Re: [PHP] Sanitizing potential MySQL strings with no database
On Tue, 20 Oct 2009 14:31:53 -0400
Gary gwp...@ptd.net wrote:
I have several sites that are getting hit with form spam. I have the
script set up to capture the IP address so I know from where they
come. I found a short script that is supposed to stop these IP
addresses from accessing the
63 matches
Mail list logo
