Something like:
$cleanData = array_map(function($str){return strtolower(trim($str));},
$passedData);
--
The trouble with programmers is that you can never tell what a
programmer is doing until it’s too late. ~Seymour Cray
On Tue, May 7, 2013 at 4:29 PM, George Langley george.lang...@shaw.ca
Threading doesn't increase complexity? Spoken truly like somebody who has
not had to actually write, test and debug proper, high performance threaded
code. Please tell me how threading doesn't increase complexity of any data
structure?
I may agree if you talk about php running in cli, but then the
Hey guys (and/or gals),
I have heard this question entirely too many times, I think at some point
Rasmus just stopped responding to it. The real reason that PHP is not
threaded has nothing to do with PHP internal or extension thread safety,
the reason is more to the extent that it doesn't make
That's all understood but there are times when that one request from
the visitor requires many sub-requests like connection to DB and
making SOAP calls.
I would say it's more than just there are times, that's how a typical
script lives, it imports libraries, queries the database, and talks
You do all that in the context of a single PHP instance and linear code,
calling curl_multi handles its own threading, you just get back results,
you dont have to store it anywhere outside PHP memory space, and you can
configure timeouts and all that stuff, or you can regulate it yourself. The
On Thu, Jul 26, 2012 at 6:24 AM, Lester Caine les...@lsces.co.uk wrote:
viper wrote:
is it possible to write and read data on a COM or LPT port?
is there any function or class in PHP?
anyone has already done something similar?
Talking in and out of the serial port is not too difficult but
Just a few notes on the previous responses.
Delaying with JavaScript, like validating with JavaScript is a rather
pointless endeavor. Think about it, you are putting your limiting
mechanism, on the hackers' computer... You can still post to your
server as fast as you want.
With regards to using
question 1
If you use the PHP filters sanitizations, and you plan on using PDO
with binded params, are you absolutely safe? And if not, why? What are
the other ways for them to still make it in - even with PD0 and binded
params properly in place? Just curious.
There are no known exploits
You don't need to store it in the database as b64, just undo the
encoding into your inputs
for the purpose of the explanation, this is language independent
b64e - encoding function
b64d - decoding function
pseudo code
given:
bad_num = ') union select * from foo --'
bad_str =
good_num =
There is so much no, answers are in line.
At the top of each php page which interacts with a database, just have
this one liner
This has already been mentioned, but again, no, no connection if you
are not actually interacting with the database.
$DBH = safe_connection(database_name_here);
Can't get to doc at all here...
--
The trouble with programmers is that you can never tell what a
programmer is doing until it’s too late. ~Seymour Cray
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
If you don't mind me asking, if you want performance, which is kind of
essential if you are processing a large number of files, why are you
doing it in PHP?
--
The trouble with programmers is that you can never tell what a
programmer is doing until it’s too late. ~Seymour Cray
--
PHP General
Rasmus confirmed that they are having issues with php.net:
You can use the sk.php.net mirror while they fix their problems, as
well as docs.php.net.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Start off with the fact that that article is from 2006, and its
written by a programmer...
I was simply asking expert opinion with the intention to learn.
There is so much docs out there (I mean not just out there but at top
security sites like owasp ) that recommends database specific escape
a
programmer is doing until it’s too late. ~Seymour Cray
On Mon, Jan 23, 2012 at 7:51 PM, Robert Cummings rob...@interjinn.com wrote:
On 12-01-23 01:32 PM, Alex Nikitin wrote:
If you don't mind me asking, if you want performance, which is kind of
essential if you are processing a large number
-01-23 09:29 PM, Alex Nikitin wrote:
Have you done image processing? In my experience, with image
generation, photography and processing, typically you are bound by
resources when processing large amount of files than your connection,
or sometimes even disk io.
It really depends on what you're
Capchas can't hold off any decently smart robots, anyone doing their
research can find at least 3 tools that will defeat various capchas.
For example pwntcha is one, Dan Kaminsky did a talk at black hat and
defcon 16 on pwning audio capchas (and a lot of even good ones will
offer audio as an
Haluk, don't listen to Ross, escaping fails, it was and is a bad
solution to an old and still largely unresolved problem. The problem
is and has been that of language interoperability, and we have been
and continue failing at making a good way for languages to talk to
each other, but because this
On Wed, Sep 14, 2011 at 4:04 AM, Marco Lanzotti ma...@lanzotti.com wrote:
Il 13/09/2011 20:58, Alex Nikitin ha scritto:
Correction on Marco's post. You can absolutely stop a mysql query
I know I can stop a query, but I don't know how to realize HTTP client
has closed connection during query
You can use a limit with a nested select, you just can't use it in
some cases, like inside an IN statement, but something like this
should work:
SELECT id, data, etc FROM table JOIN (SELECT special_id as id FROM
special_table ORDER BY special_id LIMIT 0, 1000) AS table2 USING (id)
Note: syntax
rant from=tired of constantly having to explain it, developer
MySQL real escape string doesn't work, it's a bad solution to the
problem that has been with the internets since the very beginning, and
if people program like they are taught to by books, doesn't look like
it's going away any time
it's only marginally faster, but it does look a bit cleaner, and is a
bit more memory efficient:
$records[] = unserialize(serialize($boundParams));
--
The trouble with programmers is that you can never tell what a
programmer is doing until it’s too late. ~Seymour Cray
On Wed, Sep 14, 2011
On Tue, Sep 13, 2011 at 2:06 PM, Steve Staples sstap...@mnsi.net wrote:
On Tue, 2011-09-13 at 09:48 -0700, David Harkness wrote:
On Tue, Sep 13, 2011 at 7:29 AM, Ashley Sheridan
a...@ashleysheridan.co.ukwrote:
SELECT * FROM table WHERE userID IN (1,2,3,4,5,etc)
+1. And this is a
On Tue, Sep 13, 2011 at 11:44 AM, Jim Lucas li...@cmsws.com wrote:
On 9/12/2011 7:40 AM, Marco Lanzotti wrote:
Hi all, I'm new in the list and I already have a question for you.
I'm running an heavy query on my DB in a PHP script called by AJAX.
Because client often abort AJAX connection
On Tue, Sep 13, 2011 at 10:40 AM, linuxsupport lin.supp...@gmail.comwrote:
I enabled debug in log and found this in the log file
[13-Sep-2011 17:03:19.966801] DEBUG: pid 16974, fpm_got_signal(), line 76:
received SIGCHLD
[13-Sep-2011 17:03:19.966832] WARNING: pid 16974, fpm_children_bury(),
Absolutely, it was only a minor correction of a sub-point.
--
The trouble with programmers is that you can never tell what a programmer is
doing until it’s too late. ~Seymour Cray
On Tue, Sep 13, 2011 at 3:20 PM, Jim Lucas li...@cmsws.com wrote:
On 9/13/2011 11:58 AM, Alex Nikitin wrote
On Tue, Sep 13, 2011 at 3:45 PM, Dotan Cohen dotanco...@gmail.com wrote:
On Tue, Sep 13, 2011 at 21:34, Alex Nikitin niks...@gmail.com wrote:
And this will be faster or at least more efficient with a limit (e.g.
limit
50) this way when you have found the 50 users in the in statement, you
+1 on terminal.
For gui-based ones, i like to be able to syntax check my code and run it
from within the editor window, tabs for dozens of files i usually have open
at once, highlight that supports many languages as i can be working on many
at once (php, css, js, ruby, python, C, lua, sql, for
On Wed, Sep 7, 2011 at 10:21 AM, Ron Piggott ron.pigg...@actsministries.org
wrote:
Hi Everyone
I am trying to load an HTML book into mySQL. The book was distributed with
each chapter being it’s own HTML file.
The only way I know how to open a file is by specifying the file name.
Such
If you have to ask these questions, i don't think you should be the person
to do it, i'm sorry.
I wouldn't recommend doing it on a mac, or even one single box, i wouldnt
recommend doig it on non-server hardware, infact most of the time i would
recommend you just buy already pre-sertup servers so
It would be easier and faster to convert your string to lower case, than
perform the upper operation on every entry in the database. Also, just to
point it out, your code is very vulnerable to SQL injection.
But the suggestion is right, dump the query to make sure its correct, and
check for mysql
Sorry but escaping doesnt protect against mysql injection either, it is not
a good answer, nor does it really work, its an effort, yes, buuut in unicode
world we pretty much have the ability to override what it means to be a
character through best guess matching, etc, iiit just doesnt quite work;
On Sun, Aug 7, 2011 at 10:03 PM, Donovan Brooke li...@euca.us wrote:
alekto wrote:
Hi,
I have implemented a remember me feature in my login-script, but I can't
get it to function!
If I might be so bold... then you haven't implemented the feature yet,
right? ;-)
I want to make it
On Thu, Aug 4, 2011 at 10:31 AM, Donovan Brooke li...@euca.us wrote:
Alex Nikitin wrote:
[snip]
Also you shouldn't actually encrypt passwords, the proper way to store
them
is hashed, so that if someone grabs your database, they dont have your
passwords, even if they have the key
On Thu, Aug 4, 2011 at 12:23 PM, Donovan Brooke li...@euca.us wrote:
Alex Nikitin wrote:
[snip]
There is code obfuscation with PHP, and you can compile it into C++ with
HipHop for php for example...
[snip]
Of course, obfuscation is never a great security solution. Compiling it
into C
Yes, since it's trying to represent in characters some purely binary data,
it is not unlikely that you will get VERY weird characters (and you do).
Also you shouldn't actually encrypt passwords, the proper way to store them
is hashed, so that if someone grabs your database, they dont have your
I have a neat class you can play with...
--
The trouble with programmers is that you can never tell what a programmer is
doing until it’s too late. ~Seymour Cray
On Wed, Aug 3, 2011 at 2:27 PM, Alex Nikitin niks...@gmail.com wrote:
Yes, since it's trying to represent in characters some
studying mcrypt's
possibilities :-).
--
With best regards from Ukraine,
Andre
Skype: Francophile
My blog: http://oire.org/menelion (mostly in Russian)
Twitter: http://twitter.com/m_elensule
Facebook: http://facebook.com/menelion
Original message
From: Alex Nikitin
On Wed, Aug 3, 2011 at 4:05 PM, Ashley Sheridan
a...@ashleysheridan.co.ukwrote:
**
On Wed, 2011-08-03 at 15:35 -0400, Alex Nikitin wrote:
On Wed, Aug 3, 2011 at 3:08 PM, Ashley Sheridan
a...@ashleysheridan.co.ukwrote:
**
On Wed, 2011-08-03 at 22:02 +0300, Andre Polykanine wrote
There are databases with area codes for the first 3, so you only have to
generate 1 million. Why do you need to store all of them again?
On Jul 31, 2011 4:06 PM, Jason Pruim li...@pruimphotography.com wrote:
No I'm not looking for your phone number... Or for the guy/girl whose
number you thought
Just as a word of caution to everyone on this list, mcrypt version of
blowfish (which is implemented by php) (in linux) has an 8bit bug in it, and
thus should not be used for hashing passwords even as backup. Basically if
you use a character such as say a British pound in your password, blowfish
That would be so extreemely inefficient both resources and bandwidth-wise,
however an interesting thought...
On Jul 27, 2011 4:02 AM, Pete Ford p...@justcroft.com wrote:
On 26/07/11 18:20, alekto wrote:
Hi,
is there a way to create a tree menu list only by using php/html/css?
I found some,
On Fri, Jul 22, 2011 at 8:17 AM, Nilesh Govindarajan
cont...@nileshgr.comwrote:
On 07/22/2011 11:21 AM, Andreas Moroder wrote:
Hallo,
I have a PHP application made of many files ( php, images etc. )
I have a strong suspicion that many of the files in the application
directory are no
is
doing until it’s too late. ~Seymour Cray
On Fri, Jul 22, 2011 at 9:33 AM, Nilesh Govindarajan
cont...@nileshgr.comwrote:
On 07/22/2011 06:56 PM, Alex Nikitin wrote:
Or you could just grep the directory, not saying you have to do this,
but this was kind of fun to write anyways, if i
On Fri, Jul 22, 2011 at 3:09 PM, Ashley Sheridan
a...@ashleysheridan.co.ukwrote:
**
On Fri, 2011-07-22 at 09:51 -0400, Alex Nikitin wrote:
It would still be quicker with shell tools, imho, granted that some command
line elitistry would be required... Also if you are going to be doing string
I'm actually interested in finding out if there are any languages that don't
suck in any way... I know and have programmed in about 29, i have yet to
find a language that makes 100% sense and i have no complaints about.
However i still choose PHP over many, many other languages and i implement
php
if( $val !== with $val !== from)
simple comparison = faster solution... also you want type-safe
you could do something like
if(!in_array($val, array(from,with))) but its neither elegant nor fast
On Jul 14, 2011 12:22 AM, Ron Piggott ron.pigg...@actsministries.org
wrote:
On Thu, Jun 9, 2011 at 8:37 AM, matty jones urlu...@gmail.com wrote:
I have a mediawiki extension that allows me to design a form in the wiki to
facilitate data entry into the wiki and it works good except that I also
want to be able to up load images and take the file location/name and enter
Actually if you want a very simple way, with a little JS, you can b64 encode
the file and fill in the file field in the form with it (you can hide it or
dynamically tack it on or something), so that you get everything when you
submit the form including the file (you just gotta make a file back out
What do you mean by fuzzy search? Like an approximate search, and instead
of you stepping through the array, you guesstimate where to start, or search
for approximate string value in an array of strings?
--
The trouble with programmers is that you can never tell what a programmer is
doing until
If you don't need the location, you can implode the array and use preg
match, quickly testing it, that gives you about 4.5 times performance
increase, but it wont give you the location, only if a certain value exists
within the array... You can kind of do some really clever math to get your
search
. ~Seymour Cray
On Tue, Jun 7, 2011 at 5:25 PM, Shawn McKenzie nos...@mckenzies.net wrote:
On 06/07/2011 03:57 PM, Floyd Resler wrote:
On Jun 7, 2011, at 4:42 PM, Alex Nikitin wrote:
If you don't need the location, you can implode the array and use preg
match, quickly testing
On Mon, May 23, 2011 at 9:32 AM, Joshua Kehn josh.k...@gmail.com wrote:
On May 23, 2011, at 9:28 AM, Alex Nikitin wrote:
There is an interesting note in the comments for strcmp:
Well, I am using PHP 4.0 and both strcmp and strcasecmp appear to be
giving me very arbitrary
On Mon, May 23, 2011 at 11:52 AM, Al n...@ridersite.org wrote:
How can I prevent access to all files in a directory except one with an
htaccess file.
I've tried several approaches found with Googling; but, none seem to work.
e.g.,
FilesMatch ^(makeScodeImg.php)
Order Allow,Deny
Deny from
, May 20, 2011 at 9:14 AM, Joshua Kehn josh.k...@gmail.com wrote:
On May 20, 2011, at 4:41 AM, Tim Streater wrote:
On 20 May 2011 at 04:03, Alex Nikitin niks...@gmail.com wrote:
but here is a brief example:
(!DEBUG) || error_log(Fetch Data: .memory_get_usage()/1048576);
reads and writes
what's the scope?
I have some brain-teasing functions i've been working on, but they are far
from bulletproof, but here is an example
function float_int($significand) {
$sign = ($significand0) ? true : false;
$significand = abs($significand);
$drep = (decbin( (int) $significand));
prepares
them for the battlefield...
Alex
--
The trouble with programmers is that you can never tell what a programmer is
doing until it’s too late. ~Seymour Cray
On Fri, May 20, 2011 at 2:12 PM, tedd tedd.sperl...@gmail.com wrote:
At 11:11 AM -0400 5/20/11, Alex Nikitin wrote:
Also to tedd
@David
Fair enough, then i have seen so many badly designed sewage systems, that
the backed up sewage monsters come to me in my dreams... :) wait no the
other one :(
@Paul
And my girlfriend, apparently
--
The trouble with programmers is that you can never tell what a programmer is
doing until
I will try to respond to the original question.
Note: this is constructive criticism, so i wont do much in terms of praising
the good parts
It works, its very primitive, in some ways its pretty insecure, for example
it provides no session hijacking protection, it's not written with the
better of
For input sanitizing, and this will be helpful to anyone who writes code,
listen to dan kaminsky's keynote at The Next Hope. He did a very good job
at explaining the landscape of web programming and the essence of SQL
injection and XSS, as well as proposed pretty neat ways to fix these.
If you
strcmp() is better than just comparing?
--
With best regards from Ukraine,
Andre
Skype: Francophile
My blog: http://oire.org/menelion (mostly in Russian)
Twitter: http://twitter.com/m_elensule
Facebook: http://facebook.com/menelion
Original message
From: Alex
=== or preg_match for me, lol, unless its all just math :)
--
The trouble with programmers is that you can never tell what a programmer is
doing until it’s too late. ~Seymour Cray
On Thu, May 19, 2011 at 3:26 PM, Joshua Kehn josh.k...@gmail.com wrote:
On May 19, 2011, at 3:16 PM, Alex
is that you can never tell what a programmer is
doing until it’s too late. ~Seymour Cray
On Thu, May 19, 2011 at 8:18 PM, tedd tedd.sperl...@gmail.com wrote:
At 2:29 PM -0400 5/19/11, Alex Nikitin wrote:
I will try to respond to the original question.
Note: this is constructive criticism, so i
--
The trouble with programmers is that you can never tell what a programmer is
doing until it’s too late. ~Seymour Cray
On Thu, May 19, 2011 at 8:57 PM, tedd tedd.sperl...@gmail.com wrote:
At 2:29 PM -0400 5/19/11, Alex Nikitin wrote:
Also don't declare a bunch of needless variables
Best way to learn about security of something is to learn how to break it...
On Apr 8, 2011 3:55 PM, Jay Blanchard jblanch...@pocket.com wrote:
[snip]
whats the best way to learn about security in php?
[/snip]
Study, study, study!
Chris Shiflett is a recognized expert on PHP security -
JavaScript is a browser-side language, browsers have cache, cache sticks
around, meaning that you can tell the browser to cache the JS file and not
download it from the server (every time) if its being included on the
browser end (which js is). All means faster page load times post initial
load,
1-2s? that sounds insane and (to me at least) entirely unacceptable, though
not something that i haven't seen before when i was speeding up our
wordpress...
From some significant experience of speeding up things, including php
applications, frameworks, various other applications, servers,
There could be many a reasons for this, and it really depends on your setup.
For example, is php and memcache on the same server, if they are not what is
the network topology like, it could be a piece of hardware starting to
malfunction, it could be an issue with the networking driver, on the
Short of some process going crazy, which you should check for, some psing,
top and netstat, i cant think of any reason you should ever get a connection
drop, short of a hardware failure (memory perhaps), or an experimental
kernel settings or modules or something... i cant think of any way that a
out how to do it with array_push if you choose to, but you
get the general idea)
~ Alex
On Jan 25, 2011 6:35 AM, Merlin Morgenstern merli...@fastmail.fm wrote:
Am 24.01.2011 18:08, schrieb Alex Nikitin:
If you declare your arrays, and set k to 0 first, put quotes around array
values and use
If you declare your arrays, and set k to 0 first, put quotes around array
values and use the correct limit (you can default to -1), you will get
results, here is code and example (hopefully this helps you)
?php
function internal_links($str, $links, $limit=-1) {
Hi,
I'm kind of new to this list, and so if there have been discussions about
this, i am not quite aware of them (i tried searching), but i ran across
this issue and i figured it would be interesting enough to show you guys
here:
I was looking for a way to replace all the text in a string that
correctly, not sure about the elegantly part, but you can just limit
preg_replace
preg_replace('/(?:(?![a-zA-Z\s]*).)*/', '', $str, 1);
and that seems to work correctly...
Neat... kinda...
On Thu, Nov 4, 2010 at 3:47 PM, Alex Nikitin niks...@gmail.com wrote:
Hi,
I'm kind of new to this list
but that doesnt work if you add something after the Mooo *sigh*.
well it gets kept
On Thu, Nov 4, 2010 at 3:47 PM, Alex Nikitin niks...@gmail.com wrote:
Hi,
I'm kind of new to this list, and so if there have been discussions about
this, i am not quite aware of them (i tried
One thing to remember is that dealing with results from prepared statements
is different then getting results from queries, so if you are using both,
confusion can easily set in (and lets face it, prepared statements arent
always the best thing to use)... if its of any help, i have written a class
75 matches
Mail list logo
