php-general Digest 10 Jul 2009 15:39:29 -0000 Issue 6222
php-general Digest 10 Jul 2009 15:39:29 - Issue 6222 Topics (messages 295124 through 295146): DOMDocument saveHTML() configurable? 295124 by: Michael A. Peters HTTP headers and include() 295125 by: James Colannino 295126 by: Eddie Drapkin 295127 by: Michael A. Peters 295129 by: James Colannino 295131 by: kranthi 295138 by: tedd 295142 by: Michael A. Peters open source event calendar 295128 by: Joey 295130 by: kranthi 295136 by: Daniel Brown 295139 by: tedd Re: Obeying the rules (was Simple login form with cookies) 295132 by: Arno Kuhl 295135 by: abdulazeez alugo Re: SESSION variables: How much is too much? 295133 by: kranthi 295137 by: tedd Re: mysterious f character appearing. Why?? 295134 by: kranthi Re: PHP script for detecting pattern sequences? 295140 by: Isaac Dover 295143 by: Andrew Ballard 295145 by: Isaac Dover Error Trapping 295141 by: Floyd Resler 295144 by: Eddie Drapkin 295146 by: Floyd Resler Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- The $dom-saveHTML() function does a pretty good job of knowing what tags are not closed - IE it does br, meta, param, etc. correctly. Is there a way to add a tag without children to it's database? Specifically I'm talking about the new source tag from HTML 5 that is being used to embed ogg/mp4 audio and video files. Put it in a dom document object and spit it out with saveHTML() and you get source src=foo.ogg type=video/ogg/source which is harmless but technically incorrect. I know html tidy allows you to define new childless nodes and sending the output through tidy will then fix it, but I can't seem to find a way to to it with DOMDocument so that you don't need to send it through tidy before sending to the client. ---End Message--- ---BeginMessage--- Hey everyone, I've been hard at work on a new web application, and discovered something that I would never have seen coming. I was noticing that when I called session_start() after a few lines of includes, I was getting complaints because the HTTP headers had already been sent out. Then, after putting session_start() above the include lines, suddenly everything was working fine. The files that were included were nothing more than functions; there was no code executing that I could tell up to the point of the call to session_start(). I was just wondering if anybody on the list knows why HTTP headers were being sent out by my includes. I'm sure there's a good reason. I'm just very curious :) Thanks very much in advance. James ---End Message--- ---BeginMessage--- On Fri, Jul 10, 2009 at 1:21 AM, James Colanninoja...@colannino.org wrote: Hey everyone, I've been hard at work on a new web application, and discovered something that I would never have seen coming. I was noticing that when I called session_start() after a few lines of includes, I was getting complaints because the HTTP headers had already been sent out. Then, after putting session_start() above the include lines, suddenly everything was working fine. The files that were included were nothing more than functions; there was no code executing that I could tell up to the point of the call to session_start(). I was just wondering if anybody on the list knows why HTTP headers were being sent out by my includes. I'm sure there's a good reason. I'm just very curious :) Thanks very much in advance. James -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php HTTP headers are sent and finalized after the first bit of output. I had the same problem before and it turned out to be because I had a close tag ? at the end of a file followed by some whitespace. The solution was to remove the ? from the end of all the files and I haven't closed an entire file since. Perhaps that might be it? --Eddie ---End Message--- ---BeginMessage--- James Colannino wrote: Hey everyone, I've been hard at work on a new web application, and discovered something that I would never have seen coming. I was noticing that when I called session_start() after a few lines of includes, I was getting complaints because the HTTP headers had already been sent out. Then, after putting session_start() above the include lines, suddenly everything was working fine. The files that were included were nothing more than functions; there was no code executing that I could tell up to the point of the call to session_start(). I was just wondering if anybody on the list knows why HTTP headers were
[PHP] open source event calendar
Hello All! Does anyone know of a good open source calendar app? Hopefully one that has ongoing development etc. ( sorry asked this before, but can't find a web list to search for the previous results, php.net has a list that is not searchable ) Thanks!
Re: [PHP] HTTP headers and include()
Eddie Drapkin wrote: HTTP headers are sent and finalized after the first bit of output. I had the same problem before and it turned out to be because I had a close tag ? at the end of a file followed by some whitespace. The solution was to remove the ? from the end of all the files and I haven't closed an entire file since. Perhaps that might be it? Hmm... In fact, I did close all my include files with the ? tag, and per Michael's observation in another response, there is a line of whitespace after the closing tag in my include files. I tried getting rid of the trailing whitespace, and removed the closing tags. Unfortunately, even after that, when I place my include files before session_start, I get the same problem. There's no leading whitespace before the starting ?php tag, so I'm still a little at a loss. It's not too big of a deal though; I simply placed my include files after the call to session_start(). That seems to solve the problem. James -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] open source event calendar
that depends upon your need.embedding google calendar is best for starters
Re: [PHP] HTTP headers and include()
a single line break after the closing ? will not cause this problem. PHP interpreter will neglect a single line break after ? a good debugger like xdebug will be helpful in this case. u can also see the source code of the file to locate the output. any thing before php warning is the output before session_start()
RE: [PHP] Obeying the rules (was Simple login form with cookies)
I'm sure those who've been on this list a while muttered here we go again... when this thread started. Personally I think if there was a poll about this the bell curve would have some on the left demanding we all top post, many on the right of the curve demanding we all bottom post, and a solid bulge in the middle representing the great unwashed couldn't give a damn folks (and probably couldn't give a damn to enter the debate). On the very few occasions I've had anything to contribute I've generally bottom posted, mostly because I've seen this debate before and partly because I think it's easier for some people, but I'd place myself in the middle of the bell curve. I think most people on this list are more than smart enough to quickly figure out the thread in a post regardless whether the previous person top posted or not. Most of the regular responders bottom post which makes up the bulk, but I think if you look at the variety of people who post it's about 50/50, and most times it doesn't cause any problem at all. I agree that rules are important, but some are more important than others, and I think the top-posting rule is pretty low in the list of priorities, more a useful guide than a rule. Things like personal attacks and attempted mail spoofing are more important - both happened during the course of this thread but hardly raised an eyebrow. I also agree that context plays a big part, because once a thread starts getting complicated with many responses then bottom posting definitely makes it easier to follow, but most threads don't get to that stage. Just my 2c. Cheers Arno -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: SESSION variables: How much is too much?
I prefer to reduce SESSION usage as much as possible. but I dont hesitate to use them if need arises. Points to note - Execution time: Only session_id is stored on the client's computer, and the actual data is stored on the server. so it will take nearly same time to process 100 session vars and 1 session var. - Security: While passing data trough hidden form fields, it is easy for the user to be change it. but its impossible (the user can change the session_id though) for the user to change the data stored in a session. - register_globals: i always set this off. but my host turned this on. had to spend 2 full days to find out what the problem was. coming back to you issue: IMHO storing stuff like MaxDisplayRecords, DefaultDisplayRecords, etc., in a SESSION var is the best solution. alternatives being - Hidden fields: this will add to unnecessary network traffic. - Use separate file: Why use a separate file if PHP does the job for you? - Use the database: If you have an existing connection this is OK. But this will become a bottle neck if u dont have an existing connection
Re: [PHP] mysterious f character appearing. Why??
I faced the same problem many times. The reason turned out to be an additional character outside /td tags. HTML formating software like Dreamweaver, HTML Tidy, Notepad++ will be helpful in these cases. Above all use HTML Validatior extension for firefox. Any ways this question has got nothing to do with PHP. Regarding firebug, it shows the generated code, or the code seen by the browser, but not the source code.
RE: [PHP] Obeying the rules (was Simple login form with cookies)
To: php-general@lists.php.net From: t...@marston-home.demon.co.uk Date: Thu, 9 Jul 2009 22:37:44 +0100 Subject: Re: [PHP] Obeying the rules (was Simple login form with cookies) Still Learnin' ssski...@gmail.com wrote in message news:4a565c73.8090...@gmail.com... Tony Marston wrote: You've been told more than twice, it isn't an arbitrary rule. It isn't a petty rule. It isn't about perfection. It is arbitrary. It is petty. It is about someone's idea of perfection. One of us clearly manifests a reality gap. How many people do you have siding with your position, on this list? It's about clarity. So that the threaded archives are intelligible instead of jumbled. So that the post-by-post emails properly read from top to bottom. That's why other newsgroups allow top posting because the response in each post is at the top, where the newsreader starts, so you don't have to scroll over the text of the previous post to get to the important stuff. This is not a newsgroup. It is an email list that archives emails on the php.net web site, and has a newsgroup subscribed. It *is* a newsgroup because I can access it through my newsreader. I can recieve copies of posts in my email client, but I can only post using my newsreader. If a thread contained 30 posts would you really want the text of all 30 contained in the same message? How difficult would it be to separate one message from another? What broken program (or script) puts the text of 30 posts into the same post? You seem to be grasping at straws. When you hit reply in your newsreader what happens? It creates a new post with the original message quoted in its entirety. Some newsreadrs then posiition the cursor at the top ready for your reply, while others position it at the bottom. If this happens 30 times then the last post contains copies of the all the previous 29 messages. It's also about courtesy, not dropping dingleberries dozens or scores of lines long (and some of you others could stand to snip the extraneous even though you do properly bottom-post). So what are the rules about snipping then? You're the 30-year professional, figure them out. I'm Still Learnin' Why should I have to figure it out? Surely some little Hitler has created a rule so that the rest of us sheep don't have to think for ourselves? -- Tony Marston http://www.tonymarston.net http://www.radicore.org Someone has got to pay for this!!! How dare you interrupt my 30years vampiric sleep over such trivial issue as top posting?. Now Tony you've been a good lad but this has got to end now! What's all the fuss about you not been able to abide by the rules here? If you can't abide, then simply leave (methinks the person that sent the mail in your name was actually trying to do you a favour). On the other hand, Daniel, what happened to that button with which you can ban any defauters on the list? is it broken? Moreover, there seem to be one point that everybody's been missing all the while. since this argument started (or specifically somewhere along the line), Marston actually started following the rules. He has stopped top-posting without him even knowing it. Check his last few replies and you'll see. The sun is up now so I got to return to my coven. No more arguments guys. Alugo Abdulazeez http://www.frangeovic.com _ Drag n’ drop—Get easy photo sharing with Windows Live™ Photos. http://www.microsoft.com/windows/windowslive/products/photos.aspx
Re: [PHP] open source event calendar
On Fri, Jul 10, 2009 at 03:13, Joeyj...@web56.net wrote: Hello All! Does anyone know of a good open source calendar app? Hopefully one that has ongoing development etc. ( sorry asked this before, but can't find a web list to search for the previous results, php.net has a list that is not searchable ) Did you try Google? Did you then try searching Google for 'mailing list archives'? I had no problem finding a few thousand results. http://www.gmane.org/ http://www.marc.info/ http://news.php.net/ http://google.com/search?q=open+source+php+calendar+script -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] open source event calendar
At 3:13 AM -0400 7/10/09, Joey wrote: Hello All! Does anyone know of a good open source calendar app? Hopefully one that has ongoing development etc. ( sorry asked this before, but can't find a web list to search for the previous results, php.net has a list that is not searchable ) Joey: Sure, try: http://php-calendar.com That's an on-going development -- in fact I added a little contribution last month. Besides his demo, here it is working for me: http://php1.net/my-php-calendar/ If you want something simpler, try this: http://www.webbytedd.com//tedd-php-calendar/ All the code is there. Use as you want. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP script for detecting pattern sequences?
sorry, should have added that i'm not aware of any library to do this, but you could certainly write one! :) and i forgot to use the list, sorry. - isaac On Fri, Jul 10, 2009 at 10:28 AM, Isaac Dover isaacdo...@gmail.com wrote: though this looks suspiciously like a homework assignment, i'll bite. those regex patterns wouldn't solve his problem. he wants to pull repetitions from the string _before_ knowing a pattern. those patterns will match the entire source string without trying, i would think that you may try using a technique that reads a character, then looks for the next occurrence of that character. if you're lucky, then that character will be the beginning of the sequence. you'll just look at the substring from that first occurrence until the next, then search the string for that substring. if unlucky, you'll move to the next string, _append it_ to the previous, repeat the process, and so on. at some point, you'll have the pattern built in memory and will be searching the source string using your built pattern string. at some point, something will have to match. the trick is in recursion. also, i'm assuming your real examples are more complicated than what you have above. in the two listed, you already know that a zero indicates that the pattern is beginning, so you just look for, and note the index of, zeroes. i've thumbed through a free book online that deals with text parsing. it's very technical, but interesting at the same time. maybe you can find it. - isaac On Wed, Jul 8, 2009 at 11:32 PM, WenDong Zhang zwd2...@gmail.com wrote: yes (\d+?)\1+ works fine On Thu, Jul 9, 2009 at 6:00 AM, Per Jessen p...@computer.org wrote: Rob Gould wrote: Can anyone tell me if there's a PHP library out there that will help me determine pattern sequences from a string? Example input: 032258064516129032258064516129032258064516129032258064516129 Sequence = 032258064516129 037037037037037037037037037037037037037037037037037037037037 Sequence = 037 I know regex can help you find a pattern when you know what the pattern is already, but this is different. Nah, it's the same thing. A suitable regex might look something like this: /([0-9]+)\1+/ Not tested, probably won't work on the first try. You may need greediness adjustments. /Per -- Per Jessen, Zürich (14.1°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Best Regards! Wen Dong
[PHP] Error Trapping
I'm having a hard time getting my head around this problem. I have to connect to a FoxPro database using an ODBC driver. Sometimes when I connect I get an error. The error doesn't occur all the time and usually another connect attempt works. I can trap the error through an error handler. However, I use a class to connect to the database. What I want to do is to check for that error and, if it occurs, try to connect again. Since the error handler is outside the class, how can I create the object again and make sure it gets passed back to my script that called it? I hope that made sense! Thanks! Floyd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HTTP headers and include()
tedd wrote: At 12:24 AM -0700 7/10/09, James Colannino wrote: Eddie Drapkin wrote: HTTP headers are sent and finalized after the first bit of output. I had the same problem before and it turned out to be because I had a close tag ? at the end of a file followed by some whitespace. The solution was to remove the ? from the end of all the files and I haven't closed an entire file since. Perhaps that might be it? Hmm... In fact, I did close all my include files with the ? tag, and per Michael's observation in another response, there is a line of whitespace after the closing tag in my include files. I tried getting rid of the trailing whitespace, and removed the closing tags. Unfortunately, even after that, when I place my include files before session_start, I get the same problem. There's no leading whitespace before the starting ?php tag, so I'm still a little at a loss. It's not too big of a deal though; I simply placed my include files after the call to session_start(). That seems to solve the problem. James James: As I understand things, that's the way it is supposed to work -- you always start a session page off with session_start() as your first statement. I've had some pages complain that a session has already been started and in that case, I check to see if a session ID is set and it not, then do a session_start(). But, as a matter of habit, I always make session_start() my first line of code. Cheers, tedd If the included file has ?php somefunc() { } ? ?php somefunc() { } ? that will also cause it. Or maybe one of the include files includes a file (IE db connection script) that has white space. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP script for detecting pattern sequences?
On Fri, Jul 10, 2009 at 10:30 AM, Isaac Doverisaacdo...@gmail.com wrote: On Wed, Jul 8, 2009 at 11:32 PM, WenDong Zhang zwd2...@gmail.com wrote: On Thu, Jul 9, 2009 at 6:00 AM, Per Jessen p...@computer.org wrote: A suitable regex might look something like this: /([0-9]+)\1+/ Not tested, probably won't work on the first try. You may need greediness adjustments. /Per yes (\d+?)\1+ works fine -- Best Regards! Wen Dong those regex patterns wouldn't solve his problem. he wants to pull repetitions from the string _before_ knowing a pattern. those patterns will match the entire source string - isaac Those patterns look like a pretty good starting point to me. True, the first captured result of preg_match would be the entire string, but the submatches array would contain the actual sequence that is repeated: ?php $pattern = '/(\d+?)\1+/'; $subject = '032258064516129032258064516129032258064516129032258064516129'; if (preg_match($pattern, $subject, $matches)) { var_dump($matches); } /* array(2) { [0]= string(60) 032258064516129032258064516129032258064516129032258064516129 [1]= string(15) 032258064516129 } */ $subject = '037037037037037037037037037037037037037037037037037037037037'; if (preg_match($pattern, $subject, $matches)) { var_dump($matches); } /* array(2) { [0]= string(60) 037037037037037037037037037037037037037037037037037037037037 [1]= string(3) 037 } */ $subject = ''; if (preg_match($pattern, $subject, $matches)) { var_dump($matches); } /* array(2) { [0]= string(60) [1]= string(1) 3 } */ ? Some slight adjustments to the pattern could also be useful. // This would catch a pattern of any repeating characters, not just numeric digits $pattern = '/(.+?)\1+/'; // This would only match if the entire string was a repeated sequence $pattern = '/^(\d+?)\1+$/'; // This would match the repeated sequence only if the string began with a repeated sequence. $pattern = '/^(\d+?)\1+/'; // This would match the repeated sequence only if the string ended with a repeated sequence. $pattern = '/(\d+?)\1+$/'; If a string had multiple sequences, you could also use preg_match_all to find each sequence, but that looks a bit more involved than the OP. None of these require knowing the sequence in advance. How do they not satisfy the OP? Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Error Trapping
On Fri, Jul 10, 2009 at 10:56 AM, Floyd Reslerfres...@adex-intl.com wrote: I'm having a hard time getting my head around this problem. I have to connect to a FoxPro database using an ODBC driver. Sometimes when I connect I get an error. The error doesn't occur all the time and usually another connect attempt works. I can trap the error through an error handler. However, I use a class to connect to the database. What I want to do is to check for that error and, if it occurs, try to connect again. Since the error handler is outside the class, how can I create the object again and make sure it gets passed back to my script that called it? I hope that made sense! Thanks! Floyd Why is the error outside the class? If you connect with a class, something like: public function __construct() { $this-handle = false; while($this-handle === false) { $this-handle == odbc_connect(); } } ought to work fine. Alternatively, you could check out PDO, which is supposed to be the next generation of database connections in PHP, and won't create an object without a connection. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP script for detecting pattern sequences?
i just got pwned! thanks, andrew. i should've paid more attention to what i was reading. - isaac On Fri, Jul 10, 2009 at 11:19 AM, Andrew Ballard aball...@gmail.com wrote: On Fri, Jul 10, 2009 at 10:30 AM, Isaac Doverisaacdo...@gmail.com wrote: On Wed, Jul 8, 2009 at 11:32 PM, WenDong Zhang zwd2...@gmail.com wrote: On Thu, Jul 9, 2009 at 6:00 AM, Per Jessen p...@computer.org wrote: A suitable regex might look something like this: /([0-9]+)\1+/ Not tested, probably won't work on the first try. You may need greediness adjustments. /Per yes (\d+?)\1+ works fine -- Best Regards! Wen Dong those regex patterns wouldn't solve his problem. he wants to pull repetitions from the string _before_ knowing a pattern. those patterns will match the entire source string - isaac Those patterns look like a pretty good starting point to me. True, the first captured result of preg_match would be the entire string, but the submatches array would contain the actual sequence that is repeated: ?php $pattern = '/(\d+?)\1+/'; $subject = '032258064516129032258064516129032258064516129032258064516129'; if (preg_match($pattern, $subject, $matches)) { var_dump($matches); } /* array(2) { [0]= string(60) 032258064516129032258064516129032258064516129032258064516129 [1]= string(15) 032258064516129 } */ $subject = '037037037037037037037037037037037037037037037037037037037037'; if (preg_match($pattern, $subject, $matches)) { var_dump($matches); } /* array(2) { [0]= string(60) 037037037037037037037037037037037037037037037037037037037037 [1]= string(3) 037 } */ $subject = ''; if (preg_match($pattern, $subject, $matches)) { var_dump($matches); } /* array(2) { [0]= string(60) [1]= string(1) 3 } */ ? Some slight adjustments to the pattern could also be useful. // This would catch a pattern of any repeating characters, not just numeric digits $pattern = '/(.+?)\1+/'; // This would only match if the entire string was a repeated sequence $pattern = '/^(\d+?)\1+$/'; // This would match the repeated sequence only if the string began with a repeated sequence. $pattern = '/^(\d+?)\1+/'; // This would match the repeated sequence only if the string ended with a repeated sequence. $pattern = '/(\d+?)\1+$/'; If a string had multiple sequences, you could also use preg_match_all to find each sequence, but that looks a bit more involved than the OP. None of these require knowing the sequence in advance. How do they not satisfy the OP? Andrew
Re: [PHP] Error Trapping
Eddie, Thanks for the tip. It suddenly occurred to me what I was doing wrong. I do use an error trap but I was telling my script to stop running after the error. So, now I ignore it and continue through the loop you suggested. I guess it was working exactly the way I had written it! Thanks! Floyd On Jul 10, 2009, at 11:23 AM, Eddie Drapkin wrote: On Fri, Jul 10, 2009 at 10:56 AM, Floyd Reslerfres...@adex- intl.com wrote: I'm having a hard time getting my head around this problem. I have to connect to a FoxPro database using an ODBC driver. Sometimes when I connect I get an error. The error doesn't occur all the time and usually another connect attempt works. I can trap the error through an error handler. However, I use a class to connect to the database. What I want to do is to check for that error and, if it occurs, try to connect again. Since the error handler is outside the class, how can I create the object again and make sure it gets passed back to my script that called it? I hope that made sense! Thanks! Floyd Why is the error outside the class? If you connect with a class, something like: public function __construct() { $this-handle = false; while($this-handle === false) { $this-handle == odbc_connect(); } } ought to work fine. Alternatively, you could check out PDO, which is supposed to be the next generation of database connections in PHP, and won't create an object without a connection. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Error Trapping
On Fri, Jul 10, 2009 at 11:39 AM, Floyd Reslerfres...@adex-intl.com wrote: Eddie, Thanks for the tip. It suddenly occurred to me what I was doing wrong. I do use an error trap but I was telling my script to stop running after the error. So, now I ignore it and continue through the loop you suggested. I guess it was working exactly the way I had written it! Thanks! Floyd On Jul 10, 2009, at 11:23 AM, Eddie Drapkin wrote: On Fri, Jul 10, 2009 at 10:56 AM, Floyd Reslerfres...@adex-intl.com wrote: I'm having a hard time getting my head around this problem. I have to connect to a FoxPro database using an ODBC driver. Sometimes when I connect I get an error. The error doesn't occur all the time and usually another connect attempt works. I can trap the error through an error handler. However, I use a class to connect to the database. What I want to do is to check for that error and, if it occurs, try to connect again. Since the error handler is outside the class, how can I create the object again and make sure it gets passed back to my script that called it? I hope that made sense! Thanks! Floyd Why is the error outside the class? If you connect with a class, something like: public function __construct() { $this-handle = false; while($this-handle === false) { $this-handle == odbc_connect(); } } ought to work fine. Alternatively, you could check out PDO, which is supposed to be the next generation of database connections in PHP, and won't create an object without a connection. ;) Sometimes all it takes is a fresh look at an old problem! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] mysql cache query as xml
hi guys, i need some help by optimize the performance. my problem is that i need a lot of rows the whole site (don't ask i need the rows really :-) ) this is about ~4000 rows it will be loaded from mysql database in 0.3 seconds my idea was to cache this rows in a xml file like for example: category idsome hash id/id titlecategory title /title /category .. also load query from mysql first, save to xml using 6 hours, erase the cached file, load query against but to load the same num rows from xml during more then 3 seconds in comparison mysql need just 0.3 seconds. how can i optimize the reading from xml faster? server design: 2 mysql server (Master Slave with Replication ) 8 Applikation Server with connect to the 2 mysql server this i the reason why i want to cache this query anyway! other querys just need about 0.0004 seconds, but this is the slowest query! i hope someone can help me or had a better ideas to solve this problem! thanks chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql cache query as xml
Chris; From my understanding of your question, your message (included below in its entirety) is better sent to the MySQL General list, which I've CC'd on this reply. If you haven't yet, please subscribe there at mysql-subscr...@lists.mysql.com to follow the thread for responses. If I'm misunderstanding and you're asking a PHP-related question, please rephrase your question. [Full original message follows.] On Fri, Jul 10, 2009 at 12:22, workerho...@studysite.euworkerho...@studysite.eu wrote: hi guys, i need some help by optimize the performance. my problem is that i need a lot of rows the whole site (don't ask i need the rows really :-) ) this is about ~4000 rows it will be loaded from mysql database in 0.3 seconds my idea was to cache this rows in a xml file like for example: category idsome hash id/id titlecategory title /title /category .. also load query from mysql first, save to xml using 6 hours, erase the cached file, load query against but to load the same num rows from xml during more then 3 seconds in comparison mysql need just 0.3 seconds. how can i optimize the reading from xml faster? server design: 2 mysql server (Master Slave with Replication ) 8 Applikation Server with connect to the 2 mysql server this i the reason why i want to cache this query anyway! other querys just need about 0.0004 seconds, but this is the slowest query! i hope someone can help me or had a better ideas to solve this problem! thanks chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql cache query as xml
On Fri, Jul 10, 2009 at 12:36 PM, Daniel Browndanbr...@php.net wrote: Chris; From my understanding of your question, your message (included below in its entirety) is better sent to the MySQL General list, which I've CC'd on this reply. If you haven't yet, please subscribe there at mysql-subscr...@lists.mysql.com to follow the thread for responses. If I'm misunderstanding and you're asking a PHP-related question, please rephrase your question. I understood the question to be how to improve performance by caching MySQL results into an XML document (which, given that it was posted here) within a PHP script. Perhaps this is not the correct interpretation, but if so it would be relevant. However, I'm not sure I'd spend time trying to devise a fast XML cache for a query that only took 0.3 seconds to execute. By itself, that isn't bad performance unless this is a query that is called frequently by several concurrent users. Personally, I'd look into ways to improve the execution of the query itself in MySQL (making sure the query is sargable and improving indexes, etc.) until I thought I had exhausted everything there. Just my 2 cents. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql cache query as xml
hi andrew i think you understand my problem a little, but if 100 user load this query at the same time, the two mysql server had a lot to do! so i think to cache this query as xml to the application server local make thinks faster, but, i would like to have the same performance to read this xml document as read the query from mysql server... i dont know why php is so slow to read the xml file... Andrew Ballard schrieb: On Fri, Jul 10, 2009 at 12:36 PM, Daniel Browndanbr...@php.net wrote: Chris; From my understanding of your question, your message (included below in its entirety) is better sent to the MySQL General list, which I've CC'd on this reply. If you haven't yet, please subscribe there at mysql-subscr...@lists.mysql.com to follow the thread for responses. If I'm misunderstanding and you're asking a PHP-related question, please rephrase your question. I understood the question to be how to improve performance by caching MySQL results into an XML document (which, given that it was posted here) within a PHP script. Perhaps this is not the correct interpretation, but if so it would be relevant. However, I'm not sure I'd spend time trying to devise a fast XML cache for a query that only took 0.3 seconds to execute. By itself, that isn't bad performance unless this is a query that is called frequently by several concurrent users. Personally, I'd look into ways to improve the execution of the query itself in MySQL (making sure the query is sargable and improving indexes, etc.) until I thought I had exhausted everything there. Just my 2 cents. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql cache query as xml
On Fri, Jul 10, 2009 at 12:59, Andrew Ballardaball...@gmail.com wrote: I understood the question to be how to improve performance by caching MySQL results into an XML document (which, given that it was posted here) within a PHP script. Perhaps this is not the correct interpretation, but if so it would be relevant. You're probably correct. Seems I'm just experiencing a Friday Fog, so to speak. (And no, there are no chemical connotations implied there, just that the weekend and all the work it entails is looming much closer. ;-P) -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql cache query as xml
On Fri, Jul 10, 2009 at 13:07, workerho...@studysite.euworkerho...@studysite.eu wrote: hi andrew i think you understand my problem a little, but if 100 user load this query at the same time, the two mysql server had a lot to do! so i think to cache this query as xml to the application server local make thinks faster, but, i would like to have the same performance to read this xml document as read the query from mysql server... i dont know why php is so slow to read the xml file... It will be slower to read a file than data from an SQL database by sheer design --- regardless of whether it's XML, CSV, plain text, etc. And MySQL is faster still because it's run as a server with it's own processing engine, completely independent of the PHP engine and spawned process. Other factors involved are disk seek time, memory capabilities, et cetera, but the SQL-vs-file point is the biggest. For PHP to locate something within the file, it must load the entire file into memory or read it byte-by-byte, line-by-line, from an exact offset (given explicitly). SQL databases such as MySQL work similarly, but don't catalog all data in quite the same linear fashion. Further, MySQL is capable of indexing, allowing it to return the data far faster. There's a time and a place for each, but it sounds as though what you're attempting to do would not be best-served by caching it in an XML sheet. Also, something to keep in mind (with no offense intended by any means): if you have two database servers (using replication) for load-balancing and they - combined - cannot handle 100 simultaneous connections and queries, you may want to re-evaluate your infrastructure and architecture. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql cache query as xml
hmm, the infrastructure ist good, this is just this query so to solve my problem i could run mysql on the application server and store just this table and read the query from them, it could solve my problem litte, i hope so! Daniel Brown schrieb: On Fri, Jul 10, 2009 at 13:07, workerho...@studysite.euworkerho...@studysite.eu wrote: hi andrew i think you understand my problem a little, but if 100 user load this query at the same time, the two mysql server had a lot to do! so i think to cache this query as xml to the application server local make thinks faster, but, i would like to have the same performance to read this xml document as read the query from mysql server... i dont know why php is so slow to read the xml file... It will be slower to read a file than data from an SQL database by sheer design --- regardless of whether it's XML, CSV, plain text, etc. And MySQL is faster still because it's run as a server with it's own processing engine, completely independent of the PHP engine and spawned process. Other factors involved are disk seek time, memory capabilities, et cetera, but the SQL-vs-file point is the biggest. For PHP to locate something within the file, it must load the entire file into memory or read it byte-by-byte, line-by-line, from an exact offset (given explicitly). SQL databases such as MySQL work similarly, but don't catalog all data in quite the same linear fashion. Further, MySQL is capable of indexing, allowing it to return the data far faster. There's a time and a place for each, but it sounds as though what you're attempting to do would not be best-served by caching it in an XML sheet. Also, something to keep in mind (with no offense intended by any means): if you have two database servers (using replication) for load-balancing and they - combined - cannot handle 100 simultaneous connections and queries, you may want to re-evaluate your infrastructure and architecture. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql cache query as xml
On Fri, Jul 10, 2009 at 13:23, workerho...@studysite.euworkerho...@studysite.eu wrote: hmm, the infrastructure ist good, this is just this query so to solve my problem i could run mysql on the application server and store just this table and read the query from them, it could solve my problem litte, i hope so! You may also want to look into SQLite --- it's perfectly designed for this kind of situation. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql cache query as xml
On Fri, Jul 10, 2009 at 1:23 PM, workerho...@studysite.euworkerho...@studysite.eu wrote: hmm, the infrastructure ist good, this is just this query so to solve my problem i could run mysql on the application server and store just this table and read the query from them, it could solve my problem litte, i hope so! Daniel Brown schrieb: On Fri, Jul 10, 2009 at 13:07, workerho...@studysite.euworkerho...@studysite.eu wrote: hi andrew i think you understand my problem a little, but if 100 user load this query at the same time, the two mysql server had a lot to do! so i think to cache this query as xml to the application server local make thinks faster, but, i would like to have the same performance to read this xml document as read the query from mysql server... i dont know why php is so slow to read the xml file... It will be slower to read a file than data from an SQL database by sheer design --- regardless of whether it's XML, CSV, plain text, etc. And MySQL is faster still because it's run as a server with it's own processing engine, completely independent of the PHP engine and spawned process. Other factors involved are disk seek time, memory capabilities, et cetera, but the SQL-vs-file point is the biggest. For PHP to locate something within the file, it must load the entire file into memory or read it byte-by-byte, line-by-line, from an exact offset (given explicitly). SQL databases such as MySQL work similarly, but don't catalog all data in quite the same linear fashion. Further, MySQL is capable of indexing, allowing it to return the data far faster. There's a time and a place for each, but it sounds as though what you're attempting to do would not be best-served by caching it in an XML sheet. Also, something to keep in mind (with no offense intended by any means): if you have two database servers (using replication) for load-balancing and they - combined - cannot handle 100 simultaneous connections and queries, you may want to re-evaluate your infrastructure and architecture. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php is all the data from the query the same for each user? I.e. that they get the same 4K rows of data for that query? How is that query done? are there date parameters or other fields that would allow table partitioning on the data? Could you use a temp table, to store that data or a more fixed table that stores just that query's dataset? Also how large is the main table? -- Bastien Cat, the other other white meat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql cache query as xml
yes i think i should do this Daniel Brown schrieb: On Fri, Jul 10, 2009 at 13:23, workerho...@studysite.euworkerho...@studysite.eu wrote: hmm, the infrastructure ist good, this is just this query so to solve my problem i could run mysql on the application server and store just this table and read the query from them, it could solve my problem litte, i hope so! You may also want to look into SQLite --- it's perfectly designed for this kind of situation. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [PHP-WEBMASTER] Show Source QUESTION
On Fri, Jul 10, 2009 at 02:47, David Leesubl...@yahoo.com wrote: I was wanting to have a page called source.php like you guys, and have it display the source code for the pages, but I've looked at the source code for you guys source.php page and I can't seem to make it work on my server. Like how do you make a page display another php page without it executing the php scripts ? That's a better question for the PHP General list (CC'd in this email) than the Webmaster list. Feel free to subscribe there to get help with PHP-related questions. In direct answer to your question, however, check the following functions: highlight_file() - http://php.net/highlight_file highlight_string() - http://php.net/highlight_string -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql cache query as xml
On Fri, 10 Jul 2009 13:29:31 -0400 Bastien Koert phps...@gmail.com wrote: On Fri, Jul 10, 2009 at 1:23 PM, workerho...@studysite.euworkerho...@studysite.eu wrote: hmm, the infrastructure ist good, this is just this query so to solve my problem i could run mysql on the application server and store just this table and read the query from them, it could solve my problem litte, i hope so! Daniel Brown schrieb: On Fri, Jul 10, 2009 at 13:07, workerho...@studysite.euworkerho...@studysite.eu wrote: hi andrew i think you understand my problem a little, but if 100 user load this query at the same time, the two mysql server had a lot to do! so i think to cache this query as xml to the application server local make thinks faster, but, i would like to have the same performance to read this xml document as read the query from mysql server... i dont know why php is so slow to read the xml file... It will be slower to read a file than data from an SQL database by sheer design --- regardless of whether it's XML, CSV, plain text, etc. And MySQL is faster still because it's run as a server with it's own processing engine, completely independent of the PHP engine and spawned process. Other factors involved are disk seek time, memory capabilities, et cetera, but the SQL-vs-file point is the biggest. For PHP to locate something within the file, it must load the entire file into memory or read it byte-by-byte, line-by-line, from an exact offset (given explicitly). SQL databases such as MySQL work similarly, but don't catalog all data in quite the same linear fashion. Further, MySQL is capable of indexing, allowing it to return the data far faster. There's a time and a place for each, but it sounds as though what you're attempting to do would not be best-served by caching it in an XML sheet. Also, something to keep in mind (with no offense intended by any means): if you have two database servers (using replication) for load-balancing and they - combined - cannot handle 100 simultaneous connections and queries, you may want to re-evaluate your infrastructure and architecture. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php is all the data from the query the same for each user? I.e. that they get the same 4K rows of data for that query? How is that query done? are there date parameters or other fields that would allow table partitioning on the data? Could you use a temp table, to store that data or a more fixed table that stores just that query's dataset? Also how large is the main table? I don't know much about mysql, as I've been using it only for some basic things, but, couldn't you just set a bigger query_cache? The first user would have that 0.3 query, but the other 99 would get the results in... 0.001? 0.002? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql cache query as xml
workerho...@studysite.eu wrote: hi andrew i think you understand my problem a little, but if 100 user load this query at the same time, the two mysql server had a lot to do! so i think to cache this query as xml to the application server local make thinks faster, but, i would like to have the same performance to read this xml document as read the query from mysql server... i dont know why php is so slow to read the xml file... Are you saving to file or caching as a query result? Also note that you can cache an array of rows (at least with APC but I suspect memcache as well) - say my_fetch(key) is you function to fetch from cache and my_store(key,data,life) is your function to store. $result = my_fetch('big_query'); if (! $result) { $sql = 'your query'; $rs = mysql_query($sql); while ($row = mysql_fetch_object($rs)) { $result[] = $row; } my_store('big_query',$result,21600); } No xml involved and you can loop through the results. If you'd rather do it as xml, you can cache the xml as a string and then fetch it, importing it into a DOM or whatever to extract your results. $xml = my_fetch('queryResultAsXML'); if (! $xml) { generate xml and cache it } $dom = new DOMDocument('1.0','utf-8'); $dom-loadXML($xml); Not sure what you are doing, apoligize if these suggestions are useless or already considered. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] runtime access to static variable
Jack Bates-2 wrote: How do I access a static variable when I do not know the name of the class until runtime? Why not just: eval('$staticVal = '.get_class($myClass).'::staticVarName;'); ...now the value is in $staticVal. Or am I missing something here? No need to tell me eval is evil ;) -- View this message in context: http://www.nabble.com/runtime-access-to-static-variable-tp21041719p24433169.html Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] runtime access to static variable
On Fri, Jul 10, 2009 at 4:25 PM, Madbreaksnab...@vektral.com wrote: Jack Bates-2 wrote: How do I access a static variable when I do not know the name of the class until runtime? Why not just: eval('$staticVal = '.get_class($myClass).'::staticVarName;'); ...now the value is in $staticVal. Or am I missing something here? No need to tell me eval is evil ;) -- View this message in context: http://www.nabble.com/runtime-access-to-static-variable-tp21041719p24433169.html Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php if you need to access to a class constant use the built-in function if( defined( get_class($myClass) .'::THE_CONST' ) ) constant( get_class($myClass) .'::THE_CONST' ); They are very helpful -- Martin Scotta -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] HELP SQL INJECTION
Hi everyone, My server appears to be the victim of a chinese hack-attack and I believe they managed to change pages via SQL Injection, do any of you have any ideas how to lock down my forms so MySQL cannot be used from my forms? Thanks everyone Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HELP SQL INJECTION
On Fri, Jul 10, 2009 at 15:48, Chris Paynechris_pa...@danmangames.com wrote: Hi everyone, My server appears to be the victim of a chinese hack-attack and I believe they managed to change pages via SQL Injection, do any of you have any ideas how to lock down my forms so MySQL cannot be used from my forms? First and foremost: http://php.net/mysql_real_escape_string -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HELP SQL INJECTION
On Fri, Jul 10, 2009 at 3:50 PM, Daniel Browndanbr...@php.net wrote: On Fri, Jul 10, 2009 at 15:48, Chris Paynechris_pa...@danmangames.com wrote: Hi everyone, My server appears to be the victim of a chinese hack-attack and I believe they managed to change pages via SQL Injection, do any of you have any ideas how to lock down my forms so MySQL cannot be used from my forms? First and foremost: http://php.net/mysql_real_escape_string -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php You, sir, are an email list ninja. Not ten seconds before I hit Send, Gmail tells me you ninja'd my response! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] DOMDocument saveHTML() configurable?
Michael A. Peters wrote: The $dom-saveHTML() function does a pretty good job of knowing what tags are not closed - IE it does br, meta, param, etc. correctly. Is there a way to add a tag without children to it's database? Specifically I'm talking about the new source tag from HTML 5 that is being used to embed ogg/mp4 audio and video files. Put it in a dom document object and spit it out with saveHTML() and you get source src=foo.ogg type=video/ogg/source which is harmless but technically incorrect. I know html tidy allows you to define new childless nodes and sending the output through tidy will then fix it, but I can't seem to find a way to to it with DOMDocument so that you don't need to send it through tidy before sending to the client. If you use saveXML instead of saveHTML, it will self-close empty tags. Then for any tags that should not be self-closed, you just need to pass an empty value as the second parameter of createElement. $doc-createElement('source'); ... echo $doc-saveXML(); // source / $doc-createElement('div', ''); ... echo $doc-saveXML(); // div/div That's the way I'd do it. Hope that helps. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP not running properly
On Fri, Jul 10, 2009 at 4:17 PM, Daniel Browndanbr...@php.net wrote: On Fri, Jul 10, 2009 at 15:44, Togrul Mamedbekovtogrul.mamedbe...@iadc.org wrote: Hello Sir or Madam, We just updated our PHP 5.2 software. And when I try to run the php info script! I get a blank screen! What do you see when you view the source of the page with phpinfo() ? -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Your error handling is logging the errors, not displaying them to the screen. Check the php ini file settings for that. -- Bastien Cat, the other other white meat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP not running properly
Hello Sir or Madam, We just updated our PHP 5.2 software. And when I try to run the php info script! I get a blank screen! I am including my php.ini settings Please help Thank you in advance, Togrul Mamedbekov Marketing Publishing Assistant *10370 Richmond Ave, Ste 760, Houston, TX 77042 (Tel: +1-(713)-292-1945 / Fax: +1-(713)-292-1946 Web: http://www.iadc.org http://www.iadc.org/ [PHP] ;;; ; About php.ini ; ;;; ; This file controls many aspects of PHP's behavior. In order for PHP to ; read it, it must be named 'php.ini'. PHP looks for it in the current ; working directory, in the path designated by the environment variable ; PHPRC, and in the path that was defined in compile time (in that order). ; Under Windows, the compile-time path is the Windows directory. The ; path in which the php.ini file is looked for can be overridden using ; the -c argument in command line mode. ; ; The syntax of the file is extremely simple. Whitespace and Lines ; beginning with a semicolon are silently ignored (as you probably guessed). ; Section headers (e.g. [Foo]) are also silently ignored, even though ; they might mean something in the future. ; ; Directives are specified using the following syntax: ; directive = value ; Directive names are *case sensitive* - foo=bar is different from FOO=bar. ; ; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one ; of the INI constants (On, Off, True, False, Yes, No and None) or an expression ; (e.g. E_ALL ~E_NOTICE), or a quoted string (foo). ; ; Expressions in the INI file are limited to bitwise operators and parentheses: ; |bitwise OR ; bitwise AND ; ~bitwise NOT ; !boolean NOT ; ; Boolean flags can be turned on using the values 1, On, True or Yes. ; They can be turned off using the values 0, Off, False or No. ; ; An empty string can be denoted by simply not writing anything after the equal ; sign, or by using the None keyword: ; ; foo = ; sets foo to an empty string ; foo = none; sets foo to an empty string ; foo = none ; sets foo to the string 'none' ; ; If you use constants in your value, and these constants belong to a ; dynamically loaded extension (either a PHP extension or a Zend extension), ; you may only use these constants *after* the line that loads the extension. ; ; ;;; ; About this file ; ;;; ; This is the recommended, PHP 5-style version of the php.ini-dist file. It ; sets some non standard settings, that make PHP more efficient, more secure, ; and encourage cleaner coding. ; ; The price is that with these settings, PHP may be incompatible with some ; applications, and sometimes, more difficult to develop with. Using this ; file is warmly recommended for production sites. As all of the changes from ; the standard settings are thoroughly documented, you can go over each one, ; and decide whether you want to use it or not. ; ; For general information about the php.ini file, please consult the php.ini-dist ; file, included in your PHP distribution. ; ; This file is different from the php.ini-dist file in the fact that it features ; different values for several directives, in order to improve performance, while ; possibly breaking compatibility with the standard out-of-the-box behavior of ; PHP. Please make sure you read what's different, and modify your scripts ; accordingly, if you decide to use this file instead. ; ; - register_long_arrays = Off [Performance] ; Disables registration of the older (and deprecated) long predefined array ; variables ($HTTP_*_VARS). Instead, use the superglobals that were ; introduced in PHP 4.1.0 ; - display_errors = Off [Security] ; With this directive set to off, errors that occur during the execution of ; scripts will no longer be displayed as a part of the script output, and thus, ; will no longer be exposed to remote users. With some errors, the error message ; content may expose information about your script, web server, or database ; server that may be exploitable for hacking. Production sites should have this ; directive set to off. ; - log_errors = On[Security] ; This directive complements the above one. Any errors that occur during the ; execution of your script will be logged (typically, to your server's error log, ; but can be configured in several ways). Along with setting display_errors to off, ; this setup gives you the ability to fully understand what may have gone wrong, ; without exposing any sensitive information to remote users. ; - output_buffering = 4096[Performance] ; Set a 4KB output buffer. Enabling output buffering typically results in less ; writes, and sometimes less packets sent on the wire, which can often lead to ; better performance. The gain this directive actually yields greatly depends ; on which Web server
Re: [PHP] PHP not running properly
On Fri, Jul 10, 2009 at 15:44, Togrul Mamedbekovtogrul.mamedbe...@iadc.org wrote: Hello Sir or Madam, We just updated our PHP 5.2 software. And when I try to run the php info script! I get a blank screen! What do you see when you view the source of the page with phpinfo() ? -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php.ini directive include_path variables
I'm wondering if there is a way to dynamically set the absolute path of an include directory based on the document root of the site via htaccess or some other method other than in the scripts themselves within the site. Example of what I'm looking for: $doc_root/.htaccess: php_value include_path $_SERVER['DOCUMENT_ROOT']/include I have a live site and a development site both hosted on 2 entirely different systems. The issue stems because the path to the code base for each site is not the same. The problem I'm trying to solve is to not have to modify the include path settings when pushing revisions from the development system to upstream, in other words, I'd like for the code base to be a drop in replacement which is why I'm defining php settings via htaccess rather than php.ini to begin with. I'm not setting include paths in scripts because the vast majority of the classes in the include directory depend on other classes and include said classes directly in their code. This breaks scripts deep in the directory tree without using an absolute path. I suppose one option (that I'm trying to avoid) is to modify the scripts to use: require_once($_SERVER['DOCUMENT_ROOT'].include/foobar.inc.php); Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php.ini directive include_path variables
On Fri, Jul 10, 2009 at 16:56, J.P. Trosclairjptroscl...@judelawfirm.com wrote: I'm wondering if there is a way to dynamically set the absolute path of an include directory based on the document root of the site via htaccess or some other method other than in the scripts themselves within the site. Please check the archives and Google before posting here. This exact question was just discussed and answered within the last seven days. I don't recall the name of the thread (perhaps someone else could name it for me), but I believe the original poster was Govinda. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HELP SQL INJECTION
On Jul 10, 2009, at 1:50 PM, Daniel Brown wrote: On Fri, Jul 10, 2009 at 15:48, Chris Paynechris_pa...@danmangames.com wrote: Hi everyone, My server appears to be the victim of a chinese hack-attack and I believe they managed to change pages via SQL Injection, do any of you have any ideas how to lock down my forms so MySQL cannot be used from my forms? First and foremost: http://php.net/mysql_real_escape_string I am total newbie here, but I can say I would recommend getting a good PHP book or at least reading some articles on preventing XSS attacks (if I said that right) and also SQL injection. for inserting data in to your db, use placeholders. for printing data coming from the db, use htmlentities() for retrieving data from your db via form/user input, use mysql_real_escape_string and strtr() to escape SQL wildcards (%) and the _ char. If I mis-guide the OP, please correct me! Govinda govinda.webdnat...@gmail.com
Re: [PHP] php.ini directive include_path variables
Daniel Brown wrote: Please check the archives and Google before posting here. This exact question was just discussed and answered within the last seven days. I don't recall the name of the thread (perhaps someone else could name it for me), but I believe the original poster was Govinda. I've spent the better part of this afternoon looking through google and the archives for different variations on terminology before resorting to subscribing and posting to this list. Will go back to digging based on your suggestion. Thanks for your time and sorry if I've caused any problems. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql cache query as xml
first thanks to all who have read ;-) your solution looks like the method how i done it actually, i have tested the last hours the solution with sql lite on application server the Solution: 3 Mysql Server ( 1 more to handle the big load ) (1 Master, 2 Slaves) mysql replication 10 Applikation Server ( get today two more from my hoster :-) ) on Application Serer running php and sql lite by the first load from mysql server the big query get synchronised with the lokal sql lite and write into the database entrys are about 6 hour valid, after then the server get the new list. performance looks nice: total load time: between 0.03-0.09 Seconds but i found another problem by the time i worked on the server application server can create images and thumbs of them in various sizes (gd lib etc.) then this server open a ftp connection ( ftp_connect() ) to a global data storage server the data server has just running ftp so i must created the thumbs on application server and move all files to the data server: question: *can php handle some compression with ftp* ? so that i can move some more data? chirs Michael A. Peters schrieb: workerho...@studysite.eu wrote: hi andrew i think you understand my problem a little, but if 100 user load this query at the same time, the two mysql server had a lot to do! so i think to cache this query as xml to the application server local make thinks faster, but, i would like to have the same performance to read this xml document as read the query from mysql server... i dont know why php is so slow to read the xml file... Are you saving to file or caching as a query result? Also note that you can cache an array of rows (at least with APC but I suspect memcache as well) - say my_fetch(key) is you function to fetch from cache and my_store(key,data,life) is your function to store. $result = my_fetch('big_query'); if (! $result) { $sql = 'your query'; $rs = mysql_query($sql); while ($row = mysql_fetch_object($rs)) { $result[] = $row; } my_store('big_query',$result,21600); } No xml involved and you can loop through the results. If you'd rather do it as xml, you can cache the xml as a string and then fetch it, importing it into a DOM or whatever to extract your results. $xml = my_fetch('queryResultAsXML'); if (! $xml) { generate xml and cache it } $dom = new DOMDocument('1.0','utf-8'); $dom-loadXML($xml); Not sure what you are doing, apoligize if these suggestions are useless or already considered. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php.ini directive include_path variables
On Fri, Jul 10, 2009 at 17:24, J.P. Trosclairjptroscl...@judelawfirm.com wrote: I've spent the better part of this afternoon looking through google and the archives for different variations on terminology before resorting to subscribing and posting to this list. Will go back to digging based on your suggestion. Thanks for your time and sorry if I've caused any problems. No problem at all, J.P., and my apologies if I came across with a tone (in writing) to make you think it was. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php.ini directive include_path variables
On Jul 10, 2009, at 3:16 PM, Daniel Brown wrote: On Fri, Jul 10, 2009 at 16:56, J.P. Trosclairjptroscl...@judelawfirm.com wrote: I'm wondering if there is a way to dynamically set the absolute path of an include directory based on the document root of the site via htaccess or some other method other than in the scripts themselves within the site. Please check the archives and Google before posting here. This exact question was just discussed and answered within the last seven days. I don't recall the name of the thread (perhaps someone else could name it for me), but I believe the original poster was Govinda. yes, look for posts with this subject line: Re: [PHP] best way to properly build an include path *regardless* from where I am calling the include? (just don't ask me to explain everything that those good souls were trying to teach me in those posts.. I assimilated some of it. ;-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php.ini directive include_path variables
On Fri, Jul 10, 2009 at 17:28, Govindagovinda.webdnat...@gmail.com wrote: yes, look for posts with this subject line: Re: [PHP] best way to properly build an include path *regardless* from where I am calling the include? (just don't ask me to explain everything that those good souls were trying to teach me in those posts.. I assimilated some of it. ;-) Found here, with previous posts in the thread being linked from that page as References: http://news.php.net/php.general/294985 Politeness should be rewarded, at the very least, with a link. ;-P -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php.ini directive include_path variables
Govinda wrote: [PHP] best way to properly build an include path*regardless* Thanks, appreciated. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HELP SQL INJECTION
Hi everyone, Hmmm i'm not sure it is an SQL Injection now, done a lot more checking and it is inserting code at the end of every index.htm index.html default.html and index.php pages on my site. Ooooh what fun :-) Chris On Fri, Jul 10, 2009 at 2:22 PM, Govindagovinda.webdnat...@gmail.com wrote: On Jul 10, 2009, at 1:50 PM, Daniel Brown wrote: On Fri, Jul 10, 2009 at 15:48, Chris Paynechris_pa...@danmangames.com wrote: Hi everyone, My server appears to be the victim of a chinese hack-attack and I believe they managed to change pages via SQL Injection, do any of you have any ideas how to lock down my forms so MySQL cannot be used from my forms? First and foremost: http://php.net/mysql_real_escape_string I am total newbie here, but I can say I would recommend getting a good PHP book or at least reading some articles on preventing XSS attacks (if I said that right) and also SQL injection. for inserting data in to your db, use placeholders. for printing data coming from the db, use htmlentities() for retrieving data from your db via form/user input, use mysql_real_escape_string and strtr() to escape SQL wildcards (%) and the _ char. If I mis-guide the OP, please correct me! Govinda govinda.webdnat...@gmail.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HELP SQL INJECTION
On Fri, Jul 10, 2009 at 17:37, Chris Paynechris_pa...@danmangames.com wrote: Hi everyone, Hmmm i'm not sure it is an SQL Injection now, done a lot more checking and it is inserting code at the end of every index.htm index.html default.html and index.php pages on my site. Ooooh what fun :-) Wouldn't happen to be in Chinese, would it? It sounds quite reminiscent of the regular JavaScript and XSS stuff. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HELP SQL INJECTION
Hi, Yes their IP is from Russia by Chinese in origin. How can this be prevented? Thank you all SO much for your help, it is very appreciated. Chris On Fri, Jul 10, 2009 at 2:40 PM, Daniel Browndanbr...@php.net wrote: On Fri, Jul 10, 2009 at 17:37, Chris Paynechris_pa...@danmangames.com wrote: Hi everyone, Hmmm i'm not sure it is an SQL Injection now, done a lot more checking and it is inserting code at the end of every index.htm index.html default.html and index.php pages on my site. Ooooh what fun :-) Wouldn't happen to be in Chinese, would it? It sounds quite reminiscent of the regular JavaScript and XSS stuff. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HELP SQL INJECTION
On Fri, Jul 10, 2009 at 17:48, Chris Paynechris_pa...@danmangames.com wrote: Hi, Yes their IP is from Russia by Chinese in origin. How can this be prevented? Thank you all SO much for your help, it is very appreciated. So would be your move to bottom-posting (with nods to the jihad that was the longest thread of the list so far this month) as per the mailing list rules. ;-P What's the URL to your site, if you feel comfortable in providing it here? -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HELP SQL INJECTION
Thank you all SO much for your help, it is very appreciated. So would be your move to bottom-posting (with nods to the jihad that was the longest thread of the list so far this month) as per the mailing list rules. ;-P What's the URL to your site, if you feel comfortable in providing it here? Sorry I post at the top because i'm legally blind and it's easier but i'll try to post at the bottom :-) This is the main site on my server: http://www.oxyge.net I just took out the offending code at the end of the index page to get it back up and running. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HELP SQL INJECTION
On Fri, Jul 10, 2009 at 18:11, Chris Paynechris_pa...@danmangames.com wrote: Sorry I post at the top because i'm legally blind and it's easier but i'll try to post at the bottom :-) This is the main site on my server: http://www.oxyge.net I just took out the offending code at the end of the index page to get it back up and running. Check the /blog/ as well. Parse error. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql cache query as xml
On Jul 10, 2009, at 5:25 PM, workerho...@studysite.eu workerho...@studysite.eu wrote: first thanks to all who have read ;-) your solution looks like the method how i done it actually, i have tested the last hours the solution with sql lite on application server the Solution: 3 Mysql Server ( 1 more to handle the big load ) (1 Master, 2 Slaves) mysql replication 10 Applikation Server ( get today two more from my hoster :-) ) on Application Serer running php and sql lite by the first load from mysql server the big query get synchronised with the lokal sql lite and write into the database entrys are about 6 hour valid, after then the server get the new list. performance looks nice: total load time: between 0.03-0.09 Seconds but i found another problem by the time i worked on the server application server can create images and thumbs of them in various sizes (gd lib etc.) then this server open a ftp connection ( ftp_connect() ) to a global data storage server the data server has just running ftp so i must created the thumbs on application server and move all files to the data server: question: *can php handle some compression with ftp* ? so that i can move some more data? chirs You could zip the files together, but on the whole images don't compress much. Setting the FTP process to run on a cron would be the best way to avoid doing a lot of transfers at one time. Bastien -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HELP SQL INJECTION
Hi, First of all change your FTP password and stop storing your password in your FTP client. This type of attacks are very common with the people who use insecure FTP client. My previous experience with your kind of problem tell me that chances of a FTP attack are really higher in the pattern of your case. Zareef Ahmed On Sat, Jul 11, 2009 at 3:50 AM, Daniel Brown danbr...@php.net wrote: On Fri, Jul 10, 2009 at 18:11, Chris Paynechris_pa...@danmangames.com wrote: Sorry I post at the top because i'm legally blind and it's easier but i'll try to post at the bottom :-) This is the main site on my server: http://www.oxyge.net I just took out the offending code at the end of the index page to get it back up and running. Check the /blog/ as well. Parse error. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Zareef Ahmed :: A PHP Developer in India ( Delhi ) Homepage :: http://www.zareef.net
[PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
How do I get basename(__FILE__) or htmlentities($somevar) to be evaluated in a heredoc? Govinda govinda.webdnat...@gmail.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
On Fri, Jul 10, 2009 at 8:25 PM, Govindagovinda.webdnat...@gmail.com wrote: How do I get basename(__FILE__) or htmlentities($somevar) to be evaluated in a heredoc? Govinda govinda.webdnat...@gmail.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php You actually can't, sorry. At least not as far as I know. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
On Fri, Jul 10, 2009 at 20:25, Govindagovinda.webdnat...@gmail.com wrote: How do I get basename(__FILE__) or htmlentities($somevar) to be evaluated in a heredoc? You don't. Instead, you have to store the output from those in a variable (or array), then place it into the HEREDOC it. ?php $somevar = htmlentities($somevar); $filedata = array('name' = basename(__FILE__), 'size' = filesize(__FILE__)); $html =HTML bFile Name:/b {$filedata['name']}br / bFile Size:/b {$filedata['size']}br / b\$somevar/b: {$somevar}br / HTML; echo $html; ? -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
On Sat, Jul 11, 2009 at 5:55 AM, Govinda govinda.webdnat...@gmail.comwrote: How do I get basename(__FILE__) or htmlentities($somevar) to be evaluated in a heredoc? heredoc was there to work with the strings... why you want to use functions into that? Govinda govinda.webdnat...@gmail.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Zareef Ahmed :: A PHP Developer in India ( Delhi ) Homepage :: http://www.zareef.net
Re: [PHP] PHP not running properly
A quick checklist/todo list : 1. set display_errors=yes in php.ini 2. Make sure you are using full ?php tag to write your script. For a good solutions you should also mentions about your OS/Web Server Zareef Ahmed On Sat, Jul 11, 2009 at 1:53 AM, Bastien Koert phps...@gmail.com wrote: On Fri, Jul 10, 2009 at 4:17 PM, Daniel Browndanbr...@php.net wrote: On Fri, Jul 10, 2009 at 15:44, Togrul Mamedbekovtogrul.mamedbe...@iadc.org wrote: Hello Sir or Madam, We just updated our PHP 5.2 software. And when I try to run the php info script! I get a blank screen! What do you see when you view the source of the page with phpinfo() ? -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Your error handling is logging the errors, not displaying them to the screen. Check the php ini file settings for that. -- Bastien Cat, the other other white meat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Zareef Ahmed :: A PHP Developer in India ( Delhi ) Homepage :: http://www.zareef.net
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
On Jul 10, 2009, at 6:34 PM, Zareef Ahmed wrote: heredoc was there to work with the strings... why you want to use functions into that? I'm lazy. Like to type less. ;-) But now I know. Thanks guys. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] MySql Injection advice
Hi everyone, I'm starting to experiment with an edit form and I am seeing the following behaviour: $fname = mysql_real_escape_string($fname); $lname = mysql_real_escape_string($lname); $sql = UPDATE phonedir SET fname = '$fname',lname = '$lname' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; This will result in the addition of the slashes. If I do the following, there are no slashes. Just wondering if I'm on the right path with the 1st code set.. $sql = UPDATE phonedir SET fname = '.mysql_real_escape_string($fname).',lname = '.mysql_real_escape_string($lname).' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; Cheers Haig
Re: [PHP] MySql Injection advice
Haig Dedeyan wrote: Hi everyone, I'm starting to experiment with an edit form and I am seeing the following behaviour: $fname = mysql_real_escape_string($fname); $lname = mysql_real_escape_string($lname); $sql = UPDATE phonedir SET fname = '$fname',lname = '$lname' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; This will result in the addition of the slashes. If I do the following, there are no slashes. Just wondering if I'm on the right path with the 1st code set.. $sql = UPDATE phonedir SET fname = '.mysql_real_escape_string($fname).',lname = '.mysql_real_escape_string($lname).' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; Cheers Haig I highly recommend you switch to prepared statements and not use mysql_real_escape_string Prepared statements is the right way, and you don't end up with slashes. http://dev.mysql.com/tech-resources/articles/4.1/prepared-statements.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql Injection advice
On July 10, 2009 11:26:04 pm Haig Dedeyan wrote: Haig Dedeyan wrote: Hi everyone, I'm starting to experiment with an edit form and I am seeing the following behaviour: $fname = mysql_real_escape_string($fname); $lname = mysql_real_escape_string($lname); $sql = UPDATE phonedir SET fname = '$fname',lname = '$lname' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; This will result in the addition of the slashes. If I do the following, there are no slashes. Just wondering if I'm on the right path with the 1st code set.. $sql = UPDATE phonedir SET fname = '.mysql_real_escape_string($fname).',lname = '.mysql_real_escape_string($lname).' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; Cheers Haig I highly recommend you switch to prepared statements and not use mysql_real_escape_string Prepared statements is the right way, and you don't end up with slashes. http://dev.mysql.com/tech-resources/articles/4.1/prepared-statements.html Thanks Michael. I didn't know about prepared statements, I'll check this out and see how it works out. Cheers Haig