php-general Digest 23 Apr 2007 12:10:11 -0000 Issue 4751
php-general Digest 23 Apr 2007 12:10:11 - Issue 4751
Topics (messages 253500 through 253513):
Why do i get this error message?
253500 by: H.T
253501 by: Buesching, Logan J
Re: Best practices to ensure compatibility with PHP 6
253502 by: Davi
253508 by: ufan100.gmail.com
Re: Preventing SQL Injection/ Cross Site Scripting
253503 by: Buesching, Logan J
Re: echo date('Y-m-d', $mydata-timestamp);
253504 by: Buesching, Logan J
Re: should I be looking to eliminate all notices?
253505 by: Buesching, Logan J
Re: PhpMyAdmin slow on windows but fast on linux
253506 by: chris smith
253507 by: Juergen Wind
253512 by: Don Don
Session Variable in Global Scope
253509 by: Sascha Braun
253510 by: Jochem Maas
unset() side effects in functions
253511 by: Robert Enyedi
Hi
253513 by: Nathan Wallis
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
--
---BeginMessage---
I get this error message when i try to check my site on localhost running
IIS and PHP 5.1.2 :
Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to
allocate 24576 bytes) in ...
and it points to the line which is pure html code!
What could be the cause of this problem?
---End Message---
---BeginMessage---
Could you also send the code? Maybe 5 lines before and 5 lines after the
line it is pointing to?
It also means it tried to allocate 2KB of memory, which put you over
your 8MB in whatever script you are running. You can set the maximum
amount of memory a PHP script can use in your PHP.ini file.
-Original Message-
From: H.T [mailto:[EMAIL PROTECTED]
Sent: Sunday, April 22, 2007 6:48 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Why do i get this error message?
I get this error message when i try to check my site on localhost
running
IIS and PHP 5.1.2 :
Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to
allocate 24576 bytes) in ...
and it points to the line which is pure html code!
What could be the cause of this problem?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
---End Message---
---BeginMessage---
Em Domingo 22 Abril 2007 18:54, [EMAIL PROTECTED] escreveu:
Hi
I'm would like to avoid PHP usages that are deprecated with
regard to PHP 6. I would also like to code according to
what is regarded as best practice. Are there any web
resources that I can read to keep up to date?
Have a look at PHP metting [1] and PHP-wiki [2]... =]
[1] - http://www.php.net/~derick/meeting-notes.html
[2] - http://oss.backendmedia.com/PhP60
--
Davi Vidal
[EMAIL PROTECTED]
[EMAIL PROTECTED]
--
Agora com fortune:
Many have marked the speed with which Muad'Dib learned the necessities of
Arrakis. The Bene Gesserit, of course, know the basis of this speed. For the
others, we can say that Muad'Dib learned rapidly because his first training
was
in how to learn. And the first lesson of all was the basic trust that he could
learn. It is shocking to find how many people do not believe they can learn,
and how many more believe learning to be difficult. Muad'Dib knew that every
experience carries its lesson.
-- from The Humanity of Muad'Dib by the Princess Irulan
pgpQjODJqXVNR.pgp
Description: PGP signature
---End Message---
---BeginMessage---
Davi wrote:
Em Domingo 22 Abril 2007 18:54, [EMAIL PROTECTED] escreveu:
...
Have a look at PHP metting [1] and PHP-wiki [2]... =]
[1] - http://www.php.net/~derick/meeting-notes.html
[2] - http://oss.backendmedia.com/PhP60
Thank you for the links - it will get me started.
---End Message---
---BeginMessage---
There are many good resources out there, and one of my favorites for this type
of information is from Chris Shiflett.
http://shiflett.org/articles/sql-injection
http://shiflett.org/articles/foiling-cross-site-attacks
http://shiflett.org/blog/2007/mar/allowing-html-and-preventing-xss
Those are a few articles on the subject, maybe some reader comments have more
good links.
Also, just as a best-practice, you usually don't want to reassign things into
the super globals. Also to note, your filtering may be a bit too aggressive,
and not all-inclusive at the same time. Too aggressive because if I want to
talk about java in a comment, it will filter out every time I say java. Too
lax because you are forgetting all of the HTML onclick, onhover etc... that
don't need to have a script tag in them to be executed. Any of the
preg_replace's with an = in them is redundant because you have already filtered
out all of the ='s, but also note that you can have multiple spaces between
href and =. You are banking that they will have 0 or 1.
If available, you can look into PHP 5.2
Re: [PHP] PhpMyAdmin slow on windows but fast on linux
Don Don wrote: Hi all how can i make my phpmyadmin run fast on windows ? I installed phpmyadmin on a linux and windows machines, but the windows version runs (executes) too slow, i.e. it takes to long for a page to be loaded, while it take less that 3 secs for the linux version. Both however run on the same system config. Linux tries using sockets by default if (mysql)host='localhost', that's almost twice as fast as host='127.0.0.1' (using a tcp connection). On a win box you need enable-named-pipe in your my.cnf and connect using host='.' for connecting not using tcp. skip-name-resolve can speed up things a bit as well. For finding the bottleneck you can try and connect the linux mysqld from your script on the win webserver and vice versa (using tcp of course). -- View this message in context: http://www.nabble.com/PhpMyAdmin-slow-on-windows-but-fast-on-linux-tf3627944.html#a10135939 Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Best practices to ensure compatibility with PHP 6
Davi wrote: Em Domingo 22 Abril 2007 18:54, [EMAIL PROTECTED] escreveu: ... Have a look at PHP metting [1] and PHP-wiki [2]... =] [1] - http://www.php.net/~derick/meeting-notes.html [2] - http://oss.backendmedia.com/PhP60 Thank you for the links - it will get me started. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session Variable in Global Scope
Hi Fellows, I'm getting this warning on my website: Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0 I don't really understand, how it comes to that error. In the php.ini is written, that this error occours when i register a session in a global scope. What does it mean exactly? Another thing is, that I'm often loosing the session, while surfing the website using ajax functionality in the background. I started to send the session id with the request all the time, but it seems, that some of the request are made, without showing an IP Adress in the sessions table, of my installation. I'm actually not using cookies, but the error does not occour in mozilla firefox on a windows plattform, its only occouring under linux using firefox. Internet Explorer isnt tested well enough yet, to come to an conclusion. Maybe someone is working with ajax, alot, so you might have experience with it too. Thank you very much for your help. Best Regards, Sascha -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Variable in Global Scope
post some code please ... Sascha Braun wrote: Hi Fellows, ... I'm actually not using cookies, using cookies is the highly recommended over passing the SID via the url, if your loosing the session data for some [ajax] request then that means php is not seeing or recieving the SID via the url ... in which case you will have to examine log files and headers to find out what's going on. either way I would recommend stepping over to using session cookies - personally I use php/ajax in conjunction with sessions quite a bit and have never had problems when sticking with session cookies. but the error does not occour in mozilla firefox on a windows plattform, its only occouring under linux using firefox. Internet Explorer isnt tested well enough yet, to come to an conclusion. Maybe someone is working with ajax, alot, so you might have experience with it too. Thank you very much for your help. Best Regards, Sascha -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] unset() side effects in functions
I'm doing some experimenting with the unset() (http://php.net/unset)
language construct in a PHP 5.2.1 installation. I did not find any
documentation on what happens to an identically named local variable's
value after an unset is performed.
Let me start with this example:
?php
function dostuff() {
$a = 4;
echo in function (init): .$a.\n;
global $a;
/*CHANGEME*/unset($a);
echo in function (after unset): .$a.\n;
$a = 3;
echo in function (after local assign): .$a.\n;
}
$a = 2;
dostuff();
echo in page: .$a.\n;
?
The output is:
in function (init): 4
in function (after unset):
in function (after local assign): 3
in page: 2
So this basically means that the global $a is dereferenced by the
unset() call and the local $a gets reinitialized.
A different thing happens when we replace the /*CHANGEME*/ line with
unset using the $GLOBALS[] array (the recommended way of unsetting a
global variable from inside a function):
unset($GLOBALS['a']);
This time the output is:
in function (init): 4
in function (after unset): 2
in function (after local assign): 3
in page:
Notice that after the unset statement the global $a is properly unset
BUT the value of the local $a becomes 2, which was the value of the
global $a at the function entry point.
Are these behaviors documented somewhere or should't I rely on these
unset() side effects at all in my code?
Thanks,
Robert
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PhpMyAdmin slow on windows but fast on linux
Hi Logan, yes reason being the linux box is live and the windows box is dev. Buesching, Logan J [EMAIL PROTECTED] wrote: You say they both have the same config, so do you mean that they both have the same version of PHP, same computer setup (Memory, CPU speed, HDD speed), both running the same version of Apache, and that both are running as either CGI or an apache module? -Logan -Original Message- From: Don Don [mailto:[EMAIL PROTECTED] Sent: Sunday, April 22, 2007 4:34 PM To: PHP List Subject: [PHP] PhpMyAdmin slow on windows but fast on linux Hi all how can i make my phpmyadmin run fast on windows ? I installed phpmyadmin on a linux and windows machines, but the windows version runs (executes) too slow, i.e. it takes to long for a page to be loaded, while it take less that 3 secs for the linux version. Both however run on the same system config. Cheers - Ahhh...imagining that irresistible new car smell? Check outnew cars at Yahoo! Autos. - Ahhh...imagining that irresistible new car smell? Check outnew cars at Yahoo! Autos.
[PHP] Hi
Hi guys and girls, I have question for you all. I have developed a flash application which is a test for students. For each test their is an accompanying excel spreadsheet that has information related to each question they have answered and whether they got it right or wrong. I am receiving whether the student got the question right or wrong in PHP from FLASH. That part is complete. The other part I have complete is PHP emailing the teacher with an attached excel spreadsheet renamed to the studentsname_results.xlsthe last part I want to complete is that of the students results being inputted into the correct column in the spreadsheet and then being attached to the email. I am guessing I would be best to not attach a physical file that resides on the server but build the data up inside PHP to resemble the file format I am trying to generate and attach that to my email. Two questions. Can someone tell me the best format to be sending (i.e. the format that has the best support for PHP) and also is this method dependent on the web server being windows or linux based. I am no expert but from what I can gather I take it that COM object support is really just for windows based web servers. Thanks and all the best, Nathan
Re: [PHP] Hi
2007. 04. 23, hétfő keltezéssel 22.09-kor Nathan Wallis ezt írta: Hi guys and girls, I have question for you all. I have developed a flash application which is a test for students. For each test their is an accompanying excel spreadsheet that has information related to each question they have answered and whether they got it right or wrong. I am receiving whether the student got the question right or wrong in PHP from FLASH. That part is complete. The other part I have complete is PHP emailing the teacher with an attached excel spreadsheet renamed to the studentsname_results.xlsthe last part I want to complete is that of the students results being inputted into the correct column in the spreadsheet and then being attached to the email. I am guessing I would be best to not attach a physical file that resides on the server but build the data up inside PHP to resemble the file format I am trying to generate and attach that to my email. Two questions. Can someone tell me the best format to be sending (i.e. the format that has the best support for PHP) and also is this method dependent on the web server being windows or linux based. I am no expert but from what I can gather I take it that COM object support is really just for windows based web servers. yes, COM is only for windows. I would use csv if you don't need fancy formatting and stuff like that, just the data itself. csv can be built very easily as it is a simple text file basically. greets Zoltán Németh Thanks and all the best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hi
You can cheat... If you have MySQL running on that server, write the results to a DB (so that lost emails/files/scores can be recovered) and then do a data pull from it at the end, making the file a csv file. Or, just make your file a csv file and email it out... There are a number of classes out there that will do this for you given DB connection/table information. But I prefer the DB record when talking grades and such, but to each their own. Wolf Nathan Wallis wrote: Hi guys and girls, I have question for you all. I have developed a flash application which is a test for students. For each test their is an accompanying excel spreadsheet that has information related to each question they have answered and whether they got it right or wrong. I am receiving whether the student got the question right or wrong in PHP from FLASH. That part is complete. The other part I have complete is PHP emailing the teacher with an attached excel spreadsheet renamed to the studentsname_results.xlsthe last part I want to complete is that of the students results being inputted into the correct column in the spreadsheet and then being attached to the email. I am guessing I would be best to not attach a physical file that resides on the server but build the data up inside PHP to resemble the file format I am trying to generate and attach that to my email. Two questions. Can someone tell me the best format to be sending (i.e. the format that has the best support for PHP) and also is this method dependent on the web server being windows or linux based. I am no expert but from what I can gather I take it that COM object support is really just for windows based web servers. Thanks and all the best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Find MAC Address in PHP
Em Domingo 22 Abril 2007 03:12, Richard Lynch escreveu: On Fri, April 20, 2007 3:00 pm, Nathaniel Hall wrote: ?php $MAC = system(arp 192.168.200.254); echo $MAC; ? does not give me any output. I have copied arp to a place that the apache user can execute from and ensured arp is executable. Use exec and the extra args to get error codes. ARP is a root-command... =] Can you run 'arp' and get what you want from command line? As web-user? No. Can you 'su' to PHP user and *then* run it and get what you want? Hum... Not at all... You need to enter the root password... How can you do that? sudo sounds a little better... But... How about security? If not, you can't do that. And with a shell-script outputting the MAC to a .txt temp file, reading it from the PHP script? BTW, have a look at suPHP [1]... =] [1] - http://www.howtoforge.com/suphp_debian_etch_ispconfig -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: Most people will listen to your unreasonable demands, if you'll consider their unacceptable offer. pgp7magXR3qDc.pgp Description: PGP signature
Re: [PHP] unset() side effects in functions
On Mon, 2007-04-23 at 14:04 +0300, Robert Enyedi wrote:
I'm doing some experimenting with the unset() (http://php.net/unset)
language construct in a PHP 5.2.1 installation. I did not find any
documentation on what happens to an identically named local variable's
value after an unset is performed.
Let me start with this example:
?php
function dostuff() {
$a = 4;
echo in function (init): .$a.\n;
global $a;
/*CHANGEME*/ unset($a);
echo in function (after unset): .$a.\n;
$a = 3;
echo in function (after local assign): .$a.\n;
}
$a = 2;
dostuff();
echo in page: .$a.\n;
?
The output is:
in function (init): 4
in function (after unset):
in function (after local assign): 3
in page: 2
So this basically means that the global $a is dereferenced by the
unset() call and the local $a gets reinitialized.
A different thing happens when we replace the /*CHANGEME*/ line with
unset using the $GLOBALS[] array (the recommended way of unsetting a
global variable from inside a function):
unset($GLOBALS['a']);
This time the output is:
in function (init): 4
in function (after unset): 2
in function (after local assign): 3
in page:
Notice that after the unset statement the global $a is properly unset
BUT the value of the local $a becomes 2, which was the value of the
global $a at the function entry point.
Are these behaviors documented somewhere or should't I rely on these
unset() side effects at all in my code?
You are very confused as to what is happening. Unset() is working
properly.
?php
function dostuff()
{
$a = 4;
echo in function (init): .$a.\n;
global $a;
/*CHANGEME*/unset($a);
echo in function (after unset): .$a.\n;
$a = 3;
echo in function (after local assign): .$a.\n;
}
?
Let's break it down...
// create locale variable $a with value 4
$a = 4;
// create reference to global variable $a. This will destroy local
// variable $a and replace it with a reference to $GLOBALS['a']
global $a
// unset local variable $a (reference to $GLOBALS['a']. Now there is
// no variable $a in current scope (attempts to reference non-existent
// variables will return null.
unset( $a )
// create locale variable $a with value 3
$a = 3;
Now for the other case...
// create locale variable $a with value 4
$a = 4;
// create reference to global variable $a. This will destroy local
// variable $a and replace it with a reference to $GLOBALS['a']
global $a
// unset $GLOBALS['a']. Now there is no global variable $a; HOWEVER,
// a reference exists to the original variable container, and so this
// has no effect on our reference to $GLOBALS['a'].
unset( $GLOBALS['a'] )
// create locale variable $a with value 3
$a = 3;
---
When thinking of references, don't think of the reference being made
directly to the variable itself, think of the reference being made to
the same data container as the variable referenced.
Imagine **X** is an imaginary name of the data container created when a
variable is created.
Let:
$GLOBALS['a'] = 4;
Which is like:
$GLOBALS['a'] -- **X** -- 4
Now assign a reference:
$b = $GLOBALS['a'];
Which is like:
$b -- **X** -- 4
Now unset $GLOBALS['a']:
unset( $GLOBALS['a'] );
Which is like:
$GLOBALS['a'] -- UNDEFINED!!
And we still have:
$b -- **X** -- 4
Hope the helps.
Cheers,
Rob.
--
..
| InterJinn Application Framework - http://www.interjinn.com |
::
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`'
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] unset() side effects in functions
Hey Rob,
even though I have never worked with that feature (nor have I even read
about it), your explanation made the usage of unset() very clear, even to
me... the german coder *g*
That's gonna go into my printed code folder :o) Thanks for the explanation!
Chris
- Original Message -
From: Robert Cummings [EMAIL PROTECTED]
To: Robert Enyedi [EMAIL PROTECTED]
Cc: php-general@lists.php.net
Sent: Monday, April 23, 2007 3:05 PM
Subject: Re: [PHP] unset() side effects in functions
On Mon, 2007-04-23 at 14:04 +0300, Robert Enyedi wrote:
I'm doing some experimenting with the unset() (http://php.net/unset)
language construct in a PHP 5.2.1 installation. I did not find any
documentation on what happens to an identically named local variable's
value after an unset is performed.
Let me start with this example:
?php
function dostuff() {
$a = 4;
echo in function (init): .$a.\n;
global $a;
/*CHANGEME*/ unset($a);
echo in function (after unset): .$a.\n;
$a = 3;
echo in function (after local assign): .$a.\n;
}
$a = 2;
dostuff();
echo in page: .$a.\n;
?
The output is:
in function (init): 4
in function (after unset):
in function (after local assign): 3
in page: 2
So this basically means that the global $a is dereferenced by the
unset() call and the local $a gets reinitialized.
A different thing happens when we replace the /*CHANGEME*/ line with
unset using the $GLOBALS[] array (the recommended way of unsetting a
global variable from inside a function):
unset($GLOBALS['a']);
This time the output is:
in function (init): 4
in function (after unset): 2
in function (after local assign): 3
in page:
Notice that after the unset statement the global $a is properly unset
BUT the value of the local $a becomes 2, which was the value of the
global $a at the function entry point.
Are these behaviors documented somewhere or should't I rely on these
unset() side effects at all in my code?
You are very confused as to what is happening. Unset() is working
properly.
?php
function dostuff()
{
$a = 4;
echo in function (init): .$a.\n;
global $a;
/*CHANGEME*/unset($a);
echo in function (after unset): .$a.\n;
$a = 3;
echo in function (after local assign): .$a.\n;
}
?
Let's break it down...
// create locale variable $a with value 4
$a = 4;
// create reference to global variable $a. This will destroy local
// variable $a and replace it with a reference to $GLOBALS['a']
global $a
// unset local variable $a (reference to $GLOBALS['a']. Now there is
// no variable $a in current scope (attempts to reference non-existent
// variables will return null.
unset( $a )
// create locale variable $a with value 3
$a = 3;
Now for the other case...
// create locale variable $a with value 4
$a = 4;
// create reference to global variable $a. This will destroy local
// variable $a and replace it with a reference to $GLOBALS['a']
global $a
// unset $GLOBALS['a']. Now there is no global variable $a; HOWEVER,
// a reference exists to the original variable container, and so this
// has no effect on our reference to $GLOBALS['a'].
unset( $GLOBALS['a'] )
// create locale variable $a with value 3
$a = 3;
---
When thinking of references, don't think of the reference being made
directly to the variable itself, think of the reference being made to
the same data container as the variable referenced.
Imagine **X** is an imaginary name of the data container created when a
variable is created.
Let:
$GLOBALS['a'] = 4;
Which is like:
$GLOBALS['a'] -- **X** -- 4
Now assign a reference:
$b = $GLOBALS['a'];
Which is like:
$b -- **X** -- 4
Now unset $GLOBALS['a']:
unset( $GLOBALS['a'] );
Which is like:
$GLOBALS['a'] -- UNDEFINED!!
And we still have:
$b -- **X** -- 4
Hope the helps.
Cheers,
Rob.
--
..
| InterJinn Application Framework - http://www.interjinn.com |
::
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`'
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hi
On Monday 23 April 2007 15:09, Nathan Wallis wrote: Hi guys and girls, I have question for you all. I have developed a flash application which is a test for students. For each test their is an accompanying excel spreadsheet that has information related to each question they have answered and whether they got it right or wrong. I am receiving whether the student got the question right or wrong in PHP from FLASH. That part is complete. The other part I have complete is PHP emailing the teacher with an attached excel spreadsheet renamed to the studentsname_results.xlsthe last part I want to complete is that of the students results being inputted into the correct column in the spreadsheet and then being attached to the email. I am guessing I would be best to not attach a physical file that resides on the server but build the data up inside PHP to resemble the file format I am trying to generate and attach that to my email. Two questions. Can someone tell me the best format to be sending (i.e. the format that has the best support for PHP) and also is this method dependent on the web server being windows or linux based. I am no expert but from what I can gather I take it that COM object support is really just for windows based web servers. Thanks and all the best, Nathan Hi, Very long time ago, I had same situation. My Solution was. Generate an excel in excell file with nececary Excel format. Save as html. Keep XML document structure, generate a php file someting like ?php $strReturn = your excell file content in html format; ? find locations of data, add some .$value1., .$value2. etc in that locations with proper escape... create php script which calculate everting and generate $value1, $value2 etc variables then include that excel-php file... then send $strReturn or echo. Regards Sancar -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php seems to be inconsistent in its handling of backslashes ... maybe?
On Apr 22, 2007, at 1:29 AM, Richard Lynch wrote: On Sun, April 22, 2007 12:54 am, [EMAIL PROTECTED] wrote: -- or maybe it's just the PCRE extension -- or quite likely I have got something wrong Hello members, I'm hoping you could enlighten me. Using error_reporting = E_ALL | E_STRICT, I tested the following statements: PHP interprets \\ inside of '' to turn \\ into \ It also tries to be halfway smart about mistakes with \ followed by some other non-special character, by just pretending you knew what you were doing and had \\ there to get just one \, even though you didn't. Not that I can deny Richard's infinite knowledge of PHP (and it *eating* code), but is it PHP's responsibility to determine what the user has typed is (in)correct AND try to *fix* it? Shouldn't PHP just assume the programmer is not a complete idiot? If there's an error/ warning/etc, throw it but don't correct it. My $.02. Feel free to set me straight - I'm always up for learning. ~Phil -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Standard Address Book?
Is there any kind of standard for a PHP/SQL/XML addressbook? -- Timothy Murphy e-mail (80k only): tim /at/ birdsnest.maths.tcd.ie tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Preventing SQL Injection/ Cross Site Scripting
I'm trying to understand from the examples why anyone
that has get_magic_quotes_gpc() returning true would
need to use stripslashes() and then mysql_real_escape_string().
wouldn't that just add slashes to the same places?
berber
-Original Message-
From: Buesching, Logan J [mailto:[EMAIL PROTECTED]
Sent: Monday, April 23, 2007 2:35 AM
To: Dotan Cohen; php php
Subject: RE: [PHP] Preventing SQL Injection/ Cross Site Scripting
There are many good resources out there, and one of my favorites for this
type of information is from Chris Shiflett.
http://shiflett.org/articles/sql-injection
http://shiflett.org/articles/foiling-cross-site-attacks
http://shiflett.org/blog/2007/mar/allowing-html-and-preventing-xss
Those are a few articles on the subject, maybe some reader comments have
more good links.
Also, just as a best-practice, you usually don't want to reassign things
into the super globals. Also to note, your filtering may be a bit too
aggressive, and not all-inclusive at the same time. Too aggressive because
if I want to talk about java in a comment, it will filter out every time I
say java. Too lax because you are forgetting all of the HTML onclick,
onhover etc... that don't need to have a script tag in them to be
executed. Any of the preg_replace's with an = in them is redundant because
you have already filtered out all of the ='s, but also note that you can
have multiple spaces between href and =. You are banking that they will
have 0 or 1.
If available, you can look into PHP 5.2 which added some filter functions
(albeit I myself haven't checked them out). You can also look into OWASP's
PHP project, http://www.owasp.org/index.php/Category:OWASP_PHP_Project.
That is a pretty good resource in secure coding best-practices.
-Logan
-Original Message-
From: Dotan Cohen [mailto:[EMAIL PROTECTED]
Sent: Friday, April 20, 2007 9:08 PM
To: php php
Subject: [PHP] Preventing SQL Injection/ Cross Site Scripting
I've got a comments form that I'd like to harden against SQL Injection / XSS
attacks. The data is stored in UTF-8 in a mysql database. I currently parse
the data as such:
$_POST[commentform]=str_replace (', '', $_POST[commentform]);
//q-qq
$_POST[commentform]=str_replace (--, , $_POST[commentform]);
//-- - x
$_POST[commentform]=str_replace (;, , $_POST[commentform]);
//; - x
$_POST[commentform]=str_replace (=, '', $_POST[commentform]);
//= - x
$_POST[commentform]=preg_replace (/java/i, '', $_POST[commentform]);
$_POST[commentform]=preg_replace (/script/i, '',
$_POST[commentform]); $_POST[commentform]=preg_replace (/src=/i, '',
$_POST[commentform]); $_POST[commentform]=preg_replace (/src =/i,
'', $_POST[commentform]); $_POST[commentform]=preg_replace
(/iframe/i, '', $_POST[commentform]);
$_POST[commentform]=preg_replace (/rel=/i, '', $_POST[commentform]);
$_POST[commentform]=preg_replace (/rel =/i, '',
$_POST[commentform]); $_POST[commentform]=preg_replace (/href=/i,
'', $_POST[commentform]); $_POST[commentform]=preg_replace (/href
=/i, '', $_POST[commentform]); $_POST[commentform]=preg_replace
(//i, '', $_POST[commentform]);
$_POST[commentform]=htmlspecialchars( mysql_real_escape_string
($_POST[commentform]) );
The first statement doubles up quotes, it's a bit difficult to see in the
code.
After seeing this:
http://ha.ckers.org/xss.html
and another similar one for SQL injection, I'm worried that my filters are
not enough. What do the pro php programers out there use?
Thanks in advance.
Dotan Cohen
http://lyricslist.com/
http://what-is-what.com/
--
PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php seems to be inconsistent in its handling of backslashes ... maybe?
On Mon, 2007-04-23 at 08:36 -0500, Philip Thompson wrote: On Apr 22, 2007, at 1:29 AM, Richard Lynch wrote: On Sun, April 22, 2007 12:54 am, [EMAIL PROTECTED] wrote: -- or maybe it's just the PCRE extension -- or quite likely I have got something wrong Hello members, I'm hoping you could enlighten me. Using error_reporting = E_ALL | E_STRICT, I tested the following statements: PHP interprets \\ inside of '' to turn \\ into \ It also tries to be halfway smart about mistakes with \ followed by some other non-special character, by just pretending you knew what you were doing and had \\ there to get just one \, even though you didn't. Not that I can deny Richard's infinite knowledge of PHP (and it *eating* code), but is it PHP's responsibility to determine what the user has typed is (in)correct AND try to *fix* it? Shouldn't PHP just assume the programmer is not a complete idiot? If there's an error/ warning/etc, throw it but don't correct it. My $.02. Feel free to set me straight - I'm always up for learning. It doesn't try to fix the code, it is just a somewhat odd case of escaping. Singled quoted strings accept backslashes in two ways, either escaped with a backslash or without an escaping backslash. Both of the following are valid and produce the same string: echo 'Foo \ fee!'.\n; echo 'Foo \\ fee!'.\n; A problem in user expectation often arises when you have a backslash preceding a single quote. For instance: echo 'Foo \' fee!'.\n; But this doesn't give you the backslash since the backslash is used to escape the quote... and so the next step is usually to try: echo 'Foo \\' fee!'.\n; But now the backslash is escaped and not the quote so we need: echo 'Foo \\\' fee!'.\n; Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] unset() side effects in functions
Rob,
Thanks for the detailed explanation about the reference assignments that
are happening in the background. Now things start to make sense :-)
Regards,
Robert
Robert Cummings wrote:
On Mon, 2007-04-23 at 14:04 +0300, Robert Enyedi wrote:
I'm doing some experimenting with the unset() (http://php.net/unset)
language construct in a PHP 5.2.1 installation. I did not find any
documentation on what happens to an identically named local variable's
value after an unset is performed.
Let me start with this example:
?php
function dostuff() {
$a = 4;
echo in function (init): .$a.\n;
global $a;
/*CHANGEME*/unset($a);
echo in function (after unset): .$a.\n;
$a = 3;
echo in function (after local assign): .$a.\n;
}
$a = 2;
dostuff();
echo in page: .$a.\n;
?
The output is:
in function (init): 4
in function (after unset):
in function (after local assign): 3
in page: 2
So this basically means that the global $a is dereferenced by the
unset() call and the local $a gets reinitialized.
A different thing happens when we replace the /*CHANGEME*/ line with
unset using the $GLOBALS[] array (the recommended way of unsetting a
global variable from inside a function):
unset($GLOBALS['a']);
This time the output is:
in function (init): 4
in function (after unset): 2
in function (after local assign): 3
in page:
Notice that after the unset statement the global $a is properly unset
BUT the value of the local $a becomes 2, which was the value of the
global $a at the function entry point.
Are these behaviors documented somewhere or should't I rely on these
unset() side effects at all in my code?
You are very confused as to what is happening. Unset() is working
properly.
?php
function dostuff()
{
$a = 4;
echo in function (init): .$a.\n;
global $a;
/*CHANGEME*/unset($a);
echo in function (after unset): .$a.\n;
$a = 3;
echo in function (after local assign): .$a.\n;
}
?
Let's break it down...
// create locale variable $a with value 4
$a = 4;
// create reference to global variable $a. This will destroy local
// variable $a and replace it with a reference to $GLOBALS['a']
global $a
// unset local variable $a (reference to $GLOBALS['a']. Now there is
// no variable $a in current scope (attempts to reference non-existent
// variables will return null.
unset( $a )
// create locale variable $a with value 3
$a = 3;
Now for the other case...
// create locale variable $a with value 4
$a = 4;
// create reference to global variable $a. This will destroy local
// variable $a and replace it with a reference to $GLOBALS['a']
global $a
// unset $GLOBALS['a']. Now there is no global variable $a; HOWEVER,
// a reference exists to the original variable container, and so this
// has no effect on our reference to $GLOBALS['a'].
unset( $GLOBALS['a'] )
// create locale variable $a with value 3
$a = 3;
---
When thinking of references, don't think of the reference being made
directly to the variable itself, think of the reference being made to
the same data container as the variable referenced.
Imagine **X** is an imaginary name of the data container created when a
variable is created.
Let:
$GLOBALS['a'] = 4;
Which is like:
$GLOBALS['a'] -- **X** -- 4
Now assign a reference:
$b = $GLOBALS['a'];
Which is like:
$b -- **X** -- 4
Now unset $GLOBALS['a']:
unset( $GLOBALS['a'] );
Which is like:
$GLOBALS['a'] -- UNDEFINED!!
And we still have:
$b -- **X** -- 4
Hope the helps.
Cheers,
Rob.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Why do i get this error message?
On Apr 22, 2007, at 5:47 PM, H.T wrote: I get this error message when i try to check my site on localhost running IIS and PHP 5.1.2 : Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to allocate 24576 bytes) in ... and it points to the line which is pure html code! What could be the cause of this problem? Because you've run out of allowed memory. Just what it says. What is your site trying to do? Who wrote the scripts? Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preventing SQL Injection/ Cross Site Scripting
On 4/23/07, WeberSites LTD [EMAIL PROTECTED] wrote: I'm trying to understand from the examples why anyone that has get_magic_quotes_gpc() returning true would need to use stripslashes() and then mysql_real_escape_string(). wouldn't that just add slashes to the same places? berber Yes, sort of... mysql_real_escape_string() considers character sets before escaping. There is a difference. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Compilation?
I just upgraded to PHP 5 from PHP 4. I am using the crack lib function for password dictionary uniqueness. However, now my web page utilizing the crack-lib is crashing with PHP Fatal error: Call to undefined function crack_opendict(). Does anyone know of a specific Crack-lib module I can compile instead of compiling the entire PHP code? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Compilation?
On 4/23/07, Davide Bernard [EMAIL PROTECTED] wrote: I just upgraded to PHP 5 from PHP 4. I am using the crack lib function for password dictionary uniqueness. However, now my web page utilizing the crack-lib is crashing with PHP Fatal error: Call to undefined function crack_opendict(). Does anyone know of a specific Crack-lib module I can compile instead of compiling the entire PHP code? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php http://us.php.net/crack Note: This extension has been moved to the » PECL repository and is no longer bundled with PHP as of PHP 5.0.0. sudo pecl install crack should do the trick.
Re: [PHP] Standard Address Book?
Timothy Murphy wrote: Is there any kind of standard for a PHP/SQL/XML addressbook? Are you asking if there is any type of standard for building an address book in general? That you are using PHP/SQL/XML is your preference. With a few clicks from Google, I found these: http://groupware.openoffice.org/ab_schema/index.html http://developer.apple.com/documentation/AppleApplications/Reference/SyncServicesSchemaRef/Articles/Contacts.html Hope this helps -- Enjoy, Jim Lucas Different eyes see different things. Different hearts beat on different strings. But there are times for you and me when all such things agree. - Rush -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Compilation?
On 4/23/07, Davide Bernard [EMAIL PROTECTED] wrote: Tried this at the root level and got the response below... sudo: pecl: command not found I am on a Suse linux box and I install the PEAR package with YAST. Eric Butera [EMAIL PROTECTED] 4/23/2007 10:17 AM On 4/23/07, Davide Bernard [EMAIL PROTECTED] wrote: I just upgraded to PHP 5 from PHP 4. I am using the crack lib function for password dictionary uniqueness. However, now my web page utilizing the crack-lib is crashing with PHP Fatal error: Call to undefined function crack_opendict(). Does anyone know of a specific Crack-lib module I can compile instead of compiling the entire PHP code? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php http://us.php.net/crack Note: This extension has been moved to the » PECL repository and is no longer bundled with PHP as of PHP 5.0.0. sudo pecl install crack should do the trick. You'll have to ask the people at Suse for help then.
[PHP] Debug recursion
Hi all i have found a bug in my db class when i use the recursion.
I try to use the adjacency list model to develop a three menu but
when i call the function in recursive way i loose data because
the value returned from the fetch seem to be empty.
I have db table like this:
table catalog
ID | Name_Category | Subcategory
1 node category 0
2 1_sub_category 1
3 2_sub_category 1
4 another_node 0
5 another_node 0
I have this db class code:
http://phpfi.com/229087
And i create an instance of such class with this code.
http://phpfi.com/229088
My problem is that i take only the fist main category, the subcategory of
this node and later the function esc and doesn't print the other main
category.
I have try to use the native php mysql function and the code work
then the problem i suppose is in my class.
Procedural way with native functions
unction buildThree($parent)
{
$sql = SELECT id, name_category FROM category WHERE subcategory =
{$parent};
$rs = mysql_query($sql) or die(mysql_error());
if ($rs) {
while (list($id, $nome) = mysql_fetch_array($rs)) {
$sql2 = SELECT id FROM category WHERE subcategory =
{$id};
$rs2 = mysql_query($sql2) or die(mysql_errno());
$total = mysql_num_rows($rs2);
if ($total) {
echo'li # '.$nome.' '.\n\r.'ul'.\n\r;
buildThree($id);
echo/ul.\n\r./li.\n\r;
} else {
echo'li ?m=productamp;cat='.$id.' '.$nome.'
/li'.\n\r;
}
}
}
}
echo 'ul';
buildThree(0);
echo '/ul';
echo 'ul';
buildThree(0);
echo '/ul';
--
View this message in context:
http://www.nabble.com/Debug-recursion-tf3632803.html#a10143940
Sent from the PHP - General mailing list archive at Nabble.com.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Debug recursion
On 4/23/07, kioto [EMAIL PROTECTED] wrote:
Hi all i have found a bug in my db class when i use the recursion.
I try to use the adjacency list model to develop a three menu but
when i call the function in recursive way i loose data because
the value returned from the fetch seem to be empty.
I have db table like this:
table catalog
ID | Name_Category | Subcategory
1 node category 0
2 1_sub_category 1
3 2_sub_category 1
4 another_node 0
5 another_node 0
I have this db class code:
http://phpfi.com/229087
And i create an instance of such class with this code.
http://phpfi.com/229088
My problem is that i take only the fist main category, the subcategory of
this node and later the function esc and doesn't print the other main
category.
I have try to use the native php mysql function and the code work
then the problem i suppose is in my class.
Procedural way with native functions
unction buildThree($parent)
{
$sql = SELECT id, name_category FROM category WHERE subcategory =
{$parent};
$rs = mysql_query($sql) or die(mysql_error());
if ($rs) {
while (list($id, $nome) = mysql_fetch_array($rs)) {
$sql2 = SELECT id FROM category WHERE subcategory =
{$id};
$rs2 = mysql_query($sql2) or die(mysql_errno());
$total = mysql_num_rows($rs2);
if ($total) {
echo'li # '.$nome.' '.\n\r.'ul'.\n\r;
buildThree($id);
echo/ul.\n\r./li.\n\r;
} else {
echo'li ?m=productamp;cat='.$id.' '.$nome.'
/li'.\n\r;
}
}
}
}
echo 'ul';
buildThree(0);
echo '/ul';
echo 'ul';
buildThree(0);
echo '/ul';
--
View this message in context:
http://www.nabble.com/Debug-recursion-tf3632803.html#a10143940
Sent from the PHP - General mailing list archive at Nabble.com.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
By using this class it is overwriting the result resource within your
recursion since you are using it as a global.
A better way (faster at any rate) to accomplish what you're trying
to do is to keep your data in a parent-child relationship for your
updates, deletes, and inserts. Use the modified tree traversal for
your selects. Just make sure to regenerate the left/right positions
on any data changes.
I've found this gets the ease of use for simple inserting and removing
records while the speed of a single query for your reads. This is how
most of the traffic on the site will probably work anyways. Take a
look at http://www.sitepoint.com/article/hierarchical-data-database/2
as it gives most of the code you'd need to get the project working.
Just remember by using recursive functions like the one you are trying
you will end up with tons of queries for no reason which will bring
the site to a crawl if you get too much data in there or a lot of
concurrent requests.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] make a gif
I want to print [EMAIL PROTECTED] into a gif or png. How do I do this? Thanks. It seems too simple to ask. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] make a gif
[snip] I want to print [EMAIL PROTECTED] into a gif or png. How do I do this? Thanks. It seems too simple to ask. [/snip] It is. http://www.php.net/gd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Preventing SQL Injection/ Cross Site Scripting
No. That is a common mistake amongst the uninformed. Addslashes
doesn't take into effect character encodings, while
mysql_real_escape_string does. Please take a look at this article:
http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-st
ring
-Logan
-Original Message-
From: Weber Sites [mailto:[EMAIL PROTECTED] On Behalf Of WeberSites
LTD
Sent: Monday, April 23, 2007 10:49 AM
To: Buesching, Logan J; 'Dotan Cohen'; 'php php'
Subject: RE: [PHP] Preventing SQL Injection/ Cross Site Scripting
I'm trying to understand from the examples why anyone
that has get_magic_quotes_gpc() returning true would
need to use stripslashes() and then mysql_real_escape_string().
wouldn't that just add slashes to the same places?
berber
-Original Message-
From: Buesching, Logan J [mailto:[EMAIL PROTECTED]
Sent: Monday, April 23, 2007 2:35 AM
To: Dotan Cohen; php php
Subject: RE: [PHP] Preventing SQL Injection/ Cross Site Scripting
There are many good resources out there, and one of my favorites for
this
type of information is from Chris Shiflett.
http://shiflett.org/articles/sql-injection
http://shiflett.org/articles/foiling-cross-site-attacks
http://shiflett.org/blog/2007/mar/allowing-html-and-preventing-xss
Those are a few articles on the subject, maybe some reader comments have
more good links.
Also, just as a best-practice, you usually don't want to reassign things
into the super globals. Also to note, your filtering may be a bit too
aggressive, and not all-inclusive at the same time. Too aggressive
because
if I want to talk about java in a comment, it will filter out every time
I
say java. Too lax because you are forgetting all of the HTML onclick,
onhover etc... that don't need to have a script tag in them to be
executed. Any of the preg_replace's with an = in them is redundant
because
you have already filtered out all of the ='s, but also note that you can
have multiple spaces between href and =. You are banking that they will
have 0 or 1.
If available, you can look into PHP 5.2 which added some filter
functions
(albeit I myself haven't checked them out). You can also look into
OWASP's
PHP project, http://www.owasp.org/index.php/Category:OWASP_PHP_Project.
That is a pretty good resource in secure coding best-practices.
-Logan
-Original Message-
From: Dotan Cohen [mailto:[EMAIL PROTECTED]
Sent: Friday, April 20, 2007 9:08 PM
To: php php
Subject: [PHP] Preventing SQL Injection/ Cross Site Scripting
I've got a comments form that I'd like to harden against SQL Injection /
XSS
attacks. The data is stored in UTF-8 in a mysql database. I currently
parse
the data as such:
$_POST[commentform]=str_replace (', '', $_POST[commentform]);
//q-qq
$_POST[commentform]=str_replace (--, , $_POST[commentform]);
//-- - x
$_POST[commentform]=str_replace (;, , $_POST[commentform]);
//; - x
$_POST[commentform]=str_replace (=, '', $_POST[commentform]);
//= - x
$_POST[commentform]=preg_replace (/java/i, '',
$_POST[commentform]);
$_POST[commentform]=preg_replace (/script/i, '',
$_POST[commentform]); $_POST[commentform]=preg_replace (/src=/i,
'',
$_POST[commentform]); $_POST[commentform]=preg_replace (/src =/i,
'', $_POST[commentform]); $_POST[commentform]=preg_replace
(/iframe/i, '', $_POST[commentform]);
$_POST[commentform]=preg_replace (/rel=/i, '',
$_POST[commentform]);
$_POST[commentform]=preg_replace (/rel =/i, '',
$_POST[commentform]); $_POST[commentform]=preg_replace (/href=/i,
'', $_POST[commentform]); $_POST[commentform]=preg_replace (/href
=/i, '', $_POST[commentform]); $_POST[commentform]=preg_replace
(//i, '', $_POST[commentform]);
$_POST[commentform]=htmlspecialchars( mysql_real_escape_string
($_POST[commentform]) );
The first statement doubles up quotes, it's a bit difficult to see in
the
code.
After seeing this:
http://ha.ckers.org/xss.html
and another similar one for SQL injection, I'm worried that my filters
are
not enough. What do the pro php programers out there use?
Thanks in advance.
Dotan Cohen
http://lyricslist.com/
http://what-is-what.com/
--
PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] using ImageTTFText in a page
This script work on it's own but fails when emeded in another php file. All I want to do is create a function and call it passing a text parameter. Also is it possbile to output the image to a file insert the url into a img tag? ?php header(Content-type: image/png); $im = imagecreate (800, 30); $black = ImageColorAllocate ($im, 255, 255, 255); $blue = ImageColorAllocate ($im, 75, 104, 177); ImageTTFText ($im, 20, 0, 10, 20, $blue, Font - TrueType - Square 721 BT.ttf, BLUEFLY); ImageGif ($im); ImageDestroy ($im); ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] using ImageTTFText in a page
Is it still in the same directory as the font you're calling? Try removing all spaces from the filename, then modifying it in your PHP code, calling the full path (or relative path). If none of this seems to be the case, make sure your PHP script isn't trying to output anything before this code. If you're using it as a Turing test (CAPTCHA-like stuff) then don't include() or require() it, but rather do IMG SRC=file.php. On 4/23/07, Ross [EMAIL PROTECTED] wrote: This script work on it's own but fails when emeded in another php file. All I want to do is create a function and call it passing a text parameter. Also is it possbile to output the image to a file insert the url into a img tag? ?php header(Content-type: image/png); $im = imagecreate (800, 30); $black = ImageColorAllocate ($im, 255, 255, 255); $blue = ImageColorAllocate ($im, 75, 104, 177); ImageTTFText ($im, 20, 0, 10, 20, $blue, Font - TrueType - Square 721 BT.ttf, BLUEFLY); ImageGif ($im); ImageDestroy ($im); ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Daniel P. Brown [office] (570-) 587-7080 Ext. 272 [mobile] (570-) 766-8107
RE: [PHP] PHP excel capability
I had some issue when I tried CSV in the past. I don't know if there was some issue with use of commas in the data and not getting Excel to properly use some data, with commas, some more data so that it'd omit the quotes as well or what. In the end, for the quick and dirty throwaway project I was working on, HTML tables worked the best. Or at least quicker than figuring out what our problem with CSV was. Not the best solution, but was the best for what we needed and it's definitely worth noting that CSV (making sure your data doesn't have commas or you properly compensate for that) and HTML are both good quick and dirty download-to-Excel options. And as Richard mentioned, COM requires Windows, but if you want to do anything with it, you need to have something for PHP to talk to via COM. In this instance, we're talking about PHP + Excel. There's little things you have to be careful with when using COM too, especially on your server. Making sure you close the app that you're interacting with properly is one of the biggest. You might issue a 'close' command and find out it only closes the document, not the app as you might think. Suddely you have 50 instances of Excel running (non-visible) on your server and you're up a creek. COM is great to have as an option, but really isn't usually the best solution unless you have no other choice. -TG = = = Original message = = = On Wed, April 18, 2007 11:25 am, [EMAIL PROTECTED] wrote: Also, if you output an HTML table and set the content type in your header to an Excel content type, it should ask the client PC to open the page in Excel (assuming they have it installed). This works for a real quick and dirty export-to-excel type thing. Then PHP isn't really creating an Excel file, but presenting the data in a format that Excel on the client PC can read. If you output CSV format and send Excel content-type, that also works, and may be a more natural coding than HTML tables. Or not, depending on what you are doing. :-) -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? ___ Sent by ePrompter, the premier email notification software. Free download at http://www.ePrompter.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
You are correct, I'm not very familiar with Perl. If I do go the route of using something else to accept the form data and then executing the PHP script, I'd be leaning more toward somehow executing the PHP script directly rather then sending back a redirect to the user-agent to re-send the request to the PHP script. Reason being that if a file is uploaded, it ends up getting sent twice. For a large file, that's a lot of extra HTTP traffic. Anyhow, after much talk and some pretty innovative suggestions, I think I'm going to... 1. Put in a feature request to have the entire POST body, unaltered, dumped to a temp file. And in the mean time... 2. Reconstruct an identical POST body from the $_POST[] array, with some trial-and-error form field renaming (in the case of server-side image maps) and placement of uploaded files. (Slow, I know, and not guaranteed to work everywhere, but it keeps the script as portable as possible.) 3. Instruct page designers to refrain from using special characters in form field names when using this script. And also suggest to page designers to try to keep the number of server-side image maps and file uploads at a minimum, for speed and performance reasons.) 4. Provide the capability for the PHP script to execute a user-defined include file and read a user-defined file for the POST body. This would allow future improved operation in case the feature request ever materializes, or a sysadmin uses an external process (Perl or whatever else) to dump the POST body to a file. Myron Turner wrote: Richard Lynch wrote: On Sat, April 21, 2007 10:56 pm, Myron Turner wrote: At that point, why not just have Perl call PHP? Surely Perl can do something not unlike 'exec' or whatever to run any shell script you want... I sure wouldn't do another round trip to the browser and add JS into the middle of this solution, if it's viable... Wouldn't work for me, as I can't do Perl. Perl could, could of course do the whole job. But since the Original Poster was (I assumed) not particularly familiar with Perl, I was essentially providing a Perl script to do the base essentials. So my hack would put him right back into PHP. If he execs from Perl to a PHP script to do the processing, then he would have to augment the Perl script to send back HTML to the browser, and if he can do that he can probably stick with the Perl altogether. Anyway, that was my reasoning. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] should I be looking to eliminate all notices?
Edward Vermillion wrote:
On Apr 21, 2007, at 6:35 PM, Justin Frim wrote:
I've always gone by the rule that if you're making software that
other people will see or use, make it clean.
Sometimes I'll cheat and stick a @ symbol in front of a line to
shut up errors and warnings for that particular line, but usually I
only do that for speed optimization. (ie. if it's in a short loop
that cycles many times).
Your not saving any cycles. The error handler still gets called, the
error just doesn't get shown.
And '@' is just another way of ignoring an error in your program. Not
really a good idea if you want to right good code.
Ed
Surely that's faster than calling isset(), declaring another variable,
and executing another if() statement though, no?
Compare:
?php
function myfunction($inputdata) {
global $myarray;
echo foo;
return $myarray[$inputdata];
}
function yourfunction($inputdata) {
global $yourarray;
echo bar;
return $yourarray[subfunction($inputdata)];
}
if ((@$funcresult=myfunction($_GET['formfield']))!==false) {
//Do stuff with the data from $myarray[], after doing just a single
if() comparison
}
if ((@$funcresult=yourfunction($_GET['formfield']))!==false) {
//Do stuff with the data from $yourarray[], after doing just one
more if() comparison
}
?
vs:
?php
function myfunction($inputdata) {
global $myarray;
echo foo;
if ($inputdata!=) { return $myarray[$inputdata]; }else{ return
false; }
}
function yourfunction($inputdata) {
global $yourarray;
echo bar;
if ($inputdata!=) { return subfunction($yourarray[$inputdata]);
}else{ return subfunction(false); }
}
if (isset($_GET['formfield'])) { $funcinput = $_GET['formfield']; }else{
$funcinput = ; }
$funcresult=myfunction($funcinput);
if ($funcresult!==false) {
//Now we can finally do stuff, after calling isset(), declaring a
variable, and doing three if() comparisons
}
$funcresult=yourfunction($funcinput);
if ($funcresult!==false) {
//Finally do more stuff, after doing two more if() comparisons
}
?
Now that's a stupid example, but, you get the idea.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] should I be looking to eliminate all notices?
On Mon, 2007-04-23 at 15:56 -0400, Justin Frim wrote: Edward Vermillion wrote: On Apr 21, 2007, at 6:35 PM, Justin Frim wrote: I've always gone by the rule that if you're making software that other people will see or use, make it clean. Sometimes I'll cheat and stick a @ symbol in front of a line to shut up errors and warnings for that particular line, but usually I only do that for speed optimization. (ie. if it's in a short loop that cycles many times). Your not saving any cycles. The error handler still gets called, the error just doesn't get shown. And '@' is just another way of ignoring an error in your program. Not really a good idea if you want to right good code. Ed Surely that's faster than calling isset(), declaring another variable, and executing another if() statement though, no? It's probably faster if no notice is generated. It's almost certainly slower if a notice *is* generated. It's definitely bad practice and a lazy way to hide poor implementation. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Compilation?
I am very new to PHP. Can anyone tell me how do I compile my php 5 code? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Compilation?
On 4/23/07, Davide Bernard [EMAIL PROTECTED] wrote: I am very new to PHP. Can anyone tell me how do I compile my php 5 code? First you should tell us which operating system you are using, is it windows or is it linux? If it's windows you'd be better off using the binary. If you're using linux,you might want to check out a binary release first, else compiling is also quite simple. Extract tarball. ./configure make make install that will do it :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Compilation? OT
On Monday 23 April 2007 22:58, Davide Bernard wrote: I am very new to PHP. Can anyone tell me how do I compile my php 5 code? First you need a J++ compiler.. then you probably need some C# knowledge... that would certainly not hurt. After a good night sleep. Take a left out of the Bed, Turn right at the coffe machine. Check the weather and be sure not to be seen by anyone. Thereafter, breakfast is in order and a shower while waiting for the machine to do some pschycic (that was a lot of c's.) stuff with the awaiting code. my good I should quit this long 30 hour days, this bad humor is killing me, and I'm not tired -- --- Børge http://www.arivene.net --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Compilation?
Or if you're wondering how to compile a .php file for viewing on the web (or running from the command line), then don't worry about it. PHP is meant to be compiled at runtime. If you're looking to find out how to *obfuscate* your code (such as what companies like WHM Autopilot and Modernbill do), then look into ionCube and Zend Guard/Zend Optimizer. This compiles the code so that it can't be read or modified by the end-user, but will still run as a run-time script, not a standalone application. So in any case, you still need a compiled PHP binary to run the code so if that is what you're asking about, refer to Tijnema's post. On 4/23/07, Tijnema ! [EMAIL PROTECTED] wrote: On 4/23/07, Davide Bernard [EMAIL PROTECTED] wrote: I am very new to PHP. Can anyone tell me how do I compile my php 5 code? First you should tell us which operating system you are using, is it windows or is it linux? If it's windows you'd be better off using the binary. If you're using linux,you might want to check out a binary release first, else compiling is also quite simple. Extract tarball. ./configure make make install that will do it :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Daniel P. Brown [office] (570-) 587-7080 Ext. 272 [mobile] (570-) 766-8107
Re: [PHP] Compilation?
Actually I want to compile my php 5 code --with-crack[=DIR] option. in order to use the crack lib. Daniel Brown [EMAIL PROTECTED] 4/23/2007 4:27 PM Or if you're wondering how to compile a .php file for viewing on the web (or running from the command line), then don't worry about it. PHP is meant to be compiled at runtime. If you're looking to find out how to *obfuscate* your code (such as what companies like WHM Autopilot and Modernbill do), then look into ionCube and Zend Guard/Zend Optimizer. This compiles the code so that it can't be read or modified by the end-user, but will still run as a run-time script, not a standalone application. So in any case, you still need a compiled PHP binary to run the code so if that is what you're asking about, refer to Tijnema's post. On 4/23/07, Tijnema ! [EMAIL PROTECTED] wrote: On 4/23/07, Davide Bernard [EMAIL PROTECTED] wrote: I am very new to PHP. Can anyone tell me how do I compile my php 5 code? First you should tell us which operating system you are using, is it windows or is it linux? If it's windows you'd be better off using the binary. If you're using linux,you might want to check out a binary release first, else compiling is also quite simple. Extract tarball. ./configure make make install that will do it :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Daniel P. Brown [office] (570-) 587-7080 Ext. 272 [mobile] (570-) 766-8107 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Compilation? OT
On Mon, 2007-04-23 at 23:03 +0200, Børge Holen wrote: On Monday 23 April 2007 22:58, Davide Bernard wrote: I am very new to PHP. Can anyone tell me how do I compile my php 5 code? First you need a J++ compiler.. then you probably need some C# knowledge... that would certainly not hurt. After a good night sleep. Take a left out of the Bed, Turn right at the coffe machine. Check the weather and be sure not to be seen by anyone. Thereafter, breakfast is in order and a shower while waiting for the machine to do some pschycic (that was a lot of c's.) stuff with the awaiting code. It's (100/3)% less c's when you spell it correctly :) Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Debug recursion
kioto wrote:
Hi all i have found a bug in my db class when i use the recursion.
I try to use the adjacency list model to develop a three menu but
when i call the function in recursive way i loose data because
the value returned from the fetch seem to be empty.
I have db table like this:
table catalog
ID | Name_Category | Subcategory
1 node category 0
2 1_sub_category 1
3 2_sub_category 1
4 another_node 0
5 another_node 0
I have this db class code:
http://phpfi.com/229087
And i create an instance of such class with this code.
http://phpfi.com/229088
My problem is that i take only the fist main category, the subcategory of
this node and later the function esc and doesn't print the other main
category.
I have try to use the native php mysql function and the code work
then the problem i suppose is in my class.
Procedural way with native functions
unction buildThree($parent)
{
$sql = SELECT id, name_category FROM category WHERE subcategory =
{$parent};
$rs = mysql_query($sql) or die(mysql_error());
if ($rs) {
while (list($id, $nome) = mysql_fetch_array($rs)) {
$sql2 = SELECT id FROM category WHERE subcategory =
{$id};
$rs2 = mysql_query($sql2) or die(mysql_errno());
$total = mysql_num_rows($rs2);
if ($total) {
echo'li # '.$nome.' '.\n\r.'ul'.\n\r;
buildThree($id);
echo/ul.\n\r./li.\n\r;
} else {
echo'li ?m=productamp;cat='.$id.' '.$nome.'
/li'.\n\r;
}
}
}
}
echo 'ul';
buildThree(0);
echo '/ul';
echo 'ul';
buildThree(0);
echo '/ul';
ok, after playing with this for a little bit, I think I have come up with something that will work
for you.
?php
$sql = 'SELECT id, name_category, subcategory FROM category ORDER BY
subcategory, id';
$rs = mysql_query($sql) or die(mysql_error());
$d = array();
while ( $row = mysql_fetch_assoc($rs) ) {
$d[$row['subcategory']][] = array('id' = $row['id'], 'name' =
$row['name_category']);
}
function buildTree($d, $parent) {
if ( isset($d[$parent]) ) {
echo ul\n;
foreach ($d[$parent] AS $subList) {
echo li # a
href='?category_id={$subList['id']}'{$subList['name']}/a\n;
if ( buildTree($d, $subList['id']) ) {
unset($d[$subList['id']]);
}
echo /li\n;
}
echo /ul\n;
return true;
}
return false;
}
# This is an example data set.
# The SQL output from above should resemble this layout if you were to do a
print_r() on it.
# Take out the following 3 array definitions and you should have what you are
looking for
$d[0] = array(
array(
'id'= 1,
'name' = 'Home',
),
array(
'id'= 10,
'name' = 'Programming',
),
array(
'id'= 13,
'name' = 'Music Bands',
),
);
$d[10] = array(
array(
'id'= 85,
'name' = 'PHP',
),
array(
'id'= 86,
'name' = 'Ruby',
),
);
$d[13] = array(
array(
'id'= 163,
'name' = 'Rush',
),
array(
'id'= 121,
'name' = 'Pink',
),
);
buildTree($d, 0);
?
--
Enjoy,
Jim Lucas
Different eyes see different things. Different hearts beat on different strings. But there are times
for you and me when all such things agree.
- Rush
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Template class: Simple question
Hello, I have a couple classes that generate navigation and a few other dynamic xHTML template-based things... What is standard practice for calling your template classes? In other words: Is it good practice to create the class object for every page view, or is there a better way to cache the object? I am using PHP 4.x. Any good tips and/or tutorials out there that cover this type of thing? Basically I am trying to get away from using includes and/or simple function calls. Sorry if silly question... I am kinda new to classes and how best to use them. TIA! Cheers, Micky -- Wishlists: http://snipurl.com/1gqpj Switch: http://browsehappy.com/ BCC?: http://snipurl.com/w6f8 My: http://del.icio.us/mhulse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Template class: Simple question
Micky Hulse wrote: What is standard practice for calling your template classes? In other words: Is it good practice to create the class object for every page view, or is there a better way to cache the object? I am using PHP 4.x. Ack! Just found this great thread on Sitepoint: http://www.sitepoint.com/forums/showthread.php?t=468429 Hehe, I wrote my email to the PHP list before checking my Sitepoint xml feed. Seems like the above thread has given me my answer. Thanks all! Sorry to bug the list. Cheers, Micky -- Wishlists: http://snipurl.com/1gqpj Switch: http://browsehappy.com/ BCC?: http://snipurl.com/w6f8 My: http://del.icio.us/mhulse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Standard Address Book?
Jim Lucas wrote: Is there any kind of standard for a PHP/SQL/XML addressbook? Are you asking if there is any type of standard for building an address book in general? That you are using PHP/SQL/XML is your preference. With a few clicks from Google, I found these: http://groupware.openoffice.org/ab_schema/index.html http://developer.apple.com/documentation/AppleApplications/Reference/SyncServicesSchemaRef/Articles/Contacts.html Thanks, those are useful suggestions. As is probably clear, I was thinking of setting up an address book for my own use, using a PHP/XML format, and I just wondered if there was any kind of agreed standard in this area. vCards and Jabber seem to be alternative approaches; but as far as I can see no format has won general approval, which I find rather surprising. -- Timothy Murphy e-mail (80k only): tim /at/ birdsnest.maths.tcd.ie tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] filetype() and exec() issues
This question is a two parter
a) anyone else noticing filetype() failing on ISO image files?
Warning: filetype(): Lstat failed for /var/lib/samba/some/file.iso
b) I have a script that during processing will eventually call
exec('/usr/bin/file -bi '.$file)
over 1000 times, I've added a counter and when it dies on this line it's
always after 1020 exec calls, regardless of the file name I'm feeding to
`file`. I've reproduced this with both exec, shell_exec, system and the
backticks. What am I missing here?
My System:
Linux carbon 2.6.18-gentoo-r3
PHP 5.2.1-pl3-gentoo (cli) (built: Apr 19 2007 00:42:03)
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
/djb
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
Justin Frim wrote: You are correct, I'm not very familiar with Perl. If I do go the route of using something else to accept the form data and then executing the PHP script, I'd be leaning more toward somehow executing the PHP script directly rather then sending back a redirect to the user-agent to re-send the request to the PHP script. Reason being that if a file is uploaded, it ends up getting sent twice. For a large file, that's a lot of extra HTTP traffic. I'm not sure I follow here, because the Perl script would be saving the posted file to disk. It would then send back a redirect with the name of the file in the query string of the url, which would point to a php script that would then read the file from the disk. So the file shouldn't be sent more than once. In any event, I do think that at least a few of use are agreed that somehow the whole post should be made available in PHP. Good luck with your solution, Myron _ Myron Turner http://www.room535.org http://www.bstatzero.org http://www.mturner.org/XML_PullParser/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] help needed to write an installation script for my php application
Hi There, Could you please help me to write an installation script to install a php based application in Windows. 1. I have WAMP5.0 running my my IBM T43 laptop. 2. I have created a php application. 3. I would like to know how to create an installation Wizard for my application. What it should accomplish is that: Once the CD containing my application is loaded to CD drive, it should automatically ask me the standard windows installation questions to install my application in the path specified by me. Your help will be highly appreciated. Thanks, G. Guruswamy (VV, QCG) +91-93412-74717 The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com
Re: [PHP] help needed to write an installation script for my php application
On Mon, April 23, 2007 5:36 am, [EMAIL PROTECTED] wrote: Hi There, Could you please help me to write an installation script to install a php based application in Windows. NSIS, nullsoft installer is a nice installer to use for Windows applications. http://nsis.sourceforge.net/Main_Page -- Edoceo, Inc. http://www.edoceo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] What determines the relative directory, and can I control it?
PHP Users, I am developing a content management system, and one of the goals is to separate out the design entirely from the PHP scripting and content. All the PHP scripts which contain the logic that drives the site are all in the web site's root directory, where the main index.php is located. The site uses an .htaccess file that creates user friendly URLs, so basically every time a user does anything on the site, it goes through /index.php. The intention is for the designer of the site to only have access to a subdirectory of the site called layout. If the designer wants, he or she can have multiple styles, which would each be in their own subdirectories. So, for example, there might be a /layout/styleOne directory, and a /layout/styleTwo directory. The way a designer builds a style is with a file called layout.php. This file contains blocks of HTML code that the designer can manipulate in order to customize the layout of the site. For example, that file would be located at /layout/styleOne/layout.php. Right now, if the designer of the site wants to make a call to an external CSS style sheet within layout.php, the designer has to write in the whole path, relative to the index.php file. For example: style type=text/css @import /layout/styleOne/style.css; /style But I'd like to make it so that the designer doesn't need to ever think about paths, and can state the path to the CSS file relative to layout.php, and not relative to index.php. Like so: style type=text/css @import style.css; /style What happens is that index.php includes a file called include.php. That file in turn includes all the PHP scripts on the site. That file includes another file called Page.php which has a way of including layout.php depending on what style the page needs. For example, styleOne or styleTwo. That's a long linear string of includes, but bottom line is, if I'm correct, that the index.php ultimately includes layout.php, and layout.php therefor acts as if it were in the same directory as index.php. I hope I have described the situation adequately. My question is, as implied above: Can I somehow manipulate any of the PHP scripts involved so that the HTML within layout.php will look first in it's own directory for inclusion of files, such as CSS and javascript and anything else? Thank you for your time and assistance. -- Dave M G Ubuntu 7.04 Feisty Fawn Kernel 2.6.20-15-generic Pentium D Dual Core Processor -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
