date:20090521


Shawn McKenzie wrote:

Shawn McKenzie wrote:

Peter van der Does wrote:

On Thu, 21 May 2009 14:08:11 -0500
Shawn McKenzie  wrote:



This doesn't make sense.  You say "class A needs to be extended with
another class", however what you show below is "class A extending
framework_class".


I worded it wrong, I apologize.
Class A needs to be an extension of the framework class.


Well I guess from my point of view there are several ways depending upon
the requirements.  Others that are better with OOP will chime in I'm sure.

This I'll get flamed for, but you can use one instance of core as a global:

class A extends framework_class {
  var $core;

  function A() {
$this->core =& $GLOBALS['core'];
$this->core->go();
  }
}

//in global scope in bootstrap or whatever
$core = new core();

Along the same lines but more OOP and without globals, maybe use a
registry class and store core in the registry. This also uses one
instance of core:

class Registry {
protected $_objects = array();

function set($name, &$object) {
$this->_objects[$name] =& $object;
}

function &get($name) {
return $this->_objects[$name];
}
}

class A extends framework_class {
  var $core;

  function A(&$registry) {  //dunno if you need a reference here or not
$this->core = $registry->get('core');
$this->core->go();
  }
  //i guess you could also pass in core, but registry will give you all
objects in the registry
  //function A(&core) {
//$this->core = $core;
//$this->core->go();
  //}
}

//this is in your bootstrap or whatever
$core = new core();
$registry = new registry();
$registry->set('core', $core);

Or, if you don't need an object, call it statically:

class A extends framework_class {

  function A() {
core::go();
  }
}



I guess you could always do a singleton so that you always have the same
instance.  Add something like this to the core class (not tested):

static $_instance;

function getInstance() {
if(self::$_instance === null) {
self::$_instance = new self();
}
return self::$_instance;
}

Then you can do:

class A extends framework_class {
   var $core;

   function A() {
 $this->core = core::getInstance();
 $this->core->go();
   }
 }



bullseye, static is the way to approach when you only need a single instance

however you don't always need to include a referent to the instance 
inside your class.. you can easily


core::getInstance()->go()
or
core::go()

and have class core store an instance of itself

class core {
  var $instance;
  function getInstance()

..etc - been so long since i touched php4

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE

2009-05-21 Thread Michael A. Peters


Eddie Drapkin wrote:

Suhosin is completely not-related to SQL, though, I don't know why you'd
bring it up...


I brought it up because suhosin catches many exploits that otherwise get 
through, including exploits that allow inclusion of remote files that 
can then be used to run arbitrary commands on the server, send include 
files (such as the db authentication script) as plain text, all kinds of 
nasty can result.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP class question

Shawn McKenzie wrote:
> Peter van der Does wrote:
>> On Thu, 21 May 2009 14:08:11 -0500
>> Shawn McKenzie  wrote:
>>
>>
>>> This doesn't make sense.  You say "class A needs to be extended with
>>> another class", however what you show below is "class A extending
>>> framework_class".
>>>
>> I worded it wrong, I apologize.
>> Class A needs to be an extension of the framework class.
>>
> 
> Well I guess from my point of view there are several ways depending upon
> the requirements.  Others that are better with OOP will chime in I'm sure.
> 
> This I'll get flamed for, but you can use one instance of core as a global:
> 
> class A extends framework_class {
>   var $core;
> 
>   function A() {
> $this->core =& $GLOBALS['core'];
> $this->core->go();
>   }
> }
> 
> //in global scope in bootstrap or whatever
> $core = new core();
> 
> Along the same lines but more OOP and without globals, maybe use a
> registry class and store core in the registry. This also uses one
> instance of core:
> 
> class Registry {
> protected $_objects = array();
> 
> function set($name, &$object) {
> $this->_objects[$name] =& $object;
> }
> 
> function &get($name) {
> return $this->_objects[$name];
> }
> }
> 
> class A extends framework_class {
>   var $core;
> 
>   function A(&$registry) {  //dunno if you need a reference here or not
> $this->core = $registry->get('core');
> $this->core->go();
>   }
>   //i guess you could also pass in core, but registry will give you all
> objects in the registry
>   //function A(&core) {
> //$this->core = $core;
> //$this->core->go();
>   //}
> }
> 
> //this is in your bootstrap or whatever
> $core = new core();
> $registry = new registry();
> $registry->set('core', $core);
> 
> Or, if you don't need an object, call it statically:
> 
> class A extends framework_class {
> 
>   function A() {
> core::go();
>   }
> }
> 

I guess you could always do a singleton so that you always have the same
instance.  Add something like this to the core class (not tested):

static $_instance;

function getInstance() {
if(self::$_instance === null) {
self::$_instance = new self();
}
return self::$_instance;
}

Then you can do:

class A extends framework_class {
   var $core;

   function A() {
 $this->core = core::getInstance();
 $this->core->go();
   }
 }

-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP class question

Peter van der Does wrote:
> On Thu, 21 May 2009 14:08:11 -0500
> Shawn McKenzie  wrote:
> 
> 
>> This doesn't make sense.  You say "class A needs to be extended with
>> another class", however what you show below is "class A extending
>> framework_class".
>>
> 
> I worded it wrong, I apologize.
> Class A needs to be an extension of the framework class.
> 

Well I guess from my point of view there are several ways depending upon
the requirements.  Others that are better with OOP will chime in I'm sure.

This I'll get flamed for, but you can use one instance of core as a global:

class A extends framework_class {
  var $core;

  function A() {
$this->core =& $GLOBALS['core'];
$this->core->go();
  }
}

//in global scope in bootstrap or whatever
$core = new core();

Along the same lines but more OOP and without globals, maybe use a
registry class and store core in the registry. This also uses one
instance of core:

class Registry {
protected $_objects = array();

function set($name, &$object) {
$this->_objects[$name] =& $object;
}

function &get($name) {
return $this->_objects[$name];
}
}

class A extends framework_class {
  var $core;

  function A(&$registry) {  //dunno if you need a reference here or not
$this->core = $registry->get('core');
$this->core->go();
  }
  //i guess you could also pass in core, but registry will give you all
objects in the registry
  //function A(&core) {
//$this->core = $core;
//$this->core->go();
  //}
}

//this is in your bootstrap or whatever
$core = new core();
$registry = new registry();
$registry->set('core', $core);

Or, if you don't need an object, call it statically:

class A extends framework_class {

  function A() {
core::go();
  }
}

-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] CSS & tables

On Thu, 2009-05-21 at 13:05 -0700, Jessi Berkelhammer wrote:
> Hi,
> This post is another one that might be better asked on a CSS-list, but 
> it is relevant to this thread.
> 
> The calendar at http://php1.net/my-php-calendar/ seems to have a similar 
> issue to a problem I am havingcell borders (sometimes) disappear in 
> Firefox when you zoom out. In both this calendar and mine, the behavior 
> is unpredictable---sometimes a border will be there, and other times 
> not. In my case, I have a javascript mouseover, and the mouseover 
> changes the border behavior below it.
> 
> Does anybody have any experience with this?
> 
> Thanks!
> -jessi
> 
> tedd wrote:
> > At 11:28 PM +0100 5/15/09, Nathan Rixham wrote:
> >> tedd wrote:
> >>> However, there are occasions such as in a calendar where not using a 
> >>> table would be more than difficult. I haven't received a decree yet 
> >>> as to IF that would be considered column data or not.
> >>
> >> I'm gonna differ on this one, when you simply float each calender item 
> >> to the left you're pretty much done, in many cases i find it easier 
> >> than tables.
> > 
> > Okay -- so you find them easier to use for this purpose.
> > 
> > This is my little php calendar (not all the code is mine):
> > 
> > http://php1.net/my-php-calendar/
> > 
> > and I use tables.
> > 
> > I would not want to redo this script using pure css, but I probably will 
> > do it at some point. We all have investments into our code.
> > 
> > Do you have a css calendar to show?
> > 
> > Cheers,
> > 
> > tedd
> 
> -- 
> Jessi Berkelhammer
> Downtown Emergency Service Center
> Computer Programming Specialist
> 
I've just zoomed out to the maximum Fx allows me, and the borders remain
all the way through. Using Fx 2 on Linux. It could be a known issue,
have the you checked Bugzilla?


Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] CSS & tables

2009-05-21 Thread Jessi Berkelhammer


Hi,
This post is another one that might be better asked on a CSS-list, but 
it is relevant to this thread.


The calendar at http://php1.net/my-php-calendar/ seems to have a similar 
issue to a problem I am havingcell borders (sometimes) disappear in 
Firefox when you zoom out. In both this calendar and mine, the behavior 
is unpredictable---sometimes a border will be there, and other times 
not. In my case, I have a javascript mouseover, and the mouseover 
changes the border behavior below it.


Does anybody have any experience with this?

Thanks!
-jessi

tedd wrote:

At 11:28 PM +0100 5/15/09, Nathan Rixham wrote:

tedd wrote:
However, there are occasions such as in a calendar where not using a 
table would be more than difficult. I haven't received a decree yet 
as to IF that would be considered column data or not.


I'm gonna differ on this one, when you simply float each calender item 
to the left you're pretty much done, in many cases i find it easier 
than tables.


Okay -- so you find them easier to use for this purpose.

This is my little php calendar (not all the code is mine):

http://php1.net/my-php-calendar/

and I use tables.

I would not want to redo this script using pure css, but I probably will 
do it at some point. We all have investments into our code.


Do you have a css calendar to show?

Cheers,

tedd


--
Jessi Berkelhammer
Downtown Emergency Service Center
Computer Programming Specialist

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP class question

2009-05-21 Thread Peter van der Does

On Thu, 21 May 2009 14:08:11 -0500
Shawn McKenzie  wrote:


> 
> This doesn't make sense.  You say "class A needs to be extended with
> another class", however what you show below is "class A extending
> framework_class".
> 

I worded it wrong, I apologize.
Class A needs to be an extension of the framework class.

-- 
Peter van der Does

GPG key: E77E8E98
IRC: Ganseki on irc.freenode.net
Blog: http://blog.avirtualhome.com
Forums: http://forums.avirtualhome.com
Jabber ID: pvanderd...@gmail.com

GetDeb Package Builder
http://www.getdeb.net - Software you want for Ubuntu

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE

Eddie Drapkin wrote:
> Suhosin is completely not-related to SQL, though, I don't know why you'd
> bring it up...

Well, because the post that I was replying to brought it up and I happen
to agree that it's a good idea even though it has nothing to do with SQL :-)

>>> Michael A. Peters wrote:
 Use prepared statements.
 If you are just starting out, I would recommend using a database
 abstraction layer, such as MDB2 from pear.

 Doing it now is a LOT easier than porting an existing web application to
 use a database abstraction layer.

 With prepared statement, sql injection is not an issue.

 Example of prepared statement with MDB2:

 $types = Array('integer','text','integer');
 $q = 'SELECT somefield,someotherfield FROM sometable WHERE afield > ?
 AND bfield=? AND cfield < ? ORDER BY somefield';
 $sql = $mdb2->prepare($q,$types,MDB2_PREPARE_RESULT);

 $args  = Array($var1,$var2,$var3);
 $rs = $sql->execute($args);

 Prepared statements pretty much neuter any and all sql injection
 attempts, assuming the database supports prepared statements (otherwise
 the abstraction layer may emulate them which could possibly be prone to
 vulnerabilities).

 While you do not need to use an abstraction layer to use prepared
 statements, the advantage of an abstraction layer is that your code will
 be much easier to port to a different database - advantageous to your
 client if they ever want to change databases, advantageous to you if you
 ever want to resuse you code for another client (assuming your contract
 does not give exclusive ownership of your code to your existing client).

 The user the web server connects with should be as restricted as
 possible. It should only have permission to connect to the database from
 the host where the web server is running (localhost if running on same
 machine as the sql server) and should not be granted any permissions it
 does not absolutely need.

 The file containing the database authentication credentials should end
 in .php and not .inc, and if at all possible, should be outside the web
 root (you can modify the include path to add a directory outside the web
 root that has includes - or include the file full path).

 Make sure error reporting is turned off on the production web server
 (you can still read errors in the web server log).

 *If at all possible, run php compiled with the suhosin core patch and
 also run the suhosin loadable module.*

 -=-
 You shouldn't need addslashes with prepared statements.
 You should run user input through an existed tested input filter, such
 as http://htmlpurifier.org/ rather than trying to re-invent the wheel
 and create your own. Script kiddies have scripts that test webapps for
 input vulnerabilities (both xss and sql injection), and some of them are
 rather tricky and browser specific.

 A community driven project like HTMLPurifier is more likely to catch
 malicious input than something you cobble together.
>>> PDO is another good option.  You shouldn't have to worry about escaping
>>> or SQL injections, though suhosin is a great idea.
>>>
>>> http://php.net/manual/book.pdo.php
>>>
>>> --
>>> Thanks!
>>> -Shawn
>>> http://www.spidean.com
>>>
>>> --
>>> PHP General Mailing List (http://www.php.net/)
>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>
>>>
> 

-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE

2009-05-21 Thread Eddie Drapkin

Suhosin is completely not-related to SQL, though, I don't know why you'd
bring it up...
>
>
>
> On Thu, May 21, 2009 at 3:42 PM, Shawn McKenzie wrote:
>
>> Michael A. Peters wrote:
>> > Sumit Sharma wrote:
>> >> Hi,
>> >>
>> >> I am designing a php website for my client which interact with
>> database.
>> >> This is my first project for any client (I hope he is not reading this
>> >> mail
>> >> ;-)  ). I am a bit more concerned with database security. Can somebody
>> >> shed
>> >> some light on the security measurements, precautions, and functions
>> >> related
>> >> to database security in general to make sure that the data is safely
>> >> stored
>> >> updated and retried from database. I have already used htmlentities(),
>> >> strip_tags(), addhashes(), and some regular expressions to check
>> >> security.
>> >> Looking for help beyond this.
>> >>
>> >>
>> >> Thanks in advance...
>> >> Sumit
>> >>
>> >
>> > Use prepared statements.
>> > If you are just starting out, I would recommend using a database
>> > abstraction layer, such as MDB2 from pear.
>> >
>> > Doing it now is a LOT easier than porting an existing web application to
>> > use a database abstraction layer.
>> >
>> > With prepared statement, sql injection is not an issue.
>> >
>> > Example of prepared statement with MDB2:
>> >
>> > $types = Array('integer','text','integer');
>> > $q = 'SELECT somefield,someotherfield FROM sometable WHERE afield > ?
>> > AND bfield=? AND cfield < ? ORDER BY somefield';
>> > $sql = $mdb2->prepare($q,$types,MDB2_PREPARE_RESULT);
>> >
>> > $args  = Array($var1,$var2,$var3);
>> > $rs = $sql->execute($args);
>> >
>> > Prepared statements pretty much neuter any and all sql injection
>> > attempts, assuming the database supports prepared statements (otherwise
>> > the abstraction layer may emulate them which could possibly be prone to
>> > vulnerabilities).
>> >
>> > While you do not need to use an abstraction layer to use prepared
>> > statements, the advantage of an abstraction layer is that your code will
>> > be much easier to port to a different database - advantageous to your
>> > client if they ever want to change databases, advantageous to you if you
>> > ever want to resuse you code for another client (assuming your contract
>> > does not give exclusive ownership of your code to your existing client).
>> >
>> > The user the web server connects with should be as restricted as
>> > possible. It should only have permission to connect to the database from
>> > the host where the web server is running (localhost if running on same
>> > machine as the sql server) and should not be granted any permissions it
>> > does not absolutely need.
>> >
>> > The file containing the database authentication credentials should end
>> > in .php and not .inc, and if at all possible, should be outside the web
>> > root (you can modify the include path to add a directory outside the web
>> > root that has includes - or include the file full path).
>> >
>> > Make sure error reporting is turned off on the production web server
>> > (you can still read errors in the web server log).
>> >
>> > If at all possible, run php compiled with the suhosin core patch and
>> > also run the suhosin loadable module.
>> >
>> > -=-
>> > You shouldn't need addslashes with prepared statements.
>> > You should run user input through an existed tested input filter, such
>> > as http://htmlpurifier.org/ rather than trying to re-invent the wheel
>> > and create your own. Script kiddies have scripts that test webapps for
>> > input vulnerabilities (both xss and sql injection), and some of them are
>> > rather tricky and browser specific.
>> >
>> > A community driven project like HTMLPurifier is more likely to catch
>> > malicious input than something you cobble together.
>>
>> PDO is another good option.  You shouldn't have to worry about escaping
>> or SQL injections, though suhosin is a great idea.
>>
>> http://php.net/manual/book.pdo.php
>>
>> --
>> Thanks!
>> -Shawn
>> http://www.spidean.com
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>

Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE

Michael A. Peters wrote:
> Sumit Sharma wrote:
>> Hi,
>>
>> I am designing a php website for my client which interact with database.
>> This is my first project for any client (I hope he is not reading this
>> mail
>> ;-)  ). I am a bit more concerned with database security. Can somebody
>> shed
>> some light on the security measurements, precautions, and functions
>> related
>> to database security in general to make sure that the data is safely
>> stored
>> updated and retried from database. I have already used htmlentities(),
>> strip_tags(), addhashes(), and some regular expressions to check
>> security.
>> Looking for help beyond this.
>>
>>
>> Thanks in advance...
>> Sumit
>>
> 
> Use prepared statements.
> If you are just starting out, I would recommend using a database
> abstraction layer, such as MDB2 from pear.
> 
> Doing it now is a LOT easier than porting an existing web application to
> use a database abstraction layer.
> 
> With prepared statement, sql injection is not an issue.
> 
> Example of prepared statement with MDB2:
> 
> $types = Array('integer','text','integer');
> $q = 'SELECT somefield,someotherfield FROM sometable WHERE afield > ?
> AND bfield=? AND cfield < ? ORDER BY somefield';
> $sql = $mdb2->prepare($q,$types,MDB2_PREPARE_RESULT);
> 
> $args  = Array($var1,$var2,$var3);
> $rs = $sql->execute($args);
> 
> Prepared statements pretty much neuter any and all sql injection
> attempts, assuming the database supports prepared statements (otherwise
> the abstraction layer may emulate them which could possibly be prone to
> vulnerabilities).
> 
> While you do not need to use an abstraction layer to use prepared
> statements, the advantage of an abstraction layer is that your code will
> be much easier to port to a different database - advantageous to your
> client if they ever want to change databases, advantageous to you if you
> ever want to resuse you code for another client (assuming your contract
> does not give exclusive ownership of your code to your existing client).
> 
> The user the web server connects with should be as restricted as
> possible. It should only have permission to connect to the database from
> the host where the web server is running (localhost if running on same
> machine as the sql server) and should not be granted any permissions it
> does not absolutely need.
> 
> The file containing the database authentication credentials should end
> in .php and not .inc, and if at all possible, should be outside the web
> root (you can modify the include path to add a directory outside the web
> root that has includes - or include the file full path).
> 
> Make sure error reporting is turned off on the production web server
> (you can still read errors in the web server log).
> 
> If at all possible, run php compiled with the suhosin core patch and
> also run the suhosin loadable module.
> 
> -=-
> You shouldn't need addslashes with prepared statements.
> You should run user input through an existed tested input filter, such
> as http://htmlpurifier.org/ rather than trying to re-invent the wheel
> and create your own. Script kiddies have scripts that test webapps for
> input vulnerabilities (both xss and sql injection), and some of them are
> rather tricky and browser specific.
> 
> A community driven project like HTMLPurifier is more likely to catch
> malicious input than something you cobble together.

PDO is another good option.  You shouldn't have to worry about escaping
or SQL injections, though suhosin is a great idea.

http://php.net/manual/book.pdo.php

-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: -less layouts; Ideas welcome

2009-05-21 Thread Weston C

On Thu, May 21, 2009 at 12:10 PM, tedd  wrote:
> Could you be certain that your algorithm would figure out which way it needs
> to present the text to a blind person?

My own experience browsing the web with Lynx (which for the most part,
tends to ignore table layout, giving you the content of table cells in
source order) suggests that order doesn't end up being a significant
issue. The common layouts tend to read surprising well in source
order. Navigation is usually at the top or the left, so you encounter
it quickly. If there's any problem, most of the time it's that the
page author has done something hideous with a lot of images with no
alt text or abuse of HTML entitites, or part of the navigation
structure is only accessible via javascript or flash or something like
that... all separate issues from repurposing tabular markup.

And when there *is* some kind of a layout issue, most of the time it's
easy to adapt as a human reader by searching/scanning (sometimes
easier than if you're looking at a bad visual layout). The tools that
enhance accessibility on a page in these respects really don't have a
lot to do with whether there's tabular markup -- if you want to enable
easy access to page navigation, you can add semantic information about
that regardless. In fact, that information is quite likely more
important and less prevalent than what you end up with even most
CSS-positioned sites, given that the vast majority of them simply
provide stylesheets for the purposes of... visual layout, and what
you're left with when a screen reader ignores them is linear
source-ordered elements.

None of this is to say that CSS can't be very useful in addressing
this problem (and other problems), or that there aren't some problems
with tabular markup. The presentation example you mentioned is
actually going to be an issue with even real tabular data without some
care taken in the markup. And I don't want to go back to coding 1999
markup for 1999 browsers. Mostly my point is that the problem with
using tables is a bit more limited in size than it's often made out to
be, there are other ways of dealing with the accessibility and
semanticity issues involved, some of them potentially more effective.
And for some cases, table layouts just work better. I think we'd be
better off with a wide variety of professionals who can balance these
different issues than with a  "tables considered harmful" summary.

> Now compound that with cells holding images,
> place-holders, empty cells and cells with navigation elements,
> flash, videos, and such -- and you might have a better appreciation
> as to the problem screen readers face.

These are actually some of the heuristic markers I believe some
browsers actually use (and if they don't, they certainly could). If
you have a table whose cells largely contain highly mixed markup,
largely presentational elements, no alternative data, chances are
pretty good that it isn't tabular data. And...

Benjamin Hawkes-Lewis 
> WCAG 1.0 ... explained how /authors/ could distinguish between layout
> tables and data tables:
>
> 1) When writing a presentational table, stick to the elements "table", "tr",
> "td". Do not use the "headers", "scope", "axis", or "summary" attributes.
> Make sure layout tables make sense when linearized.
>
> 2) When writing a data table, add the elements "th", "thead", "tbody",
> "tfoot", "caption", and "col" and the attributes "headers", "scope", "axis",
> and "summary" wherever appropriate.

Exactly. These are great markers for distinguishing between where
authors were using table markup semantically or presentationally. I
think in practice there are probably many others available.

> Fast forward a decade, and authors are getting another tool in our toolbox,
> not a million miles away from your 'class="layout"'. I don't think it's very
> well specified yet, but:
>
> http://www.w3.org/TR/wai-aria/#presentation

I'm actually amazed... this is very nearly what I proposed in some
discussions back in 2004. I eventually shifted to class="layout"
because it had some other practical benefits and everybody I talked to
seemed to feel cluttering up the attribute space with yet another item
was wrong (on top of this sortof general malaise about repurposed
table markup), especially when considering how much semantic mileage
you can get out of class attributes. I'd be totally happy to see
anything like it adopted, though, and as I said before, think it'd
push the semantic web forward faster than waiting for everyone to come
around to doing things one blessed way.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Forms validation and creation- easier solution?

2009-05-21 Thread Daniele Grillenzoni


On 20/05/2009 9.03, Angelo Zanetti wrote:

Hi all.



We have done quite a few projects and we are looking to find better ways to
implementing forms.



Forms seem to be quite time consuming and repetitive.



Generally are there any classes or libraries that will assist with:



1.  Easy creation of forms (fields and layout)

2. Validation of specific fields within the forms (server side not JS)

3. Decrease in time required to setup the forms pages

any other comments are welcome.



Thanks in advance

Angelo


Elemental
http://www.elemental.co.za

Dynamic Web and Mobile Solutions








Personally I created a little Class that handles it.

First I create an array of associative arrays, every associative array 
represents an input of an abstract type (similar to the webforms, 
meaning i have stuff like type="telephone").


Stuff like
$inputs[]=array(
"name" => "foobar",
"required" => true,
"type" => "string",   // text is reserved to textarea
"label" => "Foo Bar",
"error_required" => "you need to provide a Foo Bar value, dummy",
"group" => "main"
);
etc.

Then I create an array for groups.
$group["main"] = array(
	"type" = "block", // types are either block which means div, set 
which means fieldset, paragraph which means  or a raw html opening tag.
	"parent" = NULL		//optional of course, if set to the name of another 
group, then the group becomes a child of the referenced group.

)

Then I create an associative array of options for the form.
Finally, I call the class constructor with the three arrays as params.

The class provides me with a few nifty functions:
* toHtml();
(do I need to explain?)
* toArray();
	Returns the inputs, options, and groups inside a single array, with the 
value altered when necessary

* wasSubmitted();
	Does some guesswork to see if the form was submitted, there's a lot of 
smart automagicness inside.

* runAutoChecks();
	Runs the checks he can, like the validity of emails in 'type' = 'email' 
inputs, pattern validation for input with a set pattern, required 
inputs, fills the error array with error messages, sets class[]='error' 
to wrongly filled inputs...

* wasValidInput();
	Returns true if none of the autochecks or eventual manual checks 
returned an error.


And it works like this:
[...]
if ($form->wasSubmitted()){
$form->runAutoChecks();
/* Additional non-automatable controls */
// None in this case
if ($form->wasValidInput()){
// success, do stuff
} else {
// show errors and form again
}
} else {
echo $form->toHtml();
}

There are other things I didn't list, like the fact that ever input has 
options to specify a wrapper (class and id are associated to the wrapper 
if it's defined), the form encoding automatically changes in case of a 
file input, etc etc etc...


The types are abstracted enough that one could easily make a function 
that automatically creates the code for a first draft of the forum out 
of the db schema of an eventual table. Of course you'd have to provide 
error messages, remove unnecessary inputs, adding new ones...


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Problems working with HTML using PHP's XML tools (placing mixed text/html into xpath-specified nodes...)

2009-05-21 Thread Michael A. Peters


Weston C wrote:

Is there a straightforward way (or, heck, any way) of placing mixed
html/text content into xpath-specified nodes using any of PHP's XML
tools?

So far, I've tried SimpleXML and the DOM and things aren't coming out well.


Not sure if it is of any use to you, I don't use XPath at all, but this 
php class modifies existing DOMDocument objects for filtering purposes 
and may give you an idea of how it is done:


http://www.clfsrpm.net/xss/cspfilter_class.phps

For a clearer example of adding a node to an existing document -

from

http://www.clfsrpm.net/xss/dom_script_test.phps

That page is hard to read as it was butchered from another script, so 
here are the demonstrative parts:


$import_prepare = '' . $somexmlcontentinastring . '';
$newDom = new DOMDocument("1.0","UTF-8");
$newDom->loadXML($import_prepare);
$elements = $newDom->getElementsByTagName("div");
$imported_div = $elements->item(0);

Now - $imported_div is an object node containing all the xml in 
import_prepare (you don't have to put it in a div, I did there because 
it's a form so I don't know the structure of xml input, putting it in a 
div gave me a known element that would be parent of all input) - but it 
is a node for the $newDom DOMDocument, I need to import it into the 
DOMDocument I am using.


$testDiv = $myxhtml->importNode($imported_div,true);

Now, $testDiv an a DOM object associated with the DOMDocument I want to 
import the node into.


$xmlBody->appendChild($testDiv);

Now the node is a child of the $xmlBody node, and has been incorporated 
into my DOMDocument.


-=-=-=-

importHTML() is problematic with some characters. Better to convert your 
additions to well formed xml and use importXML();


-=-=-=-

While I am currently using DOMDocument for everything (yes, everything), 
I'm still learning it - do not consider me a guru on it's use.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: PHP class question

Peter van der Does wrote:
> I have the following situation.
> 
> I wrote some software and split it up into functionality:
> 
> class core {
>   function go{
>   }
> }
> 
> class A extends core {
>   // PHP4 constructor
>   function A {
> $this->go();
>   }
> 
> }
> 
> class B extends core {
> }
> 
> In core I define functions and variables that are to be used
> through out my program and to address those functions/variables I just
> use $this-> .
> 
> Now I ran into a situation where class A needs to be extended with
> another class. This is not my choice, it's part of a framework I have
> to use.

This doesn't make sense.  You say "class A needs to be extended with
another class", however what you show below is "class A extending
framework_class".

Show your classes and we can help I think.

> Currently I solved this by doing this:
> 
> class A extends framework_class {
>   $var core;
> 
>   // PHP4 constructor
>   function A {
> $this->core = new core();
> $this->core->go();
>   }
> }
> 
> The question I have, is this a good solution, is it the only solution
> or are there different ways to tackle this?
> As you might see it needs to run in PHP4.
> 

I'm sure there are.  This doesn't look right to me, but I'm confused by
your examples.

-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE

2009-05-21 Thread Michael A. Peters


Sumit Sharma wrote:

Hi,

I am designing a php website for my client which interact with database.
This is my first project for any client (I hope he is not reading this mail
;-)  ). I am a bit more concerned with database security. Can somebody shed
some light on the security measurements, precautions, and functions related
to database security in general to make sure that the data is safely stored
updated and retried from database. I have already used htmlentities(),
strip_tags(), addhashes(), and some regular expressions to check security.
Looking for help beyond this.


Thanks in advance...
Sumit



Use prepared statements.
If you are just starting out, I would recommend using a database 
abstraction layer, such as MDB2 from pear.


Doing it now is a LOT easier than porting an existing web application to 
use a database abstraction layer.


With prepared statement, sql injection is not an issue.

Example of prepared statement with MDB2:

$types = Array('integer','text','integer');
$q = 'SELECT somefield,someotherfield FROM sometable WHERE afield > ? 
AND bfield=? AND cfield < ? ORDER BY somefield';

$sql = $mdb2->prepare($q,$types,MDB2_PREPARE_RESULT);

$args  = Array($var1,$var2,$var3);
$rs = $sql->execute($args);

Prepared statements pretty much neuter any and all sql injection 
attempts, assuming the database supports prepared statements (otherwise 
the abstraction layer may emulate them which could possibly be prone to 
vulnerabilities).


While you do not need to use an abstraction layer to use prepared 
statements, the advantage of an abstraction layer is that your code will 
be much easier to port to a different database - advantageous to your 
client if they ever want to change databases, advantageous to you if you 
ever want to resuse you code for another client (assuming your contract 
does not give exclusive ownership of your code to your existing client).


The user the web server connects with should be as restricted as 
possible. It should only have permission to connect to the database from 
the host where the web server is running (localhost if running on same 
machine as the sql server) and should not be granted any permissions it 
does not absolutely need.


The file containing the database authentication credentials should end 
in .php and not .inc, and if at all possible, should be outside the web 
root (you can modify the include path to add a directory outside the web 
root that has includes - or include the file full path).


Make sure error reporting is turned off on the production web server 
(you can still read errors in the web server log).


If at all possible, run php compiled with the suhosin core patch and 
also run the suhosin loadable module.


-=-
You shouldn't need addslashes with prepared statements.
You should run user input through an existed tested input filter, such 
as http://htmlpurifier.org/ rather than trying to re-invent the wheel 
and create your own. Script kiddies have scripts that test webapps for 
input vulnerabilities (both xss and sql injection), and some of them are 
rather tricky and browser specific.


A community driven project like HTMLPurifier is more likely to catch 
malicious input than something you cobble together.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Problems working with HTML using PHP's XML tools (placing mixed text/html into xpath-specified nodes...)

2009-05-21 Thread Weston C

Is there a straightforward way (or, heck, any way) of placing mixed
html/text content into xpath-specified nodes using any of PHP's XML
tools?

So far, I've tried SimpleXML and the DOM and things aren't coming out well.

SimpleXML:

 /* $filename contains path to valid XML file, $xpathxpr contains
valid XPath expression matching at least  one document node, $fillval
contains a mixed well-formed text/xhtml string to be pre-pended within
each matching node */

$sx = simplexml_load_file($filename);
$nodes = $sx->xpath($xpathxpr);
foreach($nodes as $node) {
  $children = $node->children();
  $children[0] = $fillval . $children[0];
}

This only sortof works. I get $fillval appended before the original
contents of each matching docment node but if I've put any markup
in, it's all there as literal text (ie, http://php.net";>php.net wouldn't show up as a link, you'd
see the actual markup when the document is rendered).

A variation on this that I tried is creating a new SimpleXMLElement
object, with the mixed text/markup string as an argument passed to the
constructor, since the docs seem to indicate this is blessed. Weirdly,
when I do this, it seems to actually be stripping out the markup and
just giving the text. For example:

$s = new SimpleXMLElement('Boo')
echo $s;

yields "Boo" (and echo $s->a yields nothing). This would be such a
huge bug I have a hard time believing it, so I have to suspect there's
a dance I'm not doing to make this work correctly.

DOM XML:

 /* again, $filename contains path to valid XML file, $xpathxpr
contains valid XPath expression matching at least  one document node,
$fillval contains a mixed well-formed text/xhtml string to be
pre-pended within each matching node */

$domDoc = new DOMDocument();
$domDoc->loadHTML(file_get_contents($filename));
$search = new DOMXPath($domDoc);
$nodes = $search->query($xpathxpr);
foreach($nodes as $emt) {
$f = $domDoc->createDocumentFragment();
$f->appendXML($fillval . $emt->nodeValue);
$emt->nodeValue = '';
$emt->appendChild($f);
}

This also gets mixed results. It gets cranky and issues warnings about
any HTML entities (despite that it seems it should be clear this is an
HTML document given the invocation of loadHTML), and while I'm seeing
some markup make it through, I'm not in other cases. I haven't quite
figured out the difference.

I can come up with some runnable tests if it will help, but I'm hoping
someone's already familiar with the general issues with using PHP's
XML tools to work with HTML that they can make some good commentary on
the matter.

Thanks,

Weston

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: -less layouts; Ideas welcome

2009-05-21 Thread Benjamin Hawkes-Lewis


On 21/5/09 18:48, Weston C wrote:

I almost just wish
we'd accepted the horse was out of the barn and tried to figure out an
easy way to signal distinctions between layout tables and semantic
tabular data, rather than trying to get the entire internet to
completely retool.


One year after HTML 4.0 recommended stylesheets over table layouts, WCAG 
1.0 (published in 1999) explained how /authors/ could distinguish 
between layout tables and data tables:


1) When writing a presentational table, stick to the elements "table", 
"tr", "td". Do not use the "headers", "scope", "axis", or "summary" 
attributes. Make sure layout tables make sense when linearized.


2) When writing a data table, add the elements "th", "thead", "tbody", 
"tfoot", "caption", and "col" and the attributes "headers", "scope", 
"axis", and "summary" wherever appropriate.


http://www.w3.org/TR/WCAG10/#gl-table-markup

No algorithm for guessing whether a table matching the first class (but 
which could have been authored before WCAG 1.0 or in ignorance of WCAG 
1.0) is a layout or data table has ever been specified, as far as I 
know. You are entirely correct that text browsers and screen readers do 
indeed use such algorithms, however. This is why it's more crucial to 
use data table markup for data tables than to avoid presentational table 
markup for grid layout.


Fast forward a decade, and authors are getting another tool in our 
toolbox, not a million miles away from your 'class="layout"'. I don't 
think it's very well specified yet, but:


http://www.w3.org/TR/wai-aria/#presentation

--
Benjamin Hawkes-Lewis



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: -less layouts; Ideas welcome

2009-05-21 Thread tedd


At 11:48 AM -0600 5/21/09, Weston C wrote:

On Thu, 2009-05-21 at 09:54 -0400, tedd wrote:

 My thoughts are -- my understanding the reason why tables have
 received such bad-press is that designers have abused tables in
 holding designs together with nested tables AND in doing so made it
 difficult for the visually disabled to pull content from the site.
 Screen readers do not read the screen but rather read the source and
 pull out of it what they (the screen reader program) think is
 content. Translating nested tables becomes an impossible job for them.


[1] I've heard a rumor this is exaggerated, and I buy it to some extent.
Lynx had an algorithm for distinguishing simple tabular data from more
complex (and probably layout) tables back in 1999. I'd assume a
serious screen reader with more development resources behind it could
do better, and I don't think heuristics for working with this would
even be particularly hard.

[2] This isn't to say tangled table markup is never a problem. It is, both
for human and machine readers. But as much as I like CSS -- and as
much as it simplifies many designs -- there are some cases for which



[3] table layouts are easier and/or more robust, so I almost just wish
we'd accepted the horse was out of the barn and tried to figure out an
easy way to signal distinctions between layout tables and semantic
tabular data, rather than trying to get the entire internet to
completely retool.

[4] A few years ago, I started marking my layout tables with
class="layout". Not always a perfect solution, but makes the
distinction easy (and turns out to be a useful styling convention as
well), and if table-based layouts really are a significant obstacle to
machine readers, my guess is something like this would get us over
that hurdle a lot faster than waiting for everyone to give up those
layouts.


Weston:

With regard to [1] -- while it might look like a simple problem to 
solve, let me present a simple example to show it's not.


Above is your text -- let's say that I create a table that is a 
simple 2 x 2 table. It's a table that has two rows and two columns.


Now, let me place your text in that table like so:

1 | 2
3 | 4

Or, I could do it like this:

1 | 3
2 | 4

Could you be certain that your algorithm would figure out which way 
it needs to present the text to a blind person? Remember, it should 
present the text in the correct order, namely 1, 2, 3 and 4. However, 
newsprint and layouts often uses both types of presentation.


Now compound that with cells holding images, place-holders, empty 
cells and cells with navigation elements, flash, videos, and such -- 
and you might have a better appreciation as to the problem screen 
readers face.


Cheers,

tedd

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] -less layouts; Ideas welcome

2009-05-21 Thread Tom Worster

this reminds me of the classic line in "Real Programmers Don't Use Pascal":

"Besides, the determined Real Programmer can write Fortran programs in any
language."


On 5/21/09 4:02 AM, "Jim Lucas"  wrote:

> Since this has been a topic of dicussion, I figured I would add my thoughts.
> 
> I have been toying with the idea of doing a -less layouts involving
> tabular data, calendars,
> etc...
> 
> Recent threads have finally made me do it.  Let me know what you think.
> 
> http://www.cmsws.com/examples/templates/div_tables.php
> http://www.cmsws.com/examples/templates/div_tables.phps (source for above)
> http://www.cmsws.com/examples/templates/div_cal.php
> 
> When you turn off the styles, the calendar becomes pretty rough on the eyes,
> but still "accessible".
> 
> Same thing with the tabular data structure.
> 
> But, not knowing how the various types of accessibility applications work, I
> am guessing that the
> layout to an application trying to read it should work fairly well.  Let me
> know if I am way off the
> mark with my thoughts.
> 
> If you want to respond off list, that if fine by me.
> 
> TIA



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: -less layouts; Ideas welcome

2009-05-21 Thread Weston C

On Thu, 2009-05-21 at 09:54 -0400, tedd wrote:
> My thoughts are -- my understanding the reason why tables have
> received such bad-press is that designers have abused tables in
> holding designs together with nested tables AND in doing so made it
> difficult for the visually disabled to pull content from the site.
> Screen readers do not read the screen but rather read the source and
> pull out of it what they (the screen reader program) think is
> content. Translating nested tables becomes an impossible job for them.

I've heard a rumor this is exaggerated, and I buy it to some extent.
Lynx had an algorithm for distinguishing simple tabular data from more
complex (and probably layout) tables back in 1999. I'd assume a
serious screen reader with more development resources behind it could
do better, and I don't think heuristics for working with this would
even be particularly hard.

This isn't to say tangled table markup is never a problem. It is, both
for human and machine readers. But as much as I like CSS -- and as
much as it simplifies many designs -- there are some cases for which
table layouts are easier and/or more robust, so I almost just wish
we'd accepted the horse was out of the barn and tried to figure out an
easy way to signal distinctions between layout tables and semantic
tabular data, rather than trying to get the entire internet to
completely retool.

A few years ago, I started marking my layout tables with
class="layout". Not always a perfect solution, but makes the
distinction easy (and turns out to be a useful styling convention as
well), and if table-based layouts really are a significant obstacle to
machine readers, my guess is something like this would get us over
that hurdle a lot faster than waiting for everyone to give up those
layouts.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] -less layouts; Ideas welcome

Benjamin Hawkes-Lewis wrote:

On 21/5/09 09:02, Jim Lucas wrote:

I have been toying with the idea of doing a -less layouts
involving tabular data, calendars, etc...

[snip]

But, not knowing how the various types of accessibility applications
work, I am guessing that the layout to an application trying to read it
should work fairly well. Let me know if I am way off the mark with my
thoughts.

The responses suggesting that "even W3C" would let you use tables for
data tables are too weak.

W3C recommend you use the best possible semantic (X)HTML for your
structured content and, if you want to style it, suggest a skin or skins
for that structure with CSS. This is why "table" is the wrong tool for
grid layout and the /right/ tool for tabular data.

This isn't "semantics for the sake of semantics". Table markup implies a
series of relationships that user agents can use in two basic ways:

1) Render content appropriately to communicate tabular relationships.
For example, text browsers and browser/user stylesheets in GUI browsers
can arrange tables in rows and columns, stick borders between cells,
embolden/color header cells and captions, repeat header rows after a
page break when printing. GUI browsers can copy table markup to system
clipboards such that you can paste the table into a word processor or
spreadsheet as a table. Screen readers can read or braille the table
caption or summary when the table receives focus, and render an
individual data cell's headers when it receives content focus.

2) Provide navigational functionality. For example, popular screen
readers use table markup to give users commands to list tables on a
page, jump to the next table, move to the next row rather than the next
cell, query a cell for its headers, read row-by-row, or read
column-by-column. For example:

http://www.freedomscientific.com/Training/Surfs-Up/Tables.htm
http://www.freedomscientific.com/Training/Surfs-up/Table_Reading_Commands.htm

So replacing good data markup ( http://www.webaim.org/techniques/tables/
) with a tree of "div" elements involves a substantial loss of
functionality, and accessibility.

If for some reason, you /must/ use generic "div" elements instead of
real tabular markup, I strongly recommend you annotate them with
WAI-ARIA attributes ("grid" and related roles). Supporting clients will
expose similar structural information to assistive technology as you
would get with (X)HTML tables. WAI-ARIA has poor support compared to
bog-standard (X)HTML tables, but it should be supported by the some of
the newest browsers and screen readers (e.g. Firefox 3, IE8, and JAWS 10).

Calendar markup is a very tricky one.

But I'd certainly take advantage of (X)HTML's dedicated markup for
relationships ( tables, lists, headings, hyperlinks ) to help users
navigate the calendar and to ensure a decent presentation (even without
your CSS) is applied, rather than expect users to parse linearized "div"
elements.

Some useful discussion at:

http://www.joedolson.com/articles/2006/10/describing-a-semantic-calendar/

http://diveintoaccessibility.org/day_19_using_real_table_headers.html

http://georgiatechcatea.wordpress.com/2007/01/16/accessible-calendars-for-blogs-and-websites/

--
Benjamin Hawkes-Lewis

yup,

if you are ever in doublt as to whether you are doing things correctly
or not, highlight the entire web page in question, copy it, and paste it
in to a very basic text editor. Then read from line 1 to the end, if any
of it doesn't make sense or seems misplaced, then it's been made
incorrectly.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] -less layouts; Ideas welcome

2009-05-21 Thread Benjamin Hawkes-Lewis

On 21/5/09 09:02, Jim Lucas wrote:

I have been toying with the idea of doing a -less layouts
involving tabular data, calendars, etc...

[snip]

The responses suggesting that "even W3C" would let you use tables for
data tables are too weak.

This isn't "semantics for the sake of semantics". Table markup implies
a series of relationships that user agents can use in two basic ways:

http://www.freedomscientific.com/Training/Surfs-Up/Tables.htm
http://www.freedomscientific.com/Training/Surfs-up/Table_Reading_Commands.htm

So replacing good data markup ( http://www.webaim.org/techniques/tables/
) with a tree of "div" elements involves a substantial loss of
functionality, and accessibility.

Calendar markup is a very tricky one.

Some useful discussion at:

http://www.joedolson.com/articles/2006/10/describing-a-semantic-calendar/

http://diveintoaccessibility.org/day_19_using_real_table_headers.html

http://georgiatechcatea.wordpress.com/2007/01/16/accessible-calendars-for-blogs-and-websites/

--
Benjamin Hawkes-Lewis

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: PHP class question


Peter van der Does wrote:

I have the following situation.

I wrote some software and split it up into functionality:

class core {
  function go{
  }
}

class A extends core {
  // PHP4 constructor
  function A {
$this->go();
  }

}

class B extends core {
}

In core I define functions and variables that are to be used
through out my program and to address those functions/variables I just
use $this-> .

Now I ran into a situation where class A needs to be extended with
another class. This is not my choice, it's part of a framework I have
to use.

Currently I solved this by doing this:

class A extends framework_class {
  $var core;

  // PHP4 constructor
  function A {
$this->core = new core();
$this->core->go();
  }
}

The question I have, is this a good solution, is it the only solution
or are there different ways to tackle this?
As you might see it needs to run in PHP4.



has to extend? if it *has* to extend then you have no choice, but you 
may want to look up on class inheritance, specifically inheritance vs 
composition.


also the "isa" / "hasa" rule /should/ always apply.

which one of the following is true
1: A isa framework_class_name
2: A hasa framework_class_name

if it's 1 then you extend
if it's 2 then A should contain an instance of framework_class

eg:
class A
{
  var $framework_class = new framework_class_name();
}

you can also always proxy the methods you need.

all in, this appears to be a design pattern issue and really can't help 
any more unless you give some specifics. (like the source of your 
classes and the framework class you need to extend)


regards,

nathan

incidentally, I play inheritance vs composition as game with my 4 year 
old son, and he's really good - the untainted mind of a child can easily 
solve things us older types find more complex.

eg: car isa wheel, car hasa wheel

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Check out system for Shopping Cart

2009-05-21 Thread Lex Braun

Vernon,

CC messages to php-general to keep responses on-list. See my comments
inline.

On Thu, May 21, 2009 at 12:06 PM, Vernon St.Croix wrote:

>
> I have amended as you advised and the mysqli errors are now gone. Thanks
> for that.
>
> I however have another one I can't get rid of:
>
>
> *Warning*: Invalid argument supplied for foreach() in *
> C:\wamp\www\draft\checkout.php* on line *53*
> Your order could not be processed.
>
>
> *checkout.php*
>
> 



>
>
> include ("mysql_connect.php");
>
> //Turn off autocommit
>
>
> $con = mysqli_connect ("localhost", "root", "", "rum");
>

> mysqli_autocommit($con, FALSE);
>
> //Add orders to the order table
>
> $sql = "INSERT INTO orders (user_id, total) VALUES ($user, $total)";
>
> $r = mysqli_query($con, $sql);
>



>
>  *   foreach ($_SESSION['cart'] as $id => $item){*
>
> $qty = $item['quantity'];
> $price = $item['price'];
>
> mysqli_stmt_execute($stmt);
>
> $affected += mysqli_stmt_affected_rows($stmt);
>
> }
>

The reason you're getting this warning is that foreach is expecting
$_SESSION['cart'] to be an array.  Do a print_r() or var_dump() of
$_SESSION['cart'] to see what is actually being passed to the function.

mysqli_stmt_close($stmt);
>
> if ($affected ==count($_SESSION['cart'])) {
>
> mysqli_commit($con);
>
> echo'Thank you for your order';
>
> }else{
>
> mysqli_rollback($con);
>
> echo'Your order could not be processed';
>
> }
>
> }else{
>
> mysqli_rollback($con);
>
> echo'System error';
>
> }
>
> mysqli_close($con);
>
>
>
>
> include ("footer.html");
>
>
> ?>
>
>
> VEE
>

-- Lex

Re: [PHP] -less layouts; Ideas welcome

2009-05-21 Thread Lists


Jim Lucas wrote:

Jim Lucas wrote:
Since this has been a topic of dicussion, I figured I would add my 
thoughts.


I have been toying with the idea of doing a -less layouts 
involving tabular data, calendars, etc...


Recent threads have finally made me do it.  Let me know what you think.



Hi Jim,

I personally like these kinds of experiments. One thing people are not
mentioning is that you now have greater and more efficient control over 
the look and feel of your layouts.


My only suggestion is maybe shorter naming conventions. :-)
That is because I type all day, and each character ends up weighing
into the time it takes to develop stuff.. (so 'table_th' could become
't_th', or even 't_h'). If you are going for easy to to read, then 
nevermind on this..

it's just a personal preference. ;-)

Donovan


--
  =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o
  D. BROOKE   EUCA Design Center
   WebDNA Software Corp.
  WEB:> http://www.euca.us  |   http://www.webdna.us
  =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o
  WebDNA: [** Square Bracket Utopia **]

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] -less layouts; Ideas welcome

On Thu, 2009-05-21 at 12:14 -0400, Eddie Drapkin wrote:
> I'd be more fond of unrolling some of those loops and feeding the data into
> a proper template than tweaking what looks like really half-arsed code.
> 
> On Thu, May 21, 2009 at 11:57 AM, Ashley Sheridan
> wrote:
> 
> > On Thu, 2009-05-21 at 10:44 -0500, Shawn McKenzie wrote:
> > > Ashley Sheridan wrote:
> > >  > Tedd, I've got a fairly simple calendar script in PHP here
> > > >
> > http://www.ashleysheridan.co.uk/coding.php?group=php&article=coding_php_calendar.phpwhich
> >  could be adapted fairly easily with the right tweaks.
> > > >
> > > >
> > > > Ash
> > > > www.ashleysheridan.co.uk
> > > >
> > >
> > > I cant get the calendar on your site to do anything.  No links and
> > > clicks do nothing.  FF 3.0.10 / Ubuntu.
> > >
> > > --
> > > Thanks!
> > > -Shawn
> > > http://www.spidean.com
> > >
> > Well, yeah, there isn't any events or anything attached to any day! Like
> > I said, easy enough to tweak and output a link on a particular date that
> > matches something in the database.
> >
> >
> > Ash
> > www.ashleysheridan.co.uk
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
How do you mean feeding it into a proper template?


Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: -less layouts; Ideas welcome

2009-05-21 Thread Daniele Grillenzoni


On 21/05/2009 10.02, Jim Lucas wrote:

Since this has been a topic of dicussion, I figured I would add my
thoughts.

I have been toying with the idea of doing a -less layouts
involving tabular data, calendars, etc...

Recent threads have finally made me do it. Let me know what you think.

http://www.cmsws.com/examples/templates/div_tables.php
http://www.cmsws.com/examples/templates/div_tables.phps (source for above)
http://www.cmsws.com/examples/templates/div_cal.php

When you turn off the styles, the calendar becomes pretty rough on the
eyes, but still "accessible".

Same thing with the tabular data structure.

But, not knowing how the various types of accessibility applications
work, I am guessing that the layout to an application trying to read it
should work fairly well. Let me know if I am way off the mark with my
thoughts.

If you want to respond off list, that if fine by me.

TIA

Table-less html is a silly idea. Semantic html where tables represent 
tables makes sense instead. A calendar IS a table, semantically 
speaking, so emulating it with css-p is useless torture.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP class question

2009-05-21 Thread Peter van der Does

I have the following situation.

I wrote some software and split it up into functionality:

class core {
  function go{
  }
}

class A extends core {
  // PHP4 constructor
  function A {
$this->go();
  }

}

class B extends core {
}

In core I define functions and variables that are to be used
through out my program and to address those functions/variables I just
use $this-> .

Now I ran into a situation where class A needs to be extended with
another class. This is not my choice, it's part of a framework I have
to use.

Currently I solved this by doing this:

class A extends framework_class {
  $var core;

  // PHP4 constructor
  function A {
$this->core = new core();
$this->core->go();
  }
}

The question I have, is this a good solution, is it the only solution
or are there different ways to tackle this?
As you might see it needs to run in PHP4.

-- 
Peter van der Does

GPG key: E77E8E98
IRC: Ganseki on irc.freenode.net
Blog: http://blog.avirtualhome.com
Forums: http://forums.avirtualhome.com
Jabber ID: pvanderd...@gmail.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] -less layouts; Ideas welcome

2009-05-21 Thread Eddie Drapkin

I'd be more fond of unrolling some of those loops and feeding the data into
a proper template than tweaking what looks like really half-arsed code.

On Thu, May 21, 2009 at 11:57 AM, Ashley Sheridan
wrote:

> On Thu, 2009-05-21 at 10:44 -0500, Shawn McKenzie wrote:
> > Ashley Sheridan wrote:
> >  > Tedd, I've got a fairly simple calendar script in PHP here
> > >
> http://www.ashleysheridan.co.uk/coding.php?group=php&article=coding_php_calendar.phpwhich
>  could be adapted fairly easily with the right tweaks.
> > >
> > >
> > > Ash
> > > www.ashleysheridan.co.uk
> > >
> >
> > I cant get the calendar on your site to do anything.  No links and
> > clicks do nothing.  FF 3.0.10 / Ubuntu.
> >
> > --
> > Thanks!
> > -Shawn
> > http://www.spidean.com
> >
> Well, yeah, there isn't any events or anything attached to any day! Like
> I said, easy enough to tweak and output a link on a particular date that
> matches something in the database.
>
>
> Ash
> www.ashleysheridan.co.uk
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] -less layouts; Ideas welcome

Ashley Sheridan wrote:
> On Thu, 2009-05-21 at 10:44 -0500, Shawn McKenzie wrote:
>> Ashley Sheridan wrote:
>>  > Tedd, I've got a fairly simple calendar script in PHP here
>>> http://www.ashleysheridan.co.uk/coding.php?group=php&article=coding_php_calendar.php
>>>  which could be adapted fairly easily with the right tweaks.
>>>
>>>
>>> Ash
>>> www.ashleysheridan.co.uk
>>>
>> I cant get the calendar on your site to do anything.  No links and
>> clicks do nothing.  FF 3.0.10 / Ubuntu.
>>
>> -- 
>> Thanks!
>> -Shawn
>> http://www.spidean.com
>>
> Well, yeah, there isn't any events or anything attached to any day! Like
> I said, easy enough to tweak and output a link on a particular date that
> matches something in the database.
> 
> 
> Ash
> www.ashleysheridan.co.uk
> 

OK, sorry.  I thought it was supposed to do something.  Nice never the less.

-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Azure SDK for PHP


haliphax wrote:

Microsoft's Azure cloud computing framework has now been exposed to
PHP. I haven't tested any of the features myself, but it seems like a
pretty interesting (and leverage-able) concept to work with... figured
I'd pass the word along.

http://phpazure.codeplex.com/



cheers for that - looks interesting, even if only for awareness sakes

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] -less layouts; Ideas welcome

2009-05-21 Thread Eddie Drapkin

Yeah, it doesn't work here, either.

On Thu, May 21, 2009 at 11:44 AM, Shawn McKenzie wrote:

> Ashley Sheridan wrote:
>  > Tedd, I've got a fairly simple calendar script in PHP here
> >
> http://www.ashleysheridan.co.uk/coding.php?group=php&article=coding_php_calendar.phpwhich
>  could be adapted fairly easily with the right tweaks.
> >
> >
> > Ash
> > www.ashleysheridan.co.uk
> >
>
> I cant get the calendar on your site to do anything.  No links and
> clicks do nothing.  FF 3.0.10 / Ubuntu.
>
> --
> Thanks!
> -Shawn
> http://www.spidean.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] -less layouts; Ideas welcome

On Thu, 2009-05-21 at 10:44 -0500, Shawn McKenzie wrote:
> Ashley Sheridan wrote:
>  > Tedd, I've got a fairly simple calendar script in PHP here
> > http://www.ashleysheridan.co.uk/coding.php?group=php&article=coding_php_calendar.php
> >  which could be adapted fairly easily with the right tweaks.
> > 
> > 
> > Ash
> > www.ashleysheridan.co.uk
> > 
> 
> I cant get the calendar on your site to do anything.  No links and
> clicks do nothing.  FF 3.0.10 / Ubuntu.
> 
> -- 
> Thanks!
> -Shawn
> http://www.spidean.com
> 
Well, yeah, there isn't any events or anything attached to any day! Like
I said, easy enough to tweak and output a link on a particular date that
matches something in the database.


Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] -less layouts; Ideas welcome

Ashley Sheridan wrote:
 > Tedd, I've got a fairly simple calendar script in PHP here
> http://www.ashleysheridan.co.uk/coding.php?group=php&article=coding_php_calendar.php
>  which could be adapted fairly easily with the right tweaks.
> 
> 
> Ash
> www.ashleysheridan.co.uk
> 

I cant get the calendar on your site to do anything.  No links and
clicks do nothing.  FF 3.0.10 / Ubuntu.

-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Azure SDK for PHP

2009-05-21 Thread haliphax

Microsoft's Azure cloud computing framework has now been exposed to
PHP. I haven't tested any of the features myself, but it seems like a
pretty interesting (and leverage-able) concept to work with... figured
I'd pass the word along.

http://phpazure.codeplex.com/


-- 
// Todd

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: PHP5 based Web-Chat?


Michelle Konzack wrote:

Hello Nathan,

Am 2009-05-21 13:44:38, schrieb Nathan Rixham:

Nothing :D




- anything php based would involve polling which will kill  
any server when trying to create a realtime chat environment
(1 request per second per chatter + 1 for each message send + normal  
hits) - so say 30 chatters and you have at a minimum 30 requests per  
second with all the weight and db hits they involve.


if you check  then you will see, they  refesh
only all 5-8 seconds.  Currently I have encountered a maximum  of  ~4800
users connected at once. I am already trying a small thing with 5 frames
imitating the above website and already used it with 10 clients at  once
which work on a Quad-Xeon (P3/550MHz/768MByte) on  a  2.5 MBit  Internet
connection.

in all honesty I'd recommend using openfire together with sparkweb or a  
custom client - that combo is premade, feature packed, opensource and  
can easily handle circa 50k users in realtime per server (connections  
and things aside). Additionally its a proper jabber server so you can  
have desktop clients, mods and of course full featured IM with custom  
addresses, openid and integrated in with yahoo, gtalk, msn, aol,  
*whatever* accounts as well.


I have a Jabber Server (Package "jabber"; Debian Distribution) installed
but no one want to use it...  Pidgin is working perfectly with it and is
available on ALL Operating Systems.

However, I need a Webinterface where People can connect to others een if
they have NO Laptop/Smartphone  with them.

Is there a USER Web-Interface to Jabber?

going down the php route is a complete waste of time imho (unless you  
are creating a custom php socket server which bypasses apache,  
implementing XMPP and connecting in the users client via flash, flex or  
a java client)


I was thinking on a Flash/Java solution too, but I do  not  know  HOW TO
create this Flash-Stuff and do not even code Java.


yours, not of a very strong opinion, nathan




hi - there is a load of really high quality open source flash (well as3) 
stuff, really you want to be using the ignite realtime / jive stuff


http://www.igniterealtime.org/projects/index.jsp

its all java and flash and open source.

openfire is a 2 minute install and all web based interfaces for admin - 
v good java server


sparkweb is a flex based web interface thats v good, has chat and im in 
it, again you just upload it and your done


xiff api is the as3 framework for flex and it's v good - it use it on a 
few sites and its so light its unreal + instant / realtime.


it's not worth bastardizing these old techs when you can have the 
cutting edge stuff set up in minutes (hours the first time). Even if you 
customise the ass off it and use a "bespoke" front end in flex / flash, 
you are still going to be much faster than the php route and a MUCH 
better end product that's light on the server.



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Shared memory - linx and PHP newbie

2009-05-21 Thread Daniel Brown

On Thu, May 21, 2009 at 10:15, Richard W  wrote:
>
> Any help will be greatly appreciated, especially answering 2) as to why I
> can't read the data.

Are you certain that the problem lies within the shmop reading?
Check to see if the file is actually being accessed properly, the key
is good from your ftok(), etc.  You may also want to make sure that
things as basic as permissions and 'who created' vs. 'who can read'
(since you're trying to run it from the web server) match up
appropriately.

With just a cursory glance, the shmop_read() piece itself looks
fine, which suggests to me that there may be other problems.  See if
the logs spit anything out, or try to debug the things with an `or
die("Here's the error.\n");` tacked onto the end of the suspected
lines.  If it's crashing out, consider a cachegrind or
debug_backtrace() run.

As for the memory being read, I'd agree that it does seem that it
is, since shm_open() is returning something other than FALSE, but that
doesn't mean that it's `=== TRUE` either.  It may instead be returning
a message or another unexpected result that, in empty(), may evaluate
to TRUE and allow it to echo out the message in your test condition.

-- 

daniel.br...@parasane.net || danbr...@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
50% Off All Shared Hosting Plans at PilotPig: Use Coupon DOW1

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: MYSQL 5 auto increment not working

2009-05-21 Thread Bastien Koert

On Thu, May 21, 2009 at 9:34 AM, Nathan Rixham  wrote:

> Leidago !Noabeb wrote:
>
>> Hi All
>>
>>
>> I know this is not strictly a PHP question, but i have a problem whenever
>> i
>> insert a record using PHP. Basically the auto increment field does not
>> work
>> at all. Here's the structure of the table that i'm using:
>>
>> CREATE TABLE `children` (
>>  `cid` int(4) NOT NULL auto_increment,
>>  `cname` char(50) default NULL,
>>  `csname` char(50) default NULL,
>>  PRIMARY KEY  (`cid`)
>> ) ENGINE=InnoDB
>>
>> I use PHP 5.1 and MYSQL 5
>>
>> I'm pretty sure the code i use to insert the data is sound since i've
>> tested
>> it with older versions of MYSQL.
>>
>> Has anyone else had similar problems?
>>
>>
> *works for me*
>
> check cid is empty in your insert statement
> check you haven't hit  rows, seeing as you are using int 4
> drop and recreate the table (or truncate)
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
openfire is something you may want to look at...it has a flash client in
there somewhere...also i believe you can find FLEX based IM chat code that
you can use

-- 

Bastien

Cat, the other other white meat

[PHP] Shared memory - linx and PHP newbie

2009-05-21 Thread Richard W

Hi

I have a query regarding shared memory created under Linux and then
accessing it by PHP script.

For my application, I have created a shared memory block in Debian Linux
using the shm_open(..), ftruncate(...) and mmap(...) function calls.

The shared memory block is of size 6304 bytes long. It is store 197 strings
of 32 characters long. I am confident that the shared memory block is
correctly created because when I go navigate to the /shm directory I
find the shared memory block called "/program.SCShared" present and it is of
size 6304 bytes. In addition to that, I have also written some strings to to
the shared memory, where each string starts at every 32 bytes. I have
verified that I can read these strings back successfully.

What I would like to do now is have some PHP script to read the strings out
of the shared memory so the strings can be displayed on a web page.

>From what I can gather from the PHP web site, it appears that I need to use
the shared memory functions as given in
http://au.php.net/manual/en/ref.shmop.php.

Specifically, since my strings start at 32-byte boundaries, the function:


string *shmop_read* ( int $shmid , int $start , int $count);

seems to be the ideal read routine to use. For example, if I want to read
the third string, I believe i write:


$shm_data = shmop_read($shmid, 64, 32);


Below is my code:

==




==

Running this script shows, it appears that I'm connecting to my shared
memory "/dev/shm/program.SCShared" because "Shared memory exists" is
displayed.

However, I get the following which I would like some help with:

1) The size of the memory block is returning 1 and not 6304 bytes as
expected. I believe 1 is the default size if the memory block is created
from scratch using *shm_attach. Does the same apply to shmop_open. If so,
why is it being created?*

2) The call $shm_data = shmop_read($shm_id, 0, 32), which reads the first
string, returns no result. Does any know why this is the case when I know
that there is a string there because I have added it there using some C
code.

3) Is there another way I can access these strings without using the
shmop_ routines? I have tried using shm_attach(...), shm_get_var(...),
but this seems to be too hard because it requires variable keys. Should I be
using MySQL?

Any help will be greatly appreciated, especially answering 2) as to why I
can't read the data.

Regards,
Richard.

Re: [PHP] -less layouts; Ideas welcome

On Thu, 2009-05-21 at 09:54 -0400, tedd wrote:
> At 1:02 AM -0700 5/21/09, Jim Lucas wrote:
> >Since this has been a topic of dicussion, I figured I would add my thoughts.
> >
> >I have been toying with the idea of doing a -less layouts 
> >involving tabular data, calendars, etc...
> >
> >Recent threads have finally made me do it.  Let me know what you think.
> >
> >http://www.cmsws.com/examples/templates/div_tables.php
> >http://www.cmsws.com/examples/templates/div_tables.phps (source for above)
> >http://www.cmsws.com/examples/templates/div_cal.php
> 
> Any source for the above?  :-)
> 
> Your work, as always, is top-notch.
> 
> I've tested both your table and calendar in other browsers and they 
> work quite well-- congratulations.
> 
> My thoughts are -- my understanding the reason why tables have 
> received such bad-press is that designers have abused tables in 
> holding designs together with nested tables AND in doing so made it 
> difficult for the visually disabled to pull content from the site. 
> Screen readers do not read the screen but rather read the source and 
> pull out of it what they (the screen reader program) think is 
> content. Translating nested tables becomes an impossible job for them.
> 
> In that light, if one compares your code with the amount of code to 
> do this with tables, I don't see much difference.
> 
> With tables, one uses  and  whereas your code uses  class="table_tr"> and   -- while you do it 
> nicely, I really don't see much difference in structure or verbosity.
> 
> Furthermore, styling your table as compared to a standard table is 
> nearly identical -- I don't see an advantage to either.
> 
> Additionally, and not of your doing, even the new css tables don't 
> solve this verbosity problem but instead offer more difficulties for 
> browsers -- such as Safari doesn't understand caption-side correctly.
> 
> In any event, I wouldn't mind seeing the php that creates your 
> calendar. I'm working on a project at the moment where I need to 
> review week, month, two-month, and three-month displays.
> 
> Cheers,
> 
> tedd
> 
> -- 
> ---
> http://sperling.com  http://ancientstones.com  http://earthstones.com
> 

Tedd, I've got a fairly simple calendar script in PHP here
http://www.ashleysheridan.co.uk/coding.php?group=php&article=coding_php_calendar.php
 which could be adapted fairly easily with the right tweaks.


Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: Fwd: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA INDATABASE

2009-05-21 Thread bruce

if you really want to get to the real low level details of an app...

unless you're dealing with an app that's seriously crunching, and extremely
sensitive to returning data to the user's browser in a timely manner, you
should write all replies back to a db/tbl... this would allow you as the
developer to have a complete trek of the actions/paths (to an extent) for
any potential debugging issue.



-Original Message-
From: Ashley Sheridan [mailto:a...@ashleysheridan.co.uk]
Sent: Thursday, May 21, 2009 7:00 AM
To: Sumit Sharma
Cc: php-general@lists.php.net
Subject: Re: Fwd: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA
INDATABASE


On Thu, 2009-05-21 at 19:17 +0530, Sumit Sharma wrote:
> One more thing, should I use @ for security purpose or not so that the use
> can reply me with the errors so that I can troubleshoot the problem more
> effectively.
>
>
> Sumit
>
> -- Forwarded message --
> From: Ashley Sheridan 
> Date: Thu, May 21, 2009 at 6:36 PM
> Subject: Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE
> To: Sumit Sharma 
> Cc: php-general@lists.php.net
>
>
> On Thu, 2009-05-21 at 18:22 +0530, Sumit Sharma wrote:
> > Hi,
> >
> > I am designing a php website for my client which interact with database.
> > This is my first project for any client (I hope he is not reading this
> mail
> > ;-)  ). I am a bit more concerned with database security. Can somebody
> shed
> > some light on the security measurements, precautions, and functions
> related
> > to database security in general to make sure that the data is safely
> stored
> > updated and retried from database. I have already used htmlentities(),
> > strip_tags(), addhashes(), and some regular expressions to check
security.
> > Looking for help beyond this.
> >
> >
> > Thanks in advance...
> > Sumit
>
> I'd advise using something like mysql_real_escape_string() (assuming you
> are using a MySQL database that is) on each variable of data before you
> insert it into the database. You could go further and validate specific
> data, so check that a field which you expect a number only contains a
> number, etc.
>
>
> Ash
> www.ashleysheridan.co.uk


I'd avoid using @ in favour of turning the errors off in your php.ini
or .htaccess, as there's no chance of you missing a statement here or
there.  It's generally accepted practice to have errors and warnings
turned off on a live server, and to only use them on development
servers.


Ash
www.ashleysheridan.co.uk


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] -less layouts; Ideas welcome

2009-05-21 Thread tedd

At 1:02 AM -0700 5/21/09, Jim Lucas wrote:

Since this has been a topic of dicussion, I figured I would add my thoughts.

I have been toying with the idea of doing a -less layouts
involving tabular data, calendars, etc...

Recent threads have finally made me do it. Let me know what you think.

http://www.cmsws.com/examples/templates/div_tables.php
http://www.cmsws.com/examples/templates/div_tables.phps (source for above)
http://www.cmsws.com/examples/templates/div_cal.php

Any source for the above? :-)

Your work, as always, is top-notch.

I've tested both your table and calendar in other browsers and they
work quite well-- congratulations.

My thoughts are -- my understanding the reason why tables have
received such bad-press is that designers have abused tables in
holding designs together with nested tables AND in doing so made it
difficult for the visually disabled to pull content from the site.
Screen readers do not read the screen but rather read the source and
pull out of it what they (the screen reader program) think is
content. Translating nested tables becomes an impossible job for them.

In that light, if one compares your code with the amount of code to
do this with tables, I don't see much difference.

With tables, one uses and whereas your code uses class="table_tr"> and -- while you do it
nicely, I really don't see much difference in structure or verbosity.

Furthermore, styling your table as compared to a standard table is
nearly identical -- I don't see an advantage to either.

Additionally, and not of your doing, even the new css tables don't
solve this verbosity problem but instead offer more difficulties for
browsers -- such as Safari doesn't understand caption-side correctly.

In any event, I wouldn't mind seeing the php that creates your
calendar. I'm working on a project at the moment where I need to
review week, month, two-month, and three-month displays.

Cheers,

tedd

--
---
http://sperling.com http://ancientstones.com http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Fwd: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE

On Thu, 2009-05-21 at 19:17 +0530, Sumit Sharma wrote:
> One more thing, should I use @ for security purpose or not so that the use
> can reply me with the errors so that I can troubleshoot the problem more
> effectively.
> 
> 
> Sumit
> 
> -- Forwarded message --
> From: Ashley Sheridan 
> Date: Thu, May 21, 2009 at 6:36 PM
> Subject: Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE
> To: Sumit Sharma 
> Cc: php-general@lists.php.net
> 
> 
> On Thu, 2009-05-21 at 18:22 +0530, Sumit Sharma wrote:
> > Hi,
> >
> > I am designing a php website for my client which interact with database.
> > This is my first project for any client (I hope he is not reading this
> mail
> > ;-)  ). I am a bit more concerned with database security. Can somebody
> shed
> > some light on the security measurements, precautions, and functions
> related
> > to database security in general to make sure that the data is safely
> stored
> > updated and retried from database. I have already used htmlentities(),
> > strip_tags(), addhashes(), and some regular expressions to check security.
> > Looking for help beyond this.
> >
> >
> > Thanks in advance...
> > Sumit
> 
> I'd advise using something like mysql_real_escape_string() (assuming you
> are using a MySQL database that is) on each variable of data before you
> insert it into the database. You could go further and validate specific
> data, so check that a field which you expect a number only contains a
> number, etc.
> 
> 
> Ash
> www.ashleysheridan.co.uk


I'd avoid using @ in favour of turning the errors off in your php.ini
or .htaccess, as there's no chance of you missing a statement here or
there.  It's generally accepted practice to have errors and warnings
turned off on a live server, and to only use them on development
servers.


Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] -less layouts; Ideas welcome

2009-05-21 Thread Paul M Foster

On Thu, May 21, 2009 at 01:02:07AM -0700, Jim Lucas wrote:

> Since this has been a topic of dicussion, I figured I would add my 
> thoughts.
>
> I have been toying with the idea of doing a -less layouts involving
> tabular data, calendars,
> etc...
>
> Recent threads have finally made me do it.  Let me know what you think.
>
> http://www.cmsws.com/examples/templates/div_tables.php
> http://www.cmsws.com/examples/templates/div_tables.phps (source for above)
> http://www.cmsws.com/examples/templates/div_cal.php
>
> When you turn off the styles, the calendar becomes pretty rough on the 
> eyes,
> but still "accessible".
>
> Same thing with the tabular data structure.
>
> But, not knowing how the various types of accessibility applications work,
> I am guessing that the
> layout to an application trying to read it should work fairly well.
> Let me know if I am way off the
> mark with my thoughts.
>
> If you want to respond off list, that if fine by me.

I have to agree with the other responders, that in both these cases, I
think even W3C would agree that tables are the proper matrix for what
you're doing. In fact, if styles were turned off, putting them in tables
would have them still display properly.

But for the record, this was good work. They look nice. ;-}

Paul

-- 
Paul M. Foster

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Fwd: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE

2009-05-21 Thread Sumit Sharma

One more thing, should I use @ for security purpose or not so that the use
can reply me with the errors so that I can troubleshoot the problem more
effectively.

Sumit

-- Forwarded message --
From: Ashley Sheridan 
Date: Thu, May 21, 2009 at 6:36 PM
Subject: Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE
To: Sumit Sharma 
Cc: php-general@lists.php.net

On Thu, 2009-05-21 at 18:22 +0530, Sumit Sharma wrote:
> Hi,
>
> I am designing a php website for my client which interact with database.
> This is my first project for any client (I hope he is not reading this
mail
> ;-)  ). I am a bit more concerned with database security. Can somebody
shed
> some light on the security measurements, precautions, and functions
related
> to database security in general to make sure that the data is safely
stored
> updated and retried from database. I have already used htmlentities(),
> strip_tags(), addhashes(), and some regular expressions to check security.
> Looking for help beyond this.
>
>
> Thanks in advance...
> Sumit

I'd advise using something like mysql_real_escape_string() (assuming you
are using a MySQL database that is) on each variable of data before you
insert it into the database. You could go further and validate specific
data, so check that a field which you expect a number only contains a
number, etc.

Ash
www.ashleysheridan.co.uk

[PHP] Re: PHP5 based Web-Chat?

2009-05-21 Thread Michelle Konzack

Hello Nathan,

Am 2009-05-21 13:44:38, schrieb Nathan Rixham:
> Nothing :D



> - anything php based would involve polling which will kill  
> any server when trying to create a realtime chat environment
> (1 request per second per chatter + 1 for each message send + normal  
> hits) - so say 30 chatters and you have at a minimum 30 requests per  
> second with all the weight and db hits they involve.

if you check  then you will see, they  refesh
only all 5-8 seconds.  Currently I have encountered a maximum  of  ~4800
users connected at once. I am already trying a small thing with 5 frames
imitating the above website and already used it with 10 clients at  once
which work on a Quad-Xeon (P3/550MHz/768MByte) on  a  2.5 MBit  Internet
connection.

> in all honesty I'd recommend using openfire together with sparkweb or a  
> custom client - that combo is premade, feature packed, opensource and  
> can easily handle circa 50k users in realtime per server (connections  
> and things aside). Additionally its a proper jabber server so you can  
> have desktop clients, mods and of course full featured IM with custom  
> addresses, openid and integrated in with yahoo, gtalk, msn, aol,  
> *whatever* accounts as well.

I have a Jabber Server (Package "jabber"; Debian Distribution) installed
but no one want to use it...  Pidgin is working perfectly with it and is
available on ALL Operating Systems.

However, I need a Webinterface where People can connect to others een if
they have NO Laptop/Smartphone  with them.

Is there a USER Web-Interface to Jabber?

> going down the php route is a complete waste of time imho (unless you  
> are creating a custom php socket server which bypasses apache,  
> implementing XMPP and connecting in the users client via flash, flex or  
> a java client)

I was thinking on a Flash/Java solution too, but I do  not  know  HOW TO
create this Flash-Stuff and do not even code Java.

> yours, not of a very strong opinion, nathan

Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
Tamay Dogan Network
Debian GNU/Linux Consultant

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
# Debian GNU/Linux Consultant #
 Michelle Konzack
   Apt. 917
   50, rue de Soultz
Jabber linux4miche...@jabber.ccc.de   67100 Strasbourg/France
IRC #Debian (irc.icq.com) Tel. DE: +49 177 9351947
ICQ #328449886Tel. FR: +33  6  61925193


signature.pgp
Description: Digital signature

Re: [PHP] Re: -less layouts; Ideas welcome

2009-05-21 Thread Tom Worster

On 5/21/09 5:06 AM, "O. Lavell"  wrote:

> Jim Lucas wrote:
> 
>> Since this has been a topic of dicussion, I figured I would add my
>> thoughts.
>> 
>> I have been toying with the idea of doing a -less layouts
>> involving tabular data, calendars, etc...
> 
> Why?

it's a zen practice.



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] product listing columns

2009-05-21 Thread Tom Worster

On 5/21/09 3:05 AM, "Ashley Sheridan"  wrote:

> I'm advocating tables on this one, as it is pretty much tabular data.

i too would put a table of product data in an html table.



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: MYSQL 5 auto increment not working


Leidago !Noabeb wrote:

Hi All


I know this is not strictly a PHP question, but i have a problem whenever i
insert a record using PHP. Basically the auto increment field does not work
at all. Here's the structure of the table that i'm using:

CREATE TABLE `children` (
  `cid` int(4) NOT NULL auto_increment,
  `cname` char(50) default NULL,
  `csname` char(50) default NULL,
  PRIMARY KEY  (`cid`)
) ENGINE=InnoDB

I use PHP 5.1 and MYSQL 5

I'm pretty sure the code i use to insert the data is sound since i've tested
it with older versions of MYSQL.

Has anyone else had similar problems?



*works for me*

check cid is empty in your insert statement
check you haven't hit  rows, seeing as you are using int 4
drop and recreate the table (or truncate)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MYSQL 5 auto increment not working

2009-05-21 Thread Per Jessen

Leidago !Noabeb wrote:

> Hi All
> 
> I know this is not strictly a PHP question, but i have a problem
> whenever i insert a record using PHP. Basically the auto increment
> field does not work at all. Here's the structure of the table that i'm
> using:
> 
> CREATE TABLE `children` (
>   `cid` int(4) NOT NULL auto_increment,
>   `cname` char(50) default NULL,
>   `csname` char(50) default NULL,
>   PRIMARY KEY  (`cid`)
> ) ENGINE=InnoDB
> 
> I use PHP 5.1 and MYSQL 5

I've just tried creating that table and doing a few inserts - works just
fine here - mysql 5.0.26.


/Per


-- 
Per Jessen, Zürich (26.7°C)


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Check out system for Shopping Cart

2009-05-21 Thread Lex Braun

On Thu, May 21, 2009 at 7:32 AM, Vernon St.Croix wrote:

> *Warning*: mysqli_query() expects parameter 1 to be mysqli, object given
> in *C:\wamp\www\draft\checkout.php* on line *26*
>
> ***for the script
>
> 
> include("mysql.class.php");
>
> include ("header.php");
>
>
>
> //include ("functions.php");
>
> $user = 1;
> $total = 178.93;
>
> include ("mysql_connect.php");
>
> //Turn off autocommit
>
> //mysql_autocommit($con, FALSE);
>
> //Add orders to the order table
>
> $sql = "INSERT INTO orders (user_id, total) VALUES ($user, $total)";
>
> $r = mysqli_query($con, $sql);*

The warning message is saying that it's expecting the first parameter you
passed in mysqli_query() to be a mysqli link identifier, i.e., that the
variable $con used in the line above be your connection to the database.
Somewhere before this function call, you need to set $con:

$con = *mysqli_connect* ($host, $username, $passwd, $dbname);

-- Lex

Re: [PHP] MYSQL 5 auto increment not working

2009-05-21 Thread Bruno Fajardo

2009/5/21 Leidago !Noabeb 

> Hi All
>
>
> I know this is not strictly a PHP question, but i have a problem whenever i
> insert a record using PHP. Basically the auto increment field does not work
> at all. Here's the structure of the table that i'm using:
>
> CREATE TABLE `children` (
>  `cid` int(4) NOT NULL auto_increment,
>  `cname` char(50) default NULL,
>  `csname` char(50) default NULL,
>  PRIMARY KEY  (`cid`)
> ) ENGINE=InnoDB
>
> I use PHP 5.1 and MYSQL 5
>
> I'm pretty sure the code i use to insert the data is sound since i've
> tested
> it with older versions of MYSQL.
>
> Has anyone else had similar problems?


Did you left empty the field `cid` (PK) in your INSERT statement?

[PHP] MYSQL 5 auto increment not working

2009-05-21 Thread Leidago !Noabeb

Hi All


I know this is not strictly a PHP question, but i have a problem whenever i
insert a record using PHP. Basically the auto increment field does not work
at all. Here's the structure of the table that i'm using:

CREATE TABLE `children` (
  `cid` int(4) NOT NULL auto_increment,
  `cname` char(50) default NULL,
  `csname` char(50) default NULL,
  PRIMARY KEY  (`cid`)
) ENGINE=InnoDB

I use PHP 5.1 and MYSQL 5

I'm pretty sure the code i use to insert the data is sound since i've tested
it with older versions of MYSQL.

Has anyone else had similar problems?

Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE

On Thu, 2009-05-21 at 18:22 +0530, Sumit Sharma wrote:
> Hi,
> 
> I am designing a php website for my client which interact with database.
> This is my first project for any client (I hope he is not reading this mail
> ;-)  ). I am a bit more concerned with database security. Can somebody shed
> some light on the security measurements, precautions, and functions related
> to database security in general to make sure that the data is safely stored
> updated and retried from database. I have already used htmlentities(),
> strip_tags(), addhashes(), and some regular expressions to check security.
> Looking for help beyond this.
> 
> 
> Thanks in advance...
> Sumit

I'd advise using something like mysql_real_escape_string() (assuming you
are using a MySQL database that is) on each variable of data before you
insert it into the database. You could go further and validate specific
data, so check that a field which you expect a number only contains a
number, etc.


Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE

2009-05-21 Thread Sumit Sharma

Hi,

I am designing a php website for my client which interact with database.
This is my first project for any client (I hope he is not reading this mail
;-)  ). I am a bit more concerned with database security. Can somebody shed
some light on the security measurements, precautions, and functions related
to database security in general to make sure that the data is safely stored
updated and retried from database. I have already used htmlentities(),
strip_tags(), addhashes(), and some regular expressions to check security.
Looking for help beyond this.


Thanks in advance...
Sumit

[PHP] Re: PHP5 based Web-Chat?