Re: [PHP] Progressbar

[Tom Sparks]

have you looked at http://postlet.com/ ?

tom_a_sparks

Please avoid sending me Word or PowerPoint attachments.
but instead use OpenDocument File Formats or 
use OpenOffice
http://en.wikipedia.org/wiki/OpenDocument
http://en.wikipedia.org/wiki/OpenOffice.org
http://www.gnu.org/philosophy/no-word-attachments.html


--- On Wed, 24/6/09, Teun Lassche  wrote:

> From: Teun Lassche 
> Subject: [PHP] Progressbar
> To: php-general@lists.php.net
> Received: Wednesday, 24 June, 2009, 3:55 PM
> I'm making an upload script with PHP,
> is there a way I can show a
> progressbar while uploading?
> 
> -- 
> Teun Lassche
> Bill Cosby  
> -
> "A word to the wise ain't necessary - it's the stupid ones
> that need the
> advice."
> 


  Access Yahoo!7 Mail on your mobile. Anytime. Anywhere.
Show me how: http://au.mobile.yahoo.com/mail

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Progressbar

[Teun Lassche]

I'm making an upload script with PHP, is there a way I can show a
progressbar while uploading?

-- 
Teun Lassche
Bill Cosby   -
"A word to the wise ain't necessary - it's the stupid ones that need the
advice."

Re: [PHP] anyone using session_mysql successfully

[Michael A. Peters]

Randy Paries wrote:

Hello,
i am trying to get session_mysql

http://websupport.sk/~stanojr/projects/session_mysql/

It configured, compiled and installed ok (no errors anyways)

but i am getting an error
session_start() [function.session-start]: Cannot find
save handler mysql in

I was hoping someone in the group was using this and has seen the error

Thanks
Randy



Not sure about your problem but you shouldn't need to use a compiled 
module to use MySQL (or any other database) for sessions.


There are several tutorials on the web, not of which involve compiling 
squat.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] anyone using session_mysql successfully

[Randy Paries]

Hello,
i am trying to get session_mysql

http://websupport.sk/~stanojr/projects/session_mysql/

It configured, compiled and installed ok (no errors anyways)

but i am getting an error
session_start() [function.session-start]: Cannot find
save handler mysql in

I was hoping someone in the group was using this and has seen the error

Thanks
Randy

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Deleting a file after download/upload

[Shawn McKenzie]

Parham Doustdar wrote:
> Hi there,
> I am writing a PHP FTP client for my project. I want to put a "download" 
> option and an "upload"" option, but I don't know how. My problem is this:
> How can I make the server the PHP script is on delete the file after 
> uploading it to the SFTP, or after the user has finished downloading it from 
> the server the PHP script is on?
> Let me put the question this way.
> My server connects to an FTP. Then, it downloads a file from the FTP, and 
> then sends me the link to that temperary file on the server. Now, when I 
> download it from my server, my script should delete the file. How can I make 
> it wait until the download of the file is finished?
> Same goes for uploading.
> Thanks!
> 

Well if you write a download script, then you can delete it at the end
and it won't be deleted until after the download completes:

//Do your ftp from remote to local'/path/to/file.ext'
exec('ftp_get.sh remotefile.ext /path/to/file.ext);
//or
$conn_id = ftp_connect($ftp_server);
$login_result = ftp_login($conn_id, $ftp_user_name, $ftp_user_pass);
ftp_gett($conn_id, '/path/to/file.ext', $server_file, FTP_BINARY)
ftp_close($conn_id);



For upload, depending upon how you're doing it, a call to unlink()
shouldn't execute until your FTP is done and exited:



-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: XSS Preventing.

[Martin Zvarík]

Philip Thompson napsal(a):

On Jun 23, 2009, at 9:29 AM, Martin Zvarík wrote:


Don't htmlentiies() before DB save.  In general:
- mysql_real_escape_string() before DB insertion
- htmlentities() before dispaly



I, on the other hand, would do htmlentities() BEFORE insertion.


Pros:
---
The text is processed once and doesn't have to be htmlentitied() 
everytime you read the database - what a stupid waste of performance 
anyway.



Cons:
---
Instead "&" you'll see "&" ... is that a problem? Not for me and I 
believe 80% of others who use DB to store & view on web.


I had a problem with storing & into the database instead of just &. 
When I wanted to search for something and "&" was in the value, 
typing "&" would not find the result. I fixed that by not using 
htmlentities() before inputing data into the database. IMO, using 
htmlentities() or htmlspecialchars() before inserting into db is 
inherently wrong. Making calls to those functions should have negligible 
impact on the application - there are other ways to improve the 
performance of your application.


My too scents,
~Philip



Martin



You could do htmlentities() at the search string...

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] resubmit form after validation error

[Shawn McKenzie]

PJ wrote:
> Shawn McKenzie wrote:
>> PJ wrote:
>>   
>>> Caner Bulut wrote:
>>> 
 Hi PJ,

 You can use the structure following

 $bid = htmlentities($_GET['id']);

   
>>> the code below
>>> 
 if(empty($bid) {
 $bid=0;
 }
   
>>> produces an empty screen with no error messages...
>>> I have been having some trouble understanding "empty()" -- it doesn't
>>> seem to want to work for me in any situation
>>> 
>> YOU, always need to have error_reporting on and display errors on, and
>> also be logging errors so that you can see parse errors in the log.
>> Always check the log after a "empty screen".  I've seen many posts from
>> you where you get a blank, empty, white screen.  This is most always a
>> parse error!.  Get an editor that will show you bad syntax like the
>> above.  It is a freaking parse error because you don't have matched
>> parentheses!
>>
>>   
> Shawn, I always have error_reporting on and display errors on.
> Ok, I didn't see the error above; but in my defense (no defense really),
> I should have thought about it) i just copied the code I was given.
> Dumb, dumb, dumb. Thanks for pointing it out.
> And yes, I do have a lot of problems with curly braces & parentheses.
> I eventually do find them... but...
> I have been thinking about what editor would show me bad syntax...
> I've been using HOMESITE+ for no other reason than that it allows me to
> switch between files quickly ... I do have Netbeans, but it screwed me
> once when I accidentally closed it and I lost the whole file and had to
> redo it all, so I'm a bit wary...
> And I'm not too keen on getting into some IDE... tried them and found
> them cumbersome to set up & learn.
> Any suggestions?
> 

If you are on Winbloze, I thing the free notepad++ has syntax
highlighting for PHP.

-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] supplied argument errors

[Shawn McKenzie]

kranthi wrote:
> the code works?
> 
> the above warnings suggest that ter is a mysql syntax error.
> 
> moreover the documentation of mysql_affected_rows suggests that u should
> supply a valid recource identifier but not a mysql result resource.
> i.e., the above should be mysql_affected_rows($db)
> 

Yes, so:

1.  It was an UPDATE and not a SELECT, how would it return any f'ing
rows?!?! $rows is either TRUE or FALSE, because it returns whether the
UPDATE was successful or not.

2. Please read the f'ing manual about what kranthi said!

-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP module "portability" on OSX 10.4

[Matt Neimeyer]

I know this is a bit OS specific but it's for PHP so I'm hoping
someone here has run into it before and can answer.

I've compiled php_gd.so for use on an XServe running OSX 10.4. It
works fine there. When I copy it to another XServe it fails because of
missing dependencies (don't remember the exact error but that was the
jist of it).

I used otool -L php_gd.so and got the following...

php_gd.so:
/usr/local/lib/libpng12.0.dylib (compatibility version 33.0.0,
current version 33.0.0)
/usr/lib/libz.1.dylib (compatibility version 1.0.0, current
version 1.2.3)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0,
current version 88.1.11)

libz.1.dylib and libSystem.B.dylib exist on a "raw" machine so I
assume it's just the libpng.

So... Can I just ALSO copy the libpng file, drop it in the right place
and have it work? It seems like it should work... but at the same
time, something in my head is telling me it shouldn't work...

Barring that does anyone have steps "written down" that I can follow
to compile php_gd.so with libpng compiled in somehow so it is only one
file?

Thanks in advance!

Matt

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Using large multi dimenstional arrays in js

[Simon]

you could pack the array into a string and decode that later, using
json prolly...

Or, you could output the data to XML and load the xml file in an
iframe, then browse through the iframe's DOM structure to get the
values you need.


On Wed, Jun 17, 2009 at 6:32 PM, Sancar Saran wrote:
> Hello all,
>
> My new project needs to use large multi dimenstional php arrays in javascript.
>
> I'm not sure how to do it.
>
> Is there any lead or any one give a clue.
>
> Regards
>
> Sancar
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)

[Michael A. Peters]

Bob McConnell wrote:



I have recently been told that we are switching from compiling Apache,
PHP and PostgreSQL ourselves to only using the official RedHat RPMs on
our production servers[*]. 


*snip*



[*] No, I don't like this at all. I see it as the antithesis of both the
Open Source and Free Software philosophies. It means we give up control
of some of the options we were selecting at compile time and have to
settle for somebody else's idea of the perfect server. I fully expect it
will come back to bite us at some point.



It's probably a paid support issue.
If they are going with RHEL instead of a free distribution, they 
probably are doing so for the support RHEL offers.


As soon as you modify the applications, Red Hat understandably refuses 
to support the modified applications, thus neutering the point of using 
RHEL.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)

[Michael A. Peters]

Robert Cummings wrote:

Michael A. Peters wrote:

Manuel Aude wrote:
I'm giving a PHP course next semester (3 hours all saturdays for 22 
weeks)
and I just realized that PHP 5.3 is coming very soon (2 days now!). 
So, my
plans of teaching PHP 5.2 are starting to change, and I think it's a 
good

idea to teach them 5.3 already.

While the majority of the students use Windows, I'm aware that a vast 
amount

will be using Ubuntu/Debian (and some use Gentoo, Fedora and Arch)
distributions of Linux, so I'm hoping there won't be too many 
problems on

installation. I don't want to waste the entire first class fixing
installation problems, because that kills the student's motivation.

The course starts on August, but I'm preparing it during the last two 
weeks
of July. You think that installation packages will be bulletproof by 
then?
Or should I just teach 5.2 and wait for another semester before 
starting on
5.3? I mean, most hosts will remain with PHP 5.2 for the rest of the 
year,

so I'm a bit confused on what I should do.

I'm just a university student that wants to spread PHP, for I've been 
using

it for many years now =)

Thanks for the advices,
Mamsaac



Many hosts are still on php 5.1.x (IE RHEL based hosts).
I would be worried that many popular classes and apps might be quirky 
under 5.3.


I've not played with it at all, and probably won't for some time, but 
I've been bitten by that more than once.


Nice thing about 5.2.x as far as linux goes anyway, installing it is 
cake from the package repositories. Using package repositories for php 
installs is suggested as security fixes can be updated with ease.


As someone running a newer version of php (5.2.9) than what my distro 
ships with, here are some of the issues:


A) I needed to create packages so that I could RPM install various 
stuff, like Squirelmail, etc. - and get the security updates for them 
from my OS vendor (CentOS or EPEL repods). So to do that, I used the 
Fedora src.rpm.


B) When building php rpm's on my system, the %check portion of the 
spec file (runs make test I believe) fails sometimes if there is an 
existing php install. To solve that, you have to build it in mock.


C) Mock needs a lot of disk space and will download a lot of packages, 
if you don't local mirror the update repositories, it can be really 
time consuming. Furthermore, occasionally the build list for mock is 
broken making it un-usable for package building.


I have to use 5.2.x because I need a pecl extension that does not work 
with 5.1.x - and building rpm myself lets me add suhosin patch (to the 
fedora spec file) but unless your Linux students want to do absolutely 
everything php by source and not have anything installed from the 
package managers that rely on php, I would highly suggest that they 
use whatever version of php their distro of choice has in its stable 
repositories.


-=-

Since you are teaching students, one pet peeve of mine that I see in 
web app after web app after web app - they have an admin interface 
that writes a php file which the app then parses as php. Often they 
even instruct the person installing the web app to have 777 
permissions of directories and/or files within the web root.


There's a better way. Either store the configuration settings in a 
database (obviously can't store database connection setting in the 
database ...) or store them in an xml file, not php.


You can write and read the xml file with any number of existing php 
functions. And the config file should not be in the web root, nothing 
the web server can write to should be in the document root.


Applications (like Gallery and I think joomla and wordpress) often 
want write permission to the document root so they can have a web 
interface to install/update their modules - but it creates a security 
risk. It's better to install the modules you want from a distro vendor 
repository so you can keep them up to date that way, and hence, it's 
better to use a packaged php install so that the dependencies are met.


Sorry for rambling, but the trend of web server having write 
permissions to files the web server then executes (and often in the 
web root) is a trend that needs to stop. So flunk the students that do 
it ;)


And how do you propose people get around open_basedir restrictions which 
is common in many Plesk environments?


There is nothing wrong with having the above mentioned write access if 
it is properly protected.


Nothing wrong other than any vulnerability in apache (or a module apache 
loads or cgi/server script code) that allows a malicious user to write 
data as the apache user can now do so inside the web root where they can 
then request it causing php/perl/python/whatever to execute the code 
they just wrote.


Every single web host I have ever used that has a shell account given me 
a directory that is not inside the web root.


IE my login home dir might be /srv/www.mydomain.com/

The documentroot would likely be /srv/www.mydomain

Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)

[Manuel Aude]

Let's put it this way: MVC frameworks with namespaces are going to change a
lot. The architecture can be made much cleaner and class names won't have to
be so long (Zend_Db_Adapter_Db2_Exception), for instance.

The design part of coding is __VERY__ important, and this changes are
specially for that. See PHAR extension, which will be enabled now, which
allows for easier distribution of software. And closures, which simply have
so many uses in design and save you from clustering your code with too many
function names.

Sure, it doesn't change the language, and it doesn't really break apps that
were written in PHP 5.2, but if you're going to design an application,
thinking about this options is very useful.

Too bad we don't get Traits yet =( Horizontal re-use is very nice.


> Robert Cummings wrote:
>
> > Per Jessen wrote:
> >> Manuel Aude wrote:
> >>
> >>> I'm giving a PHP course next semester (3 hours all saturdays for 22
> >>> weeks) and I just realized that PHP 5.3 is coming very soon (2 days
> >>> now!). So, my plans of teaching PHP 5.2 are starting to change, and
> >>> I think it's a good idea to teach them 5.3 already.
> >>
> >> Does it _really_ matter which one? I can't imagine there are that
> >> many revolutionary changes in a dot-release.
> >
> > Given the naming of PHP versions of PHP-x.y.z, I would agree that not
> > much changes between versions at the .z level. But at the .y level
> > there are usually significant changes.
> >
> > Coming to a PHP 5.3 near you are the following notable features:
> >
> > - namespaces
> > - closures
> > - late static binding
> > - garbage collector to handle cyclic references
> > - PHAR
> > - goto
>
> I hadn't actually seen/studied the list, but apart from the goto, I
> don't consider any of those revolutionary :-)
>
>
> /Per
>

Re: [PHP] supplied argument errors

[kranthi]

the code works?

the above warnings suggest that ter is a mysql syntax error.

moreover the documentation of mysql_affected_rows suggests that u should
supply a valid recource identifier but not a mysql result resource.
i.e., the above should be mysql_affected_rows($db)

Re: [PHP] modifying within foreach

[Martin Scotta]

AddBrainHandler x-httpd-php5 .php

On Tue, Jun 23, 2009 at 4:25 PM, Robert Cummings wrote:

> Ashley Sheridan wrote:
>
>> On Tue, 2009-06-23 at 15:07 -0400, Eddie Drapkin wrote:
>>
>>> It's just foreach($foo as $key => &$item) { }
>>>
>>> You can't assign the key by reference >.>
>>>
>>> On Tue, Jun 23, 2009 at 3:04 PM, Ashley
>>> Sheridan wrote:
>>>
 On Tue, 2009-06-23 at 12:56 -0600, kirk.john...@zootweb.com wrote:

> Andres Gonzalez  wrote on 06/23/2009 12:26:38
> PM:
>
>  I want to modify $results within the foreach. In other words,
>> during a given pass of this iteration, I want to delete some
>> of the items based on particular conditions. Then on the next
>> pass thru the foreach, I want $results to be the newer, modified
>> array.
>>
>> This does not seem to work. It appears that the foreach statement
>> is implemented such that $results is read into memory at the start
>> so that any modifications I make to it during a given pass, are
>> ignored
>> on the next pass. Is this true?
>>
> foreach works on a copy of an array, so the behavior you saw is
> expected.
> See the online manual.
>
> You could use a while loop, or, instead of unset-ing elements of
> $results,
> store the elements you want to keep into a new array.
>
> Kirk
>
 What about passing it by reference?

 foreach($results as &$key => &$item)
 {
   // modify items here
 }

 Thanks
 Ash
 www.ashleysheridan.co.uk


 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php



>> Yeah, hehe, I was trying to remember off the top of my head, and
>> obviously forgot! :p
>>
>> *slaps self*
>>
>
> Your brain is in PHP4 mode...
>
> *slaps Ashley*
>
> >:)
>
> Cheers,
> Rob.
> --
> http://www.interjinn.com
> Application and Templating Framework for PHP
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
Martin Scotta

Re: [PHP] supplied argument errors

[Lex Braun]

On Tue, Jun 23, 2009 at 4:10 PM, PJ  wrote:

> I think there is something I do not understand in the manual about
> mysql_fetch_assoc(), mysql_affected_rows()
> The code works, but I get these annoying messages.
> snippet:
>

What are the warnings?

Re: [PHP] modifying within foreach

[Eddie Drapkin]

It's just foreach($foo as $key => &$item) { }

You can't assign the key by reference >.>

On Tue, Jun 23, 2009 at 3:04 PM, Ashley
Sheridan wrote:
> On Tue, 2009-06-23 at 12:56 -0600, kirk.john...@zootweb.com wrote:
>> Andres Gonzalez  wrote on 06/23/2009 12:26:38 PM:
>>
>> > I want to modify $results within the foreach. In other words,
>> > during a given pass of this iteration, I want to delete some
>> > of the items based on particular conditions. Then on the next
>> > pass thru the foreach, I want $results to be the newer, modified
>> > array.
>> >
>> > This does not seem to work. It appears that the foreach statement
>> > is implemented such that $results is read into memory at the start
>> > so that any modifications I make to it during a given pass, are ignored
>> > on the next pass. Is this true?
>>
>> foreach works on a copy of an array, so the behavior you saw is expected.
>> See the online manual.
>>
>> You could use a while loop, or, instead of unset-ing elements of $results,
>> store the elements you want to keep into a new array.
>>
>> Kirk
>
> What about passing it by reference?
>
> foreach($results as &$key => &$item)
> {
>    // modify items here
> }
>
> Thanks
> Ash
> www.ashleysheridan.co.uk
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] delete & insert ?

[Bastien Koert]

On Tue, Jun 23, 2009 at 4:20 PM, PJ wrote:
> I just had a bright idea ???
> Am doing editing file for book entries; it occurs to me (now that I am
> practically finished) that it might be much simpler to delete entries
> and just insert rather than going through the rigamarole of checking if
> the new entries exist and if and if and if... just delete & insert -
> less code, less headaches... or is this a cute fantasy & I should get
> myself locked up?
> Guys, don't go overboard on this... I know I'm leaving myself wide open :-P
>
> --
> Hervé Kempf: "Pour sauver la planète, sortez du capitalisme."
> -
> Phil Jourdan --- p...@ptahhotep.com
>   http://www.ptahhotep.com
>   http://www.chiccantine.com/andypantry.php
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Try using the REPLACE statement if you are using mysql... it will
allow automatic update without the UPDATE syntax and inserts if the
key id is not there

-- 

Bastien

Cat, the other other white meat

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] supplied argument errors

[PJ]

Lex Braun wrote:
>
>
> On Tue, Jun 23, 2009 at 4:10 PM, PJ  > wrote:
>
> I think there is something I do not understand in the manual about
> mysql_fetch_assoc(), mysql_affected_rows()
> The code works, but I get these annoying messages.
> snippet:
>
> 
> What are the warnings?
1 .supplied argument is not a valid MySQL result resource
2. supplied argument is not a valid MySQL-link resource

snippet:
$result = mysql_query($sql, $db); // this is following an UPDATE
  $row = mysql_fetch_assoc($result); // warning... 1.
  if (mysql_affected_rows($result) !== -1) //warning...2.
print_r($result); // returns 1

another:
 $sql = "DELETE FROM book_categories WHERE bookID = $bid";
$result = mysql_query($sql, $db); // warning...1.
  $row = mysql_fetch_assoc($result); // warning...1.
if (mysql_num_rows($result) !== 0) {
the last:
  $result = mysql_query($sql,$db); // following an INSERT
if (mysql_affected_rows($result) == -1) {  // warning2.



-- 
Hervé Kempf: "Pour sauver la planète, sortez du capitalisme."
-
Phil Jourdan --- p...@ptahhotep.com
   http://www.ptahhotep.com
   http://www.chiccantine.com/andypantry.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] delete & insert ?

[PJ]

I just had a bright idea ???
Am doing editing file for book entries; it occurs to me (now that I am
practically finished) that it might be much simpler to delete entries
and just insert rather than going through the rigamarole of checking if
the new entries exist and if and if and if... just delete & insert -
less code, less headaches... or is this a cute fantasy & I should get
myself locked up?
Guys, don't go overboard on this... I know I'm leaving myself wide open :-P

-- 
Hervé Kempf: "Pour sauver la planète, sortez du capitalisme."
-
Phil Jourdan --- p...@ptahhotep.com
   http://www.ptahhotep.com
   http://www.chiccantine.com/andypantry.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] supplied argument errors

[PJ]

I think there is something I do not understand in the manual about
mysql_fetch_assoc(), mysql_affected_rows()
The code works, but I get these annoying messages.
snippet:
$result = mysql_query($sql, $db); // this is following an UPDATE
  $row = mysql_fetch_assoc($result); // warning...
  if (mysql_affected_rows($result) !== -1) //warning...
print_r($result); // returns 1

another:
 $sql = "DELETE FROM book_categories WHERE bookID = $bid";
$result = mysql_query($sql, $db); // warning...
  $row = mysql_fetch_assoc($result); // warning...
if (mysql_num_rows($result) !== 0) {
the last:
  $result = mysql_query($sql,$db); // following an INSERT
if (mysql_affected_rows($result) == -1) {  // warning

I have read the manual entries but I think I could use some
clarification/explanation.
TIA

-- 
Hervé Kempf: "Pour sauver la planète, sortez du capitalisme."
-
Phil Jourdan --- p...@ptahhotep.com
   http://www.ptahhotep.com
   http://www.chiccantine.com/andypantry.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] iCal Attachment Format ?

[Daevid Vincent]

I had to do this for a party page I created... Here's the splash of code I
use (please keep in mind I wrote this like 5 years ago, so it's pretty
ass-code, but it works and I don't care enough about it to clean it up):

if (isset($_GET['id']) && intval($_GET['id'] > 0))
{
$sql = "SELECT *,
UNIX_TIMESTAMP(party_date) AS start,
UNIX_TIMESTAMP(DATE_ADD(party_date, INTERVAL 3
HOUR)) AS end,
UNIX_TIMESTAMP(DATE_ADD(party_date, INTERVAL 7
HOUR)) AS GMTstart,
UNIX_TIMESTAMP(DATE_ADD(DATE_ADD(party_date,
INTERVAL 3 HOUR), INTERVAL 7 HOUR)) AS GMTend,
UNIX_TIMESTAMP(DATE_ADD(NOW(), INTERVAL 7 HOUR)) AS
GMTnow
FROMparty_table
WHERE   party_id = ".intval($_GET['id'])." LIMIT 1";
//echo $sql;
$pth = mysql_query($sql, $db);
if ($pth && mysql_num_rows($pth) == 1)
{
$prow = mysql_fetch_array($pth,MYSQL_ASSOC);
//http://www.phpbuilder.com/columns/chow20021007.php3?page=2
//http://www.sitellite.org/docs/Date/vCal.html
//http://www.scheduleworld.com/outlookInteroperability.html
//http://www.ietf.org/rfc/rfc2445.txt
//http://www.linuxjournal.com/article/8159
//header("Content-Type: text/x-vCalendar");
$Filename = "Event [" . $_GET['id'] . "].ics";
header("Content-Type: text/Calendar");
header("Content-Disposition: inline; filename=".$Filename);
//$DescDump = str_replace("\r", "=0D=0A",
$prow['party_description']);
if ($prow['party_other_url'])
$body .= "Other URL: ".$prow['party_other_url']."\r\n";
$body .= "\r\n".$prow['party_description'];
$DescDump =
str_replace(array("\r\n","\r",'','','',''), "\\n", $body);
$vCalStart = date("Ymd\THi00", $prow['GMTstart']);
$vCalEnd = date("Ymd\THi00", $prow['GMTend']);
$vCalNow = date("Ymd\THi00", $prow['GMTnow']);
?>
BEGIN:VCALENDAR
VERSION:2.0
PRODID:RBC Web Calendar
METHOD:REQUEST
BEGIN:VEVENT
DTSTART:Z
DTEND:Z
LOCATION:
TRANSP:OPAQUE
SEQUENCE:0
UID:1234567890RBC
DTSTAMP:Z
DESCRIPTION:
SUMMARY:
PRIORITY:1
X-MICROSOFT-CDO-IMPORTANCE:2
CLASS:PUBLIC
BEGIN:VALARM
TRIGGER:-PT60M
ACTION:DISPLAY
DESCRIPTION:Reminder
END:VALARM
END:VEVENT
END:VCALENDAR
Calendar".mysql_errno().":
".mysql_error()."\n"; exit;   }
} //if vcal 

> -Original Message-
> From: Bastien Koert [mailto:phps...@gmail.com] 
> Sent: Tuesday, June 23, 2009 12:31 PM
> To: Jason Paschal
> Cc: php-general@lists.php.net
> Subject: Re: [PHP] iCal Attachment Format ?
> 
> On Tue, Jun 23, 2009 at 3:09 PM, Jason 
> Paschal wrote:
> > Hi all!
> >
> > Built an appointment scheduling app, but now the client 
> wants it to send out
> > an email with the appt attached in iCal format.  I've never 
> dealt with
> > anything iCal before.
> >
> > I searched around a bit, and know that there iCal php 
> scripts available, but
> > I don't need a bunch of rigamarole, just need to create the 
> attachment and
> > send it on the fly.
> >
> > But I'm having trouble finding the format.  Anyone know 
> what this looks
> > like?  Or can point me to a resource?
> >
> > Rather not scrounge thru someone else's code, or have to 
> install something
> > just to run it for the format...if I can help it. :)
> >
> > Thank you,
> >
> > Jason
> >
> 
> STFW  like at http://en.wikipedia.org/wiki/ICalendar
> 
> -- 
> 
> Bastien
> 
> Cat, the other other white meat
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] best way to communicate between PHP, Flash/Actionscript across LAN

[Bastien Koert]

On Tue, Jun 23, 2009 at 3:33 PM, Daevid Vincent wrote:
>
>
>> -Original Message-
>> From: Bastien Koert [mailto:phps...@gmail.com]
>> Sent: Tuesday, June 23, 2009 12:30 PM
>> To: Daevid Vincent
>> Cc: php-general@lists.php.net
>> Subject: Re: [PHP] best way to communicate between PHP,
>> Flash/Actionscript across LAN
>>
>> On Tue, Jun 23, 2009 at 2:32 PM, Daevid
>> Vincent wrote:
>> > I have a demo to create for a tradeshow. We have 3 touch
>> screens and 3 50"
>> > plasmas and 3 G1 (android WiFi) phones. Our own
>> LAN/Router/Wi-Fi. I need a
>> > way so that I can use web pages and Flash (actionscript) to
>> make stuff
>> > happen on any of the displays/phones. So you click a button
>> on the touch
>> > screen and see something happen on the plasma. Or G1
>> interface application
>> > triggers .flv on touch screen, etc. So I need some kind of
>> messaging queue
>> > over the LAN and that each CPU can both send and recieve? I
>> could use mySQL
>> > as an intermediary to store the data (like strings of text
>> entered or
>> > whatever and pass the record IDs around), or use some other
>> XML/JSON/AJAX or
>> > something. I just don't even know what I'm talking about
>> really. Is this
>> > what DBUS is for? It must work with PHP as we'll have web
>> pages triggering
>> > the .flv as well and of course ActionScript has to be able
>> to work with it
>> > (that's why I was thinking mySQL, AJAX, XML, etc.).
>> >
>> > Ideas? Suggestions?
>> >
>> > someone was telling me about AMQP or RabbitMQ. But neither
>> is PHP-ified that
>> > I can tell.
>> > http://www.nabble.com/PHP-AMQP-client--td12935751.html
>> >
>> > ...and I realize that PHP will run in a web page mostly and
>> I'll have to do
>> > some magic like polling something (like a daemon or DB) via
>> JS/AJAX to see
>> > if I need to pop-up an alert or whatever -- much like a
>> bulletin board does
>> > when you get new mail.
>> >
>> > Step 1: get communication between all computers to work
>> > Step 2:
>> > Step 3: profit!
>> >
>>
>>
>> XML is the preferred method for doing communication with
>> Flex/Flash...perhaps AJAX to handle it all in the background
>
> I'm not so much interested in the transport payload as I am the "how". I
> need daemons and message queues and that sort of thing that work over
> TCP/IP. Writing a PHP daemon is not the way to do this I'm sure of that,
> however I need PHP to be able to talk to it. I thought about DBUS, but
> that's more for services within a single host computer. Other solutions seem
> to involve (hackishly) polling every x seconds. Seems there should be a
> better way.
>
> d
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

What about a comet Server ?  http://www.zeitoun.net/articles/comet_and_php/start

-- 

Bastien

Cat, the other other white meat

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] best way to communicate between PHP, Flash/Actionscript across LAN

[Daevid Vincent]

 

> -Original Message-
> From: Bastien Koert [mailto:phps...@gmail.com] 
> Sent: Tuesday, June 23, 2009 12:30 PM
> To: Daevid Vincent
> Cc: php-general@lists.php.net
> Subject: Re: [PHP] best way to communicate between PHP, 
> Flash/Actionscript across LAN
> 
> On Tue, Jun 23, 2009 at 2:32 PM, Daevid 
> Vincent wrote:
> > I have a demo to create for a tradeshow. We have 3 touch 
> screens and 3 50"
> > plasmas and 3 G1 (android WiFi) phones. Our own 
> LAN/Router/Wi-Fi. I need a
> > way so that I can use web pages and Flash (actionscript) to 
> make stuff
> > happen on any of the displays/phones. So you click a button 
> on the touch
> > screen and see something happen on the plasma. Or G1 
> interface application
> > triggers .flv on touch screen, etc. So I need some kind of 
> messaging queue
> > over the LAN and that each CPU can both send and recieve? I 
> could use mySQL
> > as an intermediary to store the data (like strings of text 
> entered or
> > whatever and pass the record IDs around), or use some other 
> XML/JSON/AJAX or
> > something. I just don't even know what I'm talking about 
> really. Is this
> > what DBUS is for? It must work with PHP as we'll have web 
> pages triggering
> > the .flv as well and of course ActionScript has to be able 
> to work with it
> > (that's why I was thinking mySQL, AJAX, XML, etc.).
> >
> > Ideas? Suggestions?
> >
> > someone was telling me about AMQP or RabbitMQ. But neither 
> is PHP-ified that
> > I can tell.
> > http://www.nabble.com/PHP-AMQP-client--td12935751.html
> >
> > ...and I realize that PHP will run in a web page mostly and 
> I'll have to do
> > some magic like polling something (like a daemon or DB) via 
> JS/AJAX to see
> > if I need to pop-up an alert or whatever -- much like a 
> bulletin board does
> > when you get new mail.
> >
> > Step 1: get communication between all computers to work
> > Step 2:
> > Step 3: profit!
> >
> 
> 
> XML is the preferred method for doing communication with
> Flex/Flash...perhaps AJAX to handle it all in the background

I'm not so much interested in the transport payload as I am the "how". I
need daemons and message queues and that sort of thing that work over
TCP/IP. Writing a PHP daemon is not the way to do this I'm sure of that,
however I need PHP to be able to talk to it. I thought about DBUS, but
that's more for services within a single host computer. Other solutions seem
to involve (hackishly) polling every x seconds. Seems there should be a
better way.

d


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] resubmit form after validation error

[PJ]

Shawn McKenzie wrote:
> PJ wrote:
>   
>> Caner Bulut wrote:
>> 
>>> Hi PJ,
>>>
>>> You can use the structure following
>>>
>>> $bid = htmlentities($_GET['id']);
>>>
>>>   
>> the code below
>> 
>>> if(empty($bid) {
>>> $bid=0;
>>> }
>>>   
>> produces an empty screen with no error messages...
>> I have been having some trouble understanding "empty()" -- it doesn't
>> seem to want to work for me in any situation
>> 
>
> YOU, always need to have error_reporting on and display errors on, and
> also be logging errors so that you can see parse errors in the log.
> Always check the log after a "empty screen".  I've seen many posts from
> you where you get a blank, empty, white screen.  This is most always a
> parse error!.  Get an editor that will show you bad syntax like the
> above.  It is a freaking parse error because you don't have matched
> parentheses!
>
>   
Shawn, I always have error_reporting on and display errors on.
Ok, I didn't see the error above; but in my defense (no defense really),
I should have thought about it) i just copied the code I was given.
Dumb, dumb, dumb. Thanks for pointing it out.
And yes, I do have a lot of problems with curly braces & parentheses.
I eventually do find them... but...
I have been thinking about what editor would show me bad syntax...
I've been using HOMESITE+ for no other reason than that it allows me to
switch between files quickly ... I do have Netbeans, but it screwed me
once when I accidentally closed it and I lost the whole file and had to
redo it all, so I'm a bit wary...
And I'm not too keen on getting into some IDE... tried them and found
them cumbersome to set up & learn.
Any suggestions?

-- 
Hervé Kempf: "Pour sauver la planète, sortez du capitalisme."
-
Phil Jourdan --- p...@ptahhotep.com
   http://www.ptahhotep.com
   http://www.chiccantine.com/andypantry.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] iCal Attachment Format ?

[Bastien Koert]

On Tue, Jun 23, 2009 at 3:09 PM, Jason Paschal wrote:
> Hi all!
>
> Built an appointment scheduling app, but now the client wants it to send out
> an email with the appt attached in iCal format.  I've never dealt with
> anything iCal before.
>
> I searched around a bit, and know that there iCal php scripts available, but
> I don't need a bunch of rigamarole, just need to create the attachment and
> send it on the fly.
>
> But I'm having trouble finding the format.  Anyone know what this looks
> like?  Or can point me to a resource?
>
> Rather not scrounge thru someone else's code, or have to install something
> just to run it for the format...if I can help it. :)
>
> Thank you,
>
> Jason
>

STFW  like at http://en.wikipedia.org/wiki/ICalendar

-- 

Bastien

Cat, the other other white meat

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] best way to communicate between PHP, Flash/Actionscript across LAN

[Bastien Koert]

On Tue, Jun 23, 2009 at 2:32 PM, Daevid Vincent wrote:
> I have a demo to create for a tradeshow. We have 3 touch screens and 3 50"
> plasmas and 3 G1 (android WiFi) phones. Our own LAN/Router/Wi-Fi. I need a
> way so that I can use web pages and Flash (actionscript) to make stuff
> happen on any of the displays/phones. So you click a button on the touch
> screen and see something happen on the plasma. Or G1 interface application
> triggers .flv on touch screen, etc. So I need some kind of messaging queue
> over the LAN and that each CPU can both send and recieve? I could use mySQL
> as an intermediary to store the data (like strings of text entered or
> whatever and pass the record IDs around), or use some other XML/JSON/AJAX or
> something. I just don't even know what I'm talking about really. Is this
> what DBUS is for? It must work with PHP as we'll have web pages triggering
> the .flv as well and of course ActionScript has to be able to work with it
> (that's why I was thinking mySQL, AJAX, XML, etc.).
>
> Ideas? Suggestions?
>
> someone was telling me about AMQP or RabbitMQ. But neither is PHP-ified that
> I can tell.
> http://www.nabble.com/PHP-AMQP-client--td12935751.html
>
> ...and I realize that PHP will run in a web page mostly and I'll have to do
> some magic like polling something (like a daemon or DB) via JS/AJAX to see
> if I need to pop-up an alert or whatever -- much like a bulletin board does
> when you get new mail.
>
> Step 1: get communication between all computers to work
> Step 2:
> Step 3: profit!
>


XML is the preferred method for doing communication with
Flex/Flash...perhaps AJAX to handle it all in the background
-- 

Bastien

Cat, the other other white meat

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] modifying within foreach

[Robert Cummings]

Ashley Sheridan wrote:

On Tue, 2009-06-23 at 15:07 -0400, Eddie Drapkin wrote:

It's just foreach($foo as $key => &$item) { }

You can't assign the key by reference >.>

On Tue, Jun 23, 2009 at 3:04 PM, Ashley
Sheridan wrote:

On Tue, 2009-06-23 at 12:56 -0600, kirk.john...@zootweb.com wrote:

Andres Gonzalez  wrote on 06/23/2009 12:26:38 PM:


I want to modify $results within the foreach. In other words,
during a given pass of this iteration, I want to delete some
of the items based on particular conditions. Then on the next
pass thru the foreach, I want $results to be the newer, modified
array.

This does not seem to work. It appears that the foreach statement
is implemented such that $results is read into memory at the start
so that any modifications I make to it during a given pass, are ignored
on the next pass. Is this true?

foreach works on a copy of an array, so the behavior you saw is expected.
See the online manual.

You could use a while loop, or, instead of unset-ing elements of $results,
store the elements you want to keep into a new array.

Kirk

What about passing it by reference?

foreach($results as &$key => &$item)
{
   // modify items here
}

Thanks
Ash
www.ashleysheridan.co.uk


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Yeah, hehe, I was trying to remember off the top of my head, and
obviously forgot! :p

*slaps self*


Your brain is in PHP4 mode...

*slaps Ashley*

>:)

Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] modifying within foreach

[Ashley Sheridan]

On Tue, 2009-06-23 at 15:07 -0400, Eddie Drapkin wrote:
> It's just foreach($foo as $key => &$item) { }
> 
> You can't assign the key by reference >.>
> 
> On Tue, Jun 23, 2009 at 3:04 PM, Ashley
> Sheridan wrote:
> > On Tue, 2009-06-23 at 12:56 -0600, kirk.john...@zootweb.com wrote:
> >> Andres Gonzalez  wrote on 06/23/2009 12:26:38 PM:
> >>
> >> > I want to modify $results within the foreach. In other words,
> >> > during a given pass of this iteration, I want to delete some
> >> > of the items based on particular conditions. Then on the next
> >> > pass thru the foreach, I want $results to be the newer, modified
> >> > array.
> >> >
> >> > This does not seem to work. It appears that the foreach statement
> >> > is implemented such that $results is read into memory at the start
> >> > so that any modifications I make to it during a given pass, are ignored
> >> > on the next pass. Is this true?
> >>
> >> foreach works on a copy of an array, so the behavior you saw is expected.
> >> See the online manual.
> >>
> >> You could use a while loop, or, instead of unset-ing elements of $results,
> >> store the elements you want to keep into a new array.
> >>
> >> Kirk
> >
> > What about passing it by reference?
> >
> > foreach($results as &$key => &$item)
> > {
> >// modify items here
> > }
> >
> > Thanks
> > Ash
> > www.ashleysheridan.co.uk
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >

Yeah, hehe, I was trying to remember off the top of my head, and
obviously forgot! :p

*slaps self*

Thanks
Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] iCal Attachment Format ?

[Jason Paschal]

Hi all!

Built an appointment scheduling app, but now the client wants it to send out
an email with the appt attached in iCal format.  I've never dealt with
anything iCal before.

I searched around a bit, and know that there iCal php scripts available, but
I don't need a bunch of rigamarole, just need to create the attachment and
send it on the fly.

But I'm having trouble finding the format.  Anyone know what this looks
like?  Or can point me to a resource?

Rather not scrounge thru someone else's code, or have to install something
just to run it for the format...if I can help it. :)

Thank you,

Jason

Re: [PHP] modifying within foreach

[Andres Gonzalez]

Thanks guys--passing by reference solved my problem. I was not aware
that the foreach statement works on a copy.  This was explained in the
online documentation.   Duh!!

Thanks again,

-Andres



Ashley Sheridan wrote:

On Tue, 2009-06-23 at 12:56 -0600, kirk.john...@zootweb.com wrote:
  

Andres Gonzalez  wrote on 06/23/2009 12:26:38 PM:



I want to modify $results within the foreach. In other words,
during a given pass of this iteration, I want to delete some
of the items based on particular conditions. Then on the next
pass thru the foreach, I want $results to be the newer, modified
array.

This does not seem to work. It appears that the foreach statement
is implemented such that $results is read into memory at the start
so that any modifications I make to it during a given pass, are ignored
on the next pass. Is this true?
  
foreach works on a copy of an array, so the behavior you saw is expected. 
See the online manual.


You could use a while loop, or, instead of unset-ing elements of $results, 
store the elements you want to keep into a new array.


Kirk



What about passing it by reference?

foreach($results as &$key => &$item)
{
// modify items here
}

Thanks
Ash
www.ashleysheridan.co.uk

  


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] modifying within foreach

[Daevid Vincent]

Dude. Use your common sense and the example I just provided:

 foreach ($results as $key => $item) 
 {
if ($item == 'foo') 
unset($results[$key]);
else ($item == 'bar')
$results[$key] = 'new value';
 } 

so using your example:

 foreach ($results as $key => $item) 
 {
if ($item[0] == 'value1') 
unset($results[$key][0]);
else ($item[0] == 'bar')
$results[$key][0] = 'value4';
 } 

But since you have a multidimensional array, you have to really do two loops
to be useful:

 foreach ($results as $key => $item) 
 {
 foreach ($item as $i => $value) 
 {
if ($value == 'value1')
 unset($results[$key][$i])
  else ($value == 'bar')
 $results[$key][$i] = 'value4';
 }
 }

Or something to that effect, I just wrote that freehand, but you should get
the idea.

http://daevid.com


> -Original Message-
> From: Andres Gonzalez [mailto:and...@packetstorm.com] 
> Sent: Tuesday, June 23, 2009 11:45 AM
> Cc: php-general@lists.php.net
> Subject: Re: [PHP] modifying within foreach
> 
> I do not want to delete the whole array, only a particular $item.
> given this $results array:
> 
> Array
> (
> ["key1"] => Array
> (
> [0] => value1
> [1] => value2
> [2] => value3
> (
> ["key2"] => Array
> (
> [0] => value4
> [1] => value5
> [2] => value6
> )
> )
> 
> It is a value item that I want to delete based on a 
> particular criteria.
> In each pass I may delete a value item. However, it seems that each
> subsequent pass operates on the original $results array and not
> the modified one.
> 
> -Andres
> 
> 
> 
> Daevid Vincent wrote:
> >  foreach ($results as $key => $item) 
> >  {
> > if ($item == 'foo') unset($results[$key]);
> >  }
> >
> >   
> >> -Original Message-
> >> From: Andres Gonzalez [mailto:and...@packetstorm.com] 
> >> Sent: Tuesday, June 23, 2009 11:27 AM
> >> To: php-general@lists.php.net
> >> Subject: [PHP] modifying within foreach
> >>
> >> In the following example:
> >>
> >> foreach ($results as $key => $item)  {
> >>
> >> //bla bla bla -- unset some of the $items
> >>
> >> }
> >>
> >> I want to modify $results within the foreach. In other words,
> >> during a given pass of this iteration, I want to delete some
> >> of the items based on particular conditions. Then on the next
> >> pass thru the foreach, I want $results to be the newer, modified
> >> array.
> >>
> >> This does not seem to work. It appears that the foreach statement
> >> is implemented such that $results is read into memory at the start
> >> so that any modifications I make to it during a given pass, 
> >> are ignored
> >> on the next pass. Is this true?
> >>
> >> If so, is there a way that I can tell the foreach statement 
> >> to re-read the
> >> array $results?  Or am I just going against the grain here?
> >>
> >> -Andres
> >>
> >>
> >> -- 
> >> PHP General Mailing List (http://www.php.net/)
> >> To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >> 
> >
> >
> >   
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] modifying within foreach

[Ashley Sheridan]

On Tue, 2009-06-23 at 12:56 -0600, kirk.john...@zootweb.com wrote:
> Andres Gonzalez  wrote on 06/23/2009 12:26:38 PM:
> 
> > I want to modify $results within the foreach. In other words,
> > during a given pass of this iteration, I want to delete some
> > of the items based on particular conditions. Then on the next
> > pass thru the foreach, I want $results to be the newer, modified
> > array.
> > 
> > This does not seem to work. It appears that the foreach statement
> > is implemented such that $results is read into memory at the start
> > so that any modifications I make to it during a given pass, are ignored
> > on the next pass. Is this true?
> 
> foreach works on a copy of an array, so the behavior you saw is expected. 
> See the online manual.
> 
> You could use a while loop, or, instead of unset-ing elements of $results, 
> store the elements you want to keep into a new array.
> 
> Kirk

What about passing it by reference?

foreach($results as &$key => &$item)
{
// modify items here
}

Thanks
Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Deleting a file after download/upload

[Daevid Vincent]

 

> -Original Message-
> From: Parham Doustdar [mailto:parha...@gmail.com] 
> Sent: Tuesday, June 23, 2009 12:33 PM
> To: php-general@lists.php.net
> Subject: [PHP] Deleting a file after download/upload
> 
> My server connects to an FTP. Then, it downloads a file from 
> the FTP, and then sends me the link to that temperary file on 
> the server. Now, when I download it from my server, my script 
> should delete the file. How can I make it wait until the 
> download of the file is finished?

# sudo crontab -e

Append this to the end...

15 * * * * root find /tmp/downloads -mtime +5 -type f -exec rm -rf {} \;


That will run every 15 minutes and purge anything in /tmp/downloads that is
over 5 days old


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] modifying within foreach

[Kirk . Johnson]

Andres Gonzalez  wrote on 06/23/2009 12:26:38 PM:

> I want to modify $results within the foreach. In other words,
> during a given pass of this iteration, I want to delete some
> of the items based on particular conditions. Then on the next
> pass thru the foreach, I want $results to be the newer, modified
> array.
> 
> This does not seem to work. It appears that the foreach statement
> is implemented such that $results is read into memory at the start
> so that any modifications I make to it during a given pass, are ignored
> on the next pass. Is this true?

foreach works on a copy of an array, so the behavior you saw is expected. 
See the online manual.

You could use a while loop, or, instead of unset-ing elements of $results, 
store the elements you want to keep into a new array.

Kirk

Re: [PHP] modifying within foreach

[Andres Gonzalez]

I do not want to delete the whole array, only a particular $item.
given this $results array:

Array
(
["key1"] => Array
(
[0] => value1
[1] => value2
[2] => value 3
(
["key2"] => Array
(
[0] => value4
[1] => value5
[2] => value6
)
)

It is a value item that I want to delete based on a particular criteria.
In each pass I may delete a value item. However, it seems that each
subsequent pass operates on the original $results array and not
the modified one.

-Andres



Daevid Vincent wrote:
 foreach ($results as $key => $item) 
 {

if ($item == 'foo') unset($results[$key]);
 }

  

-Original Message-
From: Andres Gonzalez [mailto:and...@packetstorm.com] 
Sent: Tuesday, June 23, 2009 11:27 AM

To: php-general@lists.php.net
Subject: [PHP] modifying within foreach

In the following example:

foreach ($results as $key => $item)  {

//bla bla bla -- unset some of the $items

}

I want to modify $results within the foreach. In other words,
during a given pass of this iteration, I want to delete some
of the items based on particular conditions. Then on the next
pass thru the foreach, I want $results to be the newer, modified
array.

This does not seem to work. It appears that the foreach statement
is implemented such that $results is read into memory at the start
so that any modifications I make to it during a given pass, 
are ignored

on the next pass. Is this true?

If so, is there a way that I can tell the foreach statement 
to re-read the

array $results?  Or am I just going against the grain here?

-Andres


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





  


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Deleting a file after download/upload

[Parham Doustdar]

Hi there,
I am writing a PHP FTP client for my project. I want to put a "download" option 
and an "upload"" option, but I don't know how. My problem is this:
How can I make the server the PHP script is on delete the file after uploading 
it to the SFTP, or after the user has finished downloading it from the server 
the PHP script is on?
Let me put the question this way.
My server connects to an FTP. Then, it downloads a file from the FTP, and then 
sends me the link to that temperary file on the server. Now, when I download it 
from my server, my script should delete the file. How can I make it wait until 
the download of the file is finished?
Same goes for uploading.
Thanks!

-- 
---
Contact info:
Skype: parham-d
MSN: fire_lizard16 at hotmail dot com
email: parham90 at GMail dot com

RE: [PHP] modifying within foreach

[Daevid Vincent]

 foreach ($results as $key => $item) 
 {
if ($item == 'foo') unset($results[$key]);
 }

> -Original Message-
> From: Andres Gonzalez [mailto:and...@packetstorm.com] 
> Sent: Tuesday, June 23, 2009 11:27 AM
> To: php-general@lists.php.net
> Subject: [PHP] modifying within foreach
> 
> In the following example:
> 
> foreach ($results as $key => $item)  {
> 
> //bla bla bla -- unset some of the $items
> 
> }
> 
> I want to modify $results within the foreach. In other words,
> during a given pass of this iteration, I want to delete some
> of the items based on particular conditions. Then on the next
> pass thru the foreach, I want $results to be the newer, modified
> array.
> 
> This does not seem to work. It appears that the foreach statement
> is implemented such that $results is read into memory at the start
> so that any modifications I make to it during a given pass, 
> are ignored
> on the next pass. Is this true?
> 
> If so, is there a way that I can tell the foreach statement 
> to re-read the
> array $results?  Or am I just going against the grain here?
> 
> -Andres
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] best way to communicate between PHP, Flash/Actionscript across LAN

[Daevid Vincent]

I have a demo to create for a tradeshow. We have 3 touch screens and 3 50"
plasmas and 3 G1 (android WiFi) phones. Our own LAN/Router/Wi-Fi. I need a
way so that I can use web pages and Flash (actionscript) to make stuff
happen on any of the displays/phones. So you click a button on the touch
screen and see something happen on the plasma. Or G1 interface application
triggers .flv on touch screen, etc. So I need some kind of messaging queue
over the LAN and that each CPU can both send and recieve? I could use mySQL
as an intermediary to store the data (like strings of text entered or
whatever and pass the record IDs around), or use some other XML/JSON/AJAX or
something. I just don't even know what I'm talking about really. Is this
what DBUS is for? It must work with PHP as we'll have web pages triggering
the .flv as well and of course ActionScript has to be able to work with it
(that's why I was thinking mySQL, AJAX, XML, etc.). 
 
Ideas? Suggestions?
 
someone was telling me about AMQP or RabbitMQ. But neither is PHP-ified that
I can tell.
http://www.nabble.com/PHP-AMQP-client--td12935751.html
 
...and I realize that PHP will run in a web page mostly and I'll have to do
some magic like polling something (like a daemon or DB) via JS/AJAX to see
if I need to pop-up an alert or whatever -- much like a bulletin board does
when you get new mail.
 
Step 1: get communication between all computers to work
Step 2: 
Step 3: profit!

[PHP] modifying within foreach

[Andres Gonzalez]

In the following example:

foreach ($results as $key => $item)  {

   //bla bla bla -- unset some of the $items

}

I want to modify $results within the foreach. In other words,
during a given pass of this iteration, I want to delete some
of the items based on particular conditions. Then on the next
pass thru the foreach, I want $results to be the newer, modified
array.

This does not seem to work. It appears that the foreach statement
is implemented such that $results is read into memory at the start
so that any modifications I make to it during a given pass, are ignored
on the next pass. Is this true?

If so, is there a way that I can tell the foreach statement to re-read the
array $results?  Or am I just going against the grain here?

-Andres


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: XSS Preventing.

[Martin Zvarík]

Eddie Drapkin napsal(a):



2. Can't display raw for the user (e.g. edit a forum post)
  

Edit a forum? You display the data in TEXTAREA...


Because seeing something like:
"Yeah!" is what he said. 
Is awesome for the user experience.


If you don't do html...() before putting to textarea this can happen:

   blabla   blabla  

See?


3. Uses more space in the DB
  


True,
although I use htmlspecialchars() which doesn't replace that many
characters.


That makes it no better of a practice to pre-sanitize.

You've still yet to offer any compelling reasons why you think this is 
a good idea.


It's DEFINITELY easier to store RAW data to DB, because it won't give 
you any headaches in the future - when you might need to add some other 
functionality requiring this.


But for me personally is doing - htmlspecialchars() - BEFORE the DB 
insertion the choice to go, because I am looking for performance.


ok? respect

Re: [PHP] Re: XSS Preventing.

[Philip Thompson]

On Jun 23, 2009, at 9:29 AM, Martin Zvarík wrote:


Don't htmlentiies() before DB save.  In general:
- mysql_real_escape_string() before DB insertion
- htmlentities() before dispaly



I, on the other hand, would do htmlentities() BEFORE insertion.


Pros:
---
The text is processed once and doesn't have to be htmlentitied()  
everytime you read the database - what a stupid waste of performance  
anyway.



Cons:
---
Instead "&" you'll see "&" ... is that a problem? Not for me and  
I believe 80% of others who use DB to store & view on web.


I had a problem with storing & into the database instead of just  
&. When I wanted to search for something and "&" was in the value,  
typing "&" would not find the result. I fixed that by not using  
htmlentities() before inputing data into the database. IMO, using  
htmlentities() or htmlspecialchars() before inserting into db is  
inherently wrong. Making calls to those functions should have  
negligible impact on the application - there are other ways to improve  
the performance of your application.


My too scents,
~Philip



Martin


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)

[Michael Shadle]

On Tue, Jun 23, 2009 at 2:34 AM, Robert Cummings  wrote:

> Revolutionary, no. Major changes for PHP, yes! Major shifts in development 
> practices for PHP... it depends on who you are or where you work, but 
> certainly some of these will mark changes in development for many people.

+1

http://cvs.php.net/viewvc.cgi/php-src/UPGRADING?revision=PHP_5_3

Depending on your output you may start getting a lot of errors,
warnings and deprecation messages. Not to mention, every error thrown
is overhead in the system, regardless if it is being displayed or
logged. (as Rasmus says, "write error free code")

Behavior changes that can affect people's code from either the "I
assume this is defaulted this way", behavior changes or deprecation
changes from what I can grok from that - quite a few that people
should probably be looking for ahead of time, and writing 5.3 safe
versions of their code, and ensuring they have the ini variables
defined to what they want that will be changing their defaults too...


- **namespace** and **goto** are now reserved keywords.

- **Closure** is now a reserved class. (Used by lambda and closure.)

- The array functions natsort(), natcasesort(), usort(), uasort(), uksort(),
  array_flip() and array_unique(), no longer accept objects passed as arguments.
  If you need to access their properties using an object, you will need to cast
  the objects to arrays first.

- The behaviour of functions with by-reference parameters called by value has
  changed. Where previously the function would accept the by-value argument, a
  warning is now emitted and all by-ref parameters are set to NULL.

- The magic methods __get(), __set(), __isset(), __unset() and __call() should
  always be public and can no longer be static. Method signatures are enforced.

- The __toString() magic method can no longer accept arguments.

- count() vs count_elements() handler resolution rules have changed. (This could
  potentially break custom PHP extensions.)

- The trailing / has been removed from SplFileInfo and other related directory
  classes.

- The new mysqlnd library necessitates using MySQL's newer 41 byte
password format.
  Continued use of the old 16 byte passwords will cause
mysql_connect() to produce
  the following error message: "mysqlnd cannot connect to MySQL 4.1+ using old
  authentication"  (perhaps an E_WARNING ?)

- define_syslog_variables() is deprecated.(not sure if this will
throw any E_DEPRECATED or anything)

- All ereg functions are deprecated and emit E_DEPRECATED errors.
  Use PCRE (preg_*()) instead.

- The following ini directives will now emit an E_DEPRECATED warning
  upon startup if they are activated:

- define_syslog_variables
- register_globals
- register_long_arrays
- safe_mode
- magic_quotes_gpc
- magic_quotes_runtime
- magic_quotes_sybase

Extensions moved out to PECL and actively maintained there

- fdf
- ming
- ncurses

 c. with changed behaviour

- datetime: date/timefunctions will no longer use the TZ environment
  variable to guess which timezone should be used.

- hash: The SHA-224 hash algorithm is now supported.

- oci8: Calling oci_close() on a persistent connection, or on a variable
  that references a persistent connection going out of scope, will now
  roll back any uncommitted transaction. You should explicitly commit or
  rollback as needed.
  Setting oci8.old_oci_close_semantics=On in php.ini gives the old
  behaviour.

- session: Sessions will no longer store session-files in "/tmp" where
  open_basedir restrictions apply, unless "/tmp" is explicitly added to
  the list of allowed paths.

- zend_extension_debug and zend_extension_ts have been removed.
  Instead use the zend_extension directive to load all Zend Extensions.

- zend.ze1_compatibility_mode has been removed. If this ini directive is set
  to on, then an E_ERROR is emitted at startup.

- The default value of session.use_only_cookies has changed to "1"

Windows has some changes too, but I think only if you're running pre
Windows 2000 will it make a difference.


Sorry for re-hashing the entire thing but I think I picked out
everything that may conflict with existing code or assumptions on
existing code.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Explode-update-implode not working

[Bob McConnell]

Doh! I knew it would be something simple that I had overlooked. I recall 
reading that note last week and telling myself I would need to remember it. But 
that was then ...

Thank you, the code is working better now. I just wish I were.

Bob McConnell

-Original Message-
From: Andrew Ballard [mailto:aball...@gmail.com] 
Sent: Tuesday, June 23, 2009 12:25 PM
To: Bob McConnell
Cc: php-general@lists.php.net
Subject: Re: [PHP] Explode-update-implode not working

On Tue, Jun 23, 2009 at 12:11 PM, Bob McConnell wrote:
> At least not the way I expected it to. Apparently I am doing something
> wrong, but I can't find anything specific that explains it. This is in
> PHP 5.2.6.
>
> Here is the sequence I am trying to implement without the database
> portion. (This is typed in since the VNC I am using doesn't support
> pasting from a Linux client to a MS-Windows server.)
>
> -
> $buff = "key1|value1~key2|value2";
>
> $lines = explode ("~", $buff);
>
> foreach ($lines as $kvpair) {
>   $line = explode ("|", $kvpair);
>   if ($line[0] == "key1") {
>      $line[1] = "value3";
>      $kvpair = implode ("|", $line);
>      break;
>   }
> }
> $newbuff = implode ("~", $lines);
> -
>
> $kvpair is modified, but that change is ignored by implode() with
> $newbuff still containing "key1|value1".
>
> So why doesn't the change to $kvpair get brought in by implode? What
> should I do to update that value?
>
> Bob McConnell
>

See the second note at
http://www.php.net/manual/en/control-structures.foreach.php

Either of these should do what you want:



 $kvpair) {
  $line = explode ("|", $kvpair);
  if ($line[0] == "key1") {
 $line[1] = "value3";
 $lines[$key] = implode ("|", $line);
 break;
  }
}
$newbuff = implode ("~", $lines);
?>


Andrew

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Explode-update-implode not working

[Andrew Ballard]

On Tue, Jun 23, 2009 at 12:11 PM, Bob McConnell wrote:
> At least not the way I expected it to. Apparently I am doing something
> wrong, but I can't find anything specific that explains it. This is in
> PHP 5.2.6.
>
> Here is the sequence I am trying to implement without the database
> portion. (This is typed in since the VNC I am using doesn't support
> pasting from a Linux client to a MS-Windows server.)
>
> -
> $buff = "key1|value1~key2|value2";
>
> $lines = explode ("~", $buff);
>
> foreach ($lines as $kvpair) {
>   $line = explode ("|", $kvpair);
>   if ($line[0] == "key1") {
>      $line[1] = "value3";
>      $kvpair = implode ("|", $line);
>      break;
>   }
> }
> $newbuff = implode ("~", $lines);
> -
>
> $kvpair is modified, but that change is ignored by implode() with
> $newbuff still containing "key1|value1".
>
> So why doesn't the change to $kvpair get brought in by implode? What
> should I do to update that value?
>
> Bob McConnell
>

See the second note at
http://www.php.net/manual/en/control-structures.foreach.php

Either of these should do what you want:



 $kvpair) {
  $line = explode ("|", $kvpair);
  if ($line[0] == "key1") {
 $line[1] = "value3";
 $lines[$key] = implode ("|", $line);
 break;
  }
}
$newbuff = implode ("~", $lines);
?>


Andrew

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Explode-update-implode not working

[Bob McConnell]

At least not the way I expected it to. Apparently I am doing something
wrong, but I can't find anything specific that explains it. This is in
PHP 5.2.6.

Here is the sequence I am trying to implement without the database
portion. (This is typed in since the VNC I am using doesn't support
pasting from a Linux client to a MS-Windows server.)

-
$buff = "key1|value1~key2|value2";

$lines = explode ("~", $buff);

foreach ($lines as $kvpair) {
   $line = explode ("|", $kvpair);
   if ($line[0] == "key1") {
  $line[1] = "value3";
  $kvpair = implode ("|", $line);
  break;
   }
}
$newbuff = implode ("~", $lines);
-

$kvpair is modified, but that change is ignored by implode() with
$newbuff still containing "key1|value1".

So why doesn't the change to $kvpair get brought in by implode? What
should I do to update that value?

Bob McConnell

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] resubmit form after validation error

[Andrew Ballard]

On Tue, Jun 23, 2009 at 11:37 AM, Shawn McKenzie wrote:
> PJ wrote:
>> Caner Bulut wrote:
>>> Hi PJ,
>>>
>>> You can use the structure following
>>>
>>> $bid = htmlentities($_GET['id']);
>>>
>> the code below
>>> if(empty($bid) {
>>> $bid=0;
>>> }
>> produces an empty screen with no error messages...
>> I have been having some trouble understanding "empty()" -- it doesn't
>> seem to want to work for me in any situation
>
> YOU, always need to have error_reporting on and display errors on, and
> also be logging errors so that you can see parse errors in the log.
> Always check the log after a "empty screen".  I've seen many posts from
> you where you get a blank, empty, white screen.  This is most always a
> parse error!.  Get an editor that will show you bad syntax like the
> above.  It is a freaking parse error because you don't have matched
> parentheses!
>
> --
> Thanks!
> -Shawn
> http://www.spidean.com
>

You mean when PHP parses my code, it can't just tell what I meant and
do it? I mean, web browsers aren't that picky. Geesh! :-P

Andrew

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] resubmit form after validation error

[Shawn McKenzie]

PJ wrote:
> Caner Bulut wrote:
>> Hi PJ,
>>
>> You can use the structure following
>>
>> $bid = htmlentities($_GET['id']);
>>
> the code below
>> if(empty($bid) {
>> $bid=0;
>> }
> produces an empty screen with no error messages...
> I have been having some trouble understanding "empty()" -- it doesn't
> seem to want to work for me in any situation

YOU, always need to have error_reporting on and display errors on, and
also be logging errors so that you can see parse errors in the log.
Always check the log after a "empty screen".  I've seen many posts from
you where you get a blank, empty, white screen.  This is most always a
parse error!.  Get an editor that will show you bad syntax like the
above.  It is a freaking parse error because you don't have matched
parentheses!

-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Perl GD

[Eddie Drapkin]

I think you've got the wrong mailing list, man.

On Tue, Jun 23, 2009 at 11:11 AM, Chris
Denman wrote:
> Hi!
>
> Just installed the latest release of GD on my Centos 5 server with no
> installation issues and all libraries OK.
> However, getting lots of:
>
> [13973]ERR: 24: Error in Perl code: Bad file descriptor at /var/www/vhosts/
> w12.org/httpdocs/glassify/indexdie.htm line 11.
>
> And BLACK boxes behind where it should be transparent (occassionally works
> fine)
>
> http://www.twitterhit.net/glassify (without "dies" - sometimes works)
>  http://www.twitterhit.net/glassify/indexdie.htm (with "dies" - shows error)
>
> Here's the code:
>
> [-
>
> use GD;
>
> my $myImage1 = GD::Image->new('/var/www/vhosts/
> w12.org/httpdocs/glassify/me.jpg') || die("$!");
> my $myImage2 = GD::Image->new('/var/www/vhosts/
> w12.org/httpdocs/glassify/glass.png') || die("$!");
>
> $myImage1->trueColor(1) || die("$!");
> $myImage2->trueColor(1) || die("$!");
>
> $myImage1->alphaBlending(1) || die("$!");
> $myImage2->alphaBlending(1) || die("$!");
>
> $myImage1->copy($myImage2, 0, 0, 0, 0, 48, 48);
>
> $out_data = $myImage1->png;
> open (DISPLAY,">/var/www/vhosts/w12.org/httpdocs/glassify/result.png") ||
> die("wassup $!");
> binmode DISPLAY;
> print DISPLAY $out_data;
> close DISPLAY;
>
> -]
> 
> 
>
>
> Hope  you can help,
>
> Chris Denman
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Perl GD

[Chris Denman]

Hi!

Just installed the latest release of GD on my Centos 5 server with no
installation issues and all libraries OK.
However, getting lots of:

[13973]ERR: 24: Error in Perl code: Bad file descriptor at /var/www/vhosts/
w12.org/httpdocs/glassify/indexdie.htm line 11.

And BLACK boxes behind where it should be transparent (occassionally works
fine)

http://www.twitterhit.net/glassify (without "dies" - sometimes works)
 http://www.twitterhit.net/glassify/indexdie.htm (with "dies" - shows error)

Here's the code:

[-

use GD;

my $myImage1 = GD::Image->new('/var/www/vhosts/
w12.org/httpdocs/glassify/me.jpg') || die("$!");
my $myImage2 = GD::Image->new('/var/www/vhosts/
w12.org/httpdocs/glassify/glass.png') || die("$!");

$myImage1->trueColor(1) || die("$!");
$myImage2->trueColor(1) || die("$!");

$myImage1->alphaBlending(1) || die("$!");
$myImage2->alphaBlending(1) || die("$!");

$myImage1->copy($myImage2, 0, 0, 0, 0, 48, 48);

$out_data = $myImage1->png;
open (DISPLAY,">/var/www/vhosts/w12.org/httpdocs/glassify/result.png") ||
die("wassup $!");
binmode DISPLAY;
print DISPLAY $out_data;
close DISPLAY;

-]




Hope  you can help,

Chris Denman

Re: [PHP] Re: XSS Preventing.

[Martin Zvarík]

Cons:
1. Can't easily edit information in the database
  

True, so if you use phpmyadmin for editing - don't do what I suggested.

2. Can't display raw for the user (e.g. edit a forum post)
  

Edit a forum? You display the data in TEXTAREA...

3. Uses more space in the DB
  

True,
although I use htmlspecialchars() which doesn't replace that many 
characters.

4. Isn't as easily indexed
5. Breaks il8n support of internal search engines (sphinx, lucene, etc.)
  

Thanks for reply, I will still do it before the DB insert.
*
Btw. I should have mentioned I don't use htmlentities(), but 
htmlspecialchars()*



You're NEVER supposed to santize before inserting in the DB.  Ever.
Regarding the "performance" boost, if your application is written so
well that calling htmlentities() is hurting the performance, I bow to
you as writing the highest performing PHP I've ever seen.  I would bet
money that validation and sanitization, even if overdone, wouldn't
take more than 2 or 3 percent of execution time.

Do NOT do this, OP, it's terrible practice.


  

Re: [PHP] Re: XSS Preventing.

[Eddie Drapkin]

Cons:
1. Can't easily edit information in the database
2. Can't display raw for the user (e.g. edit a forum post)
3. Uses more space in the DB
4. Isn't as easily indexed
5. Breaks il8n support of internal search engines (sphinx, lucene, etc.)

You're NEVER supposed to santize before inserting in the DB.  Ever.
Regarding the "performance" boost, if your application is written so
well that calling htmlentities() is hurting the performance, I bow to
you as writing the highest performing PHP I've ever seen.  I would bet
money that validation and sanitization, even if overdone, wouldn't
take more than 2 or 3 percent of execution time.

Do NOT do this, OP, it's terrible practice.

On Tue, Jun 23, 2009 at 10:29 AM, Martin Zvarík wrote:
>>
>> Don't htmlentiies() before DB save.  In general:
>>
>> - mysql_real_escape_string() before DB insertion
>>
>> - htmlentities() before dispaly
>>
>
>
> I, on the other hand, would do htmlentities() BEFORE insertion.
>
>
> Pros:
> ---
> The text is processed once and doesn't have to be htmlentitied() everytime
> you read the database - what a stupid waste of performance anyway.
>
>
> Cons:
> ---
> Instead "&" you'll see "&" ... is that a problem? Not for me and I
> believe 80% of others who use DB to store & view on web.
>
>
>
> Martin
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: XSS Preventing.

[Andrew Ballard]

On Tue, Jun 23, 2009 at 10:29 AM, Martin Zvarík wrote:
>>
>> Don't htmlentiies() before DB save.  In general:
>>
>> - mysql_real_escape_string() before DB insertion
>>
>> - htmlentities() before dispaly
>>
>
>
> I, on the other hand, would do htmlentities() BEFORE insertion.
>
>
> Pros:
> ---
> The text is processed once and doesn't have to be htmlentitied() everytime
> you read the database - what a stupid waste of performance anyway.
>
>
> Cons:
> ---
> Instead "&" you'll see "&" ... is that a problem? Not for me and I
> believe 80% of others who use DB to store & view on web.
>
>
>
> Martin
>

Different strokes for different folks. The performance hit isn't that
great, and now you're potentially storing more data since individual
characters (generally 1 or 2 bytes) are inflated to entities that are
often around 6-8 bytes.

Additional Cons:
If the content ever needed to be formatted for something other than
html (either now or in the future) you'd have to remove the entities
every time you read the database. So now you have a "stupid wast of
performance" again AND you're still storing the extra bytes in the
database.

Andrew

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: XSS Preventing.

[Martin Scotta]

If you use htmlentities after each query you can found problems like this:

My name is Martín.


Also the data is stored for be used in a html environment.
what happen if you need the data for other purposes?

On Tue, Jun 23, 2009 at 11:42 AM, Caner Bulut  wrote:

> I have read somethings about these issues. And i understand that If you use
> htmlentities() BEFORE insertion, when querying DB from XML, PDF or other
> data format, there will be some problems.
>
> I have some PHP books, the author codding like Martin Zvarík's way. If you
> have any pros and cons please share us.
>
> Thanks.
>
> 2009/6/23 Martin Zvarík 
>
> >
> >> Don't htmlentiies() before DB save.  In general:
> >>
> >> - mysql_real_escape_string() before DB insertion
> >>
> >> - htmlentities() before dispaly
> >>
> >>
> >
> > I, on the other hand, would do htmlentities() BEFORE insertion.
> >
> >
> > Pros:
> > ---
> > The text is processed once and doesn't have to be htmlentitied()
> everytime
> > you read the database - what a stupid waste of performance anyway.
> >
> >
> > Cons:
> > ---
> > Instead "&" you'll see "&" ... is that a problem? Not for me and I
> > believe 80% of others who use DB to store & view on web.
> >
> >
> >
> > Martin
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>



-- 
Martin Scotta

Re: [PHP] Re: XSS Preventing.

[Caner Bulut]

I have read somethings about these issues. And i understand that If you use
htmlentities() BEFORE insertion, when querying DB from XML, PDF or other
data format, there will be some problems.

I have some PHP books, the author codding like Martin Zvarík's way. If you
have any pros and cons please share us.

Thanks.

2009/6/23 Martin Zvarík 

>
>> Don't htmlentiies() before DB save.  In general:
>>
>> - mysql_real_escape_string() before DB insertion
>>
>> - htmlentities() before dispaly
>>
>>
>
> I, on the other hand, would do htmlentities() BEFORE insertion.
>
>
> Pros:
> ---
> The text is processed once and doesn't have to be htmlentitied() everytime
> you read the database - what a stupid waste of performance anyway.
>
>
> Cons:
> ---
> Instead "&" you'll see "&" ... is that a problem? Not for me and I
> believe 80% of others who use DB to store & view on web.
>
>
>
> Martin
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

[PHP] Re: XSS Preventing.

[Martin Zvarík]

Don't htmlentiies() before DB save.  In general:

- mysql_real_escape_string() before DB insertion

- htmlentities() before dispaly




I, on the other hand, would do htmlentities() BEFORE insertion.


Pros:
---
The text is processed once and doesn't have to be htmlentitied() 
everytime you read the database - what a stupid waste of performance anyway.



Cons:
---
Instead "&" you'll see "&" ... is that a problem? Not for me and I 
believe 80% of others who use DB to store & view on web.




Martin

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Convert \x3d \x3b \x3c to ASCII

[Robert Cummings]

ioan...@btinternet.com wrote:
Is there a function which will convert characters like \x3d \x3b \x3c to 
ASCII.  Or is there a full list of conversions, eg \x3c=\x3e=>, \x27=' etc.  What are these, hex? I tried hexdec() but am not 
sure that is right.


These are hex escaped for a string:



This will output the actual characters.

Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Convert \x3d \x3b \x3c to ASCII

[ioan...@btinternet.com]

Is there a function which will convert characters like \x3d \x3b \x3c to 
ASCII.  Or is there a full list of conversions, eg \x3c=<
\x3e=>, \x27=' etc.  What are these, hex? I tried hexdec() but am not 
sure that is right.


John

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] resubmit form after validation error

[PJ]

Caner Bulut wrote:
> Hi PJ,
>
> You can use the structure following
>
> $bid = htmlentities($_GET['id']);
>
the code below
> if(empty($bid) {
> $bid=0;
> }
produces an empty screen with no error messages...
I have been having some trouble understanding "empty()" -- it doesn't
seem to want to work for me in any situation

Anyway, I seem to have it all working, pretty much. Still testing...
I think the problem had to do with either sessions, or setting the right
parameters for the submit option or using action="" -- the latter seems to work ok. Although, it is
interesting that it is possible to use another file for the action - but
that seems a bit redundant as you have to populate that file with almost
the same stuff that is in the original form file...
I'm making progress, but I don't think I'm learning a lot other than to
contain my frustration. ;-)
>
>
> if(is_numeric($bid)) {
>
> if($bid==0) {
> do something
> } else if($bid==1) {
> do something
> }
>
> }
>
> After this code there will always a number, If the id variable is 0, bid
> will be 0 and you can control it.
>
> Thanks.
> Caner.
>
> 2009/6/22 PJ 
>
>> Hi Caner,
>> Thanks for the input. I'm not sure that would do it as the first
>> instruction on the page is :
>> $bid = $_GET['id'] ;
>>
>> thus, the page cannot even be loaded if there is no id in the uri - it
>> generates a number of errors.
>> In order to use the feature of editing, I use a search page and then set
>> up an href to the edit page with the id of the item to be edited.
>> I finally figured out to do the action="another_page.php" and with
>> slight modifications to the form, things finally work.
>> And, to delete the item (all records related to the item), I set up 2
>> submits - 1 to "update.php" and one to "delete.php"
>> Maybe it's all cumbersome and maybe it is possible to streamline the
>> whole process, but then it does work and I am just learning... :-)
>> Thanks again.
>> PJ
>>
>>
>>
>> Caner BULUT wrote:
>>> Hi,
>>>
>>> You can use a variable to that. Like following. Example if the variable
>> is 1
>>> you start to processing form input.
>>>
>>> Example
>>>
>>> >> }
>>>
>>> Thanks.
>>> Caner.
>>>
>>>
>>> -Original Message-
>>> From: PJ [mailto:af.gour...@videotron.ca]
>>> Sent: 20 June 2009 22:55
>>> To: php-general@lists.php.net
>>> Subject: [PHP] resubmit form after validation error
>>>
>>> I'm having a bit of a time figuring out how to resubmit a form after
>>> obligatory field missing error.
>>> The problem is that the page is accessed from a search page href where
>>> the uri is like = file.php$=123.
>>> Since the method="post" action="file.php?= does
>>> not work nor does PHP_SELF, I have set the action="otherfile.php". All
>>> is well, if all fields are properly entered, but if there is an error,
>>> how to resubmit the form for correction and resubmission without using
>>> js or functions or redoing it all from scratch?
>>>
>>>
>>
>> --
>> Herv� Kempf: "Pour sauver la plan�te, sortez du capitalisme."
>> -
>> Phil Jourdan --- p...@ptahhotep.com
>> http://www.ptahhotep.com
>> http://www.chiccantine.com/andypantry.php
>>
>>
>


-- 
Hervé Kempf: "Pour sauver la planète, sortez du capitalisme."
-
Phil Jourdan --- p...@ptahhotep.com
http://www.ptahhotep.com
http://www.chiccantine.com/andypantry.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)

[Bob McConnell]

From: Michael A. Peters
> Manuel Aude wrote:
>> I'm giving a PHP course next semester (3 hours all saturdays for 22
weeks)
>> and I just realized that PHP 5.3 is coming very soon (2 days now!).
So, my
>> plans of teaching PHP 5.2 are starting to change, and I think it's a
good
>> idea to teach them 5.3 already.
>> 
>> While the majority of the students use Windows, I'm aware that a vast
amount
>> will be using Ubuntu/Debian (and some use Gentoo, Fedora and Arch)
>> distributions of Linux, so I'm hoping there won't be too many
problems on
>> installation. I don't want to waste the entire first class fixing
>> installation problems, because that kills the student's motivation.
>> 
>> The course starts on August, but I'm preparing it during the last two
weeks
>> of July. You think that installation packages will be bulletproof by
then?
>> Or should I just teach 5.2 and wait for another semester before
starting on
>> 5.3? I mean, most hosts will remain with PHP 5.2 for the rest of the
year,
>> so I'm a bit confused on what I should do.
>> 
>> I'm just a university student that wants to spread PHP, for I've been
using
>> it for many years now =)
> 
> Many hosts are still on php 5.1.x (IE RHEL based hosts).
> I would be worried that many popular classes and apps might be quirky 
> under 5.3.
> 
> I've not played with it at all, and probably won't for some time, but 
> I've been bitten by that more than once.
> 
> Nice thing about 5.2.x as far as linux goes anyway, installing it is 
> cake from the package repositories. Using package repositories for php

> installs is suggested as security fixes can be updated with ease.
> 
> As someone running a newer version of php (5.2.9) than what my distro 
> ships with, here are some of the issues:

Manuel,

You might want to check on the release schedules for PHP 5.3(.1?) by the
major distributions. Even if they are close to the end of your class
schedule, will they be deployed that quickly to sites your students
could be working on? Or will they still be working with 5.2 for the
foreseeable future?

I have recently been told that we are switching from compiling Apache,
PHP and PostgreSQL ourselves to only using the official RedHat RPMs on
our production servers[*]. This is coupled with a move to a managed
hosting service. But since RH is not even shipping the most recent
version of 5.2, I don't expect to see a 5.3 RPM for some time. Maybe it
will have enough improvements to trigger an early update from them, but
who knows. After they release it, it will still be a while before we
pick it up, test it and deploy it. So even though I like some of the
changes in 5.3, I am stuck with 5.2 for at least another year, maybe
two.

Bob McConnell

[*] No, I don't like this at all. I see it as the antithesis of both the
Open Source and Free Software philosophies. It means we give up control
of some of the options we were selecting at compile time and have to
settle for somebody else's idea of the perfect server. I fully expect it
will come back to bite us at some point.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)

[Daniel Brown]

On Tue, Jun 23, 2009 at 04:12, Per Jessen wrote:
> Manuel Aude wrote:
>
>> I'm giving a PHP course next semester (3 hours all saturdays for 22
>> weeks) and I just realized that PHP 5.3 is coming very soon (2 days
>> now!). So, my plans of teaching PHP 5.2 are starting to change, and I
>> think it's a good idea to teach them 5.3 already.
>
> Does it _really_ matter which one?  I can't imagine there are that many
> revolutionary changes in a dot-release.

There are some major changes and additions introduced in 5.3.
However, some may consider it a wise idea to wait until at least 5.3.1
before putting it into production.  The public final release of PHP
5.3.0 is still a few days off, so starting with 5.2 and then
introducing the 5.3 branch during the course could not only be a great
idea for the OP, but also an exciting evolution during the class,
showing also in real-time how open source projects advance.

-- 

daniel.br...@parasane.net || danbr...@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
50% Off All Shared Hosting Plans at PilotPig: Use Coupon DOW1

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] [php] unable to use rar_open ()

[Lester Caine]

HELP! wrote:

I have install the windows
php_rar.dll extension
model in window  but I have problem using the functions

function extractZip( )
{
   $rar_file = rar_open('example.rar') or die("Failed to open Rar archive");
$entries_list = rar_list($rar_file);
 print_r($entries_list);
}
extractZip( );

*Fatal error*: Call to undefined function rar_open() in  on line *4*


Have you catually enabled it in php.ini?
And restarted Apache/IIS ?
--
Lester Caine - G8HFL
-
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk//
Firebird - http://www.firebirdsql.org/index.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] [php] unable to use rar_open ()

[HELP!]

I have install the windows
php_rar.dll extension
model in window  but I have problem using the functions

function extractZip( )
{
   $rar_file = rar_open('example.rar') or die("Failed to open Rar archive");
$entries_list = rar_list($rar_file);
 print_r($entries_list);
}
extractZip( );

*Fatal error*: Call to undefined function rar_open() in  on line *4*

[PHP] Re: Echo result in a loop on each instance

[Peter Ford]

Anton Heuschen wrote:
> I have a question regarding echo of a var/string in a loop on each instance
> 
> A shortened example:
> 
> Lets say I have an array of values (rather big), and then I loop
> through this array:
> 
> for or foreach :
> {
>$value = $arrValAll[$i];
> 
>echo "test".$i."--> ".$value;
> }
> 
> 
> When the script runs it will only start to echo values after certain
> period ... it does not echo immediately ... how can I force it start
> echo as soon as the first echo instance is done ? I thought ob_start
> does this but I have tried it and not getting what I want.
> 
> Is there some other way/correct to do this?


call flush() after each echo to flush the buffer to the client.
That should work...

-- 
Peter Ford  phone: 01580 89
Developer   fax:   01580 893399
Justcroft International Ltd., Staplehurst, Kent

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)

[Robert Cummings]

Michael A. Peters wrote:

Manuel Aude wrote:

I'm giving a PHP course next semester (3 hours all saturdays for 22 weeks)
and I just realized that PHP 5.3 is coming very soon (2 days now!). So, my
plans of teaching PHP 5.2 are starting to change, and I think it's a good
idea to teach them 5.3 already.

While the majority of the students use Windows, I'm aware that a vast amount
will be using Ubuntu/Debian (and some use Gentoo, Fedora and Arch)
distributions of Linux, so I'm hoping there won't be too many problems on
installation. I don't want to waste the entire first class fixing
installation problems, because that kills the student's motivation.

The course starts on August, but I'm preparing it during the last two weeks
of July. You think that installation packages will be bulletproof by then?
Or should I just teach 5.2 and wait for another semester before starting on
5.3? I mean, most hosts will remain with PHP 5.2 for the rest of the year,
so I'm a bit confused on what I should do.

I'm just a university student that wants to spread PHP, for I've been using
it for many years now =)

Thanks for the advices,
Mamsaac



Many hosts are still on php 5.1.x (IE RHEL based hosts).
I would be worried that many popular classes and apps might be quirky 
under 5.3.


I've not played with it at all, and probably won't for some time, but 
I've been bitten by that more than once.


Nice thing about 5.2.x as far as linux goes anyway, installing it is 
cake from the package repositories. Using package repositories for php 
installs is suggested as security fixes can be updated with ease.


As someone running a newer version of php (5.2.9) than what my distro 
ships with, here are some of the issues:


A) I needed to create packages so that I could RPM install various 
stuff, like Squirelmail, etc. - and get the security updates for them 
from my OS vendor (CentOS or EPEL repods). So to do that, I used the 
Fedora src.rpm.


B) When building php rpm's on my system, the %check portion of the spec 
file (runs make test I believe) fails sometimes if there is an existing 
php install. To solve that, you have to build it in mock.


C) Mock needs a lot of disk space and will download a lot of packages, 
if you don't local mirror the update repositories, it can be really time 
consuming. Furthermore, occasionally the build list for mock is broken 
making it un-usable for package building.


I have to use 5.2.x because I need a pecl extension that does not work 
with 5.1.x - and building rpm myself lets me add suhosin patch (to the 
fedora spec file) but unless your Linux students want to do absolutely 
everything php by source and not have anything installed from the 
package managers that rely on php, I would highly suggest that they use 
whatever version of php their distro of choice has in its stable 
repositories.


-=-

Since you are teaching students, one pet peeve of mine that I see in web 
app after web app after web app - they have an admin interface that 
writes a php file which the app then parses as php. Often they even 
instruct the person installing the web app to have 777 permissions of 
directories and/or files within the web root.


There's a better way. Either store the configuration settings in a 
database (obviously can't store database connection setting in the 
database ...) or store them in an xml file, not php.


You can write and read the xml file with any number of existing php 
functions. And the config file should not be in the web root, nothing 
the web server can write to should be in the document root.


Applications (like Gallery and I think joomla and wordpress) often want 
write permission to the document root so they can have a web interface 
to install/update their modules - but it creates a security risk. It's 
better to install the modules you want from a distro vendor repository 
so you can keep them up to date that way, and hence, it's better to use 
a packaged php install so that the dependencies are met.


Sorry for rambling, but the trend of web server having write permissions 
to files the web server then executes (and often in the web root) is a 
trend that needs to stop. So flunk the students that do it ;)


And how do you propose people get around open_basedir restrictions which 
is common in many Plesk environments?


There is nothing wrong with having the above mentioned write access if 
it is properly protected.


Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Echo result in a loop on each instance

[Anton Heuschen]

I have a question regarding echo of a var/string in a loop on each instance

A shortened example:

Lets say I have an array of values (rather big), and then I loop
through this array:

for or foreach :
{
   $value = $arrValAll[$i];

   echo "test".$i."--> ".$value;
}


When the script runs it will only start to echo values after certain
period ... it does not echo immediately ... how can I force it start
echo as soon as the first echo instance is done ? I thought ob_start
does this but I have tried it and not getting what I want.

Is there some other way/correct to do this?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)

[Michael A. Peters]

Manuel Aude wrote:

I'm giving a PHP course next semester (3 hours all saturdays for 22 weeks)
and I just realized that PHP 5.3 is coming very soon (2 days now!). So, my
plans of teaching PHP 5.2 are starting to change, and I think it's a good
idea to teach them 5.3 already.

While the majority of the students use Windows, I'm aware that a vast amount
will be using Ubuntu/Debian (and some use Gentoo, Fedora and Arch)
distributions of Linux, so I'm hoping there won't be too many problems on
installation. I don't want to waste the entire first class fixing
installation problems, because that kills the student's motivation.

The course starts on August, but I'm preparing it during the last two weeks
of July. You think that installation packages will be bulletproof by then?
Or should I just teach 5.2 and wait for another semester before starting on
5.3? I mean, most hosts will remain with PHP 5.2 for the rest of the year,
so I'm a bit confused on what I should do.

I'm just a university student that wants to spread PHP, for I've been using
it for many years now =)

Thanks for the advices,
Mamsaac



Many hosts are still on php 5.1.x (IE RHEL based hosts).
I would be worried that many popular classes and apps might be quirky 
under 5.3.


I've not played with it at all, and probably won't for some time, but 
I've been bitten by that more than once.


Nice thing about 5.2.x as far as linux goes anyway, installing it is 
cake from the package repositories. Using package repositories for php 
installs is suggested as security fixes can be updated with ease.


As someone running a newer version of php (5.2.9) than what my distro 
ships with, here are some of the issues:


A) I needed to create packages so that I could RPM install various 
stuff, like Squirelmail, etc. - and get the security updates for them 
from my OS vendor (CentOS or EPEL repods). So to do that, I used the 
Fedora src.rpm.


B) When building php rpm's on my system, the %check portion of the spec 
file (runs make test I believe) fails sometimes if there is an existing 
php install. To solve that, you have to build it in mock.


C) Mock needs a lot of disk space and will download a lot of packages, 
if you don't local mirror the update repositories, it can be really time 
consuming. Furthermore, occasionally the build list for mock is broken 
making it un-usable for package building.


I have to use 5.2.x because I need a pecl extension that does not work 
with 5.1.x - and building rpm myself lets me add suhosin patch (to the 
fedora spec file) but unless your Linux students want to do absolutely 
everything php by source and not have anything installed from the 
package managers that rely on php, I would highly suggest that they use 
whatever version of php their distro of choice has in its stable 
repositories.


-=-

Since you are teaching students, one pet peeve of mine that I see in web 
app after web app after web app - they have an admin interface that 
writes a php file which the app then parses as php. Often they even 
instruct the person installing the web app to have 777 permissions of 
directories and/or files within the web root.


There's a better way. Either store the configuration settings in a 
database (obviously can't store database connection setting in the 
database ...) or store them in an xml file, not php.


You can write and read the xml file with any number of existing php 
functions. And the config file should not be in the web root, nothing 
the web server can write to should be in the document root.


Applications (like Gallery and I think joomla and wordpress) often want 
write permission to the document root so they can have a web interface 
to install/update their modules - but it creates a security risk. It's 
better to install the modules you want from a distro vendor repository 
so you can keep them up to date that way, and hence, it's better to use 
a packaged php install so that the dependencies are met.


Sorry for rambling, but the trend of web server having write permissions 
to files the web server then executes (and often in the web root) is a 
trend that needs to stop. So flunk the students that do it ;)


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)

[Per Jessen]

Robert Cummings wrote:

> Per Jessen wrote:
>>>
>>> Coming to a PHP 5.3 near you are the following notable features:
>>>
>>>  - namespaces
>>>  - closures
>>>  - late static binding
>>>  - garbage collector to handle cyclic references
>>>  - PHAR
>>>  - goto
>> 
>> I hadn't actually seen/studied the list, but apart from the goto, I
>> don't consider any of those revolutionary :-)
> 
> Revolutionary, no. Major changes for PHP, yes! Major shifts in
> development practices for PHP... it depends on who you are or where
> you work, but certainly some of these will mark changes in development
> for many people.

Yes, I do see that - it won't mean much to my own PHP development, which
is probably clouding my view.  


/Per

-- 
Per Jessen, Zürich (13.4°C)


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)

[Robert Cummings]

Per Jessen wrote:

Robert Cummings wrote:


Per Jessen wrote:

Manuel Aude wrote:


I'm giving a PHP course next semester (3 hours all saturdays for 22
weeks) and I just realized that PHP 5.3 is coming very soon (2 days
now!). So, my plans of teaching PHP 5.2 are starting to change, and
I think it's a good idea to teach them 5.3 already.

Does it _really_ matter which one?  I can't imagine there are that
many revolutionary changes in a dot-release.

Given the naming of PHP versions of PHP-x.y.z, I would agree that not
much changes between versions at the .z level. But at the .y level
there are usually significant changes.

Coming to a PHP 5.3 near you are the following notable features:

 - namespaces
 - closures
 - late static binding
 - garbage collector to handle cyclic references
 - PHAR
 - goto


I hadn't actually seen/studied the list, but apart from the goto, I
don't consider any of those revolutionary :-)


Revolutionary, no. Major changes for PHP, yes! Major shifts in 
development practices for PHP... it depends on who you are or where you 
work, but certainly some of these will mark changes in development for 
many people.


Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)

[Per Jessen]

Robert Cummings wrote:

> Per Jessen wrote:
>> Manuel Aude wrote:
>> 
>>> I'm giving a PHP course next semester (3 hours all saturdays for 22
>>> weeks) and I just realized that PHP 5.3 is coming very soon (2 days
>>> now!). So, my plans of teaching PHP 5.2 are starting to change, and
>>> I think it's a good idea to teach them 5.3 already.
>> 
>> Does it _really_ matter which one?  I can't imagine there are that
>> many revolutionary changes in a dot-release.
> 
> Given the naming of PHP versions of PHP-x.y.z, I would agree that not
> much changes between versions at the .z level. But at the .y level
> there are usually significant changes.
> 
> Coming to a PHP 5.3 near you are the following notable features:
> 
>  - namespaces
>  - closures
>  - late static binding
>  - garbage collector to handle cyclic references
>  - PHAR
>  - goto

I hadn't actually seen/studied the list, but apart from the goto, I
don't consider any of those revolutionary :-)


/Per



-- 
Per Jessen, Zürich (13.8°C)


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I've some doubts if I should go with 5.2 or go alreadywith 5.3 (for a course)

[Peter Ford]

Robert Cummings wrote:
> Per Jessen wrote:
>> Manuel Aude wrote:
>>
>>> I'm giving a PHP course next semester (3 hours all saturdays for 22
>>> weeks) and I just realized that PHP 5.3 is coming very soon (2 days
>>> now!). So, my plans of teaching PHP 5.2 are starting to change, and I
>>> think it's a good idea to teach them 5.3 already.
>>
>> Does it _really_ matter which one?  I can't imagine there are that many
>> revolutionary changes in a dot-release.
> 
> Given the naming of PHP versions of PHP-x.y.z, I would agree that not
> much changes between versions at the .z level. But at the .y level there
> are usually significant changes.
> 
> Coming to a PHP 5.3 near you are the following notable features:
> 
> - namespaces
> - closures
> - late static binding
> - garbage collector to handle cyclic references
> - PHAR
> - goto
> 
> Cheers,
> Rob.

I read that last bit as
PHAR
togo

Need coffee...



-- 
Peter Ford  phone: 01580 89
Developer   fax:   01580 893399
Justcroft International Ltd., Staplehurst, Kent

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)

[Robert Cummings]

Manuel Aude wrote:

The thing is, that part of the planned course was to develop a small
framework, so that they could see the dynamic and OOP posibilities that PHP
offers. With PHP 5.3, there are namespaces, which change a lot the design of
a framework, as well as true lambdas with closures. So, naturally, the
architecture of this minimalistic framework changes and I have plans to
write it before the course starts.

Why a framework? If you know how an MVC framework is created and how it
works, you will most likely get into Zend Framework or CakePHP much faster.
Plus, it's a very good way to learn the language. It wouldn't be the first
one I've written, so it's not much trouble.

That's why I care about PHP 5.3. Now imagine if there were Traits!

Anyway, I think I will do as someone mentioned, and teach them 5.2 during
the entire course and then at the end show them some of 5.3.


I think going with 5.2 and then showing them the possibilities with 5.3 
afterwards is a good approach. This way when they finish they can work 
within older environments as well as the new.


Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)

[Robert Cummings]

Per Jessen wrote:

Manuel Aude wrote:


I'm giving a PHP course next semester (3 hours all saturdays for 22
weeks) and I just realized that PHP 5.3 is coming very soon (2 days
now!). So, my plans of teaching PHP 5.2 are starting to change, and I
think it's a good idea to teach them 5.3 already.


Does it _really_ matter which one?  I can't imagine there are that many
revolutionary changes in a dot-release.


Given the naming of PHP versions of PHP-x.y.z, I would agree that not 
much changes between versions at the .z level. But at the .y level there 
are usually significant changes.


Coming to a PHP 5.3 near you are the following notable features:

- namespaces
- closures
- late static binding
- garbage collector to handle cyclic references
- PHAR
- goto

Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)

[Manuel Aude]

The thing is, that part of the planned course was to develop a small
framework, so that they could see the dynamic and OOP posibilities that PHP
offers. With PHP 5.3, there are namespaces, which change a lot the design of
a framework, as well as true lambdas with closures. So, naturally, the
architecture of this minimalistic framework changes and I have plans to
write it before the course starts.

Why a framework? If you know how an MVC framework is created and how it
works, you will most likely get into Zend Framework or CakePHP much faster.
Plus, it's a very good way to learn the language. It wouldn't be the first
one I've written, so it's not much trouble.

That's why I care about PHP 5.3. Now imagine if there were Traits!

Anyway, I think I will do as someone mentioned, and teach them 5.2 during
the entire course and then at the end show them some of 5.3.

-- Forwarded message --
From: Per Jessen 
To: php-general@lists.php.net
Date: Tue, 23 Jun 2009 10:12:55 +0200
Subject: Re: [PHP] I've some doubts if I should go with 5.2 or go already
with 5.3 (for a course)
Manuel Aude wrote:

> I'm giving a PHP course next semester (3 hours all saturdays for 22
> weeks) and I just realized that PHP 5.3 is coming very soon (2 days
> now!). So, my plans of teaching PHP 5.2 are starting to change, and I
> think it's a good idea to teach them 5.3 already.

Does it _really_ matter which one?  I can't imagine there are that many
revolutionary changes in a dot-release.

Re: [PHP] XSS Preventing.

[Caner Bulut]

Michael,

I can be useful for me. It seems there will be not ant charset problem
occurs.

Thanks for help.
Caner.


2009/6/23 Michael A. Peters 

> Caner BULUT wrote:
>
>> Hi Guys,
>>
>>
>> I have a question if you have any knowledge about this please let me know.
>>
>>
>> I getting data from a form with POST method like following.
>>
>>
>> $x = htmlentities($_POST['y']);
>>
>> .
>>
>>
>> After getting all form daha I save them into DB, I used
>> mysql_real_escape_string.
>>
>
> Don't try to home brew your own.
> You'll miss stuff.
>
> Use an input filter class that is developed by and tested by a large number
> of users.
>
> http://htmlpurifier.org/
>
> is what I recommend.
>
> Also, with respect to mysql_real_escape - if you use prepared statements,
> escaping isn't an issue.
>
> Personally I recommend a database extraction later.
> Pear MDB2 is a good one.
> It makes your code portable to other databases as long as you stick to
> standard SQL (which usually is pretty easy to do).
>

[PHP] Re: I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)

[Colin Guthrie]

'Twas brillig, and Manuel Aude at 23/06/09 08:38 did gyre and gimble:

I'm giving a PHP course next semester (3 hours all saturdays for 22 weeks)
and I just realized that PHP 5.3 is coming very soon (2 days now!). So, my
plans of teaching PHP 5.2 are starting to change, and I think it's a good
idea to teach them 5.3 already.

While the majority of the students use Windows, I'm aware that a vast amount
will be using Ubuntu/Debian (and some use Gentoo, Fedora and Arch)
distributions of Linux, so I'm hoping there won't be too many problems on
installation. I don't want to waste the entire first class fixing
installation problems, because that kills the student's motivation.

The course starts on August, but I'm preparing it during the last two weeks
of July. You think that installation packages will be bulletproof by then?
Or should I just teach 5.2 and wait for another semester before starting on
5.3? I mean, most hosts will remain with PHP 5.2 for the rest of the year,
so I'm a bit confused on what I should do.


Well I'd imagine the vast majority of your course will be covering the 
basic principles of PHP coding, techniques, GPP, frameworks etc.


Generally most people will want to use a Framework, (Zend, Cake, etc.) 
which will take a while to adopt PHP 5.3 anyway (some still support PHP4 
so what hope is there to use features of PHP5.3 anyway soon!) so I'd 
suggest teaching the basics on a PHP5.x system and then perhaps spend 
two or three sessions at the end covering the newer stuff from PHP 5.3.


That's probably the way I'd go, and you can give people some prior 
warning to try and get a PHP 5.3 install up and running for the x'th 
week of the course.


Col


--

Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/

Day Job:
  Tribalogic Limited [http://www.tribalogic.net/]
Open Source:
  Mandriva Linux Contributor [http://www.mandriva.com/]
  PulseAudio Hacker [http://www.pulseaudio.org/]
  Trac Hacker [http://trac.edgewall.org/]


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)

[Eddie Drapkin]

Why not give a presentation, like in the first few, about compiling
PHP for yourself, as that's a pretty useful skill that's oft
neglected?

On Tue, Jun 23, 2009 at 4:12 AM, Per Jessen wrote:
> Manuel Aude wrote:
>
>> I'm giving a PHP course next semester (3 hours all saturdays for 22
>> weeks) and I just realized that PHP 5.3 is coming very soon (2 days
>> now!). So, my plans of teaching PHP 5.2 are starting to change, and I
>> think it's a good idea to teach them 5.3 already.
>
> Does it _really_ matter which one?  I can't imagine there are that many
> revolutionary changes in a dot-release.
>
>
> /Per
>
> --
> Per Jessen, Zürich (12.2°C)
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)

[Per Jessen]

Manuel Aude wrote:

> I'm giving a PHP course next semester (3 hours all saturdays for 22
> weeks) and I just realized that PHP 5.3 is coming very soon (2 days
> now!). So, my plans of teaching PHP 5.2 are starting to change, and I
> think it's a good idea to teach them 5.3 already.

Does it _really_ matter which one?  I can't imagine there are that many
revolutionary changes in a dot-release.


/Per

-- 
Per Jessen, Zürich (12.2°C)


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)

[Manuel Aude]

I'm giving a PHP course next semester (3 hours all saturdays for 22 weeks)
and I just realized that PHP 5.3 is coming very soon (2 days now!). So, my
plans of teaching PHP 5.2 are starting to change, and I think it's a good
idea to teach them 5.3 already.

While the majority of the students use Windows, I'm aware that a vast amount
will be using Ubuntu/Debian (and some use Gentoo, Fedora and Arch)
distributions of Linux, so I'm hoping there won't be too many problems on
installation. I don't want to waste the entire first class fixing
installation problems, because that kills the student's motivation.

The course starts on August, but I'm preparing it during the last two weeks
of July. You think that installation packages will be bulletproof by then?
Or should I just teach 5.2 and wait for another semester before starting on
5.3? I mean, most hosts will remain with PHP 5.2 for the rest of the year,
so I'm a bit confused on what I should do.

I'm just a university student that wants to spread PHP, for I've been using
it for many years now =)

Thanks for the advices,
Mamsaac