php-general Digest 24 Jun 2009 08:52:45 -0000 Issue 6192
php-general Digest 24 Jun 2009 08:52:45 - Issue 6192 Topics (messages 294486 through 294506): Re: supplied argument errors 294486 by: PJ 294489 by: Lex Braun 294491 by: kranthi 294497 by: Shawn McKenzie Re: delete insert ? 294487 by: Bastien Koert Re: modifying within foreach 294488 by: Eddie Drapkin 294490 by: Martin Scotta Re: I've some doubts if I should go with 5.2 or go already with 5.3 (for a course) 294492 by: Manuel Aude 294493 by: Michael A. Peters 294494 by: Michael A. Peters 294506 by: Robert Cummings Re: Using large multi dimenstional arrays in js 294495 by: Simon PHP module portability on OSX 10.4 294496 by: Matt Neimeyer Re: resubmit form after validation error 294498 by: Shawn McKenzie Re: XSS Preventing. 294499 by: Martin Zvarík Re: Deleting a file after download/upload 294500 by: Shawn McKenzie anyone using session_mysql successfully 294501 by: Randy Paries 294502 by: Michael A. Peters Progressbar 294503 by: Teun Lassche 294504 by: Tom Sparks 294505 by: Nitsan Bin-Nun Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- Lex Braun wrote: On Tue, Jun 23, 2009 at 4:10 PM, PJ af.gour...@videotron.ca mailto:af.gour...@videotron.ca wrote: I think there is something I do not understand in the manual about mysql_fetch_assoc(), mysql_affected_rows() The code works, but I get these annoying messages. snippet: snip What are the warnings? 1 .supplied argument is not a valid MySQL result resource 2. supplied argument is not a valid MySQL-link resource snippet: $result = mysql_query($sql, $db); // this is following an UPDATE $row = mysql_fetch_assoc($result); // warning... 1. if (mysql_affected_rows($result) !== -1) //warning...2. print_r($result); // returns 1 another: $sql = DELETE FROM book_categories WHERE bookID = $bid; $result = mysql_query($sql, $db); // warning...1. $row = mysql_fetch_assoc($result); // warning...1. if (mysql_num_rows($result) !== 0) { the last: $result = mysql_query($sql,$db); // following an INSERT if (mysql_affected_rows($result) == -1) { // warning2. -- Hervé Kempf: Pour sauver la planète, sortez du capitalisme. - Phil Jourdan --- p...@ptahhotep.com http://www.ptahhotep.com http://www.chiccantine.com/andypantry.php ---End Message--- ---BeginMessage--- On Tue, Jun 23, 2009 at 4:10 PM, PJ af.gour...@videotron.ca wrote: I think there is something I do not understand in the manual about mysql_fetch_assoc(), mysql_affected_rows() The code works, but I get these annoying messages. snippet: snip What are the warnings? ---End Message--- ---BeginMessage--- the code works? the above warnings suggest that ter is a mysql syntax error. moreover the documentation of mysql_affected_rows suggests that u should supply a valid recource identifier but not a mysql result resource. i.e., the above should be mysql_affected_rows($db) ---End Message--- ---BeginMessage--- kranthi wrote: the code works? the above warnings suggest that ter is a mysql syntax error. moreover the documentation of mysql_affected_rows suggests that u should supply a valid recource identifier but not a mysql result resource. i.e., the above should be mysql_affected_rows($db) Yes, so: 1. It was an UPDATE and not a SELECT, how would it return any f'ing rows?!?! $rows is either TRUE or FALSE, because it returns whether the UPDATE was successful or not. 2. Please read the f'ing manual about what kranthi said! -- Thanks! -Shawn http://www.spidean.com ---End Message--- ---BeginMessage--- On Tue, Jun 23, 2009 at 4:20 PM, PJaf.gour...@videotron.ca wrote: I just had a bright idea ??? Am doing editing file for book entries; it occurs to me (now that I am practically finished) that it might be much simpler to delete entries and just insert rather than going through the rigamarole of checking if the new entries exist and if and if and if... just delete insert - less code, less headaches... or is this a cute fantasy I should get myself locked up? Guys, don't go overboard on this... I know I'm leaving myself wide open :-P -- Hervé Kempf: Pour sauver la planète, sortez du capitalisme. - Phil Jourdan --- p...@ptahhotep.com http://www.ptahhotep.com http://www.chiccantine.com/andypantry.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
Re: [PHP] Progressbar
have you looked at http://postlet.com/ ? tom_a_sparks Please avoid sending me Word or PowerPoint attachments. but instead use OpenDocument File Formats or use OpenOffice http://en.wikipedia.org/wiki/OpenDocument http://en.wikipedia.org/wiki/OpenOffice.org http://www.gnu.org/philosophy/no-word-attachments.html --- On Wed, 24/6/09, Teun Lassche teun.lass...@gmail.com wrote: From: Teun Lassche teun.lass...@gmail.com Subject: [PHP] Progressbar To: php-general@lists.php.net Received: Wednesday, 24 June, 2009, 3:55 PM I'm making an upload script with PHP, is there a way I can show a progressbar while uploading? -- Teun Lassche Bill Cosby http://www.brainyquote.com/quotes/authors/b/bill_cosby.html - A word to the wise ain't necessary - it's the stupid ones that need the advice. Access Yahoo!7 Mail on your mobile. Anytime. Anywhere. Show me how: http://au.mobile.yahoo.com/mail -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Progressbar
You can use either perl uploading with ajax or flash uploader. For the perl - google 'uber uploader' For the flash - google 'flash uploader site:de' and get into the first it should pop up something with fancy I think.. Good luck mate! On Wed, Jun 24, 2009 at 8:20 AM, Tom Sparks tom_a_spa...@yahoo.com.auwrote: have you looked at http://postlet.com/ ? tom_a_sparks Please avoid sending me Word or PowerPoint attachments. but instead use OpenDocument File Formats or use OpenOffice http://en.wikipedia.org/wiki/OpenDocument http://en.wikipedia.org/wiki/OpenOffice.org http://www.gnu.org/philosophy/no-word-attachments.html --- On Wed, 24/6/09, Teun Lassche teun.lass...@gmail.com wrote: From: Teun Lassche teun.lass...@gmail.com Subject: [PHP] Progressbar To: php-general@lists.php.net Received: Wednesday, 24 June, 2009, 3:55 PM I'm making an upload script with PHP, is there a way I can show a progressbar while uploading? -- Teun Lassche Bill Cosby http://www.brainyquote.com/quotes/authors/b/bill_cosby.html - A word to the wise ain't necessary - it's the stupid ones that need the advice. Access Yahoo!7 Mail on your mobile. Anytime. Anywhere. Show me how: http://au.mobile.yahoo.com/mail -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)
Michael A. Peters wrote: Robert Cummings wrote: Michael A. Peters wrote: Manuel Aude wrote: I'm giving a PHP course next semester (3 hours all saturdays for 22 weeks) and I just realized that PHP 5.3 is coming very soon (2 days now!). So, my plans of teaching PHP 5.2 are starting to change, and I think it's a good idea to teach them 5.3 already. While the majority of the students use Windows, I'm aware that a vast amount will be using Ubuntu/Debian (and some use Gentoo, Fedora and Arch) distributions of Linux, so I'm hoping there won't be too many problems on installation. I don't want to waste the entire first class fixing installation problems, because that kills the student's motivation. The course starts on August, but I'm preparing it during the last two weeks of July. You think that installation packages will be bulletproof by then? Or should I just teach 5.2 and wait for another semester before starting on 5.3? I mean, most hosts will remain with PHP 5.2 for the rest of the year, so I'm a bit confused on what I should do. I'm just a university student that wants to spread PHP, for I've been using it for many years now =) Thanks for the advices, Mamsaac Many hosts are still on php 5.1.x (IE RHEL based hosts). I would be worried that many popular classes and apps might be quirky under 5.3. I've not played with it at all, and probably won't for some time, but I've been bitten by that more than once. Nice thing about 5.2.x as far as linux goes anyway, installing it is cake from the package repositories. Using package repositories for php installs is suggested as security fixes can be updated with ease. As someone running a newer version of php (5.2.9) than what my distro ships with, here are some of the issues: A) I needed to create packages so that I could RPM install various stuff, like Squirelmail, etc. - and get the security updates for them from my OS vendor (CentOS or EPEL repods). So to do that, I used the Fedora src.rpm. B) When building php rpm's on my system, the %check portion of the spec file (runs make test I believe) fails sometimes if there is an existing php install. To solve that, you have to build it in mock. C) Mock needs a lot of disk space and will download a lot of packages, if you don't local mirror the update repositories, it can be really time consuming. Furthermore, occasionally the build list for mock is broken making it un-usable for package building. I have to use 5.2.x because I need a pecl extension that does not work with 5.1.x - and building rpm myself lets me add suhosin patch (to the fedora spec file) but unless your Linux students want to do absolutely everything php by source and not have anything installed from the package managers that rely on php, I would highly suggest that they use whatever version of php their distro of choice has in its stable repositories. -=- Since you are teaching students, one pet peeve of mine that I see in web app after web app after web app - they have an admin interface that writes a php file which the app then parses as php. Often they even instruct the person installing the web app to have 777 permissions of directories and/or files within the web root. There's a better way. Either store the configuration settings in a database (obviously can't store database connection setting in the database ...) or store them in an xml file, not php. You can write and read the xml file with any number of existing php functions. And the config file should not be in the web root, nothing the web server can write to should be in the document root. Applications (like Gallery and I think joomla and wordpress) often want write permission to the document root so they can have a web interface to install/update their modules - but it creates a security risk. It's better to install the modules you want from a distro vendor repository so you can keep them up to date that way, and hence, it's better to use a packaged php install so that the dependencies are met. Sorry for rambling, but the trend of web server having write permissions to files the web server then executes (and often in the web root) is a trend that needs to stop. So flunk the students that do it ;) And how do you propose people get around open_basedir restrictions which is common in many Plesk environments? There is nothing wrong with having the above mentioned write access if it is properly protected. Nothing wrong other than any vulnerability in apache (or a module apache loads or cgi/server script code) that allows a malicious user to write data as the apache user can now do so inside the web root where they can then request it causing php/perl/python/whatever to execute the code they just wrote. This is fear mongering. I could make the same argument that making use of a webserver opens you up to any vulnerability in the webserver that may provide access to the entire filesystem. The
[PHP] Validation data - question
Hi guys, Does anyone know how to write validation for data witch contains letters such as šđčćž (those are Serbian letters)? Here is part of my code where it does validation: $admins_validation = array('name'= '/^[[:alnum:][:punct:][:space:]]{1,50}$/', 'surname' = '/^[[:alnum:][:punct:][:space:]]{1,50}$/', 'email' = '/^[A-Za-z0-9]+((\.|-|_)[A-Za-z0-9]+)*...@[a-za-z0-9]+((\.|-)[A-Za-z0-9]+)*\.[A-Za-z0-9]+$/', .. ); So, for example if someone enters name Dušan it won't except it. -- made by Dusan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Progressbar
Teun Lassche wrote: I'm making an upload script with PHP, is there a way I can show a progressbar while uploading? Yes. Assuming you are using php 5.2.x you can use the PECL extension uploadprogress. http://pecl.php.net/package/uploadprogress/ I am successfully using it with php 5.2.9 on i386 and x86_64 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Validation data - question
Dušan Novaković wrote: Hi guys, Does anyone know how to write validation for data witch contains letters such as šđčćž (those are Serbian letters)? Here is part of my code where it does validation: $admins_validation = array('name' = '/^[[:alnum:][:punct:][:space:]]{1,50}$/', 'surname' = '/^[[:alnum:][:punct:][:space:]]{1,50}$/', 'email'= '/^[A-Za-z0-9]+((\.|-|_)[A-Za-z0-9]+)*...@[a-za-z0-9]+((\.|- [A-Za-z0-9]+)*\.[A-Za-z0-9]+$/', .. ); So, for example if someone enters name Dušan it won't except it. I'm pretty certain you only have to set the right locale - that should make [:alnum:] include the right characters as per the locale. If you need to accept other characters (that aren't alphanums in Serbian), you may need to write your own character classes, but that's easy. /Per -- Per Jessen, Zürich (11.5°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] chmod - Opertaion not permitted in ....
Hi all Got a problem don't know how to get in really.. simple code: ?php chmod(/aaa/bbb.php, 0777); ? and I get a warning says Operations not permitted in . Anyone met this before? I've done quite a lot reading on Google but couldn't get to it. THanks
Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)
Robert Cummings wrote: Michael A. Peters wrote: Robert Cummings wrote: Michael A. Peters wrote: Manuel Aude wrote: I'm giving a PHP course next semester (3 hours all saturdays for 22 weeks) and I just realized that PHP 5.3 is coming very soon (2 days now!). So, my plans of teaching PHP 5.2 are starting to change, and I think it's a good idea to teach them 5.3 already. While the majority of the students use Windows, I'm aware that a vast amount will be using Ubuntu/Debian (and some use Gentoo, Fedora and Arch) distributions of Linux, so I'm hoping there won't be too many problems on installation. I don't want to waste the entire first class fixing installation problems, because that kills the student's motivation. The course starts on August, but I'm preparing it during the last two weeks of July. You think that installation packages will be bulletproof by then? Or should I just teach 5.2 and wait for another semester before starting on 5.3? I mean, most hosts will remain with PHP 5.2 for the rest of the year, so I'm a bit confused on what I should do. I'm just a university student that wants to spread PHP, for I've been using it for many years now =) Thanks for the advices, Mamsaac Many hosts are still on php 5.1.x (IE RHEL based hosts). I would be worried that many popular classes and apps might be quirky under 5.3. I've not played with it at all, and probably won't for some time, but I've been bitten by that more than once. Nice thing about 5.2.x as far as linux goes anyway, installing it is cake from the package repositories. Using package repositories for php installs is suggested as security fixes can be updated with ease. As someone running a newer version of php (5.2.9) than what my distro ships with, here are some of the issues: A) I needed to create packages so that I could RPM install various stuff, like Squirelmail, etc. - and get the security updates for them from my OS vendor (CentOS or EPEL repods). So to do that, I used the Fedora src.rpm. B) When building php rpm's on my system, the %check portion of the spec file (runs make test I believe) fails sometimes if there is an existing php install. To solve that, you have to build it in mock. C) Mock needs a lot of disk space and will download a lot of packages, if you don't local mirror the update repositories, it can be really time consuming. Furthermore, occasionally the build list for mock is broken making it un-usable for package building. I have to use 5.2.x because I need a pecl extension that does not work with 5.1.x - and building rpm myself lets me add suhosin patch (to the fedora spec file) but unless your Linux students want to do absolutely everything php by source and not have anything installed from the package managers that rely on php, I would highly suggest that they use whatever version of php their distro of choice has in its stable repositories. -=- Since you are teaching students, one pet peeve of mine that I see in web app after web app after web app - they have an admin interface that writes a php file which the app then parses as php. Often they even instruct the person installing the web app to have 777 permissions of directories and/or files within the web root. There's a better way. Either store the configuration settings in a database (obviously can't store database connection setting in the database ...) or store them in an xml file, not php. You can write and read the xml file with any number of existing php functions. And the config file should not be in the web root, nothing the web server can write to should be in the document root. Applications (like Gallery and I think joomla and wordpress) often want write permission to the document root so they can have a web interface to install/update their modules - but it creates a security risk. It's better to install the modules you want from a distro vendor repository so you can keep them up to date that way, and hence, it's better to use a packaged php install so that the dependencies are met. Sorry for rambling, but the trend of web server having write permissions to files the web server then executes (and often in the web root) is a trend that needs to stop. So flunk the students that do it ;) And how do you propose people get around open_basedir restrictions which is common in many Plesk environments? There is nothing wrong with having the above mentioned write access if it is properly protected. Nothing wrong other than any vulnerability in apache (or a module apache loads or cgi/server script code) that allows a malicious user to write data as the apache user can now do so inside the web root where they can then request it causing php/perl/python/whatever to execute the code they just wrote. This is fear mongering. No. It is not. The web root should be read only. I could make the same argument that making use of a webserver opens you up to any vulnerability
Re: [PHP] chmod - Opertaion not permitted in ....
Morris wrote: Hi all Got a problem don't know how to get in really.. simple code: ?php chmod(/aaa/bbb.php, 0777); ? and I get a warning says Operations not permitted in . Anyone met this before? I've done quite a lot reading on Google but couldn't get to it. THanks Many servers do not allow the apache (or php) to change file permissions. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Progressbar
Morris wrote: Assumed you are using form uploading, could redirect to the page itself and play a Flash while uploading. I think this is the simplest way other than putting in mass codes I open up a small window via javascript that then uses javascript and css to make a progress bar. I'll share the code if anyone wants it, though it probably needs some tweaking as I don't think it validates. It works though. M 2009/6/24 Michael A. Peters mpet...@mac.com mailto:mpet...@mac.com Teun Lassche wrote: I'm making an upload script with PHP, is there a way I can show a progressbar while uploading? Yes. Assuming you are using php 5.2.x you can use the PECL extension uploadprogress. http://pecl.php.net/package/uploadprogress/ I am successfully using it with php 5.2.9 on i386 and x86_64 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Progressbar
Thanks to you all guys, I'll try to get it working! On Wed, Jun 24, 2009 at 12:24, Michael A. Peters mpet...@mac.com wrote: Morris wrote: Assumed you are using form uploading, could redirect to the page itself and play a Flash while uploading. I think this is the simplest way other than putting in mass codes I open up a small window via javascript that then uses javascript and css to make a progress bar. I'll share the code if anyone wants it, though it probably needs some tweaking as I don't think it validates. It works though. M 2009/6/24 Michael A. Peters mpet...@mac.com mailto:mpet...@mac.com Teun Lassche wrote: I'm making an upload script with PHP, is there a way I can show a progressbar while uploading? Yes. Assuming you are using php 5.2.x you can use the PECL extension uploadprogress. http://pecl.php.net/package/uploadprogress/ I am successfully using it with php 5.2.9 on i386 and x86_64 --PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Teun Lassche Laurence J. Peterhttp://www.brainyquote.com/quotes/authors/l/laurence_j_peter.html - If two wrongs don't make a right, try three.
Re: [PHP] Progressbar
you can give this a try http://www.uploadify.com/ a jquery plugin.
Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)
Michael A. Peters wrote: Robert Cummings wrote: Michael A. Peters wrote: Robert Cummings wrote: Michael A. Peters wrote: Manuel Aude wrote: I'm giving a PHP course next semester (3 hours all saturdays for 22 weeks) and I just realized that PHP 5.3 is coming very soon (2 days now!). So, my plans of teaching PHP 5.2 are starting to change, and I think it's a good idea to teach them 5.3 already. While the majority of the students use Windows, I'm aware that a vast amount will be using Ubuntu/Debian (and some use Gentoo, Fedora and Arch) distributions of Linux, so I'm hoping there won't be too many problems on installation. I don't want to waste the entire first class fixing installation problems, because that kills the student's motivation. The course starts on August, but I'm preparing it during the last two weeks of July. You think that installation packages will be bulletproof by then? Or should I just teach 5.2 and wait for another semester before starting on 5.3? I mean, most hosts will remain with PHP 5.2 for the rest of the year, so I'm a bit confused on what I should do. I'm just a university student that wants to spread PHP, for I've been using it for many years now =) Thanks for the advices, Mamsaac Many hosts are still on php 5.1.x (IE RHEL based hosts). I would be worried that many popular classes and apps might be quirky under 5.3. I've not played with it at all, and probably won't for some time, but I've been bitten by that more than once. Nice thing about 5.2.x as far as linux goes anyway, installing it is cake from the package repositories. Using package repositories for php installs is suggested as security fixes can be updated with ease. As someone running a newer version of php (5.2.9) than what my distro ships with, here are some of the issues: A) I needed to create packages so that I could RPM install various stuff, like Squirelmail, etc. - and get the security updates for them from my OS vendor (CentOS or EPEL repods). So to do that, I used the Fedora src.rpm. B) When building php rpm's on my system, the %check portion of the spec file (runs make test I believe) fails sometimes if there is an existing php install. To solve that, you have to build it in mock. C) Mock needs a lot of disk space and will download a lot of packages, if you don't local mirror the update repositories, it can be really time consuming. Furthermore, occasionally the build list for mock is broken making it un-usable for package building. I have to use 5.2.x because I need a pecl extension that does not work with 5.1.x - and building rpm myself lets me add suhosin patch (to the fedora spec file) but unless your Linux students want to do absolutely everything php by source and not have anything installed from the package managers that rely on php, I would highly suggest that they use whatever version of php their distro of choice has in its stable repositories. -=- Since you are teaching students, one pet peeve of mine that I see in web app after web app after web app - they have an admin interface that writes a php file which the app then parses as php. Often they even instruct the person installing the web app to have 777 permissions of directories and/or files within the web root. There's a better way. Either store the configuration settings in a database (obviously can't store database connection setting in the database ...) or store them in an xml file, not php. You can write and read the xml file with any number of existing php functions. And the config file should not be in the web root, nothing the web server can write to should be in the document root. Applications (like Gallery and I think joomla and wordpress) often want write permission to the document root so they can have a web interface to install/update their modules - but it creates a security risk. It's better to install the modules you want from a distro vendor repository so you can keep them up to date that way, and hence, it's better to use a packaged php install so that the dependencies are met. Sorry for rambling, but the trend of web server having write permissions to files the web server then executes (and often in the web root) is a trend that needs to stop. So flunk the students that do it ;) And how do you propose people get around open_basedir restrictions which is common in many Plesk environments? There is nothing wrong with having the above mentioned write access if it is properly protected. Nothing wrong other than any vulnerability in apache (or a module apache loads or cgi/server script code) that allows a malicious user to write data as the apache user can now do so inside the web root where they can then request it causing php/perl/python/whatever to execute the code they just wrote. This is fear mongering. No. It is not. The web root should be read only. Please cite references as to why it should be read only. Please explain
Re: [PHP] Progressbar
Michael A. Peters wrote: Morris wrote: Assumed you are using form uploading, could redirect to the page itself and play a Flash while uploading. I think this is the simplest way other than putting in mass codes I open up a small window via javascript that then uses javascript and css to make a progress bar. I'll share the code if anyone wants it, though it probably needs some tweaking as I don't think it validates. It works though. http://www.clfsrpm.net/excode/uploadprogress.phps and http://www.clfsrpm.net/excode/uploadiframe.phps in the form, BEFORE the file inputs, a hidden input - $upid = md5(microtime() . rand()); input type=hidden id=UPLOAD_IDENTIFIER name=UPLOAD_IDENTIFIER value=?php echo($upid);? / Then when submit is clicked, it open a new window with the src uploadprogress.php?ID=?php echo($upid);? for rpm linux users, a src.rpm for uploadprogress is here: http://www.clfsrpm.net/php/ 1.0.1 is now out, but I haven't updated to it yet. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Including Due by in an email sent from PHP program
Hi: does anyone know how to include a Due by attribute with a dare in an email that is sent from a PHP script. This value is acts as an reminder when the email is in Outlook. TIA -- Thank you, RaVi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] supplied argument errors
PJ wrote: Lex Braun wrote: On Tue, Jun 23, 2009 at 4:10 PM, PJ af.gour...@videotron.ca mailto:af.gour...@videotron.ca wrote: I think there is something I do not understand in the manual about mysql_fetch_assoc(), mysql_affected_rows() The code works, but I get these annoying messages. snippet: snip What are the warnings? 1 .supplied argument is not a valid MySQL result resource 2. supplied argument is not a valid MySQL-link resource snippet: $result = mysql_query($sql, $db); // this is following an UPDATE $row = mysql_fetch_assoc($result); // warning... 1. if (mysql_affected_rows($result) !== -1) //warning...2. print_r($result); // returns 1 another: $sql = DELETE FROM book_categories WHERE bookID = $bid; $result = mysql_query($sql, $db); // warning...1. $row = mysql_fetch_assoc($result); // warning...1. if (mysql_num_rows($result) !== 0) { the last: $result = mysql_query($sql,$db); // following an INSERT if (mysql_affected_rows($result) == -1) { // warning2. Oh for $deity's sake, haven't you yet learned to a) echo your query and b) use mysql_error() as aids to debugging errors with mysql ??? Cheers -- David Robley Imagery is All In The Mind. Today is Setting Orange, the 29th day of Confusion in the YOLD 3175. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] CSV file
Hi, i would like to import the content of a CSV file into my database. but in order to show a progress bar to user (to let him know that process is still working on) i would like to determine before to start, how many records / lines are in the CSV file. is there a way to do that ? thanks a lot. -- Alain --- Windows XP x64 SP2 / Fedora 10 KDE 4.2 PostgreSQL 8.3.5 / MS SQL server 2005 Apache 2.2.10 PHP 5.2.6 C# 2005-2008
Re: [PHP] CSV file
You can read the whole file (file_get_contents) and count the number of \n in it, or read it line by line with fgets and store the lines in an array, and then the number of lines is the count() of the array, and you can use that array to store it in the database. Jonathan On Wed, Jun 24, 2009 at 9:05 AM, Alain Rogerraf.n...@gmail.com wrote: Hi, i would like to import the content of a CSV file into my database. but in order to show a progress bar to user (to let him know that process is still working on) i would like to determine before to start, how many records / lines are in the CSV file. is there a way to do that ? thanks a lot. -- Alain --- Windows XP x64 SP2 / Fedora 10 KDE 4.2 PostgreSQL 8.3.5 / MS SQL server 2005 Apache 2.2.10 PHP 5.2.6 C# 2005-2008 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Including Due by in an email sent from PHP program
On Wed, Jun 24, 2009 at 6:54 AM, Ravirav...@cox.net wrote: Hi: does anyone know how to include a Due by attribute with a dare in an email that is sent from a PHP script. This value is acts as an reminder when the email is in Outlook. TIA -- Thank you, RaVi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php You would need to include the iCAL or vCAL standard to allow Outlook to add it to the calendar. -- Bastien Cat, the other other white meat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CSV file
Hi, You can read the whole file (file_get_contents) and count the number of \n in it, or read it line by line with fgets and store the lines in an array, and then the number of lines is the count() of the array, and you can use that array to store it in the database. If you have a billion line CSV then speed may suffer somewhat though. Best to still use fgets() or fgetcsv() and count as you go. -- Richard Heyes HTML5 graphing: RGraph (www.rgraph.net - updated 20th June) PHP mail: RMail (www.phpguru.org/rmail) PHP datagrid: RGrid (www.phpguru.org/rgrid) PHP Template: RTemplate (www.phpguru.org/rtemplate) PHP SMTP: http://www.phpguru.org/smtp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CSV file
If you want to know how many lines there are *before* inserting to the database, you can't count as you go, you have to either read the file twice or read it once, store it memory in a variable and then insert in the database. On Wed, Jun 24, 2009 at 11:12 AM, Richard Heyesrich...@php.net wrote: Hi, You can read the whole file (file_get_contents) and count the number of \n in it, or read it line by line with fgets and store the lines in an array, and then the number of lines is the count() of the array, and you can use that array to store it in the database. If you have a billion line CSV then speed may suffer somewhat though. Best to still use fgets() or fgetcsv() and count as you go. -- Richard Heyes HTML5 graphing: RGraph (www.rgraph.net - updated 20th June) PHP mail: RMail (www.phpguru.org/rmail) PHP datagrid: RGrid (www.phpguru.org/rgrid) PHP Template: RTemplate (www.phpguru.org/rtemplate) PHP SMTP: http://www.phpguru.org/smtp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] anyone using session_mysql successfully
Michael A. Peters wrote: Randy Paries wrote: Hello, i am trying to get session_mysql http://websupport.sk/~stanojr/projects/session_mysql/ It configured, compiled and installed ok (no errors anyways) but i am getting an error session_start() [a href='function.session-start'function.session-start/a]: Cannot find save handler mysql in I was hoping someone in the group was using this and has seen the error Thanks Randy Not sure about your problem but you shouldn't need to use a compiled module to use MySQL (or any other database) for sessions. There are several tutorials on the web, not of which involve compiling squat. Just use this: http://us.php.net/manual/en/function.session-set-save-handler.php And define functions for the different operations. -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CSV file
2009/6/24 Jonathan Tapicer tapi...@gmail.com: If you want to know how many lines there are *before* inserting to the database, you can't count as you go, you have to either read the file twice or read it once, store it memory in a variable and then insert in the database. Do it in bytes rather than lines, then you don't waste time loading the file twice and you'll get the same end result. -Stuart -- http://stut.net/ On Wed, Jun 24, 2009 at 11:12 AM, Richard Heyesrich...@php.net wrote: Hi, You can read the whole file (file_get_contents) and count the number of \n in it, or read it line by line with fgets and store the lines in an array, and then the number of lines is the count() of the array, and you can use that array to store it in the database. If you have a billion line CSV then speed may suffer somewhat though. Best to still use fgets() or fgetcsv() and count as you go. -- Richard Heyes HTML5 graphing: RGraph (www.rgraph.net - updated 20th June) PHP mail: RMail (www.phpguru.org/rmail) PHP datagrid: RGrid (www.phpguru.org/rgrid) PHP Template: RTemplate (www.phpguru.org/rtemplate) PHP SMTP: http://www.phpguru.org/smtp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] chmod - Opertaion not permitted in ....
Michael A. Peters wrote: Morris wrote: Hi all Got a problem don't know how to get in really.. simple code: ?php chmod(/aaa/bbb.php, 0777); ? and I get a warning says Operations not permitted in . Anyone met this before? I've done quite a lot reading on Google but couldn't get to it. THanks Many servers do not allow the apache (or php) to change file permissions. Most likely the apache user doesn't own the file. You can't CHMOD a file if you don't own it. -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] best way to communicate between PHP, Flash/Actionscript across LAN
At 12:33 PM -0700 6/23/09, Daevid Vincent wrote: Other solutions seem to involve (hackishly) polling every x seconds. Seems there should be a better way. d There might not be a better solution. This is an example of javascript poling a php script: http://webbytedd.com/b/timed-php/ This is simply client-side - sever-side communication. How that might solve your problem is beyond my understanding of what you are trying to do. I'm not a hardware guy. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] best way to communicate between PHP, Flash/Actionscript across LAN
At 10:30 AM -0400 6/24/09, tedd wrote: At 12:33 PM -0700 6/23/09, Daevid Vincent wrote: Other solutions seem to involve (hackishly) polling every x seconds. Seems there should be a better way. d There might not be a better solution. This is an example of javascript poling a php script: Before Rob beats me to it, I should have said: This is an example of javascript polling a php script: Next thing I know, he'll be asking just how can javascript stick it to php? :-) Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)
Robert Cummings wrote: It's hard to create a helpful application when fort knox is your delivery location. I'm not saying there's a problem with Fort Knoxes in the world, but this isn't necessary for everyone. if it were we wouldn't have banks, we wouldn't have credit unions, we'd all be going to Fort Knox to make our deposits and withdrawals. One size does NOT fit all. If you're running with AppArmor or SELinux in 'enforce' mode, we could begin to talk about Fort Knox, but not letting the webserver write to the DocumentRoot is just a pretty sound precaution. It is unfortunate that many popular PHP apps were written/designed to expect that kind of access (at least during initial configuration). modules), so one should have a strict policy of never having directories or files inside the web root that the web server has write permission to. Why? You still haven't given a good reason. I am the master of my environment, if I know what I'm putting into my environment then who is to tell me my setup is wrong? Rob, for the same reason you make all kinds of other restrictions - you are not necessarily the master of your own environment. I also think I am the master of my mailserver, but I still run a firewall. /Per -- Per Jessen, Zürich (11.5°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Progressbar
At 7:55 AM +0200 6/24/09, Teun Lassche wrote: I'm making an upload script with PHP, is there a way I can show a progressbar while uploading? -- Teun Lassche It's not a progress bar, but it's a heck of a lot simpler: http://webbytedd.com/bb/wait/ The biggest problem in uploading a file is figuring out how large it is. You can't find that out in php and Javascript is limited in what information it can access. I found the problem more trouble than it was worth to fix. Besides, what does the user need to see while an operation is underway? Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)
Per Jessen wrote: Robert Cummings wrote: It's hard to create a helpful application when fort knox is your delivery location. I'm not saying there's a problem with Fort Knoxes in the world, but this isn't necessary for everyone. if it were we wouldn't have banks, we wouldn't have credit unions, we'd all be going to Fort Knox to make our deposits and withdrawals. One size does NOT fit all. If you're running with AppArmor or SELinux in 'enforce' mode, we could begin to talk about Fort Knox, but not letting the webserver write to the DocumentRoot is just a pretty sound precaution. It is unfortunate that many popular PHP apps were written/designed to expect that kind of access (at least during initial configuration). modules), so one should have a strict policy of never having directories or files inside the web root that the web server has write permission to. Why? You still haven't given a good reason. I am the master of my environment, if I know what I'm putting into my environment then who is to tell me my setup is wrong? Rob, for the same reason you make all kinds of other restrictions - you are not necessarily the master of your own environment. I also think I am the master of my mailserver, but I still run a firewall. You run a firewall BECAUSE you are the master of your environment. Similarly, I choose a host that has or has not restrictions BECAUSE I am the master of my environment. Mastery includes what you choose for yourself. Personally, I prefer having my code outside the DocumentRoot also, but I do not believe it is the simplest solution, and I do not think it is wrong to place such information within the DocumentRoot. The feature exists, application developers have chosen to use the feature, it may be less secure, but it is not wrong. Not using AppArmor is less secure, but it is not wrong. It is one thing for Michael to argue that it is less secure, but he did not, he claimed the DocumentRoot should be read only and otherwise is wrong. This fundamentally changes the nature of the debate. Your argument is perfectly valid less secure, perhaps, but wrong? Should never be done? Sorry, I'm not swallowing the medicine. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)
Per Jessen wrote: Robert Cummings wrote: Personally, I prefer having my code outside the DocumentRoot also, but I do not believe it is the simplest solution, and I do not think it is wrong to place such information within the DocumentRoot. The feature exists, application developers have chosen to use the feature, it may be less secure, but it is not wrong. Are we just discussing semantics then? I agree it's not wrong as such, but right and wrong are usually determined by the environment one is in and in a security-aware environment (such as I know them), letting the webserver write to the DocumentRoot would be wrong. Elsewhere it is perhaps at worst ill-advised. I prefer proceed with caution :) Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)
On Wed, Jun 24, 2009 at 13:24, Robert Cummingsrob...@interjinn.com wrote: I prefer proceed with caution :) Robjects in mirror are closer than they appear? -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ 50% Off All Shared Hosting Plans at PilotPig: Use Coupon DOW1 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] chmod - Opertaion not permitted in ....
On Wed, 2009-06-24 at 09:23 -0500, Shawn McKenzie wrote: Michael A. Peters wrote: Morris wrote: Hi all Got a problem don't know how to get in really.. simple code: ?php chmod(/aaa/bbb.php, 0777); ? and I get a warning says Operations not permitted in . Anyone met this before? I've done quite a lot reading on Google but couldn't get to it. THanks Many servers do not allow the apache (or php) to change file permissions. Most likely the apache user doesn't own the file. You can't CHMOD a file if you don't own it. -- Thanks! -Shawn http://www.spidean.com Well, technically speaking you can, if you are part of the same group and it has group permissions, or it has permissions allowing anyone to modify it :p Thanks Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CSV file
Hi, If you want to know how many lines there are *before* inserting to the database, you can't count as you go, you have to either read the file twice or read it once, store it memory in a variable and then insert in the database. Sure you can, simply do the line count first, then the insert. If it's a big file it will still be quicker than reading the whole thing into memory. -- Richard Heyes HTML5 graphing: RGraph (www.rgraph.net - updated 20th June) PHP mail: RMail (www.phpguru.org/rmail) PHP datagrid: RGrid (www.phpguru.org/rgrid) PHP Template: RTemplate (www.phpguru.org/rtemplate) PHP SMTP: http://www.phpguru.org/smtp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] chmod - Opertaion not permitted in ....
Ashley Sheridan wrote: On Wed, 2009-06-24 at 09:23 -0500, Shawn McKenzie wrote: Michael A. Peters wrote: Morris wrote: Hi all Got a problem don't know how to get in really.. simple code: ?php chmod(/aaa/bbb.php, 0777); ? and I get a warning says Operations not permitted in . Anyone met this before? I've done quite a lot reading on Google but couldn't get to it. THanks Many servers do not allow the apache (or php) to change file permissions. Most likely the apache user doesn't own the file. You can't CHMOD a file if you don't own it. -- Thanks! -Shawn http://www.spidean.com Well, technically speaking you can, if you are part of the same group and it has group permissions, technically speaking, No or it has permissions allowing anyone to modify it :p technically speaking, No Thanks Ash www.ashleysheridan.co.uk -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)
-Original Message- From: paras...@gmail.com [mailto:paras...@gmail.com] On Behalf Of Daniel Brown Sent: Wednesday, June 24, 2009 1:34 PM To: Robert Cummings Cc: Per Jessen; php-general@lists.php.net Subject: Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course) On Wed, Jun 24, 2009 at 13:24, Robert Cummingsrob...@interjinn.com wrote: I prefer proceed with caution :) Robjects in mirror are closer than they appear? -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ 50% Off All Shared Hosting Plans at PilotPig: Use Coupon DOW1 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ Information from ESET Smart Security, version of virus signature database 4185 (20090624) __ The message was checked by ESET Smart Security. http://www.eset.com [Marc Hall - HallMarc Websites - http://www.hallmarcwebsites.com 610.446.3346] Nice one. :o) Now, for my two centavos: I think anyone needs to base any decision regarding security measures within the context of the current project and what it is you are trying to protect. It seems to go without saying that you should also be aware of your host environment and any limitations, etc that may arise. Fort Knox has the security that it does because of what it is contracted to protect while the banks have their own pared down version of security based on what they are protecting. As far as which version of PHP to include in your curriculum, I suggest staying with 5.2 for now and add in information about 5.3 and the changes we expect to see and what they mean to all concerned. As I once saw in someone elses sig line Invoice for $0.02 will be sent post-haste. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CSV file
To do the line count first, you have to read the whole file, how would you do it? On Wed, Jun 24, 2009 at 3:00 PM, Richard Heyesrich...@php.net wrote: Hi, If you want to know how many lines there are *before* inserting to the database, you can't count as you go, you have to either read the file twice or read it once, store it memory in a variable and then insert in the database. Sure you can, simply do the line count first, then the insert. If it's a big file it will still be quicker than reading the whole thing into memory. -- Richard Heyes HTML5 graphing: RGraph (www.rgraph.net - updated 20th June) PHP mail: RMail (www.phpguru.org/rmail) PHP datagrid: RGrid (www.phpguru.org/rgrid) PHP Template: RTemplate (www.phpguru.org/rtemplate) PHP SMTP: http://www.phpguru.org/smtp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CSV file
Hi, To do the line count first, you have to read the whole file, how would you do it? Something like this: $fp = fopen('/tmp/foo', 'r'); $count = 0; while (!feof($fp)) { fgets($fp); ++$count; } -- Richard Heyes HTML5 graphing: RGraph (www.rgraph.net - updated 20th June) PHP mail: RMail (www.phpguru.org/rmail) PHP datagrid: RGrid (www.phpguru.org/rgrid) PHP Template: RTemplate (www.phpguru.org/rtemplate) PHP SMTP: http://www.phpguru.org/smtp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)
Robert Cummings wrote: * snip * No. It is not. The web root should be read only. Please cite references as to why it should be read only. Please explain why the feature exists if it should not be so. The feature exists because the web server runs as a standard user, and standard users have permission to directories they have write permission to. In a properly administered web server, the apache user only has read permission to the contents of the web root. I could make the same argument that making use of a webserver opens you up to any vulnerability in the webserver that may provide access to the entire filesystem. The intended purpose of the webserver is not to allow such access when configured properly, and so it is an exceptional circumstance when such security is compromised. These compromises do happen, which is why the web root should be read only to the web server and any data the web server has write access to should be validated before it is used. And the operating system? Operating system doesn't matter. The web server should not have write permission to directories/files within the web root. It isn't hard to do. It's hard to create a helpful application when fort knox is your delivery location. I'm not saying there's a problem with Fort Knoxes in the world, but this isn't necessary for everyone. if it were we wouldn't have banks, we wouldn't have credit unions, we'd all be going to Fort Knox to make our deposits and withdrawals. One size does NOT fit all. I'm sick and tired of owned boxes spamming me. It's been so bad at time I though my spam filters were crap, and I looked at the large number of messages they did catch. I'm tired of XSS attacks. I run with scripting disabled for most sites, which makes the web a pain in the arse because most web pages out there are done by clueless hacks who expect me to allow them to send arbitrary code to be executed on my machine. Very often these XSS attacks are the result of compromised boxes. Yes, people need to run secure web servers. Yes, application developers need to take security into consideration before uploading their project for public consumption. Kind of scenario that happens all the time: Jane, a non technical person, has a soft spot for the Desert Tortoise. She buys a cheap web account and sets up a blog on it. She gives an account to her friend betty. Betty's webmail account is compromised by an XSS attack (happens all the time, even has happened to gmail). Now the attacker has access to Betty's mail including her password. He logs on to Betty's account and modifies a blog, adding an image that isn't an image, and either successfully now has an XSS attack on Jane's blog, or possibly have even rooted the server Jane's account is with through a local exploit he was able to get the apache server to run because he was able to upload a perl or php script inside the web root. Just as an example, I was looking for a simplistic blog to add to my website. The install script didn't even work because it used system and exec calls which many servers (including mine) do not allow. This is a problem with your setup. I make use of exec() calls often enough when within a Linux environment. If this is a known parameter of the application, then it is not incorrect to use exec(). It is common to build upon existing shell binaries. Vast majority of stuff can be done with pure php via php modules and extensions. Allowing exec() or system() is extremely dangerous. Yes, I do allow it for my squirrelmail install, but fixing that is on my todo list. A specific instance of a poorly designed application does not stand as the model for all applications. There are countless examples of bad programming and exploits at pretty much every level of a system. These do not suggest we should not use computers. No, but it does suggest we need to think about security, such as not having web server writeable files in the web root and not having the web server write files it then parses as php (extremely common practice for app configuration files) - especially when it is cake to use a database or flat file (IE xml) for configuration, allowing parsing of the values read to make sure they are sane and avoiding addition of declarations you don't want. So with some hand waving and fluttering of your eyes you've eliminated (or at least completely ignored) all the Windows machines in the world. No. I haven't. For years, the LaTeX community had a package manager for Windows installs that was in fact superior to any TeX package management on any UN*X environment I ever saw. Now with TeXLive tlmgr there is finally good TeX package management for every OS. There are far more php users than TeX users, there is no good reason why such a package manager does not already exist for php in the Windows environment. It would be an excellent addition to the WAMP stack. The Windows
Re: [PHP] CSV file
or $arr = file('foo.csv'); $count = count($arr); On Wed, Jun 24, 2009 at 5:19 PM, Richard Heyesrich...@php.net wrote: Hi, To do the line count first, you have to read the whole file, how would you do it? Something like this: $fp = fopen('/tmp/foo', 'r'); $count = 0; while (!feof($fp)) { fgets($fp); ++$count; } -- Richard Heyes HTML5 graphing: RGraph (www.rgraph.net - updated 20th June) PHP mail: RMail (www.phpguru.org/rmail) PHP datagrid: RGrid (www.phpguru.org/rgrid) PHP Template: RTemplate (www.phpguru.org/rtemplate) PHP SMTP: http://www.phpguru.org/smtp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)
On Wed, Jun 24, 2009 at 17:19, Michael A. Petersmpet...@mac.com wrote: Jane, a non technical person [...] Betty's webmail account is compromised [...] Bottom line: hax0r5 hate g1rls. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ 50% Off All Shared Hosting Plans at PilotPig: Use Coupon DOW1 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: idiot proofing
PJ wrote: I have a bit of a situation. I have set up addBooks, editBooks and deleteBooks pages. Before complicating my life mixing them up in one file, I am running tests. I'd like to make them idiot proof, up to a point. When the page is submitted and the code is parsed, the form inputs remain on the screen along with the submit buttons. I'm not sure of what is the normal way of closing/hiding/wiping the screen output before showing the result output of the operation. I do not want a user to resubmit the input which is still in the input $strings. I am wondering if I should be using some code to clear the inputs like unsetting??? sessions or a break or am I doing something wrong with the flow of the code? I'd like to leave the pages with only the output of success (or failure) and links to do another add/edit/delete operation. Thanks for any suggestions. I've never tried it, but you can possibly submit to an intermediate page that stuffs the post vars into a session, echos please wait and then redirects to the page that does the processing. The processing page gets the sessions vars and does its business. -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)
Michael A. Peters wrote: Robert Cummings wrote: * snip * No. It is not. The web root should be read only. Please cite references as to why it should be read only. Please explain why the feature exists if it should not be so. The feature exists because the web server runs as a standard user, and standard users have permission to directories they have write permission to. In a properly administered web server, the apache user only has read permission to the contents of the web root. I could make the same argument that making use of a webserver opens you up to any vulnerability in the webserver that may provide access to the entire filesystem. The intended purpose of the webserver is not to allow such access when configured properly, and so it is an exceptional circumstance when such security is compromised. These compromises do happen, which is why the web root should be read only to the web server and any data the web server has write access to should be validated before it is used. And the operating system? Operating system doesn't matter. The web server should not have write permission to directories/files within the web root. It isn't hard to do. It's hard to create a helpful application when fort knox is your delivery location. I'm not saying there's a problem with Fort Knoxes in the world, but this isn't necessary for everyone. if it were we wouldn't have banks, we wouldn't have credit unions, we'd all be going to Fort Knox to make our deposits and withdrawals. One size does NOT fit all. I'm sick and tired of owned boxes spamming me. It's been so bad at time I though my spam filters were crap, and I looked at the large number of messages they did catch. I'm tired of XSS attacks. I run with scripting disabled for most sites, which makes the web a pain in the arse because most web pages out there are done by clueless hacks who expect me to allow them to send arbitrary code to be executed on my machine. Very often these XSS attacks are the result of compromised boxes. Yes, people need to run secure web servers. Yes, application developers need to take security into consideration before uploading their project for public consumption. Kind of scenario that happens all the time: Jane, a non technical person, has a soft spot for the Desert Tortoise. She buys a cheap web account and sets up a blog on it. She gives an account to her friend betty. Betty's webmail account is compromised by an XSS attack (happens all the time, even has happened to gmail). Now the attacker has access to Betty's mail including her password. He logs on to Betty's account and modifies a blog, adding an image that isn't an image, and either successfully now has an XSS attack on Jane's blog, or possibly have even rooted the server Jane's account is with through a local exploit he was able to get the apache server to run because he was able to upload a perl or php script inside the web root. Just as an example, I was looking for a simplistic blog to add to my website. The install script didn't even work because it used system and exec calls which many servers (including mine) do not allow. This is a problem with your setup. I make use of exec() calls often enough when within a Linux environment. If this is a known parameter of the application, then it is not incorrect to use exec(). It is common to build upon existing shell binaries. Vast majority of stuff can be done with pure php via php modules and extensions. Allowing exec() or system() is extremely dangerous. Yes, I do allow it for my squirrelmail install, but fixing that is on my todo list. A specific instance of a poorly designed application does not stand as the model for all applications. There are countless examples of bad programming and exploits at pretty much every level of a system. These do not suggest we should not use computers. No, but it does suggest we need to think about security, such as not having web server writeable files in the web root and not having the web server write files it then parses as php (extremely common practice for app configuration files) - especially when it is cake to use a database or flat file (IE xml) for configuration, allowing parsing of the values read to make sure they are sane and avoiding addition of declarations you don't want. So with some hand waving and fluttering of your eyes you've eliminated (or at least completely ignored) all the Windows machines in the world. No. I haven't. For years, the LaTeX community had a package manager for Windows installs that was in fact superior to any TeX package management on any UN*X environment I ever saw. Now with TeXLive tlmgr there is finally good TeX package management for every OS. There are far more php users than TeX users, there is no good reason why such a package manager does not already exist for php in the Windows environment. It would be an excellent addition to the WAMP stack. The
[PHP] idiot proofing
I have a bit of a situation. I have set up addBooks, editBooks and deleteBooks pages. Before complicating my life mixing them up in one file, I am running tests. I'd like to make them idiot proof, up to a point. When the page is submitted and the code is parsed, the form inputs remain on the screen along with the submit buttons. I'm not sure of what is the normal way of closing/hiding/wiping the screen output before showing the result output of the operation. I do not want a user to resubmit the input which is still in the input $strings. I am wondering if I should be using some code to clear the inputs like unsetting??? sessions or a break or am I doing something wrong with the flow of the code? I'd like to leave the pages with only the output of success (or failure) and links to do another add/edit/delete operation. Thanks for any suggestions. -- Hervé Kempf: Pour sauver la planète, sortez du capitalisme. - Phil Jourdan --- p...@ptahhotep.com http://www.ptahhotep.com http://www.chiccantine.com/andypantry.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)
Robert Cummings wrote: I respectfully disagree with your position. Everything you have described about Jane is also true of an operating system. There are compromised machines all over the world just because installing an operating system is so easy. No amount of packaging is going to solve the problem created by bad software and idiots. But php coders writing code that follows basic policy rules does reduce the problem. Such policies include not writing your app so the install instructions tell the user to chmod 777 directories and files within the web root. Since the OP is teaching a class, that's an important concept student need to understand. Yes, there will always be mis-behaving apps. There will also be well written applications that are vulnerable simply because they use a vulnerable module or class. Creating a secure development policy and implementing it greatly reduces your well written application from being an attack vector when those issues exist, and they will always exist. Similarly, web developers (php and other) need to start following and implementing the CSP recommendation at Mozilla.org. In a perfect world where we could guarantee our web apps were not vulnerable to XSS injection, a web app would never have to send headers telling the client what is allowed and from where, but as we don't live in a perfect world, it is the right thing to do - even though it makes coding a lot more tedious. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How to sort a two-D ARRAY
Can Anyone tell me how to sort two D Array for example like this one based on the gain Array ( [0] = Array ( [company_name] =X [gain] = 0.2 ) [1] = Array ( [company_name] = y[gain] = 0.34 )[2]1] = Array ( [company_name] =z[gain] = 2 ) ) Thanks in advance -- View this message in context: http://www.nabble.com/How-to-sort-a-two-D-ARRAY-tp24193925p24193925.html Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: idiot proofing
On Wed, Jun 24, 2009 at 5:30 PM, Shawn McKenzienos...@mckenzies.net wrote: PJ wrote: I have a bit of a situation. I have set up addBooks, editBooks and deleteBooks pages. Before complicating my life mixing them up in one file, I am running tests. I'd like to make them idiot proof, up to a point. When the page is submitted and the code is parsed, the form inputs remain on the screen along with the submit buttons. I'm not sure of what is the normal way of closing/hiding/wiping the screen output before showing the result output of the operation. I do not want a user to resubmit the input which is still in the input $strings. I am wondering if I should be using some code to clear the inputs like unsetting??? sessions or a break or am I doing something wrong with the flow of the code? I'd like to leave the pages with only the output of success (or failure) and links to do another add/edit/delete operation. Thanks for any suggestions. I've never tried it, but you can possibly submit to an intermediate page that stuffs the post vars into a session, echos please wait and then redirects to the page that does the processing. The processing page gets the sessions vars and does its business. -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php What about placing the contents in different divs and showing hiding those divs on submit? Then using AJAX to update the server / database with the requested operation? -- Bastien Cat, the other other white meat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: idiot proofing
Bastien Koert wrote: On Wed, Jun 24, 2009 at 5:30 PM, Shawn McKenzienos...@mckenzies.net wrote: PJ wrote: I have a bit of a situation. I have set up addBooks, editBooks and deleteBooks pages. Before complicating my life mixing them up in one file, I am running tests. I'd like to make them idiot proof, up to a point. When the page is submitted and the code is parsed, the form inputs remain on the screen along with the submit buttons. I'm not sure of what is the normal way of closing/hiding/wiping the screen output before showing the result output of the operation. I do not want a user to resubmit the input which is still in the input $strings. I am wondering if I should be using some code to clear the inputs like unsetting??? sessions or a break or am I doing something wrong with the flow of the code? I'd like to leave the pages with only the output of success (or failure) and links to do another add/edit/delete operation. Thanks for any suggestions. I've never tried it, but you can possibly submit to an intermediate page that stuffs the post vars into a session, echos please wait and then redirects to the page that does the processing. The processing page gets the sessions vars and does its business. -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php What about placing the contents in different divs and showing hiding those divs on submit? Then using AJAX to update the server / database with the requested operation? That's a good one, however I'm assuming you haven't been following PJ's posts :-) Once he tries AJAX, I feel for the js.general and ajax.general folks! -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CSV file
Well, you are reading the whole file there (and throwing the data you read not assigning the fgets result to anything), and then to store it in the database you need to read it again, so you read the file twice. It will probably better to store the data you read the first time in an array and then store it in the database, that way you read it only once. Anyway, doing it by file size is better. On Wed, Jun 24, 2009 at 6:19 PM, Richard Heyesrich...@php.net wrote: Hi, To do the line count first, you have to read the whole file, how would you do it? Something like this: $fp = fopen('/tmp/foo', 'r'); $count = 0; while (!feof($fp)) { fgets($fp); ++$count; } -- Richard Heyes HTML5 graphing: RGraph (www.rgraph.net - updated 20th June) PHP mail: RMail (www.phpguru.org/rmail) PHP datagrid: RGrid (www.phpguru.org/rgrid) PHP Template: RTemplate (www.phpguru.org/rtemplate) PHP SMTP: http://www.phpguru.org/smtp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: idiot proofing
On Wed, Jun 24, 2009 at 8:24 PM, Shawn McKenzienos...@mckenzies.net wrote: Bastien Koert wrote: On Wed, Jun 24, 2009 at 5:30 PM, Shawn McKenzienos...@mckenzies.net wrote: PJ wrote: I have a bit of a situation. I have set up addBooks, editBooks and deleteBooks pages. Before complicating my life mixing them up in one file, I am running tests. I'd like to make them idiot proof, up to a point. When the page is submitted and the code is parsed, the form inputs remain on the screen along with the submit buttons. I'm not sure of what is the normal way of closing/hiding/wiping the screen output before showing the result output of the operation. I do not want a user to resubmit the input which is still in the input $strings. I am wondering if I should be using some code to clear the inputs like unsetting??? sessions or a break or am I doing something wrong with the flow of the code? I'd like to leave the pages with only the output of success (or failure) and links to do another add/edit/delete operation. Thanks for any suggestions. I've never tried it, but you can possibly submit to an intermediate page that stuffs the post vars into a session, echos please wait and then redirects to the page that does the processing. The processing page gets the sessions vars and does its business. -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php What about placing the contents in different divs and showing hiding those divs on submit? Then using AJAX to update the server / database with the requested operation? That's a good one, however I'm assuming you haven't been following PJ's posts :-) Once he tries AJAX, I feel for the js.general and ajax.general folks! -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Well, I have followed PJ's posts and agree that this [AJAX] is something that he's not ready for yet. @PJ, the whole submit / process/ redraw the form only takes a few seconds and the simplest thing is to just place a spinning 'buy' gif image in the center of the page to let people know something is working -- Bastien Cat, the other other white meat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: idiot proofing
Bastien Koert wrote: That's a good one, however I'm assuming you haven't been following PJ's posts :-) Once he tries AJAX, I feel for the js.general and ajax.general folks! Well, I have followed PJ's posts and agree that this [AJAX] is something that he's not ready for yet. Not to mention, when your site depends upon ajax, it doesn't work for those who disable scripting, so a solution that doesn't involve js really should be developed anyway. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)
On Wed, Jun 24, 2009 at 05:26:11PM -0400, Daniel Brown wrote: On Wed, Jun 24, 2009 at 17:19, Michael A. Petersmpet...@mac.com wrote: Jane, a non technical person [...] Betty's webmail account is compromised [...] Bottom line: hax0r5 hate g1rls. Or hax0r5 hate grrls. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Progressbar
On Wed, Jun 24, 2009 at 10:24:21AM -0400, tedd wrote: At 7:55 AM +0200 6/24/09, Teun Lassche wrote: I'm making an upload script with PHP, is there a way I can show a progressbar while uploading? -- Teun Lassche It's not a progress bar, but it's a heck of a lot simpler: http://webbytedd.com/bb/wait/ The biggest problem in uploading a file is figuring out how large it is. You can't find that out in php and Javascript is limited in what information it can access. I found the problem more trouble than it was worth to fix. Besides, what does the user need to see while an operation is underway? I like the last one (#39). Perfect for a progress bar. ;-} Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Unable to load dynamic php_oci8.dll
Hi, I get the following error when i start the Apache Server. PHP Startup: Unable to load dynamic library 'F:\\Apps\\PHP\\ext\\php_oci8.dll' - The specified procedure could not be found.\r\n in Unknown on line 0 I dont see there is any issue with the dir as well as the ini file. everything is in place. oracle version in 9.2 windows XP PHP 5.2.10 Kindly let me know, what needs to be checked. Thank you Raj
Re: [PHP] Unable to load dynamic php_oci8.dll
http://forums.oracle.com/forums/thread.jspa?threadID=412805 Will this be of help? 2009/6/25 Raj rameshs...@gmail.com Hi, I get the following error when i start the Apache Server. PHP Startup: Unable to load dynamic library 'F:\\Apps\\PHP\\ext\\php_oci8.dll' - The specified procedure could not be found.\r\n in Unknown on line 0 I dont see there is any issue with the dir as well as the ini file. everything is in place. oracle version in 9.2 windows XP PHP 5.2.10 Kindly let me know, what needs to be checked. Thank you Raj -- 牛坤 MSN:haoniu...@hotmail.com msn%3ahaoniu...@hotmail.com
RE: [PHP] Re: idiot proofing
He can even use http://www.ajaxload.info/ to create his own loading circle to just embed the code. He can then image's visibility to the css property display:none and on the form submit he can do a JavaScript document.getElementById(id).style.visibility = 'visible'; , assuming he gave the object an id and make it visible. While this post might feel too instructional the fact that you joked PJ wasn't ready for AJAX made want to put in a bit more clarity. If this isn't clear enough, please let me know and I'll paste the appropriate markup and js. -Original Message- From: Michael A. Peters [mailto:mpet...@mac.com] Sent: Wednesday, June 24, 2009 10:36 PM To: Bastien Koert Cc: Shawn McKenzie; php-general@lists.php.net Subject: Re: [PHP] Re: idiot proofing Bastien Koert wrote: That's a good one, however I'm assuming you haven't been following PJ's posts :-) Once he tries AJAX, I feel for the js.general and ajax.general folks! Well, I have followed PJ's posts and agree that this [AJAX] is something that he's not ready for yet. Not to mention, when your site depends upon ajax, it doesn't work for those who disable scripting, so a solution that doesn't involve js really should be developed anyway. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: idiot proofing
[EDITED FOR MISTAKES AND TYPOS] He can even use http://www.ajaxload.info/ to create his own loading circle to hide on the page. He can hide the image's visibility by using the css property display:none and on the form submit he can do a JavaScript document.getElementById(id).style.display = ''; , assuming he gave the object an id and make it visible. While this post might feel too instructional the fact that you joked PJ wasn't ready for AJAX made want to put in a bit more clarity. If this isn't clear enough, please let me know and I'll paste the appropriate markup and js. -Original Message- From: Michael A. Peters [mailto:mpet...@mac.com] Sent: Wednesday, June 24, 2009 10:36 PM To: Bastien Koert Cc: Shawn McKenzie; php-general@lists.php.net Subject: Re: [PHP] Re: idiot proofing Bastien Koert wrote: That's a good one, however I'm assuming you haven't been following PJ's posts :-) Once he tries AJAX, I feel for the js.general and ajax.general folks! Well, I have followed PJ's posts and agree that this [AJAX] is something that he's not ready for yet. Not to mention, when your site depends upon ajax, it doesn't work for those who disable scripting, so a solution that doesn't involve js really should be developed anyway. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Unable to load dynamic php_oci8.dll
i tired this earlier, it is not working. On Thu, Jun 25, 2009 at 9:54 AM, Kun Niu haoniu...@gmail.com wrote: http://forums.oracle.com/forums/thread.jspa?threadID=412805 Will this be of help? 2009/6/25 Raj rameshs...@gmail.com Hi, I get the following error when i start the Apache Server. PHP Startup: Unable to load dynamic library 'F:\\Apps\\PHP\\ext\\php_oci8.dll' - The specified procedure could not be found.\r\n in Unknown on line 0 I dont see there is any issue with the dir as well as the ini file. everything is in place. oracle version in 9.2 windows XP PHP 5.2.10 Kindly let me know, what needs to be checked. Thank you Raj -- 牛坤 MSN:haoniu...@hotmail.com msn%3ahaoniu...@hotmail.com -- Thank you Ramesh S Raj