Re: [PHP] -less layouts; Ideas welcome

[Eddie Drapkin]

Yeah, it doesn't work here, either.

On Thu, May 21, 2009 at 11:44 AM, Shawn McKenzie wrote:

> Ashley Sheridan wrote:
>  > Tedd, I've got a fairly simple calendar script in PHP here
> >
> http://www.ashleysheridan.co.uk/coding.php?group=php&article=coding_php_calendar.phpwhich
>  could be adapted fairly easily with the right tweaks.
> >
> >
> > Ash
> > www.ashleysheridan.co.uk
> >
>
> I cant get the calendar on your site to do anything.  No links and
> clicks do nothing.  FF 3.0.10 / Ubuntu.
>
> --
> Thanks!
> -Shawn
> http://www.spidean.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] -less layouts; Ideas welcome

[Eddie Drapkin]

I'd be more fond of unrolling some of those loops and feeding the data into
a proper template than tweaking what looks like really half-arsed code.

On Thu, May 21, 2009 at 11:57 AM, Ashley Sheridan
wrote:

> On Thu, 2009-05-21 at 10:44 -0500, Shawn McKenzie wrote:
> > Ashley Sheridan wrote:
> >  > Tedd, I've got a fairly simple calendar script in PHP here
> > >
> http://www.ashleysheridan.co.uk/coding.php?group=php&article=coding_php_calendar.phpwhich
>  could be adapted fairly easily with the right tweaks.
> > >
> > >
> > > Ash
> > > www.ashleysheridan.co.uk
> > >
> >
> > I cant get the calendar on your site to do anything.  No links and
> > clicks do nothing.  FF 3.0.10 / Ubuntu.
> >
> > --
> > Thanks!
> > -Shawn
> > http://www.spidean.com
> >
> Well, yeah, there isn't any events or anything attached to any day! Like
> I said, easy enough to tweak and output a link on a particular date that
> matches something in the database.
>
>
> Ash
> www.ashleysheridan.co.uk
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE

[Eddie Drapkin]

Suhosin is completely not-related to SQL, though, I don't know why you'd
bring it up...
>
>
>
> On Thu, May 21, 2009 at 3:42 PM, Shawn McKenzie wrote:
>
>> Michael A. Peters wrote:
>> > Sumit Sharma wrote:
>> >> Hi,
>> >>
>> >> I am designing a php website for my client which interact with
>> database.
>> >> This is my first project for any client (I hope he is not reading this
>> >> mail
>> >> ;-)  ). I am a bit more concerned with database security. Can somebody
>> >> shed
>> >> some light on the security measurements, precautions, and functions
>> >> related
>> >> to database security in general to make sure that the data is safely
>> >> stored
>> >> updated and retried from database. I have already used htmlentities(),
>> >> strip_tags(), addhashes(), and some regular expressions to check
>> >> security.
>> >> Looking for help beyond this.
>> >>
>> >>
>> >> Thanks in advance...
>> >> Sumit
>> >>
>> >
>> > Use prepared statements.
>> > If you are just starting out, I would recommend using a database
>> > abstraction layer, such as MDB2 from pear.
>> >
>> > Doing it now is a LOT easier than porting an existing web application to
>> > use a database abstraction layer.
>> >
>> > With prepared statement, sql injection is not an issue.
>> >
>> > Example of prepared statement with MDB2:
>> >
>> > $types = Array('integer','text','integer');
>> > $q = 'SELECT somefield,someotherfield FROM sometable WHERE afield > ?
>> > AND bfield=? AND cfield < ? ORDER BY somefield';
>> > $sql = $mdb2->prepare($q,$types,MDB2_PREPARE_RESULT);
>> >
>> > $args  = Array($var1,$var2,$var3);
>> > $rs = $sql->execute($args);
>> >
>> > Prepared statements pretty much neuter any and all sql injection
>> > attempts, assuming the database supports prepared statements (otherwise
>> > the abstraction layer may emulate them which could possibly be prone to
>> > vulnerabilities).
>> >
>> > While you do not need to use an abstraction layer to use prepared
>> > statements, the advantage of an abstraction layer is that your code will
>> > be much easier to port to a different database - advantageous to your
>> > client if they ever want to change databases, advantageous to you if you
>> > ever want to resuse you code for another client (assuming your contract
>> > does not give exclusive ownership of your code to your existing client).
>> >
>> > The user the web server connects with should be as restricted as
>> > possible. It should only have permission to connect to the database from
>> > the host where the web server is running (localhost if running on same
>> > machine as the sql server) and should not be granted any permissions it
>> > does not absolutely need.
>> >
>> > The file containing the database authentication credentials should end
>> > in .php and not .inc, and if at all possible, should be outside the web
>> > root (you can modify the include path to add a directory outside the web
>> > root that has includes - or include the file full path).
>> >
>> > Make sure error reporting is turned off on the production web server
>> > (you can still read errors in the web server log).
>> >
>> > If at all possible, run php compiled with the suhosin core patch and
>> > also run the suhosin loadable module.
>> >
>> > -=-
>> > You shouldn't need addslashes with prepared statements.
>> > You should run user input through an existed tested input filter, such
>> > as http://htmlpurifier.org/ rather than trying to re-invent the wheel
>> > and create your own. Script kiddies have scripts that test webapps for
>> > input vulnerabilities (both xss and sql injection), and some of them are
>> > rather tricky and browser specific.
>> >
>> > A community driven project like HTMLPurifier is more likely to catch
>> > malicious input than something you cobble together.
>>
>> PDO is another good option.  You shouldn't have to worry about escaping
>> or SQL injections, though suhosin is a great idea.
>>
>> http://php.net/manual/book.pdo.php
>>
>> --
>> Thanks!
>> -Shawn
>> http://www.spidean.com
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>

Re: [PHP] urgent CSS question

[Eddie Drapkin]

Moral of the story: if you use css classes ending in numbers, you're
probably a rapist and/or murderer.

On Fri, May 22, 2009 at 11:46 AM, Shawn McKenzie wrote:

> Daniel Brown wrote:
> > On Fri, May 22, 2009 at 08:02, Michael A. Peters 
> wrote:
> >> If I recall - it is illegal to end a css class name is a number.
> >> I'm not positive though.
> >
> > You are correct.  They just executed a man in Texas for this.
> >
>
> Yes we did, however that infraction is what led to the discovery of his
> multiple rapes and brutal murders.
>
> Damn yanks.
>
> --
> Thanks!
> -Shawn
> http://www.spidean.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] IE can't download, FF can: SSL ? Need special headers?

[Eddie Drapkin]

or even just str_replace(' ' , '_', $name) consistent and works, no?

On Fri, May 22, 2009 at 2:21 PM, Bastien Koert  wrote:

> On Fri, May 22, 2009 at 1:36 PM, Dee Ayy  wrote:
>
> > Acceptable results, but could be better.
> >
> > basename works correctly for only Safari (filenames with spaces are
> > correct).
> > FF truncates the name starting with the first space.
> > IE puts an underscore in place of a space.
> >
> > urlencode puts a plus sign in place of a space for all 3 browsers.
> >
> > But I've always had a note telling the user to rename the file to
> > something useful, so I'll keep basename and not check the agent.
> >
> > Thoughts?
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> what about just CamelCasing the name? no spaces.
>
> --
>
> Bastien
>
> Cat, the other other white meat
>

Re: [PHP] Unsubscribe from php-general@lists.php.net

[Eddie Drapkin]

:(

On Fri, May 22, 2009 at 2:55 PM, Tom Merriam  wrote:

> --
> Tom Merriam
> Cell: 512.639.5589 Home: 512.869.6401
> twmerr...@gmail.com
>

Re: [PHP] fgets function for very large files

[Eddie Drapkin]

On Sat, May 23, 2009 at 2:58 AM, Ashley Sheridan
wrote:

>
> If it's a CSV, I'd recommend using phpMyAdmin directly to import it into
> the database, assuming you are using a MySQL database that is. It's
> using tried and tested code for large files like that.
>
>
Tried and true to be what, exactly? Full of security holes and exploits and
promoting bad habits?

Really, if all you need to do for the database is import hte .csv, import it
directly into mysql, from mysql:

http://www.tech-recipes.com/rx/2345/import_csv_file_directly_into_mysql/

And on a related note, you should never, ever use PMA on a production
machine as it's so easy to exploit and hack.  Furthermore, if you use it on
your dev server, you'll get used to managing your database with it and have
trouble using it on the production server.  Take the time to use a real DB
administration app (like SQLyog of the one that comes with KDE) or an IDE
with integrated SQL management (like PDT or Zend Studio or Aptana I think
too).

Bottom line is if you said you used PMA in an interview I had any say in,
I'd never hire you and I'd never work with a developer who was that
uncomfortable with SQL.

Re: [PHP] templating engine options

[Eddie Drapkin]

I've had a lot of success with Savant3: www.phpsavant.com becuase it's
pretty featureful yet fast(er than the alternatives I tested).

On Sat, May 23, 2009 at 7:01 PM, Nathan Rixham  wrote:

> LinuxManMikeC wrote:
>
>> On Sat, May 23, 2009 at 4:21 PM, Nathan Rixham  wrote:
>>
>>> Hi All,
>>>
>>> Just a quick one, can anybody recommend any decent templating engines
>>> other
>>> than smarty.
>>>
>>> I've got no problem with smarty and it does the job - but if there is
>>> something newer and lighter out there that I'm missing then I'd be a fool
>>> not to at least consider it!
>>>
>>> can't be part of a framework, (or if it is easily extracted with no
>>> framework dependencies), and not xslt (love xslt, but not many designers
>>> do!).
>>>
>>> many regards,
>>>
>>> Nathan
>>>
>>> --
>>> PHP General Mailing List (http://www.php.net/)
>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>
>>>
>>>
>> I was recently researching template engines for a small in-house
>> project, with a bias toward simple and lightweight.  I found this
>> interesting article in my search.  I think its worth considering if
>> you don't need all the bells and whistles of the big template engines.
>>  Simple and elegant.
>> http://www.massassi.com/php/articles/template_engines/
>>
>
> cheers, it certainly is simple and elegant - however a bit too simple
> (specifically as it's in template php); gives me immediate visions of a
> wordpress template - and that's more than enough to scare me off! 
>
> regards,
>
> nathan
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] Container or Calling Class

[Eddie Drapkin]

You can call methods from a classes's parents like so
class foo {

protected method bar() {
echo "in foo!";
}

}

class foobar extends foo {

public function bar() {
parent::bar();
}
}

$fb  = new foobar();
$fb->bar(); will output "in foo!";


On Sun, May 24, 2009 at 3:58 PM, Nathan Rixham  wrote:

> Stuart wrote:
>
>> 2009/5/24 phphelp -- kbk :
>>
>>> If so, can the bar_handler->bar_toast() function call a function in the
>>> container class (foo_handler)? "Parent" is used in some OOP languages for
>>> this type of hierarchy, but not PHP. I have fooled around with the scope
>>> resolution operator, but either that doesn't do it or I can't nail the
>>> syntax.
>>>
>>> Anyone care to illuminate this for me?
>>>
>>
>> I've never heard of this being possible in any language, never mind
>> PHP. The parent keyword you mention refers to the parent class not the
>> container, and works just as well in PHP as in other languages. Any
>> OOP implementation that allows a class to call functions in a
>> container class would be breaking one of the cardinal rules of OOP.
>>
>> -Stuart
>>
>>
> no offence but it smacks a bit of bad design tbh - however one possibility
> is to inject a reference to the container class instance in to the child
>
> $this->bar_handler = new bar_handler( $this );
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] Re: General Web Development Editor/IDE

[Eddie Drapkin]

I use Zend Studip (I coughed up the fee, and it's worth it) for PHP, JS,
HTML and CSS>  THere's a WYSIWYG HTML editor built in, and that's the only
drawback I hear from a lot of people about PHP IDE's.  And, it's built on
Eclipse, so while I work on WIndows at work, I can keep the exact same setup
I huse at home which is linux.

If you're willing to pay for Dreamweaver, at least download the trial from
Zend and give it a shot.  It's better than the other Eclipse IDEs (I've
tried all the ones I've heard of) and any other IDE I've played with (which
includes phpEdit).

On Sun, May 24, 2009 at 4:04 PM, Al  wrote:

>
>
> Casey wrote:
>
>> Hi list,
>>
>> I'm looking for a nice, user (i.e. me) friendly general-purpose IDE,
>> where most of my work will be done in PHP.
>>
>> I'm considering using Dreamweaver CS4 as my IDE, where I will disable
>> most of the WYSIWYG elements and use all of the other features that I
>> need/want (contextual syntax coloring and project management).
>>
>> But before I try that, are there any suggestions from all you experts out
>> there?
>>
>> Thanks,
>>  - Casey
>>
>
> phpEdit
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] Container or Calling Class

[Eddie Drapkin]

That's containment, not inheritence, must have misread the email.  Oops :)

The "easiest" way to do this would be something like:

class contrived {
private $parent;
private $otherparent;

public function __call($func, $params) {
if(is_callable(array($this->parent, $func))
call_user_func_array(array($this->parent, $func), $params)
elseif(is_callable(array($this->otherParent, $func))
call_user_func_array(array($this->otherparent, $func), $params)
}

}

This is the most "elegant" way to accomplish the same thing, but it makes
some assumptions, like you're willing to chain if-elseif's together (or
store all contained instances in an array) and that you don't ever have
overlapping method names (ie contrived.foo and parent.foo both exist).
Also, it's really, really obnoxiously slow.  __call() is hardly fast and
call_user_func_array is no different.

On Sun, May 24, 2009 at 7:52 PM, Nathan Rixham  wrote:

> Eddie Drapkin wrote:
>
>> You can call methods from a classes's parents like so
>> class foo {
>>
>> protected method bar() {
>> echo "in foo!";
>> }
>>
>> }
>>
>> class foobar extends foo {
>>
>> public function bar() {
>> parent::bar();
>> }
>> }
>>
>> $fb  = new foobar();
>> $fb->bar(); will output "in foo!";
>>
>>
> wrong way round.. he's asking for:
>
> // note no extends
> class foobar {
>
>  public function bar() {
>$this->foo = new Foo();
>$this->foo->bar();
>  }
>
>  public function poo() {
> echo "call me if you can";
>  }
>
> }
>
> // and the impossible
> class foo {
>
>  public method bar() {
>foobar->poo(); // call the containing class
>  }
>
> }
>
> in a dom or as3 or suchlike this would be
>
> this.parent.poo();
>
> but we have not this->parent
>
> note: note parent::poo() which is effectively super.poo() 
>
> so he can only inject the container/parent
>
> 
> class foobar {
>
>  private $foo;
>
>  public function bar() {
>$this->foo = new Foo( $this );
>$this->foo->bar();
>  }
>
>  public function poo() {
> echo "call me if you can";
>  }
>
> }
>
> // and the Possible
> class foo {
>
>  private $parent;
>
>  public function __construct( $parent ) {
>$this->parent = $parent;
>  }
>
>  public method bar() {
>$this->parent->poo(); // call the containing class method poo
>  }
>
> }
>

Re: [PHP] Comparing strings (revisited)

[Eddie Drapkin]

With the initial explode, I may be wrong but I don't think it's possible to
force every entry to be string-typed.  However, this little snippet could
help:
$foo = explode(';', $db);
foreach($foo as &$bar) {
$bar = settype($bar, 'string);
}

which will set each element's type to string, but is hardly a fast or
elegant solution, but a solution it is nonetheless.  Alternatively, every
time you reference a field that ought to be an element but isn't, you can
use strval($element), but that's even uglier!

On an aside, coming from strict typing to loose typing is certainly an
enormous transition, you grow to learn these little things and work around
them.  The benefits and ease of the loose typing, at least to me, seem to
outweigh the overhead handling "fringe" type cases like these.  For a
performance nut like myself, though, it certainly drives me insane!

On Sun, May 24, 2009 at 10:46 PM, Clancy  wrote:

> For some time I have been working on a text based database, in which each
> entry contains
> one or more lines of data, with the various fields delimited by semicolons,
> e.g.
>
> A;b;20GM;Restaurant;090508
> n;;;Arintji;;
> a;Federation Square;;;
> p;9663 9900;;;9663 9901;;i...@arintji.com.au<9901%3b%3bi...@arintji.com.au>
> ;
>
> All was going well but recently I decided to allocate every entry a unique
> identifier,
> and, in what with hindsight was clearly misguided enthusiasm, decided that
> each identifier
> should be a four digit base 36 number (the 20GM in the first line). This
> did not cause any
> problems until yesterday, when I tried to load a name beginning with 'R',
> and got the
> first name on the list. When I investigated I found that I was searching
> the array
> containing the data using:
>
>if ($ident == $data[$i]['group']['ident'])  { ..
>
> I then found that I was searching for 20E2, but was getting a match on
> 2000. I tried
>
>'if ((string) $ident == (string) $data[$i]['group']['ident'])',
>
> but this still matched. However
>
>'if($ident === '
>
> worked, as did
>
>'if (!strcmp($ident, $data[$i])) {...'.
>
> After puzzling about this for a long time, I realised that the comparison
> process must
> have been treating the second value as a floating point number, and
> converting it to
> integer, or vice versa.  (In floating point notation 20E2 = 20*10^^2 =
> 2000).  I had
> thought that the (string) override meant to treat the actual value as a
> string, but in
> this case it must be converting the (assumed) actual value to a string, and
> then comparing
> the results.
>
> This surprised me considerably as it is clear from the results I achieve in
> other
> circumstances that the data is actually stored as a raw string.
>
> $data is a variable format array, and when the original data is read each
> line is exploded
> into a term of the data array: $data[][] = explode(';',$line[$i]);.  If I
> print the value
> of the ident (or any other field) it is always shown as the original
> string, and when I
> save an updated version of the data, each term of the data array is
> imploded into a line
> of the data file in its original format. However if this value were
> actually converted to
> a floating point number when it was entered I would have to specify a
> format before I
> could write it out again, and as 20E2 is a rather  non-standard format it
> is most unlikely
> that it would come out as this unaided.
>
> Is there any way to specify that each field is always to be treated as a
> string when I
> originally explode the input file into the data array?  For someone brought
> up on rigidly
> defined data types dynamic typing can be very confusing!
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] Container or Calling Class

[Eddie Drapkin]

No problem mate :)

As a general rule, it seems that PHP just copied Java's OOP model - and
outside of the quirks in the way it works internally - it's a pretty damn
good implementation of object orientation.  THe only issue I have with it is
that it's not possible to lose the procedural bootstrapper :(

On Sun, May 24, 2009 at 11:24 PM, phphelp -- kbk wrote:

> Thanks, guys, for the discussion. This is nothing compelling for me, just
> fooling around with the model. My first OOP language many-a-year ago had
> this ability. "Parent" designated containment, not (as I believe, too, is
> more "correct") inheritance hierarchy, like PHP. I and have never had the
> need to call a "containing" function in PHP, but I was exploring the best
> way to accomplish a new task the other day, and that kind of architecture
> seemed like a possibility.
>
> In fact, probably just a bad idea.
>
> (I see so much of that in this list: "I need to..." followed by a
> description of some bizarre construct. I want to scream "No! You have
> painted yourself into a corner! Test your assumptions, or go back 5 steps
> and start over.")
>
> Thanks again
>
> Ken
>
>
> On May 24, 2009, at 9:38 PM, Eddie Drapkin wrote:
>
>  That's containment, not inheritence, must have misread the email.  Oops :)
>>
>> The "easiest" way to do this would be something like:
>>
>> class contrived {
>> private $parent;
>> private $otherparent;
>>
>> public function __call($func, $params) {
>> if(is_callable(array($this->parent, $func))
>> call_user_func_array(array($this->parent, $func), $params)
>> elseif(is_callable(array($this->otherParent, $func))
>> call_user_func_array(array($this->otherparent, $func), $params)
>> }
>>
>> }
>>
>> This is the most "elegant" way to accomplish the same thing, but it makes
>> some assumptions, like you're willing to chain if-elseif's together (or
>> store all contained instances in an array) and that you don't ever have
>> overlapping method names (ie contrived.foo and parent.foo both exist).
>>  Also, it's really, really obnoxiously slow.  __call() is hardly fast and
>> call_user_func_array is no different.
>>
>> On Sun, May 24, 2009 at 7:52 PM, Nathan Rixham  wrote:
>> Eddie Drapkin wrote:
>> You can call methods from a classes's parents like so
>> class foo {
>>
>> protected method bar() {
>> echo "in foo!";
>> }
>>
>> }
>>
>> class foobar extends foo {
>>
>> public function bar() {
>> parent::bar();
>> }
>> }
>>
>> $fb  = new foobar();
>> $fb->bar(); will output "in foo!";
>>
>>
>> wrong way round.. he's asking for:
>>
>> // note no extends
>> class foobar {
>>
>>  public function bar() {
>>   $this->foo = new Foo();
>>   $this->foo->bar();
>>  }
>>
>>  public function poo() {
>>echo "call me if you can";
>>  }
>>
>> }
>>
>> // and the impossible
>> class foo {
>>
>>  public method bar() {
>>   foobar->poo(); // call the containing class
>>  }
>>
>> }
>>
>> in a dom or as3 or suchlike this would be
>>
>> this.parent.poo();
>>
>> but we have not this->parent
>>
>> note: note parent::poo() which is effectively super.poo() 
>>
>> so he can only inject the container/parent
>>
>> >
>> class foobar {
>>
>>  private $foo;
>>
>>  public function bar() {
>>   $this->foo = new Foo( $this );
>>   $this->foo->bar();
>>  }
>>
>>  public function poo() {
>>echo "call me if you can";
>>  }
>>
>> }
>>
>> // and the Possible
>> class foo {
>>
>>  private $parent;
>>
>>  public function __construct( $parent ) {
>>   $this->parent = $parent;
>>  }
>>
>>  public method bar() {
>>   $this->parent->poo(); // call the containing class method poo
>>  }
>>
>> }
>>
>>
>

Re: [PHP] change server time

[Eddie Drapkin]

If you want to change the server time ocmpletely and independent of PHP,
you're going to have to do it from the shell.

On Sun, May 24, 2009 at 11:36 PM, Sumit Sharma  wrote:

> Yes, I works on windows as well well. Was looking for india time zone found
> it as putenv("TZ=Asia/Calcutta");. Thanks a lot, but this function does not
> change the server time permanently. Any Idea about any function which does
> so.
>
>
> Thanks,
> Sumit
>
>
>
> On Sun, May 24, 2009 at 12:33 PM, Michael A. Peters 
> wrote:
>
> > Sumit Sharma wrote:
> >
> >> Hi,
> >>
> >>   Whenever I am using date('r') function It shows time in GMT instead of
> >> local time set on my machine. Do I need to configure the time
> separately.
> >> I
> >> am using WAMP server locally.
> >>
> >> Thanks,
> >> Sumit
> >>
> >>
> > Not sure about windows - but
> >
> > putenv("TZ=America/Los_Angeles");
> >
> > in your script should work (change the timezone to whatever you want
> > locally).
> >
> > You should be able to set the TZ variable globally in your php.ini file.
> >
>

Re: [PHP] php dev environment

[Eddie Drapkin]

-- Forwarded message --
From: Eddie Drapkin 
Date: Mon, May 25, 2009 at 3:24 AM
Subject: Re: [PHP] php dev environment
To: Lester Caine 



Vim? Vi? PFT

If you're gonna CLI, CLI *like a man* and use emacs!


On Mon, May 25, 2009 at 3:21 AM, Lester Caine  wrote:

> Lester Caine wrote:
>
>> Paul M Foster wrote:
>>
>>> On Sun, May 24, 2009 at 10:32:23AM +0100, Nathan Rixham wrote:
>>>
>>>  Hi All,
>>>>
>>>> A recent post just reminded me of something I did a while ago that may
>>>> be of use to many of you (and its sitting doing nothing), it's a kind of
>>>> how to for getting a full development environment up and running simply.
>>>>
>>>>
>>>> Eclipse PDT 2 + extras
>>>> http://wiki.voom.me/wiki/Eclipse-PDT2-Perfect-Setup
>>>>
>>>> Subversion auto props
>>>> http://wiki.voom.me/wiki/SubversionAutoProps
>>>>
>>>> PHP Tools - XDebug, PHPDocumentor, PHP Code Sniffer, PHPUnit
>>>>
>>>> http://wiki.voom.me/wiki/VoomWorkingEnvironment#SettingUpTheLocalPHPPEAREnvironment
>>>>
>>>> (Ubuntu Specific - Continuous Integration)
>>>> XDebug, PHPDocumentor, PHP Code Sniffer, PHPUnit, Cruise Control,
>>>> phpUnderControl
>>>> http://nathan.voom.me/wiki/PHP-ContinuousIntegration
>>>>
>>>> All that should save a few days of work setting up configuring and
>>>> exploring.
>>>>
>>>> Servers & Bandwidth courtesy of Dan Brown @ Parasane - thanks mate.
>>>> http://parasane.net/
>>>>
>>>> Hope it helps somebody!
>>>>
>>>
>>> That's no development environment! There's no Vim! ;-}
>>>
>>
>> http://www.viplugin.com/viplugin/
>>
> or http://www.vimplugin.org/
>
>
>  But the above list does need PHPElipse rather than PDT ;)
>>
>
> --
> Lester Caine - G8HFL
> -
> Contact - http://lsces.co.uk/wiki/?page=contact
> L.S.Caine Electronic Services - http://lsces.co.uk
> EnquirySolve - http://enquirysolve.com/
> Model Engineers Digital Workshop - http://medw.co.uk//
> Firebird - http://www.firebirdsql.org/index.php
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

[PHP] Re: [PHP-DEV] PHP scalability problem

[Eddie Drapkin]

Processes are only spawned in shitty webserver processing models that high
performing webservers don't even have.  If you'll read my first link, php is
rarely the client-side bottleneck (which is all that matters).  And do some
research, on a page that hits the database for me, the query is usually
50-80% of prosecution speed, so design a faster db schema or use a faster
RDBMS (or high performing MySQL builds).  Offloading processing is rarely
possible and is not the solution to scaling your web application, somewhere
along the line your server will fail (if you have enough success) and you'll
have to get a new one.  Scaling gracefully is more about horizontal
expansion and getting the most for your buck, delaying the inevitable.

Some things you probably ought to keep in mind
1) Client side performance is the only thing that matters.  If your server
load is at 110 but pages are still generating in less time than it takes to
make the HTTP handshake (which I estimate <0.1 seconds is a fair target),
then you have no worries.  Install ySlow and study its documentation
thoroughly and accept no less than high 90s for your work.

2) Scaling requires a fundamental paradigm of speed built in to the core
logic of your application.  It's easier to start with a persistent caching
setup and go from there than apply one later.  Look into memcache,
memcachedb, and apc for some absolutely required tools.

3) The solution to save your server from doing the majority of the work
isn't to load it onto the clients, that'll result in your ownership of a
laggy, unresponsive site no one wants to use.  I guess that would solve your
problem, though, by taking away all your users.

4) Start establishing good performance habits, use a profiler like xdebug
and identify your bottlenecks and optimize them.  Saving 10ms on a logic
setup is meaningless if every pageload has 200ms of queries it has to run.
SQL *will* be your benchmark long before PHP or apache will be.  Look into
setting your SQL server up as fast as you can.  Hint: default installs and
configurations are never as fast as they could be.

5) Use ajax when you can instead of full page reloads.  It saves a lot of
overhead i/o if done properly.

6) Install an opcode cache, I recommend EAccelerator.  Script CPU time will
be decreased by (a) order of magnitude(s).

7) Scalability is a lot of SEO, there's no one magic thing you can do, it's
a combination of dozens of tiny little things and it's probably the most
difficult thing about writing PHP.  Don't expect someone to email this list
and say "Do X, Y and Z and you'll never have to worry about scaling!"
because they'll be lying to you if that does happen.

On a side note, I noticed this is the wrong list and CC'd the correct one.

On Tue, May 26, 2009 at 11:04 PM, tRace DOliveira wrote:

>
> What I am trying to achieve is to have the server do less processing. Like
> I said PHP is a server side scripting language and each time a request is
> made a process is spawned and processes are heavy weight as compared to a
> thread which is a light weight process. So I want to take away much
> processing away from the server and have the client do it instead. Because
> if many requests are made the server will eventually go down because it will
> over the server.
> **
>
>
> From: Eddie Drapkin 
> Subject: Re: [PHP-DEV] PHP scalability problem
> To: "tRace DOliveira" 
> Cc: intern...@lists.php.net
> Date: Wednesday, May 27, 2009, 2:55 AM
>
>
> 1) PHP is Rarely The Bottleneck: 
> http://talks.php.net/show/drupal08/<http://talks.php.net/show/drupal08/7>
> 2) Invest in an opcode cache
> 3) DB I/O is always the most restrictive part of your application, read the
> mysql performance blog (a lot applies for postgres too)
> 4) If you're serious about scalability, ditch apache and use a better
> webserver
> 5) You're describing what ajax does in a lot of cases
> 6) Have you deployed flatfile cache / apc / memcached?  If so, how?
> 7) Do you regularly run siege tests on new server stacks and profile each
> piece's impact on performance?
> 8) Do you profile your code every time you change some piece of logic?
>
> Scalability is an enormous mountain to climb and there's only so much you
> can offload on to the client.  Chances are there's more room for improvement
> at any stage in your development than there is potentiality for client-side
> processing.
>
> On Tue, May 26, 2009 at 10:46 PM, tRace DOliveira 
> http://us.mc1104.mail.yahoo.com/mc/compose?to=married...@yahoo.com>
> > wrote:
>
>> PHP is a server side scripting language, so that means that the server
>> will have to do the bulk of the processing if not most.
>> I was thinking about shifting the processing to the client. Kinda like how
>> java does it. I don't know really know how java does it but it would be
>> interesting if it could be done for PHP also.
>> Thank you,
>> Leonard D'Oliveira
>>
>>
>>
>
>
>
>

[PHP] Re: [PHP-DEV] PHP scalability problem

[Eddie Drapkin]

I seriously doubt it.  PHP is a better language in almost all regards and is
much much more popular.  A lot of people make that decision every day and
I'd say most of them choose PHP.  Why ask that, though?

On Tue, May 26, 2009 at 11:36 PM, tRace DOliveira wrote:

>
> Do you agree with me that when building a large web application that people
> would rather choose ASP.Net over PHP if people had to choose between those
> two ?
> --- On *Wed, 5/27/09, Eddie Drapkin * wrote:
>
>
> From: Eddie Drapkin 
> Subject: Re: [PHP-DEV] PHP scalability problem
> To: "Michael Shadle" 
> Cc: "tRace DOliveira" , "intern...@lists.php.net" <
> intern...@lists.php.net>
> Date: Wednesday, May 27, 2009, 3:29 AM
>
>
> nginx and php-fpm is the fastest setup I could find, after spending almost
> 2 weeks trying different combinations.
>
> Apache pre-fork model: 1900 reqs/second (this is with running queries per
> pageload)
> nginx w/ fpm: 3400 reqs/second
>
> And nginx's doc setup is awesome.
>
> Like Michael said, scaling PHP itself is no big deal, just add more worker
> nodes to your process pool, the issue is scaling out your sql server
> (memcache scaling is piss easy too)
>
> On Tue, May 26, 2009 at 11:24 PM, Michael Shadle 
> http://us.mc1104.mail.yahoo.com/mc/compose?to=mike...@gmail.com>
> > wrote:
>
>> Succinct and great reply.
>>
>> Better webserver: nginx :)
>>
>> #3 is probably the most important piece.
>>
>> I'd like to also note scaling php is pretty simple. Scaling out typically
>> provides better results as opposed to scaling up. Scaling your datastore
>> will always be your pain point. Adding new data nodes is complex. Adding
>> more php processing nodes is simple. Php nodes are just worker bees. They're
>> great for shared-nothing processing engines.
>>
>> I can't think of a good metaphor right now other than that.
>>
>> On May 26, 2009, at 7:55 PM, Eddie Drapkin 
>> http://us.mc1104.mail.yahoo.com/mc/compose?to=oorza...@gmail.com>>
>> wrote:
>>
>>  1) PHP is Rarely The Bottleneck:
>>> http://talks.php.net/show/drupal08/<http://talks.php.net/show/drupal08/7>
>>>
>>>
>>> 2) Invest in an opcode cache
>>> 3) DB I/O is always the most restrictive part of your application, read
>>> the
>>> mysql performance blog (a lot applies for postgres too)
>>> 4) If you're serious about scalability, ditch apache and use a better
>>> webserver
>>> 5) You're describing what ajax does in a lot of cases
>>> 6) Have you deployed flatfile cache / apc / memcached?  If so, how?
>>> 7) Do you regularly run siege tests on new server stacks and profile each
>>> piece's impact on performance?
>>> 8) Do you profile your code every time you change some piece of logic?
>>>
>>> Scalability is an enormous mountain to climb and there's only so much you
>>> can offload on to the client.  Chances are there's more room for
>>> improvement
>>> at any stage in your development than there is potentiality for
>>> client-side
>>> processing.
>>>
>>> On Tue, May 26, 2009 at 10:46 PM, tRace DOliveira 
>>> http://us.mc1104.mail.yahoo.com/mc/compose?to=married...@yahoo.com>
>>> >wrote:
>>>
>>> PHP is a server side scripting language, so that means that the server
>>>> will
>>>> have to do the bulk of the processing if not most.
>>>> I was thinking about shifting the processing to the client. Kinda like
>>>> how
>>>> java does it. I don't know really know how java does it but it would be
>>>> interesting if it could be done for PHP also.
>>>> Thank you,
>>>> Leonard D'Oliveira
>>>>
>>>>
>>>>
>>>>
>
>

[PHP] [PHP-DEV] PHP scalability problem

[Eddie Drapkin]

... no

Apache uses processes, but can also use threads.  nginx and lighttpd both
use a threaded model.  But you seem to have this idea in your head that it's
PHP's fault and switching to a threaded webserver / CGI model will solve any
noticeable scalability problems, so feel free to ditch PHP for ASP because
you think it'll be anywhat faster.  I'll save you some time: it won't.


On Tue, May 26, 2009 at 11:44 PM, tRace DOliveira wrote:

>
> What I am trying to get at is that PHP uses processes(Heavy weight) and
> ASP.NET uses threads which are light weight. So it inflicts less strain
> upon the web server. So I am trying to solve the problem of the strain that
> PHP causes on ther server.
> --- On *Wed, 5/27/09, Eddie Drapkin * wrote:
>
>
> From: Eddie Drapkin 
> Subject: Re: [PHP-DEV] PHP scalability problem
> To: "tRace DOliveira" 
> Cc: "PHP General Mailing List" 
> Date: Wednesday, May 27, 2009, 3:39 AM
>
>
>
> I seriously doubt it.  PHP is a better language in almost all regards and
> is much much more popular.  A lot of people make that decision every day and
> I'd say most of them choose PHP.  Why ask that, though?
>
> On Tue, May 26, 2009 at 11:36 PM, tRace DOliveira 
> http://us.mc1104.mail.yahoo.com/mc/compose?to=married...@yahoo.com>
> > wrote:
>
>>
>> Do you agree with me that when building a large web application that
>> people would rather choose ASP.Net over PHP if people had to choose between
>> those two ?
>> --- On *Wed, 5/27/09, Eddie Drapkin 
>> http://us.mc1104.mail.yahoo.com/mc/compose?to=oorza...@gmail.com>
>> >* wrote:
>>
>>
>> From: Eddie Drapkin 
>> http://us.mc1104.mail.yahoo.com/mc/compose?to=oorza...@gmail.com>
>> >
>> Subject: Re: [PHP-DEV] PHP scalability problem
>> To: "Michael Shadle" 
>> http://us.mc1104.mail.yahoo.com/mc/compose?to=mike...@gmail.com>
>> >
>> Cc: "tRace DOliveira" 
>> http://us.mc1104.mail.yahoo.com/mc/compose?to=married...@yahoo.com>>,
>> "intern...@lists.php.net<http://us.mc1104.mail.yahoo.com/mc/compose?to=intern...@lists.php.net>"
>> http://us.mc1104.mail.yahoo.com/mc/compose?to=intern...@lists.php.net>
>> >
>> Date: Wednesday, May 27, 2009, 3:29 AM
>>
>>
>> nginx and php-fpm is the fastest setup I could find, after spending almost
>> 2 weeks trying different combinations.
>>
>> Apache pre-fork model: 1900 reqs/second (this is with running queries per
>> pageload)
>> nginx w/ fpm: 3400 reqs/second
>>
>> And nginx's doc setup is awesome.
>>
>> Like Michael said, scaling PHP itself is no big deal, just add more worker
>> nodes to your process pool, the issue is scaling out your sql server
>> (memcache scaling is piss easy too)
>>
>> On Tue, May 26, 2009 at 11:24 PM, Michael Shadle 
>> http://us.mc1104.mail.yahoo.com/mc/compose?to=mike...@gmail.com>
>> > wrote:
>>
>>> Succinct and great reply.
>>>
>>> Better webserver: nginx :)
>>>
>>> #3 is probably the most important piece.
>>>
>>> I'd like to also note scaling php is pretty simple. Scaling out typically
>>> provides better results as opposed to scaling up. Scaling your datastore
>>> will always be your pain point. Adding new data nodes is complex. Adding
>>> more php processing nodes is simple. Php nodes are just worker bees. They're
>>> great for shared-nothing processing engines.
>>>
>>> I can't think of a good metaphor right now other than that.
>>>
>>> On May 26, 2009, at 7:55 PM, Eddie Drapkin 
>>> http://us.mc1104.mail.yahoo.com/mc/compose?to=oorza...@gmail.com>>
>>> wrote:
>>>
>>>  1) PHP is Rarely The Bottleneck:
>>>> http://talks.php.net/show/drupal08/<
>>>> http://talks.php.net/show/drupal08/7>
>>>>
>>>> 2) Invest in an opcode cache
>>>> 3) DB I/O is always the most restrictive part of your application, read
>>>> the
>>>> mysql performance blog (a lot applies for postgres too)
>>>> 4) If you're serious about scalability, ditch apache and use a better
>>>> webserver
>>>> 5) You're describing what ajax does in a lot of cases
>>>> 6) Have you deployed flatfile cache / apc / memcached?  If so, how?
>>>> 7) Do you regularly run siege tests on new server stacks and profile
>>>> each
>>>> piece's impact on performance?
>>>> 8) Do you profile your code every 

[PHP] [PHP-DEV] PHP scalability problem

[Eddie Drapkin]

If you think that's a problem, then yes.  Look into nginx.  But honestly,
you're not going to notice a speed improvement at all (maybe if you were
serving 2000 loads/sec you would, but only then if it's on a small box).



On Tue, May 26, 2009 at 11:52 PM, tRace DOliveira wrote:

>  I also thought that it's PHP that causes the processes. Thanks that helps
> me alot. So the problem is not with the language itself but the web
> server(Apache)?
>
> --- On *Wed, 5/27/09, Eddie Drapkin * wrote:
>
>
> From: Eddie Drapkin 
> Subject: Re: [PHP-DEV] PHP scalability problem
> To: "tRace DOliveira" 
> Date: Wednesday, May 27, 2009, 3:47 AM
>
>
> ... no
>
> Apache uses processes, but can also use threads.  nginx and lighttpd both
> use a threaded model.  But you seem to have this idea in your head that it's
> PHP's fault and switching to a threaded webserver / CGI model will solve any
> noticeable scalability problems, so feel free to ditch PHP for ASP because
> you think it'll be anywhat faster.  I'll save you some time: it won't.
>
> On Tue, May 26, 2009 at 11:44 PM, tRace DOliveira 
> http://us.mc1104.mail.yahoo.com/mc/compose?to=married...@yahoo.com>
> > wrote:
>
>>
>> What I am trying to get at is that PHP uses processes(Heavy weight) and
>> ASP.NET <http://asp.net/> uses threads which are light weight. So it
>> inflicts less strain upon the web server. So I am trying to solve the
>> problem of the strain that PHP causes on ther server.
>> --- On *Wed, 5/27/09, Eddie Drapkin 
>> http://us.mc1104.mail.yahoo.com/mc/compose?to=oorza...@gmail.com>
>> >* wrote:
>>
>>
>> From: Eddie Drapkin 
>> http://us.mc1104.mail.yahoo.com/mc/compose?to=oorza...@gmail.com>
>> >
>> Subject: Re: [PHP-DEV] PHP scalability problem
>> To: "tRace DOliveira" 
>> http://us.mc1104.mail.yahoo.com/mc/compose?to=married...@yahoo.com>
>> >
>> Cc: "PHP General Mailing List" 
>> http://us.mc1104.mail.yahoo.com/mc/compose?to=php-gene...@lists.php.net>
>> >
>> Date: Wednesday, May 27, 2009, 3:39 AM
>>
>>
>>
>> I seriously doubt it.  PHP is a better language in almost all regards and
>> is much much more popular.  A lot of people make that decision every day and
>> I'd say most of them choose PHP.  Why ask that, though?
>>
>> On Tue, May 26, 2009 at 11:36 PM, tRace DOliveira 
>> http://us.mc1104.mail.yahoo.com/mc/compose?to=married...@yahoo.com>
>> > wrote:
>>
>>>
>>> Do you agree with me that when building a large web application that
>>> people would rather choose ASP.Net over PHP if people had to choose between
>>> those two ?
>>> --- On *Wed, 5/27/09, Eddie Drapkin 
>>> http://us.mc1104.mail.yahoo.com/mc/compose?to=oorza...@gmail.com>
>>> >* wrote:
>>>
>>>
>>> From: Eddie Drapkin 
>>> http://us.mc1104.mail.yahoo.com/mc/compose?to=oorza...@gmail.com>
>>> >
>>> Subject: Re: [PHP-DEV] PHP scalability problem
>>> To: "Michael Shadle" 
>>> http://us.mc1104.mail.yahoo.com/mc/compose?to=mike...@gmail.com>
>>> >
>>> Cc: "tRace DOliveira" 
>>> http://us.mc1104.mail.yahoo.com/mc/compose?to=married...@yahoo.com>>,
>>> "intern...@lists.php.net<http://us.mc1104.mail.yahoo.com/mc/compose?to=intern...@lists.php.net>"
>>> http://us.mc1104.mail.yahoo.com/mc/compose?to=intern...@lists.php.net>
>>> >
>>> Date: Wednesday, May 27, 2009, 3:29 AM
>>>
>>>
>>> nginx and php-fpm is the fastest setup I could find, after spending
>>> almost 2 weeks trying different combinations.
>>>
>>> Apache pre-fork model: 1900 reqs/second (this is with running queries per
>>> pageload)
>>> nginx w/ fpm: 3400 reqs/second
>>>
>>> And nginx's doc setup is awesome.
>>>
>>> Like Michael said, scaling PHP itself is no big deal, just add more
>>> worker nodes to your process pool, the issue is scaling out your sql server
>>> (memcache scaling is piss easy too)
>>>
>>> On Tue, May 26, 2009 at 11:24 PM, Michael Shadle 
>>> http://us.mc1104.mail.yahoo.com/mc/compose?to=mike...@gmail.com>
>>> > wrote:
>>>
>>>> Succinct and great reply.
>>>>
>>>> Better webserver: nginx :)
>>>>
>>>> #3 is probably the most important piece.
>>>>
>>>> I'd like to also note scaling php is pretty simple. Scaling

Re: Re: [PHP] Re: PHP, OOP and AJAX

[Eddie Drapkin]

Your code might not, but you sure do!  Spending all that time writing
require statements = :(

On Thu, May 28, 2009 at 9:49 AM, Tony Marston  wrote:

>
>  wrote in message
> news:000e0cd6ad1a9f7d3d046af89...@google.com...
> > Two things:
> >
> > 1. Try using the fully qualified path (ie /var/www/foo/bar.php instead of
> > foo/bar.php)
> > 2. Look at setting up autoloading so you don't need to manually include
> > anyway. If you're going OOP, autoloading is a must!
>
> I totally disagree. I have been doing OOP with PHP for years, and I have
> never used autoloading. It is just a feature that can be used, misused or
> abused just like any other. I choose not to use it, and my code does not
> suffer in the least!
>
> --
> Tony Marston
> http://www.tonymarston.net
> http://www.radicore.org
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: Re: [PHP] Re: PHP, OOP and AJAX

[Eddie Drapkin]

There's a huge difference between laziness and opting in to use an
incredibly useful (and easy to properly deploy) feature to save myself time
so that I can spend more time writing that structured and efficient code of
which you speak.  And the problem with what you're saying is that you still
have to include 'singleton.php' somewhere in order to call its static
methods, and I'd rather just spend 30 minutes writing an autoloader object
and letting it deal with finding any of the classes I use then trying to
keep track of legacy code I didn't write and require'ing them all over the
place.

The way I look at it, if you spend all your time handling things that you
could automate - and if written properly, will always work as expected (it's
called unit testing and debugging) - then you have no time to write that
structured and efficient code in order to meet your deadlines! :)

On Thu, May 28, 2009 at 10:53 AM, Tony Marston <
t...@marston-home.demon.co.uk> wrote:

> "Eddie Drapkin"  wrote in message
> news:68de37340905280737t3e1ad844y188ab8fa08f17...@mail.gmail.com...
> > Your code might not, but you sure do!  Spending all that time writing
> > require statements = :(
>
> If you are too lazy to write "require" statements then you are probably too
> lazy to write readable, well structured and efficient code. Besides, I
> don't
> use "require" statements, I use
>$dbobject =& singleton::getInstance('classname');
>
> I don't use autoload because *I* want to be in control. I prefer not to
> rely
> on automatuic features which may not work as expected.
>
> --
> Tony Marston
> http://www.tonymarston.net
> http://www.radicore.org
>
> > On Thu, May 28, 2009 at 9:49 AM, Tony Marston
> >  >> wrote:
> >
> >>
> >>  wrote in message
> >> news:000e0cd6ad1a9f7d3d046af89...@google.com...
> >> > Two things:
> >> >
> >> > 1. Try using the fully qualified path (ie /var/www/foo/bar.php instead
> >> > of
> >> > foo/bar.php)
> >> > 2. Look at setting up autoloading so you don't need to manually
> include
> >> > anyway. If you're going OOP, autoloading is a must!
> >>
> >> I totally disagree. I have been doing OOP with PHP for years, and I have
> >> never used autoloading. It is just a feature that can be used, misused
> or
> >> abused just like any other. I choose not to use it, and my code does not
> >> suffer in the least!
> >>
> >> --
> >> Tony Marston
> >> http://www.tonymarston.net
> >> http://www.radicore.org
> >>
> >>
> >>
> >>
> >> --
> >> PHP General Mailing List (http://www.php.net/)
> >> To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >>
> >
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: Re: [PHP] Re: PHP, OOP and AJAX

[Eddie Drapkin]

autoloading doesn't do anything but follow a set of logic rules to decide
what file to require, so it doesn't mess with opcode caches at all.

On Thu, May 28, 2009 at 4:02 PM, Nathan Nobbe wrote:

> On Thu, May 28, 2009 at 9:25 AM, Tony Marston <
> t...@marston-home.demon.co.uk
> > wrote:
>
> >
> > "Eddie Drapkin"  wrote in message
> > news:68de37340905280801m6964d355l2d6d8ef773f3b...@mail.gmail.com...
> > > There's a huge difference between laziness and opting in to use an
> > > incredibly useful (and easy to properly deploy) feature to save myself
> > > time
> > > so that I can spend more time writing that structured and efficient
> code
> > > of
> > > which you speak.  And the problem with what you're saying is that you
> > > still
> > > have to include 'singleton.php' somewhere in order to call its static
> > > methods,
> >
> > I have a single general purpose include file which autmatically includes
> > all
> > other standard files, so I never have to explicity load my singleton
> class.
> >
> > > and I'd rather just spend 30 minutes writing an autoloader object
> > > and letting it deal with finding any of the classes I use then trying
> to
> > > keep track of legacy code I didn't write and require'ing them all over
> > the
> > > place.
> >
> > I'd rather not waste 30 minutes of my time writing a feature that I don't
> > need.
> >
> > The difference between using and not using the autoload feature does not
> > have any measurable impact on either my development times, nor the
> > execution
> > of my code, so I choose to not use it. That's my choice, and I'm sticking
> > to
> > it.
> >
> > > The way I look at it, if you spend all your time handling things that
> you
> > > could automate - and if written properly, will always work as expected
> > > (it's
> > > called unit testing and debugging) - then you have no time to write
> that
> > > structured and efficient code in order to meet your deadlines! :)
> >
> > Not using autoload does not have any noticeable effect on my deadlines,
> so
> > I
> > have no incentive to use it. Just because you say that I *should* use it
> > carries no weight at all.
>
>
> this simple fact is that autoloading is something anyone can implement
> themselves.  take a look at code igniters $this->load() arrangement.
> basically they do dynamic loading rather than requires, and thats part of
> the reason for the massive performance advantage it has over other
> frameworks.
>
> autoloading is nice because it affords a somewhat standard approach to a
> common issue.  sure, you could do something like ci, but i say why bother,
> why not just use __autoload() and freinds now that php offers it as a
> feature.  then again, if you already have some dynamic loading system, of
> course theres no real call to move to __autoload().  (and of course ci is
> written w/ php4 support in mind, which obviously eliminates __autoload in
> their scenario)
>
> im also skeptical of the advantages dynamic loading offers in systems
> running an opcode cache.  essentially after initially caching a scripts
> opcodes, successive include/require calls are a hit to the cache to see its
> already there.  im sure dynamic loading is offers dramatic performance
> gains
> systems not running opcode caches though.
>
> -nathan
>

[PHP] Autoloading with namespaces in 5.3.0

[Eddie Drapkin]

Hey, I'm looking to start playing with 5.3.0, and thus by extension,
namespaces.  One of the things that I definitely need support for is
autoloading, and the docs aren't exactly explicit in some (obvious to me)
cases.

I have an autoloading class that internally handles file-not-found errors
and the like and a set of methods that get registered via
spl_autoload_register.  I'm wondering if there's any way that the autoloader
- which won't exist inside a namespace - can handle classes with the same
name in several different namespaces.  Say, for example, I have three
directories foo/, bar/, and baz/ and each of those corresponds to a
same-named namespace, and each also has a class named ExampleClass.  If I
try to instantate a foo\ExampleClass, does the classname get set in the
autoloader method as "ExampleClass" or "foo\ExampleClass"?  If the former,
is there any way to determine the namespace name so I don't accidentally
autoload bar\ExampleClass or baz\ExampleClass?

Re: [PHP] Autoloading with namespaces in 5.3.0

[Eddie Drapkin]

I did some further research and think I can manage to load
\foo\bar\class.php fine, but if I use foo\bar\ as bar and load
bar\class.php, does the autoloader have access to the scope of use or does
it get translated to the FQ path?

On Mon, Jun 1, 2009 at 10:44 AM, Nathan Nobbe wrote:

> On Sat, May 30, 2009 at 1:51 PM, Eddie Drapkin  wrote:
>
>> Hey, I'm looking to start playing with 5.3.0, and thus by extension,
>> namespaces.  One of the things that I definitely need support for is
>> autoloading, and the docs aren't exactly explicit in some (obvious to me)
>> cases.
>>
>> I have an autoloading class that internally handles file-not-found errors
>> and the like and a set of methods that get registered via
>> spl_autoload_register.  I'm wondering if there's any way that the
>> autoloader
>> - which won't exist inside a namespace - can handle classes with the same
>> name in several different namespaces.  Say, for example, I have three
>> directories foo/, bar/, and baz/ and each of those corresponds to a
>> same-named namespace, and each also has a class named ExampleClass.  If I
>> try to instantate a foo\ExampleClass, does the classname get set in the
>> autoloader method as "ExampleClass" or "foo\ExampleClass"?  If the former,
>> is there any way to determine the namespace name so I don't accidentally
>> autoload bar\ExampleClass or baz\ExampleClass?
>>
>
> i seem to remember a while back, someone saying the entire namespace will
> now be passed into the __autoload() function, whereas before it was just the
> classname.  your autoload logic should be equipped to handle different
> classes w/ the same name, in different namespaces.
>
> -nathan
>

Re: [PHP] Re: PHP vs ASP.NET

[Eddie Drapkin]

>
> 
> daniel.br...@parasane.net || danbr...@php.net
> http://www.parasane.net/ || http://www.pilotpig.net/
> 50% Off All Shared Hosting Plans at PilotPig: Use Coupon DOW1
>
>
Completely off topic, but www.pilotpig.net is down or buggered or
something!  Looks like a squatter to me >.>

Re: [PHP] Re: PHP scalability problem -- APC vs EAccelerator

[Eddie Drapkin]

EAcellerator is "just" an opcode cache.  It transparently caches PHP
opcodes; all you have to do to use it is download, compile and enable and
never worry about it again.  APC, on the other hand, does a bit more.  While
APC also caches opcodes, it performs worse than EAC or xcache does (there's
a bit of debate as to which is better, for my particular needs, EAC was
marginally faster, but both outperformed APC) for opcode caching.  APC, on
the other hand, also has some useful features that aren't related to opcode
caching, but rather apc_store, apc_fetch and apc_define_constants.  If you
install apc and don't set apc_enable=1 in php.ini and leave the opcode
caching to EAC / XCache, you still have the ability to use those three
functions, which allow you to have persistent values in RAM between
requests, which is really useful if you have a lot of generic data that
never changes but is needed often.  I personally use apc to set and fetch
global variables and constants and allow EAC to cache the opcodes.

It gets really hairy if you decide to use memcached in conjunction with an
external opcode cacher and APC, because there's specific cases where APC is
useful to store/fetch persistent data and other cases where memcached makes
more sense to use.  I recommend reading
www.scribd.com/doc/4069180/Caching-Performance-*Lessons-from-Facebook * for
a good analysis of when and where and how to implement the two in tandem.

Speaking more generically, building with memcached in mind is a huge
paradigm shift from your typical php/mysql architecture, as you have to
compensate for the fact that the database is dynamically changing, and
either abstract away, or manually manage the data structures in memcached.
There's two strategies - hard mode and extreme mode, if you will - to doing
this: delete every key when the data within them changes, or dynamically
update them as the database changes (theoretically offering you the
potential to have 95%+ cache hit rate, with database reads being a rare
case).  It's a lot more difficult to drop in later than it is to design with
it in mind, and in many cases implementing it means re-writing a lot of
legacy code, but the fact of the matter is that a solid memcached
implementation can all but bypass the SQL database altogether (and by doing
so bypass the bottleneck for the vast majority of requests) and there's
nothing else that offers the performance increase of memcace (orders of
magnitude).  If you'd like a more complete example - with (pseudo)code
example, let me know and I'll write out something more descriptive.

If you're  worried about scalability, there's a few links I'd recommend:

http://highscalability.com/ - blog dedicated to scalability, has talks with
a lot of huge, high visibility sites (not all built on php) including, but
not limited to, digg, facebook and wolfram|alpha

www.*mysqlperformanceblog*.com/ - another blog dedicated to performance, but
less generically and more how to squeeze the most out of mysql.  It's run by
Percona, which is a very respectable company despite their flaws, and they
also distribute XtraDB, the easiest way to increase MySQL performance.
Pardon me for assuming you use MySQL if you don't.

http://blog.facebook.com/ - facebook's official blog, often has useful talks
and links about the ways they've solved their scalability problems.

http://blog.digg.com/ - same as previous, save for digg

You'll have to dig (pun not intended) through a lot of cruft for "the good
stuff" with those last two links, but you can easily spend several hours on
the first two links and all four offer pretty impressive advice.

Let me know if there's anything else I can do for you :)

--Eddie

On Mon, Jun 1, 2009 at 9:44 PM, Daevid Vincent  wrote:

> Eddie can you explain the differences between APC (which is now built into
> PHP) and EAccelerator. You seem to give mixed signals here as you endorse
> both it seems, but I would think they would collide and as the Highlander
> says, "There can be only one!"
>
> http://us.php.net/apc
> http://eaccelerator.net/
>
> Why would we choose one over the other, or do they really work in tandem
> together?
>
> We looked into memcached or memcache or some $hit (it's too confusing and I
> don't remember the exact one) but after installing, we realized it would
> not
> work so well for us as it makes your SQL queries potentially stale. In our
> case, they all have to be live and accurate. And there is a 1MB data limit
> per cache object. :(
>
> http://us.php.net/manual/en/book.memcache.php
> http://us.php.net/manual/en/book.memcached.php
> http://www.danga.com/memcached/
>
> However we did install the APC and that seems to work very well for caching
> the page's opcodes, and are quite pleased with it so far. Plus it's nice

Re: [PHP] Web application design considerations - a good reference ?

[Eddie Drapkin]

My suggestion to you is probably mosty a rehashing of what a lot of other
people have said.  I definitely think you should take a good, hard look at
some existing solutions (frameworks, cms's, etc.) and decide whether you
want to use one or not.  In my experience, which is admittedly limited,
pre-fabricated frameworks like those mentioned in this thread often have way
more functionality than you'll actually need, like putting up a painting
with a jackhammer.  If you decide not to use one, you'll at the very least
get a lot of invaluable experience working with PHP and seeing how things
are setup.  Maybe you'll directly emulate a code layout and flow structure,
maybe you'll take a bit from drupal, and a bit from cake, and a bit from
wordpress, or maybe by seeing them, you'll reject their ideas for your own.
No matter what you do, it's exposure to someone else's ideas and through
that, you can help build your own instead of walking down that same road and
falling in the same pitfalls that other people have.

I'd also like to second someone's previous suggestion that you not work
alone.  In my experience, there's pros and cons to every idea and every idea
has a sibling - at least one other way of accomplishing the same task.  If
you surround yourself with good people that know what they're doing and have
a good discourse about how to do A, B and C and bounce ideas off of one
another, there's a good chance that the ultimate product will be much better
than if you had elected to work alone.

That's all I've got

--Eddie

On Tue, Jun 2, 2009 at 9:48 AM, Lists  wrote:

> Angus Mann wrote:
>
>> Hi all.
>>
>> I'm working on a PHP project for my own personal business use. It will
>> handle billing and invoices as well as payments and time management,
>> bookings, appointments and a few more. I may add things like personal
>> messaging between the various users and a customer login to check on the
>> progress of their accounts.
>>
>> It is a big project and will probably take a year or so to complete in my
>> spare time.
>>
>> I have made a couple of starts but I have no experience in creating such
>> large applications and I find I often end up with spaghetti code. I've tried
>> using session variables to keep track of where and what the program is doing
>> but there are so many permuations and combinations I found myself writing
>> endless streams of if's, and's and or's just to figure out what page to
>> display.
>>
>> The code is not the probblem for me...it's the flow and organization of
>> the code.
>>
>> Can anybody point me to a good book or tutorial that lays down the
>> principles and gives some suggestions for integrating the many subroutines
>> of a large application? I want to make the code readable and logical in its
>> flow, and avoid repetition of code segments.
>>
>> Much appreciated.
>> Angus
>>
>
> I wrote one from Scratch over many years and I don't know how I would
> operate my business without it at this point. Some little things I would
> suggest... if you have multiple relationships over several .dbs.. customers
> db relating to a invoices db, proposals db, quotes db etc..
> make sure to use a global unique ID across all databases.. meaning,
> every time a new record is created in any of these databases, I
> grab an I.D. from a function that exists only to create a unique ID.
> This way you don't run the risk of creating false relationships.
>
> Some ideas?.. I probably went over board, but all my invoices, quotes etc.
> also have a corresponding hard copy (file that is written), other
> than the database record, which acts as redundancy.
>
> The problem with any framework such as Drupal is, though you can avoid
> reinventing the wheel in some cases, you also build stuff that looks like
> existing stuff and you have the same known security management as existing
> stuff, and you are sometimes limited on function... So, I just wanted to add
> this alternate perspective that it is perfectly doable starting from the
> ground up.
>
> Donovan
>
>
>
>
>
> --
>  =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o
>  D. BROOKE   EUCA Design Center
>   WebDNA Software Corp.
>  WEB:> http://www.euca.us  |   http://www.webdna.us
>  =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o
>  WebDNA: [** Square Bracket Utopia **]
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] PHP Help

[Eddie Drapkin]

There's a few things about your post I'd like to comment on.  One, if you're
not using APC, I definitely agree with the fact that you're just wasting
resources.  However, you mention micro-optimizations and say that they're
hardly useful, but in some cases it's a huge difference. ' vs. " is like a
0.1% speed difference or something equally negligible, but using
isset($foo['bar']) instead of in_array($foo, 'bar') is almost an exponential
speedup (it approaches that level of difference as the array size gets
larger and larger), so there are some definite good practices with common
fundamental structures that are worth paying attention to.  And finally, you
mention optimizing the LAMP stack, when the fact of the matter is the best
way to optimize that stack is to get rid of it.  Apache is huge and slow and
there are very fast and viable replacements for it (I use nginx, but a lot
of people are satisfied with lighttpd) and using either spawn-fcgi or fpm,
php concurrency can increase by as much as 50%.  And regarding MySQL,
installing XtraDB, Percona's enhanced InnoDB build with a whole boatload of
patches, is the easiest way to squeeze more performance out of MySQL.

To the OP, though, the point is that there is a definite scalability path
with regards to PHP and it's not something to really fret over, as there are
tons of documentation, talks, presentations, blog posts, strategies, etc to
achieve the most with PHP.  Although, in the end, PHP itself is rarely your
bottleneck, but instead the way you have your webserver setup bottlenecks
your clientele and the way you have your queries written bottlenecks your
server.  I don't want to say that PHP speed is negligible, but if you write
the world's worst PHP, but have an opcode cache and a fast DB implementation
(and a 100 ySlow score) no one is ever going to notice how bad your code is,
whereas someone else could write great code on a poorly performing site and
wind up in a much worse situation.

On Tue, Jun 2, 2009 at 10:20 AM, Topbit  wrote:

> On Tue, Jun 2, 2009 at 5:33 AM, tRace DOliveira 
> wrote:
> > I think that PHP is the best scripting language ever created...I'm
> currently doing a study of PHP and I want to know how APC can be used to
> improve PHP performance and how it can be implemented and also if there is
> some  other alternative other than APC of improving PHP performance ? The
> problem that I face is that as many requests are made the server is placed
> under alot of pressure and cannot deal with it
>
> A large part of the reason PHP is so good at what it does is that
> scaling it up on a single, and then to multi-machine sites and from
> there to even millions of users is a well understood path.
>
> For APC, if you are running your own server and running a PHP site on
> there, if you're not already running APC or a similar caching system
> on there, you are just wasting CPU effort.
>
> There are a number of websites already out there that demonstrate the
> sort of caching and optimisations that can be performed on a LAMP
> stack, both within PHP code (but the various micro-optimisations of
> changing quotes and using one kind of array handling over another is
> only useful at the most extreme end of optimisations - and if you
> wonder if you need them - then you don't).  I'll be writing on the
> topic of scaling on my blog soon as well, so it might be useful to
> keep an eye on the in the next few weeks as well.
>
> For now, http://google.com/search?q=scaling+PHP will give you a lot of
> food for thought.
>
> Topbit
> http://topbit.co.uk/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

[PHP] Re: [PHP-DEV] PHP scalability problem

[Eddie Drapkin]

Use a FastCGI process manager, then, and you'll have a tighter level of
control.  There's several CPU limiting tools that'll allow you to choke
those processes, or you can simply set their nice value real high so they're
super low priority.  That's more the realm of server configuration than
anything else, though.

On Wed, May 27, 2009 at 12:01 AM, tRace DOliveira wrote:

>
> I think you read me wrong there. I am not looking for speed but trying to
> put less pressure on the server with the work load that it has to do.
> Like makingit do less processing. Kinda like where you have the website
> "bluehost" restricting the amount of processes a person can use. They
> restrict you because of PHP and the processes a person uses, more pressure
> the web server will have.
>
> --- On *Wed, 5/27/09, Eddie Drapkin * wrote:
>
>
> From: Eddie Drapkin 
> Subject: Re: [PHP-DEV] PHP scalability problem
> To: "tRace DOliveira" 
> Date: Wednesday, May 27, 2009, 3:54 AM
>
>
> If you think that's a problem, then yes.  Look into nginx.  But honestly,
> you're not going to notice a speed improvement at all (maybe if you were
> serving 2000 loads/sec you would, but only then if it's on a small box).
>
>
> On Tue, May 26, 2009 at 11:52 PM, tRace DOliveira 
> http://us.mc1104.mail.yahoo.com/mc/compose?to=married...@yahoo.com>
> > wrote:
>
>>   I also thought that it's PHP that causes the processes. Thanks that
>> helps me alot. So the problem is not with the language itself but the web
>> server(Apache)?
>>
>> --- On *Wed, 5/27/09, Eddie Drapkin 
>> http://us.mc1104.mail.yahoo.com/mc/compose?to=oorza...@gmail.com>
>> >* wrote:
>>
>>
>> From: Eddie Drapkin 
>> http://us.mc1104.mail.yahoo.com/mc/compose?to=oorza...@gmail.com>
>> >
>> Subject: Re: [PHP-DEV] PHP scalability problem
>> To: "tRace DOliveira" 
>> http://us.mc1104.mail.yahoo.com/mc/compose?to=married...@yahoo.com>
>> >
>> Date: Wednesday, May 27, 2009, 3:47 AM
>>
>>
>> ... no
>>
>> Apache uses processes, but can also use threads.  nginx and lighttpd both
>> use a threaded model.  But you seem to have this idea in your head that it's
>> PHP's fault and switching to a threaded webserver / CGI model will solve any
>> noticeable scalability problems, so feel free to ditch PHP for ASP because
>> you think it'll be anywhat faster.  I'll save you some time: it won't.
>>
>> On Tue, May 26, 2009 at 11:44 PM, tRace DOliveira 
>> http://us.mc1104.mail.yahoo.com/mc/compose?to=married...@yahoo.com>
>> > wrote:
>>
>>>
>>> What I am trying to get at is that PHP uses processes(Heavy weight) and
>>> ASP.NET <http://asp.net/> uses threads which are light weight. So it
>>> inflicts less strain upon the web server. So I am trying to solve the
>>> problem of the strain that PHP causes on ther server.
>>> --- On *Wed, 5/27/09, Eddie Drapkin 
>>> http://us.mc1104.mail.yahoo.com/mc/compose?to=oorza...@gmail.com>
>>> >* wrote:
>>>
>>>
>>> From: Eddie Drapkin 
>>> http://us.mc1104.mail.yahoo.com/mc/compose?to=oorza...@gmail.com>
>>> >
>>> Subject: Re: [PHP-DEV] PHP scalability problem
>>> To: "tRace DOliveira" 
>>> http://us.mc1104.mail.yahoo.com/mc/compose?to=married...@yahoo.com>
>>> >
>>> Cc: "PHP General Mailing List" 
>>> http://us.mc1104.mail.yahoo.com/mc/compose?to=php-gene...@lists.php.net>
>>> >
>>> Date: Wednesday, May 27, 2009, 3:39 AM
>>>
>>>
>>>
>>> I seriously doubt it.  PHP is a better language in almost all regards and
>>> is much much more popular.  A lot of people make that decision every day and
>>> I'd say most of them choose PHP.  Why ask that, though?
>>>
>>> On Tue, May 26, 2009 at 11:36 PM, tRace DOliveira 
>>> http://us.mc1104.mail.yahoo.com/mc/compose?to=married...@yahoo.com>
>>> > wrote:
>>>
>>>>
>>>> Do you agree with me that when building a large web application that
>>>> people would rather choose ASP.Net over PHP if people had to choose between
>>>> those two ?
>>>> --- On *Wed, 5/27/09, Eddie Drapkin 
>>>> http://us.mc1104.mail.yahoo.com/mc/compose?to=oorza...@gmail.com>
>>>> >* wrote:
>>>>
>>>>
>>>> From: Eddie Drapkin 
>>>> http://us.mc1104.mail.yahoo.com/mc/compose?to=oorza...@gmail.com>
&

Re: [PHP] MySQL after oracle, still Wise?, was Web application design .......

[Eddie Drapkin]

High-performance builds of mysql are still faster.  And with 5.4 integrating
a lot of performance boosts, I'd expect MySQL to retain that lead for a lot
longer.  There's also a lot more guides / support for MySQL around, as well
as having a more robust choosing of UDF's, if you were to need them.

PostgreSQL is a great RDBMS, on the other hand, if you're a purist.  It's
more close to the SQL standards and has a different featureset.  While
MySQL-unique features are designed to help "normal people" with complex
things - GROUP_CONCAT, for example - PostgreSQL-unique features are designed
for complicated tasks handled by well-qualified people (custom data types,
arrays, etc).  Common knowledge is that MySQL lacks a lot of integrity
features, but this isn't (as) true any more, with the introduction of
foreign keys and constraints in InnoDB.  Regarding storage engines, just use
InnoDB by default and forget about it; in the rare cases where a different
engine is better suited, you can change it later.

The way I'd suggest is that if you're either willing to learn a lot of SQL
or have already learned it in a class or something, go with postgres.  If
you just want to get it done (or care a lot about performance), go with
MySQL.

On Tue, Jun 2, 2009 at 9:25 PM, Paul M Foster wrote:

> On Tue, Jun 02, 2009 at 04:36:28PM -0400, optoma...@rogers.com wrote:
>
> > Everybody has given Angus really great advice in this previous thread
> > and I have learned a lot too. I hope no one mines the fork but I am in
> > the exact same situation as Angus. If anyone could spare a bit of time
> > regarding application infrastructure I would really appreciate it.
> >
> > I know there are lots of databases out there and PostgreSQL is held in
> > high regard but the overwhelming majority of examples seem to use MySQL.
> > Considering that Oracle has bought Sun, do you think it is still wise to
> > use it for new applications? Oracle does not have much "street cred" in
> > open source circles, maybe they'll cause trouble later and MySQL was
> > already forking was it not? I'd like to use the same DB for a few years.
> >
> > I am attracted to building an application from scratch but I will never
> > get an object relational mapper to work without a framework. If I go the
> > scratch route, I'd better get my database done right(as was advised in
> > the previous thread!)and getting that right probably starts with
> > choosing the right DB.
>
> First, you don't need an ORM. I'll leave it at that.
>
> Second, if you're doing something which will be supported on internal
> servers, choose PostgreSQL. MySQL has deficiencies caused by its
> development by programmers. PostgreSQL was developed by DBAs. And
> frankly, the choice of storage engines in MySQL is crazy. Some are
> incapable of handling transactions, for example. You have to do research
> and figure out which one has the features you need. Another random
> example of MySQL deficiency is that it does not natively support boolean
> fields. And at least some of the engines don't support foreign keys,
> IIRC.
>
> MySQL has the popularity it does because 1) it has a *company* behind
> it, which PostgreSQL does not; 2) it is relatively easy to administer;
> 3) at one time it was faster than PostreSQL; 4) inertia/momentum.
>
> As for Oracle/Sun/MySQL, because MySQL is open source, there are already
> forks of it. If Sun decides to get pissy, a new version of MySQL can be
> cobbled together by the open source community in short order. No one
> knows what Oracle will do with MySQL, ultimately, but I wouldn't let it
> worry you too much.
>
> Your choice of DB won't really matter that much. Any database should do
> pretty much whatever you ask of it. You can't actually go wrong with any
> database. Your choice of database will mostly affect two things: 1) how
> much work you have to do that the database won't do for you, and 2)
> expense.
>
> Paul
>
> --
> Paul M. Foster
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] MySQL after oracle, still Wise?, was Web application design .......

[Eddie Drapkin]

Sadly, Mr. Saran wasted a lot of time writing a pluggable backend db layer,
as one is built into PHP now, PDO: http://us2.php.net/pdo

Sybase / MsSQL: http://www.php.net/manual/en/ref.pdo-dblib.php
Postgres: http://us2.php.net/manual/en/ref.pdo-pgsql.php
Oracle: http://us2.php.net/manual/en/ref.pdo-oci.php

The only difference in using them is the dsn you pass to the constructor,
which can even be dynamically generated if you see fit.  The actual usage
from driver-to-driver is the same; I've used it on postgres, mysql and
sqlite.  Based from the meeting notes of several 6.0 developer notes, it
might or might not be the only database extension not in PECL soon.

On Wed, Jun 3, 2009 at 8:51 AM, Bob McConnell  wrote:

> From: Sancar Saran
>
> > And if you so much thinking about future DB change. Just wrote
> compatible sql
> > and use multi drive layer (phpADO db).
> >
> > And you are problem free
>
> I have some questions about this suggestion. We currently have
> production systems using Postgres, Sybase ASA, Oracle and MS SQL Server.
> Only one product currently supports more than one, it can be installed
> with ASA or connect to an existing Oracle server. This unfortunate mix
> was brought about by several acquisitions over the past ten years. We
> also have a group talking about using MySQL for a portal project. One
> product did use MySQL prior to their switch to per server license fees,
> which made them far too expensive for the distributed system they were
> used in. So that project switched to Postgres.
>
> But what is the ADO layer going to look like in order to support any or
> all combinations of these back ends? How much of a kludge will it have
> to become?
>
> Is there any code out there that will support most of these, or do we
> have to write it all ourselves?
>
> Most of my SQL experience has been with Sybase ASA. I am playing with
> Postgres a little bit now, and the differences can be both subtle and
> glaring. But I don't know either one well enough to understand how to
> design an ADO interface, let alone how to bring in the other options.
>
> Thank you,
>
> Bob McConnell
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] Web friendly file names

[Eddie Drapkin]

Why not just urlencode() the filename? (and suggest people use a URL
shortening service and/or provide one)

On Wed, Jun 3, 2009 at 12:31 PM, Richard Heyes  wrote:

> Hi,
>
> > I have a file uploader module that allows users to upload documents and
> of
> > course people are using all kinds of file names that are not web
> friendly.
> >
> > I guess the best solution is to replace any non alphanumeric with maybe
> '_'
> > the underscore? How does that sound?
> >
> > Unfortunately, after 20+ years of coding I cannot get my brain around
> > regular expressions to any decent level of proficiency, I know sad.
> >
> > I'd like to hear other solutions for this problem, I am thinking of a
> regexp
> > that replaces special chars with the underscore; sounds pretty robust and
> > globally acceptable?
>
> I replace any non alpha chat with a hyphen, then replace two or more
> hyphens with one. Simple, but I would also include the date so that
> naming clashes are less likely (if it's applicable). So you might end
> up with something similar to this:
>
> /product/2009/06/03/24ct-gold-earrings
>
> Or if using the date is not applicable, you could get something like this:
>
> /product/24ct-gold-earrings
>
> --
> Richard Heyes
> HTML5 graphing: RGraph (www.rgraph.net - updated 23rd May)
> PHP mail: RMail (www.phpguru.org/rmail)
> PHP datagrid: RGrid (www.phpguru.org/rgrid)
> PHP Template: RTemplate (www.phpguru.org/rtemplate)
> PHP SMTP: http://www.phpguru.org/smtp
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] Web friendly file names

[Eddie Drapkin]

Well, erm, no.

I'd store the filename, etc. as-is in the database, and then link it with
urlencode() and you should be able to serve a file called "A non friendly
name!" site.com/A%20non%20friendly and a modern webserver should be fine
with that, and even most browsers will allow you to type site.com/A non
friendly... without the url escaped characters and it will url escape them
in the request.  The only issue is that the urlencoded special characters
are a lot uglier, which may or may not be a consideration for you.

On Wed, Jun 3, 2009 at 12:39 PM, Skip Evans  wrote:

> You mean like this? This would work as a good file name to be on the server
> and link to?
>
> $filename = urlencode($_FILES['myfile']['name']);
> move_uploaded_file($_FILES['myfile']['tmp_name'], $filename);
>
> Think that would do the trick?
>
> Skip
>
> Eddie Drapkin wrote:
>
>> Why not just urlencode() the filename? (and suggest people use a URL
>> shortening service and/or provide one)
>>
>> On Wed, Jun 3, 2009 at 12:31 PM, Richard Heyes > rich...@php.net>> wrote:
>>
>>Hi,
>>
>> > I have a file uploader module that allows users to upload
>>documents and of
>> > course people are using all kinds of file names that are not web
>>friendly.
>> >
>> > I guess the best solution is to replace any non alphanumeric with
>>maybe '_'
>> > the underscore? How does that sound?
>> >
>> > Unfortunately, after 20+ years of coding I cannot get my brain
>> around
>> > regular expressions to any decent level of proficiency, I know sad.
>> >
>> > I'd like to hear other solutions for this problem, I am thinking
>>of a regexp
>> > that replaces special chars with the underscore; sounds pretty
>>robust and
>> > globally acceptable?
>>
>>I replace any non alpha chat with a hyphen, then replace two or more
>>hyphens with one. Simple, but I would also include the date so that
>>naming clashes are less likely (if it's applicable). So you might end
>>up with something similar to this:
>>
>>/product/2009/06/03/24ct-gold-earrings
>>
>>Or if using the date is not applicable, you could get something like
>>this:
>>
>>/product/24ct-gold-earrings
>>
>>--
>>Richard Heyes
>>HTML5 graphing: RGraph (www.rgraph.net <http://www.rgraph.net> -
>>updated 23rd May)
>>PHP mail: RMail (www.phpguru.org/rmail <http://www.phpguru.org/rmail>)
>>PHP datagrid: RGrid (www.phpguru.org/rgrid
>><http://www.phpguru.org/rgrid>)
>>PHP Template: RTemplate (www.phpguru.org/rtemplate
>><http://www.phpguru.org/rtemplate>)
>>PHP SMTP: http://www.phpguru.org/smtp
>>
>>--
>>PHP General Mailing List (http://www.php.net/)
>>To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>>
> --
> 
> Skip Evans
> Big Sky Penguin, LLC
> 503 S Baldwin St, #1
> Madison WI 53703
> 608.250.2720
> http://bigskypenguin.com
> 
> Those of you who believe in
> telekinesis, raise my hand.
>  -- Kurt Vonnegut
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] Web friendly file names

[Eddie Drapkin]

As far as I know it will only bug out when the host filesystem would bug
out, ie UTF-16 characters tend to explode on my linux setup that I develop
on, and PHP's file handlign doesn't like them, but then again neither does
the filesystem.  Stuff like "Some silly name! YAY#" work fine, on the
other hand.

On Wed, Jun 3, 2009 at 1:00 PM, Skip Evans  wrote:

> Oh, of course that makes sense, and I suppose the PHP move_uploaded_file()
> function has no problem with weird and crappy file names?
>
> Skip
>
> Eddie Drapkin wrote:
>
>> Well, erm, no.
>>
>> I'd store the filename, etc. as-is in the database, and then link it with
>> urlencode() and you should be able to serve a file called "A non friendly
>> name!" site.com/A%20non%20friendly.. <http://site.com/A%20non%20friendly..>..
>> and a modern webserver should be fine with that, and even most browsers will
>> allow you to type site.com/A <http://site.com/A> non friendly... without
>> the url escaped characters and it will url escape them in the request.  The
>> only issue is that the urlencoded special characters are a lot uglier, which
>> may or may not be a consideration for you.
>>
>> On Wed, Jun 3, 2009 at 12:39 PM, Skip Evans > s...@bigskypenguin.com>> wrote:
>>
>>
> --
> 
> Skip Evans
> Big Sky Penguin, LLC
> 503 S Baldwin St, #1
> Madison WI 53703
> 608.250.2720
> http://bigskypenguin.com
> 
> Those of you who believe in
> telekinesis, raise my hand.
>  -- Kurt Vonnegut
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] Using File_exists?

[Eddie Drapkin]

just initially, and this might be a typo but

$FilePath =
"http://localhost:/HarrisAutomate/output/WebImagesHiRes/$ImageName";;

//$BackupPath =
"http://localhost:/HarrisAutomate/WebImagesHiRes/output/backup/";;

$FilePath has an /output/ that $BackupPath doesn't.

Also, make sure you don't have safe_mode or open_basedir restricting the
files php can see, although I'm reasonably sure the fact that it's an URL
should nullify that.  Also, make sure you have allow_url_fopen turned on.

On Wed, Jun 3, 2009 at 2:31 PM, Miller, Terion  wrote:

> I wrote this little script (part of a much much larger one I am working at)
> anyways, I am trying to get it to compare a file name from a db to an
> actual
> file in a folder and then tell me if it does or doesn't exist, the problem
> I
> have is that the files do exist, I echo them out, but it says file does not
> exist right after that it echos the file for me What do I have wrong?
>
> $FileName = $row['Image'];
>
>
>  $ImageName = $row['Image'];
>
>
>  $ImageName = str_replace("/", "", $ImageName);
>
>
> $FilePath =
> "http://localhost:/HarrisAutomate/output/WebImagesHiRes/$ImageName";;
>
> //$BackupPath =
> "http://localhost:/HarrisAutomate/WebImagesHiRes/output/backup/";;
>
>
>
>
> if (file_exists($FilePath))  {
>
> echo "The file $ImageName exists";
> }
> else {
>echo "The file $ImageName does not exist"  . '';
> }
>
>
>
>
>
> $FileName = str_replace("/", "", $FileName);
>
>  $FileName = str_replace(".jpg", "", $FileName);
>
>
>
>
>
>
> echo ($FileName) . '';
>
> echo '' . '';
>
>
> Thanks guys!
> Terion
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] Best Encryption Algorithm

[Eddie Drapkin]

Another camper on the AES / Rijndael bandwagon.  I don't think there's even
been a theoretical attack point for anything >128 bit, but I could be wrong.

And re: sha1, sha1 isn't an encryption algorithm...

On Wed, Jun 3, 2009 at 9:28 AM, Bruno Fajardo  wrote:

> Hi there!
>
> Try out AES.
> http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
>
> Bruno.
>
> 2009/6/3 Hemant Patel 
> >
> > Hello Everyone,
> >  Hope you all are doing great.
> >  Now we are creating a application which has high
> level
> > of security so its obvious that we will require a algorithm for
> > encryption/decrytpion.So Can anybody suggest me the best algorithm for
> > encryption(irrespective of any languageJust a Algorithm).
> >
> >
> > With Regards,
> > Hemant Patel
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] Query Regarding a Player

[Eddie Drapkin]

But it's client side software and you can't rely on it existing for general
use.

On Wed, Jun 3, 2009 at 2:52 PM, Ashley Sheridan 
wrote:

> On Wed, 2009-06-03 at 09:18 -0500, haliphax wrote:
> > On Wed, Jun 3, 2009 at 8:14 AM, Hemant Patel 
> wrote:
> > > Hi All,
> > >I hope you all are doing great.We are developing a
> application
> > > on our end and we got a problem with a Audio/Vedio player.As flash
> player is
> > > working  well with client side but it has limitation of file formats
> like it
> > > can run .flv file format only.If we go for media player then it  won't
> run
> > > on Linux Server.
> > >
> > >Now i want to develop a player which can run any file format
> at
> > > client side.Can anybody suggest any algorithm or protocol to build a
> Player?
> >
> > As many have already done, you might consider just transcoding the
> > "bad" formats into FLV and stick with your current Flash player setup.
> > There are many ffmpeg tutorials out there that should help you out
> > [1].
> >
> > 1.
> http://vexxhost.com/blog/2007/05/20/how-to-convertencode-files-to-flv-using-ffmpeg-php/
> >
> > --
> > // Todd
> >
> Or use HTML code for the VLC player, which will play pretty much
> anything and is cross-platform and cross-os. It's not as fully
> customisable as Flash, but it has some nice options that you can play
> about with with Javascript.
>
>
> Ash
> www.ashleysheridan.co.uk
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] PHP Graphing Libraries...?

[Eddie Drapkin]

I've had a lot of success with flot, but that's a jQuery plugin, so it may
not be exactly what you need.  If you're just making graphs for client side
viewing, it ought to be sufficient, though.

On Fri, Jun 5, 2009 at 8:33 AM, li...@mgreg.com  wrote:

>
> On Jun 5, 2009, at 5:26 AM, Richard Heyes wrote:
>
>  ...
>>>
>>
>> I would have to suggest RGraph... ( http://www.rgraph.net ) :-) It's
>> uses canvas though, so browser support is limited at the moment though
>> to Firefox 3.5, Safari 4 and Chrome  2.
>>
>
>
> I've looked at the docs and I don't see how exactly it handles "x,y"
> plotting.  I need the ability to plot multiple lines (which it obviously
> does) with wildly varying "x,y" values.   It seems that all of these
> libraries "cheat" and force common "x" values via the labels.  I need
> something like the following (all in the same chart):
>
>$line_one_data = [x,y,x,y,x,y,x,y,x,y,x,y,x,y,x,y,x,y,x,y,x,y,x,y]
>$line_two_data = [x,y,x,y,x,y,x,y]
>$line_three_data = [x,y,x,y,x,y,x,y,x,y,x,y,x,y]
>
>$graph->plot($line_one_data,$line_two_data,$line_three_data)
>
> As I said, each "line" has its own set of "x,y", and although they're all
> obviously numbers, they don't all have "y" results at the same "x intervals"
> so I need to be able to control them independently.  Surely there's
> something that can accommodate this...?
>
>
> Best,
> Michael

Re: [PHP] php applications

[Eddie Drapkin]

Depends on how you look at it, I'd take the perspective that that's a
non-normal approach to the language and demonstrates a fuller understanding
of the language.  Same as if you put (and I do) "wrote an asynchronous
socket server in PHP."  Despite the position PHP developers are usually
applying for being limited to web development, I take the approach that
non-standard usage of the language not only demonstrates a more mature
understanding of the language, but also the ability to handle more complex
(because who are we kidding, GUI programming is much more complex than web
development) programming concepts and the ability to solve non-standard
problems which aren't easily able to be googled.

On Tue, Jun 9, 2009 at 7:59 PM, Kyle Terry  wrote:

> On Mon, Jun 8, 2009 at 9:33 AM, Robert Cummings  >wrote:
>
> > Kyle Terry wrote:
> >
> >> On Mon, Jun 8, 2009 at 8:48 AM, tedd  wrote:
> >>
> >>  Hi gang:
> >>>
> >>> I've heard that php can be used for more than web programming, but I am
> >>> not
> >>> aware of specifically how that can be done. So, let me ask directly --
> >>> can
> >>> php be used to create a Mac Application?
> >>>
> >>> If so, how?
> >>>
> >>> Cheers,
> >>>
> >>> tedd
> >>>
> >>>
> >>> --
> >>> ---
> >>> http://sperling.com  http://ancientstones.com  http://earthstones.com
> >>>
> >>> --
> >>> PHP General Mailing List (http://www.php.net/)
> >>> To unsubscribe, visit: http://www.php.net/unsub.php
> >>>
> >>>
> >>>  I don't mean to be the thread spirit killer, but I think another
> >> language
> >> would be better for this. Such as Python.
> >>
> >> PHP desktop apps might be fun to hack around with, but I wouldn't use it
> >> for
> >> a production application.
> >>
> >
> > Why not? The technology won't mature if nobody uses it. And since there's
> a
> > want, there's no reason why it can't.
> >
>
> Not too sure how good "Programmed desktop applications in PHP" would look
> on
> a resume. ;)
>
>
> >
> > Cheers,
> > Rob.
> >
>

Re: [PHP] php applications

[Eddie Drapkin]

While the technology is pretty immature at the moment, due to its under-use
no doubt, saying that PHP is never the tool for a desktop application is
pretty inane.  While the primary developmental lifecycle is geared towards
web development (who's arguing that?), there's nothing really pervasive
preventing people from using it for desktop apps.  Given the recent focus
towards closing memory leaks internally and the control of the (new, iirc)
garbage collector, I wouldn't say it's a bad idea, resource speaking, to
write in PHP (certainly no worse than Java).  There's sound support, GTK
support, CUPS support, Windows COM / printing support, so the support for
the APIs is certainly there (and where it's not, there's ways around it,
like with the java extension).

Just because you have a hammer that's only been used for nailing particle
board doesn't mean it's not suited for hammering into plywood!   The only
issue I see with PHP is the relative difficulty of making "stand-alone"
applications that are bundled with a statically compiled PHP executable, but
that shouldn't be too hard to overcome, with a little bit of time and
creativity.

On Tue, Jun 9, 2009 at 9:28 PM, Michael  wrote:

> Robert Cummings wrote:
>
>>
>>
>> Michael wrote:
>>
>>> Paul M Foster wrote:
>>>
 On Mon, Jun 08, 2009 at 09:30:18AM -0700, Kyle Terry wrote:

 

  I don't mean to be the thread spirit killer, but I think another
> language
> would be better for this. Such as Python.
>
> PHP desktop apps might be fun to hack around with, but I wouldn't use
> it for
> a production application.
>

 I've coded a bit in Python, and parts of it really annoy me. I much
 prefer PHP, as it's more C-ish.

 Why wouldn't you use PHP for production applications?

 Paul


>>>
>>> Why wouldnt you? Besides the design of PHP generally being completely
>>> against it?  PHP is not designed to be run continuously in infinite-loop
>>> (while true) scenarios...
>>>
>>
>> Citation?
>>
> see the history of php development and use
>
>
>>  it's threading support is poor and it's memory
>>>
>>
>> What does threading support have to do with running something in an
>> infinite loop? What if I don't need threads?
>>
>>  handing and library are geared almost exclusively towards
>>> web-programming.
>>>
>>
>> I dunno, I've written amultitude of shell/cron scripts in PHP that
>> leverage the codebase already written for the web application.
>>
> i wasnt arguing against cron-scripts, these are 'run-once' sort of things
> which php handles well. they dont run for minutes let alone hours.
>
>
>>  If you want to compile it, or use it in a .NET/Java context... fine (see
>>> phc, etc.). The language itself can handle it, but the standard
>>> implementation *shouldnt*.
>>>
>>
>> Why?
>>
> for the reasons detailed in this post. using web-oriented php as a desktop
> programming language is a magnitude of dumb perhaps only eclipsed by the
> smarty programming language
>
>>
>>  In anycase other languages have much better support of desktop and
>>> network programming, entire libraries and communities have been developed
>>> around it. Preferably use Python/Java/etc. though C has its place.
>>>
>>
>> As I've said before, ones place in the sun can't be identified if one
>> never tries sitting in the sun. It's hard to grasp the proverbial brass ring
>> if you never extend your reach.
>>
> There are good reasons why php isnt "in the sun" (ie. used for desktop
> programming), as i've listed. If you'd care to learn a few other languages
> the reasons would be immediately obvious, python can be learnt in a few days
> - try it.
>
>>
>> Cheers,
>> Rob.
>>
>
> The standard PHP execution model is geared almost exclusively towards
> web-used (though crons etc. are reasonable)... that is, to sit in/with a
> server and handle requests... to operate over, at maximum, "insane"
> lifespans of 30 seconds.
>
> There are languages designed to be used for desktop programming, and for
> various tasks in general. The smart thing would be to use them. PHP may be a
> hammer, but every problem is not a nail.
>
> Use the tools designed for the job.
>
> Michael
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] PHP as Server Side for a Web Database Application.

[Eddie Drapkin]

Dan, I do appreciate when you share your pillow talk with the list at large.

Cheers,
Eddie

On Wed, Jun 10, 2009 at 9:06 AM, Robert Cummings wrote:

> Daniel Brown wrote:
>
>> On Wed, Jun 10, 2009 at 01:41, R. S. Patil wrote:
>>
>>> Hi,
>>>
>>> We are in phase of evaluating PHP as Serverside technology for our first
>>> web
>>> application.
>>> We have finalized Flex for user interface and Birt as reporting engine.
>>> Now
>>> the data services
>>> are to be evaluated. Flex forums recommended us using PHP for this.
>>> We would like to implement SOA for database
>>> access/Inserts/Updates/Queries
>>> for report engine BIRT.
>>> For SOA implementation we are considering XML-RPC and WSO2-WSF since we
>>> dont
>>> have any past
>>> experience on web development we are not position to make any decisions
>>> about PHP serverside
>>> technologies can somebody guide use which one we should select (May be
>>> different than these two).
>>> We will be using flex forms to insert and update data through web
>>> services
>>> (mainly CRUD operations)
>>> and PHP "Query" data services will be acting as Data Source to Birt for
>>> reporting. Please suggest us
>>> technolgy which is secure and prooven. The problem of integrating Birt in
>>> to
>>> PHP has been solved
>>> and successfully tested also.
>>>
>>> Thanks and Best Regards
>>>
>>
>>Wow, thanks for letting us know all of the backstory there!
>> Robert Cummings and I just had a long, deep talk the other night, and
>> the question arose: when will Raja start asking us about PHP instead
>> of checking Google for his answers?  Well, you've put that question to
>> bed, sir, and thank you.
>>
>
> Dan, I'd appreciate it if you wouldn't share our pillow talk with the list
> at large.
>
> Cheers,
> Rob.
> --
> http://www.interjinn.com
> Application and Templating Framework for PHP
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] PHP as Server Side for a Web Database Application.

[Eddie Drapkin]

The question then becomes whether he was one of the boring catchers and just
sort of "sat there" or was "actively discussing" with you.

On Wed, Jun 10, 2009 at 9:11 AM, Robert Cummings wrote:

> Eddie Drapkin wrote:
>
>> Dan, I do appreciate when you share your pillow talk with the list at
>> large.
>>
>
> Just so everyone knows... Dan was catcher when we were having that long
> "deep" talk.
>
>
> Cheers,
> Rob.
> --
> http://www.interjinn.com
> Application and Templating Framework for PHP
>

Re: [PHP] Preventing XSS Attacks

[Eddie Drapkin]

The problem with using a database escaping string for output escaping is
that something like (despite being the world's lamest XSS)

location.href('google.com')

Would output mostly the same and with some cleverness, it wouldn't be too
hard to get that to function properly with a full fledged XSS attack.  I'd
personally use one of the FILTER_* constants in conjunction with the filter
functions themselves, say filter_var and FILTER_SANITIZE_SPECIAL_CHARS.


On Wed, Jun 10, 2009 at 12:44 PM, Ashley Sheridan
wrote:

> On Wed, 2009-06-10 at 18:28 +0200, Nitsan Bin-Nun wrote:
> > mysql_real_escape_string() only sanitise the input. I would personally
> > only allow [a-zA-Z0-9-_] in search string but that's just me ;)
> > Validate the input in some way, or make extra sanitisation of it
> > before running the search query.
> >
> > Regarding the HTML output, just entities() it and you'll be good :)
> >
> > On Wed, Jun 10, 2009 at 6:32 PM, Ashley Sheridan
> >  wrote:
> >
> > On Wed, 2009-06-10 at 18:18 +0200, Nitsan Bin-Nun wrote:
> > > As far for the output, just html entities () it and you will
> > be good.
> > >
> > > You better check the search query for sql injection, which
> > is more
> > > dangerous.
> > >
> > > HTH
> > > Nitsan
> > >
> > > On Wed, Jun 10, 2009 at 6:19 PM, Ashley Sheridan
> > >  wrote:
> > > Hi all,
> > >
> > > I'm looking at adding a new search feature to my
> > site, and one
> > > of the
> > > elements of this is to echo back in the search
> > results page,
> > > the
> > > original string the user searched for. Up until now,
> > XSS
> > > hasn't (afaik)
> > > been an issue for my site, but I can see from a mile
> > off this
> > > will be.
> > > What would you guys recommend to avoid this?
> > >
> > > I'd thought initially of using a mixture of
> > > html_special_chars() and a
> > > regex (as yet not sure what I'll be stripping out
> > with this)
> > > to sanitise
> > > the output for display on the results page, but is
> > this
> > > enough?
> > >
> > > Thanks
> > > Ash
> > > www.ashleysheridan.co.uk
> > >
> > >
> >
> > I always use mysql_real_escape_string() for that sort of
> > thing, not had
> > a problem with it, but is there anything you think I should be
> > wary of?
> >
> >
> > Thanks
> > Ash
> > www.ashleysheridan.co.uk
> >
> >
> >
> >
> [just bringing it back on list]
>
> Well, I don't understand, what is the problem with
> mysql_real_escape_string() for sanitising input to use for a search? It
> should escape anything out so that the query can't be used in ways that
> I don't want no?
>
> I'd thought about using a whitelist-only regex, but that seems a little
> limiting tbh, and as my site contains code, it's not unreasonable to
> expect some people might want to search for particular code excerpts.
>
>
> Thanks
> Ash
> www.ashleysheridan.co.uk
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

[PHP] Form handling

[Eddie Drapkin]

I've been charged with writing a class that handles forms, once they've been
POSTed to.  The idea of the class is to handle the most common use-cases of
POST forms, and any special functionality can be handled with a child class
at a later date, but for our uses, we're going to have mostly pretty typical
POST forms.  Follows is the list of cases I've determined that are the most
common, can anyone think of any that are omitted or that are never going to
be used?

class form_handler {
public /* bool */ function setRequiredFields(array $fields); //takes a
simple array that corresponds to a $_POST key, verifying that there is data
on required fields but not for optional fields, returns true or false on
error
public /* bool */ function setRequiredFieldTypes(array $fieldTypes);
//array of field names => type a la ('username' => array(regex,
'/a-zA-Z0-9\-_/'))
//or 'phone_number' => (array('int', 'min_len' => 7,
'max_len' => 10)) etc, the exact spec is obviously nowhere near done but
will probably just wrap a lot of filter_ functions, returns true or false on
error
public /* string */ function validateAndCaptureError(); //returns error
or empty string
public /* void */ function validateAndForwardTo($page); //forwards to
page on error, or not
}

each of the globule setters will have a corresponding appendRequired...
method, so as not to require handling enormous data structures for
conditional form building.
♦
As you can see, the class looks pretty barren, but I can't think of any more
functionality than would be required, although I am kickign the idea around
of having very specific validation type methods ie.
form_handler::requireInt($field, array $options) or
form_handler::requireRegex($field, $regex), etc.

Thoughts?

Thanks in advance,
--Eddie

Re: [PHP] Preventing XSS Attacks

[Eddie Drapkin]

On Wed, Jun 10, 2009 at 2:08 PM, Ashley Sheridan
wrote:

> On Wed, 2009-06-10 at 19:03 +0100, Ashley Sheridan wrote:
> > On Wed, 2009-06-10 at 23:17 +0530, Sudheer Satyanarayana wrote:
> > > Ashley Sheridan wrote:
> > > > On Wed, 2009-06-10 at 23:05 +0530, Sudheer Satyanarayana wrote:
> > > >
> > > >>> I've been doing a bit of reading, and I can't really understand why
> XSS
> > > >>> is such an issue. Sure, if a user can insert a 

Re: [PHP] detect cli sapi

[Eddie Drapkin]

if(PHP_SAPI == 'cli') { }

or

if(php_sapi_name() == 'cli') { }

On Wed, Jun 10, 2009 at 3:42 PM, Tom Worster  wrote:

> what's a reliable way to detect that the sapi is cli, including in a
> included scripts?
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] Why [?php while (true) { sleep(5); } ?] dies on CLI?

[Eddie Drapkin]

try set_time_limit(0) ?

On Thu, Jun 11, 2009 at 8:05 AM, Ford, Mike  wrote:

> On 11 June 2009 12:00, Ashley Sheridan advised:
>
> > On Thu, 2009-06-11 at 10:47 +, Jean-Pierre Arneodo wrote:
> >> Hi!
> >> I'm stuck.
> >> I don't understand why the php CLI dies after 3 hours in my script.
> Any
> >> idea to solve? Thanks
> >>
> >>
> >> PHP 5.2.9-0.dotdeb.2 with Suhosin-Patch 0.9.7 (cli) (built: Apr  7
> 2009
> >> 20:06:36) Linux ubuntu  2.6.24-19-server #1 SMP Wed Jun 18 14:44:47
> UTC
> >> 2008 x86_64 GNU/Linux
> >>
> >> Conf [php.ini]
> >> max_execution_time=0
> >>
> >>  >> while (true) {
> >> sleep(5);
> >> }
> >>>
> >>
> >>
> >>
> > The while loop will continue executing until its condition is false.
> As
> > you've got a boolean true as the condition, it will never end.
>
> I think he realises that. His question is why "never" equates to 3 hours
> in his environment.
>
> Cheers!
>
> Mike
>
>  --
> Mike Ford,  Electronic Information Developer,
> C507, Leeds Metropolitan University, Civic Quarter Campus,
> Woodhouse Lane, LEEDS,  LS1 3HE,  United Kingdom
> Email: m.f...@leedsmet.ac.uk
> Tel: +44 113 812 4730
>
>
> To view the terms under which this email is distributed, please go to
> http://disclaimer.leedsmet.ac.uk/email.htm
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] order by what?

[Eddie Drapkin]

On Thu, Jun 11, 2009 at 11:35 AM, PJ  wrote:

> Robin Vickery wrote:
> >
> >
> > 2009/6/11 PJ mailto:af.gour...@videotron.ca>>
> >
> > How can order by be forced to order alphabetically and ignore accents
> > without stripping the accents for printout? This is a problem for
> both
> > caps & normal letters.
> >
> >
> > Depends on the database.
> >
> > If you're using mysql, the order is governed by the collation used. To
> > get the order you want, you need a case-insensitive and
> > accent-insensitive collation. Exactly which one you use will depend on
> > the character set that you're using, but if you're character set is
> > utf8, then the utf8_general_ci collation should work:
> >
> > SELECT fieldname FROM tablename ORDER BY fieldname COLLATE
> > utf8_general_ci;
> >
> > -robin
> Obviously there is another solution, albeit rather silly: re-enter all
> the fields in alphabetical order with corresponding id fields in
> numerical order... great, if you're not going to change the list and if
> it's quite short... not too clever, though is it?
>
> --
> Hervé Kempf: "Pour sauver la plančte, sortez du capitalisme."
> -
> Phil Jourdan --- p...@ptahhotep.com
>   http://www.ptahhotep.com
>   http://www.chiccantine.com/andypantry.php
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
PFT just run a cron job to re--order the table every two minutes.
Easily the best solution.

Re: [PHP] truncate a mb-string to a given octet length?

[Eddie Drapkin]

Correct me if I'm wrong, but should varchar 255 with a utf8 character set
mean 255 unicode characters, not octets?

On Fri, Jun 12, 2009 at 11:50 AM, Tom Worster  wrote:

> say a table in the db has a varchar(255) column, 255 being the max number
> of
> octets of strings that can go in the column. now say the php script very
> occasionally has to deal with utf8 input strings with octet length > 255 --
> it needs to select rows matching the input string or insert the input
> string.
>
> so what i think i need is a function to truncate a utf8 string to the
> longest valid utf8 string that has octet length <= 255.
>
> is this what mb_strcut() is for? i'm having a hard time understanding the
> man page for that function.
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] phpMyAdmin, localhost, mysql overhead

[Eddie Drapkin]

The better question is why are you using MyISAM tables?  Unless there's a
legitimate reason to prefer MyISAM over InnoDB, you should be using InnoDB.

On Fri, Jun 12, 2009 at 2:01 PM, Nitsan Bin-Nun  wrote:

> There is no way to avoid it since whenever you delete a row in a myisam
> table you create a space in the order of the rows, this space is expressed
> by a little bit of extra file size of the database.
> This extra file size is called in phpmyadmin as "overhead", you can kill
> this over head either by running some INSERT queries which will fill the
> space with the inserted rows or running an OPTIMISE query.
>
> In general, I don't think that there is anything that you should do or take
> care of, it is not rocket science and your tables will be good with or
> without the overhead ;)
>
> Nitsan
>
> On Fri, Jun 12, 2009 at 7:41 PM, Jônatas Zechim  >wrote:
>
> > I have other tables running but only this give me ‘overhead’.
> >
> >
> >
> > I’d know why this table does this and if is bad for my MySQL Server?
> >
> > Is there anyway to avoid it?
> >
> >
> >
> > Zechim
> >
> >
> >
> > De: nit...@binnun.co.il [mailto:nit...@binnun.co.il] Em nome de Nitsan
> > Bin-Nun
> > Enviada em: sexta-feira, 12 de junho de 2009 14:33
> > Para: Jônatas Zechim
> > Cc: php-general@lists.php.net
> > Assunto: Re: [PHP] phpMyAdmin, localhost, mysql overhead
> >
> >
> >
> > I haven't read all your mail, I'm sorry for it in advance, but I think
> that
> > you should know that "overheard" is just a blasting phrase for something
> > which was made up by phpmyadmin.
> >
> > Basically, when you run a lot of DELETE or UPDATE queries on a table an
> > "overhead" is created, generally speaking this "overhead" is a space
> > between
> > rows in the database file, which will cause mysql engine to insert rows
> > into
> > this space on future INSERT queries.
> >
> > You can imagine your table as a hard drive, every couple of months (some
> > may
> > say weeks) you have to run a de-fragment on it, you can do the same with
> > your database table, look up the query OPTIMIZE TABLE which will do the
> > de-frag for you :)
> >
> > If you have any further questions feel free to bring them up.
> >
> > Regards,
> > Nitsan
> >
> > On Fri, Jun 12, 2009 at 7:02 PM, Jônatas Zechim 
> > wrote:
> >
> > Hi there, i have this table running on my localhost:
> >
> > CREATE TABLE `caffecheckout_compra_itens` (
> >  `compra_key` varchar(23) NOT NULL,
> >  `item_id` int(5) NOT NULL,
> >  `item_valor` decimal(10,2) NOT NULL,
> >  `item_peso` decimal(5,3) NOT NULL,
> >  `item_qtd` int(3) NOT NULL,
> >  `item_data` int(10) NOT NULL,
> >  `item_obs` varchar(100) NOT NULL,
> >  PRIMARY KEY  (`item_id`),
> >  KEY `compra_key` (`compra_key`)
> > ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
> >
> >
> > It's on my Server, but when I add a row and after remove that I'd
> overhead
> > this table (58bytes/row), anyone know why is this happening?
> >
> > I run this SQL:
> >
> > INSERT INTO
> >   caffecheckout_compra_itens
> >   (compra_key,item_id,item_valor,item_peso,item_qtd,item_data)
> > VALUES
> >   ('12448259804a32897ce1116','2','19.90','0.250',1,'1244825980')
> > ON DUPLICATE KEY UPDATE
> >   item_qtd=item_qtd+1
> >
> > And after:
> >
> > DELETE FROM
> >   caffecheckout_compra_itens
> > WHERE
> >   compra_key='12448259804a32897ce1116'
> >
> >
> > Zechim
> >
> >
> > -Mensagem original-
> > De: Andrew Ballard [mailto:aball...@gmail.com]
> > Enviada em: sexta-feira, 12 de junho de 2009 09:38
> > Para: revDAVE
> > Cc: php-general@lists.php.net
> > Assunto: Re: [PHP] Field type for american money
> >
> > On Thu, Jun 11, 2009 at 4:08 PM, revDAVE wrote:
> > > Php - MySQL - newbie question
> > >
> > > - Field type for american money - int(11) seems to work fine
> > >
> > > - but also I tried decimal(10,2)
> > >
> > > Is one a better choice than another for american money usage?
> > >
> > >
> > > --
> > > Thanks - RevDave
> > > Cool @ hosting4days . com
> > > [db-lists 09]
> >
> > It depends on what you need to store, honestly. If all your dollar
> > amounts are integers, int would work fine. If you need decimals,
> > decimal(10, 2) would be fine for a lot of applications. However, a lot
> > of financial applications need a little more precision. SQL Server has
> > a money datatype that looks like it's about equivalent to decimal(19,
> > 4) and a smallmoney type that looks like it's equivalent to
> > decimal(10, 4). That handles things like gas prices that always have
> > that extra 9/10 of a penny tacked onto them, or items that are 3 for a
> > dollar. If you enter a price of 0.33 in a decimal(10, 2) field,
> > multiplying that by 3 will result in 0.99, whereas three items priced
> > at 0. will come to 0., which when formatted to two digits will
> > round to 1.00.
> >
> > Andrew
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> > --
> > PHP General Mailing Li

Re: [PHP] phpMyAdmin, localhost, mysql overhead

[Eddie Drapkin]

Some important differences:

InnoDB:
-row level locking
-transactional support
-foreign key support

MyISAM:
-table-level locking
-no transactions
-no foreign keys

If that doesn't sell you, definitely head to google :)

On Fri, Jun 12, 2009 at 2:12 PM, Jônatas Zechim wrote:

>  I really don’t know the differences betwen MyISAM and InnoDB yet but I’ll
> google for it right now.
>
>
>
> Thank u.
>
>
>
> *Zechim*
>
>
>
> *De:* Eddie Drapkin [mailto:oorza...@gmail.com]
> *Enviada em:* sexta-feira, 12 de junho de 2009 15:05
> *Para:* Nitsan Bin-Nun
> *Cc:* Jônatas Zechim; php-general@lists.php.net
>
> *Assunto:* Re: [PHP] phpMyAdmin, localhost, mysql overhead
>
>
>
> The better question is why are you using MyISAM tables?  Unless there's a
> legitimate reason to prefer MyISAM over InnoDB, you should be using InnoDB.
>
> On Fri, Jun 12, 2009 at 2:01 PM, Nitsan Bin-Nun 
> wrote:
>
> There is no way to avoid it since whenever you delete a row in a myisam
> table you create a space in the order of the rows, this space is expressed
> by a little bit of extra file size of the database.
> This extra file size is called in phpmyadmin as "overhead", you can kill
> this over head either by running some INSERT queries which will fill the
> space with the inserted rows or running an OPTIMISE query.
>
> In general, I don't think that there is anything that you should do or take
> care of, it is not rocket science and your tables will be good with or
> without the overhead ;)
>
> Nitsan
>
> On Fri, Jun 12, 2009 at 7:41 PM, Jônatas Zechim  >wrote:
>
>
> > I have other tables running but only this give me ‘overhead’.
> >
> >
> >
> > I’d know why this table does this and if is bad for my MySQL Server?
> >
> > Is there anyway to avoid it?
> >
> >
> >
> > Zechim
> >
> >
> >
> > De: nit...@binnun.co.il [mailto:nit...@binnun.co.il] Em nome de Nitsan
> > Bin-Nun
> > Enviada em: sexta-feira, 12 de junho de 2009 14:33
> > Para: Jônatas Zechim
> > Cc: php-general@lists.php.net
> > Assunto: Re: [PHP] phpMyAdmin, localhost, mysql overhead
> >
> >
> >
> > I haven't read all your mail, I'm sorry for it in advance, but I think
> that
> > you should know that "overheard" is just a blasting phrase for something
> > which was made up by phpmyadmin.
> >
> > Basically, when you run a lot of DELETE or UPDATE queries on a table an
> > "overhead" is created, generally speaking this "overhead" is a space
> > between
> > rows in the database file, which will cause mysql engine to insert rows
> > into
> > this space on future INSERT queries.
> >
> > You can imagine your table as a hard drive, every couple of months (some
> > may
> > say weeks) you have to run a de-fragment on it, you can do the same with
> > your database table, look up the query OPTIMIZE TABLE which will do the
> > de-frag for you :)
> >
> > If you have any further questions feel free to bring them up.
> >
> > Regards,
> > Nitsan
> >
> > On Fri, Jun 12, 2009 at 7:02 PM, Jônatas Zechim 
> > wrote:
> >
> > Hi there, i have this table running on my localhost:
> >
> > CREATE TABLE `caffecheckout_compra_itens` (
> >  `compra_key` varchar(23) NOT NULL,
> >  `item_id` int(5) NOT NULL,
> >  `item_valor` decimal(10,2) NOT NULL,
> >  `item_peso` decimal(5,3) NOT NULL,
> >  `item_qtd` int(3) NOT NULL,
> >  `item_data` int(10) NOT NULL,
> >  `item_obs` varchar(100) NOT NULL,
> >  PRIMARY KEY  (`item_id`),
> >  KEY `compra_key` (`compra_key`)
> > ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
> >
> >
> > It's on my Server, but when I add a row and after remove that I'd
> overhead
> > this table (58bytes/row), anyone know why is this happening?
> >
> > I run this SQL:
> >
> > INSERT INTO
> >   caffecheckout_compra_itens
> >   (compra_key,item_id,item_valor,item_peso,item_qtd,item_data)
> > VALUES
> >   ('12448259804a32897ce1116','2','19.90','0.250',1,'1244825980')
> > ON DUPLICATE KEY UPDATE
> >   item_qtd=item_qtd+1
> >
> > And after:
> >
> > DELETE FROM
> >   caffecheckout_compra_itens
> > WHERE
> >   compra_key='12448259804a32897ce1116'
> >
> >
> > Zechim
> >
> >
> > -Mensagem original-
> > De: Andrew Ballard [mailto:aball...@gmail.com]
> > Enviada em: sexta-feira, 

[PHP] Uniquely identifying an array... as a key to another array

[Eddie Drapkin]

Alright, here's the situation.  I'm wrapping memcached, which takes a list
of several servers, into a quasi-singleton.  In other words, I want only one
instance per set of servers, not per server.

Assuming I had three memcached servers at localhost, 192.168.1.1 and
192.168.1.2, I wouldn't want one instance per server, but given that there
are seven possible permutations of combinations / only one server
configuration, MemcacheConnector::$instances could be an array with seven
objects.  I'm expecting MemcacheConnector::getInstance($array) to take an
array formatted like 'server' => 'port'.

Thusly, the question then becomes, what's the lightest possible way to store
a unique-ish array as the key for MemcacheConnector::$instances?  Having
MemcacheConnector::getInstance() check for
self::$instances[serialize($serverArray)] seems a huge waste of both ram and
CPU time.  Is there a better way?


Thanks,
Eddie

Re: [PHP] how to extract fields from associative array into different variables

[Eddie Drapkin]

You could use list() a la
list($foo, $bar) = mysql_fetch_row();

On Mon, Jun 15, 2009 at 4:19 PM, PJ  wrote:

> Jay Blanchard wrote:
> > [snip]
> > Is there an easier or simpler way to do this?
> > [/snip]
> >
> > http://us2.php.net/manual/en/function.mysql-fetch-row.php
> >
> In what way would this simplify or ease my pain?
> The difficulty, it seems to me, is not in retrieving the rows, but
> rather how to pass the row data to the variables. And since the number
> of rows is variable, I believe that the only way to assign the variables
> is by use of a loop? I think I'm beating my head against the wall for
> nothing... :-(
> I know I'm a newbie (a very lazy and ignorant one, apparently) but I
> don't quite understand. Or is there a gain in execution time or resource
> usage?
>
>
> --
> Hervé Kempf: "Pour sauver la planète, sortez du capitalisme."
> -
> Phil Jourdan --- p...@ptahhotep.com
>   http://www.ptahhotep.com
>http://www.chiccantine.com/andypantry.php
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] how to extract fields from associative array into different variables

[Eddie Drapkin]

I'm going to assume that your table is setup to have the rows BookID and
AuthorName, adjust accordinging:

function makeInsertQuery(array $authors, $bookId) {

$sql = "INSERT INTO book_authors (BookID, AuthorName) VALUES ('$bookId', '";

foreach($authors as &$author) {
$author = mysql_real_escape_string($author);
}

if(!ctype_digit($bookId)) {
   return false;
}

$sql .= implode("', '$bookid'), ('", $authors); // Eric Foo', '123'), ('John
Bar', '123'), ('Ricky Bam', '123'), (';

$sql = substr($sql, 0, -4);

return $sql;
}

On Tue, Jun 16, 2009 at 8:50 AM, PJ  wrote:

> Ashley Sheridan wrote:
> > On Mon, 2009-06-15 at 17:38 -0400, PJ wrote:
> >
> >> Jay Blanchard wrote:
> >>
> >>> [snip]
> >>> In what way would this simplify or ease my pain?
> >>> The difficulty, it seems to me, is not in retrieving the rows, but
> >>> rather how to pass the row data to the variables. And since the number
> >>> of rows is variable, I believe that the only way to assign the
> variables
> >>> is by use of a loop? I think I'm beating my head against the wall for
> >>> nothing... :-(
> >>> [/snip]
> >>>
> >>> You asked for easier. In this way the data is assigned to a usable
> >>> variable right out of the gate and that is an array variable. You can
> >>> actually use it with either mysql_fetch_array or mysql_fetch_row.
> >>>
> >>> Here is your query;
> >>>
> >>> $sql = "SELECT first_name, last_name, book_author.ordinal
> >>>   FROM author, book_author
> >>>   WHERE book_author.bookID = $idIN && book_author.authID =
> author.id
> >>> ORDER BY ordinal";
> >>>
> >>> You need not declare another array, but do it this way instead;
> >>>
> >>>if ($results = mysql_query($sql, $db)) {
> >>> while ( $row = mysql_fetch_array($results, MYSQL_ASSOC) ) {
> >>> echo $row['first_name'];
> >>> echo $row['last_name'];
> >>>
> >>>
> >> Then I have to add some loopy thing to assign the values to the
> >> $variables... a real pita since my variable do not lend themselves too
> >> well to linear alterations ($varIn, $var2IN, $var3IN... etc... so $i=0
> >> and $i++ arren't going to be too cooperative here... I guess I'd have to
> >> change that to $var1IN... and then figure out how to do $var.$i.IN ... I
> >> already tried, but don't seem to have it right
> >>
> >>> etcetera.
> >>> }
> >>> }
> >>>
> >>> The lazy part I will agree with :)
> >>>
> >>>
> >> Well, I shouldn't say it, but laziness is a characteristic of
> >> "intelligence": why do more than you have to when you can be doing
> >> something else. Actually, I am anything but lazy, I spend innumerable
> >> hours trying to understand what all this coding is about... searching
> >> the web and rummaging (and I do mean "rummaging") in all the lists and
> >> posts ... but just going through 20 or 30 listings out of more than
> >> 20,000 is already taxing... much easier to ask on the list... if someone
> >> can understand my fuzzy questions, they may find the grace and
> >> generosity to take pity on the ignoramus... ;-)
> >> And I enjoy the ribbing and the humour ... it's a really very nice list!
> >>
> >>
> >> --
> >> Hervé Kempf: "Pour sauver la planète, sortez du capitalisme."
> >> -
> >> Phil Jourdan --- p...@ptahhotep.com
> >>http://www.ptahhotep.com
> >>http://www.chiccantine.com/andypantry.php
> >>
> >>
> >>
> > Why do you need them in separate variables? Can't you use them using
> > array syntax elsewhere in your code?
> Basically, I don't know how else to handle inserting and updating random
> number of authors. Each book in the db may have up to 5 authors. I
> imagine there is a simpler way to do it; I just don't have the knowledge
> or experience or the time to learn another way. I'd be happy to have you
> look at the code and hear some feedback. It's probably a miracle that
> the site is working... ;-)
> Oh, it's www.ptahhotep.com - my daughter's egyptology site; I just
> migrated from pure (almost) html to php/mysql/css and am just doing the
> finishing touches now - the edit page.
>
> --
> Hervé Kempf: "Pour sauver la planète, sortez du capitalisme."
> -
> Phil Jourdan --- p...@ptahhotep.com
>   http://www.ptahhotep.com
>   http://www.chiccantine.com/andypantry.php
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] how to extract fields from associative array into different variables

[Eddie Drapkin]

And, assuming the same table (just got the new email, sorry) for the update:

function makeUpdateQuery(array $authors, $bookId) {

foreach($authors as &$author) {
   $author = mysql_real_escape_string($author);
}

if(!ctype_digit($bookId)) { return false; }

$existing = array();

$getAuthors = 'SELECT AuthorName FROM book_authors';
mysql_query($getAuthors);

while($row = mysql_fetch_assoc()) {
   $existing[] = $row['AuthorName'];
}

$authorString = implode("', '", $existing);

$sql = "DELETE FROM book_authors WHERE AuthorName NOT IN ('";
$sql .= $authorString;

$sql = substr($sql, 0, -3) . ')';

mysql_query($sql);

$existing = array();

mysql_query($getAuthors);

while($row = mysql_fetch_assoc()) {
  $existing = $row['AuthorName'];
}

if(arsort($existing) != arsort($authors)) {
   foreach($existing as $exist) {
  $key = array_search($exist, $authors);
  unset($authors[$key]);
  }
}

makeInsertQuery($authors, $bookId);

}

Probably needs some tweaking, both of them, as I'm writing compleletly off
the cuff, but the logic should be about right :)

On Tue, Jun 16, 2009 at 8:59 AM, Eddie Drapkin  wrote:

> I'm going to assume that your table is setup to have the rows BookID and
> AuthorName, adjust accordinging:
>
> function makeInsertQuery(array $authors, $bookId) {
>
> $sql = "INSERT INTO book_authors (BookID, AuthorName) VALUES ('$bookId',
> '";
>
> foreach($authors as &$author) {
> $author = mysql_real_escape_string($author);
> }
>
> if(!ctype_digit($bookId)) {
>return false;
> }
>
> $sql .= implode("', '$bookid'), ('", $authors); // Eric Foo', '123'),
> ('John Bar', '123'), ('Ricky Bam', '123'), (';
>
> $sql = substr($sql, 0, -4);
>
> return $sql;
>
> }
>
> On Tue, Jun 16, 2009 at 8:50 AM, PJ  wrote:
>
>> Ashley Sheridan wrote:
>> > On Mon, 2009-06-15 at 17:38 -0400, PJ wrote:
>> >
>> >> Jay Blanchard wrote:
>> >>
>> >>> [snip]
>> >>> In what way would this simplify or ease my pain?
>> >>> The difficulty, it seems to me, is not in retrieving the rows, but
>> >>> rather how to pass the row data to the variables. And since the number
>> >>> of rows is variable, I believe that the only way to assign the
>> variables
>> >>> is by use of a loop? I think I'm beating my head against the wall for
>> >>> nothing... :-(
>> >>> [/snip]
>> >>>
>> >>> You asked for easier. In this way the data is assigned to a usable
>> >>> variable right out of the gate and that is an array variable. You can
>> >>> actually use it with either mysql_fetch_array or mysql_fetch_row.
>> >>>
>> >>> Here is your query;
>> >>>
>> >>> $sql = "SELECT first_name, last_name, book_author.ordinal
>> >>>   FROM author, book_author
>> >>>   WHERE book_author.bookID = $idIN && book_author.authID =
>> author.id
>> >>> ORDER BY ordinal";
>> >>>
>> >>> You need not declare another array, but do it this way instead;
>> >>>
>> >>>if ($results = mysql_query($sql, $db)) {
>> >>> while ( $row = mysql_fetch_array($results, MYSQL_ASSOC) ) {
>> >>> echo $row['first_name'];
>> >>> echo $row['last_name'];
>> >>>
>> >>>
>> >> Then I have to add some loopy thing to assign the values to the
>> >> $variables... a real pita since my variable do not lend themselves too
>> >> well to linear alterations ($varIn, $var2IN, $var3IN... etc... so $i=0
>> >> and $i++ arren't going to be too cooperative here... I guess I'd have
>> to
>> >> change that to $var1IN... and then figure out how to do $var.$i.IN ...
>> I
>> >> already tried, but don't seem to have it right
>> >>
>> >>> etcetera.
>> >>> }
>> >>> }
>> >>>
>> >>> The lazy part I will agree with :)
>> >>>
>> >>>
>> >> Well, I shouldn't say it, but laziness is a characteristic of
>> >> "intelligence": why do more than you have to when you can be doing
>> >> something else. Actually, I am anything but lazy, I spend innumerable
>> >> hours trying to understand what all this c

Re: [PHP] Re: Help: PHP version not up to date after "apt-get install php5-dev"

[Eddie Drapkin]

Why not just compile it yourself?

On Wed, Jun 17, 2009 at 3:34 PM, Shawn McKenzie wrote:
> Philipp Schaffner wrote:
>> Dear PHP [hard]core expert
>>
>> After  "apt-get install php5-dev" on Linux (Debian, Ubuntu, Hardy Heron)
>> with an already existing and functioning PHP5 interpreter "phpinfo()"
>> still shows "PHP Version 5.2.4-2ubuntu5.6". BUT at the same time
>> phpinfo() shows "Build Date: April 17 2009"!
>>
>> This seems incongruent to me! PHP 5.2.4 is from the year 2007!!! Which
>> version of PHP does my server run now? How can I find out in this
>> "mess"? Do I really need to deinstall and reinstall PHP in order to get
>> the right version displayed?
>>
>> Thank you very much for your brief info about this confusion!
>> Philipp Schaffner, Switzerland
>>
>>
>
> What you installed are development (source) files needed to build PHP
> modules.
>
> $ apt-cache show php5-dev
>
> Version: 5.2.4-2ubuntu5.6
> Description: Files for PHP5 module development
>  This package provides the files from the PHP5 source needed for compiling
>  additional modules.
>
> AFAIK you're out of luck on Ubuntu for releases newer than 5.2.4 at the
> moment.  Unless you want to add a Debian repository or another third
> party one.
>
>
> --
> Thanks!
> -Shawn
> http://www.spidean.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] how to extract fields from associative array into different variables

[Eddie Drapkin]

Total nitpick, but foreach is a control structure, not a function :P

On Thu, Jun 18, 2009 at 8:40 AM, Yuri Yarlei wrote:
>
> You can try use the foreach function.
>
> ex:
> if ($res = mysql_query ($sql, $db)) {
>  /* I personally prefer "res" for "resource", not "results" */
>  while ($r = mysql_fetch_assoc ($res)) {
>  $rows[] = $r;
> }
> }
>
>
> foreach ($rows as $row){
>  echo $row['first_name'];
>  echo "";
> }
>
> the foreach function transform the array $rows[] (the fisrt level of 
> associative array) in a variable $row.
>
> Yuri Yarlei.
> Programmer PHP, CSS, Java, PostregreSQL;
> Today PHP, tomorrow Java, after the world.
> Kyou wa PHP, ashita wa Java, sono ato sekai desu.
>
>
>
>> To: php-general@lists.php.net
>> From: news.nospam.0ixbt...@luden.se
>> Date: Thu, 18 Jun 2009 14:17:59 +0200
>> Subject: Re: [PHP] how to extract fields from associative array into  
>> different variables
>>
>> On Tue, 16 Jun 2009 08:50:45 -0400, PJ wrote:
>>
>> > Ashley Sheridan wrote:
>> >> On Mon, 2009-06-15 at 17:38 -0400, PJ wrote:
>> >>
>> >>> Then I have to add some loopy thing to assign the values to the
>> >>> $variables... a real pita since my variable do not lend themselves too
>> >>> well to linear alterations ($varIn, $var2IN, $var3IN... etc... so $i=0
>> >>> and $i++ arren't going to be too cooperative here... I guess I'd have to
>> >>> change that to $var1IN... and then figure out how to do $var.$i.IN ... I
>> >>> already tried, but don't seem to have it right
>> >>>
>> >> Why do you need them in separate variables? Can't you use them using
>> >> array syntax elsewhere in your code?
>>
>> > Basically, I don't know how else to handle inserting and updating random
>> > ...
>>
>> What he's talking about is doing this:
>>
>>   if ($res = mysql_query ($sql, $db)) {
>>     /* I personally prefer "res" for "resource", not "results" */
>>     while ($r = mysql_fetch_assoc ($res)) {
>>       $rows[] = $r;
>>     }
>>   }
>>
>> And then you access the individual rows/columns as
>>   $rows[0]['first_name']
>>   $rows[0]['last_name']
>>   $rows[1]['first_name']
>>   $rows[1]['last_name']
>> and so on, in some kind of loop probably.
>>
>> (I thought this had been spelled out already, but I
>>  was unable to find it so perhaps not.)
>>
>>
>> /Nisse
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>
> _
> Deixe suas conversas mais divertidas. Baixe agora mesmo novos emoticons. É 
> grátis!
> http://specials.br.msn.com/ilovemessenger/pacotes.aspx

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] aesthetic beauty in conception, execution

[Eddie Drapkin]

It's the greatest movie I've ever seen.  Canadians, Jesus, vampires
and lesbians, what hte hell else could you ask for in a film?

On Thu, Jun 18, 2009 at 3:50 PM, Paul M Foster wrote:
> On Thu, Jun 18, 2009 at 01:58:26PM -0500, Skip Evans wrote:
>
>> Okay, had to chime in here...
>>
>> Jesus Christ, Vampire Hunter
>>
>> See the trailer here
>>
>> http://www.youtube.com/watch?v=4LRIypcaIX4
>>
>
> Ohmygosh! That's a *real* movie! Doubtless in the fine tradition of "The
> Toxic Avenger", but with an even lower budget. Priceless! ;-}
>
> Paul
>
> --
> Paul M. Foster
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Mastercard Securecode

[Eddie Drapkin]

I've not heard of anything like that, but turning the C API into an
extension would be a huge plus for PHP and I heartily recommend it (as
long as it's not me writing it ^.^)!

On Fri, Jun 19, 2009 at 4:14 AM, Ian wrote:
> Hi,
>
> A search of google has been unsuccessfull so I am posting here in the hope 
> someone
> can help.
>
> We have recently been told that we must implement the Mastercard Securecode 
> 'feature'
> for all our Maesto transactions or face fines of up $25000 per month. Our 
> merchant has
> provided a SDK which has APIs in C, COM or Java (specifically the "Arcot 
> Transfort
> Merchant Software").
>
> We previously moved away from a Java API into our merchant in favour of a 
> pure PHP
> implementation using XML and would rather not take a step back again.
>
>
> Is anyone aware of a pure PHP implementation of the Mastercard Securecode 
> 'feature'?
>
>
> I am aware I can link into COM & Java from PHP, and even take the C API and 
> make my
> own extension but I would rather not pursue these options unless I really 
> have to!
>
> Regards
>
> Ian
> --
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] This Friday's OT Thread

[Eddie Drapkin]

Wait, that's not how everyone else gets ready for a coding marathon?

You guys are doing it wrong!

On Fri, Jun 19, 2009 at 7:03 PM, Dotan Cohen wrote:
>>> I'm self-employed. I don't plan on ever laying myself off.
>>
>>    Mind out of the gutter, Rob.  Words like "self," "laying," and
>> "off" will get you flagged.
>>
>
> How naive I was to think that I might be the only one to make the connection!
>
>
> --
> Dotan Cohen
>
> http://what-is-what.com
> http://gibberish.co.il
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] share code between sites

[Eddie Drapkin]

The same document root and different Vhosts?

On Sun, Jun 21, 2009 at 4:01 PM, Lars Nielsen wrote:
> Hey List
>
> Is there any good approach to share code between multiple sites? The
> code might be on the same server but on different domains.
>
> best regards
>
> Lars
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)

[Eddie Drapkin]

Why not give a presentation, like in the first few, about compiling
PHP for yourself, as that's a pretty useful skill that's oft
neglected?

On Tue, Jun 23, 2009 at 4:12 AM, Per Jessen wrote:
> Manuel Aude wrote:
>
>> I'm giving a PHP course next semester (3 hours all saturdays for 22
>> weeks) and I just realized that PHP 5.3 is coming very soon (2 days
>> now!). So, my plans of teaching PHP 5.2 are starting to change, and I
>> think it's a good idea to teach them 5.3 already.
>
> Does it _really_ matter which one?  I can't imagine there are that many
> revolutionary changes in a dot-release.
>
>
> /Per
>
> --
> Per Jessen, Zürich (12.2°C)
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: XSS Preventing.

[Eddie Drapkin]

Cons:
1. Can't easily edit information in the database
2. Can't display raw for the user (e.g. edit a forum post)
3. Uses more space in the DB
4. Isn't as easily indexed
5. Breaks il8n support of internal search engines (sphinx, lucene, etc.)

You're NEVER supposed to santize before inserting in the DB.  Ever.
Regarding the "performance" boost, if your application is written so
well that calling htmlentities() is hurting the performance, I bow to
you as writing the highest performing PHP I've ever seen.  I would bet
money that validation and sanitization, even if overdone, wouldn't
take more than 2 or 3 percent of execution time.

Do NOT do this, OP, it's terrible practice.

On Tue, Jun 23, 2009 at 10:29 AM, Martin Zvarík wrote:
>>
>> Don't htmlentiies() before DB save.  In general:
>>
>> - mysql_real_escape_string() before DB insertion
>>
>> - htmlentities() before dispaly
>>
>
>
> I, on the other hand, would do htmlentities() BEFORE insertion.
>
>
> Pros:
> ---
> The text is processed once and doesn't have to be htmlentitied() everytime
> you read the database - what a stupid waste of performance anyway.
>
>
> Cons:
> ---
> Instead "&" you'll see "&" ... is that a problem? Not for me and I
> believe 80% of others who use DB to store & view on web.
>
>
>
> Martin
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Perl GD

[Eddie Drapkin]

I think you've got the wrong mailing list, man.

On Tue, Jun 23, 2009 at 11:11 AM, Chris
Denman wrote:
> Hi!
>
> Just installed the latest release of GD on my Centos 5 server with no
> installation issues and all libraries OK.
> However, getting lots of:
>
> [13973]ERR: 24: Error in Perl code: Bad file descriptor at /var/www/vhosts/
> w12.org/httpdocs/glassify/indexdie.htm line 11.
>
> And BLACK boxes behind where it should be transparent (occassionally works
> fine)
>
> http://www.twitterhit.net/glassify (without "dies" - sometimes works)
>  http://www.twitterhit.net/glassify/indexdie.htm (with "dies" - shows error)
>
> Here's the code:
>
> [-
>
> use GD;
>
> my $myImage1 = GD::Image->new('/var/www/vhosts/
> w12.org/httpdocs/glassify/me.jpg') || die("$!");
> my $myImage2 = GD::Image->new('/var/www/vhosts/
> w12.org/httpdocs/glassify/glass.png') || die("$!");
>
> $myImage1->trueColor(1) || die("$!");
> $myImage2->trueColor(1) || die("$!");
>
> $myImage1->alphaBlending(1) || die("$!");
> $myImage2->alphaBlending(1) || die("$!");
>
> $myImage1->copy($myImage2, 0, 0, 0, 0, 48, 48);
>
> $out_data = $myImage1->png;
> open (DISPLAY,">/var/www/vhosts/w12.org/httpdocs/glassify/result.png") ||
> die("wassup $!");
> binmode DISPLAY;
> print DISPLAY $out_data;
> close DISPLAY;
>
> -]
> 
> 
>
>
> Hope  you can help,
>
> Chris Denman
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] modifying within foreach

[Eddie Drapkin]

It's just foreach($foo as $key => &$item) { }

You can't assign the key by reference >.>

On Tue, Jun 23, 2009 at 3:04 PM, Ashley
Sheridan wrote:
> On Tue, 2009-06-23 at 12:56 -0600, kirk.john...@zootweb.com wrote:
>> Andres Gonzalez  wrote on 06/23/2009 12:26:38 PM:
>>
>> > I want to modify $results within the foreach. In other words,
>> > during a given pass of this iteration, I want to delete some
>> > of the items based on particular conditions. Then on the next
>> > pass thru the foreach, I want $results to be the newer, modified
>> > array.
>> >
>> > This does not seem to work. It appears that the foreach statement
>> > is implemented such that $results is read into memory at the start
>> > so that any modifications I make to it during a given pass, are ignored
>> > on the next pass. Is this true?
>>
>> foreach works on a copy of an array, so the behavior you saw is expected.
>> See the online manual.
>>
>> You could use a while loop, or, instead of unset-ing elements of $results,
>> store the elements you want to keep into a new array.
>>
>> Kirk
>
> What about passing it by reference?
>
> foreach($results as &$key => &$item)
> {
>    // modify items here
> }
>
> Thanks
> Ash
> www.ashleysheridan.co.uk
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] CSV file

[Eddie Drapkin]

or $arr = file('foo.csv'); $count = count($arr);

On Wed, Jun 24, 2009 at 5:19 PM, Richard Heyes wrote:
> Hi,
>
>> To do the line count first, you have to read the whole file, how would
>> you do it?
>
> Something like this:
>
> $fp = fopen('/tmp/foo', 'r');
> $count = 0;
>
> while (!feof($fp)) {
>  fgets($fp);
>  ++$count;
> }
>
> --
> Richard Heyes
> HTML5 graphing: RGraph (www.rgraph.net - updated 20th June)
> PHP mail: RMail (www.phpguru.org/rmail)
> PHP datagrid: RGrid (www.phpguru.org/rgrid)
> PHP Template: RTemplate (www.phpguru.org/rtemplate)
> PHP SMTP: http://www.phpguru.org/smtp
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Progressbar

[Eddie Drapkin]

On Thu, Jun 25, 2009 at 9:58 AM, Stuart wrote:
> 2009/6/25 tedd :
>> At 8:30 AM +0100 6/25/09, Colin Guthrie wrote:
>>>
>>> 'Twas brillig, and tedd at 24/06/09 15:24 did gyre and gimble:

 The biggest problem in uploading a file is figuring out how large it is.
 You can't find that out in php
>>>
>>> Well you can find it out with the uploadprogress or APC PECL extensions.
>>>
>>> If you use Zend Framework then it has a progress bar for file upload built
>>> in.
>>>
>>>
>>> http://www.framework.zend.com/manual/en/zend.file.html#zend.file.transfer.introduction.uploadprogress
>>>
>>> HTHs
>>>
>>> Col
>>
>> I purchased Zend Studio around five years ago, but never got it to work for
>> me. Maybe I should try it again.
>
> Zend Studio and Zend Framework have no connection to each other beyond
> both coming from Zend. Studio took a major leap downhill when they
> switched to the Eclipse platform which is why I no longer use it. Take
> a look by all means, but don't get your hopes up.
>
> -Stuart
>
> --
> http://stut.net/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Really?  I think that was one of the better decisions that they made
about it.  I don't know of a better (free) IDE platform.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Progressbar

[Eddie Drapkin]

On Thu, Jun 25, 2009 at 10:29 AM, Stuart wrote:
> 2009/6/25 Eddie Drapkin :
>> On Thu, Jun 25, 2009 at 9:58 AM, Stuart wrote:
>>> 2009/6/25 tedd :
>>>> At 8:30 AM +0100 6/25/09, Colin Guthrie wrote:
>>>>>
>>>>> 'Twas brillig, and tedd at 24/06/09 15:24 did gyre and gimble:
>>>>>>
>>>>>> The biggest problem in uploading a file is figuring out how large it is.
>>>>>> You can't find that out in php
>>>>>
>>>>> Well you can find it out with the uploadprogress or APC PECL extensions.
>>>>>
>>>>> If you use Zend Framework then it has a progress bar for file upload built
>>>>> in.
>>>>>
>>>>>
>>>>> http://www.framework.zend.com/manual/en/zend.file.html#zend.file.transfer.introduction.uploadprogress
>>>>>
>>>>> HTHs
>>>>>
>>>>> Col
>>>>
>>>> I purchased Zend Studio around five years ago, but never got it to work for
>>>> me. Maybe I should try it again.
>>>
>>> Zend Studio and Zend Framework have no connection to each other beyond
>>> both coming from Zend. Studio took a major leap downhill when they
>>> switched to the Eclipse platform which is why I no longer use it. Take
>>> a look by all means, but don't get your hopes up.
>>>
>>> -Stuart
>>>
>>> --
>>> http://stut.net/
>>>
>>> --
>>> PHP General Mailing List (http://www.php.net/)
>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>
>>>
>>
>> Really?  I think that was one of the better decisions that they made
>> about it.  I don't know of a better (free) IDE platform.
>
> I wasn't criticising Eclipse - I think the platform rocks, but somehow
> they've managed to screw it up!! I now use Aptana which is also built
> on Eclipse but has a far more polished feel to it.
>
> -Stuart
>
> --
> http://stut.net/
>

When's the last you used Zend Studio?  The latest (6.1.2) stable Zend
Studio v. the latest stable Aptana, I'd take Zend Studio hands down.
Granted, the 5 series of Studio were _atrocious_ but that's long past!
 I also don't really appreciate the in-IDE advertising that Aptana
sports.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Progressbar

[Eddie Drapkin]

On Thu, Jun 25, 2009 at 12:52 PM, Bastien Koert wrote:
> On Thu, Jun 25, 2009 at 11:51 AM, Michael A. Peters wrote:
>> Martin Scotta wrote:
>>>
>>> I found extremely un-productive editors or IDEs like Eclipse or Zend
>>> Studio.
>>>
>>> I use SciTE.
>>>
>>> It don't has any feature you are talking about...
>>>
>>> but it..
>>>  # do not eat all you ram
>>>  # starts in a microsecond
>>>  # opens any type of file
>>>  # paints the code in pretty colors.
>>>  # has a little intellisense using pre-written words or api files
>>>
>>>
>>
>> I almost exclusively use bluefish, the closest I come to an IDE for anything
>> I do is emacs + AUCTeX for my occasional TeX needs.
>>
>> I also use vim and on the rare occasions I'm stuck with Windows, something I
>> think called PSPad (not sure, downloaded it awhile back at my parents
>> house). I actually have a license for Homesite, but I don't think I can
>> install it on their computer and I don't run Windows anymore. That was nice.
>>
>> On a Mac - bbedit for everything.
>>
>> However, all that being said, I do very little php. Right now though a
>> little more than usual.
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>
> over the past little while I have been using
>
> komodo edit (free) - good (more like a text editor with some brains),
> good code completion and hinting
> aptana studio (free) - eclipse based, bigger learning curve, but lots
> of functionality
> netbeans (free) - good, nice interface
>
>
>
>
> --
>
> Bastien
>
> Cat, the other other white meat
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Well the thing about being productive out of the box with Zend Studio
isn't entirely related to Zend Studio, it's more of an Eclipse
problem.  Eclipse itself, whether using it in a heavily modified form
like Aptana or PDT or Zend Studio, or just using it out of the box for
Java development or C/C++ development or anything in between, has a
ridiculously steep learning curve for what's really just a fancy text
editor.  While this turns a lot of people off, I was lucky (although I
sure didn't think so at the time) enough to have it forced on me when
I was learning Java in school.  And in the end, I'm pretty glad that I
was forced to learn Eclipse because it's been the go to editor for all
my coding needs, whether PHP, Python, C, Java, even complex shell
scripting.  And whenever someone is learning to develop and gets to
the point that they'd actually take advantage of some of the more
advanced features of Eclipse - step through debugging, code
autocompletion, etc. - I recommend that they take some time out of
learning the code, or coding, and learn Eclipse.  The second Java
class I took was actually "learning Eclipse" and it was one of the
more useful classes that I've taken, given that there's no longer a
learning curve for any IDE that I want to use.

Yes, Eclipse is pretty intimidating and oftentimes more complicated
than it needs to be, but there's a level of customizability that
doesn't exist in any other editors that I've seen.  Whether it's
making code look and behave exactly the same, or binding keybindings
to things like SVN commit / update / resolve, it's all possible in
Eclipse.  Whether you use Aptana, PDT, Zend Studio (>= 6.0) or another
derivative, I'd definitely recommend using Eclipse and once you've
topped the learning curve, you'll be able to say that your IDE
actually boosts your productivity significantly, which is the ultimate
goal anyway.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] OT mysql pivot table problem

[Eddie Drapkin]

You'd be much, much better off creating a query by concatenating ",
($uid, $groups[$i])" into one huge insert query.

YOU SHOULD NEVER, EVER EVER EVER EVER RUN QUERIES IN A LOOP!


On Thu, Jun 25, 2009 at 4:11 PM, Matt Giddings wrote:
> Thanks for taking the time to provide an example.  I'm going to take the
> advice given by you and others and simply do this in php instead of looking
> for a fancy mysql solution.  ; )  Dang, and I was really wanting to wow
> myself today...
> Thanks again!
> Matt
>
> On Thu, Jun 25, 2009 at 3:51 PM, Ashley Sheridan
> wrote:
>
>> On Thu, 2009-06-25 at 15:20 -0400, Matt Giddings wrote:
>> > I know this is the off topic (sorry), but it is a php project that I'm
>> > working on!  I need some pointers on how to pivot a mysql column
>> (containing
>> > comma delimited data) into an equal number of rows (see example).  Any
>> > direction (pointers to links, etc. would be appreciated).
>> >
>> > From this:
>> >
>> > user.table
>> > uid|name|groups
>> > 1|mcgiddin|1,4,7,10,12
>> >
>> >
>> > To this:
>> >
>> > pivot.table
>> > uid|group
>> > 1|1
>> > 1|4
>> > 1|7
>> > 1|10
>> > 1|12
>>
>> I don't know of any fancy ways of doing it just in MySQL, but if the
>> records are all as simple as that, something like this should do the
>> trick:
>>
>> $query = "SELECT * FROM `user`";
>> $result = mysql_query($query);
>> while($row = mysql_fetch_array($result))
>> {
>>    $uid = $row['uid'];
>>    $groups = explode(','$row['groups']);
>>    for($i=0; $i>    {
>>        $query2 = "INSERT INTO `pivot` VALUES($uid, $groups[$i])";
>>        $result2 = mysql_query($query2);
>>    }
>> }
>>
>> Also, I'd recommend having some sort of auto increment value on that
>> pivot table, so you can manipulate specific rows at a later date.
>>
>> Thanks
>> Ash
>> www.ashleysheridan.co.uk
>>
>>
>
>
> --
> Matt Giddings
> Web Programmer
> Information Technology Services
> Saginaw Valley State University
> Phone: 989.964.7247
>
> http://www.svsu.edu
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Removing empty values from array

[Eddie Drapkin]

On Thu, Jun 25, 2009 at 5:00 PM, Ashley
Sheridan wrote:
> On Thu, 2009-06-25 at 17:52 -0300, Martin Scotta wrote:
>> Hi all
>>
>> I have this in a simple routine...
>>
>> for($i=0, $if=count($array); $i<$if; ++$i)
>>       if( $array[$i] == '' )
>>       {
>>               array_splice( $array, $i, 1);
>>
>>               --$i;
>>               --$if;
>>       }
>>
>> My question: is this the better way to do it?
>>
>> --
>> Martin Scotta
>>
> array_filter() will return an array without any elements that equate to
> false (empty strings, 0, false) although you can use the optional
> argument to specify your own function which should return true if you
> want to keep an element, or false if you want to ditch it, if you need
> to eliminate only empty strings.
>
>
> Thanks
> Ash
> www.ashleysheridan.co.uk
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

I'd just do

foreach($array as &$v) {
if($v === false || $v === null || $v === 0) {
unset($v);
}
}


I wouldn't do anything more complicated >.>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Does php have multithread, shared object(like jsp application)

[Eddie Drapkin]

PHP doesn't support threading.

On Thu, Jun 25, 2009 at 10:59 PM, WenDong Zhang wrote:
> Hi guys:
>
> Now days I want to develop a web application like a chat room. the requests
> per seconds maybe very large, so I want to save some common info into to
> memory (quick access).
>
> So, I want to know does php have the follow features or implement them in
> other ways.
> 1. server scope objects, mostly like application in jsp.  // the most
> important~
> 2. multithread synchronize.
> 3. I want to start a thread timed execute, like Timer in java
>
> thanks
> --
> Best Regards!
> Wen Dong
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Fwd: [PHP] What does this mean?

[Eddie Drapkin]

Just getting this back on the list >.>


-- Forwarded message --
From: Eddie Drapkin 
Date: Fri, Jun 26, 2009 at 2:36 AM
Subject: Re: [PHP] What does this mean?
To: Jason Carson 


It's used in key value combinations in several places.

When building an array:
$foo = array('key' => 'value', 'another_key' => 'another value');
which will give you an array that looks like
$foo['key'] = 'value';
$foo['another_key'] = 'another_value';

Also, in foreach(), which is a language construct used to iterate over arrays:

foreach($foo as $key => $val) {
 echo "The key for this element is $key and the value is $val\n";
}
will output:
The key for this element is key and the value is value
The key for this element is another_key and the value is another_value

Those are the two most common places you'll see it (and perhaps the
only, I don't want to speak conclusively, though, I'm awfully tired
this evening!)

On Fri, Jun 26, 2009 at 2:31 AM, Jason Carson wrote:
> Hey all, I'm new to the list and I have a question...
>
> What does => mean?
>
> The book I am reading is called Programming PHP published by O'Reilly. I
> haven't read the whole book yet. I was flipping through the pages and in
> the book there is mention of <= (less than or equal) and >= (greater than
> or equal)but it doesn't say what => is even though it is used numerous
> times in the example code.
>
> Thanks
>
> Jason
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Does something like this exist?

[Eddie Drapkin]

Have you looked at class_parents()?
http://www.php.net/manual/en/function.class-parents.php

On Mon, Jun 29, 2009 at 4:42 PM, Christoph Boget wrote:
>>> * What files are include in which scripts
>> pecl.php.net/package/inclued  - an awesome tool, will show you
>> includes/require calls to other ones, show you any redundancy (dotted
>> lines) etc. helps you clean up any nested and unnecessary includes or
>> requires. Rasmus approved(tm)
>> use it with graphviz and you've got visual maps of your entire
>> include/require structure.
>
> Ok, I'll look in to it.  Thanks!
>
>>> * The relationships between defined classes (eg A extends B)
>>> * What other classes are utilized by which classes (eg, instantiation)
>> doesn't phpdoc or something do this stuff? might need comments before
>> each function/method to make it really work well. not sure. i think
>> there's also something called "phpxref" as well that might work...
>
> It does.  But I'm looking to use this on an inherited framework that,
> unfortunately, includes very little PHPDoc comments.  Considering how
> large the codebase is, it'd be quicker for me to write this
> functionality (to at least give us something to reference) than it
> would be to add the necessary comments.  Granted, that's something
> we'd want to eventually add anyway but it's something we could do over
> time as we became much more familiar with the framework.
>
> thnx,
> Christoph
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Scope woe

[Eddie Drapkin]

It should be passed into the constructor as a parameter.  If you're
using OOP properly, there's no reason to use $GLOBALS, ever.  Any
variable in the $GLOBALS array exists twice in memory, so just keep
that in mind, if you plan to use it.

On Tue, Jun 30, 2009 at 8:43 AM, Peter Ford wrote:
> Luke wrote:
>> Hello again guys,
>>
>> I was wondering the best way to tackle the following problem:
>>
>> I've got a class, containing a property which is another object. So from
>> outside I should be able to do
>> $firstobject->propertycontainingobject->methodinsidethatobject();
>>
>> The $firstobject variable is in the global namespace (having been made with
>> $firstobject = new FirstObject;), and I'm having a problem that I'm sure
>> many people have when accessing it inside another class, so:
>>
>> class otherObject
>> {
>> static function messwithotherthings ()
>> {
>> $firstobject->propertycontainingobject->methodinsidethatobject();
>> }
>> }
>>
>> But $firstobject is blank, which makes sense because in there it is pointing
>> to the local variable within the method.
>>
>> To solve this, I could add 'global $firstobject' inside every method, but
>> this is very redundant and boring. I've tried a couple of things like
>> adding:
>>
>> private $firstobject = $GLOBALS['firstobject'];
>>
>> But apparently that's bad syntax. I was just wondering the best way to get
>> around this?
>>
>> Thanks a lot for your help,
>>
>
>
> Set the value of $firstobject in the constructor of otherObject (that's what
> constructors are for!):
>
> eg.
>
> class otherObject
> {
>    private $firstobject;
>
>    function __construct()
>    {
>        $this->firstobject = $GLOBALS['firstobject'];
>    }
>
>    static function messwithotherthings ()
>    {
>        $this->firstobject->propertycontainingobject->methodinsidethatobject();
>    }
> }
>
>
> --
> Peter Ford                              phone: 01580 89
> Developer                               fax:   01580 893399
> Justcroft International Ltd., Staplehurst, Kent
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Scope woe

[Eddie Drapkin]

On Tue, Jun 30, 2009 at 10:44 AM, Luke wrote:
>
>
> 2009/6/30 Eddie Drapkin 
>>
>> It should be passed into the constructor as a parameter.  If you're
>> using OOP properly, there's no reason to use $GLOBALS, ever.  Any
>> variable in the $GLOBALS array exists twice in memory, so just keep
>> that in mind, if you plan to use it.
>>
>> On Tue, Jun 30, 2009 at 8:43 AM, Peter Ford wrote:
>> > Luke wrote:
>> >> Hello again guys,
>> >>
>> >> I was wondering the best way to tackle the following problem:
>> >>
>> >> I've got a class, containing a property which is another object. So
>> >> from
>> >> outside I should be able to do
>> >> $firstobject->propertycontainingobject->methodinsidethatobject();
>> >>
>> >> The $firstobject variable is in the global namespace (having been made
>> >> with
>> >> $firstobject = new FirstObject;), and I'm having a problem that I'm
>> >> sure
>> >> many people have when accessing it inside another class, so:
>> >>
>> >> class otherObject
>> >> {
>> >> static function messwithotherthings ()
>> >> {
>> >> $firstobject->propertycontainingobject->methodinsidethatobject();
>> >> }
>> >> }
>> >>
>> >> But $firstobject is blank, which makes sense because in there it is
>> >> pointing
>> >> to the local variable within the method.
>> >>
>> >> To solve this, I could add 'global $firstobject' inside every method,
>> >> but
>> >> this is very redundant and boring. I've tried a couple of things like
>> >> adding:
>> >>
>> >> private $firstobject = $GLOBALS['firstobject'];
>> >>
>> >> But apparently that's bad syntax. I was just wondering the best way to
>> >> get
>> >> around this?
>> >>
>> >> Thanks a lot for your help,
>> >>
>> >
>> >
>> > Set the value of $firstobject in the constructor of otherObject (that's
>> > what
>> > constructors are for!):
>> >
>> > eg.
>> >
>> > class otherObject
>> > {
>> >    private $firstobject;
>> >
>> >    function __construct()
>> >    {
>> >        $this->firstobject = $GLOBALS['firstobject'];
>> >    }
>> >
>> >    static function messwithotherthings ()
>> >    {
>> >
>> >  $this->firstobject->propertycontainingobject->methodinsidethatobject();
>> >    }
>> > }
>> >
>> >
>> > --
>> > Peter Ford                              phone: 01580 89
>> > Developer                               fax:   01580 893399
>> > Justcroft International Ltd., Staplehurst, Kent
>> >
>> > --
>> > PHP General Mailing List (http://www.php.net/)
>> > To unsubscribe, visit: http://www.php.net/unsub.php
>> >
>> >
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>
> Thanks for the replies :)
>
> Surely if I pass it as a parameter to the __construct then I would have to
> make an instance of the otherObject, notice that messwithotherthings is
> static?
>
> Also, if I'm not using OOP properly, Eddie, how would I use it properly to
> prevent this situation?
>
> Thanks,
>
> --
> Luke Slater
> :O)
>
>

Well all you'd really need to do is something like this (for an instance class):

class ExampleClassYay {
private $instance;

public function __construct(someOtherClass $instance) {
$this->instance = $instance;
}

public function foo() {
var_dumP($this->instance);
}

}

So, all you'd have to do is something like:
$foo = new someOtherClass();
$example = new ExampleClassYay($foo);
$example->foo();

Whereas, for a static class, you can use a static property accessed
via self::$property instead of $this->property, like so:

Well all you'd really need to do is something like this:


class StaticExampleClassYay {
private static $instance;

static public function setInstance(someOtherClass $instance) {
self::$instance = $instance;
}

static public function foo() {
var_d

Re: [PHP] Re: Scope woe

[Eddie Drapkin]

On Tue, Jun 30, 2009 at 11:12 AM, Peter Ford wrote:
> Luke wrote:
>>>
>> Thanks for the replies :)
>>
>> Surely if I pass it as a parameter to the __construct then I would have to
>> make an instance of the otherObject, notice that messwithotherthings is
>> static?
>>
>> Also, if I'm not using OOP properly, Eddie, how would I use it properly to
>> prevent this situation?
>>
>> Thanks,
>>
>
> Hmmm, I didn't notice the method was static - that means my idea really won't
> work...
>
> I did have a bad feeling about this, and Eddie confirmed my unease with the
> point about OOP.
>
> Really, you should need your $firstobject to be a singleton:
> eg.
>
> class FirstObject
> {
>    private static $theInstance = NULL;
>
>    public $propertyContainingObject;
>
>    protected function __construct()
>    {
>        // whatever
>    }
>
>    public static function getInstance()
>    {
>        if (!self::$theInstance)
>        {
>            self::$theInstance = new FirstObject();
>        }
>        return self::$theInstance;
>    }
>
>    // ... other methods ...
> }
>
>
> So then:
>
> class OtherObject
> {
>    static function messWithOtherThings()
>    {
>        $firstObject = FirstObject::getInstance();
>        $firstObject->propertyContainingObject->methodInsideThatObject();
>    }
> }
>
>
>
> I think that works, and is reasonable to the OOP purists...
>
>
> --
> Peter Ford                              phone: 01580 89
> Developer                               fax:   01580 893399
> Justcroft International Ltd., Staplehurst, Kent
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

I wouldn't really recommend going with a singleton in this situation,
as there exists a different solution (my other post :P) and there are
very few actual use-cases where the pattern makes sense, and deploying
it unnecessarily can cause a whole lot of headache D:

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Scope woe

[Eddie Drapkin]

On Tue, Jun 30, 2009 at 12:37 PM, Paul M Foster wrote:
> On Tue, Jun 30, 2009 at 11:17:17AM -0400, Eddie Drapkin wrote:
>
> 
>
>>
>> I wouldn't really recommend going with a singleton in this situation,
>> as there exists a different solution (my other post :P) and there are
>> very few actual use-cases where the pattern makes sense, and deploying
>> it unnecessarily can cause a whole lot of headache D:
>>
>
> I disagree. A singleton is quite a good solution, particularly when you
> only want one instance of an object. You can also create a "registry"
> class which contains instances of objects which might be useful to other
> classes.
>
> Why would a singleton lead to headaches?
>
> Paul
> --
> Paul M. Foster
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

If you only want one instance of a class at any point, that's the
whole purpose of the pattern, so how could I argue against that?  All
I said was it's really rare that there's a justifiable reason (and in
the above example, it's simply to compensate for not wanting to handle
it elsewhere i.e. laziness) to actually use the pattern.  A lot of the
times you see singletons in use, it's for ease of use, not
functionality; database layers, for example, have no necessity of
being singletons and it's restrictive to do so, yet it's done all the
time.  For a generic question like this, suggesting a single design
pattern as the solution is a bad idea, as someone who doesn't know
better will assume it's the only solution, thus leading to those
headaches of dealing with a misapplied paradigm to a particular
situation.

As far as the registry class paradigm goes, it's occasionally useful,
as is the singleton pattern, but it's not a solution I'd necessarily
recommend because of the overhead implications, especially not in such
a simple situation as storing an instance in a static variable.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] exasperated again - shot in the foot

[Eddie Drapkin]

On Tue, Jun 30, 2009 at 4:50 PM, Bastien Koert wrote:
> On Tue, Jun 30, 2009 at 4:48 PM, PJ wrote:
>> PJ wrote:
>>> Could somebody please explain to me what is wrong with this code?
>>> In my script it works, returns the correct id, but when I try it in a
>>> test pages, nothing in the world gets it to work. This is rather
>>> frustrating, again:
>>> THIS WORKS IN ANOTHER PAGE; IN THE TEST PAGE ID DOES NOT.
>>> $sql = "SELECT id FROM publishers
>>>         WHERE publisher = 'whoever'";
>>>       $result = mysql_query($sql,$db);
>>>         $row = mysql_fetch_assoc($result);
>>>           if (mysql_num_rows($result) !== 0) {
>>>           $pub = $row['id'];
>>> Syntax is ok, echo "hello"; works.
>>>
>>>
>>> This works in the test page:
>>> $aid = array();
>>> $ord = array();
>>> $sql = "SELECT authID, ordinal
>>>         FROM book_author WHERE bookid = 624 ORDER BY ordinal ASC";
>>>         $result = mysql_query($sql, $db);
>>>             //$row = mysql_fetch_assoc($result);
>>>             while ( $row = mysql_fetch_assoc($result) ) {
>>>             $aid[]=$row['authID'];
>>>             $ord[]=$row['ordinal'];
>>>             }
>>>             var_dump($aid);
>>>             echo "";
>>>             var_dump($ord);
>>>             echo $aid[0], " - ";
>>>             echo $ord[0];
>>>
>>> This does not:
>>> $fi="joe"; $la="joe";
>>> $sql = "SELECT id FROM author
>>>         WHERE first_name = '$fi' && last_name = '$la'";
>>>     $result = msql_query($sql, $db);
>>>         $row = mysql_fetch_assoc($result);
>>>         $count=mysql_num_rows($result);
>>>     echo $count;
>>>           if (mysql_num_rows($result) > 0) {
>>>           $a_id=$row['id'];
>>>           }
>>>           echo $a_id, "";
>>> The test page prints out echo "some text"; but no results when the
>>> results are there
>>> Tell me I have missed something simple here, or is this normal for php ?
>>> I have checked the queries on Mysql command line and they are fine.
>>> I have verified the syntax and Netbeans tells me it is fine.
>>> Same results Firefox3 (2 machines) & IE 8.
>>> What is not fine?
>>>
>>>
>> Damn, it's frustrating to find that there is a difference between msql
>> and mysql... ouch, the foot hurts now!
>>
>> --
>> Hervé Kempf: "Pour sauver la planète, sortez du capitalisme."
>> -
>> Phil Jourdan --- p...@ptahhotep.com
>>   http://www.ptahhotep.com
>>   http://www.chiccantine.com/andypantry.php
>>
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>
> Blame the native, libraries that is
>
> --
>
> Bastien
>
> Cat, the other other white meat
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Take it as a sign you shouldn't be using mysql_ at all :)

Use the OOP interface to mysqli or PDO and these problems don't happen

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Scope woe

[Eddie Drapkin]

> You are correct as there was no metaphor in here at all!  This, "It
> helps to think of classes like cars on a highway", is almost a simile,
> but on the whole I would probably say that you were using an analogy :-)
>

HEIL SPELLCHECK!

I bow to my grammar nazi superior *bow*

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Epiphany - a salute to APC

[Eddie Drapkin]

if you want a pure opcode cache, APC is a great choice.

APC should //not// be used for persistent RAM storage.  Memcached is
much faster and designed for that aim, while not being tied to the
webserver.

On Sun, Jul 5, 2009 at 2:10 AM, Brandon Johnson wrote:
> you think this is similar to http://www.danga.com/memcached/ or you think
> this method would be faster ? Which do you say would be the greatest
> benfit ?
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Epiphany - a salute to APC

[Eddie Drapkin]

On Sun, Jul 5, 2009 at 2:43 AM, Paul Scott wrote:
> Eddie Drapkin wrote:
>> if you want a pure opcode cache, APC is a great choice.
>>
>>> you think this is similar to http://www.danga.com/memcached/ or you think
>>> this method would be faster ? Which do you say would be the greatest
>>> benfit ?
>>>
> A simple rule of thumb that I use is:
>
> If you have one machine and medium to large traffic loads, go APC
> If you have more machines for caching servers (dedicated) and large to
> holy mofo loads, then go MemcacheD
>
> This ALL assumes that you have followed a logical scalability plan and
> have separate DB servers, app servers and possibly even using a CDN or
> something beforehand.
>
> -- Paul
>
> http://www.paulscott.za.net/
> http://twitter.com/paulscott56
> http://avoir.uwc.ac.za
>

There are several problems with using APC instead of memcached, even
on a single machine:
1) APC is tied to the wbserver.  This brings up a lot of (not so)
obvious problems.  The processing is handled by the webserver, instead
of a dedicated process.  This can mean that a CPU intensive APC
operation ties up the webserver, which results in less concurrency for
your site, while just waiting to hear back from memcached means idle
webserver process, which allows for greater concurrency.

2) APC is designed to be an opcode, first and foremost.  And while it
may perform as well, or better, on infrequently modified data,
memcached is designed and optimized internally to map memory chunks
and utilize best memory management practices, which mean data that
changes frequently is better stored in memcached.  There's a slideshow
somewhere about facebook's internal caching, and they store things
like school names / info in APC, because fetching it is a tad faster
(especially localhost v. network), but the constant rewiring of
webserver memory is a bad idea, so they store data that changes often
(like status updates) in memcached.

3) memcached has a much richer, better API.  Things like CAS can solve
race conditions, while APC cannot.  There's also increment/decrement,
replace, etc. etc.

4) APC shares its memory between storage and opcodes, afaik.  So, you
fill up APC too much and you start to lose your cached opcodes?  I'd
rather not.

5) APC, once again, is tied to the webserver, so a webserver restart
means you either have to a) prime your cache or b) let your database
be hammered while you "live prime" the cache.  Neither of these are
particularly pleasant, as cache priming is a very difficult task,
while allowing direct read access to the database on all pageloads is
usually a problem when you have to have a key-val cache system in
place.

Long story short, if you're using some sort of RAM based cache to
store heavy data, use memcached, while light data (configuration
values read from a text file, maybe) are fine in APC.

--Eddie

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Epiphany - a salute to APC

[Eddie Drapkin]

> -=- (from other discussion)
> Interesting that facebook uses both. The fedora maintainer for the apc rpm
> listed it as conflicting with memcache. If you can use both, that's a fedora
> packaging but that should be fixed.

I've never seen, nor heard of, a full scale caching implementation
that doesn't use both.  Digg uses both, too.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Simple login form with cookies

[Eddie Drapkin]

On Mon, Jul 6, 2009 at 1:45 AM, Jason Carson wrote:
>> Hello everyone,
>>
>> I am trying to create a PHP login script using cookies but am having some
>> troubles. Here is my setup
>>
>>     index.php -> authenticate.php -> admin.php
>>
>> I want a login form on index.php that allows me to login with my username
>> and password and then passes $_POST['username'] and $_POST['password'] to
>> authenticate.php
>>
>> Then authenticate.php authenticates against a database of allowed users
>> (Which I already have setup and it works fine), if a valid user has
>> entered the correct information then admin.php is loaded...
>>
>> header("location:admin.php");
>>
>> ...the admin.php code would look something like the following..
>>
>> Code: [Select]
>> > if (isset($_COOKIE['username'])) {
>> echo "success!";
>> } else {
>> echo "Failure";
>> }
>> ?>
>>
>> So basically I think I need to create a cookie from index.php OR
>> authenticate.php and then pass the information to admin.php.
>> I set the cookie like this...
>>
>> setcookie("Admin", $username);
>>
>> Which file(index.php OR authenticate.php) do I create the cookie and how
>> do I access the information in the cookie on admin.php?
>>
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
> I finally got it working. I needed to setcookie() in login.php. Also, the
> names of the cookies(Using setcookie()) where wrong (The names where
> "Admin" when they should have been "adminuser" and "adminpass") Once I
> fixed that then the following worked in admin.php...
>  if (isset($_COOKIE['adminuser']) && isset($_COOKIE['adminpass'])) {
> echo "Success";
> } else {
> echo "Failed";
> }
> ?>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

You're not storing anything usable in the adminpass cookie, are you?
It sort of sounds like you're storing a password, or even a passhash,
in the cookie and you might want to rethink what that cookie contains
to prevent session hijacking.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Simple login form with cookies

[Eddie Drapkin]

On Mon, Jul 6, 2009 at 2:01 AM, Jason Carson wrote:
>> On Mon, Jul 6, 2009 at 1:45 AM, Jason Carson wrote:
 Hello everyone,

 I am trying to create a PHP login script using cookies but am having
 some
 troubles. Here is my setup

     index.php -> authenticate.php -> admin.php

 I want a login form on index.php that allows me to login with my
 username
 and password and then passes $_POST['username'] and $_POST['password']
 to
 authenticate.php

 Then authenticate.php authenticates against a database of allowed users
 (Which I already have setup and it works fine), if a valid user has
 entered the correct information then admin.php is loaded...

 header("location:admin.php");

 ...the admin.php code would look something like the following..

 Code: [Select]
 >>> if (isset($_COOKIE['username'])) {
 echo "success!";
 } else {
 echo "Failure";
 }
 ?>

 So basically I think I need to create a cookie from index.php OR
 authenticate.php and then pass the information to admin.php.
 I set the cookie like this...

 setcookie("Admin", $username);

 Which file(index.php OR authenticate.php) do I create the cookie and
 how
 do I access the information in the cookie on admin.php?


 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php


>>> I finally got it working. I needed to setcookie() in login.php. Also,
>>> the
>>> names of the cookies(Using setcookie()) where wrong (The names where
>>> "Admin" when they should have been "adminuser" and "adminpass") Once I
>>> fixed that then the following worked in admin.php...
>>> >> if (isset($_COOKIE['adminuser']) && isset($_COOKIE['adminpass'])) {
>>> echo "Success";
>>> } else {
>>> echo "Failed";
>>> }
>>> ?>
>>>
>>>
>>> --
>>> PHP General Mailing List (http://www.php.net/)
>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>
>>>
>>
>> You're not storing anything usable in the adminpass cookie, are you?
>> It sort of sounds like you're storing a password, or even a passhash,
>> in the cookie and you might want to rethink what that cookie contains
>> to prevent session hijacking.
>>
> Yeah, I am storing an unencrypted password in the cookie. Should I encrypt
> it, if so how, if not what should I do?
>
> I am new to programming and PHP web development so I am not aware of all
> the security problems that can occur.
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

That's an enormous question without an easy, or even a correct answer.
 I'd start by googling around for "session hijacking."  One of the
things that's probably not PC to say, is don't learn to prevent
session hijacking, learn to hijack sessions.  Once you know how to
hijack a session, you can audit your own code and fix the security
holes.

Although the best advice would probably be to find someone else's
session implementation and use that, seeing as there's no real reason
to recreate such a worn-in wheel.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Simple login form with cookies

[Eddie Drapkin]

On Wed, Jul 8, 2009 at 10:44 AM, Andrew Ballard wrote:
> On Wed, Jul 8, 2009 at 9:48 AM, Martin Scotta wrote:
>> $sql = 'SELECT * FROM your-table WHERE username = \''. $username .'\'
>> and passwd = md5( concat( \'' . $username .'\', \'@\', \'' . $password
>> .'\'))';
>>
>> I use this solution because md5 run faster in Mysql
>>
>>
>>
>>
>> --
>> Martin Scotta
>>
>
> If you were running a loop to build a rainbow table or brute-force a
> password, I could see where that would matter. For authenticating a
> single user it seems like premature optimization to me. On my
> development machine, where PHP runs slow inside of the IDE, the
> average time to perform an md5 hash on a text string of 38 characters
> (much longer than most passwords) over 1 iterations is around
> 0.00085 seconds. I can live with that. :-)  I still like handling the
> encryption in PHP and then passing the encrypted value to the database
> for storage/comparison.
>
> Andrew
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

You shouldn't be using md5 or sha1 to hash passwords as both have been
attacked and successfully exploited.  There are other hashing
functions in PHP that you should use.  And FWIW, you WANT hashing to
be slow.  The faster it is, the less complicated the algorithm is
(assuming all implementations are equal), the more easy it is to
break.  And if you're storing hashed passwords as a means of
verification, SALT THEM FOR CHRIST'S SAKE.

//somewhere where you can access it several places, like config.php
define('SALT', '2435kh...@#$@#14asdnaksa10=nsdf'); //random
characters, the longer and more random, the better.  If it was email
compatible, I'd have given a "real" salt read out of /dev/random at
some point, like you should be doing.

//prepare the password
$password = $_POST['password'] . SALT;
$password = hash('sha512', $password); //assume you've validated
$_POST['password']

//query the database to make sure the password is the right one
$stmt = $db->prepare('SELECT password FROM users WHERE user_name=?);
$stmt->bindParam(1, $password);
list($dbPass) = $stmt->fetch();
if($dbPass == $password) {
echo 'success';
} else {
echo 'failure';
}

The reason you salt passwords, especially with binary characters, is
that without knowing what the salt is, it's nearly impossible to
create a rainbow table and run rainbow table attacks on your database.
 It costs nearly nothing to do, in terms of resource usage and any
sort of human comprehensible scheme to store those hashes is easily
broken.  I've seen "{$user}{$randomCharacter}{$password}" used before,
and I'd never recommend something so simple.

--Eddie

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Obeying the rules (was Simple login form with cookies)

[Eddie Drapkin]

> I called him "intolerant" because he jumps on issues which other people just
> don't care about.
>
> I called him "small minded" because he concentrates on small issues which
> simply don't matter in the great scheme of things. That sounds like fair
> comment to me It's just like those people who have endless arguments about
> when to use uppercase and when to use lower case. It simply doesn't matter,
> so stop wasting your time in arguing about it.

And it's not just as small minded (I'm not agreeing with you, by the
way) to assume that your point is the only valid point in the
discussion?  Nor is it just as small minded to systematically attack
someone, and the community they take part in, because they have the
audacity to disagree with you?


> Irrelevant. It does not matter how much good work anybody does if they go
> and ruin it by trying to enforce some inconsequential petty rule.

It's obviously not inconsequential, as you're making such a fuss about
it.  If it's so inconsequential, why not bottom post and be done with
it?

>
> The conventions in other newsgroups are different, and I can't be bothered
> to change my habits for different newsgroups just becase some internet Nazi
> says so.
>

Congratulations, rule-abiding denizens of php-general, we're now all
Nazis!  Way to invoke Godwin, by the way, it clearly always wins these
internet argu-debates and doesn't make you look like a loon at all.
I'm going to take this opportunity to jump on the "no more respect"
bandwagon.

> So not only are you dictating how I post, you are also dictating which
> newsreader I should use? How arrogant!

"I don't like your rules, rules that existed before I got here and
will exist after I leave and are agreed on by the community, so I'll
not follow them!" is one of the most arrogant things I've ever seen on
this list.  He was making a suggestion, ffs, and you just want to be
an ass and take everything personally.  You're making an entire
mountain range out of the proverbial molehill.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Obeying the rules (was Simple login form with cookies)

[Eddie Drapkin]

I honestly think this is a case of the subject being broached in a
less-than-super-friendly-with-hugs-and-butterflies way and someone
getting unduly offended about that.  Why not chill out and look at
this objectively?  Mailing lists are historically, as I'm sure you
know, a nearly invaluable research for someone with a problem and a
search engine.  I would bet that there are few people who subscribe to
this list have never found a solution to a problem on a mailing list,
somewhere and somewhen.  I know I personally subscribed to this list
because quite a few questions I had when I was just starting out with
PHP came from here and I wasn't subscribing with a news reader at the
time.

I think you (the OP) is being unnecessarily short-sighted in assuming
that 1, everyone has a news reader and uses it to read this list and
2, the threads are only relevant for the duration of their life.  The
posts here are archived here forever and ever and a rule that suggests
posting on either the top or the bottom of the list keeps it consisten
for future readers.  Breaking that convention because you don't like
it is just being grumpy and stickly for no other reason than you can,
and potentially harming future developers who could find the
information from this list a valuable resource.  I like the escalator
analogy, because either side of the escalator would do to allow people
who want to stand and people who want to walk up to co-exist in
harmony, yet there's a standard.  Luckily for us, this isn't the New
York subway where you get cursed at for standing on the wrong side (I
learned that lesson the wrong way when I moved here!).

In other words, it's not that top posting is empirically and
inherently a worse method than bottom posting, it's that it's a
generally accepted standard that helps ensure the longevity of posts
on this list.  If it was top posting, I'm sure replying would be a lot
easier to most of us, but like a dozen people said in the first
thread, it takes two seconds to move the cursor each time.  Why choose
to be overly ornery about a point so trivial?  It seems like you're
trying to turn this into a "Fight the Power" battle, when the only
power you're fighting are your peers.

--Eddie

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] HTTP headers and include()

[Eddie Drapkin]

On Fri, Jul 10, 2009 at 1:21 AM, James Colannino wrote:
> Hey everyone,
>
> I've been hard at work on a new web application, and discovered
> something that I would never have seen coming.  I was noticing that when
> I called session_start() after a few lines of includes, I was getting
> complaints because the HTTP headers had already been sent out.  Then,
> after putting session_start() above the include lines, suddenly
> everything was working fine.
>
> The files that were included were nothing more than functions; there was
> no code executing that I could tell up to the point of the call to
> session_start().
>
> I was just wondering if anybody on the list knows why HTTP headers were
> being sent out by my includes.  I'm sure there's a good reason.  I'm
> just very curious :)
>
> Thanks very much in advance.
>
> James
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

HTTP headers are sent and finalized after the first bit of output.   I
had the same problem before and it turned out to be because I had a
close tag "?>" at the end of a file followed by some whitespace.  The
solution was to remove the ?> from the end of all the files and I
haven't closed an entire file since.  Perhaps that might be it?

--Eddie

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Error Trapping

[Eddie Drapkin]

On Fri, Jul 10, 2009 at 10:56 AM, Floyd Resler wrote:
> I'm having a hard time getting my head around this problem.  I have to
> connect to a FoxPro database using an ODBC driver.  Sometimes when I connect
> I get an error.  The error doesn't occur all the time and usually another
> connect attempt works.  I can trap the error through an error handler.
>  However, I use a class to connect to the database.  What I want to do is to
> check for that error and, if it occurs, try to connect again.  Since the
> error handler is outside the class, how can I create the object again and
> make sure it gets passed back to my script that called it?  I hope that made
> sense!
>
> Thanks!
> Floyd

Why is the error outside the class? If you connect with a class, something like:

public function __construct() {
  $this->handle = false;
  while($this->handle === false) {
$this->handle == odbc_connect();
  }
}

ought to work fine.  Alternatively, you could check out PDO, which is
supposed to be the next generation of database connections in PHP, and
won't create an object without a connection.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Error Trapping

[Eddie Drapkin]

On Fri, Jul 10, 2009 at 11:39 AM, Floyd Resler wrote:
> Eddie,
>        Thanks for the tip.  It suddenly occurred to me what I was doing
> wrong.  I do use an error trap but I was telling my script to stop running
> after the error.  So, now I ignore it and continue through the loop you
> suggested.  I guess it was working exactly the way I had written it!
>
> Thanks!
> Floyd
>
> On Jul 10, 2009, at 11:23 AM, Eddie Drapkin wrote:
>
>> On Fri, Jul 10, 2009 at 10:56 AM, Floyd Resler
>> wrote:
>>>
>>> I'm having a hard time getting my head around this problem.  I have to
>>> connect to a FoxPro database using an ODBC driver.  Sometimes when I
>>> connect
>>> I get an error.  The error doesn't occur all the time and usually another
>>> connect attempt works.  I can trap the error through an error handler.
>>>  However, I use a class to connect to the database.  What I want to do is
>>> to
>>> check for that error and, if it occurs, try to connect again.  Since the
>>> error handler is outside the class, how can I create the object again and
>>> make sure it gets passed back to my script that called it?  I hope that
>>> made
>>> sense!
>>>
>>> Thanks!
>>> Floyd
>>
>> Why is the error outside the class? If you connect with a class, something
>> like:
>>
>> public function __construct() {
>>  $this->handle = false;
>>  while($this->handle === false) {
>>   $this->handle == odbc_connect();
>>  }
>> }
>>
>> ought to work fine.  Alternatively, you could check out PDO, which is
>> supposed to be the next generation of database connections in PHP, and
>> won't create an object without a connection.
>>
>
>

;)

Sometimes all it takes is a fresh look at an old problem!

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] HELP SQL INJECTION

[Eddie Drapkin]

On Fri, Jul 10, 2009 at 3:50 PM, Daniel Brown wrote:
> On Fri, Jul 10, 2009 at 15:48, Chris Payne wrote:
>> Hi everyone,
>>
>> My server appears to be the victim of a chinese hack-attack and I
>> believe they managed to change pages via SQL Injection, do any of you
>> have any ideas how to lock down my forms so MySQL cannot be used from
>> my forms?
>
>    First and foremost:
>
>        http://php.net/mysql_real_escape_string
>
> --
> 
> daniel.br...@parasane.net || danbr...@php.net
> http://www.parasane.net/ || http://www.pilotpig.net/
> Check out our great hosting and dedicated server deals at
> http://twitter.com/pilotpig
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

You, sir, are an email list ninja.  Not ten seconds before I hit Send,
Gmail tells me you ninja'd my response!

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc

[Eddie Drapkin]

On Fri, Jul 10, 2009 at 8:25 PM, Govinda wrote:
> How do I  get
> basename(__FILE__)
> or
> htmlentities($somevar)
> to be evaluated  in a heredoc?
>
> 
> Govinda
> govinda.webdnat...@gmail.com
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

You actually can't, sorry.  At least not as far as I know.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc

[Eddie Drapkin]

On Sat, Jul 11, 2009 at 2:01 PM, Daniel Brown wrote:
> On Sat, Jul 11, 2009 at 13:45, Eddie Drapkin wrote:
>>
>> If that's true, then we've found an error reporting bug! I've never
>> seen an error/warning raised, even with my usual
>> "error_reporting(E_ALL | E_STRICT | E_DEPRACATED)"!  The warning is
>> raised here, though:
>> $foo = $bar[hello];
>>
>> but not here:
>> $foo = "$bar[hello]"
>
>    No, we're crossing subjects here, actually.  The error would be
> raised in something such as the following:
>
> 
> $bar['hello'] = 'World!';
> $bar['world'] = 'Hello,';
>
> $foo = << $bar['world'] $bar['hello']
> EOT;
>
> echo $foo."\n";
> ?>
>

Yeah, that (echo "$bar['hello']") would raise an error the same way as
if you had said:
echo $bar['\'hello\''];
because, as far as my understand goes, the array key "word" inside the
doublequotes/heredoc is literally evaluated, so it'll look for the
literal 'hello' key instead of the literal hello key, if that makes
sense given the lack of formatting on my part.  It looks like, when in
lexing mode inside of doublequotes/heredoc, the lexer stops lexing at
the first ] after a $ and inside the square bracketed "word", it
interprets it as a hash table key, rather than as the literal word,
which would be cast to a string (as an undefined constant) and then
used as a hash table key outside of "lexing mode" (which is probably
not the right way to describe what's going on inside heredoc or
doublequotes).

>    You don't sound like an ass at all (quite the contrary, actually),
> and not changing them certainly isn't the end of the world.

Alright, was just a tad worried ;)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc

[Eddie Drapkin]

On Sat, Jul 11, 2009 at 11:03 AM, Daniel Brown wrote:
> On Sat, Jul 11, 2009 at 10:42, Ashley Sheridan 
> wrote:
>>
>> The braces ensure that PHP doesn't stop parsing the variable name once it
>> reaches the [. By default, it will only match a variable name up to the [
>> sign, so you couldn't access arrays without the braces.
>
>    Couldn't have said it better myself.
>
>    As for the braces in the HEREDOC around {$somevar}, while it works
> absolutely fine, it was a typo on my part: I intended to show all
> manner of usage and processing of variables within the HEREDOC syntax.
>  However, in my own code, I generally include all variables between
> {braces} when inside a HEREDOC block.  Sheer preference for
> readability in a large HEREDOC: because I don't normally use curly
> braces around variables, when I see that on the page, I instantly
> recognize that I'm still in the block (if all other clues miraculously
> fail --- and we all know that they sometimes do).
>
> --
> 
> daniel.br...@parasane.net || danbr...@php.net
> http://www.parasane.net/ || http://www.pilotpig.net/
> Check out our great hosting and dedicated server deals at
> http://twitter.com/pilotpig
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Uhm you don't need braces around arrays unless you're using more
than one dimension in the array.

This works perfectly fine for me:

 "goodbye");

$foo = <<

Something this simple should be common knowledge :X but I still agree
with Daniel that you ought to use {} around variables in HEREDOC (or
double-quotes) as it makes your code much more readable.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc

[Eddie Drapkin]

On Sat, Jul 11, 2009 at 1:41 PM, Daniel Brown wrote:
> On Sat, Jul 11, 2009 at 13:35, Daniel Brown wrote:
>>
>>    It works fine because you're forcing PHP to cast 'hello' in your
>> array from a simple boolean TRUE to the string equivalent.
>
>    sed "s/string equivalent/literal 'hello' string/g"
>
>    (The way I'd worded it before seemed to me, upon re-reading it,
> like I was implying it would cast the boolean TRUE to the string
> 'TRUE'.)
>
> --
> 
> daniel.br...@parasane.net || danbr...@php.net
> http://www.parasane.net/ || http://www.pilotpig.net/
> Check out our great hosting and dedicated server deals at
> http://twitter.com/pilotpig
>

If that's true, then we've found an error reporting bug! I've never
seen an error/warning raised, even with my usual
"error_reporting(E_ALL | E_STRICT | E_DEPRACATED)"!  The warning is
raised here, though:
$foo = $bar[hello];

but not here:
$foo = "$bar[hello]"

At the risk of sounding like an inane ass, I quote, from php.net/strings:

"With array indices, the closing square bracket (]) marks the end of
the index. The same rules apply to object properties as to simple
variables."

Sorry if I sound like an ass, just trying to defend myself from having
to go change several thousand array items referenced from doublequotes
/ HEREDOC.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc

[Eddie Drapkin]

On Sat, Jul 11, 2009 at 3:53 PM, Govinda wrote:
> On Jul 11, 2009, at 11:26 AM, Eddie Drapkin wrote:
>
>> $foo = <<> $bar[hello]
>> EOT;
>
> what does "EOT" stand for?
> (I realize that string can be anything..  but I am just asking what EOT
> means to everyone?


I just use it as "End of Term" because I'm used to "EOF" as "End of File"

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc

[Eddie Drapkin]

On Sat, Jul 11, 2009 at 5:37 PM, tedd wrote:
> At 3:34 AM +0700 7/12/09, Lenin wrote:
>>
>> On Sun, Jul 12, 2009 at 2:56 AM, Eddie Drapkin  wrote:
>>
>>>  On Sat, Jul 11, 2009 at 3:53 PM, Govinda
>>
>>  > wrote:
>>  > > what does "EOT" stand for?
>>>
>>>  > (I realize that string can be anything..  but I am just asking what
>>> EOT
>>
>>  > > means to everyone?
>>  >
>>  > I just use it as "End of Term" because I'm used to "EOF" as "End of
>> File"
>>
>> EOT used to mean  End of Text. reference ASCII-7 notatioin
>
>
> Yes, but in both cases the operator is used at both the beginning AND at the
> end of the heredoc. I normally don't start anything with an "End" term.
>
> That's what I liked about the underscore (_) -- there's no inference that
> it's an acronym.
>
> $whatever = <<<_
> whatever
> _;
>
> However with that said, one could come up with a dual purpose acronym like:
>
> TO  = (TEXT On or TEXT Off)
>
> or if you need three characters.
>
> HDO = (HEREDOC ON or HEREDOC OFF)
>
> I'm sure some clever person could come up with something better.
>
> Cheers,
>
> tedd


When I see something like

$foo = <<http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MySql Injection advice

[Eddie Drapkin]

On Sat, Jul 11, 2009 at 6:39 PM, Haig Dedeyan wrote:
> On July 11, 2009 10:57:14 am Haig Dedeyan wrote:
>> At 10:12 PM -0400 7/10/09, Haig Dedeyan wrote:
>>
>> [1]
>>
>> >$fname = mysql_real_escape_string($fname);
>> >$lname = mysql_real_escape_string($lname);
>> >
>> >$sql = "UPDATE phonedir SET fname = '$fname',lname = '$lname' WHERE
>> > id=$id"; $result = mysql_query($sql);
>> >echo mysql_error() . "\n";
>> >
>> >This will result in the addition of the slashes.
>>
>> [2]
>>
>> >If I do the following, there are no slashes. Just wondering if I'm on the
>> >right path with the 1st code set..
>> >
>> >$sql = "UPDATE phonedir SET fname =
>> >'".mysql_real_escape_string($fname)."',lname =
>> >'".mysql_real_escape_string($lname)."'  WHERE id=$id";
>> >$result = mysql_query($sql);
>> >echo mysql_error() . "\n";
>>
>> Haig:
>>
>> Interesting, I did not know that -- that sounds like a bug to me --
>> both should be the same.
>>
>> However, I commonly do [1] and when I have to display the data to a
>> browser, then I use htmlentities() and stripslashes() before
>> displaying the data. That way names like O'Brian appear correctly --
>> else they appear 0\'Brian.
>>
>> Now maybe I'm doing something wrong, but this way works for me. If
>> there is a better way, I would like to here it.
>>
>> Cheers,
>>
>> tedd
>
>
> Thanks Tedd.
>
> I did more testing and here's what I have found.
>
> @PHPSter - magic quotes are off
>
>
> Just entering simple data where an apostrophe is part of the data.
>
> The following code is entering the slash but that's becuase I am escaping it
> twice since mysql_num_rows is throwing an error if an apostrophe is in its
> search:
>
> 1 -
> $new_fname = mysql_real_escape_string($new_fname);
> $new_lname = mysql_real_escape_string($new_lname);
>
> $result = mysql_query("SELECT * FROM phonedir WHERE fname = '$new_fname' &&
> lname = '$new_lname'");
> $num_rows = mysql_num_rows($result);
>
> if($num_rows > 0)
>
>          {
>                echo $fname." ".$lname." already exists";
>          }
>
> else
>        {
>
> mysql_query("INSERT INTO phonedir
> (fname, lname)
> VALUES('".mysql_real_escape_string($new_fname)."','".mysql_real_escape_string($new_lname)."')")
> or die(mysql_error());
>
>
>
>
>
> 2 - If I do the same code above without the mysql_num_rows and no escaping,
> the data doesn't get entered.
>
> I think this is normal behaviour.
>
>
>
>
>
> 3 - If I do any of the 2 following sets of code where there is 1 instance of
> escaping, the data gets entered with the apostrophe but I don't see any back
> slash entered.
>
> The part that I am concerned about is if I should be seeing the backslash
> entered without having to double escape,
>
>
> $new_fname = mysql_real_escape_string($new_fname);
> $new_lname = mysql_real_escape_string($new_lname);
>
>
> $result = mysql_query("SELECT * FROM phonedir WHERE fname = '$new_fname' &&
> lname = '$new_lname'");
> $num_rows = mysql_num_rows($result);
>
> if($num_rows > 0)
>
>          {
>                echo $fname." ".$lname." already exists";
>          }
>
> else
>        {
>
> mysql_query("INSERT INTO phonedir
> (fname, lname) VALUES('$new_fname','$new_lname')")
> or die(mysql_error());
>
>
>
> or
>
>
> mysql_query("INSERT INTO phonedir
> (fname, lname)
> VALUES('".mysql_real_escape_string($new_fname)."','".mysql_real_escape_string($new_lname)."')")
> or die(mysql_error());
>
>
>

No offense or anything, but all of this work you've done is
immediately mode obsolete the second you switch to prepared
statements.  They're easier to use and more secure, as well as making
code more readable.  I don't understand why it's so hard for them to
catch on among PHP developers when they're so popular in other
languages.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc

[Eddie Drapkin]

On Sun, Jul 12, 2009 at 3:05 AM, Lenin wrote:
> On Sun, Jul 12, 2009 at 6:49 AM, Daniel Brown  wrote:
>>
>> > Sorry for TOP posting  This mailing list also don't force us to be
>> > good
>> > :)
>>
>>    FORCE, no.  ENCOURAGE, yes.  Particularly in long threads like
>> this one.  Check the rules.  They're not just there to take up space
>> on the paper.  ;-P
>
> If I reply from my Nokia 6020's wap (as gmail app would hang now due to less
> memory) and I include the receiver's text I cant choose to place it at top
> or bottom. So, that way it would always be top posting.
>
> Also from that wap device you will have REAL difficulty if mails are not TOP
> posted. Because, then you'd have to scroll all the pages by clicking "next
> message">> "next message" blah blah blah.
>
> Of course it is better for reading if mails are written bottom posted or
> inline answered.
>
> Regards
>
> Lenin
>

Two things:
1) I've never head of an email list changing their rules to cater to a
fringe crowd, like Nokia 6020 users.
2) Why does every thread lately degrade into chatter about top/bottom
posting? *looks RIGHT AT D. Brown*

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php