I've grouped these env variables, each group returns the same values
is there a difference? which ones do you use? which ones should I not
use for the purposes listed below
group1
SCRIPT_FILENAME vs PATH_TRANSLATED
where both return D:\Hosting\5291100\html\directory\file.php
purpose: get the full
Hi, I'm coming from ASP background.
There, there is a life saver option called option explicit. It
forces you to declare your variables using the dim statement. The
good thing about that is that if you were to mis-spell one of your
variables, asp.dll throws an error stating that on line so and so,
:)
Notice: Use of undefined constant my_age - assumed 'my_age' in
D:\Hosting\5291100\html\blueprint\bp_library.php on line 40my_age
On Wed, Jan 11, 2012 at 9:12 PM, Tommy Pham tommy...@gmail.com wrote:
On Wed, Jan 11, 2012 at 8:43 PM, Haluk Karamete halukkaram...@gmail.com
wrote:
Hi, I'm coming
Because I got this
echo $_SERVER['HTTP_REFERER'];
I end up with this
Notice: Undefined index: HTTP_REFERER in
D:\Hosting\5291100\html\blueprint\bp_library.php on line 16
die;
Now, this is of course after the ?php error_reporting (E_ALL); ? change.
One solution is to dodge it by
echo
Again, coming from ASP background, I'm trying to minimize the typing
for most needed functionalities..
in asp, to set a session var, you go %session(age)=90% and to
output it, you just go %=session(age)%
in php, you've got to _SESSION['age']=90. that's a lot of keyboarding,
lots of double key
I agree... that was just a wild idea! :)
Let's forget about it!
What's a good PHP programming editor you'd recommend on a mac for starters?
On Thu, Jan 12, 2012 at 6:39 PM, tamouse mailing lists
tamouse.li...@gmail.com wrote:
On Thu, Jan 12, 2012 at 7:16 PM, Haluk Karamete halukkaram
Why discover the wheel, where there are so many qualified pros are
here that pick up their brains...
I'm building a php library of functions, I mean day to day functions
that eases my RAD.
Since I am new to PHP, I'm trying to wrap php's built-in-functions and
funtionalities into new function
, $db_username, $db_pass) or
die(mysql_error());
mysql_select_db($db_name, $link) or die(mysql_error());
$result = mysql_query($sql,$link) or die(mysql_error());
mysql_close($link);
}
On Fri, Jan 13, 2012 at 11:18 AM, Haluk Karamete
halukkaram...@gmail.com wrote:
Why
$result = mysql_query($sql,$link) or die(mysql_error());
how do you find out if $sql returned any recordsets?
is there a fast/super efficient way of finding this out... something
along the lines of is_empty($result) type thing?
--
PHP General Mailing List (http://www.php.net/)
To
I wrote a function sql_update which takes a $db_name, a $table_name,
a $where and finally a $data array where data is authored by using an
associative array which allows easy the pairing of field names and
field values.
This is how I build the data array;
$data = array(
'FirstName' =
Hi, in ASP, sessions expire when the client does not request an asp
page for more than 20 min. (The 20 min thing is a server level setting
- which can be changed by IIS settings ) And sessions work out of the
box.
I use sessions a lot. So, most likely, I would keep that style in my
PHP apps too.
should
see 10 session variables in there and then I should be able to go
APP_2 and there I should se only 8. That's the case with classic ASP.
On Mon, Jan 16, 2012 at 4:19 PM, Stuart Dallas stu...@3ft9.com wrote:
On 16 Jan 2012, at 22:51, Haluk Karamete wrote:
Hi, in ASP, sessions expire when
great exp. now I'm heading towards the
http://www.php.net/manual/en/session.configuration.php#ini.session.cookie_path.
you definitely deserved a good chocolate cookie!
On Mon, Jan 16, 2012 at 6:38 PM, Stuart Dallas stu...@3ft9.com wrote:
On 17 Jan 2012, at 02:21, Haluk Karamete wrote:
Well
I understand some ways are better than others in this one, and it
looks like the PDO based implementations shine the most as far as SQL
Injection.
But would not the following be good enough - without implementing a
PDO solution?
1- get the user input
2- for each input, deliberately enforce a
Let' say we have a form mailer script, which takes any form ( whose
action is directed to it ) and goes thru the submitting form's fields
list ( programmatically) , to build a nice email on the fly and email
the build up string to the email address that's coming in the hidden
field. Let's say
, 2012 at 4:39 AM, Andy McKenzie amckenz...@gmail.com wrote:
On Mon, Jan 16, 2012 at 10:34 PM, Haluk Karamete
halukkaram...@gmail.com wrote:
I understand some ways are better than others in this one, and it
looks like the PDO based implementations shine the most as far as SQL
Injection
?
I'm afraid session.cookie_lifetime = 0 keeps all session data ( that
is past and present ) in server memory until a server restart/stop
takes place. Correct me if I'm wrong.
On Mon, Jan 16, 2012 at 4:19 PM, Stuart Dallas stu...@3ft9.com wrote:
On 16 Jan 2012, at 22:51, Haluk Karamete wrote
Thanks Alex. I re-read Ross's reply but I don't think you and him (
and even me ) is saying something different. It's all about validating
the input. In my dictionary of programming vocabulary, validation is
not just validating user input but also sanitizing it.
You summed it up nicely by saying
I marked those I already know as can,
$_SERVER['REMOTE_ADDR'] CAN
$_SERVER['HTTP_REFERER'] CAN
$_SERVER['HTTP_USER_AGENT'] CAN
$_SERVER['REQUEST_URI'] CAN ( cause it contains the query string
part and user/hacker can easily change that )
Those I'm not too sure are as follows;
I was simply asking expert opinion with the intention to learn.
There is so much docs out there (I mean not just out there but at top
security sites like owasp ) that recommends database specific escape
solution as one of the viable alternatives.
You make it seem like anyone who does not use PDO
4 questions... which is basically all it comes to.. After all this
back and forth emails, I think we should nail down these questions
cause they are still not completely covered in my mind.
question 1
If you use the PHP filters sanitizations, and you plan on using PDO
with binded params, are
My reply is in delims.
question 1
If you use the PHP filters sanitizations, and you plan on using PDO
with binded params, are you absolutely safe? And if not, why? What are
the other ways for them to still make it in - even with PD0 and binded
params properly in place? Just curious.
when we do b64e and then back b64d, you are saying. we get the org
input all as clear text but this time as a string. because it is now a
string, (which by definition can not be executed)
what's the difference between b64e+b64d vs (string) casting then? if
you were to cast the original input into
or mysql_real_escape_string is not effective,
but because of the fact that there is NO WAY to reliably detect
whether the incoming user input is in utf-8 or not.
On Thu, Jan 26, 2012 at 9:14 AM, Jim Lucas li...@cmsws.com wrote:
On 01/26/2012 06:46 AM, Haluk Karamete wrote:
when we do b64e
you may find it weird, actually very weird, but is the following possible
load up a post or page into the admin panel and place something like
this in to the editor;
?php
//assume exec-PHP already active
$current_page_url_here = get_current_url();
echo a
title we were trying toi change is already
here.../title
link rel=profile href=http://gmpg.org/xfn/11; /
But this question is a wp question. I accidentally dropped it in the PHP group.
On Mon, Feb 13, 2012 at 2:24 PM, Daniel Brown danbr...@php.net wrote:
On Mon, Feb 13, 2012 at 17:15, Haluk
PM, Haluk Karamete halukkaram...@gmail.com wrote:
Yeah, but n the context of wordpress, that does not fly.
If I do a die; in the middle of wp's tinymce editor, and check back
the page, the title is already out there.
first 5 lines would be something like
!DOCTYPE html
html dir=ltr lang=en
This is my code and the output is right after that...
$PDate = $row['PDate'];
//row is tapping into ms-sql date field.
//and the ms-sql data field has a value like this for the PDate;
//07/12/2001
$PDate = $PDate-date;
echo h1[, $PDate , ]/h1;
echo h1[, var_dump($row['PDate']) , ]/h1;
echo h1[,
With this question, I aim to understand the inner workings of PHP a
little better.
Assume that you got a 50K library. The library is loaded with a bunch
of handy functions that you use here and there. Also assume that these
functions are needed/used by say 10% of the pages of your site. But
your
I would first start out with checking the code where user input is
taken and then placed into SQL statements from a SQL Injection point
of view, I would also take a look if user input is echoed back without
any treatment to see if there are issues with XSS.
If these checks yield that the previous
I recommend a third option, that is PDO.
Start here please. http://net.tutsplus.com/?s=pdo
On Thu, Feb 14, 2013 at 9:49 AM, dealTek deal...@gmail.com wrote:
Hi everybody,
Newbie is trying to set up OOP With PHP and MySQL or MySQLi database class
(using CRUD)
Simple story: creating this
Also worth checking http://justinvincent.com/ezsql
Which is the class behind the WordPress' wpdb class.
This is a great read too -
http://www.devarticles.com/c/a/MySQL/PHP-and-Databases-for-the-Lazy-Sod/
On Thu, Feb 14, 2013 at 10:30 AM, dealTek deal...@gmail.com wrote:
On Feb 14, 2013, at
32 matches
Mail list logo