Re: [PHP] Fwd: PHP Enterprise Bananas
Thanks everybody, looks like I was going down a blind alley, we can just run stuff from cron. Ben On 6 November 2012 17:50, Jim Lucas li...@cmsws.com wrote: On 11/06/2012 05:03 AM, Ben Edwards wrote: Not sure if this was some type of joke but came across it a while ago. We have some PHP we want to move from a site to a cron. Is this the answer or is there a better way (that does not involve re-writing code in another language). Cant find a home page for the project, maybe it is defunct. Ben I have scripts that get ran via crond and others that run 24/7 as daemons. I have no issues using PHP via the cli. Like Bastien said, you will want to setup better logging and maybe summary emails from cron would be useful too. -- Jim Lucas http://www.cmsws.com/ http://www.cmsws.com/examples/ -- *Ben Edwards - Freelance Filmmaker, Bristol, UK *http://www.funkytwig.com - View my show-reel and production services http://www.icontactvideo.org - iContact Video Network - Community Video Group http://bristol.mirocommunity.org/ - Bristol Community Channel http://bristol.mirocommunity.org/submit_video/ - Submit films to the above (takes 10 seconds) http://www.icontactvideo.org/news-blog - What it says on the tin @funkytwig http://twitter.com/funkytwig - Occasional Twitter postings about community video and the multiverse
[PHP] Fwd: PHP Enterprise Bananas
Not sure if this was some type of joke but came across it a while ago. We have some PHP we want to move from a site to a cron. Is this the answer or is there a better way (that does not involve re-writing code in another language). Cant find a home page for the project, maybe it is defunct. Ben -- *Ben Edwards - Freelance Filmmaker, Bristol, UK *http://www.funkytwig.com - View my show-reel and production services http://www.icontactvideo.org - iContact Video Network - Community Video Group http://bristol.mirocommunity.org/ - Bristol Community Channel http://bristol.mirocommunity.org/submit_video/ - Submit films to the above (takes 10 seconds) http://www.icontactvideo.org/news-blog - What it says on the tin @funkytwig http://twitter.com/funkytwig - Occasional Twitter postings about community video and the multiverse On 6 November 2012 13:01, Ben Edwards list4...@gmail.com wrote: Not sure if this was some type of joke but came across it a while ago. We have some PHP we want to move from a site to a cron. Is this the answer or is there a better way (that does not involve re-writing code in another language). Cant find a home page for the project, maybe it is defunct. Ben -- *Ben Edwards - Freelance Filmmaker, Bristol, UK *http://www.funkytwig.com - View my show-reel and production services http://www.icontactvideo.org - iContact Video Network - Community Video Group http://bristol.mirocommunity.org/ - Bristol Community Channel http://bristol.mirocommunity.org/submit_video/ - Submit films to the above (takes 10 seconds) http://www.icontactvideo.org/news-blog - What it says on the tin @funkytwig http://twitter.com/funkytwig - Occasional Twitter postings about community video and the multiverse -- *Ben Edwards - Freelance Filmmaker, Bristol, UK *http://www.funkytwig.com - View my show-reel and production services http://www.icontactvideo.org - iContact Video Network - Community Video Group http://bristol.mirocommunity.org/ - Bristol Community Channel http://bristol.mirocommunity.org/submit_video/ - Submit films to the above (takes 10 seconds) http://www.icontactvideo.org/news-blog - What it says on the tin @funkytwig http://twitter.com/funkytwig - Occasional Twitter postings about community video and the multiverse
RE: [PHP] MySQL Query Help
SELECT * FROM products p LEFT JOIN criteria_values cv ON p.key=cv.key LEFT JOIN criteria c ON cv.key=c.key WHERE c.value IS NOT NULL Hard to answer without more detail, but I am guessing the answer will be something like the above. Your question makes it hard to understand whether c or cv is joined to p. So swap em around if I misunderstood. iPhone 4. It rocks! On Nov 21, 2010, at 1:37 AM, Simcha Younger sim...@syounger.com wrote: On Sat, 20 Nov 2010 13:54:29 -0700 Ben Miller biprel...@gmail.com wrote: Hi, I'm building a website for a client in which I need to compare their products, side-by-side, but only include criteria for which all selected products have a value for that criteria. In my database (MySQL), I have a tables named products,criteria and criteria_values If I have something like $selected_product = array(1=Product 1,2=Product 2...) // All products selected for comparison by the user I need to get only rows from criteria where there is a row in criteria_values matching criteria.criteria_id for each $selected_product - in other words, if any of the $selected_product does not have a row in criteria_values that matches criteria.criteria_id, that criteria would not be returned. I hope that makes sense. It would be a lot easier to think about this if you could provide the table structure or create table statements. If I understood correctly, you have products which reference a criteria ID which has no matching value. If this is the problem you have a to first take care of the integrity of your data, as this should never happen. To help clarify - the 3 tables look something like the following (tableName = column,column,column...): Products = product_id,product_name,product_description... (key = product_id) Criteria = criteria_id,criteria_title,criteria_text,... (key = criteria_id) Criteria_values = product_id,criteria_id,criteria_value,... (key = product_id criteria_id) The user selects up to X product_id's to compare, stored in $selected_products. I then need to get each criteria_title and criteria_text from table(criteria) where there is a matching criteria_id in table(criteria_values) for each/all $selected_products, also returning the criteria_value for each $selected_products, ultimately ending up with an array or object that looks something like: (Assuming the user selected Product A (product_id=1), Product B (product_id=2) and Product C (product_id=3) criteria = Array ( [$criteria_id] = Array ( [title] = query_row[criteria_title] [text] = query_row[criteria_text] [values] = Array ( [1] = Product A's value for this criteria [2] = Product B's value for this criteria [3] = Product C's value for this criteria ) ) [$criteria_id] = Array ( . ) ) Again, displaying only/all criteria where there is a matching value for each/all $selected_products Thanks again, Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] MySQL Query Help
Hi, I'm building a website for a client in which I need to compare their products, side-by-side, but only include criteria for which all selected products have a value for that criteria. In my database (MySQL), I have a tables named products,criteria and criteria_values If I have something like $selected_product = array(1=Product 1,2=Product 2...) // All products selected for comparison by the user I need to get only rows from criteria where there is a row in criteria_values matching criteria.criteria_id for each $selected_product - in other words, if any of the $selected_product does not have a row in criteria_values that matches criteria.criteria_id, that criteria would not be returned. I hope that makes sense. I've played around with a few join queries, but none have given the desired results. Best I've been able to come up with so far is to query criteria for each DISTINCT(criteria_id) and then run through each $selected_product to make sure each has a criteria_value with a matching criteria_id, eliminating any criteria where the number of criteria_values count($selected_product), but this seems pretty inefficient. Thanks in advance for any help. Ben Miller -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Password protected directory
I need to access and read the files in a password protected directory with a PHP script using the readdir function. I'm already making users login to a secure area, so I don't want to make them enter a password again to access the files - is there a way to include the password with the readdir/opendir function with PHP? Thanks in advance. Ben
Re: [PHP] Fwd: Mail delivery failed: returning message to sender
it could be that the person whom you tried email has reached the quota on their inbox. It's also possible that the person you tried emailing gave you a fake email address and it's also possible that your domain might be hosted on a cheap hosting account with a company that has been known for other people using their service to host websites that have a bulk mailing script meant for sending spam. The possibility to what could be going on are endless, but out of all the possibilities I can think of, I can't imagine a spammer hijacking your site to send malware from it being one of the more likely possibilities especially if you have a hosting account with cpanel, which is harder to gain unauthorized access to a cpanel hosting account than it is to gain access to a web server's FTP, especially if you allow public FTP uploads to the site, that can be a breading ground for hackers to upload a password sniffing script onto your site via FTP that would track back to their server, which would allow them to hack into your website. Cheap, no name webhosting companies are more likely breading grounds for those kinds of shady charachters. If you have an account with one of those no name companies, I'd recommend changing webhosts immediately, otherwise, you should be ok. If you do, though, and you're not sure who to switch to, I'd recommend hostgator http://secure.hostgator.com/%7Eaffiliat/cgi-bin/affiliates/clickthru.cgi?id=BenBrent. They're not as big as 11 or Godaddy, but there one of the biggest webhosting companies that use cpanel. I wouldn't recommend any webhosting company that doesn't use cpanel because anything else is either harder to use, not as secure or both. On 11/1/2010 3:56, Ashley Sheridan wrote: On Sun, 2010-10-31 at 20:06 -0500, Tamara Temple wrote: Is this something I need to worry about?? Is my mail sending some malware?? Begin forwarded message: From: Mail Delivery Subsystemmailer-dae...@immosky.ch Date: October 31, 2010 7:37:54 PM CDT To: Tamara Templetamouse.li...@gmail.com Subject: Mail delivery failed: returning message to sender This message was created automatically by mail delivery software. A message sent by php-general-return-309188-sascha.braun=immosky...@lists.php.net could not be delivered to all of its recipients. The following address(es) failed: sascha.br...@immosky.ch The following text was generated during the delivery attempt(s): sascha.br...@immosky.ch (reason: 550 This message contains malware (winnow.malware.wa.webinjection.1450.UNOFFICIAL)) -- This is a copy of the message, including all the headers. Received: from [192.168.1.110] (helo=mailin01.ims-firmen.de) by mail01.ims-firmen.de with esmtp (Exim 4.69) (envelope-fromphp-general-return-309188-sascha.braun=immosky...@lists.php.net ) id 1PCiPJ-0001i7-R8 for sascha.br...@immosky.ch; Mon, 01 Nov 2010 01:37:53 +0100 Received: from pb1.pair.com ([76.75.200.58] helo=lists.php.net) by mailin01.ims-firmen.de with esmtp (Exim 4.72) (envelope-fromphp-general-return-309188-sascha.braun=immosky...@lists.php.net ) id 1PCiPs-00047o-Sb for sascha.br...@immosky.ch; Mon, 01 Nov 2010 01:38:29 +0100 Authentication-Results: pb1.pair.com header.from=tamouse.li...@gmail.com ; domainkeys=bad DomainKey-Status: bad X-DomainKeys: Ecelerity dk_validate implementing draft-delany- domainkeys-base-01 X-Host-Fingerprint: 76.75.200.58 pb1.pair.com Received: from [76.75.200.58] ([76.75.200.58:2084] helo=lists.php.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id EF/73-24094-FDB0ECC4 forsascha.br...@immosky.ch; Sun, 31 Oct 2010 19:37:51 -0500 Received: (qmail 51732 invoked by uid 1010); 1 Nov 2010 00:37:02 - Mailing-List: contact php-general-h...@lists.php.net; run by ezmlm Precedence: bulk list-help:mailto:php-general-h...@lists.php.net list-unsubscribe:mailto:php-general-unsubscr...@lists.php.net list-post:mailto:php-general@lists.php.net List-Id: php-general.lists.php.net Delivered-To: mailing list php-general@lists.php.net Received: (qmail 51725 invoked from network); 1 Nov 2010 00:37:02 - Authentication-Results: pb1.pair.com header.from=tamouse.li...@gmail.com ; sender-id=pass; domainkeys=bad Authentication-Results: pb1.pair.com smtp.mail=tamouse.li...@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.214.170 as permitted sender) X-DomainKeys: Ecelerity dk_validate implementing draft-delany- domainkeys-base-01 X-PHP-List-Original-Sender: tamouse.li...@gmail.com X-Host-Fingerprint: 209.85.214.170 mail-iw0-f170.google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:from:to :in-reply-to:content-type:content-transfer-encoding:mime- version :subject:x-priority:date:references:x-mailer;
Re: [PHP] Fwd: Mail delivery failed: returning message to sender
her inbox is probably full than On 11/1/2010 5:30, a...@ashleysheridan.co.uk wrote: It's not to do with hosting, its an auto reply when you email sascha.braun which gave the same aware reply to me, and I'm on a Linux box at home! Thanks, Ash http://www.ashleysheridan.co.uk - Reply message - From: Ben Brentlinger b...@benbrent.com Date: Mon, Nov 1, 2010 08:29 Subject: [PHP] Fwd: Mail delivery failed: returning message to sender To: php-general@lists.php.net it could be that the person whom you tried email has reached the quota on their inbox. It's also possible that the person you tried emailing gave you a fake email address and it's also possible that your domain might be hosted on a cheap hosting account with a company that has been known for other people using their service to host websites that have a bulk mailing script meant for sending spam. The possibility to what could be going on are endless, but out of all the possibilities I can think of, I can't imagine a spammer hijacking your site to send malware from it being one of the more likely possibilities especially if you have a hosting account with cpanel, which is harder to gain unauthorized access to a cpanel hosting account than it is to gain access to a web server's FTP, especially if you allow public FTP uploads to the site, that can be a breading ground for hackers to upload a password sniffing script onto your site via FTP that would track back to their server, which would allow them to hack into your website. Cheap, no name webhosting companies are more likely breading grounds for those kinds of shady charachters. If you have an account with one of those no name companies, I'd recommend changing webhosts immediately, otherwise, you should be ok. If you do, though, and you're not sure who to switch to, I'd recommend hostgator http://secure.hostgator.com/%7Eaffiliat/cgi-bin/affiliates/clickthru.cgi?id=BenBrent. They're not as big as 11 or Godaddy, but there one of the biggest webhosting companies that use cpanel. I wouldn't recommend any webhosting company that doesn't use cpanel because anything else is either harder to use, not as secure or both. On 11/1/2010 3:56, Ashley Sheridan wrote: On Sun, 2010-10-31 at 20:06 -0500, Tamara Temple wrote: Is this something I need to worry about?? Is my mail sending some malware?? Begin forwarded message: From: Mail Delivery Subsystemmailer-dae...@immosky.ch Date: October 31, 2010 7:37:54 PM CDT To: Tamara Templetamouse.li...@gmail.com Subject: Mail delivery failed: returning message to sender This message was created automatically by mail delivery software. A message sent by php-general-return-309188-sascha.braun=immosky...@lists.php.net could not be delivered to all of its recipients. The following address(es) failed: sascha.br...@immosky.ch The following text was generated during the delivery attempt(s): sascha.br...@immosky.ch (reason: 550 This message contains malware (winnow.malware.wa.webinjection.1450.UNOFFICIAL)) -- This is a copy of the message, including all the headers. Received: from [192.168.1.110] (helo=mailin01.ims-firmen.de) by mail01.ims-firmen.de with esmtp (Exim 4.69) (envelope-fromphp-general-return-309188-sascha.braun=immosky...@lists.php.net ) id 1PCiPJ-0001i7-R8 for sascha.br...@immosky.ch; Mon, 01 Nov 2010 01:37:53 +0100 Received: from pb1.pair.com ([76.75.200.58] helo=lists.php.net) by mailin01.ims-firmen.de with esmtp (Exim 4.72) (envelope-fromphp-general-return-309188-sascha.braun=immosky...@lists.php.net ) id 1PCiPs-00047o-Sb for sascha.br...@immosky.ch; Mon, 01 Nov 2010 01:38:29 +0100 Authentication-Results: pb1.pair.com header.from=tamouse.li...@gmail.com ; domainkeys=bad DomainKey-Status: bad X-DomainKeys: Ecelerity dk_validate implementing draft-delany- domainkeys-base-01 X-Host-Fingerprint: 76.75.200.58 pb1.pair.com Received: from [76.75.200.58] ([76.75.200.58:2084] helo=lists.php.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id EF/73-24094-FDB0ECC4 forsascha.br...@immosky.ch; Sun, 31 Oct 2010 19:37:51 -0500 Received: (qmail 51732 invoked by uid 1010); 1 Nov 2010 00:37:02 - Mailing-List: contact php-general-h...@lists.php.net; run by ezmlm Precedence: bulk list-help:mailto:php-general-h...@lists.php.net list-unsubscribe:mailto:php-general-unsubscr...@lists.php.net list-post:mailto:php-general@lists.php.net List-Id: php-general.lists.php.net Delivered-To: mailing list php-general@lists.php.net Received: (qmail 51725 invoked from network); 1 Nov 2010 00:37:02 - Authentication-Results: pb1.pair.com header.from=tamouse.li...@gmail.com ; sender-id=pass; domainkeys=bad Authentication-Results: pb1.pair.com smtp.mail=tamouse.li...@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.214.170 as permitted sender) X-DomainKeys: Ecelerity dk_validate implementing draft-delany- domainkeys
Re: [PHP] questions about if statements regarding a checkbox
Here's the code I'm using with the exception of the php tags and the
redirect script that redirects to another page once the form is
submitted. This is just a test script I'm working on in order to teach
myself php. The php portion will be posted first, than the html form
related to the php. I've got the code inside tags similar to the code
tag which only serves to serarate the php code from the html form.
[php_code]
$name = $_POST['firstname'] . ' ' . $_POST['lastname'];
$email = $_POST['email'];
if($_POST['reallife'] == on)
{
$to = 'b...@benbrent.com';
$subject ='test email one';
$msg = $name has filled out the test form. \n .
this is just a test message;
mail ($to, $subject, $msg, 'From:' . $email);
} else {
$to = 'b...@benbrent.com';
$subject ='test email two';
$msg = $name has filled out the test form. ;
mail ($to, $subject, $msg, 'From:' . $email);
}
if($_POST['reallife'] == on) {
$to = '$email';
$subject = Thank you email number one;
$msg = hello $name, \n .
thank you for filling out the form. \n .
This is the first of two test emails \n .
The second would have been sent \n .
if you had left the checkbox unchecked \n;
mail ($to, $subject, $msg, 'From:' . $...@benbrent.com);
}
header (location:thankyoupage)
[/php_code]
[html_code]
div align=center
table border=0
cellpadding=3 cellspacing=0 width=59%
tr
td colspan=2
h2 align=centernbsp;/h2
h2 align=centerfont color=blue face=ArialContact Form/font/h2
p align=centernbsp;/p
td width=51% align=right
p align=leftfont face=ArialEmail/fontfont face=Times New
Roman:/fontfont face=Arial /font/td
td width=49% align=leftinput type=text name=email size=20/td
/tr
tr
td width=51% align=right
p align=leftfont face=ArialFirst Name: /font/td
td width=49% align=leftinput type=text name=firstname
size=20/td
/tr
tr
td width=51% align=right
p align=leftfont face=ArialLast Name: /font/td
td width=49% align=leftinput type=text name=lastname
size=20/td
/tr
tr
td width=51% align=right
p align=leftfont face=ArialI know you in real life/font/td
td width=49% align=leftinput type=checkbox name=reallife
size=20/td
/tr
/table
pinput type=submit value=contact me
name=B1/p
/center/div
/form
/td
tdnbsp;/td
/tr
/table
[/html_code]
This actual code that is on the portion of my hosting account which I
use as my test server. In my opinion, it's much cheaper to pay for a
hosting account to use as a test server to teach myself php than it is
to pay some collage professor to teach it to you only to be slapped in
the face by having him assume you're learning php to be a freelance
coder working for a company that does freelance work. The truth is, I
only have an interest in learning php to use in my own business and when
I get good enough, I may do some freelancing on the side on sites like
Scriptlance, but my main focus will be my own business and for anyone to
have the audacity that I plan on working for someone else my whole life
pisses me off, so that's why I'd much rather teach myself than to take a
college class on php.
Thanks,
Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] questions about if statements regarding a checkbox
thanks for your help. I just retested my code and even though it didn't work, I found the reason it wasn't working was because I had an unneeded space between the if and the rest of the if statement. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] questions about if statements regarding a checkbox
Also, as far as the form is concerned, I actually did have the form in a
separate .htm file, I just put the two together, separating them with
the those tags to make them easier to read in the email.
On 10/31/2010 10:36, ad...@buskirkgraphics.com wrote:
I tested your code and besides adding a form to the beginning it works.
If you want to see the results of the posted for try.
print_r($_POST);
you can see every position of the array passed and validate they are passing as
intended.
Try this.
//if reallife is not set (Checked it will not pass)
// I am pretty sure I read where someone had responded with the isset
if(isset($_POST['reallife']))
{
print_r($_POST);
}
Richard L. Buskirk
-Original Message-
From: Ben Brentlinger [mailto:b...@benbrent.com]
Sent: Sunday, October 31, 2010 8:26 AM
To: php-general@lists.php.net
Subject: Re: [PHP] questions about if statements regarding a checkbox
Here's the code I'm using with the exception of the php tags and the
redirect script that redirects to another page once the form is
submitted. This is just a test script I'm working on in order to teach
myself php. The php portion will be posted first, than the html form
related to the php. I've got the code inside tags similar to the code
tag which only serves to serarate the php code from the html form.
[php_code]
$name = $_POST['firstname'] . ' ' . $_POST['lastname'];
$email = $_POST['email'];
if($_POST['reallife'] == on)
{
$to = 'b...@benbrent.com';
$subject ='test email one';
$msg = $name has filled out the test form. \n .
this is just a test message;
mail ($to, $subject, $msg, 'From:' . $email);
} else {
$to = 'b...@benbrent.com';
$subject ='test email two';
$msg = $name has filled out the test form. ;
mail ($to, $subject, $msg, 'From:' . $email);
}
if($_POST['reallife'] == on) {
$to = '$email';
$subject = Thank you email number one;
$msg = hello $name, \n .
thank you for filling out the form. \n .
This is the first of two test emails \n .
The second would have been sent \n .
if you had left the checkbox unchecked \n;
mail ($to, $subject, $msg, 'From:' . $...@benbrent.com);
}
header (location:thankyoupage)
[/php_code]
[html_code]
div align=center
table border=0
cellpadding=3 cellspacing=0 width=59%
tr
td colspan=2
h2 align=centernbsp;/h2
h2 align=centerfont color=blue face=ArialContact Form/font/h2
p align=centernbsp;/p
td width=51% align=right
p align=leftfont face=ArialEmail/fontfont face=Times New
Roman:/fontfont face=Arial /font/td
td width=49% align=leftinput type=text name=email size=20/td
/tr
tr
td width=51% align=right
p align=leftfont face=ArialFirst Name:/font/td
td width=49% align=leftinput type=text name=firstname
size=20/td
/tr
tr
td width=51% align=right
p align=leftfont face=ArialLast Name:/font/td
td width=49% align=leftinput type=text name=lastname
size=20/td
/tr
tr
td width=51% align=right
p align=leftfont face=ArialI know you in real life/font/td
td width=49% align=leftinput type=checkbox name=reallife
size=20/td
/tr
/table
pinput type=submit value=contact me
name=B1/p
/center/div
/form
/td
tdnbsp;/td
/tr
/table
[/html_code]
This actual code that is on the portion of my hosting account which I
use as my test server. In my opinion, it's much cheaper to pay for a
hosting account to use as a test server to teach myself php than it is
to pay some collage professor to teach it to you only to be slapped in
the face by having him assume you're learning php to be a freelance
coder working for a company that does freelance work. The truth is, I
only have an interest in learning php to use in my own business and when
I get good enough, I may do some freelancing on the side on sites like
Scriptlance, but my main focus will be my own business and for anyone to
have the audacity that I plan on working for someone else my whole life
pisses me off, so that's why I'd much rather teach myself than to take a
college class on php.
Thanks,
Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] questions about if statements regarding a checkbox
hello, I'd like to know the proper code to use in a php script that processes a form with a checkbox in order to send one email if the checkbox has been checked and another email if the checkbox hasn't. I tried if($check == true) and I tried putting the word true in double quotes, and both of them caused the unexpected variable syntax error. The only problem is, all I could think to use was that line of code I just used, I'm not sure what the proper syntax is for checkbox when using the if statement to send one email when the checkbox is checked and a different email when it's not checked. I'm wanting to send an email to the site admin with the information given by the person who filled out the form that contains the checkbox. Thanks, Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] questions about if statements regarding a checkbox
I tried that, but I'm getting the syntax error that says unexpected
T_IF. Probably because I'm trying to process this information directly
in an email rather letting a mysql database handle the data, which I
find harder to set up when writing a script from scratch than it would
be to code a php script to send the data in an email.
On 10/30/2010 22:28, ad...@buskirkgraphics.com wrote:
input type=checkbox name=test
If check it will submit the value of 'on'
So
If($_POST['test'] == on')
{
Do this
}else{
Do this
}
Richard L. Buskirk
-Original Message-
From: Ben Brentlinger [mailto:b...@benbrent.com]
Sent: Saturday, October 30, 2010 10:05 PM
To: php-general@lists.php.net
Subject: [PHP] questions about if statements regarding a checkbox
hello,
I'd like to know the proper code to use in a php script that processes a
form with a checkbox in order to send one email if the checkbox has been
checked and another email if the checkbox hasn't. I tried if($check ==
true) and I tried putting the word true in double quotes, and both of
them caused the unexpected variable syntax error. The only problem
is, all I could think to use was that line of code I just used, I'm not
sure what the proper syntax is for checkbox when using the if statement
to send one email when the checkbox is checked and a different email
when it's not checked. I'm wanting to send an email to the site admin
with the information given by the person who filled out the form that
contains the checkbox.
Thanks,
Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] SELECT AVG(rating)
Hi - I have a MySQL table full of product reviews and I'm trying to select
info for only the top 5 rated products. The only way I can figure out how
to do it so far is something like:
$query1 = mysql_query(SELECT * FROM products);
for($i=1;$i=mysql_num_rows($query1);$i++) {
$row1 = mysql_fetch_array($query1,MYSQL_ASSOC);
$query2 = mysql_query(SELECT AVG(rating) as rating FROM reviews
WHERE product_id=' . $row1['product_id'] . ');
...
$product[$i]['name'] = $row1['product_name'];
$product[$i]['rating'] = $row2['rating'];
}
And then use array functions to sort and display only the first 5.
Is there any easier way to get this done with a single query - something
like SELECT AVG(rating) WHERE product_id=DISTINCT(product_id)? = I tried
that - it didn't work. Would greatly appreciate any advice. Thanks,
Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SELECT AVG(rating)
-Original Message-
From: Ashley Sheridan [mailto:a...@ashleysheridan.co.uk]
Sent: Friday, July 02, 2010 2:43 PM
To: b...@tottd.com
Cc: php-general@lists.php.net
Subject: Re: [PHP] SELECT AVG(rating)
On Fri, 2010-07-02 at 14:32 -0600, Ben Miller wrote:
Hi - I have a MySQL table full of product reviews and I'm trying to select
info for only the top 5 rated products. The only way I can figure out how
to do it so far is something like:
$query1 = mysql_query(SELECT * FROM products);
for($i=1;$i=mysql_num_rows($query1);$i++) {
$row1 = mysql_fetch_array($query1,MYSQL_ASSOC);
$query2 = mysql_query(SELECT AVG(rating) as rating FROM reviews
WHERE product_id=' . $row1['product_id'] . ');
...
$product[$i]['name'] = $row1['product_name'];
$product[$i]['rating'] = $row2['rating'];
}
And then use array functions to sort and display only the first 5.
Is there any easier way to get this done with a single query - something
like SELECT AVG(rating) WHERE product_id=DISTINCT(product_id)? = I
tried
that - it didn't work. Would greatly appreciate any advice. Thanks,
Ben
How about something like this (untested)
SELECT products.product_id, AVG(reviews.rating) AS rating
FROM products
LEFT JOIN reviews ON (reviews.product_id = products.product_id)
GROUP BY products.product_id
ORDER BY rating
LIMIT 1,5
I'm unsure about that order and limit there, so you might have to wrap
that inside of a temporary table query and take your 5 out of that. A
join is the right way to go with this though I reckon.
Thanks,
Ash
http://www.ashleysheridan.co.uk
Adding a DESC after ORDER BY rating did it perfectly. I had tried a few
JOIN queries, but was building them incorrectly. Thank you so much for your
help.
Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Sessions and Security Concerns
Hi, I'm just wondering whether there are any apparent security concerns I should be aware of when using sessions in my PHP scripts. I understand that sessions are tracked with an individual user via a session ID which is stored in a temporary location on the server, as well as a PHPSESSID cookie assigned to the end user's client, but the server my website is hosted on (and which I'll be developing my PHP script on) doesn't allow you to create a session ID via the URL (i.e. index.php?PHPSESSID=1234) so I *presume* only the server can generate a session ID for the end user when I call the session_start function? So do I still need to call session_regenerate_id for security purposes when an end user has entered the correct login credentials - would this be necessary since you cant set a session ID via the URL? Thanks, Ben.
[PHP] Recommended Books on Object Oriented Programming
Hi, I want to properly learn object oriented programming as I've been coding in procedural style since I started with PHP a few years ago, and want to give OOP a shot. The web isn't really a good resource to learn OOP in PHP to be honest, as a lot is outdated for PHP4's style of OOP. I've looked into OOP quite a bit and understand the concept of it, and want to take it further. Any recommendations appreciated :). Thanks, Ben.
[PHP] FTP Site
Hi, I'm building a site for a client that has a need to allow their users to upload large files (up to 100mb or more) and store them on the server. I've never had a need to work with PHP's FTP functions until now and, before I go reading the manual to learn how, I wanted to see if this something that I can handle with just PHP, or if I'm going to need to adopt a third party Ajax app or something like that? Any thoughts or even a point in the right direction would be greatly appreciated. Thanks, Ben
[PHP] Inserting Associative array values into a MySQL INSERT statement?
Hi, I want to be able to create a function that acts as an insert mysql function that accepts specific parameters for the fields and the values I want to insert into those respective fields and I know I'll need to use associative arrays to complete this task when passing values to the function, but I'm not sure how to pass multiple values in an array through an insert statement? Any help greatly appreciated! Thanks.
[PHP] Sessions across subdomains
Hi, I've always thought that session data was subdomain specific and would not carry over between http://www.mydomain.com and https://secure.mydomain.com, but it seems to be working for me now. Can I rely on this and post from http://www.mydomain.com to https://secure.mydomain.com and simply pass a hidden input containing PHPSESSID, or do I need to pass each key=value pair that _SESSION contains at www. and reset them as _SESSION vars at secure. https://secure.mydomain.com ? Thanks in advance, Ben
[PHP] http vs https
Is there a PHP function that will return whether the request was http or https? I have functions that need to cURL other servers - sometimes over SSL, sometimes not, depending whether the function is called from http://www.mydomain.com/script_that_calls_function.php or https://www.mydomain.com/script_that_calls_function.php Hope the question is clear. Thanks, Ben
[PHP] Object Oriented Programming question
Hi, I've been learning about object oriented programming for the past few weeks and I've understood it pretty well, but I have one question. Usually with PHP scripts I make, all the functionality for a specific page is in the actual PHP file, and I'd use PHP functions in a separate directory which would be included in whichever PHP file needs specific functions I have created. The functions would be for the specific things in my script, such as validation checks, functionality that will be used/repeated a lot throughout my script, etc. What I don't understand about OOP is what its primary purpose is for. Do I use OOP for all the functionality of my application, in separate directories, and include these specific class files and call the methods to complete specific functionality needed for whatever PHP file I'm working on, or is OOP used for specific functionality like I would with functions? Essentially what I'm asking is what is the primary purpose for OOP? Hope you understand. Thanks,
[PHP] MySQL Increment/Decrement
I hope this isn't a bone-head question - Is there a MySQL query that will increment/decrement the value in an integer column with a single query - in other words, I don't have to run a SELECT query to get the value, add/subtract to/from the value, and then run an UPDATE query to store the new value? Thanks in advance. Ben
[PHP] Backup to local drive
Hello - I have an application I'm building that allows users to store personal information and files (images, PDFs, etc.) in our database, but I need a way for them to be able to save the HTML output of that personal data to a local (for the user) flash drive. I'm guessing I'm going to need a clientSide language like javascript for this, but was wondering if maybe there was a PHP addon or something like that for downloading content to the user's PC. Thanks in advance. Ben
RE: [PHP] Backup to local drive
Users would be updating data via form input (address, tel, product catalogues, etc.) as well as uploading files (images, PDFs, etc.), creating their own presentations and saving those presentations to a flash drive as HTML files with calls to the images/PDFs so that they can simply plug their drive into a USB port and present the info on the road, regardless of connection to the internet. Ben -Original Message- From: Roberto [mailto:prof...@gmail.com] Sent: Friday, December 11, 2009 11:58 AM To: Ben Miller Cc: php-general@lists.php.net Subject: Re: [PHP] Backup to local drive Hi, you lost me a bit. Let say a user uploads a PDF file to one of your servers. What do you mean when you say I want the users to be able to save the HTML output of their data?!? Roberto Aloi http://aloiroberto.wordpress.com Twitter: @prof3ta On Fri, Dec 11, 2009 at 6:44 PM, Ben Miller biprel...@gmail.com wrote: Hello - I have an application I'm building that allows users to store personal information and files (images, PDFs, etc.) in our database, but I need a way for them to be able to save the HTML output of that personal data to a local (for the user) flash drive. I'm guessing I'm going to need a clientSide language like javascript for this, but was wondering if maybe there was a PHP addon or something like that for downloading content to the user's PC. Thanks in advance. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Backup to local drive
Too much reliance on the user knowing how to extract the files to the flash drive – need something that does it all for them so all they have to do is insert the flash drive on their own computer to store the preformatted presentation and then insert into a prospect’s computer and either a) (preferred) run the presentation via an autoplay command or b) open the presentation.html file. Ben From: Ashley Sheridan [mailto:a...@ashleysheridan.co.uk] Sent: Friday, December 11, 2009 2:25 PM To: Ben Miller Cc: 'Roberto'; php-general@lists.php.net Subject: RE: [PHP] Backup to local drive On Fri, 2009-12-11 at 14:25 -0700, Ben Miller wrote: Users would be updating data via form input (address, tel, product catalogues, etc.) as well as uploading files (images, PDFs, etc.), creating their own presentations and saving those presentations to a flash drive as HTML files with calls to the images/PDFs so that they can simply plug their drive into a USB port and present the info on the road, regardless of connection to the internet. Ben -Original Message- From: Roberto [mailto:prof...@gmail.com] Sent: Friday, December 11, 2009 11:58 AM To: Ben Miller Cc: php-general@lists.php.net Subject: Re: [PHP] Backup to local drive Hi, you lost me a bit. Let say a user uploads a PDF file to one of your servers. What do you mean when you say I want the users to be able to save the HTML output of their data?!? Roberto Aloi http://aloiroberto.wordpress.com Twitter: @prof3ta On Fri, Dec 11, 2009 at 6:44 PM, Ben Miller biprel...@gmail.com wrote: Hello - I have an application I'm building that allows users to store personal information and files (images, PDFs, etc.) in our database, but I need a way for them to be able to save the HTML output of that personal data to a local (for the user) flash drive. I'm guessing I'm going to need a clientSide language like javascript for this, but was wondering if maybe there was a PHP addon or something like that for downloading content to the user's PC. Thanks in advance. Ben Why not create all the HTML files and images on the server, and zip it up then send that down to the user? Thanks, Ash http://www.ashleysheridan.co.uk
RE: [PHP] Backup to local drive
That’s exactly why I need something that will put all the needed files directly onto the flash drive – to take that responsibility away from the user. Pulling the data from the DB and creating the folder structure is easy with PHP – just not sure how to copy that folder structure and related files to the flash drive without the user having to know much of anything about computers. Was hoping there is maybe a PHP extension that I didn’t know about, but sounds like a client side is going to be my best bet. From: Ashley Sheridan [mailto:a...@ashleysheridan.co.uk] Sent: Friday, December 11, 2009 2:39 PM To: Ben Miller Cc: 'Roberto'; php-general@lists.php.net Subject: RE: [PHP] Backup to local drive On Fri, 2009-12-11 at 14:36 -0700, Ben Miller wrote: Too much reliance on the user knowing how to extract the files to the flash drive – need something that does it all for them so all they have to do is insert the flash drive on their own computer to store the preformatted presentation and then insert into a prospect’s computer and either a) (preferred) run the presentation via an autoplay command or b) open the presentation.html file. Ben From: Ashley Sheridan [mailto:a...@ashleysheridan.co.uk] Sent: Friday, December 11, 2009 2:25 PM To: Ben Miller Cc: 'Roberto'; php-general@lists.php.net Subject: RE: [PHP] Backup to local drive On Fri, 2009-12-11 at 14:25 -0700, Ben Miller wrote: Users would be updating data via form input (address, tel, product catalogues, etc.) as well as uploading files (images, PDFs, etc.), creating their own presentations and saving those presentations to a flash drive as HTML files with calls to the images/PDFs so that they can simply plug their drive into a USB port and present the info on the road, regardless of connection to the internet. Ben -Original Message- From: Roberto [mailto:prof...@gmail.com] Sent: Friday, December 11, 2009 11:58 AM To: Ben Miller Cc: php-general@lists.php.net Subject: Re: [PHP] Backup to local drive Hi, you lost me a bit. Let say a user uploads a PDF file to one of your servers. What do you mean when you say I want the users to be able to save the HTML output of their data?!? Roberto Aloi http://aloiroberto.wordpress.com Twitter: @prof3ta On Fri, Dec 11, 2009 at 6:44 PM, Ben Miller biprel...@gmail.com wrote: Hello - I have an application I'm building that allows users to store personal information and files (images, PDFs, etc.) in our database, but I need a way for them to be able to save the HTML output of that personal data to a local (for the user) flash drive. I'm guessing I'm going to need a clientSide language like javascript for this, but was wondering if maybe there was a PHP addon or something like that for downloading content to the user's PC. Thanks in advance. Ben Why not create all the HTML files and images on the server, and zip it up then send that down to the user? Thanks, Ash http://www.ashleysheridan.co.uk That could end up in a lot of HTML and image files. Also, if you can't rely on people to unzip a file, can you rely on them to know that they need to keep the images with the HTML? Thanks, Ash http://www.ashleysheridan.co.uk
[PHP] Re: Can I get the IP address from a visitor?
I happen to have grabbed this function from php.net a while back, and
have been using it since:
// by fr600 at hotmail dot com at http://us2.php.net/getenv
function getip()
{
if(getenv('HTTP_CLIENT_IP') strcasecmp(getenv('HTTP_CLIENT_IP'),
'unknown'))
$ip = getenv('HTTP_CLIENT_IP');
else if(getenv('HTTP_X_FORWARDED_FOR')
strcasecmp(getenv('HTTP_X_FORWARDED_FOR'), 'unknown'))
$ip = getenv('HTTP_X_FORWARDED_FOR');
else if(getenv('REMOTE_ADDR') strcasecmp(getenv('REMOTE_ADDR'),
'unknown'))
$ip = getenv('REMOTE_ADDR');
else if(isset($_SERVER['REMOTE_ADDR']) $_SERVER['REMOTE_ADDR']
strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown'))
$ip = $_SERVER['REMOTE_ADDR'];
else
$ip = 'unknown';
return($ip);
}
though as others have pointed out, IP address is not a very good way to
uniquely identify visitors (at least not on its own).
Lars Kristiansson wrote:
Hi!
This is probably the wrong forum. Please redirect me if im out of place.
I would like to find out what IP address my visitor uses when visiting a
php script page on my domain. This page would contain a form in which
the visitor would state his/her message.
My goal is to create purchase-orders written on unique files, and to
separate them my idea was to baptize files with the IP addresses, which
would ive each visitor an unique purchase-order...
Any hints to a newbie?
Cheers, Lars
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] this has got me baffled: imagesx() and imagesy() reporting the wrong size?
On my site I have a web form for users to upload graphics, however there
are constraints on the size allowed. Recently, a user has been having
problems, because the code is reporting the wrong size - a size too
small to be allowed! They sent me a copy of the image so I could
confirm the error, and I have: even though the image is a 32x32 image
(2-frame animated GIF, if it matters), imagesx() and imagesy() report
that the image is 30x24! I have never had this problem before (or, at
least, no one has reported it to me) so I'm tempted to think that it's a
bug in PHP, or (more likely) I am missing something crucial...
The relevant code:
if($itype == 'image/gif')
$img = imagecreatefromgif($_FILES['file']['tmp_name']);
else if($itype == 'image/png' || $itype == 'image/x-png')
$img = imagecreatefrompng($_FILES['file']['tmp_name']);
// note: we do not get here if($itype != 'image/gif' $itype !=
// 'image/png' $itype != 'image/x-png'), so the problem should not
// lie with an image type we were not expecting
$w = imagesx($img);
$h = imagesy($img);
if(!(($w == 48 $h == 48) || ($w = 4 $w = 48 $h == 32)))
{
$error = 'The graphic\'s dimensions are not correct (' .
$w . 'x' . $h . ').';
}
else
{
...
}
yes, the logic wants either a 48x48 graphic, or a 4x32 to 48x32 graphic.
I'd be happy to link the animated GIF in question... just in case there
was a problem with the GIF itself, I tried opening it up in an (old)
version of Fireworks, and re-exporting it, but the problem remains.
besides the possibility of a bug in PHP, I'm wondering if I need to
handle animated GIFs differently, or something like that? but again,
this code has been running for... 3ish years without a problem like this
ever being reported... quite confusing.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] this has got me baffled: imagesx() and imagesy()reporting the wrong size?
Ashley Sheridan wrote:
On Sun, 2009-11-15 at 15:07 -0500, Ben wrote:
On my site I have a web form for users to upload graphics, however there
are constraints on the size allowed. Recently, a user has been having
problems, because the code is reporting the wrong size - a size too
small to be allowed! They sent me a copy of the image so I could
confirm the error, and I have: even though the image is a 32x32 image
(2-frame animated GIF, if it matters), imagesx() and imagesy() report
that the image is 30x24! I have never had this problem before (or, at
least, no one has reported it to me) so I'm tempted to think that it's a
bug in PHP, or (more likely) I am missing something crucial...
The relevant code:
if($itype == 'image/gif')
$img = imagecreatefromgif($_FILES['file']['tmp_name']);
else if($itype == 'image/png' || $itype == 'image/x-png')
$img = imagecreatefrompng($_FILES['file']['tmp_name']);
// note: we do not get here if($itype != 'image/gif' $itype !=
// 'image/png' $itype != 'image/x-png'), so the problem should not
// lie with an image type we were not expecting
$w = imagesx($img);
$h = imagesy($img);
if(!(($w == 48 $h == 48) || ($w = 4 $w = 48 $h == 32)))
{
$error = 'The graphic\'s dimensions are not correct (' .
$w . 'x' . $h . ').';
}
else
{
...
}
yes, the logic wants either a 48x48 graphic, or a 4x32 to 48x32 graphic.
I'd be happy to link the animated GIF in question... just in case there
was a problem with the GIF itself, I tried opening it up in an (old)
version of Fireworks, and re-exporting it, but the problem remains.
besides the possibility of a bug in PHP, I'm wondering if I need to
handle animated GIFs differently, or something like that? but again,
this code has been running for... 3ish years without a problem like this
ever being reported... quite confusing.
If you could link the gif I think that would help.
Also, just to point out, the comment in the script is wrong, if the
image is neither png or gif, the rest of the script will still be
parsed. The if logic is like this:
if($itype == 'image/gif')
$img = imagecreatefromgif($_FILES['file']['tmp_name']);
else
if($itype == 'image/png' || $itype == 'image/x-png')
$img = imagecreatefrompng($_FILES['file']['tmp_name']);
everything after that is executed
perhaps you wanted something like this:
if($itype == 'image' || $itype == 'image/png' || $itype ==
'image/x-png')
{
if($itype == 'image/gif')
$img = imagecreatefromgif($_FILES['file']['tmp_name']);
if($itype == 'image/png' || $itype == 'image/x-png')
$img = imagecreatefrompng($_FILES['file']['tmp_name']);
// execute the rest of the image checking script
}
Thanks,
Ash
http://www.ashleysheridan.co.uk
what I meant by the comment, is that that previous code DOES exist... to
assure you that the problem isn't in having $img unset, or something
along those lines. (I added in the comment after the fact.)
I have uploaded the image causing the problem here:
www.telkoth.net/temp/radioactive-bread-eek.gif
I should also add: I have ended up working around the problem by using
getimagesize() instead; that function is reporting the correct width and
height. this furthers my belief that there's a bug somewhere with
imagesx(), imagesy() or imagecreatefromgif()...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Help needed with calculation
Chris Payne wrote:
Hi everyone,
I'm not sure of the correct formula for this, if I have a file - just
for example, that is 10245458756 bytes long and the download speed is
60KB a second, what formula would I use to calculate how many
seconds/minutes/hours it would take to download the file?
Maths really isn't my strong point and formulas go over my head
otherwise I wouldn't ask :-(
Thanks everyone
Chris
$size = 1024548756; // in bytes
$kb_per_sec = 60; // I assume you'll fill these in from elsewhere?
$b_per_sec = $kb_per_sec * 1024;
$seconds = $size / $b_per_sec;
$minutes = 0;
$hours = 0;
if($seconds 60)
{
// 60 seconds to a minute
$minutes = (int)($seconds / 60);
$seconds -= $minutes * 60;
if($minutes 60)
{
// 60 minutes to an hour
$hours = (int)($minutes / 60);
$minutes -= $hours * 60;
// if you want to go further and calculate days, have at :)
}
}
You could also approach this using modulus, but if you're not confident
with math, this might be a more intuitive approach.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] this has got me baffled: imagesx() andimagesy()reporting the wrong size?
Ashley Sheridan wrote:
On Sun, 2009-11-15 at 16:25 -0500, Ben wrote:
Ashley Sheridan wrote:
On Sun, 2009-11-15 at 15:07 -0500, Ben wrote:
On my site I have a web form for users to upload graphics, however there
are constraints on the size allowed. Recently, a user has been having
problems, because the code is reporting the wrong size - a size too
small to be allowed! They sent me a copy of the image so I could
confirm the error, and I have: even though the image is a 32x32 image
(2-frame animated GIF, if it matters), imagesx() and imagesy() report
that the image is 30x24! I have never had this problem before (or, at
least, no one has reported it to me) so I'm tempted to think that it's a
bug in PHP, or (more likely) I am missing something crucial...
The relevant code:
if($itype == 'image/gif')
$img = imagecreatefromgif($_FILES['file']['tmp_name']);
else if($itype == 'image/png' || $itype == 'image/x-png')
$img = imagecreatefrompng($_FILES['file']['tmp_name']);
// note: we do not get here if($itype != 'image/gif' $itype !=
// 'image/png' $itype != 'image/x-png'), so the problem should not
// lie with an image type we were not expecting
$w = imagesx($img);
$h = imagesy($img);
if(!(($w == 48 $h == 48) || ($w = 4 $w = 48 $h == 32)))
{
$error = 'The graphic\'s dimensions are not correct (' .
$w . 'x' . $h . ').';
}
else
{
...
}
yes, the logic wants either a 48x48 graphic, or a 4x32 to 48x32 graphic.
I'd be happy to link the animated GIF in question... just in case there
was a problem with the GIF itself, I tried opening it up in an (old)
version of Fireworks, and re-exporting it, but the problem remains.
besides the possibility of a bug in PHP, I'm wondering if I need to
handle animated GIFs differently, or something like that? but again,
this code has been running for... 3ish years without a problem like this
ever being reported... quite confusing.
If you could link the gif I think that would help.
Also, just to point out, the comment in the script is wrong, if the
image is neither png or gif, the rest of the script will still be
parsed. The if logic is like this:
if($itype == 'image/gif')
$img = imagecreatefromgif($_FILES['file']['tmp_name']);
else
if($itype == 'image/png' || $itype == 'image/x-png')
$img = imagecreatefrompng($_FILES['file']['tmp_name']);
everything after that is executed
perhaps you wanted something like this:
if($itype == 'image' || $itype == 'image/png' || $itype ==
'image/x-png')
{
if($itype == 'image/gif')
$img = imagecreatefromgif($_FILES['file']['tmp_name']);
if($itype == 'image/png' || $itype == 'image/x-png')
$img = imagecreatefrompng($_FILES['file']['tmp_name']);
// execute the rest of the image checking script
}
Thanks,
Ash
http://www.ashleysheridan.co.uk
what I meant by the comment, is that that previous code DOES exist... to
assure you that the problem isn't in having $img unset, or something
along those lines. (I added in the comment after the fact.)
I have uploaded the image causing the problem here:
www.telkoth.net/temp/radioactive-bread-eek.gif
I should also add: I have ended up working around the problem by using
getimagesize() instead; that function is reporting the correct width and
height. this furthers my belief that there's a bug somewhere with
imagesx(), imagesy() or imagecreatefromgif()...
It does indeed seem to be some sort of bug. I've just tested it with
your image on my machine here and for imagesx() and imagesy() it gives
30 and 24 respectively. getimagesize() does return the correct
dimensions though.
The same image saved as a flat single layer gif from the Gimp behaves
exactly the same way.
This might not be a proper bug as such, as the image itself might be
32x32, but the first layer (the first frame in the animated version) is
30x24 when you remove the dead, unused, transparent background. Perhaps
GD is meant to report on the *actual* size of the image, rather than the
dimensions of the frame?
Thanks,
Ash
http://www.ashleysheridan.co.uk
! interesting (that it's doing some kind of trimming). it hadn't
occurred to me that it might be doing that. if that's the case, and
intended behavior of these functions, I feel like it should definitely
be mentioned somewhere on php.net
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Converting tables into forms
Jay, What function do you have? Thanks to everyone for their feedback. Best, Ben On Wed, Oct 28, 2009 at 9:17 AM, Jay Blanchard jblanch...@pocket.comwrote: [snip]If your solution requires you to create hundreds of forms, which could take months to code, you need to take another look at the problem. I don't believe you have thought it through very well.[/snip] Actually you could use the function I provided to do this on the fly or have the function write out a file for each table involved.
[PHP] Converting MySQL into Form
Anyone know of a way to can take Mysql tables/fields from phpMyAdmin or .sql file and quickly make into HTML forms?
[PHP] Converting tables into forms
Does anyone have a quick way of converting tables into forms? -- ** The content of this e-mail message and any attachments are confidential and may be legally privileged, intended solely for the addressee. If you are not the intended recipient, be advised that any use, dissemination, distribution, or copying of this e-mail is strictly prohibited. If you receive this message in error, please notify the sender immediately by reply email and destroy the message and its attachments. * -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Converting tables into forms
I am trying to take MySQL tables and use the table structure to create HTML/PHP forms in as few steps as possible for further development. I have a project that has hundreds of tables and requires hundreds of forms to be created and don't want to do so field by field by hand. Thanks, Ben On Tuesday, October 27, 2009, Allen McCabe allenmcc...@gmail.com wrote: Please explain with much greater detail. On Tue, Oct 27, 2009 at 6:12 PM, ben...@gmail.com ben...@gmail.com wrote: Does anyone have a quick way of converting tables into forms? -- ** The content of this e-mail message and any attachments are confidential and may be legally privileged, intended solely for the addressee. If you are not the intended recipient, be advised that any use, dissemination, distribution, or copying of this e-mail is strictly prohibited. If you receive this message in error, please notify the sender immediately by reply email and destroy the message and its attachments. * -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- ** The content of this e-mail message and any attachments are confidential and may be legally privileged, intended solely for the addressee. If you are not the intended recipient, be advised that any use, dissemination, distribution, or copying of this e-mail is strictly prohibited. If you receive this message in error, please notify the sender immediately by reply email and destroy the message and its attachments. * -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] FILTER_VALIDATE_INT - newbie question
If I put 0 filter_var() will return false. Actually it returns the integer 0, not the boolean FALSE. Here's an illustration of the difference: http://codepad.org/73wff2u0 The integer value 0 can masquerade as false in an if() statement, of course, as Ash pointed out above. If I put 0342352 filter_var() will also return false. How is 0342352 being assigned to the variable that you're filtering? If PHP thinks it's a string, then the filter will fail. If PHP thinks it's a number, it seems to convert it internally to the number 115946, before you get to the filter. Not sure what's going on there. At any rate it will then pass FILTER_VALIDATE_INT, but the value's not going to be what you expect. You can see it happening here: http://codepad.org/tw2qlpC1 Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] FILTER_VALIDATE_INT - newbie question
How is 0342352 being assigned to the variable that you're filtering? If PHP thinks it's a string, then the filter will fail. If PHP thinks it's a number, it seems to convert it internally to the number 115946, before you get to the filter. Not sure what's going on there. At any Sorry, brain fart. In PHP, a leading 0 in an integer indicates an octal number (thanks, Martin). PHP immediately converts it to decimal internally. Hence 0342352 becomes 115946. But it's a bit of a fluke that the example you used happened to be a valid octal number. Try something that starts with 0 and has an 8 or a 9 in it; you'll end up with plain old 0 (presumably because PHP's internal attempt to convert from octal, fails): http://codepad.org/KBUgAZWJ Which, of course, leads to the apparent-false discussed above. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] FILTER_VALIDATE_INT - newbie question
How is 0342352 being assigned to the variable that you're filtering? If PHP thinks it's a string, then the filter will fail. If PHP thinks Oops, potentially bad information there as well, sorry. In general, a string representation of a decimal number /will/ pass FILTER_VALIDATE_INT. But your particular string (0342352) will only fail FILTER_VALIDATE_INT in the filter's default configuration; set the ALLOW_OCTAL flag and it will pass: http://codepad.org/RNE5LZMr You'll still end up with an unexpected value in your final variable, though. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] FILTER_VALIDATE_INT - newbie question
Also, I think you're getting confused over the zero with exactly what you are asking PHP to do. filter_var() returns true if the filter matches. If the 0 match is returned as a false, then filter_var() will filter_var() actually returns the filtered data if the filter matches, and FALSE if it doesn't. That's the whole point of the filter_XXX functions; to pass a tainted value through a filter and get a clean, safe value out the other end: $tainted = get_user_input(); $clean = filter_var($tainted, [FILTER_CONSTANT]); // now use $clean and never touch $tainted again From the original code above, it looks like the OP was misunderstanding the use of filter_var() and expecting it to return a boolean. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Self-Process php forms or not?
Yes. But since I don't want to display a success information + form fields, but only the success information, I believe the only way we have to do this is by either use javascript and update a div or similar, or using only php, by redirecting to another page. Is this correct? Whether or not it's the only way, redirecting to a success page is probably the best way, from a user-experience perspective. It keeps the browser history sane and avoids possible trouble with page-refreshes. Google for post redirect get and you'll find all sorts of discussions of this pattern. Here's one of the clearer articles that came up on the first page of results, when I ran that search: http://www.andypemberton.com/engineering/the-post-redirect-get-pattern/ Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Whacky increment/assignment logic with $foo++ vs ++$foo
Can someone PLEASE explain why the developers of PHP chose this seemingly whacky logic? It mimicks C. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Whacky increment/assignment logic with $foo++ vs ++$foo
My issue is that I see no reason to do the ASSIGNMENT FIRST and THEN INCREMENT. That's just counter intuitive. In the case of $foo = $num++, everything to the right of the = should be computed FIRST and THEN handed off to the left side. This particular expression (and I'm unaware of any other PHP expression that works this way) chooses to do some FM (f'n magic) and do an assignment FIRST and THEN increment. It's not the expression that works that way -- it's the operator. The post-increment operator /always/ does its work after the expression that it's in has been evaluated. Are you thinking it would be more intuitive if that operator departed from its normal behavior in this one special case? Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Whacky increment/assignment logic with $foo++ vs ++$foo
On Fri, Oct 2, 2009 at 2:37 PM, Ben Dunlap bdun...@agentintellect.com wrote: My issue is that I see no reason to do the ASSIGNMENT FIRST and THEN INCREMENT. That's just counter intuitive. In the case of $foo = $num++, everything to the right of the = should be computed FIRST and THEN handed off to the left side. This particular expression (and I'm unaware of any other PHP expression that works this way) chooses to do some FM (f'n magic) and do an assignment FIRST and THEN increment. It's not the expression that works that way -- it's the operator. The post-increment operator /always/ does its work after the expression that it's in has been evaluated. Are you thinking it would be more intuitive if that operator departed from its normal behavior in this one special case? On further thought I do see why this one special case is a little mind-blowing. What the heck /is/ supposed to happen when you do this: $a = 2; $a = $a++; echo $a; Seems like any way you slice it the output should be 3. I guess what's revealed here is that, as far as PHP is concerned, the $a on the right side of the assignment expression is something like a temporary copy of the variable in the current scope. So the assignment gets evaluated, and then ++ operates on that copy and the result is discarded. Honestly I think the only reason anyone would write an expression like that is either to fake out the compiler or because they don't properly understand the use of a unary operator. Or rather, of the increment/decrement operators, because no other unary operator actually changes the thing it operates on (AFAIK), which makes ++ and -- doubly weird. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Whacky increment/assignment logic with $foo++ vs ++$foo
int a = 2; b = a++; printf(b = [%d]\n, b); b would be 2 when printed. However, after the second line (b = a++;) finished executing, a would then be 3. Sure, but that code is perfectly clear. It's the odd special case where you assign the variable to itself, that's ambiguous. Like Daevid said, academic at this point -- but it might shed light on some compiler-design decisions that I don't have the vocabulary for. OTOH it could just a be a unique case with unpredictable results. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST without POSTing
to make sure the user has properly filled out this form. So I have to validate it. That's done in the background on the server, naturally. But once the validating is done, it's time to send the user off to the secure site with a payload of POST variables. At that point, the user will enter credit card info and such, and continue the transaction. You're describing what a 307 redirect is supposed to accomplish: header(Location: $secure_url, TRUE, 307); But I've heard that not all browsers comply with the HTTP spec on this point. Might be worth testing a bit, though -- maybe your typical audience doesn't tend to use non-compliant browsers. So I need to find a way to direct the user's browser to the secure site with their payload of POST variables. The more I look at this, the more it looks like cURL won't do it, and Javascript has the obvious down side. I'm afraid the only way to do this may be to validate everything, pass the values off to a confirmation page, where the user has to hit Proceed, and *that* page goes directly to the secure server with its POST payload. That might actually be the best solution because it's the most transparent, from the user's point-of-view. A 307 is going to cause many browsers to pop up a confirmation dialog, which will freak some users out -- and will break people's flow a lot more than would a smoothly-executed two-stage submit. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Parse Question Using list()
$line = fgets($handle); list($col1, $col2, $col3) = $line; [8] echo c1 is $col1 and c2 is $col2 and c3 is $col3.'br'; // this shows just 1st char of each field That's odd, I would have expected $col1, $col2, and $col3 to be NULL. That's what I get when I try to assign a string to list(). It expects a PHP array. You could tackle this in a couple of different ways. Either split your string into an array first: $line = fgets($handle); $columns = explode(,, trim($line)); list($col1,$col2,$col3) = $columns; Or look at using fgetcsv(), which will save you a step or two: http://php.net/manual/en/function.fgetcsv.php Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Does anyone here use TCPDF?
I attempted to use the same functions as FPDI/FPDF, but they did not work in TCPDF. Which functions did you use in FPDF? Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: session.gc_maxlifetime
php not but perhaps the client its not clear and commonly defined what clients do with cookies on reconnect and stuff or long idle times. Maybe not, but I'd be really surprised. An HTTP client is supposed to decide whether to send a cookie by looking at the domain name and path of the URL it's requesting. These things are at a totally different layer from IP addresses -- and even if they weren't, in most cases I would think a browser is going to be ignorant of public IP address changes because it's going to be behind a NAT device. I would expect as source the new browsers where more and more users use subwindows to have concurrent sessions, does anybody know how they handle ip changes? I'm not. What specific situation do you have in mind in which a browser would even be aware of an IP change on the client side? Maybe there are common cases I'm not thinking of. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] variable
Suppose I have a variable $i = 0 or 1 or 2 and I have variables $item0, $item1 and $item2 how do I print the variable $item0 using a combination of variable $item and variable $i? or with this code it gives me an error: $i = 0; $item0 = test; echo $item$i; #how do I properly use this variable $item with $i? $var = item$i; echo $$var; Note the two dollar-signs in the second line. I wonder if a basic array would make for easier-to-read code, though: $items = array( test ); $i = 0; echo $items[$i]; Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] html email showing br instead of line breaks
\r\n should be between double quotes: \r\n I think you'll still see the literal brs in your final email, though because htmlspecialchars() is converting the angle-brackets in the tag to their respective HTML entities (lt; for and gt; for ). A bit of a thorny problem because you probably do want to escape HTML-characters in the message for security purposes. I suppose you could call str_replace() after htmlspecialchars(), instead of before it as you currently do. OTOH, why not just send your email as plain text, instead of HTML? Thanks, Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: How to take output from an include, and embed it into a variable?
$file = 'invoicetable_bottom.php'; fopen(http://yoursite.com/folder/$file,r;); http://tr.php.net/function.fopen worth trying. Easier than output buffering Easier in what sense? It would end up requiring more code than output-buffering because you'd have to read from the file after calling fopen(), check for end-of-file, etc., and it seems needlessly inefficient because it: - uses a function, fopen(), instead of a language construct, include() - generates a superfluous HTTP request I think it's also counter-intuitive. I ran across a similar technique in some code I was reviewing and I had to really scratch my head and wonder why the original author of the code did that, instead of just getting at the file via the local file system. Finally, it would require the OP to store an include()-ed file inside of DocumentRoot -- which I personally prefer not to do when I can avoid it (although that approach is debatable). Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Header issue
if ... you have output_buffering option enabled in the php configuration. Which is probably the case on the OP's local machine, and would explain why the code doesn't fail for him there. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ie6 memory could not be read help!
have IE 6 for whatever reason. If you block them then you are blocking possible clients. There is still a large percentage that still use it. I think that percentage depends on the target audience. There was a kerfuffle several months back (maybe a year ago now?) when 37signals announced that they would no longer work around IE6's limitations in Basecamp. A lot of people presented the above argument in the support forums and they said, We've analyzed our logs and we know how many of our users run IE6, and it's not very many. My preference is to make sure my stuff is functional in IE6, but to forget about pixel-perfect. But I tend to go light on Javascript in general, so it's not that big of a deal usually. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] APC - Upload progress problem. apc
I was afraid it was a bug. I have generally just used whatever is at whatever host, until this project, and didn't really think something so glaring could be in there. WTF! I wonder if massive uploads, like the ones you're coding for, really aren't that common. I can imagine hard-coding that 3600 myself, and thinking, no way someone's going to be uploading a single file for longer than an hour, or even close to it. So, it seems like it would be pretty straight forward to fix this, if I was willing to run on a custom version until this fix is released. Do people do that? What do you think? After looking at it bit more, I found another PECL bug, same basic underlying problem, that was fixed almost a year ago: http://pecl.php.net/bugs/bug.php?id=14198 That's when the config option apc.rfc1867_ttl was introduced to APC -- but some of that hardcoded 3600 remained until a few weeks ago. The older bug (14198) sounds exactly like your problem, so if I were you I'd start by trying any of the official versions that include the fix for 14198. That fix was committed on August 29 of 2008: http://svn.php.net/viewvc?view=revisionrevision=265595 So the next version up (3.1.1) from what you're currently using will include it. I guess 3.1.1 is still in beta but I'd personally go for beta over a custom build, at least on a first pass. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ie6 memory could not be read help!
I bought a Windows XP PC about three years ago with IE6 on it (I normally do all my work in Linux). I haven't upgraded it, and I can't imagine why the average user would. If it ain't broke (and most users wouldn't consider IE6 broken), don't fix it. I agree in general, but eventually Microsoft will stop releasing security updates for IE6. It's hard to tell exactly, but right now it seems like that may happen next July: http://support.microsoft.com/gp/lifesupsps/#Internet_Explorer At that point I would consider IE6 broke. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] APC - Upload progress problem. apc
upload keys, and any keys created via apc_add(). This listing includes a Timeout value, which is none for the apc_add keys and 3600 for the upload keys. Somewhat suspicious, I'd say, since the keys stop being working after 1 hour of use. APC lets you set a number of timeout values: apc.gc_ttl, apc.user_ttl, apc.ttl. I have set all of these to be gianormous, but the upload key timeout value never changes. I can't believe that this is an inherent limitation, or nobody would be using this. The Google claims people are using this for big uploads, so I I've just had my first glance at the APC source code, so I could be misreading something, but it appears that 3600 was hardcoded in until about 3 weeks ago. Here's the trunk commit that seems to have made that value configurable: http://svn.php.net/viewvc?view=revisionrevision=287534 And there's a reference to a PECL bug in the commit message: http://pecl.php.net/bugs/bug.php?id=16717 I have no idea when this change will trickle through to a production build -- or if it already has, but I suspect not, because the hardcoded 3600 was still present in the latest available source code tarball at http://pecl.php.net/get/APC Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Creating alphanumeric id for a table
1. user A insert into table (get id = 1 from auto increment value) 2. user B insert into table (get id = 2 from auto increment value) 3. user A get value from $id = LAST_INSERT_ID() (id = 2) 4. user B get value from $id = LAST_INSERT_ID() (id =2) [8] How can we make sure that those 3 processes are atomic operation (insert table - get id from LAST_INSERT_ID() - update table) ?? From the MySQL 5.0 manual (20.9.10.3): For LAST_INSERT_ID(), the most recently generated ID is maintained in the server on a per-connection basis. It is not changed by another client. ... Using LAST_INSERT_ID() and AUTO_INCREMENT columns simultaneously from multiple clients is perfectly valid. Each client will receive the last inserted ID for the last statement /that/ client executed. http://dev.mysql.com/doc/refman/5.0/en/getting-unique-id.html Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] User Account Management
Honestly, whipping up a security scheme the way I have done it is a couple of days' work (including login and management screens). I'm not sure why people seem to be averse to it. You just work up your screens, I suppose it does depend on the use case. If you're building a system for internal use, and you know your users, and the data is potentially exposed by other avenues (as is the case with all the internal-use systems I've built), that's one thing. But if the site is public, indexed by Google, and gets even a small amount of traffic -- or even if it's an unpublicized site but it's on a dedicated IP that belongs to a prominent hosting company -- it's going to be hammered daily by script-kiddies and PC-based malware. If it gets a lot of traffic it's probably going to be targeted by sophisticated attackers. At that point I'd personally be much more at ease knowing that session-management, authentication, password-storage, etc. were handled by a system that several more-experienced programmers have worked on, which has gotten a good deal of production use in diverse contexts, not to mention possible analysis by professional security experts. Security is complicated and it's very easy to get wrong. What hashing algorithm do you use (in the general sense of you) to store your passwords? Do you salt your passwords; if so, do you salt them correctly? How do you handle password-resets? What's your PRNG, and is it random enough, and how do you know? I just reviewed the code for a scratch-built system that seemed to have reasonably-intelligent authentication and password management -- but /completely left out/ access-control! All I had to do was enter a different uid in the URL of the my account page and I could get to anyone's account, even the admin's, as long as I was authenticated. Dumb mistake? Sure. Easy to make? Probably more so than one would like to think. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hoping for a hand with a login script
So I'm trying to set up a small website that includes a store ( www.rareintaglio.com), i have all of my HTML hammed out and now I'm working on creating an admin login for the sites owner to input data from a back I would really strongly advise against building your own authentication system. I'm currently regretting the fact that I did the same, a few years ago, for a couple of systems I still support. There are just too many things that can go wrong, especially if you're new to PHP and MySQL in general. Just to begin with, the code you posted currently suffers from a really basic SQL injection vulnerability and your database is likely be compromised within hours of your site getting any kind of significant traffic. That's completely distinct from the more basic syntax trouble. Perhaps paradoxically, the more experience you gain with these things, the less inclined you will be, most likely, to try to roll your own AAA. There are lots of open-source PHP frameworks out there that should be able to take care of authentication and access-control for you -- CodeIgniter, Zend Framework, and Solar come immediately to mind as packages that I've either heard good things about, or suspect are solid because of the authors involved. I'm sure there are several other good ones also. http://codeigniter.com/ http://framework.zend.com/ http://www.solarphp.com/ Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hoping for a hand with a login script
several packages available to provide it. But I believe that telling someone to adopt a complete portal system like CI just to get basic authentication is gross overkill. There has to be a better way to provide this core functionality without installing a monster package that will be 95% superfluous to their needs. I mentioned CI because it got the second-most votes on a very popular Stack Overflow question asking for PHP-framework recommendations. The most-upvoted answer discussed Zend Framework, although it's hard to tell whether it was a good review of ZF, or a negative one, on balance: http://stackoverflow.com/questions/2648/what-php-framework-would-you-choose-for-a-new-application-and-why Without knowing more about the OP's requirements, it's hard to say whether CI's other functionality would be largely superfluous. You might be right, though, and I guess my point was just to recommend that the OP look at existing, mature, free, open-source solutions before possibly reinventing the wheel. I would recommend this to anyone looking to build any sort of web app. Could be that nothing out there will end up serving your purposes, but just the experience of looking at existing frameworks, seeing how they're structured, reviewing some of their code, etc., is still likely to be valuable. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hoping for a hand with a login script
I would recommend this to anyone looking to build any sort of web app. Could be that nothing out there will end up serving your purposes, but ... and, on further investigation, it looks like CI, surprisingly enough, doesn't actually have pre-built authentication and access control (although it does do session management). Solar and ZF do seem to have their own auth/access-control, though. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Creating alphanumeric id for a table
I assume that I can get increment value/sequence from db (I used harcoded increment value in the code above (generate_id(1))), but I don't know how I can get this incremental value from db.I use mysql 5.0. If you're thinking of retrieving the newest value of an AUTO_INCREMENT column, immediately after inserting a row, there are different ways to do this depending on how you're connecting to MySQL. PDO, for example, has a method called lastInsertId(): http://us2.php.net/manual/en/pdo.lastinsertid.php And the mysql_* family of functions has mysql_insert_id(), etc. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] script failing at same line
My solution was to add a table to my database, and add an insert job id into the table after the line that is causing the problem. When I submit the script I use setTimeout to run an AJAX query of the table 5 seconds later. If the line has failed the job id will not be in the table and I alert the user. It works - and some day I hope to fix the software problem and make this unnecessary. Thanks for the update -- that's about how I would have approached it too. I wonder, in general, if fixing the underlying problem is even practical or worth the investment of time. IIRC the problem was in third-party code -- and it seems to me that making your own code robust enough to handle failures in third-party libraries (as you just did) is a really fruitful use of your time; fixing the library itself, maybe not so much. I guess it depends on how it all affects your end users. Ben
Re: [PHP] Re: Class variable value lost
The object only exists for that instance of the script, so when the user navigates to the next page, the object is freed up from the memory. There are a couple of ways you could get round this: * don't navigate away from the page, and use AJAX calls to update parts of the page for the user (bad imho, as it relies on Javascript) I think any AJAX-based approached would run into the same difficulty, because each AJAX call is a separate HTTP request from the one that originally loaded the page (and from every other AJAX call). Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Encrypt then decrypt yields extra dots at end
I thought this code: $enc=mcrypt_ecb(MCRYPT_RIJNDAEL_256,salt123,encrypt_me,MCRYPT_ENCRYPT); $dec=mcrypt_ecb(MCRYPT_RIJNDAEL_256,salt123,$enc,MCRYPT_DECRYPT); echo $dec; would yield encrypt_me. The actual result is encrypt_me.. (bunch of extra dots). Why, and how do I fix it? The manual says that mcrypt_ecb() is deprecated and recommends mcrypt_generic() instead. Its page mentions that the input string will be padded to the next-highest multiple of the current block size, and points out: 'Note the string returned by mdecrypt_generic() will be [padded] as well...use rtrim($str, \0) to remove the padding' http://us3.php.net/manual/en/function.mcrypt-generic.php So I would guess that mcrypt_ecb() operates in a similar way, which can be solved with rtrim(). Does your script actually echo . characters (ASCII 0x2E), or is that your terminal's way of representing some non-printable character? It would surprise me if mcrypt_ecb() used the . character as its pad, but maybe it does. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] dns lookups only half working in chroot
?php
echo gethostbyname('www.google.de').\n;
print_r(dns_get_record('www.google.de', DNS_A)).\n;
?
[8]
I don't understand why the first lookup fails, but the second one succeeds.
Unfortunately thinks like fsockopen() seem to use the same technique as
gethostbyname(), so they don't work either.
Any pointers would be appreciated!
PHP's gethostbyname() is a wrapper for the system call of the same
name, which may attempt to resolve the name using local mechanisms
(/etc/hosts, perhaps an internal cache, etc.) before resorting to a
DNS query. I've never studied any particular implementation of
gethostbyname(), but I wouldn't be surprised to find that in some
implementations it doesn't actually query DNS at all, but simply hands
off the name to another mechanism that queries DNS.
PHP's dns_get_record(), on the other hand, queries DNS using the
resolver(3) system calls. All it needs is a network connection and a
valid DNS server address.
So that should help explain why one can work while the other doesn't.
Not sure why gethostbyname() fails in your chroot environment, though.
I've seen situations where this has happened on my internal network,
but only fake hostnames that ended in .local were affected.
Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] new php script and sqlite
I was under the impression that sqlite2 was supported widely by PHP,
but sqlite3 seems only to be enabled on php 5.3.0 by default.
My concern now is actually that users may find that their hosting
service providers don't provide sqlite3 out of the box.
PDO seems to support both versions:
http://us.php.net/manual/en/ref.pdo-sqlite.connection.php
So if it's practical to restrict yourself to features that are
available in both versions, you could probably do something like this:
$db_file = 'filename';
$dbh = null;
try {
// prefer sqlite3 if available
$dbh = new PDO('sqlite:$db_file');
} catch (PDOException $e) {
// verify that error occurred because sqlite3 is not supported
try {
$dbh = new PDO('sqlite2:$db_file');
} catch (PDOException $e) {
// bail out gracefully
}
}
Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] new php script and sqlite
$dbh = new PDO('sqlite:$db_file');
[8]
$dbh = new PDO('sqlite2:$db_file');
But with double-quotes, not single-quotes. ;-)
Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Performance of while(true) loop
I have a php cli script that listens on a UDP socket and, when data is [8] So I think the the MSG_WAITALL is causing it to block until incoming data connection is closed (it never reaches the 512 byte mark before [8] your clients are not maintaining an open connection to the socket, so it'll output as soon as the remote client disconnects from your server. [8] if you will) on the socket until a connection is made and it reads 512 bytes / the client disconnects, which seems to be doing well for your usage. Sorry if I'm missing something obvious, but do the concepts of connection, close, and disconnect even apply in this case, since it's a UDP socket? Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] script failing at same line
$map = ms_newMapObj($mapfile); The command creates a new mapscript object. And PHP is hanging somewhere inside that constructor? Is this in a web context or a command-line context? Or both?
Re: [PHP] script failing at same line
On Fri, Sep 4, 2009 at 2:38 PM, jim white jbw2...@earthlink.net wrote: It's a web app that draws maps in a browser. Sometime it will generate a seg fault. The command should not take long, so if there is some script construct that will throw an exception after a few seconds if the command has not completed I could signal the user that the map will not draw and to reload the page. There's a pecl extension called Libevent that can apparently trigger an action to occur after a certain amount of time has elapsed: http://us3.php.net/manual/en/ref.libevent.php I've not used it and have no idea how mature or reliable it is. I'm also wondering whether any solution will work that relies on the same script that's about to trigger a segfault. I think I'd be inclined to build an XHR-based monitor to run in the user's browser. Even simpler would be to start the map-building process asynchronously with XHR and then just alert the user, or automatically refresh the browser, if a certain amount of time elapses before you get a response from the map-building script. But I don't know how much you'd have to alter your existing client-side code to use the latter method. Either way it's creeping away from PHP so maybe I should leave it at that. Ben
Re: [PHP] Searching on AlphaNumeric Content Only
Excuse me? Somebody suggested a PHP loop to solve a query problem and you are saying that REGEXP should not be used? MySQL caches queries and 100 SELECT with a REGEXP will cost zero after the first one if nothing changed inside the table. Even if the REGEXP has to change with every query? Performance aside, I think REGEXP() could be used here, but not in the way you've suggested. As the OP has described his table, your regex (^[a-zA-Z0-9]+$) won't match any rows, because all of his product IDs have non-alphanumeric characters in them. Suppose this table: pk | prod_id 1 | 07-ABCD-98 2 | 98-ZCXQ-21 And now suppose the OP's scenario, where a user tries to search on product id, but enters 07ABCD98. If the aim is to use REGEXP() to return row 1, I suppose you could intersperse the search string with .? sequences and end up with this query: SELECT * FROM table WHERE prod_id REGEXP '^0.?7.?A.?B.?C.?D.?9.?8$' I think just stripping the alphanumeric characters would end up being more flexible, though. -Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Searching on AlphaNumeric Content Only
What's wrong with using the wildcards that are built into most SQL variants? SELECT * FROM table WHERE item_id LIKE '%#abcdef' Will select all records where the item_id field ends in '#abcdef' That works if you know the user is always going to enter the last 7 characters of the product id, but that's not how the OP characterized the problem. The OP talked about search strings where multiple characters had been omitted from different parts of the product id. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Magento shows blank page.
I followed this thread: http://spikomoko.wordpress.com/2009/08/19/magento-not-working-on-php-5-3/ . But then, I'm bounched on this error in my webbrowser for visitting my magento on my production server desktop: .: Fatal error: Call to a member function createDirIfNotExists() on a non-object in /var/www/html/magento/app/Mage.php on line 644 Sounds like your version of Magento isn't compatible with PHP 5.3 (and perhaps less-recent releases also?). Is there a newer version of Magento available? Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Searching on AlphaNumeric Content Only
stripping, stemming, spelling corrections ? ... uhm, that's probably why they invented regular expressions, isn't it? As I said, at the end of the day, this will be a manual slow, potentially wrong implementation of what we already have and use on daily basis. If you've got a regular-expression-based method in mind that simply nails the OP's problem, please share. I'm still not seeing how regular expressions is a sufficient answer to the OP's problem, which is basically fuzzy search. My sense is that regular expressions are for situations where you basically know just what you're searching for, but don't really know where it falls in your search space. The OP, on the other hand, is building a system where he won't know just what he's searching for -- all he'll know is that his search key is sort of like the thing he actually needs to find. You might be able to squeeze this problem, or at least some part of it, into a regex-based solution, but I don't think it's a natural fit. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CodeWorks 09
What I would do for UK PHP events :-( Something like this perhaps? http://conference.phpnw.org.uk/phpnw09/ Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Generic decorators and type hinting
Is there another way to cleanly wrap method calls for timing/logging purposes? I have a possibly-evil idea that gets around type-hinting by dynamically declaring decorator classes as children of the real classes that need to be timed. You end up with as many decorators as you have classes that need to be timed, but if this is for dev/QA purposes only, that might not be a problem. This method can't have the conceptual simplicity of yours, unfortunately, because __call() will never be invoked in a child class. The original parent's methods will just be called instead. But you can still override the parent's methods with wrapper methods in the child class. I've got some sample code written that first calls get_class_methods() to list the names of all the visible methods of the parent object, then constructs code to declare a child class that overrides those methods with wrapper methods, and finally eval()s the declaration and instantiates an object of the new class. The basic concept seems to work and to get along fine with type-hinting. I'm happy to share the test code if you're interested. Not sure how it would end up working in real life, and I'm guessing there are more sophisticated ways to achieve the same concept, perhaps using the Reflection API. I suspect it also needs some refining to handle protected methods. But it might be a start. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Generic decorators and type hinting
code. Instead, just use interfaces. The only real downside is that all the classes you want to decorate would need to implement them and that would cause a wee bit of ugliness in the code/class declaration. Can you explain a bit more? As I understood the OP, the challenge was to take a large, already-built code base that relies on Zend Framework (which itself has 1600 classes), and wrap arbitrary existing methods with timing logic -- without significant code changes. As I understand your solution, it would require all pre-existing classes to be modified to implement the iDecorator interface -- and even then, pre-existing methods in those pre-existing classes would not actually be affected. So those would have to be modified also. But maybe I'm totally missing something? Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Searching on AlphaNumeric Content Only
Is there is a way to search only for the alphanumeric content of field in a db? I have an itemID field that contains item #'s that include dashes, forward slashes, etc, and I want people to be able to search for an item # even if they don't enter the punctuation exactly. Not sure if there's anything specifically PHP-ish that will help you here, but I would be inclined to start by storing a stripped-down version of the item ID (alphanumeric characters only) in a separate column in the database table. Then, when a user enters some search data, I would remove non-alphanumeric characters, if any, from the user's input, and then search the stripped column with this normalized version of the input. If you want even fuzzier matching (inadvertent transpositions or an omitted character or two OK, for example), you might read about Levenshtein distance: http://en.wikipedia.org/wiki/Levenshtein_distance PHP has a levenshtein function but you'll have to figure out a way to use it efficiently with your data set. Or, if Levenshtein isn't quite right for your needs, the article above might at least point you in a useful direction. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe_mode and inclusion of files don't work as documented
Safe mode is a bad idea. :) It's not safe; it may only have the effect of making you think you're safe. If you have a particular reason to use it then maybe it's OK, but just be aware that it will not exist in future versions of PHP and relying on it is not a good idea. Security, unfortunately, is not as simple as toggling a configuration variable. Yes -- and I always look askance at shared-hosting providers who rely on safe_mode and call it a security measure. Then when I'm done looking askance, I take my business elsewhere. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I'm not crazy I swear it... IE vs Safari and Firefox - The impossible!
I would set up Wireshark to capture and compare the http sequences from each browser. After you capture each stream, use the Follow TCP Stream option to look at the raw HTTP. If it is the browsers, there should be some obvious differences in the sequence of requests from them. This is a good idea, although the Net panel in Firebug would be a very quick preliminary step to this more systematic approach. And it might be all you need. Firebug will parse out the HTTP very nicely for you and the best of it is that you can watch the requests as the browser sends them, without even looking aside to another window. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Error when execute header('location: otherpage.php') after email been sent out. Any Workaround?
Which format should I used for log file? *.log or *.txt? Doesn't matter to PHP -- but you do need to provide a local path, not a URL. [http://domain.com/log/logfile.*] or No... [C:\some_path\domain.com\log\logfile.*] or just Yes! Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Best way to test for form submission?
I was surprised when no one recommended this: if ($_SERVER['REQUEST_METHOD'] == 'POST') So now I'm wondering if there's a pitfall to this method that I'm not aware of... Thanks, Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Best way to test for form submission?
Well, as far as I'm aware $_SERVER isn't reliable from server to server. That said, I've never had a problem using it. Thanks -- I just looked it up and the manual says: There is no guarantee that every web server will provide any of these; servers may omit some, or provide others not listed here. That said, a large number of these variables are accounted for in the » CGI 1.1 specification, so you should be able to expect those. So I guess it wouldn't make sense to rely on anything in $_SERVER if you're building an app for widespread use; e.g., CodeIgniter, as mentioned above. tend to use the $_REQUEST array instead of $_POST or $_GET. You get the benefit of being able to work with both arrays (as well as $_SESSION and $_COOKIE) without any drawbacks. For now I'm inclined against $_REQUEST, since it's not yet supported by filter_input(). I think filter_input() is the bee's knees and I've stopped touching $_POST or $_GET directly since I discovered it. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: unset() something that doesn't exist
ISTR the Royal Air Force has a Specialist Aircrew track where the really good pilots, who wanted to fly planes rather than desks, could be promoted to management ranks but avoid the management duties. They had a position like this at the first big company I worked for -- Member of the Technical Staff. These folks were very good at what they did, but again, not interested in, or perhaps not suited for, management. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] phpmailer send() always return true even the emailaddress is invalid
another change in the email admin best practices discussion. For a short while the network became clogged in bounce messages sent to both valid and invalid addresses. Some of the invalid addresses even triggered infinite loops of error messages. None of the servers I am familiar with send bounce messages reporting invalid addresses any more. Our own servers won't even tell us internally when they discard incoming messages. SPAM quarantine is a thing of the past. Seems like there's another possible way to handle messages to invalid addresses, though; the receiving SMTP server can simply reject the RCPT TO command with a 5xx error. This avoids backscatter but also lets well-behaved clients know that the destination address is invalid. AFAIK this is how Rackspace Email works (if you don't have a catch-all address configured). Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] phpmailer send() always return true even the emailaddress is invalid
The second problem is that it still forces the originating SMTP server to pass on the 5xx error as a bounce message to the originator. Yeah, I guess this would be a problem in cases where the originating server is an open relay that's being exploited by a spammer. I wonder what proportion of spam is sent in this manner -- and and how much, on the other hand, comes from a direct SMTP conversation between a malicious client and the MX server of the recipient's domain. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] vote package
You might try to use the reported IP of the submitter, again unique, but that can be forged -- so again anyone can vote more than once. Can you say more about forging the reported IP? I've always been under the impression that forging the source IP in a TCP session is a pretty sophisticated operation, but maybe I'm mistaken about that. Of course source IP isn't a reliable unique-ID, for the opposite reason also: forward proxies, NAT, etc., make it pretty likely that several users will come to the site from the same IP. So you'd end up incorrectly refusing legitimate votes. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] user permissions
Sort of. Create two tables a login table with user details and a specific field for a ROLE. Then create a roles table that lists the various permissions. I store this [8] This process is significantly simpler when managing users, it's easier to adjust permissions on one role than to edit a bunch of users when something changes. In this mechanism, does a role differ significantly from a group? I have to admin a CRM system that has both roles /and/ groups, and it always seems a bit excessive. But maybe there's some benefit to roles, as such, that I'm not seeing. Thanks, Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] user permissions
Yes, they offer an additional layer of granularity on permissions. The apps I write use groups and role to limit acces to certain functionality. The roles determine functional access to records, ie what the user can do with them. The groups membership determines what records the user can see. E.g. But is this substantially different from just allowing groups to determine access to functionality, /and/ access to records, and letting the admin create different groups for different reasons? I guess I'm thinking of the way Active Directory works, which I've found, in my second life as a system administrator, to be both easy to grasp and extremely flexible/powerful. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What if this code is right ? It worked perfectly for years!!
? $fName = $_REQUEST['fName'] ; $emailid = $_REQUEST['emailid'] ; $number = $_REQUEST['number'] ; $message = $_REQUEST['message'] ; mail( ch...@gmail.com, $number, $message, From: $emailid ); header( Location: http://www.thankyou.com/thankYouContact.php; ); ? This is a bit of a hang-up of mine so forgive me if it's mildly OT, but if you do figure out what the problem is, and fix it, you may want to revisit this code in a more extensive way, if what you've pasted above is exactly the code you use in your live application. Please ignore if you've simplified the code above for simplicity's sake. At any rate the code above is most likely vulnerable to SMTP injection, because it passes the unfiltered value of '$emailid' as part of the 'additional_headers' argument to mail(). So the form could be used to send spam to arbitrary email addresses. I'd recommend using filter_input(), with the FILTER_VALIDATE_EMAIL filter, to get at the 'emailid' parameter: http://us3.php.net/manual/en/function.filter-input.php Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Case Insensativity in String Comparisons
Is there a simple to way to compare two strings with case insensitivity so
that the following will return true?
$foo = Arnold;
$bar = arnold;
If($foo == $bar) {
}
Thanks.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP and CGI
That's exactly the case. I have been running my business on a Perl cart for the last 5+ years, and I can't switch to a PHP cart just yet. I was just hoping to add some functionality with PHP. Perl was much harder It would probably bomb your performance but you could always call a separate PHP script from your Perl code: #!/usr/bin/perl # do some stuff in perl my $php_output = `/usr/bin/php whatever.php` # do something with $php_output 1; If you're just looking to add some features quickly to your existing Perl code: Have you searched CPAN for what you need? Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SESSIONS lost sometimes
We have a server with a site that does some XML calls. After lots of testing I have found that the server is losing session variables. [8] Also the site goes from HTTP to HTTPS at some point but this isn't the issue as it loses the sessions as soon as they are set sometimes. Therefore I would like to know what I could check. I have read in other Can you clarify what you mean by losing sessions? Have you taken a network trace to see whether the client is consistently sending the session ID with every request? When the problem happens, is $_SESSION completely empty or is it only missing some variables? Does it seem to happen on any page, or only certain ones? Thanks, Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sanitizing mysql inserts of user data
Note: If this function is not used to escape data, the query is vulnerable to SQL Injection Attacks. Does that necessarily imply this: If this function is used to escape data, the query is not vulnerable to SQL Injection Attacks.? Logically, it does _not_ mean the same thing. Definitely not -- it would be a bit presumptuous to claim If you do X, the query is not vulnerable to SQL injection attacks for just about any value of X. That said, I would recommend binding parameters if you can. It's a cleaner way of separating the logic of a query from its data, and theoretically more reliable than mysql_real_escape_string(): http://en.wikipedia.org/wiki/SQL_injection#Parameterized_statements Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] is there a better way to know from which php file the request comes from ??
This is a newbie question... Let's say there are 3 php files, page1.php, page2.php and page3.php. Form submission from page1.php or page2.php will take user to page3.php. I know that we can use parameter that is appended in the action attribute of the form (e.g FORM METHOD=POST ACTION=tes.php?var1=val1) But I think, appending this parameter is transparent to the user, since it's visible in the url. Why does it matter? I don't meant to suggest that it doesn't, but I'm just wondering if you could explain the design of your app a bit. You've sketched out an attack scenario in which a user maliciously alters a variable in the request so that page3.php thinks the request is coming from page2.php, when in fact it's coming from page1.php -- or vice versa. But suppose an attacker does trick page3.php into mistaking the origin of the POST. Does it make a difference? Presumably page3.php will be filtering all of its input, and will discard the request if, for example, it claims to be from page2.php but doesn't contain the sort of data that a request from page2 would contain. But if it does contain the right data, and the data is valid, then does it matter if the data was not actually collected on page2.php? The statelessness of HTTP can be one of its beauties -- and I would be inclined against introducing statefulness unless the app really needs it. At any rate your problem is reminiscent of CSRF: http://en.wikipedia.org/wiki/Cross-site_request_forgery And I'm wondering if you could borrow from anti-CSRF techniques to solve it (assuming, again, that it really needs to be solved). Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sanitizing mysql inserts of user data
$stmt = $db-prepare(SELECT priv FROM testUsers WHERE
username=:username AND password=:password);
$stmt-bindParam(':username', $user);
$stmt-bindParam(':password', $pass);
$stmt-execute();
[8]
I haven't followed this thread, so I don't know what you mean by, I
do not see how there could possibly be a prepared statement for a user
comment. Maybe someone else can answer that part of your query.
Thanks Paul, that was a much better explanation than the one I was
attempting. I'm guessing the OP was being thrown off by the colons in
the SELECT statement above. I can see how those could look like
comments to someone not familiar with PDO and named parameters.
Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session variables - help
Thanks all for your patience! I will work on this today and write back with any further questions I can't figure out on my own. And if anyone has any advice I will be checking my email regularly. If you've already tried this with no luck, please ignore -- but you might speed up the whole process by stepping aside from the real code briefly, starting fresh in an empty directory, and just putting together a handful of extremely simple scripts with the single goal of entering one value, updating it, and then doing some final pseudo-processing on the updated value. Then, you could step it up a bit by by adding a second value that gets entered at the beginning, and cannot be updated in the middle but must be preserved through to the end. Doing all this might help clarify the basic flow of the system and enable you to simplify its structure before going back and tackling the real code. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: ini files as config - hidden
2009/8/14 João Cândido de Souza Neto j...@consultorweb.cnt.br: I think a good solution is to put the ini file out of your html folder so only your scripts can read it. I agree, and I try to do the same, but I've noticed that most open-source CMSes I've looked at (Drupal, Joomla, Textpattern, CMS Made Simple) have always stored database credentials inside of DocumentRoot, by default. Not sure if this is a compromise to allow ease-of-use by less-technical users, or if my insistence on putting this sort of file outside of DocumentRoot is just paranoia (and not the good kind). I'd definitely be interested to hear how others on the list approach this problem. And that's only one part of the equation, if you're on a shared-hosting platform. Are you, or do you have your own server? Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: ini files as config - hidden
1) Name your ini files .php so, database.ini will be database.php Actually I was assuming the configuration file to be a PHP script -- as is typical in big open-source CMSes. I took ini file earlier in the thread to be a generic description of any file, whatever the extension, that contains sensitive configuration data. Our data will be safe as long as the first line will remains there. And as long as the file is actually handed off to PHP for processing. Seems like there are plenty of situations, none of them too far-fetched, that could cause the web server to mistakenly serve a file with .php in its name as a generic text file rather than handling it correctly. I'd rather just have the file outside of DocumentRoot and avoid that risk entirely. But again, maybe that's just unproductive paranoia? Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
