RE: [PHP] Web Site Directory Layout
Thanks for help. Caner. _ From: דניאל דנון [mailto:danondan...@gmail.com] Sent: Saturday, September 26, 2009 2:35 PM To: Caner Bulut Cc: php-general@lists.php.net Subject: Re: [PHP] Web Site Directory Layout There is no standard for that - Its your choice, I usually use something like index.php configuration.php template/ template/NAME/template.html template/NAME/template.css template/NAME/images/ modules/ modules/connection/MySQL.php etc. On Sat, Sep 26, 2009 at 1:50 AM, Caner Bulut wrote: Hi All, Is there a stable or standart directory layout for PHP project (like web sites)?. Example; index.php img/ css/ js/ lib/ doc/ tools/ Thanks. -- Use ROT26 for best security
RE: [PHP] Web Site Directory Layout
Thanks Bastien for your advice, But i still waiting some more advice from experienced developers, maybe this is related about security and directory permissions? Thanks. -Original Message- From: Phpster [mailto:phps...@gmail.com] Sent: Saturday, September 26, 2009 2:19 AM To: Caner Bulut Cc: ; Subject: Re: [PHP] Web Site Directory Layout On Sep 25, 2009, at 6:50 PM, "Caner Bulut" wrote: > Hi All, > > > > Is there a stable or standart directory layout for PHP project (like > web > sites)?. > > > > Example; > > > > index.php > > img/ > > css/ > > js/ > > lib/ > > doc/ > > tools/ > > > > Thanks. It depends. Using of the many frameworks will force you to userheir layout. If you are coding your own site without one, the you can use whatever you want. Thanks Bastien -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Web Site Directory Layout
Hi All, Is there a stable or standart directory layout for PHP project (like web sites)?. Example; index.php img/ css/ js/ lib/ doc/ tools/ Thanks.
RE: [PHP] Cannot exec in my own directory
Dotan,
Please copy your script in the Linux include paths. Such as /usr/local/bin
and give it neccecary permission and try your script again.
If you still have any problem, we understand that it is no related script
path problem and permissions.
Maybe there is some problems on your php script.
Thanks
-Original Message-
From: Dotan Cohen [mailto:dotanco...@gmail.com]
Sent: Sunday, August 16, 2009 9:46 PM
To: Sudheer Satyanarayana
Cc: php-general.
Subject: Re: [PHP] Cannot exec in my own directory
> Check the include path. Try using the complete path to the file. And make
> sure the user PHP is running has read permissions to the directories
upwards
> the hierarchy.
>
Thanks. I am using the complete path to the script:
exec("/home/username/script.sh");
In the /home/username/ directory there are other files, such as
database_connection.inc that I regularly include_once in my PHP
scripts, so I know that PHP has read access to that directory.
--
Dotan Cohen
http://what-is-what.com
http://gibberish.co.il
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Sanitizing mysql inserts of user data
Hi Dotan,
You can use htmlentities(), htmlspecialchars() and strip_tags() functions
when you show your saved data on your web pages. mysql_real_escape_string
function saved data into mysql DB with a secure way. But when you try to
show data you still have to control it.
Thanks.
Caner.
-Original Message-
From: Dotan Cohen [mailto:dotanco...@gmail.com]
Sent: Sunday, August 16, 2009 9:43 PM
To: php-general.
Subject: [PHP] Sanitizing mysql inserts of user data
I am sanitizing user-entered data before storing in mysql with this
function:
function clean_mysql ($dirty) {
$dirty=trim($dirty);
$dirty=str_replace ("--", "", $dirty);
$dirty=str_replace (";", "", $dirty);
$clean=mysql_real_escape_string($dirty);
return $clean;
}
Is this good enough to prevent SQL injection attacks? Should I add
anything else? Thanks!
Dotan Cohen
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] OOP Design Software
Hi Daniel, You can use Eclipse with plugin PDT or Zend Studio. They can track your classes and methods. They can remember your methods and classes also they have code completion abilities. Thanks Caner. -Original Message- From: Daniel Kolbo [mailto:kolb0...@umn.edu] Sent: 26 July 2009 19:46 To: PHP General Subject: [PHP] OOP Design Software Hello, Is there an objected oriented programming software that can help me keep track of my methods and properties of my objects. My memory is not what it used to be, and i'd like to have a quick 'overview' or layout of all the objects I have to work with. Maybe the software would even let make a process flow chart. This would really help my design (and save me time). Thanks, dK ` -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: XSS Preventing.
I have read somethings about these issues. And i understand that If you use htmlentities() BEFORE insertion, when querying DB from XML, PDF or other data format, there will be some problems. I have some PHP books, the author codding like Martin Zvarík's way. If you have any pros and cons please share us. Thanks. 2009/6/23 Martin Zvarík > >> Don't htmlentiies() before DB save. In general: >> >> - mysql_real_escape_string() before DB insertion >> >> - htmlentities() before dispaly >> >> > > I, on the other hand, would do htmlentities() BEFORE insertion. > > > Pros: > --- > The text is processed once and doesn't have to be htmlentitied() everytime > you read the database - what a stupid waste of performance anyway. > > > Cons: > --- > Instead "&" you'll see "&" ... is that a problem? Not for me and I > believe 80% of others who use DB to store & view on web. > > > > Martin > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] XSS Preventing.
Michael, I can be useful for me. It seems there will be not ant charset problem occurs. Thanks for help. Caner. 2009/6/23 Michael A. Peters > Caner BULUT wrote: > >> Hi Guys, >> >> >> I have a question if you have any knowledge about this please let me know. >> >> >> I getting data from a form with POST method like following. >> >> >> $x = htmlentities($_POST['y']); >> >> . >> >> >> After getting all form daha I save them into DB, I used >> mysql_real_escape_string. >> > > Don't try to home brew your own. > You'll miss stuff. > > Use an input filter class that is developed by and tested by a large number > of users. > > http://htmlpurifier.org/ > > is what I recommend. > > Also, with respect to mysql_real_escape - if you use prepared statements, > escaping isn't an issue. > > Personally I recommend a database extraction later. > Pear MDB2 is a good one. > It makes your code portable to other databases as long as you stick to > standard SQL (which usually is pretty easy to do). >
RE: [PHP] Re: XSS Preventing.
Shawm thanks, İf you using htmlentities awere that he change the charset to ISO-8859-1. So this is the a problem. For solving this there were some parameters. Htmlentities($str, ENT_QUOTES, 'UTF-8') But there is no Turkish Charset inside supportad Charset. You can see the detail info from http://tr.php.net/htmlentities After using htmlentities I am getting following Parçanýn çýkarýldýðý / takýlacaðý araç modeli Parçanýn çýkarýldýðý / takýlacaðý araç modeli Parçanýn çýkarýldýðý / takýlacaðý araç modeli Parçanýn After using htmlspecialchars I am getting following Parçanýn çýkarýldýðý / takýlacaðý araç modeli Parçanýn çýkarýldýðý / takýlacaðý araç modeli Parçanýn çýkarýldýðý / takýlacaðý araç modeli Parçanýn çýkarýldýðý / takýlacaðý araç modeli I hope I can explain the problem. Thanks -Original Message- From: Shawn McKenzie [mailto:nos...@mckenzies.net] Sent: 23 June 2009 00:01 To: php-general@lists.php.net Subject: Re: [PHP] Re: XSS Preventing. Caner BULUT wrote: > Thanks for response. > > But if I use before display there is charset problems occurs. And > htmlentities does not support Turkish Charset. How can I decode data after > pass thought htmlentities. I have no idea, I was just saying that if you use it, use it for display and not for storage. If you only use it for display, then you don't need to decode it. Also, what do you mean it doesn't support the Turkish charset? Does it mangle some of the chars? You are using it so that you don't get markup
RE: [PHP] Re: XSS Preventing.
Thanks for response. But if I use before display there is charset problems occurs. And htmlentities does not support Turkish Charset. How can I decode data after pass thought htmlentities. Thanks. -Original Message- From: Shawn McKenzie [mailto:nos...@mckenzies.net] Sent: 22 June 2009 23:27 To: php-general@lists.php.net Subject: [PHP] Re: XSS Preventing. Caner BULUT wrote: > Hi Guys, > > > > I have a question if you have any knowledge about this please let me know. > > > > I getting data from a form with POST method like following. > > > > $x = htmlentities($_POST['y']); > > . > > > > After getting all form daha I save them into DB, I used > mysql_real_escape_string. > > > > I have an page which show the information that I have save into DB. But If I > don't use html_entity_decode, there will encodding and charset problems. I > can't set htmlentities charset parameters because this function does not > have Turkish Charset support. > > > > The question is that, after saving data into DB with using htmlentities, in > the information page if I use html_entity_decode function still there is an > > XSS risk or not? . html_entity_decode function get back all risk again? > > > > Please help. > > > > Thanks. > > Caner. > > Don't htmlentiies() before DB save. In general: - mysql_real_escape_string() before DB insertion - htmlentities() before dispaly -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] XSS Preventing.
Hi Guys, I have a question if you have any knowledge about this please let me know. I getting data from a form with POST method like following. $x = htmlentities($_POST['y']); . After getting all form daha I save them into DB, I used mysql_real_escape_string. I have an page which show the information that I have save into DB. But If I don't use html_entity_decode, there will encodding and charset problems. I can't set htmlentities charset parameters because this function does not have Turkish Charset support. The question is that, after saving data into DB with using htmlentities, in the information page if I use html_entity_decode function still there is an XSS risk or not? . html_entity_decode function get back all risk again? Please help. Thanks. Caner.
Re: [PHP] resubmit form after validation error
Hi PJ,
You can use the structure following
$bid = htmlentities($_GET['id']);
if(empty($bid) {
$bid=0;
}
if(is_numeric($bid)) {
if($bid==0) {
do something
} else if($bid==1) {
do something
}
}
After this code there will always a number, If the id variable is 0, bid
will be 0 and you can control it.
Thanks.
Caner.
2009/6/22 PJ
> Hi Caner,
> Thanks for the input. I'm not sure that would do it as the first
> instruction on the page is :
> $bid = $_GET['id'] ;
>
> thus, the page cannot even be loaded if there is no id in the uri - it
> generates a number of errors.
> In order to use the feature of editing, I use a search page and then set
> up an href to the edit page with the id of the item to be edited.
> I finally figured out to do the action="another_page.php" and with
> slight modifications to the form, things finally work.
> And, to delete the item (all records related to the item), I set up 2
> submits - 1 to "update.php" and one to "delete.php"
> Maybe it's all cumbersome and maybe it is possible to streamline the
> whole process, but then it does work and I am just learning... :-)
> Thanks again.
> PJ
>
>
>
> Caner BULUT wrote:
> > Hi,
> >
> > You can use a variable to that. Like following. Example if the variable
> is 1
> > you start to processing form input.
> >
> > Example
> >
> > > }
> >
> > Thanks.
> > Caner.
> >
> >
> > -Original Message-
> > From: PJ [mailto:af.gour...@videotron.ca]
> > Sent: 20 June 2009 22:55
> > To: php-general@lists.php.net
> > Subject: [PHP] resubmit form after validation error
> >
> > I'm having a bit of a time figuring out how to resubmit a form after
> > obligatory field missing error.
> > The problem is that the page is accessed from a search page href where
> > the uri is like = file.php$=123.
> > Since the method="post" action="file.php?= does
> > not work nor does PHP_SELF, I have set the action="otherfile.php". All
> > is well, if all fields are properly entered, but if there is an error,
> > how to resubmit the form for correction and resubmission without using
> > js or functions or redoing it all from scratch?
> >
> >
>
>
> --
> Hervé Kempf: "Pour sauver la planète, sortez du capitalisme."
> -
> Phil Jourdan --- p...@ptahhotep.com
> http://www.ptahhotep.com
> http://www.chiccantine.com/andypantry.php
>
>
RE: [PHP] resubmit form after validation error
Hi, You can use a variable to that. Like following. Example if the variable is 1 you start to processing form input. Example mailto:af.gour...@videotron.ca] Sent: 20 June 2009 22:55 To: php-general@lists.php.net Subject: [PHP] resubmit form after validation error I'm having a bit of a time figuring out how to resubmit a form after obligatory field missing error. The problem is that the page is accessed from a search page href where the uri is like = file.php$=123. Since the method="post" action="file.php?= does not work nor does PHP_SELF, I have set the action="otherfile.php". All is well, if all fields are properly entered, but if there is an error, how to resubmit the form for correction and resubmission without using js or functions or redoing it all from scratch? -- Hervé Kempf: "Pour sauver la planète, sortez du capitalisme." - Phil Jourdan --- p...@ptahhotep.com http://www.ptahhotep.com http://www.chiccantine.com/andypantry.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Search/Replace in entire database?
Hi Chris, MySQL introduced full - text indexing and searching capabilities back in version 3.23.23. The implementation is straightforward and easy to use — define a FULLTEXT index and use MATCH / AGAINST in the query. Consider this example: CREATE TABLE SOCIAL_EVENT ( EVENT_ID INTEGER UNSIGNED NOT NULL AUTO_INCREMENT, USER_ID INTEGER UNSIGNED NOT NULL, HEADLINE TEXT NOT NULL, EVENT_TEXT TEXT NOT NULL, EVENT_DATE TIMESTAMP NOT NULL, PRIMARY KEY (EVENT_ID), FOREIGN KEY (USER_ID) REFERENCES SOCIAL_USER(USER_ID), FULLTEXT INDEX (HEADLINE, EVENT_TEXT) ) ENGINE=MyISAM DEFAULT CHARACTER SET latin1 COLLATE latin1_general_cs AUTO_INCREMENT=0; Thanks. Caner 2009/6/15 Chris Payne > Hi everyone, > > I am in the middle of creating an editor where you can search and > replace on an individual column in a single table then I came across > something I need to be able to do but not sure how. > > Is it posible (And if so please how :-) to search an entire database > and all tables within a database and do a find/replace on keywords > without having to specify each table/column within that table? > > The people I am working for have made some big changes and one of them > is changing the names of one of their products, but this product name > appears EVERYWHERE in many tables and in lots of different column > names, and it would save so much time if I could do a single query > that would just search EVERYTHING within the database. > > Thanks for any advice you can give me. > > Regards > > Chris Payne > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
