Re: [PHP] Convert deprecated POSIX functions into wrappers for equivalent PCRE functions

2009-11-08 Thread Eddie Drapkin 
On Sun, Nov 8, 2009 at 4:13 PM, Tony Marston
 wrote:
> That's an amateur fudge, not a professional fix. Besides, what happens if
> your hosting company won't let you install PECL extensions?
>
> --
> Tony Marston
> http://www.tonymarston.net
> http://www.radicore.org
>
> "Eddie Drapkin"  wrote in message
> news:68de37340911081209p45577d46r70a3c194f1079...@mail.gmail.com...
>> On Sun, Nov 8, 2009 at 2:47 PM, Tony Marston
>>  wrote:
>>> "It is for the better"? How can you justify that? It is a problem that
>>> will
>>> cause a lot of headaches for a lot of users, yet the solution which I
>>> have
>>> proposed will remove that problem with only very little effort, yet still
>>> leave only one regex engine which has to be supported in PHP 6.
>>>
>>> You have to balance out the small bit of effort required in implementing
>>> this solution against the huge amount of effort required in changing
>>> thousands, if not millions of scripts.
>>>
>>> For the PHP developers to say "we can't be bothered to update the POSIX
>>> functions to deal with unicode, so we've decided to drop them from PHP
>>> entirely even though it will break lots of scripts" will not go down well
>>> in
>>> userland.
>>>
>>>
>>> --
>>> Tony Marston
>>> http://www.tonymarston.net
>>> http://www.radicore.org
>>>
>>> "John Black"  wrote in message
>>> news:4af70120.1040...@network-technologies.org...
>>>> The same can be said about the removal of magic_quotes(), it will break
>>>> A
>>>> LOT of old scripts.
>>>> I am in the same boat, I did not keep up to date with the PHP developer
>>>> plans and just found out about ereg when I installed PHP 5.3.
>>>>
>>>> I think it was handled properly by displaying warning messages before
>>>> actually removing it. It will give people enough time to update their
>>>> scripts or weed out the old and insecure scripts.
>>>>
>>>> Yes, it will create some headache but, AFAIK, it is for the better.
>>>>
>>>> --
>>>> John
>>>> Intelligent Life
>>>> http://xkcd.com/638/
>>>
>>>
>>>
>>> --
>>> PHP General Mailing List (http://www.php.net/)
>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>
>>>
>>
>> The plan, as far as I am aware, is to move POSIX regular expressions
>> into PECL as of PHP6.  If you can fix your scripts by simply running
>> "pecl install ereg" what's all the hee-hawing about?
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Then you've got several options:
1) Don't upgrade PHP.
2) Pick a different hosting provider.
3) Fix your scripts.

You talk about a "professional" fix.  The right fix is to remove the
depracated elements from your scripts before upgrading PHP, which
realistically shouldn't be that big of a deal for the vast majority of
expressions.  Rather than accept the change and just fix your scripts,
you propose a problem that breaks a lot of other things and introduces
way more problems than it solves.

You're not the first person to post this exact same tantrum on this
list and the response has always been: fix your scripts or don't
upgrade.  Seeing as PHP 6 is a long ways away you've got plenty of
time to fix your scripts and it's not like this is being sprung
overnight, so do the real professional thing and upgrade your scripts,
if you want to upgrade (when 6 is released).  Breaking BC happens.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Convert deprecated POSIX functions into wrappers for equivalent PCRE functions

2009-11-08 Thread Eddie Drapkin 
On Sun, Nov 8, 2009 at 2:47 PM, Tony Marston
 wrote:
> "It is for the better"? How can you justify that? It is a problem that will
> cause a lot of headaches for a lot of users, yet the solution which I have
> proposed will remove that problem with only very little effort, yet still
> leave only one regex engine which has to be supported in PHP 6.
>
> You have to balance out the small bit of effort required in implementing
> this solution against the huge amount of effort required in changing
> thousands, if not millions of scripts.
>
> For the PHP developers to say "we can't be bothered to update the POSIX
> functions to deal with unicode, so we've decided to drop them from PHP
> entirely even though it will break lots of scripts" will not go down well in
> userland.
>
>
> --
> Tony Marston
> http://www.tonymarston.net
> http://www.radicore.org
>
> "John Black"  wrote in message
> news:4af70120.1040...@network-technologies.org...
>> The same can be said about the removal of magic_quotes(), it will break A
>> LOT of old scripts.
>> I am in the same boat, I did not keep up to date with the PHP developer
>> plans and just found out about ereg when I installed PHP 5.3.
>>
>> I think it was handled properly by displaying warning messages before
>> actually removing it. It will give people enough time to update their
>> scripts or weed out the old and insecure scripts.
>>
>> Yes, it will create some headache but, AFAIK, it is for the better.
>>
>> --
>> John
>> Intelligent Life
>> http://xkcd.com/638/
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

The plan, as far as I am aware, is to move POSIX regular expressions
into PECL as of PHP6.  If you can fix your scripts by simply running
"pecl install ereg" what's all the hee-hawing about?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Carriage Returns

2009-11-08 Thread Eddie Drapkin 
On Sun, Nov 8, 2009 at 11:40 AM, John List  wrote:
> Dan Shirah wrote:
>>
>> Hello all,
>>
>> Basically I have a form with a .  The user can enter up to 5,000
>> characters in this text area.
>>
>> If the user just types text like: This is a test.
>>
>> And saves it, there's no problem.
>>
>> However if the user types:
>>
>> This
>>
>> Is
>>
>> A
>>
>> Test
>>
>> And saves it, the insert bombs.
>>
>> I've tried using nl2br($text) and str_replace("\r","#CR",$text) to convert
>> the carriage returns, but it still crashes.
>>
>> I'm using an informix database and the column is: my_text    CHAR(5000)
>>
>> Any ideas why it crashes any time there is a carriage return in the text
>> area?
>>
>> Thanks,
>> Dan
>
> João Cândido de Souza Neto wrote:
>>
>> Are you using nl2br to convert before recording or after?
>>
>>
>
> This is probably an Informix problem or a problem with your interface to
> Informix. (I say that because I store textarea data with embedded newlines
> all the time in MySQL using the PHP mysql_ functions.)
>
> What interface are you using? ODBC?
>
> What errors do you get from Informix when it bombs?
>
> I'm guessing an embedded CR or LF character is breaking something as it's
> being passed to Informix. As João implies, if you really are changing these
> to break tags, you shouldn't have a problem. So you might try outputting the
> results of your conversion to your PHP error log before you pass it to
> Informix.
>
> You may find more help on an Informix list.
>
> John
>
>
>
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
It's probably worthwhile to note that nl2br does NOT replace \n and/or
\r with  but rather puts a  before the newline
character(s).  Try str_replace("\r", '', $post_field).

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] OO method inside a variable

2009-11-04 Thread Eddie Drapkin 
On Wed, Nov 4, 2009 at 4:36 PM,   wrote:
> Hi everybody,
> i'm trying to apply a method to an object getting its name from a variable,
> that i obtain parsing an XML file.
>
> For example:
>
> $object = new Class;
> $method = "row()"; #I'm getting this from the XML parser
> $object->$method; #I've an error here...
>
> Obviously the method inside the class exists.
> How can i do it?
> Thanks a lot in advance.
>
> Simone Nanni
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Use call_user_func() and call_user_func_array() with the callback format:

array($instance, 'method'); for instance methods or
array('class_name', 'method'); for static methods

so you'd want:

$obj = new Class();
$method = "row";
call_user_func(array($obj, $method));

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Assignment in Conditional - How are they evaluated?

2009-10-29 Thread Eddie Drapkin 
On Thu, Oct 29, 2009 at 10:23 AM, Martin Scotta  wrote:
> On Thu, Oct 29, 2009 at 11:11 AM, Robert Cummings wrote:
>
>> Ashley Sheridan wrote:
>>
>>> On Thu, 2009-10-29 at 13:58 +, Mark Skilbeck wrote:
>>>
>>>  How is the following evaluated:

 [code]
 if ($data = somefunc()) ...
 [/code]

 Ignoring the 'assignment inside condition' arguments, is the return value
 of somefunc() assigned to $data, and then $data's value is evaluated (to
 true or false), or is the actual assignment tested (does the assignment
 fail, etc)?


>>>
>>> I believe that it determines if the return value of somefunc() is
>>> non-false. It will have the added benefit then that you can use the
>>> return value afterwards if it was, for example, not true, but a string
>>> or something instead.
>>>
>>
>> I do this all the time... an example is the following:
>>
>> >
>> if( ($user = get_current_user()) )
>> {
>>    // Yay, we have a user... do something.
>>    echo $user->name();
>> }
>> else
>> {
>>    // Handle no current user.
>>    echo 'Anonymous';
>> }
>>
>> ?>
>>
>> Cheers,
>> Rob.
>> --
>> http://www.interjinn.com
>> Application and Templating Framework for PHP
>>
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
> There is a situation when common-sense can fail...
>
> if( $a && $b = do_something() )
>
> The problem here is the precedence between && and =
> The correct sentence will be...
>
> if( $a && ($b = do_something()) )
>
> C coders knows this behaviour very well.
>
> cheers,
>  Martin Scotta
>
>
>
> --
> Martin Scotta
>

Assignment operations in PHP have the "side effect" of returning the
assignment.  For example:

function return_false() {
  return false;
}

var_dump(return_false()); //bool(false);
var_dump($a = return_false()); //bool(false);
var_dump($a = 1); // int(1)
var_dump($a = "hello world!"); //string...

So the same thing that allows you to do:

$a = $b = $c = $d = 154;

which works because "$d = 154" returns 154, which is assigned to $c,
which returns 154... is how assignment in conditionals or looping
works:
if($a = return_false()) { }
var_dump($a); //bool(false)

if($a = "hello") {}
var_dump($a); //string, "hello"

So what's really happening is the return value of the expression "$a =
" is evaluated and that's used to determine the truth of the
conditionality.  if($a = return_false()) is exactly the same thing as
if(return_false()) save for you "capture" the output of the function,
rather than just allow the conditional operator to see it.  It's
functionally equivalent to $a = return_false(); if($a) {} but it's
important to understand that __assigning a variable to a value in PHP
is an expression with a return value___ and that return value is the
value that you assigned to the variable.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] (nginx) fcgi+PHP+memcache on RedHat: Class 'Memcache' not found...

2009-10-26 Thread Eddie Drapkin 
On Mon, Oct 26, 2009 at 12:22 PM, Tom Barrett  wrote:
> 2009/10/26 Eddie Drapkin :
>> On Mon, Oct 26, 2009 at 11:59 AM, Tom Barrett  wrote:
>>> 2009/10/26 Eddie Drapkin :
>>>> On Mon, Oct 26, 2009 at 11:45 AM, Tom Barrett  wrote:
>>>>> Hello
>>>>>
>>>>> I have installed:
>>>>>  - libevent
>>>>>  - libmemcached (http://tangent.org/552/libmemcached.html)
>>>>>  - Done a PECL installation (pecl download memcached, phpize &&
>>>>> ./configure && make)
>>>>>  - memcached
>>>>>
>>>>>> cat /etc/php.d/memcached.ini
>>>>> ; Memcached default settings
>>>>> extension=memcache.so
>>>>>
>>>>>> ls -1  /usr/lib64/php/modules/memcache*
>>>>> /usr/lib64/php/modules/memcached.so
>>>>> /usr/lib64/php/modules/memcache.so
>>>>>
>>>>>> memcached -h
>>>>> memcached 1.2.6
>>>>> ...
>>>>>
>>>>>> php -v
>>>>> PHP 5.1.6 (cli) (built: Feb 26 2009 07:01:12)
>>>>> Copyright (c) 1997-2006 The PHP Group
>>>>> Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
>>>>>
>>>>>
>>>>> /var/www/php_fcgi_memcache> cat memcache.php
>>>>> >>>> $memcache = new Memcache;
>>>>> print_r($memcache);
>>>>> ?>
>>>>>
>>>>> /var/www/php_fcgi_memcache> php memcache.php
>>>>> PHP Fatal error:  Class 'Memcache' not found in
>>>>> /var/www/php_fcgi_memcache/memcache.php on line 2
>>>>>
>>>>> Memcached is working fine (being use by Perl quite happily).
>>>>>
>>>>> PHP/FCGI is working OK and phpinfo() shows:
>>>>> memcached support enabled
>>>>> Version 1.0.0
>>>>> libmemcached version 0.34
>>>>> Session support yes
>>>>>
>>>>> Any pointers in the right direction would so very much appreciated.
>>>>>
>>>>> --
>>>>> PHP General Mailing List (http://www.php.net/)
>>>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>>>
>>>>>
>>>>
>>>> Try instantiating a Memcached instance, not a Memcache instance.
>>>> They're two different PECL extensions!
>>>
>>> Hi
>>>
>>> That just auto-instantiates an empty object?
>>>
>>>> cat memcached.php
>>> >> $memcache = new Memcached;
>>> print_r($memcache);
>>> ?>
>>>
>>>> php memcached.php
>>> Memcached Object
>>> (
>>> )
>>>
>>> I have used the $m=new Memcache; syntax on another server, which works fine.
>>>
>>> Or have I mixed up my libraries somehow?
>>>
>>
>> They're actually two different classes from two different PECL
>> extensions.  Memcached is the newer (imo better) extension written by
>> Andrei (at digg) to use libmemcached.  Memcache is the older, entirely
>> custom (no external deps) PECL extension that's been around forever.
>> So, I'm guessing you have Memcache on one machine and Memcached on
>> another.  They have slightly different APIs, so I'd make sure you're
>> aware of which one you're using.  :)
>
> Thanks
>
> Any chance you could show me the way?
>
> This is how I installed the PECL extension:
>
>> pecl download memcached
>> tar zxf memcached-1.0.0.tgz
>> cd memcached-1.0.0
>> phpize
>> ./configure
>> make
>> make install
>
> Does that look like the right one? Did I miss something?
>

That'll install the Memcached extension, which is the one I'd usually
recommend and the one that I use.  I don't see anythign wrong with
using that one or that way of installing it, but I was just saying
that the method names and parameters are different from the older
extension and to just be aware of that.

Old extension: http://us2.php.net/manual/en/book.memcache.php
New extension: http://us2.php.net/manual/en/book.memcached.php

The naming confusion is unnecessary but it exists so there's not
really too much you can do about it :P

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] (nginx) fcgi+PHP+memcache on RedHat: Class 'Memcache' not found...

2009-10-26 Thread Eddie Drapkin 
On Mon, Oct 26, 2009 at 11:59 AM, Tom Barrett  wrote:
> 2009/10/26 Eddie Drapkin :
>> On Mon, Oct 26, 2009 at 11:45 AM, Tom Barrett  wrote:
>>> Hello
>>>
>>> I have installed:
>>>  - libevent
>>>  - libmemcached (http://tangent.org/552/libmemcached.html)
>>>  - Done a PECL installation (pecl download memcached, phpize &&
>>> ./configure && make)
>>>  - memcached
>>>
>>>> cat /etc/php.d/memcached.ini
>>> ; Memcached default settings
>>> extension=memcache.so
>>>
>>>> ls -1  /usr/lib64/php/modules/memcache*
>>> /usr/lib64/php/modules/memcached.so
>>> /usr/lib64/php/modules/memcache.so
>>>
>>>> memcached -h
>>> memcached 1.2.6
>>> ...
>>>
>>>> php -v
>>> PHP 5.1.6 (cli) (built: Feb 26 2009 07:01:12)
>>> Copyright (c) 1997-2006 The PHP Group
>>> Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
>>>
>>>
>>> /var/www/php_fcgi_memcache> cat memcache.php
>>> >> $memcache = new Memcache;
>>> print_r($memcache);
>>> ?>
>>>
>>> /var/www/php_fcgi_memcache> php memcache.php
>>> PHP Fatal error:  Class 'Memcache' not found in
>>> /var/www/php_fcgi_memcache/memcache.php on line 2
>>>
>>> Memcached is working fine (being use by Perl quite happily).
>>>
>>> PHP/FCGI is working OK and phpinfo() shows:
>>> memcached support enabled
>>> Version 1.0.0
>>> libmemcached version 0.34
>>> Session support yes
>>>
>>> Any pointers in the right direction would so very much appreciated.
>>>
>>> --
>>> PHP General Mailing List (http://www.php.net/)
>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>
>>>
>>
>> Try instantiating a Memcached instance, not a Memcache instance.
>> They're two different PECL extensions!
>
> Hi
>
> That just auto-instantiates an empty object?
>
>> cat memcached.php
>  $memcache = new Memcached;
> print_r($memcache);
> ?>
>
>> php memcached.php
> Memcached Object
> (
> )
>
> I have used the $m=new Memcache; syntax on another server, which works fine.
>
> Or have I mixed up my libraries somehow?
>

They're actually two different classes from two different PECL
extensions.  Memcached is the newer (imo better) extension written by
Andrei (at digg) to use libmemcached.  Memcache is the older, entirely
custom (no external deps) PECL extension that's been around forever.
So, I'm guessing you have Memcache on one machine and Memcached on
another.  They have slightly different APIs, so I'd make sure you're
aware of which one you're using.  :)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] (nginx) fcgi+PHP+memcache on RedHat: Class 'Memcache' not found...

2009-10-26 Thread Eddie Drapkin 
On Mon, Oct 26, 2009 at 11:45 AM, Tom Barrett  wrote:
> Hello
>
> I have installed:
>  - libevent
>  - libmemcached (http://tangent.org/552/libmemcached.html)
>  - Done a PECL installation (pecl download memcached, phpize &&
> ./configure && make)
>  - memcached
>
>> cat /etc/php.d/memcached.ini
> ; Memcached default settings
> extension=memcache.so
>
>> ls -1  /usr/lib64/php/modules/memcache*
> /usr/lib64/php/modules/memcached.so
> /usr/lib64/php/modules/memcache.so
>
>> memcached -h
> memcached 1.2.6
> ...
>
>> php -v
> PHP 5.1.6 (cli) (built: Feb 26 2009 07:01:12)
> Copyright (c) 1997-2006 The PHP Group
> Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
>
>
> /var/www/php_fcgi_memcache> cat memcache.php
>  $memcache = new Memcache;
> print_r($memcache);
> ?>
>
> /var/www/php_fcgi_memcache> php memcache.php
> PHP Fatal error:  Class 'Memcache' not found in
> /var/www/php_fcgi_memcache/memcache.php on line 2
>
> Memcached is working fine (being use by Perl quite happily).
>
> PHP/FCGI is working OK and phpinfo() shows:
> memcached support enabled
> Version 1.0.0
> libmemcached version 0.34
> Session support yes
>
> Any pointers in the right direction would so very much appreciated.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Try instantiating a Memcached instance, not a Memcache instance.
They're two different PECL extensions!

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Is there any way to get all the function name being called in a process?

2009-10-23 Thread Eddie Drapkin 
There's xdebug, as mentioned, that'll do it as an extension.

What you REALLY probably are looking for is http://php.net/debug_backtrace

And what kind of reverse engineering would you be doing without
reflection? ( http://php.net/reflection ) ;]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Limit query/function time

2009-10-22 Thread Eddie Drapkin 
On Thu, Oct 22, 2009 at 4:14 PM, Philip Thompson  wrote:
> Hi all.
>
> I'm running into a random issue where sometimes it take several minutes (up
> to 10 or 15) to complete a query. According to 1 or 2 references, this may
> be a mysql bug. These links explain the similar problem I'm experiencing:
>
> http://forums.mysql.com/read.php?24,57257
> http://forum.percona.com/s/m/790/
>
> I did some testing yesterday and this 1 sql statement successfully queried
> (in milliseconds) approximately 50,000 times before it took several minutes
> to query, which hung all the other processes on the database. Because it
> occurs successfully so many times, I know the query is good.
>
> Is it possible to set a time limit on a single function in PHP? E.g., when I
> call mysql_query() and it takes 30 seconds, then quit processing that
> function and continue on. I know I could set_time_limit() to a specific
> time, but that would cause a fatal error... and I want to be able to catch
> it.
>
> Any thoughts on what direction I should go? Also, I'm going to do some
> research to see if a newer version of mysql has fixed this bug. We're
> running 5.0.45.
>
> Thanks,
> ~Philip
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

You could use ErrorException and catch that:
http://www.php.net/manual/en/class.errorexception.php
Or you could just set your own error handler:
http://www.php.net/manual/en/function.set-error-handler.php

Something I don't know if you've thought of that came to mind, though,
is the MySQL query cache.  It's entirely likely that you have a query
that takes several minutes to run, then is stored in query cache for
the next 50,000 iterations of the query.  Have you observed this same
behavior without the query cache enabled (it also looks like the bug
mentioned in the second link - the one that pertains to the 5.0.x
branch of mysql - has to do with an overly large query cache)?  Based
on that post, I'd guess that your next action would be to disable the
query cache and determine from there if it's a slow query or actually
the bug in MySQL.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Web Service Server in PHP

2009-10-21 Thread Eddie Drapkin 
On Wed, Oct 21, 2009 at 9:26 PM, Daniel Echalar  wrote:
> Hi,
>
> Does anybody knows a web services server based on PHP?
>
> The only one a see is Nusoap, but even for this one i can't find the webpage
> to see the documentation.
>
> by the way, i'm trying to develop an application using web services in PHP,
> any start point suggestion will be appreciated.
>
> thanks for the anwers!
>

Nanoweb is an HTTP server: http://nanoweb.si.kz/

I'm pretty sure this is exactly what you're looking for.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PEAR segfaulting

2009-10-19 Thread Eddie Drapkin 
On Mon, Oct 19, 2009 at 1:35 PM, Ashley M. Kirchner  wrote:
> Eddie Drapkin wrote:
>>
>> Have you tried running "pear upgrade pear"?
>
>   Yep, but I'll do it again for you to see:
>
> 
> pear -vvv upgrade pear
>
> Warning: file_exists(): Unable to find the wrapper "channel" - did you
> forget to enable it when you configured PHP? in PEAR/Downloader/Package.php
> on line 1510
>
> Warning: is_file(): Unable to find the wrapper "channel" - did you forget to
> enable it when you configured PHP? in PEAR/Downloader/Package.php on line
> 1520
>
> Warning: is_file(): Unable to find the wrapper "channel" - did you forget to
> enable it when you configured PHP? in PEAR/Downloader/Package.php on line
> 1520
> pear/PEAR: Skipping required dependency "pear/Archive_Tar" version 1.3.3,
> already installed as version 1.3.3
> pear/PEAR: Skipping required dependency "pear/Console_Getopt" version 1.2.3,
> already installed as version 1.2.3
> pear/PEAR: Skipping required dependency "pear/XML_Util" version 1.2.1,
> already installed as version 1.2.1
> skipping installed package check of "pear/pear", version "1.9.0" will be
> downloaded and installed
> Downloading "http://pear.php.net/get/PEAR-1.9.0.tgz";
> downloading PEAR-1.9.0.tgz ...
> Starting to download PEAR-1.9.0.tgz (291,634 bytes)
> .done: 291,634
> bytes
> Segmentation fault
> 
>
>
>   Like I said, it doesn't matter *WHAT* I try to install/upgrade, pear will
> always segfault.  PECL does not exhibit that behavior.
>
>
> --
> H | It's not a bug - it's an undocumented feature.
>  +
>  Ashley M. Kirchner <mailto:ash...@pcraft.com>   .   303.442.6410 x130
>  IT Director / SysAdmin                        .     800.441.3873 x130
>  Photo Craft Imaging                       .          2901 55th Street
>  http://www.pcraft.com . .  .    .       Boulder, CO 80301, U.S.A.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Try rebuilding PEAR manually.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PEAR segfaulting

2009-10-19 Thread Eddie Drapkin 
On Mon, Oct 19, 2009 at 1:28 PM, Ashley M. Kirchner  wrote:
> Thodoris wrote:
>>
>> Obviously something went wrong while installing PHP and you will have to
>> find this because this probably the reason pear segfaults.
>>
>> Did you run make test before installing? (makes sure everything went well)
>>
>> You know you don't need pear binary to use a pear's package right? (it's
>> pure PHP after all)
>
>   I know, I've been doing this for years.  This is a new machine, and the
> only one where I have PHP 5.3.0 installed on (all the rest are PHP 5.2.x and
> are all working fine.)  So at the moment I'm making the assumption it's
> something with 5.3.0 ...  I'm in the process of reinstalling it all from
> scratch again, see what happens.
>
>   It also doesn't help with you search Google and you find, according to
> them, some 36,000 hits to 'PEAR segmentation fault' ... obviously
> something's up.
>
>   -- A
>
> --
> H | It's not a bug - it's an undocumented feature.
>  +
>  Ashley M. Kirchner    .   303.442.6410 x130
>  IT Director / SysAdmin                        .     800.441.3873 x130
>  Photo Craft Imaging                       .          2901 55th Street
>  http://www.pcraft.com . .  .    .       Boulder, CO 80301, U.S.A.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


Have you tried running "pear upgrade pear"?

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] exec() confused by a specially crafted string

2009-10-12 Thread Eddie Drapkin 
On Mon, Oct 12, 2009 at 2:10 PM, Soner Tari  wrote:
> On Mon, 2009-10-12 at 13:21 -0300, Jonathan Tapicer wrote:
>> Confirmed, it also happens to me on Linux, PHP version:
>>
>> PHP 5.2.4-2ubuntu5.7 with Suhosin-Patch 0.9.6.2 (cli) (built: Aug 21
>> 2009 19:52:39)
>> Copyright (c) 1997-2007 The PHP Group
>> Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
>>
>> And adding a single character to the echoed string makes it work fine,
>> seems like a bug to me.
>
> Thanks, filed the bug report:
> http://bugs.php.net/bug.php?id=49847
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Confirmed (again) here:

PHP Version => 5.3.0
Build Date => Jul  1 2009 17:55:55

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Need unrounded precision

2009-10-11 Thread Eddie Drapkin 
On Fri, Jan 1, 2010 at 9:20 PM, Andre Dubuc  wrote:
> Hi,
>
> I need to extract the first digit after the decimal point from a number such
> as 28.56018, which should be '5'.
>
> I've tried a few methods to accomplish this. If I use 'ini_set' I would need
> to know the number of digits before the decimal (which, unfortunately, I
> would not have access to).
>
> Then I've tried:
>
> 
>        $elapsed = 28.56018;
>
>        $digit = round($elapsed, 1); // rounds result is '6'
>        $digit = number_format($elapsed, 1); // still rounds result to '6'
>
> ?>
>
> What I need is only the first digit after the decimal -- all the rest could
> be 'chopped' or discarded but without rounding the first digit after the
> decimal point.
>
> Is there any way of doing this?
>
> I'm stumped.
>
> Tia,
> Andre
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Try sprintf with a format of %0.1f.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Whacky increment/assignment logic with $foo++ vs ++$foo

2009-10-07 Thread Eddie Drapkin 
On Wed, Oct 7, 2009 at 11:36 AM, Tom Worster  wrote:
> just yesterday i was reading through this wonderful and very funny
> presentation:
>
>    http://talks.php.net/show/froscon08/0
>
> for me it really drove home the message (among others) that it makes sense
> to find out where the real gains can be made before investing your efforts
> in optimization.
>
>
>

This is a great talk / slideshow and definitely is a better way to
drive home the point that PHP execution speed is relatively
meaningless in terms of user experience.  Well, at least up to a
point...

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Whacky increment/assignment logic with $foo++ vs ++$foo

2009-10-07 Thread Eddie Drapkin 
On Tue, Oct 6, 2009 at 6:59 PM, Andrea Giammarchi  wrote:
>
>
>> So while we can debate computing considerations of today, tomorrow
>> those will be less important. That was the point I was making. Why
>> not focus on things that make significant difference and let the
>> insignificant fade into history.
>
> I tendentiously focus on all things able to make, all together, even more 
> significant difference.
>
> Some micro-optimization, used as common code style, can make the entire 
> application or the specific performance critical task, possible, even with an 
> embed language as PHP is.
>
> ++$i is not different, from my point of view, from a code where each 
> sequential push is performed via array_push($arr, $value) rather than $arr[] 
> = $value;
> Same is for all those loop such
> for($i = 0; $i < count($staticStack); $i++);
>
> for me alien, since I've always done
>
> for($i = 0, $length = count($staticStack); $i < $length; ++$i);
>
> or, even better, a core performed loop when I need values
> foreach($staticStack as $value);
>
> these are just examples, code style, whatever you want, and I'll never change 
> my style unless there is a valid reason and some bench able to demonstrate I 
> am wrong. I guess it's just a matter of point of views, but I cannot suggest 
> slower practice cause Moore said tomorrow that CPU will strike the 
> millisecond, 'cause on micro benchmarks, we can go faster, and that's it.
>
> Regards
>
> _
> Windows Live: Keep your friends up to date with what you do online.
> http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010


And thus we have ANOTHER problem with PHP micro-optimizations; the
proponents of using them are often misinformed or downright wrong
about them.  Two things you've mentioned in this thread, your count
method and using string concatenation vs. string interpolation (' v.
") what you've proposed is actually slower!

To wit:

I can write a test[1] that comes out with these results:
String concat time: 0.18807196617126
String interpolation time: 0.14288902282715
Where using " is faster than ' !  Common wisdom be damned!

Similarly another test [2] shows that your count() method is less than
microseconds faster per iteration.  Note that these tests are actually
run by codepad.org so I have no opportunity to fudge the results.

[1] http://codepad.org/J2PRycef
[2] http://codepad.org/7jFK9HHY

The amount of time you spend making your code less readable and
thinking about for microoptimizations, even if they are a habit, is
going to be entirely wasted when your micro-optimization habits are
rooted in falsehoods.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Whacky increment/assignment logic with $foo++ vs ++$foo

2009-10-06 Thread Eddie Drapkin 
On Tue, Oct 6, 2009 at 12:25 PM, Andrea Giammarchi  wrote:
>
> er ... tedd, whatever, usually ++i is faster in almost every language, and 
> even C developers could use these kind of micro optimizations.
>
> Speed, even in this SuperCPU era, is still relevant, we would not need 
> benchmark to compare programming languages for each purpose.
>
> Of course in a crappy application, the usage of ++i rather than i++ won't 
> make any difference, but specially for that kind of for loop where there is 
> absolutely no harm or side-effect using ++i rather than i++ ... if ++i could 
> be 0.0001% nobody have a valid reason to avoid it.
>
> Put in this way: I need to do the same thing, one could be better ... why on 
> earth should I use the other way?
>
> I just develop applications, where I can micro-optimize, I do it ... I have 
> never had speed problems, but maybe I am just lucky.
>
> Regards
>
>> Date: Tue, 6 Oct 2009 12:15:54 -0400
>> To: php-general@lists.php.net
>> From: tedd.sperl...@gmail.com
>> Subject: RE: [PHP] Whacky increment/assignment logic with $foo++ vs ++$foo
>>
>> At 3:56 PM +0200 10/6/09, Andrea Giammarchi wrote:
>> >  > Does these behaves exactly?
>> >>  for($i=0; $i<10; ++$i)
>> >>  for($i=0; $i<10; $i++)
>> >
>> >different benchmarks showed ++$i is usually faster than $i++
>>
>> "Faster" is a relative term that is becoming more meaningless each year.
>>
>> Considering that "speed" is increasing and "memory" prices are
>> dropping exponentially, both of those are becoming less and less
>> important in design considerations (my opinion).
>>
>> The speeds of the Crays of yesteryear we are now holding in our hands
>> as cell phones. The memory we are buying today is literally fractions
>> of a cent of the tens of thousands of dollars we spent some 20 years
>> ago.
>>
>> I venture to claim the time it took me to write this email (and for
>> you to read it) was longer than the total time saved between using
>> ++$i vs $i++ for all the php scripts in the world over the remaining
>> life span of PHP.
>>
>> Interesting "food for thought", huh?
>>
>> Cheers,
>>
>> tedd
>>
>> --
>> ---
>> http://sperling.com  http://ancientstones.com  http://earthstones.com
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>
> _
> Windows Live: Make it easier for your friends to see what you’re up to on 
> Facebook.
> http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_2:092009

The problem with PHP micro-optimizations like that or ' vs. " is that
PHP rarely bottlenecks a PHP/MySQL application (actually if you run a
dedicated box, see how often your CPU hits 100%, it won't be very
often for the vast majority of PHP/MySQL sites which are more likely
to be disk i/o bound than cpu bound).  The time spent in PHP (by PHP,
not by the database) for page generation is completely negligible and
invisible behind the overhead of network protocols for the vast
majority of sites or drowned in the performance killing of SQL.  I
would probably go so far as to say it doesn't matter how quickly your
PHP runs; you'd save as much time tuning one slow query as you would
micro-optimizing every line of your codebase.  Furthermore, the amount
of time micro-optimization takes up (going through old code, I mean)
could be better spent doing something that actually does increase your
performance, like implementing a search engine or memcached.  Going
forward, if you're aware that ++i and i++ are the same for your
application and ++i is a single php opcode faster (which I don't know
if it's even measurable, that difference), sure go ahead and use ++i
but it's certainly not worth serious thought or developer time.

My two cents.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How do YOU set default function/method params?

2009-10-05 Thread Eddie Drapkin 
On Mon, Oct 5, 2009 at 8:48 PM, Jim Lucas  wrote:
> Here is a problem that I have had for years now.  I have been trying to come 
> up
> with the perfect solution for this problem.  But, I have come down to two
> different methods for solving it.
>
> Here is the problem...
>
> 
> function sendEmail(
>    $to,
>    $from,
>    $subject,
>    $body,
>    $attachments=array(),
>    $headers=array()
>    ) { # I typically do not put each argument on seperate lines, but I ran
>        #out of width in this email...
>
>    # do something here...
>    mail(...);
>
> }
>
> sendEmail('j...@doe.com',
>    'maryk...@uhhh.net',
>    'Hi!',
>    'Check out my new pictures!!!',
>    $hash_array_of_pictures
>    );
>
> Now, we all have a function or method like this floating around somewhere.
>
> My question is, how do YOU go about setting the required entries of the 
> $headers
> array() ?
>
> I see three possible solutions.  I want to see a clean and simple solution.
>
> Here are my ideas so far:
>
> function sendEmail(
>    $to,
>    $from,
>    $subject,
>    $body,
>    $attachments=array(),
>    $headers=array()
>    ) { # I typically do not put each argument on seperate lines, but I ran
>        #out of width in this email...
>
>    if ( empty($headers['Date']) ) {
>        $headers['Date'] = date('c');
>    }
>    if ( empty($headers['Message-ID']) ) {
>        $headers['Date'] = md5($to.$subject);
>    }
>    # and the example goes on...
>
>    # do something here...
>    mail(...);
>
> }
>
> Or, another example.  (I will keep it to the guts of the solution now)
>
>    $headers['Date']       = empty($headers['Date']) ?
>                             date('c') : $headers['Date'];
>    $headers['Message-ID'] = empty($headers['Message-ID']) ?
>                             md5($to.$subject) : $headers['Message-ID'];
>
> OR, yet another example...
>
> $defaults = array(
>    'Date'       => date('c'),
>    'Message-ID' => md5($to.$subject),
> );
>
> $headers += $defaults;
>
> END of examples...
>
> Now, IMO, the last one is the simplest one and for me, I think it will be the
> new way that I solve this type of problem.
>
> But, my question that I put out to all of you is...
>
>        How would you solve this problem?
>
> TIA
>
> Jim Lucas
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

How does this look to you?

function sendEmail(
$to,
$from,
$subject,
$body,
$attachments=array(),
$headers=array()
) {
# I typically do not put each argument on seperate lines, but I ran
#out of width in this email...

$default_headers = array(
'Date' => date('c'),
'Message-ID' => md5($to.$subject)
);

   $headers = array_merge($default_headers, $headers);
   # and the example goes on...

   # do something here...
   mail(...);

}

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] strtotime strangeness

2009-10-04 Thread Eddie Drapkin 
On Sun, Oct 4, 2009 at 3:22 PM, Floyd Resler  wrote:
> Yeah, the ;Y" was a typo in my email.  That's what happens while trying to
> type while watching my Colts play!
>
> Thanks!
> Floyd
>

Go Colts!

At least you get to watch it, I have to follow along on sports sites!

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Where's my memory going?!

2009-09-29 Thread Eddie Drapkin 
On Tue, Sep 29, 2009 at 6:51 PM, Jim Lucas  wrote:
> Philip Thompson wrote:
>> On Sep 29, 2009, at 4:38 PM, Jim Lucas wrote:
>>
>>> Philip Thompson wrote:
 On Sep 28, 2009, at 4:40 PM, jeff brown wrote:

> Yes, that's the best way to clean up after yourself.  And you really
> should use that on anything you have sitting around daemon like.
>
> Jeff
>
> Philip Thompson wrote:
>> On Sep 28, 2009, at 4:27 PM, Ralph Deffke wrote:
>>> well this sound clearly to me like you are not freeing resultsets
>>> you are not going to use anymore. In long scripts you have to take
>>> care of this. on short scripts you can be a bit weak on that,
>>> because the resultsets are closed and freed on script ending.
>>>
>>> assumed u r using MySQL are u using mysql_free_result($result)
>>>
>>> goog luck
>>>
>>> ralph_def...@yahoo.de
>>>
>>>
>>> "Philip Thompson"  wrote in message
>>> news:9c0b9c4c-5e64-4519-862b-8a3e1da4d...@gmail.com...
 Hi all.

 I have a script that opens a socket, creates a persistent mysql
 connection, and loops to receive data. When the amount of specified
 data has been received, it calls a class which processes the data
 and
 inserts it into the database. Each iteration, I unset/destruct that
 class I call. However, the script keeps going up in memory and
 eventually runs out, causing a fatal error. Any thoughts on where to
 start to see where I'm losing my memory?

 Thanks in advance,
 ~Philip
>> I am not using mysql_free_result(). Is that highly recommended by all?
>> Thanks,
>> ~Philip

 I took your suggestions and made sure to clean up after myself. I'm
 running into something that *appears* to be a bug with
 mysql_free_result(). Here's a snippet of my db class.

 >>> class db {
    function fetch ($sql, $assoc=false)
    {
        echo "\nMemory usage before query: " . number_format
 (memory_get_usage ()) . "\n";
        $resultSet = $this->query($sql);
        echo "Memory usage after  query: " . number_format
 (memory_get_usage ()) . "\n";

        if (!$assoc) { $result = $this->fetch_row($resultSet); }
        else {
            $result = $this->fetch_array($resultSet);
            echo "Memory usage after  fetch: " . number_format
 (memory_get_usage ()) . "\n";
        }

        $this->freeResult($resultSet);
        echo "Memory usage after   free: " . number_format
 (memory_get_usage ()) . "\n";

        return $result;
    }

    function freeResult ($result)
    {
        if (is_resource ($result)) {
            if (!mysql_free_result ($result)) { echo "Memory could not
 be freed\n"; }
        }
        unset ($result); // For good measure
    }

    function fetch_row ($set) {
        return mysql_fetch_row ($set);
    }

    function fetch_array ($set) {
        return mysql_fetch_array ($set, MYSQL_ASSOC);
    }
 }

 // I seem to be losing memory when I call this
 $db->fetch($sql);
 ?>

 The result I get with this is...

 Memory usage before query: 6,406,548
 Memory usage after  query: 6,406,548
 Memory usage after  fetch: 6,406,548
 Memory usage after   free: 6,406,572

 As you may notice, the memory actually goes UP after the *freeing* of
 memory. Why is this happening?! What have I done wrong? Is this a bug?
 Any thoughts would be appreciated.

>>>
>>> First off, my question would be, is your query actually working?
>>> Because I
>>> would imagine that if you were getting results back from the DB, that
>>> the amount
>>> of memory being used would increase between step 1 & 2.
>>>
>>> Check to make sure that you are getting results.
>>
>> I'm confident the queries are working (there's many of them and I know
>> the data they're returning is correct), but they may not always be
>> returning results. The memory value does change in some instances...
>>
>> Memory usage before query: 5,138,372
>> Memory usage after  query: 5,138,396
>> Memory usage after   free: 5,138,556
>>
>> This was one that use fetch_row() instead of fetch_array(), but the same
>> difference. I did some searching around and I think it's a bug in PHP
>> and/or Zend Memory Management engine. As I mentioned in a previous post
>> about mysql_query() not allocating memory appropriately, I believe this
>> could quite possibly be the case. Several people have reported bugs
>> similar to this... unfortunately, they are marked as (erroneously?)
>> bogus or said it has been fixed (when, IMO, it has not).
>>
>> http://bugs.php.net/bug.php?id=40883
>> http://bugs.php.net/bug.php?id=28424
>> http://bugs.php.net/bug.php?id=41871
>>
>> I'm using version 5.2.6 on Fedora 8 and the bug still

Re: [PHP] Random Flash Movies

2009-09-20 Thread Eddie Drapkin 
On Sun, Sep 20, 2009 at 11:33 AM, Ashley Sheridan
 wrote:
> On Sun, 2009-09-20 at 11:30 -0400, Gary wrote:
>
>> A question was posted on another board that the poster wanted random flash
>> movies to display as the page is reloaded.  I posted the script below and
>> said I thought it could be adapted but that the echo would probably need to
>> change. Can someone offer some guidance on this?  Thanks
>>
>> Gary
>>
>> > //Chooses a random number
>> $num = Rand (1,6);
>> //Based on the random number, gives a quote
>> switch ($num)
>> {
>> case 1:
>> echo "";
>> break;
>> case 2:
>> echo "";
>> break;
>> case 3:
>> echo "";
>> break;
>> case 4:
>> echo "";
>> break;
>> case 5:
>> echo "";
>> break;
>> case 6:
>> echo "";
>> }
>> ?>
>>
>>
>>
>> __ Information from ESET Smart Security, version of virus signature 
>> database 4441 (20090919) __
>>
>> The message was checked by ESET Smart Security.
>>
>> http://www.eset.com
>>
>>
>>
>>
>>
>
> Call the movies 1.swf, 2.swf it will make it easier. If not, put them in
> an associative array. Then, once the random number has been chosen,
> output all the code needed for embedding the Flash player, and in-place
> of the movie clip name, put your variable. The switch above is
> unnecessary, as it will mean a lot of duplication.
>
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
>

What Ash said, something like:

$flashVids = array();
$flashVids[] = '/path/to/movie.swf';
$flashVids[] = '/different/path/movie.swf';
 //add any amount more

$randomMoviePath = $flashVids[array_rand($flashVids)];

echo "Random flash movie: " . $randomMoviePath;

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] moving to quad core

2009-09-15 Thread Eddie Drapkin 
On Tue, Sep 15, 2009 at 11:35 AM, Rahul S. Johari
 wrote:
>
>> On 9/15/09 10:54 AM, "Andres Gonzalez"  wrote:
>>
>>>
>> I have an application developed that uses alot of PHP. Currently, it is
>> running on a Ubuntu 8.04 , single core CPU host.  We are moving to a
>> quad core host for this application.
>>
>> Is there anything special that I need to do to configure PHP to run on a
>> quad core host? I noticed that my current single core system has PHP
>> configured with Thread Safety disabled (as reported from phpinfo()).
>> Does that need to be enabled to run in a multi-core environment?
>>
>> Any other suggestions for configuring PHP for multi-core use?
>
>
> Very interesting question indeed;
>
> I moved from a single-core to dual-core some time back, and recently moved
> from dual-core to quad-core. Never paid attention to the hyper-threading
> difference in the httpd process. Would definitely be interesting in seeing
> more information on this topic.
>
> ---
> Rahul Sitaram Johari
> Founder, Internet Architects Group, Inc.
>
> [Email] sleepwal...@rahulsjohari.com
> [Web]   http://www.rahulsjohari.com
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

In regards to thread-safe compilations of PHP, if you don't absolutely
know you need it, you don't need it.

Utilizing a multiple CPU server setup with PHP depends on how you're
using PHP.  If you're using FastCGI with a process pool, the number of
PHP processes is going to determine how many CPUs PHP uses, obviously
enough.  On a quad core machine, 2 FastCGI children in the pool are
only ever going to use 2 cores, while 4 processes has a higher
likelihood of utilizing the entire set of CPUs.  However, setting your
child process number too low can seriously impede your performance, so
there's some experimentation necessary to determine what's best for
your particular scenario, based on usage, server power, script
profiling, etc. but a good number to start with is (1.5 * # of logical
processors).

All of this necessarily changes if you're using Apache, of course.
Under the classic pre-fork model, Apache forks a new process to handle
a request every time the server is hit.  So, to utilize four cores,
Apache would have to serve four pages simultaneously, forking four
child processes.  Depending on your traffic and page generation time,
the amount of child Apache processes can pretty easily head up into
the hundreds, unless of course you have a lower MaxChildren set (which
I personally would recommend against because of Apache's huge glaring
vulnerability to SlowLoris).  Under the worker model, Apache forks up
to X processes, and each process handles a configurable amount of
requests before dying, so like FastCGI, you'd have to configure the
number of children to be run, although it's recommended (I hear, I'm
not too very familiar with Apache) to use a much higher number than
the amount of cores, several dozen perhaps.  Like I said, I'm not too
familiar with Apache, so I'd do some research and experimentation with
the number of child workers to give Apache.

I hope this helps :)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] APC - Upload progress problem. apc

2009-09-14 Thread Eddie Drapkin 
On Mon, Sep 14, 2009 at 5:39 AM, Phred White  wrote:
>
> Bummer... It looked so promising, but on Macs, Flash has to load the entire
> file into memory to upload! R. So, it isn't viable for big files
> (Gig +) if you need it to be cross platform.
>
> So now I am looking at perl of all things! If you have any ideas let me
> know. thanks for all your help so far.
>
> Phred
>

Honestly, uploading files that large over HTTP is probably a bad idea,
as some very important protocol features to support those filesizes
(resuming, pausing, etc.) are missing, even with a flash solution and
I'd look into the viability of something like FTP instead.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] APC - Upload progress problem. apc

2009-09-13 Thread Eddie Drapkin 
On Sun, Sep 13, 2009 at 9:38 PM, Phred White  wrote:
>
> On Sep 13, 2009, at 7:34 PM, Eddie Drapkin wrote:
>
>> On Sun, Sep 13, 2009 at 8:29 PM, Phred White 
>> wrote:
>>>
>>> On Sep 11, 2009, at 1:17 PM, Eddie Drapkin wrote:
>>>
>>>> On Fri, Sep 11, 2009 at 1:02 PM, Phred White 
>>>> wrote:
>>>>>
>>>>> Hey folks..
>>>>>
>>>>> Anybody ever use APC to show upload progress?
>>>>>
>>>>> It sounds really cool, but apc_fetch always returns false a value for
>>>>> uploads. I can apc_add something and fetch it, but not for uploads : (
>>>>> (set-up: php-apc 3.0.19, Apache2, php 5.2.10, no suhosin patch)
>>>>>
>>>>> There is little info to google on this, and I've been through it.
>>>>>
>>>>> I was hoping some hard core, tireless, php programmer just knew the
>>>>> answer.
>>>>>
>>>>> With high anxiety, Phred
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>> I recently had to do roughly the same thing (visual upload progress)
>>>> and I had done some research into APC.  What I learned was that the
>>>> upload tracking didn't work with FastCGI (which would have prevented
>>>> our switch to nginx, but not a deal breaker) and what broke the deal,
>>>> though, was the fact that APC's upload progress is apparently not
>>>> thread safe, so if person A is uploading a file and person B starts an
>>>> upload, you get a silent failure.  Which brings me to another point,
>>>> it seems to silently fail.
>>>>
>>>> Ultimately, I went with a flash based solution because the APC
>>>> solution had way too many problems to be really useful.  It's a nice
>>>> thought, but I wouldn't recommend it.  I know this isn't exactly what
>>>> you wanted, but I had a similar experience and thought I would share
>>>> :)
>>>
>>> Dang! You are exactly right - that isn't what I wanted to hear! : (
>>> But better to know now, then when my timeline is already used up.
>>>
>>> Did you write your own flash based solution, or use an canned one?
>>>
>>> Thanks, Phred
>>>
>>>
>>
>> I actually wound up using swfupload because of a friend's
>> recommendation and also because there's a nifty jQuery plugin for it.
>>
>> The project's main site: http://swfupload.org
>> The jQuery plugin I'm using:
>> http://blogs.bigfish.tv/adam/2009/06/14/swfupload-jquery-plugin/
>>
>> The *only* issue I could find with a flash based uploader (I don't
>> regard flash installation as an issue because we're a video based site
>> and well, if you're using our site to watch videos...) was there's an
>> as-of-yet unresolved bug in linux flash clients that locks a browser
>> until upload is completed.  Adobe's bug tracker seems to be down for
>> me at the moment, but if you really want the bug, let me know offlist
>> and I'll supply it later. :)
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
> Hey Eddie:
>
> One more question...
> I have an existing form that provides other data that need to be linked to
> the file upload. It looks like swfupload, just uploads all by its lonesome.
> I also need the javascript form validator to be triggered before any
> uploading occurs. Is this possible? You don't have to tell me how (though I
> wouldn't mind a few clues). I just want to know if it will meet my needs
> once i dig in.
>
> Thanks
>
>

That should all be possible.  I'd take a look at
http://demo.swfupload.org/v220/featuresdemo/index.php as that has most
of that happening on the page and you can bootleg some of their
example code :)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] APC - Upload progress problem. apc

2009-09-13 Thread Eddie Drapkin 
On Sun, Sep 13, 2009 at 8:29 PM, Phred White  wrote:
>
> On Sep 11, 2009, at 1:17 PM, Eddie Drapkin wrote:
>
>> On Fri, Sep 11, 2009 at 1:02 PM, Phred White 
>> wrote:
>>>
>>> Hey folks..
>>>
>>> Anybody ever use APC to show upload progress?
>>>
>>> It sounds really cool, but apc_fetch always returns false a value for
>>> uploads. I can apc_add something and fetch it, but not for uploads : (
>>> (set-up: php-apc 3.0.19, Apache2, php 5.2.10, no suhosin patch)
>>>
>>> There is little info to google on this, and I've been through it.
>>>
>>> I was hoping some hard core, tireless, php programmer just knew the
>>> answer.
>>>
>>> With high anxiety, Phred
>>>
>>>
>>>
>>>
>>
>> I recently had to do roughly the same thing (visual upload progress)
>> and I had done some research into APC.  What I learned was that the
>> upload tracking didn't work with FastCGI (which would have prevented
>> our switch to nginx, but not a deal breaker) and what broke the deal,
>> though, was the fact that APC's upload progress is apparently not
>> thread safe, so if person A is uploading a file and person B starts an
>> upload, you get a silent failure.  Which brings me to another point,
>> it seems to silently fail.
>>
>> Ultimately, I went with a flash based solution because the APC
>> solution had way too many problems to be really useful.  It's a nice
>> thought, but I wouldn't recommend it.  I know this isn't exactly what
>> you wanted, but I had a similar experience and thought I would share
>> :)
>
> Dang! You are exactly right - that isn't what I wanted to hear! : (
> But better to know now, then when my timeline is already used up.
>
> Did you write your own flash based solution, or use an canned one?
>
> Thanks, Phred
>
>

I actually wound up using swfupload because of a friend's
recommendation and also because there's a nifty jQuery plugin for it.

The project's main site: http://swfupload.org
The jQuery plugin I'm using:
http://blogs.bigfish.tv/adam/2009/06/14/swfupload-jquery-plugin/

The *only* issue I could find with a flash based uploader (I don't
regard flash installation as an issue because we're a video based site
and well, if you're using our site to watch videos...) was there's an
as-of-yet unresolved bug in linux flash clients that locks a browser
until upload is completed.  Adobe's bug tracker seems to be down for
me at the moment, but if you really want the bug, let me know offlist
and I'll supply it later. :)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] RE: [Formaldehyde] The Most Basic Ajax - PHP Error Debugger

2009-09-13 Thread Eddie Drapkin 
> Right, errors should never be exposed, and error_reporting should be 0 in 
> production but log function and the fact you can move Formaldehyde with the 
> application means it does not require extra effort.

No, display_errors should be turned off (with log_errors turned on)
and error_reporting should be set to whatever standard you're coding
to (preferably, E_ALL | E_STRICT, but a lot of people like to ignore
E_NOTICE's).

> In few words, if in production Formaldehyde constant is false, and it must be 
> false, nothing will be exposed.

So it's not zero configuration, then?

> You do not need to change your code if you configure properly the defined 
> constant while you can use what logs have to offers plus you'll have 1:1 
> production/development application

How do I configure a constant without changing code?  And I wasn't
aware that a 1:1 development:production environment was a desirable
thing.  Things like xdebug, display_errors, inclued, etc. should be
disabled for production and enabled for development.

> That simplicity is not offered so far by your suggested one as well, and 
> please tell me how quick could be an instant PHP error "on screen" during 
> tests or debug  rather than a log analysis but in any case, thanks for the 
> feedback.

Run "tail -f /path/to/your/php/error.log" and watch the error logs as
they're appended, if you need instant error notification.

Honestly, I'm sure it sounds like this by now but I'm not trying to
trash your application, but you've not done a very good job selling
it.  It looks like you took some keywords ("ajax", "zero
configuration", "portable", etc. etc.) and tried to apply them to your
project, without actually seriously describing what your project is.
As best I can tell, your project doesn't do much other than facilitate
php debugging with Firebug, which is a very niche thing to do and any
development cycle that I've been a part of has had no need to do such
things, so I'm still failing to see Formaldahyde's usefulness.  Maybe
I've missed something?

>
> This is the only serious analysis so far, and I am looking forward for 
> others, if any.
>
> Best Regards
>
>> The thing is, in a properly configured development environment, it's
>> local, so I can immediately read the logs, or just fire the script up
>> with xdebug, or the errors will get caught in the editor.  And I would
>> NEVER imagine publicly exposing error messages in a production
>> environment, so I'm just really confused as to what this offers, other
>> than some seemingly small benefit in readability, specifically in
>> firebug (and some other cruft that you really ought to remove, like
>> the X-Formaldehyde header).  And furthermore, this requires code
>> changes from development -> production, which is a problem I've always
>> had with FirePHP, too, as that information does not belong in a
>> production environment.  As far as support for shared hosting is
>> concerned, I've stated on this list several times that my firm opinion
>> is shared hosting is shooting yourself in the foot (especially as a
>> good VPS isn't that much more expensive, I'm paying $20/mo for mine).
>>
>> I think you best summed up why so many on this list think Formaldehyde
>> isn't a very useful product yourself: the errors are shown on the
>> client side.  In theory, a good development environment already
>> exposes this information to the developer and things should fail a lot
>> more gracefully than error output for the user.  You said that this
>> project is something that doesn't already exist, perhaps you should
>> consider that it doesn't exist because a sane development cycle
>> precludes Formaldehyde's usefulness?
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>
> _
> Show them the way! Add maps and directions to your party invites.
> http://www.microsoft.com/windows/windowslive/products/events.aspx

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] RE: [Formaldehyde] The Most Basic Ajax - PHP Error Debugger

2009-09-13 Thread Eddie Drapkin 
On Sun, Sep 13, 2009 at 5:01 PM, Andrea Giammarchi  wrote:
>
> Hosting support, since it is 100% php with zero dependencies and zero config 
> effort plus the ability do debug directly via console, unit testing via 
> Selenium and/or others, and it does not require manual error catch after the 
> generic problemi, since it will simply be showed on the client side.
>
> On the other hand, xdebug could offer a bit more such memory allocation, 
> something could require APD if integrated with Formaldehyde (and it could be 
> interesting, so I am not excluding I won't do it next release)
>
> Best Regards
>
> P.S. for others ... these kind of answers, questions, opinions, that IS what 
> I was expecting
>
>> Date: Sun, 13 Sep 2009 13:52:11 -0400
>> From: oorza...@gmail.com
>> To: pa...@quillandmouse.com
>> CC: php-general@lists.php.net
>> Subject: Re: [PHP] RE: [Formaldehyde] The Most Basic Ajax - PHP Error 
>> Debugger
>>
>> What does this offer that a real debugger, like xdebug, doesn't?
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>
> _
> Share your memories online with anyone you want.
> http://www.microsoft.com/middleeast/windows/windowslive/products/photos-share.aspx?tab=1

The thing is, in a properly configured development environment, it's
local, so I can immediately read the logs, or just fire the script up
with xdebug, or the errors will get caught in the editor.  And I would
NEVER imagine publicly exposing error messages in a production
environment, so I'm just really confused as to what this offers, other
than some seemingly small benefit in readability, specifically in
firebug (and some other cruft that you really ought to remove, like
the X-Formaldehyde header).  And furthermore, this requires code
changes from development -> production, which is a problem I've always
had with FirePHP, too, as that information does not belong in a
production environment.  As far as support for shared hosting is
concerned, I've stated on this list several times that my firm opinion
is shared hosting is shooting yourself in the foot (especially as a
good VPS isn't that much more expensive, I'm paying $20/mo for mine).

I think you best summed up why so many on this list think Formaldehyde
isn't a very useful product yourself: the errors are shown on the
client side.  In theory, a good development environment already
exposes this information to the developer and things should fail a lot
more gracefully than error output for the user.  You said that this
project is something that doesn't already exist, perhaps you should
consider that it doesn't exist because a sane development cycle
precludes Formaldehyde's usefulness?

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] RE: [Formaldehyde] The Most Basic Ajax - PHP Error Debugger

2009-09-13 Thread Eddie Drapkin 
What does this offer that a real debugger, like xdebug, doesn't?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] APC - Upload progress problem. apc

2009-09-11 Thread Eddie Drapkin 
On Fri, Sep 11, 2009 at 1:02 PM, Phred White  wrote:
> Hey folks..
>
> Anybody ever use APC to show upload progress?
>
> It sounds really cool, but apc_fetch always returns false a value for
> uploads. I can apc_add something and fetch it, but not for uploads : (
> (set-up: php-apc 3.0.19, Apache2, php 5.2.10, no suhosin patch)
>
> There is little info to google on this, and I've been through it.
>
> I was hoping some hard core, tireless, php programmer just knew the answer.
>
> With high anxiety, Phred
>
>
>
>

I recently had to do roughly the same thing (visual upload progress)
and I had done some research into APC.  What I learned was that the
upload tracking didn't work with FastCGI (which would have prevented
our switch to nginx, but not a deal breaker) and what broke the deal,
though, was the fact that APC's upload progress is apparently not
thread safe, so if person A is uploading a file and person B starts an
upload, you get a silent failure.  Which brings me to another point,
it seems to silently fail.

Ultimately, I went with a flash based solution because the APC
solution had way too many problems to be really useful.  It's a nice
thought, but I wouldn't recommend it.  I know this isn't exactly what
you wanted, but I had a similar experience and thought I would share
:)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] String scrambling

2009-09-10 Thread Eddie Drapkin 
On Thu, Sep 10, 2009 at 8:57 PM, Ron Piggott  wrote:
> Is there a function in PHP which scrambles strings?
>
> Example:
>
> $string = "Hello";
>
> Output might be: ehlol
>
> Ron

http://www.php.net/manual/en/function.str-shuffle.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] upgrade php4 to php5

2009-09-09 Thread Eddie Drapkin 
On Thu, Sep 10, 2009 at 2:51 AM, madunix  wrote:
> how can i upgrade my php4 to php5?
>
> [r...@intra /]# uname -a
> Linux intra 2.6.9-5.ELsmp #1 SMP Wed Jan 5 19:30:39 EST 2005 i686 i686
> i386 GNU/Linux
> /usr/local/apache/bin/apachectl stop
> cd /downloads/
> cd php-4.4.3
> ./configure --with-apxs2=/usr/local/apache/bin/apxs
> --with-mysql=/usr/local/mysql --with-zlib-dir=/usr/lib/
> --enable-versioning --enable-track-vars=yes
> --enable-url-includes--enable-sysvshm=yes --enable-sysvsem=yes
> --with-gettext --enable-mbstring --enable-ftp --enable-calendar
> --with-config-file-path=/etc --with-oci8=$ORACLE_HOME  --enable-soap
> --with-gd  --enable-xml --with-xml  --enable-sysvsem --enable-sysvshm
> --enable-sysvmsg --with-regex=system --with-png --with-ttf=/usr/lib
> --with-freetype=/usr/lib --enable-sigchild --with-openssl --with-iconv
> --with-dom
> make
> make install
> /usr/local/apache/bin/apachectl start
>
>
> what would be the best way to upgrade to php5?
> any modification should be done on php.ini?
>
> your input would be really appreciated?
>
> Thanks
> -mu
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


This might help:
http://php.net/manual/en/faq.migration5.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Performance of while(true) loop

2009-09-09 Thread Eddie Drapkin 
On Wed, Sep 9, 2009 at 10:53 PM, APseudoUtopia  wrote:
> On Wed, Sep 9, 2009 at 10:39 PM, Eddie Drapkin wrote:
>> On Wed, Sep 9, 2009 at 10:32 PM, APseudoUtopia  
>> wrote:
>>> Hey list,
>>>
>>> I have a php cli script that listens on a UDP socket and, when data is
>>> sent to the socket, the script inserts it into a database. I'm using
>>> the real BSD socket functions, not fsock.
>>>
>>> The script runs socket_create(), then socket_bind(). Then it starts a
>>> while(TRUE) loop. Within the loop, it runs socket_recvfrom(). I have
>>> it running 24/7 inside a screen window.
>>>
>>> I'm curious as to the cpu/memory/etc usage of a while(true) loop. The
>>> `top` command shows that the process is in the sbwait state (the OS is
>>> FreeBSD). I'm contemplating adding a usleep or even a sleep inside to
>>> loop. Would this be beneficial? I'm not too sure of how the internals
>>> of PHP work in terms of loops and such.
>>>
>>> Thanks.
>>>
>>> --
>>> PHP General Mailing List (http://www.php.net/)
>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>
>>>
>>
>> Is your socket blocking?  If so, what's the timeout?
>>
>> while(true) {
>>
>> //wait for socket timeout
>>
>> }
>>
>> is the same as:
>>
>> while(true) {
>>
>> //read nothing from socket and sleep
>>
>> }
>>
>> Without the usleep(), the loop is going to loop as fast as your CPU
>> will let it - meaning 100% CPU usage, all the time, at least in linux,
>> although I'm pretty sure BSD would behave the same.
>>
>> As far as I'm aware, sockets in PHP behave almost identically to the
>> way that they behave in C.  I had an asynchronous TCP server written
>> with the socket_* functions and noticed that the while(true) loop used
>> 100% of the CPU because of the nonblocking sockets in use, but a
>> usleep() solved that quite easily.  Using blocking sockets with
>> socket_select and a sane timeout relieved the high CPU usage as well.
>>
>
> I believe it is blocking. Here's my socket_recvfrom:
> $Recv = socket_recvfrom($Socket, $Data, 512, MSG_WAITALL, $Name, $Port);
>
> So I think the the MSG_WAITALL is causing it to block until incoming
> data connection is closed (it never reaches the 512 byte mark before
> it echos the data). Here's the full script, minus the debugging/error
> catching stuff:
>
> $Socket = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP);
> $Bind = socket_bind($Socket, '127.0.0.1', 1223);
> while(TRUE){
> $Recv = socket_recvfrom($Socket, $Data, 512, MSG_WAITALL, $Name, $Port);
> print_r($Data);
> }
>
> As soon as the message is sent on the socket, it displays it. There's
> no delay until it builds up 512 bytes or anything. Also, I was playing
> around with ps and it looks like it's using 0% CPU, so I suppose it
> must be blocking.
>
> In the case that it is blocking, would it still be wise to throw a
> usleep in there just to be sure?
>
> Thanks.
>

MSG_WAITALL will block until 512 bytes of $Data has been received (or
a disconnect), so unless you're receiving a ridiculous amount of data
every iteration, forcing your CPU usage to be very high (which you've
said isn't the case :P) then there's no real reason to sleep every
while iteration.  The reason why you're not getting a delay is because
your "clients" are not maintaining an open connection to the socket,
so it'll output as soon as the remote client disconnects from your
"server".

I wouldn't necessarily say it's unwise or wise to sleep after every
iteration, but it would depend on what kind of latency you need from
your application, how much data it's receiving, etc. etc.  Another
thing you might want to consider about your design is that function,
as you're using it, blocks until those 512 bytes have been read, so if
a normal "request" (assuming a persistent connection) to your socket
is <512 bytes, it could potentially sit there and wait indefinitely
(not very likely).  As it is, though, your server blocks (or sleeps,
if you will) on the socket until a connection is made and it reads 512
bytes / the client disconnects, which seems to be doing well for your
usage.

The old adage "if it ain't broke, don't fix it" sort of applies here.
Your program idles about at 0% CPU usage most of the time, for now.
Until something changes, I'd leave it alone :)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Performance of while(true) loop

2009-09-09 Thread Eddie Drapkin 
On Wed, Sep 9, 2009 at 10:32 PM, APseudoUtopia  wrote:
> Hey list,
>
> I have a php cli script that listens on a UDP socket and, when data is
> sent to the socket, the script inserts it into a database. I'm using
> the real BSD socket functions, not fsock.
>
> The script runs socket_create(), then socket_bind(). Then it starts a
> while(TRUE) loop. Within the loop, it runs socket_recvfrom(). I have
> it running 24/7 inside a screen window.
>
> I'm curious as to the cpu/memory/etc usage of a while(true) loop. The
> `top` command shows that the process is in the sbwait state (the OS is
> FreeBSD). I'm contemplating adding a usleep or even a sleep inside to
> loop. Would this be beneficial? I'm not too sure of how the internals
> of PHP work in terms of loops and such.
>
> Thanks.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Is your socket blocking?  If so, what's the timeout?

while(true) {

//wait for socket timeout

}

is the same as:

while(true) {

//read nothing from socket and sleep

}

Without the usleep(), the loop is going to loop as fast as your CPU
will let it - meaning 100% CPU usage, all the time, at least in linux,
although I'm pretty sure BSD would behave the same.

As far as I'm aware, sockets in PHP behave almost identically to the
way that they behave in C.  I had an asynchronous TCP server written
with the socket_* functions and noticed that the while(true) loop used
100% of the CPU because of the nonblocking sockets in use, but a
usleep() solved that quite easily.  Using blocking sockets with
socket_select and a sane timeout relieved the high CPU usage as well.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] XML. Prevent < from turning into <

2009-09-09 Thread Eddie Drapkin 
On Wed, Sep 9, 2009 at 9:33 AM, Matthew Croud  wrote:
>
> On 9 Sep 2009, at 14:26, Bastien Koert wrote:
>
>> On Wed, Sep 9, 2009 at 5:27 AM, Matthew Croud
>> wrote:
>>>
>>> Hiya,
>>> I'm writing an app that let's my client upload images, the image html
>>> code
>>> is added to an XML file.
>>> Take a look at the  element below:
>>>
>>> 
>>>   e1022
>>>   
>>>   Blue Ski Trousers
>>>   8.99
>>>  
>>>
>>> Now, whenever PHP writes this to the XML files, it turns the < and > into
>>> < and > . which means it does not display on the webpage.  How can
>>> I
>>> prevent this from happening ?
>>>
>>> Many thanks,
>>> Matt
>>>
>>>
>>> --
>>> PHP General Mailing List (http://www.php.net/)
>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>
>>>
>>
>> str_replace?
>>
>>
>> --
>>
>> Bastien
>>
>> Cat, the other other white meat
>
>
> I've tried that but no matter what i do in the PHP side of things, as soon
> as I save that XML the conversion takes place.
> Should the XML be encoded in any way, is there a setting somewhere that
> prevents this ?
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Perhaps you'd be so kind as to share with us what code you're using to
generate the erroneous XML?

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Renaming a Directory

2009-09-08 Thread Eddie Drapkin 
On Wed, Sep 9, 2009 at 12:08 AM, Paul M Foster wrote:
> On Tue, Sep 08, 2009 at 05:39:43PM -0400, Floyd Resler wrote:
>
>> How can I rename a directory with files in it?  The rename function
>> gives me a "directory not empty" error.  I know I could do it be
>> creating the directory, moving the files, and then deleting the old
>> one.  Is there an easier way?
>
> It sounds like, underneath, rename() is creating a new directory and
> then attempting to delete the old one, ignoring the files in the
> original directory. In which case, you'll have to do it the long way--
> create a new directory, move the files, then delete the old directory.
>
> Oddly enough, I can't find a *nix command which will actually rename a
> directory. The man pages for mv, rename and such all refer only to
> files, not directories.
>
> Paul
>
> --
> Paul M. Foster
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

mv renames directories fine:
$ mkdir bar
$ touch bar/randomfile
$ mv bar foo
$ ls foo
randomfile

:)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Renaming a Directory

2009-09-08 Thread Eddie Drapkin 
On Tue, Sep 8, 2009 at 5:39 PM, Floyd Resler wrote:
> How can I rename a directory with files in it?  The rename function gives me
> a "directory not empty" error.  I know I could do it be creating the
> directory, moving the files, and then deleting the old one.  Is there an
> easier way?
>
> Thanks!
> Floyd
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Is there something wrong with `system("mv $oldName $newName");` ?

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How to take output from an include, and embed it into a variable?

2009-09-07 Thread Eddie Drapkin 
On Tue, Sep 8, 2009 at 12:35 AM, Rob Gould wrote:
> I have an invoice table that is drawn on a number of pages, so I have all
> the logic in an include-file like this:
>
> include "invoicetable_bottom.php";
>
>
> However, now I'm needing to take the output from that include file and pass
> it as an email.  To do that, I need to somehow take the output from this
> include file and get it into a variable somehow.  Is there a simple way to
> do this?
>
> Something like:  $emailtcontent = include "invoicetable_bottom.php"?
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Use output buffering and capture:
http://us3.php.net/manual/en/book.outcontrol.php

ob_start();
include 'stuff_that_makes_html.php';
$contents = ob_get_clean();

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Overwrite value of true or false in PHP

2009-09-07 Thread Eddie Drapkin 
On Mon, Sep 7, 2009 at 3:14 PM, Bobby Pejman wrote:
> Hi,
>
> I noticed that the following returns a 1.
>
> echo (1<2) ? True : False
>
> I was under the impression that true/false are of type boolean and not int.  
> But in php anything other than 0 translates to true, meaning a 1.  What I am 
> trying to achieve is for a 1 to be a 1 and a true or false to be a true and 
> false respectively and I do not want to put quotes around the word true/false 
> either because then it is no longer a boolean but string.
>
> Is it possible to overwrite php's true/false and declare them as boolean?  
> You often see in C++, some use Define().
>
> Thanks.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

It might be pertinent for you to read the section of the manual
dealing with type juggling:
http://us3.php.net/manual/en/language.types.type-juggling.php and the
various things linked therein.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Sorting an array of sub-arrays based on a sub-array's key

2009-09-06 Thread Eddie Drapkin 
On Sun, Sep 6, 2009 at 6:45 PM, James Colannino wrote:
> Hey everyone.  I have an array that looks like this:
>
> $main_array[0] = array('key1' => 'vala');
> $main_array[1] = array('key1' => 'valb');
> etc.
>
> I want to sort the main array based on the value of key1 for each
> sub-array.  I looked at all the array sorting functions, but unless I
> misunderstood something, I didn't see a direct way to do what I want.
>
> If there were a sorting function in which I could pass as an argument
> the name of a function that compares two elements like qsort in C, I
> could do it easily.  Is there a function like that in PHP?  If not, what
> should I do?
>
> Thanks everyone!
> James
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

http://us3.php.net/uasort

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Who kown this memcache_get_stats function ?

2009-09-05 Thread Eddie Drapkin 
On Sun, Sep 6, 2009 at 12:16 AM, hack988 hack988 wrote:
> Nobody Kown this?This is my second question in this mail-list :(.I
> don't kown why it's no reply by anybody.
>
> 2009/9/5 hack988 hack988 :
>> I found memcache_get_stats for memcached in some php code.
>> I'm search it at php.net's function list,but it no matched result :(.
>> I had found explain for Memcache::getStats()  at this link
>> http://www.php.net/manual/en/function.memcache-getstats.php
>> In this link,tell me that
>> ==
>> Also you can use memcache_get_stats() function.
>> ==
>> But I can't find memcache_get_stats function's explain in online manual.
>> Anybody can help me for using this function?Or give an more detail
>> link for this function?
>>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Having taken a quick gander at the manual, specifically
memcache_connect(), it appears that the memcache extension has a
procedural style API similar to the procedural style MySQLi API.

$db = mysqli_connect() and mysqli_query($db, ...) vs. $db = new
mysqli() and $db->query(), so $memc = memcache_connect() and
memcache_get_stats($memc) vs. $memc = new memcache and
$memc->get_stats();

Now, on another note, the Memcache extension is pretty old and crusty
and doesn't support a lot of the awesome functionality that's been
built into Memcached as of late.  Specifically, setting/getting a key
based on a specific server, CAS (which can be used to prevent race
conditions), and a whole bunch of other nice options (like a JSON
based serializer for cross-platform compatibility between Memcached
servers).  Instead, I would suggest you use the newer, shinier, more
featureful memcached extension ( http://php.net/memcached
http://pecl.php.net/package/memcached ).  Despite being so similarly
named, the Memcached extension is much better (and I believe faster).
The only disadvantage is that it has to be built with libmemcached (so
you have to have that installed, which could be a problem) and that it
only offers an object oriented API, but neither of those should be an
issue.

Have a look at PECL/Memcached and I wish you the best of luck in your
memcached deployment,  It's difficult, but it's a hell of a lot of fun
and a completely different way of viewing data in PHP.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Searching on AlphaNumeric Content Only

2009-09-04 Thread Eddie Drapkin 
On Fri, Sep 4, 2009 at 12:02 PM, Lupus
Michaelis wrote:
> Ashley Sheridan a écrit :
>
>> You'll have far greater performance issues if you retrieve all those
>> records and attempt to do the same thing inside of PHP...
>
>  It's why I speak about « avoiding » and not « bannishing ». Like can be
> usefull, I used to use it. But it is not the a good answer to all problems.
> The problem with like operator is it can't use the index (or in a very
> limited way). So I try to warn about it.
>
>  So said, I never submit an all-retrieving method. I know it isn't the
> solution too.
>
> --
> Mickaël Wolff aka Lupus Michaelis
> http://lupusmic.org
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

So far, in this thread, there've been a few solutions:
1) LIKE in SQL.
2) REGEXP in SQL.
3) PCRE in PHP
4) Other fetch all methods in PHP.

The one thing that I'm seeing as a consistent agreement is that the
performance hit of whichever of the aforementioned measures is going
to be enough to be considering something else.   I briefly mentioned -
I apologize for the brevity of that email because I was in a hurry -
that a legitimate full text search engine is the right solution to
this problem.  The only problem with deploying a full text search
engine is going to be the difficulty in the deployment and perhaps
issues if you're on shared hosting (but then again I am of the opinion
that those who choose to run with shared hosting dig their own graves
in more ways than one).

What a full text search engine gives you is flexibility in your
searches, such that the initial question, when I read it, I thought
"Oh, someone will tell him to use Sphinx or Solr as both have special
filters for word seperation and would handle this without any special
instruction."  Instead, this is never even brought up!

Why was using a full text search engine to do this sort of thing - not
to mention the other benefits that it would bring (responsiveness and
flexibility in searching, speed, decreased use of MySQL, etc. etc.) -
rejected so offhandedly?  I can't actually think of a better way to do
this without requiring a whole heap of overhead, either processing or
programming.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Searching on AlphaNumeric Content Only

2009-09-03 Thread Eddie Drapkin 
On Thu, Sep 3, 2009 at 3:17 PM, Ashley Sheridan 
wrote:
> On Thu, 2009-09-03 at 12:12 -0700, sono...@fannullone.us wrote:
>>       Thanks to everyone who has responded.  After reading everyone's
>> response, I think I have a very simple way to solve my "problem".
>>
>>       Using my original example, if someone wants to find item #
>> 4D-2448-7PS, no matter what they type in, I'll take the input, strip
>> out all non-alphanumeric characters to make it 4D24487PS, add the
>> wildcard character between each of the remaining characters like so,
>> 4*D*2*4*4*8*7*P*S, and then do the search.
>>
>>       Still being new at this, it seems to be the simplest approach, or is
>> my thinking flawed?  This also keeps me from having to add another
>> field in the db to search on.
>>
>>       BTW, this solution needs to work with any db, even ASCII files, so it
>> has to happen in PHP.
>>
>> Thanks again,
>> Frank
>>
> For speed you might want to consider an extra field in the DB in the
> future. If the database gets larger, or your query needs to join several
> tables together, then things will take a noticeable speed hit. I had a
> similar issue myself where I had to search for names based on
> mis-spellings of them. In the end I searched with metaphone tags on an
> extra field in the DB set up for that purpose, but it was the only way
> to do it that didn't affect the speed of the site.
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Has anyone considered deploying an actual search engine (Solr, Sphinx,
etc.), as they will take care of the stripping, stemming, spelling
corrections, etc?

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] OO and "Singleton" class

2009-09-01 Thread Eddie Drapkin 
On Tue, Sep 1, 2009 at 5:16 PM, Paul M Foster wrote:
>
> I'm a little fuzzy on some of the PHP implementation details for some
> stuff. In PHP (5 <= phpversion() < 5.3), I'd like a configuration class
> which can only effectively be instantiated once. Will the following code
> do this? Any other suggestions or corrections? (Code is untested. Feel
> free to complain about syntax.)
>
> class config
> {
>    private static $cfg;
>
>    // Initializes the configuration from main config file
>    function __construct()
>    {
>        if (!is_array(self::$cfg)) {
>            if (defined('CFGFILE')) {
>                include(CFGFILE);
>                self::$cfg = $config;
>            }
>            else
>                self::$cfg = array();
>        }
>    }
>
>    // Returns a config item or null if not found
>    function item($index)
>    {
>        if (array_key_exists($index, self::$cfg))
>            return self::$cfg[$index];
>        else
>            return null;
>    }
>
>    // Sets a config item, optionally overwriting.
>    // Returns true on success, false on failure.
>    function set($index, $value, $overwrite = true)
>    {
>        $write = false;
>        if (array_key_exists($index, self::$cfg) and $overwrite)
>            $write = true;
>        elseif (!array_key_exists($index, self::$cfg))
>            $write = true;
>        if ($write) {
>            self::$cfg[$index] = $value;
>            return true;
>        }
>        else
>            return false;
>    }
>
> };
>
> Paul
>
> --
> Paul M. Foster
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

The primary thing you need to do to make a class a singleton is
disallow the instantiation of a class directly.  Which means using
visibility, which is conspicuously absent from your example above.

So, to prevent normal instantiation, we make the constructor private.
Also, we need a method to retrieve the instance.  Static members serve
this purpose:

class Singleton {
  private static $instance;

  private function __construct() { }

  public static function getInstance() {
 if( ! self::$instance instanceof Singleton)  //replace Singleton
with class name
   self::$instance = new Singleton; //replace Singleton with class name

 return self::$instance;
  }

  public function __clone() {
throw new Exception('Cannot clone a Singleton');
  }
}

This class "shell" will prevent people from instantiating it ($foo =
new Singleton is an error).  Instead, deployment will look like `$foo
= Singleton::getInstance()` which, as you can tell, always returns the
same instance.   Throwing an exception out of __clone() will prevent
something like `$foo = Singleton::getInstance(); $bar = clone $foo;`
which is something I see overlooked a lot.

So, if you wanted to convert your full class to a singleton it would
look something like:

class config {
private static $instance;
private static $cfg;

private function __construct() {
if(!is_array(self::$cfg)) {
if(defined('CFGFILE')) {
include(CFGFILE);
self::$cfg = $config;
} else {
self::$cfg = array();
}
}
}

public function getInstance() {
if(!(self::$instance instanceof config)) {
self::$instance = new config();
}

return self::$instance;
}

public function __clone() {
throw new Exception("Cannot clone a Singleton.");
}

public function item($index) {
if(array_key_exists($index, self::$cfg))
return self::$cfg[$index];
else
return null;
}

   // Sets a config item, optionally overwriting.
   // Returns true on success, false on failure.
   function set($index, $value, $overwrite = true) {
$write = false;
if (array_key_exists($index, self::$cfg) and $overwrite) {
$write = true;
} elseif (!array_key_exists($index, self::$cfg)) {
$write = true;
}

if ($write) {
self::$cfg[$index] = $value;
return true;
} else {
   return false;
}
   }


}

Note that this is also completely untested or anything of the sort.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Fwd: Current PHP Global Network Statistics

2009-09-01 Thread Eddie Drapkin 
On Tue, Sep 1, 2009 at 2:12 PM, Daniel Brown wrote:
>    Guys and gals (particularly those of you interested in the trends
> and metrics of PHP), here's a forwarded copy of an email I just fired
> off to the mirrors around the world after completion of the first of
> three phases of an upgrade operation.  Where does your server stand?
> What about your development box(es)?  Please share your thoughts with
> the class.  ;-P
>
>
>
>
> -- Forwarded message --
> From: Daniel Brown 
> Date: Tue, Sep 1, 2009 at 14:05
> Subject: Current PHP Global Network Statistics
> To: PHP Mirrors List 
>
>
>    ALL:
>
>    As you may now already know, after completing the first phase of
> the upgrade operation, all mirrors are running PHP5.  Here is a
> breakdown of all versions, as well as some other statistics you may
> find interesting.
>
>    Overall:
>
>        Total Mirrors, World-Wide:        118
>        % of Mirrors with SQLite:          65.3%
>        % of Mirrors with Stats:            37.3%
>        % of Mirrors Running PHP5:     100.0%
>
>    By version:
>
>        5.0.3: 1
>        5.0.4: 1
>        5.1.1: 1
>        5.1.2: 2
>        5.1.6: 20
>        5.2.0: 8
>        5.2.1: 3
>        5.2.3: 2
>        5.2.4: 7
>        5.2.5: 2
>        5.2.6: 17
>        5.2.8: 12
>        5.2.9: 23
>        5.2.10: 12
>        5.3.0: 6
>        5.3.1: 1
>
>    Subject to deletion in Phase II: 5
>    Running development versions: 1
>
>    Content Age Sampling:
>
>        Oldest Mirror:                 963096 Seconds (NOTE: Disabled,
> Pending Delete)
>        Youngest Mirrors:           98 Seconds
>        Most Common Ages:      1891 Seconds, 3699 Seconds
>        Total Average Age:          26160.2 Seconds (7 Hours, 16 Minutes)
>        Adjusted Average Age:    18083.2 Seconds (5 Hours, 1 Minute)
>            [NOTE: Adjustment removes disabled mirror from calculation.]
>
>
>    Thanks again, as always, for everyone's hard work and dedication.
> We're looking forward to working with all of you for a long time to
> come!
>
> --
> 
> daniel.br...@parasane.net || danbr...@php.net
> http://www.parasane.net/ || http://www.pilotpig.net/
> Check out our great hosting and dedicated server deals at
> http://twitter.com/pilotpig
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

I'm not entirely sure what you're expecting here, but I'll take a
stab, I suppose!

We recently switched to 5.3.0 on production machines (a shame, I know)
after some extensive testing in our development and staging
environment deemed the release //stable for our uses//.  Outside of
that, I've one machine that's running latest SVN checkout of the 5.3
branch.

Why is 5.1.6 such a popular release for the mirrors, just the fact
it's the last release in the 5.1 series?

Why is 5.1.6 such a popular release for the PHP mirrors?

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Directory Listing

2009-08-26 Thread Eddie Drapkin 
On Wed, Aug 26, 2009 at 9:45 AM, hack988 hack988 wrote:
> I'm write a php file for you
> =
> define('Line_End', (PHP_OS == 'WINNT')?"\r\n":"\n");
> clearstatcache();
>
> $mylist=array();
> listdir("F:\\Programming\\Web\\php",$mylist);
> function listdir($dir,&$list){
>  if ($handle = opendir( $dir )){
>   while ( false !== ( $item = readdir( $handle ) ) ) {
>     if ( $item != "." && $item != ".." ) {
>           $item=str_replace(Line_End,"",$item);
>       if ( is_dir( $dir.DIRECTORY_SEPARATOR.$item ) ) {
>         listdir($dir.DIRECTORY_SEPARATOR.$item, $list);
>       } else {
>         $list[]=$dir.DIRECTORY_SEPARATOR."\t".$item."\t".date("m/d/Y",
> filemtime($dir.DIRECTORY_SEPARATOR.$item));
>       }
>     }
>   }
>   closedir( $handle );
>  }
> }
> var_dump($mylist);
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Why manually define Line_End when PHP_EOL already exists?

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Case Insensativity in String Comparisons

2009-08-25 Thread Eddie Drapkin 
On Tue, Aug 25, 2009 at 12:48 PM, Ben Miller wrote:
> Is there a simple to way to compare two strings with case insensitivity so
> that the following will return true?
>
> $foo = "Arnold";
> $bar = "arnold";
>
> If($foo == $bar) {
>
> }
>
> Thanks.
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

http://www.php.net/manual/en/function.strcasecmp.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] is there a better way to know from which php file the requestcomes from ??

2009-08-17 Thread Eddie Drapkin 
On Mon, Aug 17, 2009 at 5:31 PM, Shawn McKenzie wrote:
> nashrul wrote:
>> This is a newbie question...
>> Let's say there are 3 php files, page1.php, page2.php and page3.php. Form
>> submission from page1.php or page2.php will take user to page3.php.
>> I know that we can use parameter that is appended in the action attribute of
>> the form (e.g )
>> But I think, appending this parameter is transparent to the user, since it's
>> visible in the url.
>> And I think we can also use the hidden field or (form name ??.).
>> So which one is most secured and better ??
>> Thanks..
>
> I personally don't see a problem with using get or post vars, but to
> keep the user from being able to manipulate it do this.  This could also
> be in a header file included at the top of all pages:
>
> //page1.php and page2.php
> session_start();
> $_SESSION['page'] = $_SERVER['PHP_SELF'];
>
> //page3.php
> session_start();
> $page = $_SESSION['page']
> // use $page somehow . . .
>
> --
> Thanks!
> -Shawn
> http://www.spidean.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

This approach degrades very simply:

1) Say you have four pages, a.php, b.php, c.php and d.php.
2) b expects user to come from a, d from c.
3) I open two tabs, a.php and c.php.
4) $_SESSION['from'] is now c.php
5) I post to b from a, get an error. $_SESSION['from'] is now b.php.
6) I post to d from c and get an error.

Obviously this example is a tad bit contrived, but as long as your
user is browsing your site in more than one tab/window, using that
approach will break often and result in a user experience, so I'd
stick away from it.

As far as relying on cookies, HTTP headers, hidden form fields, etc.
they are all user input, and Lesson 1 in Security 101 that you don't
trust user input.  Ever.  I always assume that the best HTTP blackhats
are after my sites when I write them and make them unnecessarily
overthought, but they're secure.  I even let a few
(black|white|grey)hat friends of mine take a peak at the code, when I
can, to get their input.  If you can think of a way to exploit your
code, so can someone else.  And so will someone else.

Generally speaking, I'm not entirely sure that this is a question that
even needs an answer.  I'm going to have to echo a sentiment from
earlier in the thread that you need to be validating all of your data
anyway, so it shouldn't matter if I POST to page3 from page2 or from
page1 or from a CLI app written with curl/wget.  What should matter is
whether or not the data I'm POST'ing meets the security criteria that
you've dictated (whatever that may be) and gets properly
escaped/filtered before being entered into the database or otherwise
used.  I'd venture so far as to say that if you need to care about
where a form is POST'd from for security, you have a flawed security
model and in all likelihood a very insecure application and some
serious refactoring to do.

I can't imagine a situation where dictating page2 comes from page1 and
page3 comes from page2 is necessary for security at all.  Perhaps I'm
being shortsited and you can provide some examples?

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Byte Code Compiler

2009-08-14 Thread Eddie Drapkin 
On Fri, Aug 14, 2009 at 12:24 PM, Robert Cummings wrote:
> Eddie Drapkin wrote:
>>
>> On Fri, Aug 14, 2009 at 11:58 AM, Robert Cummings
>> wrote:
>>>
>>> Ralph Deffke wrote:
>>>>
>>>> quite a while I'm thinking for what could that be used. also in the
>>>> documentation there are no posts, has anybody ever played arround with
>>>> if?
>>>
>>> There are several: APC, eAccelerator, Zend, PHPAccelerator, and problably
>>> more. I think APC and eAccelerator are the most popular. I use
>>> eAccelerator.
>>>
>>> Cheers,
>>> Rob.
>>> --
>>> http://www.interjinn.com
>>> Application and Templating Framework for PHP
>>>
>>> --
>>> PHP General Mailing List (http://www.php.net/)
>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>
>>>
>>
>> Does eac work with 5.3.0 now?
>
> Release 0.9.6 rc1 does:
>
>    http://eaccelerator.net/wiki/Release-0.9.6-rc1
>
> Cheers,
> Rob.
> --
> http://www.interjinn.com
> Application and Templating Framework for PHP
>

Do you know how stable it is?  APC still occasionally gives me a bus
error with 5.3.0 so it's disabled for now.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Byte Code Compiler

2009-08-14 Thread Eddie Drapkin 
On Fri, Aug 14, 2009 at 11:58 AM, Robert Cummings wrote:
> Ralph Deffke wrote:
>>
>> quite a while I'm thinking for what could that be used. also in the
>> documentation there are no posts, has anybody ever played arround with if?
>
> There are several: APC, eAccelerator, Zend, PHPAccelerator, and problably
> more. I think APC and eAccelerator are the most popular. I use eAccelerator.
>
> Cheers,
> Rob.
> --
> http://www.interjinn.com
> Application and Templating Framework for PHP
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Does eac work with 5.3.0 now?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Problem with memcache - help needed

2009-08-14 Thread Eddie Drapkin 
On Fri, Aug 14, 2009 at 7:14 AM, Jean Michel
Malatray wrote:
> Hello folk!
>
> Currently, we use memcached as caching solution.
>
> We provide a link to 3 servers, a server-2x the Memcache daemon is started
> (2 different ports (depending 4GB)
>
> 192.168.0.1:11211 (4 GB)
>
> 192.168.0.1:11212 (4 GB)
>
> 192.168.0.2:11211 (700 MB)
>
> 192.168.0.3:11211 (700 MB)
>
> -> Php.ini: memcache.hash_strategy consistent = <--
>
> $o_memcache = new Memcache ();
>
> $o_memcache->addServer ([SERVER], [PORT]);
>
> whenever a request comes the "connect" is no longer needed because Memcache
> established the connection automatically.
>
> We also tried $o_memcache=connect([SERVER], [PORT]); - same problem.
>
> About $o_memcache->get([KEY]), we check to see if the KEY is already set
> (KEY = UNIQUE!).
>
> In case of error returns GET "false".
>
> When TRUE, the content of the KEY will be shown - otherwise with
> $o_memcache->set([KEY], [CONTENT], MEMCACHE_COMPRESSED, mktime (date ( "H")
> +6)); will be saved for 6 hours.
>
> You should guess the KEY will be saved for the next 6 hours, but in this
> case, it will not.
>
> After about 2-3 minutes the KEY returns with GET "FALSE" again.
>
> ?
>
> We also tried this:
>
> - Memcache connection with addServer, connect and pconnect
>
> - 1 server as connection, multiple server (like listed above - as pool)
>
> ?
>
> Server stats:
>
> evictions = 0
>
> cur_connections: ~50-100
>
> ?
>
> Server settings:
>
> Apache 2.11
>
> PHP 5.2.8
>
> Memcache-Info by phpinfo();
>
> Active persistent connections 4
>
> Version 2.2.5
>
> Revision $Revision: 1.111 $
>
> memcache.allow_failover 1 1
>
> memcache.chunk_size 8192 8192
>
> memcache.default_port 11211 11211
>
> memcache.default_timeout_ms 1000 1000
>
> memcache.hash_function crc32 crc32
>
> memcache.hash_strategy consistent consistent memcache.max_failover_attempts
> 20 20
>
> ?
>
> Does anybody know this issue or solution(s) to fix this problem?
>
> Thanks for help.
>
> Jean Michel
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

A couple of things,
1) Use PECL/Memcached and not PECL/Memcache.  It's faster, better
maintained, has more features, blah blah blah.
2) Set expects an integer number of seconds to keep it, mktime(date()
+ 6) is going to return an enormous number, which it looks like
memcache doesn't know how to handle.  If you want to save something
for six hours, you need to set() with an integer value of 60*60*6
(seconds in a minute * minutes in an hour * 6 hours).

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Embedding foreach loops

2009-08-11 Thread Eddie Drapkin 
On Tue, Aug 11, 2009 at 3:56 PM, tedd wrote:
> At 12:44 PM -0700 8/11/09, Ben Dunlap wrote:
>>
>> This is probably flame-war tinder, so I'll try to tread more delicately in
>> the future. Next you know we'll be on the ternary operator and which is
>> better, Mac or Windows. ;-)
>>
>> Ben
>
> That was won long ago, it's Mac. :-)
>
> Cheers,
>
> tedd
>
> --
> ---
> http://sperling.com  http://ancientstones.com  http://earthstones.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

If by Mac you mean Linux, you're entirely correct.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] reason for a "Notice:.." on one site but not another? (Same code.)

2009-08-10 Thread Eddie Drapkin 
On Mon, Aug 10, 2009 at 1:07 PM, Martin Scotta wrote:
> Why do you all always use isset?
> Why do you don't use array_key_exists instead? is it a more semantic
> solution?
>
> 
> $key = 'UserWishesDateRange'; # just to make statement shorter
> if( array_key_exists($key, $_POST ) && 'T' == $_POST[$key] )
> {
>    echo ' the key exists... and it is a "T" '';
> }
>
> *isset*: Determine if a variable is set and is not NULL*
> array_key_exists: *Checks if the given key or index exists in the array
>
>
> On Mon, Aug 10, 2009 at 1:42 PM, John Butler
> wrote:
>
>>
  If you switch it around you'll get a notice because the IF evaluates
>>> from left to right.  So you just want to make sure you check isset()
>>> first.
>>>
>>> This would throw a notice:
>>>
>>> if($_POST['UserWishesDateRange']  == 'T' &&
>>> isset($_POST['UserWishesDateRange'])) {
>>>
>>
>> Aha!  That must be what I tried and was still getting the notice!
>>  Interesting that it works (without notice) if we check against the isset ()
>> one first.   It makes if() look more intelligent that I would think... as if
>> it saying, "good now that we've established that the var isset, now is it
>> also equal to '___'., as opposed to just, "is var set, and is var equal to
>> "___'.
>
>
>
>
> --
> Martin Scotta
>

Two reasons:
1. isset() is orders of magnitude faster
2. The theory is, if a variable is null you don't care about it

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP programming strategy

2009-08-09 Thread Eddie Drapkin 
On Sun, Aug 9, 2009 at 6:33 PM, tedd wrote:
> At 1:05 PM +0100 8/9/09, Ashley Sheridan wrote:
>>
>> On Sun, 2009-08-09 at 07:55 -0400, tedd wrote:
>>
>>  > But, as it was said, IE's have problems with first-child rules.
>>>
>>
>> How does IE8 fare with selectors in CSS?
>>
>> Thanks,
>> Ash
>
> tedd = clue--
>
> or
>
> tedd < clue
>
> tedd
>
> --
> ---
> http://sperling.com  http://ancientstones.com  http://earthstones.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

IE8 is the most CSS2 standards compliant browser, if I recall they
submitted 5 or 6 dozen tests to the w3c that they were the only
browser that passed.  As far as selectors go:
http://msdn.microsoft.com/en-us/library/cc351024%28VS.85%29.aspx#selectors
looks to me like they're fully compliant with CSS2.1.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] ZCE Question

2009-08-08 Thread Eddie Drapkin 
On Sat, Aug 8, 2009 at 4:18 PM, Augusto Flavio wrote:
> Has someone an clue about this zce question:
>
> The following is a common XML structure used in service oriented
> architectures, what does it represent?
>
>
> 
> 
>  myMethod
>  
>  
>   HI!
>  
>  
> 
>
>
> Answer...
>    None of the above
>    A fragment of a complete SOAP request
>    XML-RPC
>    REST
>    SOAP
>
>
> i think the answer is: SOAP
>
>
> some idea?
>
>
> thanks
>
> Augusto Morais
>

Looks like XMLRPC to me.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] "PHP 6 and MySQL 5 for Dynamic Web Sites" Book

2009-08-06 Thread Eddie Drapkin 
On Thu, Aug 6, 2009 at 3:22 PM, Ashley Sheridan 
wrote:
> On Thu, 2009-08-06 at 20:16 +0100, Tony Marston wrote:
>> Don't be so pedantic. PHP 6 does not exist in a live, production-ready
>> version. It is still under development and has not even reached the beta
>> stage. Anyone who writes a book which documents the features of PHP 6 is
>> being very premature as those features may change at any moment. The
>> features will not be frozen until the first GA release.
>>
>> --
>> Tony Marston
>> http://www.tonymarston.net
>> http://www.radicore.org
>>
>> "Ashley Sheridan"  wrote in message
>> news:1249585209.2818.0.ca...@localhost...
>> > On Thu, 2009-08-06 at 17:24 +0100, Tony Marston wrote:
>> >> PHP 6 does not exist yet,
>> >
>> > Funny, that's not what the PHP site says:
>> >
>> > http://snaps.php.net/
>> >
>> > Thanks,
>> > Ash
>> > http://www.ashleysheridan.co.uk
>> >
>>
>>
>>
> What I'm trying to say is that writing a book is not premature, as the
> feature list is likely not to change much, if at all. So what makes you
> think it is premature of the authors?
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

I'd be surprised if the feature stays the same at all.  Just take a
look at http://wiki.php.net/summits/pdmnotesmay09 and see what they're
cooking up.  Like I said before, PHP6 isn't feature-complete, and I
don't suspect it's near it either, so it's definitely way premature to
write a book on PHP6 and silly to buy one.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] "PHP 6 and MySQL 5 for Dynamic Web Sites" Book

2009-08-06 Thread Eddie Drapkin 
On Thu, Aug 6, 2009 at 12:24 PM, Tony
Marston wrote:
>
> "Eddie Drapkin"  wrote in message
> news:68de37340908060841x129a9096w6c0907f85614c...@mail.gmail.com...
> 
>>
>> Does no one see the inherent issues in buying a book about a
>> not-feature-complete version of the language?
>
> PHP 6 does not exist yet, and no hosting companies provide it as an option,
> so describing existing versions of PHP as "not-feature-complete" is a bit
> premature.
>
> As the book is simply an update to his original version which was published
> in 2003, and again in 2005, it is about using PHP and MySQL to build a
> dynamic web site, and as such every version is still perfectly valid and
> useful to the novice programmer.
>
> This not a book which is supposed to describe every possible feature within
> the PHP language as it is not necessary to use every possible feature in
> order to build a dynamic website.
>
> --
> Tony Marston
> http://www.tonymarston.net
> http://www.radicore.org
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

I meant that PHP6 was "not feature-complete" in that the "spec" of
PHP6 will change before it's released.  We don't know at this point
what will or will not be included in PHP6 and writing a book about an
incomplete version of the language seems silly.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] "PHP 6 and MySQL 5 for Dynamic Web Sites" Book

2009-08-06 Thread Eddie Drapkin 
On Thu, Aug 6, 2009 at 11:32 AM, tedd wrote:
> At 5:34 PM -0700 8/5/09, sono...@fannullone.us wrote:
>>
>>        Has anyone read this book by Larry Ullman yet?  If so, what do you
>> think about it?  I'm looking for a well-rounded book that covers PHP for
>> e-commerce websites and from what little I've been able to find online, it
>> looks pretty good.  Or would you recommend another book?
>>
>>        I know that no book has all the answers - I just want something in
>> my hands to read.  However, I've bought a few Perl books that were a waste
>> of money, so this time, I thought I'd ask first.
>>
>> Thanks,
>> Frank
>
> I found that all of Larry Ullman books are good.
>
> From a beginners point of view, you might want to buy some of his earlier
> books -- you should get a better price for a used version. That way you can
> work your way up to php 6.
>
> Cheers,
>
> tedd
>
> --
> ---
> http://sperling.com  http://ancientstones.com  http://earthstones.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Does no one see the inherent issues in buying a book about a
not-feature-complete version of the language?

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP programming strategy

2009-08-02 Thread Eddie Drapkin 
On Sun, Aug 2, 2009 at 2:24 PM, Larry Garfield wrote:
> On Saturday 01 August 2009 11:01:11 pm Eddie Drapkin wrote:
>> > I actually benchmarked that once.  I had a reasonably large PHP file that
>> > was, in fact, over 50% docblocks.  That's not even counting inline
>> > comments.  While trying to find things to optimize, removing about 800
>> > lines worth of comments (all of the docblocks) did, in fact, produce a
>> > noticeable performance difference.  It was only barely noticeable, but it
>> > just barely registered as more than random sampling jitter.  I actually
>> > concluded that if cutting the file *in half* was only just barely
>> > noticeable, then it really wasn't worth the effort.
>>
>> Yeah but what happens if you run the script through the tokenizer and
>> strip ALL comments, unnecessary whitespace, newline characters, etc.
>> out?
>
> Honestly?  I think you'll save more CPU time by eliminating one SQL query.
> Most files are not 60% comments.  In a file that is only about 20% comments, I
> doubt you could even measure the difference.  There are far far far more 
> useful
> ways to optimize your code.
>
> (Note that this is different for CSS or Javascript, where compressors like 
> that
> are commonplace because you have to transfer the entire file over the network
> repeatedly, which is a few orders of magnitude slower than system memory.
> Compressors and aggregators there make sense.  PHP code never leaves the
> server, so those benefits don't exist.)
>
> --
> Larry Garfield
> la...@garfieldtech.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Seems the sarcasm / attempted comedy was lost in translation!

--Eddie

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP programming strategy

2009-08-01 Thread Eddie Drapkin 
> I actually benchmarked that once.  I had a reasonably large PHP file that was,
> in fact, over 50% docblocks.  That's not even counting inline comments.  While
> trying to find things to optimize, removing about 800 lines worth of comments
> (all of the docblocks) did, in fact, produce a noticeable performance
> difference.  It was only barely noticeable, but it just barely registered as
> more than random sampling jitter.  I actually concluded that if cutting the
> file *in half* was only just barely noticeable, then it really wasn't worth 
> the
> effort.

Yeah but what happens if you run the script through the tokenizer and
strip ALL comments, unnecessary whitespace, newline characters, etc.
out?

> Larry Garfield
> la...@garfieldtech.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Broken IF behavior? (Changing the branch changes the evaluation)

2009-07-28 Thread Eddie Drapkin 
On Tue, Jul 28, 2009 at 2:48 PM, Matt Neimeyer wrote:
> Background: I'm converting a webapp from Visual FoxPro as a backend to
> MySQL... However one part of our app (a system status checker) is
> common code between the versions.
>
> I've got the following function... In English (in case it's not
> apparent), if the version of the app is 2.0 or higher, then use MySQL
> functions, otherwise use the ODBTP function to connect to VFP.
>
> function my_fetch_array($result)
>        {
>        global $Version;
>        if(version_compare($Version,"2.0",">="))
>                { $Ret = mysql_fetch_array($result); if(!$Ret) { } else { 
> return $Ret; } }
>        else    { $Ret = odbtp_fetch_array($result); if(!$Ret) { } else { 
> return $Ret; } }
>        }
>
> This feels like a hack but works perfectly. Data is returned and all
> is right with the world. Until I added in extra "error reporting".
> When I change the if(!$Ret) portion as such...
>
>        if(!$Ret) { die("myError".mysql_error()); } else { return $Ret; }
>
> It ALWAYS dies... and I see "myError" on the screen... If I change it
> like such...
>
>        if(!$Ret) { } else { echo "notError"; return $Ret; }
>
> I always see the "notError" on the screen and $Ret gets returned.
>
> WHY does adding the die() inside the { } change the way the if is evaluated?
>
> By the way I've tested this on 4.4.x on OSX and Windows, and on 5.2.5
> on Windows...
>
> Thanks
>
> Matt
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

What's the output of var_dump($Ret) right before that if statement?

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] OOP Design Software

2009-07-26 Thread Eddie Drapkin 
On Sun, Jul 26, 2009 at 12:54 PM, Caner BULUT wrote:
>
> Hi Daniel,
>
> You can use Eclipse with plugin PDT or Zend Studio. They can track your
> classes and methods. They can remember your methods and classes also they
> have code completion abilities.
>
> Thanks
> Caner.
>
> -Original Message-
> From: Daniel Kolbo [mailto:kolb0...@umn.edu]
> Sent: 26 July 2009 19:46
> To: PHP General
> Subject: [PHP] OOP Design Software
>
> Hello,
>
> Is there an objected oriented programming software that can help me keep
> track of my methods and properties of my objects.  My memory is not what
> it used to be, and i'd like to have a quick 'overview' or layout of all
> the objects I have to work with.  Maybe the software would even let make
> a process flow chart.  This would really help my design (and save me time).
>
> Thanks,
> dK
> `
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

There's plugins for Eclipse that generate UML, too.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Renaming all variables in a repository

2009-07-23 Thread Eddie Drapkin 
On Thu, Jul 23, 2009 at 1:50 PM, Greg Beaver wrote:
> Eddie Drapkin wrote:
>> Hey all,
>> we've got a repository here at work, with something like 55,000 files
>> in it. For the last few years, we've been naming $variables_like_this
>> and functions_the_same($way_too).  And now we've decided to switch to
>> camelCasing everything and I've been tasked with somehow determining
>> if it's possible to automate this process.  Usually, I'd just use the
>> IDE refactoring functionality, but doing it on a
>> per-method/per-function and a per-variable basis would take weeks, if
>> not longer, not to mention driving everyone insane.
>>
>> I've tried with regular expressions, but I can't make them smart
>> enough to distinguish between builtins and userland code.  I've looked
>> at the tokenizer and it seems to be the right way forward, but that's
>> also a huge project to get that to work.
>>
>> I was wondering if anyone had had any experience doing this and could
>> either point me in the right direction or just down and out tell me
>> how to do it.
>
> Hi Eddie,
>
> That's quite the task :).
>
> You're going to need to scan the source to generate a list of every
> variable and function name using the tokenizer.  Fortunately, this is
> easy - with the caveat that if you do this anywhere in your source:
>
> $a = $this->{$constructed . '_name'}();
>
> you will have to handle these manually.
>
> Basically, run token_get_all() on the source, scanning for T_VARIABLE,
> and record every T_VARIABLE in an array.  Then, scan for:
>
> 1) T_FUNCTION T_WHITESPACE* T_STRING
> 2) T_OBJECT_OPERATOR T_WHITESPACE* T_STRING
>
>  $replace = array();
> foreach (new RegexIterator(new RecursiveIteratorIterator(new
> RecursiveDirectoryIterator('/path/to/src')), '/\.php$/',
> RegexIterator::MATCH, RegexIterator::USE_KEY) as $path => $file) {
> $source = file_get_contents($path);
>
> $checkForID = false;
> $var = false;
> $last = '';
> foreach (token_get_all($source) as $token) {
>    if (!is_array($token)) continue;
>
>    if ($checkForID) {
>        if ($token[0] == T_WHITESPACE) {
>            $last .= $token[1];
>            continue;
>        }
>        if ($token[0] != T_STRING) {
>            $checkForID = false;
>            $last = '';
>            continue;
>        }
>        $token[1] = $last . $token[1];
>    } elseif ($token[0] == T_FUNCTION || $token[0] == T_OBJECT_OPERATOR) {
>        $checkForID = true;
>        $last = $token[1];
>        continue;
>    } elseif ($token[0] == T_STRING) {
>        if (function_exists($token[1])) {
>            continue; // skip internal functions
>        }
>        if (strtolower($token[1]) != $token[1]) {
>            continue; // assuming you UPPER-CASE constants, this skips them
>        }
>    } elseif ($token[0] != T_VARIABLE) {
>        continue;
>    }
>
>    // we get to here if we've found one to process
>    $new = explode('_', $token[1]);
>    $new = array_map('ucfirst', $new);
>    $new[0] = lcfirst($new); // for your camelCasing
>
>    $new = implode('', $new);
>    $replace[] = array($token[1], $new);
> ?>
>
> Next, load each file (you should use RecursiveIteratorIterator with a
> RecursiveDirectoryIterator and some kind of filter, probably
> RegexIterator, to grab the PHP source files), and then iterate over the
> list of variable names somewhat like this:
>
>  foreach (new RegexIterator(new RecursiveIteratorIterator(new
> RecursiveDirectoryIterator('/path/to/src')), '/\.php$/',
> RegexIterator::MATCH, RegexIterator::USE_KEY) as $path => $file) {
>    $source = file_get_contents($path);
>    foreach ($replace as $items) {
>
>        $source = str_replace($items[0], $items[1], $source);
>
>        if ($items[0][0] == '$') {
>            $source = preg_replace('/->(\s*)' . substr($variable, 1) . '/',
>                                   '->\\1'substr($new, 1),
>                                   $source);
>        }
>    }
>    file_put_contents($path, $source);
> }
> ?>
>
> Voila, code refactored.
>
> I trust you know this, but don't run that example code without testing
> it on a limited sandbox and comparing the results first :).  I did not
> test anything except the regexiterator part to make sure that it
> actually grabbed PHP files, the rest is based on my experience
> tokenizing for parsing PHP when writing tools like phpDocumentor.
>
> If I made any mistakes, it would be good for you to post your final
> scripts for posterity back on here.
>
> Greg
>


Thanks so much, man.  I'm using most of your methodology, although
there were definitely some hiccups along the way, but it seems to make
a map of what to replace and what to replace with so far, although the
code is far from pretty. I'll be sure to send it to the list when it's
done.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Renaming all variables in a repository

2009-07-23 Thread Eddie Drapkin 
Hey all,
we've got a repository here at work, with something like 55,000 files
in it. For the last few years, we've been naming $variables_like_this
and functions_the_same($way_too).  And now we've decided to switch to
camelCasing everything and I've been tasked with somehow determining
if it's possible to automate this process.  Usually, I'd just use the
IDE refactoring functionality, but doing it on a
per-method/per-function and a per-variable basis would take weeks, if
not longer, not to mention driving everyone insane.

I've tried with regular expressions, but I can't make them smart
enough to distinguish between builtins and userland code.  I've looked
at the tokenizer and it seems to be the right way forward, but that's
also a huge project to get that to work.

I was wondering if anyone had had any experience doing this and could
either point me in the right direction or just down and out tell me
how to do it.

Thanks so much
--Eddie

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Client Side PHP

2009-07-22 Thread Eddie Drapkin 
On Wed, Jul 22, 2009 at 4:03 PM, Lenin wrote:
> www.phpjs.org

That's hilarious!  Thanks for that laugh =)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Replace in a string with regex

2009-07-22 Thread Eddie Drapkin 
On Wed, Jul 22, 2009 at 11:01 AM, Ashley
Sheridan wrote:
> On Wed, 2009-07-22 at 07:54 -0700, Jim Lucas wrote:
>> rszeus wrote:
>> > Thank you.
>> >
>> > What about instead test i want to insert a variable ?
>> > Like
>> > $id = "30";
>> > $file = "screens/temp/7a45gfdi6icpan1jtb1j99o925_1_main.jpg";
>> > echo preg_replace('#(screens/)temp/(.+?)_1(_main\.jpg)#', '$1$id$3', 
>> > $file);
>>
>> Sure that can be done.  But you will need to change the second argument
>> to have double quotes so it will be parsed by PHP.
>>
>> Then I would surround YOUR variable with curly brackets to separate it
>> from the rest.
>>
>> echo preg_replace('#(screens/)temp/.+?_1(_main\.jpg)#',
>>                   "$1{$id}$3",
>>                   $file);
>>
>> > I am confusing " and '.
>> >
>> > Thank you
>> >
>> >
>> > -Mensagem original-
>> > De: Eddie Drapkin [mailto:oorza...@gmail.com]
>> > Enviada: quarta-feira, 22 de Julho de 2009 14:12
>> > Para: rszeus
>> > Cc: php-general@lists.php.net
>> > Assunto: Re: [PHP] Replace in a string with regex
>> >
>> > On Wed, Jul 22, 2009 at 9:07 AM, rszeus wrote:
>> >> Hi. It Works to remove the _1 but it doesn't replace 
>> >> '7a45gfdi6icpan1jtb1j99o925' for 'test'
>> >>
>> >> Thank you
>> >>
>> >> -Mensagem original-
>> >> De: Eddie Drapkin [mailto:oorza...@gmail.com]
>> >> Enviada: quarta-feira, 22 de Julho de 2009 13:11
>> >> Para: rszeus
>> >> Cc: php-general@lists.php.net
>> >> Assunto: Re: [PHP] Replace in a string with regex
>> >>
>> >> On Wed, Jul 22, 2009 at 8:02 AM, rszeus wrote:
>> >>> Hello,
>> >>>
>> >>> I’m tryng to make some replacements on a string.
>> >>>
>> >>> Everything goês fine until the regular expression.
>> >>>
>> >>>
>> >>>
>> >>> $file = "screens/temp/7a45gfdi6icpan1jtb1j99o925_1_main.jpg";
>> >>>
>> >>> echo $a =  str_replace(array(7a45gfdi6icpan1jtb1j99o925,
>> >>> 'temp/',’_([0-9])’), array(“test”,"",””), $file)
>> >>>
>> >>>
>> >>>
>> >>> The idea is to remove /temp and the last _1 from the file name..but i’m 
>> >>> only
>> >>> getting this:
>> >>>
>> >>> screens/test_1_main.jpg
>> >>>
>> >>>
>> >>>
>> >>> I want it to be: screens/test_main.jpg
>> >>>
>> >>>
>> >>>
>> >>> Thank you
>> >>>
>> >>>
>> >>>
>> >>>
>> >> If you're trying to do a regular expression based search and replace,
>> >> you probably ought to use preg_replace instead of str_replace, as
>> >> str_replace doesn't parse regular expressions.
>> >>
>> >> Try this one out, I think I got what you wanted to do:
>> >>
>> >> > >>
>> >> $file = "screens/temp/7a45gfdi6icpan1jtb1j99o925_1_main.jpg";
>> >>
>> >> echo preg_replace('#(screens/)temp/(.+?)_1(_main\.jpg)#', '$1$2$3', 
>> >> $file);
>> >>
>> >>
>> >
>> > In the second parameter, $2 is the string you'd want to replace to
>> > test so change '$1$2$3' to '$1test$3'.
>> >
>> > It seems like you're having trouble with regular expressions, may I
>> > suggest you read up on them?
>> >
>> > http://www.regular-expressions.info/ is a pretty great free resource,
>> > as ridiculous as the design is.
>> >
>> >
>>
>>
>>
> I tested this, with the double quotes and the curly braces around the
> middle argument (to avoid PHP getting confused) and it didn't recognise
> the matches by the numbered $1, $3, etc. I know I'm not the op who asked
> the original question, but it might help him/her?
>
> Thanks
> Ash
> www.ashleysheridan.co.uk
>
>

To avoid confusion, rather than something like
"$1{$id}$3"
Which looks really indecipherable, I'd definitely think something like
'$1' . $id . '$3'
is a lot easier to read and understand what's going on by immediately
looking at it.

As an added bonus, it'll definitely work ;)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Replace in a string with regex

2009-07-22 Thread Eddie Drapkin 
On Wed, Jul 22, 2009 at 9:07 AM, rszeus wrote:
> Hi. It Works to remove the _1 but it doesn't replace 
> '7a45gfdi6icpan1jtb1j99o925' for 'test'
>
> Thank you
>
> -Mensagem original-
> De: Eddie Drapkin [mailto:oorza...@gmail.com]
> Enviada: quarta-feira, 22 de Julho de 2009 13:11
> Para: rszeus
> Cc: php-general@lists.php.net
> Assunto: Re: [PHP] Replace in a string with regex
>
> On Wed, Jul 22, 2009 at 8:02 AM, rszeus wrote:
>> Hello,
>>
>> I’m tryng to make some replacements on a string.
>>
>> Everything goês fine until the regular expression.
>>
>>
>>
>> $file = "screens/temp/7a45gfdi6icpan1jtb1j99o925_1_main.jpg";
>>
>> echo $a =  str_replace(array(7a45gfdi6icpan1jtb1j99o925,
>> 'temp/',’_([0-9])’), array(“test”,"",””), $file)
>>
>>
>>
>> The idea is to remove /temp and the last _1 from the file name..but i’m only
>> getting this:
>>
>> screens/test_1_main.jpg
>>
>>
>>
>> I want it to be: screens/test_main.jpg
>>
>>
>>
>> Thank you
>>
>>
>>
>>
>
> If you're trying to do a regular expression based search and replace,
> you probably ought to use preg_replace instead of str_replace, as
> str_replace doesn't parse regular expressions.
>
> Try this one out, I think I got what you wanted to do:
>
> 
> $file = "screens/temp/7a45gfdi6icpan1jtb1j99o925_1_main.jpg";
>
> echo preg_replace('#(screens/)temp/(.+?)_1(_main\.jpg)#', '$1$2$3', $file);
>
>

In the second parameter, $2 is the string you'd want to replace to
test so change '$1$2$3' to '$1test$3'.

It seems like you're having trouble with regular expressions, may I
suggest you read up on them?

http://www.regular-expressions.info/ is a pretty great free resource,
as ridiculous as the design is.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Replace in a string with regex

2009-07-22 Thread Eddie Drapkin 
On Wed, Jul 22, 2009 at 8:02 AM, rszeus wrote:
> Hello,
>
> I’m tryng to make some replacements on a string.
>
> Everything goês fine until the regular expression.
>
>
>
> $file = "screens/temp/7a45gfdi6icpan1jtb1j99o925_1_main.jpg";
>
> echo $a =  str_replace(array(7a45gfdi6icpan1jtb1j99o925,
> 'temp/',’_([0-9])’), array(“test”,"",””), $file)
>
>
>
> The idea is to remove /temp and the last _1 from the file name..but i’m only
> getting this:
>
> screens/test_1_main.jpg
>
>
>
> I want it to be: screens/test_main.jpg
>
>
>
> Thank you
>
>
>
>

If you're trying to do a regular expression based search and replace,
you probably ought to use preg_replace instead of str_replace, as
str_replace doesn't parse regular expressions.

Try this one out, I think I got what you wanted to do:

http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] need to get .html files parsed by PHP. -- WAS: why does PHP parse "*.html" files in one subdir/ but not in another?

2009-07-19 Thread Eddie Drapkin 
On Sun, Jul 19, 2009 at 2:53 AM, Ashley
Sheridan wrote:
> On Sat, 2009-07-18 at 23:09 -0600, Govinda wrote:
>> > i never used x-mapp-php5, but most of a forums say it is specific to
>> > 1and1 hosting service. php recommends application/x-httpd-php
>> >
>> > http://us2.php.net/manual/en/install.unix.apache2.php
>> >
>> > try adding AddType application/x-httpd-php .html in your root htaccess
>>
>> hmmm.   Darn!   I just did try what you suggested above.  Still no luck.
>>
>> > if that dosent help you'll have to add that to your htpd.conf file
>>
>> I am guessing that this means that I am outta luck since I am on a
>> shared hosting environment and assume I do not have access to
>> httpd.conf.
>>
>> Agreed?
>>
>> > It sounds like your .htaccess file may be telling .html files in a /
>> > sub/directory/ to treat .html files as .php
>>
>> I'm sorry I misled everyone.  I just looked better at things and .html
>> files are NOT getting their PHP parsed...  *not anywhere*.   So I
>> assume then that it IS an httpd.conf issue.  (?)   ...and only the
>> host admin can turn this on for me?  (Because if it is something I
>> have control over he is going to give me a hard time ;-)
>>
>> -G
>>
> Generally, if a file has a .html extenstion, then it should really just
> contain html. .php extensions are meant for php code containing html.
>
> Thanks
> Ash
> www.ashleysheridan.co.uk
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

File extension has absolutely no bearing at all on the contents of the
file.  There's valid reasons to not expose what's what under the hood,
especially if there happen to be known exploits in the latest version
of PHP that week.  God forbid that that happens, but it does every so
often.  File mime-type being determined by an extension is entirely M$
Windows mentality and doesn't really extend to *nix environments,
where most of us are hosting our sites, anyway.  You could name your
scripts whatever you want, .awesome, .refridgerator, .silver, whatever
and it'd have no bearing on the files themselves.  It's certainly the
de-factor standard that .html files only contain flat markup, but
that's by no means a rule or anything, but it's common practice
(mostly because programmers are lazy).

Sorry if I sound rude, just quit smoking :)
--Eddie

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Scope of Variables and use of global and this->var

2009-07-16 Thread Eddie Drapkin 
On Thu, Jul 16, 2009 at 9:53 AM, Govinda wrote:
>
> On Jul 15, 2009, at 3:28 PM, tedd wrote:
>
>> My way -- every time I open a database, I do so by including the
>> configuration.php file that holds the logon/password et other data to
>> connect with the database. When I'm done with what I want from the database,
>> I close it.
>
> If one does not close it, then what are the consequences?  And do any
> consequences persist, and how?  Or is it just a consideration for a limited
> time?  What limits the risk?
> In case there is a good article about this, I'd love a link..
>
> Thanks!
> -G
>
>> Cheers,
>>
>> tedd
>

If you're not using persistent connections, they'll all get closed
when the script completes.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MySQL Queries in PHP

2009-07-13 Thread Eddie Drapkin 
On Tue, Jul 14, 2009 at 2:29 AM, Tom Chubb wrote:
> Hi List,
> Just wanted to pick your brains please?
> I'm trying to standardise on the way I query databases and move away from
> the Dreamweaver built-in functions (which I know you all hate!) ;)
> I've been on this list for about 5 years now and I don't think I've ever
> heard anyone mention the Pear packages, eg: MDB_QueryTool and wondered if
> there was any reason why not?
> I found some classes on phpclasses and have already started using one of
> them by Henry Chen and there are plenty more.
> I am still using Dreamweaver as the text editor for PHP on a Mac and trying
> to code things manually but building SQL queries are one of the biggest
> problems I come across.
> To be honest, Dreamweaver used to be fine but for me, historically on both
> PC and Mac, after a while it decides that it can connect to the DB but
> cannot see any of the tables which prevent using the wizards which is why
> I'm moving away from it.
> All tutorials on the net are different and I'd like some info on the best
> practices that you guys follow when dealing with MySQL.
> Thanks in advance,
>
> Tom
>
> PS - I'm only dealing with simple queries: show, insert, update, delete,
> etc.
>

I've always enjoyed writing SQL myself, as it is sort of challenging
and interesting to do, so I've always written them by hand.  I'd
recommend learning SQL yourself, as the queries tools generate, in my
experience, are never quite as useful as hand-written, nor as fast.
It's not that difficult to do and if you can't write queries yourself,
whether you do or not, no one is going to take you very seriously as a
web developer.  So, my best suggestion to you is to just buck up and
learn SQL, as useless as that is.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MySql Injection advice

2009-07-13 Thread Eddie Drapkin 
Things I have used prepared statements for:
1. SELECT
2. UPDATE
3. INSERT
4. DELETE
5. Stored procedures

Things I am aware of that prepared statements are not capable of doing:

What have you read that prepared statements can't do?  I've not heard
of anything, nor have I encountered anything, myself.  And given that
I am prone to making errors, I like the fact that my work flow
prevents a mistake I make leading to an unnoticed vulnerability.

On Mon, Jul 13, 2009 at 5:00 PM, Michael A. Peters wrote:
> tedd wrote:
>>
>> At 3:53 PM -0400 7/12/09, Paul M Foster wrote:
>>>
>>> On Sun, Jul 12, 2009 at 09:07:45AM -0400, tedd wrote:
>>>
>>> 
>>>

  As for prepared statements, I'm no authority on them, but from what
  I've read they are not going to be something I'll be practicing
  anytime soon.
>>>
>>> Aside from Stuart's comments about slowness, what else have you read
>>> that makes you discount the use of prepared statements? The PDO class
>>> emphasizes that you're safe from SQL injection exploits, which seems a
>>> big plus.
>>>
>>> Paul
>>
>> Paul:
>>
>> As I said, I'm no authority. However as I have read, prepared statements
>> are for a limited set of instructions in MySQL. They can't be used for
>> everything. Why should I learn one way to do something that isn't universal
>> in the language?
>
> They are useful for select, insert, and update queries, which are the three
> most common types of queries in web applications and are most often used for
> SQL injection.
>
> I personally use the MDB2 database abstration layer. Here's how it's done -
>
> $types = Array('integer','text');
> $q = "SELECT something,else FROM table WHERE id < ? AND type=?"
> $sql = $mdb2->prepare($q,$types,MDB2_PREPARE_RESULT);
>
> $args = Array($someinput,$someotherinput);
> $rs  = $sql->execute($args);
>
> Here's the non prepared way
>
> $sql = "SELECT something,else FROM table WHERE id < $someinput AND
> type='$someotherinput'"
> $rs  = $mdb2->query($sql);
>
> The two are very similar syntax, just a few extra steps required for
> prepared statements - and if the query is performed multiple times with
> different arguments, you can re-use the prepared statement and don't have to
> make it again.
>
> The first has sql injection protection automatically for the two arguments,
> the second requires that you first sanitize the two arguments - which is
> where mysql_real_escape_string comes in - but as soon as you use that mysql
> specific function, your code no longer is as easily portable to other
> databases.
>
> Prepared statements may be a minor performance hit but I suspect if it is
> even noticable, you are at the edge of what your server can handle and
> either need hardware update, infrastructure update (IE dedicated sql servers
> and load balancing), or code optimization that probably will find bigger
> issues than sql prepared statements.
>
> Using a cache (IE APC or memcached) for commonly performed queries makes the
> speed difference between the two only matter when the query isn't cached.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php.ini and cli

2009-07-13 Thread Eddie Drapkin 
On Mon, Jul 13, 2009 at 4:48 AM, Ashley
Sheridan wrote:
> Hi All,
>
> Just a quick question. When I make changes in the php.ini, to take effect, I
> need to restart the Apache (or other web server) service. What happens with
> PHP CLI? Is the php.ini parsed each time the script is called, or is there
> something specific which needs resetting? The machine that the PHP CLI is
> running on is a Windows machine with no web server.
> --
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


The CLI binary reads and parses php.ini on every initialization.

Try something like


And then set error_reporting (in php.ini) to E_ALL and see your
warning, then set it to 0 and see nothing.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] A prepared statements question

2009-07-12 Thread Eddie Drapkin 
>  if (   $link = mysqli_connect($hostname, $username, $password, $database)
>      && $stmt = mysqli_prepare($link, $q)
>      &&         mysqli_stmt_bind_param($stmt, "s", $adminuser)
>      &&         mysqli_stmt_execute($stmt)
>      &&         mysqli_stmt_store_result($stmt))
>  {
>    $count = mysqli_stmt_num_rows($stmt);
>  } else {
>    /* Of course, at this point it would be nice to know which
>       function failed. I don't think there is a neat way to
>       find that out, and checking every function for errors
>       would make the code look much much worse than using the
>       old mysql[i]_query functions. Bleah. */
>  }
>
>
> /Nisse
>

Not to sort of start (another) holy war on this list, but it's ugly
blocks of code like this that pushed me into using PDO.

This, IMO, is so much easier to read:

try {
  $stmt = $pdo->prepare();
  $stmt->bindValue();
  $stmt->execute();
  $stmt->numRows();
} catch (PDOException $p) {
  //do stuff
}

I would much rather try/catch exceptions than clutter up code with
hundreds of if/elseif/else statements.

This is just my opinion, of course :)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc

2009-07-12 Thread Eddie Drapkin 
On Sun, Jul 12, 2009 at 3:05 AM, Lenin wrote:
> On Sun, Jul 12, 2009 at 6:49 AM, Daniel Brown  wrote:
>>
>> > Sorry for TOP posting  This mailing list also don't force us to be
>> > good
>> > :)
>>
>>    FORCE, no.  ENCOURAGE, yes.  Particularly in long threads like
>> this one.  Check the rules.  They're not just there to take up space
>> on the paper.  ;-P
>
> If I reply from my Nokia 6020's wap (as gmail app would hang now due to less
> memory) and I include the receiver's text I cant choose to place it at top
> or bottom. So, that way it would always be top posting.
>
> Also from that wap device you will have REAL difficulty if mails are not TOP
> posted. Because, then you'd have to scroll all the pages by clicking "next
> message">> "next message" blah blah blah.
>
> Of course it is better for reading if mails are written bottom posted or
> inline answered.
>
> Regards
>
> Lenin
>

Two things:
1) I've never head of an email list changing their rules to cater to a
fringe crowd, like Nokia 6020 users.
2) Why does every thread lately degrade into chatter about top/bottom
posting? *looks RIGHT AT D. Brown*

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MySql Injection advice

2009-07-11 Thread Eddie Drapkin 
On Sat, Jul 11, 2009 at 6:39 PM, Haig Dedeyan wrote:
> On July 11, 2009 10:57:14 am Haig Dedeyan wrote:
>> At 10:12 PM -0400 7/10/09, Haig Dedeyan wrote:
>>
>> [1]
>>
>> >$fname = mysql_real_escape_string($fname);
>> >$lname = mysql_real_escape_string($lname);
>> >
>> >$sql = "UPDATE phonedir SET fname = '$fname',lname = '$lname' WHERE
>> > id=$id"; $result = mysql_query($sql);
>> >echo mysql_error() . "\n";
>> >
>> >This will result in the addition of the slashes.
>>
>> [2]
>>
>> >If I do the following, there are no slashes. Just wondering if I'm on the
>> >right path with the 1st code set..
>> >
>> >$sql = "UPDATE phonedir SET fname =
>> >'".mysql_real_escape_string($fname)."',lname =
>> >'".mysql_real_escape_string($lname)."'  WHERE id=$id";
>> >$result = mysql_query($sql);
>> >echo mysql_error() . "\n";
>>
>> Haig:
>>
>> Interesting, I did not know that -- that sounds like a bug to me --
>> both should be the same.
>>
>> However, I commonly do [1] and when I have to display the data to a
>> browser, then I use htmlentities() and stripslashes() before
>> displaying the data. That way names like O'Brian appear correctly --
>> else they appear 0\'Brian.
>>
>> Now maybe I'm doing something wrong, but this way works for me. If
>> there is a better way, I would like to here it.
>>
>> Cheers,
>>
>> tedd
>
>
> Thanks Tedd.
>
> I did more testing and here's what I have found.
>
> @PHPSter - magic quotes are off
>
>
> Just entering simple data where an apostrophe is part of the data.
>
> The following code is entering the slash but that's becuase I am escaping it
> twice since mysql_num_rows is throwing an error if an apostrophe is in its
> search:
>
> 1 -
> $new_fname = mysql_real_escape_string($new_fname);
> $new_lname = mysql_real_escape_string($new_lname);
>
> $result = mysql_query("SELECT * FROM phonedir WHERE fname = '$new_fname' &&
> lname = '$new_lname'");
> $num_rows = mysql_num_rows($result);
>
> if($num_rows > 0)
>
>          {
>                echo $fname." ".$lname." already exists";
>          }
>
> else
>        {
>
> mysql_query("INSERT INTO phonedir
> (fname, lname)
> VALUES('".mysql_real_escape_string($new_fname)."','".mysql_real_escape_string($new_lname)."')")
> or die(mysql_error());
>
>
>
>
>
> 2 - If I do the same code above without the mysql_num_rows and no escaping,
> the data doesn't get entered.
>
> I think this is normal behaviour.
>
>
>
>
>
> 3 - If I do any of the 2 following sets of code where there is 1 instance of
> escaping, the data gets entered with the apostrophe but I don't see any back
> slash entered.
>
> The part that I am concerned about is if I should be seeing the backslash
> entered without having to double escape,
>
>
> $new_fname = mysql_real_escape_string($new_fname);
> $new_lname = mysql_real_escape_string($new_lname);
>
>
> $result = mysql_query("SELECT * FROM phonedir WHERE fname = '$new_fname' &&
> lname = '$new_lname'");
> $num_rows = mysql_num_rows($result);
>
> if($num_rows > 0)
>
>          {
>                echo $fname." ".$lname." already exists";
>          }
>
> else
>        {
>
> mysql_query("INSERT INTO phonedir
> (fname, lname) VALUES('$new_fname','$new_lname')")
> or die(mysql_error());
>
>
>
> or
>
>
> mysql_query("INSERT INTO phonedir
> (fname, lname)
> VALUES('".mysql_real_escape_string($new_fname)."','".mysql_real_escape_string($new_lname)."')")
> or die(mysql_error());
>
>
>

No offense or anything, but all of this work you've done is
immediately mode obsolete the second you switch to prepared
statements.  They're easier to use and more secure, as well as making
code more readable.  I don't understand why it's so hard for them to
catch on among PHP developers when they're so popular in other
languages.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc

2009-07-11 Thread Eddie Drapkin 
On Sat, Jul 11, 2009 at 5:37 PM, tedd wrote:
> At 3:34 AM +0700 7/12/09, Lenin wrote:
>>
>> On Sun, Jul 12, 2009 at 2:56 AM, Eddie Drapkin  wrote:
>>
>>>  On Sat, Jul 11, 2009 at 3:53 PM, Govinda
>>
>>  > wrote:
>>  > > what does "EOT" stand for?
>>>
>>>  > (I realize that string can be anything..  but I am just asking what
>>> EOT
>>
>>  > > means to everyone?
>>  >
>>  > I just use it as "End of Term" because I'm used to "EOF" as "End of
>> File"
>>
>> EOT used to mean  End of Text. reference ASCII-7 notatioin
>
>
> Yes, but in both cases the operator is used at both the beginning AND at the
> end of the heredoc. I normally don't start anything with an "End" term.
>
> That's what I liked about the underscore (_) -- there's no inference that
> it's an acronym.
>
> $whatever = <<<_
> whatever
> _;
>
> However with that said, one could come up with a dual purpose acronym like:
>
> TO  = (TEXT On or TEXT Off)
>
> or if you need three characters.
>
> HDO = (HEREDOC ON or HEREDOC OFF)
>
> I'm sure some clever person could come up with something better.
>
> Cheers,
>
> tedd


When I see something like

$foo = <<http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc

2009-07-11 Thread Eddie Drapkin 
On Sat, Jul 11, 2009 at 3:53 PM, Govinda wrote:
> On Jul 11, 2009, at 11:26 AM, Eddie Drapkin wrote:
>
>> $foo = <<> $bar[hello]
>> EOT;
>
> what does "EOT" stand for?
> (I realize that string can be anything..  but I am just asking what EOT
> means to everyone?


I just use it as "End of Term" because I'm used to "EOF" as "End of File"

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc

2009-07-11 Thread Eddie Drapkin 
On Sat, Jul 11, 2009 at 2:01 PM, Daniel Brown wrote:
> On Sat, Jul 11, 2009 at 13:45, Eddie Drapkin wrote:
>>
>> If that's true, then we've found an error reporting bug! I've never
>> seen an error/warning raised, even with my usual
>> "error_reporting(E_ALL | E_STRICT | E_DEPRACATED)"!  The warning is
>> raised here, though:
>> $foo = $bar[hello];
>>
>> but not here:
>> $foo = "$bar[hello]"
>
>    No, we're crossing subjects here, actually.  The error would be
> raised in something such as the following:
>
> 
> $bar['hello'] = 'World!';
> $bar['world'] = 'Hello,';
>
> $foo = << $bar['world'] $bar['hello']
> EOT;
>
> echo $foo."\n";
> ?>
>

Yeah, that (echo "$bar['hello']") would raise an error the same way as
if you had said:
echo $bar['\'hello\''];
because, as far as my understand goes, the array key "word" inside the
doublequotes/heredoc is literally evaluated, so it'll look for the
literal 'hello' key instead of the literal hello key, if that makes
sense given the lack of formatting on my part.  It looks like, when in
lexing mode inside of doublequotes/heredoc, the lexer stops lexing at
the first ] after a $ and inside the square bracketed "word", it
interprets it as a hash table key, rather than as the literal word,
which would be cast to a string (as an undefined constant) and then
used as a hash table key outside of "lexing mode" (which is probably
not the right way to describe what's going on inside heredoc or
doublequotes).

>    You don't sound like an ass at all (quite the contrary, actually),
> and not changing them certainly isn't the end of the world.

Alright, was just a tad worried ;)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc

2009-07-11 Thread Eddie Drapkin 
On Sat, Jul 11, 2009 at 1:41 PM, Daniel Brown wrote:
> On Sat, Jul 11, 2009 at 13:35, Daniel Brown wrote:
>>
>>    It works fine because you're forcing PHP to cast 'hello' in your
>> array from a simple boolean TRUE to the string equivalent.
>
>    sed "s/string equivalent/literal 'hello' string/g"
>
>    (The way I'd worded it before seemed to me, upon re-reading it,
> like I was implying it would cast the boolean TRUE to the string
> 'TRUE'.)
>
> --
> 
> daniel.br...@parasane.net || danbr...@php.net
> http://www.parasane.net/ || http://www.pilotpig.net/
> Check out our great hosting and dedicated server deals at
> http://twitter.com/pilotpig
>

If that's true, then we've found an error reporting bug! I've never
seen an error/warning raised, even with my usual
"error_reporting(E_ALL | E_STRICT | E_DEPRACATED)"!  The warning is
raised here, though:
$foo = $bar[hello];

but not here:
$foo = "$bar[hello]"

At the risk of sounding like an inane ass, I quote, from php.net/strings:

"With array indices, the closing square bracket (]) marks the end of
the index. The same rules apply to object properties as to simple
variables."

Sorry if I sound like an ass, just trying to defend myself from having
to go change several thousand array items referenced from doublequotes
/ HEREDOC.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc

2009-07-11 Thread Eddie Drapkin 
On Sat, Jul 11, 2009 at 11:03 AM, Daniel Brown wrote:
> On Sat, Jul 11, 2009 at 10:42, Ashley Sheridan 
> wrote:
>>
>> The braces ensure that PHP doesn't stop parsing the variable name once it
>> reaches the [. By default, it will only match a variable name up to the [
>> sign, so you couldn't access arrays without the braces.
>
>    Couldn't have said it better myself.
>
>    As for the braces in the HEREDOC around {$somevar}, while it works
> absolutely fine, it was a typo on my part: I intended to show all
> manner of usage and processing of variables within the HEREDOC syntax.
>  However, in my own code, I generally include all variables between
> {braces} when inside a HEREDOC block.  Sheer preference for
> readability in a large HEREDOC: because I don't normally use curly
> braces around variables, when I see that on the page, I instantly
> recognize that I'm still in the block (if all other clues miraculously
> fail --- and we all know that they sometimes do).
>
> --
> 
> daniel.br...@parasane.net || danbr...@php.net
> http://www.parasane.net/ || http://www.pilotpig.net/
> Check out our great hosting and dedicated server deals at
> http://twitter.com/pilotpig
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Uhm you don't need braces around arrays unless you're using more
than one dimension in the array.

This works perfectly fine for me:

 "goodbye");

$foo = <<

Something this simple should be common knowledge :X but I still agree
with Daniel that you ought to use {} around variables in HEREDOC (or
double-quotes) as it makes your code much more readable.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc

2009-07-10 Thread Eddie Drapkin 
On Fri, Jul 10, 2009 at 8:25 PM, Govinda wrote:
> How do I  get
> basename(__FILE__)
> or
> htmlentities($somevar)
> to be evaluated  in a heredoc?
>
> 
> Govinda
> govinda.webdnat...@gmail.com
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

You actually can't, sorry.  At least not as far as I know.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] HELP SQL INJECTION

2009-07-10 Thread Eddie Drapkin 
On Fri, Jul 10, 2009 at 3:50 PM, Daniel Brown wrote:
> On Fri, Jul 10, 2009 at 15:48, Chris Payne wrote:
>> Hi everyone,
>>
>> My server appears to be the victim of a chinese hack-attack and I
>> believe they managed to change pages via SQL Injection, do any of you
>> have any ideas how to lock down my forms so MySQL cannot be used from
>> my forms?
>
>    First and foremost:
>
>        http://php.net/mysql_real_escape_string
>
> --
> 
> daniel.br...@parasane.net || danbr...@php.net
> http://www.parasane.net/ || http://www.pilotpig.net/
> Check out our great hosting and dedicated server deals at
> http://twitter.com/pilotpig
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

You, sir, are an email list ninja.  Not ten seconds before I hit Send,
Gmail tells me you ninja'd my response!

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Error Trapping

2009-07-10 Thread Eddie Drapkin 
On Fri, Jul 10, 2009 at 11:39 AM, Floyd Resler wrote:
> Eddie,
>        Thanks for the tip.  It suddenly occurred to me what I was doing
> wrong.  I do use an error trap but I was telling my script to stop running
> after the error.  So, now I ignore it and continue through the loop you
> suggested.  I guess it was working exactly the way I had written it!
>
> Thanks!
> Floyd
>
> On Jul 10, 2009, at 11:23 AM, Eddie Drapkin wrote:
>
>> On Fri, Jul 10, 2009 at 10:56 AM, Floyd Resler
>> wrote:
>>>
>>> I'm having a hard time getting my head around this problem.  I have to
>>> connect to a FoxPro database using an ODBC driver.  Sometimes when I
>>> connect
>>> I get an error.  The error doesn't occur all the time and usually another
>>> connect attempt works.  I can trap the error through an error handler.
>>>  However, I use a class to connect to the database.  What I want to do is
>>> to
>>> check for that error and, if it occurs, try to connect again.  Since the
>>> error handler is outside the class, how can I create the object again and
>>> make sure it gets passed back to my script that called it?  I hope that
>>> made
>>> sense!
>>>
>>> Thanks!
>>> Floyd
>>
>> Why is the error outside the class? If you connect with a class, something
>> like:
>>
>> public function __construct() {
>>  $this->handle = false;
>>  while($this->handle === false) {
>>   $this->handle == odbc_connect();
>>  }
>> }
>>
>> ought to work fine.  Alternatively, you could check out PDO, which is
>> supposed to be the next generation of database connections in PHP, and
>> won't create an object without a connection.
>>
>
>

;)

Sometimes all it takes is a fresh look at an old problem!

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Error Trapping

2009-07-10 Thread Eddie Drapkin 
On Fri, Jul 10, 2009 at 10:56 AM, Floyd Resler wrote:
> I'm having a hard time getting my head around this problem.  I have to
> connect to a FoxPro database using an ODBC driver.  Sometimes when I connect
> I get an error.  The error doesn't occur all the time and usually another
> connect attempt works.  I can trap the error through an error handler.
>  However, I use a class to connect to the database.  What I want to do is to
> check for that error and, if it occurs, try to connect again.  Since the
> error handler is outside the class, how can I create the object again and
> make sure it gets passed back to my script that called it?  I hope that made
> sense!
>
> Thanks!
> Floyd

Why is the error outside the class? If you connect with a class, something like:

public function __construct() {
  $this->handle = false;
  while($this->handle === false) {
$this->handle == odbc_connect();
  }
}

ought to work fine.  Alternatively, you could check out PDO, which is
supposed to be the next generation of database connections in PHP, and
won't create an object without a connection.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] HTTP headers and include()

2009-07-09 Thread Eddie Drapkin 
On Fri, Jul 10, 2009 at 1:21 AM, James Colannino wrote:
> Hey everyone,
>
> I've been hard at work on a new web application, and discovered
> something that I would never have seen coming.  I was noticing that when
> I called session_start() after a few lines of includes, I was getting
> complaints because the HTTP headers had already been sent out.  Then,
> after putting session_start() above the include lines, suddenly
> everything was working fine.
>
> The files that were included were nothing more than functions; there was
> no code executing that I could tell up to the point of the call to
> session_start().
>
> I was just wondering if anybody on the list knows why HTTP headers were
> being sent out by my includes.  I'm sure there's a good reason.  I'm
> just very curious :)
>
> Thanks very much in advance.
>
> James
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

HTTP headers are sent and finalized after the first bit of output.   I
had the same problem before and it turned out to be because I had a
close tag "?>" at the end of a file followed by some whitespace.  The
solution was to remove the ?> from the end of all the files and I
haven't closed an entire file since.  Perhaps that might be it?

--Eddie

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Obeying the rules (was Simple login form with cookies)

2009-07-09 Thread Eddie Drapkin 
> I called him "intolerant" because he jumps on issues which other people just
> don't care about.
>
> I called him "small minded" because he concentrates on small issues which
> simply don't matter in the great scheme of things. That sounds like fair
> comment to me It's just like those people who have endless arguments about
> when to use uppercase and when to use lower case. It simply doesn't matter,
> so stop wasting your time in arguing about it.

And it's not just as small minded (I'm not agreeing with you, by the
way) to assume that your point is the only valid point in the
discussion?  Nor is it just as small minded to systematically attack
someone, and the community they take part in, because they have the
audacity to disagree with you?


> Irrelevant. It does not matter how much good work anybody does if they go
> and ruin it by trying to enforce some inconsequential petty rule.

It's obviously not inconsequential, as you're making such a fuss about
it.  If it's so inconsequential, why not bottom post and be done with
it?

>
> The conventions in other newsgroups are different, and I can't be bothered
> to change my habits for different newsgroups just becase some internet Nazi
> says so.
>

Congratulations, rule-abiding denizens of php-general, we're now all
Nazis!  Way to invoke Godwin, by the way, it clearly always wins these
internet argu-debates and doesn't make you look like a loon at all.
I'm going to take this opportunity to jump on the "no more respect"
bandwagon.

> So not only are you dictating how I post, you are also dictating which
> newsreader I should use? How arrogant!

"I don't like your rules, rules that existed before I got here and
will exist after I leave and are agreed on by the community, so I'll
not follow them!" is one of the most arrogant things I've ever seen on
this list.  He was making a suggestion, ffs, and you just want to be
an ass and take everything personally.  You're making an entire
mountain range out of the proverbial molehill.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Obeying the rules (was Simple login form with cookies)

2009-07-09 Thread Eddie Drapkin 
I honestly think this is a case of the subject being broached in a
less-than-super-friendly-with-hugs-and-butterflies way and someone
getting unduly offended about that.  Why not chill out and look at
this objectively?  Mailing lists are historically, as I'm sure you
know, a nearly invaluable research for someone with a problem and a
search engine.  I would bet that there are few people who subscribe to
this list have never found a solution to a problem on a mailing list,
somewhere and somewhen.  I know I personally subscribed to this list
because quite a few questions I had when I was just starting out with
PHP came from here and I wasn't subscribing with a news reader at the
time.

I think you (the OP) is being unnecessarily short-sighted in assuming
that 1, everyone has a news reader and uses it to read this list and
2, the threads are only relevant for the duration of their life.  The
posts here are archived here forever and ever and a rule that suggests
posting on either the top or the bottom of the list keeps it consisten
for future readers.  Breaking that convention because you don't like
it is just being grumpy and stickly for no other reason than you can,
and potentially harming future developers who could find the
information from this list a valuable resource.  I like the escalator
analogy, because either side of the escalator would do to allow people
who want to stand and people who want to walk up to co-exist in
harmony, yet there's a standard.  Luckily for us, this isn't the New
York subway where you get cursed at for standing on the wrong side (I
learned that lesson the wrong way when I moved here!).

In other words, it's not that top posting is empirically and
inherently a worse method than bottom posting, it's that it's a
generally accepted standard that helps ensure the longevity of posts
on this list.  If it was top posting, I'm sure replying would be a lot
easier to most of us, but like a dozen people said in the first
thread, it takes two seconds to move the cursor each time.  Why choose
to be overly ornery about a point so trivial?  It seems like you're
trying to turn this into a "Fight the Power" battle, when the only
power you're fighting are your peers.

--Eddie

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Simple login form with cookies

2009-07-08 Thread Eddie Drapkin 
On Wed, Jul 8, 2009 at 10:44 AM, Andrew Ballard wrote:
> On Wed, Jul 8, 2009 at 9:48 AM, Martin Scotta wrote:
>> $sql = 'SELECT * FROM your-table WHERE username = \''. $username .'\'
>> and passwd = md5( concat( \'' . $username .'\', \'@\', \'' . $password
>> .'\'))';
>>
>> I use this solution because md5 run faster in Mysql
>>
>>
>>
>>
>> --
>> Martin Scotta
>>
>
> If you were running a loop to build a rainbow table or brute-force a
> password, I could see where that would matter. For authenticating a
> single user it seems like premature optimization to me. On my
> development machine, where PHP runs slow inside of the IDE, the
> average time to perform an md5 hash on a text string of 38 characters
> (much longer than most passwords) over 1 iterations is around
> 0.00085 seconds. I can live with that. :-)  I still like handling the
> encryption in PHP and then passing the encrypted value to the database
> for storage/comparison.
>
> Andrew
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

You shouldn't be using md5 or sha1 to hash passwords as both have been
attacked and successfully exploited.  There are other hashing
functions in PHP that you should use.  And FWIW, you WANT hashing to
be slow.  The faster it is, the less complicated the algorithm is
(assuming all implementations are equal), the more easy it is to
break.  And if you're storing hashed passwords as a means of
verification, SALT THEM FOR CHRIST'S SAKE.

//somewhere where you can access it several places, like config.php
define('SALT', '2435kh...@#$@#14asdnaksa10=nsdf'); //random
characters, the longer and more random, the better.  If it was email
compatible, I'd have given a "real" salt read out of /dev/random at
some point, like you should be doing.

//prepare the password
$password = $_POST['password'] . SALT;
$password = hash('sha512', $password); //assume you've validated
$_POST['password']

//query the database to make sure the password is the right one
$stmt = $db->prepare('SELECT password FROM users WHERE user_name=?);
$stmt->bindParam(1, $password);
list($dbPass) = $stmt->fetch();
if($dbPass == $password) {
echo 'success';
} else {
echo 'failure';
}

The reason you salt passwords, especially with binary characters, is
that without knowing what the salt is, it's nearly impossible to
create a rainbow table and run rainbow table attacks on your database.
 It costs nearly nothing to do, in terms of resource usage and any
sort of human comprehensible scheme to store those hashes is easily
broken.  I've seen "{$user}{$randomCharacter}{$password}" used before,
and I'd never recommend something so simple.

--Eddie

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Simple login form with cookies

2009-07-05 Thread Eddie Drapkin 
On Mon, Jul 6, 2009 at 2:01 AM, Jason Carson wrote:
>> On Mon, Jul 6, 2009 at 1:45 AM, Jason Carson wrote:
 Hello everyone,

 I am trying to create a PHP login script using cookies but am having
 some
 troubles. Here is my setup

     index.php -> authenticate.php -> admin.php

 I want a login form on index.php that allows me to login with my
 username
 and password and then passes $_POST['username'] and $_POST['password']
 to
 authenticate.php

 Then authenticate.php authenticates against a database of allowed users
 (Which I already have setup and it works fine), if a valid user has
 entered the correct information then admin.php is loaded...

 header("location:admin.php");

 ...the admin.php code would look something like the following..

 Code: [Select]
 >>> if (isset($_COOKIE['username'])) {
 echo "success!";
 } else {
 echo "Failure";
 }
 ?>

 So basically I think I need to create a cookie from index.php OR
 authenticate.php and then pass the information to admin.php.
 I set the cookie like this...

 setcookie("Admin", $username);

 Which file(index.php OR authenticate.php) do I create the cookie and
 how
 do I access the information in the cookie on admin.php?


 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php


>>> I finally got it working. I needed to setcookie() in login.php. Also,
>>> the
>>> names of the cookies(Using setcookie()) where wrong (The names where
>>> "Admin" when they should have been "adminuser" and "adminpass") Once I
>>> fixed that then the following worked in admin.php...
>>> >> if (isset($_COOKIE['adminuser']) && isset($_COOKIE['adminpass'])) {
>>> echo "Success";
>>> } else {
>>> echo "Failed";
>>> }
>>> ?>
>>>
>>>
>>> --
>>> PHP General Mailing List (http://www.php.net/)
>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>
>>>
>>
>> You're not storing anything usable in the adminpass cookie, are you?
>> It sort of sounds like you're storing a password, or even a passhash,
>> in the cookie and you might want to rethink what that cookie contains
>> to prevent session hijacking.
>>
> Yeah, I am storing an unencrypted password in the cookie. Should I encrypt
> it, if so how, if not what should I do?
>
> I am new to programming and PHP web development so I am not aware of all
> the security problems that can occur.
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

That's an enormous question without an easy, or even a correct answer.
 I'd start by googling around for "session hijacking."  One of the
things that's probably not PC to say, is don't learn to prevent
session hijacking, learn to hijack sessions.  Once you know how to
hijack a session, you can audit your own code and fix the security
holes.

Although the best advice would probably be to find someone else's
session implementation and use that, seeing as there's no real reason
to recreate such a worn-in wheel.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Simple login form with cookies

2009-07-05 Thread Eddie Drapkin 
On Mon, Jul 6, 2009 at 1:45 AM, Jason Carson wrote:
>> Hello everyone,
>>
>> I am trying to create a PHP login script using cookies but am having some
>> troubles. Here is my setup
>>
>>     index.php -> authenticate.php -> admin.php
>>
>> I want a login form on index.php that allows me to login with my username
>> and password and then passes $_POST['username'] and $_POST['password'] to
>> authenticate.php
>>
>> Then authenticate.php authenticates against a database of allowed users
>> (Which I already have setup and it works fine), if a valid user has
>> entered the correct information then admin.php is loaded...
>>
>> header("location:admin.php");
>>
>> ...the admin.php code would look something like the following..
>>
>> Code: [Select]
>> > if (isset($_COOKIE['username'])) {
>> echo "success!";
>> } else {
>> echo "Failure";
>> }
>> ?>
>>
>> So basically I think I need to create a cookie from index.php OR
>> authenticate.php and then pass the information to admin.php.
>> I set the cookie like this...
>>
>> setcookie("Admin", $username);
>>
>> Which file(index.php OR authenticate.php) do I create the cookie and how
>> do I access the information in the cookie on admin.php?
>>
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
> I finally got it working. I needed to setcookie() in login.php. Also, the
> names of the cookies(Using setcookie()) where wrong (The names where
> "Admin" when they should have been "adminuser" and "adminpass") Once I
> fixed that then the following worked in admin.php...
>  if (isset($_COOKIE['adminuser']) && isset($_COOKIE['adminpass'])) {
> echo "Success";
> } else {
> echo "Failed";
> }
> ?>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

You're not storing anything usable in the adminpass cookie, are you?
It sort of sounds like you're storing a password, or even a passhash,
in the cookie and you might want to rethink what that cookie contains
to prevent session hijacking.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Epiphany - a salute to APC

2009-07-05 Thread Eddie Drapkin 
> -=- (from other discussion)
> Interesting that facebook uses both. The fedora maintainer for the apc rpm
> listed it as conflicting with memcache. If you can use both, that's a fedora
> packaging but that should be fixed.

I've never seen, nor heard of, a full scale caching implementation
that doesn't use both.  Digg uses both, too.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Epiphany - a salute to APC

2009-07-04 Thread Eddie Drapkin 
On Sun, Jul 5, 2009 at 2:43 AM, Paul Scott wrote:
> Eddie Drapkin wrote:
>> if you want a pure opcode cache, APC is a great choice.
>>
>>> you think this is similar to http://www.danga.com/memcached/ or you think
>>> this method would be faster ? Which do you say would be the greatest
>>> benfit ?
>>>
> A simple rule of thumb that I use is:
>
> If you have one machine and medium to large traffic loads, go APC
> If you have more machines for caching servers (dedicated) and large to
> holy mofo loads, then go MemcacheD
>
> This ALL assumes that you have followed a logical scalability plan and
> have separate DB servers, app servers and possibly even using a CDN or
> something beforehand.
>
> -- Paul
>
> http://www.paulscott.za.net/
> http://twitter.com/paulscott56
> http://avoir.uwc.ac.za
>

There are several problems with using APC instead of memcached, even
on a single machine:
1) APC is tied to the wbserver.  This brings up a lot of (not so)
obvious problems.  The processing is handled by the webserver, instead
of a dedicated process.  This can mean that a CPU intensive APC
operation ties up the webserver, which results in less concurrency for
your site, while just waiting to hear back from memcached means idle
webserver process, which allows for greater concurrency.

2) APC is designed to be an opcode, first and foremost.  And while it
may perform as well, or better, on infrequently modified data,
memcached is designed and optimized internally to map memory chunks
and utilize best memory management practices, which mean data that
changes frequently is better stored in memcached.  There's a slideshow
somewhere about facebook's internal caching, and they store things
like school names / info in APC, because fetching it is a tad faster
(especially localhost v. network), but the constant rewiring of
webserver memory is a bad idea, so they store data that changes often
(like status updates) in memcached.

3) memcached has a much richer, better API.  Things like CAS can solve
race conditions, while APC cannot.  There's also increment/decrement,
replace, etc. etc.

4) APC shares its memory between storage and opcodes, afaik.  So, you
fill up APC too much and you start to lose your cached opcodes?  I'd
rather not.

5) APC, once again, is tied to the webserver, so a webserver restart
means you either have to a) prime your cache or b) let your database
be hammered while you "live prime" the cache.  Neither of these are
particularly pleasant, as cache priming is a very difficult task,
while allowing direct read access to the database on all pageloads is
usually a problem when you have to have a key-val cache system in
place.

Long story short, if you're using some sort of RAM based cache to
store heavy data, use memcached, while light data (configuration
values read from a text file, maybe) are fine in APC.

--Eddie

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Epiphany - a salute to APC

2009-07-04 Thread Eddie Drapkin 
if you want a pure opcode cache, APC is a great choice.

APC should //not// be used for persistent RAM storage.  Memcached is
much faster and designed for that aim, while not being tied to the
webserver.

On Sun, Jul 5, 2009 at 2:10 AM, Brandon Johnson wrote:
> you think this is similar to http://www.danga.com/memcached/ or you think
> this method would be faster ? Which do you say would be the greatest
> benfit ?
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Scope woe

2009-06-30 Thread Eddie Drapkin 
> You are correct as there was no metaphor in here at all!  This, "It
> helps to think of classes like cars on a highway", is almost a simile,
> but on the whole I would probably say that you were using an analogy :-)
>

HEIL SPELLCHECK!

I bow to my grammar nazi superior *bow*

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] exasperated again - shot in the foot

2009-06-30 Thread Eddie Drapkin 
On Tue, Jun 30, 2009 at 4:50 PM, Bastien Koert wrote:
> On Tue, Jun 30, 2009 at 4:48 PM, PJ wrote:
>> PJ wrote:
>>> Could somebody please explain to me what is wrong with this code?
>>> In my script it works, returns the correct id, but when I try it in a
>>> test pages, nothing in the world gets it to work. This is rather
>>> frustrating, again:
>>> THIS WORKS IN ANOTHER PAGE; IN THE TEST PAGE ID DOES NOT.
>>> $sql = "SELECT id FROM publishers
>>>         WHERE publisher = 'whoever'";
>>>       $result = mysql_query($sql,$db);
>>>         $row = mysql_fetch_assoc($result);
>>>           if (mysql_num_rows($result) !== 0) {
>>>           $pub = $row['id'];
>>> Syntax is ok, echo "hello"; works.
>>>
>>>
>>> This works in the test page:
>>> $aid = array();
>>> $ord = array();
>>> $sql = "SELECT authID, ordinal
>>>         FROM book_author WHERE bookid = 624 ORDER BY ordinal ASC";
>>>         $result = mysql_query($sql, $db);
>>>             //$row = mysql_fetch_assoc($result);
>>>             while ( $row = mysql_fetch_assoc($result) ) {
>>>             $aid[]=$row['authID'];
>>>             $ord[]=$row['ordinal'];
>>>             }
>>>             var_dump($aid);
>>>             echo "";
>>>             var_dump($ord);
>>>             echo $aid[0], " - ";
>>>             echo $ord[0];
>>>
>>> This does not:
>>> $fi="joe"; $la="joe";
>>> $sql = "SELECT id FROM author
>>>         WHERE first_name = '$fi' && last_name = '$la'";
>>>     $result = msql_query($sql, $db);
>>>         $row = mysql_fetch_assoc($result);
>>>         $count=mysql_num_rows($result);
>>>     echo $count;
>>>           if (mysql_num_rows($result) > 0) {
>>>           $a_id=$row['id'];
>>>           }
>>>           echo $a_id, "";
>>> The test page prints out echo "some text"; but no results when the
>>> results are there
>>> Tell me I have missed something simple here, or is this normal for php ?
>>> I have checked the queries on Mysql command line and they are fine.
>>> I have verified the syntax and Netbeans tells me it is fine.
>>> Same results Firefox3 (2 machines) & IE 8.
>>> What is not fine?
>>>
>>>
>> Damn, it's frustrating to find that there is a difference between msql
>> and mysql... ouch, the foot hurts now!
>>
>> --
>> Hervé Kempf: "Pour sauver la planète, sortez du capitalisme."
>> -
>> Phil Jourdan --- p...@ptahhotep.com
>>   http://www.ptahhotep.com
>>   http://www.chiccantine.com/andypantry.php
>>
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>
> Blame the native, libraries that is
>
> --
>
> Bastien
>
> Cat, the other other white meat
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Take it as a sign you shouldn't be using mysql_ at all :)

Use the OOP interface to mysqli or PDO and these problems don't happen

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Scope woe

2009-06-30 Thread Eddie Drapkin 
On Tue, Jun 30, 2009 at 12:37 PM, Paul M Foster wrote:
> On Tue, Jun 30, 2009 at 11:17:17AM -0400, Eddie Drapkin wrote:
>
> 
>
>>
>> I wouldn't really recommend going with a singleton in this situation,
>> as there exists a different solution (my other post :P) and there are
>> very few actual use-cases where the pattern makes sense, and deploying
>> it unnecessarily can cause a whole lot of headache D:
>>
>
> I disagree. A singleton is quite a good solution, particularly when you
> only want one instance of an object. You can also create a "registry"
> class which contains instances of objects which might be useful to other
> classes.
>
> Why would a singleton lead to headaches?
>
> Paul
> --
> Paul M. Foster
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

If you only want one instance of a class at any point, that's the
whole purpose of the pattern, so how could I argue against that?  All
I said was it's really rare that there's a justifiable reason (and in
the above example, it's simply to compensate for not wanting to handle
it elsewhere i.e. laziness) to actually use the pattern.  A lot of the
times you see singletons in use, it's for ease of use, not
functionality; database layers, for example, have no necessity of
being singletons and it's restrictive to do so, yet it's done all the
time.  For a generic question like this, suggesting a single design
pattern as the solution is a bad idea, as someone who doesn't know
better will assume it's the only solution, thus leading to those
headaches of dealing with a misapplied paradigm to a particular
situation.

As far as the registry class paradigm goes, it's occasionally useful,
as is the singleton pattern, but it's not a solution I'd necessarily
recommend because of the overhead implications, especially not in such
a simple situation as storing an instance in a static variable.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Scope woe

2009-06-30 Thread Eddie Drapkin 
On Tue, Jun 30, 2009 at 11:12 AM, Peter Ford wrote:
> Luke wrote:
>>>
>> Thanks for the replies :)
>>
>> Surely if I pass it as a parameter to the __construct then I would have to
>> make an instance of the otherObject, notice that messwithotherthings is
>> static?
>>
>> Also, if I'm not using OOP properly, Eddie, how would I use it properly to
>> prevent this situation?
>>
>> Thanks,
>>
>
> Hmmm, I didn't notice the method was static - that means my idea really won't
> work...
>
> I did have a bad feeling about this, and Eddie confirmed my unease with the
> point about OOP.
>
> Really, you should need your $firstobject to be a singleton:
> eg.
>
> class FirstObject
> {
>    private static $theInstance = NULL;
>
>    public $propertyContainingObject;
>
>    protected function __construct()
>    {
>        // whatever
>    }
>
>    public static function getInstance()
>    {
>        if (!self::$theInstance)
>        {
>            self::$theInstance = new FirstObject();
>        }
>        return self::$theInstance;
>    }
>
>    // ... other methods ...
> }
>
>
> So then:
>
> class OtherObject
> {
>    static function messWithOtherThings()
>    {
>        $firstObject = FirstObject::getInstance();
>        $firstObject->propertyContainingObject->methodInsideThatObject();
>    }
> }
>
>
>
> I think that works, and is reasonable to the OOP purists...
>
>
> --
> Peter Ford                              phone: 01580 89
> Developer                               fax:   01580 893399
> Justcroft International Ltd., Staplehurst, Kent
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

I wouldn't really recommend going with a singleton in this situation,
as there exists a different solution (my other post :P) and there are
very few actual use-cases where the pattern makes sense, and deploying
it unnecessarily can cause a whole lot of headache D:

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Scope woe

2009-06-30 Thread Eddie Drapkin 
On Tue, Jun 30, 2009 at 10:44 AM, Luke wrote:
>
>
> 2009/6/30 Eddie Drapkin 
>>
>> It should be passed into the constructor as a parameter.  If you're
>> using OOP properly, there's no reason to use $GLOBALS, ever.  Any
>> variable in the $GLOBALS array exists twice in memory, so just keep
>> that in mind, if you plan to use it.
>>
>> On Tue, Jun 30, 2009 at 8:43 AM, Peter Ford wrote:
>> > Luke wrote:
>> >> Hello again guys,
>> >>
>> >> I was wondering the best way to tackle the following problem:
>> >>
>> >> I've got a class, containing a property which is another object. So
>> >> from
>> >> outside I should be able to do
>> >> $firstobject->propertycontainingobject->methodinsidethatobject();
>> >>
>> >> The $firstobject variable is in the global namespace (having been made
>> >> with
>> >> $firstobject = new FirstObject;), and I'm having a problem that I'm
>> >> sure
>> >> many people have when accessing it inside another class, so:
>> >>
>> >> class otherObject
>> >> {
>> >> static function messwithotherthings ()
>> >> {
>> >> $firstobject->propertycontainingobject->methodinsidethatobject();
>> >> }
>> >> }
>> >>
>> >> But $firstobject is blank, which makes sense because in there it is
>> >> pointing
>> >> to the local variable within the method.
>> >>
>> >> To solve this, I could add 'global $firstobject' inside every method,
>> >> but
>> >> this is very redundant and boring. I've tried a couple of things like
>> >> adding:
>> >>
>> >> private $firstobject = $GLOBALS['firstobject'];
>> >>
>> >> But apparently that's bad syntax. I was just wondering the best way to
>> >> get
>> >> around this?
>> >>
>> >> Thanks a lot for your help,
>> >>
>> >
>> >
>> > Set the value of $firstobject in the constructor of otherObject (that's
>> > what
>> > constructors are for!):
>> >
>> > eg.
>> >
>> > class otherObject
>> > {
>> >    private $firstobject;
>> >
>> >    function __construct()
>> >    {
>> >        $this->firstobject = $GLOBALS['firstobject'];
>> >    }
>> >
>> >    static function messwithotherthings ()
>> >    {
>> >
>> >  $this->firstobject->propertycontainingobject->methodinsidethatobject();
>> >    }
>> > }
>> >
>> >
>> > --
>> > Peter Ford                              phone: 01580 89
>> > Developer                               fax:   01580 893399
>> > Justcroft International Ltd., Staplehurst, Kent
>> >
>> > --
>> > PHP General Mailing List (http://www.php.net/)
>> > To unsubscribe, visit: http://www.php.net/unsub.php
>> >
>> >
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>
> Thanks for the replies :)
>
> Surely if I pass it as a parameter to the __construct then I would have to
> make an instance of the otherObject, notice that messwithotherthings is
> static?
>
> Also, if I'm not using OOP properly, Eddie, how would I use it properly to
> prevent this situation?
>
> Thanks,
>
> --
> Luke Slater
> :O)
>
>

Well all you'd really need to do is something like this (for an instance class):

class ExampleClassYay {
private $instance;

public function __construct(someOtherClass $instance) {
$this->instance = $instance;
}

public function foo() {
var_dumP($this->instance);
}

}

So, all you'd have to do is something like:
$foo = new someOtherClass();
$example = new ExampleClassYay($foo);
$example->foo();

Whereas, for a static class, you can use a static property accessed
via self::$property instead of $this->property, like so:

Well all you'd really need to do is something like this:


class StaticExampleClassYay {
private static $instance;

static public function setInstance(someOtherClass $instance) {
self::$instance = $instance;
}

static public function foo() {
var_d

Re: [PHP] Re: Scope woe

2009-06-30 Thread Eddie Drapkin 
It should be passed into the constructor as a parameter.  If you're
using OOP properly, there's no reason to use $GLOBALS, ever.  Any
variable in the $GLOBALS array exists twice in memory, so just keep
that in mind, if you plan to use it.

On Tue, Jun 30, 2009 at 8:43 AM, Peter Ford wrote:
> Luke wrote:
>> Hello again guys,
>>
>> I was wondering the best way to tackle the following problem:
>>
>> I've got a class, containing a property which is another object. So from
>> outside I should be able to do
>> $firstobject->propertycontainingobject->methodinsidethatobject();
>>
>> The $firstobject variable is in the global namespace (having been made with
>> $firstobject = new FirstObject;), and I'm having a problem that I'm sure
>> many people have when accessing it inside another class, so:
>>
>> class otherObject
>> {
>> static function messwithotherthings ()
>> {
>> $firstobject->propertycontainingobject->methodinsidethatobject();
>> }
>> }
>>
>> But $firstobject is blank, which makes sense because in there it is pointing
>> to the local variable within the method.
>>
>> To solve this, I could add 'global $firstobject' inside every method, but
>> this is very redundant and boring. I've tried a couple of things like
>> adding:
>>
>> private $firstobject = $GLOBALS['firstobject'];
>>
>> But apparently that's bad syntax. I was just wondering the best way to get
>> around this?
>>
>> Thanks a lot for your help,
>>
>
>
> Set the value of $firstobject in the constructor of otherObject (that's what
> constructors are for!):
>
> eg.
>
> class otherObject
> {
>    private $firstobject;
>
>    function __construct()
>    {
>        $this->firstobject = $GLOBALS['firstobject'];
>    }
>
>    static function messwithotherthings ()
>    {
>        $this->firstobject->propertycontainingobject->methodinsidethatobject();
>    }
> }
>
>
> --
> Peter Ford                              phone: 01580 89
> Developer                               fax:   01580 893399
> Justcroft International Ltd., Staplehurst, Kent
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

  1   2   >