Re: [PHP] Information on Cookies
On Oct 15, 2008, at 1:21 PM, Yeti wrote: You encrypt stuff with a string that you keep secret. That string is needed to decrypt the string. I recommend you change that string once in a while. Also, picking up a copy of: Essential PHP Security by Chris Shiflett # ISBN-10: 059600656X # ISBN-13: 978-0596006563 might be worthwhile as well for more general information on security related issues. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Calculation assistance.. :)
I believe what you are looking is: http://us2.php.net/manual/en/function.pow.php number pow ( number $base , number $exp ) Returns base raised to the power of exp On Sep 19, 2008, at 3:34 PM, Stephen Johnson wrote: OK.. Math is NOT my forte ... I am converting a site from ASP to PHP ... And this calc is in the ASP Code : $nMonthlyInterest = $nRate / (12 * 100) //' Calculate monthly payment $nPayment = $nPrincipal * ( $nMonthlyInterest / (1 - (1 + $nMonthlyInterest) ^ -$iMonths)) Which then gives me in PHP 0.00104167 = 1.25 / (12 * 100); -2.170138889 = 25000 * ( 0.00104167 / (1 - (1 + 0.00104167) ^ -12)) :: ^ is the problem ... The solution SHOULD be 2,097.47 ... Not –2.17 Would be willing to help correct this and make it valid in PHP? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Calculation assistance.. :)
You originally had: $nPrincipal * ( $nMonthlyInterest / (1 - (1 + $nMonthlyInterest) ^ - $iMonths)) which, translate to in PHP $nPrincipal * ( $nMonthlyInterest / (1 - pow( ( 1 + $nMonthlyInterest ), -$iMonths ) ) ) On Sep 19, 2008, at 3:48 PM, Stephen Johnson wrote: Right ... But that is producing even funkier results... doing pow( (1-(1+$nMonthlyInterest)) , ($iMonths*-1) ) ; Gives me : 4.2502451372964E-35 = 25000 * (0.00104167 / 6.1270975733019E +35); From: Eric Gorr [EMAIL PROTECTED] I believe what you are looking is: http://us2.php.net/manual/en/function.pow.php number pow ( number $base , number $exp ) Returns base raised to the power of exp On Sep 19, 2008, at 3:34 PM, Stephen Johnson wrote: OK.. Math is NOT my forte ... I am converting a site from ASP to PHP ... And this calc is in the ASP Code : $nMonthlyInterest = $nRate / (12 * 100) //' Calculate monthly payment $nPayment = $nPrincipal * ( $nMonthlyInterest / (1 - (1 + $nMonthlyInterest) ^ -$iMonths)) Which then gives me in PHP 0.00104167 = 1.25 / (12 * 100); -2.170138889 = 25000 * ( 0.00104167 / (1 - (1 + 0.00104167) ^ -12)) :: ^ is the problem ... The solution SHOULD be 2,097.47 ... Not –2.17 Would be willing to help correct this and make it valid in PHP? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Error message
On Sep 18, 2008, at 5:52 PM, Terry J Daichendt wrote: I'm pasting this code from the example at php.net and getting these errors. Can anyone determine what I'm doing wrong? ?php // page1.php session_start(); echo 'Welcome to page #1'; $_SESSION['favcolor'] = 'green'; $_SESSION['animal'] = 'cat'; $_SESSION['time'] = time(); // Works if session cookie was accepted echo 'br /a href=page2.phppage 2/a'; // Or maybe pass along the session id, if needed echo 'br /a href=page2.php?' . SID . 'page 2/a'; ? Well, this is weird. When I copied your text and tried it myself, the error I got was: Parse error: syntax error, unexpected T_STRING in /Users/ericgorr/ Sites/page1.php on line 9 Now, of course, there is nothing visibly wrong with line 9 ($_SESSION['animal'] = 'cat';). But, when I had my text editor show invisible characters, there were some on that line and line 10. Do you have a text editor that can show invisible characters? On the Mac, the one I really like (and is free) is TextWrangler (http://www.barebones.com/products/textwrangler/ ) and has this capability. This may be part of your problem. Once I got rid of the invisible characters, the example worked without any problems. Also, are you certain there are no spaces or anything (even invisible characters) before ?php? Whenever I've gotten a similar error in the past, that was nearly always the problem. You are welcome to compress the text file and send it to me directly so I can see exactly what it contains. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Making array to string
On Sep 17, 2008, at 8:54 AM, Hunt Jon wrote:
Hi, I'm new to PHP. I have an array that I would like to convert
into a string.
For example, I have
array(
0 = Good morning,
1 = Good afternoon,
2 = Good evening,
3 = Good night
);
Now I would like to convert the array to something like:
Good morning Good afternoon Good evening Good night.
The result has concatanation of each value, but has one space
between it.
If possible, I would like to insert something like \n instead of
space.
I've been looking into various array functions, but I have no clue
where to start.
Of course, implode is the best option, but this can be accomplished in
other ways as well. Since you were unaware of basic array processing
and string techniques, I thought I would mention that it can be done
with a 'for' loop...
$asString = ;
$nItems = count( $myArray );
for ( $x = 0; $x $nItems - 1; $x++ ) {
$asString .= $myArray[ $x ];
$asString .= ;
}
$asString .= $myArray[ $nItems - 1 ];
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Making array to string
On Sep 17, 2008, at 10:54 AM, Nathan Rixham wrote:
Eric Gorr wrote:
On Sep 17, 2008, at 8:54 AM, Hunt Jon wrote:
Hi, I'm new to PHP. I have an array that I would like to convert
into a string.
For example, I have
array(
0 = Good morning,
1 = Good afternoon,
2 = Good evening,
3 = Good night
);
Now I would like to convert the array to something like:
Good morning Good afternoon Good evening Good night.
The result has concatanation of each value, but has one space
between it.
If possible, I would like to insert something like \n instead of
space.
I've been looking into various array functions, but I have no clue
where to start.
Of course, implode is the best option, but this can be accomplished
in other ways as well. Since you were unaware of basic array
processing and string techniques, I thought I would mention that it
can be done with a 'for' loop...
$asString = ;
$nItems = count( $myArray );
for ( $x = 0; $x $nItems - 1; $x++ ) {
$asString .= $myArray[ $x ];
$asString .= ;
}
$asString .= $myArray[ $nItems - 1 ];
there's foreach too..
$asString = '';
foreach( $myArray as $index = $value ) {
$asString .= $value . ' ';
}
BUT implode is the way to do it in this scenario :)
That foreach doesn't quite work as requested...there will be an extra
space at the end of the string.
Of course, processing the $asString with rtrim will get rid of it.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] switch case - to require the break statements seems strange to me
On Sep 12, 2008, at 5:13 PM, Robert Cummings wrote: On Fri, 2008-09-12 at 16:51 -0400, Eric Gorr wrote: On Sep 12, 2008, at 4:27 PM, Robert Cummings wrote: On Fri, 2008-09-12 at 16:11 -0400, Eric Gorr wrote: On Sep 12, 2008, at 3:44 PM, Robert Cummings wrote: I don't see how that in any way makes an argument for or against. Once still must spend client's money wasting time on code that has questionable merit. Yes, some debugging code is a great boon in any application, but littered everywhere to fulfill someone's subjective philosophical ideal when sometimes it's just plain unnecessary... wasteful IMHO. As far as I know, no one has yet come up with a proof showing when debugging code is and/or is not necessary. The simple fact is that bugs can popup anywhere and spending a client's time and money by spending a few minutes writing all of the simple test cases throughout an application can be well worth it as it can save far more of the client's time and money by not wasting it on tracking down bugs that could have been easily caught. It is impractical to include debugging code for every conditional in a program. I have yet to see any evidence that it is impractical, especially after one has gotten into the habit. After all, for switch statements, adding in a default case takes mere seconds. Yes but if you do for case, you SHOULD do for if/else if/else which is an analagous approach. Doubly impractical to do so in PHP unless you have some way to prevent said debugging code from running in production. It isn't hard to prevent a code path from running in a production environment and allowing it to run in a development environment. Just one example, in PHP, would be globally defining something like PRODUCTION and then testing to see if it has a value of 1 or 0 and then writing an if statement to test the value before executing some code. There you go... you just ran a useless branch. Replacing one code path with another is hardly an optimial solution. What if your case statement is in a tight loop that runs a million times? How could that possibly matter since the code is never supposed to be executed to begin with and if it is executed it would immediately imply there is a bug? Furthermore, the whole point of these test cases is for those parts of the code which are never supposed to be executed to begin with, so that alone will aid in preventing said debugging code from executing in production...and if said debugging code does run in production, would that be such a bad thing (assuming it doesn't interfere with the user)? After all, because it (like the default switch case) was executed, it immediately implies there was a problem... If they're never supposed ot be executed then why are you adding extra code? That sounds like a need for better logic skills, not a need for debugging code. Because, it is never supposed to be ... not never will be. Bug's cause all kind of things to happen...including code paths that aren't supposed to happen. I doubt any client would believe it a good thing that a bug that should have been caught in development wasn't caught until production because mere minutes weren't spent putting in debug code that would have caught these bugs. Maybe you're confusing debugging code with unit tests. As I said earlier, it is far more practical to do so for complex conditions where a reader might easily get lost. Rather useless for simplistic cases. Until one finds it has saved hours because a problem was caught, I can understand why some would think that it is rather useless. I've spent hours on bugs before, they were never once related to not having put debugging fluff into a simple set of case statements. They were almost always related to lack of comments in a complex or hackish chunk of code. Great. I hope that continues. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] switch case - to require the break statements seems strange to me
On Sep 13, 2008, at 12:12 PM, Robert Cummings wrote: On Sat, 2008-09-13 at 10:09 -0400, Eric Gorr wrote: On Sep 12, 2008, at 5:13 PM, Robert Cummings wrote: On Fri, 2008-09-12 at 16:51 -0400, Eric Gorr wrote: On Sep 12, 2008, at 4:27 PM, Robert Cummings wrote: On Fri, 2008-09-12 at 16:11 -0400, Eric Gorr wrote: On Sep 12, 2008, at 3:44 PM, Robert Cummings wrote: I don't see how that in any way makes an argument for or against. Once still must spend client's money wasting time on code that has questionable merit. Yes, some debugging code is a great boon in any application, but littered everywhere to fulfill someone's subjective philosophical ideal when sometimes it's just plain unnecessary... wasteful IMHO. As far as I know, no one has yet come up with a proof showing when debugging code is and/or is not necessary. The simple fact is that bugs can popup anywhere and spending a client's time and money by spending a few minutes writing all of the simple test cases throughout an application can be well worth it as it can save far more of the client's time and money by not wasting it on tracking down bugs that could have been easily caught. It is impractical to include debugging code for every conditional in a program. I have yet to see any evidence that it is impractical, especially after one has gotten into the habit. After all, for switch statements, adding in a default case takes mere seconds. Yes but if you do for case, you SHOULD do for if/else if/else which is an analagous approach. Doubly impractical to do so in PHP unless you have some way to prevent said debugging code from running in production. It isn't hard to prevent a code path from running in a production environment and allowing it to run in a development environment. Just one example, in PHP, would be globally defining something like PRODUCTION and then testing to see if it has a value of 1 or 0 and then writing an if statement to test the value before executing some code. There you go... you just ran a useless branch. Replacing one code path with another is hardly an optimial solution. What if your case statement is in a tight loop that runs a million times? How could that possibly matter since the code is never supposed to be executed to begin with and if it is executed it would immediately imply there is a bug? This discussion started because you said put a default statement in for debugging purposes rather than leave it empty. This suggests that you have a finite number of case statements that handle a specific set of values and that there may be values that don't need handling. Since they don't need handling the optimal path is not to have a default statement, but you suggest adding one with debugging information even though no processing need occur for some values. Now do you understand? Just because you have a switch doesn't mean all values need handling. Ah, while I had expected that my initial comments had been misinterpreted, I can see clearly now that they have. Hopefully, the messages the past couple of days have cleared things up. Furthermore, the whole point of these test cases is for those parts of the code which are never supposed to be executed to begin with, so that alone will aid in preventing said debugging code from executing in production...and if said debugging code does run in production, would that be such a bad thing (assuming it doesn't interfere with the user)? After all, because it (like the default switch case) was executed, it immediately implies there was a problem... If they're never supposed ot be executed then why are you adding extra code? That sounds like a need for better logic skills, not a need for debugging code. Because, it is never supposed to be ... not never will be. Bug's cause all kind of things to happen...including code paths that aren't supposed to happen. I doubt any client would believe it a good thing that a bug that should have been caught in development wasn't caught until production because mere minutes weren't spent putting in debug code that would have caught these bugs. You're probably one of those people that comments incrementing an index *shrug*. I mean it's mere seconds to add a useless chunk of comments that may someday help someone understand you're incrementing $i. While there is certainly a time and a place for comments which answer the questions of 'How?' or 'What?', the most useful comments nearly always answer the question of 'why?'. Why? The questions of 'How?' or 'What?' can almost always be easily determined with an analysis of the code. However, such an analysis does not always lead to understanding why code was written in the way it was written and I would strongly recommend people adopt such a comment style. Oh, for those using SCM (Source Code Management - like subversion), this policy applies to the checkin comments as well. Answering the question
Re: [PHP] switch case - to require the break statements seems strange to me
On Sep 12, 2008, at 11:39 AM, Andrew Ballard wrote: On Fri, Sep 12, 2008 at 9:52 AM, Jochem Maas [EMAIL PROTECTED] wrote: Luke schreef: I wonder if this is a shared trait between C and PHP (since I understand PHP is written in C) that the break; and the default: are placed for good practice in all switch statements since they prevent memory leaks? default is not required, never heard it was good practice to always put it in. I can't say I've ever heard it recommended as good practice from the standpoint of performance in any specific language I've ever worked with, but I have heard people suggest that you always include an explicit default case in any kind of branching logic. It does seem useless to say default: // do nothing break; in a switch block, but I imagine the reasoning behind it is so that anyone who reads your code can see that you actually thought about what should/would happen if none of the other conditions were true rather than ignoring those conditions. It is always useful for a 'default:' case, which would normally do nothing, to include some debug-only code so you can be notified if the default case is ever hit. Whenever I see an empty or just missing 'default:' case, I always cringe. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] switch case - to require the break statements seems strange to me
On Sep 12, 2008, at 2:14 PM, Robert Cummings wrote: On Fri, 2008-09-12 at 11:47 -0400, Eric Gorr wrote: On Sep 12, 2008, at 11:39 AM, Andrew Ballard wrote: On Fri, Sep 12, 2008 at 9:52 AM, Jochem Maas [EMAIL PROTECTED] wrote: Luke schreef: I wonder if this is a shared trait between C and PHP (since I understand PHP is written in C) that the break; and the default: are placed for good practice in all switch statements since they prevent memory leaks? default is not required, never heard it was good practice to always put it in. I can't say I've ever heard it recommended as good practice from the standpoint of performance in any specific language I've ever worked with, but I have heard people suggest that you always include an explicit default case in any kind of branching logic. It does seem useless to say default: // do nothing break; in a switch block, but I imagine the reasoning behind it is so that anyone who reads your code can see that you actually thought about what should/would happen if none of the other conditions were true rather than ignoring those conditions. It is always useful for a 'default:' case, which would normally do nothing, to include some debug-only code so you can be notified if the default case is ever hit. Whenever I see an empty or just missing 'default:' case, I always cringe. Whenever I see pointless debug fluff just for the sake of not having an empty or omitted default statement I cry. It's only pointless debug fluff until it saves untold numbers of hours which would have been spent attempting to track down a bug that would have been caught by the now critical test which took only about 10 seconds to write. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] switch case - to require the break statements seems strange to me
On Sep 12, 2008, at 2:51 PM, Robert Cummings wrote: On Fri, 2008-09-12 at 14:33 -0400, Eric Gorr wrote: On Sep 12, 2008, at 2:14 PM, Robert Cummings wrote: On Fri, 2008-09-12 at 11:47 -0400, Eric Gorr wrote: On Sep 12, 2008, at 11:39 AM, Andrew Ballard wrote: On Fri, Sep 12, 2008 at 9:52 AM, Jochem Maas [EMAIL PROTECTED] wrote: Luke schreef: I wonder if this is a shared trait between C and PHP (since I understand PHP is written in C) that the break; and the default: are placed for good practice in all switch statements since they prevent memory leaks? default is not required, never heard it was good practice to always put it in. I can't say I've ever heard it recommended as good practice from the standpoint of performance in any specific language I've ever worked with, but I have heard people suggest that you always include an explicit default case in any kind of branching logic. It does seem useless to say default: // do nothing break; in a switch block, but I imagine the reasoning behind it is so that anyone who reads your code can see that you actually thought about what should/would happen if none of the other conditions were true rather than ignoring those conditions. It is always useful for a 'default:' case, which would normally do nothing, to include some debug-only code so you can be notified if the default case is ever hit. Whenever I see an empty or just missing 'default:' case, I always cringe. Whenever I see pointless debug fluff just for the sake of not having an empty or omitted default statement I cry. It's only pointless debug fluff until it saves untold numbers of hours which would have been spent attempting to track down a bug that would have been caught by the now critical test which took only about 10 seconds to write. Maybe for complex cases... but you used a broad brush when you advocated always doing this and so I most point out the pointlessness of debug fluff for simple use cases. Even in the simple cases, it is always useful to employ defensive programming techniques because it may catch a bug which would have otherwise taken hours to track down. Since case statements are for the most part equivalent to if/else if/else statements, I must ask if you also enforce an else statement on all such conditionals. Who said anything about enforcement? I simply said it make me cringe and stated an opinion which is derived from an accepted ideal that defensive programming is a good thing. Such debugging should be done on a case by case basis depending on the particular scenario at hand. If the code is simple and obvious then debugging serves little purpose but to convolute the code. Convoluted is a relative and subjective term. Once one gets used to writing and maintaining code written this way, it is no longer convoluted. Furthermore, every decent editor these days would allow one to collapse such code for those who find it difficult to interpret...providing even a stronger reason to write it in the first place. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] switch case - to require the break statements seems strange to me
On Sep 12, 2008, at 3:44 PM, Robert Cummings wrote: I don't see how that in any way makes an argument for or against. Once still must spend client's money wasting time on code that has questionable merit. Yes, some debugging code is a great boon in any application, but littered everywhere to fulfill someone's subjective philosophical ideal when sometimes it's just plain unnecessary... wasteful IMHO. As far as I know, no one has yet come up with a proof showing when debugging code is and/or is not necessary. The simple fact is that bugs can popup anywhere and spending a client's time and money by spending a few minutes writing all of the simple test cases throughout an application can be well worth it as it can save far more of the client's time and money by not wasting it on tracking down bugs that could have been easily caught. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] switch case - to require the break statements seems strange to me
On Sep 12, 2008, at 4:27 PM, Robert Cummings wrote: On Fri, 2008-09-12 at 16:11 -0400, Eric Gorr wrote: On Sep 12, 2008, at 3:44 PM, Robert Cummings wrote: I don't see how that in any way makes an argument for or against. Once still must spend client's money wasting time on code that has questionable merit. Yes, some debugging code is a great boon in any application, but littered everywhere to fulfill someone's subjective philosophical ideal when sometimes it's just plain unnecessary... wasteful IMHO. As far as I know, no one has yet come up with a proof showing when debugging code is and/or is not necessary. The simple fact is that bugs can popup anywhere and spending a client's time and money by spending a few minutes writing all of the simple test cases throughout an application can be well worth it as it can save far more of the client's time and money by not wasting it on tracking down bugs that could have been easily caught. It is impractical to include debugging code for every conditional in a program. I have yet to see any evidence that it is impractical, especially after one has gotten into the habit. After all, for switch statements, adding in a default case takes mere seconds. Now, for a large project that has already been written, it may be impractical but only because it is unlikely anyone will be willing to spend the time or money to go back and put the stuff back in... Doubly impractical to do so in PHP unless you have some way to prevent said debugging code from running in production. It isn't hard to prevent a code path from running in a production environment and allowing it to run in a development environment. Just one example, in PHP, would be globally defining something like PRODUCTION and then testing to see if it has a value of 1 or 0 and then writing an if statement to test the value before executing some code. Of course, there may be other clever solutions that aren't popping into my head at the moment. I'm sure you could come up with something better. Furthermore, the whole point of these test cases is for those parts of the code which are never supposed to be executed to begin with, so that alone will aid in preventing said debugging code from executing in production...and if said debugging code does run in production, would that be such a bad thing (assuming it doesn't interfere with the user)? After all, because it (like the default switch case) was executed, it immediately implies there was a problem... Maybe you're confusing debugging code with unit tests. As I said earlier, it is far more practical to do so for complex conditions where a reader might easily get lost. Rather useless for simplistic cases. Until one finds it has saved hours because a problem was caught, I can understand why some would think that it is rather useless. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CSV output.
On Sep 8, 2008, at 5:06 PM, Tom Shaw wrote: Actually that won't work I tried it. For some reason the .00 shows up when I try to manually add a .00. I know weird. Did you mean to say that it .00 _doesn't_ show up when you try to manually add a .00? The value is in the array or string before outputting printing to CSV. Number format does not work either. And just to clarify...in your .csv file, you do see values such as 234.55, but not 234.00. I can promise you that if you fprintf( $fp, 234.00 ), you will see 234.00 in your file. So, the question becomes, what _exactly_ are you doing when you are writing this stuff out. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CSV output.
What variable contains the number? How _exactly_ are you assigning the number to the variable? How _exactly_ are you writing the data to the CSV file? I tried looking up a function 'dump' at php.net and didn't turn up anything. How is dump implemented? On Sep 8, 2008, at 6:16 PM, Tom Shaw wrote: This statement _is_ correct. I see values such as 234.55, but not 234.00 in the CSV file and when I dump the data. 55.00 will equal 55 when it should equal 55.00. 234.00 shows up as 234. The data is fine it just simple does not show up correctly in the CSV file. $out .=.$name.,.$description.,.$size.,.$stock.,.$price.,. $total_cost. ; $out .= \n; } dump($out); This prints the correct data. exit(); header(Content-type: application/vnd.ms-excel); header(Content-Disposition: attachment; filename=inventory_report.csv); print $out; This prints wrong. -Original Message- From: Eric Gorr [mailto:[EMAIL PROTECTED] Sent: Monday, September 08, 2008 4:21 PM To: PHP General Subject: Re: [PHP] CSV output. On Sep 8, 2008, at 5:06 PM, Tom Shaw wrote: Actually that won't work I tried it. For some reason the .00 shows up when I try to manually add a .00. I know weird. Did you mean to say that it .00 _doesn't_ show up when you try to manually add a .00? The value is in the array or string before outputting printing to CSV. Number format does not work either. And just to clarify...in your .csv file, you do see values such as 234.55, but not 234.00. I can promise you that if you fprintf( $fp, 234.00 ), you will see 234.00 in your file. So, the question becomes, what _exactly_ are you doing when you are writing this stuff out. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Summing array indexes.
Not a direct answer to your question (don't worry, I hate it when
people do this to me too), but one thought I had was to have all of
the products ordered as their own array.
[0] = array(15) {
[order_date] = string(8) 09-01-08
[order_products] = array(2) {
[0] = string(5) 10.00
[1] = string(5) 20.00
}
[order_total_price] = string(0)
}
In this case, it would be trivial to write a foreach loop on the
'order_products' array to calculate the total.
Otherwise, run a foreach over the array, looking for keys which begin
with order_product_price_ and, when found, grab the price and add it
to order_total_price.
On Sep 4, 2008, at 6:02 PM, Tom Shaw wrote:
--=_NextPart_000_004B_01C90EAF.FA964EB0
Content-Type: text/plain;
charset=US-ASCII
Content-Transfer-Encoding: 7bit
Is there an easy way to loop thru the array below and add the
incremented
total price indexes so the order_total_price index contains the
correct sum.
Any help would be greatly appreciated.
array(5) {
[0] = array(15) {
[order_date] = string(8) 09-01-08
[order_product_price_1] = string(5) 10.00
[order_product_price_2] = string(5) 20.00
[order_total_price] = string(0)
}
[1] = array(19) {
[order_date] = string(8) 09-01-08
[order_product_price_1] = string(5) 25.00
[order_product_price_2] = string(5) 15.00
[order_total_price] = string(0)
}
Like this.
array(5) {
[0] = array(15) {
[order_date] = string(8) 09-01-08
[order_product_price_1] = string(5) 10.00
[order_product_price_2] = string(5) 20.00
[order_total_price] = string(0) 30.00
}
[1] = array(19) {
[order_date] = string(8) 09-01-08
[order_product_price_1] = string(5) 25.00
[order_product_price_2] = string(5) 15.00
[order_total_price] = string(0) 40.00
}
Tom Shaw
[EMAIL PROTECTED]
--=_NextPart_000_004B_01C90EAF.FA964EB0--
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how to write good code
On Aug 30, 2008, at 8:17 PM, Shiplu wrote:
I wanna know how to write good code in php.
Not oop stuff. I wanna know how to write a good php code file.
documentation, comments. indentation etc.
what are the good practices??
Studying design patterns are a great start to learning how to write
good code. Such things apply not only to PHP, but to other languages
as well.
A couple of good books are:
Design Patterns: Elements of Reusable Object-Oriented Software
# ISBN-10: 0201633612
# ISBN-13: 978-0201633610
Head First Design Patterns (Head First)
# ISBN-10: 0596007124
# ISBN-13: 978-0596007126
As for comments, the best comments are those that include 'why' the
code was written the way it was. What the code does can be discerned
by studying the code and is generally less useful.
As for code style (which includes indentation), there is no single
good style...pick something that looks good to you and use it. The
most important thing is to be consistent. For example, if you choose
to write an if statement like:
if ( ... )
{
...
...
}
don't use that in some parts of your code and
if ( ... ) {
...
...
}
in other parts.
As for other tips to writing good PHP code, I'd recommend taking a
look at:
Essential PHP Security
# ISBN-10: 059600656X
# ISBN-13: 978-0596006563
But, basically, it just comes down to practice, practice and more
practice.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ASCII Captcha
On Aug 29, 2008, at 10:30 AM, tedd wrote: No matter how many times you cut this rope, it's still too short. So, I'm curious, what do you suggest? As near as I can tell, even with all of the problems (many of which can be mitigated with enough effort) associated with the use of Captcha's, a good implementation is currently the best solution to the problem. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ASCII Captcha
On Aug 29, 2008, at 11:33 AM, tedd wrote: I understand there are different reasons behind the use of CAPTCHA's, but in the end they still present accessibility problems. And their use is a trade-off that you accept. Nonsense. There is no reason why the usage of Captcha's would need to present accessibility problems. I didn't mean to imply laziness, but now that you mentioned it -- on one hand we say that CAPTCHA is good enough until something else comes along, but on the other hand, because we are using CAPTCHA, there's no need to develop something else. Nonsense. There are people constantly working on better systems to fight spam, etc. Need proof? Just lift your head up and look around a little. At a minimum, a better system that everyone uses could mean billions to the inventor that patent's the system...that is reason enough to keep working to the next best thing. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ASCII Captcha
On Aug 29, 2008, at 2:42 PM, Richard Heyes wrote: I understand there are different reasons behind the use of CAPTCHA's, but in the end they still present accessibility problems. And their use is a trade-off that you accept. Nonsense. There is no reason why the usage of Captcha's would need to present accessibility problems. CAPTCHAs are intentionally not the easiest thing to read. If they were, there wouldn't be a great deal of point having them. There are many forms of captcha's. The concept can easily be extended beyond the need to read something. You may want to read: http://en.wikipedia.org/wiki/Captcha -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ASCII Captcha
On Aug 29, 2008, at 1:56 PM, tedd wrote: At 12:17 PM -0400 8/29/08, Eric Gorr wrote: On Aug 29, 2008, at 11:33 AM, tedd wrote: I understand there are different reasons behind the use of CAPTCHA's, but in the end they still present accessibility problems. And their use is a trade-off that you accept. Nonsense. There is no reason why the usage of Captcha's would need to present accessibility problems. No offense, but please look into it. You are welcome to explain, rather then just assert, what is inherent about the concept of a Captcha that would force accessibility problems upon a website. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ASCII Captcha
On Aug 29, 2008, at 3:11 PM, tedd wrote: At 2:48 PM -0400 8/29/08, Eric Gorr wrote: On Aug 29, 2008, at 2:42 PM, Richard Heyes wrote: I understand there are different reasons behind the use of CAPTCHA's, but in the end they still present accessibility problems. And their use is a trade-off that you accept. Nonsense. There is no reason why the usage of Captcha's would need to present accessibility problems. CAPTCHAs are intentionally not the easiest thing to read. If they were, there wouldn't be a great deal of point having them. There are many forms of captcha's. The concept can easily be extended beyond the need to read something. You may want to read: http://en.wikipedia.org/wiki/Captcha While you're at it, why don't you read it yourself. The reference clearly says why your statement -- Nonsense. There is no reason why the usage of Captcha's would need to present accessibility problems. -- is nonsense. Where? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ASCII Captcha
On Aug 29, 2008, at 3:15 PM, tedd wrote: At 2:51 PM -0400 8/29/08, Eric Gorr wrote: On Aug 29, 2008, at 1:56 PM, tedd wrote: At 12:17 PM -0400 8/29/08, Eric Gorr wrote: On Aug 29, 2008, at 11:33 AM, tedd wrote: I understand there are different reasons behind the use of CAPTCHA's, but in the end they still present accessibility problems. And their use is a trade-off that you accept. Nonsense. There is no reason why the usage of Captcha's would need to present accessibility problems. No offense, but please look into it. You are welcome to explain, rather then just assert, what is inherent about the concept of a Captcha that would force accessibility problems upon a website. Read your own reference: http://en.wikipedia.org/wiki/Captcha That says: Accessibility See also: Web accessibility Because CAPTCHAs rely on visual perception, users unable to view a CAPTCHA (for example, due to a disability or because it is difficult to read) will be unable to perform the task protected by a CAPTCHA. As such, sites implementing CAPTCHAs may provide an audio version of the CAPTCHA in addition to the visual method. The official CAPTCHA site recommends providing an audio CAPTCHA for accessibility reasons. Why should I have to explain something that is widely known and easy to find? So, I'm curious, what prevents a website from providing a good implementation of both an audio and visual captcha to prevent accessibility problems which you claim are impossible to avoid with every use of a captcha? Personally, my favorite implementation to date is: http://recaptcha.net/learnmore.html and not only is it well designed, but all that brain power which goes into solving captcha's goes into helping out with a very worthwhile project. Remember, the concept of a captcha is this: A test to prove one is human in order perform some action. There is no reason why a blind or deaf person absolutely cannot be presented with such a test. Now, if you wish to continue to argue to the contrary, you are more then welcome to do so. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ASCII Captcha
On Aug 29, 2008, at 3:41 PM, Stut wrote: I completely agree, but as far as I know it's only (and I use that word carefully) people with both visual and audio impairments that you cannot cater for. I cannot see any reason why a person with both visual and audio impairments could not be presented with a test to prove they are human. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ASCII Captcha
On Aug 29, 2008, at 4:09 PM, Robert Cummings wrote: On Fri, 2008-08-29 at 15:52 -0400, Eric Gorr wrote: On Aug 29, 2008, at 3:41 PM, Stut wrote: I completely agree, but as far as I know it's only (and I use that word carefully) people with both visual and audio impairments that you cannot cater for. I cannot see any reason why a person with both visual and audio impairments could not be presented with a test to prove they are human. Go on, I'm all eyes and ears... describe such a test. http://en.wikipedia.org/wiki/Captcha#Attempts_at_more_accessible_CAPTCHAs discusses this. And, I look forward to see what those doing research in this area come up with in the future. It does seem obvious that since they are human, that a good test can be designed which does not rely on security through obscurity. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ASCII Captcha
On Aug 29, 2008, at 4:21 PM, tedd wrote: At 3:27 PM -0400 8/29/08, Eric Gorr wrote: On Aug 29, 2008, at 3:15 PM, tedd wrote: Why should I have to explain something that is widely known and easy to find? So, I'm curious, what prevents a website from providing a good implementation of both an audio and visual captcha to prevent accessibility problems which you claim are impossible to avoid with every use of a captcha? If you are curious, then please research it. There is plenty of documentation. I am curious as to what your answer would be as I cannot find what does not exist. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ASCII Captcha
On Aug 29, 2008, at 5:19 PM, tedd wrote: At 4:37 PM -0400 8/29/08, Eric Gorr wrote: On Aug 29, 2008, at 4:21 PM, tedd wrote: At 3:27 PM -0400 8/29/08, Eric Gorr wrote: On Aug 29, 2008, at 3:15 PM, tedd wrote: Why should I have to explain something that is widely known and easy to find? So, I'm curious, what prevents a website from providing a good implementation of both an audio and visual captcha to prevent accessibility problems which you claim are impossible to avoid with every use of a captcha? If you are curious, then please research it. There is plenty of documentation. I am curious as to what your answer would be as I cannot find what does not exist. There is more than enough documentation regarding accessibility issue for you to find your answer. All you need to do is read. There is no documentation anywhere which claims, as you do, that it is impossible to design a captcha which deals with accessibility issues. It has been done and the research into doing it better continues - even with those who are both blind and deaf. So, again, remember, the concept of a captcha is this: A test to prove one is human in order perform some action. There is no reason why a blind or deaf person absolutely cannot be presented with such a test. Now, if you wish to continue to argue to the contrary, you are more then welcome to do so. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ASCII Captcha
On Aug 29, 2008, at 6:56 PM, Stut wrote: On 29 Aug 2008, at 22:39, Jochem Maas wrote: in the mean time, here's wishing more clean water and internet access for everyone (and less bombs). Hear hear, except that I'd put food above internet access. Indeed. Although, I might include shelter, clothing and private property (see Locke) as well... :-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] [Q] Exec'ing a command
Hopefully this will be clear. I've got a unix command-line app which I will be exec'ing (or some other similar command) from a php script. The special property of this unix app is that while it executes and terminates quickly, only a single instance can be running at any one time. However, the php script can be called simultaneously and it is possible that an invalid attempt to run two or more instances of the unix app at the same time could be made. Now, one possible solution to this problem is that the php script adds it's request to run the unix app to a queue and their is some other code which pulls a request off the queue, performs the operation and returns the data back to the php script which made the request. Are there other solutions that I have not considered? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [Q] Exec'ing a command
On Jun 27, 2008, at 3:18 PM, Daniel Brown wrote: On Fri, Jun 27, 2008 at 3:12 PM, Eric Gorr [EMAIL PROTECTED] wrote: Now, one possible solution to this problem is that the php script adds it's request to run the unix app to a queue and their is some other code which pulls a request off the queue, performs the operation and returns the data back to the php script which made the request. Are there other solutions that I have not considered? Can you just add the commands to a database, and have the commands read from there and run via cron job every n minutes? That would ensure that the *NIX file will only be run with a single instance, but run over and over again. Sure. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommended book on PHP/SOAP
On May 5, 2008, at 12:29 PM, Todd Cary wrote: I would like a book on implementing SOAP geared for someone with no SOAP experience. A book I like is: Pro PHP XML and Web Services # ISBN-10: 1590596331 # ISBN-13: 978-1590596333 This book requires PHP 5. Hopefully SOAP can be used with PHP 4?!? Of course...it is after all still just text transported via the HTTP protocol and PHP does a good job at parsing text, so, at a minimum, you could write your own support for SOAP in PHP 4. Why are you looking at PHP4? After August of this year, PHP 4 will no longer be supported and I don't believe it had any built-in support for SOAP as PHP 5 does. Although, I believe there is some third-party support for SOAP in PHP 4. I believe this is one example: http://pear.php.net/package/SOAP/ http://www.evolt.org/article/The_PEAR_SOAP_Implementation/21/49993/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: SOAP Server in PHP4
Looks like I will be unable to use PHP5 to do a SOAP server. I believe it was possible to do such a thing in PHP4, but perhaps not as cleanly. is this because you arent able to use php5 in your current situation, Yes. because php can do soap servers in php5. I know...I have one working in php5 now. Unfortunately, I am unable to locate the appropriate documentation on php.net for some reason...perhaps I am just blind. there was no native support for soap w/ php4. Thanks. i dont even know if nusoap offered this, Apparently, it does. http://www.scottnichol.com/nusoapprogwsdl.htm
[PHP] SOAP Server in PHP4
Looks like I will be unable to use PHP5 to do a SOAP server. I believe it was possible to do such a thing in PHP4, but perhaps not as cleanly. Unfortunately, I am unable to locate the appropriate documentation on php.net for some reason...perhaps I am just blind. Can anyone point me to it? This page: http://us3.php.net/manual/en/ref.soap.php seems to apply only to PHP5 and beyond. Thank you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP and #if
In C, etc. one can place #if's around code to determine whether or not the compiler should pay any attention to the code. Is there a similar technique for PHP? I've not seen anything like this before and a brief search hasn't turned up anything either...just thought I would ask to make sure. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP and #if
If you are talking about simply commenting code out, yes, I am aware of this...however, the #if technique is far more capable in certain situations. There are reasons why C, etc. has included the ability to comment out lines of code and also provide #if's. But based on your reply, I have to assume that PHP does not current provide such a technique...as I suspected. On Mar 14, 2008, at 2:22 PM, Børge Holen wrote: On Friday 14 March 2008 19:19:30 Eric Gorr wrote: In C, etc. one can place #if's around code to determine whether or not the compiler should pay any attention to the code. Is there a similar technique for PHP? I've not seen anything like this before and a brief search hasn't turned up anything either...just thought I would ask to make sure. # Notin' here // here neither */ Nor there /* -- --- Børge Holen http://www.arivene.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP and #if
Unfortunately, such things cannot be used to wrap functions. On Mar 14, 2008, at 2:38 PM, Dave Goodchild wrote: in php you have a number of constructs that can be used to execute code (or not) based on certain conditions ie is_defined(). Not sure if the comparison with C holds true as C is compiled and PHP is interpreted. On Fri, Mar 14, 2008 at 6:34 PM, Eric Gorr [EMAIL PROTECTED] wrote: If you are talking about simply commenting code out, yes, I am aware of this...however, the #if technique is far more capable in certain situations. There are reasons why C, etc. has included the ability to comment out lines of code and also provide #if's. But based on your reply, I have to assume that PHP does not current provide such a technique...as I suspected. On Mar 14, 2008, at 2:22 PM, Børge Holen wrote: On Friday 14 March 2008 19:19:30 Eric Gorr wrote: In C, etc. one can place #if's around code to determine whether or not the compiler should pay any attention to the code. Is there a similar technique for PHP? I've not seen anything like this before and a brief search hasn't turned up anything either...just thought I would ask to make sure. # Notin' here // here neither */ Nor there /* -- --- Børge Holen http://www.arivene.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP and #if
On Mar 14, 2008, at 3:10 PM, Stut wrote:
On 14 Mar 2008, at 19:03, Eric Gorr wrote:
Unfortunately, such things cannot be used to wrap functions.
Erm, yes they can. Try it.
?php
if (rand(0,1) == 0)
{
function arse()
{
echo arse 1\n;
}
}
else
{
function arse()
{
echo arse 2\n;
}
}
arse();
?
Gives:
Parse error: syntax error, unexpected T_STRING in /Users/Eric/Sites/
ifWrapping.php on line 3
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP and #if
On Mar 14, 2008, at 3:15 PM, Eric Gorr wrote:
On Mar 14, 2008, at 3:10 PM, Stut wrote:
On 14 Mar 2008, at 19:03, Eric Gorr wrote:
Unfortunately, such things cannot be used to wrap functions.
Erm, yes they can. Try it.
?php
if (rand(0,1) == 0)
{
function arse()
{
echo arse 1\n;
}
}
else
{
function arse()
{
echo arse 2\n;
}
}
arse();
?
Gives:
Parse error: syntax error, unexpected T_STRING in /Users/Eric/Sites/
ifWrapping.php on line 3
Oh, sorry, apparently there are some invisible characters in the text
you pasted which I had to zap first. Yes, this does work as expected.
However, try wrapping the arse function in a class.
?php
class TestClass
{
if ( rand(0,1) == 0 )
{
function arse()
{
echo arse 1\n;
}
}
else
{
function arse()
{
echo arse 2\n;
}
}
}
$myVar = new TestClass;
$myVar-arse();
?
That fails with:
Parse error: syntax error, unexpected T_IF, expecting T_FUNCTION in /
Users/Eric/Sites/ifWrapping.php on line 4
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Debugger
I would suggest taking a look at Zend Studio. http://www.zend.com/products/zend_studio On Sep 4, 2007, at 5:28 PM, shiplu wrote: Hello, i need a good php debugger. It should provide the facility of step by step execution in real time. Is there any? Do any of you know about this? I am having a bug. I can't trace where it is. -- shout at http://shiplu.awardspace.com/ Available for Hire/Contract/Full Time -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Compiling PHP 5.2.3
I am attempting to compile PHP 5.2.3 and am having trouble with the configuration step: configure: error: utf8_mime2text() has new signature, but U8T_CANONICAL is missing. This should not happen. Check config.log for additional information. I cannot figure this one out. Any help would be appreciated. I am using MacPorts (http://www.macports.org/ - same idea as Fink) to obtain various packages I need and am running MacOSX 10.4.10. To what configuration option does this belong? If it belongs to something I don't really need, I'll just turn the option off. What MacPort would I need to install? I could even install something via Fink, if wha tI need is not available via MacPorts. My configure line currently is: ./configure --prefix=/mine/local/php5 --with-apxs2=/opt/local/apache2/ bin/apxs --with-config-file-scan-dir=/mine/local/php5/php.d --with- iconv-dir=/opt/local --with-iconv --with-openssl=/opt/local --with- zlib=/opt/local --with-gd=/opt/local --with-zlib-dir=/opt/local -- with-ldap --with-xmlrpc --with-snmp=/opt/local --enable-sqlite-utf8 -- enable-exif --enable-wddx --enable-soap --with-sqlite=/opt/local -- enable-ftp --enable-sockets --enable-dbx --enable-dbase --enable- mbstring --enable-calendar --enable-bcmath --with-bz2=/opt/local -- enable-memory-limit --with-curl=shared,/mine/local/php5 --with- mysql=shared,/mine/local/php5 --with-mysqli=shared,/mine/local/php5/ bin/mysql_config --with-pdo-mysql=shared,/mine/local/php5 --with- libxml-dir=shared,/mine/local/php5 --with-xsl=shared,/mine/local/php5 --with-pdflib=shared,/mine/local/php5 --with-imap=../imap-2004g -- with-kerberos=/opt/local --with-imap-ssl=/opt/local --with-jpeg-dir=/ mine/local/php5 --with-png-dir=/mine/local/php5 --enable-gd-native- ttf --with-freetype-dir=/opt/local --with-iodbc=shared,/opt/local -- with-pgsql=shared,/mine/local/php5 --with-pdo-pgsql=shared,/mine/ local/php5 --with-t1lib=/opt/local --with-gettext=shared,/mine/local/ php5 --with-ming=shared,/mine/local/php5 --with-mcrypt=shared,/mine/ local/php5 --with-mhash=shared,/mine/local/php5 --with-mssql=shared,/ mine/local/php5 --with-json=shared --enable-memcache --with-xpm-dir=/ opt --with-readline=/opt --enable-openbase_module I'm sure there are still problems with it that I am slowly working through...I basically copied the one from http://www.entropy.ch/ software/macosx/php/ since I know that installation of PHP has worked for me in the past. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] make test failures (was Re: [PHP] Compiling PHP 5.2.3)
I was able to get past the configure problem. It was apparently associated with the --with-imap option and I don't need imap support. In any case, I got to the make test and got the following failures: = FAILED TEST SUMMARY - Bug #30638 (localeconv returns wrong LC_NUMERIC settings) (ok to fail on MacOS X) [tests/lang/bug30638.phpt] imagecreatefromwbmp with invalid wbmp [ext/gd/tests/ createfromwbmp2.phpt] Sort with SORT_LOCALE_STRING [ext/standard/tests/array/locale_sort.phpt] Test gettype() settype() functions : usage variations [ext/standard/ tests/general_functions/gettype_settype_variation2.phpt] htmlentities() test 2 (setlocale / fr_FR.ISO-8859-15) [ext/standard/ tests/strings/htmlentities02.phpt] (warn: possibly braindead libc) htmlentities() test 4 (setlocale / ja_JP.EUC-JP) [ext/standard/tests/ strings/htmlentities04.phpt] htmlentities() test 15 (setlocale / KOI8-R) [ext/standard/tests/ strings/htmlentities15.phpt] Generic pack()/unpack() tests [ext/standard/tests/strings/pack.phpt] = Are these failures expected? On Aug 30, 2007, at 2:43 PM, Eric Gorr wrote: I am attempting to compile PHP 5.2.3 and am having trouble with the configuration step: configure: error: utf8_mime2text() has new signature, but U8T_CANONICAL is missing. This should not happen. Check config.log for additional information. I cannot figure this one out. Any help would be appreciated. I am using MacPorts (http://www.macports.org/ - same idea as Fink) to obtain various packages I need and am running MacOSX 10.4.10. To what configuration option does this belong? If it belongs to something I don't really need, I'll just turn the option off. What MacPort would I need to install? I could even install something via Fink, if wha tI need is not available via MacPorts. My configure line currently is: ./configure --prefix=/mine/local/php5 --with-apxs2=/opt/local/ apache2/bin/apxs --with-config-file-scan-dir=/mine/local/php5/php.d --with-iconv-dir=/opt/local --with-iconv --with-openssl=/opt/local --with-zlib=/opt/local --with-gd=/opt/local --with-zlib-dir=/opt/ local --with-ldap --with-xmlrpc --with-snmp=/opt/local --enable- sqlite-utf8 --enable-exif --enable-wddx --enable-soap --with- sqlite=/opt/local --enable-ftp --enable-sockets --enable-dbx -- enable-dbase --enable-mbstring --enable-calendar --enable-bcmath -- with-bz2=/opt/local --enable-memory-limit --with-curl=shared,/mine/ local/php5 --with-mysql=shared,/mine/local/php5 --with- mysqli=shared,/mine/local/php5/bin/mysql_config --with-pdo- mysql=shared,/mine/local/php5 --with-libxml-dir=shared,/mine/local/ php5 --with-xsl=shared,/mine/local/php5 --with-pdflib=shared,/mine/ local/php5 --with-imap=../imap-2004g --with-kerberos=/opt/local -- with-imap-ssl=/opt/local --with-jpeg-dir=/mine/local/php5 --with- png-dir=/mine/local/php5 --enable-gd-native-ttf --with-freetype- dir=/opt/local --with-iodbc=shared,/opt/local --with-pgsql=shared,/ mine/local/php5 --with-pdo-pgsql=shared,/mine/local/php5 --with- t1lib=/opt/local --with-gettext=shared,/mine/local/php5 --with- ming=shared,/mine/local/php5 --with-mcrypt=shared,/mine/local/php5 --with-mhash=shared,/mine/local/php5 --with-mssql=shared,/mine/ local/php5 --with-json=shared --enable-memcache --with-xpm-dir=/opt --with-readline=/opt --enable-openbase_module I'm sure there are still problems with it that I am slowly working through...I basically copied the one from http://www.entropy.ch/ software/macosx/php/ since I know that installation of PHP has worked for me in the past. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Who uses PHP
I've heard some concern expressed that PHP might be more insecure then other methods of developing website where security was of prime importance. Now, I personally do not believe this, but it would help me to convince others if I could point to major sites, where security (mostly with respect to the user authentication system) was extremely important (financial sites, etc.) and where PHP was the primary development platform. Thank you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Who uses PHP
On Feb 1, 2007, at 9:47 AM, Jochem Maas wrote: Eric Gorr wrote: I've heard some concern expressed that PHP might be more insecure then other methods of developing website where security was of prime importance. Now, I personally do not believe this, but it would help me to convince others if I could point to major sites, where security (mostly with respect to the user authentication system) was extremely important (financial sites, etc.) and where PHP was the primary development platform. google, yahoo. For their user authentication system? Session management? Everything? Don't suppose there would be any URL (press release, just general info, etc.) with that information? for the rest search Zend.com or your favorite sdearch engine Thanks. While zend.com, etc. will tell me who is using PHP, they do not generally state exactly how it is being used and, as much as the who, it is the how that is important. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Who uses PHP
On Feb 1, 2007, at 9:50 AM, Jay Blanchard wrote: Also, check out http://www.shiflett.org as Chris is one of if not the leading expert in security with PHP. Great site. thank you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Who uses PHP
On Feb 1, 2007, at 10:06 AM, Jochem Maas wrote: Eric Gorr wrote: On Feb 1, 2007, at 9:47 AM, Jochem Maas wrote: Eric Gorr wrote: I've heard some concern expressed that PHP might be more insecure then other methods of developing website where security was of prime importance. Now, I personally do not believe this, but it would help me to convince others if I could point to major sites, where security (mostly with respect to the user authentication system) was extremely important (financial sites, etc.) and where PHP was the primary development platform. google, yahoo. For their user authentication system? Session management? Everything? Don't suppose there would be any URL (press release, just general info, etc.) with that information? for the rest search Zend.com or your favorite sdearch engine Thanks. While zend.com, etc. will tell me who is using PHP, they do not generally state exactly how it is being used and, as much as the who, it is the how that is important. ah right - please ignore my post - I wasn't really reading your question properly, my apologies Well, if you do not know the answer to my particular question, I'm curious how might you respond to someone who says: PHP has to many security issues and should not be used with a user authentication system. We should use XXX. You are not allowed to say 'Well, you're wrong. PHP is as secure as anything else.' without explaining why. Or, would you agree with the statement? Is there an 'XXX' that should be used instead of PHP? Given the limited number of options for maintaining state information, I would be hard pressed to see how any language could be inherently more security or why one could not write PHP code which implemented the same techniques as 'XXX'. (No, I do not know what 'XXX' might be.) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP5 Commercial Development
I haven't tracked this particular issue, but I know when PHP5 was first released is wasn't recommended in a commercial/production environment. However, a lot of time has passed and we're at v5.2 now...have things changed? Have GoogleYahoo, for example, moved to PHP5? Or is PHP4 still the recommendation for such environments? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Non-trivial task of converting text to HTML
Quoting Roman Ivanov [EMAIL PROTECTED]: Eric Gorr wrote: Quoting Roman Ivanov [EMAIL PROTECTED]: Output text should be correctly formatted without using lots of br's and nbsp;'s. Doing so manually is not a problem, I would just use p for web paragraphs, and p class=book for book paragraphs. However, formatting such text with a scrip is very difficult. Does anyone knows a good exaple of such script? How do you intend to distinguish between a web paragraph and a book paragraph? Good question. I don't know. If I would know, than writing scipt would be simple. It would be interesting to hear how other developers deal with such kind of things. How can you even accomplish this manually? By reading the text. *smiley* Based on the samples you provides, it is unclear how you can distinguish between the two based on reading the text without an understanding of what the text is saying. If you are seeking an algorithm that can accurately determine what the text is saying and make a decision on how to proceed, I am afraid you won't find anything. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Non-trivial task of converting text to HTML
Quoting Roman Ivanov [EMAIL PROTECTED]: Output text should be correctly formatted without using lots of br's and nbsp;'s. Doing so manually is not a problem, I would just use p for web paragraphs, and p class=book for book paragraphs. However, formatting such text with a scrip is very difficult. Does anyone knows a good exaple of such script? How do you intend to distinguish between a web paragraph and a book paragraph? How can you even accomplish this manually? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What software do you use for writing PHP?
Quoting Torgny Bjers [EMAIL PROTECTED]: I recommend Zend Studio if you can afford it since it has a GUI for both Windows and Linux FlameBateAnd for those interested in using a real computer/FlameBate, it's GUI also runs under MacOSX. http://zend.com/store/products/zend-studio/requirements.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What software do you use for writing PHP?
On 6 Dec 2005, at 19:24, Jay Blanchard wrote: [snip] FlameBateAnd for those interested in using a real computer/ FlameBate, it's GUI also runs under MacOSX. [/snip] If they are real why aren't there more of them? Far to many people have fallen victim to the deception field emanating from Microsoft. The only known cure, barring exceptional innate immunity, is to be exposed to Steve's Reality Distortion Field, which counteracts the deception affects and allows people to recognize the truth. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What software do you use for writing PHP?
Jason Petersen wrote: Vim is my editor of preference. If I have to use Windows, I usually go with Homesite (because I already have a licensed copy) or Textpad (because it's better than Notepad). IDEs? Who needs 'em ;) Who? Anyone who understands just how useful a debugger can be in increasing productivity, when used properly (i.e. one should not become dependent upon using the debugger to catch every coding error) ... which is the primary reason why I would recommend Zend Studio. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Nested IFs Problem
Albert Padley wrote: Whenever the 3 if statements are true, I always get the correct Success to echo. However, if any or all of the if statements are false, I never get Failed to echo. I know it's something simple, but I just can't see it at the moment. The code is doing exactly what you told it to do. To make it do what you what you seem to want it to do, get rid of the nested IFs and place all three tests within a single IF. -- == Eric Gorr === http://www.ericgorr.net === Government is not reason, it is not eloquence, it is force; like fire, a troublesome servant and a fearful master. - George Washington == Insults, like violence, are the last refuge of the incompetent... === -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Generating a 404 status message with header()
Paul Waring wrote: On Mon, Aug 08, 2005 at 04:37:12PM -0400, Eric Gorr wrote: Should it? Is it possible to write a doesexists.php script which would cause the 404 directive to be triggered? I also tried: header(Status: 404 Not Found); but this did not work either. Try searching the archives for this list, I'm sure this question, or one very similar to it, was asked and answered fairly recently. I believe I found the thread you were referring to, but it does not provide the answer that I found actually works. Since my goal is _strictly_ and _only_ to get the 404 directive triggered and _absolutely_ nothing more, the solution I found was for doesexists.php to use the Location directive to redirect to a page which I know does not exist. This, obviously, triggers the 404 directive as I wanted. Problem solved. -- == Eric Gorr === http://www.ericgorr.net === Those who would sacrifice a little freedom for temporal safety deserve neither to be safe or free. - Benjamin Franklin == Insults, like violence, are the last refuge of the incompetent... === -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Generating a 404 status message with header()
I've got an ErrorDocument directive defined in my htaccess file. If I, for example, enter into my browser: http://mydomain.com/doesnotexist.html the 404 directive is triggered and 404 document correctly comes up. I have another file (doesexist.php) with the contents: ?PHP header(HTTP/1.0 404 Not Found); ? If I enter into my browser: http://mydomain.com/doesexist.php I get a blank page. Apparently, this does not trigger the 404 directive. Should it? Is it possible to write a doesexists.php script which would cause the 404 directive to be triggered? I also tried: header(Status: 404 Not Found); but this did not work either. -- == Eric Gorr === http://www.ericgorr.net === I believe each individual is naturally entitled to do as he pleases with himself and the fruits of his labor, so far as it in no way interferes with any other man's rights. - Abraham Lincoln == Insults, like violence, are the last refuge of the incompetent... === -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] String to Stream
This should be a fairly easy question for someone who already knows the answer... What I would like to be able to do is take a string and place it into a 'resource' so I can use functons like fscanf, fseek to process the string. Is this possible? If so, how? p.s. While I would be interested in possible alternative solutions, I would like to know how to accomplish this task even if it does not end up being the solution I use. -- == Eric Gorr === http://www.ericgorr.net === Those who would sacrifice a little freedom for temporal safety deserve neither to be safe or free. - Benjamin Franklin == Insults, like violence, are the last refuge of the incompetent... === -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] String to Stream
Jay Blanchard wrote: [snip] What I would like to be able to do is take a string and place it into a 'resource' so I can use functons like fscanf, fseek to process the string. Is this possible? If so, how? p.s. While I would be interested in possible alternative solutions, I would like to know how to accomplish this task even if it does not end up being the solution I use. [/snip] If you place the string into a variable then you would be able to work with it that way. Using what functions? Part of the point was not to need to keep track of the current location in the string, etc...basically things that streams tend to handle well. There are probably better functions for dealing with a string than the ones you have mentioned (fseek is a file pointer). 'like fscanf, fseek' -- == Eric Gorr === http://www.ericgorr.net === Those who would sacrifice a little freedom for temporal safety deserve neither to be safe or free. - Benjamin Franklin == Insults, like violence, are the last refuge of the incompetent... === -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] String to Stream
Jay Blanchard wrote: [snip] Jay Blanchard wrote: If you place the string into a variable then you would be able to work with it that way. Using what functions? Part of the point was not to need to keep track of the current location in the string, etc...basically things that streams tend to handle well. There are probably better functions for dealing with a string than the ones you have mentioned (fseek is a file pointer). 'like fscanf, fseek' [/snip] You have been a little vague about your desired usage but here is one idea; Explode the string into an array and then use array functions to navigate the string. Here is a whole list of methods for handling strings http://us2.php.net/manual/en/ref.strings.php Again, I would like to treat the string as a stream. One possible way to accomplish this would be to simply write the string to a temporary file, open the file with fopen and then use fscanf, fseek, etc. to process the text. However, I am assuming there is an easier way (i.e. a method without the file io overhead) to be able to treat the string as a stream. -- == Eric Gorr === http://www.ericgorr.net === Therefore the considerations of the intelligent always include both benefit and harm. - Sun Tzu == Insults, like violence, are the last refuge of the incompetent... === -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] String to Stream
Jay Blanchard wrote: What, exactly, do you want to accomplish? I want to be able to treat a string as a stream. For example, the C++ STL contains istringstream, which allows one to treat strings as streams. (http://www.cplusplus.com/ref/iostream/istringstream/) If you are truly wondering why such functionality is useful and examples of usefulness, I might recommend asking at comp.lang.c++ (http://groups-beta.google.com/group/comp.lang.c++). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] String to Stream
Jay Blanchard wrote: However, if I know what you want to do with the string more specifically (I asked for examples, which you have not given) I can get you to the right PHP functions. I am familiar with all of the PHP string functions. PHP does not have a class or function similar to isstringstream Ok. I thought it might since PHP does apparently have some generic stream functionality. see: http://us3.php.net/stream (I have not checked phpclasses.org to see if someone has written one, so there might be one there). I could not find any. Entering 'string stream' into the search field did not appear to turn up anything useful. So, please provide a more precise example. Please see useful examples related to istringstream. A google search would be useful here. You could always write an extension if the answers I have given are not satisfactory, but I think that PHP has many built in string functions that it can probably manipulate a string any way that you would desire. As you have already stated, the PHP built in string functions are not directly capable of treating a string as a stream. But thank you, it would appear that I will either need to write the string out to a file and then read it back in or just use the builtin string functions to process the string. Neither solution was particularly appealing which is why I asked the question. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] String to Stream
Jay Blanchard wrote: [snip] Neither solution was particularly appealing which is why I asked the question. [/snip] I see. Sorry I couldn't be more helpful. And I thought you wore looking for a more precise function rather than the whole lot of things that can be accomplished with isstringstream. Looks like it wouldn't be terribly difficult to get something like this up and running. I was just taking a look at: http://us3.php.net/manual/en/function.stream-wrapper-register.php I'm kinda surprised no one has written a wrapper for strings yet... -- == Eric Gorr === http://www.ericgorr.net === Government is not reason, it is not eloquence, it is force; like fire, a troublesome servant and a fearful master. - George Washington == Insults, like violence, are the last refuge of the incompetent... === -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] String to Stream
Jochem Maas wrote: http://php.net/manual/en/function.stream-wrapper-register.php is as close as it gets I think. - total overkill for manipulating strings IMHO - (me thinks there is atleast one other in agreement) - there is a reason php has all those built in string functions :-) And there are good reasons why other very intelligent people thought that including such functionality directly in the C++ STL and many other libraries was a good idea too. -- == Eric Gorr === http://www.ericgorr.net === I believe each individual is naturally entitled to do as he pleases with himself and the fruits of his labor, so far as it in no way interferes with any other man's rights. - Abraham Lincol == Insults, like violence, are the last refuge of the incompetent... === -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] String to Stream
Jochem Maas wrote: Eric Gorr wrote: Jochem Maas wrote: http://php.net/manual/en/function.stream-wrapper-register.php is as close as it gets I think. - total overkill for manipulating strings IMHO - (me thinks there is atleast one other in agreement) - there is a reason php has all those built in string functions :-) And there are good reasons why other very intelligent people thought that including such functionality directly in the C++ STL and many other libraries was a good idea too. indeed - but php !== c++ obviously. personally I don't get your angle on this one, but like Jay I'd be interested to know how you think this might be useful - so if you could give an explicit (as poss.) example it might help us to understand. Well, as I mentioned before, you are welcome to look into the surrounding useful examples for istringstream, etc. I can't think of a single reason why similar reasons why istringstream, etc. is useful would not apply to a php stream_wrapper for strings. As for why things like istringstream, etc. are useful, you can also head over comp.lang.c++ and ask...I, quite simply, have no interest in a debate or discussion I already know the final answer toi.e. it is useful. btw do you think the functionality surrounding stream_wrapper_register() will do it for you? I don't see any reason why not at the moment. -- == Eric Gorr === http://www.ericgorr.net === I believe each individual is naturally entitled to do as he pleases with himself and the fruits of his labor, so far as it in no way interferes with any other man's rights. - Abraham Lincoln == Insults, like violence, are the last refuge of the incompetent... === -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] secure document : solution wanted
Charles Hamel wrote: Hi I am bulding a secure intranet.(php, mysql, apache) I am using a session and Mysql to handel the user accounts. Everythying works fine with that. The client now needs to share word/pdf document with the registered user. I created a secure directory using .htaccess for this purpose and it works as well the user are promt to enter a username password. Is there a way to bypass this login box so logged user would be able to access the file, but the directory would still be protected against non-logged user who would know the path and the name the file? I can deal with one .htacces account (username pw) since all the file can be shared with all the users. I was expecting this to work ... http://username:[EMAIL PROTECTED]/safeDir/Word.doc but it isn't. Any idea what I could do? Perhaps, https? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] secure document : solution wanted
Duncan Hill wrote: On Wednesday 06 April 2005 16:32, Eric Gorr typed: Perhaps, https? HTTPS is a transport security layer, not an authentication or access control layer. I understand that. However, some pages can only be accessed if a user uses https. I though this might be the case here, but perhaps it is not. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] secure document : solution wanted
Duncan Hill [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] IE dropped support (or severely neutered it) for username:password in URLs a while back. If anyone is interested, I found this document which appears to provide more details... http://support.microsoft.com/kb/834489 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] secure document : solution wanted
Richard Lynch wrote: On Wed, April 6, 2005 9:14 am, Eric Gorr said: Duncan Hill [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] IE dropped support (or severely neutered it) for username:password in URLs a while back. If anyone is interested, I found this document which appears to provide more details... http://support.microsoft.com/kb/834489 Is it just me, or is this a case of MS breaking a protocol because their stupid interface was hiding information it shouldn't have hidden in the first place? Well, regardless, I'll just use it as yet another reason to never bother with IE again for at least my personal use. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [Q] mail() security
Richard Lynch wrote: On Mon, April 4, 2005 2:00 pm, Eric Gorr said: I wanted to setup a good 'contact me' page on my website. I do not want to reveal my e-mail address, so I was going to use a form. The PHP script with the actual mail() function would define the To and Subject parameters, so these could not be faked. I also plan to use a captcha. A what? http://en.wikipedia.org/wiki/Captcha It is a common technique that I didn't know the official name of for a long time either. The only concern I had was how to process the body text. Any recommendations? One useful function would appear to be strip_tags, so no one could embed annoying or destructive HTML, etc. which I may accidentally cause my e-mail application to render. It's possible, though extremely unlikely, that somebody could construct a malicious email that passes through strip_tags and/or htmlentities and still does something *bad* for your particular email application. Can you give an example? If this would involve taking advantage of some unknown bug in the particular e-mail application I am using, well, I have considered it and since I could be affected via the form or not, I choose to not worry about it. Since you anticipate such a low volume, and seem concerned that you will lose valuable info from an HTML-enhanced email, perhaps you should log the original and provide a link to view it in the email you send to yourself. I am actually not concerned about strip_tags removing useful text...it should be quite obvious that such a thing happened and it would be trivial for me to simply contact the person sending the mail to obtain that useful text (and, of course, to yell at them for sending me HTML :-). So if you REALLY need that enhanced email, you can surf to it. Of course, then your web-server/browser might be attacked by their code you are viewing/executing (JavaScript). You may also want to consider using a throttle on the form based on $_SERVER['REMOTE_ADDR'] and if more than X emails are sent in Y hours from the same IP, refuse to send it and send them to an error page. This is why I plan to use a captcha...when used properly, it can be quite effective against such attacks. Still, what you suggest is an enhancement I will likely implement as well. Thanks for the suggestion. -- == Eric Gorr = http://www.ericgorr.net = ICQ:9293199 == Those who would sacrifice a little freedom for temporal safety deserve neither to be safe or free. -- Benjamin Franklin == Insults, like violence, are the last refuge of the incompetent... === -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] [Q] mail() security
I wanted to setup a good 'contact me' page on my website. I do not want to reveal my e-mail address, so I was going to use a form. The PHP script with the actual mail() function would define the To and Subject parameters, so these could not be faked. I also plan to use a captcha. The only concern I had was how to process the body text. Any recommendations? One useful function would appear to be strip_tags, so no one could embed annoying or destructive HTML, etc. which I may accidentally cause my e-mail application to render. Any other suggestions? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [Q] mail() security
Chris W. Parker wrote: www.php.net/addslashes I am uncertain what dangerous/annoying things might happen if I did not call this function. Can you come up with any? Remember, the text being processed goes straight from $_POST[ 'body' ] through strip_tags (+ more?) into mail(). It would seem that addslashes would just make the body text look messy for no reason. www.php.net/htmlentities It seems as if strip_tags strip out everything that htmlentities would change and would therefore be unnecessary. -- == Eric Gorr === http://www.ericgorr.net === The more you study, the more you know. The more you know, the more you forget. The more you forget, the less you know. So, why study? - ??? == Insults, like violence, are the last refuge of the incompetent... === -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [Q] mail() security
Chris W. Parker wrote: It seems as if strip_tags strip out everything that htmlentities would change and would therefore be unnecessary. strip_tags() and htmlentities() both perform seperate functions (hence they have different names). htmlentities() encodes special characters, strip_tags() strips HTML from a string. One example is the following: Original: b/b With strip_tags applied: With htmlentities applied: amp; It may or may not be necessary for you. What dangerous/annoying things might happen if I did not pass the text intended for the body parameter of the mail function through htmlentities? (But, did pass it through strip_tags) I cannot come up with anything. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [Q] mail() security
Josip Dzolonga wrote:
Eric Gorr wrote:
Any other suggestions?
Well see this example :
function clean_body($body_text) {
if(ini_get('magic_quotes_gpc')) $body_text =
stripslashes($body_text); // If magic_quotes are on, strip the
extra-added slashes
return htmlentities($body_text); // Return the value
}
This is a good way to start, I think. Filtering the input first would be
a nice idea too, especeally if there're more input fields ;-)
htmlentities would potentially make the body text messier then seems
necessary.
Shouldn't strip_tags be enough? What dangerous/annoying things might
happen if I replaced htmlentities with strip_tags in the above function
and then passed the body text to the mail() function?
I do not mind over doing it and potentially getting rid useful text in
the body (strip_tags could do this). People, in general, will not be
using this form to contact me often enough for it to matter.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [Q] mail() security
Chris W. Parker wrote: Or in a less extreme case, your computer get hijacked and used to send spam because you used htmlentities() instead of strip_tags(). Well, this is why I asked the question to begin with. I am concerned (as everyone _should_ be) about such things and desire to do my best to prevent them. Now, as near as I can tell, strip_tags is the only thing one really needs to do to be safe. But, one can use htmlentities to potentially preserve useful text, if it is important to do so and still remain safe - with the downside being having a messier body then may be necessary. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [Q] mail() security
Anthony Tippett wrote: http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/ thank you for the suggestion. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [Q] mail() security
Anthony Tippett wrote: http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/ Actually, I am familiar with everything this document mentions. Unfortunately, this document does not discuss what one might need to be concerned about when passing text to the body parameter of the mail() function. If you have any comments with respect to this (which was my only concern in the original message), please let me know. I haven't found any articles which addresses this particular issue, which is why I posted the question. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session problems...
I thought I had a pretty good handle on sessions, but I can't figure out what could possibly be going wrong in this case. I've stripped my code down to basically the bear minimum which still reproduces the problem, which I included below. When I visit test1.php with the url: http://domainpath/test1.php?name=billpwd=henry I see the output: user = 'bill' ID= 41699d4461e8fe3a71243bb3cb1c2298' You were remembered and are now being redirected to the home page. If this fails for some reason (and if you are seeing this, it probably has), please click here: To Home Page However, upon redirection to test2.php, I see: '' 31e2cab461dc525ea9a8c22e5d997db5 The session ID appears to have changed. Any idea why? I can use sessions in other situations with any problems... test1.php -- ?PHP session_start(); $isRemembered = false; $rememberedUser = ; $username = $_GET[ 'name' ]; $password = $_GET[ 'pwd' ]; $isRemembered = true; $rememberedUser = $username; $_SESSION[ validUser ] = $rememberedUser; $sessionID = strip_tags( SID ); echo html; echo head; echo title; echo User Login; echo /title; echo script language=\JavaScript\; echo window.setTimeout( 'window.location=\http://www.ericgorr.net/advciv/test2.php\;', 5000 );; echo /script; echo /head; echo body bgcolor=#ee; echo user = ' . $_SESSION[ validUser ] . 'br; echo ID= . session_id() . 'br; echo You were remembered and are now being redirected to the home page. If this fails for some reason (and if you are seeing this, it probably has), please click here: ; echo a href = \HomePage.php\To Home Page/a; echo /body; echo /html; ? -- test2.php -- ?PHP session_start(); echo html; echo head; echo /head; echo body bgcolor=#ee; echo ' . $_SESSION[ validUser ] . 'br . session_id() . br; echo /body; echo /html; ? -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: date()
Khalid Judeh wrote: hello all, i am new to php, i am trying to call the date function this way: ?php echo date(d/m/y); ? and the result i get is: object18/03/04 any help would be appreciated hummm...very odd. I did the same thing and got: 19/03/04 Can you provide any more details? What version of PHP is being used? (I would, of course, have seen: '18/03/04' if I had run this yesterday ) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session problems...
At 1:58 PM -0500 3/19/04, John W. Holmes wrote: From: Eric Gorr [EMAIL PROTECTED] When I visit test1.php with the url: http://domainpath/test1.php?name=billpwd=henry I see the output: user = 'bill' ID= 41699d4461e8fe3a71243bb3cb1c2298' You were remembered and are now being redirected to the home page. If this fails for some reason (and if you are seeing this, it probably has), please click here: To Home Page However, upon redirection to test2.php, I see: '' 31e2cab461dc525ea9a8c22e5d997db5 The session ID appears to have changed. Any idea why? 'window.location=\http://www.ericgorr.net/advciv/test2.php\;', 5000 If I go to test1.php at the above URL, I'm redirected to test2.php and my name is remembered. If it's not working for you, then the session cookie must not be getting set correctly or your browser is not accepting cookies. Was the session id the same? I am using Mozilla 1.7a and can use the 'Manage Stored Cookies' feature to see that it is accepting the cookie. The cookies contains the correct session id, displayed from test1.php. When I get to test2.php, the session id is different. Again, I can use sessions without any problems in other situations with my site, so I do not believe there is a problem with my browser accepting cookies. Do you have any other ideas? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session problems...
Ah HA! I knew I wasn't crazy...well, pretty sure... ;-) I figured out why my sessions were behaving so oddly. I was accessing test1.php via: http://ericgorr.net/... In test1.php, I was then redirecting to test2.php via http://www.ericgorr.net/... Apparently, with Mozilla and Safari, php sessions sees these as two different domains and therefore cannot resume the session since the session IDs are stored under two different domains. (ok, poor wording here...feel free to make it more accurate) However, with Internet Explorer is apparently a bit more lenient in these matters and I never got a failure. So, I can change the redirection to: http://ericgorr.net/... or I can visited test1.php via: http://www.ericgorr.net/... and things will work. Now, to solve the problem in the general case, it would seem necessary to pass the session id around. However, I am hoping that someone can suggest a better solution. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Regex help
At 6:06 PM +0100 3/15/04, Ryan A wrote: I know this is pretty easy to do but I am horrorable at working with regular expressions and was wondering if anybody might take a min to help please. I will have a variable: $the_extention which will have a value like:98797-234234--2c-something-2c How do I take out the part which will always start with --2c and will always end with -2c I'd be interested in the answer to this question as well. Seems like it should be easy. A good baby steps tutorial on regex too would be appreciated. This is a good one: http://www.regular-expressions.info/tutorial.html This google search turned up many tutorials: http://tinyurl.com/2r3rf -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Make sure folder is writable
At 1:32 PM -0500 2/24/04, Matt Palermo wrote: Is there a way to check a folder on the server to make sure a specified folder has write permissions? I'm writing an upload script, but I need to make sure the user gave the destination directory write permissions before I can copy the files to the new folder. Anyone got any ideas? Any reason why you cannot try to write a temporary file to the directory and then delete it? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] beginner question about while loops
At 11:41 AM -0800 2/6/04, Paul Furman wrote:
while ($file = readdir($dh)){
if (strstr ($file, '.jpg')){
$pictures[] = $file;
}
Spotted this problem when staring at your code.
Number of open braces: 2
Number of close braces: 1
You need to close off your while loop.
Should I set up a counter for loops $integer++ or if I'm going
through something
You can if you like, but it is not necessary in this case.
the while function knows to just go through those and fills in array
numbers accordingly?
The while function has nothing to do with it. Using the syntex
$array[] simply adds an element onto the _end_ of the array and PHP
picks the next logical, numerical index.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Website Architecture
I've got a directory structure similar to this:
SiteRootDir
index.php
dirA
index.php
dirB
funcs.php
otherfuncs.php
In the SiteRootDir/index.php, I've got:
require_once( dirB/funcs.php );
in funcs.php, I've got:
require_once( otherfuncs.php );
which works because SiteRootDir/index.php is the location from which files
are looked for.
However, in dirA/index.php, I've got:
require_once( ../dirB/funcs.php );
and require_once( otherfuncs.php ) in funcs.php cannot be
found.
A solution I found was in dirA/index.php, to chdir( .. ); before
the require_once, which moves the current directory to SiteRootDir
and allows otherfuncs.php to be found ... is this the best way to
solve this problem?
A seperate, but related question
funcs.php contains statements of the form:
echo a href=\directoryname\linkname/abr;
forming a relative URL. Again, this would point to a different
location depending on whether dirA/index.php or SiteRootDir/index.php
called the function containing this relative URL and I want them to
point to the same location.
I was able to find a solution by doing the following:
function AFunction( $toRoot )
{
$location = $toRoot . locationFromSiteRootDir;
echo a href=\$location\linkname/abr;
}
So, from dirA/index.php, I would call AFunction like:
AFunction( .. );
Is this the best way to solve this problem?
Thank you.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] re: multilingual website
For some great information on how to internationalize a PHP application, I would suggest checking out: http://us3.php.net/manual/en/ref.gettext.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
