Re: [PHP] PEAR::DB and PDO
I've used PDO, PEAR::DB, and ADOdb. I like ADOdb the most. You'd love it's new Active Record extension. On Tue, 2006-08-01 at 18:47 +0100, Yannick Warnier wrote: Hi there, I will soon need to include a database abstraction layer in my company's software and I am looking for the best choice to make. The software is promoted as working with PHP4, so I wouldn't use PDO, although I see that a PHP4 implementation of PDO exists [1] and I could use this one (any comments on that are appreciated). So basically I'm left with PEAR::DB (or PEAR::MDB2) [2] and ADOdb [3]. I have found a comparison [4] but it doesn't sound too objective. What I'd really like to know is: - does PDO come from PEAR::DB? - does ADOdb really add value in comparison with PEAR::DB? Any suggestion welcome, thank you so much, Yannick [1] http://www.phpclasses.org/browse/package/2572.html [2] http://pear.php.net/package/MDB2 [3] http://adodb.sourceforge.net/ [4] http://phplens.com/phpeverywhere/node/view/39 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Sanity checker?
Php experts everywhere,
This is a response to an old thread about a php audit tool.
I just want to announce a simple tool for that. It is not super smart
yet, but it is easily extensible.
Please check it out, and provide me with suggestions.
http://developer.spikesource.com/projects/phpsecaudit
I need a lot of help identifying function calls that need to be handled
with cautions.
Thank you
--
Ezra Nugroho
http://ez.spikesource.com
On Thu, 2006-05-04 at 14:44 -0500, Jay Blanchard wrote:
[snip]
Have you ever seen things like
for ($i = 0; $i count($some_array); $i++) {
//do stuff
}
Do you know how slow it is if $some_array gets big compared to
$array_count = count($some_array);
for ($i = 0; $i $array_count; $i++) {
//do stuff
}
[/snip]
The thing is this; there are lots of cases such as the one above that
someone would have to code in order to make the tool worthwhile. It
sounds like a good project for a large group of folks. We have headed
down the road a couple of times on things like this and the problem
always comes down to manpower. Start a project at SF or FM that maybe
does a couple of basic things and hope that it grows from there.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sanity checker?
It was a long time since I post any question to this list, like back at
php 3x time. Boy, a lot has change now.
So I actually did kick some funny bones, not quite flames yet. And
that's good, I don't really like that.
Wolf
We aren't going to take the time
to answer a rhetorical question when you can STFW, RTFM, or RTA.
/Wolf
Who are we? I hope you are not talking about php community in general.
I would be really sad if that's true. Unfortunately, it seems like
that's the trend in this list. I want newbies to succeed, hence my talk
about such tool. O.W. newbies will go to RoR instead.
Anyways,
Have you ever seen things like
for ($i = 0; $i count($some_array); $i++) {
//do stuff
}
Do you know how slow it is if $some_array gets big compared to
$array_count = count($some_array);
for ($i = 0; $i $array_count; $i++) {
//do stuff
}
Of course you do!
But newbies might not
I know that sanity can be seen as a superset of the halting problem. But
I don't want that. I want a tool to just do a simple audit to tell you
possible gotchas.
Well, (yes.. reservoir!) this tool may materialized, it may not. We
shall see. But when it does, you might not need it anyway, coz you are
not a newbie, and that you are super smart already.
Thanks
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sanity checker?
Well, Since my original post failed to generate reasonable feedback, not even a successful kick at people's funny bone or a flame, let me restate my question with a story. Php reduces the barrier to web development quite a bit, such that less technical people can jump in really easily. In one side, this is great because it helps the adoption of the language, and more people get to create their dynamic websites. The flip to it is that many non-technical people write low quality php code, which in turn make their code vulnerable and not scalable. I envision a tool that would audit your php code, and tell you if your code is good or not, if it has scaling issues, etc, etc. Basically it tells if your php code is sane or not. I have a few ideas of how a sane php code should look like, but I certainly don't know everything. That's the reasons behind my earlier questions. Basically I am looking for things to check in codes that pose high running time risks. Or even simpler, I am looking for best practices, advices, guidelines that you would give to new php developers. So here are the questions again: Does anyone know of any tools to test the sanity of your php code? If you were to check the sanity of your code, what would you look for? Any pointers for other resources? Thank you Ezra On Wed, 2006-05-03 at 10:22 +0300, Robin Vickery wrote: On 03/05/06, Ezra Nugroho [EMAIL PROTECTED] wrote: PHP experts everywhere, Does anyone know of any tools to test the sanity of your php code? If you were to check the sanity of your code, what would you look for? Hidden messages encoded in the whitespace. -robin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Sanity checker?
PHP experts everywhere, Does anyone know of any tools to test the sanity of your php code? If you were to check the sanity of your code, what would you look for? Any pointers for other resources? Thank you, Ezra -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Strange math results
It is not always possible to precisely represent decimal values as a float type in binary. In these cases, the value that you have is either slightly bigger or slightly smaller than the actual. In your specific problem, you have two values that are not equal, but very similar. Therefore you get a small negative value when subtracting them. You just have to keep this fact in mind whenever you want to do high- precision computing. On Tue, 2006-03-28 at 15:30 -0600, Jay Blanchard wrote: [snip] I've got a strange problem here. I'm subtacting one variable from another, both of type double and if they are the same, instead of getting a result of 0, I get something like -9.99200722163E-016 Is this a bug or am I doing something wrong here? [/snip] From all of the information that you sent in your post I'd say that you're doing something wrong here. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Best way to do this: www.domain.com?page=var
On Mon, 2006-01-16 at 14:20 -0800, Michael Hulse wrote: On Jan 16, 2006, at 2:14 PM, [EMAIL PROTECTED] wrote:] I think that'll do it for ya. If you're going through an ISP, they still may have a way that you can set your defaults, possibly through .htaccess or some other Apache type prefs setting mechanism. Good luck! Great! Thanks for the quick response, I really appreciate it. I had a feeling it was a fix at the server level. :) You probably want to check mod_rewrite. http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Array_merge, safety and race condition?
Php experts everywhere, I want to merge two arrays, and I want to store the result as the first array. Something like the following: $array1 = array_merge ($array1, $array2); So far the code gives me what I want. However, suppose if $array1 is extremely huge, am I introducing a bug here because of possible race condition? It's possible that array_merge has two write something to $array1 (left hand side) before it even finishes reading it (argument) in the first place. Let alone merging the two. Should I just go conservative and do: $tmp = array_merge($array1, $array2); $array1 = $tmp; Thank you, Ezra -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Tired and feeling dumb...maths question....
The result should be between 1 - 5. Can you clarify the following: Basically, I have these two fields: $pic_no_of_votes $vote_total_pts What do they hold? Sums or individual votes? and this totals them up and keeps the average: $average_pts people vote on a scale of 1-5, so the average should be between 1-5 (right?? am not even sure of this!) Be clear, help us help you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Security, Late Nights and Overall Paranoia
I am just wondering, how could someone craft an html to steal cookies? If your cookie distribution is done right, I don't think you need to worry about this. There are a gazillion of sites (CMS-based, wiki-based, etc, including php.net) that allow users to contribute html. They are not concern about security of data delivery. I think, page breaking html is more prominent issue, which you could eliminate with BBcode or wiki language. Perhaps you are being a little paranoid? Or do I miss something? Unless I'm really missing something important, for 'this' particular part of the application, any BBCode/Tag stripping/rewriting scheme would be useless since what they will be editing is the actual templates that make the page, therefore all tags would have to be allowed. It's not the legitimate user I'm worried about doing something wrong, it's that if it's possible for a legitimate user to do this, then some Bad Guy somewhere may be able to do this too. I've pretty much eliminated the possibility of someone using say cURL or some other mechanism to post information to the form processor directly. If they can guess two md5 hashes of two different random numbers that may or may not be set to allow the transaction as well as the ip/user agent associated with one of the numbers, then nothing I do will keep them out because they are GOD, or have a _lot_ of time on their hands. Plus, the clients account will have more than likely been shut down for going over their bandwidth quota from the attempts. [If I'm wrong in my assumptions here, someone please slap me in the head] What I'm worried about is someone grabbing a valid cookie id, and in the short time-span that it _is_ valid, being able to pull up the actual post form, which will then give them the second number and the ip/user agent, and legitimately posting malicious code. So yes, SSL is necessary at this point to try to keep that cookie secret. If it can, which is what I'm being paranoid about. This is a weak spot in the code because I have to trust that the user is who they say they are, all things considered. And at this point, I'm relying on SSL to be the security rock that plugs up this hole. Is SSL enough to keep the cookie safe? Is it absolutely stupid to allow this, even if there will only ever be one username/password combo that will be allowed to access this part? Other parts of the admin console will be open to other users though. The actual web site, ie the pages created and maintained by the application, is open to the public and there is no SSL there, no cookies or info other than the html request/response of a 'normal' site. Edward Vermillion [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Security, Late Nights and Overall Paranoia
Here is one security measure that you HAVE to do if you allow people to submit contents to your site. 1. track client's IP. 2. Associate sensitive cookies with the IP, if they don't match, ignore it or invalidate the cookie. We may not stop the information redirection. We can make the information invalid. Regards, Ezra On Fri, 2005-07-08 at 12:31 -0500, Edward Vermillion wrote: On Jul 8, 2005, at 12:02 PM, Ezra Nugroho wrote: I am just wondering, how could someone craft an html to steal cookies? If your cookie distribution is done right, I don't think you need to worry about this. That's what XSS is all about. I don't have the link handy but I do have a PDF file that I found a while back that explains how this happens, and to tell the truth, it scared the s*** outa me. To the point that I really don't trust any online commerce, although I do still use it, just as I still give the waitress/waiter my credit card at a restaurant, even though I know that's where most of the identity theft/stolen CC numbers comes from. There are a gazillion of sites (CMS-based, wiki-based, etc, including php.net) that allow users to contribute html. They are not concern about security of data delivery. Yeah I know... :P I think, page breaking html is more prominent issue, which you could eliminate with BBcode or wiki language. Perhaps you are being a little paranoid? Or do I miss something? So yeah, I'm being paranoid but I'm also trying to cover as many bases as I can and yet still provide some decent functionality. Edward Vermillion [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Security, Late Nights and Overall Paranoia
True. People can steal sessions within a firewall as well. Unless if browsers can do digital signature, there is no a good way to validate users. I think you would agree that for now it comes down to two choices: 1. Focus on convenience, let security slack a little or 2. Focus on security, and tolerate some inconvenience. W3C, please do something!! On Fri, 2005-07-08 at 14:53 -0400, Michael Caplan wrote: I just was reading a thread on the PHPSEC list, where one of the developers of FUD Forums was (Ilia) was mentioning his experience with AOL users. He claims that IPs can change as frequently as every request to the server. I've also noted similar (but not as drastic) effects. IPs are really not a good fingerprint for a user, unless you are fine with invalidating users on a frequent basis Michael -Original Message- From: Ezra Nugroho [mailto:[EMAIL PROTECTED] Sent: Friday, July 08, 2005 11:49 AM To: Michael Caplan Subject: RE: [PHP] Re: Security, Late Nights and Overall Paranoia True, but it's better than nothing. IP doesn't change that often, maybe at worst once every hour. Sensitive cookies should not live that long anyway. It's not a great solution, but it's something. On Fri, 2005-07-08 at 14:41 -0400, Michael Caplan wrote: IPs are unreliable. An ip will change frequently if a user travels through a proxy pool, like AOL users, or just about any user from a large ISP. Michael -Original Message- From: Ezra Nugroho [mailto:[EMAIL PROTECTED] Sent: Friday, July 08, 2005 11:25 AM To: Edward Vermillion Cc: php Lists Subject: Re: [PHP] Re: Security, Late Nights and Overall Paranoia Here is one security measure that you HAVE to do if you allow people to submit contents to your site. 1. track client's IP. 2. Associate sensitive cookies with the IP, if they don't match, ignore it or invalidate the cookie. We may not stop the information redirection. We can make the information invalid. Regards, Ezra On Fri, 2005-07-08 at 12:31 -0500, Edward Vermillion wrote: On Jul 8, 2005, at 12:02 PM, Ezra Nugroho wrote: I am just wondering, how could someone craft an html to steal cookies? If your cookie distribution is done right, I don't think you need to worry about this. That's what XSS is all about. I don't have the link handy but I do have a PDF file that I found a while back that explains how this happens, and to tell the truth, it scared the s*** outa me. To the point that I really don't trust any online commerce, although I do still use it, just as I still give the waitress/waiter my credit card at a restaurant, even though I know that's where most of the identity theft/stolen CC numbers comes from. There are a gazillion of sites (CMS-based, wiki-based, etc, including php.net) that allow users to contribute html. They are not concern about security of data delivery. Yeah I know... :P I think, page breaking html is more prominent issue, which you could eliminate with BBcode or wiki language. Perhaps you are being a little paranoid? Or do I miss something? So yeah, I'm being paranoid but I'm also trying to cover as many bases as I can and yet still provide some decent functionality. Edward Vermillion [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php CONFIDENTIALITY NOTICE This message contains confidential information intended only for the use of the individual or entity named as recipient. Any dissemination, distribution or copying of this communication by anyone other than the intended recipient is strictly prohibited. If you have received this message in error, please immediately notify us and delete your copy. Thank you. AVIS DE CONFIDENTIALITÉ Les informations contenues aux présentes sont de nature privilégiée et confidentielle. Elles ne peuvent être utilisées que par la personne ou l'entité dont le nom paraît comme destinataire. Si le lecteur du présent message n'est pas le destinataire prévu, il est par les présentes prié de noter qu'il est strictement interdit de divulguer, de distribuer ou de copier ce message. Si ce message vous a été transmis par mégarde, veuillez nous en aviser immédiatement et supprimer votre copie. Merci. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file function
Well, it supposed to give you array. http://us2.php.net/manual/en/function.file.php array file ( string filename [, int use_include_path [, resource context]] ) What do you want exactly? Ezra On Fri, 2005-07-08 at 16:34 -0700, Joseph Lee wrote: Hi, I tried file() in the following lines: ?php $authFile = file(/tmp/authenticate.txt); print authFile = $authFile; ? However, it only gave me authFile = Array What's wrong with this file function? I tried single quotes, but got the same answer, too. Thanks, Joe Sell on Yahoo! Auctions – no fees. Bid on great items. http://auctions.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Best PHP CMS
Also look at http://www.caravelcms.org Quoting Matt Schroebel [EMAIL PROTECTED]: -Original Message- From: Anthony [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 9:52 AM To: [EMAIL PROTECTED] Subject: [PHP] Best PHP CMS I'm just looking for some opinions. I've been going though sourceforge looking at different CMS systems. There are a lot of really good CMS projects out there. I'm looking for some opinions on the best ones out there. I'm obviously looking at something PHP based and using mySQL backend. Some of the features that I'd like are an easy template implementation, blog features, media gallery and something that's easy to build custom modules to add features. So far I'm looking at about 6 CMS systems, I like certain things in each of them. so what's your opinion. I've looked at these: http://www.midgard-project.org/ Midgard looked good but I couldn't get the admin to work right, and it requires php-4.2.2 or lower (which drove me a little nuts at first). It's optimized for php as it's functions are written in C and become built in php functions with --with-midgard, plus it has a mod_midgard to link into apache. Midgard allows lots of customization and you could place php code just about anywhere. Runs on *nix only and requires access to add modules to php and apache. http://www.tikiwiki.org/ TikiWiki had lots of cool features. It looked to me to be more suitable for a community CMS (baseball team etc) rather than a general CMS. All php. http://www.geeklog.net/ There's also GeekLog, with a similar community slant as TikiWiki, and it was reviewed in last months php-architect magazine. All php. http://www.typo3.org I agree with what Nick Tabbet said. Of these 4 CMSs, this one has the most refined user interface, and most general purpose features. It's written in all object oriented php and will easily install on an ISP hosted system. Quick setup 1-2-3, and your ready to go. It does have a long learning curve, but anything complex does. Since it's all OO, has it's own TypoScript code to design content and big, it will really benefit if run with a php accelerator to cache the intermediate code. Has good tutorial for getting started, and another good intro to it's templates. It's more for small to mid-sized sites, as anything larger should be written in native C, C++, etc. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php - This mail sent through IMP: http://horde.org/imp/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] query to Active Directory
This one is really puzzling... It has taken me days.. I need to do an LDAP search to an Active Directory server. I was able to connect and bind to the server fine, but my searches are always in vain. OK, here we go: box name: mydomain-71.mydomain.myschools.org domain name: mydomain.myschools.org user to search: [EMAIL PROTECTED] (names and and passwords are of course ficticious) my code: ? $user_dn = [EMAIL PROTECTED]; $base_dn = dc=mydomain,dc=myschools,dc=org; $server = mydomain-71.mydomain.myschools.org; echo $conn = ldap_connect($server); echo AUTH: . $bind = ldap_bind($conn, $user_dn,password); $user = ez; $filter = (|(name=$name*)(displayname=$name*)(cn=$name*)); $res = ldap_search($conn,$base_dn,$filter); $info = ldap_get_entries($conn, $res); print_r($info); ? it gives me: Resource id #1 AUTH: 1 Warning: LDAP: Unable to perform the search: can't contact LDAP server in ldap_test.php on line 16 Warning: ldap_get_entres(): supplied argument is not a valid ldap result resource blah blah... Now, I was able to connect and authenticate to it, but why ldap_search() says that I can't connect to it? If I change $base_dn to dc=mydomain-71,dc=mydomain,dc=myschools,dc=org; The error message is changed to : Unable to perform the search: No such object in ldap_test.php on line 16. It doesn't complain about not being able to connect anymore! But of course the search fails because the domain really is only mydomain.myschools.org. What on earth did I do wrong?? Thanks, - This mail sent through IMP: http://horde.org/imp/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php-4.3.0 and wu-imap failed to compile
I tried to install php-4.3.0 with imap-2001a-10, imap-devel-2001a-10 from RH 7.3 Of course I added --with-imap --with-imap-ssl, among other things. These came out when I did make. /php /usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libc-client.a(osdep.o): In function `ssl_onceonlyinit': /usr/src/build/90147-i386/BUILD/imap-2001a/c-client/osdep.c:286: the use of `tmpnam' is dangerous, better use `mkstemp' ext/mysql/libmysql/my_tempnam.lo: In function `my_tempnam': /usr/src/php-4.3.0/ext/mysql/libmysql/my_tempnam.c:103: the use of `tempnam' is dangerous, better use `mkstemp' Is there a newer wu-imap package that works with php-4.3.0 ? Did I do something wrong? I compiled php-4.2.3 with the same configuration, and it worked fine. Thanks, - This mail sent through IMP: http://horde.org/imp/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] apache + php + MS active directory
Now, this is a rather unlikely configuration, but ... I am working on a linux based web work based on apache and php, but the authentication system on site is based on MS active directory. Does anyone know if apache + php can be configured to authenticate users through active directory? Is it possible to write htaccess files that queries MS active directory? Can we treat MS active directory just like any other LDAP, i.e. is it LDAP V2 compliant? I value any response. Thanks, -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php command line
I was trying to compile php command line and got some problem. Maybe some of you can help. version: 4.1.2 I did: ./configure --with-ldap --with-oracle --with-oci8 --with-mysql=/usr/src/mysql-3.23.43-pc-linux-gnu-i686 --enable-track-vars --disable-debug --prefix=/usr/local/apache/php --with-config-file-path=/usr/local/apache/lib --with-gd when tested, it gave: Failed loading /usr/local/apache/libexec/ZendOptimizer.so: /usr/local/apache/libexec/ZendOptimizer.so: cannot open shared object file: No such file or directory I couldn't find ZendOptimizer.so anywhere. Any clue? Thanks, Ezra Nugroho Web/Database Application Specialist Goshen College Information Technology Services Phone: (574) 535-7706 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php 4.1.1 vs 4.0.6
Guys, I need to upgrade a server with 4.0.3 server because of some new ldap features that I need. I am deciding between 4.0.6 and 4.1.1 (or maybe 4.1.2 if it's comming soon). I heard that there is some significant difference between 4.0.x and 4.1.x What is the main difference between 4.0.6 and 4.1.1 ? Are the 4.1.x completely backward compatible with 4.0.x? Thanks, Ezra Nugroho Web/Database Application Specialist Goshen College ITS Phone: (574) 535-7706 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] nimda, etc.
This is something you can use to slow down (even possibly to kill) code Red, Nimda scan etc. It's really interesting, good concept. http://www.hackbusters.net/LaBrea/ At 10:03 AM 9/22/2001 +0200, Alexander Skwar wrote: So sprach »Gaylen Fraley« am 2001-09-21 um 18:10:58 -0500 : Are you sure about that? I am trying his script and I just had an attack and I watched the traffic through my firewall software. It dropped off immediately, i.e. showed no activity. I was expecting to see somekind of a Sure, but you've got two Apache/PHP processes running for the sleep time. Now, imagine that 10,000 Nimda accesses happen at the same time. Alexander Skwar -- How to quote: http://learn.to/quote (german) http://quote.6x.to (english) Homepage: http://www.digitalprojects.com | http://www.iso-top.de iso-top.de - Die günstige Art an Linux Distributionen zu kommen Uptime: 2 days 20 hours 7 minutes -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] Ezra Nugroho Web/Database Application Specialist Goshen College ITS Phone: (219) 535-7706 Don't be humble, you're not that great. -- Golda Meir
[PHP] Re: new one is it ??
That's code red atack. Apache will be ok. At 10:27 PM 8/13/2001 +0800, Mark Lo wrote: 208.251.146.123 - - [13/Aug/2001:22:24:27 +0800] GET /default.ida?NNN N%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u%u00=a HTTP/1.0 400 333 - - - ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list Ezra Nugroho Web/Database Application Specialist Goshen College ITS Phone: (219) 535-7706 Don't be humble, you're not that great. -- Golda Meir -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Spot the difference?
I find the best way to learn PHP (and maybe anything) by doing it. Pick up a project and do it. Consult www.php.net for any problem. If you can't find it there, then you have earn a legitimate reason to send something in this list. At 10:15 AM 8/6/2001 +0200, B. van Ouwerkerk wrote: At 22:54 5-8-01 -0700, Kyle Smith wrote: ok, umm... you got that in pence cause im english just kiddin so what resources did you use to learn php? I think people already told you how and where to obtain the information you want. www.php.net and www.devshed.com would be a good start.. Bye, B. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] Ezra Nugroho Web/Database Application Specialist Goshen College ITS Phone: (219) 535-7706 Don't be humble, you're not that great. -- Golda Meir -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Spot the difference?
Thanks for the info, I am a PHP developer who will have to maintain some outsourced (darned) ASP codes. For all ASP converts who are currently converting, look at http://asp2php.naken.cc/ At 04:18 PM 8/2/2001 -0400, [EMAIL PROTECTED] wrote: Hokay, my 2p... I'm a (former) ASP programmer who just made the leap from ASP to PHP about 2 weeks ago. A week ago I got my entire web-portal recoded to use PHP, a move that experience tells me can't be done as quickly and easily with ASP. All religious arguments aside, one must admit that (1) PHP is well documented and VBScript isn't (period); (2) PHP has many more USEFUL functions built-in that are already debugged and working; (3) the examples one finds on php.net, phpbuilder.net, or any other knowledge base actually WORK and are usually pretty clear; (4) there is absolutely no question that PHP's notion of security is truly secure, 100% in diametric opposition to IIS/ASP. I've tested that to destruction and am confident enough in it to release PHP as an alternative language for my web-hosting customers. I cannot repose the same confidence in ASP--even less confidence when Front Page extensions are wrapped around it. Note that I have never released ASP as an alternative language for my customers and given its documentation and security shortcomings, it's not likely to happen. Mind, I've used ASP for several years and am (unfortunately) intimately familiar with its shortcomings. Many of the string-manipulation functions inherent in PHP must be provided by third parties (like Vantage Point PowerStrings http://www.vpsoft.com) in order to do some tricky URL or input-cleaning routines. I challenge anyone to use M$'s mail objects with the same degree of security and reliability. Try and find real docs on VBScript -- there aren't any with any substance. M$'s site is useless as are the examples they give (which, by the way, NEVER work as demonstrated). M$ should be taking notes from php.net on how to present and maintain documentation. Now, if a paying customer insists that I do work for them using ASP, of course that's what I'll use. But I strongly advise against it now, given the points above. With only a couple of weeks of PHP under my belt, I'm still confident enough in the language itself and the documentation around it that I will be able to do any web job that comes along. I might have to have the manual at my side a bit longer, but as time goes on I find I refer to it less and less. All in all, a very natural succession of events. Guess that was more than two cents...keep the change :-) Bill -Original Message- From: Matthew Loff [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 02, 2001 4:00 PM To: [EMAIL PROTECTED] Subject: RE: [PHP] Spot the difference? I much prefer PHP, obviously... But posting to a PHP list isn't going to get you a very objective answer. I find PHP more versatile and easy to use, but an ASP programmer may tell you the same thing about ASP. Also-- try looking stuff up for yourself sometimes... I realize you're new to PHP, but at last count, you've sent 46 e-mails to this list in the past 10 days... 99% of your questions could be answered by going to the PHP manual, www.phpbuilder.net, or any of the FAQs that have been posted to this list in the past few days. -Original Message- From: Kyle Smith [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 02, 2001 8:42 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] Spot the difference? Well which is easier to program? -lk6- http://www.StupeedStudios.f2s.com Home of the burning lego man! ICQ: 115852509 MSN: [EMAIL PROTECTED] AIM: legokiller666 - Original Message - From: scott [gts] [EMAIL PROTECTED] To: php [EMAIL PROTECTED] Sent: Thursday, August 02, 2001 8:45 AM Subject: RE: [PHP] Spot the difference? ASP is basically like PHP, only it uses a VB-based language instead of perl/c-based one. which means it sucks - vb is evil. -Original Message- From: Jon Yaggie [mailto:[EMAIL PROTECTED]] Subject: Re: [PHP] Spot the difference? isnt this fact a good enough reason to believe it worthless??? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] Ezra Nugroho Web/Database Application Specialist Goshen College ITS Phone: (219) 535-7706 Don't be humble, you're not that great. -- Golda Meir -- PHP General Mailing List (http://www.php.net
Re: [PHP] Sorry... but a good PHP editor for Linux/Unix
joe It's a clone of the good old day dos WordStar. Very light, and once you master the hot keys, very fast. Much stronger than pico, but still very light. At 10:22 AM 8/1/2001 -0500, Sheridan Saint-Michel wrote: If you are working by SSH I would suggest going ahead and taking the time to read the manual and use vim. There is more documentation on vim then you will probably ever need here http://www.vim.org/docs.html Sheridan Saint-Michel Website Administrator FoxJet, an ITW Company www.foxjet.com - Original Message - From: Augusto Cesar Castoldi [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 31, 2001 9:07 PM Subject: [PHP] Sorry... but a good PHP editor for Linux/Unix Sorry about talking about this subject, but a really wanna know if any one nows a good editor for linux/unix. Sometimes I need to work by SSH and I have to use the program pico. I can't use vi, to use it, i'll need to see the manual!! thanks, Augusto -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] Ezra Nugroho Web/Database Application Specialist Goshen College ITS Phone: (219) 535-7706 Don't be humble, you're not that great. -- Golda Meir -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Attitude of B van Ouwerkerk
I don't think this is just crap. Not everyone keeps up with the manual (too bad) and sending stuff to the list is just the convenient thing do. As the list grows, there will always be new newbies, there will be questions that have been asked before. Long term users might get annoyed. I think what we should do is to respond to this kind of questions by just refering to the documentation, not more. So we don't spoil the newbies, but also we don't need to bash them arround. At 08:29 PM 7/31/2001 -0700, Kyle Smith wrote: ok just cut the crap now and get back to whats really important, helping people!!! -lk6- http://www.StupeedStudios.f2s.com New address new site ICQ: 115852509 MSN: [EMAIL PROTECTED] AIM: legokiller666 - Original Message - From: Johnson, Kirk [EMAIL PROTECTED] To: php [EMAIL PROTECTED] Sent: Tuesday, July 31, 2001 12:17 PM Subject: RE: [PHP] Attitude of B van Ouwerkerk Not for this list specifically, and not as well used as it might be ;) http://www.php.net/manual/en/faq.php Kirk what is up with a faq for this list? is there one? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] Ezra Nugroho Web/Database Application Specialist Goshen College ITS Phone: (219) 535-7706 Don't be humble, you're not that great. -- Golda Meir -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] HTTP_REFERER is missing in SSL
I have a frameset that runs on a SSL enabled server that has two frames in it. One of the source is the local machine and the other one is a (outsourced asp !!) script in another machine without SSL. The non SSL one requires HTTP_REFERER to make sure it was hit from the authorized server. This works fine with Netscape but not with IE 5. HTTP_REFERER just wasn't defined. Any explanation? Ezra Nugroho Web/Database Application Specialist Goshen College ITS Phone: (219) 535-7706 Don't be humble, you're not that great. -- Golda Meir -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] HTTP_REFERER is missing in SSL
Bug in IE? PHP doesn't even enter the picture here. The HTTP_REFERER variable is defined by the web server if that information is provided by the browser. No, it's not really a PHP thing, it's more HTML stuff. I suspect that the error comes because one of the server is not running SSL, so IE doesn't pass HTTP_REFERER to it. I wonder if someone has any authoritative knowledge on this problem. Keep in mind that there is absolutely no guarantee that the browser will ever provide this information. Building anything that relies on this is a mistake. Yeah, I know, but this is an outsourced script that I have no controll off. -Rasmus Ezra Nugroho Web/Database Application Specialist Goshen College ITS Phone: (219) 535-7706 Don't be humble, you're not that great. -- Golda Meir -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
