php-general Digest 20 Mar 2003 11:16:47 -0000 Issue 1949
Topics (messages 140359 through 140415):
Re: Zero Fill -> Number Format
140359 by: Mike Brum
140360 by: Kevin Waterson
Re: Anybody have any thoughts on Smarty?
140361 by: Dennis Gearon
imap trouble
140362 by: Niklas Saers Mailinglistaccount
Mac IE File download problem - any solutions?
140363 by: Daniel Leighton
Re: Zip Way of life.
140364 by: David T-G
Dynamic variables (with method=post)
140365 by: Fabio Bot
140391 by: John W. Holmes
Re: PHP and IIS - More info
140366 by: Beauford.2002
Eliminating space between HR and Image
140367 by: Andre Dubuc
140369 by: Leif K-Brooks
140370 by: Michiel van Heusden
140371 by: Richard Whitney
140372 by: Andre Dubuc
140373 by: Andre Dubuc
140375 by: Leif K-Brooks
Cleaning user data
140368 by: rotsky
140377 by: Pete James
140390 by: John W. Holmes
140394 by: olinux
140395 by: Justin French
140396 by: John W. Holmes
140397 by: Justin French
140398 by: Chris Shiflett
140411 by: rotsky
convert VARCHAR 10 to DATETIME
140374 by: freaky deaky
140378 by: Pete James
140387 by: John W. Holmes
140393 by: freaky deaky
imap problem
140376 by: Niklas Saers Mailinglistaccount
session variables
140379 by: Pag
140381 by: daniel
Re: - IIS - More info
140380 by: Beauford.2002
dynamically splitting a paragraph for a preview of content
140382 by: daniel
PHP and file extensions
140383 by: Beauford.2002
140409 by: Chris Hewitt
Help with sum of items
140384 by: Jim Greene
Apache + PHP - when using as module, can one have PHPs run as
140385 by: ADFH
140410 by: Chris Hewitt
strip single quotes
140386 by: Daniel McCullough
140388 by: Martin Towell
140389 by: John W. Holmes
Re: Date Conversion
140392 by: John W. Holmes
test for associative or numerically indexed array
140399 by: cpaul
140400 by: Chris Shiflett
140404 by: cpaul
140405 by: Ernest E Vogelsinger
140408 by: cpaul
140412 by: Ernest E Vogelsinger
140414 by: cpaul
Re: Parse Error
140401 by: Manjunath H N
persistent of LDAP connections across invocations?
140402 by: Scott McDermott
Making tree menu
140403 by: Daniel Harik
Re: [PHP-DB] Making tree menu
140406 by: olinux
Favor from gurus
140407 by: Dennis Gearon
Srange error
140413 by: shaun
Re: Passing variable from webpage to php (newbie?)
140415 by: Bobby Rahman
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
This is what I did for a dynamic zero-fill for renaming batches of files:
// Get "Zero Padding" For New Image Names
$zero_padding = strlen(count($image_array));
foreach($image_array as $temp){
$n++;
$n_length = strlen($n);
for($i = 0; $i < ($zero_padding - $n_length); $i++){
$n = "0" . $n;
}
$new_name = $image_inbox . "/" . $newName . "-" . $n . ".jpg";
rename("$image_inbox/$temp", $new_name);
}
I'm not sure if this will be applicable to your situation, but it works
perfectly for me since it will zero-fill for any length of numbers and pad
the shorter numbers appropriately.
-M
-----Original Message-----
From: Harry.de [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 19, 2003 6:09 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Zero Fill -> Number Format
How can I put out a Zero Fill for numbers
The result should be
$something=26;
echo $something;
e.g.
0000026
I didn't found a solution with number format. Is there any other way?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
This one time, at band camp,
"Harry.de" <[EMAIL PROTECTED]> wrote:
> How can I put out a Zero Fill for numbers
> The result should be
>
> $something=26;
print str_pad($something, 7, "0", STR_PAD_LEFT);
Kevin
______
(_____ \
_____) ) ____ ____ ____ ____
| ____/ / _ ) / _ | / ___) / _ )
| | ( (/ / ( ( | |( (___ ( (/ /
|_| \____) \_||_| \____) \____)
Kevin Waterson
Port Macquarie, Australia
--- End Message ---
--- Begin Message ---
Smarty is very wonderful. If both the coder and the designer work
together, layout and code logic can be completely separate.
I am doing a form for entering in about 25 fields. As long as the
template the designer comes up with has:
The required form variables,
and template variables to put success/failure notices up,
I don't have to know anything about colors, css, layout, fonts, mostly
don't have to know about graphics,etc. It might get a little more
involved in multi language sites, however.
My form has two versions, a submit template, and a approve template.
After sanitizing the input rigorously, the user may not like what I will
be submitting. So I send all the values I've cleaned to him/her in a
text layout (up to the designer) and a hidden form contains the same
values. The template variables are just duplicated in both those places,
so I get back what they see and approve. I've also added a md5 hash with
a page local salt so that I can test if they have alterered what I've
sent them to be approved. And I filter it again anyways before checking
the hash.
so when the form comes back, the submit button has a value of 'approve'
and I check the hash, and store it in the database.
I never have to know what it looks like. It's a little good to know what
order the user is presented the fields, because they can fix the errors
in order as I parse them. It's not necessary though, just good practice.
My designer is awesome too.
We both get to do what we want and we enjoy it a LOT.
--- End Message ---
--- Begin Message ---
Hi,
I'm running FreeBSD 4.8RC, c-client 2002, imap-uw 2002 and PHP 4.3.1
(tried a couple of other versions, but they give me the same error).
Whenever I use imap_open() to localhost, I get the following error:
Mar 20 00:20:29 doriath imapd[43632]: Command stream end of file, while reading line
user=??? host=localhost.saers.com [127.0.0.1]
How can I make it connect correctly? I've recompiled it about a zillion
times. LookOut!, Evolution, Mac Mail works just fine, and I can even
telnet in and do a good mail session through pop3. But trying pop3 through
imap_open() gives the same error. The error is the same for imap, imaps,
and pop3.
Cheers
Nik
--- End Message ---
--- Begin Message ---
I know this has been addressed before, but I'm wondering if anyone has ever found a
solution.
The code:
header('Content-Type: application/octet-stream');
header('Content-Length: '. filesize($file_info['full_file_path']));
header('Content-Disposition: attachment; filename="' .
$file_info['filename'] . '"');
header('Connection: close');
readfile($file_info['full_file_path']);
The problem: When downloading certain files on a Mac using IE 5.x, files are
displayed within a browser window instead of downloading. This seems to occur mostly
with quicktime files (.mov, .mp3). Some quicktime files work, while others with the
same extension do not. BTW, after doing some research I changed this:
header('Content-Disposition: attachment; filename="' .
$file_info['filename'] . '"');
to this:
header('Content-Disposition: filename="' .
$file_info['filename'] . '"');
but it did not help. I've also tried several other iterations of the above to no
avail.
Problem #2: if I change the first header to:
header('Content-Type: application/force-download');
a save-as dialog box comes up, but it does not carry-through the file name of the file
being downloaded - instead it sets the default file name to the name of the script
that's being executed (i.e. download_file.php).
Any help is, as always, greatly appreciated.
--
Daniel Leighton
Chief Technology Officer
Webolution
http://www.webolution.com
This email may contain material that is confidential and privileged for the
sole use of the intended recipient. Any review, reliance or distribution
by others or forwarding without express permission is strictly prohibited.
If you are not the intended recipient, please contact the sender and delete
all copies.
--- End Message ---
--- Begin Message ---
Vincent --
...and then Vincent M. said...
%
% David T-G wrote:
% >
% >...and then Vincent M. said...
% >%
...
% >% No, it works with .zip files too, I just don't know how to manage it :-(
% >
...
% >AFAIK gunzip can unzip an archive containing a single file, but if you
% >have more than one in there then you need to use an actual unzip tool
...
%
% Yes but gunzip does not work when there are more than one file in the
Right. That's exactly what I said. Is there still any confusion?
% zip file and unzip is not installed by on Unix servers. :-(
So go and get your own copy and put it on!
HTH & HAND
:-D
--
David T-G * There is too much animal courage in
(play) [EMAIL PROTECTED] * society and not sufficient moral courage.
(work) [EMAIL PROTECTED] -- Mary Baker Eddy, "Science and Health"
http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
pgp00000.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Hi,
How do i receive dynamic variables with POST ?
Please, see the code fragment.
$ped_item = mysql_result($result, $j, 0);
<form name=form_$ped_item method=post action=pedido.php>
<input type=hidden name=upd_item value='$ped_item'>
<input type=text size=7 maxlength=7 value=$ped_qtde
name=quantidade$ped_item>
</form>
"upd_item" was usually received.
How do i receive "quantidade$ped_item" ?
I have tried:
$p1 = $_POST['upd_item']; // this is OK !
$p2 = $_POST['quantidade$upd_item']; // this doesn't work !
Thanks,
Fabio.
--- End Message ---
--- Begin Message ---
> How do i receive dynamic variables with POST ?
> Please, see the code fragment.
>
> $ped_item = mysql_result($result, $j, 0);
>
> <form name=form_$ped_item method=post action=pedido.php>
> <input type=hidden name=upd_item value='$ped_item'>
> <input type=text size=7 maxlength=7 value=$ped_qtde
> name=quantidade$ped_item>
> </form>
>
>
> "upd_item" was usually received.
> How do i receive "quantidade$ped_item" ?
>
> I have tried:
>
> $p1 = $_POST['upd_item']; // this is OK !
> $p2 = $_POST['quantidade$upd_item']; // this doesn't work !
I guess it would be
$p2 = $_POST['quantidade'.$p1];
if I'm reading correctly...
---John W. Holmes...
PHP Architect - A monthly magazine for PHP Professionals. Get your copy
today. http://www.phparch.com/
--- End Message ---
--- Begin Message ---
PHP and MySQL, which I am using in this project are the same on all three
platforms - the only difference is IIS - which is why I think it is a IIS
problem.
Problems, Problems.......
----- Original Message -----
From: "Chris Hewitt" <[EMAIL PROTECTED]>
To: "'PHP General'" <[EMAIL PROTECTED]>
Sent: Wednesday, March 19, 2003 2:40 PM
Subject: Re: [PHP] PHP and IIS - More info
> Beauford.2002 wrote:
>
> >Further note that it is not just this script, but many PHP scripts that I
> >run on IIS - they all work perfectly on Apache (on Windows and Linux)..
> >
> As well as configuration differences it could be different versions of
> php. Modern ones expect $_SERVER for example. I might like to blame IIS
> for a lot of things, but I think you will probably find its not.
>
> HTH
> Chris
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
Hi,
I've added an animated gif in the banner area of my site, and just above it,
a horizontal rule to give added emphasis. The problem is, no matter what I
do, I cannot get rid of an extra space that appears between the two. Is this
a natural function? Is there some way of eliminating the space?
The code:
<?php
. . . .
<div class="banner">
<hr align="left" size="8" width="1000" style="background: #9a3e2b;">
<img src="icr.gif" height="100" width="1000">
</div>
. . .
?>
CSS code:
div.banner {
position: absolute;
top: 0px;
left: 1%;
}
I will be grateful for any ideas or advice on how to fix this.
Tia,
Andre
--- End Message ---
--- Begin Message ---
What the heck does this have to do with PHP?!
Andre Dubuc wrote:
Hi,
I've added an animated gif in the banner area of my site, and just above it,
a horizontal rule to give added emphasis. The problem is, no matter what I
do, I cannot get rid of an extra space that appears between the two. Is this
a natural function? Is there some way of eliminating the space?
The code:
<?php
. . . .
<div class="banner">
<hr align="left" size="8" width="1000" style="background: #9a3e2b;">
<img src="icr.gif" height="100" width="1000">
</div>
. . .
?>
CSS code:
div.banner {
position: absolute;
top: 0px;
left: 1%;
}
I will be grateful for any ideas or advice on how to fix this.
Tia,
Andre
--
The above message is encrypted with double rot13 encoding. Any unauthorized attempt
to decrypt it will be prosecuted to the full extent of the law.
--- End Message ---
--- Begin Message ---
this is an HTML-problem, not php..but anyway
i have no clue why the extra space would appear,
but I'd try to add absolute positiong to the HR and IMAGE as well, that
should solve the problem
like:
<style type="text/css">
<!--
hr {
position: absolute;
top: 0px;
}
img {
position: absolute;
top: 8px;
}
-->
</style>
grace
michiel
"Andre Dubuc" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hi,
>
> I've added an animated gif in the banner area of my site, and just above
it,
> a horizontal rule to give added emphasis. The problem is, no matter what I
> do, I cannot get rid of an extra space that appears between the two. Is
this
> a natural function? Is there some way of eliminating the space?
>
> The code:
>
> <?php
> . . . .
> <div class="banner">
> <hr align="left" size="8" width="1000" style="background: #9a3e2b;">
> <img src="icr.gif" height="100" width="1000">
> </div>
> . . .
> ?>
>
> CSS code:
>
> div.banner {
> position: absolute;
> top: 0px;
> left: 1%;
> }
>
> I will be grateful for any ideas or advice on how to fix this.
> Tia,
> Andre
--- End Message ---
--- Begin Message ---
Here is your code:
First, make a one pixel png the color you want your HR
<img src="images/color.png" width=100% height=1><br>
<img src="images/yourbanner.gif" width=468 height=60>
Et, Voila!
Quoting Michiel van Heusden <[EMAIL PROTECTED]>:
### this is an HTML-problem, not php..but anyway
###
### i have no clue why the extra space would appear,
### but I'd try to add absolute positiong to the HR and IMAGE as well, that
### should solve the problem
###
### like:
### <style type="text/css">
### <!--
### hr {
### position: absolute;
### top: 0px;
### }
### img {
### position: absolute;
### top: 8px;
### }
### -->
### </style>
###
### grace
### michiel
###
###
### "Andre Dubuc" <[EMAIL PROTECTED]> wrote in message
### news:[EMAIL PROTECTED]
### > Hi,
### >
### > I've added an animated gif in the banner area of my site, and just
### above
### it,
### > a horizontal rule to give added emphasis. The problem is, no matter what
### I
### > do, I cannot get rid of an extra space that appears between the two. Is
### this
### > a natural function? Is there some way of eliminating the space?
### >
### > The code:
### >
### > <?php
### > . . . .
### > <div class="banner">
### > <hr align="left" size="8" width="1000" style="background: #9a3e2b;">
### > <img src="icr.gif" height="100" width="1000">
### > </div>
### > . . .
### > ?>
### >
### > CSS code:
### >
### > div.banner {
### > position: absolute;
### > top: 0px;
### > left: 1%;
### > }
### >
### > I will be grateful for any ideas or advice on how to fix this.
### > Tia,
### > Andre
###
###
###
### --
### PHP General Mailing List (http://www.php.net/)
### To unsubscribe, visit: http://www.php.net/unsub.php
###
###
--
Richard Whitney *
Transcend Development
Producing the next phase of your internet presence.
[EMAIL PROTECTED] *
http://xend.net *
602-971-2791
* * *
* * *__ * *
_/ \___ *
* / * \* *
*/ * * \
* */\_ |\
/ \_ / \
/ \____/ \
/ \
/ \
/ \
--- End Message ---
--- Begin Message ---
Thanks Michiel,
After sending the message, I realized that it was an html question -- I've
been so absorbed with coding, it all looks the same after a while. My
apologies to the list.
Thanks for the suggestion. I think it'll work. Otherwise, I'll leave it as
is. Thanks for taking the trouble to answer.
Reagrds and blessings,
Andre
On Wednesday 19 March 2003 07:31 pm, you wrote:
> this is an HTML-problem, not php..but anyway
>
> i have no clue why the extra space would appear,
> but I'd try to add absolute positiong to the HR and IMAGE as well, that
> should solve the problem
>
> like:
> <style type="text/css">
> <!--
> hr {
> position: absolute;
> top: 0px;
> }
> img {
> position: absolute;
> top: 8px;
> }
> -->
> </style>
>
> grace
> michiel
>
>
> "Andre Dubuc" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
>
> > Hi,
> >
> > I've added an animated gif in the banner area of my site, and just above
>
> it,
>
> > a horizontal rule to give added emphasis. The problem is, no matter what
> > I do, I cannot get rid of an extra space that appears between the two. Is
>
> this
>
> > a natural function? Is there some way of eliminating the space?
> >
> > The code:
> >
> > <?php
> > . . . .
> > <div class="banner">
> > <hr align="left" size="8" width="1000" style="background: #9a3e2b;">
> > <img src="icr.gif" height="100" width="1000">
> > </div>
> > . . .
> > ?>
> >
> > CSS code:
> >
> > div.banner {
> > position: absolute;
> > top: 0px;
> > left: 1%;
> > }
> >
> > I will be grateful for any ideas or advice on how to fix this.
> > Tia,
> > Andre
--- End Message ---
--- Begin Message ---
Thanks Richard,
The obvious escaped me.
Regards,
Andre
On Wednesday 19 March 2003 07:39 pm, you wrote:
> Here is your code:
>
> First, make a one pixel png the color you want your HR
>
> <img src="images/color.png" width=100% height=1><br>
> <img src="images/yourbanner.gif" width=468 height=60>
>
> Et, Voila!
>
>
> Quoting Michiel van Heusden <[EMAIL PROTECTED]>:
>
> ### this is an HTML-problem, not php..but anyway
> ###
> ### i have no clue why the extra space would appear,
> ### but I'd try to add absolute positiong to the HR and IMAGE as well, that
> ### should solve the problem
> ###
> ### like:
> ### <style type="text/css">
> ### <!--
> ### hr {
> ### position: absolute;
> ### top: 0px;
> ### }
> ### img {
> ### position: absolute;
> ### top: 8px;
> ### }
> ### -->
> ### </style>
> ###
> ### grace
> ### michiel
> ###
> ###
> ### "Andre Dubuc" <[EMAIL PROTECTED]> wrote in message
> ### news:[EMAIL PROTECTED]
> ### > Hi,
> ### >
> ### > I've added an animated gif in the banner area of my site, and just
> ### above
> ### it,
> ### > a horizontal rule to give added emphasis. The problem is, no matter
> what ### I
> ### > do, I cannot get rid of an extra space that appears between the two.
> Is ### this
> ### > a natural function? Is there some way of eliminating the space?
> ### >
> ### > The code:
> ### >
> ### > <?php
> ### > . . . .
> ### > <div class="banner">
> ### > <hr align="left" size="8" width="1000" style="background: #9a3e2b;">
> ### > <img src="icr.gif" height="100" width="1000">
> ### > </div>
> ### > . . .
> ### > ?>
> ### >
> ### > CSS code:
> ### >
> ### > div.banner {
> ### > position: absolute;
> ### > top: 0px;
> ### > left: 1%;
> ### > }
> ### >
> ### > I will be grateful for any ideas or advice on how to fix this.
> ### > Tia,
> ### > Andre
> ###
> ###
> ###
> ### --
> ### PHP General Mailing List (http://www.php.net/)
> ### To unsubscribe, visit: http://www.php.net/unsub.php
> ###
> ###
--- End Message ---
--- Begin Message ---
Maybe so, but all PHP does is output HTML to the browser. Your question
had nothing to do with PHP, and should be sent to an HTML list.
Andre Dubuc wrote:
About as much as your 'gentle' answer. Aside from this entry, everything is
PHP on my site. And sorry I forgot the print ".....";
--
The above message is encrypted with double rot13 encoding. Any unauthorized attempt
to decrypt it will be prosecuted to the full extent of the law.
--- End Message ---
--- Begin Message ---
I'd like to canvas opinions about what's needed to clean user input. I'm
using an HTML form where users enter simple things like name and phone
number, but also a couple of small text areas for address and a message (up
to 50 words or so).
How would people recommend cleaning this data when it's received (via
$_POST) in the next page? Some fields (like email) I can check against a
template using ereg(), but the text areas pose more of a problem. I assume
running strip_tags() might be a wise precaution, and maybe also
htmlentities(). Anything else?
I'd be interested to hear what other people do.
a+
Steve
--- End Message ---
--- Begin Message ---
It really depends on what you what to do with the data.
For instance, if you want to insert into a database, you'll want to run
addslashes() on it, or some other such quoting.
If you wnat to use the data as a forum post or comment, etc, you'll want
to strip the html out of it with strip_tags() or htmlentities() like you
mentioned
If you want to use the data in a command-line, you should run
escapeshellarg() or escapeshellcmd().
If you want to send an email to this person later based on the email
address they're providing, you may want to use checkdnsrr and a solid
regex to make sure that this email is reasonably valid.
There are any number ways to check a piece of user-submitted data. You
have to evaluate what it is you want to do with it, and at every stage
make every effort to ensure that it is what you think it is.
There is no such thing as safe data, just less-dangerous data.
HTH.
Pete.
rotsky wrote:
I'd like to canvas opinions about what's needed to clean user input. I'm
using an HTML form where users enter simple things like name and phone
number, but also a couple of small text areas for address and a message (up
to 50 words or so).
How would people recommend cleaning this data when it's received (via
$_POST) in the next page? Some fields (like email) I can check against a
template using ereg(), but the text areas pose more of a problem. I assume
running strip_tags() might be a wise precaution, and maybe also
htmlentities(). Anything else?
I'd be interested to hear what other people do.
a+
Steve
--- End Message ---
--- Begin Message ---
> I'd like to canvas opinions about what's needed to clean user input.
I'm
> using an HTML form where users enter simple things like name and phone
> number, but also a couple of small text areas for address and a
message
> (up
> to 50 words or so).
>
> How would people recommend cleaning this data when it's received (via
> $_POST) in the next page? Some fields (like email) I can check against
a
> template using ereg(), but the text areas pose more of a problem. I
assume
> running strip_tags() might be a wise precaution, and maybe also
> htmlentities(). Anything else?
For a textarea, apply htmlentities() before you save it in the database.
This will let you safely display it on a web page and re-display it in
another textarea for further editing.
If you need to use the data in an email or file, then only apply
htmlentities() when you display the data on a web page, not when you
save it in the database.
Bottom line, as you hopefully know, VALIDATE EVERYTHING!
---John W. Holmes...
PHP Architect - A monthly magazine for PHP Professionals. Get your copy
today. http://www.phparch.com/
--- End Message ---
--- Begin Message ---
You can also use basic functions like is_numeric() [to
make sure the value is numeric - duh] or a custom
function to do something like check for a valid email
address format.
I have a news site that explodes the URL to get values
for the directory/article it is supposed to display.
since the types of articles are limited, I just use an
array of these values and check that the piece that I
have matches one of them.
URL example /news/php/123.htm
$article_types = array("php", "javascript", "perl");
$url_array=explode("/",$_SERVER['REQUEST_URI']);
//BREAK UP THE URL PATH USING '/' as delimiter
$article_type = $url_array[2]; // "php"
$article_id = str_replace('.htm','',$url_array[3]);
// "123"
if ( (in_array($article_type, $article_types)) &&
is_numeric($article_id) )
{
... query for article and display ...
}
else
{
... display 404 error ...
}
> rotsky wrote:
> > I'd like to canvas opinions about what's needed to
> clean user input. I'm
> > using an HTML form where users enter simple things
> like name and phone
> > number, but also a couple of small text areas for
> address and a message (up
> > to 50 words or so).
> >
> > How would people recommend cleaning this data when
> it's received (via
> > $_POST) in the next page? Some fields (like email)
> I can check against a
> > template using ereg(), but the text areas pose
> more of a problem. I assume
> > running strip_tags() might be a wise precaution,
> and maybe also
> > htmlentities(). Anything else?
> >
> > I'd be interested to hear what other people do.
> >
> > a+
> > Steve
> >
> >
> >
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com
--- End Message ---
--- Begin Message ---
The first rule is to NEVER rely on anything that they give you, or any of
the security precautions in your form code, because someone can always creat
a less-secure form which posts to the same script.
So, whilst maxlength='4' for a year select thing is great, you should check
at the other end that
a) it is only four digits
b) it is_numeric()
TEXTAREA's don't even have a max length from memory, so if you want to limit
to n characters, that's easy using strlen() to check it, or substr() to chop
it.
For 50 words (as per your OP), you'd can check it with :
<?
$words = explode(' ', $_POST['about_me']);
if(count($words) > 50)
{
// error
}
else {
// good
}
?>
or chop it with
<?
$text = $_POST['about_me'];
$words = explode(' ', $text);
if(count($words) >= 50)
{
$text = '';
while($i=0;$i<=50,$i++)
{
$text .= "{$v} ";
}
$text .= "... [too long]";
}
echo $text;
?>
Untested, season to taste.
And yes, definitely striptags(), and follow the advice on the rest of the
thread.
BTW: Allowing some tags with striptags() offers are great security risk:
let's say you allow <b> tags -- then I can go:
<b onmouseover'javascript:window.close();'>hahahaha</b> -- not good!!
Justin
on 20/03/03 11:18 AM, rotsky ([EMAIL PROTECTED]) wrote:
> I'd like to canvas opinions about what's needed to clean user input. I'm
> using an HTML form where users enter simple things like name and phone
> number, but also a couple of small text areas for address and a message (up
> to 50 words or so).
>
> How would people recommend cleaning this data when it's received (via
> $_POST) in the next page? Some fields (like email) I can check against a
> template using ereg(), but the text areas pose more of a problem. I assume
> running strip_tags() might be a wise precaution, and maybe also
> htmlentities(). Anything else?
>
> I'd be interested to hear what other people do.
>
> a+
> Steve
>
>
--- End Message ---
--- Begin Message ---
> And yes, definitely striptags(), and follow the advice on the rest of
the
> thread.
I disagree. I think stripping HTML from my text is a horrible thing. If
I want to put a <b> in my text, then use htmlentities() and show me a
<b> when I look at it. Obviously you don't want to "evaluate" HTML, but
the end result should be that I should see exactly what I typed into the
text box.
If you need to allow formatted text, then use something like BBcode
where you can specify exactly what is allowed.
---John W. Holmes...
PHP Architect - A monthly magazine for PHP Professionals. Get your copy
today. http://www.phparch.com/
--- End Message ---
--- Begin Message ---
on 20/03/03 3:53 PM, John W. Holmes ([EMAIL PROTECTED]) wrote:
>> And yes, definitely striptags(), and follow the advice on the rest of
> the
>> thread.
>
> I disagree. I think stripping HTML from my text is a horrible thing. If
> I want to put a <b> in my text, then use htmlentities() and show me a
> <b> when I look at it. Obviously you don't want to "evaluate" HTML, but
> the end result should be that I should see exactly what I typed into the
> text box.
Depends if you want to allow formatting... I don't :)
I also haven't had the need to *display* HTML on any of my sites, so
stripping tags is what *I* do.
> If you need to allow formatted text, then use something like BBcode
> where you can specify exactly what is allowed.
Yes.
Justin
--- End Message ---
--- Begin Message ---
--- "John W. Holmes" <[EMAIL PROTECTED]> wrote:
> I disagree. I think stripping HTML from my text is a horrible thing. If
> I want to put a <b> in my text, then use htmlentities() and show me a
> <b> when I look at it. Obviously you don't want to "evaluate" HTML, but
> the end result should be that I should see exactly what I typed into the
> text box.
Excellent point.
> If you need to allow formatted text, then use something like BBcode
> where you can specify exactly what is allowed.
Maybe there is something I'm missing, but I have always hated these alternative
markup languages like "BBcode" that seem to offer no benefit over HTML. If you
want to allow the <b> tag to be evaluated, you can do something like this after
you use htmlentities():
$blah = str_replace('<b>', '<b>', $blah);
$blah = str_replace('</b>', '</b>', $blah);
Of course, if people want the <b> to appear exactly as they type it, they would
either have to use <b>, or you would have to let them choose an option as
to whether they want to use HTML (much like slash code does).
Chris
=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/
--- End Message ---
--- Begin Message ---
That's useful stuff, thanks - and thanks to other respondents.
My main concerns are to avoid junk in the database (and on-screen messages)
and to avoid dangerous and malicious postings, like the one Justin outlined
below (so I guess strip_tags is a major step there). What I have in mind,
then, is:
Use a foreach loop to run through all posted data and perform the following
on each item:
- strip_tags()
- trim()
I'll be saving this stuff to a database, so I'll keep htmlentities for the
display stage.
Also, on a field-by-field basis (depending on what it holds):
- check not empty
- check length
- check against allowable characters & formats
I'm still battling with the whole escaped characters business. My hosting
supplier has magic quotes turned on, so on the page that receives the data
from the form, I run the $_POST variables through stripslashes(). And yet
the slashes are still there - eg, in front of apostrophes. Perhaps they've
been escaped twice for some reason. I take them out because the data is
going to be POSTed again before being written to the database. I guess I
need to experiment more.
"Justin French" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
<snip>
> BTW: Allowing some tags with striptags() offers are great security risk:
>
> let's say you allow <b> tags -- then I can go:
>
> <b onmouseover'javascript:window.close();'>hahahaha</b> -- not good!!
<snip>
--- End Message ---
--- Begin Message ---
this question is not strictly php related, but i thought possibly someone on
this list might have dealt with this type of problem before.
i am exporting a database out of filemakerpro 5 as a comma delimited file, and
importing the data into a mysql database
most of the information transfer over ok, the one big problem i have is
filemaker's date/time format.
in the filemaker pro database, it looks like the timestamp is stored in the
format: M/DD/YYYY
mysql will not let me create a DATETIME field with X/XX/XXXX as the default
value. it automatically changes the default value to '0000-00-00'.
i will migrate the filemaker pro data, using VARCHAR 10 to store the timestamp
information, but there needs to be a way to go through every entry in this column,
convert a string such as
'M/DD/YYYY' to something compatible with mysql's DATETIME format.
the reason i'd like to convert the filemaker-generated 'M/DD/YYYY' timestamp string,
which would be stored as
VARCHAR in the db - to something like '0000-00-00' - is that i'd like to convert the
the data type of this field
from varchar 10 to DATETIME with a default value of 0000-00-00, so that any sql
queries searching through the
database by date will be compatible, as will any future entries that get tacked onto
this field in the database
after the migration from filemaker, which will be in DATETIME format
i don't know if this can be accomplished by php, or some other type of scripting
language. i'd like to avoid
having to manually edit the timestamp information if i can avoid it...
if anyone has any suggestions, i'd really appreciate it
thank you
--
______________________________________________
http://www.linuxmail.org/
Now with e-mail forwarding for only US$5.95/yr
Powered by Outblaze
--- End Message ---
--- Begin Message ---
Could you use a function like strtotime()?
freaky deaky wrote:
this question is not strictly php related, but i thought possibly someone on
this list might have dealt with this type of problem before.
i am exporting a database out of filemakerpro 5 as a comma delimited file, and
importing the data into a mysql database
most of the information transfer over ok, the one big problem i have is
filemaker's date/time format.
in the filemaker pro database, it looks like the timestamp is stored in the
format: M/DD/YYYY
mysql will not let me create a DATETIME field with X/XX/XXXX as the default
value. it automatically changes the default value to '0000-00-00'.
i will migrate the filemaker pro data, using VARCHAR 10 to store the timestamp
information, but there needs to be a way to go through every entry in this column, convert a string such as
'M/DD/YYYY' to something compatible with mysql's DATETIME format.
the reason i'd like to convert the filemaker-generated 'M/DD/YYYY' timestamp string, which would be stored as
VARCHAR in the db - to something like '0000-00-00' - is that i'd like to convert the the data type of this field
from varchar 10 to DATETIME with a default value of 0000-00-00, so that any sql queries searching through the
database by date will be compatible, as will any future entries that get tacked onto this field in the database
after the migration from filemaker, which will be in DATETIME format
i don't know if this can be accomplished by php, or some other type of scripting language. i'd like to avoid
having to manually edit the timestamp information if i can avoid it...
if anyone has any suggestions, i'd really appreciate it
thank you
--- End Message ---
--- Begin Message ---
> i am exporting a database out of filemakerpro 5 as a comma delimited
file,
> and
> importing the data into a mysql database
>
> most of the information transfer over ok, the one big problem i have
is
> filemaker's date/time format.
>
> in the filemaker pro database, it looks like the timestamp is stored
in
> the
> format: M/DD/YYYY
>
> mysql will not let me create a DATETIME field with X/XX/XXXX as the
> default
> value. it automatically changes the default value to '0000-00-00'.
>
> i will migrate the filemaker pro data, using VARCHAR 10 to store the
> timestamp
> information, but there needs to be a way to go through every entry in
this
> column, convert a string such as
> 'M/DD/YYYY' to something compatible with mysql's DATETIME format.
>
> the reason i'd like to convert the filemaker-generated 'M/DD/YYYY'
> timestamp string, which would be stored as
> VARCHAR in the db - to something like '0000-00-00' - is that i'd like
to
> convert the the data type of this field
> from varchar 10 to DATETIME with a default value of 0000-00-00, so
that
> any sql queries searching through the
> database by date will be compatible, as will any future entries that
get
> tacked onto this field in the database
> after the migration from filemaker, which will be in DATETIME format
If you want to do it strictly in SQL, then use MySQL's String functions
to pull apart the M/DD/YYYY date and format it into a valid MySQL Date.
If you can run the whole thing through PHP, you may be able to use
strtotime().
For the SQL solution, create a new column in your table that is a Date
type. We'll call it f_date for this example. The following query will
break apart the M/DD/YYYY and format it as YYYY/MM/DD, which is a format
MySQL will accept.
UPDATE table SET f_date = CONCAT(RIGHT(old_date,4), '/',
SUBSTRING_INDEX(old_date,'/',2));
Hope that helps.
---John W. Holmes...
PHP Architect - A monthly magazine for PHP Professionals. Get your copy
today. http://www.phparch.com/
--- End Message ---
--- Begin Message ---
thanks. this was the quickest way to accomplish the task
strtotime(); also works. both are useful to know...
----- Original Message -----
From: "John W. Holmes" <[EMAIL PROTECTED]>
Date: Wed, 19 Mar 2003 21:47:23 -0500
To: "'freaky deaky'" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
Subject: RE: [PHP] convert VARCHAR 10 to DATETIME
> > i am exporting a database out of filemakerpro 5 as a comma delimited
> file,
> > and
> > importing the data into a mysql database
> >
> > most of the information transfer over ok, the one big problem i have
> is
> > filemaker's date/time format.
> >
> > in the filemaker pro database, it looks like the timestamp is stored
> in
> > the
> > format: M/DD/YYYY
> >
> > mysql will not let me create a DATETIME field with X/XX/XXXX as the
> > default
> > value. it automatically changes the default value to '0000-00-00'.
> >
> > i will migrate the filemaker pro data, using VARCHAR 10 to store the
> > timestamp
> > information, but there needs to be a way to go through every entry in
> this
> > column, convert a string such as
> > 'M/DD/YYYY' to something compatible with mysql's DATETIME format.
> >
> > the reason i'd like to convert the filemaker-generated 'M/DD/YYYY'
> > timestamp string, which would be stored as
> > VARCHAR in the db - to something like '0000-00-00' - is that i'd like
> to
> > convert the the data type of this field
> > from varchar 10 to DATETIME with a default value of 0000-00-00, so
> that
> > any sql queries searching through the
> > database by date will be compatible, as will any future entries that
> get
> > tacked onto this field in the database
> > after the migration from filemaker, which will be in DATETIME format
>
> If you want to do it strictly in SQL, then use MySQL's String functions
> to pull apart the M/DD/YYYY date and format it into a valid MySQL Date.
>
> If you can run the whole thing through PHP, you may be able to use
> strtotime().
>
> For the SQL solution, create a new column in your table that is a Date
> type. We'll call it f_date for this example. The following query will
> break apart the M/DD/YYYY and format it as YYYY/MM/DD, which is a format
> MySQL will accept.
>
> UPDATE table SET f_date = CONCAT(RIGHT(old_date,4), '/',
> SUBSTRING_INDEX(old_date,'/',2));
>
> Hope that helps.
>
> ---John W. Holmes...
>
> PHP Architect - A monthly magazine for PHP Professionals. Get your copy
> today. http://www.phparch.com/
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
______________________________________________
http://www.linuxmail.org/
Now with e-mail forwarding for only US$5.95/yr
Powered by Outblaze
--- End Message ---
--- Begin Message ---
When contacting the imap-uw server I've built with plaintext and ssl
support, I get "Certificate failure for localhost: self signed
certificate: /C=NO/ST=Oslo/L=Oslo/O=religion.no/OU=religion.no/CN=doriath/CN=localhost"
when contacting it through php. How can I make php accept my certificate?
And if I cannot do this, how can I opt for plaintext passwords?
Cheers
Nik
--- End Message ---
--- Begin Message ---
HI,
Am trying to give controlled access to who logs in to my site. Have a
quick doubt:
I register a session var named $tu (value is taken from the DB) when a
user logs in, how can i reference to that var? I mean, if i want to check
its value, if i do print($tu);, it doesnt seem to work.
Thanks.
Pag
--- End Message ---
--- Begin Message ---
u have to start the session first then check with $_SESSION['tu'];
>===== Original Message From Pag <[EMAIL PROTECTED]> =====
> HI,
>
> Am trying to give controlled access to who logs in to my site. Have a
>quick doubt:
>
> I register a session var named $tu (value is taken from the DB) when a
>user logs in, how can i reference to that var? I mean, if i want to check
>its value, if i do print($tu);, it doesnt seem to work.
> Thanks.
>
> Pag
>
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
After many grueling hours of screwing around with this, it's working. Not
sure of the exact problem - but for those that want to know....I uninstalled
PHP and cleaned the registry of any remnents of PHP and then installed PHP
manually (instead of using the PHP installer). Then I had to tweak the
php.ini file to set the global variables and session data directory and add
a few extensions etc. A few things also had to be changed in the IIS
settings so it would recognize the php extension and a couple of other
things. After that IIS was restarted and voila - these scripts now work. So
it appears the problem was a combination of php and the way it was
installed, and a few settings in IIS that weren't there. I guess the PHP
installer doesn't do these things automatically.
Thanks to all those that replied, as some of your answers eventually lead to
me reinstalling PHP. If I was snarky to anyone, I also apologize as this was
out of frustration.....
B.
----- Original Message -----
From: "Diego Fulgueira" <[EMAIL PROTECTED]>
To: "PHP Windows" <[EMAIL PROTECTED]>; "PHP General"
<[EMAIL PROTECTED]>; "Beauford.2002" <[EMAIL PROTECTED]>
Sent: Wednesday, March 19, 2003 2:22 PM
Subject: [PHP] - IIS - More info
> Did you checked my last message? Was it helpful?
> PHP under Apache exposes diferent global variables than PHP under IIS. It
> will be impossible for you to correct your errors without changing your
> code. Run phpinfo() to see what variables are available under IIS.
>
> About session variables...
>
> I suggest you use the $_SESSION array instead of $HTTP_SESSION_VARS.
>
> Also, check your session_path (defined in php.ini, which should be under
> /WINNT). session_path should point to a directory where user IUSR_MYHOST
has
> writing permissions. There, you should see a file created for each
session.
> Open this file in notepad and you should find names of session variables
and
> their values. If all this is correct, check what session cookies is
sending
> your browser to the server (Netscape is very suitable for doing this).
> PHPSESSID should be one of them, if not, you are not registering your
> session correctly.
>
> Cheers.
>
>
>
> ----- Original Message -----
> From: "Beauford.2002" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; "'PHP General'"
<[EMAIL PROTECTED]>
> Sent: Wednesday, March 19, 2003 12:44 PM
> Subject: Re: [PHP] PHP and IIS - More info
>
>
> > Further note that it is not just this script, but many PHP scripts that
I
> > run on IIS - they all work perfectly on Apache (on Windows and Linux)..
> >
> > ----- Original Message -----
> > From: "John W. Holmes" <[EMAIL PROTECTED]>
> > To: "'Beauford.2002'" <[EMAIL PROTECTED]>; "'PHP General'"
> > <[EMAIL PROTECTED]>
> > Sent: Wednesday, March 19, 2003 12:21 PM
> > Subject: RE: [PHP] PHP and IIS - More info
> >
> >
> > > > These are some of the errors I am getting
> > > >
> > > > Notice: Undefined index: login in
> > > > C:\Inetpub\wwwroot\xxxx.xxxx.xxxx\login\checklogin.php on line 74
> > > >
> > > > and 75, and other similar errors.
> > > >
> > > > Line 74 is: $login = $HTTP_SESSION_VARS['login'];
> > > > Line 75 is: $password = $HTTP_SESSION_VARS['password'];
> > > >
> > > > Another one is: echo $HTTP_ENV_VARS["QUERY_STRING"];
> > >
> > > There is no 'login' or 'password' index in the $HTTP_SESSION_VARS
array.
> > > How are you registering these variables? Try using the new method with
> > > $_SERVER.
> > >
> > > ---John W. Holmes...
> > >
> > > PHP Architect - A monthly magazine for PHP Professionals. Get your
copy
> > > today. http://www.phparch.com/
> > >
> > >
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> > >
> > >
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
hi guys , i assumed i had this working but i stand corrected, it basically
will get the first dot in content which should denote a end of paragraph and
show that as a preview, although say i put g.w bush in it will split off there
which i dont want , is there a way i can do this with a paragraph that may
look like this
rweqijr riopjwrpioqwrj pqwrojrqwiopj rqwpjwrio oqrwqwriojwqijwroij. iojwrqioj
where the dot and space should denote a paragraph or
rweqijr riopjwrpioqwrj pqwrojrqwiopj rqwpjwrio oqrwqwriojwqijwroij ojwrqioj.
wejkqwqwpokwrop rqpokqwopr poqwrkp oqwrkw
where the newline should denote a pagraph, let me know thanks.
function create_caption($content,$max_length,$primaryID,$ID) {
if (strlen($content) > $max_length) {
$paragraph_i=".";
$position=strpos($content,$paragraph_i);
if (is_integer($position)) {
$preview=substr($content,0,$position);
$preview.=" [ <a
href=\"".$GLOBAL['PHP_SELF']."?".$primaryID."=".$ID."\">
More </a>]";
return $preview;
}
} else {
return $content;
}
}
--- End Message ---
--- Begin Message ---
Still working on this authentication script and have a small question. Each
page on the site needs to have one line of code on it so it can't be
accessed unless you log in - is there a way to have this line in an html
file without changing the extension to .php?
On the same note, there is a small script called Zoom Version 1.7.0 which is
a search engine that search's for content on your site, but the way they are
doing this alludes me. In the search.htm file there is a line -
<!--ZOOMSEARCH--> - which somehow inserts the results of your search. In the
results.php file this is the relevant code, but I'm not quite sure what's
going on here.
Any comments are appreciated.....
//Open and print start of result page template
$template = file ('search.htm');
$numtlines = count ($template); //Number of lines in the template
$line = 0;
while (! stristr ($template[$line], "<!--ZOOMSEARCH-->") && $line <
$numtlines) {
echo $template[$line];
$line++;
}
$line++; //Replace the key text <!--ZOOMSEARCH--> with the search result
--- End Message ---
--- Begin Message ---
Beauford.2002 wrote:
accessed unless you log in - is there a way to have this line in an html
file without changing the extension to .php?
Yes, but you need to tell Apache (in the AddType line in httpd.conf) to
parse all ".html" files with php. This has a performance implication for
ordinary ".html" files.
HTH
Chris
--- End Message ---
--- Begin Message ---
Hi All,
I have the following for data:
03/14/2003,09:56:17,PTLD-TC1-HARC1,Stop,63.164.60.116,200,jsmith,9,24
3,271,15,User Request,2072280717,2073369937,46666BPS
03/15/2003,09:56:17,PTLD-TC1-HARC1,Stop,63.164.60.116,200,jsmith,9,24
3,271,15,User Request,2072280717,2073369937,46666BPS
03/16/2003,09:56:17,PTLD-TC1-HARC1,Stop,63.164.60.116,200,jsmith,9,24
3,271,15,User Request,2072280717,2073369937,46666BPS
03/17/2003,09:56:17,PTLD-TC1-HARC1,Stop,63.164.60.116,200,jwgreene,9,24
3,271,15,User Request,2072280717,2073369937,46666BPS
What I need to do is the following:
Take the value of a specific entry (15 in the above data) and add each
instance so I have a total of all the entries... I am assuming that I
would take the line, split it, assign each item to a variable and then I
would be able to do something with a while statement, but I am not
really sure what in php. Any help would be appreciated. Thanks
Jim
--- End Message ---
--- Begin Message ---
specific user?
Message-Id: <[EMAIL PROTECTED]>
X-Newsreader: Sylpheed version 0.8.9 (GTK+ 1.2.10; i386-debian-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Tried posting this earlier - it wouldn't take..
Unmunged my email address hoping this might work..
--------------
Would it be true to say that the current Apache PHP module doesn't
support running PHP scripts as their owners, and that one has to use PHP
in CGI mode for this?
I use a well known PHP based messageboard on a website I run, and I want
to prevent non-root, non-me access to the file containing my database
password.
For a perl script, I'd just chmod it 700 with directory given perms 711
- but in PHP 4.3.2rc1, it seems that to reference a file by way of a
relative path, the script must be at least 644 and the directory it's in
755.
Any suggestions? Good references? Changes since
http://www.php.net/manual/en/security.apache.php ?
ADFH
--- End Message ---
--- Begin Message ---
ADFH wrote:
Would it be true to say that the current Apache PHP module doesn't
support running PHP scripts as their owners, and that one has to use PHP
in CGI mode for this?
PHP as an Apache module runs as the user that Apache runs as. Typically
"nobody" or "apache".
I use a well known PHP based messageboard on a website I run, and I want
to prevent non-root, non-me access to the file containing my database
password.
I suggest if a file then put it outside Apache's document root or use an
environment variable.
For a perl script, I'd just chmod it 700 with directory given perms 711
- but in PHP 4.3.2rc1, it seems that to reference a file by way of a
relative path, the script must be at least 644 and the directory it's in
755.
My older version of php is quite happy with 700 permissions, unless I've
got this wrong. The owner is the Apache user.
HTH
Chris
--- End Message ---
--- Begin Message ---
I'm trying to query the database using a string pulled out of the database
and compare and get the id. I can do it to a certain point and what kills
my query is single quotes. I CANNOT figure out how to escape it.
I DID THIS:
$address2 = str_replace("'", "", $address);
that worked on some, but not all.
$address = stripslashes($store['address']);
$address = str_replace("'", "", $address);
$address = htmlspecialchars($address);
$address = addslashes($address);
anyone
Some errors I have gotten back
"You have an error in your SQL syntax near 's Linen & Home'' at line 1"
and
"You have an error in your SQL syntax near 's 800 number.'' at line 1"
_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*
http://join.msn.com/?page=features/virus
--- End Message ---
--- Begin Message ---
try this
$address2 = str_replace("'", "''", $address)
-----Original Message-----
From: Daniel McCullough [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 20, 2003 1:48 PM
To: [EMAIL PROTECTED]
Subject: [PHP] strip single quotes
I'm trying to query the database using a string pulled out of the database
and compare and get the id. I can do it to a certain point and what kills
my query is single quotes. I CANNOT figure out how to escape it.
I DID THIS:
$address2 = str_replace("'", "", $address);
that worked on some, but not all.
$address = stripslashes($store['address']);
$address = str_replace("'", "", $address);
$address = htmlspecialchars($address);
$address = addslashes($address);
anyone
Some errors I have gotten back
"You have an error in your SQL syntax near 's Linen & Home'' at line 1"
and
"You have an error in your SQL syntax near 's 800 number.'' at line 1"
_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*
http://join.msn.com/?page=features/virus
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
> I'm trying to query the database using a string pulled out of the
database
> and compare and get the id. I can do it to a certain point and what
kills
> my query is single quotes. I CANNOT figure out how to escape it.
>
> I DID THIS:
> $address2 = str_replace("'", "", $address);
>
> that worked on some, but not all.
> $address = stripslashes($store['address']);
> $address = str_replace("'", "", $address);
> $address = htmlspecialchars($address);
> $address = addslashes($address);
>
> anyone
>
> Some errors I have gotten back
> "You have an error in your SQL syntax near 's Linen & Home'' at line
1"
> and
> "You have an error in your SQL syntax near 's 800 number.'' at line 1"
You need to use addslashes() on any string you insert into your query.
---John W. Holmes...
PHP Architect - A monthly magazine for PHP Professionals. Get your copy
today. http://www.phparch.com/
--- End Message ---
--- Begin Message ---
> when retrieving a date from MySQL in nYYYY/MM/DD, how can I present
this
> to
> the user of a site in readable format i.e. 19th March 2003?
SELECT DATE_FORMAT(column,' ... ') AS f_date FROM table WHERE ...
Look up DATE_FORMAT in the MySQL manual, Chapter 6. It works almost the
same as the PHP date() function. The ' ... ' would be the pattern to
create '19th March 2003'
---John W. Holmes...
PHP Architect - A monthly magazine for PHP Professionals. Get your copy
today. http://www.phparch.com/
--- End Message ---
--- Begin Message ---
Is there a method to test whether or not an array is associative?
I'm trying to make a function that can deal with whatever type of
array (associative or numeric) that is thrown at it.
--- End Message ---
--- Begin Message ---
--- cpaul <[EMAIL PROTECTED]> wrote:
> Is there a method to test whether or not an array is associative?
>
> I'm trying to make a function that can deal with whatever type of
> array (associative or numeric) that is thrown at it.
It's all the same. An enumerated array is really an associative array where
every key is an integer. Just treat them all like associative arrays, and
you'll be fine.
Chris
=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/
--- End Message ---
--- Begin Message ---
> --- cpaul <[EMAIL PROTECTED]> wrote:
> > Is there a method to test whether or not an array is associative?
[EMAIL PROTECTED] wrote:
> It's all the same. An enumerated array is really an associative array where
> every key is an integer. Just treat them all like associative arrays, and
> you'll be fine.
>
ok thanks - that makes sense. sort of doesn't solve my problem, because
if my function receives an enumerated array, i want it to treat it as an
associative array, using the value as the key.
the array index is not useful to me in this situation.
is there really no way to tell how an array was defined?
thanks for your time
--
chris paul
--- End Message ---
--- Begin Message ---
At 08:52 20.03.2003, cpaul said:
--------------------[snip]--------------------
>ok thanks - that makes sense. sort of doesn't solve my problem, because
>if my function receives an enumerated array, i want it to treat it as an
>associative array, using the value as the key.
--------------------[snip]--------------------
What would be the value then?
If I get you correctly, you would treat an array that comes like
[0] => entry 0
[1] => entry 1
[2] => entry 2
as
[entry 0] => ??
[entry 1] => ??
[entry 2] => ??
What happens when there are duplicate values in the source array? You will
loose entries on duplicate values.
If I got you right here have a look at array_flip()
(http://www.php.net/manual/en/function.array-flip.php) to exchange array sides.
You can't tell with absolute certainty if an array is enumerated, or built
as associative array. Take this example:
$a = array('one','two','three');
$b = array(); $b[0] = 'one'; $b[1] = 'two'; $b[2] = 'three';
$c = array(0 => 'one', 1 => 'two', 2 => 'three');
Which one would you believe is enumerated, and which one is associative?
What you can do is walk the array keys and check if there is at least a
single non-numeric key. If you found one the array is associative. If you
found none it may be likely that the array is enumerated, but you can't be
sure in a general way, except your application is designed in a way that
uses always non-numeric keys for associative arrays.
--
>O Ernest E. Vogelsinger
(\) ICQ #13394035
^ http://www.vogelsinger.at/
--- End Message ---
--- Begin Message ---
> At 08:52 20.03.2003, cpaul said:
> --------------------[snip]--------------------
> >ok thanks - that makes sense. sort of doesn't solve my problem, because
> >if my function receives an enumerated array, i want it to treat it as an
> >associative array, using the value as the key.
> --------------------[snip]--------------------
ernest wrote:
> What would be the value then?
>
> If I get you correctly, you would treat an array that comes like
> [0] => entry 0
> [1] => entry 1
> [2] => entry 2
like this:
'entry 0' => 'entry 0'
'entry 1' => 'entry 1'
'entry 2' => 'entry 2'
> What happens when there are duplicate values in the source array? You will
> loose entries on duplicate values.
the source array is based on a directory listing, so i don't think there's
a possibility of that happening?
> You can't tell with absolute certainty if an array is enumerated, or built
> as associative array. Take this example:
> $a = array('one','two','three');
> $b = array(); $b[0] = 'one'; $b[1] = 'two'; $b[2] = 'three';
> $c = array(0 => 'one', 1 => 'two', 2 => 'three');
>
> Which one would you believe is enumerated, and which one is associative?
they'd all be enumerated, except perhaps $c -- but i've grown :) and now
understand that $c winds up being an enumerated array.. or is it?
in my code....
$q = mysql_query ( "SELECT production_id, title FROM productions ORDER BY title;"
);
$this->all_productions[""] = "";
while ( $row = mysql_fetch_array( $q ) ) {
$this->all_productions[$row["production_id"]] = $row["title"];
}
the array is kept in order when i foreach the array - wouldn't they sort
themselves into 0,1,2,3,4,5,etc if my while loop was populating an
enumerated array? or are all arrays in php actually a keyed hash?
> What you can do is walk the array keys and check if there is at least a
> single non-numeric key. If you found one the array is associative. If you
> found none it may be likely that the array is enumerated, but you can't be
> sure in a general way, except your application is designed in a way that
> uses always non-numeric keys for associative arrays.
thanks so much for all your input on this.
regards
--
chris paul
--- End Message ---
--- Begin Message ---
At 09:57 20.03.2003, cpaul said:
--------------------[snip]--------------------
>> as associative array. Take this example:
>> $a = array('one','two','three');
>> $b = array(); $b[0] = 'one'; $b[1] = 'two'; $b[2] = 'three';
>> $c = array(0 => 'one', 1 => 'two', 2 => 'three');
>>
>> Which one would you believe is enumerated, and which one is associative?
>
>they'd all be enumerated, except perhaps $c -- but i've grown :) and now
>understand that $c winds up being an enumerated array.. or is it?
Well, all these 3 arrays are _exactly_ the same. If you print_r() them
you'd see
Array {
0 => one
1 => two
2 => three
}
The key to this issue seems to be understanding that it makes no difference
how the array keys are constructed... an array is an association of key to
value, being a hash always if you want to see it that way.
>in my code....
>
> $q = mysql_query ( "SELECT production_id, title FROM productions ORDER
>BY title;" );
> $this->all_productions[""] = "";
> while ( $row = mysql_fetch_array( $q ) ) {
> $this->all_productions[$row["production_id"]] = $row["title"];
> }
>
>the array is kept in order when i foreach the array - wouldn't they sort
>themselves into 0,1,2,3,4,5,etc if my while loop was populating an
>enumerated array? or are all arrays in php actually a keyed hash?
You're chosing your own keys here - so this makes a perfect associative
array, even if the keys ($row['production_id']) would be a sequenced
number. If you would just add the titles up ($this->all_productions[] =
$row['title']), PHP would choose an index key for you - the most general
thing it can do is to enumerate it. Basically what it does is
array[count(array)] = new_element
So much for the "theory" - what are you really trying to achieve? Maybe
there's something you can redesign so you're not relying on the fact if an
array is "enumerated" or not.
--
>O Ernest E. Vogelsinger
(\) ICQ #13394035
^ http://www.vogelsinger.at/
--- End Message ---
--- Begin Message ---
> So much for the "theory" - what are you really trying to achieve? Maybe
> there's something you can redesign so you're not relying on the fact if an
> array is "enumerated" or not.
thanks very much for your help - i understand now that no matter what
kind of array i think i'm making, it is being morphed into an associative
array. i half-understood this from the docs, but was puzzled.. i expected
the behaviour of an array in other languages, which even if i were to
define an array in this sequence:
$arr[2] = "z";
$arr[0] = "x";
$arr[1] = "y";
would shuffle itself internally into a sequence like: x, y, z.
but in php this obviously isn't the case, and it remains: z, x, y.
thanks again for your time.
--
chris paul
--- End Message ---
--- Begin Message ---
Hi,
This is the one which I am getting in the website after the item has been posted.
parse error, expecting `')''
Please send me the views how to rectify it.
This is my Php
// $Mymail is of type "CDONTS.NEWMAIL"
file://mail(,,,"From: ".$Body=$mybody);
file://mail(,,,"From: ".$Subject="Registration");
file://mail(,,,"From: ".="[EMAIL PROTECTED]");
file://mail(,,,"From: ".$From=$temail);
?>
Please guide me
TIA
Manjunath H N
DISCLAIMER:
This e-mail and any attachment (s) is for authorised use by the intended recipient (s)
only. It may contain proprietary material, confidential information and/or be subject
to the legal privilege of iWave Systems Technologies Private Limited. If you have
received this message in error, please notify the originator immediately. If you are
not the intended recipient, you are notified that you are strictly prohibited from
retaining, using, copying, alerting or disclosing the content of this message. Thank
you for your co-operation.
--- End Message ---
--- Begin Message ---
How persistent are LDAP connections which are not closed
with ldap_close() or ldap_unbind()?
I am trying to re-use an LDAP link identifier by doing an
open, binding as something, saving the LID in a $_SESSION
variable, *not* closing the LDAP link, and then using the
LID in another script invocation which has rejoined the
session to get the LID and use it for additional LDAP
searches (after all, why keep rebinding?)
However, it seems -- based on tcpdumps, sockets states, and
the LDAP server logs -- that the LDAP connection is *always*
closed (ie unbind is done by PHP) invariably, once the
script finishes; there is no way to eg have the PHP session
retain a user's credentials that have already been used in a
BIND operation, and maintain the BIND to let the session
keep re-using it.
I am using 4.2.2 but I have looked at the diff between it
and the latest release candidate, and don't see any changes
which might affect this behavior.
Anyone know if this is expected behavior, and also if it is
designed behavior? Seems silly to me to keep rebinding when
a user might be invoking several scripts over the course of
a session, all with the same bind credentials.
Thanks for any info.
--- End Message ---
--- Begin Message ---
Hello guys
I make following query:
mysql> SELECT b.type, a.link AS parent_link, b.link AS child_link FROM
bookmarks AS a, bookmarks AS b WHERE a.id = b.parentid order by
parent_link;
and here is result
+--------+-------------+------------------------+
| type | parent_link | child_link |
+--------+-------------+------------------------+
| link | MAIN FOLDER | http://www.ee/ |
| folder | MAIN FOLDER | SUBFOLDER |
| link | MAIN FOLDER | http://www.google.com/ |
| link | SUBFOLDER | http://www.amazon.com/ |
+--------+-------------+------------------------+
I just can't figure out how can i produce tree style output with php
MAIN FOLDER ->
-> http://www.google.com/
-> http://www.ee/
-> SUBFOLDER
-> http://www.amazon.com/
Any help would be greatly apreciated.
Have a nice day.
--- End Message ---
--- Begin Message ---
There are two ways that I know of the adjacency model
and nested sets.
adjacency model uses a table structure like
category_id | parent_id | category_name
so if i want to see all categories belonging to
category 12
-> SELECT * FROM cat_table WHERE parent_id=12;
there are a few articles out there on this. not sure
where at the moment, but you know what its called now.
here are some articles about the nested set model. A
little more difficult but with great benefits
-> http://www.dbmsmag.com/9603d06.html
->
http://searchdatabase.techtarget.com/tip/1,289483,sid13_gci537290,00.html
->
http://searchdatabase.techtarget.com/tip/1,289483,sid13_gci801943,00.html
olinux
--- Daniel Harik <[EMAIL PROTECTED]> wrote:
>
> Hello guys
>
> I make following query:
>
> mysql> SELECT b.type, a.link AS parent_link, b.link
> AS child_link FROM
> bookmarks AS a, bookmarks AS b WHERE a.id =
> b.parentid order by
> parent_link;
>
> and here is result
>
> +--------+-------------+------------------------+
> | type | parent_link | child_link |
> +--------+-------------+------------------------+
> | link | MAIN FOLDER | http://www.ee/ |
> | folder | MAIN FOLDER | SUBFOLDER |
> | link | MAIN FOLDER | http://www.google.com/ |
> | link | SUBFOLDER | http://www.amazon.com/ |
> +--------+-------------+------------------------+
>
> I just can't figure out how can i produce tree style
> output with php
>
> MAIN FOLDER ->
> -> http://www.google.com/
> -> http://www.ee/
> -> SUBFOLDER
> -> http://www.amazon.com/
>
>
> Any help would be greatly apreciated.
> Have a nice day.
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com
--- End Message ---
--- Begin Message ---
If one of you are a guru and on the php-dev list, would you please
either look at the code or ask others on that list if it's possible to
use:
'requiressl=1'
in the connection string for pg_connect/pg_pconnect and it will actually
work in PHP ver >= 4.2.2 ?
I am already on so many lists, I don't want to join another for one
question.
Please cc me because I'm on digest for php-general.
Thank you in advance.
--- End Message ---
--- Begin Message ---
Hi,
I would be very grateful if someone could explain to me why this is
happening. I am trying to convert a date sent from a textfield. The
textfield is initially populated by a JavaScript calendar control. Using the
following code I am attempting to read in the date sent from the textfeild:
//initialise dates for header of table
if(isset($goto_date) == true){
//use dates sent from form
$full_date = date("dS of F", strtotime($_POST[input1]));
$day = date(d, strtotime($_POST[input1]));
echo "full_date: $full_date<br>";
echo "day: $day<br>";
} else {
//use todays date
$full_date = date("dS of F");
$day = date(d);
}
but i keep getting this output:
full_date: 24th of August
day: 24
the javascript populates the textfield in the form off dd-mm-yyyy.
Thanks in advance for any advice offered
--- End Message ---
--- Begin Message ---
Hiya
It could need setting register_globals =on in your php.ini
if after that still problems then you may need to look into sessions and in
particular session_start() and $_SESSION['varname'] and make sure the
variables are global so that more than one script can use them.
Hope this steers you in right direction
*warning im a newbie too so you may wait for some more replies to confirm
what im saying*
Bobster
From: "Joe Kupiszewski" <[EMAIL PROTECTED]>
Reply-To: "Joe Kupiszewski" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [PHP] Passing variable from webpage to php (newbie?)
Date: Wed, 19 Mar 2003 10:57:11 -0500
I think I already tried to post once, so sorry if this is a duplicate, but
I
don't see my first attempt. I am trying to do what should be a relatively
simple and basic task. I've got a php script/page that has a switch/case
selection statement in it. Obviously, depending on what value a particular
variable takes when passed to the script, the script SHOULD :) do different
things. However, when I invoke the script using
www.somedomain.com/somephpscript.php?action=1 (substitute one with, 2, 3,
4
or whatever) and then do a check whether any value is passed to my script,
it always tells me the value is empty ( if (empty ($action)) - it just
always thinks its empty. I'm copying this script from a book, so I do not
have any reason to believe there is an error in the code, but obviously
something is not happening properly. My thought is that perhaps something
needs to be turned on in the php.ini or in the apache httpd.conf file to
allow this variable passing to work. Is there some other way to do this?
Sorry for the long paragraph sentence. I'll be happy to post the code if
needed or provide any additional information or give the actual URL so you
can see what is happening.
Thanks for any thoughts
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
_________________________________________________________________
Overloaded with spam? With MSN 8, you can filter it out
http://join.msn.com/?page=features/junkmail&pgmarket=en-gb&XAPID=32&DI=1059
--- End Message ---
