php-general Digest 14 Jul 2009 15:36:02 -0000 Issue 6229
Topics (messages 295344 through 295368):
Launch Windows Program from PHP
295344 by: Matt Neimeyer
Re: mod primary key field - newbie question
295345 by: Marc Christopher Hall
Re: MySql Injection advice
295346 by: Andrew Ballard
295347 by: Eddie Drapkin
295350 by: Ashley Sheridan
295355 by: Michael A. Peters
295363 by: Martin Scotta
MySQL Queries in PHP
295348 by: Tom Chubb
295349 by: Eddie Drapkin
295354 by: Tom Chubb
Need Help.
295351 by: Girish Padia
295352 by: Ashley Sheridan
295353 by: Carlos Medina
295356 by: kranthi
295364 by: Martin Scotta
295365 by: Bob McConnell
295367 by: Martin Scotta
Re: phpscriptor.com
295357 by: LinuxManMikeC
Scope of Variables and use of global and this->var
295358 by: Anton Heuschen
295360 by: Eric Butera
295362 by: Darren Karstens
295366 by: Martin Scotta
Email security
295359 by: Tiji varghese
295361 by: Eric Butera
Weird domain seting in setcookie()
295368 by: Michelle Konzack
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
I'm probably just not Googling right... Short version: How can I
launch a program for the current user sitting in front of a windows
web server?
Longer version: I've written a PHP app to migrate data from the FoxPro
version of our product to the upcoming MySQL version. I have a self
contained setup on an XP box consisting of XAMPP, DBConvert (a data
conversion program) and the ODBTP client/server. Phase 1 is a PHP app
the pre-preps the data through ODBTP to a local FoxPro DBC. Phase 2 is
the DBConvert and Phase 3 is a PHP app again doing post-conversion
stuff in MySQL.
To help in automating the whole shebang I'd like to automatically
launch DBConvert with a command line argument (for the right data
conversion stored session). Whenever I Google I find stuff about
launching background tasks or using things like popen to launch
processes "inside" the web server. I don't care if the owner of the
process is the user at the keyboard just that they can interact with
it.
And if its Christmas and I can get everything I want :)... I'd love
for PHP to be able to watch the process and stay resident until it
exits so at that point I can send a final bit of javascript that will
cause "phase 3" to automatically start.
Any ideas?
Thanks!
Matt
--- End Message ---
--- Begin Message ---
-----Original Message-----
From: Floyd Resler [mailto:fres...@adex-intl.com]
Sent: Monday, July 13, 2009 5:41 PM
To: c...@hosting4days.com
Cc: php-gene...@lists.php.net
Subject: Re: [PHP] mod primary key field - newbie question
Sounds like you want to set the auto increment. To do that, use this
query:
alter table `table_name` auto_increment 1;
That will reset it to one. Although I've never tried it, I assume you
can give it another value.
Take care,
Floyd
On Jul 13, 2009, at 5:35 PM, c...@hosting4days.com wrote:
> newbie question ... I have a MySQL table where I want to update
> (renumber) the primary numeric key field.
>
> - I successfully turned field off as a primary key index and UN auto
> incremented it
> - then created new sequential numbers for it
> - then turned back on primary key index and re added auto increment in
>
>
> BUT when I make a new record it does NOT start where new numbers stop
>
> last is 51
> next should be 52
>
> but jumps to 157
>
> Q: is there a way to reset the NEXT SERIAL ID NUMBER somewhere? how
> do I fix this?
>
>
> --
> Thanks - RevDave
> Cool @ hosting4days . com
> [db-lists 09]
>
>
>
"alter table `table_name` auto_increment 1;"
Correct you can give it any value you wish it to start FROM. ie if you pass
51 as the value then the next will be Auto increment value will be 52
__________ Information from ESET Smart Security, version of virus signature
database 4240 (20090713) __________
The message was checked by ESET Smart Security.
http://www.eset.com
--- End Message ---
--- Begin Message ---
On Mon, Jul 13, 2009 at 4:18 PM, Haig Dedeyan<hdede...@videotron.ca> wrote:
> for the phone #'s, I'm using int as the data type & storing each part of the
> phone # in its own cell,
>
> When it gets displayed, I add a dash in between each part of the phone #'s
> (country code-area code-1st set of digits-last set of digits)
>
> Cheers
>
> Haig
I disagree. Telephone numbers are not actually numbers; they are
sequences of numeric digits. Unlike IP addresses where 10.0.0.1 is
equivalent to 010.000.000.001, leading zeros are significant; they are
part of the data, not just padding to be inserted automatically by the
database or by a formatting function in the presentation layer. When
you validate an area code in the North American numbering plan, do you
validate that it is a number between 1 and 999 or do you validate that
it is a string of exactly 3 decimal-digit characters long? Expand that
to international phone numbers, and the zeros become even more
significant since you can't easily make assumptions about the length
of various segments in a phone number.
Sorry, but I just don't see any advantage to storing them as integers.
Andrew
--- End Message ---
--- Begin Message ---
Things I have used prepared statements for:
1. SELECT
2. UPDATE
3. INSERT
4. DELETE
5. Stored procedures
Things I am aware of that prepared statements are not capable of doing:
What have you read that prepared statements can't do? I've not heard
of anything, nor have I encountered anything, myself. And given that
I am prone to making errors, I like the fact that my work flow
prevents a mistake I make leading to an unnoticed vulnerability.
On Mon, Jul 13, 2009 at 5:00 PM, Michael A. Peters<mpet...@mac.com> wrote:
> tedd wrote:
>>
>> At 3:53 PM -0400 7/12/09, Paul M Foster wrote:
>>>
>>> On Sun, Jul 12, 2009 at 09:07:45AM -0400, tedd wrote:
>>>
>>> <snip>
>>>
>>>>
>>>> As for prepared statements, I'm no authority on them, but from what
>>>> I've read they are not going to be something I'll be practicing
>>>> anytime soon.
>>>
>>> Aside from Stuart's comments about slowness, what else have you read
>>> that makes you discount the use of prepared statements? The PDO class
>>> emphasizes that you're safe from SQL injection exploits, which seems a
>>> big plus.
>>>
>>> Paul
>>
>> Paul:
>>
>> As I said, I'm no authority. However as I have read, prepared statements
>> are for a limited set of instructions in MySQL. They can't be used for
>> everything. Why should I learn one way to do something that isn't universal
>> in the language?
>
> They are useful for select, insert, and update queries, which are the three
> most common types of queries in web applications and are most often used for
> SQL injection.
>
> I personally use the MDB2 database abstration layer. Here's how it's done -
>
> $types = Array('integer','text');
> $q = "SELECT something,else FROM table WHERE id < ? AND type=?"
> $sql = $mdb2->prepare($q,$types,MDB2_PREPARE_RESULT);
>
> $args = Array($someinput,$someotherinput);
> $rs = $sql->execute($args);
>
> Here's the non prepared way
>
> $sql = "SELECT something,else FROM table WHERE id < $someinput AND
> type='$someotherinput'"
> $rs = $mdb2->query($sql);
>
> The two are very similar syntax, just a few extra steps required for
> prepared statements - and if the query is performed multiple times with
> different arguments, you can re-use the prepared statement and don't have to
> make it again.
>
> The first has sql injection protection automatically for the two arguments,
> the second requires that you first sanitize the two arguments - which is
> where mysql_real_escape_string comes in - but as soon as you use that mysql
> specific function, your code no longer is as easily portable to other
> databases.
>
> Prepared statements may be a minor performance hit but I suspect if it is
> even noticable, you are at the edge of what your server can handle and
> either need hardware update, infrastructure update (IE dedicated sql servers
> and load balancing), or code optimization that probably will find bigger
> issues than sql prepared statements.
>
> Using a cache (IE APC or memcached) for commonly performed queries makes the
> speed difference between the two only matter when the query isn't cached.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
On Tue, 2009-07-14 at 01:52 -0400, Andrew Ballard wrote:
> On Mon, Jul 13, 2009 at 4:18 PM, Haig Dedeyan<hdede...@videotron.ca> wrote:
> > for the phone #'s, I'm using int as the data type & storing each part of the
> > phone # in its own cell,
> >
> > When it gets displayed, I add a dash in between each part of the phone #'s
> > (country code-area code-1st set of digits-last set of digits)
> >
> > Cheers
> >
> > Haig
>
> I disagree. Telephone numbers are not actually numbers; they are
> sequences of numeric digits. Unlike IP addresses where 10.0.0.1 is
> equivalent to 010.000.000.001, leading zeros are significant; they are
> part of the data, not just padding to be inserted automatically by the
> database or by a formatting function in the presentation layer. When
> you validate an area code in the North American numbering plan, do you
> validate that it is a number between 1 and 999 or do you validate that
> it is a string of exactly 3 decimal-digit characters long? Expand that
> to international phone numbers, and the zeros become even more
> significant since you can't easily make assumptions about the length
> of various segments in a phone number.
>
> Sorry, but I just don't see any advantage to storing them as integers.
>
> Andrew
Yeah, that makes sense. Last time I tried to store a phone number as a
number was at school, when I realised that none of the leading zeros
were preserved. On UK phone numbers, there's always a leading zero
unless you're calling directory enquiries or emergency services!
Also, IP addresses can be converted to IP numbers with the long2ip()
function of PHP, which means you can store them as long ints and do
normal number comparisons on them, great for matching an IP address to a
range of 'valid' ones.
Thanks
Ash
www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
Eddie Drapkin wrote:
Things I have used prepared statements for:
1. SELECT
2. UPDATE
3. INSERT
4. DELETE
5. Stored procedures
Things I am aware of that prepared statements are not capable of doing:
What have you read that prepared statements can't do? I've not heard
of anything, nor have I encountered anything, myself. And given that
I am prone to making errors, I like the fact that my work flow
prevents a mistake I make leading to an unnoticed vulnerability.
There was some stuff specified in the MySQL documentation.
I *think* for example selection data resulting from a union of two
tables with the AS TABLE modifier. I might be wrong about that.
It was nothing I frequently do.
I do have one really ugly query that does joins of one table and another
table that actually is a union of two tables - but that particular query
does not use any user provided data (it's part of my range map
generation script) so I don't use prepared statements with it anyway.
There's actually a bug in it (my huge query) though not significant, I'm
planning to just break it up into several smaller queries and use php to
do the hard work since that's easier to read and performance isn't an
issue (run by server twice a month to generate a png image, never run by
user).
But yeah - the stuff in the documentation where prepared statements
don't work is pretty obscure stuff.
I believe MDB2 simulates prepared statements for databases without
native prepared statements anyway.
--- End Message ---
--- Begin Message ---
you can do that with IPs because it is an implementation of an integer.
look:
I take a integer value: 2130706433
express it as binary: 1111111000000000000000000000001
now I have to look it as bytes: 11111110 00000000 00000000 00000001
express the bytes as decimals: 127 0 0 1
does this number means anything to you?
IPv4 are just simples integer values stored as bytes
Here you have another example
192.168.0.1
192 = 11000000
168 = 10101000
0 = 00000000
1 = 00000001
all together is 11000000101010000000000000000001
which my calc says it is 3232235521 (it doesn't understand the
negative implementation of numbers)
Telephone numbers are quite different, but in sort way they similars
8765-4321 can be the same as +0871187654321 (if you are in the same are code)
I think the solution should be based in your audience target.
On Tue, Jul 14, 2009 at 4:43 AM, Ashley
Sheridan<a...@ashleysheridan.co.uk> wrote:
> On Tue, 2009-07-14 at 01:52 -0400, Andrew Ballard wrote:
>> On Mon, Jul 13, 2009 at 4:18 PM, Haig Dedeyan<hdede...@videotron.ca> wrote:
>> > for the phone #'s, I'm using int as the data type & storing each part of
>> > the
>> > phone # in its own cell,
>> >
>> > When it gets displayed, I add a dash in between each part of the phone #'s
>> > (country code-area code-1st set of digits-last set of digits)
>> >
>> > Cheers
>> >
>> > Haig
>>
>> I disagree. Telephone numbers are not actually numbers; they are
>> sequences of numeric digits. Unlike IP addresses where 10.0.0.1 is
>> equivalent to 010.000.000.001, leading zeros are significant; they are
>> part of the data, not just padding to be inserted automatically by the
>> database or by a formatting function in the presentation layer. When
>> you validate an area code in the North American numbering plan, do you
>> validate that it is a number between 1 and 999 or do you validate that
>> it is a string of exactly 3 decimal-digit characters long? Expand that
>> to international phone numbers, and the zeros become even more
>> significant since you can't easily make assumptions about the length
>> of various segments in a phone number.
>>
>> Sorry, but I just don't see any advantage to storing them as integers.
>>
>> Andrew
>
> Yeah, that makes sense. Last time I tried to store a phone number as a
> number was at school, when I realised that none of the leading zeros
> were preserved. On UK phone numbers, there's always a leading zero
> unless you're calling directory enquiries or emergency services!
>
> Also, IP addresses can be converted to IP numbers with the long2ip()
> function of PHP, which means you can store them as long ints and do
> normal number comparisons on them, great for matching an IP address to a
> range of 'valid' ones.
>
> Thanks
> Ash
> www.ashleysheridan.co.uk
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
Martin Scotta
--- End Message ---
--- Begin Message ---
Hi List,
Just wanted to pick your brains please?
I'm trying to standardise on the way I query databases and move away from
the Dreamweaver built-in functions (which I know you all hate!) ;)
I've been on this list for about 5 years now and I don't think I've ever
heard anyone mention the Pear packages, eg: MDB_QueryTool and wondered if
there was any reason why not?
I found some classes on phpclasses and have already started using one of
them by Henry Chen and there are plenty more.
I am still using Dreamweaver as the text editor for PHP on a Mac and trying
to code things manually but building SQL queries are one of the biggest
problems I come across.
To be honest, Dreamweaver used to be fine but for me, historically on both
PC and Mac, after a while it decides that it can connect to the DB but
cannot see any of the tables which prevent using the wizards which is why
I'm moving away from it.
All tutorials on the net are different and I'd like some info on the best
practices that you guys follow when dealing with MySQL.
Thanks in advance,
Tom
PS - I'm only dealing with simple queries: show, insert, update, delete,
etc.
--- End Message ---
--- Begin Message ---
On Tue, Jul 14, 2009 at 2:29 AM, Tom Chubb<tomch...@gmail.com> wrote:
> Hi List,
> Just wanted to pick your brains please?
> I'm trying to standardise on the way I query databases and move away from
> the Dreamweaver built-in functions (which I know you all hate!) ;)
> I've been on this list for about 5 years now and I don't think I've ever
> heard anyone mention the Pear packages, eg: MDB_QueryTool and wondered if
> there was any reason why not?
> I found some classes on phpclasses and have already started using one of
> them by Henry Chen and there are plenty more.
> I am still using Dreamweaver as the text editor for PHP on a Mac and trying
> to code things manually but building SQL queries are one of the biggest
> problems I come across.
> To be honest, Dreamweaver used to be fine but for me, historically on both
> PC and Mac, after a while it decides that it can connect to the DB but
> cannot see any of the tables which prevent using the wizards which is why
> I'm moving away from it.
> All tutorials on the net are different and I'd like some info on the best
> practices that you guys follow when dealing with MySQL.
> Thanks in advance,
>
> Tom
>
> PS - I'm only dealing with simple queries: show, insert, update, delete,
> etc.
>
I've always enjoyed writing SQL myself, as it is sort of challenging
and interesting to do, so I've always written them by hand. I'd
recommend learning SQL yourself, as the queries tools generate, in my
experience, are never quite as useful as hand-written, nor as fast.
It's not that difficult to do and if you can't write queries yourself,
whether you do or not, no one is going to take you very seriously as a
web developer. So, my best suggestion to you is to just buck up and
learn SQL, as useless as that is.
--- End Message ---
--- Begin Message ---
2009/7/14 Eddie Drapkin <oorza...@gmail.com>
> On Tue, Jul 14, 2009 at 2:29 AM, Tom Chubb<tomch...@gmail.com> wrote:
> > Hi List,
> > Just wanted to pick your brains please?
> > I'm trying to standardise on the way I query databases and move away from
> > the Dreamweaver built-in functions (which I know you all hate!) ;)
> > I've been on this list for about 5 years now and I don't think I've ever
> > heard anyone mention the Pear packages, eg: MDB_QueryTool and wondered if
> > there was any reason why not?
> > I found some classes on phpclasses and have already started using one of
> > them by Henry Chen and there are plenty more.
> > I am still using Dreamweaver as the text editor for PHP on a Mac and
> trying
> > to code things manually but building SQL queries are one of the biggest
> > problems I come across.
> > To be honest, Dreamweaver used to be fine but for me, historically on
> both
> > PC and Mac, after a while it decides that it can connect to the DB but
> > cannot see any of the tables which prevent using the wizards which is why
> > I'm moving away from it.
> > All tutorials on the net are different and I'd like some info on the best
> > practices that you guys follow when dealing with MySQL.
> > Thanks in advance,
> >
> > Tom
> >
> > PS - I'm only dealing with simple queries: show, insert, update, delete,
> > etc.
> >
>
> I've always enjoyed writing SQL myself, as it is sort of challenging
> and interesting to do, so I've always written them by hand. I'd
> recommend learning SQL yourself, as the queries tools generate, in my
> experience, are never quite as useful as hand-written, nor as fast.
> It's not that difficult to do and if you can't write queries yourself,
> whether you do or not, no one is going to take you very seriously as a
> web developer. So, my best suggestion to you is to just buck up and
> learn SQL, as useless as that is.
>
That's still useful Eddie, and I suspect that's what a lot of people
actually do.
I do understand SQL (at a very basic level) but I'm trying to start using
the same custom functions for future projects and thought, "I wonder if
there's anything in Pear?"
--- End Message ---
--- Begin Message ---
Dear Sir,
I am facing two problem while developing my site in php.
1) I want to delete browser history whenever i migrate from one page to
another. so that user can never press "Back" button.
2) I have 20 users who have access to my site. Right now I am checking this
using cookies. I want to know which is better to track user login : Cookies
or Session ?
Please do reply.
With regards,
Girish
--- End Message ---
--- Begin Message ---
On Tue, 2009-07-14 at 11:59 +0530, Girish Padia wrote:
> Dear Sir,
>
> I am facing two problem while developing my site in php.
> 1) I want to delete browser history whenever i migrate from one page to
> another. so that user can never press "Back" button.
> 2) I have 20 users who have access to my site. Right now I am checking this
> using cookies. I want to know which is better to track user login : Cookies
> or Session ?
>
> Please do reply.
>
> With regards,
>
> Girish
You can't delete the users browser history, but what you can do is use
an entirely AJAX based website, so that there is no back/forward option.
However, this may be a little complex for you unless you have at least a
fair understanding of HTML Dom, and Javascript.
To understand which is betterm you need to understand how they work.
Cookies are persistent text files left on the users computer. They are
limited in the amount of data you can store in them, but they can store
information across physical browsing sessions. For example, you could
use them to remember a users preferred layout for your site, etc.
Sessions variables are all stored on your server, and generally last
only for the time that a visitor is on your site. They are referenced
automatically by PHP through a session ID, which is usually stored in a
cookie, but you can force it to be sent only in the URL if you wish.
The advantage that sessions have over cookies is the ability to store
more data, and as it is server-side, you can store things without
worrying too much about that data being accessed by someone other than
your user. Cookies have the advantage of persistence over time
(depending on how long you prefer to store them). You should not that
some users see cookies as invasive, and may have them turned off in the
browser. I'd say if you can do something server or client-side, you're
better off doing it where you have the greatest control, a la
server-side.
Thanks
Ash
www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
Hi Girish,
You can save the SEssion id in a Cookie to make it available over
requests and over days too. If you use Sessions stored on DB, you can
get more security, when the SEssion Cookie is stored Encrypted. Other
Option is to send the Session id, most know as PHPSESSIONID, as GET
Variable.
REgards
Carlos
Ashley Sheridan schrieb:
On Tue, 2009-07-14 at 11:59 +0530, Girish Padia wrote:
Dear Sir,
I am facing two problem while developing my site in php.
1) I want to delete browser history whenever i migrate from one page to
another. so that user can never press "Back" button.
2) I have 20 users who have access to my site. Right now I am checking this
using cookies. I want to know which is better to track user login : Cookies
or Session ?
Please do reply.
With regards,
Girish
You can't delete the users browser history, but what you can do is use
an entirely AJAX based website, so that there is no back/forward option.
However, this may be a little complex for you unless you have at least a
fair understanding of HTML Dom, and Javascript.
To understand which is betterm you need to understand how they work.
Cookies are persistent text files left on the users computer. They are
limited in the amount of data you can store in them, but they can store
information across physical browsing sessions. For example, you could
use them to remember a users preferred layout for your site, etc.
Sessions variables are all stored on your server, and generally last
only for the time that a visitor is on your site. They are referenced
automatically by PHP through a session ID, which is usually stored in a
cookie, but you can force it to be sent only in the URL if you wish.
The advantage that sessions have over cookies is the ability to store
more data, and as it is server-side, you can store things without
worrying too much about that data being accessed by someone other than
your user. Cookies have the advantage of persistence over time
(depending on how long you prefer to store them). You should not that
some users see cookies as invasive, and may have them turned off in the
browser. I'd say if you can do something server or client-side, you're
better off doing it where you have the greatest control, a la
server-side.
Thanks
Ash
www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
Hi Girish,
1. You cannot modify the browser Back button (any thing on the
client's computer for that matter).
2. I strongly oppose the use of Cookies for tracking the user login,
due to security reasons. Cookies are saved on the client's computer
and he/she can easily modify the information present. But that is
impossible with sessions.
--- End Message ---
--- Begin Message ---
hahahahahaha
How are you to delete my history?
The fact that you "develop" a website does not allow you to take the
control of my browser.
But you can avoid the history to be populated by using javascript
<a href="lalalal.html" onclick="document.location.replace(this.href)">
Click to lalalal
</a>
The replace() method loads a new page, specified by URL, in the
current browser window.
The new page replaces the previous page's position in the history list.
On Tue, Jul 14, 2009 at 5:51 AM, kranthi<kranthi...@gmail.com> wrote:
> Hi Girish,
>
> 1. You cannot modify the browser Back button (any thing on the
> client's computer for that matter).
> 2. I strongly oppose the use of Cookies for tracking the user login,
> due to security reasons. Cookies are saved on the client's computer
> and he/she can easily modify the information present. But that is
> impossible with sessions.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
Martin Scotta
--- End Message ---
--- Begin Message ---
From: Martin Scotta
>
> hahahahahaha
>
> How are you to delete my history?
> The fact that you "develop" a website does not allow you to take the
> control of my browser.
>
> But you can avoid the history to be populated by using javascript
>
> <a href="lalalal.html" onclick="document.location.replace(this.href)">
> Click to lalalal
> </a>
That would prevent me from navigating the site since I won't enable
JavaScript in my browser until I have trust in your website not to allow
any installation of malware on my computer. That trust must be earned by
you, since trust is not associative. Yes, there are a lot of sites that
I can't visit because of that. Right now I won't even enable JS for
either my bank or credit card issuer since neither has demonstrated the
knowledge, desire or ability to protect their servers or my browser.
Bob McConnell
--- End Message ---
--- Begin Message ---
I know... this is not for a php thread... but...
If you look at the HTML the "a" tag is made completely unobtrusive.
The link will still working without javascript.
This is the original tag (with javascript)
<a href="lalalal.html" onclick="document.location.replace(this.href)">
Click to lalalal
</a>
This is how the browser looks it without javascript
<a href="lalalal.html">
Click to lalalal
</a>
I've said it is not for a php thread
On Tue, Jul 14, 2009 at 10:29 AM, Bob McConnell<r...@cbord.com> wrote:
> From: Martin Scotta
>>
>> hahahahahaha
>>
>> How are you to delete my history?
>> The fact that you "develop" a website does not allow you to take the
>> control of my browser.
>>
>> But you can avoid the history to be populated by using javascript
>>
>> <a href="lalalal.html" onclick="document.location.replace(this.href)">
>> Click to lalalal
>> </a>
>
> That would prevent me from navigating the site since I won't enable
> JavaScript in my browser until I have trust in your website not to allow
> any installation of malware on my computer. That trust must be earned by
> you, since trust is not associative. Yes, there are a lot of sites that
> I can't visit because of that. Right now I won't even enable JS for
> either my bank or credit card issuer since neither has demonstrated the
> knowledge, desire or ability to protect their servers or my browser.
>
> Bob McConnell
>
--
Martin Scotta
--- End Message ---
--- Begin Message ---
On Mon, Jul 13, 2009 at 2:39 AM, Reese<howel...@inkworkswell.com> wrote:
> Paul M Foster wrote:
>>
>> On Sat, Jul 11, 2009 at 08:14:35AM -0700, PHPScriptor wrote:
>>
>>> Ok this may look like spam but what the hell...
>>>
>>> I'm the owner of phpscriptor.com, I had bigg plans with this domainname
>>> but... well yes, no time. So I'm selling it. I don't want to make profit
>>> out
>>> of it. So for, lets say 200 dollar, you can have to domainname. And if
>>> you
>>> want, you get the website free with it.
>
> Why am I reminded of the Vincent D'Onofrio "Edgar"-cum-cochroach
> character when I read those lines above? I found myself adopting
> the cochroach accent as I read the first line. Seriously.
>
>> You don't want to make a profit, yet you're selling it for $200? Those
>> two statements are contradictory.
>
> He has a lot of mouths to feed. Plus if he's been sitting on it,
> the $200 might let him break even.
>
> I've learned that much, eh?
>
> SL
>
According to WHOIS, he registered the domain name in December 2007,
renewed in 2008, it will currently expire December 2009 if not
renewed. The site had its first news item published in July 2008, six
months after registering the domain name. The longest he's possibly
had a hosting plan (just assuming he got it with the domain) is about
1 1/2 years. If he had any sense when he was shopping for hosting
plans and domain registration, he couldn't have spent more than $120
so far. If he's buying hosting by the year, maybe $160. At minimum
he's making $40 profit on the capital. Even if you get the website,
its nothing special to search engines, doesn't stand out visually or
content-wise, and I doubt it gets much traffic yet. I'd only want the
domain name, and I'd still feel cheated at half the price. There's a
lot of work left to make something out of phpscriptor.com.
--- End Message ---
--- Begin Message ---
This is just a general question,
I am not 100% on when to use global $var , and $this->var and how/what
about the GLOBAL vars ....
Lets say I have one file I call config.php ....here I connect to the db, to
ldap etc .... the connection "var" I can then use in a file on its own ...
obviously after I include "config.php" .... lets say in config.php my DB
connect was $dbconnect ....
In my index.php page I then use $dbconnect again .... but do I simply use
$dbconnect again ... or must I say global $dbconnect and then use it in the
rest of the DB calls? or use GLOBALS .. Within a class I can use $this->var
correct ... but its not something to be used in a basic "procedural" if I
can call it that page...
Lets say with my config.php and its connection to the db ...where I have
$dbconnect ...... in a class I can also use it, do I access this var
straight as $dbconnect or use $this->dbconnect = $dbconnect (and define it
as global $dbconnect first before doing this)
I am getting my results and seems to working most of the time, but not sure
if I am using calls to global or $this->var ..when its not required and
calling the var direct would of sufficed.
I have never really used GLOBAL vars, so not sure how this ties in or if it
might be even more helpful ...
Some suggestions or pointers or examples would be appreciated just to clear
up some confusion.
Regards
Oh and if one class uses methods in another class .... do I instansiate a
new object of the other class .... I have seen use of OtherClass::Method
.... is this better method of $obj = new OtherClass() use
--- End Message ---
--- Begin Message ---
On Tue, Jul 14, 2009 at 6:21 AM, Anton Heuschen<anto...@gmail.com> wrote:
> This is just a general question,
>
> I am not 100% on when to use global $var , and $this->var and how/what
> about the GLOBAL vars ....
>
> Lets say I have one file I call config.php ....here I connect to the db, to
> ldap etc .... the connection "var" I can then use in a file on its own ...
> obviously after I include "config.php" .... lets say in config.php my DB
> connect was $dbconnect ....
>
> In my index.php page I then use $dbconnect again .... but do I simply use
> $dbconnect again ... or must I say global $dbconnect and then use it in the
> rest of the DB calls? or use GLOBALS .. Within a class I can use $this->var
> correct ... but its not something to be used in a basic "procedural" if I
> can call it that page...
>
>
> Lets say with my config.php and its connection to the db ...where I have
> $dbconnect ...... in a class I can also use it, do I access this var
> straight as $dbconnect or use $this->dbconnect = $dbconnect (and define it
> as global $dbconnect first before doing this)
>
> I am getting my results and seems to working most of the time, but not sure
> if I am using calls to global or $this->var ..when its not required and
> calling the var direct would of sufficed.
>
> I have never really used GLOBAL vars, so not sure how this ties in or if it
> might be even more helpful ...
>
> Some suggestions or pointers or examples would be appreciated just to clear
> up some confusion.
>
>
> Regards
>
> Oh and if one class uses methods in another class .... do I instansiate a
> new object of the other class .... I have seen use of OtherClass::Method
> .... is this better method of $obj = new OtherClass() use
>
You're really opening a big can of worms here, but it'll be a good
adventure. Just keep at it and try reading some real books on the
subject.
If you include a file, all of those variables are magically in the
current scope. So when you include config.php inside your index.php,
you can use $dbconnect directly.
Use $this-> when you are inside a class using a dynamic call on a
method or property of that class.
class Foo {
protected $bar;
public function __construct() {
$this->bar = 'wee';
}
public function setBar($value) {
$this->bar = $value;
}
}
Inside the class you would use this-> to reference bar or call any of
that classes methods/props. Outside you would use it like this:
$foo = new Foo;
$foo->setBar('blah');
If you haven't used globals yet, please do not feel compelled to do so
now. There are all sorts of ways of dealing with passing around your
application state. Globals can be used by a skilled programmer of
course, but I'd shy away from them.
I'd also recommend reading some of these pages:
http://www.php.net/manual/en/language.variables.scope.php
http://www.php.net/manual/en/language.oop5.php
Hope this helps!
--
http://www.ericbutera.us/
--- End Message ---
--- Begin Message ---
> Oh and if one class uses methods in another class .... do I instansiate a
> new object of the other class .... I have seen use of OtherClass::Method
> .... is this better method of $obj = new OtherClass() use
The :: is used to access static methods of a class. Static methods can
be used without creating an instance of the class because they dont
use any of the classes member variables.
For example say you have a class with a function for calculating the
area of a rectangle:
class SomeMathFunctions {
public function calculateRectangle($width, $height) {
return $width*$height;
}
}
To use this function you would need to first create an instance of the
class then call the method using the normal -> :
$funcs = new SomeMathFunctions();
$area = $funcs->calculateRectange(10,15);
But if you create the function as static by using " public static
function calculateRectangle($width, $height) { "
then you can access the method by using just 1 call:
$area = SomeMathFunctions::calculateRectange(10,15);
So for creating utility functions its better to use static methods
since you dont get the overhead of creating a new instance of the
class.
--- End Message ---
--- Begin Message ---
do you need to use global?
IMO you should use just 1 global variable, thats is what I call "entry point"
My scripts looks like...
require_once 'loader.php';
Loader::registerAutoload();
$foo = new Foo();
$foo->doStuff();
This way you can develop faster and do maintenance better avoiding
problems with third-party.
Here you have some rules for remember how to access
you want a $var from outside and you are outside an object or
function? => use the $var
you want a $var from outside you are inside an object or function? =>
global $var o $GLOBALS['vars'] (better to pass it as arg)
you want a $var from an object and you are inside the same object? =>
use $this->var (better $this->getVar() )
you want a $var from an object and you are inside other object? => use
$object->getVar() or Class::getVar()
It is a good practice to declare the object members as "protected" and
provide s/getters for each member (when your design allow it). Also
you can overload by using the __get, __set and __call
It is really easy to make an "automagic" object
Class AutoMagic
{
protected $_vars = array();
public/*mixed*/
function __get(/*string*/$name)
{
return isset( $this->{ $name } ) ? $this->_vars[
strtolower($name) ] : null;
}
public/*mixed*/
function __set(/*string*/$name,/*mixed*/$value)
{
return $this->_vars[ strtolower($name) ] = $value;
}
public/*boolean*/
function __isset(/*string*/$name)
{
return array_key_exists( strtolower($name), $this->_vars );
}
public/*void*/
function __unset(/*string*/$name)
{
if( isset( $this->{ $name } ))
unset( $this->_vars[ strtolower($name) ] );
}
public/*mixed*/
function __call(/*string*/$method,array $args)
{
$type = strtolower( substr( $method, 0, 3 ) );
$property = substr( $method, 3 );
switch( $type )
{
case 'get':
return $this->{ $property };
case 'set':
if( !array_key_exists(0, $args) )
trigger_error( 'Bad call in ' .
get_class($this) . '::' . $method
.'. Method needs an argument' );
return $this->{ $property } = $args[0];
case 'has':
return isset( $this->{ $property } );
case 'del':
unset( $this->{ $property } );
return;
}
trigger_error( 'Bad call in ' . get_class($this) . '::' .
$method );
}
}
On Tue, Jul 14, 2009 at 10:01 AM, Darren
Karstens<darrenkarst...@googlemail.com> wrote:
>> Oh and if one class uses methods in another class .... do I instansiate a
>> new object of the other class .... I have seen use of OtherClass::Method
>> .... is this better method of $obj = new OtherClass() use
>
> The :: is used to access static methods of a class. Static methods can
> be used without creating an instance of the class because they dont
> use any of the classes member variables.
> For example say you have a class with a function for calculating the
> area of a rectangle:
> class SomeMathFunctions {
> public function calculateRectangle($width, $height) {
> return $width*$height;
> }
> }
>
> To use this function you would need to first create an instance of the
> class then call the method using the normal -> :
> $funcs = new SomeMathFunctions();
> $area = $funcs->calculateRectange(10,15);
>
> But if you create the function as static by using " public static
> function calculateRectangle($width, $height) { "
> then you can access the method by using just 1 call:
> $area = SomeMathFunctions::calculateRectange(10,15);
>
> So for creating utility functions its better to use static methods
> since you dont get the overhead of creating a new instance of the
> class.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
Martin Scotta
--- End Message ---
--- Begin Message ---
Hello,
I've implemented a contact form on my website that would email me the contents
of the form and also add it to the database. Its working perfectly but I'm not
too sure about the security part. I don't know much about the security issues
concerned with email forms and the measures to check it. Please help.
Thanks,
Tiji
See the Web's breaking stories, chosen by people like you. Check out
Yahoo! Buzz. http://in.buzz.yahoo.com/
--- End Message ---
--- Begin Message ---
On Tue, Jul 14, 2009 at 7:46 AM, Tiji varghese<tij...@yahoo.co.in> wrote:
> Hello,
>
> I've implemented a contact form on my website that would email me the
> contents of the form and also add it to the database. Its working perfectly
> but I'm not too sure about the security part. I don't know much about the
> security issues concerned with email forms and the measures to check it.
> Please help.
>
> Thanks,
> Tiji
>
>
>
> See the Web's breaking stories, chosen by people like you. Check out
> Yahoo! Buzz. http://in.buzz.yahoo.com/
The main thing to be aware of would be 'email header injection.' Do
not allow returns/newlines in any of the mail header fields you
populate from user input. Also require a valid email address and
verify that it has a valid domain name.
Next up would just be the annoyance of a client receiving tons of spam
messages. There are a lot of automated programs crawling the web just
filling out every form it finds looking for vulns to exploit. Even if
your form has no holes in it, the client will still get all of this
unwanted junk from the automated tests. You can try to come up with
some clever ways of stopping that.
--
http://www.ericbutera.us/
--- End Message ---
--- Begin Message ---
Hello,
on two websites I have encountered that cookies are not working properly
and are accesibel from other subdomains which I do not want. The line
is:
setcookie('AdminOnCrack', $drug, $timeout, '/', $_SERVER['HTTP_HOST']);
but the "domain" is always prefixed with a ".".
OK, now I have tested it using:
setcookie('AdminOnCrack', $drug, $timeout, '/', 'myspace.tdwave.net');
but with the same problem. I do not want that the cookies are available
in <*.myspace.tdwave.net>.
Any suggestions?
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack c/o Shared Office KabelBW ICQ #328449886
+49/177/9351947 Blumenstasse 2 MSN LinuxMichi
+33/6/61925193 77694 Kehl/Germany IRC #Debian (irc.icq.com)
signature.pgp
Description: Digital signature
--- End Message ---
