php-general Digest 17 Feb 2012 04:40:57 -0000 Issue 7692
Topics (messages 316617 through 316646):
Re: Form Post to different domain
316617 by: Daniel Brown
316619 by: Matijn Woudt
316620 by: Daniel Brown
316621 by: Matijn Woudt
Bug with DOMNode::insertBefore in 5.x?
316618 by: Christoph Boget
Connect to Google
316622 by: John Taylor-Johnston
316623 by: Marc Guay
316624 by: Ashley Sheridan
316625 by: Marc Guay
316626 by: John Taylor-Johnston
316627 by: John Taylor-Johnston
316628 by: Ashley Sheridan
316629 by: Ashley Sheridan
316630 by: Matijn Woudt
316631 by: Marc Guay
316632 by: Marc Guay
316640 by: Maciek Sokolewicz
316642 by: Matijn Woudt
Turning a string into a condition
316633 by: Marc Guay
316634 by: Joshua Kehn
316635 by: Marc Guay
316636 by: Ashley Sheridan
316637 by: Marc Guay
316638 by: Matijn Woudt
316639 by: Marc Guay
316641 by: Kevin Kinsey
316643 by: Matijn Woudt
316644 by: Marco Behnke
Re: pathinfo or other
316645 by: Donovan Brooke
basic captcha
316646 by: Donovan Brooke
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
On Thu, Feb 16, 2012 at 09:53, Tedd Sperling <tedd.sperl...@gmail.com> wrote:
>
> Why the '.PHP_EOL' ?
>
> I've never seen that before and looking through the PHP documentation doesn't
> give me much.
Cross-compatibility. For systems which use \n, PHP_EOL will be
\n. For systems which use \r\n, PHP_EOL will be \r\n. And, for
oddball or legacy systems which still use \r.... you get the point.
This means you can rest assured that the newlines will be
appropriate for the system on which PHP is running. While it makes
little difference on the web, it makes a world of difference at the
CLI and when writing to plain-text files (including CSV). I've been
using it out of the force of habit for about seven years or so, and
exclusively (with the exception of email headers and other warranted
cases) for the last four.
There are a lot of other very useful and yet very underused
constants. You can find the info on them here:
http://php.net/reserved.constants
--
</Daniel P. Brown>
Network Infrastructure Manager
http://www.php.net/
--- End Message ---
--- Begin Message ---
On Thu, Feb 16, 2012 at 4:09 PM, Daniel Brown <danbr...@php.net> wrote:
> On Thu, Feb 16, 2012 at 09:53, Tedd Sperling <tedd.sperl...@gmail.com> wrote:
>
> This means you can rest assured that the newlines will be
> appropriate for the system on which PHP is running. While it makes
> little difference on the web, it makes a world of difference at the
> CLI and when writing to plain-text files (including CSV). I've been
> using it out of the force of habit for about seven years or so, and
> exclusively (with the exception of email headers and other warranted
> cases) for the last four.
>
What if the system PHP is running on not the same one as the one that
is going to read the plain-text/CSV/.. files? I don't think it is good
practice to use it when writing to files. I often write files on a
Linux server that people are going to read on a Windows PC.
Apart from that, most software written in the last 5-10 years will
happily read files with either \n or \r\n line endings. I'm not really
sure about Win XP for example, but if it would have a problem with the
Linux \n endings, it might even be better to *always* use \r\n line
endings (except where standards require it), as I haven't seen a
single Linux application since I started using it (about 9 years ago)
that was not able to read a file with \r\n based line endings.
Even better, go Unicode. Unicode specifies that there are 8 ways to
make a new line, and they should all be accepted. However, the pretty
uncommon NEL, LS and PS are not supported in many applications.
(though CR, LF and CRLF are).
- Matijn
--- End Message ---
--- Begin Message ---
On Thu, Feb 16, 2012 at 10:57, Matijn Woudt <tijn...@gmail.com> wrote:
>
> What if the system PHP is running on not the same one as the one that
> is going to read the plain-text/CSV/.. files? I don't think it is good
> practice to use it when writing to files. I often write files on a
> Linux server that people are going to read on a Windows PC.
Then what is the difference between PHP_EOL and forcing \n? It's
still going to use POSIX-style EOLs, but now you've taken away the
benefit of the compatibility.
> Apart from that, most software written in the last 5-10 years will
> happily read files with either \n or \r\n line endings. I'm not really
> sure about Win XP for example, but if it would have a problem with the
> Linux \n endings, it might even be better to *always* use \r\n line
> endings (except where standards require it), as I haven't seen a
> single Linux application since I started using it (about 9 years ago)
> that was not able to read a file with \r\n based line endings.
You may want to check again. Ever see ^M at the end of your
lines? Or, in vim, notice how it says it's a DOS file?
> Even better, go Unicode. Unicode specifies that there are 8 ways to
> make a new line, and they should all be accepted. However, the pretty
> uncommon NEL, LS and PS are not supported in many applications.
> (though CR, LF and CRLF are).
Nothing you've suggested is necessarily bad, but more to the
point, it doesn't come close to invalidating the benefit of PHP_EOL.
--
</Daniel P. Brown>
Network Infrastructure Manager
http://www.php.net/
--- End Message ---
--- Begin Message ---
On Thu, Feb 16, 2012 at 5:02 PM, Daniel Brown <danbr...@php.net> wrote:
> On Thu, Feb 16, 2012 at 10:57, Matijn Woudt <tijn...@gmail.com> wrote:
>>
>> What if the system PHP is running on not the same one as the one that
>> is going to read the plain-text/CSV/.. files? I don't think it is good
>> practice to use it when writing to files. I often write files on a
>> Linux server that people are going to read on a Windows PC.
>
> Then what is the difference between PHP_EOL and forcing \n? It's
> still going to use POSIX-style EOLs, but now you've taken away the
> benefit of the compatibility.
I'm not saying you should force \n then, but you might want to decide
what to force depending on who will be using it, so in case a windows
user is going to read it, then you set \r\n, otherwise you select
\n.You could even try to detect that based on a browser identification
string.
>
>> Apart from that, most software written in the last 5-10 years will
>> happily read files with either \n or \r\n line endings. I'm not really
>> sure about Win XP for example, but if it would have a problem with the
>> Linux \n endings, it might even be better to *always* use \r\n line
>> endings (except where standards require it), as I haven't seen a
>> single Linux application since I started using it (about 9 years ago)
>> that was not able to read a file with \r\n based line endings.
>
> You may want to check again. Ever see ^M at the end of your
> lines? Or, in vim, notice how it says it's a DOS file?
I have seen them, but only in files which had mixed line endings,
which should of course never be used. Vim does indeed notice it's a
'dos' file, but it's merely detecting that the file has \r\n line
endings and that it should add those too. I don't consider that bad.
>
>> Even better, go Unicode. Unicode specifies that there are 8 ways to
>> make a new line, and they should all be accepted. However, the pretty
>> uncommon NEL, LS and PS are not supported in many applications.
>> (though CR, LF and CRLF are).
>
> Nothing you've suggested is necessarily bad, but more to the
> point, it doesn't come close to invalidating the benefit of PHP_EOL.
I'm not saying using PHP_EOL is bad, but I disagree with using it
always as a habit. If line endings matter, then you need to make
decisions based on that, and don't depend on it being automatically OK
if PHP_EOL is used.
- Matijn
--- End Message ---
--- Begin Message ---
I'm having problems using DOMNode::insertBefore(). In both php 5.3.8
and 5.2.7, an exception is thrown when I'm trying to copy (and import)
a node from one document in to another and inserting it in front of an
existing node thusly :
<?php
$a = '<rootnodea><foo>foo content</foo></rootnodea>';
$b = '<rootnodeb><bar>bar content</bar></rootnodeb>';
$DOMDocumentA = new DOMDocument();
$DOMDocumentA->loadXML($a);
$DOMDocumentB = new DOMDocument();
$DOMDocumentB->loadXML($b);
$foo = $DOMDocumentA->getElementsByTagName('foo')->item(0);
$bar = $DOMDocumentB->getElementsByTagName('bar')->item(0);
$importedFoo = $DOMDocumentB->importNode($foo);
$DOMDocumentB->insertBefore($importedFoo, $bar);
echo $DOMDocumentA->saveXML();
echo "\n\n=========================\n\n";
echo $DOMDocumentB->saveXML();
/* Output for PHP 5.3.8
Fatal error: Uncaught exception 'DOMException' with message 'Not
Found Error' in /Users/current_user/Desktop/domInsertBeforeTest.php:16
Stack trace:
#0 /Users/jim/Desktop/domInsertBeforeTest.php(16):
DOMNode->insertBefore(Object(DOMElement), Object(DOMElement))
#1 {main}
thrown in /Users/current_user/Desktop/domInsertBeforeTest.php on line 16
*/
?>
Taking the second domdocument out of the equation and doing it this
way so that we are working with nodes within the same document :
<?php
$a = '<rootnodea><foo>foo content</foo></rootnodea>';
$b = '<rootnodeb><bar>bar content</bar><baz>baz content</baz></rootnodeb>';
$DOMDocumentA = new DOMDocument();
$DOMDocumentA->loadXML($a);
$DOMDocumentB = new DOMDocument();
$DOMDocumentB->loadXML($b);
$bar = $DOMDocumentB->getElementsByTagName('bar')->item(0);
$baz = $DOMDocumentB->getElementsByTagName('baz')->item(0);
// $importedFoo = $DOMDocumentB->importNode($foo);
$DOMDocumentB->insertBefore($baz, $bar);
echo $DOMDocumentA->saveXML();
echo "\n\n=========================\n\n";
echo $DOMDocumentB->saveXML();
/* Output for PHP 5.3.8
Fatal error: Uncaught exception 'DOMException' with message 'Not
Found Error' in /Users/current_user/Desktop/domInsertBeforeTest.php:16
Stack trace:
#0 /Users/jim/Desktop/domInsertBeforeTest.php(16):
DOMNode->insertBefore(Object(DOMElement), Object(DOMElement))
#1 {main}
thrown in /Users/current_user/Desktop/domInsertBeforeTest.php on line 16
*/
?>
Throws the same exception. Is there a problem with
DOMNode::insertBefore() in php5?
thnx,
Christoph
--- End Message ---
--- Begin Message ---
I'm a teacher. I want to use PHP to interface with Google and see if a
student has plagiarized.
I don't see many open-source projects on the subject, so I want to
create my own script.
How can I use PHP to interface with Google and see if this text exists
on the internet?
If this is possible, I need some ideas on how to parse the text and
input it into Google.
Then I might like to get a percentage idea of how this text compares to
a site that Google has indexed.
$SampleText = "Lorem ipsum dolor sit amet, test link adipiscing elit.
Nullam dignissim convallis est. Quisque aliquam. Donec faucibus. Nunc
iaculis suscipit dui. Nam sit amet sem. Aliquam libero nisi, imperdiet
at, tincidunt nec, gravida vehicula, nisl. Praesent mattis, massa quis
luctus fermentum, turpis mi volutpat justo, eu volutpat enim diam eget
metus. Maecenas ornare tortor. Donec sed tellus eget sapien fringilla
nonummy. Mauris a ante. Suspendisse quam sem, consequat at, commodo
vitae, feugiat in, nunc. Morbi imperdiet augue quis tellus."
John
--- End Message ---
--- Begin Message ---
> I'm a teacher. I want to use PHP to interface with Google and see if a
> student has plagiarized.
Hi. Why not just enter the suspected text into a search engine and
see if any close matches come up? If you use the advanced search
tools you can choose "verbatim" and see if the exact phrase matches.
If that's not good enough, can you explain how you would like it to
function? Would the whole paper be scanned phrase-by-phrase for
matches and then spit out a report?
Marc
--- End Message ---
--- Begin Message ---
On Wed, 2012-02-15 at 21:56 -0500, John Taylor-Johnston wrote:
> I'm a teacher. I want to use PHP to interface with Google and see if a
> student has plagiarized.
>
> I don't see many open-source projects on the subject, so I want to
> create my own script.
>
> How can I use PHP to interface with Google and see if this text exists
> on the internet?
>
> If this is possible, I need some ideas on how to parse the text and
> input it into Google.
>
> Then I might like to get a percentage idea of how this text compares to
> a site that Google has indexed.
>
>
> $SampleText = "Lorem ipsum dolor sit amet, test link adipiscing elit.
> Nullam dignissim convallis est. Quisque aliquam. Donec faucibus. Nunc
> iaculis suscipit dui. Nam sit amet sem. Aliquam libero nisi, imperdiet
> at, tincidunt nec, gravida vehicula, nisl. Praesent mattis, massa quis
> luctus fermentum, turpis mi volutpat justo, eu volutpat enim diam eget
> metus. Maecenas ornare tortor. Donec sed tellus eget sapien fringilla
> nonummy. Mauris a ante. Suspendisse quam sem, consequat at, commodo
> vitae, feugiat in, nunc. Morbi imperdiet augue quis tellus."
>
> John
>
>
Wow, that's a pretty big project you're chewing there. A quick search
shows that there are some project out there to detect plagiarism, but I
think for university calibre there's a hefty sum of money required.
To get a rough idea, you could break a text into sentences, and then
query each one of those to see if it occurs just like that. You can use
cURL to grab search results pages for this sort of thing, no need for a
special interface. There are a few things to bear in mind though:
* Googles terms and conditions may prohibit using their search
engine like this, or may impose a limit on how much you can do
this
* Some sentences will be intentionally copied, as quotes. Maybe
some sort of check against the source to see if it's in a quote
context.
* What if only part of a sentence is copied?
Maybe after you've searched for exact matches from the sentences in the
source, you could remove them from the source, then re-check every
sentence against Googles fuzzy search. It may produce many false
positives though.
There are plenty of other factors too, such as students copying from
books which don't exist in a search engines archives, some subjects may
unintentionally result in the same way of wording, particularly
technical subjects which tend to be removed from more creative and
flowery descriptive tendencies.
--
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
> If you use the advanced search
> tools you can choose "verbatim" and see if the exact phrase matches.
Just correcting myself here, the way to do this is by simply wrapping
the words in quotes "like this, hey now". The verbatim tool is
something else.
Marc
--- End Message ---
--- Begin Message ---
Can I use PHP to interface with Google? Any possible examples of this?
Let's start with the first step. :)
I'm sure proprietary sites like http://www.compilatio.net/ for example connects
to search engines. They cannot be crawling the net too. That would be crazy.
(I'm a top quoter. It's more intuitive.)
Thanks Ash.
John
Ashley Sheridan wrote:
On Wed, 2012-02-15 at 21:56 -0500, John Taylor-Johnston wrote:
How can I use PHP to interface with Google and see if this text exists
on the internet?
Wow, that's a pretty big project you're chewing there. A quick search
shows that there are some project out there to detect plagiarism, but
I think for university calibre there's a hefty sum of money required.
--- End Message ---
--- Begin Message ---
I'm a top quoter.
I would parse the text first. Phrase by phrase, or phrase segments.
Then spit out a report.
Marc Guay wrote:
If that's not good enough, can you explain how you would like it to
function? Would the whole paper be scanned phrase-by-phrase for
matches and then spit out a report?
--- End Message ---
--- Begin Message ---
On Thu, 2012-02-16 at 14:47 -0500, John Taylor-Johnston wrote:
> Can I use PHP to interface with Google? Any possible examples of this?
>
> Let's start with the first step. :)
>
> I'm sure proprietary sites like http://www.compilatio.net/ for example
> connects to search engines. They cannot be crawling the net too. That would
> be crazy.
>
> (I'm a top quoter. It's more intuitive.)
>
> Thanks Ash.
>
> John
>
>
>
> Ashley Sheridan wrote:
> > On Wed, 2012-02-15 at 21:56 -0500, John Taylor-Johnston wrote:
> >> How can I use PHP to interface with Google and see if this text exists
> >> on the internet?
> >>
> >
> > Wow, that's a pretty big project you're chewing there. A quick search
> > shows that there are some project out there to detect plagiarism, but
> > I think for university calibre there's a hefty sum of money required.
> >
It might seem more intuitive to you, but it really, really screws up the
archives.
Like I said before, cURL is the way to "interface" with Google.
Basically, cURL can be used to request resources, in this case a web
page, from the web. You can call a URL and parse the page of results to
determine whatever you need to. As you've not really hashed out any firm
ides of what exactly you want, it's a little difficult to say exactly
what you need to do.
--
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On Thu, 2012-02-16 at 14:50 -0500, John Taylor-Johnston wrote:
> I'm a top quoter.
> I would parse the text first. Phrase by phrase, or phrase segments.
> Then spit out a report.
>
> Marc Guay wrote:
> > If that's not good enough, can you explain how you would like it to
> > function? Would the whole paper be scanned phrase-by-phrase for
> > matches and then spit out a report?
>
You might be a top quoter but, please, to get the best from this list
and not annoy people post at the bottom. The list gets archived online
at many places, and it's annoying to read things in this order:
reply 4
>>reply 2
>>>>question
>>>reply 1
>reply 3
Almost every email client I know of allows bottom posting. This is just
one of the rules of this list, please don't be offended, but do try to
keep to the rules, it keeps everyone happy, and happy people are helpful
people!
--
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
2012/2/16 John Taylor-Johnston <jt.johns...@usherbrooke.ca>:
> Can I use PHP to interface with Google? Any possible examples of this?
There's Google Custom Search API:
http://code.google.com/intl/nl-NL/apis/customsearch/v1/overview.html
It interfaces in JSON, and PHP has json functions included since PHP 5.2. [1].
It's free up to 100 queries a day, after that you have to pay $5 per
1000 queries.
- Matijn
[1] www.php.net/json
--- End Message ---
--- Begin Message ---
This is the first time I've been surprised that a Drupal module
existed for something...
http://drupal.org/project/authenticate
--- End Message ---
--- Begin Message ---
Sort of off topic but here's a list of existing services (some of
which are free) in case you don't want to reinvent the wheel.
http://www.justfitstudio.com/articles/plagiarism-detection.html
--- End Message ---
--- Begin Message ---
On 16-02-2012 03:56, John Taylor-Johnston wrote:
I'm a teacher. I want to use PHP to interface with Google and see if a
student has plagiarized.
I don't see many open-source projects on the subject, so I want to
create my own script.
How can I use PHP to interface with Google and see if this text exists
on the internet?
If this is possible, I need some ideas on how to parse the text and
input it into Google.
Then I might like to get a percentage idea of how this text compares to
a site that Google has indexed.
$SampleText = "Lorem ipsum dolor sit amet, test link adipiscing elit.
Nullam dignissim convallis est. Quisque aliquam. Donec faucibus. Nunc
iaculis suscipit dui. Nam sit amet sem. Aliquam libero nisi, imperdiet
at, tincidunt nec, gravida vehicula, nisl. Praesent mattis, massa quis
luctus fermentum, turpis mi volutpat justo, eu volutpat enim diam eget
metus. Maecenas ornare tortor. Donec sed tellus eget sapien fringilla
nonummy. Mauris a ante. Suspendisse quam sem, consequat at, commodo
vitae, feugiat in, nunc. Morbi imperdiet augue quis tellus."
John
Hi, why don't you use one of existing tools for this? Our university
(and most universities, and apparently also schools, in the Netherlands)
use(s) ephorus (www.ephorus.com). As a tool it works quite well and does
exactly what you asked for.
I'm not sure about the costs though, though they claim them to be very low.
The site seems to be experiencing difficulties right now, hopefuly it'll
be up soon again.
- Tul
--- End Message ---
--- Begin Message ---
On Thu, Feb 16, 2012 at 10:56 PM, Maciek Sokolewicz
<maciek.sokolew...@gmail.com> wrote:
> On 16-02-2012 03:56, John Taylor-Johnston wrote:
>>
>> I'm a teacher. I want to use PHP to interface with Google and see if a
>> student has plagiarized.
>>
>> I don't see many open-source projects on the subject, so I want to
>> create my own script.
>>
>> How can I use PHP to interface with Google and see if this text exists
>> on the internet?
>>
>> If this is possible, I need some ideas on how to parse the text and
>> input it into Google.
>>
>> Then I might like to get a percentage idea of how this text compares to
>> a site that Google has indexed.
>>
>>
>> $SampleText = "Lorem ipsum dolor sit amet, test link adipiscing elit.
>> Nullam dignissim convallis est. Quisque aliquam. Donec faucibus. Nunc
>> iaculis suscipit dui. Nam sit amet sem. Aliquam libero nisi, imperdiet
>> at, tincidunt nec, gravida vehicula, nisl. Praesent mattis, massa quis
>> luctus fermentum, turpis mi volutpat justo, eu volutpat enim diam eget
>> metus. Maecenas ornare tortor. Donec sed tellus eget sapien fringilla
>> nonummy. Mauris a ante. Suspendisse quam sem, consequat at, commodo
>> vitae, feugiat in, nunc. Morbi imperdiet augue quis tellus."
>>
>> John
>>
> Hi, why don't you use one of existing tools for this? Our university (and
> most universities, and apparently also schools, in the Netherlands) use(s)
> ephorus (www.ephorus.com). As a tool it works quite well and does exactly
> what you asked for.
>
> I'm not sure about the costs though, though they claim them to be very low.
>
> The site seems to be experiencing difficulties right now, hopefuly it'll be
> up soon again.
>
> - Tul
It seems they are not very reliable as their site is down now.. ;)
--- End Message ---
--- Begin Message ---
Hi folks,
I've constructed simple conditions based on DB data and would like to
actually evaluate them with PHP. For example, the coded string "$x <
$y" has been str_replaced into "4 < 5", but now I would actually like
to use that string in an if() statement. I tried eval() but got an
unhelpful error, any thoughts would be welcome.
Marc
--- End Message ---
--- Begin Message ---
Can you explain a more clearly what it is you're trying to accomplish?
It sounds like you have a string "$x < $y" in the database that you then
replace into a string "4 < 5" which you want to test a conditional on. If this
is the case, why are you storing conditionals in the database?
Regards,
–Josh
____________________________________
Joshua Kehn | @joshkehn
http://joshuakehn.com
On Feb 16, 2012, at 3:31 PM, Marc Guay wrote:
> Hi folks,
>
> I've constructed simple conditions based on DB data and would like to
> actually evaluate them with PHP. For example, the coded string "$x <
> $y" has been str_replaced into "4 < 5", but now I would actually like
> to use that string in an if() statement. I tried eval() but got an
> unhelpful error, any thoughts would be welcome.
>
> Marc
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
> It sounds like you have a string "$x < $y" in the database that you then
> replace into a string "4 < 5" which you want to test a conditional on. If
> this is the case, why are you storing conditionals in the database?
The user will be able to construct their own query strings, it's
complicated but necessary. The issue I'm dealing with, though, is
this:
$condition = "4 < 5";
if ($condition){
//do stuff
}
--- End Message ---
--- Begin Message ---
On Thu, 2012-02-16 at 15:38 -0500, Marc Guay wrote:
> > It sounds like you have a string "$x < $y" in the database that you then
> > replace into a string "4 < 5" which you want to test a conditional on. If
> > this is the case, why are you storing conditionals in the database?
>
> The user will be able to construct their own query strings, it's
> complicated but necessary. The issue I'm dealing with, though, is
> this:
>
> $condition = "4 < 5";
> if ($condition){
> //do stuff
> }
>
You were on the right lines with the eval:
$condition = "return 4 < 5;";
if (eval($condition))
{
//do stuff
}
I just added the return statement and the semicolon, because the error
was complaining about it not being a proper PHP statement basically.
--
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
> I just added the return statement and the semicolon, because the error was
> complaining about it not being a proper PHP statement basically.
That's beautiful, thanks. I just stumbled across a forum post that
said it wasn't possible and was about to give up for the day.
Marc
--- End Message ---
--- Begin Message ---
On Thu, Feb 16, 2012 at 9:49 PM, Marc Guay <marc.g...@gmail.com> wrote:
>> I just added the return statement and the semicolon, because the error was
>> complaining about it not being a proper PHP statement basically.
>
> That's beautiful, thanks. I just stumbled across a forum post that
> said it wasn't possible and was about to give up for the day.
>
> Marc
While it works, I'm a bit worried about how you're going to use this.
If the data is from user input, then this is really dangerous (that's
why there is a big fat warning on the eval man page).
You can easily execute nasty commands with eval.
If it is user input, then it would be much safer to do the parsing
yourself. It shouldn't be that hard to parse this type of expressions.
- Matijn
- Matijn
--- End Message ---
--- Begin Message ---
> It shouldn't be that hard to parse this type of expressions.
I appreciate your concern, and will do my best to validate the input,
but there are two things:
1) The application will only be used by selected users.
and
2) The range of possibilities are broader than I indicated. They
would like to be able to enter conditions of all sorts. i.e.
($x / $y) > 0.5
(($a+$b+$c) / $d) < .75
etc.
If you have any suggestions on how to increase the security while
maintaning the flexibility, I'd be happy to hear it.
Marc
--- End Message ---
--- Begin Message ---
On Thu, Feb 16, 2012 at 04:37:18PM -0500, Marc Guay wrote:
> > It shouldn't be that hard to parse this type of expressions.
>
> I appreciate your concern, and will do my best to validate the input,
> but there are two things:
>
> 1) The application will only be used by selected users.
> and
> 2) The range of possibilities are broader than I indicated. They
> would like to be able to enter conditions of all sorts. i.e.
>
> ($x / $y) > 0.5
> (($a+$b+$c) / $d) < .75
>
> etc.
>
> If you have any suggestions on how to increase the security while
> maintaning the flexibility, I'd be happy to hear it.
>
> Marc
You might try making a list of "dirty words" (in this case, not
the 4-letter type, but things you wouldn't want the user to be
able to do (mail() calls, filesystem type calls, etc.).
Another possibility might be to explode the contents of the
expression and run a call to function_exists() on it ... but
that might be a tad too broad as well.
HTH,
Kevin Kinsey
--- End Message ---
--- Begin Message ---
On Thu, Feb 16, 2012 at 10:37 PM, Marc Guay <marc.g...@gmail.com> wrote:
>> It shouldn't be that hard to parse this type of expressions.
>
> I appreciate your concern, and will do my best to validate the input,
> but there are two things:
>
> 1) The application will only be used by selected users.
> and
Even selected users can not be trusted, or it could be 'by accident',
though that seems unlikely.
> 2) The range of possibilities are broader than I indicated. They
> would like to be able to enter conditions of all sorts. i.e.
>
> ($x / $y) > 0.5
> (($a+$b+$c) / $d) < .75
>
> etc.
>
> If you have any suggestions on how to increase the security while
> maintaning the flexibility, I'd be happy to hear it.
>
> Marc
A simple recursive PHP parser would work. You can find an example
here[1], though it handles probably more than you would like.
- Matijn
[1] http://aragon-online.net/forums/showthread.php?t=530
--- End Message ---
--- Begin Message ---
Am 16.02.12 22:37, schrieb Marc Guay:
> 2) The range of possibilities are broader than I indicated. They would
> like to be able to enter conditions of all sorts. i.e. ($x / $y) > 0.5
> (($a+$b+$c) / $d) < .75 etc. If you have any suggestions on how to
> increase the security while maintaning the flexibility, I'd be happy
> to hear it. Marc
Is math all you want to use? Parsing will be an easy doing and I am
pretty sure there are a lot of examples around the web.
E.g.:
http://www.phpclasses.org/package/2695-PHP-Safely-evaluate-mathematical-expressions.html
--
Marco Behnke
Dipl. Informatiker (FH), SAE Audio Engineer Diploma
Zend Certified Engineer PHP 5.3
Tel.: 0174 / 9722336
e-Mail: ma...@behnke.biz
Softwaretechnik Behnke
Heinrich-Heine-Str. 7D
21218 Seevetal
http://www.behnke.biz
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Elbert F wrote:
SCRIPT_NAME is a server side path, try REQUEST_URI. This includes the query
string but it's easy to remove.
Elbert
http://swiftlet.org
Hi, I thought I should say that server side SCRIPT_NAME seems to be fine
for me in this case. Thanks for the input.
Donovan
--
D Brooke
--- End Message ---
--- Begin Message ---
Hello,
Does anyone know of a basic (open source or freeware) form captcha
system for PHP?
TIA,
Donovan
--
D Brooke
--- End Message ---
