php-general Digest 23 Apr 2007 12:10:11 -0000 Issue 4751 Topics (messages 253500 through 253513):
Why do i get this error message? 253500 by: H.T 253501 by: Buesching, Logan J Re: Best practices to ensure compatibility with PHP 6 253502 by: Davi 253508 by: ufan100.gmail.com Re: Preventing SQL Injection/ Cross Site Scripting 253503 by: Buesching, Logan J Re: echo date('Y-m-d', $mydata->timestamp); 253504 by: Buesching, Logan J Re: should I be looking to eliminate all notices? 253505 by: Buesching, Logan J Re: PhpMyAdmin slow on windows but fast on linux 253506 by: chris smith 253507 by: Juergen Wind 253512 by: Don Don Session Variable in Global Scope 253509 by: Sascha Braun 253510 by: Jochem Maas unset() side effects in functions 253511 by: Robert Enyedi Hi 253513 by: Nathan Wallis Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] ----------------------------------------------------------------------
--- Begin Message ---I get this error message when i try to check my site on localhost running IIS and PHP 5.1.2 : Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to allocate 24576 bytes) in ... and it points to the line which is pure html code! What could be the cause of this problem?
--- End Message ---
--- Begin Message ---Could you also send the code? Maybe 5 lines before and 5 lines after the line it is pointing to? It also means it tried to allocate 2KB of memory, which put you over your 8MB in whatever script you are running. You can set the maximum amount of memory a PHP script can use in your PHP.ini file. -----Original Message----- From: H.T [mailto:[EMAIL PROTECTED] Sent: Sunday, April 22, 2007 6:48 PM To: [EMAIL PROTECTED] Subject: [PHP] Why do i get this error message? I get this error message when i try to check my site on localhost running IIS and PHP 5.1.2 : Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to allocate 24576 bytes) in ... and it points to the line which is pure html code! What could be the cause of this problem? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---Em Domingo 22 Abril 2007 18:54, [EMAIL PROTECTED] escreveu: > Hi > > I'm would like to avoid PHP usages that are deprecated with > regard to PHP 6. I would also like to code according to > what is regarded as best practice. Are there any web > resources that I can read to keep up to date? > Have a look at PHP metting [1] and PHP-wiki [2]... =] [1] - http://www.php.net/~derick/meeting-notes.html [2] - http://oss.backendmedia.com/PhP60 -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: "Many have marked the speed with which Muad'Dib learned the necessities of Arrakis. The Bene Gesserit, of course, know the basis of this speed. For the others, we can say that Muad'Dib learned rapidly because his first training was in how to learn. And the first lesson of all was the basic trust that he could learn. It is shocking to find how many people do not believe they can learn, and how many more believe learning to be difficult. Muad'Dib knew that every experience carries its lesson. -- from "The Humanity of Muad'Dib" by the Princess Irulan"pgpQjODJqXVNR.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Davi wrote:Em Domingo 22 Abril 2007 18:54, [EMAIL PROTECTED] escreveu:... Have a look at PHP metting [1] and PHP-wiki [2]... =][1] - http://www.php.net/~derick/meeting-notes.html [2] - http://oss.backendmedia.com/PhP60Thank you for the links - it will get me started.
--- End Message ---
--- Begin Message ---There are many good resources out there, and one of my favorites for this type of information is from Chris Shiflett. http://shiflett.org/articles/sql-injection http://shiflett.org/articles/foiling-cross-site-attacks http://shiflett.org/blog/2007/mar/allowing-html-and-preventing-xss Those are a few articles on the subject, maybe some reader comments have more good links. Also, just as a best-practice, you usually don't want to reassign things into the super globals. Also to note, your filtering may be a bit too aggressive, and not all-inclusive at the same time. Too aggressive because if I want to talk about java in a comment, it will filter out every time I say java. Too lax because you are forgetting all of the HTML onclick, onhover etc... that don't need to have a <script> tag in them to be executed. Any of the preg_replace's with an = in them is redundant because you have already filtered out all of the ='s, but also note that you can have multiple spaces between href and =. You are banking that they will have 0 or 1. If available, you can look into PHP 5.2 which added some filter functions (albeit I myself haven't checked them out). You can also look into OWASP's PHP project, http://www.owasp.org/index.php/Category:OWASP_PHP_Project. That is a pretty good resource in secure coding best-practices. -Logan -----Original Message----- From: Dotan Cohen [mailto:[EMAIL PROTECTED] Sent: Friday, April 20, 2007 9:08 PM To: php php Subject: [PHP] Preventing SQL Injection/ Cross Site Scripting I've got a comments form that I'd like to harden against SQL Injection / XSS attacks. The data is stored in UTF-8 in a mysql database. I currently parse the data as such: $_POST["commentform"]=str_replace ("'", "''", $_POST["commentform"]); // q->qq $_POST["commentform"]=str_replace ("--", "", $_POST["commentform"]); // -- -> x $_POST["commentform"]=str_replace (";", "", $_POST["commentform"]); // ; -> x $_POST["commentform"]=str_replace ("=", "''", $_POST["commentform"]); // = -> x $_POST["commentform"]=preg_replace ("/java/i", "''", $_POST["commentform"]); $_POST["commentform"]=preg_replace ("/script/i", "''", $_POST["commentform"]); $_POST["commentform"]=preg_replace ("/src=/i", "''", $_POST["commentform"]); $_POST["commentform"]=preg_replace ("/src =/i", "''", $_POST["commentform"]); $_POST["commentform"]=preg_replace ("/iframe/i", "''", $_POST["commentform"]); $_POST["commentform"]=preg_replace ("/rel=/i", "''", $_POST["commentform"]); $_POST["commentform"]=preg_replace ("/rel =/i", "''", $_POST["commentform"]); $_POST["commentform"]=preg_replace ("/href=/i", "''", $_POST["commentform"]); $_POST["commentform"]=preg_replace ("/href =/i", "''", $_POST["commentform"]); $_POST["commentform"]=preg_replace ("//i", "''", $_POST["commentform"]); $_POST["commentform"]=htmlspecialchars( mysql_real_escape_string ($_POST["commentform"]) ); The first statement doubles up quotes, it's a bit difficult to see in the code. After seeing this: http://ha.ckers.org/xss.html and another similar one for SQL injection, I'm worried that my filters are not enough. What do the pro php programers out there use? Thanks in advance. Dotan Cohen http://lyricslist.com/ http://what-is-what.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---You are misunderstanding what timestamp means. The value of a timestamp is from UNIX epoch http://en.wikipedia.org/wiki/Unix_time. It is calculated by the number of seconds after January 1st, 1970. Also note, that you are overflowing the integer, which is giving you a http://en.wikipedia.org/wiki/Year_2038_problem Y2K38 problem. If you want the UNIX timestamp of 4/19/2007 16:21:23, you can do mktime(16,21,23,4,19,2007); (http://us.php.net/manual/en/function.mktime.php). -Logan -----Original Message----- From: John Taylor-Johnston [mailto:[EMAIL PROTECTED] Sent: Sunday, April 22, 2007 2:05 AM To: PHP-General Cc: John Taylor-Johnston Subject: [PHP] echo date('Y-m-d', $mydata->timestamp); $mydata->timestamp = "20070419162123"; echo date('Y-m-d', $mydata->timestamp); result: 2038-01-18 ?? What is wrong?? Should be 2007-04-19? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---[snip] I don't really want to do a isset check for every index I have. [/snip] Premature optimization is the root of all evil. Checks like this will take nanoseconds to check. Find another way to optimize, like writing better SQL queries.
--- End Message ---
--- Begin Message ---On 4/23/07, Don Don <[EMAIL PROTECTED]> wrote:Hi all how can i make my phpmyadmin run fast on windows ? I installed phpmyadmin on a linux and windows machines, but the windows version runs (executes) too slow, i.e. it takes to long for a page to be loaded, while it take less that 3 secs for the linux version. Both however run on the same system config.The phpmyadmin guys will be able to help you a lot better than we can: http://sourceforge.net/mail/?group_id=23067 -- Postgresql & php tutorials http://www.designmagick.com/
--- End Message ---
--- Begin Message ---Don Don wrote: > > Hi all how can i make my phpmyadmin run fast on windows ? I installed > phpmyadmin on a linux and windows machines, but the windows version runs > (executes) too slow, i.e. it takes to long for a page to be loaded, while > it take less that 3 secs for the linux version. Both however run on the > same system config. > Linux tries using sockets by default if (mysql)host='localhost', that's almost twice as fast as host='127.0.0.1' (using a tcp connection). On a win box you need "enable-named-pipe" in your my.cnf and connect using host='.' for connecting not using tcp. "skip-name-resolve" can speed up things a bit as well. For finding the bottleneck you can try and connect the linux mysqld from your script on the win webserver and vice versa (using tcp of course). -- View this message in context: http://www.nabble.com/PhpMyAdmin-slow-on-windows-but-fast-on-linux-tf3627944.html#a10135939 Sent from the PHP - General mailing list archive at Nabble.com.
--- End Message ---
--- Begin Message ---Hi Logan, yes reason being the linux box is live and the windows box is dev. "Buesching, Logan J" <[EMAIL PROTECTED]> wrote: You say they both have the same config, so do you mean that they both have the same version of PHP, same computer setup (Memory, CPU speed, HDD speed), both running the same version of Apache, and that both are running as either CGI or an apache module? -Logan -----Original Message----- From: Don Don [mailto:[EMAIL PROTECTED] Sent: Sunday, April 22, 2007 4:34 PM To: PHP List Subject: [PHP] PhpMyAdmin slow on windows but fast on linux Hi all how can i make my phpmyadmin run fast on windows ? I installed phpmyadmin on a linux and windows machines, but the windows version runs (executes) too slow, i.e. it takes to long for a page to be loaded, while it take less that 3 secs for the linux version. Both however run on the same system config. Cheers --------------------------------- Ahhh...imagining that irresistible "new car" smell? Check outnew cars at Yahoo! Autos. --------------------------------- Ahhh...imagining that irresistible "new car" smell? Check outnew cars at Yahoo! Autos.
--- End Message ---
--- Begin Message ---Hi Fellows, I'm getting this warning on my website: Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0 I don't really understand, how it comes to that error. In the php.ini is written, that this error occours when i register a session in a global scope. What does it mean exactly? Another thing is, that I'm often loosing the session, while surfing the website using ajax functionality in the background. I started to send the session id with the request all the time, but it seems, that some of the request are made, without showing an IP Adress in the sessions table, of my installation. I'm actually not using cookies, but the error does not occour in mozilla firefox on a windows plattform, its only occouring under linux using firefox. Internet Explorer isnt tested well enough yet, to come to an conclusion. Maybe someone is working with ajax, alot, so you might have experience with it too. Thank you very much for your help. Best Regards, Sascha -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
--- End Message ---
--- Begin Message ---post some code please ... Sascha Braun wrote: > Hi Fellows, > ... > > I'm actually not using cookies, using cookies is the highly recommended over passing the SID via the url, if your loosing the session data for some [ajax] request then that means php is not seeing or recieving the SID via the url ... in which case you will have to examine log files and headers to find out what's going on. either way I would recommend stepping over to using session cookies - personally I use php/ajax in conjunction with sessions quite a bit and have never had problems when sticking with session cookies. > but the error does not occour in mozilla > firefox on a windows plattform, its only occouring under linux using > firefox. Internet Explorer isnt tested well enough yet, to come to an > conclusion. > > Maybe someone is working with ajax, alot, so you might have experience > with it too. > > Thank you very much for your help. > > Best Regards, > > Sascha > >
--- End Message ---
--- Begin Message --- I'm doing some experimenting with the unset() (http://php.net/unset) language construct in a PHP 5.2.1 installation. I did not find any documentation on what happens to an identically named local variable's value after an unset is performed.Let me start with this example: <?php function dostuff() { $a = 4; echo ">in function (init): ".$a."<\n"; global $a; /*CHANGEME*/ unset($a); echo ">in function (after unset): ".$a."<\n"; $a = 3; echo ">in function (after local assign): ".$a."<\n"; } $a = 2; dostuff(); echo ">in page: ".$a."<\n"; ?> The output is: >in function (init): 4< >in function (after unset): < >in function (after local assign): 3< >in page: 2<So this basically means that the global $a is dereferenced by the unset() call and the local $a gets reinitialized.A different thing happens when we replace the /*CHANGEME*/ line with unset using the $GLOBALS[] array (the recommended way of unsetting a global variable from inside a function):unset($GLOBALS['a']); This time the output is: >in function (init): 4< >in function (after unset): 2< >in function (after local assign): 3< >in page: <Notice that after the unset statement the global $a is properly unset BUT the value of the local $a becomes 2, which was the value of the global $a at the function entry point.Are these behaviors documented somewhere or should't I rely on these unset() side effects at all in my code?Thanks, Robert
--- End Message ---
--- Begin Message ---Hi guys and girls, I have question for you all. I have developed a flash application which is a test for students. For each test their is an accompanying excel spreadsheet that has information related to each question they have answered and whether they got it right or wrong. I am receiving whether the student got the question right or wrong in PHP from FLASH. That part is complete. The other part I have complete is PHP emailing the teacher with an attached excel spreadsheet renamed to the studentsname_results.xls....the last part I want to complete is that of the students results being inputted into the correct column in the spreadsheet and then being attached to the email. I am guessing I would be best to not attach a physical file that resides on the server but build the data up inside PHP to resemble the file format I am trying to generate and attach that to my email. Two questions. Can someone tell me the best format to be sending (i.e. the format that has the best support for PHP) and also is this method dependent on the web server being windows or linux based. I am no expert but from what I can gather I take it that COM object support is really just for windows based web servers. Thanks and all the best, Nathan
--- End Message ---