php-general Digest 23 Dec 2011 16:14:02 -0000 Issue 7622
Topics (messages 316082 through 316093):
Re: Online Form Creation
316082 by: Christopher Lee
316083 by: Jim Lucas
316084 by: Govinda
316085 by: Christopher Lee
316088 by: Tedd Sperling
316089 by: Christopher Lee
Relative includes and include_path
316086 by: Jasper Horn
Re: Question regarding passwords/security
316087 by: Al
316090 by: Paul M Foster
316091 by: Stuart Dallas
316092 by: Al
Error Reporting
316093 by: Floyd Resler
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
On Dec 21, 2011, at 2:14 AM, Tedd Sperling wrote:
>I don't see a problem here.
>
>1. Figure out how to create a HTML form (Investigate HTML tables).
>2. Then write a PHP that will scrub the data and submit it to MySQL.
>
>The length and layout of the forms are of no significance.
>
>This is basic html/php -- try creating something and submit your work for our
>review. If you want us to write the >code for you, please look elsewhere.
Tedd,
I appreciate your reply to my post. In no way do I expect anyone to code for
me. If that were the case I would hire someone. I have posted to this list
numerous times and, if I am not mistaken, the list is designed to ask for
suggestions, which I did. Being rude does not help anyone.
I understand how to program radio buttons in a form that record 'instances' of
a response. I just was not sure how to set-up a similar matrix to allow the
user to enter a numerical value.
I will follow your suggestion and submit my work.
Best,
Christopher
-----Original Message-----
From: Tedd Sperling [mailto:tedd.sperl...@gmail.com]
Sent: Wednesday, December 21, 2011 12:05 PM
To: PHP-General List
Cc: Christopher Lee
Subject: Re: [PHP] Online Form Creation
On Dec 21, 2011, at 2:14 AM, Christopher Lee wrote:
> Hello All,
>
> I have two forms (see attached) that I would like to recreate and enable the
> user to complete the form online. The data would be collected in a MySQL DB.
>
> http://ucensys.com/activities.pdf
>
> http://ucensys.com/guidelines.pdf
>
> You will see that the forms are in a matrix format. I am having trouble
> figuring out the best way to create the form and ensure the data is collected
> properly in the DB. Any suggestions would be greatly appreciated.
>
> Best,
>
> Christopher
I don't see a problem here.
1. Figure out how to create a HTML form (Investigate HTML tables).
2. Then write a PHP that will scrub the data and submit it to MySQL.
The length and layout of the forms are of no significance.
This is basic html/php -- try creating something and submit your work for our
review. If you want us to write the code for you, please look elsewhere.
Cheers,
tedd
_____________________
t...@sperling.com
http://sperling.com
This message is for the designated recipient only and may contain privileged,
proprietary, or otherwise private information. If you have received it in
error, please notify the sender immediately and delete the original. Any other
use of the email by you is prohibited.
--- End Message ---
--- Begin Message ---
On 12/22/2011 8:22 AM, Christopher Lee wrote:
> On Dec 21, 2011, at 2:14 AM, Tedd Sperling wrote:
>
>> I don't see a problem here.
>>
>> 1. Figure out how to create a HTML form (Investigate HTML tables).
>> 2. Then write a PHP that will scrub the data and submit it to MySQL.
>>
>> The length and layout of the forms are of no significance.
>>
>> This is basic html/php -- try creating something and submit your work for
>> our
>> review. If you want us to write the code for you, please look elsewhere.
>
> Tedd,
>
> I appreciate your reply to my post. In no way do I expect anyone to code for
> me.
> If that were the case I would hire someone. I have posted to this list
> numerous
> times and, if I am not mistaken, the list is designed to ask for suggestions,
> which I did. Being rude does not help anyone.
He wasn't being rude. He was informing you of what to expect. Honestly, with
how your two emails read, it seemed as though you were asking for examples of
how to write the basic structure of the HTML and processing script.
We like to see someone submit code that attempts to complete the task that they
are looking to accomplish when they are asking for help.
>
> I understand how to program radio buttons in a form that record 'instances'
> of a
> response.
If you understand how to program radio buttons, then you should know how to
include an <input type="text" .. /> field and <textarea ...></textarea> in your
code as well.
> I just was not sure how to set-up a similar matrix to allow the user
> to enter a numerical value.
matrix = table ??
wrap the table in a form and add the radio and text fields as needed. throwing
in a needed textarea here and there would be helpful as well.
>
> I will follow your suggestion and submit my work.
>
> Best,
>
> Christopher
>
> -----Original Message-----
> From: Tedd Sperling [mailto:tedd.sperl...@gmail.com]
> Sent: Wednesday, December 21, 2011 12:05 PM
> To: PHP-General List
> Cc: Christopher Lee
> Subject: Re: [PHP] Online Form Creation
>
> On Dec 21, 2011, at 2:14 AM, Christopher Lee wrote:
>
>> Hello All,
>>
>> I have two forms (see attached) that I would like to recreate and enable the
>> user to complete the form online. The data would be collected in a MySQL DB.
>>
>> http://ucensys.com/activities.pdf
>>
>> http://ucensys.com/guidelines.pdf
>>
>> You will see that the forms are in a matrix format. I am having trouble
>> figuring out the best way to create the form and ensure the data is collected
>> properly in the DB. Any suggestions would be greatly appreciated.
>>
>> Best,
>>
>> Christopher
>
> I don't see a problem here.
>
> 1. Figure out how to create a HTML form (Investigate HTML tables).
> 2. Then write a PHP that will scrub the data and submit it to MySQL.
>
> The length and layout of the forms are of no significance.
>
> This is basic html/php -- try creating something and submit your work for our
> review. If you want us to write the code for you, please look elsewhere.
>
> Cheers,
>
> tedd
>
> _____________________
> t...@sperling.com
> http://sperling.com
--
Jim Lucas
http://www.cmsws.com/
http://www.cmsws.com/examples/
http://www.bendsource.com/
--- End Message ---
--- Begin Message ---
> I understand how to program radio buttons in a form that record 'instances'
> of a response. I just was not sure how to set-up a similar matrix to allow
> the user to enter a numerical value.
Christopher,
Maybe Tedd was a little curt, but the language you used just made it seem like
you had not done enough HTML work to really be able to sort out the difference
between HTML problems (missing pieces in your understanding), and PHP problems.
HTML forms are totally independent of what you DO with the data that gets
submitted when the user clicks the form's submit button. HTML lets you lay out
the form to look however you want.. (you can use HTML's <table...>...</table>
to achieve the visual layout you want). PHP is needed to HANDLE the data
(receive it from the submitting form and save it to a db). When you say, "You
will see that the forms are in a matrix format", and, "...[you] are not sure
how to set-up a similar matrix..." it sounds like an HTML problem. If you do
need help with HTML layout, then practice, Google, and consulting an HTML list
will be your best bet.
Now, if you need help with writing the PHP that handles the data, then great!
This is the right place to ask! But we need to see code you attempted, in
order to know your level of understanding, and so be able to guide better.
> I will follow your suggestion and submit my work.
-Govinda
--- End Message ---
--- Begin Message ---
>Now, if you need help with writing the PHP that handles the data, then great!
>This is the right place to ask! But we need to see code you attempted, in
>order to know your level of understanding, and so be able to guide better.
Hi Godiva, I appreciate all the great comments/suggestions from everyone. I
probably could have worded my initial email a little better. Thank you to Tedd
as well.
Best,
Christopher
-----Original Message-----
From: Govinda [mailto:govinda.webdnat...@gmail.com]
Sent: Thursday, December 22, 2011 12:15 PM
To: Christopher Lee
Cc: PHP-General List
Subject: Re: [PHP] Online Form Creation
> I understand how to program radio buttons in a form that record 'instances'
> of a response. I just was not sure how to set-up a similar matrix to allow
> the user to enter a numerical value.
Christopher,
Maybe Tedd was a little curt, but the language you used just made it seem like
you had not done enough HTML work to really be able to sort out the difference
between HTML problems (missing pieces in your understanding), and PHP problems.
HTML forms are totally independent of what you DO with the data that gets
submitted when the user clicks the form's submit button. HTML lets you lay out
the form to look however you want.. (you can use HTML's <table...>...</table>
to achieve the visual layout you want). PHP is needed to HANDLE the data
(receive it from the submitting form and save it to a db). When you say, "You
will see that the forms are in a matrix format", and, "...[you] are not sure
how to set-up a similar matrix..." it sounds like an HTML problem. If you do
need help with HTML layout, then practice, Google, and consulting an HTML list
will be your best bet.
Now, if you need help with writing the PHP that handles the data, then great!
This is the right place to ask! But we need to see code you attempted, in
order to know your level of understanding, and so be able to guide better.
> I will follow your suggestion and submit my work.
-Govinda
This message is for the designated recipient only and may contain privileged,
proprietary, or otherwise private information. If you have received it in
error, please notify the sender immediately and delete the original. Any other
use of the email by you is prohibited.
--- End Message ---
--- Begin Message ---
On Dec 22, 2011, at 11:22 AM, Christopher Lee wrote:
> Tedd,
>
> I appreciate your reply to my post. In no way do I expect anyone to code for
> me. If that were the case I would hire someone. I have posted to this list
> numerous times and, if I am not mistaken, the list is designed to ask for
> suggestions, which I did. Being rude does not help anyone.
>
> I understand how to program radio buttons in a form that record 'instances'
> of a response. I just was not sure how to set-up a similar matrix to allow
> the user to enter a numerical value.
>
> I will follow your suggestion and submit my work.
>
> Best,
>
> Christopher
Christopher:
My apologies if you took my comments as being rude. The point here is that if
you want advice, then we need to see what is causing you problems. Giving us an
outline of what you want isn't giving us anything other than "This is what I
want" -- with an implied "Do it".
My advice, the first step will be to create a form with elements like these:
http://rebel.lcc.edu/sperlt/citw229/examples/postform/index.php
http://rebel.lcc.edu/sperlt/citw229/examples/stickyradio/
http://rebel.lcc.edu/sperlt/citw229/examples/stickycheckbox/
http://rebel.lcc.edu/sperlt/citw229/examples/stickymultselect/
and then get it to work for you. If it fails, present it, and we'll comment.
Cheers,
tedd
PS: Everything you need for this first step is provided above. The next step
will be cleaning the data and placing it into the database.
_____________________
t...@sperling.com
http://sperling.com
--- End Message ---
--- Begin Message ---
>My apologies if you took my comments as being rude. The point here is that if
>you want advice, then we need to see what is causing you problems. Giving us
>an outline of what you want isn't giving us anything other than "This is what
>I want" -- with an implied "Do it".
Hi Tedd, I apologize as well Tedd. Reading back over my email it was not worded
the best. I appreciate the assistance and promise to be more through when
posting. This is part of the growing pains for me as a newbie.
Best,
Chris
-----Original Message-----
From: Tedd Sperling [mailto:tedd.sperl...@gmail.com]
Sent: Thursday, December 22, 2011 1:43 PM
To: PHP-General List
Cc: Christopher Lee
Subject: Re: [PHP] Online Form Creation
On Dec 22, 2011, at 11:22 AM, Christopher Lee wrote:
> Tedd,
>
> I appreciate your reply to my post. In no way do I expect anyone to code for
> me. If that were the case I would hire someone. I have posted to this list
> numerous times and, if I am not mistaken, the list is designed to ask for
> suggestions, which I did. Being rude does not help anyone.
>
> I understand how to program radio buttons in a form that record 'instances'
> of a response. I just was not sure how to set-up a similar matrix to allow
> the user to enter a numerical value.
>
> I will follow your suggestion and submit my work.
>
> Best,
>
> Christopher
Christopher:
My apologies if you took my comments as being rude. The point here is that if
you want advice, then we need to see what is causing you problems. Giving us an
outline of what you want isn't giving us anything other than "This is what I
want" -- with an implied "Do it".
My advice, the first step will be to create a form with elements like these:
http://rebel.lcc.edu/sperlt/citw229/examples/postform/index.php
http://rebel.lcc.edu/sperlt/citw229/examples/stickyradio/
http://rebel.lcc.edu/sperlt/citw229/examples/stickycheckbox/
http://rebel.lcc.edu/sperlt/citw229/examples/stickymultselect/
and then get it to work for you. If it fails, present it, and we'll comment.
Cheers,
tedd
PS: Everything you need for this first step is provided above. The next step
will be cleaning the data and placing it into the database.
_____________________
t...@sperling.com
http://sperling.com
This message is for the designated recipient only and may contain privileged,
proprietary, or otherwise private information. If you have received it in
error, please notify the sender immediately and delete the original. Any other
use of the email by you is prohibited.
--- End Message ---
--- Begin Message ---
Hi all,
On the the include_path php.net says:
"Using a . in the include path allows for relative includes as it
means the current directory. However, it is more efficient to
explicitly use include './file' than having PHP always check the
current directory for every include. "
(http://www.php.net/manual/en/ini.core.php#ini.include-path)
While this does not state that starting every include with "./" is
equivalent to having an include_path that is ".", it does suggest
exactly that.
However, I tried this in the field, and came to a different
conclusion. (I included my experiment below.)
Is the idea that those two are equivalent wrong?
Am I doing something wrong?
Is something strange going on?
Can anyone clear this issue up for me?
Thanks,
Jasper
---
The experiment:
On a machine where the include_path is ".", I had the following file structure:
- A.php
- B.php
- C.php
- file.php
- sub/includeA.php
- sub/includeB.php
- sub/includeC.php
The content of the files:
A.php
<?php
include 'file.php'
?>
B.php
<?php
include './file.php'
?>
C.php
<?php
include './../file.php'
?>
file.php
<?php
echo "Included successfully!";
?>
includeA.php
<?php
include '../A.php'
?>
includeB.php
<?php
include '../B.php'
?>
includeC.php
<?php
include '../C.php'
?>
Now if you visit A.php or B.php the file will be included
successfully. Obviously, C.php fails to include anything.
includeA.php works all the same, but includeB.php can't find file.php.
includeC.php, on the other hand, finds it just fine.
This would suggest that include_path being "." means you can include
from the path of the current file, while starting your "./" means you
start looking from the current parh.
--- End Message ---
--- Begin Message ---
On 12/22/2011 10:05 AM, Paul M Foster wrote:
Not sure how to ask this question... I've always eschewed consulting a
database on page loads to determine if a user is logged in, primarily
because of latency issues. For example, you could store a nonce like the
session ID in a table for a user when they log in. Then each time they
arrive at a page which needs certain permissions to access, you'd check
the table for the nonce and compare it to the actual session ID or
whatever to determine that they're properly logged in. This seems
reasonable but suffers from the lag on the database link's
query-and-response lag time. So I've always preferred some solution
where something is dragged along in a session cookie instead. Maybe
something like the hash of user login, email and user name, which
wouldn't be there unless you'd put it there on login. But this latter
scheme just seems inherently less secure than consulting the table.
Is there any concensus or overwhelming argument one way or the other?
Paul
Why not just use Sessions, that's what the function is for.
http://php.net/manual/en/features.sessions.php There is a good example on this
page.
I'm also big on using the session buffer to maintain the current states for
visitors. e.g., one I'm working on now. Obviously, most are binary switches.
Makes condition logic simple.
[confirmedRestrictedUser] =>
[idPassed] =>
[loggedIn] =>
[newRegRecordMode] =>
[pendingRestrictedUser] =>
[recordToken] =>
[regModeLoggedIn] =>
[regUserEditMode] =>
[restrictedMode] => 1
[secrCodePassed] =>
[securityPassed] =>
[sessionStart] => Thu, 22 Dec 2011 12:49:54 -0500
[userType] => restricted
--- End Message ---
--- Begin Message ---
On Thu, Dec 22, 2011 at 12:55:41PM -0500, Al wrote:
>
>
> On 12/22/2011 10:05 AM, Paul M Foster wrote:
> >Not sure how to ask this question... I've always eschewed consulting a
> >database on page loads to determine if a user is logged in, primarily
> >because of latency issues. For example, you could store a nonce like the
> >session ID in a table for a user when they log in. Then each time they
> >arrive at a page which needs certain permissions to access, you'd check
> >the table for the nonce and compare it to the actual session ID or
> >whatever to determine that they're properly logged in. This seems
> >reasonable but suffers from the lag on the database link's
> >query-and-response lag time. So I've always preferred some solution
> >where something is dragged along in a session cookie instead. Maybe
> >something like the hash of user login, email and user name, which
> >wouldn't be there unless you'd put it there on login. But this latter
> >scheme just seems inherently less secure than consulting the table.
> >
> >Is there any concensus or overwhelming argument one way or the other?
> >
> >Paul
> >
>
> Why not just use Sessions, that's what the function is for.
> http://php.net/manual/en/features.sessions.php There is a good example on
> this page.
>
> I'm also big on using the session buffer to maintain the current
> states for visitors. e.g., one I'm working on now. Obviously, most
> are binary switches. Makes condition logic simple.
>
> [confirmedRestrictedUser] =>
> [idPassed] =>
> [loggedIn] =>
> [newRegRecordMode] =>
> [pendingRestrictedUser] =>
> [recordToken] =>
> [regModeLoggedIn] =>
> [regUserEditMode] =>
> [restrictedMode] => 1
> [secrCodePassed] =>
> [securityPassed] =>
> [sessionStart] => Thu, 22 Dec 2011 12:49:54 -0500
> [userType] => restricted
I have concerns that the items in a session buffer can be copied and
used to spoof legitimate logins. This is harder to do when the info is
held in a database.
Paul
--
Paul M. Foster
http://noferblatz.com
http://quillandmouse.com
--- End Message ---
--- Begin Message ---
On 22 Dec 2011, at 19:34, Paul M Foster wrote:
> I have concerns that the items in a session buffer can be copied and
> used to spoof legitimate logins. This is harder to do when the info is
> held in a database.
Storing stuff in a database is no more secure, it simply requires one single
extra step... finding the DB credentials in the source code. Given that the
only way a user could read session data (assuming you're using the default
session handler, i.e. file-based) is if they have access to those files.
If they do have access to those files they almost certainly also have access to
your source code (since the web user must be able to read both), especially if
you're using a shared host. If you're using a dedicated server then you should
address the reason you're worried about people having access to session files
first.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
--- End Message ---
--- Begin Message ---
On 12/22/2011 2:54 PM, Stuart Dallas wrote:
On 22 Dec 2011, at 19:34, Paul M Foster wrote:
I have concerns that the items in a session buffer can be copied and
used to spoof legitimate logins. This is harder to do when the info is
held in a database.
Storing stuff in a database is no more secure, it simply requires one single
extra step... finding the DB credentials in the source code. Given that the
only way a user could read session data (assuming you're using the default
session handler, i.e. file-based) is if they have access to those files.
If they do have access to those files they almost certainly also have access to
your source code (since the web user must be able to read both), especially if
you're using a shared host. If you're using a dedicated server then you should
address the reason you're worried about people having access to session files
first.
-Stuart
Sessions are faster, one step to read the session array.
Encode a token e.g., MD5 the timestamp, and save it in the session buffer. Gets
pretty secure. If you're on a shared host with poor security, bad folks can do
anything on your site.
--- End Message ---
--- Begin Message ---
I know this is a very basic question and I'm almost embarrassed to ask it, but
it's something I really struggle with. That is, getting the right combination
of error reporting options together to report the errors I want. Right now, I
get the errors I want except for parse errors. Basically, I want all errors
but not warnings. What would be a good combination of error report options for
my php.ini file?
Thanks!
Floyd
--- End Message ---
