php-general Digest 1 Feb 2012 14:24:06 -0000 Issue 7671 Topics (messages 316432 through 316445):
Re: Time zone in date function 316432 by: Ian 316434 by: Jonesy 316436 by: Matijn Woudt 316442 by: Jonesy Cannot make bzip2 stream "on the fly" 316433 by: Michael Shestero 316435 by: Maciek Sokolewicz 316439 by: Michael Shestero When to call mysqli::close 316437 by: Albert Kamau 316438 by: Stuart Dallas Re: differences in between these env. variables 316440 by: Tedd Sperling free space 316441 by: saeed ahmed 316443 by: Sean Greenslade 316444 by: admin.buskirkgraphics.com Re: Autoloading 316445 by: Marco Behnke Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net ----------------------------------------------------------------------
--- Begin Message ---On 31/01/2012 01:55, Ron Piggott wrote: > > On my clients account when I use “echo date(‘D, d M Y H:i:s');” the output is > 5 hours ahead of us. How do I change it to my local time? Is there a way to > specify “Eastern” time zone? > > I expect this would work: > > echo date(‘D, d M Y H:i:s' , ( strtotime( date(‘D, d M Y H:i:s') – 21600 ) ) > ); > > I would prefer to specify Eastern time, so if the web host changes a server > setting it will remain in Eastern time zone. Ron Hi Ron, I use this function to get the current time in a particular timezone: <?php /** * Return the current local time by timezone name * @param string $timezone * @return array * @author Ian Gibbons */ function getNowByTimezone($timezone){ $remote_timezone= new DateTimeZone($timezone); $remote_time = new DateTime("now", $remote_timezone); return getDate(strtotime($remote_time->format("Y-m-d H:i:s"))); } ?> Example: <? $london_time = getNowByTimezone("Europe/London"); echo date("D, d M Y H:i:s", $london_time[0]); ?> Regards Ian
--- End Message ---
--- Begin Message ---On Tue, 31 Jan 2012 14:57:41 +1300, Simon J Welsh wrote: > On 31/01/2012, at 2:55 PM, Ron Piggott wrote: > >> >> On my clients account when I use ?echo date(?D, d M Y H:i:s');? the output >> is 5 hours ahead of us. How do I change it to my local time? Is there a >> way to specify ?Eastern? time zone? >> >> I expect this would work: >> >> echo date(?D, d M Y H:i:s' , ( strtotime( date(?D, d M Y H:i:s') ? 21600 ) >> ) ); >> >> I would prefer to specify Eastern time, so if the web host changes a server >> setting it will remain in Eastern time zone. Ron > > You can set the timezone for your script using date_default_timezone_set() > http://php.net/manual/en/function.date-default-timezone-set.php (wrap your lines, folks!) Is there a reason _not_ to use viz: putenv("TZ=America/Anguilla"); ?? Or, is it simple "Just The Linux Way"(tm) , i.e. there's always more than one way to do a 'thing'? Jonesy -- Marvin L Jones | jonz | W3DHJ | linux 38.24N 104.55W | @ config.com | Jonesy | OS/2 * Killfiling google & XXXXbanter.com: jonz.net/ng.htm
--- End Message ---
--- Begin Message ---On Tue, Jan 31, 2012 at 4:22 PM, Jonesy <gm...@jonz.net> wrote: > On Tue, 31 Jan 2012 14:57:41 +1300, Simon J Welsh wrote: >> On 31/01/2012, at 2:55 PM, Ron Piggott wrote: >> >>> >>> On my clients account when I use ?echo date(?D, d M Y H:i:s');? the output >>> is 5 hours ahead of us. How do I change it to my local time? Is there a >>> way to specify ?Eastern? time zone? >>> >>> I expect this would work: >>> >>> echo date(?D, d M Y H:i:s' , ( strtotime( date(?D, d M Y H:i:s') ? 21600 ) >>> ) ); >>> >>> I would prefer to specify Eastern time, so if the web host changes a server >>> setting it will remain in Eastern time zone. Ron >> >> You can set the timezone for your script using date_default_timezone_set() >> http://php.net/manual/en/function.date-default-timezone-set.php > > (wrap your lines, folks!) > > Is there a reason _not_ to use viz: > > putenv("TZ=America/Anguilla"); > ?? > > Or, is it simple "Just The Linux Way"(tm) , i.e. there's > always more than one way to do a 'thing'? > > Jonesy >From the PHP Manual: "every call to a date/time function will generate a E_NOTICE if the timezone isn't valid, and/or a E_WARNING message if using the system settings or the TZ environment variable." So that will generate E_WARNING messages. - Matijn
--- End Message ---
--- Begin Message ---On Tue, 31 Jan 2012 17:15:48 +0100, Matijn Woudt wrote: > On Tue, Jan 31, 2012 at 4:22 PM, Jonesy <gm...@jonz.net> wrote: >> >> Is there a reason _not_ to use viz: >> >> putenv("TZ=America/Anguilla"); >> ?? >> >> Or, is it simple "Just The Linux Way"(tm) , i.e. there's >> always more than one way to do a 'thing'? > > From the PHP Manual: > "every call to a date/time function will generate a E_NOTICE if the > timezone isn't valid, and/or a E_WARNING message if using the system > settings or the TZ environment variable." > > So that will generate E_WARNING messages. Ya, but... I am using that _very_ statement and get no E_WARNING. The timezone illustrated _is_ valid. IWFM. I believe the PHP manual is 'awkwardly' written in this case. Better would be if that *whole* sentence above was re-written beginning with "If the timezone is invalid, every call .... , and/or an E_WARNING ... " As written, it could be construed to mean an E_WARNING is _always_ generated for setting the TZ environment variable. Jonesy
--- End Message ---
--- Begin Message ---header("Content-Description: File Transfer"); header("Content-Disposition: attachment; filename=f.bzip2"); header("Content-Type: application/x-bzip2"); //header("Content-length: " . strlen($zippedfile) . "\n\n"); header("Content-Transfer-Encoding: binary"); ob_flush();$bz = bzopen( 'php://output' , 'w' ); if ($bz===FALSE) { echo "FALSE"; return; }bzwrite($bz,"hi"); bzclose($bz); bzopen returns error: bzopen(): cannot represent a stream of type Output as a File Descriptor in case using stdout instead of output it works but produce zero result. Following works ok: $z = fopen( 'php://output' , 'w' ); if ($z===FALSE) { echo "FALSE"; return; } fwrite($z,"hihi"); fclose($z);Please, help!
--- End Message ---
--- Begin Message ---On 31-01-2012 15:34, Michael Shestero wrote:header("Content-Description: File Transfer"); header("Content-Disposition: attachment; filename=f.bzip2"); header("Content-Type: application/x-bzip2"); //header("Content-length: " . strlen($zippedfile) . "\n\n"); header("Content-Transfer-Encoding: binary"); ob_flush(); $bz = bzopen( 'php://output' , 'w' ); if ($bz===FALSE) { echo "FALSE"; return; } bzwrite($bz,"hi"); bzclose($bz); bzopen returns error: bzopen(): cannot represent a stream of type Output as a File Descriptor in case using stdout instead of output it works but produce zero result. Following works ok: $z = fopen( 'php://output' , 'w' ); if ($z===FALSE) { echo "FALSE"; return; } fwrite($z,"hihi"); fclose($z);Please, help!What exactly are you trying to do? From the top section it seems like you're trying to output back via the standard output channel, meaning as the body of a response. This assumes you're working in a client/server relationship, where PHP is invoked server-side as a script, and its response is being sent back to the client (browser).But then all of a sudden, you start opening php://output which is an output stream which exists solely in the cli-mode!So, your answer is simply: 1. in the case of a browser/server type of relation: <?php header("Content-Description: File Transfer"); header("Content-Disposition: attachment; filename=f.txt.bz2"); header("Content-Type: application/x-bzip2"); header("Content-Transfer-Encoding: binary"); $compressed_string = bzcompress("hi"); echo $compressed_string;2. In the case that you're using php-cli, get rid of all the header stuff. It's useless here.- Tul
--- End Message ---
--- Begin Message ---Thank you for response.Script is server-side. It is to send a packed data as file (but the source isn't actually a file) via HTTP to client. bzcompress() are not suitable, because it cannot pack the stream on the fly (I have to store all amount of data in local variable before call it).My task is already SOLVED in the different way: $bz = fopen('php://output', 'w'); $param = array('blocks' => 6, 'work' => 0); stream_filter_append($bz, 'bzip2.compress', STREAM_FILTER_WRITE, $param); ...writing to $bz using fwrite() as into stream... fclose($bz); it gives exactly what I need.But still I wonder why bzopen() isn't work, meanwhile the phpdoc tells that it should work that way.--- Maciek Sokolewicz wrote:On 31-01-2012 15:34, Michael Shestero wrote:header("Content-Description: File Transfer"); header("Content-Disposition: attachment; filename=f.bzip2"); header("Content-Type: application/x-bzip2"); //header("Content-length: " . strlen($zippedfile) . "\n\n"); header("Content-Transfer-Encoding: binary"); ob_flush(); $bz = bzopen( 'php://output' , 'w' ); if ($bz===FALSE) { echo "FALSE"; return; } bzwrite($bz,"hi"); bzclose($bz); bzopen returns error: bzopen(): cannot represent a stream of type Output as a File Descriptorin case using stdout instead of output it works but produce zero result.Following works ok: $z = fopen( 'php://output' , 'w' ); if ($z===FALSE) { echo "FALSE"; return; } fwrite($z,"hihi"); fclose($z);Please, help!What exactly are you trying to do? From the top section it seems like you're trying to output back via the standard output channel, meaning as the body of a response. This assumes you're working in a client/server relationship, where PHP is invoked server-side as a script, and its response is being sent back to the client (browser).But then all of a sudden, you start opening php://output which is an output stream which exists solely in the cli-mode!So, your answer is simply: 1. in the case of a browser/server type of relation: <?php header("Content-Description: File Transfer"); header("Content-Disposition: attachment; filename=f.txt.bz2"); header("Content-Type: application/x-bzip2"); header("Content-Transfer-Encoding: binary"); $compressed_string = bzcompress("hi"); echo $compressed_string;2. In the case that you're using php-cli, get rid of all the header stuff. It's useless here.- Tul
--- End Message ---
--- Begin Message ---Hi good people, When should i call mysqli::close ? Should I call $stmt->close() at the end of the method(below) . Or should I call it after every condition ensuring that I close the database connection even if the process fails at some stage e.g bind param public function function_name($id,$new_id ){ $query = "UPDATE TABLE SET name = ? WHERE field = ? "; if($stmt=$this->prepare($query)){ if($stmt->bind_param("is", $id, $new_id)){ if($stmt->execute()){ }else{//Could not execute the prepared statement $message = "Could not execute the prepared statement"; } }else{//Could not bind the parameters $message = "Could not bind the parameters"; } }else{ $message = "Could not prepare the statement"; } return $message } Kind regards Albert Kamau -------------------------------------------------------------------- Saf : 0720550742
--- End Message ---
--- Begin Message ---On 31 Jan 2012, at 16:28, Albert Kamau wrote: > When should i call mysqli::close ? Should I call $stmt->close() at the end > of the method(below) . Or should I call it after every condition ensuring > that I close the database connection even if the process fails at some > stage e.g bind param This has little to do with MySQLi and lots to do with where the variable is assigned. > public function function_name($id,$new_id ){ > $query = "UPDATE TABLE SET name = ? WHERE field = ? "; > if($stmt=$this->prepare($query)){ If this succeeds then you have a statement variable, so whatever happens from now on you'll need to clean up this variable. > if($stmt->bind_param("is", $id, $new_id)){ > if($stmt->execute()){ > > }else{//Could not execute the prepared statement > $message = "Could not execute the prepared statement"; > } > }else{//Could not bind the parameters > $message = "Could not bind the parameters"; > } At this point you clean up $stmt because you know it's been assigned. There's no point in doing it in every else above because all paths through the code will reach here regardless of any errors. If one of the elses above was returning out of the method then you'd need to make sure you clean up $stmt before than happens. > }else{ If you get in here then $stmt evaluates to false, so there's nothing to clean up. > $message = "Could not prepare the statement"; > } > return $message > } You may want to think about the order of your conditions. Personally I like to have the expression in the if evaluate to true if there was a problem, that way the error handling and the thing that caused the error are next to each other which I feel makes the code easier to read. Consider… public function function_name($id, $new_id) { // Initialise the return value $message = false; // Prepare the statment $stmt = $this->prepare('UPDATE TABLE SET name = ? WHERE field = ?'); if (!$stmt) { $message = 'Could not prepare the statement'; } else { // Bind the parameters and execute the statment if (!$stmt->bind_param('is', $id, $new_id)) { $message = 'Could not bind the parameters'; } elseif (!$stmt->execute()) { $message = 'Could not execute the prepared statement'; } else { // Everything worked, probably want to do something with // $message here. } // Clean up the statement $stmt->close(); } return $message } Also, I know this is probably just an example, but based on the function parameters either your SQL is wrong or the order of the parameters is wrong when binding, possibly both. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/
--- End Message ---
--- Begin Message ---On Jan 29, 2012, at 7:01 PM, Adam Richardson wrote: > On Sun, Jan 29, 2012 at 11:38 AM, Tedd Sperling <tedd.sperl...@gmail.com> > wrote: > On Jan 27, 2012, at 12:45 PM, Adam Richardson wrote: > > > On Fri, Jan 27, 2012 at 12:09 PM, Tedd Sperling <tedd.sperl...@gmail.com> > > wrote: > > On Jan 11, 2012, at 9:24 PM, tamouse mailing lists wrote: > > > > > Is there ever a case where SCRIPT_NAME does not equal PHP_SELF? > > > > Was this every answered? I would like to know. > > > > Cheers, > > > > tedd > > > > Yep, can be different: > > http://stackoverflow.com/questions/279966/php-self-vs-path-info-vs-script-name-vs-request-uri > > > > Adam > > I should have been more clear -- I understand: > > [PHP_SELF] => /test.php/foo/bar > [SCRIPT_NAME] => /test.php/ > > by practice is different. > > I should have used basename() in my question. > > The main point I was trying to get was which one is more secure and not > subject to cross-site scripting or other such security issues? > > IOW, if you had to bet your life on it, which would be most secure in > reporting an accurate basename()? > > That's an interesting question. > > Because $_SERVER['SCRIPT_NAME'] doesn't include path info appended to the get > request, it greatly limits the attack surface, so I try to use it when I can. > However, there are times when you want the ability to pass in additional path > info (e.g., pretty urls), and that makes $_SERVER['PHP_SELF'] quite useful. > > In terms of securely using $_SERVER['PHP_SELF'], the one thing I don't ever > recommend is trying to sanitize input (this view is in stark contrast to some > of the resources online that detail how to safely use $_SERVER['PHP_SELF'] > through a combination of techniques including sanitization.) I suggest that > any time script receives that doesn't meet its expectations, the script > should throw away the data and kindly communicate to the user that they'll > have to try the request again with valid data. > > To use $_SERVER['PHP_SELF'] safely, the most important thing is context. In > order for an XSS attack to succeed, it has to sneak in data that is > structurally meaningful in the context of its use. If the web page outputs > $_SERVER['PHP_SELF'] in an href such as the one below, then a double quote > (or any of its possible encodings which buggily sneak through older browsers, > but modern browsers seem to have corrected many of these issues) must be > escaped: > > // if a double quote comes through PHP_SELF here and is not escaped, we're in > trouble > // > https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.232_-_Attribute_Escape_Before_Inserting_Untrusted_Data_into_HTML_Common_Attributes > <a href="<?php echo $_SERVER['PHP_SELF']; ?>">Link back to this page</a> > > So, in the above case, I would first filter the PHP_SELF value through a > regex that establishes a whitelist of valid values and/or characters (if you > know all the possible paths of your app ahead of time, make sure there's a > match; if you know that the path info only includes letters a-z, make sure > there are they are the only characters you allow; etc.), and then for valid > input, escape the output using htmlspeciachars(). > > NOTE: Developers who fail don't use quotes on attributes would have to be > much more careful and escape several other characters in the above example. > > That all said, if PHP_SELF was being echoed out into a script tag, the above > technique would be insufficient to protect against XSS, as the content of the > script tag has many more structurally meaningful characters that have to be > watched for and escaped. > > So, it really varies by the context of use. I'd use SCRIPT_NAME where I don't > need the path info (but I'd still likely whitelist it's possible values and > escape it's output.) And, if I needed the path info, I'd whitelist the > possible PHP_SELF values and then escape the output according to the context. > > That all said, if my life depended on security of the app, I'd probably be > very slow to put up any web pages, as the amount of testing and auditing I'd > want to perform would be on the scale of years ;) > > Adam Adam: Thank you for your most thoughtful answer -- it was very informative. I won't be using "echo $_SERVER['PHP_SELF'];" for any forms or links. Cheers, tedd. _____________________ t...@sperling.com http://sperling.com
--- End Message ---
--- Begin Message ---is there any free server where one can practice php(myadmin) - sql without installing on personal computer?
--- End Message ---
--- Begin Message ---On Tue, Jan 31, 2012 at 1:59 PM, saeed ahmed <mycomputerbo...@gmail.com>wrote: > is there any free server where one can practice php(myadmin) - sql without > installing on personal computer? > Not that I know of. There may be some, but I wouldn't bother. You can find Virtualbox server images pre-made from sites such as this: http://virtualboxes.org/images/ubuntu/ #5 has apache, mysql and php installed (a LAMP package). You can use Virtualbox to run the server virtually, without having to install everything on your dev computer. Similar packages for Xen and VMWare are available, just go googling. -- --Zootboy Sent from my PC.
--- End Message ---
--- Begin Message ---> -----Original Message----- > From: Sean Greenslade [mailto:zootboys...@gmail.com] > Sent: Tuesday, January 31, 2012 2:50 PM > To: saeed ahmed > Cc: PHP General > Subject: Re: [PHP] free space > > On Tue, Jan 31, 2012 at 1:59 PM, saeed ahmed > <mycomputerbo...@gmail.com>wrote: > > > is there any free server where one can practice php(myadmin) - sql > without > > installing on personal computer? > > > > Not that I know of. There may be some, but I wouldn't bother. You can > find > Virtualbox server images pre-made from sites such as this: > > http://virtualboxes.org/images/ubuntu/ > > #5 has apache, mysql and php installed (a LAMP package). You can use > Virtualbox to run the server virtually, without having to install > everything on your dev computer. Similar packages for Xen and VMWare > are > available, just go googling. > > -- > --Zootboy > > Sent from my PC. I might suggest you read about the security issues when using phpmyadmin and understand how to secure it as well. I would never use the script personally because of the limitations and the measures you have to put in place to secure it are exhausting and limited by hosting providers . I would always work locally to ensure stability and ensuring that bad sql statements do not take down your service. Just my thoughts about phpmyadmin
--- End Message ---
--- Begin Message ---Am 26.01.2012 15:44, schrieb Floyd Resler:> As stated, when I change __autoload to spl_autoload_register I get the can't be redeclared error. Any ideas?Try $callback = function($class_name) { $path = dirname(__FILE__)."/../../lib/class.{$class_name}.php"; if (file_exists($path)) { require_once $path; } }; spl_autoload_register($callback); -- Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: ma...@behnke.biz Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.bizsmime.p7s
Description: S/MIME Kryptografische Unterschrift
--- End Message ---