php-general Digest 1 Feb 2012 14:24:06 -0000 Issue 7671
Topics (messages 316432 through 316445):
Re: Time zone in date function
316432 by: Ian
316434 by: Jonesy
316436 by: Matijn Woudt
316442 by: Jonesy
Cannot make bzip2 stream "on the fly"
316433 by: Michael Shestero
316435 by: Maciek Sokolewicz
316439 by: Michael Shestero
When to call mysqli::close
316437 by: Albert Kamau
316438 by: Stuart Dallas
Re: differences in between these env. variables
316440 by: Tedd Sperling
free space
316441 by: saeed ahmed
316443 by: Sean Greenslade
316444 by: admin.buskirkgraphics.com
Re: Autoloading
316445 by: Marco Behnke
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
On 31/01/2012 01:55, Ron Piggott wrote:
>
> On my clients account when I use “echo date(‘D, d M Y H:i:s');” the output is
> 5 hours ahead of us. How do I change it to my local time? Is there a way to
> specify “Eastern” time zone?
>
> I expect this would work:
>
> echo date(‘D, d M Y H:i:s' , ( strtotime( date(‘D, d M Y H:i:s') – 21600 ) )
> );
>
> I would prefer to specify Eastern time, so if the web host changes a server
> setting it will remain in Eastern time zone. Ron
Hi Ron,
I use this function to get the current time in a particular timezone:
<?php
/**
* Return the current local time by timezone name
* @param string $timezone
* @return array
* @author Ian Gibbons
*/
function getNowByTimezone($timezone){
$remote_timezone= new DateTimeZone($timezone);
$remote_time = new DateTime("now", $remote_timezone);
return getDate(strtotime($remote_time->format("Y-m-d H:i:s")));
}
?>
Example:
<?
$london_time = getNowByTimezone("Europe/London");
echo date("D, d M Y H:i:s", $london_time[0]);
?>
Regards
Ian
--- End Message ---
--- Begin Message ---
On Tue, 31 Jan 2012 14:57:41 +1300, Simon J Welsh wrote:
> On 31/01/2012, at 2:55 PM, Ron Piggott wrote:
>
>>
>> On my clients account when I use ?echo date(?D, d M Y H:i:s');? the output
>> is 5 hours ahead of us. How do I change it to my local time? Is there a
>> way to specify ?Eastern? time zone?
>>
>> I expect this would work:
>>
>> echo date(?D, d M Y H:i:s' , ( strtotime( date(?D, d M Y H:i:s') ? 21600 )
>> ) );
>>
>> I would prefer to specify Eastern time, so if the web host changes a server
>> setting it will remain in Eastern time zone. Ron
>
> You can set the timezone for your script using date_default_timezone_set()
> http://php.net/manual/en/function.date-default-timezone-set.php
(wrap your lines, folks!)
Is there a reason _not_ to use viz:
putenv("TZ=America/Anguilla");
??
Or, is it simple "Just The Linux Way"(tm) , i.e. there's
always more than one way to do a 'thing'?
Jonesy
--
Marvin L Jones | jonz | W3DHJ | linux
38.24N 104.55W | @ config.com | Jonesy | OS/2
* Killfiling google & XXXXbanter.com: jonz.net/ng.htm
--- End Message ---
--- Begin Message ---
On Tue, Jan 31, 2012 at 4:22 PM, Jonesy <gm...@jonz.net> wrote:
> On Tue, 31 Jan 2012 14:57:41 +1300, Simon J Welsh wrote:
>> On 31/01/2012, at 2:55 PM, Ron Piggott wrote:
>>
>>>
>>> On my clients account when I use ?echo date(?D, d M Y H:i:s');? the output
>>> is 5 hours ahead of us. How do I change it to my local time? Is there a
>>> way to specify ?Eastern? time zone?
>>>
>>> I expect this would work:
>>>
>>> echo date(?D, d M Y H:i:s' , ( strtotime( date(?D, d M Y H:i:s') ? 21600 )
>>> ) );
>>>
>>> I would prefer to specify Eastern time, so if the web host changes a server
>>> setting it will remain in Eastern time zone. Ron
>>
>> You can set the timezone for your script using date_default_timezone_set()
>> http://php.net/manual/en/function.date-default-timezone-set.php
>
> (wrap your lines, folks!)
>
> Is there a reason _not_ to use viz:
>
> putenv("TZ=America/Anguilla");
> ??
>
> Or, is it simple "Just The Linux Way"(tm) , i.e. there's
> always more than one way to do a 'thing'?
>
> Jonesy
>From the PHP Manual:
"every call to a date/time function will generate a E_NOTICE if the
timezone isn't valid, and/or a E_WARNING message if using the system
settings or the TZ environment variable."
So that will generate E_WARNING messages.
- Matijn
--- End Message ---
--- Begin Message ---
On Tue, 31 Jan 2012 17:15:48 +0100, Matijn Woudt wrote:
> On Tue, Jan 31, 2012 at 4:22 PM, Jonesy <gm...@jonz.net> wrote:
>>
>> Is there a reason _not_ to use viz:
>>
>> putenv("TZ=America/Anguilla");
>> ??
>>
>> Or, is it simple "Just The Linux Way"(tm) , i.e. there's
>> always more than one way to do a 'thing'?
>
> From the PHP Manual:
> "every call to a date/time function will generate a E_NOTICE if the
> timezone isn't valid, and/or a E_WARNING message if using the system
> settings or the TZ environment variable."
>
> So that will generate E_WARNING messages.
Ya, but... I am using that _very_ statement and get no E_WARNING.
The timezone illustrated _is_ valid. IWFM.
I believe the PHP manual is 'awkwardly' written in this case.
Better would be if that *whole* sentence above was re-written beginning
with "If the timezone is invalid, every call .... , and/or an
E_WARNING ... "
As written, it could be construed to mean an E_WARNING is _always_
generated for setting the TZ environment variable.
Jonesy
--- End Message ---
--- Begin Message ---
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=f.bzip2");
header("Content-Type: application/x-bzip2");
//header("Content-length: " . strlen($zippedfile) . "\n\n");
header("Content-Transfer-Encoding: binary");
ob_flush();
$bz = bzopen( 'php://output' , 'w' ); if ($bz===FALSE) { echo
"FALSE"; return; }
bzwrite($bz,"hi");
bzclose($bz);
bzopen returns error:
bzopen(): cannot represent a stream of type Output as a File Descriptor
in case using stdout instead of output it works but produce zero result.
Following works ok:
$z = fopen( 'php://output' , 'w' );
if ($z===FALSE) { echo "FALSE"; return; }
fwrite($z,"hihi");
fclose($z);
Please, help!
--- End Message ---
--- Begin Message ---
On 31-01-2012 15:34, Michael Shestero wrote:
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=f.bzip2");
header("Content-Type: application/x-bzip2");
//header("Content-length: " . strlen($zippedfile) . "\n\n");
header("Content-Transfer-Encoding: binary");
ob_flush();
$bz = bzopen( 'php://output' , 'w' ); if ($bz===FALSE) { echo "FALSE";
return; }
bzwrite($bz,"hi");
bzclose($bz);
bzopen returns error:
bzopen(): cannot represent a stream of type Output as a File Descriptor
in case using stdout instead of output it works but produce zero result.
Following works ok:
$z = fopen( 'php://output' , 'w' );
if ($z===FALSE) { echo "FALSE"; return; }
fwrite($z,"hihi");
fclose($z);
Please, help!
What exactly are you trying to do? From the top section it seems like
you're trying to output back via the standard output channel, meaning as
the body of a response. This assumes you're working in a client/server
relationship, where PHP is invoked server-side as a script, and its
response is being sent back to the client (browser).
But then all of a sudden, you start opening php://output which is an
output stream which exists solely in the cli-mode!
So, your answer is simply:
1. in the case of a browser/server type of relation:
<?php
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=f.txt.bz2");
header("Content-Type: application/x-bzip2");
header("Content-Transfer-Encoding: binary");
$compressed_string = bzcompress("hi");
echo $compressed_string;
2. In the case that you're using php-cli, get rid of all the header
stuff. It's useless here.
- Tul
--- End Message ---
--- Begin Message ---
Thank you for response.
Script is server-side. It is to send a packed data as file (but the
source isn't actually a file) via HTTP to client.
bzcompress() are not suitable, because it cannot pack the stream on the
fly (I have to store all amount of data in local variable before call it).
My task is already SOLVED in the different way:
$bz = fopen('php://output', 'w');
$param = array('blocks' => 6, 'work' => 0);
stream_filter_append($bz, 'bzip2.compress', STREAM_FILTER_WRITE, $param);
...writing to $bz using fwrite() as into stream...
fclose($bz);
it gives exactly what I need.
But still I wonder why bzopen() isn't work, meanwhile the phpdoc tells
that it should work that way.
---
Maciek Sokolewicz wrote:
On 31-01-2012 15:34, Michael Shestero wrote:
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=f.bzip2");
header("Content-Type: application/x-bzip2");
//header("Content-length: " . strlen($zippedfile) . "\n\n");
header("Content-Transfer-Encoding: binary");
ob_flush();
$bz = bzopen( 'php://output' , 'w' ); if ($bz===FALSE) { echo "FALSE";
return; }
bzwrite($bz,"hi");
bzclose($bz);
bzopen returns error:
bzopen(): cannot represent a stream of type Output as a File Descriptor
in case using stdout instead of output it works but produce zero
result.
Following works ok:
$z = fopen( 'php://output' , 'w' );
if ($z===FALSE) { echo "FALSE"; return; }
fwrite($z,"hihi");
fclose($z);
Please, help!
What exactly are you trying to do? From the top section it seems like
you're trying to output back via the standard output channel, meaning
as the body of a response. This assumes you're working in a
client/server relationship, where PHP is invoked server-side as a
script, and its response is being sent back to the client (browser).
But then all of a sudden, you start opening php://output which is an
output stream which exists solely in the cli-mode!
So, your answer is simply:
1. in the case of a browser/server type of relation:
<?php
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=f.txt.bz2");
header("Content-Type: application/x-bzip2");
header("Content-Transfer-Encoding: binary");
$compressed_string = bzcompress("hi");
echo $compressed_string;
2. In the case that you're using php-cli, get rid of all the header
stuff. It's useless here.
- Tul
--- End Message ---
--- Begin Message ---
Hi good people,
When should i call mysqli::close ? Should I call $stmt->close() at the end
of the method(below) . Or should I call it after every condition ensuring
that I close the database connection even if the process fails at some
stage e.g bind param
public function function_name($id,$new_id ){
$query = "UPDATE TABLE SET name = ? WHERE field = ? ";
if($stmt=$this->prepare($query)){
if($stmt->bind_param("is", $id, $new_id)){
if($stmt->execute()){
}else{//Could not execute the prepared statement
$message = "Could not execute the prepared statement";
}
}else{//Could not bind the parameters
$message = "Could not bind the parameters";
}
}else{
$message = "Could not prepare the statement";
}
return $message
}
Kind regards
Albert Kamau
--------------------------------------------------------------------
Saf : 0720550742
--- End Message ---
--- Begin Message ---
On 31 Jan 2012, at 16:28, Albert Kamau wrote:
> When should i call mysqli::close ? Should I call $stmt->close() at the end
> of the method(below) . Or should I call it after every condition ensuring
> that I close the database connection even if the process fails at some
> stage e.g bind param
This has little to do with MySQLi and lots to do with where the variable is
assigned.
> public function function_name($id,$new_id ){
> $query = "UPDATE TABLE SET name = ? WHERE field = ? ";
> if($stmt=$this->prepare($query)){
If this succeeds then you have a statement variable, so whatever happens from
now on you'll need to clean up this variable.
> if($stmt->bind_param("is", $id, $new_id)){
> if($stmt->execute()){
>
> }else{//Could not execute the prepared statement
> $message = "Could not execute the prepared statement";
> }
> }else{//Could not bind the parameters
> $message = "Could not bind the parameters";
> }
At this point you clean up $stmt because you know it's been assigned. There's
no point in doing it in every else above because all paths through the code
will reach here regardless of any errors. If one of the elses above was
returning out of the method then you'd need to make sure you clean up $stmt
before than happens.
> }else{
If you get in here then $stmt evaluates to false, so there's nothing to clean
up.
> $message = "Could not prepare the statement";
> }
> return $message
> }
You may want to think about the order of your conditions. Personally I like to
have the expression in the if evaluate to true if there was a problem, that way
the error handling and the thing that caused the error are next to each other
which I feel makes the code easier to read. Consider…
public function function_name($id, $new_id)
{
// Initialise the return value
$message = false;
// Prepare the statment
$stmt = $this->prepare('UPDATE TABLE SET name = ? WHERE field = ?');
if (!$stmt) {
$message = 'Could not prepare the statement';
} else {
// Bind the parameters and execute the statment
if (!$stmt->bind_param('is', $id, $new_id)) {
$message = 'Could not bind the parameters';
} elseif (!$stmt->execute()) {
$message = 'Could not execute the prepared statement';
} else {
// Everything worked, probably want to do something with
// $message here.
}
// Clean up the statement
$stmt->close();
}
return $message
}
Also, I know this is probably just an example, but based on the function
parameters either your SQL is wrong or the order of the parameters is wrong
when binding, possibly both.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
--- End Message ---
--- Begin Message ---
On Jan 29, 2012, at 7:01 PM, Adam Richardson wrote:
> On Sun, Jan 29, 2012 at 11:38 AM, Tedd Sperling <tedd.sperl...@gmail.com>
> wrote:
> On Jan 27, 2012, at 12:45 PM, Adam Richardson wrote:
>
> > On Fri, Jan 27, 2012 at 12:09 PM, Tedd Sperling <tedd.sperl...@gmail.com>
> > wrote:
> > On Jan 11, 2012, at 9:24 PM, tamouse mailing lists wrote:
> >
> > > Is there ever a case where SCRIPT_NAME does not equal PHP_SELF?
> >
> > Was this every answered? I would like to know.
> >
> > Cheers,
> >
> > tedd
> >
> > Yep, can be different:
> > http://stackoverflow.com/questions/279966/php-self-vs-path-info-vs-script-name-vs-request-uri
> >
> > Adam
>
> I should have been more clear -- I understand:
>
> [PHP_SELF] => /test.php/foo/bar
> [SCRIPT_NAME] => /test.php/
>
> by practice is different.
>
> I should have used basename() in my question.
>
> The main point I was trying to get was which one is more secure and not
> subject to cross-site scripting or other such security issues?
>
> IOW, if you had to bet your life on it, which would be most secure in
> reporting an accurate basename()?
>
> That's an interesting question.
>
> Because $_SERVER['SCRIPT_NAME'] doesn't include path info appended to the get
> request, it greatly limits the attack surface, so I try to use it when I can.
> However, there are times when you want the ability to pass in additional path
> info (e.g., pretty urls), and that makes $_SERVER['PHP_SELF'] quite useful.
>
> In terms of securely using $_SERVER['PHP_SELF'], the one thing I don't ever
> recommend is trying to sanitize input (this view is in stark contrast to some
> of the resources online that detail how to safely use $_SERVER['PHP_SELF']
> through a combination of techniques including sanitization.) I suggest that
> any time script receives that doesn't meet its expectations, the script
> should throw away the data and kindly communicate to the user that they'll
> have to try the request again with valid data.
>
> To use $_SERVER['PHP_SELF'] safely, the most important thing is context. In
> order for an XSS attack to succeed, it has to sneak in data that is
> structurally meaningful in the context of its use. If the web page outputs
> $_SERVER['PHP_SELF'] in an href such as the one below, then a double quote
> (or any of its possible encodings which buggily sneak through older browsers,
> but modern browsers seem to have corrected many of these issues) must be
> escaped:
>
> // if a double quote comes through PHP_SELF here and is not escaped, we're in
> trouble
> //
> https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.232_-_Attribute_Escape_Before_Inserting_Untrusted_Data_into_HTML_Common_Attributes
> <a href="<?php echo $_SERVER['PHP_SELF']; ?>">Link back to this page</a>
>
> So, in the above case, I would first filter the PHP_SELF value through a
> regex that establishes a whitelist of valid values and/or characters (if you
> know all the possible paths of your app ahead of time, make sure there's a
> match; if you know that the path info only includes letters a-z, make sure
> there are they are the only characters you allow; etc.), and then for valid
> input, escape the output using htmlspeciachars().
>
> NOTE: Developers who fail don't use quotes on attributes would have to be
> much more careful and escape several other characters in the above example.
>
> That all said, if PHP_SELF was being echoed out into a script tag, the above
> technique would be insufficient to protect against XSS, as the content of the
> script tag has many more structurally meaningful characters that have to be
> watched for and escaped.
>
> So, it really varies by the context of use. I'd use SCRIPT_NAME where I don't
> need the path info (but I'd still likely whitelist it's possible values and
> escape it's output.) And, if I needed the path info, I'd whitelist the
> possible PHP_SELF values and then escape the output according to the context.
>
> That all said, if my life depended on security of the app, I'd probably be
> very slow to put up any web pages, as the amount of testing and auditing I'd
> want to perform would be on the scale of years ;)
>
> Adam
Adam:
Thank you for your most thoughtful answer -- it was very informative. I won't
be using "echo $_SERVER['PHP_SELF'];" for any forms or links.
Cheers,
tedd.
_____________________
t...@sperling.com
http://sperling.com
--- End Message ---
--- Begin Message ---
is there any free server where one can practice php(myadmin) - sql without
installing on personal computer?
--- End Message ---
--- Begin Message ---
On Tue, Jan 31, 2012 at 1:59 PM, saeed ahmed <mycomputerbo...@gmail.com>wrote:
> is there any free server where one can practice php(myadmin) - sql without
> installing on personal computer?
>
Not that I know of. There may be some, but I wouldn't bother. You can find
Virtualbox server images pre-made from sites such as this:
http://virtualboxes.org/images/ubuntu/
#5 has apache, mysql and php installed (a LAMP package). You can use
Virtualbox to run the server virtually, without having to install
everything on your dev computer. Similar packages for Xen and VMWare are
available, just go googling.
--
--Zootboy
Sent from my PC.
--- End Message ---
--- Begin Message ---
> -----Original Message-----
> From: Sean Greenslade [mailto:zootboys...@gmail.com]
> Sent: Tuesday, January 31, 2012 2:50 PM
> To: saeed ahmed
> Cc: PHP General
> Subject: Re: [PHP] free space
>
> On Tue, Jan 31, 2012 at 1:59 PM, saeed ahmed
> <mycomputerbo...@gmail.com>wrote:
>
> > is there any free server where one can practice php(myadmin) - sql
> without
> > installing on personal computer?
> >
>
> Not that I know of. There may be some, but I wouldn't bother. You can
> find
> Virtualbox server images pre-made from sites such as this:
>
> http://virtualboxes.org/images/ubuntu/
>
> #5 has apache, mysql and php installed (a LAMP package). You can use
> Virtualbox to run the server virtually, without having to install
> everything on your dev computer. Similar packages for Xen and VMWare
> are
> available, just go googling.
>
> --
> --Zootboy
>
> Sent from my PC.
I might suggest you read about the security issues when using phpmyadmin and
understand how to secure it as well. I would never use the script personally
because of the limitations and the measures you have to put in place to secure
it are exhausting and limited by hosting providers .
I would always work locally to ensure stability and ensuring that bad sql
statements do not take down your service.
Just my thoughts about phpmyadmin
--- End Message ---
--- Begin Message ---
Am 26.01.2012 15:44, schrieb Floyd Resler:
> As stated, when I change __autoload to spl_autoload_register I get
the can't be redeclared error. Any ideas?
Try
$callback = function($class_name) {
$path = dirname(__FILE__)."/../../lib/class.{$class_name}.php";
if (file_exists($path)) {
require_once $path;
}
};
spl_autoload_register($callback);
--
Marco Behnke
Dipl. Informatiker (FH), SAE Audio Engineer
Zend Certified Engineer PHP 5.3
Tel.: 0174 / 9722336
e-Mail: ma...@behnke.biz
Softwaretechnik Behnke
Heinrich-Heine-Str. 7D
21218 Seevetal
http://www.behnke.biz
smime.p7s
Description: S/MIME Kryptografische Unterschrift
--- End Message ---
