php-general Digest 13 May 2008 07:07:15 -0000 Issue 5456
Topics (messages 274204 through 274226):
Re: A Little Something.
274204 by: Eric Butera
274206 by: tedd
Re: Replacing accented characters by non-accented characters
274205 by: tedd
creating an xls file from mysql data
274207 by: Richard Kurth
274211 by: Chris
274212 by: Ray Hauge
274216 by: Chris
274225 by: Richard Kurth
274226 by: Chris
Re: Permissions set on php script question
274208 by: David Jourard
Re: convert query result to array
274209 by: Yi Wang
274210 by: Forcey
using variable in php form before the form is POSTed
274213 by: milt
274214 by: Robert Cummings
Good HTML parser needed
274215 by: Shelley
274217 by: Yi Wang
274218 by: Robert Cummings
274220 by: Shelley
274221 by: Yi Wang
274223 by: Robert Cummings
274224 by: Robert Cummings
tracking Mials Which were bounced.
274219 by: Chetan Rane
cn2 dot php.net can't be included in the mail.
274222 by: Yi Wang
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
On Mon, May 12, 2008 at 2:57 PM, tedd <[EMAIL PROTECTED]> wrote:
> Gentlemen:
>
> First, my apologies for publishing the page without checking it first for
> pet-peeves.
>
> Second, please educate me as to the statement that "NoScript" is blocking
> UrchinTracker. Where do I have declared NoScript and why would I want it? I
> have numerous sites and they all generate these same javascript warnings,
> but UrchinTracker still works and I have sites that are very popular.
>
> Third, the UrchinTracker code is Google's code and I do not think I have
> any control over the warnings generated by their code -- do I?
>
> Fourth, the site:
>
>
> http://webbytedd.com/bb/tribute/
>
> Was set up originally as an ajax site (requiring javascript) and I did not
> give thought to what would happen if javascript was turned off -- in my
> haste I violated one of the "prime directives" of Graceful Degradation --
> sorry!
>
> If you will review the page now, you will find that has been corrected --
> the page works with javascript on or off.
>
> Now, with all of that said -- which of you javascript experts can tell me
> what I can do to stop the warnings that are generated by Google's
> UrchinTracker code?
>
> Thanks and Cheers,
>
>
> tedd
>
> --
> -------
> http://sperling.com http://ancientstones.com http://earthstones.com
>
> --
>
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
NoScript is a FireFox extension to protect users from malicious
scripts. JS is indeed very dangerous right now especially as mashups
continue to gain popularity and all of that personal information
floating around. Subscribe to planet websecurity and see the truth.
The way I deal with urchin is by /etc/hosts'ing out google's
adservers. Then we all win, right? ;)
Here is a fairly current rant:
http://blog.360.yahoo.com/blog-TBPekxc1dLNy5DOloPfzVvFIVOWMB0li?p=819
--- End Message ---
--- Begin Message ---
At 3:11 PM -0400 5/12/08, Eric Butera wrote:
NoScript is a FireFox extension to protect users from malicious
scripts.
NoScript is also a tag for browsers to read and react to IF they do
not accept javascript.
http://www.w3schools.com/TAGS/tag_noscript.asp
That's an unfortunate naming convention from FireFox.
https://addons.mozilla.org/en-US/firefox/addon/722
JS is indeed very dangerous right now especially as mashups
continue to gain popularity and all of that personal information
floating around. Subscribe to planet websecurity and see the truth.
The way I deal with urchin is by /etc/hosts'ing out google's
adservers. Then we all win, right? ;)
Here is a fairly current rant:
http://blog.360.yahoo.com/blog-TBPekxc1dLNy5DOloPfzVvFIVOWMB0li?p=819
Okay, I read that -- but what does that have to do with urchin?
Urchin is not an ad delivery system, but rather a way to keep track
of visitors to your web site.
Now, how is that a security threat? Or is the claim that any site
that uses js is a security threat?
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
Yannick:
Considering that we just had a flurry of pet-peeves on the list, I
rant on one of mine.
At 1:25 PM -0500 5/12/08, Yannick Warnier wrote:
I'm trying to give a universally-manageable directory name to an item
using a free-text title. I want to avoid every type of accentuated
character and everything outside of pure ASCII to make it the most
portable possible.
Generating a random hash is not acceptable as we want to be the most
user-friendly possible.
<rant>
As Rocky (the flying squirrel of Bullwinkle fame) once said when a
gentleman in a black suit identified himself as "Military
Intelligence" -- "That sounds like a contradiction in terms."
To make something as user-friendly as possible is to accommodate as
many users as possible, including those who's native language is not
English -- like 96 percent of the world.
You may want to call whatever you are doing as an
"universally-manageable directory", but it can't be if it rules out
the majority of the universe (as we know it).
Why not embrace Unicode and not worry about it? I suggest you read
"Building Scalable We Sites" by Henderson -- specifically chapter 4,
which deals with Unicode, Internationalization and Localization.
Looks to me like you're trying to fit a gross into a dozen -- that's
a lossy process that's probably not going to do what you want.
</rant>
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
This script will create an xls file from the data that is sent to it
When I run this it only gets one recored and it is supposet to get all
the records that are past by the $_POST[selectedcontactlist]
I think I have a } in the wrong place but I can not figure it out
anybody have a suggestion
$_POST[selectedcontactlist]="3,45,65,23,12,4,56"; //this is a sample of
what is past
$ExplodeIt = explode(",",rtrim($_POST[selectedcontactlist],","));
$Count = count($ExplodeIt);
for ($i=0; $i < $Count; $i++) {
$sql = "SELECT * FROM contacts WHERE id = '$ExplodeIt[$i]'";
$sql_result = query($sql);
$count = mysql_num_fields($sql_result);
for ($i = 0; $i < $count; $i++){
$header .= mysql_field_name($sql_result, $i)."\t";
}
while($row = mysql_fetch_row($sql_result)){
$line = '';
foreach($row as $value){
if(!isset($value) || $value == ""){
$value = "\t";
}else{
# important to escape any quotes to preserve them in the data.
$value = str_replace('"', '""', $value);
# needed to encapsulate data in quotes because some data might be multi
line.
# the good news is that numbers remain numbers in Excel even though quoted.
$value = '"' . $value . '"' . "\t";
}
$line .= $value;
}
$data .= trim($line)."\n";
}
}
# this line is needed because returns embedded in the data have "\r"
# and this looks like a "box character" in Excel
$data = str_replace("\r", "", $data);
# Nice to let someone know that the search came up empty.
# Otherwise only the column name headers will be output to Excel.
if ($data == "") {
$data = "\nno matching records found\n";
}
# This line will stream the file to the user rather than spray it across
the screen
header("Content-type: application/octet-stream");
# replace excelfile.xls with whatever you want the filename to default to
header("Content-Disposition: attachment; filename=excelfile.xls");
header("Pragma: no-cache");
header("Expires: 0");
echo $header."\n".$data;
--- End Message ---
--- Begin Message ---
Richard Kurth wrote:
>
> This script will create an xls file from the data that is sent to it
> When I run this it only gets one recored and it is supposet to get all
> the records that are past by the $_POST[selectedcontactlist]
> I think I have a } in the wrong place but I can not figure it out
> anybody have a suggestion
>
> $_POST[selectedcontactlist]="3,45,65,23,12,4,56"; //this is a sample of
> what is past
>
> $ExplodeIt = explode(",",rtrim($_POST[selectedcontactlist],","));
> $Count = count($ExplodeIt);
> for ($i=0; $i < $Count; $i++) {
> $sql = "SELECT * FROM contacts WHERE id = '$ExplodeIt[$i]'";
Instead of doing that, do this:
/**
* This section makes sure the id's you are going to use in your query
are actually integer id's.
* If they aren't, you'll get an sql error.
*
*/
$ids = array();
foreach ($_POST['selectedcontactlist'] as $id) {
if (!is_int($id)) {
continue;
}
$ids[] = $id;
}
// all posted values are duds? show an error.
if (empty($ids)) {
echo "No id's are numeric, try again";
exit;
}
$sql = "select * from contacts where id in (" . implode(',', $ids) . ")";
That'll get everything for all of those id's and then you can loop over
it all once:
// print out the header for the csv file here.
// then loop over the results:
while ($row = mysql_fetch_assoc($sql_result)) {
// put it into file here.
}
// close the file
// print it out.
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
Chris wrote:
Richard Kurth wrote:
This script will create an xls file from the data that is sent to it
When I run this it only gets one recored and it is supposet to get all
the records that are past by the $_POST[selectedcontactlist]
I think I have a } in the wrong place but I can not figure it out
anybody have a suggestion
$_POST[selectedcontactlist]="3,45,65,23,12,4,56"; //this is a sample of
what is past
$ExplodeIt = explode(",",rtrim($_POST[selectedcontactlist],","));
$Count = count($ExplodeIt);
for ($i=0; $i < $Count; $i++) {
$sql = "SELECT * FROM contacts WHERE id = '$ExplodeIt[$i]'";
Instead of doing that, do this:
/**
* This section makes sure the id's you are going to use in your query
are actually integer id's.
* If they aren't, you'll get an sql error.
*
*/
$ids = array();
foreach ($_POST['selectedcontactlist'] as $id) {
if (!is_int($id)) {
continue;
}
$ids[] = $id;
}
// all posted values are duds? show an error.
if (empty($ids)) {
echo "No id's are numeric, try again";
exit;
}
$sql = "select * from contacts where id in (" . implode(',', $ids) . ")";
That'll get everything for all of those id's and then you can loop over
it all once:
// print out the header for the csv file here.
// then loop over the results:
while ($row = mysql_fetch_assoc($sql_result)) {
// put it into file here.
}
// close the file
// print it out.
Or you can do it straight from MySQL, which is a lot faster:
SELECT [fields] INTO OUTFILE '/path/to/file.csv' FIELDS TERMINATED BY
',' OPTIONALLY ENCLOSED BY '"' LINES TERMINATED BY '\n' FROM [tables]
WHERE [conditions]
If you want a header row, then you can use a UNION statement.
--
Ray Hauge
www.primateapplications.com
--- End Message ---
--- Begin Message ---
> Or you can do it straight from MySQL, which is a lot faster:
With the caveat that you need extra mysql permissions to be able to do that.
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
Chris wrote:
Richard Kurth wrote:
This script will create an xls file from the data that is sent to it
When I run this it only gets one recored and it is supposet to get all
the records that are past by the $_POST[selectedcontactlist]
I think I have a } in the wrong place but I can not figure it out
anybody have a suggestion
$_POST[selectedcontactlist]="3,45,65,23,12,4,56"; //this is a sample of
what is past
$ExplodeIt = explode(",",rtrim($_POST[selectedcontactlist],","));
$Count = count($ExplodeIt);
for ($i=0; $i < $Count; $i++) {
$sql = "SELECT * FROM contacts WHERE id = '$ExplodeIt[$i]'";
Instead of doing that, do this:
/**
* This section makes sure the id's you are going to use in your query
are actually integer id's.
* If they aren't, you'll get an sql error.
*
*/
$ids = array();
foreach ($_POST['selectedcontactlist'] as $id) {
if (!is_int($id)) {
continue;
}
$ids[] = $id;
}
// all posted values are duds? show an error.
if (empty($ids)) {
echo "No id's are numeric, try again";
exit;
}
$sql = "select * from contacts where id in (" . implode(',', $ids) . ")";
That'll get everything for all of those id's and then you can loop over
it all once:
// print out the header for the csv file here.
// then loop over the results:
while ($row = mysql_fetch_assoc($sql_result)) {
// put it into file here.
}
// close the file
// print it out.
This is what the $_POST['selectedcontactlist'] looks like
121,17,97,123,243,52,138,114,172,170,64,49,60,256,176,244,201,42,95,4,
it is not coming across as an array so the foreach is throwing an error
how can I make this an array in the proper format.
This number are selected in a checkbox and passed with a javascript to the
script should I be converting them to an array in the javascript.
this is the javascript that is passing the numbers.
function exportContacts(theform)
{
//theform.action = "cmexport.php";
theform.action="cmexport.php";
if (getSelectedContacts(theform) != "")
{
theform.submit();
}
else
{
alert("Please select contacts to export by checking the boxes to the
left of the contact's name.");
}
}
--- End Message ---
--- Begin Message ---
> This is what the $_POST['selectedcontactlist'] looks like
>
> 121,17,97,123,243,52,138,114,172,170,64,49,60,256,176,244,201,42,95,4,
First question is why do you need to pass it through like that?
> it is not coming across as an array so the foreach is throwing an error
I assume it always has a ',' in it if you only choose one box.
if (strpos($_POST['selectedcontactlist'], ',') === false) {
// no boxes were selected - or at least there is no comma.
die();
}
// turn it into an array
$selected_contact_lists = explode(',', $_POST['selectedcontactlist']);
> This number are selected in a checkbox and passed with a javascript to
> the script should I be converting them to an array in the javascript.
No need to do that either, just make the form variable an array:
<input type="checkbox" name="selectedcontactlist[]" value="X">
The [] turns it into an array which php can then process automatically
as an array.
You can check that some checkboxes are ticked using an idea similar to this:
http://homepage.ntlworld.com/kayseycarvey/jss3p8.html
Though I'd just either set a flag or counter instead of a message when
you find one that is checked.
If you're just checking that any are checked, as soon as you find one,
return true out of the function.
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
Bojan Tesanovic wrote:
Heh you are really new to Linux
permissions on linux are set per user/group/other bases
so for most secure set permissions to read only for web-server user
so
chown 'webserveruser' file.php
chmod 400 file.php
make sure you have root access at server so you can change that file
or make a group for web-server as your group and set
read permissions on group level
chmod 440 file.php
Thank-you
But most web sites are virtually hosted and do not have root access to
set this up.
Most people just take the package and install with default masks.
So again I ask:
Are there are any security concerns when the read permission
is set on other. ie Couldn't one write a program to remotely read the
contents of the file.
Wouldn't it be better if the read permission was set for
user only and the php engine
could run the program as user like one can do for cgi using suEXEC.
Again thanks
David J.
--- End Message ---
--- Begin Message ---
I think flance's meaning is whether there is a build-in function that
can convert the result set to an array.
The short answer is: do it yourself.
On 5/12/08, Stut <[EMAIL PROTECTED]> wrote:
> On 12 May 2008, at 15:56, It flance wrote:
>
> > is there any function that can convert the result of query to an
> associative array?
> >
> > what i want is the following:
> >
> > $query = "select * from tablename";
> > $result = mysql_query($query);
> > $arr = somefunction($result);
> >
> > where $arr should be an assoiative array whose indices have the same name
> as the fields names of table tablename.
> >
>
> http://php.net/mysql_fetch_assoc
>
> Please please please read the manual: http://php.net/mysql
>
> -Stut
>
> --
> http://stut.net/
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
Regards,
Wang Yi
--- End Message ---
--- Begin Message ---
I guess PDOStatement::fetchAll() should work?
see http://www.php.net/manual/en/pdostatement.fetchall.php for details.
- Forcey
On Tue, May 13, 2008 at 9:55 AM, Yi Wang <[EMAIL PROTECTED]> wrote:
> I think flance's meaning is whether there is a build-in function that
> can convert the result set to an array.
>
> The short answer is: do it yourself.
>
>
>
> On 5/12/08, Stut <[EMAIL PROTECTED]> wrote:
> > On 12 May 2008, at 15:56, It flance wrote:
> >
> > > is there any function that can convert the result of query to an
> > associative array?
> > >
> > > what i want is the following:
> > >
> > > $query = "select * from tablename";
> > > $result = mysql_query($query);
> > > $arr = somefunction($result);
> > >
> > > where $arr should be an assoiative array whose indices have the same name
> > as the fields names of table tablename.
> > >
> >
> > http://php.net/mysql_fetch_assoc
> >
> > Please please please read the manual: http://php.net/mysql
> >
> > -Stut
> >
> > --
> > http://stut.net/
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
>
> --
> Regards,
> Wang Yi
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
I have a form that will be filled in by the user, I want to have access to
the content of one of the fields in that form, in order to fill in an
another variable that is not part of the form. this variable is used by a
routine when the form is "posted". Question - is the $_post[field name]
availble before the submit button is pushed, or is there another way to get
the contents of the field?
thanks, Milt
--- End Message ---
--- Begin Message ---
On Mon, 2008-05-12 at 14:44 -0700, milt wrote:
> I have a form that will be filled in by the user, I want to have access to
> the content of one of the fields in that form, in order to fill in an
> another variable that is not part of the form. this variable is used by a
> routine when the form is "posted". Question - is the $_post[field name]
> availble before the submit button is pushed, or is there another way to get
> the contents of the field?
PHP only gets what the browser sends. The browser doesn't send until you
click the submit button (or perform a synonymous action). You'll need to
use JavaScript to work on data before it is submitted.
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--- End Message ---
--- Begin Message ---
Hi all,
The fact is that I have a site that allow users to post hypertext articles.
However, I saw that sometimes, because of their careless input,
the articles is not rendered correctly.
I want to know whether there are some good HTML parsers written in PHP.
That is,
the parser checks whether html tags like table, tr, td, div, dt, dl, dd,
script, ul,
li, span, h1, h2, etc. are nested correctly. If any tags not matched, just
remove them.
Any suggection is greatly appreciated.
--
Regards,
Shelley
--- End Message ---
--- Begin Message ---
strip_tags does the tricks.
www.php.net/manual/en/function.strip-tags.php
BTW,
Why cn2 dot php.net blocked by the mail server?
The rejected message:
This is an automatically generated Delivery Status Notification
Delivery to the following recipient failed permanently:
[EMAIL PROTECTED]
Technical details of permanent failure:
PERM_FAILURE: Gmail tried to deliver your message, but it was rejected
by the recipient domain. The error that the other server returned was:
550 550-5.7.1 mail rejected by policy. SURBL hit
550-Spammy URLs in your message
550 See http://master.php.net/mail/why.php?why=SURBL. We recommend
contacting the other email provider for further information about the
cause of this error. Thanks for your continued support. (state 17)
On 5/13/08, Shelley <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> The fact is that I have a site that allow users to post hypertext articles.
> However, I saw that sometimes, because of their careless input,
> the articles is not rendered correctly.
>
> I want to know whether there are some good HTML parsers written in PHP.
>
> That is,
> the parser checks whether html tags like table, tr, td, div, dt, dl, dd,
> script, ul,
> li, span, h1, h2, etc. are nested correctly. If any tags not matched, just
> remove them.
>
> Any suggection is greatly appreciated.
>
> --
> Regards,
>
> Shelley
>
--
Regards,
Wang Yi
--- End Message ---
--- Begin Message ---
On Tue, 2008-05-13 at 11:34 +0800, Shelley wrote:
> Hi all,
>
> The fact is that I have a site that allow users to post hypertext articles.
> However, I saw that sometimes, because of their careless input,
> the articles is not rendered correctly.
>
> I want to know whether there are some good HTML parsers written in PHP.
>
> That is,
> the parser checks whether html tags like table, tr, td, div, dt, dl, dd,
> script, ul,
> li, span, h1, h2, etc. are nested correctly. If any tags not matched, just
> remove them.
http://ca3.php.net/manual/en/book.tidy.php
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--- End Message ---
--- Begin Message ---
Maybe I didn't use that tidy correctly.
I don't want html, head, body things. Just parsed string.
On Tue, May 13, 2008 at 12:00 PM, Robert Cummings <[EMAIL PROTECTED]>
wrote:
>
> On Tue, 2008-05-13 at 11:34 +0800, Shelley wrote:
> > Hi all,
> >
> > The fact is that I have a site that allow users to post hypertext
> articles.
> > However, I saw that sometimes, because of their careless input,
> > the articles is not rendered correctly.
> >
> > I want to know whether there are some good HTML parsers written in PHP.
> >
> > That is,
> > the parser checks whether html tags like table, tr, td, div, dt, dl, dd,
> > script, ul,
> > li, span, h1, h2, etc. are nested correctly. If any tags not matched,
> just
> > remove them.
>
> http://ca3.php.net/manual/en/book.tidy.php
>
> Cheers,
> Rob.
> --
> http://www.interjinn.com
> Application and Templating Framework for PHP
>
>
--
Regards,
Shelley
--- End Message ---
--- Begin Message ---
You should pass the secend parm to the function. Like this:
$allowable_tags = '<p><a><td><table>';
strip_tags( $text, $allowable_tags );
On 5/13/08, Shelley <[EMAIL PROTECTED]> wrote:
> Not that.
>
> It will just remove all html tags, you know.
>
>
> --
> Regards,
> Shelley
--
Regards,
Wang Yi
--- End Message ---
--- Begin Message ---
On Tue, 2008-05-13 at 12:28 +0800, Shelley wrote:
> Maybe I didn't use that tidy correctly.
> I don't want html, head, body things. Just parsed string.
So strip them...
<?php
// ...
tidy_parse_string( $html );
tidy_clean_repair();
$html = tidy_get_output();
$html = preg_replace( '#^.*<body>#Uis', '', $html )
$html = preg_replace( '#</body>#Uis', '', $html )
//...
?>
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--- End Message ---
--- Begin Message ---
On Tue, 2008-05-13 at 01:27 -0400, Robert Cummings wrote:
> On Tue, 2008-05-13 at 12:28 +0800, Shelley wrote:
> > Maybe I didn't use that tidy correctly.
> > I don't want html, head, body things. Just parsed string.
>
> So strip them...
>
> <?php
> // ...
>
> tidy_parse_string( $html );
> tidy_clean_repair();
>
> $html = tidy_get_output();
>
> $html = preg_replace( '#^.*<body>#Uis', '', $html )
> $html = preg_replace( '#</body>#Uis', '', $html )
>
> //...
> ?>
Whoops... noticed some bugs there :B
<?php
$html = preg_replace( '#^.*<body>#Uis', '', $html );
$html = preg_replace( '#</body>.*$#Uis', '', $html );
?>
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--- End Message ---
--- Begin Message ---
Hi All
I am using a PHP Mailer to send mass mails.
How can I Identify how mails have bounced.
Chetan Dattaram Rane
Software Engineer
--- End Message ---
--- Begin Message ---
Hi,
I sent a mail to this mailling list just now. But the mailling list
rejected my mail for the mail including "cn2 dot php.net". Replace '
dot ' with '.'.
Why this mirror site can't be included in the mail?
Maybe it's not in the whitelist?
--
Regards,
Wang Yi
--- End Message ---
