php-general Digest 23 Nov 2004 13:22:39 -0000 Issue 3129
Topics (messages 202708 through 202721):
Re: Where to learn about these topics
202708 by: Ryan King
Re: default extension for includes?
202709 by: Jed Smith
202710 by: Jake Press
202711 by: Justin French
202720 by: Marek Kilimajer
Re: Upload is still not working ( More tesitngs)
202712 by: Michael Leung
Re: $_POST['xxx'] = "blabla" ?
202713 by: Angelo Zanetti
202714 by: Dennis Seavers
202716 by: Chris Shiflett
202717 by: steve
Re: Timezones
202715 by: Venelin Arnaudov
About DRES PHP application internationalisation...
202718 by: Patrick Gelin
Re: Upload is still not working
202719 by: Burhan Khalid
if($var) vs. if(isset($var))
202721 by: Sam Smith
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
On Nov 22, 2004, at 11:33 AM, Chris Lott wrote:
In MySQL I would say... If you have data which has to be inserted in
serveral tables, you must first check if all conditions are ok. So,
do some
selects to check if everythin in your database is ok, and after that,
execute the query. But, when you really want to make complex database
driven
applications, choose PostgreSQL! This database is better build for
complexity (and not only that ;) ), and supports transactions and
references, and more stuff like that which can be really helpful to
you...
And when you compare MySQL against PostgreSQL... PostgreSQL is a heavy
system compared with MySQL, also free, but when you look at the
functionality: SUPERIOR
But even with Postgresql I have the same situation.
No, you don't.
Let's say a user
wants to enter a new contact into the database. This contact lives in
a new city and has a new kind of relationship. To make that city and
relationship available, I need them in the related tables. Or I need
my form action to check for each one, insert if they are not there,
and then finally insert the new record. This last seems preferable
(one form), but no books seem to deal with the real world, only the
simplest, single-table cases...
This is where stored procedures, triggers and update-able views become
very handy.
-ryan
--- End Message ---
--- Begin Message ---
Justin French wrote:
I'd like to be able to call include("thing"); and have PHP automatically
look for thing.html -- I know include_path can look in multiple places,
but I have no idea if I can look for multiple file extensions, close
matches, etc.
Doubt it, but I'm asking :)
Justin
No.
--
_
(_)___ Jed Smith, Code Ninja
| / __| RFBs: [email for info]
| \__ \ +1 (541) 606-4145
_/ |___/ [EMAIL PROTECTED] (Signed mail preferred: PGP 0x703F9124)
|__/ http://personal.jed.bz/keys/jedsmith.asc
--- End Message ---
--- Begin Message ---
Justin,
'Use the force luke' - or perhaps just write yourself a function to do
this :)
Regards
Jake Press
Justin French wrote:
I'd like to be able to call include("thing"); and have PHP
automatically look for thing.html -- I know include_path can look in
multiple places, but I have no idea if I can look for multiple file
extensions, close matches, etc.
Doubt it, but I'm asking :)
Justin
--- End Message ---
--- Begin Message ---
On 23/11/2004, at 12:44 PM, Jake Press wrote:
Justin,
'Use the force luke' - or perhaps just write yourself a function to
do this :)
Sadly, included files inside functions don't inherit the global
namespace, so you have to do something ridiculous like
extract($GLOBALS) inside the function:
function includer($thing)
{
extract($GLOBALS);
include($thing.".inc");
}
The extract isn't too expensive, but it's definitely something I'd like
to avoid if possible.
Justin
--- End Message ---
--- Begin Message ---
Justin French wrote:
On 23/11/2004, at 12:44 PM, Jake Press wrote:
Justin,
'Use the force luke' - or perhaps just write yourself a function to
do this :)
Sadly, included files inside functions don't inherit the global
namespace, so you have to do something ridiculous like extract($GLOBALS)
inside the function:
function includer($thing)
{
extract($GLOBALS);
include($thing.".inc");
}
The extract isn't too expensive, but it's definitely something I'd like
to avoid if possible.
This would not work, extract creates a copy of the variables, changing
them in $thing . '.inc' will have no efect outside of the file. You
would have to loop $GLOBALS and assign by reference, while skipping
superglobals.
--- End Message ---
--- Begin Message ---
Hi Everyone,
I found some people stated this kind of error , because phpSUExec
max allows 755. But I have changed my upload_files directory into
owned by apache. it should solved the problem based on this logic. but
it won't work at all.
Does Any one have an idea on this
yours,
Michael Leung
> Michael Leung wrote:
>
> >My Error Msg:
> > I can read /tmp/phphRiKeP
> >Warning: fopen(upload_files/doodah) [function.fopen]: failed to open
> >stream: Permission denied in /var/www/html/simple_upload.php on line
> >18
> >
> >Warning: fopen(upload_files/Water lilies.jpg) [function.fopen]: failed
> >to open stream: Permission denied in /var/www/html/simple_upload.php
> >on line 22
> >upload_files is valid a directoryI am able to write to upload_files
> >
> >
> >This is very strange. upload_files is writeable, but can't write by
> >fopen('upload_files/doodah', 'w')
> >
> >
--- End Message ---
--- Begin Message ---
I speak under correction but the reason could be that if someone tries to hack
your site, for example I post to your HTML page, you want to check it your
$_POST contains a certain variable (which may be hidden)
Not really sure besides that
>>> Perry Jönsson <[EMAIL PROTECTED]> 11/22/2004 10:57:23 PM >>>
Jay Blanchard wrote:
> [snip]
> What is the difference between these two examples?
> Both works fine for me.
>
>
>
> 1. if ($_POST['submit'] == 'Login') {
> ...
> ...
> }
>
> 2. if (isset($_POST['submit']) {
> ...
> ...
> }
> [/snip]
>
> One is checking if $_POST contains a specific value, the other just checks to
> see if it contains a value. If $_POST['submit'] contains 'foo' is ISSET. Make
> sense?
Maybe a daft question but why would you like to check for a specific value?
Can you give an example when this is a good thing to do?
/PJ
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--------------------------------------------------------------------
Disclaimer
This e-mail transmission contains confidential information,
which is the property of the sender.
The information in this e-mail or attachments thereto is
intended for the attention and use only of the addressee.
Should you have received this e-mail in error, please delete
and destroy it and any attachments thereto immediately.
Under no circumstances will the Cape Technikon or the sender
of this e-mail be liable to any party for any direct, indirect,
special or other consequential damages for any use of this e-mail.
For the detailed e-mail disclaimer please refer to
http://www.ctech.ac.za/polic or call +27 (0)21 460 3911
--- End Message ---
--- Begin Message ---
Use unset () to reset the variable values and $_POST to set the values. As
long as there's no other, unacceptable access to your server, you'll be in
a good position, other security considerations aside. If any other latent
$_POST values exist, what could they do? And if they were to do anything,
could they not be reset easily?
> [Original Message]
> From: Angelo Zanetti <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Date: 11/23/2004 12:17:37 AM
> Subject: Re: [PHP] $_POST['xxx'] = "blabla" ?
>
> I speak under correction but the reason could be that if someone tries to
hack your site, for example I post to your HTML page, you want to check it
your $_POST contains a certain variable (which may be hidden)
>
> Not really sure besides that
>
>
>
> >>> Perry Jönsson <[EMAIL PROTECTED]> 11/22/2004 10:57:23 PM >>>
> Jay Blanchard wrote:
> > [snip]
> > What is the difference between these two examples?
> > Both works fine for me.
> >
> >
> >
> > 1. if ($_POST['submit'] == 'Login') {
> > ...
> > ...
> > }
> >
> > 2. if (isset($_POST['submit']) {
> > ...
> > ...
> > }
> > [/snip]
> >
> > One is checking if $_POST contains a specific value, the other just
checks to see if it contains a value. If $_POST['submit'] contains 'foo' is
ISSET. Make sense?
>
>
> Maybe a daft question but why would you like to check for a specific
value?
>
> Can you give an example when this is a good thing to do?
>
> /PJ
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
> --------------------------------------------------------------------
> Disclaimer
> This e-mail transmission contains confidential information,
> which is the property of the sender.
> The information in this e-mail or attachments thereto is
> intended for the attention and use only of the addressee.
> Should you have received this e-mail in error, please delete
> and destroy it and any attachments thereto immediately.
> Under no circumstances will the Cape Technikon or the sender
> of this e-mail be liable to any party for any direct, indirect,
> special or other consequential damages for any use of this e-mail.
> For the detailed e-mail disclaimer please refer to
> http://www.ctech.ac.za/polic or call +27 (0)21 460 3911
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
> Maybe a daft question but why would you like to check for a
> specific value?
>
> Can you give an example when this is a good thing to do?
You might have two submit buttons, where you want to take a different
action depending upon which one the user clicks.
Chris
=====
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming February 2005 http://httphandbook.org/
--- End Message ---
--- Begin Message ---
Chris Shiflett wrote:
>> Maybe a daft question but why would you like to check for a
>> specific value?
>>
>> Can you give an example when this is a good thing to do?
>
> You might have two submit buttons, where you want to take a different
> action depending upon which one the user clicks.
You might also want to restrict any actions you take to specific values -
one part of authenticating that the input is valid and not from, say, a
spoofed form.
Someone else suggested using a function to do this - and this is what I do.
The function is part of a small library that I include into every page.
function clean_post($key, $length=FALSE, $request=FALSE, $stripslash=FALSE,
$stripmeta=FALSE) {
if(array_key_exists($key,$_POST)) {
$request = trim(strip_tags($_POST[$key]));
if($length) {
$request = substr($request,0,$length);
}
if($stripslash) { $request = stripslashes($request); }
if($stripmeta) { strip_meta($request); }
}
return $request;
}
You call with by passing the function a string representing the key you're
searching for in $_POST. If this isn't found, the function returns FALSE.
eg, $passwd = clean_post('passwd');
The value pulled from $_POST is run through strip_tags (you may or may not
want this. In my case, I always do because I don't accept HTML from user
input).The other parameters are optional, but offer increasing levels of
'cleaning' the data = ie, restricting its length, removing slashes and
stripping out meta chars.
The third parameter is a way of passing a default value to the function. In
this case, if the key you're searching for isn't found in $_POST, the
function returns that default value rather than FALSE.
--
@+
Steve
--- End Message ---
--- Begin Message ---
Thank you!
I think this is what I needed.
Regards,
Venelin
Robin Vickery wrote:
On Mon, 22 Nov 2004 11:52:03 -0500, Gryffyn, Trevor
<[EMAIL PROTECTED]> wrote:
Then somewhere there has to be a cross reference between name and
timezone info. I'm sorry I'm not running Apache here and don't have
access to the same info that you're using, but I'd try digging into
those config files and any database tables you can find that seem to
relate to it. I'm sorry I can't be more help, but it's gotta be in
there somewhere.
Apache and PHP should be able to use your zoneinfo file, which
contains the mappings for all these timezones.
You can obtain the offset of the current timezone, using
strftime('%z'). You'll get a return value like '+0000' (for GMT) or
'+0200' (for EET) and '-0200' (for EST) etc.
http://www.php.net/strftime
You can change the current timezone by setting the 'TZ' environment
variable with something like putenv("TZ=EST").
http://www.php.net/putenv
You can find out the current setting of the 'TZ' environment variable
with getenv('TZ').
http://www.php.net/getenv
Putting that lot together, it's not hard to write a small function
that given a timezone will return an offset from UTC (aka GMT).
<?php
function tzOffset($tzUser) {
$tzServer = getenv('TZ');
putenv("TZ=$tzUser");
$offset = strftime('%z');
putenv("TZ=$tzServer");
return $offset;
}
echo tzOffset('Canada/Newfoundland'); // -0330
echo tzOffset('EET'); // +0200
?>
--- End Message ---
--- Begin Message ---
Hi,
I'm trying to make DRES project (http://sourceforge.net/projects/dres/)
compliant with ISO-8859-1. I'm not using mbstring into my windows 2000
server, I know there is problem with Internet Explorer browser...
I saw DRES it use 'xmldoc' API into the file xmlutil.php. But this fonction
seems not to be in use at this time. By the way I can't find any
documentation about UTF-8, ISO-8859-1 and so about XMLDOM API.
What I saw it's when I save a formula with DRES, it register a XML file, and
the content is:
<?xml version="1.0"?>
<requirement identifier="aaaaaaaa" name="àààà"
priority="high" status="draft"><revision date="2004-11-19 13:14:45"
label=""><author id="gelinp">Patrick
Gelin</author><comment></comment></revision><description>驩</descripti
on></requirement>
The name filed was originaly:
name='àààà'
I don't know if it's UTF-8 or ISO-8859-1 format.
When the formula refresh it show:
name='Ã Ã Ã Ã '
Where does this come from? Is it a problem with XMLDOM API? How to correct
this?
Thank.
--- End Message ---
--- Begin Message ---
Michael Leung wrote:
Hi Jason,
Thank you for your help. This is the output from PHP script:
"upload_files is valid a directoryI am able to write to upload_files
Warning: move_uploaded_file(upload_files/Water lilies.jpg)
[function.move-uploaded-file]: failed to open stream: Permission
denied in /var/www/html/simple_upload.php on line 58
Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to
move '/tmp/phpHuSGRK' to 'upload_files/Water lilies.jpg' in
/var/www/html/simple_upload.php on line 58"
Well, this shows upload_files is writeable. Therefore, it should not
be any error in permission setting issues.
Could it be the space in the filename?
--
Burhan Khalid
--- End Message ---
--- Begin Message ---
What's the difference between:
if($var)
and
if(isset($var))
--- End Message ---
