php-general Digest 4 Oct 2011 06:03:09 -0000 Issue 7503

2011-10-04 Thread php-general-digest-help
php-general Digest 4 Oct 2011 06:03:09 - Issue 7503 Topics (messages 315115 through 315120): Re: Variable question 315115 by: Ford, Mike Re: php.ini setting 315116 by: Jim Giner 315117 by: Richard Quadling 315118 by: Jim Giner Method C14N from DOM

[PHP] Re: Oauth consumer and provider gives signature_invalid error

2011-10-04 Thread chamila gayan
hi again. it look likes my code is ugly so no one wants to play with it :D. rewrote the consumer and provider code using only the php provided classes/methods. I have borrowed code from http://www.lornajane.net/posts/2011/php-oauth-provider-request-tokens and

[PHP] php on my pc, no go, FUBAR, thank you Bill Gates?

2011-10-04 Thread Kirk Bailey
I installed it in a Windows XP PC with a cgi capable server in it. No dice, nothing happens. I also installed python in the same computer. Works perfect. NEITHER language modified the http server. So, what do I have to do to get php to play well with others in a XP environment? Cute remarks

Re: [PHP] php on my pc, no go, FUBAR, thank you Bill Gates?

2011-10-04 Thread Daniel P. Brown
On Tue, Oct 4, 2011 at 09:47, Kirk Bailey kbai...@howlermonkey.net wrote: I installed it in a Windows XP PC with a cgi capable server in it. No dice, nothing happens. I also installed python in the same computer. Works perfect. NEITHER language modified the http server. So, what do I have to

Re: [PHP] php on my pc, no go, FUBAR, thank you Bill Gates?

2011-10-04 Thread Bastien Koert
On Tue, Oct 4, 2011 at 9:47 AM, Kirk Bailey kbai...@howlermonkey.net wrote: I installed it in a Windows XP PC with a cgi capable server in it. No dice, nothing happens. I also installed python in the same computer. Works perfect. NEITHER language modified the http server. So, what do I have

Re: [PHP] php on my pc, no go, FUBAR, thank you Bill Gates?

2011-10-04 Thread Richard Quadling
On 4 October 2011 14:47, Kirk Bailey kbai...@howlermonkey.net wrote: I installed it in a Windows XP PC with a cgi capable server in it. No dice, nothing happens. I also installed python in the same computer. Works perfect. NEITHER language modified the http server. So, what do I have to do to

[PHP] detect file upload time

2011-10-04 Thread Kanishka
hi everybody, is any method available for detect file upload time in a php script ? or detect network connections upload speed. i'm using php 5.3.5(xampp 1.7.4) and my os is windows 7. thank you regards kanishka

Re: [PHP] detect file upload time

2011-10-04 Thread Nilesh Govindarajan
On Tue 04 Oct 2011 09:05:30 PM IST, Kanishka wrote: hi everybody, is any method available for detect file upload time in a php script ? or detect network connections upload speed. i'm using php 5.3.5(xampp 1.7.4) and my os is windows 7. thank you regards kanishka It's not possible with

[PHP] Secure data management

2011-10-04 Thread Jim Giner
I thought I knew how to do this. I have a form that collects some data fields. My script checks if magic quotes are off and (since they are) executes addslashes on each input field. Then I run a query to INSERT these 'slashed' vars into the database. But when I go to phpadmin on my site the

Re: [PHP] Secure data management

2011-10-04 Thread Stuart Dallas
On 4 Oct 2011, at 20:23, Jim Giner wrote: I thought I knew how to do this. I have a form that collects some data fields. My script checks if magic quotes are off and (since they are) executes addslashes on each input field. Then I run a query to INSERT these 'slashed' vars into the

[PHP] Re: Secure data management

2011-10-04 Thread Shawn McKenzie
On 10/04/2011 02:23 PM, Jim Giner wrote: I thought I knew how to do this. I have a form that collects some data fields. My script checks if magic quotes are off and (since they are) executes addslashes on each input field. Then I run a query to INSERT these 'slashed' vars into the

Re: [PHP] Secure data management

2011-10-04 Thread Jim Giner
Stuart Dallas stu...@3ft9.com wrote in message news:da8b3499-4d11-4053-9834-68b34d030...@3ft9.com... 1. Why are you using addslashes? 2. MySQL will strip one level of backslashes. * I thought you were supposed to do an addslashes to protect your appl from malicious d/e. Did not know

Re: [PHP] Secure data management

2011-10-04 Thread Jeremiah Dodds
On Tue, Oct 4, 2011 at 2:44 PM, Jim Giner jim.gi...@albanyhandball.com wrote: I thought you were supposed to do an addslashes to protect your appl from malicious d/e. To protect your app from malicious stuff going to SQL queries, you should be using prepared statements, see

Re: [PHP] Re: Secure data management

2011-10-04 Thread Stuart Dallas
On 4 Oct 2011, at 20:30, Shawn McKenzie wrote: On 10/04/2011 02:23 PM, Jim Giner wrote: I thought I knew how to do this. I have a form that collects some data fields. My script checks if magic quotes are off and (since they are) executes addslashes on each input field. Then I run a

Re: [PHP] Secure data management

2011-10-04 Thread Stuart Dallas
On 4 Oct 2011, at 20:44, Jim Giner wrote: Stuart Dallas stu...@3ft9.com wrote in message news:da8b3499-4d11-4053-9834-68b34d030...@3ft9.com... 1. Why are you using addslashes? 2. MySQL will strip one level of backslashes. * I thought you were supposed to do an addslashes to

Re: [PHP] Re: Secure data management

2011-10-04 Thread Mark Kelly
Hi. On Tuesday 04 Oct 2011 at 21:39 Stuart Dallas wrote: http://stut.net/2011/09/15/mysql-real-escape-string-is-not-enough/ Thanks. I followed this link through and read the full message (having missed it the first time round), and while I find the idea of using base64 to sanitise text

Re: [PHP] Re: Secure data management

2011-10-04 Thread Stuart Dallas
On 5 Oct 2011, at 00:04, Mark Kelly wrote: Hi. On Tuesday 04 Oct 2011 at 21:39 Stuart Dallas wrote: http://stut.net/2011/09/15/mysql-real-escape-string-is-not-enough/ Thanks. I followed this link through and read the full message (having missed it the first time round), and while I

Re: [PHP] Re: Secure data management

2011-10-04 Thread Tommy Pham
On Tue, Oct 4, 2011 at 4:11 PM, Stuart Dallas stu...@3ft9.com wrote: On 5 Oct 2011, at 00:04, Mark Kelly wrote: Hi. On Tuesday 04 Oct 2011 at 21:39 Stuart Dallas wrote: http://stut.net/2011/09/15/mysql-real-escape-string-is-not-enough/ Thanks. I followed this link through and read

Re: [PHP] Re: Secure data management

2011-10-04 Thread Stuart Dallas
On 5 Oct 2011, at 00:45, Tommy Pham wrote: On Tue, Oct 4, 2011 at 4:11 PM, Stuart Dallas stu...@3ft9.com wrote: On 5 Oct 2011, at 00:04, Mark Kelly wrote: Hi. On Tuesday 04 Oct 2011 at 21:39 Stuart Dallas wrote: http://stut.net/2011/09/15/mysql-real-escape-string-is-not-enough/

Re: [PHP] Re: Secure data management

2011-10-04 Thread Tommy Pham
On Tue, Oct 4, 2011 at 4:49 PM, Stuart Dallas stu...@3ft9.com wrote: On 5 Oct 2011, at 00:45, Tommy Pham wrote: On Tue, Oct 4, 2011 at 4:11 PM, Stuart Dallas stu...@3ft9.com wrote: On 5 Oct 2011, at 00:04, Mark Kelly wrote: Hi. On Tuesday 04 Oct 2011 at 21:39 Stuart Dallas wrote:

Re: [PHP] Re: Secure data management

2011-10-04 Thread Stuart Dallas
On 5 Oct 2011, at 01:13, Tommy Pham wrote: On Tue, Oct 4, 2011 at 4:49 PM, Stuart Dallas stu...@3ft9.com wrote: On 5 Oct 2011, at 00:45, Tommy Pham wrote: On Tue, Oct 4, 2011 at 4:11 PM, Stuart Dallas stu...@3ft9.com wrote: On 5 Oct 2011, at 00:04, Mark Kelly wrote: Hi. On Tuesday

Re: [PHP] Re: Secure data management

2011-10-04 Thread Tommy Pham
On Tue, Oct 4, 2011 at 5:51 PM, Stuart Dallas stu...@3ft9.com wrote: On 5 Oct 2011, at 01:13, Tommy Pham wrote: On Tue, Oct 4, 2011 at 4:49 PM, Stuart Dallas stu...@3ft9.com wrote: On 5 Oct 2011, at 00:45, Tommy Pham wrote: On Tue, Oct 4, 2011 at 4:11 PM, Stuart Dallas stu...@3ft9.com

Re: [PHP] Re: Secure data management

2011-10-04 Thread Jeremiah Dodds
On Tue, Oct 4, 2011 at 7:51 PM, Stuart Dallas stu...@3ft9.com wrote: As for the overhead I very much doubt there's much difference between that and the overhead of prepared statements. Probably not. As an aside, I'm really struggling to find a case where it'd be worth base64-encoding the

Re: [PHP] Re: Secure data management

2011-10-04 Thread Stuart Dallas
On 5 Oct 2011, at 02:02, Tommy Pham wrote: On Tue, Oct 4, 2011 at 5:51 PM, Stuart Dallas stu...@3ft9.com wrote: On 5 Oct 2011, at 01:13, Tommy Pham wrote: On Tue, Oct 4, 2011 at 4:49 PM, Stuart Dallas stu...@3ft9.com wrote: On 5 Oct 2011, at 00:45, Tommy Pham wrote: On Tue, Oct 4,

Re: [PHP] Re: Secure data management

2011-10-04 Thread Tommy Pham
On Tue, Oct 4, 2011 at 6:07 PM, Jeremiah Dodds jeremiah.do...@gmail.comwrote: On Tue, Oct 4, 2011 at 7:51 PM, Stuart Dallas stu...@3ft9.com wrote: As for the overhead I very much doubt there's much difference between that and the overhead of prepared statements. Probably not. As an aside,

Re: [PHP] Re: Secure data management

2011-10-04 Thread Jeremiah Dodds
On Tue, Oct 4, 2011 at 8:10 PM, Stuart Dallas stu...@3ft9.com wrote: Prepared statements incur an additional hit against the DB server to prepare the statement. But only once, right? This could, of course, still be a downside depending the nature of your app. -- PHP General Mailing List

Re: [PHP] Re: Secure data management

2011-10-04 Thread Stuart Dallas
On 5 Oct 2011, at 02:07, Jeremiah Dodds wrote: On Tue, Oct 4, 2011 at 7:51 PM, Stuart Dallas stu...@3ft9.com wrote: As for the overhead I very much doubt there's much difference between that and the overhead of prepared statements. Probably not. As an aside, I'm really struggling to find a

Re: [PHP] Re: Secure data management

2011-10-04 Thread Jeremiah Dodds
On Tue, Oct 4, 2011 at 8:15 PM, Tommy Pham tommy...@gmail.com wrote: On Tue, Oct 4, 2011 at 6:07 PM, Jeremiah Dodds jeremiah.do...@gmail.com wrote: On Tue, Oct 4, 2011 at 7:51 PM, Stuart Dallas stu...@3ft9.com wrote:  As for the overhead I very much doubt there's much difference between

Re: [PHP] Re: Secure data management

2011-10-04 Thread Stuart Dallas
On 5 Oct 2011, at 02:16, Jeremiah Dodds wrote: On Tue, Oct 4, 2011 at 8:10 PM, Stuart Dallas stu...@3ft9.com wrote: Prepared statements incur an additional hit against the DB server to prepare the statement. But only once, right? This could, of course, still be a downside depending the

Re: [PHP] Re: Secure data management

2011-10-04 Thread Tommy Pham
On Tue, Oct 4, 2011 at 6:10 PM, Stuart Dallas stu...@3ft9.com wrote: On 5 Oct 2011, at 02:02, Tommy Pham wrote: On Tue, Oct 4, 2011 at 5:51 PM, Stuart Dallas stu...@3ft9.com wrote: On 5 Oct 2011, at 01:13, Tommy Pham wrote: On Tue, Oct 4, 2011 at 4:49 PM, Stuart Dallas stu...@3ft9.com

Re: [PHP] Re: Secure data management

2011-10-04 Thread Jeremiah Dodds
On Tue, Oct 4, 2011 at 9:25 PM, Tommy Pham tommy...@gmail.com wrote: There would be a difference in performance since the the expression has to be reevaluated, including the function FROM_BASE, every time versus one time evaluation of prepared statement. This is true, but it should be pointed