[PHP] Am I missing something about escapeshellarg
I just posted the following at http://stackoverflow.com/questions/3481880/what-php-extensions-are-preferred-and-what-about-security-preferences/5223539#5223539; Am I missing anything or are all these guides and hosts either not disabling enough functions or disabling security aids to give warning messages with dangerous results. _ Why do so many hosts and guides disable escapeshell[arg|cmd] which are security aids and leave shell_exec enabled. Leads to opening up your servers to untrusted execution due to things like this. http://www.silverstripe.org/hosting-requirements/show/10777; The only thing I can think of is using it twice might cause problems and safe mode used to be widespread and so would apply escapeshellcmd automatically And now the hosts just copy configs blindly and in error and don't understand and so trust the 100s of threads that say you should do this. Yeah, use it as reference, I'm looking at it, but don't trust it because some good host uses it __ Surely this matters more than removing safe mode despite defence in depth because users believe it to be a safety blanket and may not also use chroot and permissions etc. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Am I missing Something
Greetings all, I am running version 4.3.4 of PHP. Fairly recently. I am trying to call a pretty basic programming tool. Maybe I am just really tired, or something but I am not getting what is going on. Is there something I am missing. I am pulling a SQL call on a date to get the month. I am using Date_format and the %c to get the Month in numeric format. The I plug it into a variable and my intention is to call it as the index of an array. Nothing prints. When I turn on all notices I get a notice that it is an undefined index. What the heck is going on?? Thanks Phillip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Am I missing Something
Phillip S. Baker wrote: I am running version 4.3.4 of PHP. Fairly recently. I am trying to call a pretty basic programming tool. Maybe I am just really tired, or something but I am not getting what is going on. Is there something I am missing. I am pulling a SQL call on a date to get the month. I am using Date_format and the %c to get the Month in numeric format. The I plug it into a variable and my intention is to call it as the index of an array. Nothing prints. When I turn on all notices I get a notice that it is an undefined index. What the heck is going on?? Sorry, left my mind reading helmet at home today. How about sharing some code. -- Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Am I missing Something
You have: select date_format('%c', date_column) You need: select date_format('%c', date_column) AS date_column Else the column name in the result is date_format('%c', date_column). Phillip S. Baker wrote: Greetings all, I am running version 4.3.4 of PHP. Fairly recently. I am trying to call a pretty basic programming tool. Maybe I am just really tired, or something but I am not getting what is going on. Is there something I am missing. I am pulling a SQL call on a date to get the month. I am using Date_format and the %c to get the Month in numeric format. The I plug it into a variable and my intention is to call it as the index of an array. Nothing prints. When I turn on all notices I get a notice that it is an undefined index. What the heck is going on?? Thanks Phillip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Am I missing Something
At 09:54 AM 1/30/2004 +, Stuart wrote: Phillip S. Baker wrote: I am running version 4.3.4 of PHP. Fairly recently. I am trying to call a pretty basic programming tool. Maybe I am just really tired, or something but I am not getting what is going on. Is there something I am missing. I am pulling a SQL call on a date to get the month. I am using Date_format and the %c to get the Month in numeric format. The I plug it into a variable and my intention is to call it as the index of an array. Nothing prints. When I turn on all notices I get a notice that it is an undefined index. What the heck is going on?? Sorry, left my mind reading helmet at home today. How about sharing some code. $sql = SELECT CONCAT(DATE_FORMAT(initiation_date, '%b '), initiation_day, ',' , DATE_FORMAT(initiation_date, ' %Y')) AS weekend, DATE_FORMAT(initiation_date, '%c ') AS month, initiation_day FROM center, initiation WHERE initiation_date = CURRENT_DATE AND initiation_center = center_id AND center_id = $g_cen ORDER BY initiation_date ASC; $wkends = new MySQL($sql); while ( $rec = $wkends - fetchRow () ) { list($sday, $eday) = explode('_', $rec['initiation_day']); if ( $sday == '29' || $sday == '30' || $sday == '31' ) { $somevalue = $rec[1]; echo $g_dates .= $somarray[$somevalue]; } } Through testing, if I echo out $rec[1] I get to correct value (3) If I echo out $somevalue I get the correct value (3) However $somarray[$somevalue] prints out nothing. Again if I display all notices then what I get is that there is an undefined index on the lines that has echo $g_dates .= $somarray[$somevalue]; And $somarray[ has more than four values. Blessings Phillip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Am I missing Something
Phillip S. Baker wrote: And $somarray[ has more than four values. Try inserting the following line at after $somearray has been created and filled with values... print 'pre'; print_r($somearray); print '/pre'; That will display the array in nice format. I think you'll find that the indexes of the array are not what you think they are. -- Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Am I missing Something
Stuart mailto:[EMAIL PROTECTED] on Friday, January 30, 2004 2:56 PM said: print 'pre'; print_r($somearray); print '/pre'; not to steal your glory stuart but you can make it easier on yourself by doing the following: echo 'pre',print_r($somearray),'/pre'; it's merely less typing. hth, chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re[2]: [PHP] Am I missing Something
Hi, Saturday, January 31, 2004, 9:22:41 AM, you wrote: CWP Stuart mailto:[EMAIL PROTECTED] CWP on Friday, January 30, 2004 2:56 PM said: print 'pre'; print_r($somearray); print '/pre'; CWP not to steal your glory stuart but you can make it easier on yourself by CWP doing the following: CWP echo 'pre',print_r($somearray),'/pre'; CWP it's merely less typing. CWP hth, CWP chris. CWP -- CWP PHP General Mailing List (http://www.php.net/) CWP To unsubscribe, visit: http://www.php.net/unsub.php That should be echo 'pre',print_r($somearray,1),'/pre'; or you will get a stray 1 from the return of print_r(); -- regards, Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php