[Fwd: Re: [PHP] Explanation in Shiflett's PHP Security Briefing]

2005-06-09 Thread [EMAIL PROTECTED] 

Hm? Didn't see this one yesterday on the list?
Let's try again :)

-afan

Chris Shiflett wrote:


You forgot to filter your input. Shame! :-)
Escaping alone can save you in many cases, but always filter input and 
escape output.


I confess: I didn't forget. I did it just wrong :(  Even I thought I did 
understand - I didn't. I mixed filtering and escaping.

:)


Hope that helps.


Oh, yeah! I just learned something new/more!

Thanks for all of you guys!
:)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Explanation in Shiflett's PHP Security Briefing

2005-06-08 Thread [EMAIL PROTECTED] 

First, thanks guys for such a fast response :)


Matthew Weier O'Phinney wrote:


While the above would prevent most SQL injections, it could still wreak
havoc with your database.  For instance, what if your 'phone' or 'zip'
fields in your database are integer fields, and text gets passed from
the form? (answer: a failed DB call) Or you get a string of random
characters for the email? do you really want that in your DB?
 

I didn't  mention anything about validating email address, zip code and 
such a things, because it is not the issue. but, you are definitlly 
right about how important are those.



Regarding your original question, the reason Chris S. keeps things in an
array is so that all CLEAN (i.e. valid and/or secure) data is marked as
such in a single place. Additionally, it allows you to do things like
validating your $_POST array by looping over it:

$clean = array();
foreach ($_POST as $key => $val) {
   $ok = false;
   switch ($key) {
   case 'name':
   if (ctype_alnum($val)) {
   $ok = true;
   }
   break;
   case 'address':
   if (preg_match('/^[ a-z0-9.\'\"#-]+$/', $val)) {
   $ok = true;
   }
   break;
   // etc.
   }
   if ($ok) {
   $clean[$key] = $val;
   }
}
 


I agree with this one. It's definitlly more "clean" solution. :)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Explanation in Shiflett's PHP Security Briefing

2005-06-08 Thread Chris Shiflett 

[EMAIL PROTECTED] wrote:
I got the point Chris was making: never believe _GET/_POST and use 
ctype_alnum(), mysql_real_escape_string(), htmlentities() - and I 
already started :) (Thanks Chris that was great for us beginners, 
already posted on  few Bosnian php forums :))


You're welcome. :-)

I must point out that the functions you just mentioned fall into two 
separate categories.


Filtering:
ctype_alnum

Escaping:
htmlentities()
mysql_real_escape_string()

My question though was is the difference in code I mentioned just a 
"habit of writing code" or there is some more? Some security issues too?


Well, the discipline of web application security involves both practical 
and theoretical aspects. For example, the following two code snippets 
are not equal:


Hi, {$_POST['username']}!";
}

?>

Hi, {$html['username']}!";
}
?>

They both do the exact same thing - they welcome a user according to the 
username provided in a POST request. The difference is not a technical 
one - it's a difference in theory.


By storing only filtered data in $clean, and by storing only filtered 
data that has also been escaped for use in HTML in $html, I know that I 
can safely send the value of any element within the $html array to the 
client (browser).


This difference is hard to appreciate with such a simplistic example, 
especially when the code is not spread out, but it mitigates the damage 
that can be done when a developer makes a mistake. The worst-case 
scenario is that $html['username'] does not exist - this is better than 
it being tainted (both can be caused by the same mistake).


A developer can always output $_POST['username'] raw, but the idea is 
that you can modify your approach to make things as easy as possible for 
the security-conscious developers.


(This idea is also why I never recommend storing filtered data back into 
$_POST - you want to foster the natural suspicion that developers have 
for data stored therein, not deteriorate it.)


Let's try this way: we have a case of a form for storing registrant info 
in DB. After submitting we have

$_POST['name']
$_POST['address']
$_POST['city']
$_POST['state']
$_POST['zip']
$_POST['email']
$_POST['phone']

To store submitted info to DB I would (now) use following code:

$name = mysql_real_escape_string($_POST['name']);
$address = mysql_real_escape_string($_POST['address']);
$city = mysql_real_escape_string($_POST['city']);
$state = mysql_real_escape_string($_POST['state']);
$zip = mysql_real_escape_string($_POST['zip']);
$email = mysql_real_escape_string($_POST['email']);
$phone = mysql_real_escape_string($_POST['phone']);

mysql_query("insert into info values (NULL, '$name', '$address', 
'$city', '$state', '$email', '$phone')");


You forgot to filter your input. Shame! :-)

Escaping alone can save you in many cases, but always filter input and 
escape output.


Hope that helps.

Chris

--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Explanation in Shiflett's PHP Security Briefing

2005-06-08 Thread Matthew Weier O'Phinney 
* "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> :
> Thanks Richard.
> I got the point Chris was making: never believe _GET/_POST and use 
> ctype_alnum(), mysql_real_escape_string(), htmlentities() - and I 
> already started :) (Thanks Chris that was great for us beginners, 
> already posted on  few Bosnian php forums :))
>
> My question though was is the difference in code I mentioned just a 
> "habit of writing code" or there is some more? Some security issues too?
>
> Let's try this way: we have a case of a form for storing registrant info 
> in DB. After submitting we have
> $_POST['name']
> $_POST['address']
> $_POST['city']
> $_POST['state']
> $_POST['zip']
> $_POST['email']
> $_POST['phone']
>
> To store submitted info to DB I would (now) use following code:
>
> $name = mysql_real_escape_string($_POST['name']);
> $address = mysql_real_escape_string($_POST['address']);
> $city = mysql_real_escape_string($_POST['city']);
> $state = mysql_real_escape_string($_POST['state']);
> $zip = mysql_real_escape_string($_POST['zip']);
> $email = mysql_real_escape_string($_POST['email']);
> $phone = mysql_real_escape_string($_POST['phone']);
>
> mysql_query("insert into info values (NULL, '$name', '$address', 
> '$city', '$state', '$email', '$phone')");
>
> doing the same using arrays:
>
> $submitted = array();
> $submitted['name'] = mysql_real_escape_string($_POST['name']);
> $submitted['address'] = mysql_real_escape_string($_POST['address']);
> $submitted['city'] = mysql_real_escape_string($_POST['city']);
> $submitted['state'] = mysql_real_escape_string($_POST['state']);
> $submitted['zip'] = mysql_real_escape_string($_POST['zip']);
> $submitted['email'] = mysql_real_escape_string($_POST['email']);
> $submitted['phone'] = mysql_real_escape_string($_POST['phone']);
>
> mysql_query("insert into info values (NULL, $submitted['name']', 
> '$submitted['address']', '$submitted['city']', '$submitted['state']', 
> '$submitted['zip']', '$submitted['email']', '$submitted['phone']')");
>
>
> Is this REALLY the same or there is a difference in security or 
> something else?

Not the same, not necessarily secure, and it could cause issues for your
database and/or reporting.

What Chris Shifflet is getting at in his security columns is that simply
escaping your data before throwing it in the DB is not a good practice.
This is true from both a security standpoint as well as a database
management standpoint.

While the above would prevent most SQL injections, it could still wreak
havoc with your database.  For instance, what if your 'phone' or 'zip'
fields in your database are integer fields, and text gets passed from
the form? (answer: a failed DB call) Or you get a string of random
characters for the email? do you really want that in your DB?

It's easy to get lazy about this stuff, especially when it's just a
hobby or for something non-critical, but if you get into bad habits,
what happens when you're doing this for a business critical application?
(I know this one -- my DBA starts beating me over the head with a bat
for f***ing up his data, which will now take him several days to fix; I
get fired from my job because a script I wrote allowed a hacker to
delete all our customer data; etc.)

Regarding your original question, the reason Chris S. keeps things in an
array is so that all CLEAN (i.e. valid and/or secure) data is marked as
such in a single place. Additionally, it allows you to do things like
validating your $_POST array by looping over it:

$clean = array();
foreach ($_POST as $key => $val) {
$ok = false;
switch ($key) {
case 'name':
if (ctype_alnum($val)) {
$ok = true;
}
break;
case 'address':
if (preg_match('/^[ a-z0-9.\'\"#-]+$/', $val)) {
$ok = true;
}
break;
// etc.
}
if ($ok) {
$clean[$key] = $val;
}
}

> Richard Davey wrote:
> > Monday, June 6, 2005, 6:39:09 PM, you wrote:
> > aan> I was reading PHP Security Briefing from brainbulb.com (Chris Shiflett)
> > aan> and didn't get one thing:
> > aan> in example:
> >
> > aan>  > aan> $clean = array();
> > aan> if (ctype_alnum($_POST['username']))
> > aan> {
> > aan> $clean['username'] = $_POST['username'];
> > aan> }
> > ?> >
> >
> > aan> why to set the $clean as array? what's wrong if I use:
> >
> > aan>  > aan> if (ctype_alnum($_POST['username']))
> > aan> {
> > aan> $clean = $_POST['username'];
> > aan> }
> > ?> >
> >
> > In your example $clean will only ever hold one value. In the original
> > the clean array can be used to hold all clean GET/POST values. Not
> > many forms only have one value. The most important thing to remember
> > though is that your array isn't really "clean", it's just "valid". I
> > believe the original point Chris was making was that you should never
> > trust that $_POST will only contain the values you expect it to - they
> > should be moved o

Re: [PHP] Explanation in Shiflett's PHP Security Briefing

2005-06-08 Thread Chris Shiflett 

[EMAIL PROTECTED] wrote:

I was reading PHP Security Briefing from brainbulb.com (Chris
Shiflett) and didn't get one thing:
in example:



why to set the $clean as array? what's wrong if I use:




Richard already answered this pretty well, but I wanted to mention that 
this is not the only way to do things - it's just the method that I use. 
The idea is that I have a single variable ($clean) that I make sure to 
initialize, and because it's an array, I can store all filtered data 
(and only filtered data) in it.


You could use a naming convention like $clean_username, but then you 
would have numerous variables to initialize on each page, increasing the 
chances of you forgetting one (although E_ALL can help you catch these 
mistakes). I'm just going for the simplest approach - the easier I can 
make things, the less likely I am to make a mistake. :-)


The bottom line is that you need to be able to easily and reliably 
distinguish between filtered and tainted data. How you do this is up to you.


Hope that helps.

Chris

--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Explanation in Shiflett's PHP Security Briefing

2005-06-08 Thread [EMAIL PROTECTED] 

Thanks Richard.
I got the point Chris was making: never believe _GET/_POST and use 
ctype_alnum(), mysql_real_escape_string(), htmlentities() - and I 
already started :) (Thanks Chris that was great for us beginners, 
already posted on  few Bosnian php forums :))


My question though was is the difference in code I mentioned just a 
"habit of writing code" or there is some more? Some security issues too?


Let's try this way: we have a case of a form for storing registrant info 
in DB. After submitting we have

$_POST['name']
$_POST['address']
$_POST['city']
$_POST['state']
$_POST['zip']
$_POST['email']
$_POST['phone']

To store submitted info to DB I would (now) use following code:

$name = mysql_real_escape_string($_POST['name']);
$address = mysql_real_escape_string($_POST['address']);
$city = mysql_real_escape_string($_POST['city']);
$state = mysql_real_escape_string($_POST['state']);
$zip = mysql_real_escape_string($_POST['zip']);
$email = mysql_real_escape_string($_POST['email']);
$phone = mysql_real_escape_string($_POST['phone']);

mysql_query("insert into info values (NULL, '$name', '$address', 
'$city', '$state', '$email', '$phone')");


doing the same using arrays:

$submitted = array();
$submitted['name'] = mysql_real_escape_string($_POST['name']);
$submitted['address'] = mysql_real_escape_string($_POST['address']);
$submitted['city'] = mysql_real_escape_string($_POST['city']);
$submitted['state'] = mysql_real_escape_string($_POST['state']);
$submitted['zip'] = mysql_real_escape_string($_POST['zip']);
$submitted['email'] = mysql_real_escape_string($_POST['email']);
$submitted['phone'] = mysql_real_escape_string($_POST['phone']);

mysql_query("insert into info values (NULL, $submitted['name']', 
'$submitted['address']', '$submitted['city']', '$submitted['state']', 
'$submitted['zip']', '$submitted['email']', '$submitted['phone']')");



Is this REALLY the same or there is a difference in security or 
something else?


Thanks :)

-afan

Richard Davey wrote:


Hello afan,

Monday, June 6, 2005, 6:39:09 PM, you wrote:

aan> I was reading PHP Security Briefing from brainbulb.com (Chris Shiflett)
aan> and didn't get one thing:
aan> in example:

aan>  $clean = array();
aan> if (ctype_alnum($_POST['username']))
aan> {
aan> $clean['username'] = $_POST['username'];
aan> }
?>>

aan> why to set the $clean as array? what's wrong if I use:

aan>  if (ctype_alnum($_POST['username']))
aan> {
aan> $clean = $_POST['username'];
aan> }
?>>

In your example $clean will only ever hold one value. In the original
the clean array can be used to hold all clean GET/POST values. Not
many forms only have one value. The most important thing to remember
though is that your array isn't really "clean", it's just "valid". I
believe the original point Chris was making was that you should never
trust that $_POST will only contain the values you expect it to - they
should be moved out into a clean array first for further inspection
and filtering, if anything else lingers in the $_POST array, it's most
likely been tainted.

Best regards,

Richard Davey
 



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Explanation in Shiflett's PHP Security Briefing

2005-06-08 Thread Richard Davey 
Hello afan,

Monday, June 6, 2005, 6:39:09 PM, you wrote:

aan> I was reading PHP Security Briefing from brainbulb.com (Chris Shiflett)
aan> and didn't get one thing:
aan> in example:

aan>  $clean = array();
aan> if (ctype_alnum($_POST['username']))
aan> {
aan> $clean['username'] = $_POST['username'];
aan> }
?>>

aan> why to set the $clean as array? what's wrong if I use:

aan>  if (ctype_alnum($_POST['username']))
aan> {
aan> $clean = $_POST['username'];
aan> }
?>>

In your example $clean will only ever hold one value. In the original
the clean array can be used to hold all clean GET/POST values. Not
many forms only have one value. The most important thing to remember
though is that your array isn't really "clean", it's just "valid". I
believe the original point Chris was making was that you should never
trust that $_POST will only contain the values you expect it to - they
should be moved out into a clean array first for further inspection
and filtering, if anything else lingers in the $_POST array, it's most
likely been tainted.

Best regards,

Richard Davey
-- 
 http://www.launchcode.co.uk - PHP Development Services
 "I do not fear computers. I fear the lack of them." - Isaac Asimov

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] explanation

2005-02-09 Thread Zareef Ahmed 
On Wed, 09 Feb 2005 18:15:28 -0800 (PST), Pagongski
<[EMAIL PROTECTED]> wrote:
> 
> Hi,
> 
> I looked everywhere for a nice explanation of this darn simple thing, 
> but had no luck. I am working with some code made by a different person thats 
> why i am running into these sorts of things. (yes, i am kinda newbie)
> I have a file named "blah.php" with this line:
> 
> $B->var1 = "name1";
> 
> Then i have another file called "result.php" that has:
> 
>require_once("blah.php");
> 
> And then i want some code to display the "name1". The problem is i 
> have no idea how to deal with that "->", what it means (object of some sort?) 
> and how to get the value of that variable. Doing print ($var1) obviously 
> doesnt work.
> Can someone please explain this to me? What does the "->" do? How to 
> solve that problem above?
 -> operator used to accsses the method and properties of an object
Here B is an object and var1 is an member variable.



do a 

print_r($B->var1);

or 
 
print_r ($B);

You will get the all information about this object like class name etc.


zareef ahmed 
> 
> Big thanks.
> 
> Pag
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 


-- 
Zareef Ahmed :: A PHP Developer in India ( Delhi )
Homepage :: http://www.zareef.net

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] *******Re: [PHP] Explanation of cookie behavior

2004-04-16 Thread David A. Stevens 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Friday 16 Apr 2004 18:18, John Nichel wrote:
> David A. Stevens wrote:
> > Please remove my address from any future correspondence about PHP.
>
> Allrighty then.  I warned ya Davey...you're on yer way to /dev/null.  If
> you're lucky, I won't post your email to any porn lists or USENET.

But I might ;)

- -- 
Elfyn McBratney, EMCB
mailto:[EMAIL PROTECTED]
http://www.emcb.co.uk/

PGP Key ID: 0x456548B4
PGP Key Fingerprint:
  29D5 91BB 8748 7CC9 650F  31FE 6888 0C2A 4565 48B4

"When I say something, I put my name next to it." -- Isaac Jaffee

>> ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ <<
<< ~  Linux london 2.6.5-emcb-241 #2 i686 GNU/Linux  ~ >>
>> ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ <<
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAgDJvaIgMKkVlSLQRAnKOAJ48FP60qgOpjGegMs2+UnUGDdbEYACfSjYS
8tLVxnY5/Si80AoJeS1M4Qw=
=HjAU
-END PGP SIGNATURE-

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Explanation of cookie behavior

2004-04-16 Thread Elfyn McBratney 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Friday 16 Apr 2004 18:18, John Nichel wrote:
> David A. Stevens wrote:
> > Please remove my address from any future correspondence about PHP.
>
> Allrighty then.  I warned ya Davey...you're on yer way to /dev/null.  If
> you're lucky, I won't post your email to any porn lists or USENET.

But I might ;)

- -- 
Elfyn McBratney, EMCB
mailto:[EMAIL PROTECTED]
http://www.emcb.co.uk/

PGP Key ID: 0x456548B4
PGP Key Fingerprint:
  29D5 91BB 8748 7CC9 650F  31FE 6888 0C2A 4565 48B4

"When I say something, I put my name next to it." -- Isaac Jaffee

>> ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ <<
<< ~  Linux london 2.6.5-emcb-241 #2 i686 GNU/Linux  ~ >>
>> ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ <<
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAgDJvaIgMKkVlSLQRAnKOAJ48FP60qgOpjGegMs2+UnUGDdbEYACfSjYS
8tLVxnY5/Si80AoJeS1M4Qw=
=HjAU
-END PGP SIGNATURE-

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Explanation of cookie behavior

2004-04-16 Thread John Nichel 
David A. Stevens wrote:
Please remove my address from any future correspondence about PHP.

Allrighty then.  I warned ya Davey...you're on yer way to /dev/null.  If 
you're lucky, I won't post your email to any porn lists or USENET.

--
***
*  _  __   __  __   _  * John  Nichel *
* | |/ /___ __ \ \/ /__ _ _| |__ ___  __ ___ _ __  * 716.856.9675 *
* | ' http://www.KegWorks.com[EMAIL PROTECTED] * 14203 - 1321 *
***
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Explanation of cookie behavior

2004-04-15 Thread Ford, Mike [LSS] 
On 15 April 2004 15:43, Ryan Schefke wrote:

> I'm running a login script where the user enters
> login/password and if it
> matches what I have in my db and their account is active, I set a
> login cookie (login_ck) and an authentication cookie
> (authenticate_ck).  If the
> login and authentication cookies are set when the user goes back to
> the login page I prompt with "welcome back.".  Now, I refresh the
> login page a few times, sometimes it gives the welcome back prompt. 
> Then after anywhere from 2-5 refreshes, it deletes the login cookie
> but the authenticate cookie persists.  Any ideas why this is
> happening? 
> 
> I'm setting my cookies like this:
> 
> setcookie ("authenticate_ck", "$daysRemaining"); //set cookie for
> active account, for 30days
> 
> setcookie ("login_ck", "$lo", time()+ "60*60*24*30", "", "", "0");
> //set cookie for login, for 30days

You're quoting all sorts of things that shouldn't be.  The above should read:

  setcookie ("authenticate_ck", $daysRemaining); //set cookie for active account, for 
30days

  setcookie ("login_ck", $lo, time()+ 60*60*24*30, "", "", 0); //set cookie for login, 
for 30days

Cheers!

Mike

-
Mike Ford,  Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Beckett Park, LEEDS,  LS6 3QS,  United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730  Fax:  +44 113 283 3211 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Explanation of cookie behavior

2004-04-15 Thread Ryan Schefke 
John - It works now!  That was it.  Thanks!

Ryan

-Original Message-
From: John Nichel [mailto:[EMAIL PROTECTED] 
Sent: Thursday, April 15, 2004 10:53 AM
To: PHP Mailing List
Subject: Re: [PHP] Explanation of cookie behavior

Ryan Schefke wrote:
> setcookie ("login_ck", "$lo", time()+ "60*60*24*30", "", "", "0"); //set
> cookie for login, for 30days


Expire is supposed to be an integer.  Try...

setcookie ("login_ck", "$lo", time()+ 2592000, "", "", 0);

-- 
***
*  _  __   __  __   _  * John  Nichel *
* | |/ /___ __ \ \/ /__ _ _| |__ ___  __ ___ _ __  * 716.856.9675 *
* | ' http://www.KegWorks.com[EMAIL PROTECTED] * 14203 - 1321 *
***

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Explanation of cookie behavior

2004-04-15 Thread John Nichel 
Ryan Schefke wrote:
setcookie ("login_ck", "$lo", time()+ "60*60*24*30", "", "", "0"); //set
cookie for login, for 30days


Expire is supposed to be an integer.  Try...

setcookie ("login_ck", "$lo", time()+ 2592000, "", "", 0);

--
***
*  _  __   __  __   _  * John  Nichel *
* | |/ /___ __ \ \/ /__ _ _| |__ ___  __ ___ _ __  * 716.856.9675 *
* | ' http://www.KegWorks.com[EMAIL PROTECTED] * 14203 - 1321 *
***
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Explanation for php.net front page???

2003-11-16 Thread David T-G 
Chris, et al --

...and then Chris W. Parker said...
% 
...
% --
% Don't like reformatting your Outlook replies? Now there's relief!

There sure is.  Uninstall Outhouse and use mutt, now available for win :-)


HAND

:-D
-- 
David T-G  * There is too much animal courage in 
(play) [EMAIL PROTECTED] * society and not sufficient moral courage.
(work) [EMAIL PROTECTED]  -- Mary Baker Eddy, "Science and Health"
http://justpickone.org/davidtg/  Shpx gur Pbzzhavpngvbaf Qrprapl Npg!



pgp0.pgp
Description: PGP signature

Re: [PHP] Explanation for php.net front page???

2003-11-16 Thread Jason Wong 
On Friday 14 November 2003 01:27, Scott Fletcher wrote:
> Thanks...  Yep, using the Outlook QuoteFix and it work like a charm.  I
> noticed by default is by bottom-posting, so I checked the option to make it
> be a top-posting option.

Chris, I think you can scratch him off your list of converts :-) He's gone 
back to the darkside again.

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
Never share a foxhole with anyone braver than you are
-- Murphy's Military Laws n9
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Explanation for php.net front page???

2003-11-13 Thread Scott Fletcher 
Thanks...  Yep, using the Outlook QuoteFix and it work like a charm.  I
noticed by default is by bottom-posting, so I checked the option to make it
be a top-posting option.  Kind of suck that it would have to be plain text
email only though (instead of the html email) but nothing I can't handle
because I think it's time that Outlook stop using the 'Smart Tag' feature
because it is so annoying.  Even disabling the 'Smart Tag' option in Outlook
doesn't stopped the 'Smart Tag' feature at all.  I just copied the 'Don't
Like formatting option' quote as a signature to my account, so it would be
there everytime I send, reply or forward an email.  :-)

It would be so nice to have a website that would show all of the wonderful
features available to any application to use with the applications on the
Internet.

Scott F.

"Chris W. Parker" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
Scott Fletcher 
on Thursday, November 13, 2003 6:29 AM said:

> Thanks for
> the attachment at the bottom of the email about 'reformatting the
> outlook replies'.  That is great, I'm going to use it.

hahahahahahaha! This is sooo funny (to me) because just last week we
(php-general list) had this big heated debate about top-posting versus
bottom-posting. I mentioned that I've already converted some people
because of the Outlook QuoteFix utility and now I can add you to my
list. :)

> Thanks for
> the info...  One question though, how do you know all about this?

I assume you are referring to the Outlook QuoteFix program...?

> Did you just stumple upon it or is it part of a website somewhere
> that show us of all of the wonderful features and this is just one of
> them?

There was no stumpling involved, but there was a lot of stumbling. ;) I
think I found out about it on another list a long time ago. That's all I
remember.

May I suggest you get version 0.80 and not 0.90. I upgraded to .9 a
while ago but came to find out that it doesn't rewrap text nearly as
well as .8 does so I uninstalled .9 and reinstalled .8. Maybe the author
has fixed that bug since I last downloaded but I'm not going to bother
finding out.



Chris.
--
Don't like reformatting your Outlook replies? Now there's relief!
http://home.in.tum.de/~jain/software/outlook-quotefix/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Explanation for php.net front page???

2003-11-13 Thread Chris W. Parker 
Scott Fletcher 
on Thursday, November 13, 2003 6:29 AM said:

> Thanks for
> the attachment at the bottom of the email about 'reformatting the
> outlook replies'.  That is great, I'm going to use it.

hahahahahahaha! This is sooo funny (to me) because just last week we
(php-general list) had this big heated debate about top-posting versus
bottom-posting. I mentioned that I've already converted some people
because of the Outlook QuoteFix utility and now I can add you to my
list. :)

> Thanks for
> the info...  One question though, how do you know all about this?

I assume you are referring to the Outlook QuoteFix program...?

> Did you just stumple upon it or is it part of a website somewhere
> that show us of all of the wonderful features and this is just one of
> them?

There was no stumpling involved, but there was a lot of stumbling. ;) I
think I found out about it on another list a long time ago. That's all I
remember.

May I suggest you get version 0.80 and not 0.90. I upgraded to .9 a
while ago but came to find out that it doesn't rewrap text nearly as
well as .8 does so I uninstalled .9 and reinstalled .8. Maybe the author
has fixed that bug since I last downloaded but I'm not going to bother
finding out.



Chris.
--
Don't like reformatting your Outlook replies? Now there's relief!
http://home.in.tum.de/~jain/software/outlook-quotefix/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Explanation for php.net front page???

2003-11-13 Thread Scott Fletcher 
Robert Cumming - OIC, now I understand.  Far out!  Way Cool!  Neat!!!

Chris Parker - Yea, it sux about the IE's auto-completion too.  Saw that
pressing escape just once turned off the IE drop down feature but it's only
temporary until pressing another key into the drop down...  Um, all the mroe
reason to get rid of IE.  :-)  Thanks for the attachment at the bottom of
the email about 'reformatting the outlook replies'.  That is great, I'm
going to use it.  Thanks for the info...  One question though, how do you
know all about this?  Did you just stumple upon it or is it part of a
website somewhere that show us of all of the wonderful features and this is
just one of them?

Scott F.

"Chris W. Parker" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
Robert Cummings 
on Wednesday, November 12, 2003 2:38 PM said:

> It's not active on the main page. It's on the search page. Go there
> instead.
>
> http://www.php.net/search.php

Wow that's cool. Sux though that IE's auto-complete gets in the way of
the way list.



Chris.
--
Don't like reformatting your Outlook replies? Now there's relief!
http://home.in.tum.de/~jain/software/outlook-quotefix/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Explanation for php.net front page???

2003-11-13 Thread Burhan Khalid 
Scott Fletcher wrote:

Hi!

Would anyone care to explain to me about the article on the frontpage of
the php.net website about the IDE or PHP function name code completion?
Never mind about the bug report and browser stuffs...
This feature (called intellisense by Microsoft) is where if you type a 
function name and the opening parenthesis, a popup appear with the 
function signature (so you know what arguments to pass it).

Dreamweaver MX 2004 has it, so does Zend IDE and even SciTE (a free text 
editor for linux and windows environments). Comes in handy when you are 
trying to remember some esoteric function arguments.


--snip--
New function list auto completion
[04-Nov-2003] You can probably name at least one IDE providing support for
PHP function name code completion. PHP.net is just beta testing the same
feature on the search page. Try selecting the 'function list' lookup option
and start typing in a function name in the search field. You can
autocomplete the name with the space key and navigate in the dropdown with
the up and down cursor keys. We welcome feedback on this feature at the
webmasters email address, but please submit any bugs you find in the bug
system classifying them as a "PHP.net website problem" and providing as much
information as possible (OS, Browser version, Javascript errors, etc..).
--snip--

Thanks,

 Scott



--
Burhan Khalid
phplist[at]meidomus[dot]com
http://www.meidomus.com
---
"Documentation is like sex: when it is good,
 it is very, very good; and when it is bad,
 it is better than nothing."
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Explanation for php.net front page???

2003-11-13 Thread Marek Kilimajer 
- Edwin - wrote:
On 12 Nov 2003 17:37:58 -0500
Robert Cummings <[EMAIL PROTECTED]> wrote:

It's not active on the main page. It's on the search page.
Go there instead.
http://www.php.net/search.php

And it doesn't seem to work with Opera 6 :)


Try the latest version. It works for me ;)

  opera:about

Version 7.22 Final
Build   497
PlatformLinux
Yeh, Opera 6 and below is a crap at dhtml.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Explanation for php.net front page???

2003-11-13 Thread - Edwin - 
On 12 Nov 2003 17:37:58 -0500
Robert Cummings <[EMAIL PROTECTED]> wrote:

> It's not active on the main page. It's on the search page.
> Go there instead.
> 
> http://www.php.net/search.php
> 
> And it doesn't seem to work with Opera 6 :)

Try the latest version. It works for me ;)

  opera:about

Version 7.22 Final
Build   497
PlatformLinux

- E -
__
Do You Yahoo!?
Yahoo! BB is Broadband by Yahoo!
http://bb.yahoo.co.jp/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Explanation for php.net front page???

2003-11-12 Thread Chris W. Parker 
Robert Cummings 
on Wednesday, November 12, 2003 2:38 PM said:

> It's not active on the main page. It's on the search page. Go there
> instead.
> 
> http://www.php.net/search.php

Wow that's cool. Sux though that IE's auto-complete gets in the way of
the way list.



Chris.
--
Don't like reformatting your Outlook replies? Now there's relief!
http://home.in.tum.de/~jain/software/outlook-quotefix/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Explanation for php.net front page???

2003-11-12 Thread Robert Cummings 
It's not active on the main page. It's on the search page. Go there
instead.

http://www.php.net/search.php

And it doesn't seem to work with Opera 6 :)

Cheers,
Rob.

On Wed, 2003-11-12 at 17:33, Scott Fletcher wrote:
> Hi!
> 
> Would anyone care to explain to me about the article on the frontpage of
> the php.net website about the IDE or PHP function name code completion?
> Never mind about the bug report and browser stuffs...
> 
> --snip--
> New function list auto completion
> [04-Nov-2003] You can probably name at least one IDE providing support for
> PHP function name code completion. PHP.net is just beta testing the same
> feature on the search page. Try selecting the 'function list' lookup option
> and start typing in a function name in the search field. You can
> autocomplete the name with the space key and navigate in the dropdown with
> the up and down cursor keys. We welcome feedback on this feature at the
> webmasters email address, but please submit any bugs you find in the bug
> system classifying them as a "PHP.net website problem" and providing as much
> information as possible (OS, Browser version, Javascript errors, etc..).
> 
> --snip--
> 
> Thanks,
> 
>  Scott
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 
-- 
..
| InterJinn Application Framework - http://www.interjinn.com |
::
| An application and templating framework for PHP. Boasting  |
| a powerful, scalable system for accessing system services  |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for   |
| creating re-usable components quickly and easily.  |
`'

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Explanation

2001-11-28 Thread Hank Marquardt 

ternary operator ... if/else shorthand; here's the long way to to do it:

if(isset($string2)) {
$string1 = $HTTP_GET_VARS['pid'];
} else {
$string1 = "";
}

-or- 

$string1 = "";
if(isset($string2)) {
$string1 = $HTTP_GET_VARS['pid'];
}

Hank

On Wed, Nov 28, 2001 at 08:28:12PM -0500, Gerard Samuel wrote:
> Hi.  Im looking over someone else's code and I come across something I 
> dont understand and dont know where in the manual to look for it.
> Here is an example ==>
> 
> $string1 = (isset($string2)) ? $HTTP_GET_VARS['pid'] : "";
> 
> I have no idea what the '?' in the line and the ':' at the end, so I 
> have no way of interpreting what $string1 could be.
> If you could point me to the page in the manual that would be great.
> 
> Thanks...
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
> 

-- 
Hank Marquardt <[EMAIL PROTECTED]>
http://web.yerpso.net
GPG Id: 2BB5E60C
Fingerprint: D807 61BC FD18 370A AC1D  3EDF 2BF9 8A2D 2BB5 E60C
*** Web Development: PHP, MySQL/PgSQL - Network Admin: Debian/FreeBSD
*** PHP Instructor - Intnl. Webmasters Assn./HTML Writers Guild 
*** Beginning PHP -- Starts January 7, 2002 
*** See http://www.hwg.org/services/classes

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] Explanation

2001-11-28 Thread Martin Towell 

it's a ternary operator

$string1 = (isset($string2)) ? $HTTP_GET_VARS['pid'] : "";

is the same as

if (isset($string2))
  $string1 = $HTTP_GET_VARS['pid'];
else
  $string1 = "";


-Original Message-
From: Gerard Samuel [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 29, 2001 12:28 PM
To: PHP
Subject: [PHP] Explanation


Hi.  Im looking over someone else's code and I come across something I 
dont understand and dont know where in the manual to look for it.
Here is an example ==>

$string1 = (isset($string2)) ? $HTTP_GET_VARS['pid'] : "";

I have no idea what the '?' in the line and the ':' at the end, so I 
have no way of interpreting what $string1 could be.
If you could point me to the page in the manual that would be great.

Thanks...


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]