Re: [PHP] base64_encode in URLs
On Tue, May 10, 2005 8:50 pm, Joe Harman said: > Hey just curious if it's okay to encode variables that are passed in > URLs with base64_encode??? since, I am going to pass a email address > in the URL, I would like to protect the email address from typical > people I dunno if every character that can be output by base64_encode is URL-safe or not, but you could do: urlencode(base64_encode($email)) and be 100% certain that it is safe, and that the data you want will come through. That said, I don't think base64_encode will offer much protection from humans who want to snag emails, and you presumably aren't listing these URLs somewhere for web-bot harvesters to find... Though that would fool them, at least in the present. ARAIK, almost *any* obfuscation of email addresses foils the harvest bots. This seems unbelievable, but I liken it to fishing: If every time you cast a line in the water, you come up with a million fish, how hard will you work to change your bait? That is the current state of affairs in the "arms race" of email harvesting -- The spammers have SO MANY fish "biting" that they simply don't need to bypass obfuscation. Sooner or later, however, that will change, especially if the harvesters ever care about "quality" of their fish. While I'm not running around fixing all my old obfuscation code, I'm pretty much not using email obfuscation on any new sites/code. Instead, I build a FORM that will send the email "blind" to the recipient, and have a "throttle choke" that limits a given IP ($_SERVER['REMOTE_ADDR']) to N emails sent in H hours. Certainly, a script could be written to re-connect and get a new IP, but that in itself would take enough time on the end of the spammer that I doubt they'll want to bother any time soon. And it's all wrapped up in a 'spaminator' function that I can replace with something more robust if I need to. I figure this way, I'm 2 steps ahead in this arms race, so when the bad guys start decoding the obfuscation emails, I'll be ready for 'em. Now if I could just figure out a way to get my OWN email out of their lists so I wasn't getting 10,000 spams per day (literally) I'd be a Happy Camper. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] base64_encode in URLs
HA... Thanks for your thoughts... I am actually using this for a broadcast email system... I just use a PHP image generator to make a 1 x1 gif... the image generator script takes a variable for color then I added another one for email address to keep stats on who has opened the message ex. image_script.php?color=00&[EMAIL PROTECTED] but I am using base64_encode to encode the email address and call the variable something besides email... I suppose i didn't have to do this, but thought it would be a good practice to do it... the end result looks something like this : image_script.php?color=00&key=jtzOjM6IkpvZSI7czo5OiJsYXN0X2 also this is embedded in the body of an HTML email... so, i think it's pretty safe any how the script just updates the stats and returns a 1x1 gif... Cheers! Joe On 5/11/05, Richard Lynch <[EMAIL PROTECTED]> wrote: > On Tue, May 10, 2005 8:50 pm, Joe Harman said: > > Hey just curious if it's okay to encode variables that are passed in > > URLs with base64_encode??? since, I am going to pass a email address > > in the URL, I would like to protect the email address from typical > > people > > I dunno if every character that can be output by base64_encode is URL-safe > or not, but you could do: urlencode(base64_encode($email)) and be 100% > certain that it is safe, and that the data you want will come through. > > That said, I don't think base64_encode will offer much protection from > humans who want to snag emails, and you presumably aren't listing these > URLs somewhere for web-bot harvesters to find... Though that would fool > them, at least in the present. > > ARAIK, almost *any* obfuscation of email addresses foils the harvest bots. > > This seems unbelievable, but I liken it to fishing: If every time you > cast a line in the water, you come up with a million fish, how hard will > you work to change your bait? > > That is the current state of affairs in the "arms race" of email > harvesting -- The spammers have SO MANY fish "biting" that they simply > don't need to bypass obfuscation. > > Sooner or later, however, that will change, especially if the harvesters > ever care about "quality" of their fish. > > While I'm not running around fixing all my old obfuscation code, I'm > pretty much not using email obfuscation on any new sites/code. > > Instead, I build a FORM that will send the email "blind" to the recipient, > and have a "throttle choke" that limits a given IP > ($_SERVER['REMOTE_ADDR']) to N emails sent in H hours. > > Certainly, a script could be written to re-connect and get a new IP, but > that in itself would take enough time on the end of the spammer that I > doubt they'll want to bother any time soon. > > And it's all wrapped up in a 'spaminator' function that I can replace with > something more robust if I need to. > > I figure this way, I'm 2 steps ahead in this arms race, so when the bad > guys start decoding the obfuscation emails, I'll be ready for 'em. > > Now if I could just figure out a way to get my OWN email out of their > lists so I wasn't getting 10,000 spams per day (literally) I'd be a Happy > Camper. > > -- > Like Music? > http://l-i-e.com/artists.htm > > -- Joe Harman - Do not go where the path may lead, go instead where there is no path and leave a trail. - Ralph Waldo Emerson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Strange characters
On Tue, May 10, 2005 9:43 pm, Carl Furst said: > I have a question about an odd phenomenon. It doesn't have much to do with > PHP except that I used strtr to solve it, and it maybe that the problem is > being caused by a setting in PHP, but I would like to get some more > background info as to why this is happening. > > On a typical Windows system, most applications use the windows-1252 > character set. Linux uses UTF-8 or Unicode. The former being an 8 bit set > and the latter being a 16 bit set. > > Well I have a form on a website that has to be able to take in text from > MSWord and Notepad and the like. If someone has been using "Autoformating" > in MS Word, the "special characters" get translated into a UTF-8 > equivalent. > What's odd is that these 8 bit windows characters become 24 bit > combinations, I think. When I look at the characters in hex they are > represented by 3 numbers first one always being 0xE2. Those are non-ASCII "extended" characters well beyond the 8-bit ASCII set. In particular, Word just *LOVES* to use funky-ass "quote" marks that are "curly" quotes with some Microsoft-centric format. If you check the User Contributed notes for str_replace and the like, you'll find innumerable listings/solutions for replacing all known (by empirical/evidential analysis) extended MS Word combinations. > Why is there an 0xE2 beginning the character combination and why does PHP > translate these characters this way? Is there something you can do to > minimize them besides writing some kind of character scrubber? PHP doesn't "translate" them, really. The HTTP/browser/web-server sent that character, and PHP is just using what it got. The fact that that character only means what the user THINKS it means in Microsoft Word is the fault of MS Word for not educating its users about ASCII (normal) characters versus "extended" characters. It is unlikely that you'll get MS to admit this is a problem, since for them, it's a lock-in feature to keep people from easily converting their data to better software. At any rate, you can just snag the code from the PHP website of User Contributed notes and call it done. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] SQL Date guru in the house?
Hi All, I have a small problem. I have a project in which someone has got three integer fields for holding the date. DD, MM, in an sql database.I now have to have a page that inputs two dates and select records between those two dates. If I had a date field in the table it would be fairly simple, but I'm hoping to do this search/comparison without having to rewrite the pages/database that has already been designed. Start Date: 11/05/2005 End Date: 11/04/2005 SELECT * FROM blah WHERE mm BETWEEN 04 AND 05 AND dd BETWEEN 11 AND 11 AND BETWEEN 2005 AND 2005 Doesn't work for obvious reasons. Is there any way that I can do this date comparison I the SQL statement without having a decent date field? My apologies as this is australian date format and this list is in the US I think? Regards Matthew
Re: [PHP] protect your CSS files, and possibly other extenstions as well...
You could do all this... Or you could just move the files outside your web tree and change your include path. [shrug] On Tue, May 10, 2005 9:03 pm, Kit DeKat said: > $const = get_defined_constants(); > if( !isset($const["SOME_CONSTANT"]) || > ($const["SOME_CONSTANT"] != 'secret_string') ) http://php.net/defined would be more clear... > You will take a performance hit for adding the parser to more pages, but You'd have to benchmark on your own system to be certain, but others have reported in the distant past that it's a 5-10% performance hit to pass all .htm files through PHP. Presumably that would apply for .css and .js as well. I use .htm and pass through PHP, because I find it frees me up to build a better site with more cool PHP snippets/features without having to maintain old URLs in a change from .htm to .php YMMV. > if( !isset( $_SERVER["HTTP_REFERER"]) || > !strpos($_SERVER["HTTP_REFERER"],$_SERVER["SERVER_NAME"]) ) I don't think you can count on HTTP_REFERER to be set by browsers. It's not required by the HTTP spec, as I understand it. Plus, it seems to me like you are asking for trouble between www.example.com and example.com if they surf to www. but your developer/designer only uses 'example.com' I also would wonder if this will scale up to server farms? Maybe the REFERER/SERVER_NAME stuff is all hunky-dory consistent there... If an end user wants to read your CSS or JS bad enough, they can get it. Nor is this really a problem. You definitely do *NOT* want them able to surf to non-entry (ie, 'include'd) files! Your developers (you) almost certainly spent zero time wondering "what if" the user did that, and them executing your .php/.inc/.inc.php file out of context could wreak havoc. There are many "solutions" for this -- But to me, moving the files out of the web tree and setting include_path makes the most sense as the safest. There's *NO* *WAY* you're gonna screw up your httpd.conf or .htaccess files and make the files not in the web tree suddenly accessible. It's not like setting include_path is rocket science once you figure out that this is EXACTLY what that is for. Just my opinion. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Strange characters
On Wednesday 11 May 2005 07:43, Carl Furst wrote: > I have a question about an odd phenomenon. It doesn't have much to do with > PHP except that I used strtr to solve it, and it maybe that the problem is > being caused by a setting in PHP, but I would like to get some more > background info as to why this is happening. > > > > On a typical Windows system, most applications use the windows-1252 > character set. Linux uses UTF-8 or Unicode. The former being an 8 bit set > and the latter being a 16 bit set. > > > > Well I have a form on a website that has to be able to take in text from > MSWord and Notepad and the like. If someone has been using "Autoformating" > in MS Word, the "special characters" get translated into a UTF-8 > equivalent. What's odd is that these 8 bit windows characters become 24 bit > combinations, I think. When I look at the characters in hex they are > represented by 3 numbers first one always being 0xE2. > > > > Why is there an 0xE2 beginning the character combination and why does PHP > translate these characters this way? Is there something you can do to > minimize them besides writing some kind of character scrubber? If you check the UTF8 character set table at (http://www.unicode.org/charts/) you will see that the section for Basic Latin answers your question. > > > > Thanks, > > Carl -- Cyberly yours, Petar Nedyalkov Devoted Orbitel Fan :-) PGP ID: 7AE45436 PGP Public Key: http://bu.orbitel.bg/pgp/bu.asc PGP Fingerprint: 7923 8D52 B145 02E8 6F63 8BDA 2D3F 7C0B 7AE4 5436 pgp5rdwJkN92E.pgp Description: PGP signature
Re: [PHP] Session cookies in firefox
On Wednesday 11 May 2005 05:04, Kirsten wrote: > I'm using php sessions with cookies. > I realized that Firefox shared cookies between different instances (unlike > IE that when someone open a new bank window a new session is created). > > Has anyone found a solution to this problem? Maybe detecting the new > instance and generating a new session id. Solution 1: Check the referer to your page and consider a "new window" all requests whose referer is from your domain (or your site, or your site + URI, etc. - it's up to you to figure out the exact criteria). Solution 2: Patch the Firefox browser since it's OSS :-) > > Thanks! -- Cyberly yours, Petar Nedyalkov Devoted Orbitel Fan :-) PGP ID: 7AE45436 PGP Public Key: http://bu.orbitel.bg/pgp/bu.asc PGP Fingerprint: 7923 8D52 B145 02E8 6F63 8BDA 2D3F 7C0B 7AE4 5436 pgpmE1f9KIK8T.pgp Description: PGP signature
[PHP] how to test paralelly?
Hi,
I would like to measure how much users per minute
can handle my php script, mysql db and apache server
also, would like to determine how much users can be
served at the same time and how script execution time
changes in this case
if i run a script like:
$id = rand(1,70);
$file = http://mydomain/gallery.php?galpage=$id;
if (!($fp = @fopen ($file, "r"))){
return "";
}
$intext="";
while(!feof($fp)){
$intext .= fgetc($fp);
}
@fclose($fp);
it does not execute the script paralelly and gives apache
any ideas how can i simulate paralel script execution?
Thanks
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Password encryption and password retrieval
Hi, Thank you every one for responding to my mail and giving valuable comments and suggestions for it. Thanx, ..Deeps.. --- Deep <[EMAIL PROTECTED]> wrote: > > Hi evryone, > > I want to implement a site where i would like to > encrypt the password of the users and store it into > mysql > database. My question is that , In case if the user > has forgotten the password how can he retrieve the > password(which is already encrypted and stored...the > user should be able to get the decrypted password). > > Also which encryption method would you recommend. > ie. > md5,crypt, etc > > Thanx, > ..Deeps.. > > > Yahoo! India Matrimony: Find your life partner > online > Go to: http://yahoo.shaadi.com/india-matrimony > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > Yahoo! India Matrimony: Find your life partner online Go to: http://yahoo.shaadi.com/india-matrimony -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SQL Date guru in the house?
On Wednesday 11 May 2005 09:17, [EMAIL PROTECTED] wrote: > Hi All, > > I have a small problem. > > I have a project in which someone has got three integer fields for > holding the date. DD, MM, in an sql database.I now have to > have a page that inputs two dates and select records between those two > dates. > > If I had a date field in the table it would be fairly simple, but I'm > hoping to do this search/comparison without having to rewrite the > pages/database that has already been designed. > > > Start Date: 11/05/2005 > End Date: 11/04/2005 > SELECT * FROM blah WHERE mm BETWEEN 04 AND 05 AND dd BETWEEN 11 AND 11 > AND BETWEEN 2005 AND 2005 > > Doesn't work for obvious reasons. Is there any way that I can do > this date comparison I the SQL statement without having a decent date > field? Yes there's a way ;-) But you've mixed the month and day in the query. The standart textual format is MM/DD/ :-) SELECT * FROM blah WHERE mm BETWEEN 11 AND 11 AND dd BETWEEN 4 AND 5 AND BETWEEN 2005 AND 2005 > My apologies as this is australian date format and this list is in the > US I think? > Regards > Matthew -- Cyberly yours, Petar Nedyalkov Devoted Orbitel Fan :-) PGP ID: 7AE45436 PGP Public Key: http://bu.orbitel.bg/pgp/bu.asc PGP Fingerprint: 7923 8D52 B145 02E8 6F63 8BDA 2D3F 7C0B 7AE4 5436 pgpqYbi9Bu88s.pgp Description: PGP signature
[PHP] PHP file-system functions
This script lists all files/directories in '.' directory. I wanna pass some
querystring with anchor around directories listed, so that if a user clicks
a directory-link, all the files in it are listed. How? Please help.
";
echo "Directories:";
while (false !== ($file = readdir($handle))) {
if(is_dir($file))
echo "".$file."";
}
rewinddir($handle);
echo "";
echo "Files:";
while (false !== ($file = readdir($handle))) {
if(is_file($file))
echo $file."";
}
closedir($handle);
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SQL Date guru in the house?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 11 May 2005 07:17 To: php-general@lists.php.net Subject: [PHP] SQL Date guru in the house? Hi All, I have a small problem. I have a project in which someone has got three integer fields for holding the date. DD, MM, in an sql database.I now have to have a page that inputs two dates and select records between those two dates. If I had a date field in the table it would be fairly simple, but I'm hoping to do this search/comparison without having to rewrite the pages/database that has already been designed. - I strongly recommend that you rewrite the application to use dates! Can you at least add a column to the table which makes a datetime out of those three fields? Then you can do your date comparisons easily. Which database are you using? - Start Date: 11/05/2005 End Date: 11/04/2005 SELECT * FROM blah WHERE mm BETWEEN 04 AND 05 AND dd BETWEEN 11 AND 11 AND BETWEEN 2005 AND 2005 Doesn't work for obvious reasons. Is there any way that I can do this date comparison I the SQL statement without having a decent date field? My apologies as this is australian date format and this list is in the US I think? No need to apologise - this list is on the internet and has posters from all over the world --- Regards Matthew Gamma Global : Suppliers of HPCompaq, IBM, Acer, EPI, APC, Cyclades, D-Link, Cisco, Sun Microsystems, 3Com GAMMA GLOBAL (UK) LTD IS A RECOGNISED 'INVESTOR IN PEOPLE' AND AN 'ISO 9001 2000' REGISTERED COMPANY ** CONFIDENTIALITY NOTICE: This Email is confidential and may also be privileged. If you are not the intended recipient, please notify the sender IMMEDIATELY; you should not copy the email or use it for any purpose or disclose its contents to any other person. GENERAL STATEMENT: Any statements made, or intentions expressed in this communication may not necessarily reflect the view of Gamma Global (UK) Ltd. Be advised that no content herein may be held binding upon Gamma Global (UK) Ltd or any associated company unless confirmed by the issuance of a formal contractual document or Purchase Order, subject to our Terms and Conditions available from http://www.gammaglobal.com E&OE ** ** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] MySql injections....
Hi, This is not the proper list to put this question but i hope you can help me. Does anyone know a good tutorial about mysql injections? Thanks a lot for your help
RE: [PHP] SQL Date guru in the house?
Matthew, Depending on what database, you should have a TO_DATE() or DATE() function that you can cast your dd/mm/ to a date field in the select statement. select to_date(, mm, dd) mydate from dual where mydate >= '11/05/2005' and mydate <= '11/04/2005' Look in the help files or the manual for the correct syntax/function for the database your using. HTH -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 11 May 2005 07:17 To: php-general@lists.php.net Subject: [PHP] SQL Date guru in the house? Hi All, I have a small problem. I have a project in which someone has got three integer fields for holding the date. DD, MM, in an sql database.I now have to have a page that inputs two dates and select records between those two dates. If I had a date field in the table it would be fairly simple, but I'm hoping to do this search/comparison without having to rewrite the pages/database that has already been designed. Start Date: 11/05/2005 End Date: 11/04/2005 SELECT * FROM blah WHERE mm BETWEEN 04 AND 05 AND dd BETWEEN 11 AND 11 AND BETWEEN 2005 AND 2005 Doesn't work for obvious reasons. Is there any way that I can do this date comparison I the SQL statement without having a decent date field? My apologies as this is australian date format and this list is in the US I think? Regards Matthew This message has been delivered to the Internet by the Revenue Internet e-mail service * -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] imap_open with variable fails
Hi,
I'm using imap_open and the script works fine on my server with 4.3.11. Now
as user with 4.3.10 reported that the script does not work. He finally got
it working by replacing my variable-names in the imap_open-command with
strings containing exactly the same data (except for the leading slash
before the { which I was using together with variables).
The statement is
@imap_open("\{$host}INBOX",$user,$pwd,OP_HALFOPEN);
and host is "80.243.163.14/pop3".
I know that /notls can also be appended, but as I said: it works fine when
entering these directly into the command, just when using the
string-parameter it fails.
The error is: "imap_open(): Couldn't open stream"
I've spent quite some time now googling around, searching various forums
etc., but could not find a solution to this. Would appreciate your help very
much!
Thanks
Michael
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SQL Date guru in the house?
Petar Nedyalkov wrote: On Wednesday 11 May 2005 09:17, [EMAIL PROTECTED] wrote: Hi All, I have a small problem. I have a project in which someone has got three integer fields for holding the date. DD, MM, in an sql database.I now have to have a page that inputs two dates and select records between those two dates. If I had a date field in the table it would be fairly simple, but I'm hoping to do this search/comparison without having to rewrite the pages/database that has already been designed. Start Date: 11/05/2005 End Date: 11/04/2005 SELECT * FROM blah WHERE mm BETWEEN 04 AND 05 AND dd BETWEEN 11 AND 11 AND BETWEEN 2005 AND 2005 Doesn't work for obvious reasons. Is there any way that I can do this date comparison I the SQL statement without having a decent date field? Yes there's a way ;-) But you've mixed the month and day in the query. The standart textual format is MM/DD/ :-) SELECT * FROM blah WHERE mm BETWEEN 11 AND 11 AND dd BETWEEN 4 AND 5 AND BETWEEN 2005 AND 2005 Look, there's a couple of standards. There's the US "standard" which you just pointed out MM/DD/, there's also the european standard which is DD/MM/YY (and seemingly australian aswell). There's also the RFC standard which is MMDD. Well, back to the point. It doesn't work because with dates between M=1 and M=2, and D=1 and D=5, (US dates: 1/1/2005, and 2/5/2005), there aren't JUST the following days: 1/1/2005, 1/2/2005, 1/3/2005, 1/4/2005, 1/5/2005, 2/1/2005, 2/2/2005, 2/3/2005, 2/4/2005 and 2/5/2005. No! There's also dates in January that are beyond the 5th which are still before the 5th of February. That's the problem he's having. So I think you've misunderstood him. My apologies as this is australian date format and this list is in the US I think? Regards Matthew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: MySql injections....
[EMAIL PROTECTED] wrote: Hi, This is not the proper list to put this question but i hope you can help me. Does anyone know a good tutorial about mysql injections? Thanks a lot for your help what's there to make a tutorial about? :| If you can get out of a value via a variable, then that means there's a possibility for a SQL injection. Easy as that... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Inner Join or 2nd Query...?
Hi All, with wanting to show both product types(Switch, Router etc) and Makers(Cisco, Avaya, etc) on the one page in select boxes, I was wondering, do you use 2 seperate queries to the database or do you inner join to get all in 1..? I have set up different tables with related id's etc. So, to get Products.product_name and Products.product_id along with what the below query pulls, what wold be best..? I believe if I do a 2nd query, than some variables need to be identified with the particular query, yes..? Cheers. What is your question in one sentence? Is it "how do I do an inner join"? Is it "are two separate queries on two tables faster than one query on both tables"? Or something else entirely? JUMBO STATUS Used Hardware Specialist Admin PRODUCT TYPE $product_type"; } ?> email: [EMAIL PROTECTED] Telephone: 03-5209-1777 Fax: 03-5209-2539 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Gamma Global : Suppliers of HPCompaq, IBM, Acer, EPI, APC, Cyclades, D-Link, Cisco, Sun Microsystems, 3Com GAMMA GLOBAL (UK) LTD IS A RECOGNISED 'INVESTOR IN PEOPLE' AND AN 'ISO 9001 2000' REGISTERED COMPANY ** CONFIDENTIALITY NOTICE: This Email is confidential and may also be privileged. If you are not the intended recipient, please notify the sender IMMEDIATELY; you should not copy the email or use it for any purpose or disclose its contents to any other person. GENERAL STATEMENT: Any statements made, or intentions expressed in this communication may not necessarily reflect the view of Gamma Global (UK) Ltd. Be advised that no content herein may be held binding upon Gamma Global (UK) Ltd or any associated company unless confirmed by the issuance of a formal contractual document or Purchase Order, subject to our Terms and Conditions available from http://www.gammaglobal.com E&OE ** ** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql injections....
Probably you mean about "prevening mysql injections" - or not? :) Bostjan On Wednesday 11 May 2005 11:38, [EMAIL PROTECTED] wrote: > Hi, > This is not the proper list to put this question but i hope you can help > me. Does anyone know a good tutorial about mysql injections? > > Thanks a lot for your help -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] String manipulation out of the box solution?
Richard Lynch wrote:
On Tue, May 10, 2005 5:58 am, Merlin said:
I am writing an internal full text search engine and do have trouble in
outputting the text in an apropriate way.
Problem is that if there is more than one word I cant handle the text
cropping.
For example:
Search term: php germany
Text from database: There is no such great language than php. Amongh those
countries using this language is Germany with a good percentage of users.
Text output should be:
...language than php. Amongh... language is Germay with a good...
Similar to the way google does it. I tried it now with a couple of ways
but
failed for most (I tried with strpos and substr).
Is there a solution out of the box with php, or maybe anybody knows a good
script which does that. This does sound like a standard feature to me.
Here's a quickie, untested, and probably with some kind of logic errors,
or at least things not quite what you want.
$fulltext = "There is no such great language than php. Amongh those
countries using this language is Germany with a good percentage of
users.";
$words = explode(" ", "php germany");
$snippets = '';
while (list(, $word) = each($words)){
if (!stristr($snippets, $word)){ //skip this if we already got the word.
$start = strpos($fulltext, $word);
if ($start !== false){
$end = $start + strlen($word);
$jumpback = strpos(' ', $fulltext, $start - 20);
$jumpforward = strpos(' ', $fulltext, $end + 20);
$snippet = substr($fulltext, $jumpback, $jumpforward);
$snippets .= " $snippet ";
}
}
}
reset($words);
while (, $word) = each($words)){
$snippets = str_replacei($word, "$word", $snippets);
}
echo $snippets;
To Do:
Might wanna store an array of start/end numbers for snippets, then sort by
start, then combine those that "overlap" one end to the next start, *THEN*
combine those snippets, so you don't have snippets out or order, nor
overlapping.
Still, I got ya started...
Hi Richard,
thank you for the jump start! I have fixed some errors within the script and now
it works ( I am attaching the script). You are right, the overlap is a to do.
Best regards, Merlin
$fulltext = "There is no such great language than php. Amongh those
countries using this language is Germany with a good percentage of
users.";
$words = explode(" ", "php Germany");
$snippets = '';
while (list(, $word) = each($words)){
if (!stristr($snippets, $word)){ //skip this if we already got the word.
$start = strpos($fulltext, $word);
if ($start !== false){
$end = $start + strlen($word);
$jumpback = strpos($fulltext, ' ',$start - 20);
$jumpforward = strpos( $fulltext,' ', $end + 20);
$snippet = '...'.substr($fulltext, $jumpback, $jumpforward).'...';
$snippets .= " $snippet ";
}
}
}
reset($words);
while (list(, $word) = each($words)){
$snippets = str_replace($word, "$word", $snippets);
}
echo $snippets;
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] MySql injections....
> Hi, > This is not the proper list to put this question but i hope > you can help me. > Does anyone know a good tutorial about mysql injections? > > Thanks a lot for your help http://phpsec.org HTH, Mikey -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql injections....
I have a site and the other days i received a message from a guy that told me my site is vulnerable to mysql injections. I do not know how can i prevent this. The server is not configured or it's all about the script? - Original Message - From: "Bostjan Skufca @ domenca.com" <[EMAIL PROTECTED]> To: Sent: Wednesday, May 11, 2005 1:50 PM Subject: Re: [PHP] MySql injections Probably you mean about "prevening mysql injections" - or not? :) Bostjan On Wednesday 11 May 2005 11:38, [EMAIL PROTECTED] wrote: Hi, This is not the proper list to put this question but i hope you can help me. Does anyone know a good tutorial about mysql injections? Thanks a lot for your help -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] protect your CSS files, and possibly other extenstions as well...
Richard Lynch wrote:
You could do all this...
Or you could just move the files outside your web tree and change your
include path. [shrug]
This is probably true, but I was thinking of a virtual hosting
environment where its easier to maintain the code when its all in a
sub-directory named by the address. But even then I guess you can make
the document root one below the virtual host root and then place
includes next to the document root to keep them grouped together, yet
seperated.
if( !isset( $_SERVER["HTTP_REFERER"]) ||
!strpos($_SERVER["HTTP_REFERER"],$_SERVER["SERVER_NAME"]) )
I don't think you can count on HTTP_REFERER to be set by browsers.
It's not required by the HTTP spec, as I understand it.
Plus, it seems to me like you are asking for trouble between
www.example.com and example.com if they surf to www. but your
developer/designer only uses 'example.com'
I also would wonder if this will scale up to server farms? Maybe the
REFERER/SERVER_NAME stuff is all hunky-dory consistent there...
I tested the HTTP_REFERER in both IE v6 and FireFox v1 and the code is
working. I dont have an IE v5.x to test on or I would've verified that
as well. the SERVER_NAME string will be equal to www.example.com or just
example.com, whichever was used to access the site -- it is pulled from
between the http:// and the next / so it will allow access to only a
self referring server call.
As for server farms, the SERVRE_NAME part will have to be modified to
include every allowable server that can refer to it.
If an end user wants to read your CSS or JS bad enough, they can get it.
Nor is this really a problem.
There have been incidents in the past when another website stripped an
artists site entirely; html, css, js, images, everything. This code will
prevent css and js from being directly downloaded from a web browser.
This will work as long as you dont have another service accessing the
directories, such as ftp that bypasses the web server parsing routine.
The following two methods for linking to stylesheets was used in testing:
and
@import('http:///styles.css');
You definitely do *NOT* want them able to surf to non-entry (ie,
'include'd) files!
Your developers (you) almost certainly spent zero time wondering "what if"
the user did that, and them executing your .php/.inc/.inc.php file out of
context could wreak havoc.
That is the whole intention of this exercise, to prevent direct user
access to included
files both templated and configuration files. As mentioned earlier, my
intention was on
virtual host directories that keep all the files under on roof. This
method for hiding php
scripts is already used widely in many php-portal kits that keep
everything in one directory
for ease of install for end-users.
My ammendum for css and js files prevents nosey ripoffs away from an
original designers
work. They spent a lot of time in these designs and dont want random joe
to just copy it for
self-serving purposes. Even if they have all the html, they will have to
spend some time trying
to figure out the styles and javascript calls to match your sites look
and feel. I dont think the
majority of the ripoff artists will spend that time, and they will move
on to someone else.
There are many "solutions" for this -- But to me, moving the files out of
the web tree and setting include_path makes the most sense as the safest.
There's *NO* *WAY* you're gonna screw up your httpd.conf or .htaccess
files and make the files not in the web tree suddenly accessible.
It's not like setting include_path is rocket science once you figure out
that this is EXACTLY what that is for.
Just my opinion.
As mention earlier I will look into the shuffling of directories and
modification of the include_path
for hiding included files and see what modifications are needed for the
code then.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Strange characters
Yeah, the solution I use was posted to the user comments on the strtr command page which is also documented as a better solution than str_replace except for the one caveat that it will only try and change a character once, and some of the hex codes on that page don't really work, because the representation, say, of a MS Word dash (hex: 0x96) is not the same number on Linux. So if you try and scrub it on the Linux side it won't find it. Thanks! Carl -Original Message- From: Richard Lynch [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 11, 2005 2:14 AM To: Carl Furst Cc: php-general@lists.php.net Subject: Re: [PHP] Strange characters On Tue, May 10, 2005 9:43 pm, Carl Furst said: > I have a question about an odd phenomenon. It doesn't have much to do with > PHP except that I used strtr to solve it, and it maybe that the problem is > being caused by a setting in PHP, but I would like to get some more > background info as to why this is happening. > > On a typical Windows system, most applications use the windows-1252 > character set. Linux uses UTF-8 or Unicode. The former being an 8 bit set > and the latter being a 16 bit set. > > Well I have a form on a website that has to be able to take in text from > MSWord and Notepad and the like. If someone has been using "Autoformating" > in MS Word, the "special characters" get translated into a UTF-8 > equivalent. > What's odd is that these 8 bit windows characters become 24 bit > combinations, I think. When I look at the characters in hex they are > represented by 3 numbers first one always being 0xE2. Those are non-ASCII "extended" characters well beyond the 8-bit ASCII set. In particular, Word just *LOVES* to use funky-ass "quote" marks that are "curly" quotes with some Microsoft-centric format. If you check the User Contributed notes for str_replace and the like, you'll find innumerable listings/solutions for replacing all known (by empirical/evidential analysis) extended MS Word combinations. > Why is there an 0xE2 beginning the character combination and why does PHP > translate these characters this way? Is there something you can do to > minimize them besides writing some kind of character scrubber? PHP doesn't "translate" them, really. The HTTP/browser/web-server sent that character, and PHP is just using what it got. The fact that that character only means what the user THINKS it means in Microsoft Word is the fault of MS Word for not educating its users about ASCII (normal) characters versus "extended" characters. It is unlikely that you'll get MS to admit this is a problem, since for them, it's a lock-in feature to keep people from easily converting their data to better software. At any rate, you can just snag the code from the PHP website of User Contributed notes and call it done. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php resultset restart??
Hi all. i've checked the PHP manual but can't find a function for this, perhaps I'm missing something. I get a resultset and loop through it but this is in a loop so it only executes the first time. is this because the resultset is at the end? is there a way to tell PHP to start at the beginning of the resultset again for each loop? Or is it best just to copy the resultset to an array and just loop through the array multilpe times? thanks in advance -- Angelo This message was sent using IMP, the Internet Messaging Program. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql injections....
Read Chris' article here: http://shiflett.org/articles/security-corner-apr2004 This should explain everything to you - and yes it's down to the scripts you run. Chris R -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] MySql injections....
[snip] I have a site and the other days i received a message from a guy that told me my site is vulnerable to mysql injections. I do not know how can i prevent this. The server is not configured or it's all about the script? [/snip] PHP Security - http://www.shiflett.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: A couple questions about templating
> Anyways, I restructered my code, and as far as I can see there is
> nothing wrong with the code, except for that it simply doesn't work :)
That's usually considered a fairly serious problem.
> I'm probably missing something blatently obvious but I'll post it and
> maybe someone can spot why this isn't working. Here be the code:
I've had a fairly brief look through, and would recommend the following:
Add error checking routines
Don't do this:$fp = fopen($file, $mode);
Do this instead: $fp = fopen($file, $mode) or die("can't open file
$file with mode $mode");
You might also want to have a look at www.php.net/asssert
Recheck your strings/arrays, and your uses of them:
> function assign($var,$value) {
> if (isset($var) && isset($value)) {
> $this->_var[] = $var;
> $this->_value[] = $value;
// $this->_var, and $this->_value are arrays
> $this->_file = str_replace('{' .
> $this->_var . '}',$this->_value,$this->_file);
Here you're trying to concatenate a string ('{') with an array ($this->_var)
Probably the easiest solution would be to do a $this->_var[] = '{' .
$var . '}'; in the assign() function.
For Clarity sake, instead of using fopen/fread/fwrite/filesize/etc,
I'd replace them with file_get_contents(), and if available
file_put_contents()
>
> class mm {
> //
> // PRIVATE CLASS VARIABLES
> //
> var $_file;
> var $_template;
> var $_var;
> var $_value;
>
> //
> // CLASS CONSTRUCTOR
> //
> function mm() {
> $this->_var = array();
> $this->_value = array();
> }
>
> //
> // ASSIGN A VARIABLE
> //
> function assign($var,$value) {
> if (isset($var) && isset($value)) {
> $this->_var[] = $var;
> $this->_value[] = $value;
> }
> }
>
> //
> // RUN THE WEBPAGE
> //
> function run($template) {
> if (isset($template)) {
> $this->_template = 'tpl/' . $template .
> '.tpl';
> if (file_exists($this->_template)) {
> $file = fopen($this->_template,'r');
> $this->_file =
> fread($file,filesize($this->_template));
> fclose($file);
> $this->_file = str_replace('{' .
> $this->_var .
> '}',$this->_value,$this->_file);
> print($this->_file);
> } else {
> print('Template File Does Not
> Exists');
> }
> } else {
> print('Template is not sent');
> exit;
> }
> }
> }
> ?>
>
> The page that run's the script simply looks like this:
>
> //
> // LOAD THE TEMPLATING CLASS
> //
> require_once('tpl.php');
> $mm = new mm();
>
> //
> // SET CONTENT
> //
> $sitename = 'Calgary Outdoor Paintball League » Under Heavy
> Developement';
> $header = 'Welcome to the Calgary Outdoor Paintball League\'s
> Official Website';
>
> //
> // RUN THE PAGE
> //
> $mm->assign('sitename',$sitename);
> $mm->assign('header',$header);
> $mm->run('index');
> ?>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Generating a php file
Hi there I am trying to generate a php file, which has variables that i need to have in it ie $_SERVER but not actually be parsed as they need to be in the actual script. I also need to send some variables to assign values to other variables in the script. How is this possible ? I have tried placing the contents of the script within a string, but all the variables gets parsed, and the super globals cause an error. Let me know . -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] protect your CSS files, and possibly other extenstions as well...
Sorry Richard if you received this twice.
Okay let me get this straight:
You protect your includes by making sure that they have a protected
string defined?
You pass JS and CSS through PHP, and output a 404 unless they've got a
HTTP_REFERER variable set to whatever you want it to be?
I guess it may have some merit, but personally it seems like you're
going from Hong Kong to Shanghi through Paris.
Your first suggestion (protecting php includes) has merit if you're
designing a package that people are going to download, and you have
minimal control over how they install it. If you're trying to stop
people from reading your PHP code however you're misguided if you
think there is any solid method other than placing it outside your
webtree.
The Browser needs access to your .js files and .css files. It's not
going to take long to figure out that the server checks the
HTTP_REFERER, and once you've done that, all you have to do is
something put something like the following into the address bar:
javascript:void(document.write("ss"))
Right-click and "Save Link As"(Firefox), or "Save Target As"(MSIE),
and they get a dialog box asking them where they want to save your
css/js file to.
At least with your first suggestion(protecting php scripts) you
actually get to Shanghi. With your second one, you go from Hong Kong,
to Paris, and back to Hong Kong.
And before you ask, no I'm not Chineese.
On 5/11/05, Richard Lynch <[EMAIL PROTECTED]> wrote:
> You could do all this...
>
> Or you could just move the files outside your web tree and change your
> include path. [shrug]
>
> On Tue, May 10, 2005 9:03 pm, Kit DeKat said:
> > $const = get_defined_constants();
> > if( !isset($const["SOME_CONSTANT"]) ||
> > ($const["SOME_CONSTANT"] != 'secret_string') )
>
> http://php.net/defined
> would be more clear...
>
> > You will take a performance hit for adding the parser to more pages, but
>
> You'd have to benchmark on your own system to be certain, but others have
> reported in the distant past that it's a 5-10% performance hit to pass all
> .htm files through PHP.
>
> Presumably that would apply for .css and .js as well.
>
> I use .htm and pass through PHP, because I find it frees me up to build a
> better site with more cool PHP snippets/features without having to
> maintain old URLs in a change from .htm to .php YMMV.
>
> > if( !isset( $_SERVER["HTTP_REFERER"]) ||
> > !strpos($_SERVER["HTTP_REFERER"],$_SERVER["SERVER_NAME"]) )
>
> I don't think you can count on HTTP_REFERER to be set by browsers.
>
> It's not required by the HTTP spec, as I understand it.
>
> Plus, it seems to me like you are asking for trouble between
> www.example.com and example.com if they surf to www. but your
> developer/designer only uses 'example.com'
>
> I also would wonder if this will scale up to server farms? Maybe the
> REFERER/SERVER_NAME stuff is all hunky-dory consistent there...
>
> If an end user wants to read your CSS or JS bad enough, they can get it.
>
> Nor is this really a problem.
>
> You definitely do *NOT* want them able to surf to non-entry (ie,
> 'include'd) files!
>
> Your developers (you) almost certainly spent zero time wondering "what if"
> the user did that, and them executing your .php/.inc/.inc.php file out of
> context could wreak havoc.
>
> There are many "solutions" for this -- But to me, moving the files out of
> the web tree and setting include_path makes the most sense as the safest.
>
> There's *NO* *WAY* you're gonna screw up your httpd.conf or .htaccess
> files and make the files not in the web tree suddenly accessible.
>
> It's not like setting include_path is rocket science once you figure out
> that this is EXACTLY what that is for.
>
> Just my opinion.
>
> --
> Like Music?
> http://l-i-e.com/artists.htm
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] include remote class
if i goto the url i see nothing(normal) as it is just parsing the class and
no output. my include seems to parse the PHP but is not delivering the class
functions to instantiate. the manual mentions that remote includes with
classes or functions wont work but i saw one workaround mentioned on the
manual page that i tried using .inc but server did not parse it. a setting
perhaps?
-Original Message-
From: Richard Lynch [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 10, 2005 9:52 PM
To: Andy Sandvik
Cc: php-general@lists.php.net
Subject: Re: [PHP] include remote class
On Tue, May 10, 2005 10:10 am, Andy Sandvik said:
>
> im doing include('http://www.mysite.com/class.php');
> and then i create new instance but i get error - cannot instantiate
> non-existant class
> how can i get this remotely hosted class file to be defined?
If you surf to that URL, do you see PHP source, or do you see HTML/nothing?
You may want to use .phps to get source, or .inc if mysite.com is
configured to serve those up as PHP.
You also have to make sure class.php is actually valid code...
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql injections....
Hey, I had the same questions a little while back, and from the advise i got on this list I checked out the PEAR:DB class and ADODB...I went with the ADODB solution and have not regretted it since. Check both of them out for your needs. Cheers, Ryan On 5/11/2005 12:50:14 PM, Bostjan Skufca @ domenca.com ([EMAIL PROTECTED]) wrote: > Probably you mean about "prevening mysql injections" - or not? :) > > Bostjan > > > > On Wednesday 11 May 2005 11:38, [EMAIL PROTECTED] wrote: > > Hi, > > This is not the proper list to put this question but i hope you can > help > > me. Does anyone know a good tutorial about mysql injections? > > > > Thanks a lot for your help > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.11.8 - Release Date: 5/10/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] protect your CSS files, and possibly other extenstionsas well...
Richard Lynch wrote:
>You could do all this...
>
>Or you could just move the files outside your web tree and change your
>include path. [shrug]
>
>
This is probably true, but I was thinking of a virtual hosting
environment where its easier to maintain the code when its all in a
sub-directory named by the address. But even then I guess you can make
the document root one below the virtual host root and then place
includes next to the document root to keep them grouped together, yet
seperated.
>>if( !isset( $_SERVER["HTTP_REFERER"]) ||
>>!strpos($_SERVER["HTTP_REFERER"],$_SERVER["SERVER_NAME"]) )
>>
>>
>
>I don't think you can count on HTTP_REFERER to be set by browsers.
>
>It's not required by the HTTP spec, as I understand it.
>
>Plus, it seems to me like you are asking for trouble between
>www.example.com and example.com if they surf to www. but your
>developer/designer only uses 'example.com'
>
>I also would wonder if this will scale up to server farms? Maybe the
>REFERER/SERVER_NAME stuff is all hunky-dory consistent there...
>
>
I tested the HTTP_REFERER in both IE v6 and FireFox v1 and the code is
working. I dont have an IE v5.x to test on or I would've verified that
as well. the SERVER_NAME string will be equal to www.example.com or just
example.com, whichever was used to access the site -- it is pulled from
between the http:// and the next / so it will allow access to only a
self referring server call.
As for server farms, the SERVRE_NAME part will have to be modified to
include every allowable server that can refer to it.
--
Some anti-virus/firewall type software does not allow the browser to
send the referrer - it cannot be relied upon, which is Richard's point.
--
>If an end user wants to read your CSS or JS bad enough, they can get
>it.
>
>Nor is this really a problem.
>
>
There have been incidents in the past when another website stripped an
artists site entirely; html, css, js, images, everything. This code will
prevent css and js from being directly downloaded from a web browser.
This will work as long as you dont have another service accessing the
directories, such as ftp that bypasses the web server parsing routine.
The following two methods for linking to stylesheets was used in
testing:
and
@import('http:///styles.css');
The css and js files will still be transmitted to the client, so they
can be retrieved from temporary internet files or wherever the browser
stores them. I don't see how your method will prevent anyone from
accessing these files - they need to be on the client for your page to
display correctly.
>You definitely do *NOT* want them able to surf to non-entry (ie,
>'include'd) files!
>
>Your developers (you) almost certainly spent zero time wondering "what
>if" the user did that, and them executing your .php/.inc/.inc.php file
>out of context could wreak havoc.
>
That is the whole intention of this exercise, to prevent direct user
access to included
files both templated and configuration files. As mentioned earlier, my
intention was on
virtual host directories that keep all the files under on roof. This
method for hiding php
scripts is already used widely in many php-portal kits that keep
everything in one directory
for ease of install for end-users.
My ammendum for css and js files prevents nosey ripoffs away from an
original designers
work. They spent a lot of time in these designs and dont want random joe
to just copy it for
self-serving purposes. Even if they have all the html, they will have to
spend some time trying
to figure out the styles and javascript calls to match your sites look
and feel. I dont think the
majority of the ripoff artists will spend that time, and they will move
on to someone else.
>There are many "solutions" for this -- But to me, moving the files out
>of the web tree and setting include_path makes the most sense as the
>safest.
>
>There's *NO* *WAY* you're gonna screw up your httpd.conf or .htaccess
>files and make the files not in the web tree suddenly accessible.
>
>It's not like setting include_path is rocket science once you figure
>out that this is EXACTLY what that is for.
>
>Just my opinion.
>
As mention earlier I will look into the shuffling of directories and
modification of the include_path
for hiding included files and see what modifications are needed for the
code then.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Gamma Global : Suppliers of HPCompaq, IBM, Acer, EPI, APC, Cyclades, D-Link,
Cisco, Sun Microsystems, 3Com
GAMMA GLOBAL (UK) LTD IS A RECOGNISED 'INVESTOR IN PEOPLE' AND AN 'ISO 9001
2000' REGISTERED COMPANY
**
CONFIDENTIALITY NOTICE:
This Email is confidential and may also be privileged. If you are not the
intended
[PHP] pointing to localhost from remote server
Hi, I have a system running on my main server containg separate user and staff interfaces to the same MySQL databases. Part of my process involves spawning off pdf front covers to a local directory, grabbing files from an archive on a networked pc and adding them together to ftp back to the server (which, incidentally is 70 miles away). My own machine runs IIS5/PHP5 and the Java classes to do the pdf joining. I have a link on a server mounted page that opens the localhost page and successfully prints off the pdf covers. However, on completion, the popup disappears and I then get a 'file open/save' dialog box which, if I 'open' tries to open the php file in Dreamweaver (my chosen IDE). What should happen is that on completion, a smarty template should be opened. Has anyone experienced something similar or is there a solution? Cheers George -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php resultset restart??
> i've checked the PHP manual but can't find a function for this, perhaps I'm > missing something. > I get a resultset and loop through it but this is in a loop so it only executes > the first time. is this because the resultset is at the end? is there a way to > tell PHP to start at the beginning of the resultset again for each loop? Or is > it best just to copy the resultset to an array and just loop through the array > multilpe times? Look up *_data_seek(). thnx, Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php resultset restart??
[EMAIL PROTECTED] wrote: Hi all. i've checked the PHP manual but can't find a function for this, perhaps I'm missing something. I get a resultset and loop through it but this is in a loop so it only executes the first time. is this because the resultset is at the end? is there a way to tell PHP to start at the beginning of the resultset again for each loop? Or is it best just to copy the resultset to an array and just loop through the array multilpe times? http://www.php.net/manual/en/function.mysql-data-seek.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session cookies in firefox
> Here's a solution: It's not a problem. It's the way it's SUPPOSED to be. > :-) > > It's actually a BETTER browser because of that. I found dozens of firefox related sites that say that this is one of the good things IE has (like showModalDialog). > Maybe it's just me, but it sounds to me like you just want all your users > to use IE as if that's the only way a browser can/should work... That's > not a Good Idea, imho. Exactly the opposite. My site actually is designed for IE only because 99% of the users that access it use IE 5.5+ (according to apache's statistics). Because I DO like Firefox I'm redesigning it, solving any incompatibilities like session handling. Why to have multiple sessions cookies? For example when an user wants to check multiple webmail accounts in the same moment. Kirsten -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php resultset restart??
i've checked the PHP manual but can't find a function for this, perhaps I'm missing something. I get a resultset and loop through it but this is in a loop so it only executes the first time. is this because the resultset is at the end? is there a way to tell PHP to start at the beginning of the resultset again for each loop? Or is it best just to copy the resultset to an array and just loop through the array multilpe times? if it's mysql, then ... http://us3.php.net/manual/en/function.mysql-data-seek.php probably exists for other db backends as well... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] kannel library
Hi, Has anyone knowledge about a kannel (www.kannel.org) php library to deal with sms and binary content messages such as wap push and nokia smart messages ? Catalin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP][SOLVED] include remote class
got it working...
$poo = file_get_contents("http://mysite.com/class.php";);
eval($poo);
where class.php has no
-Original Message-
From: PHP [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 11, 2005 8:12 AM
To: [EMAIL PROTECTED]
Cc: PHP LIST
Subject: RE: [PHP] include remote class
if i goto the url i see nothing(normal) as it is just parsing the class and
no output. my include seems to parse the PHP but is not delivering the class
functions to instantiate. the manual mentions that remote includes with
classes or functions wont work but i saw one workaround mentioned on the
manual page that i tried using .inc but server did not parse it. a setting
perhaps?
-Original Message-
From: Richard Lynch [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 10, 2005 9:52 PM
To: Andy Sandvik
Cc: php-general@lists.php.net
Subject: Re: [PHP] include remote class
On Tue, May 10, 2005 10:10 am, Andy Sandvik said:
>
> im doing include('http://www.mysite.com/class.php');
> and then i create new instance but i get error - cannot instantiate
> non-existant class
> how can i get this remotely hosted class file to be defined?
If you surf to that URL, do you see PHP source, or do you see HTML/nothing?
You may want to use .phps to get source, or .inc if mysite.com is
configured to serve those up as PHP.
You also have to make sure class.php is actually valid code...
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php resultset restart??SOLVED
great thanks guys, exactly what we're looking for!!! Philip Hallstrom wrote: >> i've checked the PHP manual but can't find a function for this, >> perhaps I'm >> missing something. >> >> I get a resultset and loop through it but this is in a loop so it >> only executes >> the first time. is this because the resultset is at the end? is there >> a way to >> tell PHP to start at the beginning of the resultset again for each >> loop? Or is >> it best just to copy the resultset to an array and just loop through >> the array >> multilpe times? > > > if it's mysql, then ... > > http://us3.php.net/manual/en/function.mysql-data-seek.php > > probably exists for other db backends as well... > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Inner Join or 2nd Query...?
Mark Rees wrote: Hi All, with wanting to show both product types(Switch, Router etc) and Makers(Cisco, Avaya, etc) on the one page in select boxes, I was wondering, do you use 2 seperate queries to the database or do you inner join to get all in 1..? I have set up different tables with related id's etc. So, to get Products.product_name and Products.product_id along with what the below query pulls, what wold be best..? I believe if I do a 2nd query, than some variables need to be identified with the particular query, yes..? Cheers. What is your question in one sentence? Is it "how do I do an inner join"? I guess I was looking for people's opinions, not a specific answer, I think... Is it "are two separate queries on two tables faster than one query on both tables"? Well, again, no not really. I guess I was curious how others do things. Or something else entirely? Could be. Sorry, perhaps I'm thinking too general with this, yes..? Cheers. Mark Sargent. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] base64_encode in URLs
Joe, this may be a little off topic, but most modern email clients wont show images in HTML unless the user clicks to show images manually. This could fool your automatic counting and email verification. On 5/11/05, Joe Harman <[EMAIL PROTECTED]> wrote: > HA... Thanks for your thoughts... > > I am actually using this for a broadcast email system... I just use a > PHP image generator to make a 1 x1 gif... the image generator script > takes a variable for color then I added another one for email address > to keep stats on who has opened the message > > ex. image_script.php?color=00&[EMAIL PROTECTED] > > but I am using base64_encode to encode the email address and call > the variable something besides email... I suppose i didn't have to do > this, but thought it would be a good practice to do it... > > the end result looks something like this : > image_script.php?color=00&key=jtzOjM6IkpvZSI7czo5OiJsYXN0X2 > > also this is embedded in the body of an HTML email... so, i think it's > pretty safe any how the script just updates the stats and returns a > 1x1 gif... > > Cheers! > Joe > > > On 5/11/05, Richard Lynch <[EMAIL PROTECTED]> wrote: > > On Tue, May 10, 2005 8:50 pm, Joe Harman said: > > > Hey just curious if it's okay to encode variables that are passed in > > > URLs with base64_encode??? since, I am going to pass a email address > > > in the URL, I would like to protect the email address from typical > > > people > > > > I dunno if every character that can be output by base64_encode is URL-safe > > or not, but you could do: urlencode(base64_encode($email)) and be 100% > > certain that it is safe, and that the data you want will come through. > > > > That said, I don't think base64_encode will offer much protection from > > humans who want to snag emails, and you presumably aren't listing these > > URLs somewhere for web-bot harvesters to find... Though that would fool > > them, at least in the present. > > > > ARAIK, almost *any* obfuscation of email addresses foils the harvest bots. > > > > This seems unbelievable, but I liken it to fishing: If every time you > > cast a line in the water, you come up with a million fish, how hard will > > you work to change your bait? > > > > That is the current state of affairs in the "arms race" of email > > harvesting -- The spammers have SO MANY fish "biting" that they simply > > don't need to bypass obfuscation. > > > > Sooner or later, however, that will change, especially if the harvesters > > ever care about "quality" of their fish. > > > > While I'm not running around fixing all my old obfuscation code, I'm > > pretty much not using email obfuscation on any new sites/code. > > > > Instead, I build a FORM that will send the email "blind" to the recipient, > > and have a "throttle choke" that limits a given IP > > ($_SERVER['REMOTE_ADDR']) to N emails sent in H hours. > > > > Certainly, a script could be written to re-connect and get a new IP, but > > that in itself would take enough time on the end of the spammer that I > > doubt they'll want to bother any time soon. > > > > And it's all wrapped up in a 'spaminator' function that I can replace with > > something more robust if I need to. > > > > I figure this way, I'm 2 steps ahead in this arms race, so when the bad > > guys start decoding the obfuscation emails, I'll be ready for 'em. > > > > Now if I could just figure out a way to get my OWN email out of their > > lists so I wasn't getting 10,000 spams per day (literally) I'd be a Happy > > Camper. > > > > -- > > Like Music? > > http://l-i-e.com/artists.htm > > > > > > -- > Joe Harman > - > Do not go where the path may lead, go instead where there is no path > and leave a trail. - Ralph Waldo Emerson > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Inner Join or 2nd Query...?
I don't understand what you're trying to do. Do you want two separate
list boxes, one for product types and one for makers? If so, use two
queries. Use the same block of code you have for product types to
populate the makers box. If that's not what you're looking for, you
need to describe what your goal is. You might also give more of your
table structure since you're asking about joins.
kgt
Mark Sargent wrote:
Hi All,
with wanting to show both product types(Switch, Router etc) and
Makers(Cisco, Avaya, etc) on the one page in select boxes, I was
wondering, do you use 2 seperate queries to the database or do you
inner join to get all in 1..? I have set up different tables with
related id's etc. So, to get Products.product_name and
Products.product_id along with what the below query pulls, what wold
be best..? I believe if I do a 2nd query, than some variables need to
be identified with the particular query, yes..? Cheers.
JUMBO STATUS
Used Hardware Specialist
Admin
PRODUCT TYPE
$db = mysql_connect("localhost", "root", "grunger");
mysql_select_db("status",$db);
$result = mysql_query("SELECT ProductTypes.product_type_detail,
ProductTypes.product_type_id FROM ProductTypes",$db);
$num = mysql_num_rows($result);
for ($i=0; $i<$num; $i++){
$myrow=mysql_fetch_array($result);
$product_type=mysql_result($result,$i,"product_type_detail");
$product_type_id=mysql_result($result,$i,"product_type_id");
echo "$product_type";
}
?>
email: [EMAIL PROTECTED]
Telephone: 03-5209-1777
Fax: 03-5209-2539
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
FW: [PHP] SQL Date guru in the house?
We could help him if he said what database he is using. Chris. -Original Message- From: Kristen G. Thorson [mailto:[EMAIL PROTECTED] Sent: 11 May 2005 15:42 To: Shaw, Chris - Accenture Subject: Re: [PHP] SQL Date guru in the house? * This e-mail has been received by the Revenue Internet e-mail service. * I would try to use inherent date functions as well to calculate date differences. As Chris pointed out, you probably have some sort of to_date() function available. If not, you might be able to concat() the date into a string and compare to a variable date. You also might have some sort of cast() function available that may do it. The thought of trying to get a working statement with the setup you have is giving me a headache. kgt Shaw, Chris - Accenture wrote: >Matthew, > > >Depending on what database, you should have a TO_DATE() or DATE() function >that you can cast your dd/mm/ to a date field in the select statement. > >select to_date(, mm, dd) mydate > >from dual >where mydate >= '11/05/2005' >and mydate <= '11/04/2005' > >Look in the help files or the manual for the correct syntax/function for the >database your using. > >HTH > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >Sent: 11 May 2005 07:17 >To: php-general@lists.php.net >Subject: [PHP] SQL Date guru in the house? > > >Hi All, > >I have a small problem. > > >I have a project in which someone has got three integer fields for >holding the date. DD, MM, in an sql database.I now have to >have a page that inputs two dates and select records between those two >dates. > > >If I had a date field in the table it would be fairly simple, but I'm >hoping to do this search/comparison without having to rewrite the >pages/database that has already been designed. > > >Start Date:11/05/2005 >End Date: 11/04/2005 >SELECT * FROM blah WHERE mm BETWEEN 04 AND 05 AND dd BETWEEN 11 AND 11 >AND BETWEEN 2005 AND 2005 > >Doesn't work for obvious reasons. Is there any way that I can do >this date comparison I the SQL statement without having a decent date >field? >My apologies as this is australian date format and this list is in the >US I think? >Regards >Matthew > > > > > > > >This message has been delivered to the Internet by the Revenue Internet e-mail service > >* > > > This message has been delivered to the Internet by the Revenue Internet e-mail service * -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] marking words bold
Hi there, I am trying to mark words inside a sentence bold. Problem is, if there is an overlap it does not work anymore. I am using this code: $t = str_replace($word, "$word", $text); For eample: Mark those words bold: adventure in singapore Text: My adventure flying to singapore The problem lays in the word "in". The code I use does produce following: singapore which of course does not work properly. Does anybody have a good sugestion on how to improve this?` Thank you for any help, merlin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] include remote class
im doing include('http://www.mysite.com/class.php');
and then i create new instance but i get error - cannot instantiate
non-existant class
how can i get this remotely hosted class file to be defined?
If you surf to that URL, do you see PHP source, or do you see
HTML/nothing?
You may want to use .phps to get source, or .inc if mysite.com is
configured to serve those up as PHP.
You also have to make sure class.php is actually valid code...
You also maybe want to use a SOAP service maybe ? nusoap works well.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] base64_encode in URLs
Hey Thanks Brandon... I know that does happen, so the stats is just suppose to approximate.. thanks for point that out Cheers Joe On 5/11/05, Brandon Ryan <[EMAIL PROTECTED]> wrote: > Joe, this may be a little off topic, but most modern email clients > wont show images in HTML unless the user clicks to show images > manually. This could fool your automatic counting and email > verification. > > On 5/11/05, Joe Harman <[EMAIL PROTECTED]> wrote: > > HA... Thanks for your thoughts... > > > > I am actually using this for a broadcast email system... I just use a > > PHP image generator to make a 1 x1 gif... the image generator script > > takes a variable for color then I added another one for email address > > to keep stats on who has opened the message > > > > ex. image_script.php?color=00&[EMAIL PROTECTED] > > > > but I am using base64_encode to encode the email address and call > > the variable something besides email... I suppose i didn't have to do > > this, but thought it would be a good practice to do it... > > > > the end result looks something like this : > > image_script.php?color=00&key=jtzOjM6IkpvZSI7czo5OiJsYXN0X2 > > > > also this is embedded in the body of an HTML email... so, i think it's > > pretty safe any how the script just updates the stats and returns a > > 1x1 gif... > > > > Cheers! > > Joe > > > > > > On 5/11/05, Richard Lynch <[EMAIL PROTECTED]> wrote: > > > On Tue, May 10, 2005 8:50 pm, Joe Harman said: > > > > Hey just curious if it's okay to encode variables that are passed in > > > > URLs with base64_encode??? since, I am going to pass a email address > > > > in the URL, I would like to protect the email address from typical > > > > people > > > > > > I dunno if every character that can be output by base64_encode is URL-safe > > > or not, but you could do: urlencode(base64_encode($email)) and be 100% > > > certain that it is safe, and that the data you want will come through. > > > > > > That said, I don't think base64_encode will offer much protection from > > > humans who want to snag emails, and you presumably aren't listing these > > > URLs somewhere for web-bot harvesters to find... Though that would fool > > > them, at least in the present. > > > > > > ARAIK, almost *any* obfuscation of email addresses foils the harvest bots. > > > > > > This seems unbelievable, but I liken it to fishing: If every time you > > > cast a line in the water, you come up with a million fish, how hard will > > > you work to change your bait? > > > > > > That is the current state of affairs in the "arms race" of email > > > harvesting -- The spammers have SO MANY fish "biting" that they simply > > > don't need to bypass obfuscation. > > > > > > Sooner or later, however, that will change, especially if the harvesters > > > ever care about "quality" of their fish. > > > > > > While I'm not running around fixing all my old obfuscation code, I'm > > > pretty much not using email obfuscation on any new sites/code. > > > > > > Instead, I build a FORM that will send the email "blind" to the recipient, > > > and have a "throttle choke" that limits a given IP > > > ($_SERVER['REMOTE_ADDR']) to N emails sent in H hours. > > > > > > Certainly, a script could be written to re-connect and get a new IP, but > > > that in itself would take enough time on the end of the spammer that I > > > doubt they'll want to bother any time soon. > > > > > > And it's all wrapped up in a 'spaminator' function that I can replace with > > > something more robust if I need to. > > > > > > I figure this way, I'm 2 steps ahead in this arms race, so when the bad > > > guys start decoding the obfuscation emails, I'll be ready for 'em. > > > > > > Now if I could just figure out a way to get my OWN email out of their > > > lists so I wasn't getting 10,000 spams per day (literally) I'd be a Happy > > > Camper. > > > > > > -- > > > Like Music? > > > http://l-i-e.com/artists.htm > > > > > > > > > > -- > > Joe Harman > > - > > Do not go where the path may lead, go instead where there is no path > > and leave a trail. - Ralph Waldo Emerson > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > -- Joe Harman - Do not go where the path may lead, go instead where there is no path and leave a trail. - Ralph Waldo Emerson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] str_replace on words?
Hi there, I am trying to strip some words from a sentence. I tried it with str_replace like described here: http://www.totallyphp.co.uk/code/find_and_replace_words_in_a_text_string_using_str_replace.htm Unfortunatelly it does not work the way I want, because if I want to replace the word "in" all passages containing the characters "in" are replaced. For example Singapore. Does anybody know how to do this on just words? Thank you for any hint, Merlin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session cookies in firefox
On Wednesday 11 May 2005 13:26, Richard Lynch wrote: > On Tue, May 10, 2005 7:04 pm, Kirsten said: > > I'm using php sessions with cookies. > > I realized that Firefox shared cookies between different instances > > (unlike IE that when someone open a new bank window a new session is > > created). > > That's because IE stupidly creates a whole new program/process on each. That behaviour is (or maybe was, don't have IE around to test) user configurable. So if the OP is relying on that "feature" then their website is bound to break for some users. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- New Year Resolution: Ignore top posted posts -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] marking words bold
Hi there,
I am trying to mark words inside a sentence bold. Problem is, if there is an
overlap it does not work anymore.
I am using this code: $t = str_replace($word, "$word", $text);
For eample:
Mark those words bold: adventure in singapore
Text: My adventure flying to singapore
The problem lays in the word "in". The code I use does produce following:
singapore
which of course does not work properly.
Does anybody have a good sugestion on how to improve this?`
I don't have it in front of me, but if you use preg I believe you can do
something like:
preg_replace("/(\s)$word(\s)/", "\1$word<\b>\2", $text);
or something like that. The "\s" matches whitespace..
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] marking words bold
> I am trying to mark words inside a sentence bold. Problem is, if there is
> an
> overlap it does not work anymore.
> I am using this code: $t = str_replace($word, "$word", $text);
>
> For eample:
> Mark those words bold: adventure in singapore
> Text: My adventure flying to singapore
>
> The problem lays in the word "in". The code I use does produce following:
> singapore
> which of course does not work properly.
>
> Does anybody have a good sugestion on how to improve this?`
>
Hi Merlin,
Sounds like you need to use preg_replace, specifically testing for word
boundaries. See http://au2.php.net/preg_replace and
http://php.mirrors.ilisys.com.au/manual/en/reference.pcre.pattern.syntax.php
for the \b word boundary syntax.
Not tested, but something like the following would probably be along the
right lines:
$thing = preg_replace('/\bin\b/i','in','adventures in singapore');
echo $thing;
produces: "adventures in singapore", ignoring the 'in' characters
within 'singapore' because they don't form a word boundary
Hope this helps,
Much warmth,
Murray
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Freelance Work - London N1
We're looking for a freelancer to work ON-SITE IN LONDON on a PHP/MySQL content management system for 4-5 weeks, starting in approx. 10 days time. Experience of building bespoke CMS systems is essential. If you're interested, please send your CV, rates and relevant URLs that you've worked on via email to milan AT mook.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] marking words bold
Merlin wrote:
Hi there,
I am trying to mark words inside a sentence bold. Problem is, if there
is an overlap it does not work anymore.
I am using this code: $t = str_replace($word, "$word", $text);
For eample:
Mark those words bold: adventure in singapore
Text: My adventure flying to singapore
The problem lays in the word "in". The code I use does produce following:
singapore
which of course does not work properly.
Does anybody have a good sugestion on how to improve this?`
use preg_replace('/\b'.preg_quote($word).'\b/', ''.$word.'', ..);
\b is word boundary
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Saving of buffers, from a security standpoint
I am working on a bit of code for credit-card processing, so please keep in mind, security of the data is essential.. On part of it i wish to use a buffer, but i wonder if that data is saved anywhere on the running system (as a temp file, etc), or is it just held in the system's memory? My concern is that if an error occurs in the processing, i don't want that buffer to remain (with possible valid Credit Card data) on the system... Colin p.s. As with other 'touchy' subjects like credit card processing, all valid input is appriciated.
Re: [PHP] marking words bold
Include a space in your str_replace statement.
For instance
$t = str_replace(" $word ", " $word ", $text);
That should prevent the problem your having and ensure only individual words
are bolded.
http://www.thelonecoder.com
[EMAIL PROTECTED]
562.924.4454 (office)
562.924.4075 (fax)
continuing the struggle against bad code
*/
?>
> From: Merlin <[EMAIL PROTECTED]>
> Date: Wed, 11 May 2005 17:34:56 +0200
> To:
> Subject: [PHP] marking words bold
>
> Hi there,
>
> I am trying to mark words inside a sentence bold. Problem is, if there is an
> overlap it does not work anymore.
> I am using this code: $t = str_replace($word, "$word", $text);
>
> For eample:
> Mark those words bold: adventure in singapore
> Text: My adventure flying to singapore
>
> The problem lays in the word "in". The code I use does produce following:
> singapore
> which of course does not work properly.
>
> Does anybody have a good sugestion on how to improve this?`
>
> Thank you for any help,
>
> merlin
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] str_replace on words?
[snip] Does anybody know how to do this on just words? [/snip] explode the string into an array of words and then apply the function to the array value. Then implode the string into a new string. http://www.php.net/explode http://www.php.net/implode -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] str_replace on words?
On Wednesday 11 May 2005 17:13, Merlin wrote: > Hi there, > > I am trying to strip some words from a sentence. I tried it with > str_replace like described here: > http://www.totallyphp.co.uk/code/find_and_replace_words_in_a_text_string_us >ing_str_replace.htm > > Unfortunatelly it does not work the way I want, because if I want to > replace the word "in" all passages containing the characters "in" are > replaced. For example Singapore. You need to tokenize your input and do exact matching. Alternately, preg_match / preg_replace may work with \b to specify word boundries. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] str_replace on words?
> Hi there, > > I am trying to strip some words from a sentence. I tried it > with str_replace like described here: > http://www.totallyphp.co.uk/code/find_and_replace_words_in_a_t > ext_string_using_str_replace.htm > > Unfortunatelly it does not work the way I want, because if I > want to replace the word "in" all passages containing the > characters "in" are replaced. For example Singapore. > > Does anybody know how to do this on just words? > > Thank you for any hint, > > Merlin You should look into using a regular expression as these can recognise word boundaries when matching (preg_match, preg_replace, etc). I think this solution will apply to your other post as well. HTH, Mikey -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] str_replace on words?
I think that's a bad example you read. It doesn't describe how to
search on a "word" it describes how to search on a string, which is
what you ended up doing.
For things like this I use arrays. Assuming your "words" are separated
by spaces, you can get an array of all the words by doing:
$word_list = explode(' ', $text);
Then you can cycle through each element of the array (there are a
number of ways to do this), testing if it equals your word and replace
it if it does.
Then put it all back together with:
$text = implode(' ', $word_list);
On May 11, 2005, at 12:13 PM, Merlin wrote:
Hi there,
I am trying to strip some words from a sentence. I tried it with
str_replace like described here:
http://www.totallyphp.co.uk/code/
find_and_replace_words_in_a_text_string_using_str_replace.htm
Unfortunatelly it does not work the way I want, because if I want to
replace the word "in" all passages containing the characters "in" are
replaced. For example Singapore.
Does anybody know how to do this on just words?
Thank you for any hint,
Merlin
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Brent Baisley
Systems Architect
Landover Associates, Inc.
Search & Advisory Services for Advanced Technology Environments
p: 212.759.6400/800.759.0577
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql injections....
it depends
by having register_globals set to on (server config) it is usually easier to
create
sql-injection exploit, but it is not required. What is true is that well
written script
will defend/sustain such attacks regardles how server is configured
(unless configuration is really f*cked up).
Prevention is simply trying to follow few simple rules:
1. SQL statemens that have no PHP variables are NOT vulnerable:
$sql = 'SELECT value FROM values WHERE key = 123';
$db->query($sql);
(nothing vulnerable here)
2. If you do not check what you are putting into SQL statements via
PHP variables - add slashes and put it in quotes:
($key = 123;) - you get this from some kind of form or URI
$key_as = addslashes($key); // you should check if slashes were already added
by php (magic_quotes)
$sql = "SELECT value FROM values WHERE key = '$key'";
$db->query($sql);
3. If you do not put your variable into quotes - check it!
if (!preg_match('/^[0-9]+/', $key)) {
echo "Hack attempt!"; exit;
}
$sql = "SELECT value FROM values WHERE key = $key";
$db->query($sql);
(if you will not check it anything can get into your sql statement)
4. All the above assumes you have already assessed potential remote file
inclusion vulnerabilities.
Regards,
Bostjan
On Wednesday 11 May 2005 14:15, [EMAIL PROTECTED] wrote:
> I have a site and the other days i received a message from a guy that told
> me my site is vulnerable to mysql injections. I do not know how can i
> prevent this. The server is not configured or it's all about the script?
>
>
> - Original Message -
> From: "Bostjan Skufca @ domenca.com" <[EMAIL PROTECTED]>
> To:
> Sent: Wednesday, May 11, 2005 1:50 PM
> Subject: Re: [PHP] MySql injections
>
> > Probably you mean about "prevening mysql injections" - or not? :)
> >
> > Bostjan
> >
> > On Wednesday 11 May 2005 11:38, [EMAIL PROTECTED] wrote:
> >> Hi,
> >> This is not the proper list to put this question but i hope you can help
> >> me. Does anyone know a good tutorial about mysql injections?
> >>
> >> Thanks a lot for your help
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re-initiating an autostarted session
Hi there,
I have some problems with PHP session handling. I have set to .htaccess
file that PHP will start sessions and use cookies only automatically.
Everything works fine until I need to re-initiate the session (give a
new session ID and destroy the old one). For some reason, the old
session id persists.
I use the following functions:
session_destroy();
session_regenerate_id();
session_write_close();
Header("Location: ...");
exit;
For my point of view, this should do exactly what I like to do: destroy
the old session data, generate a new one, write them and redirect the
user to next page.
I remember somehow that there have been problems with SetCookie and
Header("Location: ..") combination. Could this session problem arise due
same reasons?
Well, I'm happy to hear the fixes or workarounds. =)
Thanks,
Ville
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: SQL Date guru in the house?
Hello, on 05/11/2005 03:17 AM [EMAIL PROTECTED] said the following: I have a small problem. I have a project in which someone has got three integer fields for holding the date. DD, MM, in an sql database.I now have to have a page that inputs two dates and select records between those two dates. If I had a date field in the table it would be fairly simple, but I'm hoping to do this search/comparison without having to rewrite the pages/database that has already been designed. Start Date: 11/05/2005 End Date: 11/04/2005 SELECT * FROM blah WHERE mm BETWEEN 04 AND 05 AND dd BETWEEN 11 AND 11 AND BETWEEN 2005 AND 2005 Doesn't work for obvious reasons. Is there any way that I can do this date comparison I the SQL statement without having a decent date field? My apologies as this is australian date format and this list is in the US I think? The format is only relevant for outputing dates. For querying you can use the date values directly to delimit the range that you want SELECT * FROM blah WHERE mm BETWEEN '11/04/2005' AND '11/05/2005' -- Regards, Manuel Lemos PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/ Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql injections....
Don't forget your native database escaping function. PHP has this one for
MySQL, for example:
mysql_real_escape_string()
That should properly escape everything that could be used against MySQL to
perform an injection.
There should be some equivalent commend in the various database connection
routines and abstraction layers. Takes some of the work out of trying to
properly escape everything manually.
-TG
= = = Original message = = =
it depends
by having register_globals set to on (server config) it is usually easier to
create
sql-injection exploit, but it is not required. What is true is that well
written script
will defend/sustain such attacks regardles how server is configured
(unless configuration is really f*cked up).
Prevention is simply trying to follow few simple rules:
1. SQL statemens that have no PHP variables are NOT vulnerable:
$sql = 'SELECT value FROM values WHERE key = 123';
$db->query($sql);
(nothing vulnerable here)
2. If you do not check what you are putting into SQL statements via
~PHP variables - add slashes and put it in quotes:
($key = 123;) - you get this from some kind of form or URI
$key_as = addslashes($key); // you should check if slashes were already added
by php (magic_quotes)
$sql = "SELECT value FROM values WHERE key = '$key'";
$db->query($sql);
3. If you do not put your variable into quotes - check it!
if (!preg_match('/^[0-9]+/', $key))
~echo "Hack attempt!"; exit;
$sql = "SELECT value FROM values WHERE key = $key";
$db->query($sql);
(if you will not check it anything can get into your sql statement)
4. All the above assumes you have already assessed potential remote file
inclusion vulnerabilities.
Regards,
Bostjan
On Wednesday 11 May 2005 14:15, [EMAIL PROTECTED] wrote:
> I have a site and the other days i received a message from a guy that told
> me my site is vulnerable to mysql injections. I do not know how can i
> prevent this. The server is not configured or it's all about the script?
>
>
> - Original Message -
> From: "Bostjan Skufca @ domenca.com" <[EMAIL PROTECTED]>
> To:
> Sent: Wednesday, May 11, 2005 1:50 PM
> Subject: Re: [PHP] MySql injections
>
> > Probably you mean about "prevening mysql injections" - or not? :)
> >
> > Bostjan
> >
> > On Wednesday 11 May 2005 11:38, [EMAIL PROTECTED] wrote:
> >> Hi,
> >> This is not the proper list to put this question but i hope you can help
> >> me. Does anyone know a good tutorial about mysql injections?
> >>
> >> Thanks a lot for your help
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
___
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] str_replace on words?
As mentioned in the "making words bold" thread, works aren't always separated
by spaces. Sometimes they end a sentence so are followed by a period or other
punctuation. Sometimes you have strings like "and/or" where they're separated
by the forward slash, etc.
You really have to do some kind of regex expression to get this right when
substituting whole words and not just "any substring".
A thought in the exact right direction, just need to follow through with the
rest of the thought.
-TG
= = = Original message = = =
I think that's a bad example you read. It doesn't describe how to
search on a "word" it describes how to search on a string, which is
what you ended up doing.
For things like this I use arrays. Assuming your "words" are separated
by spaces, you can get an array of all the words by doing:
$word_list = explode(' ', $text);
Then you can cycle through each element of the array (there are a
number of ways to do this), testing if it equals your word and replace
it if it does.
Then put it all back together with:
$text = implode(' ', $word_list);
On May 11, 2005, at 12:13 PM, Merlin wrote:
> Hi there,
>
> I am trying to strip some words from a sentence. I tried it with
> str_replace like described here:
> http://www.totallyphp.co.uk/code/
> find_and_replace_words_in_a_text_string_using_str_replace.htm
>
> Unfortunatelly it does not work the way I want, because if I want to
> replace the word "in" all passages containing the characters "in" are
> replaced. For example Singapore.
>
> Does anybody know how to do this on just words?
>
> Thank you for any hint,
>
> Merlin
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
Brent Baisley
Systems Architect
Landover Associates, Inc.
Search & Advisory Services for Advanced Technology Environments
p: 212.759.6400/800.759.0577
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
___
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] marking words bold
That's a good first step, but I think you're going to have to go with the regex
for this one. What happens if one of the words he wants to highlight is near
punctuation?
> $t = str_replace(" $word ", " $word ", $text);
This wouldn't work if you had:
$text = "I'm going to the store.";
$word = "store";
Padding with spaces is good thinking.. just need to take it that extra step
further.
-TG
= = = Original message = = =
Include a space in your str_replace statement.
For instance
$t = str_replace(" $word ", " $word ", $text);
That should prevent the problem your having and ensure only individual words
are bolded.
http://www.thelonecoder.com
[EMAIL PROTECTED]
562.924.4454 (office)
562.924.4075 (fax)
continuing the struggle against bad code
*/
?>
> From: Merlin <[EMAIL PROTECTED]>
> Date: Wed, 11 May 2005 17:34:56 +0200
> To:
> Subject: [PHP] marking words bold
>
> Hi there,
>
> I am trying to mark words inside a sentence bold. Problem is, if there is an
> overlap it does not work anymore.
> I am using this code: $t = str_replace($word, "$word", $text);
>
> For eample:
> Mark those words bold: adventure in singapore
> Text: My adventure flying to singapore
>
> The problem lays in the word "in". The code I use does produce following:
> singapore
> which of course does not work properly.
>
> Does anybody have a good sugestion on how to improve this?`
>
> Thank you for any help,
>
> merlin
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
___
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] expand array into function arguments?
You can do this in Python: def myFunc(arg1, arg2, arg): #do something myList = [1, "arg", 5] myFunc(*myList) # calls myFunc(1, "arg", 2) Can that be done in PHP, and if so, how? Thanks for the help. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] DOMXML for Release 4.1.2
Hi My ISP is still running release 4.1.2 Where can I find documention for the DOMXML functions for this release? Regards Richard Williams -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Re-initiating an autostarted session
Ville Mattila wrote:
...
session_destroy();
session_regenerate_id();
session_write_close();
Header("Location: ...");
exit;
For my point of view, this should do exactly what I like to do: destroy
the old session data, generate a new one, write them and redirect the
user to next page.
And you're partly right. From the client's point of view it's still the
same session. Why? Because you didn't destroy the cookie as well as
the session data. So you're generating fresh session data, but the id
is the same.
In other words:
- Page1.php
- PHP reaches this session termination code
- session file on hard drive / in DB / whatever for current SID is
destroyed
- $_SESSION still exists! Although this might be ok?...
- execution for Page1.php ends (Header and then exit)
- Page2.php starts
- PHP reads in the session ID from the cookie
- SID is the same as what was used in Page1.php
- However, no session data exists for this SID so PHP starts up a
*new session* with the *old SID*
I remember somehow that there have been problems with SetCookie and
Header("Location: ..") combination. Could this session problem arise due
same reasons?
Sort of. This is what you need:
http://php.net/manual/en/function.session-destroy.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re-initiating an autostarted session
Hello Ville,
Wednesday, May 11, 2005, 12:32:07 PM, you wrote:
V> session_destroy();
V> session_regenerate_id();
V> session_write_close();
V> Header("Location: ...");
V> exit;
I honestly don't know if it's the right way, but I ran into a similar
issue a while back. I did it this way:
session_destroy();
session_start();
session_write_close();
Header("Location: ...");
exit;
I never tried regenerate. Just started a new session again.
--
Leif (TB lists moderator and fellow end user).
Using The Bat! 3.5 Return RC7 under Windows XP 5.1
Build 2600 Service Pack 2 on a Pentium 4 2GHz with 512MB
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Generating a php file
You can start by clarifying. I had to read your message three times before I got a vague understanding. What I'm hearing is that you want to put something like into a string? You are having difficulty doing this because you are finding that your string contains the value of $msg, instead of a doller sign, followed by 'msg'? If so, then you can: Use Single Quotes: $code = '' or Escape your $-signs, by placing a backslash(\) in front of the $-sign $code = ""; On 5/11/05, Dan Rossi <[EMAIL PROTECTED]> wrote: > > Hi there I am trying to generate a php file, which has variables that i > need to have in it ie $_SERVER but not actually be parsed as they need > to be in the actual script. I also need to send some variables to > assign values to other variables in the script. How is this possible ? > I have tried placing the contents of the script within a string, but > all the variables gets parsed, and the super globals cause an error. > Let me know . > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: SQL Date guru in the house?
Sorry, don't have time to look up the specifics.. and I've worked with a number of different flavors of SQL, so not sure the syntax or capabilities of the system you're using, but maybe try something like this: SELECT * FROM blah WHERE DATE(mm, dd, yyy) BETWEEN $date1 AND $date2 Basically convert the output of the columns to a date format and do the comparison that way. Some DATE commands are in the format DATE(MM, DD, ), some have commands to convert a string to a date: STR_TO_DATE(MM + "/" + DD + "/" + ), etc. That way you get a serial datestamp to work with which should make finding things within that range a ton easier. Good luck! -TG = = = Original message = = = Hello, on 05/11/2005 03:17 AM [EMAIL PROTECTED] said the following: > I have a small problem. > > I have a project in which someone has got three integer fields for > holding the date. DD, MM, in an sql database.I now have to > have a page that inputs two dates and select records between those two > dates. > > If I had a date field in the table it would be fairly simple, but I'm > hoping to do this search/comparison without having to rewrite the > pages/database that has already been designed. > > > Start Date:~11/05/2005 > End Date:~11/04/2005 > SELECT * FROM blah WHERE mm BETWEEN 04 AND 05 AND dd BETWEEN 11 AND 11 > AND BETWEEN 2005 AND 2005 > > Doesn't work for obvious reasons. Is there any way that I can do > this date comparison I the SQL statement without having a decent date > field? > My apologies as this is australian date format and this list is in the > US I think? The format is only relevant for outputing dates. For querying you can use the date values directly to delimit the range that you want SELECT * FROM blah WHERE mm BETWEEN '11/04/2005' AND '11/05/2005' -- Regards, Manuel Lemos PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/ Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php ___ Sent by ePrompter, the premier email notification software. Free download at http://www.ePrompter.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Saving of buffers, from a security standpoint
You can't be assured that the data is stored only in RAM. Just about all systems use some sort of swap space, so what is stored in memory could end up on disk in a swap file. Of course, if someone is able to access the swap files on your computer, you're probably dead already. PHP also stores session information in temp files, so I wouldn't store credit card info in a session. From what I have read, you shouldn't retain a credit number any longer than absolutely necessary. In addition, the full credit card info should not be stored with your regular database, it should be stored only on the machine that has to actually charge the credit card. Which shouldn't be your webserver. On May 11, 2005, at 1:02 PM, Colin Ross wrote: I am working on a bit of code for credit-card processing, so please keep in mind, security of the data is essential.. On part of it i wish to use a buffer, but i wonder if that data is saved anywhere on the running system (as a temp file, etc), or is it just held in the system's memory? My concern is that if an error occurs in the processing, i don't want that buffer to remain (with possible valid Credit Card data) on the system... Colin p.s. As with other 'touchy' subjects like credit card processing, all valid input is appriciated. -- Brent Baisley Systems Architect Landover Associates, Inc. Search & Advisory Services for Advanced Technology Environments p: 212.759.6400/800.759.0577 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] marking words bold
> Include a space in your str_replace statement.
>
> For instance
>
> $t = str_replace(" $word ", " $word ", $text);
>
> That should prevent the problem your having and ensure only individual
> words
> are bolded.
Not the best solution if Merlin's code needs to account for the possibility
of target words being preceded or followed by punctuation.
Consider wanting to bold the word "tour" in the following sentence:
$text = "At this point we will commence our tour, guided by an operator
recommended by the department of tourism.";
$t = str_replace(" tour ", "tour", $text);
... would fail, because the word "tour" in the sentence is immediately
followed by a comma.
$t = preg_replace("/\btour\b/", "tour", $text);
... would work, because the comma forms a word boundary, with the added
benefit that the "tour" in "tourism" would also remain untouched because
there is word text directly after the "r" in "tourism".
Note: I realize your solution fits the example Merlin gave, but preg_replace
offers a great deal more flexibility if you are not aware, ahead of time,
exactly what the target string will contain.
Just thought it was worth mentioning.
Much warmth,
Murray
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] expand array into function arguments?
> -Original Message-
> From: Christopher J. Bottaro [mailto:[EMAIL PROTECTED]
> Sent: Thursday, 12 May 2005 5:13 AM
> To: php-general@lists.php.net
> Subject: [PHP] expand array into function arguments?
>
> You can do this in Python:
>
>
> def myFunc(arg1, arg2, arg):
> #do something
>
> myList = [1, "arg", 5]
> myFunc(*myList) # calls myFunc(1, "arg", 2)
>
>
> Can that be done in PHP, and if so, how?
Don't know if there's a better solution, but at the very least you could put
the values in an array, and pass the array to the function.
$arr = array();
$arr[] = "First";
$arr[] = "Second";
$arr[] = "Third";
$val = my_function($arr);
function my_function($arr_in){
// do something with $arr_in[0];
// do something with $arr_in[1];
// do something with $arr_in[2];
}
Note: if you wanted the function to be able to change the actual values in
the array, you would need to pass it by reference rather than by value, eg:
Function my_function(&$arr_in){ etc...
The ampersand before the variable name in the function declaration indicates
the variable is being passed by reference.
Just a thought.
Much warmth,
Murray
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] expand array into function arguments?
There's probably some clever answer to this like "Just do myFunc($myList) and
it'll automatically parse out the arguments".. because PHP does clever things
like that sometimes.
But if anything, you can do something like this:
$myList = array(1, "arg", 5);
myFunc($myList);
function myFunc($argarr) {
list($arg1, $arg2, $arg3) = $argarr;
#do something
}
You might try this and see if it works (again, PHP is clever like this
sometimes):
$myList = array(1, "arg", 5);
myFunc($myList);
function myFunc($arg1, $arg2, $arg3) {
list($arg1, $arg2, $arg3) = $argarr;
#do something
}
Maybe it automatically splits the array for you.
-TG
= = = Original message = = =
You can do this in Python:
def myFunc(arg1, arg2, arg):
#do something
myList = [1, "arg", 5]
myFunc(*myList) # calls myFunc(1, "arg", 2)
Can that be done in PHP, and if so, how?
Thanks for the help.
___
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] str_replace on words?
I whipped this together, it should work ok. You'll want to clean it up,
but you get the gist.
$str="I'm going to the store to buy some stuff.";
$bold=array("store","some","stuff");
function boldWord($str,$bold) {
if(isset($str)) {
foreach($bold as $b) {
echo "$b should be $b\n";
$str = eregi_replace($b,"$b",$str);
}
$string=$str;
return $string;
} else {
$string='The inputed variable $str was empty.';
return $string;
}
} // End function bracket
// Example usage
if(isset($str)) {
$string=boldWord($str,$bold);
echo "Original: $str \n";
echo "New: $string\n";
} else {
echo "Variable str not set.";
}
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: marking words bold
Merlin wrote:
Hi there,
I am trying to mark words inside a sentence bold. Problem is, if there
is an overlap it does not work anymore.
I am using this code: $t = str_replace($word, "$word", $text);
For eample:
Mark those words bold: adventure in singapore
Text: My adventure flying to singapore
The problem lays in the word "in". The code I use does produce following:
singapore
which of course does not work properly.
Does anybody have a good sugestion on how to improve this?`
Thank you for any help,
merlin
I whipped this together, it should work ok. You'll want to clean it up,
but you get the gist.
$str="I'm going to the store to buy some stuff.";
$bold=array("store","some","stuff");
function boldWord($str,$bold) {
if(isset($str)) {
foreach($bold as $b) {
echo "$b should be $b\n";
$str = eregi_replace($b,"$b",$str);
}
$string=$str;
return $string;
} else {
$string='The inputed variable $str was empty.';
return $string;
}
} // End function bracket
// Example usage
if(isset($str)) {
$string=boldWord($str,$bold);
echo "Original: $str \n";
echo "New: $string\n";
} else {
echo "Variable str not set.";
}
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Generating a php file
On 12/05/2005, at 6:03 AM, Rory Browne wrote: You can start by clarifying. I had to read your message three times before I got a vague understanding. What I'm hearing is that you want to put something like into a string? You are having difficulty doing this because you are finding that your string contains the value of $msg, instead of a doller sign, followed by 'msg'? If so, then you can: Use Single Quotes: $code = '' or Escape your $-signs, by placing a backslash(\) in front of the $-sign $code = ""; I've had a habit of this of late ! Let me clarify for you then ;) I have a php file say i need to dynamically generate some values in the script and output a new file to download from it ie somevalue; ?> becomes where $this->somevalue is from my generator class ;) However if I do $buffer = ""; I get all sorts of errors around $_SERVER. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] expand array into function arguments?
On Wed, May 11, 2005 12:13 pm, Christopher J. Bottaro said: > You can do this in Python: > > > def myFunc(arg1, arg2, arg): > #do something > > myList = [1, "arg", 5] > myFunc(*myList) # calls myFunc(1, "arg", 2) > > > Can that be done in PHP, and if so, how? You mean call a user function with an array for the parameters? Didja search the PHP website? You should have found this: http://php.net/call_user_func_array -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Saving of buffers, from a security standpoint
On Wed, May 11, 2005 10:02 am, Colin Ross said: > I am working on a bit of code for credit-card processing, so please keep > in > mind, security of the data is essential.. > On part of it i wish to use a buffer, but i wonder if that data is saved > anywhere on the running system (as a temp file, etc), or is it just held > in > the system's memory? What kind of a buffer? Actually, scratch that question. There is no guarantee, in PHP, that the data in your running script will not be stored in swap (temp file) on disk as the script runs. It would be nice, perhaps, if there were a way to allocate memory only in RAM that could not be swapped. There are, in some OSes, low-level calls to do this, but I don't think PHP wrappers exist (yet) for them. At any rate, my point is that if the Bad Guys can read your swap files, you're probably already in so much trouble that the credit card numbers isn't your #1 concern. It is that bad. > My concern is that if an error occurs in the processing, i don't want that > buffer to remain (with possible valid Credit Card data) on the system... You want to catch/handle as many possible errors as you can, and work through them intelligently. No matter what you do, it's possible that you'll end up with a core dump (or similar) with your RAM including CC#s in it. You'll want to make this as unlikely as you can, but you'll also want to think about what you'll do if it *DOES* happen. Should you turn off core dumps on a production server? Probably, if you can. Does that guarantee that somebody (maybe you a year from now) trying to detect some other issue won't turn it back on, yes, even on a production server? Probably not. So, prepare for it, and do the right thing, whatever you think that is. Back to your buffers: It really all depends on how you build the buffer, and where they are allocated/stored/free'd. PHP has no data type of "buffer" so we don't really understand the question until you clarify that a bit. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Generating a php file
Sorry forgot to cc to the list - again I'm still not sure I understand, although I'm getting there. This might be useful. $dynamicly_generated_script = "somevalue}'; ?>"; As might this: $dyn_gen_script = sprintf( '' , $this->somevar ); On 5/11/05, Dan Rossi <[EMAIL PROTECTED]> wrote: > > On 12/05/2005, at 6:03 AM, Rory Browne wrote: > > > You can start by clarifying. I had to read your message three times > > before I got a vague understanding. > > > > What I'm hearing is that you want to put something like > > into a string? You are having > > difficulty doing this because you are finding that your string > > contains the value of $msg, instead of a doller sign, followed by > > 'msg'? > > > > If so, then you can: > > > > Use Single Quotes: > > $code = '' > > > > or Escape your $-signs, by placing a backslash(\) in front of the > > $-sign > > $code = ""; > > > > > > I've had a habit of this of late ! Let me clarify for you then ;) > > I have a php file say > > $query = $_SERVER['QUERY_STRING']; > $somevar = 'somevalue'; > ?> > > i need to dynamically generate some values in the script and output a > new file to download from it ie > > $query = $_SERVER['QUERY_STRING']; > $somevar = $this->somevalue; > ?> > > becomes > > $query = $_SERVER['QUERY_STRING']; > $somevar = 'somevalue'; > ?> > > where $this->somevalue is from my generator class ;) > > However if I do > > $buffer = " $query = $_SERVER['QUERY_STRING']; > $somevar = 'somevalue'; > ?>"; > > I get all sorts of errors around $_SERVER. > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Saving of buffers, from a security standpoint
at this point, I'm planning on (at least on production) turning off all error reporting, I am using PEAR::ErrorStack mainly for error handling, which I love using btw... all I'm trying to do is make sure that no information gets outputed from the script, even if some horrible error occurs, i guess i figured i could just have it buffer output, then destroy the buffer output after... ie. http://us4.php.net/manual/en/function.ob-end-clean.php> ?> Maybe this is just the wrong way to think about it... In the end though, i'd rather error on the side of security and output no info (even on an error) then output _too much_ info if you know what I mean. if the buffer gets saved into the swap file, that okay. I'm with you on that point, if he can read my swap.. i'm just S.O.L. and the system is compromised, period. I was just wondering if PHP saved this kinda info in the same style that it saves session data (under /tmp) by default, one of the main reasons why session data should not be concidered all too secure Colin On 5/11/05, Richard Lynch <[EMAIL PROTECTED]> wrote: > > On Wed, May 11, 2005 10:02 am, Colin Ross said: > > I am working on a bit of code for credit-card processing, so please keep > > in > > mind, security of the data is essential.. > > On part of it i wish to use a buffer, but i wonder if that data is saved > > anywhere on the running system (as a temp file, etc), or is it just held > > in > > the system's memory? > > What kind of a buffer? > > Actually, scratch that question. > > There is no guarantee, in PHP, that the data in your running script will > not be stored in swap (temp file) on disk as the script runs. > > It would be nice, perhaps, if there were a way to allocate memory only in > RAM that could not be swapped. > > There are, in some OSes, low-level calls to do this, but I don't think PHP > wrappers exist (yet) for them. > > At any rate, my point is that if the Bad Guys can read your swap files, > you're probably already in so much trouble that the credit card numbers > isn't your #1 concern. It is that bad. > > > My concern is that if an error occurs in the processing, i don't want > that > > buffer to remain (with possible valid Credit Card data) on the system... > > You want to catch/handle as many possible errors as you can, and work > through them intelligently. > > No matter what you do, it's possible that you'll end up with a core dump > (or similar) with your RAM including CC#s in it. You'll want to make this > as unlikely as you can, but you'll also want to think about what you'll do > if it *DOES* happen. Should you turn off core dumps on a production > server? Probably, if you can. Does that guarantee that somebody (maybe > you a year from now) trying to detect some other issue won't turn it back > on, yes, even on a production server? Probably not. So, prepare for it, > and do the right thing, whatever you think that is. > > Back to your buffers: It really all depends on how you build the buffer, > and where they are allocated/stored/free'd. PHP has no data type of > "buffer" so we don't really understand the question until you clarify that > a bit. > > -- > Like Music? > http://l-i-e.com/artists.htm > >
Re: [PHP] pointing to localhost from remote server
On Wed, May 11, 2005 6:56 am, George Pitcher said:
> I have a system running on my main server containg separate user and staff
> interfaces to the same MySQL databases.
>
> Part of my process involves spawning off pdf front covers to a local
> directory, grabbing files from an archive on a networked pc and adding
> them
> together to ftp back to the server (which, incidentally is 70 miles away).
> My own machine runs IIS5/PHP5 and the Java classes to do the pdf joining.
>
> I have a link on a server mounted page that opens the localhost page and
> successfully prints off the pdf covers. However, on completion, the popup
> disappears and I then get a 'file open/save' dialog box which, if I 'open'
> tries to open the php file in Dreamweaver (my chosen IDE). What should
> happen is that on completion, a smarty template should be opened.
I was with you until you threw in the Smarty template at the end...
At any rate, what the browser "opens" depends on two things:
1. The headers you send.
2. The URL (Microsoft only)
If you don't like what the browser is opening to handle your output, you
need to change these two things.
1. is fairly trivial to change. You definitely want
header("Content-type: smarty/template");
only smarty/template should be, errr, whatever opens up a smarty template,
whatever that is.
You probably also need header("Content-disposition: ...") header for
broken Microsoft browser that use that ms-only made-up header.
2. is only slightly more tricky. In many cases, regardless of the headers
you send, MS IE is going to key off the URL you surf to, and fire up the
application based on the ending ".xyz" where ".xzy" is the "file
association extension" setting in MS Windows. This is a REALLY STUPID
thing that MS did with IE, but there it is.
To beat this, you basically force your URL to end with the extension that
MS Windows uses to open up whatever it is you want opened up.
For a PDF, for example, you could make the URL look like:
http://example.com/myscript.php/fool_ie.pdf
PHP (and Apache) are going to *IGNORE* the "/fool_ie.pdf" part, and run
your PHP script, but MS IE will key off of fool_ie.pdf to fire up
Acrobat/Reader.
Even this isn't fool-proof, especially if you need to add GET parameters:
http://example.com/myscript.php/fool_ie.pdf?record_id=42
and you want to support Microsoft IE 4.x for Macintosh, which will puke on
the GET parameters. [sigh]
So, to make a long story short, the SAFEST thing to do is craft a URL
which Microsoft cannot possibly screw up:
http://example.com/myscript/record_id=42/fool_ie.pdf
You can use .htaccess and ForceType to get 'myscript' to be a PHP script.
Apache will ignore the "/record_id=42/fool_id.pdf" bit, except to provide
it to PHP in $_SERVER['PATH_INFO'] which you can tear apart. Search this
list for a post on this same topic for some free code to do that fairly
nicely, if I do say so myself.
It would be nice if IE actually followed the HTTP standards for
Content-type and other headers, but this is Microsoft, and they don't
follow standards. They just do what they want and write new
(incompatible) "standards" instead. :-)
[Not that Netscape's record is all that clean either, but MS does this in
ALL their software... to the point where it's a one-company conspiracy of
incompatibility to lock-in customer (victims, really)]
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] protect your CSS files, and possibly other extenstionsas well...
On Wed, May 11, 2005 6:48 am, Mark Rees said: [major snippage] Just to re-iterate what I implied, somebody else said, and is still not, apparently, getting through... If a rip-off so-called webmaster wants your CSS and JS, what you have done isn't even gonna slow them down. Their browser *HAS* to have access to the CSS and JS to operate. Therefore, they *HAVE* a copy of your CSS and JS, by definition. It is *so* trivial for them to snag it, that you are spinning your wheels with this PHP "protection" for it. Sorry. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql injections (related question)
I have a related question, many of you have suggested using addslashes on your variables to prevent SQL injections, but is it safer to use mysql_real_escape_string (or mysql_escape_string)? What is the benefit / cost of using mysql_real_escape_string rather than addslashes? When using Postgres i always use pg_escape_string on anything i send the DB's way. In fact the manual says specifically to use pg_escape_string rather than addslashes (however it doesnt give that advice in mysql_real_escape_string )... http://us3.php.net/manual/en/function.pg-escape-string.php Not being familiar with the internals of any of these functions, i'm wondering which are safer or do they do approximately the same thing? Is there any difference in performance? Which method do you use and why? -k. __ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: expand array into function arguments?
Richard Lynch wrote: > On Wed, May 11, 2005 12:13 pm, Christopher J. Bottaro said: >> You can do this in Python: >> >> >> def myFunc(arg1, arg2, arg): >> #do something >> >> myList = [1, "arg", 5] >> myFunc(*myList) # calls myFunc(1, "arg", 2) >> >> >> Can that be done in PHP, and if so, how? > > You mean call a user function with an array for the parameters? > > Didja search the PHP website? Yes, but sometimes its hard to search unless you know exactly what you are looking for. I was looking for a language construct, I wasn't really expecting a function. > You should have found this: > > http://php.net/call_user_func_array That its, perfect. Thank you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: A couple questions about templating
Well, I made it work now, and I even got a cache built in there
(kindof stupid though, I need to make it smarter.)
I figured out to use the assign function to add the curly brackets, thank-you.
I'll look into the file_*_contents() functions, thanks.
On 5/11/05, Rory Browne <[EMAIL PROTECTED]> wrote:
> > Anyways, I restructered my code, and as far as I can see there is
> > nothing wrong with the code, except for that it simply doesn't work :)
> That's usually considered a fairly serious problem.
>
> > I'm probably missing something blatently obvious but I'll post it and
> > maybe someone can spot why this isn't working. Here be the code:
> I've had a fairly brief look through, and would recommend the following:
>
> Add error checking routines
> Don't do this:$fp = fopen($file, $mode);
> Do this instead: $fp = fopen($file, $mode) or die("can't open file
> $file with mode $mode");
>
> You might also want to have a look at www.php.net/asssert
>
> Recheck your strings/arrays, and your uses of them:
> > function assign($var,$value) {
> > if (isset($var) && isset($value)) {
> > $this->_var[] = $var;
> > $this->_value[] = $value;
> // $this->_var, and $this->_value are arrays
>
> > $this->_file = str_replace('{' .
> > $this->_var . '}',$this->_value,$this->_file);
> Here you're trying to concatenate a string ('{') with an array ($this->_var)
>
> Probably the easiest solution would be to do a $this->_var[] = '{' .
> $var . '}'; in the assign() function.
>
> For Clarity sake, instead of using fopen/fread/fwrite/filesize/etc,
> I'd replace them with file_get_contents(), and if available
> file_put_contents()
>
> >
> > > class mm {
> > //
> > // PRIVATE CLASS VARIABLES
> > //
> > var $_file;
> > var $_template;
> > var $_var;
> > var $_value;
> >
> > //
> > // CLASS CONSTRUCTOR
> > //
> > function mm() {
> > $this->_var = array();
> > $this->_value = array();
> > }
> >
> > //
> > // ASSIGN A VARIABLE
> > //
> > function assign($var,$value) {
> > if (isset($var) && isset($value)) {
> > $this->_var[] = $var;
> > $this->_value[] = $value;
> > }
> > }
> >
> > //
> > // RUN THE WEBPAGE
> > //
> > function run($template) {
> > if (isset($template)) {
> > $this->_template = 'tpl/' . $template .
> > '.tpl';
> > if (file_exists($this->_template)) {
> > $file = fopen($this->_template,'r');
> > $this->_file =
> > fread($file,filesize($this->_template));
> > fclose($file);
> > $this->_file = str_replace('{' .
> > $this->_var .
> > '}',$this->_value,$this->_file);
> > print($this->_file);
> > } else {
> > print('Template File Does Not
> > Exists');
> > }
> > } else {
> > print('Template is not sent');
> > exit;
> > }
> > }
> > }
> > ?>
> >
> > The page that run's the script simply looks like this:
> >
> > > //
> > // LOAD THE TEMPLATING CLASS
> > //
> > require_once('tpl.php');
> > $mm = new mm();
> >
> > //
> > // SET CONTENT
> > //
> > $sitename = 'Calgary Outdoor Paintball League » Under Heavy
> > Developement';
> > $header = 'Welcome to the Calgary Outdoor Paintball League\'s
> > Official Website';
> >
> > //
> > // RUN THE PAGE
> > //
> > $mm->assign('sitename',$sitename);
> > $mm->assign('header',$header);
> > $mm->run('index');
> > ?>
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
--
jamwil.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: A couple questions about templating
I took a look at those functions, and file_put_contents() is only php5... this needs to work w/ php4 so that's not an option. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session Array using array_pop and array_unshift
Hello, I have an application that occasionally drops a session array element value. Data from the form... $_POST['firstName']; $_POST['lastName']; $_POST['phone']; $_POST['email']; $_POST['cell']; When the form is submitted, the POST variables are checked to make sure they each contain a value. If not, the form is redisplayed and the user is alerted to the missing data. The next step in the process places the data into an array and then assigns the array to a session variable... $userData = array ($_POST['firstName'], $_POST['lastName'], $_POST['phone'], $_POST['email'], $_POST['cell']); $_SESSION['userData'] = $userData; The user then visits some other pages and fills out some more data. At one point, it is necessary to remove the last two elements from the session array. This is achieved by using array_pop... $cellPhone = array_pop($_SESSION['userData']); $emailAddress = array_pop($_SESSION['userData']); And then it is necessary to add a different variable to the beginning of the session array... $userCleared = "ok"; array_unshift($_SESSION['userData'], $userCleared); Finally, the data is checked again to make sure values exist. At this point, occasionally, one of the element values of the session array is missing. It's never the same one. It seems that, at random, one of the elemental values just goes away. The others are still there. If an element is missing, I receive an email alerting me to this fact. I can think of other ways to handle all of this data, but my question is this...would the current code cause elements to loose their value? Would using a session array AND the array_pop or array_unshift cause this to happen? Has anyone else experienced this sort of occasional anomaly? Thanks, Rog -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Form handling
Hello, all -
I've been researching how to handle forms properly, and I think I
figured out a way that might be beneficial for me to use. It is as follows:
(index.php)
session_start();
if (isset($_SESSION['step'])) {
switch $_SESSION['step'] {
case "1":
require('step1.php');
break;
case "2":
require('step2.php');
break;
case "3":
require('step3.php');
break;
// add more case statements here if I need to
default:
require('step1.php');
break;
}
} else {
$_SESSION['step'] = '1';
require('step1.php');
}
Each stepX.php file would look something similar to this:
(step1.php)
// if submitted, check data for completeness
// if complete, set 'step' to 2, to be used as argument to index.php
$_SESSION['step'] = '2'
// redirect back to index.php, use new value of 'step' to direct
header('Location: http://somesite.com/index.php');
// else display form data
Now, this is, really, one of my first experiences with doing forms. I
just want to know if I can/should/would anticipate any problems down the
road while doing this. I think it would work quite well, but I've only
been doing this for a short while.
Thanks!
-dant
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 5.0. Save classes in a session. Need help now
Is it possibele to save a class in a session ex. $cl = new Class(); $SESSION['this_class'] = cl; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql injections (related question)
On Thursday 12 May 2005 06:30, -k. wrote: > I have a related question, many of you have suggested > using addslashes on your variables to prevent SQL > injections, but is it safer to use > mysql_real_escape_string (or mysql_escape_string)? > What is the benefit / cost of using > mysql_real_escape_string rather than addslashes? When > using Postgres i always use pg_escape_string on > anything i send the DB's way. In fact the manual says > specifically to use pg_escape_string rather than > addslashes (however it doesnt give that advice in > mysql_real_escape_string )... Postgresql uses a single-quote to escape a single-quote. MySQL uses a backslash. Hence running addslashes() on a string destined for MySQL is usually OK whilst doing so for Postgresql is not. But now that mysql_real_escape_string() is available that is what you ought to use. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- New Year Resolution: Ignore top posted posts -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Generating a php file
On 12/05/2005, at 8:01 AM, Rory Browne wrote: I'm still not sure I understand, although I'm getting there. This might be useful. $dynamicly_generated_script = "somevalue}'; ?>"; As might this: $dyn_gen_script = sprintf( '' , $this->somevar ); \ Ahh it looks like i have to addslashes to dollar signs ! I'll try tonight cheers. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Form handling
While this *CAN* work, and a lot of people like it, it tends to add a fair
amount of "cruft" for not that much benefit, really...
What do you GAIN having this big old switch statement?
What data/processing is really really shared in all these steps?
On Wed, May 11, 2005 4:57 pm, dan said:
> Hello, all -
>
> I've been researching how to handle forms properly, and I think I
> figured out a way that might be beneficial for me to use. It is as
> follows:
>
> (index.php)
>
> session_start();
> if (isset($_SESSION['step'])) {
> switch $_SESSION['step'] {
> case "1":
> require('step1.php');
> break;
> case "2":
> require('step2.php');
> break;
> case "3":
> require('step3.php');
> break;
Simpler:
case "1":
case "2":
case "3":
require "step$step.php";
break;
Also not that it's pretty unlikely that your default will kick in, since
somebody would have to intentationally hack $step to be, say, 4 or
something to reach that line of code... [more]
> // add more case statements here if I need to
> default:
> require('step1.php');
> break;
> }
> } else {
> $_SESSION['step'] = '1';
> require('step1.php');
> }
So you might want to start off with:
$step = isset($_SESSION['step']) ? $_SESSION['step'] : 1;
Then you could do your switch, and default to step1, thereby having all
the same functionality, but with fewer branches in the actual algorithm.
>
> Each stepX.php file would look something similar to this:
>
> (step1.php)
>
> // if submitted, check data for completeness
> // if complete, set 'step' to 2, to be used as argument to index.php
> $_SESSION['step'] = '2'
> // redirect back to index.php, use new value of 'step' to direct
> header('Location: http://somesite.com/index.php');
> // else display form data
>
>
>
>
> Now, this is, really, one of my first experiences with doing forms. I
> just want to know if I can/should/would anticipate any problems down the
> road while doing this. I think it would work quite well, but I've only
> been doing this for a short while.
I did it this way at first, but quicly found that the amount of shared
code between steps was so minimal, that it was better to just have each
step as a separate form, with filenames that made sense for the
information gathered at that stage.
It's also sometimes good to let the user fill in different steps in
whatever order they prefer -- depending on the data gathered and what your
business goals are.
I've seen a particularly nice implementation of this at CDBaby (which is
not real useful to anybody reading this unless you happen to be a musician
with a CD you want to sell...) where the steps can be done in any order,
but the first five are MUST DO and are flagged as such in RED until you do
them, and the last three are OPTIONAL and are in yellow until you do them.
Completed steps are changed to green.
Since some of the steps could require a fair amount of background work
(writing/editing/fixing-up your Bio, for example, or getting a complete
track listing with titles in order) he lets you do them in the order that
fits into your life, not in the order he happened to program that morning.
Very nice.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP 5.0. Save classes in a session. Need help now
I've done this by serializing and unserializing the the object. Its been discussed however using shared memory, shm is a better way to do it ? Sadly sh doesnt compile as default. On 12/05/2005, at 10:19 AM, Oscar Andersson wrote: Is it possibele to save a class in a session ex. $cl = new Class(); $SESSION['this_class'] = cl; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Array using array_pop and array_unshift
On Wed, May 11, 2005 4:46 pm, Webmaster said: > I have an application that occasionally drops a session array element > value. > > $_SESSION['userData'] = $userData; > > this to happen? Has anyone else experienced this sort of occasional > anomaly? YES! Granted, in my case, it was a short-lived buglet in PHP, and it was more predictable because I was doing the same thing every time, but... Basically, what was happening in MY case was this: $foo = $_SESSION['foo']; This was putting a "string reference" (which doesn't even exist as a data type in PHP, but that's what it was in reality) into $foo. Then, later, in other processing, I might do: $foo = 'some other value than was was in $foo'; And, POOF! my value in $_SESSION['foo'] was altered! Because $foo was a "string reference" being passed back from the PHP code that pulled data out of $_SESSION. I filed a bug report at http://bugs.php.net, and it's labeled as "fixed in CVS" Short term, I just stopped re-using $foo as a variable name. It's entirely POSSIBLE that you have something similar going on. One tell-tale was that doing a var_dump($_SESSION) or var_dump($foo) would show something not un-like: &(string X) "foo data" where X is the string length, instead of just: (string X) "foo data" The tell-tale presence of & is what made me realize that I was somehow getting a "string reference" and that was messing with my data when I re-used variables. The annoying thing was that this made scrubbing my $_SESSION data difficult -- and I had people telling me that I should be copying stuff out of $_SESSION, but on a shared server, I don't trust $_SESSION data! So I want to copy it out to $foo, and do, say, a regex on it, and compare the result to the original $_SESSION['foo'] and if they don't match, I consider that data hacked/invalid, because I know it's supposed to be the same before/after this Regex. Yet, if the string is a reference, well, then, the Regex applied to the reference was getting applied to the $_SESSION element... Anyway, make a long story short, it was quite confusing and more than a little annoying to be trying to scrub data that was always a reference and kept changing out from under me when I used it. This may NOT be what's happening to you... Or it might be another manifestation of the same buglet. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql injections (related question)
On Wed, May 11, 2005 5:23 pm, Jason Wong said: > But now that mysql_real_escape_string() is available that is what you > ought to use. But are they REALLY different. Or, put it this way: Suppose I have 10,000,000 lines of code that have Magic Quotes on, which calls addslashes automatically, and I already have scrubbing in place for the data that can be scrubbed from untrusted users. Is mysql_real_escape_string *DIFFERENT* in some incredibly huge secure way that I want to stop working on all my current projects to go re-write the 10,000,000 lines of code? Or is mysql_real_escape_string just something I should use going forward in case it might be better someday, but it's really the same for now? Or, is it a LITTLE better for an obscure hack that won't affect me if my scrubbing is halfway decent? Or... ??? It's all very well to repeat these pronouncements from on high that "mysql_real_escape_string is better" but I personally would sure appreciate somebody who's saying this to say *WHY* it is better, and in precisely what ways it is different from addslashes and/or magic quotes with or without data scrubbing. It's not quite yet at the point where I'm getting tired of hearing about "mysql_real_escape_string is better" but the envelope is being pushed. :-) Maybe I just missed that detailed analysis of the inherent superiority of mysql_real_escape_string, but it's not for a lack of looking... -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP 5.0. Save classes in a session. Need help now
On Wed, May 11, 2005 5:19 pm, Oscar Andersson said: > Is it possibele to save a class in a session > > ex. > > $cl = new Class(); > $SESSION['this_class'] = cl; Yes, but... You'd have to actually use $cl in that last line, and you need to require the file that defines the class definition *BEFORE* you start your session in the next page where you expect the class instance to exist. Actually, you could maybe get away with starting the session, the loading the class definition, then accessing the $cl variable... But I'm not sure of that, because I don't use classes, and even if I did, I'd load in all the class files before I started my session, just on principle. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Freelance Work - London N1
hi On 5/11/05, bubba <[EMAIL PROTECTED]> wrote: > > We're looking for a freelancer to work ON-SITE IN LONDON on a PHP/MySQL > content management system for 4-5 weeks, starting in approx. 10 days time. > Experience of building bespoke CMS systems is essential. If you're > interested, please send your CV, rates and relevant URLs that you've worked > on via email to milan AT mook.co.uk i would like to work for ur project. check out http://chandar.blogspot.com for my resume. i am from india > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- bala> balachandar muruganantham blog> lynx http://chandar.blogspot.com web> http://www.chennaishopping.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
