date:20060324

Re: [PHP] security risk by using remote files with include(); ?

2006-03-24 Thread Jasper Bryant-Greene


Merlin wrote:

I am wondering if I am opening a potential security risk by
including files on remote servers. I am doing an include 
('http:/www.server.com/file.html') inside a php script of mine
to seperate content from function. Content is produced by a friend of 
mine and

I do not want to grant access to my server to him.


Yes, your friend (or anyone who compromises his server, who may very 
well *not* be friendly :) can output any PHP code he likes from that 
URL, and your server will execute it.


Not Good(tm).

You could do:

| echo file_get_contents( 'http://www.server.com/file.html' );

but only if you really trust his server to never get compromised, as 
that would allow an attacker to replace content on your website with 
anything they liked.


Jasper

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Switching to UTF-8. Need help.

2006-03-24 Thread Andy


This is my code:
";
   echo utf8_encode ($str);
?>


öüééééÉõõÕÕ

I tried all the ways:

and

etc.

The first echo... is not showed correctly.
The second (with the encoding function) works well.
In php.ini the default encoding is UFT-8. The webserver sends the correct
encoding.

By default the browser(tested on IE and firefox) sees as UFT-8 encoding for
the page. If I output the string with utf8_encode function than it wroks
well. But... it this the solution??? I don't want to modify the whole
project.

Best regards,
Andy.
- Original Message - 
From: "Richard Lynch" <[EMAIL PROTECTED]>

To: "Andy" <[EMAIL PROTECTED]>
Cc: 
Sent: Friday, March 24, 2006 2:14 AM
Subject: Re: [PHP] Switching to UTF-8. Need help.



Check the HEADERS your web-server is sending.

If they don't have Charset UTF-8 in there, it won't work on REAL
browsers (Mozilla based)

Then, for reasons known only to Microsoft, you have to use a META tag
to define the Charset for IE.

MS will *ignore* the headers in favor of a heuristic whereby they
count the number of characters in any given document which do/don't
fit into various common charsets, and then they choose the charset
based on that.

Apparently, MS assumes that web-designers who can only handle META
tags are smarter than developers who use header() function.  Go
figure. :-^



On Thu, March 23, 2006 10:13 am, Andy wrote:

Hi to all,

We are developing a multilanguage application, and slowly it seems
that the Latin1(ISO 5589 1) encoding is not enough.
I tried simply to convert the database and the encoding of the php to
UTF-8, but I'm getting some problems.

If I make an echo 'möbel, Belgien' the browser does not show me the
correct character. If I look in the source of the document the
character is good. Default encoding of the browser is UTF-8. If I
change manually the browser encoding then the chars are showed
correclty.

We have a lot of "defines" with fix texts, which are full with german
and french characters. Any of these aren't shower correctly.

What is the workaround for this?

Best regards,
Andy.



--
Like Music?
http://l-i-e.com/artists.htm






--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Switching to UTF-8. Need help.

2006-03-24 Thread Jasper Bryant-Greene


Is the file saved in UTF-8 encoding (the PHP script itself)?

Jasper

Andy wrote:

This is my code:
";
   echo utf8_encode ($str);
?>


öüééééÉõõÕÕ

I tried all the ways:

and

etc.

The first echo... is not showed correctly.
The second (with the encoding function) works well.
In php.ini the default encoding is UFT-8. The webserver sends the correct
encoding.

By default the browser(tested on IE and firefox) sees as UFT-8 encoding for
the page. If I output the string with utf8_encode function than it wroks
well. But... it this the solution??? I don't want to modify the whole
project.

Best regards,
Andy.
- Original Message - From: "Richard Lynch" <[EMAIL PROTECTED]>
To: "Andy" <[EMAIL PROTECTED]>
Cc: 
Sent: Friday, March 24, 2006 2:14 AM
Subject: Re: [PHP] Switching to UTF-8. Need help.



Check the HEADERS your web-server is sending.

If they don't have Charset UTF-8 in there, it won't work on REAL
browsers (Mozilla based)

Then, for reasons known only to Microsoft, you have to use a META tag
to define the Charset for IE.

MS will *ignore* the headers in favor of a heuristic whereby they
count the number of characters in any given document which do/don't
fit into various common charsets, and then they choose the charset
based on that.

Apparently, MS assumes that web-designers who can only handle META
tags are smarter than developers who use header() function.  Go
figure. :-^



On Thu, March 23, 2006 10:13 am, Andy wrote:

Hi to all,

We are developing a multilanguage application, and slowly it seems
that the Latin1(ISO 5589 1) encoding is not enough.
I tried simply to convert the database and the encoding of the php to
UTF-8, but I'm getting some problems.

If I make an echo 'möbel, Belgien' the browser does not show me the
correct character. If I look in the source of the document the
character is good. Default encoding of the browser is UTF-8. If I
change manually the browser encoding then the chars are showed
correclty.

We have a lot of "defines" with fix texts, which are full with german
and french characters. Any of these aren't shower correctly.

What is the workaround for this?

Best regards,
Andy.



--
Like Music?
http://l-i-e.com/artists.htm








--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Switching to UTF-8. Need help.

2006-03-24 Thread Andy

No it was not. If I save it with UFT8 encoding it works well.
So, do I have to convert all the files to UTF8 encoding?
Is there an easy way to do that?

- Original Message - 
From: "Jasper Bryant-Greene" <[EMAIL PROTECTED]>

To: "Andy" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; 
Sent: Friday, March 24, 2006 11:18 AM
Subject: Re: [PHP] Switching to UTF-8. Need help.

Is the file saved in UTF-8 encoding (the PHP script itself)?

Jasper

Andy wrote:

This is my code:
";
   echo utf8_encode ($str);
?>

öüééééÉõõÕÕ

I tried all the ways:

and

etc.

The first echo... is not showed correctly.
The second (with the encoding function) works well.
In php.ini the default encoding is UFT-8. The webserver sends the correct
encoding.

By default the browser(tested on IE and firefox) sees as UFT-8 encoding 
for

the page. If I output the string with utf8_encode function than it wroks
well. But... it this the solution??? I don't want to modify the whole
project.

Best regards,
Andy.
- Original Message - From: "Richard Lynch" <[EMAIL PROTECTED]>
To: "Andy" <[EMAIL PROTECTED]>
Cc: 
Sent: Friday, March 24, 2006 2:14 AM
Subject: Re: [PHP] Switching to UTF-8. Need help.

Check the HEADERS your web-server is sending.

If they don't have Charset UTF-8 in there, it won't work on REAL
browsers (Mozilla based)

Then, for reasons known only to Microsoft, you have to use a META tag
to define the Charset for IE.

MS will *ignore* the headers in favor of a heuristic whereby they
count the number of characters in any given document which do/don't
fit into various common charsets, and then they choose the charset
based on that.

Apparently, MS assumes that web-designers who can only handle META
tags are smarter than developers who use header() function.  Go
figure. :-^

On Thu, March 23, 2006 10:13 am, Andy wrote:

Hi to all,

We are developing a multilanguage application, and slowly it seems
that the Latin1(ISO 5589 1) encoding is not enough.
I tried simply to convert the database and the encoding of the php to
UTF-8, but I'm getting some problems.

If I make an echo 'möbel, Belgien' the browser does not show me the
correct character. If I look in the source of the document the
character is good. Default encoding of the browser is UTF-8. If I
change manually the browser encoding then the chars are showed
correclty.

We have a lot of "defines" with fix texts, which are full with german
and french characters. Any of these aren't shower correctly.

What is the workaround for this?

Best regards,
Andy.

--
Like Music?
http://l-i-e.com/artists.htm

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] undefined function error with lost password script

2006-03-24 Thread Robin Vickery

On 24/03/06, Richard Lynch <[EMAIL PROTECTED]> wrote:
>
> In incredibly ancient versions of PHP, you needed to have the:
>
> function foo () { ... };
>
> appear BEFORE you called it.
>

You still do in PHP5 if the function definition is in a conditional
block. Like his.

But apparently the script was thoroughly tested before he paid for it,
so that can't be the problem :-)

  -robin

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Switching to UTF-8. Need help.

2006-03-24 Thread Jasper Bryant-Greene


If you're on *nix:

man iconv

otherwise, I have no idea, sorry.

Jasper


Andy wrote:

No it was not. If I save it with UFT8 encoding it works well.
So, do I have to convert all the files to UTF8 encoding?
Is there an easy way to do that?

- Original Message - From: "Jasper Bryant-Greene" 
<[EMAIL PROTECTED]>

To: "Andy" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; 
Sent: Friday, March 24, 2006 11:18 AM
Subject: Re: [PHP] Switching to UTF-8. Need help.



Is the file saved in UTF-8 encoding (the PHP script itself)?

Jasper

Andy wrote:

This is my code:
";
   echo utf8_encode ($str);
?>


öüééééÉõõÕÕ

I tried all the ways:

and

etc.

The first echo... is not showed correctly.
The second (with the encoding function) works well.
In php.ini the default encoding is UFT-8. The webserver sends the 
correct

encoding.

By default the browser(tested on IE and firefox) sees as UFT-8 
encoding for

the page. If I output the string with utf8_encode function than it wroks
well. But... it this the solution??? I don't want to modify the whole
project.

Best regards,
Andy.
- Original Message - From: "Richard Lynch" <[EMAIL PROTECTED]>
To: "Andy" <[EMAIL PROTECTED]>
Cc: 
Sent: Friday, March 24, 2006 2:14 AM
Subject: Re: [PHP] Switching to UTF-8. Need help.



Check the HEADERS your web-server is sending.

If they don't have Charset UTF-8 in there, it won't work on REAL
browsers (Mozilla based)

Then, for reasons known only to Microsoft, you have to use a META tag
to define the Charset for IE.

MS will *ignore* the headers in favor of a heuristic whereby they
count the number of characters in any given document which do/don't
fit into various common charsets, and then they choose the charset
based on that.

Apparently, MS assumes that web-designers who can only handle META
tags are smarter than developers who use header() function.  Go
figure. :-^



On Thu, March 23, 2006 10:13 am, Andy wrote:

Hi to all,

We are developing a multilanguage application, and slowly it seems
that the Latin1(ISO 5589 1) encoding is not enough.
I tried simply to convert the database and the encoding of the php to
UTF-8, but I'm getting some problems.

If I make an echo 'möbel, Belgien' the browser does not show me the
correct character. If I look in the source of the document the
character is good. Default encoding of the browser is UTF-8. If I
change manually the browser encoding then the chars are showed
correclty.

We have a lot of "defines" with fix texts, which are full with german
and french characters. Any of these aren't shower correctly.

What is the workaround for this?

Best regards,
Andy.



--
Like Music?
http://l-i-e.com/artists.htm













--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re-arranging elements in an associative array

2006-03-24 Thread Fred Riley

Hi

This is my first question to these NGs, so please be gentle with me in any 
replies :). I've crossposted it as I'm not sure which is the more appropriate 
group. 

I'm a relative newbie to PHP, and my Q in short is: is there an easy way to 
manually change the arrangement of elements in an associative array? 

I'll use an example from the PHP manual:

$a = array( 'color' => 'red',
'taste' => 'sweet',
'shape' => 'round',
'name'  => 'apple',
  );

If you then iterate through this with foreach() to print it out then the keys 
and values will be printed in the order above. What I'd like to do is, say, 
move $a['name'] up to 2nd place, so that it would print in the order:

'color'
'name'
'shape'
'name'

I don't want to sort the array, just rearrange it a bit. I've looked in the 
array function list in TFM but can't see anything appropriate, and I couldn't 
see anything on PX or phpbuilder. 

The reason I want to do this is to arrange the values in a row extracted from 
mySQL. If you click on any of the titles in my test database browse page at 
http://www.nottingham.ac.uk/~ntzfr/rlos/database/rlo_titles.php you should get 
a 'full record' page. The fields from "RLO No." down to "Record last updated" 
are extracted from a single table 'RLO' with a simple SELECT query and their 
names and values are stuck into the associative array $record. The fields below 
(Author, Developer, etc) are extracted from junction tables by separate join 
queries, and also assigned to $record. The table is then printed with a simple 
foreach loop. What I'd like to do is shift, say, "Author" after "RLO title", 
"Developer" after "Stage", and so on.

I could do this the clunky way, by manually assigning each key and value from 
the queries into an array with the elements in the required order, and I'll do 
that if there's no easy way of rearranging elements. I suppose I could use some 
complex combination of shift(), pop(), merge() and whatnot, but that would 
probably take up more time than the clunky way. TIA for any suggestions/tips.

Cheers

Fred
Learning Technologist
School of Nursing, University of Nottingham

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] opening .Z archive with gzopen

2006-03-24 Thread nicolas figaro


Hi

I'm using php 4.3.11 on linux RH9.

I'd like to open a .Z archive with gzopen.
I looked at the options of gzopen, but I'm not sure there is a way to 
specify the compression used by compress/uncompress.


Has anyone ever tried and done this yet ? (without a system("uncompress 
$file")


thanks

Nicolas Figaro

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] undefined function error with lost password script

2006-03-24 Thread Barry


Robin Vickery wrote:

On 24/03/06, Richard Lynch <[EMAIL PROTECTED]> wrote:


In incredibly ancient versions of PHP, you needed to have the:

function foo () { ... };

appear BEFORE you called it.




You still do in PHP5 if the function definition is in a conditional
block. Like his.

But apparently the script was thoroughly tested before he paid for it,
so that can't be the problem :-)

  -robin

Well if it was throughly tested then there wouldn't be errors.
And the error "is" because of the function called before declared.

Greets
Barry
--
Smileys rule (cX.x)C --o(^_^o)
Dance for me! ^(^_^)o (o^_^)o o(^_^)^ o(^_^o)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] How to ping a webserver with php?

2006-03-24 Thread Merlin


Hi there,

I do have a webserver (that also runns php 4.x) running which I would 
like to ping from an intranet server. In case that the webserver is down 
and therefore my webapp the php script which does the ping should send 
an e-mail which results in a message on my mobile.


Are there any commands for PHP which you can recommend for doing that?

The plan was to write a php file which does the ping and e-mail thing 
and execute it via cron every few minutes.


Can somebody give me a hint on the commands I could use for the ping?

Thanx, merlin

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: How to ping a webserver with php?

2006-03-24 Thread Barry


Merlin wrote:

Hi there,

I do have a webserver (that also runns php 4.x) running which I would 
like to ping from an intranet server. In case that the webserver is down 
and therefore my webapp the php script which does the ping should send 
an e-mail which results in a message on my mobile.


Are there any commands for PHP which you can recommend for doing that?

The plan was to write a php file which does the ping and e-mail thing 
and execute it via cron every few minutes.


Can somebody give me a hint on the commands I could use for the ping?

Thanx, merlin

http://pear.php.net/manual/de/html/package.networking.net-ping.ping.html

Greets
Barry

--
Smileys rule (cX.x)C --o(^_^o)
Dance for me! ^(^_^)o (o^_^)o o(^_^)^ o(^_^o)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] opening .Z compressed file with php

2006-03-24 Thread nicolas figaro


Hi

I'm using php 4.3.11 on linux RH9.

I'd like to open a .Z archive with gzopen.
I looked at the options of gzopen, but I'm not sure there is a way to 
specify the compression used by compress/uncompress.


Has anyone ever tried and done this yet ? (without a system("uncompress 
$file")


thanks

Nicolas Figaro

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Fwd: Re: WG: Bitte weiterleiten

2006-03-24 Thread Thomas Munz



--  Weitergeleitete Nachricht  --

Subject: Fwd: Re: WG: Bitte weiterleiten
Date: Freitag, 24. März 2006 15:29
From: Thomas Munz <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]

--  Weitergeleitete Nachricht  --

Subject: Re: WG: Bitte weiterleiten
Date: Freitag, 24. März 2006 15:27
From: Thomas Munz <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]

Am Freitag, 24. März 2006 14:09 schrieben Sie:
>   _
>
> Von: Peter Seyerl [mailto:[EMAIL PROTECTED]
> Gesendet: Freitag, 24. März 2006 08:50
> An: [EMAIL PROTECTED]
> Betreff: WG: Bitte weiterleiten
>
>
>
>
>
> -Ursprüngliche Nachricht-
> Von: patrikk [mailto:[EMAIL PROTECTED]
> Gesendet: Freitag, 24. März 2006 08:39
> An: Weber Stefan; Schatzi; Peda; Mani; Ludwig Buchinger; Kleiss; Florian
> Lettner; Fabiii; Atzmüller Manuel; Astrid; Aisti
> Betreff: WG: Bitte weiterleiten
>
>
>
> -Ursprüngliche Nachricht-
> Von: Peter Seyerl [mailto:[EMAIL PROTECTED]
> Gesendet: Freitag, 24. März 2006 08:33
> An: [EMAIL PROTECTED]
> Betreff: WG: Bitte weiterleiten
>
>
>
> -Ursprüngliche Nachricht-
> Von: Rainer Königseder [mailto:[EMAIL PROTECTED]
> Gesendet: Freitag, 24. März 2006 08:03
> An: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
> Princess of Asia; [EMAIL PROTECTED]; Petra Punzenberger;
> [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; Armin Holenia; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Betreff: Fw: Bitte weiterleiten
>
>
>
> - Original Message -
>
> From: KÖNIGSECKER Matthias 
>
> To: KÖNIGSECKER Matthias 
>
> Sent: Thursday, March 23, 2006 8:08 PM
>
> Subject: WG: Bitte weiterleiten
>
>
>
>
>
>
>
>   _
>
> Von: Joachim Scherb [mailto:[EMAIL PROTECTED]
> Gesendet: Donnerstag, 23. März 2006 15:51
> An: Susanne Oberhuber; Elke Krist; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; Johannes
> Leitner; Ralf Kemetmüller; Harald Herber; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
> Mandi-Sonja Freudenthaler-Affenzeller; [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Betreff: WG: Bitte weiterleiten
>
>
>
>
> Mit freundlichen Grüßen
>
> Joachim Scherb
>
> Pappas Automobilvertriebs GmbH
> Ein Unternehmen der Pappas Gruppe
>
> 4030 Linz, Mayrhoferstrasse 36, Austria
> : +43-732-3849-119, : +43-732-3849-118
> [EMAIL PROTECTED]
> - Weitergeleitet von Joachim Scherb/LNZ/Pappas am 23.03.2006 15:48
> -
>
>
> Fölser Michael <[EMAIL PROTECTED]>
>
> 23.03.2006 14:40
>
>
>
>
> An
>
>
> Haiderer Günter <[EMAIL PROTECTED]>, "Knoll Klaus" <[EMAIL PROTECTED]>,
> <[EMAIL PROTECTED]>, "Joachim Scherb"
> <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, "michaela gahleitner"
> <[EMAIL PROTECTED]>, Claudia Fölser <[EMAIL PROTECTED]>,
> <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
> <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
> <[EMAIL PROTECTED]>
>
>
>
>
> Kopie
>
>
>
>
>
>
> Thema
>
>
> WG: WG: Bitte weiterleiten
>
>
>
>
>
>
>
>
>
>
>   _
>
> Von: Thomas Fölser [mailto:[EMAIL PROTECTED]
> Gesendet: Donnerstag, 23. März 2006 14:41
> An: Markus Maier; Alois Aufreiter; Fölser Michael; Claudia Fölser; Gabriele
> Alberndorfer; Seiberl Andreas (RCA); Markus Fölser
> Betreff: WG: WG: Bitte weiterleiten
>
> - Nachricht von "Gerald HAYBOECK" <[EMAIL PROTECTED]>
> auf Thu, 23 Mar 2006 14:11:08 +0100 -
>
>
> An:
>
> <[EMAIL PROTECTED]>,Thomas Fölser
> <[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,<
>g
> [EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,<[EMAIL PROTECTED]
>m
> x.at>,<[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,<
>g
> [EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,<[EMAIL PROTECTED]
>w
> est.at>,<[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,<
>h
> [EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,. [EMAIL PROTECTED]>,<[EMAIL PROTE

Re: [PHP] Fwd: Re: WG: Bitte weiterleiten

2006-03-24 Thread Thomas Munz

Sorry!

Was mistakly commited, should go to the list in my address book but not here!

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP and Connection: Close

2006-03-24 Thread Chris Shiflett


Jon Anderson wrote:


...
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ...
...



I seem to recall this being due to a bug in Internet Explorer that keeps 
the connection open longer than necessary, tying up server resources.


George Schlossnagle has a formula for calculating the win/loss of using 
persistent connections, and he factors in the keep-alive timeout because 
of this behavior. (He concludes that it's better to disable persistent 
connections altogether.)


Chris

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] security risk by using remote files with include(); ?

2006-03-24 Thread Chris Shiflett


Merlin wrote:

I am wondering if I am opening a potential security risk by
including files on remote servers.


Yes.


I am doing an include ('http:/www.server.com/file.html') inside
a php script of mine to seperate content from function. Content
is produced by a friend of mine and I do not want to grant
access to my server to him.


You already are. You're basically instructing PHP to evaluate file.html 
as PHP code, so your friend can execute any PHP code on your server.


If you only want to display file.html, use readfile(). This reduces your 
risk from remote code injection to cross-site scripting (XSS).



If including  into his file, I do get the info
of php and I believe it is the phpinfo of my server.


If he's executing phpinfo() on his server, it's going to describe his 
server. If he's outputting:




Then you're going to execute that when you include it.


That lets me believe that he could write now any php code which
would be ececuted on my server. Is that right? And if yes, what
can I do against it?


Use readfile(), but remember that this allows him to inject anything he 
likes into the content you send users, so your passing your risk onto 
your users.


Chris

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Fwd: Re: WG: Bitte weiterleiten

2006-03-24 Thread Barry


Thomas Munz wrote:

Sorry!

Was mistakly commited, should go to the list in my address book but not here!


LOL

--
Smileys rule (cX.x)C --o(^_^o)
Dance for me! ^(^_^)o (o^_^)o o(^_^)^ o(^_^o)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Apache/PHP/MySQL/OpenSSL upgrade question

2006-03-24 Thread Jason Gerfen

I know this might be slightly off topic but I just upgraded 
PHP/MySQL/OpenSSL and Apache to the latest stable release for each 
project and so far so good.  The one problem I am encountering is 
dealing with SSL and apachectl not accepting the command 'apachectl 
startssl' as it is depreciated.  Any idea how I can get this to start 
with SSL enabled on port 443?


--
Jason Gerfen

"You will never be ready for me."
~ Me

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Help?

2006-03-24 Thread Clinton, Rochelle A

Richard,

You were exactly right - my data was already in the format: 
I have resolved my issue now.

Thank you to all who responded to my question.  I was pleasantly
surprised by the willingness of so many to help a stranger!

Best Regards,
Rochelle

-Original Message-
From: Richard Lynch [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 23, 2006 3:39 PM
To: Clinton, Rochelle A
Cc: php-general@lists.php.net
Subject: RE: [PHP] Help?

On Thu, March 23, 2006 2:19 pm, Clinton, Rochelle A wrote:
> Hi Richard,
>
> WOW!  Thanks for such a quick response  -  this is just driving me
> crazy!  Not to mention consuming my time.
>
> I actually had been using the $line = in front of my replace attempts.
>
> Here is the exact offending code:
>
> for ($i=0; $i<$line_length; $i++) {
>$line[$i] = htmlspecialchars($line[$i]);
>echo "debug: line$i is: " . $line[$i] . "";
> }
> $line[$line_length-1] = str_replace("", "",
> $line[$line_length-1]);
> echo "DEBUG: replaced def line is: " .
> $line[$line_length-1] . "";
>
> And the uncooperative output:
>
> debug: line0 is: >
href="http://www.ncbi.nlm.nih.gov:80/entrez/query.fcgi?cmd=Retrieve&db=P
rotein&list_uids=73966552&dopt=GenPept"
> >gi
> debug: line1 is: 73966552
> debug: line2 is: ref
> debug: line3 is: XP_866810.1
> debug: line4 is:  PREDICTED: similar to splicing factor,
> arginine/serine-rich 1
> DEBUG: replaced def line is:  PREDICTED: similar to splicing
> factor, arginine/serine-rich 1

Use "View Source" in your browser to see what REALLY is being printed
out...

The browser is interpreting your output, at all stages, and what you
see in the browser is not what you've got.

Word may not be exactly "WYSIWYG", but it tries...

A browser is *NOT* WYSIWYG to the Nth degree! :-)

For example, your ACTUAL data might ALREADY be:
 PREDICTED:...

Or, it might be:
 PREDICTED:...

Or, it might be...

There are at least 3x3x3x3 possible combinations on this theme.  Throw
in UTF-8 characters being presented in Latin-1, and you've got that
times a thousand.

I SUSPECT that somebody has already done htmlentities() on your data,
and so you're *seeing*  in the browser, but your DATA is:

So you need to do the str_replace() on THAT, not on what you see.

Or figure out where you already did htmlentities, and don't do that.

Only use htmlentities() at the last possible moment, at browser output.

Never [*] use htmlentities() on data for storage, nor processing.

Only at the last micro-second before spewing out to a browser should
your raw data be converted to a form suitable for browser display.

You'll just confuse yourself otherwise, with data converted too soon,
and not being what you expect when you look at it.

* There are bound to be exceptions to this, for some special 'expert'
situations...

-- 
Like Music?
http://l-i-e.com/artists.htm

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] undefined function error with lost password script

2006-03-24 Thread Robin Vickery

On 24/03/06, Barry <[EMAIL PROTECTED]> wrote:
> Robin Vickery wrote:
> > On 24/03/06, Richard Lynch <[EMAIL PROTECTED]> wrote:
> >
> >>In incredibly ancient versions of PHP, you needed to have the:
> >>
> >>function foo () { ... };
> >>
> >>appear BEFORE you called it.
> >>
> >
> >
> > You still do in PHP5 if the function definition is in a conditional
> > block. Like his.
> >
> > But apparently the script was thoroughly tested before he paid for it,
> > so that can't be the problem :-)
> >
> >   -robin
> Well if it was throughly tested then there wouldn't be errors.
> And the error "is" because of the function called before declared.

 I R O N Y 

-robin

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Apache/PHP/MySQL/OpenSSL upgrade question

2006-03-24 Thread Petar Nedyalkov

On Friday 24 March 2006 17:24, Jason Gerfen wrote:
> I know this might be slightly off topic but I just upgraded
> PHP/MySQL/OpenSSL and Apache to the latest stable release for each
> project and so far so good.  The one problem I am encountering is
> dealing with SSL and apachectl not accepting the command 'apachectl
> startssl' as it is depreciated.  Any idea how I can get this to start
> with SSL enabled on port 443?

LoadModule ssl_module modules/mod_ssl.so

And a VirtualHost definition for :443 maybe?

>
> --
> Jason Gerfen
>
> "You will never be ready for me."
> ~ Me

-- 

Cyberly yours,
Petar Nedyalkov
Devoted Orbitel Fan :-)

PGP ID: 7AE45436
PGP Public Key: http://bu.orbitel.bg/pgp/bu.asc
PGP Fingerprint: 7923 8D52 B145 02E8 6F63 8BDA 2D3F 7C0B 7AE4 5436


pgpEjF4LL3ytQ.pgp
Description: PGP signature

Re: [PHP] Parents constructor

2006-03-24 Thread Jochem Maas


Pham Huu Le Quoc Phuc wrote:

I want to execute polymorphism.



...BUT the OP didn't ask about polymorphism and php
doesn't support it at all anyway.


if you want polymorphism either use another language,
drop the requirement or figure out a workaround using
some kind of decorator pattern


- Original Message -
From: "Robert Cummings" <[EMAIL PROTECTED]>
To: "Pham Huu Le Quoc Phuc" <[EMAIL PROTECTED]>
Cc: "Peter Lauri" <[EMAIL PROTECTED]>; "PHP-General"

Sent: Friday, March 24, 2006 2:01 PM
Subject: Re: [PHP] Parents constructor




On Fri, 2006-03-24 at 01:48, Pham Huu Le Quoc Phuc wrote:


In PHP, I can do the flowing code:


What you mean to say is that in PHP5 and only in PHP5 can you use
interfaces... and that would only be true if the following code were
correct.



interface A
{
 function Get();
}

class B extends A
{
  function Get()
 {
   echo "class B";
}
}

class C extends A
{
  echo "class C";
}


I'm very sure that the above class definition will generate a parse
error... and correct me if I'm wrong (I'm not by the way), but don't you
need to implement an interface versus extending it?



$a = new B();
$a->Get();
$a = new C();
$a->Get();

result:
Class B
Class C


At any rate, I fail to see the point of your response in relation to the
OP's question.

Cheers,
Rob.
--
..
| InterJinn Application Framework - http://www.interjinn.com |
::
| An application and templating framework for PHP. Boasting  |
| a powerful, scalable system for accessing system services  |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for   |
| creating re-usable components quickly and easily.  |
`'






--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Apache/PHP/MySQL/OpenSSL upgrade question

2006-03-24 Thread Julius Hacker

Jason Gerfen wrote:
> I know this might be slightly off topic but I just upgraded
> PHP/MySQL/OpenSSL and Apache to the latest stable release for each
> project and so far so good.  The one problem I am encountering is
> dealing with SSL and apachectl not accepting the command 'apachectl
> startssl' as it is depreciated.  Any idea how I can get this to start
> with SSL enabled on port 443?
>
Just use the right settings in your httpd.conf ;-)
You need a virtual host on port 443, in which you enable SSL with the
directive SSLEngine
For more, just read the documentation of Apache 2.2, it's described well
there.

-- 
Regards
Julius Hacker

http://www.julius-hacker.de
[EMAIL PROTECTED]

OpenPGP-Key-ID: 0x4B4A486E

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] HTTPS with NuSOAP

2006-03-24 Thread Peter Lauri

[snip]
> soapclient('https://webservices.netsuite.com/wsdl/v1_3_1/netsuite.wsdl');

The 's' in 'https' should be all that nuSOAP would need to know that
it should use SSL, if nuSOAP can do that.

[/snip]

Correct. NuSOAP do detect automatically, and if CURL is configured it will
work.

[snip]
> 'role internalId="theinternalid"'=>''));

Does that work to set the attribute?
[/snip]

It does not work, I figured out after many questions and a lot of digging in
the source code that I have to use soapval for that.

[snip]
> 2006-03-22 10:56:25.644283 soapclient: call: operation=LoginRequest,
> namespace=http://tempuri.org, soapAction=, rpcParams=, style=rpc,
> use=encoded, endpointType=soap

I have to wonder how the namespace tempuri.org got involved...
[/snip]

I am very new to SOAP, and I actually do not know what namespace really is
for the moment. Right now I am cheating a little and am using the SOAP
messages that MindReef's SOAPscore is generating for me automatically. I
want to learn more about SOAP, but there are few resources on the net.


[snip]
> HTTP method POST is not supported by this URL

This sounds to me like you've managed to use https/SSL, and are "in"
to the point of logging in, but something has convinced nuSOAP and/or
the WSDL that it should be using POST somewhere, and the server that's
handling the request don't like POST...

So maybe your question is how to get nuSOAP to use GET instead of POST.

Just guessing...
[/snip]

It was not about the url not liking POST, it was about the url not being
up-to-date. The documentation from NetSuite.com (the web service provider)
is so bad, their main income is from paid support, so they try to keep
documentation not good enough so that people are forced to buy from them.
But so far I have not needed to do that.

Thank you for your comments; you seem to be a darn knowledgeable person :)

/Peter

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: xdiff

2006-03-24 Thread Leonard Burton

Hm, this message bounced saying "550-Spammy URLs in your message" 
So I will try it again.



On 3/24/06, Leonard Burton <[EMAIL PROTECTED]> wrote:
> HI All,
>
> I started using some of the xdiff functions to keep up with differences.
>
> How are you all using it?
>
> Is there any better documentation that what I have found?  There isn't
> much documentation about it on PHP.net.
>
> This is a little better:

www dot wiki dot cc/php/Xdiff


>
> Cheers!
>
> --
> Leonard Burton, N9URK
> [EMAIL PROTECTED]
>
> "The prolonged evacuation would have dramatically affected the
> survivability of the occupants."
>


--
Leonard Burton, N9URK
[EMAIL PROTECTED]

"The prolonged evacuation would have dramatically affected the
survivability of the occupants."

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] GD Library or PHP Function

2006-03-24 Thread tedd


On Wed, March 22, 2006 9:18 pm, brian dichiara wrote:

 Is there a way to check to see if a JPEG or PDF is color or
 black/white?
 Like a function or something?


There does not appear to be a built-in function that does that...



I don't know of any either, but that's the reason when I put an image 
into a dB, I also put in the type.


tedd

--

http://sperling.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: How to ping a webserver with php?

2006-03-24 Thread tedd


Merlin wrote:

Hi there,

I do have a webserver (that also runns php 4.x) running which I 
would like to ping from an intranet server. In case that the 
webserver is down and therefore my webapp the php script which does 
the ping should send an e-mail which results in a message on my 
mobile.


Are there any commands for PHP which you can recommend for doing that?

The plan was to write a php file which does the ping and e-mail 
thing and execute it via cron every few minutes.


Can somebody give me a hint on the commands I could use for the ping?


Try:

http://www.weberdev.com/get_example-4129.html

tedd
--

http://sperling.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Parents constructor

2006-03-24 Thread tedd


Pham said:


I want to execute polymorphism.


I've felt that way too.

tedd

--

http://sperling.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Parents constructor

2006-03-24 Thread Robert Cummings

On Fri, 2006-03-24 at 10:50, Jochem Maas wrote:
> Pham Huu Le Quoc Phuc wrote:
> > I want to execute polymorphism.
> > 
> 
> ...BUT the OP didn't ask about polymorphism and php
> doesn't support it at all anyway.

Ummm, PHP supports polymorphism.. it has at least since PHP 4.

http://whatis.techtarget.com/definition/0,,sid9_gci212803,00.html

1 and 3 in the above link are supported. Number 2 is not, however, that
is usually referred to as function/method overloading and not so often
by polymorphism. Number 3 is the most common type when discussing
polymorphism.

Cheers,
Rob.
-- 
..
| InterJinn Application Framework - http://www.interjinn.com |
::
| An application and templating framework for PHP. Boasting  |
| a powerful, scalable system for accessing system services  |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for   |
| creating re-usable components quickly and easily.  |
`'

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] colored text in images

2006-03-24 Thread Marcus Gnaß


Hi list!

I like to generate a larger image from different tiles. Each tile should 
have a text on it which should be red for better readability. I figured 
out how to compose the larger image but got stuck when to color the 
text. I tried the following code:


$img = imagecreate($w * 100, $h * 100);
$tile = imagecreatefromgif($tile_name);
$red = imagecolorallocate($tile, 255, 0, 0);
imagestring($tile, $font, $gebilde_x, $gebilde_y, $gebilde, $rot);
imagecopy($map, $tile, $dst_x, $dst_y, 0, 0, imagesx($tile), 
imagesy($tile));

header("Content-Type: image/gif");
imagegif($map);

The text was writte an expected, just it was grey and not red. What do I 
have to do to make it read and why was it grey?


Marcus

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] colored text in images

2006-03-24 Thread Kevin Kinsey


Marcus Gnaß wrote:


Hi list!

I like to generate a larger image from different tiles.
Each tile should have a text on it which should be
red for better readability. I figured out how to
compose the larger image but got stuck when
to color the text. I tried the following code:

$img = imagecreate($w * 100, $h * 100);
$tile = imagecreatefromgif($tile_name);






$red = imagecolorallocate($tile, 255, 0, 0);
imagestring($tile, $font, $gebilde_x, $gebilde_y, $gebilde, $rot);




Because PHP doesn't grok that $red==$rot, and I'm not
sure that it is, either?  What happens when you use $red
in the imagestring() call?


imagecopy($map, $tile, $dst_x, $dst_y, 0, 0, imagesx($tile), 
imagesy($tile));

header("Content-Type: image/gif");
imagegif($map);

The text was writte an expected, just it was grey and not
red. What do I have to do to make it read and why was it grey?



Hopefully, you caught that above.  The 6th parameter of
imagestring should be an integer to represent the color.

HTH,

Kevin Kinsey

--
You will hear good news from one you thought unfriendly to you.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] colored text in images

2006-03-24 Thread tedd


Hi list!

I like to generate a larger image from different tiles. Each tile 
should have a text on it which should be red for better readability. 
I figured out how to compose the larger image but got stuck when to 
color the text. I tried the following code:


$img = imagecreate($w * 100, $h * 100);
$tile = imagecreatefromgif($tile_name);
$red = imagecolorallocate($tile, 255, 0, 0);
imagestring($tile, $font, $gebilde_x, $gebilde_y, $gebilde, $rot);
imagecopy($map, $tile, $dst_x, $dst_y, 0, 0, imagesx($tile), imagesy($tile));
header("Content-Type: image/gif");
imagegif($map);

The text was writte an expected, just it was grey and not red. What 
do I have to do to make it read and why was it grey?


Marcus


Marcus:

Instead of:

imagestring($tile, $font, $gebilde_x, $gebilde_y, $gebilde, $rot);

Try using this (if you have FreeType Functions):

ImageTTFText ($im,  $gebilde, $rot, $gebilde_x, $gebilde_y, $red, 
$font, $tile);


If you don't have FreeType Functions see:

http://www.weberdev.com/get_example-131.html

tedd
--

http://sperling.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Why does this work on one server...(Final comment)

2006-03-24 Thread tedd


Richard:

I'm not arguing with you, I just want to understand the problem and solution.

I said:


 > For storing an image into MySQL I simply used:



 > $image_large = mysql_real_escape_string($buffer);


 Then for displaying the image, I use:

 if (get_magic_quotes_gpc())
{
$fileContent = stripslashes($fileContent);
}


You said:


This is bass-ackwards...

What you've done is store the data with "double" addslashes() when
MagicQuotes are on, and then you "undo" one of them.

So your data actually in the database has an extra set of slashes on it.

That's not good clean data.


If I perform stripslashes first, then the process doesn't work.

Furthermore, according to:

http://us3.php.net/mysql_real_escape_string

This function must always (with few exceptions) be used to make data 
safe before sending a query to MySQL.


As such, I used escape_string before the query. Is mine one of those 
exceptions?




You said:


Stop confusing the hell out of yourself, and use .htaccess to turn
magic_quotes OFF and magic_quotes_runtime OFF!!!


Great idea -- I will do -- I just wanted to understand the problem.



You also said:


Another thought he'll have to face eventually, on this insane path of
JPEG in database storage:

What size buffer does PHP <-> MySQL have?

If your JPEG is too big, ka-boom.

Actually, it's more like "silently discard the tail end of my larger
JPEGs, and some images are broken, but it works for small images, what
did I do wrong?"


I've had that happen (half image thing). The solution is to load the 
image into tmp directory, which is done anyway, and then reduce the 
image to the size(s) you want before storing it into MySQL.


-

You also said:


You really should consider using a highly-optimized large-sized-data
custom piece of wonderful software that's really MUCH better for
storing, managing, and retrieving JPEGs than MySQL...

It's called:  "the file system"

You're almost for sure NOT using any real MySQL features on your JPEG
data.  It's not indexed for speed of retrieval based on raw bytes.
It's not something you're going to search through the raw bytes for
eye color.  MySQL will RARELY (and only for tiny files) be any faster
than the file system for retrieval.  So you're just clogging up your
database with this massive chunk of data for no real reason.


I'm aware of the file system, I've used it a couple of times in my life.

Storing things in MySQL should not be based upon "If you're going to 
search the field or not". MySQL storage is simply a way to store 
stuff. It's not that much different than storing things on the "file 
system" because all you're storing is 1's and 0's anyway, right? It 
should not make any difference if file's 1's and 0's are stored on a 
file system's hard drive or the files 1's and 0's are stored in a 
MySQL dB, which is also stored on a hard drive, right?


Remember, the only difference here is the overhead architecture of 
how to access the data -- there are no differences between 1's and 
0's depending on where they are stored on a hard drive.


Now, one can argue that the time it takes to pull an image from MySQL 
is different than from the file system, I've experienced that, and 
it's important to me, and I will be changing my method to the file 
system.


However, using MySQL for storing things does present some advantages 
-- like associating related but different data types together data in 
one record (it's hard to do that using a file system); moving data 
from one server to another (again, it's hard to do that with a file 
system); easier record keeping and editing; and if my memory serves 
me right (which may be in error), there is a limit to the number of 
records you can have in a directory whereas that isn't so in MySQL 
(memory permitting of course).


-

You also said:


You'll then need to start messing with BLOB data fields and
special-handling.


If what you mean in "special-handling" is what I've experienced here, 
then I have to agree with you. However, all data types require some 
form of "special-handling" it's just that BLOB's are not as well 
understood IMO. My post to this list and the assorted answers I 
received is an example of this.


For example, if I had posted "How do you store strings in MySQL?" 
then I would guess that all the answers would have been the same. But 
when I ask about BLOB's, I received an assortment of answers -- so 
apparently, there is confusion on this list as well.




You also said:


Again I say, just put the damn files in the file system where they
belong.


An opinion (see below).



You also said:


We've been through this whole scenario on this list S many times
it's frightening! :-)

It's like watching the same episode of Twilight Zone over and over and
over.  And not a good episode, either. :-)


Interesting you should say that -- Dennis Weaver appeared in a 
Twilight Zone episode where he was a prisoner who was executed over 
and over

Re: [PHP] Why does this work on one server...(Final comment)

2006-03-24 Thread Robin Vickery

On 24/03/06, tedd <[EMAIL PROTECTED]> wrote:
>
> Storing things in MySQL should not be based upon "If you're going to
> search the field or not". MySQL storage is simply a way to store
> stuff. It's not that much different than storing things on the "file
> system" because all you're storing is 1's and 0's anyway, right? It
> should not make any difference if file's 1's and 0's are stored on a
> file system's hard drive or the files 1's and 0's are stored in a
> MySQL dB, which is also stored on a hard drive, right?
>
> Remember, the only difference here is the overhead architecture of
> how to access the data -- there are no differences between 1's and
> 0's depending on where they are stored on a hard drive.
>
> Now, one can argue that the time it takes to pull an image from MySQL
> is different than from the file system, I've experienced that, and
> it's important to me, and I will be changing my method to the file
> system.
>
> However, using MySQL for storing things does present some advantages
> -- like associating related but different data types together data in
> one record (it's hard to do that using a file system); moving data
> from one server to another (again, it's hard to do that with a file
> system); easier record keeping and editing; and if my memory serves
> me right (which may be in error), there is a limit to the number of
> records you can have in a directory whereas that isn't so in MySQL
> (memory permitting of course).

The technical limit per directory in ReiserFS is slightly more than
half a billion files. Although with the standard hashing function the
practical limit is about 1.2 million. Would you like to hazard a guess
about MySQL's performance with 1.2 million images in the same file?

MySQL stores each table in it's own file which is subject to the
filesystem size limits. For example the maximum file size in ReiserFS
3.5 is 2 Gig. So ignoring all the overheads, to fit more than 1.2
million images in a table, they'd have to average rather less than 2kb
in size.

Each of these images is likely to be a different size so you're stuck
with variable length records, which has a significant performance
impact in MySQL. It'll also result in gaps in the file which will
further restrict the amount you can get in there.

You'd better make sure your indexing on the table is good, because a
sequential scan over that amount of data will give your disk IO a good
workout.

If you'd kept all your files in the filesystem you'd be able to
leverage all the efficient tools honed over the years to manipulate
them, and copying them to another server would involve just a simple
rsync.

If you need to associate the files with a particular record, all you
need to do is store the filename. It's not rocket science.

At the physical level, you're correct; It's all just binary data. At
every other level there's a big difference between using the
filesystem directly and bunging everything in MySQL.

  -robin

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] security risk by using remote files with include(); ?

2006-03-24 Thread Anthony Ettinger

On 3/24/06, Chris Shiflett <[EMAIL PROTECTED]> wrote:
> Merlin wrote:
> > I am wondering if I am opening a potential security risk by
> > including files on remote servers.
>
> Yes.
>
> > I am doing an include ('http:/www.server.com/file.html') inside
> > a php script of mine to seperate content from function. Content
> > is produced by a friend of mine and I do not want to grant
> > access to my server to him.
>
> You already are. You're basically instructing PHP to evaluate file.html
> as PHP code, so your friend can execute any PHP code on your server.
>
> If you only want to display file.html, use readfile(). This reduces your
> risk from remote code injection to cross-site scripting (XSS).
>
> > If including  into his file, I do get the info
> > of php and I believe it is the phpinfo of my server.
>
> If he's executing phpinfo() on his server, it's going to describe his
> server. If he's outputting:
>
> 
>
> Then you're going to execute that when you include it.
>
> > That lets me believe that he could write now any php code which
> > would be ececuted on my server. Is that right? And if yes, what
> > can I do against it?
>
> Use readfile(), but remember that this allows him to inject anything he
> likes into the content you send users, so your passing your risk onto
> your users.
>
> Chris
>

If you don't trust him enough to give him access to your server, why
are you letting him dynamically include code?


--
Anthony Ettinger
Signature: http://chovy.dyndns.org/hcard.html

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] deleting muliple feilds from a table using an array

2006-03-24 Thread benifactor

example code:
//implode the value of the submitted form
//$del will look like 38, 40, 43 
$del = implode(",", $idd);
//create query for the deletion of values from submited form
$query = "delete From news where id = '$del'";
//execute query
mysql_query($query) or die(mysql_error());
//echo sucess message
echo("The Post has been deleted...");


here is what my problem is...

This code will only delete the first value of $idd. what i think is wrong is i 
have the incorrect syntax to delete multiple feilds from a table if some one 
can help me it would be greatly appreactiated.

Re: [PHP] deleting muliple feilds from a table using an array

2006-03-24 Thread Robin Vickery

On 24/03/06, benifactor <[EMAIL PROTECTED]> wrote:
>
> //$del will look like 38, 40, 43
>
> $query = "delete From news where id = '$del'";
>
> This code will only delete the first value of $idd. what i think is wrong is 
> i have the incorrect syntax to delete multiple feilds from a table if some 
> one can help me it would be greatly appreactiated.
>

DELETE FROM news WHERE id IN (38, 40, 43)

 -robin

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] deleting muliple feilds from a table using an array

2006-03-24 Thread Brady Mitchell


> -Original Message-
> example code:
> //implode the value of the submitted form
> //$del will look like 38, 40, 43 
> $del = implode(",", $idd);
> //create query for the deletion of values from submited form
> $query = "delete From news where id = '$del'";
> //execute query
> mysql_query($query) or die(mysql_error());
> //echo sucess message
> echo("The Post has been deleted...");
> 
> 
> here is what my problem is...
> 
> This code will only delete the first value of $idd. what i 
> think is wrong is i have the incorrect syntax to delete 
> multiple feilds from a table if some one can help me it would 
> be greatly appreactiated.

$query = "delete From news where id IN($del)"; 

Take a look at
http://dev.mysql.com/doc/refman/5.0/en/where-optimizations.html.  The
user comments are helpful.

Brady

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] deleting muliple feilds from a table using an array

2006-03-24 Thread benifactor

thanks all, very helpful!
- Original Message - 
From: "Brady Mitchell" <[EMAIL PROTECTED]>
To: "benifactor" <[EMAIL PROTECTED]>; "php" 
Sent: Friday, March 24, 2006 1:21 PM
Subject: RE: [PHP] deleting muliple feilds from a table using an array



> -Original Message-
> example code:
> //implode the value of the submitted form
> //$del will look like 38, 40, 43 
> $del = implode(",", $idd);
> //create query for the deletion of values from submited form
> $query = "delete From news where id = '$del'";
> //execute query
> mysql_query($query) or die(mysql_error());
> //echo sucess message
> echo("The Post has been deleted...");
> 
> 
> here is what my problem is...
> 
> This code will only delete the first value of $idd. what i 
> think is wrong is i have the incorrect syntax to delete 
> multiple feilds from a table if some one can help me it would 
> be greatly appreactiated.

$query = "delete From news where id IN($del)"; 

Take a look at
http://dev.mysql.com/doc/refman/5.0/en/where-optimizations.html.  The
user comments are helpful.

Brady

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Why does this work on one server...(Final comment)

2006-03-24 Thread Chris Shiflett


If I perform stripslashes first, then the process doesn't work.


I usually raise eyebrows with this statement, but you should never (with 
very, very few exceptions) need to unescape anything. Ever.


Richard was pointing out that the only reason you would need to strip 
slashes after retrieving data from the database is if you escaped it 
twice before putting it in there.


If you're only escaping it once, which you seem to be claiming, then you 
should not have to unescape anything.


Hope that helps.

Chris

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Why does this work on one server...(Final comment)

2006-03-24 Thread Chris Shiflett


tedd wrote:

> I usually raise eyebrows with this statement, but you should
> never (with very, very few exceptions) need to unescape
> anything. Ever.

What's this then?

http://us3.php.net/mysql_real_escape_string


That's an escaping function.

Chris

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Why does this work on one server...(Final comment)

2006-03-24 Thread tedd


tedd wrote:

 > I usually raise eyebrows with this statement, but you should

 never (with very, very few exceptions) need to unescape
 anything. Ever.


What's this then?

http://us3.php.net/mysql_real_escape_string


That's an escaping function.

Chris


A, it pays to read.

Thanks -- it's been a long day. Now that I'm turning off 
register_globals and magic_quotes, I'm now trying to figure out why 
some of my scripts aren't working.


tedd
--

http://sperling.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Test email

2006-03-24 Thread PHP Mailer


Seems pretty dead tonight.
Checking POP3 quickly.

Ignore this email or reply kindest!

=)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Test email

2006-03-24 Thread Pham Huu Le Quoc Phuc


- Original Message - 
From: "PHP Mailer" <[EMAIL PROTECTED]>
To: 
Sent: Saturday, March 25, 2006 10:59 AM
Subject: [PHP] Test email


> Seems pretty dead tonight.
> Checking POP3 quickly.
> 
> Ignore this email or reply kindest!
> 
> =)
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

44 matches

Mail list logo