[PHP] fread question
Hello, I have been trying to use fread to open a file, but it always escapes special characters. How do I open afile without it modifying my original file: $_POST[$fname] = fread($fileHandle, $_POST[$fname.'_size']); I use this and get slashes everywhere.This kills my REGex that gets coded next. Thanks Mike -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] fread question
>From my phpinfo: magic_quotes_runtime Off "Robert Cummings" wrote in message news:1229567238.8302.35.ca...@localhost... > On Wed, 2008-12-17 at 19:54 -0500, MikeP wrote: >> Hello, >> I have been trying to use fread to open a file, but it always escapes >> special characters. >> How do I open afile without it modifying my original file: >> >> $_POST[$fname] = fread($fileHandle, $_POST[$fname.'_size']); >> I use this and get slashes everywhere.This kills my REGex that gets coded >> next. > > Check this magically shitty setting in your php.ini: > >magic_quotes_runtime > > It should be off unless someone with less brains than a turd got a hold > of your ini file. > > Cheers, > Rob. > -- > http://www.interjinn.com > Application and Templating Framework for PHP > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] fread question
But this one is ON magic_quotes_gpc "Robert Cummings" wrote in message news:1229567238.8302.35.ca...@localhost... > On Wed, 2008-12-17 at 19:54 -0500, MikeP wrote: >> Hello, >> I have been trying to use fread to open a file, but it always escapes >> special characters. >> How do I open afile without it modifying my original file: >> >> $_POST[$fname] = fread($fileHandle, $_POST[$fname.'_size']); >> I use this and get slashes everywhere.This kills my REGex that gets coded >> next. > > Check this magically shitty setting in your php.ini: > >magic_quotes_runtime > > It should be off unless someone with less brains than a turd got a hold > of your ini file. > > Cheers, > Rob. > -- > http://www.interjinn.com > Application and Templating Framework for PHP > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] fread question
Still having problems: magic_quotes_runtime is off BUT magic_quotes_gpc is on I cant change them myself so I tried stripslashes That doesnt work though: $_POST[$fname] = fread($fileHandle, $_POST[$fname.'_size']); $test=$_POST[$fname]; $test3=stripslashes($test); $test3 and $test are the same. Any other Ideas? Thanks mike "Robert Cummings" wrote in message news:1229567238.8302.35.ca...@localhost... > On Wed, 2008-12-17 at 19:54 -0500, MikeP wrote: >> Hello, >> I have been trying to use fread to open a file, but it always escapes >> special characters. >> How do I open afile without it modifying my original file: >> >> $_POST[$fname] = fread($fileHandle, $_POST[$fname.'_size']); >> I use this and get slashes everywhere.This kills my REGex that gets coded >> next. > > Check this magically shitty setting in your php.ini: > >magic_quotes_runtime > > It should be off unless someone with less brains than a turd got a hold > of your ini file. > > Cheers, > Rob. > -- > http://www.interjinn.com > Application and Templating Framework for PHP > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Regex Problem
Hello, I have a quirky behavior I'm trying to resolve. I have a REGEX that will find a function definition in a php file: .function InsertQuery($table,$fields,$values). the REGEX is: $regex='/function [a-z]* *([$a-zA-Z]*)/'; the problem is that: 1. a slash is automattically put in front of the $. This is good but I dont know how it gets there. 2.a slash is NOT put in front of the parenthesis. Thats bad 3. If I try to escape the parenthesis with a \ , I get \\. Help -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] fread question
you have magic_quotes_runtime turned on LOCALLY. Use phpinfo() to see. NOmagic_quotes_runtime Off you actually managed to put the backslashes into your text file. NO . . . . ,/()%...@!',''); //fix special chars in name $_POST[$fname.'_fname'] = strtr($_POST[$fname.'_fname'],"'","_"); $fileHandle = fopen($_FILES[$fname]['tmp_name'], "r"); $_POST[$fname] =stripslashes(fread($fileHandle, $_POST[$fname.'_size'])); Neither wrote in message news:20081218155854.69674.qm...@o2.hostbaby.com... > > PHP does *not* do the addslashes on $_POST when you cram something into it > in your PHP code. > > It does it during the process of auto-filling up $_POST. > > So either: > A) you have magic_quotes_runtime turned on LOCALLY. Use phpinfo() to see. > B) you actually managed to put the backslashes into your text file. > > PS > You really shouldn't be cramming data into $_POST, imho. > Too confusing for later development/maintenance. > $_POST should be "read only" > Copy the parts of $_POST you want into something else, and add in your > file contents as well. > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Php question from Newsgroup
""Boyd, Todd M."" wrote in message
news:33bde0b2c17eef46acbe00537cf2a190037b7...@exchcluster.ccis.edu...
Mike -- I've "bottom posted" my reply, as is the convention for this list
(and most others). Scroll down.
From: Mike Peloso [mailto:mpel...@princeton.edu]
Sent: Thursday, December 18, 2008 9:56 AM
To: Boyd, Todd M.
Subject: Php question from Newsgroup
Todd,
I have attached a few jpgs to show the problems I am having (With both of my
recent posts)
Any questions you can call me.
The first one shows the value of the php file I am trying to parse.( I cant
set any of those directives,) I can't set php.ini per dir
The second shows what your REGEX looks like as its being sent to:
preg_match_all($regex, $test2, $result, PREG_PATTERN_ORDER);
As you can see there is a whole lot of escaping going on here.
Thanks
Mike
Heres all the code:
,/()%...@!',''); //fix special chars in
name
$_POST[$fname.'_fname'] = strtr($_POST[$fname.'_fname'],"'","_");
$fileHandle = fopen($_FILES[$fname]['tmp_name'], "r");
$_POST[$fname] =stripslashes(fread($fileHandle, $_POST[$fname.'_size']));
$test=$_POST[$fname];
$test3=stripslashes($test);
//$regex='/function [a-z]* *([$a-zA-Z]*)/';
//$regex='/function [a-z]* *(?$[a-z]*)?/';
$regex = '/function\s+[-_a-z0-9]+\s*\((\s*$\?[-_a-z0-9]+\s*,?)*\s*\)/i';
$functions=do_reg($regex,$test);
}
function do_reg($regex,$test)
{ $test2=preg_quote($test);
preg_match_all($regex, $test2, $result, PREG_PATTERN_ORDER);
return $result = $result[0];
}
?>
Mike,
You are using preg_quote(). This will add slashes to every "special" RegEx
character in your pattern (i.e., parentheses and dollar signs, etc.). Try
performing your RegEx search without using preg_quote() and let me know if
it does any better. Also--try to keep your replies on the PHP List, as the
information in them can be used by others on their own projects.
// Todd
Were getting there
The only fuction i get is one without any parameters.
I'll play with it, but if you see an error in your regex let me know.
Thanks
Mike
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Regex Problem
""Boyd, Todd M."" wrote in message
news:33bde0b2c17eef46acbe00537cf2a190037b7...@exchcluster.ccis.edu...
> -Original Message-
> From: MikeP [mailto:mpel...@princeton.edu]
> Sent: Thursday, December 18, 2008 8:43 AM
> To: php-general@lists.php.net
> Subject: [PHP] Regex Problem
>
> Hello,
> I have a quirky behavior I'm trying to resolve.
> I have a REGEX that will find a function definition in a php file:
> .function InsertQuery($table,$fields,$values).
> the REGEX is:
> $regex='/function [a-z]* *([$a-zA-Z]*)/';
> the problem is that:
> 1. a slash is automattically put in front of the $. This is good but I
> dont
> know how it gets there.
> 2.a slash is NOT put in front of the parenthesis. Thats bad
> 3. If I try to escape the parenthesis with a \ , I get \\.
> Help
Mike,
Certain characters are considered "special" in RegEx. The $ means "end
of the line," so it must be escaped to avoid confusing its meaning. I
was not sure it had to be escaped within a character set [], but that
may very well be the case. Try this:
$regex = '/function\s+[-_a-z0-9]+\s*\((\s*\$?[-_a-z0-9]+\s*,?)*\s*\)/i';
The word "function" is followed by 1 or more spaces (or tabs). The
function name [-_a-z0-9] can be a combination of alpha-numeric
characters, underscore, and dash. Then, there is optional whitespace
between the name of the function and its parameters. The opening
parenthesis "(" for parameters has been escaped (as has the closing
parenthesis). Then, in a repeatable capture group, the parameters can be
grabbed: Indefinite whitespace, an optional $ (because maybe you're not
using a variable, eh?), one or more alpha-numeric, underscore, or dash
characters, followed by indefinite whitespace and an optional comma (if
there are more arguments). After any number of instances of the capture
group, the regex continues by looking for indefinite whitespace followed
by the closing parenthesis for the function text. The "i" switch at the
end simply means that this regex pattern will be treated as
case-insensitive ('APPLE' == 'apple').
If you're not worried about actually splitting up the function
parameters into capture groups, then you can just use a look-ahead to
ensure that you grab everything up till the LAST parenthesis on the
line.
$regex = '/function\s+[-_a-z0-9]+\s*\(.*?\)(?=.*\)[^)]*)/i';
That one probably needs to be tweaked a bit in order to actually grab
the last parenthesis (instead of just checking for its existence). If
you're willing to trust the text you'll be searching through, you can
probably avoid that "last parenthesis" rule altogether, and make a lazy
regex:
$regex = '/function\s+[-_a-z0-9]+\s*\(.*?/i';
Once you get to the opening parenthesis for the function parameters,
that last regex assumes that the rest of the line will also include that
function declaration, and just grabs everything left. If you are using a
regex setup to where the dot marker can also consume newline or carriage
return characters, just throw a "$" at the end of the regex (before the
flags part "/i") in order to tell it just to grab characters until it
reaches the end of the line:
$regex = '/function\s+[-_a-z0-9]+\s*\(.*?$/i';
These are all untested, but hopefully I've given you a nudge in the
right direction. If you are still getting strange behavior out of your
PCRE engine, then perhaps you have a different version installed than
what I'm used to--all of the above should work (perhaps with some very
minor changes) in PHP.
HTH,
// Todd
GOT IT!!
Thanks.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Variable as an index
Hello, I am trying to output the value of the following:($x is an int incremented by a for statement. echo " '$users[$x][U]' "; I have tried putting the quotes all over and all I get is: 'Array[U]'. What am I doing wrong. Thanks Mike -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variable as an index
Nevermind, Got it. ""MikeP"" wrote in message news:3c.17.23981.6c8be...@pb1.pair.com... > Hello, > I am trying to output the value of the following:($x is an int incremented > by a for statement. >echo " > > '$users[$x][U]' >"; > > I have tried putting the quotes all over and all I get is: > 'Array[U]'. > > What am I doing wrong. > Thanks > Mike > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Quotes in querys
Hello, I am trying to get the following to work: "Select Netid from Users where Netid = '$_SESSION[phpCAS][user]'" Netid is a string type. No matter where of if I put the quotes, I still get array[phpCAS] not the value. If there is anything I still have trouble with after all these years its quoting variables. Help? Thanks Mike -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quotes in querys
""Eric Butera"" wrote in message news:6a8639eb0901140825h1d603d01i3ffcce919dca6...@mail.gmail.com... > On Wed, Jan 14, 2009 at 11:17 AM, MikeP wrote: >> Hello, >> I am trying to get the following to work: >> "Select Netid from Users where Netid = '$_SESSION[phpCAS][user]'" >> Netid is a string type. >> No matter where of if I put the quotes, I still get array[phpCAS] not the >> value. >> If there is anything I still have trouble with after all these years its >> quoting variables. >> Help? >> Thanks >> Mike >> >> >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> > > Dude we just helped you with this same exact thing the other day. And > you're still allowing SQL injection. No, actually I test my querys first and then wrap them in mysql_real_escape_string(). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quotes in querys
Thanks, Thats the kind of help I was looking for.
Mike
wrote in message
news:20090114162142.65944.qm...@o2.hostbaby.com...
>
> You can only interpolate ONE level of array or object indirection in a
> string.
>
> WORKS:
> "... $foo[x] ..."
> "... $foo->x ..."
>
> FAILS:
> "... $foo[x][y] ..."
> "... $foo->x->y ..." //almost for sure it fails, never tried...
>
> You can use curly braces in side a string to evaluate something:
>
> WORKS:
> "... {$foo[x][y]} ..."
> "... {$foo->x->y} ..."
>
> [soapbox]
> I personally think this is possibly the ugliest wart of variable/string
> interpolation.
>
> Not sure how/why it came about, but it makes zero sense, really...
> [/soapbox]
>
> ymmv
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] extention question
Hello, How do I know if an extension (specifically php-domxml) has to be compiled or can just be loaded. I am using RedHat Linux . Thanks Mike -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Upload file name not file
Hello, Id like to use the popup file system box() to choose a file name , but I only want to upload the filename , not the file. Can I do that? Thanks Mike -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Upload file name not file
I'm not trying to get the path, just the filename and size, I know how to get these, but that would include the file using $_Files, but I dont want to upload anything just use the filename and size.(without the path) to insert into a DB. "Simon" wrote in message news:5f14cf5e0905010629s2253cc3bk2a83dbf8b754c...@mail.gmail.com... >> Id like to use the popup file system box(> type="file" >> />) to choose a file name , but I only want to upload the filename , not >> the >> file. Can I do that? > > You're not supposed to have any access to the remote visitor's > computer, and the path to the file being uploaded could contain > sensitive information (ie. like username of windows user). There are > ways to get the information, even to read information on disk without > the use of a file upload form. But they are/will be considered like > security threats and are/will be closed down. > > IMO, whatever way you find to get this information is meant 1) not to > be portable accross different browsers and 2) to stop working > eventually. (Of course unless you ask the user to explicitly type the > path in a text input) > > What do you need this for? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
