Re: [PHP] PDO Prepared Statements and stripslashes
Hello, The plug-in PDO has nothing to do with the backslashes being inserted into the database. The backslashes are used to escape characters like in D's...it would show D's. That's the safe behavior of it. You can change your programming code to fix that. Ravi. On Tue, Dec 21, 2010 at 12:59 AM, Rico Secada wrote: > On Tue, 21 Dec 2010 00:32:19 -0500 > Paul M Foster wrote: > > > On Tue, Dec 21, 2010 at 05:31:15AM +0100, Rico Secada wrote: > > > > > Hi. > > > > > > In an article about SQL Injection by Chris Shiflett he mentions the > > > following in a comment: "The process of escaping should preserve > > > data, so it should never be necessary to reverse it. When I'm > > > auditing an application, things like stripslashes() alert me to > > > design problems." > > > > > > Now, I'm always using PHP PDO with prepared statements and as such > > > data with quotes gets slashed automatically by PDO when inserted > > > into the database. > > > > Just out of idle curiosity, are you using MySQL? PDO shouldn't be > > backslashing quotes for PostgreSQL, as the PostgreSQL convention for > > values containing single quotes is to double the quotes, as: ''. > > Currently I'm working with MySQL, but I have just tested PDO with > PostgreSQL 8.3 and in this case PDO backslashes PostgreSQL as well. > > > > When I need to pull out the data something might be slashed and I > > > need to use stripslashes() or some str_replace() to make sure that > > > the slashes are removed. > > > > > > So what's the mistake here and what's the correct way to do it? > > > > I don't see a mistake. If the values come out of the database > > backslashed, then you need to remove them to work with the data. My > > only question would be whether you're sure the data is backslashed > > before PDO ever sees it. In which case, yes, you have a problem. > > No, the data is not slashed before PDO sees them. > > I didn't see a mistake either, but then what does Chris mean? Stripping > slashes from output from the DB alerts him to a design problem, and > I'm just wondering if there another way of doing things I just haven't > heard of then. > > > Paul > > > > -- > > Paul M. Foster > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] Common session for all subdomains?
That's a good question. There should be a setting on php.ini to allow cross session. Ravi. On Mon, Dec 20, 2010 at 7:05 PM, Jonathan Tapicer wrote: > Hi! > > You should use the function session_set_cookie_params to set the > session cookie domain to ".oire.org" like this comment explains: > php.net/manual/en/function.session-set-cookie-params.php#94961 > > Regards, > Jonathan > > On Mon, Dec 20, 2010 at 7:18 PM, Andre Polykanine wrote: > > Hello php-general, > > I've got a question: I have a site http://oire.org/. Then we started > > developing some applications at http://apps.oire.org/. > > How can I manage it in the way so the session valid at > > http://oire.org/ would be also valid at http://apps.oire.org/? > > Thanks! > > -- > > With best regards from Ukraine, > > Andre > > Skype: Francophile > > Twitter: http://twitter.com/m_elensule > > Facebook: http://facebook.com/menelion > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] Problem with Include
Why mess with something that is already working? If you are trying to make it pretty then you are not solving a problem. You are creating one. Ravi. On Mon, Dec 20, 2010 at 7:40 AM, Daniel P. Brown wrote: > On Mon, Dec 20, 2010 at 02:49, Simcha Younger wrote: > > > > Since it is being included by PHP, and not served by Apache, the > extension is not important. > > Correct, but keep in mind that it will likely be served as plain > text if accessed directly, if the web server is not properly > configured (which, by default, it isn't). > > -- > > Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting > (866-) 725-4321 > http://www.parasane.net/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] All records not displaying...
I would say enabled error_reporting(E_ALL); error_reporting(-1);
Then use die(mysql_error()); with your mysql function to get some debugging
data.
Also use var_dump($query_name) to find out what is spits out.
Debugging is your best friend here. If you don't use die() or
error_reporting() then you will see a blank screen.
Ravi.
On Sun, Dec 19, 2010 at 9:01 PM, Gary wrote:
>
> "Tamara Temple" wrote in message
> news:c6993909-dd90-4f52-bf6b-ab888c281...@gmail.com...
> >
> > On Dec 19, 2010, at 9:46 AM, Gary wrote:
> >
> >> I have an issue that the first record in a query is not being
> displayed.
> >> It
> >> seems that the first row in alphabetical order is not being brought to
> >> the
> >> screen.
> >>
> >> I have run the query in the DB and it displays the correct result, so
> it
> >> has
> >> to be in the php.
> >>
> >> I have a MySQL DB that lists beers. I have a column for 'type' of beer
> >> (imported, domestic, craft, light). The queries:
> >>
> >> $result = MySQL_query("SELECT * FROM beer WHERE type = 'imported' AND
> >> stock
> >> = 'YES' ORDER by beername ");
> >>
> >> When I run the query
> >>
> >> if (mysql_num_rows($result) == !'0') {
> >>$row = mysql_fetch_array($result);
> >>
> >> echo 'Imported Beers';
> >> echo ' >> id="tableone" summary="">
> >>
> >> Beer
> >> Maker
> >> Type
> >> Singles
> >> 6-Packs
> >> Cans
> >> Bottles
> >> Draft
> >> Size
> >> Description';
> >>
> >> while ($row = mysql_fetch_array($result)) {
> >>
> >> echo '' . $row['beername'].'';
> >> echo '' . $row['manu'] . '';
> >> echo '' . $row['type'] . '';
> >> echo '' . $row['singles'] . '';
> >> echo '' . $row['six'] . '';
> >> echo '' . $row['can'] . '';
> >> echo '' . $row['bottles'] . '';
> >> echo '' . $row['tap'] . '';
> >> echo '' . $row['size'] . '';
> >> echo '' . $row['descrip'] . '';
> >> '';
> >>}
> >> echo '';
> >>
> >> }
> >>
> >> All but the first row in alphabetical order are displayed properly.
> >>
> >> Can anyone tell me where I am going wrong?
> >> --
> >> Gary
> >>
> >> BTW, I do have a bonus question that is about javascript in this same
> >> file,
> >> so if anyone want to take a stab at that, I'll be happy to post it.
> >>
> >
> > This code will totally eliminate the first row of data.
> >
> >> if (mysql_num_rows($result) == !'0') {
> >>$row = mysql_fetch_array($result);
> >
> > Fetches the first row, but is not output. Because:
> >
> >> while ($row = mysql_fetch_array($result)) {
> >
> > Fetches the second row before you do any output of the data.
> >
> > Eliminate the first fetch_array and you're code should work fine.
> >
> > BTW, if you put the attributes 'width="n"' in the preceding
> > tags, you won't have to output them for each row. You should also put
> the
> > units those numbers are associated with.
> >
> >
> Tamara
>
> Thank you for your help and thank you for the explaination. I removed the
> line and it works fine. I dont remember where or why I had that line in
> there, it is code that I have "recycled" for a while now.
>
> Gary
>
>
>
> __ Information from ESET Smart Security, version of virus signature
> database 5716 (20101219) __
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Re: [PHP] array question
Jim Lucas has it. You can use the preg_match function to find it. I would
use regexp for that reason. regexp is good for making sure things are typed
the way they need to (mostly used for).
Ravi.
On Sat, Dec 18, 2010 at 5:17 PM, Jim Lucas wrote:
> On 12/17/2010 12:52 PM, Sorin Buturugeanu wrote:
>
>> Hello all!
>>
>> I have a question regarding arrays and the way I can use a value.
>>
>> Let's say I have this string:
>>
>> $s = 'banana,apple,mellon,grape,nut,orange'
>>
>> I want to explode it, and get the third value. For this I would normally
>> do:
>>
>> $a = explode(',', $s);
>> echo $s[2];
>>
>> That's all fine, but is there a way to get the value directly, without
>> having to write another line in my script. I mean something like this:
>>
>> echo explode(',', $s)[2];
>>
>> or
>>
>> echo {explode(',', $s)}[2];
>>
>> I couldn't find out this answer anywhere, that's why I posted here.
>>
>> Cheers and thanks!
>>
>>
> Sure it CAN be done. Nobody laugh too loud here... But...
>
>
> $s = 'banana,apple,mellon,grape,nut,orange';
> echo preg_replace('/([^,]+,){3}([^,]+).*/', '$2', $s);
>
> ?>
> Outputs: grape
>
> The {3} part is equivalent to the array position. Change that number, and
> you change which word will get displayed.
>
> Jim Lucas
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Re: [PHP] PHPInfo disabled due to security
Hello there, If you have a small to medium size web site then go to GoDaddy. Do not believe all that you see from php_info(). I will give you an example. The memory_limit it gives on shared hosting does not reflect the one intended for your shared account. It shows what was set for overall use. But blocking php_info() isn't right (at least I don't think so). Ravi. On Fri, Dec 17, 2010 at 10:25 AM, Daniel Brown wrote: > On Thu, Dec 16, 2010 at 23:39, Paul S wrote: > > > > Well, I was hoping for stronger arguments to get that DONE. I would think > > there be something in the PHP license > > that would FORBID disabling functionality. > > Really? You would really think that? Because we wouldn't. > > > After all, 'phpinfo' is essential, really, to achieving secure > > applications, isn't it? > > No. Writing good code is essential. > > -- > > Network Infrastructure Manager > Documentation, Webmaster Teams > http://www.php.net/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] Error Querying Database
Trying to connect to the database can involve setting up your database. Make
sure that you have a valid login/password that is recognized by MySQL.
Please keep in mind that MySQL works on permission by hosts. So your host IP
must be matched with the username/password on the database for a successful
authentication. One way to know that you can connect successfully to your
remote database is to actually test it. Download MySQL Workbench from
Mysql.com and then try to connect to remote from the same host that your php
application is sitting at. If it works, thumbs up. If it does not then you
have a permission issue there. Add your username/host appropriately.
If you can connect without a hitch then you are doing something wrong on
your code. Use mysql_connect(), mysql_select_db() and then send an statement
and use the resource to see if it returns TRUE or FALSE. At this point, on
FALSE it means that you have a bad written statement.
There is so much that can go wrong. Debug step by step.
Ravi.
On Thu, Dec 16, 2010 at 9:26 PM, Phred White wrote:
> It seems like there are several questions emerging, but ...
>
> Try echoing your query to the page by putting echo $query in your code
> before you call mysql, then copy it and run it in phpmyadmin. If it runs
> then you know your problem is somewhere else like the connection. This can
> really help you find typos that can cause mysterious results.
>
> If you want to use the same page to process the form (my preference) then
> put a hidden field in your form like:
>
>
>
> and wrap the form processing code like so:
>
> if (isset($_POST['phpaction'])) {
>//process submitted form data
> } else {
>//processing for initial form entry
> }
>
> When the form is initially loaded it will ignore the first part
> There are a 1000 ways to do this, but this is pretty straightforward.
>
> On Dec 15, 2010, at 1:34 PM, Gary wrote:
>
> >
> > "Steve Staples" wrote in message
> > news:1292440837.5460.8.ca...@webdev01...
> >> On Wed, 2010-12-15 at 13:42 -0500, Gary wrote:
> >>> I cant seem to get this to connect. This is to my local testing
> server,
> >>> which is on, so we need not worry that I have posted the UN/PW.
> >>>
> >>> This is a duplicate of a script I have used countless times and it
> >>> worked.
> >>> The error message is 'Error querying database.'
> >>>
> >>> Some one point out the error of my ways?
> >>>
> >>> Gary
> >>>
> >>>
> >>> " method="post">
> >>>
> >>>
> >>> Name of Beer />
> >>>
> >>>
> >>>
> >>>
> >>> Maker of Beer
> >>>
> >>>
> >>>
> >>>
> >>> Type of Beer
> >>>
> >>> Imported
> >>> Domestic
> >>> Craft
> >>> Light
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> Sold in
> >>>
> Singles >>> />
> >>> Six Packs
> >>> Cans
> >>> Bottles
> >>> Draft
> >>>
> >>>
> >>> Size
> >>>
> >>>
> >>> Description >>> rows="5">
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> >>> $beername = $_POST['beername'];
> >>> $manu = $_POST['manu'];
> >>> $type = $_POST['type'];
> >>> $singles = $_POST['singles'];
> >>> $six = $_POST['six'];
> >>> $can = $_POST['can'];
> >>> $bottles = $_POST['bottles'];
> >>> $tap = $_POST['tap'];
> >>> $size = $_POST['size'];
> >>> $desc = $_POST['desc'];
> >>> $ip= $_SERVER['REMOTE_ADDR'];
> >>>
> >>> $dbc = mysqli_connect('localhost','root','','rr')or die('Error
> connecting
> >>> with MySQL Database');
> >>>
> >>> $query = "INSERT INTO beer (beername, manu, type, singles, six, can,
> >>> bottles, tap, size, desc, ip )"." VALUES ('$beername', '$manu',
> '$type',
> >>> '$singles', '$six', '$can', '$bottles', '$tap', '$size', '$desc',
> >>> '$ip' )";
> >>>
> >>> $result = mysqli_query($dbc, $query)
> >>> or die('Error querying database.');
> >>>
> >>>
> >>> mysqli_close($dbc);
> >>>
> >>>
> >>>
> >>> --
> >>> Gary
> >>
> >>
> >> Read Ash's reply... but basically, you're running the query with POST
> >> variables, and inserting them on page display as well as on form submit.
> >>
> >> can you ensure that you can connect from the command line?
> >>
> >>
> >> if you may take some criticism, you should rethink your database design,
> >> as well as the page flow/design... you should either post the form to a
> >> new page, or if it is back to itself, you should check to see that you
> >> have in fact posted it before just blindly inserting into the database
> >> (as currently, every time you view the page, you will insert into the
> >> database, even if completely empty values).
> >>
> >
> > Steve
> >
> > Thank you for your reply.
> >
> > I did not see a reply from Ashley, but I would love to read it.
> >
> > I always welcome criticism, however this form is for the owner of a bar
> > where he will inputing his list of beer that he sells. The rest of the
> code
> > that is not there is I will have the list then echo to screen below the
> > form. This is an internal list only, no customers will be seeing
> itif
> > that makes any difference to your suggestion.
> >
> > On your one point
> >
> >
Re: [PHP] Problem with Include
My point is that you tried to take code from one page and put it all "organized" in another page and the include that page of includes back into the pages that you want it to feed off from. If stuff works the way that it does then there a reason for it to have been done that way. That's why documenting code is so important. 99% doesn't do it (including me). Ravi. On Tue, Dec 21, 2010 at 2:35 AM, David Hutto wrote: > On Tue, Dec 21, 2010 at 2:29 AM, Ravi Gehlot wrote: > > Why mess with something that is already working? If you are trying to > make > > it pretty then you are not solving a problem. You are creating one. > > > Define working. I've had programs 'work', but more experienced would > say it's flawed in some respect. Does it perform the immediate task? > > Now define pretty. Is it aesthetically pleasing to you, or to someone > else with less, or maybe more experience. > > By defining the two above, you then define whether it's a problem. To > you, or to them, or to the original designer? > > > > > Ravi. > > > > > > On Mon, Dec 20, 2010 at 7:40 AM, Daniel P. Brown > > wrote: > > > >> On Mon, Dec 20, 2010 at 02:49, Simcha Younger > wrote: > >> > > >> > Since it is being included by PHP, and not served by Apache, the > >> extension is not important. > >> > >> Correct, but keep in mind that it will likely be served as plain > >> text if accessed directly, if the web server is not properly > >> configured (which, by default, it isn't). > >> > >> -- > >> > >> Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting > >> (866-) 725-4321 > >> http://www.parasane.net/ > >> > >> -- > >> PHP General Mailing List (http://www.php.net/) > >> To unsubscribe, visit: http://www.php.net/unsub.php > >> > >> > > > > > > -- > They're installing the breathalyzer on my email account next week. >
Re: [PHP] Problem with Include
If something is working and you don't know exactly whats under the hood then you are wasting your time in trying to re-invent your own wheel and waste your time and resources to modify something that isn't needed to be touched. Good programmers make good use of their time as well. We need to keep in check with new technology, learn new trends and also master our weakness. If we keep changing this or that or moving that or this then oh well...there goes 1 day worth of work to figure stuff out. Just my take on this. If you think different, then no problems. Regards, Ravi. On Tue, Dec 21, 2010 at 10:23 AM, Paul M Foster wrote: > On Tue, Dec 21, 2010 at 02:35:33AM -0500, David Hutto wrote: > > > On Tue, Dec 21, 2010 at 2:29 AM, Ravi Gehlot > wrote: > > > Why mess with something that is already working? If you are trying to > make > > > it pretty then you are not solving a problem. You are creating one. > > > > > > Define working. I've had programs 'work', but more experienced would > > say it's flawed in some respect. Does it perform the immediate task? > > > > Now define pretty. Is it aesthetically pleasing to you, or to someone > > else with less, or maybe more experience. > > > > By defining the two above, you then define whether it's a problem. To > > you, or to them, or to the original designer? > > Beware of "more experienced" programmers. I recently talked to an > ex-boss of mine who had a programmer flake out on him. One of his > customers threatened to take this flaky code to another company and get > their opinion about whether it was good code or not. My ex-boss > explained that, of course, they'd shoot it down. Because that's what > programmers do-- they complain about other programmers' code. I'd never > heard that idea expressed aloud. But when I thought about it, I realized > it was true. Hell, look at the content of this list. ;-} > > Paul > > -- > Paul M. Foster > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] PHPInfo disabled due to security
Hello there, GoDaddy show 20M for their limit size when they only allow a max of 5.6 MB of upload. So what I mean is don't try what you see from php_info(). Ravi. On Tue, Dec 21, 2010 at 9:48 AM, Daniel Brown wrote: > On Tue, Dec 21, 2010 at 02:40, Ravi Gehlot wrote: > > Hello there, > > > > If you have a small to medium size web site then go to GoDaddy. Do not > > believe all that you see from php_info(). I will give you an example. The > > memory_limit it gives on shared hosting does not reflect the one intended > > for your shared account. It shows what was set for overall use. But > blocking > > php_info() isn't right (at least I don't think so). > > Please don't top-post in addition to giving incorrect information like > this. > > -- > > Network Infrastructure Manager > Documentation, Webmaster Teams > http://www.php.net/ >
Re: [PHP] Common session for all subdomains?
Daniel, Good info. Ravi. On Tue, Dec 21, 2010 at 10:23 AM, Daniel Brown wrote: > On Tue, Dec 21, 2010 at 02:27, Ravi Gehlot wrote: > > That's a good question. > > > > There should be a setting on php.ini to allow cross session. > > Right. Because who needs to teach folks about computer security > when we can just disable it for them anyway? > >Like Jonathan pointed out, it's a matter of adjusting the cookie > parameters to match wildcard subdomains by preceding the part of the > domain (usually the SLD, but some ccTLD or FQDN situations can be > different) with a dot, like so:.example.com > > -- > > Network Infrastructure Manager > Documentation, Webmaster Teams > http://www.php.net/ >
Re: [PHP] Re: Session problem
Walter, Session variables may be using cookies which in turn create temp files for storing such cookies. Ravi. On Tue, Dec 21, 2010 at 11:32 AM, Walter Caielli wrote: > I've fixed the problem. > I don't know why, but suddenly windows prevents PHP from writing into > C:\windows\temp directory. > Moving the session and log files to another directory solved the problem. > Until few days ago it worked. I've now to discovered what was changed in > windows configuration. > > > > ""Walter Caielli"" ha scritto nel messaggio > news:bd.40.31041.b7a60...@pb1.pair.com... > > I'm facing the following basic problem: > > > > I have made two simple sample files to explain it: > > > > 1st file: > > > session_start(); > >$_SESSION['SS_user'] = "user000"; > > echo $_SESSION['SS_user']; > > echo SID; > > echo "".session_id(); > > echo 'page 1'; > > ?> > > > > 2nd file > > > session_start(); > > echo "file Home"; > > echo session_name().'+'.session_id(); > > echo $_SESSION['SS_user']; > > ?> > > > > $_SESSION seems to be empty. Nothing is print. Session Name and session > ID > > are the same but it seems that $_SESSION is not shared across the two > > files. No HTML is made before sessioni_start(). > > Why? > > I'm using PHP 5.3.4 on IIS, windows XP SP3. Tested as localhost or from > > another PC inside a LAN. > > > > Many thanks > > Walter > > > > > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] Problem with Include
Hello, Good points. If you are getting paid to do that then fine. There is a difference between enhancing code and wasting time. I do my best to come up with the best I can. I always take notes to perform better in upcoming projects. It is imperative to make good use of time. Unless it is a security issue, no need to waste time. Again, if you are getting paid for it then fine. People tune cars for a reason, they want the attention or the thrill. If you want to tune your code for fun then nobody is against that either :) Ravi. On Tue, Dec 21, 2010 at 1:28 PM, a...@ashleysheridan.co.uk < a...@ashleysheridan.co.uk> wrote: > (Apologies for top posting; on my mobile just now.) > > Not true. Refactoring code is one of the main tasks of a developer. None of > us produce perfect code, and some code is less perfect than other code. It's > instinct to want to fix bad code when we're maintaining it or having to add > new features to it. > > For the same reason car enthusiasts tinker with and tune their cars, good > developers will do the same with code, be it in the form of consolidating > common code to include files or other ways. To not do so seems to me to > avoid ones nature really! > > Thanks, > Ash > http://www.ashleysheridan.co.uk > > - Reply message - > From: "Ravi Gehlot" > Date: Tue, Dec 21, 2010 18:12 > Subject: [PHP] Problem with Include > To: "Paul M Foster" > Cc: > > > If something is working and you don't know exactly whats under the hood > then > you are wasting your time in trying to re-invent your own wheel and waste > your time and resources to modify something that isn't needed to be > touched. > Good programmers make good use of their time as well. We need to keep in > check with new technology, learn new trends and also master our weakness. > If > we keep changing this or that or moving that or this then oh well...there > goes 1 day worth of work to figure stuff out. > > Just my take on this. If you think different, then no problems. > > Regards, > Ravi. > > > On Tue, Dec 21, 2010 at 10:23 AM, Paul M Foster >wrote: > > > On Tue, Dec 21, 2010 at 02:35:33AM -0500, David Hutto wrote: > > > > > On Tue, Dec 21, 2010 at 2:29 AM, Ravi Gehlot > > wrote: > > > > Why mess with something that is already working? If you are trying to > > make > > > > it pretty then you are not solving a problem. You are creating one. > > > > > > > > > Define working. I've had programs 'work', but more experienced would > > > say it's flawed in some respect. Does it perform the immediate task? > > > > > > Now define pretty. Is it aesthetically pleasing to you, or to someone > > > else with less, or maybe more experience. > > > > > > By defining the two above, you then define whether it's a problem. To > > > you, or to them, or to the original designer? > > > > Beware of "more experienced" programmers. I recently talked to an > > ex-boss of mine who had a programmer flake out on him. One of his > > customers threatened to take this flaky code to another company and get > > their opinion about whether it was good code or not. My ex-boss > > explained that, of course, they'd shoot it down. Because that's what > > programmers do-- they complain about other programmers' code. I'd never > > heard that idea expressed aloud. But when I thought about it, I realized > > it was true. Hell, look at the content of this list. ;-} > > > > Paul > > > > -- > > Paul M. Foster > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > >
Re: [PHP] Re: Warning when calling session_start()
session_start (); should be before everything...first thing in the page. Ravi. On Wed, Dec 22, 2010 at 12:51 AM, wrote: > Hi, folks, > > On Tue, 21 Dec 2010 21:35:17 -0800 [06:35:17 AM CET], > Michael Shadle wrote: > > > first - this is probably your culprit: > > don't output empty lines before you do > > anything (just a general good practice) > > Whow! This did the trick ! > > Warning vanished when I changed beginning of > script to: > > 1 2 > > I wasn't aware that the HTML comment and the > following empty line are in fact written to > output. But that's clear now :-) > > So I suppose my local PHP setup supressed this > warning or is more compliant ... > > > also i'd turn on output buffering. > > Since it worked without warning at 1st try, > I haven't changed output buffering (yet). > > Mike, many thanks for Your PROMPT and HELPFUL > answer! Have a nice day! > > Rolf > -- > Dipl.phys. Rudolf Otto Blättner, > D 91074 Herzogenaurach, Germany. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] empty() in email message
Hello Gary,
Please research the difference between a single quote and a double quote.
Also, you can use the operator .=(dot + equal) in this manner:
if(!empty($_POST['fname'])) {
$msg .= "$lname\n";
} else if(!empty($_POST['lname'])) {
$msg .= "$lname\n";
}
On Tue, Dec 14, 2010 at 12:04 AM, Gary wrote:
>
> ""Daevid Vincent"" wrote in message
> news:7d7c84d94dd24035a620e68b5b937...@mascorp.com...
> >> - Original message -
> >> From: Gary
> >> To: php-general@lists.php.net
> >> Date: Monday, December 13, 2010, 7:47:49 PM
> >> Subject: [PHP] empty() in email message
> >>
> >> I have an email message
> >>
> >> $msg = 'Name: $fname ' . ' $lname\n'
> >> . "Phone: $phone\n"
> >> . "Email: $email\n"
> >>
> >> and it works fine, however in this message there are about 30
> >> variables that
> >> are being called...as such
> >>
> >> . "Order: beefschnitzel $beefschnitzel\n"
> >> . "Order: beefstrips $beefstrips\n"
> >> . "Order: cheesesausage $cheesesausage\n"
> >> . "Order: crumbedsausage $crumbedsausage\n"
> >> . "Order: chucksteak $chucksteak\n"
> >> . "Order: cornedbeef $cornedbeef\n"
> >> . "Order: dicedsteak $dicedsteak\n"
> >> . "Order: filletmignon $filletmignon\n"
> >>
> >> I want to only send the message if the submitter enters an
> >> amount in the
> >> form for the corresponding variable, instead of having a
> >> bunch of empty
> >> messages. So I have been trying to use the empty() function as such:
> >>
> >> . if empty($beefolives){''} elseif (isset($beefolives)) {
> >> 'Order: beefolives
> >> $beefolives\n'}
> >
> > You are setting this up fundamentally wrong.
> >
> > You should be using an array and looping through it.
> >
> > Something like:
> >
> > $myorder['cowface'] = 1;
> > $myorder['beefenweiner'] = 2;
> > $myorder['chucksteak'] = 1;
> >
> > foreach ($myorder as $item => $quantity)
> > {
> > echo "Order: $item x $quantity\n";
> > }
> >
> > Then your array only contains the items someone actually puchased and how
> > many.
> >
> > d
> >
>
> Daevid
>
> I knew someone was going to point out this was a convoluted method, and I
> agree. This was sent to me by someone that needed to make the mail form
> work. My suggestion was to look into a pre-made shopping cart, however
> that
> was not going to work for them, so I made the mail() work for them.
>
> I had thought about putting it into an array, but had not gotten that far
> into it. I will look over the code to see how it works.
>
> Thank you for your help.
>
> gary
>
>
>
>
> __ Information from ESET Smart Security, version of virus signature
> database 5700 (20101213) __
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Re: [PHP] accessing magic parent set
Hello,
$this only calls variables inside of a method. In your function, you are
calling a variable that was defined inside of your function called
$columnName. You should past the whole class. Not just the methods.
"The pseudo-variable $this is available when a method is called from within
an object context. $this is a reference to the calling object (usually the
object to which the method belongs, but possibly another object, if the
method is called statically from the context of a secondary object). " taken
from http://www.php.net/manual/en/language.oop5.basic.php
The parent keyword indicates that this is an extended class. You are
referring back to the master class.
Ravi.
On Wed, Dec 22, 2010 at 9:35 AM, Alexandru Patranescu wrote:
> Is this the only way to access the magic __set from the parent class:
>
>public function __set($columnName, $value)
>{
>if ($value !== $this->$columnName) {
>parent::__set($columnName, $value);
>}
>}
>
>
> I would have liked to work this way:
>
>public function __set($columnName, $value)
>{
>if ($value !== $this->$columnName) {
>parent::$columnName = $value;
>}
>}
>
>
> And another question.
> There is a self, a static and a parent
> Why is it only $this and not a $parent too?
>
Re: [PHP] Stripslashes
What are these magic quotes anyways?. What are they used for? escaping? Regards, Ravi. On Tue, Nov 16, 2010 at 11:44 PM, Adam Richardson wrote: > On Tue, Nov 16, 2010 at 10:10 PM, Gary wrote: > > > I was doing a test of stripslashes on a $_POST, when I recieved the > email, > > all of the slashes were still in the data posted. > > > > I used : > > > > $fname = stripslashes($_POST['fname']); > > > > I input G\\a//r\y\\, and was expecting, according to the manuel > G\a//r*y\, > > but got the original spelling. > > > > In this case, you should get the original, if I'm understanding correctly. > Think of it like a basic math problem: > > Step 1: Happens automatically when you submit the form and PHP receives the > form variables > input + slashes = slashed_input > > Step 2: This happens when you call stripslashes. > slashed_input - slashes = input > > The goal of stripslashes is that it will undo what happened automatically > using magic_quotes_gpc (which essentially calls addslashes on the GPC vars > behind the scenes) so you'll end up with the original input. > > So, working through your example: > > 1. You inputted into a form G\\a//r\y\\ and submitted the form. > 2. PHP received G\\a//r\y\\ and added slashes (Ga//r\\y). > 3. You called stripslashes (G\\a//r\y\\). > > > > > > > > I added: > > > > echo stripslashes($fname); and did get the expected result on the page, > but > > not in the email from the $_POST. > > > > Here, you called stripslashes on something already stripped once, so you > now > have a new value (G\a//ry\). > > > > > > I also tried > > > > $fname = (stripslashes($_POST['fname'])); > > > > This would be no different than your attempt without enclosing parentheses. > > Now, let me just say that I detest magic_quotes, and it's best to run with > them disabled so you don't even have to worry about this kind of issue > (they've been deprecated.) But, perhaps you were just trying to learn > about > some piece of legacy code. > > Hope the explanation helps, Gary. > > Adam > > -- > Nephtali: PHP web framework that functions beautifully > http://nephtaliproject.com >
Re: [PHP] [SOLVED] Re: Upgraded system and now $_SERVER['SERVER_NAME'] is not more working
You probably have error_reporting turned on and that caught on errors. There are new tougher rules/requirements with newer PHP versions. Ravi.
Re: [PHP] Stripslashes
On Wed, Dec 22, 2010 at 3:34 PM, Bob McConnell wrote:
> From: Ravi Gehlot
>
> > What are these magic quotes anyways?. What are they used for?
> escaping?
>
> I wasn't there at the time, but I gather that the general idea was to
> automagically insert escape characters into data submitted from a form.
> However, they used a backslash as the escape character, which is not
> universally recognized across database engines. Even the SQL standard
> defines an escape as a single quote character.
>
> We used to have magic quotes enabled, and came up with the following
> code to clean up the mess it caused.
>
>// If magic quotes is on, we want to remove slashes
>if (get_magic_quotes_gpc()) {
> // Magic quotes is on
> $response = stripslashes($_POST[$key]);
>} else {
> $response = $_POST[$key];
>}
>
> For future releases of PHP, this will also need a check to see if
> get_magic_quotes_gpc() exists first.
>
> Bob McConnell
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Bob,
Thank you very much. This is good information. What I found out from
http://us2.php.net/manual/en/function.stripslashes.php was the following:
"An example use of *stripslashes()* is when the PHP directive
magic_quotes_gpc<http://us2.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc>is
*on* (it's on by default), and you aren't inserting this data into a place
(such as a database) that requires escaping. For example, if you're simply
outputting data straight from an HTML form. "
So that means that stripslashes() isn't intended for DB insertions but only
straight output. So I will remove it from my code.
Thanks,
Ravi.
Re: [PHP] Stripslashes
On Wed, Dec 22, 2010 at 4:21 PM, Russell Dias wrote:
> stripslashes() is rife with gaping security holes. For mysql
> insertion rely on mysql_real_escape_string() or alternatively, you can
> use prepared statements.
>
> For outputting data on the page you should ideally be using
> htmlspecialchars($var, ENT_QUOTES);
>
> cheers,
> Russ
>
> On Thu, Dec 23, 2010 at 6:48 AM, Ravi Gehlot wrote:
> > On Wed, Dec 22, 2010 at 3:34 PM, Bob McConnell wrote:
> >
> >> From: Ravi Gehlot
> >>
> >> > What are these magic quotes anyways?. What are they used for?
> >> escaping?
> >>
> >> I wasn't there at the time, but I gather that the general idea was to
> >> automagically insert escape characters into data submitted from a form.
> >> However, they used a backslash as the escape character, which is not
> >> universally recognized across database engines. Even the SQL standard
> >> defines an escape as a single quote character.
> >>
> >> We used to have magic quotes enabled, and came up with the following
> >> code to clean up the mess it caused.
> >>
> >>// If magic quotes is on, we want to remove slashes
> >>if (get_magic_quotes_gpc()) {
> >> // Magic quotes is on
> >> $response = stripslashes($_POST[$key]);
> >>} else {
> >> $response = $_POST[$key];
> >>}
> >>
> >> For future releases of PHP, this will also need a check to see if
> >> get_magic_quotes_gpc() exists first.
> >>
> >> Bob McConnell
> >>
> >> --
> >> PHP General Mailing List (http://www.php.net/)
> >> To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >>
> > Bob,
> >
> > Thank you very much. This is good information. What I found out from
> > http://us2.php.net/manual/en/function.stripslashes.php was the
> following:
>
> "An example use of *stripslashes()* is when the PHP directive
> > magic_quotes_gpc<
> http://us2.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc
> >is
> > *on* (it's on by default), and you aren't inserting this data into a
> place
> > (such as a database) that requires escaping. For example, if you're
> simply
> > outputting data straight from an HTML form. "
> >
> > So that means that stripslashes() isn't intended for DB insertions but
> only
> > straight output. So I will remove it from my code.
> >
> > Thanks,
> > Ravi.
> >
>
Hello Russell,
When you use htmlspecialchars() it tries to escape single/double quotes with
a bunch of backslashes. I had stripslashes() in an attempt to try to get the
backslashes away but it didn't. So the solution was to disable magic quotes
in php.ini. With GoDaddy shared hosting, I had to rename php.ini over to
php5.ini in order to have this to work. Also had to include the command like
responsible for disabling magic quotes. Everything is good and clean now.
Now you type for example "Hunter's Reserve Circle" and it keeps it as it is.
Before it would print something like "Hunter'///s Reserve Circle".
With double quote, the situation would be even worse.
mysql_real_escape_string() is a must in order to avoid SQL injections.
Regards,
Ravi.
Re: [PHP] static Logging class?
Hello Lars, I would apply the Singleton Pattern where you would have 1 instance for you entire application. As far as whether or not to use a static method, I would weigh the options. If you just want to call a method that you know will not have to be changed in the future and that method will not be using any pre-defined properties, then it makes sense to call a static method. Bear in mind that static methods can not be overridden. Best of luck, - [image: logo] *Ravi Gehlot * Mobile: 407-283-5282 Orlando, FL 32765-8085 http://www.RaviGehlot.Net/ https://github.com/ravigehlot *"First, solve the problem. Then, write the code."* [image: Twitter] <http://www.twitter.com/ravigehlot> [image: LinkedIn]<http://www.linkedin.com/in/ravigehlot> [image: Amazon]<https://www.amazon.com/gp/pdp/profile/A35NGY72YZSFR7?ie=UTF8&ref_=ya_56> [image: Meetup] <http://www.meetup.com/members/12029903/> [image: pinterest]<http://pinterest.com/ravigehlot/> [image: reddit] <http://www.reddit.com/user/ravigehlot/> Contact me: [image: Google Talk] ravigehlot [image: Skype] ravigehlot [image: Y! Messenger] ravigehlot On Sun, Mar 3, 2013 at 8:26 AM, Lars Nielsen wrote: > Hi, > > I work on a little hobby-project, and i want to make a oo logging > facility. (php5.3 oop) > > Is it best to make a class with static functions that i can call from my > other classes? Or is it more appropriate to make a real logging-class i > should instantiate every time i need to log something? (I just want to > log to a file) > > Best regards > Lars Nielsen > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] static Logging class?
Hello Larry, Thanks for sharing! - [image: logo] *Ravi Gehlot * Mobile: 407-283-5282 Orlando, FL 32765-8085 http://www.RaviGehlot.Net/ https://github.com/ravigehlot *"First, solve the problem. Then, write the code."* [image: Twitter] <http://www.twitter.com/ravigehlot> [image: LinkedIn]<http://www.linkedin.com/in/ravigehlot> [image: Amazon]<https://www.amazon.com/gp/pdp/profile/A35NGY72YZSFR7?ie=UTF8&ref_=ya_56> [image: Meetup] <http://www.meetup.com/members/12029903/> [image: pinterest]<http://pinterest.com/ravigehlot/> [image: reddit] <http://www.reddit.com/user/ravigehlot/> Contact me: [image: Google Talk] ravigehlot [image: Skype] ravigehlot [image: Y! Messenger] ravigehlot On Sun, Mar 3, 2013 at 1:48 PM, Larry Garfield wrote: > Make a real classed object that you pass to various objects that need it. > Otherwise you make your life way harder for unit testing. Don't have a > class that self-enforces that it's a singleton. That way lies pain. > > In particular, I recommend using or writing a class based on the PSR-3 > recommendation: > > https://github.com/php-fig/**fig-standards/blob/master/** > accepted/PSR-3-logger-**interface.md<https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-3-logger-interface.md> > > There's even stock code for the interface and some useful base classes > available: > > https://packagist.org/**packages/psr/log<https://packagist.org/packages/psr/log> > > And for added fun, there are already publicly available open source > libraries that implement PSR-3 that you can just drop in and use, such as: > > https://packagist.org/**packages/monolog/monolog<https://packagist.org/packages/monolog/monolog> > > (If that's too heavy for you, writing your own PSR-3 compatible logger is > dead-simple.) > > > I'm sure you're about to say "zOMG this is just a hobby project, I don't > need something that fancy and all injected and shit!" If it's a simple > project, use a simple container to do all the hard work for you: > > https://packagist.org/**packages/pimple/pimple<https://packagist.org/packages/pimple/pimple> > > (That's < 100 lines of executable code. Quite powerful, dead simple to > use.) > > Cheers. > > --Larry Garfield, FIG member > > > > On 03/03/2013 07:26 AM, Lars Nielsen wrote: > >> Hi, >> >> I work on a little hobby-project, and i want to make a oo logging >> facility. (php5.3 oop) >> >> Is it best to make a class with static functions that i can call from my >> other classes? Or is it more appropriate to make a real logging-class i >> should instantiate every time i need to log something? (I just want to >> log to a file) >> >> Best regards >> Lars Nielsen >> >> >> > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] Introduction ... !
Hello Nick, Welcome to the list. I joined the list awhile back then unsubscribed for no apparent reason. This list was very active years ago. I came back about a few months ago just as a watcher. I didn't really post or participate at all. I guess, there are a lot of watchers "only" people here. They receive digest e-mails; they just don't participate in any way. Then, there are those who lost their jobs due to the recession and so they dropped off the list as well. There are a lot of developers unemployed. I would imagine that other developers didn't keep up with the changes. PHP has come a long way as far as Object Oriented Programming is concerned. There have been many discussions about Design Patterns and extending existing classes. So a lot has changed in the last 5 years. I do believe that the list will pick up again. Welcome back, Ravi. On Fri, Mar 1, 2013 at 10:57 AM, Nick Whiting wrote: > Hello PHP'ers! > > Just thought I would introduce myself to the mailing list since I've worked > with PHP for almost 10 years now and yet haven't really been community > active ... > > I've developed quite a few open-source projects over the years that I hope > someone here will find as useful as I have ... they are all hosted on > Github @prggmr. > > XPSPL - Signal Processor in PHP > docpx - PHP Documentation Generator for Sphinx > > Again Hello Everyone! > > Cheers! > -- > Nickolas Whiting - prggmr.org > - Remember to write less code that does more faster - >
Re: [PHP] [ad] [free+opensource] htmlMicroscope (nested array viewer/dumper) upgraded - now allows for even larger arrays
I like PHPUnit for that matter. It does a good job of debugging. Ravi. On Sat, Dec 22, 2012 at 8:41 AM, rene7705 wrote: > Hi Folks. > > URL: http://fancywebapps.com/products/htmlMicroscope > > Just wanted to let you all know that I've completed a long overdue > upgrade to my free htmlMicroscope web component. > It is basically a fancy replacement for var_dump() which can show you > the full depth of an array regardless of how large or deep your PHP > array or javascript object is. > > I won't repeat the entire homepage content here, but I think this > version could be useful for at least some of the programmers on this > list. > > I'll only repeat this message for significant updates. > > This is a significant update because I've finally cracked the barrier > of displaying an object with more than a few hundred key-value pairs > on a single level. That used to crash all browsers, not anymore. > > i'll continue work on this, want to build in (in order of priority): > - auto navigation options (auto smooth scroll to links within the data) > - middle mouse button click -> smooth offset scrolling > - html source view > - auto indented and colorcoded syntax-checked view for html + json > > Merry Christmas and a productive New Year to ya'll :D > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] Accessing Files Outside the Web Root
Hello Dale, The spiders are not the only problem. The issue here is that anyone can download your files from your website and then make them available elsewhere. In order to address the problem, you should create a "Members Restricted Area" where members only could download your files. You can then make your PDF directory only visible through your Members Restricted Area. That directory would be invisible to the web. In some Linux distros, if the file/directory is not a member of www-data, it is not visible online. But you can still link the files to your PHP page. Ravi. On Wed, Mar 13, 2013 at 4:38 PM, Dale H. Cook wrote: > Let me preface my question by noting that I am virtually a PHP novice. > Although I am a long-time webmaster, and have used PHP for some years to > give visitors access to information in my SQL database, this is my first > attempt to use it for another purpose. I have browsed the mailing list > archives and have searched online but have not yet succeeded in teaching > myself how to do what I want to do. This need not provoke a lengthy > discussion or involve extensive hand-holding - if someone can point to an > appropriate code sample or online tutorial that might do the trick. > > I am the author of a number of PDF files that serve as genealogical > reference works. My problem is that there are a number of sites which are > posing as search engines and which display my PDF files in their entirety > on their own sites. These pirate sites are not simply opening a window that > displays my files as they appear on my site. They are using Google Docs to > display copies of my files that are cached or stored elsewhere online. The > proof of that is that I can modify one of my files and upload it to my > site. The file, as seen on my site, immediately displays the modification. > The same file, as displayed on the pirate sites, is unmodified and may > remain unmodified for weeks. > > It is obvious that my files, which are stored under public_html, are being > spidered and then stored or cached. This displeases me greatly. I want my > files, some of which have cost an enormous amount of work over many years, > to be available only on my site. Legitimate search engines, such as Google, > may display a snippet, but they do not display the entire file - they link > to my site so the visitor can get the file from me. > > A little study has indicated to me that if I store those files in a folder > outside the web root and use PHP to provide access they will not be > spidered. Writing a PHP script to provide access to the files in that > folder is what I need help with. I have experimented with a number of code > samples but have not been able to make things work. Could any of you point > to code samples or tutorials that might help me? Remember that, aside from > the code I have written to handle my SQL database I am a PHP novice. > > Dale H. Cook, Member, NEHGS and MA Society of Mayflower Descendants; > Plymouth Co. MA Coordinator for the USGenWeb Project > Administrator of http://plymouthcolony.net > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] Re: [PHP-DEV] PHP 5.5.0 final has been released!
Awesome! On Thu, Jun 20, 2013 at 11:14 PM, Marco Pivetta wrote: > Well done! Congratulations! > On 20 Jun 2013 23:23, "Julien Pauli" wrote: > > > Hello! > > > > The PHP Development Team would like to announce the immediate release of > > PHP 5.5.0. This release includes a large number of new features and bug > > fixes. > > > > A separate release announcement is also available. For changes in PHP > > 5.5.0 since PHP 5.4, please consult the PHP 5 ChangeLog. > > > > Release Announcement: http://www.php.net/release_5_5_0.php > > Downloads:http://www.php.net/downloads.php#v5.5 > > Changelog:http://www.php.net/ChangeLog-5.php#5.5.0 > > > > Thanks to all contributors that made this new version available. > > > > regards, > > > > David Soria Parra & Julien Pauli > > >
