[PHP] Best practices for php application

2004-10-21 Thread abrea 
Dear list,
Does anybody know of a url where I can find reading materials about best 
practices to organize the filesystem and variable structure of a php 
application? 
Although application purposes probably vary widely, I imagine that in one 
way or other most include adding, updating, deleting and displaying records, 
so there might be some standard or preferred procedure.
Thanks for any help
Alberto Brea
[EMAIL PROTECTED]

Re: [PHP] Student Suspended Over PHP use.

2005-02-09 Thread abrea 
Aha I knew you guys were up to something
Cheers
Alberto Brea :-)

-Original Message-
From: "Bosky, Dave" <[EMAIL PROTECTED]>
To: php-general@lists.php.net
Date: Wed, 9 Feb 2005 08:53:24 -0500 
Subject: [PHP] Student Suspended Over PHP use.


I just ran across this interesting article from awhile back. Pretty funny
http://bbspot.com/News/2000/6/php_suspend.html
Topeka, KS - High school sophomore Brett Tyson was suspended today after 
teachers learned he may be using PHP.
"A teacher overheard him say that he was using PHP, and as part of our 
Zero-Tolerance policy against drug use, he was immediately suspended. No 
questions asked," said Principal Clyde Thurlow.   "We're not quite sure what 
PHP is, but we suspect it may be a derivative of PCP, or maybe a new 
designer drug like GHB."  
Parents are frightened by the discovery of this new menace in their 
children's school, and are demanding the school do something.  "We heard 
that he found out about PHP at school on the internet.  There may even be a 
PHP web ring operating on school grounds," said irate parent Carol Blessing. 
 "School is supposed to be teaching our kids how to read and write.  Not 
about dangerous drugs like PHP."
In response to parental demands the school has reconfigured its internet 
WatchDog software to block access to all internet sites mentioning PHP.  
Officials say this should prevent any other students from falling prey like 
Brett Tyson did.  They have also stepped up locker searches and brought in 
drug sniffing dogs.
Interviews with students suggested that PHP use is wide spread around the 
school, but is particularly concentrated in the geeky nerd population.  When 
contacted by BBspot.com, Brett Tyson said, "I don't know what the hell is 
going on dude, but this suspension gives me more time for fraggin'.  Yee 
haw!"
PHP is a hypertext preprocessor, which sounds very dangerous.  It is 
believed that many users started by using Perl and moved on to the more 
powerful PHP.  For more information on how to recognize if your child may be 
using PHP please visit http://www.php.net. 
 
 
 


HTC Disclaimer: The information contained in this message may be privileged 
and confidential and protected from disclosure. If the reader of this 
message is not the intended recipient, or an employee or agent responsible 
for delivering this message to the intended recipient, you are hereby 
notified that any dissemination, distribution or copying of this 
communication is strictly prohibited. If you have received this 
communication in error, please notify us immediately by replying to the 
message and deleting it from your computer. Thank you.

Re: [PHP] [NEWBIE] How to allow for tags but no others?

2005-02-25 Thread abrea 
Instead of allowing your users to enter  tags, why don't you put them in 
your own web page and just let them enter the url?
For instance you would have your form:


...

The action page (thepage.php) could include something like:

And when you retrieve it from the database you write your own link:
Thelink
instead of relying on the user's html proficiency and/or good intentions, 
which looks like a big source of problems.
Hope his helps
Alberto Brea


-Original Message-
From: Dave <[EMAIL PROTECTED]>
To: php-general@lists.php.net
Date: Fri, 25 Feb 2005 17:36:31 +0900
Subject: [PHP] [NEWBIE] How to allow for  tags but no others?

> PHP General,
> 
> 1. The Situation:
> I have a forum in which users can enter text which is then
> displayed 
> on my web site. I want to be able to allow them to insert their own  href> tags to provide links. The text is stored in a MySQL database.
> 
> 2. The Problem:
> My understanding is that if the input of HTML tags or other coding 
> elements is left unrestricted, then the potential is there for users to
> cause damage either maliciously or by accident by inserting scripts or 
> MySQL commands. Although the users who have access to the text input 
> forms have to pass a username and password check first, I would still 
> rather be safe than sorry. Mostly I am concerned about people
> unfamiliar 
> with HTML inserting incorrect code which may break the page design.
> 
> 3. The Question:
> Can I set up a PHP script which will strictly only allow instances 
> of  and  and absolutely nothing else? I would like
> the 
> default behavior to be that if any other tag element, or use of "<" or 
> ">" be simply deleted from the text before inserting it into the 
> database. I could reject text with incorrect tags altogether, but then 
> I'll be spending a lot of time explaining how to correct code to people
> who are anxious to get their text on the site. Far better that they at 
> least be able to get basic text up even when they mess up the code they
> want to insert.
> Can this be done?
> Will it be sufficient to protect the system against bad code?
> 
> 4. What I've Done So Far:
> I've looked into the *htmlspecialchars()* 
>  and 
> *htmlentities(), thinking that they perhaps could pull out characters 
> used in tags, but they seem to be more for formatting script, not 
> filtering it.* 
> I'm assuming I need a string_replace() code of some kind. But I'm 
> lost as to how to specify to allow "<" only when immediately followed
> by 
> either "a href =" or "/a>" and accept no other instances.
> It was when I realized that people might potentially be able to 
> insert some Java Script inside of the quotes after "href=" that I 
> realized I was in over my head.
> 
> Any help much appreciated.
> ** 
> 
> -- 
> Dave Gutteridge
> [EMAIL PROTECTED]
> Tokyo Comedy Store
> http://www.tokyocomedy.com/english/
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] [NEWBIE] How to allow for tags but no others?

2005-02-27 Thread abrea 
Dave:
I visited your website. I see that you wish to put the links in the middle 
of the text, which I didn't understand before.
Now, if you let your users write tags you are bound to have a substantial 
number of them who don't even know what 'tag' means, let alone any 
occasional malice.
Perhaps one way to circumvent the problem is to let them write just "link1", 
"link2", "link3" in the textarea, and input the link names and urls 
separately, e.g like this:


Dear user: Please include "link1", "link2" ... as placeholders in the text 
and the actual linknames and urls in the boxes below:
thetext
Link1:
Linkname
Url
Link2:
Linkname
Url
...
Link10:
Linkname
Url

// STEP 2 RECEIVE AND VALIDATE THE POSTED VALUES
if(isset($_POST["linkname1"]) && isset($_POST["url1"])
   { // INSERT THE VALUES IN THE DATABASE }
if(isset($_POST["linkname2"]) && isset($_POST["url2"])
   { // INSERT THE VALUES IN THE DATABASE }
...
if(isset($_POST["linkname10"]) && isset($_POST["url10"])
   { // INSERT THE VALUES IN THE DATABASE }
// STEP 3 RETRIEVE (SELECT) THE VALUES FROM THE DB
   $linkname1= "thename1"; $url1= "theurl1";
   $linkname2= "thename2"; $url2= "theurl2";
   ...
   $linkname10= "thename10"; $url10= "theurl10";
// STEP 4 DEFINE THE STRINGS TO BE DISPLAYED WITH  TAGS
   $link1= "$linkname1
   $link2= "$linkname2
   ...
   $link10= "$linkname10
   // SUBSTITUTE THE NEW VARS INSTEAD OF THE PLACEHOLDERS
   $thetext= "This is the text to be shown";
   $thetext.= substr("link1", $link1)ETC; // CHECK SYNTAX
   // THE TEXT WITH THE LINKS INCLUDED
   $thetext= "This is the text to be shown, which includes $link1" .
  "and then $link2 and last but not least $link10" .
  "Blah Blah Blah.";
?>


The text to be shown, with the included links, is this: 
Hope this helps.
Alberto Brea

-Original Message-
From: Dave <[EMAIL PROTECTED]>
To: php-general@lists.php.net
Date: Sat, 26 Feb 2005 12:27:04 +0900
Subject: Re: [PHP] [NEWBIE] How to allow for  tags but no others?

> Alberto, John, Jochem, Richard, Tyler,
> 
> Thank you for your very helpful advice. So far I'm thinking of 
> definitely including some of Tyler's code for doing some filtering, 
> along with the other commands mentioned, like strip_tags() for securing
> the input.
> 
> However, I would like to ask further about what Alberto was talking
> about in terms of storing the url separately. Someone mentioned that 
> "Chris" suggested making my own syntax, but I somehow the response from
> Chris didn't get to me, so I'm not sure what that implies.
> 
> Without a doubt, it would be better to save the URL separately, and
> then refuse any other user attempts at hand coded HTML. But the problem
> that I can't quite resolve is how to get separately stored URLs into 
> inline text in such a way that a non-HTML literate user could handle.
> Right now I offer the user the option of saving a web link with a 
> title separately from the block of text. They can create a user profile
> which looks like this:
> http://www.tokyocomedy.com/people.php?person=7   (Page has Japanese
> text)
> But that's not quite satisfactory. I'm trying to give people the 
> option of having profiles that look like this:
> http://www.tokyocomedy.com/people.php?person=11   (Page has
> Japanese 
> text)
> 
>I can set up the form for users to input multiple URLs, but how can
> I 
> then allow them to place them in the desired location in their text?
> 
> -- 
> Dave Gutteridge
> [EMAIL PROTECTED]
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Concatenate PHP code into a string

2004-06-28 Thread abrea 
Dear List,
How can I include a dynamically generated array:
e.g. for($i=0; $ihttp://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] checkbox

2004-06-30 Thread abrea 
If you put square brackets after the name (e.g. var[]) your form should 
produce an array called $_POST["var"] that comprises the checked boxes 
only.
e.g.




Regards
Alberto Brea
[EMAIL PROTECTED]



-Original Message-
From: "Aris  Santillan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Date: Wed, 30 Jun 2004 15:56:35 +0800
Subject: [PHP] checkbox

> how can process  only items with checked check-box?
> 
> --- html ---
> 
> 
> 
> 
> 
> Untitled Document
> 
> 
> 
> 
>
> 
> 
>   
>
> 
>   
>   
>
>  
> 
>   
>
> 
>   
>   
>   
> 
> 
>   
> 
> 
> 
> 
> 
> 
> --- html ---
> 
> 
> 
> 
> 
> 
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Anyone knows when PHP5 is released?

2004-07-14 Thread abrea 
Congratulations and good luck to the PHP 5.0.0 team!!
Alberto Brea

-Original Message-
From: "John W. Holmes" <[EMAIL PROTECTED]>
To: Ben Ramsey <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Date: Tue, 13 Jul 2004 18:44:06 -0400
Subject: Re: [PHP] Re: Anyone knows when PHP5 is released?

> Ben Ramsey wrote:
> 
> > Aidan Lister wrote:
> > 
> >> "When it's ready"
> >>
> >> Hopefully we'll see the stable release in the next 24 hours.
> > 
> > 
> > There was a post to the internals@ list yesterday.  Andi announced a 
> > test roll of 5.0.0 saying that he would release PHP 5 within the next
> 24 
> > hours "if all goes well."  Keep your fingers crossed.
> > 
> > Refer to: http://www.phpdeveloper.org/index/2279
> > 
> 
> www.php.net says PHP 5.0.0 is released now. I'm sure there'll be an 
> annoucement soon...
> 
> -- 
> ---John Holmes...
> 
> Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
> 
> php|architect: The Magazine for PHP Professionals – www.phparch.com
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Can't install PHP on Windows/Apache

2004-07-19 Thread abrea 
Dear list,
I am trying to install PHP 4.3.8 as a module of Apache 2.0.50 on a 
Windows 98 computer.
Apache alone runs ok. After I installed PHP with the installer package, I 
added the following line at the end of the Apache httpd.conf together 
with the AddType statements:
# LoadModule php4_module c:/php/php4apache.dll

When I uncomment this line there is an error message saying that a 
resource is missing (or something like that, the DOS window disappears 
very quickly so I can't copy it).
This line has worked ok on other computers I have installed with PHP 
4.3.4 on Apache 1.3.29 and PHP 4.3.3 on Apache 1.3.27. I tried to install 
these programs but PHP does not run either, although Apache does.
I have tried with both php4apache.dll and php4apache2.dll, but I still 
get the error message.
The paths in the c:\windows\php.ini file point to the .dll file correctly.
Could anybody please tell me what the problem could be?
Thank you in advance
Alberto Brea

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Can't make shorthand work in PHP5

2006-04-16 Thread abrea 
Dear List,
The shorthand form  worked fine for me in PHP4, but I
cannot make it work in PHP5. ( works ok,
however).
Could anybody please tell me if this form is still available in PHP5, and,
if so, if a different syntax is needed?
I searched the matter in the documentation but couldn't find it.
Thank you

Alberto Brea
[EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Lost Variables

2004-11-23 Thread abrea 
To turn $_POST["var1"], $_POST["var2"], $_POST["var3"] into $var1, $var2, 
$var3:

if(isset($_POST))
 { foreach($_POST as $key=>$value)
 { $$key= $value; print("$$key= $value; "); }}

This should do it. The print statement is just to check the result.
Regards

Alberto Brea


-Original Message-
From: "Monique Verrier" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Date: Tue, 23 Nov 2004 12:52:29 -0800
Subject: [PHP] Lost Variables

> First -- thank you for reading my post.
> 
> I am using the general strategy suggested by Jay (thanks, Jay) to
> process my
> form in another procedure.  It's listed below.  In my processStuff.php
> program, I use the following code:
> 
> $attributes = array();
> $attributes = array_merge($attributes,$HTTP_POST_VARS, $HTTP_GET_VARS);
> extract($attributes, EXTR_PREFIX_SAME, "this");
> 
> I want to load my numerous post variables into regular memory variables
> (or
> whatever the php nomenclature is) -- e.g. $_POST['action'] becomes
> $action.
> It doesn't seem to working according to the manual.  I list my
> $HTTP_SESSION_VARS, there are none.
> 
> I would appreciate anyone taking the time to explain to me how this
> works.
> Either it's stupid or I'm stupid.  I'm figuring it's me.
> 
> Monique.
> 
> 
> 
> 
> 
> 
> 
> 
> In processStuff.php
> 
>  switch ($_POST['action']){
> case "Add Record":
> ...do stuff...
> ..redirect back to original page...
> break;
> 
> case "Delete Record":
> ...do stuff...
> ..redirect back to original page...
> break;
> 
> }
> ?>
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Software patents

2004-12-01 Thread abrea 
Will the adoption and legalization of software patents actually threaten the 
activity of PHP software developers?
I see some people quite worried about this, e.g. at http://www.knoppix.org 
and http://swpat.ffii.org/index.en.html
Alberto Brea

Re: [PHP] imap_mail problems

2004-12-21 Thread abrea 
May I suggest that you use PHP's mail() function and avoid the problem 
altogether.
The format is much the same as the one you are using.
Alberto Brea
[EMAIL PROTECTED]

-Original Message-
From: "Paul Aviles" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Date: Mon, 20 Dec 2004 20:00:22 -0500
Subject: [PHP] imap_mail problems

> Hello, I am having problems with this code below. The system is a FC1
> server 
> and it is supposed to send an email collecting some information of a 
> computer. The problem I am having is with the "<" and ">" characters.
> When 
> the $header variable is created, it does not work if you add the < and
> > 
> characters. For some reason makes the whole string like null.  Has
> anyone 
> seen this behaviour? If I try manually to send an email it does work
> and php 
> does have imap support on it.
> 
> Thanks
> 
> -pa
> 
> 
> 
>  $header = "From: $fullNameField  --fqdn`) . 
> ">";
>  $registrationAddress = "[EMAIL PROTECTED]";
>  $subject = "Registration ($productName)";
>  $message = "
> Full name: $fullNameField
> Title: $titleField
> Company: $companyField
> ";
>  // send email
>   imap_mail($registrationAddress, $subject, $message, $header);
> 
>  
> 
> 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

[PHP] Updating an open page with PHP

2005-06-14 Thread abrea 
Dear list,
Is there a way in PHP to update information on an open web page (e.g. to say 
"Hello, user, I have just logged in"), without the user having to refresh 
the page himself each time?
Thank you
Alberto Brea

Re: [PHP] form inside an email

2005-06-14 Thread abrea 
Doesn't this work?:
inside your email:
http://yoursite.com/yourpage.php";>




yourpage.php:


Alberto Brea
[EMAIL PROTECTED]

-Original Message-
From: "Ross" <[EMAIL PROTECTED]>
To: php-general@lists.php.net
Date: Tue, 14 Jun 2005 19:11:26 +0100
Subject: [PHP] form inside an email

> Hi,
> 
> I would like to send a form to customers to get some information.
> 
> The form will be a HTML email and collect a few bits of data...name.
> age 
> etc.
> 
> Can I put this inside an html email so customers do not have to open an
> external webpage to fill in the fields. How can this then be processed?
> 
> If this can be done in php then great. If not any other suggestions are
> welcome.
> 
> Ross 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

RE: [PHP] Updating an open page with PHP

2005-06-14 Thread abrea 
Yes, but then the user would always have to reload the imbedded frame.


-Original Message-
From: "Warren Vail" <[EMAIL PROTECTED]>
To: "'abrea'" <[EMAIL PROTECTED]>, "'PHP General List'" 

Date: Tue, 14 Jun 2005 10:31:29 -0700
Subject: RE: [PHP] Updating an open page with PHP

> > Is there a way in PHP to update information on an open web 
> > page (e.g. to say 
> > "Hello, user, I have just logged in"), without the user 
> > having to refresh 
> > the page himself each time?
> 
> Technically, I don't believe so, but I can think of a way you might be
> able to fake it.  If you have a browser that supports imbedded frames
>  only the contents of the imbedded frame (a small portion of
> your visible page) can be used to minimize the portion that needs to be
> reloaded.  If the imbedded frame has no borders, the user will never
> notice that there is a frame (unless they are asked to click something
> inside the frame).
> 
> Note: I know that IE, Netscape, Mozilla and Firefox all support
> imbedded
> frames.  My experiences with Firefox have been interesting in that even
> refreshing the entire page appears to cause no flicker if few items are
> moved in the second rendering (downside in my testing is that firefox
> appears to leave running processes consuming RAM, at least in my Windoz
> XP).
> 
> I did see an implementation where a javascript routine loaded a
> separate
> file and because it ran in the browser, it could update pulldown lists
> and controls without appearing to refresh the page.
> 
> HTH
> Warren Vail
> [EMAIL PROTECTED]
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php