Hi!
I intend to write a sale online web use PHP and MySQL.
I want to find a "best framework"(available) of php.
Could you give me some advice?
Thanks.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On 5/26/06, Eric Butera <[EMAIL PROTECTED]> wrote:
> > > What is the purpose of the sprintf?
It's just a way of creating the string without escaping it with quotes
to call the function over and over to keep it clean.
Thanks. I think that I'll stick with the simpler code (to my eyes) and
elimi
mysqli does not have persistent connections. Kinda wish it did, as
using fascgi has the about the same number of processes that I would
want connections in a connection pooling scheme under a module
scenario.
anyhow, its a 5.1.4 bug and its reported.
--
PHP General Mailing List (http://www.php.n
> From: Jochem Maas [mailto:[EMAIL PROTECTED]
> Sent: Fri 26/05/2006 15:54
>
> Brad Bonkoski wrote:
> > All...
> > A lot has been said recently about the dangers of the family of
> > magic_quotes...
> > I understand the dangers.
> > The question is, for those of us using a database that does not
> From: Brad Bonkoski [mailto:[EMAIL PROTECTED]
> Sent: Fri 26/05/2006 15:41
>
> A lot has been said recently about the dangers of the family of
> magic_quotes...
> I understand the dangers.
> The question is, for those of us using a database that does not have a
> *real_escape_string function...O
[EMAIL PROTECTED] wrote:
Hi,
Is a serialized array a "safe" string to insert into a mysql text field? Or is a
function such as mysql_real_escape_string always needed?
regards
Simon
Seems like you can use mySQL bloob fields and serialize
--
PHP General Mailing List (http://www.php.net/)
To un
On 5/27/06, Ing. Tomás Liendo <[EMAIL PROTECTED]> wrote:
My host uses safe mode...
What other thing can I do?
Some other method exists to send files besides POST method?
ftp?
You haven't solved your problem which actually has nothing to do with
file uploading (460k is nothing and should upload
Since we're talking about include()ing functions specifically, I don't think
there's going to be much trouble to be had. Your file may be something like
this:
If that's executed by PHP by being called directly, it won't do anything.
It's worth noting your point for completeness' sake so som
> Name them .inc.php so that they cannot be opened by a webbrowser, thus
> giving more information to a potential attacker.
As always, there's another side to that augment. If you give them the
.php suffix, then they can be ran via a browser "as-is" , which may
not be something you want. Nee
> > What is the purpose of the sprintf?
It's just a way of creating the string without escaping it with quotes
to call the function over and over to keep it clean.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
My host uses safe mode...
What other thing can I do?
Some other method exists to send files besides POST method?
Thank you,
Tom.
"Ryan Creaser" <[EMAIL PROTECTED]> escribió en el mensaje
news:[EMAIL PROTECTED]
> Ing. Tomás Liendo wrote:
>
>>Hi!
>>When the users of my system try to go up file
I tried to singlequote it, i tried to addslashes in it, but nothing work.
""Jay Blanchard"" <[EMAIL PROTECTED]> escreveu na mensagem
news:[EMAIL PROTECTED]
[snip]
[snip]
Look at carefully, when i print my $var, two are inserted into it.
Do you know why it´s happen?
[/snip]
What is the R$ for
[snip]
[snip]
Look at carefully, when i print my $var, two are inserted into it.
Do you know why it´s happen?
[/snip]
What is the R$ for?
[/snip]
Never mind. My output is
R$50,00
Even though the $ is not single-quoted(to avoid confusion) as it should be;
$var='R$'."".number_format(50,2,",","
It´s the brazilian currency simbol.
""Jay Blanchard"" <[EMAIL PROTECTED]> escreveu na mensagem
news:[EMAIL PROTECTED]
[snip]
Look at carefully, when i print my $var, two are inserted into it.
Do you know why it´s happen?
[/snip]
What is the R$ for?
--
PHP General Mailing List (http://www
On 5/26/06, Satyam <[EMAIL PROTECTED]> wrote:
The escaping of invalid characters is already included and beside, you can
simplify your SQL statements such as the example (taken from the phpdocs
header).
echo BuildSql('Insert into ?ttable
(?s,?ns,?mi,?d,?ni,?i)','Something','',5,time(),0,null);
[snip]
Look at carefully, when i print my $var, two are inserted into it.
Do you know why it´s happen?
[/snip]
What is the R$ for?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Look at carefully, when i print my $var, two are inserted into it.
Do you know why it´s happen?
"Matt Carlson" <[EMAIL PROTECTED]> escreveu na mensagem
news:[EMAIL PROTECTED]
>
> I think that one of the issues is that when you assign
> a variable using "" instead of '', it will
> auto-replace
- Original Message -
From: "Dotan Cohen" <[EMAIL PROTECTED]>
To: "Satyam" <[EMAIL PROTECTED]>
Cc: "PHP General (E-mail)"
Sent: Friday, May 26, 2006 6:36 PM
Subject: Re: [PHP] anti SQL injection method in php manual.
On 5/26/06, Satyam <[EMAIL PROTECTED]> wrote:
- Original Messa
On 5/26/06, Satyam <[EMAIL PROTECTED]> wrote:
- Original Message -
From: "Dotan Cohen" <[EMAIL PROTECTED]>
> // Make a safe query
> $query = sprintf("SELECT * FROM users WHERE user=%s AND password=%s",
> quote_smart($_POST['username']),
> quote_smart($_POST['password
I think that one of the issues is that when you assign
a variable using "" instead of '', it will
auto-replace your variable names inline. I don't
know, but I think you should be escaping the $ before
the <.
--- Jo�o C�ndido de Souza Neto
<[EMAIL PROTECTED]> wrote:
> Hi everyone.
>
> I ha
On 5/26/06, Brad Bonkoski <[EMAIL PROTECTED]> wrote:
Dotan Cohen wrote:
> In the php manual:
> http://www.php.net/manual/en/function.mysql-real-escape-string.php
>
> The following method is suggested:
> // Quote variable to make safe
> function quote_smart($value)
> {
> // Stripslashes
>
On Friday 26 May 2006 16:41, Jochem Maas wrote:
> besides .inc.php seems to be/becoming a sort of defacto std (no need for
> filenaming jihad people ;-)
That's certainly worth considering (particularly as the project is still at
the very early stages), thank you both for mentioning it. My experi
Jay Blanchard wrote:
[snip]
I have a var that gets the follow string:
$var="R$color=\"".GE_COR_VALOR."\">".number_format($con->result['preco_v'],2,",",".")."";
When a print it i receive the follow result:
R$ 150,00
Someone knows wath´s happening here?
[/snip]
Yes, you printed out your $var
My apologies. I'll try and remember to do so in the future.
--Daniel
Jay Blanchard wrote:
[snip]
Yet another new release
[/snip]
Please place [ANNOUNCEMENT] in the subject line of your message when
making these announcements.
--
Sparse - a new way to write MySQL-based programs with
[snip]
Yet another new release
[/snip]
Please place [ANNOUNCEMENT] in the subject line of your message when
making these announcements.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Yet another new release, this time with some great new features
including a calendar widget and the ability to populate select boxes on
the fly - all still without doing any programming!
You can see what's new here:
http://sparse-php.sourceforge.net/whatsnew.html
--
Sparse - a new way t
[snip]
I have a var that gets the follow string:
$var="R$".number_format($con->result['preco_v'],2,",",".")."";
When a print it i receive the follow result:
R$ 150,00
Someone knows wath´s happening here?
[/snip]
Yes, you printed out your $var. Did you expect something else?
--
PHP General Ma
Hi everyone.
I have a var that gets the follow string:
$var="R$".number_format($con->result['preco_v'],2,",",".")."";
When a print it i receive the follow result:
R$ 150,00
Someone knows wath´s happening here?
Thanks.
--
João Cândido de Souza Neto
Curitiba Online
--
PHP General Maili
- Original Message -
From: "Dotan Cohen" <[EMAIL PROTECTED]>
// Make a safe query
$query = sprintf("SELECT * FROM users WHERE user=%s AND password=%s",
quote_smart($_POST['username']),
quote_smart($_POST['password']));
mysql_query($query);
?>
What is the purpose o
Dotan Cohen wrote:
In the php manual:
http://www.php.net/manual/en/function.mysql-real-escape-string.php
The following method is suggested:
What is the purpose of the sprintf? If it were using %d on integers I
could see the point, but as we're talking about %s strings, what is
the advantage
Mark Kelly wrote:
At 9:02 AM +0100 5/26/06, Mark Kelly wrote:
TIA in advance for any advice,
And thanks in arrears to all who responded.
Since there appears to be no compelling reason to go either way, and we
already have subdivided include files for functions (to a limited extent)
I've d
Mark Kelly wrote:
On Friday 26 May 2006 14:56, Matt Carlson wrote:
One note on include files. Usually it's "best practice" to not name them
.inc
Name them .inc.php so that they cannot be opened by a webbrowser, thus
giving more information to a potential attacker.
Is this still a concern w
In the php manual:
http://www.php.net/manual/en/function.mysql-real-escape-string.php
The following method is suggested:
What is the purpose of the sprintf? If it were using %d on integers I
could see the point, but as we're talking about %s strings, what is
the advantage to using sprintf? How
Pavleck, Jeremy D. wrote:
Greetings,
I'm creating a more or less 'dashboard' where people can enter the
server name, then I'll snmpget a bunch of different oids and show the
status of the device.
Now the problem is snmpget doesn't allow multiple OIDs in one go, so I
have to snmpget(server, comm
Brad Bonkoski wrote:
...
this adds single quotes automatically - addslashes (unless Im mistaken -
wouldnt be the first time) would add slashes (and not single quotes)
which is not what you want.
Only done automatically IFF magic_quotes_gpc is ALSO on, which in my
case it is off.
excerp
Greetings,
I'm creating a more or less 'dashboard' where people can enter the
server name, then I'll snmpget a bunch of different oids and show the
status of the device.
Now the problem is snmpget doesn't allow multiple OIDs in one go, so I
have to snmpget(server, community, oid1);, snmpget(serve
Jochem Maas wrote:
Brad Bonkoski wrote:
Jochem Maas wrote:
...
Understood what the esacpe character needs to be...the question is
the best way to get it there?
Currently I have:
magic_quotes_sybase = On
this adds single quotes automatically - addslashes (unless Im mistaken -
wou
Brad Bonkoski wrote:
Jochem Maas wrote:
...
Understood what the esacpe character needs to be...the question is the
best way to get it there?
Currently I have:
magic_quotes_sybase = On
this adds single quotes automatically - addslashes (unless Im mistaken -
wouldnt be the first time) w
Angelo Zanetti
Z Logic
www.zlogic.co.za
[c] +27 72 441 3355
[t] +27 21 469 1052
[f] +27 86 681 5885
Jochem Maas wrote:
the problem you have in that the data in the DB is slightly borked
(something that occurred/occurs at the time it's first entered into the
DB).
read the section of the manu
Brad Bonkoski wrote:
All...
A lot has been said recently about the dangers of the family of
magic_quotes...
I understand the dangers.
The question is, for those of us using a database that does not have a
*real_escape_string function...Oracle for example.
What is the *best* way to escape quot
Jochem Maas wrote:
Brad Bonkoski wrote:
All...
A lot has been said recently about the dangers of the family of
magic_quotes...
I understand the dangers.
The question is, for those of us using a database that does not have
a *real_escape_string function...Oracle for example.
What is the *
Brad Bonkoski wrote:
All...
A lot has been said recently about the dangers of the family of
magic_quotes...
I understand the dangers.
The question is, for those of us using a database that does not have a
*real_escape_string function...Oracle for example.
What is the *best* way to escape quot
On Friday 26 May 2006 14:56, Matt Carlson wrote:
> One note on include files. Usually it's "best practice" to not name them
> .inc
>
> Name them .inc.php so that they cannot be opened by a webbrowser, thus
> giving more information to a potential attacker.
Is this still a concern when all include
with regard to clean HTML - check out the tidy extension - it can do wonders
with crufty output.
http://php.net/tidy
tedd wrote:
At 12:26 PM +0900 5/26/06, Dave M G wrote:
Tedd, Adam,
Thank you for your advice. While I'm very grateful for your advice,
unfortunately, it seems that the core o
the problem you have in that the data in the DB is slightly borked
(something that occurred/occurs at the time it's first entered into the DB).
read the section of the manual that Brad pointed out in his reply to learn
about what is going, how to do it properly, etc - but in the short term it loo
All...
A lot has been said recently about the dangers of the family of
magic_quotes...
I understand the dangers.
The question is, for those of us using a database that does not have a
*real_escape_string function...Oracle for example.
What is the *best* way to escape quotes for DB insertion?
I
Angelo Zanetti wrote:
Jochem Maas wrote:
Angelo Zanetti wrote:
Hi all.
I have a situation where people enter values into a textfield can
include the following:
1 ! 2 @ 3 # 4 $ 5 % 6 ^ 7 & 8 * 9 ( 10 ) 11 ; 12 : 13 " 14 ' 15 ? 16
- 17 _ 18
now once the move to another page and then
At 12:26 PM +0900 5/26/06, Dave M G wrote:
Tedd, Adam,
Thank you for your advice. While I'm very grateful for your advice,
unfortunately, it seems that the core of what you suggest do not fit
my situation.
First, with Adam's suggestion that I use instead of . The
output I am generating is
Jochem Maas wrote:
Angelo Zanetti wrote:
Hi all.
I have a situation where people enter values into a textfield can
include the following:
1 ! 2 @ 3 # 4 $ 5 % 6 ^ 7 & 8 * 9 ( 10 ) 11 ; 12 : 13 " 14 ' 15 ? 16 -
17 _ 18
now once the move to another page and then come back to the page where
Angelo Zanetti wrote:
Hi all.
I have a situation where people enter values into a textfield can
include the following:
1 ! 2 @ 3 # 4 $ 5 % 6 ^ 7 & 8 * 9 ( 10 ) 11 ; 12 : 13 " 14 ' 15 ? 16 -
17 _ 18
now once the move to another page and then come back to the page where
the textfield is I e
Hi all.
I have a situation where people enter values into a textfield can include the
following:
1 ! 2 @ 3 # 4 $ 5 % 6 ^ 7 & 8 * 9 ( 10 ) 11 ; 12 : 13 " 14 ' 15 ? 16 - 17 _ 18
now once the move to another page and then come back to the page where the
textfield is I echo out the value they pre
> At 9:02 AM +0100 5/26/06, Mark Kelly wrote:
> >TIA in advance for any advice,
And thanks in arrears to all who responded.
Since there appears to be no compelling reason to go either way, and we
already have subdivided include files for functions (to a limited extent)
I've decided to go with a
At 9:02 AM +0100 5/26/06, Mark Kelly wrote:
Hi
I'm writing a set of db abstraction functions for an internal app which will
give us a set of simple function calls for dealing with the db, like
$result = db_AddEmployee($EmployeeData);
$EmployeeData = db_GetEmployee($EmployeeID);
etc.
There wil
On 5/25/06, George Pitcher <[EMAIL PROTECTED]> wrote:
Last year I switched from using FileMaker Pro to MySQL. One of FileMaker's
quirks was that if, in a text field, you searched for say, 'free ass boo',
it would find any records with those three substrings in that field (in this
example, its 'Fr
On 5/25/06, Ryan Creaser <[EMAIL PROTECTED]> wrote:
Ing. Tomás Liendo wrote:
>Hi!
>When the users of my system try to go up files of more than 460 K, they
>receive the message:
>Fatal error: Maximum execution time of 90 seconds exceeded in
>c:\websites\iracbiogenar48\iracbiogen.com.ar\virtual\pr
Hi
Firstly, I hope it is ok to post this type of message to the group, if
not, could you advise where I could look please...
We need a PHP developer to help create a system management interface.
The developer needs to be able to create/understand UML diagrams and
have an understanding of;
PHP5 (
On 26/05/06, Dave M G <[EMAIL PROTECTED]> wrote:
I also tried str_replace(), but predictably that did not help. As far as
I understand it, it does not accept arrays.
It does, and you can do it with str_replace.
What am I doing wrong in the above code?
And can the two preg_replace() commands
Dave M G wrote:
PHP list,
...
take a look at: http://textism.com/ especially the 'textism' stuff which if
nothing else mgiht give you some good ideas about plain text markup for
conversion to HTML.
--
Dave M G
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http
I believe that those 90 seconds start counting as soon as php starts
interpreting the request, ie. after getting the file and form, not
when it starts uploading.
The second one wouldn't make much sense.
On 5/26/06, Rory Browne <[EMAIL PROTECTED]> wrote:
It's very hard to read code, when either
It's very hard to read code, when either there is no comments, or the
comments are in a language you don't understand.
Hablo pocito Espanol, pero no entiendo bastante para entiender que quiere
decir.
Rory
On 5/25/06, Ing. Tomás Liendo <[EMAIL PROTECTED]> wrote:
Hi!
When the users of my system
[snip]
"[" . $tags . "]"
[/snip]
This in the regex would need to be "\[" . $tags . "\]" as the square
brackets ([]) represent a character class in regular expressions, so must be
escaped to be matched literally
Also /'s should be escaped (\/)
There may be more mistakes but I thought I'd point th
On 5/26/06, Dave M G <[EMAIL PROTECTED]> wrote:
PHP List,
In the code below, I want to take the text within $content, and change
every instance of [h3] into , and every instance of [/h3] into
. And then do the same for [em], [/em], [strong], and so on.
However, this code does absolutely nothing
Dave M G wrote:
PHP List,
In the code below, I want to take the text within $content, and change
every instance of [h3] into , and every instance of [/h3] into
. And then do the same for [em], [/em], [strong], and so on.
However, this code does absolutely nothing to the text stored in conte
Mark Kelly wrote:
Hi
I'm writing a set of db abstraction functions for an internal app which will
give us a set of simple function calls for dealing with the db, like
$result = db_AddEmployee($EmployeeData);
$EmployeeData = db_GetEmployee($EmployeeID);
etc.
There will be quite a few funct
PHP List,
In the code below, I want to take the text within $content, and change
every instance of [h3] into , and every instance of [/h3] into
. And then do the same for [em], [/em], [strong], and so on.
However, this code does absolutely nothing to the text stored in content:
$tags = array
Mark,
I use one functions file per site, then I know that if I include it, and all
of my functions are available.
George
> -Original Message-
> From: Mark Kelly [mailto:[EMAIL PROTECTED]
> Sent: 26 May 2006 9:02 am
> To: php-general@lists.php.net
> Subject: [PHP] Including Functions; one
Hi
I'm writing a set of db abstraction functions for an internal app which will
give us a set of simple function calls for dealing with the db, like
$result = db_AddEmployee($EmployeeData);
$EmployeeData = db_GetEmployee($EmployeeID);
etc.
There will be quite a few functions needed to deal wi
67 matches
Mail list logo
