Something like:
$cleanData = array_map(function($str){return strtolower(trim($str));},
$passedData);
--
The trouble with programmers is that you can never tell what a
programmer is doing until it’s too late. ~Seymour Cray
On Tue, May 7, 2013 at 4:29 PM, George Langley wrote:
> Hi all. I want t
Threading doesn't increase complexity? Spoken truly like somebody who has
not had to actually write, test and debug proper, high performance threaded
code. Please tell me how threading doesn't increase complexity of any data
structure?
I may agree if you talk about php running in cli, but then the
You do all that in the context of a single PHP instance and linear code,
calling curl_multi handles its own threading, you just get back results,
you dont have to store it anywhere outside PHP memory space, and you can
configure timeouts and all that stuff, or you can regulate it yourself. The
data
>
>
> That's all understood but there are times when that one request from
> the visitor requires many sub-requests like connection to DB and
> making SOAP calls.
I would say it's more than just "there are times", that's how a typical
script lives, it imports libraries, queries the database, and
Hey guys (and/or gals),
I have heard this question entirely too many times, I think at some point
Rasmus just stopped responding to it. The real reason that PHP is not
threaded has nothing to do with PHP internal or extension thread safety,
the reason is more to the extent that it doesn't make sen
On Thu, Jul 26, 2012 at 6:24 AM, Lester Caine wrote:
> viper wrote:
>>
>> is it possible to write and read data on a COM or LPT port?
>> is there any function or class in PHP?
>>
>> anyone has already done something similar?
>
>
> Talking in and out of the serial port is not too difficult but is O
Just a few notes on the previous responses.
Delaying with JavaScript, like validating with JavaScript is a rather
pointless endeavor. Think about it, you are putting your "limiting"
mechanism, on the hackers' computer... You can still post to your
server as fast as you want.
With regards to using
You don't need to store it in the database as b64, just undo the
encoding into your inputs
for the purpose of the explanation, this is language independent
b64e - encoding function
b64d - decoding function
pseudo code
given:
bad_num = ') union select * from foo --'
bad_str = ""
good_num = 1234
> question 1
>
> If you use the PHP filters & sanitizations, and you plan on using PDO
> with binded params, are you absolutely safe? And if not, why? What are
> the other ways for them to still make it in - even with PD0 and binded
> params properly in place? Just curious.
There are no known expl
Absolutely agreed. A part of what i was asking deals with what he is
actually doing...
--
The trouble with programmers is that you can never tell what a
programmer is doing until it’s too late. ~Seymour Cray
On Mon, Jan 23, 2012 at 9:37 PM, Robert Cummings wrote:
> On 12-01-23 09:29 PM, A
programmer is doing until it’s too late. ~Seymour Cray
On Mon, Jan 23, 2012 at 7:51 PM, Robert Cummings wrote:
> On 12-01-23 01:32 PM, Alex Nikitin wrote:
>>
>> If you don't mind me asking, if you want performance, which is kind of
>> essential if you are processing a larg
Start off with the fact that that article is from 2006, and its
written by a programmer...
> I was simply asking expert opinion with the intention to learn.
> There is so much docs out there (I mean not just out there but at top
> security sites like owasp ) that recommends database specific escap
Rasmus confirmed that they are having issues with php.net:
You can use the sk.php.net mirror while they fix their problems, as
well as docs.php.net.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
If you don't mind me asking, if you want performance, which is kind of
essential if you are processing a large number of files, why are you
doing it in PHP?
--
The trouble with programmers is that you can never tell what a
programmer is doing until it’s too late. ~Seymour Cray
--
PHP General Mai
Can't get to doc at all here...
--
The trouble with programmers is that you can never tell what a
programmer is doing until it’s too late. ~Seymour Cray
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
There is so much no, answers are in line.
> At the top of each php page which interacts with a database, just have
> this one liner
This has already been mentioned, but again, no, no connection if you
are not actually interacting with the database.
> $DBH = safe_connection("database_name_here");
Capchas can't hold off any decently smart robots, anyone doing their
research can find at least 3 tools that will defeat various capchas.
For example pwntcha is one, Dan Kaminsky did a talk at black hat and
defcon 16 on pwning audio capchas (and a lot of even good ones will
offer audio as an option
Haluk, don't listen to Ross, escaping fails, it was and is a bad
solution to an old and still largely unresolved problem. The problem
is and has been that of language interoperability, and we have been
and continue failing at making a good way for languages to talk to
each other, but because this i
it's only marginally faster, but it does look a bit cleaner, and is a
bit more memory efficient:
$records[] = unserialize(serialize($boundParams));
--
The trouble with programmers is that you can never tell what a
programmer is doing until it’s too late. ~Seymour Cray
On Wed, Sep 14, 2011 at
MySQL real escape string doesn't work, it's a bad solution to the
problem that has been with the internets since the very beginning, and
if people program like they are taught to by books, doesn't look like
it's going away any time soon. The problem of course is that various
programming languages
You can use a limit with a nested select, you just can't use it in
some cases, like inside an "IN" statement, but something like this
should work:
SELECT id, data, etc FROM table JOIN (SELECT special_id as id FROM
special_table ORDER BY special_id LIMIT 0, 1000) AS table2 USING (id)
Note: syntax
On Wed, Sep 14, 2011 at 4:04 AM, Marco Lanzotti wrote:
> Il 13/09/2011 20:58, Alex Nikitin ha scritto:
> > Correction on Marco's post. You can absolutely stop a mysql query
>
> I know I can stop a query, but I don't know how to realize HTTP client
> has closed conne
+1 on terminal.
For gui-based ones, i like to be able to syntax check my code and run it
from within the editor window, tabs for dozens of files i usually have open
at once, highlight that supports many languages as i can be working on many
at once (php, css, js, ruby, python, C, lua, sql, for the
On Tue, Sep 13, 2011 at 3:45 PM, Dotan Cohen wrote:
> On Tue, Sep 13, 2011 at 21:34, Alex Nikitin wrote:
> > And this will be faster or at least more efficient with a limit (e.g.
> limit
> > 50) this way when you have found the 50 users in the "in" statement, you
Absolutely, it was only a minor correction of a sub-point.
--
The trouble with programmers is that you can never tell what a programmer is
doing until it’s too late. ~Seymour Cray
On Tue, Sep 13, 2011 at 3:20 PM, Jim Lucas wrote:
> On 9/13/2011 11:58 AM, Alex Nikitin wrote:
> > On
On Tue, Sep 13, 2011 at 10:40 AM, linuxsupport wrote:
> I enabled debug in log and found this in the log file
>
> [13-Sep-2011 17:03:19.966801] DEBUG: pid 16974, fpm_got_signal(), line 76:
> received SIGCHLD
> [13-Sep-2011 17:03:19.966832] WARNING: pid 16974, fpm_children_bury(), line
> 252: [pool
On Tue, Sep 13, 2011 at 11:44 AM, Jim Lucas wrote:
> On 9/12/2011 7:40 AM, Marco Lanzotti wrote:
> > Hi all, I'm new in the list and I already have a question for you.
> > I'm running an heavy query on my DB in a PHP script called by AJAX.
> > Because client often abort AJAX connection to ask a n
On Tue, Sep 13, 2011 at 2:06 PM, Steve Staples wrote:
> On Tue, 2011-09-13 at 09:48 -0700, David Harkness wrote:
> > On Tue, Sep 13, 2011 at 7:29 AM, Ashley Sheridan
> > wrote:
> >
> > > SELECT * FROM table WHERE userID IN (1,2,3,4,5,etc)
> > >
> >
> > +1. And this is a great place to use implode
If you have to ask these questions, i don't think you should be the person
to do it, i'm sorry.
I wouldn't recommend doing it on a mac, or even one single box, i wouldnt
recommend doig it on non-server hardware, infact most of the time i would
recommend you just buy already pre-sertup servers so t
On Wed, Sep 7, 2011 at 10:21 AM, Ron Piggott wrote:
>
> Hi Everyone
>
> I am trying to load an HTML book into mySQL. The book was distributed with
> each chapter being it’s own HTML file.
>
> The only way I know how to open a file is by specifying the file name.
> Such as:
>
> $myFile = "B01C00
Sorry but escaping doesnt protect against mysql injection either, it is not
a good answer, nor does it really work, its an effort, yes, buuut in unicode
world we pretty much have the ability to override what it means to be a
character through best guess matching, etc, iiit just doesnt quite work;
e
It would be easier and faster to convert your string to lower case, than
perform the upper operation on every entry in the database. Also, just to
point it out, your code is very vulnerable to SQL injection.
But the suggestion is right, dump the query to make sure its correct, and
check for mysql
On Sun, Aug 7, 2011 at 10:03 PM, Donovan Brooke wrote:
> alekto wrote:
>
>> Hi,
>> I have implemented a "remember" me feature in my login-script, but I can't
>> get it to function!
>>
>
>
> If I might be so bold... then you haven't implemented the feature yet,
> right? ;-)
>
>
>
> I want to make
On Thu, Aug 4, 2011 at 12:23 PM, Donovan Brooke wrote:
> Alex Nikitin wrote:
> [snip]
>
> There is code obfuscation with PHP, and you can compile it into C++ with
>> HipHop for php for example...
>>
> [snip]
>
>
> Of course, obfuscation is never a great secu
On Thu, Aug 4, 2011 at 10:31 AM, Donovan Brooke wrote:
> Alex Nikitin wrote:
> [snip]
>
> Also you shouldn't actually encrypt passwords, the proper way to store
>> them
>> is hashed, so that if someone grabs your database, they dont have your
>> pa
On Wed, Aug 3, 2011 at 4:05 PM, Ashley Sheridan
wrote:
> **
> On Wed, 2011-08-03 at 15:35 -0400, Alex Nikitin wrote:
>
> On Wed, Aug 3, 2011 at 3:08 PM, Ashley Sheridan
> wrote:
>
> > **
> > On Wed, 2011-08-03 at 22:02 +0300, Andre Polykanine wrote:
> >
&g
"secret key"), I'm just studying mcrypt's
> possibilities :-).
>
> --
> With best regards from Ukraine,
> Andre
> Skype: Francophile
> My blog: http://oire.org/menelion (mostly in Russian)
> Twitter: http://twitter.com/m_elensule
> Facebook: http://f
I have a neat class you can play with...
--
The trouble with programmers is that you can never tell what a programmer is
doing until it’s too late. ~Seymour Cray
On Wed, Aug 3, 2011 at 2:27 PM, Alex Nikitin wrote:
> Yes, since it's trying to represent in characters some purely bin
Yes, since it's trying to represent in characters some purely binary data,
it is not unlikely that you will get VERY weird characters (and you do).
Also you shouldn't actually encrypt passwords, the proper way to store them
is hashed, so that if someone grabs your database, they dont have your
pas
There are databases with area codes for the first 3, so you only have to
generate 1 million. Why do you need to store all of them again?
On Jul 31, 2011 4:06 PM, "Jason Pruim" wrote:
> No I'm not looking for your phone number... Or for the guy/girl whose
number you thought you got last night at th
Just as a word of caution to everyone on this list, mcrypt version of
blowfish (which is implemented by php) (in linux) has an 8bit bug in it, and
thus should not be used for hashing passwords even as backup. Basically if
you use a character such as say a British pound in your password, blowfish
wi
That would be so extreemely inefficient both resources and bandwidth-wise,
however an interesting thought...
On Jul 27, 2011 4:02 AM, "Pete Ford" wrote:
> On 26/07/11 18:20, alekto wrote:
>> Hi,
>> is there a way to create a tree menu list only by using php/html/css?
>> I found some, but they are
On Fri, Jul 22, 2011 at 3:09 PM, Ashley Sheridan
wrote:
> **
> On Fri, 2011-07-22 at 09:51 -0400, Alex Nikitin wrote:
>
> It would still be quicker with shell tools, imho, granted that some command
> line elitistry would be required... Also if you are going to be doing strin
doing until it’s too late. ~Seymour Cray
On Fri, Jul 22, 2011 at 9:33 AM, Nilesh Govindarajan
wrote:
> On 07/22/2011 06:56 PM, Alex Nikitin wrote:
> >
> >
> > Or you could just grep the directory, not saying you have to do this,
> > but this was kind of fun to write an
On Fri, Jul 22, 2011 at 8:17 AM, Nilesh Govindarajan
wrote:
> On 07/22/2011 11:21 AM, Andreas Moroder wrote:
> > Hallo,
> >
> > I have a PHP application made of many files ( php, images etc. )
> > I have a strong suspicion that many of the files in the application
> > directory are no more in use,
if( $val !== "with" && $val !== "from")
simple comparison = faster solution... also you want type-safe
you could do something like
if(!in_array($val, array("from","with"))) but its neither elegant nor fast
On Jul 14, 2011 12:22 AM, "Ron Piggott"
wrote:
I'm actually interested in finding out if there are any languages that don't
suck in any way... I know and have programmed in about 29, i have yet to
find a language that makes 100% sense and i have no complaints about.
However i still choose PHP over many, many other languages and i implement
php
Actually if you want a very simple way, with a little JS, you can b64 encode
the file and fill in the file field in the form with it (you can hide it or
dynamically tack it on or something), so that you get everything when you
submit the form including the file (you just gotta make a file back out
On Thu, Jun 9, 2011 at 8:37 AM, matty jones wrote:
> I have a mediawiki extension that allows me to design a form in the wiki to
> facilitate data entry into the wiki and it works good except that I also
> want to be able to up load images and take the file location/name and enter
> that into the
late. ~Seymour Cray
On Tue, Jun 7, 2011 at 5:25 PM, Shawn McKenzie wrote:
> On 06/07/2011 03:57 PM, Floyd Resler wrote:
> >
> > On Jun 7, 2011, at 4:42 PM, Alex Nikitin wrote:
> >
> >> If you don't need the location, you can implode the array and use preg
> &
If you don't need the location, you can implode the array and use preg
match, quickly testing it, that gives you about 4.5 times performance
increase, but it wont give you the location, only if a certain value exists
within the array... You can kind of do some really clever math to get your
search
What do you mean by "fuzzy search"? Like an approximate search, and instead
of you stepping through the array, you guesstimate where to start, or search
for approximate string value in an array of strings?
--
The trouble with programmers is that you can never tell what a programmer is
doing until
On Mon, May 23, 2011 at 11:52 AM, Al wrote:
> How can I prevent access to all files in a directory except one with an
> htaccess file.
>
> I've tried several approaches found with Googling; but, none seem to work.
>
> e.g.,
>
> Order Allow,Deny
> Deny from all
>
>
> This seems to me as it shoul
On Mon, May 23, 2011 at 9:32 AM, Joshua Kehn wrote:
>
> On May 23, 2011, at 9:28 AM, Alex Nikitin wrote:
>
> > There is an interesting note in the comments for strcmp:
> > "Well, I am using PHP 4.0 and both strcmp and strcasecmp appear to be
> giving me very a
@David
Fair enough, then i have seen so many badly designed sewage systems, that
the backed up sewage monsters come to me in my dreams... :) wait no the
other one :(
@Paul
And my girlfriend, apparently
--
The trouble with programmers is that you can never tell what a programmer is
doing until it’
apons prepares
them for the battlefield...
Alex
--
The trouble with programmers is that you can never tell what a programmer is
doing until it’s too late. ~Seymour Cray
On Fri, May 20, 2011 at 2:12 PM, tedd wrote:
> At 11:11 AM -0400 5/20/11, Alex Nikitin wrote:
>
>> Also to tedd,
what's the scope?
I have some brain-teasing functions i've been working on, but they are far
from bulletproof, but here is an example
function float_int($significand) {
$sign = ($significand<0) ? true : false;
$significand = abs($significand);
$drep = (decbin( (int) $significand));
until it’s too late. ~Seymour Cray
On Fri, May 20, 2011 at 9:14 AM, Joshua Kehn wrote:
> On May 20, 2011, at 4:41 AM, Tim Streater wrote:
>
> > On 20 May 2011 at 04:03, Alex Nikitin wrote:
> >
> >> but here is a brief example:
> >>
> >> (!DEBUG)
erver messes up
i look at code
i'm still SOL... no keys, so your "protected" area is still protected
--
The trouble with programmers is that you can never tell what a programmer is
doing until it’s too late. ~Seymour Cray
On Thu, May 19, 2011 at 8:57 PM, tedd wrote:
> At 2:
ver tell what a programmer is
doing until it’s too late. ~Seymour Cray
On Thu, May 19, 2011 at 8:18 PM, tedd wrote:
> At 2:29 PM -0400 5/19/11, Alex Nikitin wrote:
>
>> I will try to respond to the original question.
>>
>> Note: this is constructive criticism, so i wont
=== or preg_match for me, lol, unless its all just math :)
--
The trouble with programmers is that you can never tell what a programmer is
doing until it’s too late. ~Seymour Cray
On Thu, May 19, 2011 at 3:26 PM, Joshua Kehn wrote:
> On May 19, 2011, at 3:16 PM, Alex Nikitin wr
> 2. Why strcmp() is better than just comparing?
>
> --
> With best regards from Ukraine,
> Andre
> Skype: Francophile
> My blog: http://oire.org/menelion (mostly in Russian)
> Twitter: http://twitter.com/m_elensule
> Facebook: http://facebook.com/menelion
>
> ---
For input sanitizing, and this will be helpful to anyone who writes code,
listen to dan kaminsky's keynote at "The Next Hope". He did a very good job
at explaining the landscape of web programming and the essence of SQL
injection and XSS, as well as proposed pretty neat ways to fix these.
If you a
I will try to respond to the original question.
Note: this is constructive criticism, so i wont do much in terms of praising
the good parts
It works, its very primitive, in some ways its pretty insecure, for example
it provides no session hijacking protection, it's not written with the
better of
Best way to learn about security of something is to learn how to break it...
On Apr 8, 2011 3:55 PM, "Jay Blanchard" wrote:
>
> [snip]
> whats the best way to learn about security in php?
> [/snip]
>
> Study, study, study!
>
> Chris Shiflett is a recognized expert on PHP security -
> http://shifl
JavaScript is a browser-side language, browsers have cache, cache sticks
around, meaning that you can tell the browser to cache the JS file and not
download it from the server (every time) if its being included on the
browser end (which js is). All means faster page load times post initial
load, an
1-2s? that sounds insane and (to me at least) entirely unacceptable, though
not something that i haven't seen before when i was speeding up our
wordpress...
>From some significant experience of speeding up things, including php
applications, frameworks, various other applications, servers, platfor
Short of some process going crazy, which you should check for, some psing,
top and netstat, i cant think of any reason you should ever get a connection
drop, short of a hardware failure (memory perhaps), or an experimental
kernel settings or modules or something... i cant think of any way that a
co
There could be many a reasons for this, and it really depends on your setup.
For example, is php and memcache on the same server, if they are not what is
the network topology like, it could be a piece of hardware starting to
malfunction, it could be an issue with the networking driver, on the other
sult)) { $internal_links[] =
array('phrase'=>$row->phrase,
'link'=>$row->link); }
(you can figure out how to do it with array_push if you choose to, but you
get the general idea)
~ Alex
On Jan 25, 2011 6:35 AM, "Merlin Morgenstern" wrote:
> Am 2
If you declare your arrays, and set k to 0 first, put quotes around array
values and use the correct limit (you can default to -1), you will get
results, here is code and example (hopefully this helps you)
\\1';
$k++;
}
return preg_replace($pat
One thing to remember is that dealing with results from prepared statements
is different then getting results from queries, so if you are using both,
confusion can easily set in (and lets face it, prepared statements arent
always the best thing to use)... if its of any help, i have written a class
but that doesnt work if you add something after the "Mooo" *sigh*.
well it gets kept
On Thu, Nov 4, 2010 at 3:47 PM, Alex Nikitin wrote:
> Hi,
>
> I'm kind of new to this list, and so if there have been discussions about
> this, i am not quite aware of them
der for this to work
correctly, not sure about the elegantly part, but you can just limit
preg_replace
preg_replace('/(?:(?!"[a-zA-Z\s]*").)*/', '', $str, 1);
and that seems to work correctly...
Neat... kinda...
On Thu, Nov 4, 2010 at 3:47 PM, Alex Nikitin wrote:
Hi,
I'm kind of new to this list, and so if there have been discussions about
this, i am not quite aware of them (i tried searching), but i ran across
this issue and i figured it would be interesting enough to show you guys
here:
I was looking for a way to replace all the text in a string that do
75 matches
Mail list logo
