for. Once
you finish processing it, either change the name again, or move it to a
different directory. Don't reuse the same file name, but add a numeric
value which increases every time you create it. Keep a log of which
files have been processed and any errors each one produced.
Bob McConnel
ment.
And finally, even if they do follow the PCI regulations, you have to
remember that the primary purpose of those regulations is to deflect
liability from them to you when there is a problem. All they need to do
is document one instance where you don't follow the rules and they are
off t
From: Colin Guthrie
>'Twas brillig, and Bob McConnell at 28/02/11 13:23 did gyre and gimble:
>> XHTML also requires all tags, attribute labels and values to be in
lower
>> case and values must be quoted. So your original content should be
>>
>> > widt
uoted. So your original content should be
You should install the HTML Validtor plug-in for Firefox and use it
regularly to catch all of the errors you can. Some of this can also be
replaced with style sheets.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
so that we won't care when it gets turned off.
Early in the script we have the following code:
// If magic quotes is on, we want to remove slashes
if (get_magic_quotes_gpc()) {
// Magic quotes is on
$response = stripslashes($_GET[$key]);
}
Bob McConnell
--
PHP General Ma
From: Peter Lind
> On 9 February 2011 14:57, Bob McConnell wrote:
>> From: Al
>>
>>> On 2/8/2011 4:58 PM, Donovan Brooke wrote:
>>>> Hello,
>>>>
>>>> Just wanted to say thanks to those that helped me get through my
>> first PHP
&g
t forces me to create better, cleaner
html code.
You should also use the HTML Validator plug-in for Firefox to make sure
you are producing valid XHTML. That makes it so much easier to find
those invisible problems. I can't count how many times it has pointed
right at a logic flaw in my code.
B
s
privileged data, you will be financially responsible for the damages. So
make sure you go above and beyond those requirements to protect
yourself.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
nction
> 150 private function
> 37private static function
> 1 protected abstract function
> 1507 protected function
> 63protected static function
> 5 public abstract function
> 2 public final function
> 11956 public function
> 701 public static function
> 1 static function
> 1 static private function
> 10static protected function
> 60static public function
>
> So, as mixed up as my own.
But it is good to know that at least the attributes are commutative. I was
never sure about that.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
idn't seem to be anything. If anyone has any advice, I'd love
> to hear it!
Netbeans <http://netbeans.org/index.html>. Make sure you get the package
with the PHP plug-ins. There are a variety of different sets available.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
s
if (get_magic_quotes_gpc()) {
// Magic quotes is on
$response = stripslashes($_POST[$key]);
} else {
$response = $_POST[$key];
}
For future releases of PHP, this will also need a check to see if
get_magic_quotes_gpc() exists first.
Bob McConnell
--
PHP General Mailing Li
vider has blocked updates for the "official" builds from the CentOS
repositories.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
added to your application as you go along. But a framework pretty much
has to be the starting point for a project. When you use Drupal, you
start by setting up a Drupal server. Then you add your own pages or
maybe a custom module. The same goes for most of the other frameworks.
You start with the
se the master LDAP server for testing. We have a couple of
OpenLDAP servers isolated on our test networks for that. But even those
have to be managed directly. No application is allowed to do more than
retrieve data.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
From: Mohammad Taghi Khalifeh
> On Tue, Nov 30, 2010 at 10:38 PM, Bob McConnell wrote:
>> From: Mohammad Taghi Khalifeh
>>> Hi there,
>>> I have a package written in pure PHP, some .php files that refer to
>>others
>>> via require_once('')
umbs at the start of each file. That should at least help identify how
far you get before it fails.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
list is a neural interface specifically designed for
developers. Unfortunately, neither of those technologies has
materialized.
> (It's felt like Friday all day.)
It still feels like Monday here.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
ys believed that cosmic radiation was the cause.
I'll second the cosmic radiation. We are currently in the low activity portion
of the 11 year sunspot cycle[1], and predictions of the next high are lower
than most cycles recorded over the past century[2]. So that one is not an e
ll accept any email sent to a valid
domain name, then silently discard all messages that don't have valid
user names, expecting that set to be mostly SPAM. This created a new
problem where the legitimate senders no longer know when their mail
didn't get delivered due to a typo in the addre
magic quotes is
enabled. Even if you can turn it off on your server, if there is any
chance your code will be used on other servers where it might not be
turned off, you need to wrap it with the test for magic quotes to make
it safe. We always used the version wrapped in the magic quotes check.
That w
y you would be hired for any shop that I have ever worked in.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
From: ??
> Is there any application like Google Doc(here I mean the spreadsheet).
What is your conception of "like"?
Have you looked at OpenOffice?
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
enough of each to be
very dangerous.
I'm most comfortable in C, so I lean towards that for casual projects at
home.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
put parameters.
Rough guess in temperate zones is that for each 250 miles you move west,
it delays the event by 15 minutes. But when you get within 22 degrees of
a pole, the event may not occur for days, or weeks, or ...
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
alled $varworld, and in the second it would be looking for a simple
>> scaler called $arr, not the array value you wanted.
>>
> Ash:
>
> I understand what the {} does, but just like in HTML, it is more
proper
> to use lower case for the attributes/elements, and use " (double
quotes)
> when wrapping the attributes... but is it not "REQUIRED" to write it
in
> that manner... just like it is not required to wrap the variables in
{}
> when inside the ""...
>
> that's just me, I tend to try and do that every time...
XHTML requires both lower case and double quotes. So if that may be in
your future, you should be using both already.
I don't know about HTML 5. Since that spec is still years away from
completion and hasn't added anything we can make use of, we haven't even
bothered to look at it.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
ehind the MS-Windows version.
In reality, .Net is a poor clone of the Java runtime environment, while
C# is a poor clone of the Java language. They were created after the
courts told Microsoft the Sun license did not allow them to subvert the
Java API to build applications that would only run on th
From: tedd
> At 2:23 PM -0400 9/24/10, Bob McConnell wrote:
>>
>>A switch works when a single test can dispatch all possible branches.
If
>>you have a series of tests where each looks for a different subset of
>>conditions, you need an elseif.
> Not so, O
e all live with what we create.
I suspect he actually means create a new table using a predefined
schema. But unfortunately, he doesn't appear to know enough about the
problem to be able to explain it. He is either in way over his depth, or
hasn't done a very good job of defining his requirements.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
nfuses me. It is *much* easier for me to use, understand,
> and document a switch statement than an elseif.
>
> Your mileage may vary.
A switch works when a single test can dispatch all possible branches. If
you have a series of tests where each looks for a different subset of
conditions, you need an elseif.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
From: chris h
> On Fri, Sep 24, 2010 at 8:35 AM, Peter Lind
wrote:
>
> On 24 September 2010 14:22, Bob McConnell wrote:
> > From: David Hutto
> >
> >> On Fri, Sep 24, 2010 at 4:09 AM, Gary
wrote:
> >>> Daniel Kolbo wrote:
From: Peter Lind
> On 24 September 2010 14:22, Bob McConnell wrote:
>> From: David Hutto
>>
>>> On Fri, Sep 24, 2010 at 4:09 AM, Gary wrote:
>>>> Daniel Kolbo wrote:
>>>>
>>>>> Say you have two classes: human and male. Further, s
e than 50%
of the time, we will never know, since the client doesn't keep track of it. But
the rest of them will be assigned sometime after they were added. i.e. the
gender assignment comes from a secondary source that is not available at the
time the patron is entered.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
insert the newlines. Using tr(1) to replace all "><"
pairs with ">\n<" might be an improvement. Would it be easier to remove
the extras, or to insert all of them in the first place?
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
>mind-reading extension to PHP, but it's not finished yet."
>
> Customer: Thanks for your opinion. We'll be in touch.
>
> Customer to his secretary: Let's find someone who knows how to do
this.
Anybody that tells him it can be done is lying through their teeth and
will just be stealing his money. He probably deserves what he gets in
this case.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
n as a service. But if he leaves the
computer on, it has to be on his desktop, probably with an entry in his
Start directory to start it when he logs in. But he has to actually log
out of the desktop to block access, not just leave it in the screen
saver.
Bob McConnell
--
PHP General Mailing Lis
Did you mean to say "That is a method call."?
Bob McConnell
-
From: Joshua Kehn
That is a function call. In Java:
class Code
{
public static void function do_command(){ }
}
Code.do_command();
Regards,
-Josh
J
as
well. I reported that as a bug in PHPMailer a while back. If it is
correct, it may actually fix the bare LF's for you.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
m
should be ASCII/UTF-8 text.
There is one other possibility. According to the RFCs, the standard line
ending for email is CRLF. Make sure your system is sending both
characters after each line. There is a slim chance the server is cutting
you off after some number of bytes if you are only sending
ld be able to re-open the
connection at this point and resend the message that triggered the
error. Then resume working on the rest of your list.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
of options here that are not easy to
evaluate. We have used a variety of different hosts through the years as
our needs and requirements changed. Our current one is fully managed,
guarantees PCI compliance and is very expensive. But it is still less
than the FTE we would have to hire to do it all our
possible. They have a variety of tried and tested functions for
this very purpose. You can use them as is, as models or as frameworks
for your own variations on the theme.
Bob McConnell
[1] <http://www.owasp.org/index.php/Main_Page>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
gt;
> ~0001 = 1110
>
> But, when you then express that pattern in decimal, the rules
> regarding 2's compliment kick in. -128 to 127 = 256 options. Not -127
> to 127 ... what happened to -0?
To make it simple, the computer hardware doesn't know or care if you want two
bits or 128, so neither can PHP. If you are only interested in the lower bits,
you need to mask your answer to throw away the rest. For example, doing a
bitwise AND with 3 will discard all but the last two bits, 7 will give you the
last three bits, etc.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
have not discovered any easy
> means to craft an input that will collide with a given hash.
That's a simple matter of brute force, which can be done once and saved
for instant use later. However, putting a salt into your algorithm
pretty much eliminates the chances of success using that att
the code
used for that character on the server. I see this frequently when
viewing pages translated from other languages into English, or pages
generated by any number of Wikis and template packages. UTF is still a
quagmire of incompatible font sets.
Bob McConnell
--
PHP General Mailing List (htt
browser would see
PHP is if the server is misconfigured. The browser will simply display
it as it would HTML. It doesn't know PHP from plain text. Actually, the
browser could not process PHP, since most of the resources needed are
still on the server.
Bob McConnell
--
PHP General Mailing List (h
nly '/usr/lib/apache' which contains
only .so
>>> files.
>>>
>>
>> there's no /etc/apache either?
>>
> No
Some distributions have really screwed up the locations of various
applications. This is compounded by the decision to rename the Apache 2
ure and liability while still being able to use that data.
3. Spend some time reading the PCI requirements in your country and try
to implement as many of those as possible. But keep in mind that they
exist solely to protect the credit card issuers. You need to figure out
how far you need to go in o
From: Richard Quadling
> Quick set of eyes needed to see what I've done wrong...
>
> The following is a reduced example ...
>
> $Set = array();
> $Entry = 'Set[1]';
^^
Shouldn't that be $Set[1]?
> $Value = 'Assigned';
>
t to 0 on a successful
login, or 1 on an unsuccessful attempt more than 30 minutes after the
previous attempt.
The error message is the same for all login failures, no matter what the
cause.
While logged in, if a page is requested with the value of u_touch more
than ten minutes old, the user is au
ce code form. In this case, you are probably better off defining
minimum versions for the web server and PHP module that is required and
allow the user to install those on his own. Most distributions already
have those components packaged in an easy to manage kit.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
osite in Sudbury, Ontario, Canada. I attended 4 different high
> schools. Some if it is blurry now :)
The use of Watcom tools would make sense since the Wat was an
abbreviation of Waterloo, Ontario. That was also the source of the
WatFor Fortran compiler I used in 1968.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
From: Per Jessen
> Bob McConnell wrote:
>
>> In chronological order -
>>
>> Languages: [snip] C++ (Still don't
>> understand the purpose of objects or classes).
>
> Two words - encapsulation and abstraction.
Both of which are euphemisms that simply
. We have to custom
compile 5.2.13 just to pass our PCI audits.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
One other resource I haven't seen in the PHP community is an organized
collection of free and public domain code resources. Perl has CPAN, C
has Snippets <http://snippets.snippets.org/index.php>, and there are
other similar resources for other languages. I haven't found the like
for PHP yet.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
ash("sha512", $_POST["password"]);
>
> It does not match the password the user´s got in /etc/shadow file.
>
> Anyone knows why?
I believe you forgot the salt. Traditionally, Unix adds an additional value to
the password before it is encrypted. I don't know where
From: Ricardo Martinez
> i want ask to the list, if anyone knows a FIle Manager with ACL,
written in
> PHP and MySQL.
Dokuwiki doesn't require a DBMS, but can use MySQL if you really need to
shoehorn it in.
<http://www.splitbrain.org/projects/dokuwiki>
Bob McConnell
--
PH
something and
stick with it. If you are working in a group, or are employed to write
code, there may be requirements agreed upon or required in that
environment. You may not find out about them until your first code
review, but be assured, you will eventually be told about them.
Bob McConnell
--
P
relate to array capacity in different OS.
>Please give me some tips,thanks in advance.
Did you really have to post the same message eight times?
CentOS is Red Hat minus the proprietary elements, so you actually have
two releases of the same OS here. The bigger question is what version
g b.php as an external command, so it is running as a CLI,
not in the httpd server. You need to check to see how your PHP command
line is configured, it may need the full tag no matter how the server is
set up.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
e on other systems that use Oracle or Sybase
ASA on the back end, but those are stored as a shell database and sets
of patch files for each build.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
should also check in the Save option to see if anything was actually
changed. The record shouldn't be updated if nothing was edited.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
From: tedd
> At 10:53 AM -0400 7/2/10, Bob McConnell wrote:
> >This discussion began when I pointed out that the name attribute is
> >deprecated in XHTML. This was later confirmed when someone pointed to
> >the actual specification at <http://www.w3.org/TR/xhtml1/>, h
The
applicable section is shown below. Apparently HTML 5 is planning to take
a different path. Of course, nobody knows that for sure since the spec
is far from complete and will likely be undergoing major changes for
several more years.
Bob McConnell
-8<
rences given earlier in this thread, I see
that id is now a core attribute, i.e. it is available for all but a
handful of tags, while name is only available for the tags where it is
explicitly included. So it still appears to me that id is the preferred
attribute, as it is more generally available.
B
From: Peter Lind
> On 1 July 2010 14:38, Bob McConnell wrote:
>> From: Adam Richardson
>>
>>> On Wed, Jun 30, 2010 at 9:16 PM, David Mehler
>> wrote:
>>>
>>>> Hello,
>>>> I've got a php form processing question. I've got
t the current HTML 4.01 and XHTML 1.0 specification, you
will find 'name' is no longer listed as a standard attribute. It is all
but obsolete and has been replaced by 'id' almost everywhere. They
actually recommend you put both attributes into tags with identical
values until your applications can be updated to drop all uses of the
name attribute.
<http://www.w3schools.com/tags/default.asp>
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
command from
sending
> mail by default. I'm using Fedora 11, so I assume it will be similar;
> there are config tools for setting SELinux policies, or you could even
> turn it off (not advised on a live server). As a test, try turning it
> off temporarily just to see if it is the culprit, then you can
determine
> what policy changes need to be made.
Don't turn it off, set it for Permissive mode. It will both allow the
connection and log why it wouldn't allow it in normal operation. Then
you can review the logs and make the necessary adjustments.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
From: Peter Lind
> On 25 June 2010 19:58, Bob McConnell wrote:
>> From: Daevid Vincent
>>
>>> Why do this "in_array()" business??
>>>
>>> Just do this...
>>>
>>> if (self::$aboveArray[$name])
>>> {
>>>
From: Daevid Vincent
> Why do this "in_array()" business??
>
> Just do this...
>
> if (self::$aboveArray[$name])
> {
>//something interesting here
> }
Does that gibberish actually do something? It doesn't make any sense to
me, while in_array()
t would be converted into a
negative number.
This is a common issue when the size of numbers exceed the storage space
allotted. It's well understood in tightly typed languages, but often
missed in the more loosely typed languages like Perl and PHP.
Bob McConnell
--
PHP General Mailing L
hose credentials will actually work?
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
l, but it persists:
>
> $moditem = str_replace("(r)","","$mystring");
>
> I tried replacing the symbol in the above syntax with the HTML
> equivalent but no luck.
It depends on what you want it for. For a URL, the HTML encoding is
'®' '
valent packages in Perl, and this is
mostly a port of them into PHP. In addition to that, I have written my
own db_dummy.php to emulate the PostgreSQL library in PHP.
I have no class, so the OOP test modules are of no use to me. After 40
years of procedural programming, I simply cannot see anythin
flags to your user
table and set one of them when they fill out the form. Don't show them
the form after it is set. Having a couple, you can do a couple of
questionnaires simultaneously, and clear the matching flag when you
close the form.
Bob McConnell
-Original Message-
From: Juan
a reorg
> would help?
ISTR there are three signs of old age. The first is loss of memory, but
I can never remember the other two.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
r search down a bit.
Are there corrupted files on the server?
Who has write privileges for those files and directories?
Are they tracked via a content management system?
Who last wrote to them?
Can you further restrict who is allowed to write into those files and
directories?
Bob McConnell
There should be some clues in your httpd logs if it is coming in on the
http request. Otherwise, you need to beef up the input sanitization all
across the board. Some of that might be caught by verifying the users
all have current versions of their applications in place.
Bob McConnell
he "Head First" line is
> a bit too "hip" for me. Instead, I recommend "Learning PHP, MySQL &
> JavaScript" by Nixon published by O'Reilly (most O'Reilly books are
> very good).
I just wish there were PostgreSQL translations for some of these
ay to move a database is to back it up on the original
server, then restore it on the new one. That way all system tables would
be correctly updated by the server.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
ch can only be done if you change the port number.
How did you install the first server? Was it part of the java install or
did one of the other packages you installed put it there? Do you still
have the documents for that package with the default users and
passwords?
Bob McConnell
--
PHP
estion is whether unicode is even relevant now that the UTF
series is available. I see no reason to have to deal with two competing
"specifications", when one of them is more than adequate for the job and
the other is not even finished yet. That's like the old days when a few
users demand
if the file
isn't
> found. Try changing it to include_once() and see if you can _any_
output.
We struggled with this as well. require terminates the process without
any indication of why it stopped. No error, no exception, not even a
whimper. Recording a basic "file not found" message in the error log
would be a major improvement.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
le. I use UTF-8 for most of my PHP
>> files, but I've been sticking to the ASCII subset exclusively.
>
> I don't use the higher range of characters often, but I do sometimes use
> them for things like the graphical glyphs (½✉✆, etc) I know I could do
> those with regular text and the Wingdings font, but that's not available
> on every computer, and breaks the semantic meaning behind the glyphs.
What higher range? ASCII only defined 128 values, the bottom 32 being control
characters that don't print. Anything outside of that is not ASCII, but a
proprietary extension. In particular, the glyphs usually associated with 0-32
and 128-255 are IBM specific and not guaranteed to be present outside of their
original video ROM. So only the first 128 characters map directly into UTF-8.
Bob McConnell
Ref: pp 25-29 The Programmer's PC Sourcebook, 1988, Thom Hogan, Microsoft Press
fields in the form that was submitted. If you want to change
that you need to either replace the browser with one you modified to act
the way you want, or change the page to combine all of the forms into
one. You can try to work around it using Javascript, but that will only
work for people that
From: loki
> On 5/24/2010 11:31 PM, Bob McConnell wrote:
>> From: loki
>>
>>> PHP is installed in c:\program files\php
>>> the PHP script are in network drive \\xxx.xxx.xxx.xxx\scriptdir\
>>> in the PHP script, we try to launch the command @exec(...) w
> but if we move the PHP script from \\xxx.xxx.xxx.xxx\scriptdir\
> to c:\scriptdir\ then it's work !!
>
> everything work good EXCEPT the @EXEC command ...
Is 'C:\Program Files\PHP' in your PATH? You may need to add that
manually.
Bob McConnell
--
PHP General Mai
e file it would look like (from the original file the user
uploads
> that is)
>
> 1
> 2
>
> 3
> 4
>
>
> 5
>
> 6
>
>
> but when the file is saved to the server it must look like
>
>
> 1
> 2
> 3
> 4
> 5
> 6
>
> but it nev
ends read from that stream. Likewise, if one end is expecting
ASCII, while the other is sending UTF-8, there may be the occasional
multi-byte value that gets scrambled.
On the other hand, I may be way out in left field.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
te. And I would
> like to include some security tests before it goes online. It´s not
> actually working in production environment, but it´s ready to use it.
You probably want to start by looking at the OWASP project.
<http://www.owasp.org/index.php/Category:OWASP_Project>
Bob
From: Richard Quadling
>On 14 May 2010 14:47, Bob McConnell wrote:
>> Actually, I believe that linking a session to a specific individual
>> without reading a biometric key with every http request is an
>> unacceptable risk. And no, I don't do any banking online.
&
From: Robert Cummings
> Bob McConnell wrote:
>> Web servers can only identify computers, not users. You will need
>> something else to track which user started a specific application on
a
>> particular computer, probably a fingerprint scanner next to the
>> keybo
eas,
You probably should look at the documentation for html entities and
magic quotes to see what is and is not allowed in a URL. There are a
number of characters that may be modified by either the browser or the
server before you get your hands on them.
Bob McConnell
--
PHP General Mailing List (
of my head. Some of them will
link into the USDA Nutrition Database as well. You may not need to
reinvent this particular wheel.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
d and the chair after they log in. Plus, it is
unlikely that will be useful in a true multi-user environment. There are
simply too many possible ways to get around your restrictions.
Bob McConnell
-Original Message-
From: Jagdeep Singh [mailto:jagsaini1...@gmail.com]
Sent: Friday, May 14,
ions create two processes to service a socket, one to send, the
other to receive. Only occasionally does a protocol require alternating
messages similar to a conversation or ping-pong match.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
y a different breed ;-)
>>>
>>
>> Yes, the breed that finds such chatter assuming.
>>
>> Careful, we might drool on our pocket protectors. :-)
>
> I have some duct tape that can help you with your drooling problem!
I use some 100-mile-an-hour tape my son left the last time he was home
on leave. That reminds me, I need to get some more from him when he gets
back from Baghdad next month.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
nformation.
If the data is really stored in strings, you need to break it down into
substrings around the decimal and then convert both sides into integers
and combine them into an integer value. It is the conversion into float
that introduces the error because of the imprecise representation of
fractional decimal values in binary.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
t students can masquerade as
parents and vice versa? And that strangers can masquerade as either? If
so, then a simple check box on the registration page will suffice. If
not, they will need to establish a manual authentication step as part of
the registration process and control that check box themselves.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
nce those empty rows?
Think about the ramifications of old data in other tables that may be
inherited when new rows are assigned a deleted ID.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
he even rows. It's very easy to create multiple variations that way.
Javascript is definitely out. Only a fool or an imbecile intentionally
enables primary malware infection vectors like that. I believe Firefox
should install the NoScript add-on by default with maximum protection
enabled.
1 - 100 of 282 matches
Mail list logo
