Building PHP 4.3.4 with Apache 1.3, SAPI and CLI versions (no CGI) ...
Now that I found the config command used for the last build, I rebuilt
PHP (config, make, make install) with one change -- at the end of the
config line I added --enable-dbase.
If I look at the phpinfo() output now, in both
On 8 Nov 2005 Richard Lynch wrote:
> You should run it from the browser, and from the CLI separately, as
> they could be different builds.
I had wondered about that but they are the same build. I was planning
to double-check anyway.
> There is also config.nice if it was installed from source.
On 8 Nov 2005 Minuk Choi wrote:
> can you get the output from phpinfo()?
Thanks. I've used phpinfo() many times but never looked at that bit of
the output. It's exactly what I needed.
--
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.ph
I need to rebuild PHP on a Linux box (RHEL). It has been built there
before but I cannot locate the proper command line for configure --
config.status is no longer accurate as configure was run with no
arguments. Is the old configure command line saved in a log somewhere?
If not is there a si
[Note that I changed the thread title to reflect that this isn't really
about templating.]
> Yes I thought of this, but in my case a flat file would be better. The
> same problem applies though:
> [quote]
> This is all no problem, except that these lists can be pretty big. And I
> wouldn't like
On 8 May 2005 Evert | Rooftop Solutions wrote:
> What I really need is a fast lookup mechanism, to 'translate'
> statements.
>
> For example:
>
> setOutputType('xhtml');
> echo(translate('authorstart'));
>
> the function translate opens xhtml.data, which contains:
>
> authorstart :
> authore
> > It's more like a theoretical "hole" that may some day prove to be the
> > first step in a long long long process of understanding something that
> > might maybe some day yield a way to de-crypt MD5.
>
> That's exactly my point.
>
> It's similar to how a local root exploit sometimes evolves in
On 21 Apr 2005 Greg Donald wrote:
> > Same thing with MD5, it
> > is just one way, it can't be reversed.
>
> MD5 collisions were found last year:
> http://cryptography.hyperlink.cz/md5/MD5_collisions.pdf
>
> Just a matter of time/cpu power.
I don't think that's right. Collisions allow certain
On 21 Apr 2005 M Saleh EG wrote:
> It's simple.
> If your system supports it performance wise.
> Grab the id and compare it against the md5 version of the id saved in the
> cookie.
Actually I think the discussion was about reversing the MD5 to get back
the original message -- not about co
On 21 Apr 2005 Jason Barnett wrote:
> Any information that you wouldn't want in the script in plain text, you
> probably don't want in the database in clear text. Moreover MD5 is a
> one way hash and although it is broken, you probably don't want to spend
> the processing time needed to reverse i
On 18 Apr 2005 Proudly Pinoy wrote:
> I've read from php.net/setcookie and codecomments.com that using
> localhost won't work with cookies and neither are IP addresses. So
> how do I test cookies on local system?
Hmmm, this works just fine for me -- I do it all the time. I tend to
do it with a
On 17 Apr 2005 W Luke wrote:
> I have about 200 records in a table, and I need to update 2 of the
> fields. The first is easy, but the second contains a list of keywords
> all separated by spaces; I need to replace the spaces with commas. Is
> this something I can do with some clever SQL, or sha
On 16 Apr 2005 Chris Knipe wrote:
> I'm not sure if round() is what I am after. I want to round whole numbers
> to the closest 10 - thus, not decimals, etc.
Just use a precision of -1. For example round(125, -1) will return
130.
--
Tom
--
PHP General Mailing List (http://www.php.net/)
To u
On 16 Apr 2005 Khorosh Irani wrote:
> How I can find it in phpinfo() ?
Another (simpler) approach is:
echo php_sapi_name();
which will return 'cli', 'cgi', etc.
--
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Here is a little code that shows the "web-safe" colors and their
"opposites" using the algorithm I described in the previous message:
");
print("\n");
print("Color\n");
print("Color swatch\n");
print("'Opposite' swatch\n");
print("'Opposite' color\n"
On 16 Apr 2005 Ryan A wrote:
> eg: if they pick white I need the heading to be black and vice
> versa...any way to do this?
Well it depends what you mean by "opposite", but as a starting approach
I would try simply complementing the bits in the RGB value:
$opposite_color = $original_co
On 14 Apr 2005 Chris Shiflett wrote:
> When a user enters a credit card number, there may likely be a
> verification step before the actual purchase is made. It's better to
> keep this number on the server (in the session data store) than to
> unnecessarily expose it over the Internet again (SS
On 13 Apr 2005 Richard Lynch wrote:
> I have what I consider a MINIMUM standard level of security for any site
> that asks for a password.
>
> That would include:
> Not storing the password *ANYWHERE* in clear-text.
> Not in database.
> Not in $_SESSION
> Not in COOKIES
Agreed. I see less
On 15 Apr 2005 Tom Rogers wrote:
> BD> a. Must contain an 1 uppercase letter. [A-Z]
> BD> b. Must contain 1 digit. [0-9]
> BD> c. Must be a minimum of 7 characters in length. {7}
>
> BD> I'm not sure of how to build the correct syntax for using all 3
> BD> requirements together.
> easier done se
On 11 Apr 2005 Chris Shiflett wrote:
> > > DO NOT STORE PASSWORDS ON USERS COMPUTER
> >
> > A couple of people have stated this but I think it is incorrect.
>
> Please refrain from such speculation, because it does nothing to improve
> the state of security within our community. This idea of st
On 12 Apr 2005 blackwater dev wrote:
> $good = "joh_'";
>
> // Let's check the good e-mail
> if (preg_match("/[a-z0-9]/", $good)) {
> echo "Good";
> } else {
> echo "Bad";
> }
>
> This returns Good, why?
That regex matches any string which contains at least one (lowercase)
lett
On 11 Apr 2005 Richard Lynch wrote:
> > Well, just because I'm not sure it is worth the effort. What is the
> > point of storing a hash code as a proxy (in the colloquial sense of the
> > word) for an encrypted password if knowing the hash code gets you the
> > same access as knowing the password
On 9 Apr 2005 Ryan A wrote:
> This certainly has turned out to be an interesting discussion.I
> usually send the info via sessions...how bad is that?
Well if you are using sessions it is worth thinking about session
security, for example:
http://shiflett.org/articles/the-truth-abou
On 9 Apr 2005 Jason Wong wrote:
> > I might, depending on
> > the needs, store a hash code as others have suggested
>
> Why not in *all* cases?
Well, just because I'm not sure it is worth the effort. What is the
point of storing a hash code as a proxy (in the colloquial sense of the
word) fo
On 9 Apr 2005 John Nichel wrote:
> While it is not absolute that you can't store passwords in a cookie, it
> is an absolute that you _shouldn't_
Sorry, I don't agree. There are very few absolute rules in software
development.
For sites accessing sensitive information or that allow spending mo
On 9 Apr 2005 Andy Pieters wrote:
> It doesn't matter how you encrypt it.
>
> DO NOT STORE PASSWORDS ON USERS COMPUTER
>
> I hope that's clear enough.
A couple of people have stated this but I think it is incorrect. For
one thing the users themselves are very likely to store the password
the
On 8 Apr 2005 Chris Bruce wrote:
> I need to be able to break out the tax, amount and type that were
> entered on each line of a form and then apply calculations and do
> database inserts on each. As you can see what I need is in sets of
> three denoted by the integer at the end (tax0, amount0,
On 25 Mar 2005 Joshua Beall wrote:
> P1: "Does token.status = 'locked' WHERE key=$key ?"
> P2: "Does token.status = 'locked' WHERE key=$key ?"
> P1: {Receives negative response}
> P2: {Receives negative response}
> P1: Updates token.status. = 'locked' WHERE key=$key
> P2: Updates token.status. = '
On 24 Mar 2005 Joshua Beall wrote:
> I realized that this sort of problem would always exist unless I had some
> sort of semaphore mechanism. Once a user has *started* a transaction, they
> need to be prevented from initiating a second transaction until the first
> transaction has been complet
For the basic logout, it's very easy.
Store a session variable which is the "last active time". Initialize
it to the current time when the user logs in.
Each time a page loads, start the session and check current time
against the last active time. If the difference is over the limit,
display
On 14 Mar 2005 Dotan Cohen wrote:
> change
>
>
> To:
>
This does not address the question. The OP saw small dots in the
password display, he wanted asterisks. That is not because he was
using type='text' but because he was already using type='password' and
the browser had a particular wa
On 14 Mar 2005 Ross Hulford wrote:
> Does anyone know how to change the style of password boxes so when
> the characters are entered an asterisk appears rather that a smal
> circle?
It is determined by the browser and OS. I presume you are talking
about Windows XP, which is where I see that be
On 7 Mar 2005 Jay Blanchard wrote:
> /t and /n do not work for HTML output. If you view the source of your
> HTML output you will see that the tabs and newlines are used properly.
> You will have to substitute an HTML equivalent.
The HTML equivalent would likely be tables -- but if he uses then
On 4 Mar 2005 J. L. Marcelo Chaparro Bustos wrote:
> Hola, bueno acabo de incribirme el la lista y queria saber si alguno
> de ustedes tiene un manual PHP basico que me pueda enviar o decir
> donde poder bajarlo, para orientarme un poco. gracias
Translation: Hi, I just joined this list and I wan
On 2 Mar 2005 Erbacher Karl wrote:
> I'm not sure if this is even a PHP question, but I'm hoping someone can help
> me. I need to encipher data to be stored in a database and then I need to be
> able to decipher it to use it. I was thinking of using DES and I obtained a
> pair of keys, but I'm
On 16 Feb 2005 Richard Lynch wrote:
> Use the exact same session stuff you have now and just dump the
> serialized data into SQL using the 5 functions for session handling.
Oh, OK, that's what you meant about the 5 functions. I am not sure of
the advantage to that, actually something I've alwa
On 15 Feb 2005 Greg Donald wrote:
> > If you have to choose between a meaningful variable name and performance
> > considerations, buy more hardware! :-)
> >
> > The cost you'll save in the long run for code maintenance will make it
> > worth it.
>
> Comments in the code make using short session
On 15 Feb 2005 Richard Lynch wrote:
> Throw an ab (Apache Benchmark) test at it and find out.
>
> Don't just guess or sit there wondering.
>
> You could run test in about the time it took to compose this email --
Perhaps if you are already familiar with ab, which I'm not ... and if
the server
I have a multi-page form which I build up and store in session
variables. The data saved includes all an internal list of items on
the form (derived from a database table), all the form field specs
(derived from the internal item list), the data for the fields (from
another table), default dat
On 11 Feb 2005 Richard Lynch wrote:
> BAD: http://example.com/dynamic_pdf.php?record_id=1
> GOOD: http://example.com/dynamic_pdf.php/record_id=1/fool_ie.pdf
Just curious, how does IE screw up the first one?
--
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://
On 10 Feb 2005 Richard Lynch wrote:
> Perhaps you need to use http://php.net/reset
>
> You see, when you do foreach or each or any of those, there is an
> "internal" setting in the array that is altered to keep track of where you
> are. Kind of like a big "You are here" arrow inside the guts of
I have a form which is too long to be useful displayed on one page. I
have it broken up into 7 sections. All 7 are generated by the same PHP
source file, from data in a database.
When the user updates a section they can submit it and go to the next
section, or submit it and finish (return to
On 8 Feb 2005 Greg Donald wrote:
> It's pretty simple to scrub the data away.
>
> $cc = '1234123412341234';
>
> // do processing
>
> $cc = md5( time() );
This only works if PHP uses the same storage for both strings. If it
reallocates the storage, for example because the md5 result is longer
On 8 Feb 2005 Jochem Maas wrote:
> don't agree - I'd rather be cautious on a hunch, especially given that I
> have no means to personally verify the risk other than in terms of total
> financial ruin if a real problem occurs even once. besides its a moot point
> there is no need to handle creditca
On 8 Feb 2005 Jochem Maas wrote:
> This was aimed at me. I personally wouldn't touch a CCN with a barge pole,
> I did say it was 'best' not to accept them at all, although accepting them and
> immediately passing them on via an SSL link (e.g. with cURL) is probably
> 'good enough' - at least, appa
On 7 Feb 2005 Jochem Maas wrote:
> > IE, is their a way to get PHP to overwrite the memory
> > used by variables at the termination of a script?
>
> don't know about that but best not to accept the CCNs in the
> first place. let the user enter it at authorize.net.
I think this is an extraor
On 3 Feb 2005 Richard Lynch wrote:
> If it was only two pages, and there was only one header() re-direct, fine.
>
> But what ends up happening is you get in the habit of doing this all over
> the place, and you have a mess of spaghetti logic spread over a hundred
> files.
That is a problem with
On 29 Jan 2005 tom soyer wrote:
> I tried mysql_connect() function, and it won't reture FALSE if
> connection failed. Instead, the script times out after 30 seconds and
> displays an Fatal error message "Maximum execution time of 30 seconds
> exceeded".
I think the issue here is if the server do
On 28 Jan 2005 [EMAIL PROTECTED] wrote:
> Thanks, Tom. I agree, but not an option at this time - other parts of the
> design require this to be a regex.
It is pretty easy to do with two regexps, one to check the length and
another to see if there is a double &. Would that work? I don't know
On 28 Jan 2005 [EMAIL PROTECTED] wrote:
> I need a validation regex that will "pass" a string. The string can be no
> longer than some maximum length, and it can contain any characters except
> two consecutive ampersands (&) anywhere in the string.
This is an example of something that is easier
On 26 Jan 2005 Jennifer Goodie wrote:
> if (isset($fields['flags']['someflag']) && $fields['flags']['someflag'])
> if (isset($_POST['checkboxfieldname']) && $_POST['checkboxfieldname'])
>
> The && short-circuits, so the second part of the conditional only
> gets evaluated if the first part is t
On 26 Jan 2005 Jason Barnett wrote:
> if (isset($_POST['checkboxfieldname'])) {
>/** do stuff */
> }
Sorry, I should have mentioned that I knew about using isset -- it
works OK for the checkbox example, though I'm not clear if this
behavior is specified and therefore will not change -- i.e.
On 24 Jan 2005 James Kaufman wrote:
> I just tried it with php 4.3.8 and it did not throw a NOTICE with @list.
> I suppose you could try @explode as well as @list.
Thanks. I was sure I had tried it with that but I will go back and
check.
--
Tom
--
PHP General Mailing List (http://www.php.net
On 24 Jan 2005 Richard Lynch wrote:
> Assuming you are authenticating them correctly so that a Bad Guy can't
> change the HTML out from under them, it seems reasonable to me -- Not much
> point to cross-site vandalism on one's own site, eh?
Exactly, that was my thought as well ...
--
Tom
--
PH
I am a consultant developing a PHP-based site (fully operational now,
we're adding some new features).
One thing I need to do is allow resellers of my client's services to
edit HTML which will then be used on the web pages their customers see.
In other words they get to customize the appearance
This construct:
list($v1, $v2, $v3) = explode($sep, $string, 3);
will generate NOTICE level errors if there are not enough parts of the
string to fill all the variables in the list. What I really want is
for list() to set the variables that have a corresponding array
element, and then
On 10 Apr 2004 Brian Dunning wrote:
> Check this out: I'm returning a list of the last 30 days, looping
> through i, subtracting it from $end_date where $end_date is 2004-04-10
> 00:00:00. I'm just trying to derive a timestamp $check_date for each
> iteration, like 1081321200. Here's the code w
On 5 Apr 2004 [EMAIL PROTECTED] wrote:
> When doing apachectl startssl I get:
>
> [Mon Apr 5 12:19:53 2004] [warn] Loaded DSO libexec/libphp4.so
> uses plain Apache 1.3 API, this module might crash under EAPI!
> (please recompile it with -DEAPI)
Sorry, I just realized there is a sep
Hi Folks ...
A small problem here ...
I just rebuilt Apache 1.3.29 with mod_ssl.
When doing apachectl startssl I get:
[Mon Apr 5 12:19:53 2004] [warn] Loaded DSO libexec/libphp4.so
uses plain Apache 1.3 API, this module might crash under EAPI!
(please recompile it with -DEAPI)
I r
On 4 Apr 2004 Andy B wrote:
> the next time i hit the "add guestbook" listing from the main screen,
> fill out the form with different values and submit it all the
> $HTTP_SESSION_VARS have the same values as the last add sequence...
There are two problems there. First, your session data is not
On 4 Apr 2004 Andy B wrote:
> how would you empty all the contents of $HTTP_SESSION_VARS when you
> dont need them anymore but still keep the current session running?
See http://www.php.net/manual/en/function.session-unset.php. That is
exactly what it does. That page also explains why unset()
On 4 Apr 2004 Randall Perry wrote:
> Solved my main problem. I was assuming that variables registered with
> $_SESSION were passed by reference. Apparently they're passed by value.
*Passing* by value or by reference has to do with function parameters,
not array values. However you can assign on
On 2 Apr 2004 Aidan Lister wrote:
> Wait until you have installed PHP5, then use the simplexml library.
I will shortly have the same questions about ways to parse XML, and I
can't use PHP 5 -- it's a production environment and the PTB are not
going to move to something that is that recently rel
On 22 Mar 2004 Andy B wrote:
> so the theory is: if i require that the session be named after the persons
> login name there is probably 1 out of 2 million chances that it will mess up
> the names and get confused (specially if there are only a few users
> allowed)...
If the login name is unique
On 23 Mar 2004 Michael Rasmussen wrote:
> The idea is exactly not to do any queries dynamically generated based on
> user input! In the rare cases where this is needed you should not
> allow any unparsed input.
There are some applications for which queries based on typed user input
are rare. B
On 21 Mar 2004 Chris Shiflett wrote:
> I would never argue that something is an absolute defense, but I would
> characterize my recommendation as a best practice.
Fair enough.
> > I agree with you that checking for valid characters is safer than
> > checking for malicious characters, but even t
On 21 Mar 2004 Chris Shiflett wrote:
> SQL injection vulnerabilities exist when you use data that the user gave
> you to create your SQL statement. So, anytime that this happens, simply
> make absolutely sure that the data you are using from the user fits a very
> specific format that you are expe
On 20 Mar 2004 Ben Ramsey wrote:
> I know how to run a PHP script as a cron job on a *nix machine. So,
> does anyone know how to use the Task Scheduler on Windows to do the
> same? Or is it even possible?
The fundamental idea is simple -- work out a command line from a
regular command prompt
On 20 Mar 2004 Jeff Oien wrote:
> How do I convert this
> 9/8/2001
> (which is Month/Day/Year)
> to this
> 20010908
> (YearMonthDay - with leading zeros)
How about:
--
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On 18 Mar 2004 Cameron B. Prince wrote:
> I'm saying I can't connect to another machine running 3.x or 4.x from PHP,
> but I can connect to either via the v4.x mysql command line client that's
> installed on the webserver with PHP.
OK, I get it. It certainly sounds like it could be a problem wit
On 18 Mar 2004 Cameron B. Prince wrote:
> I just finished doing that on a third machine that didn't have a previous
> MySQL installation. I installed the same version that the webserver has. I
> had the same results.
I'm losing track here -- are you saying you can't connect to another
machine ru
On 18 Mar 2004 Richard Davey wrote:
> Good question, but the answer is no - I don't believe you can. You
> could try passing the form name as a hidden form value? Or name your
> submit button accordingly?
I have done this with the Submit button but I find that the results
vary. If you click Sub
On 18 Mar 2004 Cameron B. Prince wrote:
> I'm sure this is good to know because it proves at least part of PHP can
> reach the other machine... Which hopefully rules out a TCP/IP problem. I'm
> going to enable debugging on the MySQL server and see if that tells me
> anything.
Ah, that's good. Th
On 18 Mar 2004 Richard Davey wrote:
> Nope, because in the only reference book I had to hand it said the ^
> matched the start of a string so it didn't occur to me to try it.
>
> Thanks to John I now know when used in a block it's no longer limited
> to the start of the string. The code you poste
On 18 Mar 2004 Louie Miranda wrote:
> On my website i massively use session. And often times the webserver is
> lacking resources to process more queries, and thats where all my
> applications are failing.
>
> I issue a destroy session at the end of my transaction, but some users dont
> end their
On 17 Mar 2004 Brent Westmoreland wrote:
> I too have questions on how to handle this situation, any help would be
> greatly appreciated.
[Situation was how to use a single database connection inside a class
nested within another class etc.]
If you have a single DB connection open for the enti
You might try an fsockopen() to port 3306 on the dbserver and see if it
works. If not, you get a reasonably descriptive error.
I just tried a couple of known servers and bogus addresses with this
code:
A server listening on that port produces:
resource(4) of type (stream)
string(0)
On 16 Mar 2004 Jeff Oien wrote:
> You have to basically go back and forth between two pages.
The site you mentioned does, but it is easy to refresh to the same page
-- just use your own URL. An empty URL also works -- I tried it in IE
6 and Mozilla 1.5; don't know if it works with other browse
On 17 Mar 2004 Tom Rogers wrote:
> The default lifetime for session cookies is until the browser is
> closed.
Of course.
> You can run multiple sessions as long as they are to different
> domains I think. I am pretty sure PHP can only handle 1 session per
> client but you could always roll yo
On 16 Mar 2004 Freddy Rodriguez wrote:
> Hay una lista en espaƱol para php?
(Is there a list in Spanish for PHP?)
Si hay. Mira http://www.php.net/mailing-lists.php y
http://news.php.net/group.php?group=php.general.es.
(Yes there is. See the two URLs above.)
--
Tom
--
PHP General Mailing Lis
On 17 Mar 2004 Mike Mapsnac wrote:
> I need to refresh page every 2 minutes. How that's can be done in
> PHP?
You can do it with a header. I think something this simple will work:
header("Refresh: 120");
or in the area:
print "\n";
If you want to refresh to an explicit URL
On 16 Mar 2004 [EMAIL PROTECTED] wrote:
> Sessions have to do with requests being sent by browsers to the web server. Each
> time
> you close all the windows of your browser on your computer and start the browser
> again, a new session is started. I suspect that since all your users are essenti
On 15 Mar 2004 Eric Gorr wrote:
> >which will have a value like:98797-234234--2c-something-2c
> >
> >How do I take out the part which will always start with "--2c" and will
> >always end with "-2c"
>
> I'd be interested in the answer to this question as well.
> Seems like it should be easy.
On 13 Mar 2004 Rasmus Lerdorf wrote:
> I think that is pretty clear. It says that it works but we do not
> consider it production quality.
OK, thanks. That is what I thought it meant but I wanted to be sure.
> As for whether your particular install will work? I have no idea. Maybe,
> maybe n
> So the current situation is that Apache2-prefork+PHP is a decent solution
> but it hasn't been tested a whole lot.
I am currently moving my app to an Apache 2 server. I did not build
the server (not my area of expertise) and don't know how how it was
built, but I can talk to the folks who d
On 12 Mar 2004 Elliot J. Balanza wrote:
> .
> $row_prefs = mysql_fetch_assoc($prefs);
> .
> while ($row_prefs = mysql_fetch_assoc($prefs)) {
> .
> and it works fine EXCEPT it wont show the first record of the query... any
> ideas why?
Yes ... see the two lines quoted above. Each tim
Is it possible that either $connect_id is not defined at the point
where you use it in the mysql_select_db call (e.g. it's global, the
call is in a function, and you forgot to use a global declaration),
and/or the previosuly opened connection has been closed?
What do you get if you do a var_dum
On 12 Mar 2004 Richard Davey wrote:
> It is, but if he hasn't modified it otherwise, that's what it'll be.
> Also for local development purposes, there is no harm in it.
Agreed, as long as he's not connected so someone can try to connect to
the MySQL port.
--
Tom
--
PHP General Mailing List (
On 12 Mar 2004 Richard Davey wrote:
> P> 1044: Access denied for user: '@localhost' to database 'mydatabase'
>
> You said that you use "apache" as the username for MySQL - is this
> something you've configured yourself?
It appears he is actually using a blank username as there is noting
before
Is the general wisdom that using strip_tags on input is sufficient to
protect against XSS vulnerabilities from that input? I have been doing
some reading on it but haven't found anything that suggests a
vulnerability that removing the tags in this way would not cure.
Are there multi-level enco
On 12 Mar 2004 Richard Davey wrote:
> Indeed.. roll-on input filters in PHP5 :)
Hmmm, can't find the docs on those online.
--
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
I am running on one Linux server which has PHP built statically; the
CLI and Apache modules are both over 5.5MB. On another where it is
built dynamically they are closer to 1.2MB.
Is there any data on the performance tradeoffs of static vs. dynamic
builds? I understand the factors (static eli
On 12 Mar 2004 Mike Mapsnac wrote:
> I try to use quotes in the query and this doesn't work.
>$query = "SELECT * FROM user WHERE user_id = '$_POST['user_id']}'";
> But you use brackets and it works.. Why do you use brackets ?
> $query = "SELECT * FROM user WHERE user_id = ${_POST['user_id']}";
On 11 Mar 2004 Chris Shiflett wrote:
> The risk is no greater than what the original poster wants to do anyway:
>
> $foo = $_POST['foo'];
>
> Whether $foo is created by register_globals being enabled or by the
> previous code, there is no difference in risk. The data should still be
> considered
On 11 Mar 2004 Rob Adams wrote:
> Along the same lines, I've found this helpful when inserting into mysql.
>
> foreach($_POST as $key => $val)
> $$key = mysql_escape_string($val);
I just wrote a cleanup routine which applies a number of
transformations -- it's called at the start of every pag
On 11 Mar 2004 Teren wrote:
> If you have register_globals on in your php.ini file, you don't need to do
> that. You just automatically have access to all of those variables like
> $username and $password etc. Whatever the name is on the field is what the
> string will be called and the action scr
On 11 Mar 2004 Mike Mapsnac wrote:
> I'm looking for "nice" way to get variables from POST?
Well you can do it easily with extract:
extract($_POST);
This has the same security risks as turning register_globals on, it
allows hackers to set any variable they wish.
A better method might
On 11 Mar 2004 Raditha Dissanayake wrote:
> print "Matches: " . preg_match('/((?i)rah)\s+\1/', "RAH RAH") . "\n";
> print "Matches: " . preg_match('/((?i)rah)\s+\1/', "rah rah") .
>
>
> is what you should use.
Oh. Of course -- I knew it was obvious! This also works:
pr
I must be missing something obvious ... I am trying to use
backreferences in a PCRE regexp to check for a repeated character, but
they don't seem to work. I've used regexps often before, but never
needed backreferences.
For example this:
print "Matches: " . preg_match("/(a)\1/", "aa"
On 10 Mar 2004 J J wrote:
> My problem is how do I recreate this in PHP to make
> sure any newly added records follow this same unique
> ID?
I haven't played much with these functions but I think for MySQL you'd
want something like this, for the state "XX" (excuse the wrapped
lines):
1 - 100 of 118 matches
Mail list logo
