I have a class for elements of an HTML form and a bunch of subclasses
for text box, radio, etc.
I need some utility functions which will be called by some of the
subclass implementations. These are utilities used within the class
only, they are not methods.
Is there a "best" way to implement
I am trying to build password authentication into a database front end
for a MySQL DB. I find the php docs on this point quite confusing so I
have a lot of questions.
I can use a one-way hash to do this if that's the best way, as I don't
need to retrieve the password. However if I could do so
On 23 Mar 2003 Justin French wrote:
> I just md5() the passwords, and reset them if needed... rather than
> retrieving. The advantage for me on this is that it's portable... md5() is
> part of the base PHP install, whereas the mcrypt stuff isn't (or wasn't).
Something like that was my inclinatio
On 23 Mar 2003 Justin French wrote:
> That's in the user notes... ignor it... md5() does not have to be salted...
> infact, you WANT the md5() to be static... because you will compare the
> md5()'d password in the database with the md5()'d password that they submit
> on a form.
Exactly. On this
On 22 Mar 2003 David Otton wrote:
> The thing that is most likely to trip you up is people who cut'n'paste
> from Word. High-ASCII characters can slip in like that, also some
> characters that are common in European languages (accents and umlauts).
> All of these need to be translated into HTML en
How does one delete an object? For example:
$object = new Class(...);
.
$object = new Class(...);
I want to throw away the old object and create a new, freshly
initialized one using the same variable. Is the above adequate or will
this orphan the first object? If
On 3 Apr 2003 CPT John W. Holmes wrote:
> No, $varname isn't created. You don't need it. You have a variable called
> $_SESSION['varname'], just use that where ever you need it (even within
> functions). If register_globals is on, you should be using the
> session_register() method, anyhow, not th
On 7 Feb 2005 Jochem Maas wrote:
> > IE, is their a way to get PHP to overwrite the memory
> > used by variables at the termination of a script?
>
> don't know about that but best not to accept the CCNs in the
> first place. let the user enter it at authorize.net.
I think this is an extraor
On 8 Feb 2005 Jochem Maas wrote:
> This was aimed at me. I personally wouldn't touch a CCN with a barge pole,
> I did say it was 'best' not to accept them at all, although accepting them and
> immediately passing them on via an SSL link (e.g. with cURL) is probably
> 'good enough' - at least, appa
On 8 Feb 2005 Jochem Maas wrote:
> don't agree - I'd rather be cautious on a hunch, especially given that I
> have no means to personally verify the risk other than in terms of total
> financial ruin if a real problem occurs even once. besides its a moot point
> there is no need to handle creditca
On 8 Feb 2005 Greg Donald wrote:
> It's pretty simple to scrub the data away.
>
> $cc = '1234123412341234';
>
> // do processing
>
> $cc = md5( time() );
This only works if PHP uses the same storage for both strings. If it
reallocates the storage, for example because the md5 result is longer
I have a form which is too long to be useful displayed on one page. I
have it broken up into 7 sections. All 7 are generated by the same PHP
source file, from data in a database.
When the user updates a section they can submit it and go to the next
section, or submit it and finish (return to
On 10 Feb 2005 Richard Lynch wrote:
> Perhaps you need to use http://php.net/reset
>
> You see, when you do foreach or each or any of those, there is an
> "internal" setting in the array that is altered to keep track of where you
> are. Kind of like a big "You are here" arrow inside the guts of
On 11 Feb 2005 Richard Lynch wrote:
> BAD: http://example.com/dynamic_pdf.php?record_id=1
> GOOD: http://example.com/dynamic_pdf.php/record_id=1/fool_ie.pdf
Just curious, how does IE screw up the first one?
--
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://
I have a multi-page form which I build up and store in session
variables. The data saved includes all an internal list of items on
the form (derived from a database table), all the form field specs
(derived from the internal item list), the data for the fields (from
another table), default dat
On 15 Feb 2005 Richard Lynch wrote:
> Throw an ab (Apache Benchmark) test at it and find out.
>
> Don't just guess or sit there wondering.
>
> You could run test in about the time it took to compose this email --
Perhaps if you are already familiar with ab, which I'm not ... and if
the server
On 15 Feb 2005 Greg Donald wrote:
> > If you have to choose between a meaningful variable name and performance
> > considerations, buy more hardware! :-)
> >
> > The cost you'll save in the long run for code maintenance will make it
> > worth it.
>
> Comments in the code make using short session
On 16 Feb 2005 Richard Lynch wrote:
> Use the exact same session stuff you have now and just dump the
> serialized data into SQL using the 5 functions for session handling.
Oh, OK, that's what you meant about the 5 functions. I am not sure of
the advantage to that, actually something I've alwa
On 2 Mar 2005 Erbacher Karl wrote:
> I'm not sure if this is even a PHP question, but I'm hoping someone can help
> me. I need to encipher data to be stored in a database and then I need to be
> able to decipher it to use it. I was thinking of using DES and I obtained a
> pair of keys, but I'm
On 4 Mar 2005 J. L. Marcelo Chaparro Bustos wrote:
> Hola, bueno acabo de incribirme el la lista y queria saber si alguno
> de ustedes tiene un manual PHP basico que me pueda enviar o decir
> donde poder bajarlo, para orientarme un poco. gracias
Translation: Hi, I just joined this list and I wan
On 7 Mar 2005 Jay Blanchard wrote:
> /t and /n do not work for HTML output. If you view the source of your
> HTML output you will see that the tabs and newlines are used properly.
> You will have to substitute an HTML equivalent.
The HTML equivalent would likely be tables -- but if he uses then
On 14 Mar 2005 Ross Hulford wrote:
> Does anyone know how to change the style of password boxes so when
> the characters are entered an asterisk appears rather that a smal
> circle?
It is determined by the browser and OS. I presume you are talking
about Windows XP, which is where I see that be
On 14 Mar 2005 Dotan Cohen wrote:
> change
>
>
> To:
>
This does not address the question. The OP saw small dots in the
password display, he wanted asterisks. That is not because he was
using type='text' but because he was already using type='password' and
the browser had a particular wa
For the basic logout, it's very easy.
Store a session variable which is the "last active time". Initialize
it to the current time when the user logs in.
Each time a page loads, start the session and check current time
against the last active time. If the difference is over the limit,
display
On 24 Mar 2005 Joshua Beall wrote:
> I realized that this sort of problem would always exist unless I had some
> sort of semaphore mechanism. Once a user has *started* a transaction, they
> need to be prevented from initiating a second transaction until the first
> transaction has been complet
On 25 Mar 2005 Joshua Beall wrote:
> P1: "Does token.status = 'locked' WHERE key=$key ?"
> P2: "Does token.status = 'locked' WHERE key=$key ?"
> P1: {Receives negative response}
> P2: {Receives negative response}
> P1: Updates token.status. = 'locked' WHERE key=$key
> P2: Updates token.status. = '
On 8 Apr 2005 Chris Bruce wrote:
> I need to be able to break out the tax, amount and type that were
> entered on each line of a form and then apply calculations and do
> database inserts on each. As you can see what I need is in sets of
> three denoted by the integer at the end (tax0, amount0,
On 9 Apr 2005 Andy Pieters wrote:
> It doesn't matter how you encrypt it.
>
> DO NOT STORE PASSWORDS ON USERS COMPUTER
>
> I hope that's clear enough.
A couple of people have stated this but I think it is incorrect. For
one thing the users themselves are very likely to store the password
the
On 9 Apr 2005 John Nichel wrote:
> While it is not absolute that you can't store passwords in a cookie, it
> is an absolute that you _shouldn't_
Sorry, I don't agree. There are very few absolute rules in software
development.
For sites accessing sensitive information or that allow spending mo
On 9 Apr 2005 Jason Wong wrote:
> > I might, depending on
> > the needs, store a hash code as others have suggested
>
> Why not in *all* cases?
Well, just because I'm not sure it is worth the effort. What is the
point of storing a hash code as a proxy (in the colloquial sense of the
word) fo
On 9 Apr 2005 Ryan A wrote:
> This certainly has turned out to be an interesting discussion.I
> usually send the info via sessions...how bad is that?
Well if you are using sessions it is worth thinking about session
security, for example:
http://shiflett.org/articles/the-truth-abou
On 11 Apr 2005 Richard Lynch wrote:
> > Well, just because I'm not sure it is worth the effort. What is the
> > point of storing a hash code as a proxy (in the colloquial sense of the
> > word) for an encrypted password if knowing the hash code gets you the
> > same access as knowing the password
On 12 Apr 2005 blackwater dev wrote:
> $good = "joh_'";
>
> // Let's check the good e-mail
> if (preg_match("/[a-z0-9]/", $good)) {
> echo "Good";
> } else {
> echo "Bad";
> }
>
> This returns Good, why?
That regex matches any string which contains at least one (lowercase)
lett
On 11 Apr 2005 Chris Shiflett wrote:
> > > DO NOT STORE PASSWORDS ON USERS COMPUTER
> >
> > A couple of people have stated this but I think it is incorrect.
>
> Please refrain from such speculation, because it does nothing to improve
> the state of security within our community. This idea of st
On 15 Apr 2005 Tom Rogers wrote:
> BD> a. Must contain an 1 uppercase letter. [A-Z]
> BD> b. Must contain 1 digit. [0-9]
> BD> c. Must be a minimum of 7 characters in length. {7}
>
> BD> I'm not sure of how to build the correct syntax for using all 3
> BD> requirements together.
> easier done se
On 13 Apr 2005 Richard Lynch wrote:
> I have what I consider a MINIMUM standard level of security for any site
> that asks for a password.
>
> That would include:
> Not storing the password *ANYWHERE* in clear-text.
> Not in database.
> Not in $_SESSION
> Not in COOKIES
Agreed. I see less
On 14 Apr 2005 Chris Shiflett wrote:
> When a user enters a credit card number, there may likely be a
> verification step before the actual purchase is made. It's better to
> keep this number on the server (in the session data store) than to
> unnecessarily expose it over the Internet again (SS
On 16 Apr 2005 Ryan A wrote:
> eg: if they pick white I need the heading to be black and vice
> versa...any way to do this?
Well it depends what you mean by "opposite", but as a starting approach
I would try simply complementing the bits in the RGB value:
$opposite_color = $original_co
Here is a little code that shows the "web-safe" colors and their
"opposites" using the algorithm I described in the previous message:
");
print("\n");
print("Color\n");
print("Color swatch\n");
print("'Opposite' swatch\n");
print("'Opposite' color\n"
On 16 Apr 2005 Khorosh Irani wrote:
> How I can find it in phpinfo() ?
Another (simpler) approach is:
echo php_sapi_name();
which will return 'cli', 'cgi', etc.
--
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On 16 Apr 2005 Chris Knipe wrote:
> I'm not sure if round() is what I am after. I want to round whole numbers
> to the closest 10 - thus, not decimals, etc.
Just use a precision of -1. For example round(125, -1) will return
130.
--
Tom
--
PHP General Mailing List (http://www.php.net/)
To u
On 17 Apr 2005 W Luke wrote:
> I have about 200 records in a table, and I need to update 2 of the
> fields. The first is easy, but the second contains a list of keywords
> all separated by spaces; I need to replace the spaces with commas. Is
> this something I can do with some clever SQL, or sha
On 18 Apr 2005 Proudly Pinoy wrote:
> I've read from php.net/setcookie and codecomments.com that using
> localhost won't work with cookies and neither are IP addresses. So
> how do I test cookies on local system?
Hmmm, this works just fine for me -- I do it all the time. I tend to
do it with a
On 21 Apr 2005 Jason Barnett wrote:
> Any information that you wouldn't want in the script in plain text, you
> probably don't want in the database in clear text. Moreover MD5 is a
> one way hash and although it is broken, you probably don't want to spend
> the processing time needed to reverse i
On 21 Apr 2005 M Saleh EG wrote:
> It's simple.
> If your system supports it performance wise.
> Grab the id and compare it against the md5 version of the id saved in the
> cookie.
Actually I think the discussion was about reversing the MD5 to get back
the original message -- not about co
On 21 Apr 2005 Greg Donald wrote:
> > Same thing with MD5, it
> > is just one way, it can't be reversed.
>
> MD5 collisions were found last year:
> http://cryptography.hyperlink.cz/md5/MD5_collisions.pdf
>
> Just a matter of time/cpu power.
I don't think that's right. Collisions allow certain
> > It's more like a theoretical "hole" that may some day prove to be the
> > first step in a long long long process of understanding something that
> > might maybe some day yield a way to de-crypt MD5.
>
> That's exactly my point.
>
> It's similar to how a local root exploit sometimes evolves in
On 8 May 2005 Evert | Rooftop Solutions wrote:
> What I really need is a fast lookup mechanism, to 'translate'
> statements.
>
> For example:
>
> setOutputType('xhtml');
> echo(translate('authorstart'));
>
> the function translate opens xhtml.data, which contains:
>
> authorstart :
> authore
[Note that I changed the thread title to reflect that this isn't really
about templating.]
> Yes I thought of this, but in my case a flat file would be better. The
> same problem applies though:
> [quote]
> This is all no problem, except that these lists can be pretty big. And I
> wouldn't like
On 10 Apr 2004 Brian Dunning wrote:
> Check this out: I'm returning a list of the last 30 days, looping
> through i, subtracting it from $end_date where $end_date is 2004-04-10
> 00:00:00. I'm just trying to derive a timestamp $check_date for each
> iteration, like 1081321200. Here's the code w
I am trying to find a reliable method to clean out all session
variables and start clean.
Running PHP 4.3.1 on Win2K developing a web app to run on Linux.
Session cookies are enabled, register globals is off. I access all
session variables with $_SESSION.
What I have found is that if I use u
On 27 Jan 2004 Stuart wrote:
> > I am trying to find a reliable method to clean out all session
> > variables and start clean.
>
> http://php.net/session_destroy
That destroys the file but (at least the docs say) does not clean out
the global variables, and does not seem to work in my example.
On 27 Jan 2004 Stuart wrote:
> In that case, try this...
>
> foreach (array_keys($_SESSION) as $key)
> unset($_SESSION[$key]);
Yes, I had tried that but forgot to mention it. It does work.
However, I'm still mystified as to why unset($_SESSION) not only
doesn't remove old data from the s
> > Shouldn't unset($_SESSION) work?
>
> No. The following Caution appears in the manual (at
> http://www.php.net/manual/en/ref.session.php#session.examples):
>
> Caution Do NOT unset the whole $_SESSION with unset($_SESSION) as
> this will disable the registering of session variables through t
On 8 Mar 2004 Phil Ewington - 43 Plc wrote:
> Can anyone tell me the best way to avoid errors using fsockopen(). I have
> tried wrapping the function call in a conditional statement, and have also
> tried calling the function and then testing the return.
Here's an approach I have used to avoid an
On 8 Mar 2004 Tim Traver wrote:
> I sent a new session ID with the link to the new window like this :
>
>
>
> but all it does is change the current session id to the new one, so if I go
> back to the main window, it carries the new session into it.
I think this is trickier than it sounds. Ca
On 8 Mar 2004 Adam Reiswig wrote:
> Normally, the two emails would end up in the same pop account but don't
> seem to be when I use the above script. If I send to one or the other
> they receive appropriately, but if I send to both at the same time, I
> only receive one email, not both. If anyon
On 9 Mar 2004 Richard Davey wrote:
> $x ? xxx : xxx
>
> But it makes your code less readable IMHO and offers no tangible
> benefit whatsoever.
Ah, to each his/her own I guess ... I actually find:
$value = ($condition ? $val1 : $val2);
easier to read than:
if ($condition)
On 10 Mar 2004 dmesg wrote:
> How can i tell fsockopen() to skip to echo this warnings?
Here's a repeat of something I just posted the other day on this ...
Here's an approach I have used to avoid any error messages at all --
presumably you could also set a flag in the error handler to indicate
On 10 Mar 2004 Robert Cummings wrote:
> Overhead is minimal since PHP doesn't actually copy the contents of the
> container until an attempt to modify it is made. At which time the
> contents are only actually copied if the internal reference count is
> greater than 0. Generally this means it won'
On 10 Mar 2004 Henry Grech-Cini wrote:
> My question is are there problems with:
>
> header("Location: ".$url[$index]);
> ?>
As long as no other headers have been sent that should work fine.
Location: is the standard method for redirection -- I'm not aware of
any circumstances in which it wo
On 10 Mar 2004 J J wrote:
> My problem is how do I recreate this in PHP to make
> sure any newly added records follow this same unique
> ID?
I haven't played much with these functions but I think for MySQL you'd
want something like this, for the state "XX" (excuse the wrapped
lines):
I must be missing something obvious ... I am trying to use
backreferences in a PCRE regexp to check for a repeated character, but
they don't seem to work. I've used regexps often before, but never
needed backreferences.
For example this:
print "Matches: " . preg_match("/(a)\1/", "aa"
On 11 Mar 2004 Raditha Dissanayake wrote:
> print "Matches: " . preg_match('/((?i)rah)\s+\1/', "RAH RAH") . "\n";
> print "Matches: " . preg_match('/((?i)rah)\s+\1/', "rah rah") .
>
>
> is what you should use.
Oh. Of course -- I knew it was obvious! This also works:
pr
On 11 Mar 2004 Mike Mapsnac wrote:
> I'm looking for "nice" way to get variables from POST?
Well you can do it easily with extract:
extract($_POST);
This has the same security risks as turning register_globals on, it
allows hackers to set any variable they wish.
A better method might
On 11 Mar 2004 Teren wrote:
> If you have register_globals on in your php.ini file, you don't need to do
> that. You just automatically have access to all of those variables like
> $username and $password etc. Whatever the name is on the field is what the
> string will be called and the action scr
On 11 Mar 2004 Rob Adams wrote:
> Along the same lines, I've found this helpful when inserting into mysql.
>
> foreach($_POST as $key => $val)
> $$key = mysql_escape_string($val);
I just wrote a cleanup routine which applies a number of
transformations -- it's called at the start of every pag
On 11 Mar 2004 Chris Shiflett wrote:
> The risk is no greater than what the original poster wants to do anyway:
>
> $foo = $_POST['foo'];
>
> Whether $foo is created by register_globals being enabled or by the
> previous code, there is no difference in risk. The data should still be
> considered
On 12 Mar 2004 Mike Mapsnac wrote:
> I try to use quotes in the query and this doesn't work.
>$query = "SELECT * FROM user WHERE user_id = '$_POST['user_id']}'";
> But you use brackets and it works.. Why do you use brackets ?
> $query = "SELECT * FROM user WHERE user_id = ${_POST['user_id']}";
I am running on one Linux server which has PHP built statically; the
CLI and Apache modules are both over 5.5MB. On another where it is
built dynamically they are closer to 1.2MB.
Is there any data on the performance tradeoffs of static vs. dynamic
builds? I understand the factors (static eli
On 12 Mar 2004 Richard Davey wrote:
> Indeed.. roll-on input filters in PHP5 :)
Hmmm, can't find the docs on those online.
--
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Is the general wisdom that using strip_tags on input is sufficient to
protect against XSS vulnerabilities from that input? I have been doing
some reading on it but haven't found anything that suggests a
vulnerability that removing the tags in this way would not cure.
Are there multi-level enco
On 12 Mar 2004 Richard Davey wrote:
> P> 1044: Access denied for user: '@localhost' to database 'mydatabase'
>
> You said that you use "apache" as the username for MySQL - is this
> something you've configured yourself?
It appears he is actually using a blank username as there is noting
before
On 12 Mar 2004 Richard Davey wrote:
> It is, but if he hasn't modified it otherwise, that's what it'll be.
> Also for local development purposes, there is no harm in it.
Agreed, as long as he's not connected so someone can try to connect to
the MySQL port.
--
Tom
--
PHP General Mailing List (
Is it possible that either $connect_id is not defined at the point
where you use it in the mysql_select_db call (e.g. it's global, the
call is in a function, and you forgot to use a global declaration),
and/or the previosuly opened connection has been closed?
What do you get if you do a var_dum
On 12 Mar 2004 Elliot J. Balanza wrote:
> .
> $row_prefs = mysql_fetch_assoc($prefs);
> .
> while ($row_prefs = mysql_fetch_assoc($prefs)) {
> .
> and it works fine EXCEPT it wont show the first record of the query... any
> ideas why?
Yes ... see the two lines quoted above. Each tim
> So the current situation is that Apache2-prefork+PHP is a decent solution
> but it hasn't been tested a whole lot.
I am currently moving my app to an Apache 2 server. I did not build
the server (not my area of expertise) and don't know how how it was
built, but I can talk to the folks who d
On 13 Mar 2004 Rasmus Lerdorf wrote:
> I think that is pretty clear. It says that it works but we do not
> consider it production quality.
OK, thanks. That is what I thought it meant but I wanted to be sure.
> As for whether your particular install will work? I have no idea. Maybe,
> maybe n
On 15 Mar 2004 Eric Gorr wrote:
> >which will have a value like:98797-234234--2c-something-2c
> >
> >How do I take out the part which will always start with "--2c" and will
> >always end with "-2c"
>
> I'd be interested in the answer to this question as well.
> Seems like it should be easy.
On 16 Mar 2004 [EMAIL PROTECTED] wrote:
> Sessions have to do with requests being sent by browsers to the web server. Each
> time
> you close all the windows of your browser on your computer and start the browser
> again, a new session is started. I suspect that since all your users are essenti
On 17 Mar 2004 Mike Mapsnac wrote:
> I need to refresh page every 2 minutes. How that's can be done in
> PHP?
You can do it with a header. I think something this simple will work:
header("Refresh: 120");
or in the area:
print "\n";
If you want to refresh to an explicit URL
On 16 Mar 2004 Freddy Rodriguez wrote:
> Hay una lista en espaƱol para php?
(Is there a list in Spanish for PHP?)
Si hay. Mira http://www.php.net/mailing-lists.php y
http://news.php.net/group.php?group=php.general.es.
(Yes there is. See the two URLs above.)
--
Tom
--
PHP General Mailing Lis
On 17 Mar 2004 Tom Rogers wrote:
> The default lifetime for session cookies is until the browser is
> closed.
Of course.
> You can run multiple sessions as long as they are to different
> domains I think. I am pretty sure PHP can only handle 1 session per
> client but you could always roll yo
On 16 Mar 2004 Jeff Oien wrote:
> You have to basically go back and forth between two pages.
The site you mentioned does, but it is easy to refresh to the same page
-- just use your own URL. An empty URL also works -- I tried it in IE
6 and Mozilla 1.5; don't know if it works with other browse
You might try an fsockopen() to port 3306 on the dbserver and see if it
works. If not, you get a reasonably descriptive error.
I just tried a couple of known servers and bogus addresses with this
code:
A server listening on that port produces:
resource(4) of type (stream)
string(0)
On 17 Mar 2004 Brent Westmoreland wrote:
> I too have questions on how to handle this situation, any help would be
> greatly appreciated.
[Situation was how to use a single database connection inside a class
nested within another class etc.]
If you have a single DB connection open for the enti
On 18 Mar 2004 Louie Miranda wrote:
> On my website i massively use session. And often times the webserver is
> lacking resources to process more queries, and thats where all my
> applications are failing.
>
> I issue a destroy session at the end of my transaction, but some users dont
> end their
On 18 Mar 2004 Richard Davey wrote:
> Nope, because in the only reference book I had to hand it said the ^
> matched the start of a string so it didn't occur to me to try it.
>
> Thanks to John I now know when used in a block it's no longer limited
> to the start of the string. The code you poste
On 18 Mar 2004 Cameron B. Prince wrote:
> I'm sure this is good to know because it proves at least part of PHP can
> reach the other machine... Which hopefully rules out a TCP/IP problem. I'm
> going to enable debugging on the MySQL server and see if that tells me
> anything.
Ah, that's good. Th
On 18 Mar 2004 Richard Davey wrote:
> Good question, but the answer is no - I don't believe you can. You
> could try passing the form name as a hidden form value? Or name your
> submit button accordingly?
I have done this with the Submit button but I find that the results
vary. If you click Sub
On 18 Mar 2004 Cameron B. Prince wrote:
> I just finished doing that on a third machine that didn't have a previous
> MySQL installation. I installed the same version that the webserver has. I
> had the same results.
I'm losing track here -- are you saying you can't connect to another
machine ru
On 18 Mar 2004 Cameron B. Prince wrote:
> I'm saying I can't connect to another machine running 3.x or 4.x from PHP,
> but I can connect to either via the v4.x mysql command line client that's
> installed on the webserver with PHP.
OK, I get it. It certainly sounds like it could be a problem wit
On 20 Mar 2004 Jeff Oien wrote:
> How do I convert this
> 9/8/2001
> (which is Month/Day/Year)
> to this
> 20010908
> (YearMonthDay - with leading zeros)
How about:
--
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On 20 Mar 2004 Ben Ramsey wrote:
> I know how to run a PHP script as a cron job on a *nix machine. So,
> does anyone know how to use the Task Scheduler on Windows to do the
> same? Or is it even possible?
The fundamental idea is simple -- work out a command line from a
regular command prompt
On 21 Mar 2004 Chris Shiflett wrote:
> SQL injection vulnerabilities exist when you use data that the user gave
> you to create your SQL statement. So, anytime that this happens, simply
> make absolutely sure that the data you are using from the user fits a very
> specific format that you are expe
On 21 Mar 2004 Chris Shiflett wrote:
> I would never argue that something is an absolute defense, but I would
> characterize my recommendation as a best practice.
Fair enough.
> > I agree with you that checking for valid characters is safer than
> > checking for malicious characters, but even t
On 23 Mar 2004 Michael Rasmussen wrote:
> The idea is exactly not to do any queries dynamically generated based on
> user input! In the rare cases where this is needed you should not
> allow any unparsed input.
There are some applications for which queries based on typed user input
are rare. B
On 22 Mar 2004 Andy B wrote:
> so the theory is: if i require that the session be named after the persons
> login name there is probably 1 out of 2 million chances that it will mess up
> the names and get confused (specially if there are only a few users
> allowed)...
If the login name is unique
On 2 Apr 2004 Aidan Lister wrote:
> Wait until you have installed PHP5, then use the simplexml library.
I will shortly have the same questions about ways to parse XML, and I
can't use PHP 5 -- it's a production environment and the PTB are not
going to move to something that is that recently rel
On 4 Apr 2004 Randall Perry wrote:
> Solved my main problem. I was assuming that variables registered with
> $_SESSION were passed by reference. Apparently they're passed by value.
*Passing* by value or by reference has to do with function parameters,
not array values. However you can assign on
1 - 100 of 118 matches
Mail list logo
