php-general Digest 14 Jan 2009 15:27:52 -0000 Issue 5901
php-general Digest 14 Jan 2009 15:27:52 - Issue 5901 Topics (messages 286293 through 286314): Re: Suggestions? 286293 by: Phpster Re: PHP, Smarty, and Text 286294 by: Phpster 286299 by: Daniel Kolbo 286301 by: Robert Cummings 286310 by: Phpster php.ini 286295 by: gishaust 286303 by: Thodoris 286305 by: Stuart Re: php session GC error 286296 by: Chris Re: RewriteRules 286297 by: Eric Butera problem using crypt() without a salt 286298 by: port23user 286304 by: Thodoris 286307 by: port23user Re: Holy crap 286300 by: Robert Cummings Re: iconv is messing up a spreadsheet generated by the Spreadsheet Excel Writer 286302 by: Thodoris 286308 by: Nisse Engström 286309 by: Thodoris Re: Can I make EasyPHP on Windows allow remote connections? 286306 by: clive ArrayObject - Posibillity to add key = value pair per default? 286311 by: Edmund Hertle 286313 by: Edgar da Silva (Fly2k) 286314 by: Nathan Nobbe Re: PHP unlink Permission Error 286312 by: Alice Wei Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- I have a fiscal calendar table that I use for the same thing, storing the date, day of the week and a column indicating whether the day is a weekday, a weekend or a holiday. This allows me flexibility to also use the table to set business shutdowns as a holiday. A simple date query can return the number of holidays/weekends to do the business day calculation. Bastien Sent from my iPod On Jan 13, 2009, at 2:28 PM, Dan Shirah mrsqua...@gmail.com wrote: On Tue, Jan 13, 2009 at 2:14 PM, c...@l-i-e.com wrote: Hard to say without knowing the data structures... You can't do a simple count of the holidays and add that, because you might end up with yet another holiday in the result. Start at 12/23 and want to add 6 business days. You find 1 holiday in between, so you add 7 business days and end up on New Year's Day, a non-business day. 12/23 12/24 12/25 X 12/26 12/27 12/28 12/29 12/30 12/31 01/01 X I think MySQL has built-in holiday / work day calculations, come to think of it... Exactly, ceo! That's why I'm thinking of creating the array and then running a foreach() loop on the array. $day = date(w); $today = date(m-d-Y); if ($day == 4 || $day == 5) { $two_day = mktime(0, 0, 0, date(m), date(d)+4, date(Y)); $two_day = date(m-d-Y, $two_day); } else { $two_day = mktime(0, 0, 0, date(m), date(d)+2, date(Y)); $two_day = date(m-d-Y, $two_day); } foreach ($holiday as $h) { if ($h = $today $h = $two_day) { $two_day = mktime(0, 0, 0, date(m, $two_day), date(d, $two_day)+1, date(Y, $two_day)); $two_day = date(m-d-Y, $two_day); } } That should add a day for each instance of a holiday that falls between the dates, right? ---End Message--- ---BeginMessage--- What about stripping out all the 'nuances' and just reducing it to just the text where you then control the display and using your templates and css? Bastien Sent from my iPod On Jan 13, 2009, at 9:49 PM, Daniel Kolbo kolb0...@umn.edu wrote: Hello, I've been using PHP and Smarty for several years now and I am happy with this division of data from presentation. With this philosophy in mind, i am a bit perplexed as to how to handle the text on my sites. That is, the text is data, so i am motivated to store the text in a database, files, or the like, but then text is loaded with little markup nuances (random italics/weight/colors, etc...) that make template design rather ugly. This motivates me to put markup (maybe even my own brand of markup) around the text, and to store this markup-text combination in a database. But I don't like this either, because a lot of the people writing the content/ text know word/writer not markup. So i am motivated to have them save their text as .html, and I parse this file and modify accordingly. However, i don't like this either as not all word/ writer styles are 1-to-1 with CSS. Without any options I am back to thinking hard code the text with markup in included templates, but it hurts just thinking of updating/modifying. I have looked (briefly) at Web Content Management Systems, but this seems like overkill really, maybe i'm ignorant. What would the community suggest? The text can take on many forms, introduction text, about text, product information, articles, blurbs, (some changes daily, some doesn't) etc...where does all this text live in 'properly' designed site. Thanks in advance, dK ---End Message--- ---BeginMessage--- Phpster wrote:
Re: [PHP] Re: iconv is messing up a spreadsheet generated by the Spreadsheet Excel Writer
On Tue, 13 Jan 2009 15:51:01 +0200, Thodoris wrote: Hi gang, I am generating a spreadsheet using the contents of a mysql table. I guess that there is something in the data that causes iconv used in the module's script to generate this error: *Notice*: iconv() [function.iconv file:///C:/Documents%20and%20Settings/tgol/Local%20Settings/Temp/function.iconv]: Detected an incomplete multibyte character in input string in */usr/local/share/pear/Spreadsheet/Excel/Writer/Worksheet.php* on line *1547* This causes the production of weird characters in a cell in the spreadsheet and after that cell everything is printed out of order. The data in the mysql table are filtered for non-printable character before the data import. What data goes into that cell? I am selecting from a mysql table where only text and numeric data exist. Can you provide a hex dump of the data? I am no sure how to do that in that case :-( . How do you filter the data? The data are being filtered by stripping all the non-printable characters and by form validation using regxp. How do you write it to the worksheet? Using the pear extension Spreadsheet_Excel_Wrtiter. What character encoding did you set? UTF-8 /Nisse -- Thodoris
Re: [PHP] php.ini
hi php lovers, I have a debian lamp stack and I want to use php to send a form to my email server Do you mean that you need to send a mail directly from a web form? If that is the case check this out: http://www.w3schools.com/tags/tryit.asp?filename=tryhtml_form_mail Doesn't even need php. that is on the same network. Someone suggested to me why don't i use php.ini mail function. But it says in the php.ini file for win 32 only. What did you find in php.ini that works only for windowz? Does anyone know how I can get php to direct my forms request across the network to the email server? I am not sure what you mean by that... gishaust -- Thodoris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem using crypt() without a salt
I have a problem with using crypt(), passing only one parameter (ie, no salt). When I do that, I get an empty string. When I do use a salt, it returns the expected value. Does anybody have any ideas what might be causing my problem? It only happens when I run it on my linux server, but not when I run it on my Windows dev machine. Thanks in advance. I am not sure what exactly is the problem. But check this from the manual: If no salt is provided, PHP will auto-generate a standard two character salt by default, unless the default encryption type on the system is MD5, in which case a random MD5-compatible salt is generated. http://gr2.php.net/manual/en/function.crypt.php Perhaps your PHP compilation or the package are broken. -- Thodoris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php.ini
2009/1/14 Thodoris t...@kinetix.gr: hi php lovers, I have a debian lamp stack and I want to use php to send a form to my email server Do you mean that you need to send a mail directly from a web form? If that is the case check this out: http://www.w3schools.com/tags/tryit.asp?filename=tryhtml_form_mail Doesn't even need php. But it does require the user to have an email client set up which is not necessarily the case. that is on the same network. Someone suggested to me why don't i use php.ini mail function. But it says in the php.ini file for win 32 only. What did you find in php.ini that works only for windowz? The SMTP host only works on Windows. Does anyone know how I can get php to direct my forms request across the network to the email server? I am not sure what you mean by that... They mean not using sendmail but instead talking SMTP with a remote mail server. I believe PHPMailer supports this - check it out... http://phpmailer.codeworxtech.com/ -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Can I make EasyPHP on Windows allow remote connections?
Rahul wrote: I have EasyPHP installed on my Windows system and can connect to the php+mysql using localhost in the browser but I was wondering if I can connect to this computer (which is at my office) from my home. I have a web address alloted to my computer at office. If that 'web address' is a public ip address or uri then it should not be a problem, otherwise your going to need to configure the internet gateway at work to route http (or any other port you choose) to your desktop at work, this is not a php question by the way, best to brush up on your network knowledge. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem using crypt() without a salt
I figured out that I was running an older version of Suhosin. Apparently this bug is fixed in Suhosin version 0.9.23 . I upgraded and everything works great now. Thanks for the help. Thodoris wrote: If no salt is provided, PHP will auto-generate a standard two character salt by default, unless the default encryption type on the system is MD5, in which case a random MD5-compatible salt is generated. http://gr2.php.net/manual/en/function.crypt.php Perhaps your PHP compilation or the package are broken. -- Thodoris -- View this message in context: http://www.nabble.com/problem-using-crypt%28%29-without-a-salt-tp21449541p21453524.html Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: iconv is messing up a spreadsheet generated by the Spreadsheet Excel Writer
On Wed, 14 Jan 2009 11:33:25 +0200, Thodoris wrote: On Tue, 13 Jan 2009 15:51:01 +0200, Thodoris wrote: Hi gang, I am generating a spreadsheet using the contents of a mysql table. I guess that there is something in the data that causes iconv used in the module's script to generate this error: *Notice*: iconv() [function.iconv file:///C:/Documents%20and%20Settings/tgol/Local%20Settings/Temp/function.iconv]: Detected an incomplete multibyte character in input string in */usr/local/share/pear/Spreadsheet/Excel/Writer/Worksheet.php* on line *1547* This causes the production of weird characters in a cell in the spreadsheet and after that cell everything is printed out of order. The data in the mysql table are filtered for non-printable character before the data import. What data goes into that cell? I am selecting from a mysql table where only text and numeric data exist. Can you provide a hex dump of the data? I am no sure how to do that in that case :-( . ?php echo bin2hex ($theData), \n; ? What's the output of: SHOW VARIABLES LIKE 'character_set%' What's the character set of the column you get the data from? /Nisse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: iconv is messing up a spreadsheet generated by the Spreadsheet Excel Writer
?php echo bin2hex ($theData), \n; ? What's the output of: SHOW VARIABLES LIKE 'character_set%' Variable_name Value character_set_clientutf8 character_set_connectionutf8 character_set_database latin1 character_set_filesystembinary character_set_results utf8 character_set_serverlatin1 character_set_systemutf8 What's the character set of the column you get the data from? The charset: latin1 and the collation: latin1_swedish_ci. /Nisse -- Thodoris
Re: [PHP] PHP, Smarty, and Text
Only allow a few markup tags, strip_tags() allows a limited lIst to be kept Bastien Sent from my iPod On Jan 13, 2009, at 11:18 PM, Daniel Kolbo kolb0...@umn.edu wrote: Phpster wrote: What about stripping out all the 'nuances' and just reducing it to just the text where you then control the display and using your templates and css? Bastien Sent from my iPod On Jan 13, 2009, at 9:49 PM, Daniel Kolbo kolb0...@umn.edu wrote: Hello, I've been using PHP and Smarty for several years now and I am happy with this division of data from presentation. With this philosophy in mind, i am a bit perplexed as to how to handle the text on my sites. That is, the text is data, so i am motivated to store the text in a database, files, or the like, but then text is loaded with little markup nuances (random italics/weight/colors, etc...) that make template design rather ugly. This motivates me to put markup (maybe even my own brand of markup) around the text, and to store this markup-text combination in a database. But I don't like this either, because a lot of the people writing the content/text know word/writer not markup. So i am motivated to have them save their text as .html, and I parse this file and modify accordingly. However, i don't like this either as not all word/writer styles are 1-to-1 with CSS. Without any options I am back to thinking hard code the text with markup in included templates, but it hurts just thinking of updating/modifying. I have looked (briefly) at Web Content Management Systems, but this seems like overkill really, maybe i'm ignorant. What would the community suggest? The text can take on many forms, introduction text, about text, product information, articles, blurbs, (some changes daily, some doesn't) etc...where does all this text live in 'properly' designed site. Thanks in advance, dK Hello Bastien, The difficulty with implementing your suggestions is that say in a paragraph of text that has random bold or italics (etc...) (as determined by the one drafting the text), how would i recover these bold/italics if i remove them? dK
[PHP] ArrayObject - Posibillity to add key = value pair per default?
Hey, I've just discovered the ArrayObject class, but it seems to not be well documented, so here is my problem: You can use ArrayObject::append() to add a new value to the array, but is there also a method to add a new key and value? And I know that I could extend the class and write my own method but isn't this quite a base method for arrays in php? So maybe I just missed a obvious point? Quick example: Without ArrayObject: 1. $array[] = $value 2. $array[$key] = $value With ArrayObject: 1. $arrayObject-append($value) 2. ??? -eddy
RE: [PHP] PHP unlink Permission Error
Subject: RE: [PHP] PHP unlink Permission Error From: a...@ashleysheridan.co.uk To: aj...@alumni.iu.edu CC: php-general@lists.php.net Date: Tue, 13 Jan 2009 17:07:34 + On Tue, 2009-01-13 at 11:49 -0500, Alice Wei wrote: Subject: RE: [PHP] PHP unlink Permission Error From: a...@ashleysheridan.co.uk To: aj...@alumni.iu.edu CC: php-general@lists.php.net Date: Tue, 13 Jan 2009 16:50:31 + On Tue, 2009-01-13 at 11:33 -0500, Alice Wei wrote:Hi, Ashley:Sorry. To answer the question from your previous entry, it lookslike that my permission could be set and changed for the folder, butwhen I do it on the file, I only get 0666. I have the latest code onanother entry. Thanks a lot for your help.Alice Alice WeiIndiana University, Master of Information ScienceApplication Programmer ProCure Treatment Centers, Inc.420 N. Walnut St.Bloomington, IN 47404812-330-6644 (office)812-219-5708 (mobile) alice@procurecenters.com(email) http://www.procurecenters.com/index.php (web) __ Subject: RE: [PHP] PHP unlink Permission ErrorFrom: a...@ashleysheridan.co.ukTo: aj...@alumni.iu.eduCC: php-general@lists.php.netDate: Tue, 13 Jan 2009 16:36:36 + snip/No, we tend to bottom-post on this list. It's just how we roll...Ash www.ashleysheridan.co.uk __ Check the weather nationwide with MSN Search Try it now! The user that your web server is running under (I'm guessing apache of wwwrun) , does this have permission to write to the file. If not, it won't be able to set the permissions for it. You may need to exec out a sudo command to do it, but I wouldn't recommend this. If you need PHP to be able to delete the file, what put it there in the first place? Ash www.ashleysheridan.co.uk What I am trying to do here is that a user would be pushing a button so that the data entries would generate an outfile. The only issue is that the lines would be appended in the file, (I have no issues with this part writing to the file, no permission errors, etc). Therefore, before the outfile is generated, I need to have the prexisting outfile removed and recreated to be written to so that it always stays a new file for use. This is why this script as you have seen is as it is so that I can constantly check if the file exists, and generate a new file if there is. In this case, is there something I could do? Thanks in advance. Alice __ All-in-one security and maintenance for your PC. Get a free 90-day trial! Learn more! If your script is writing to the file, and the directory has 777 permissions, then there should be no trouble deleting the file. If that's still a problem, why not each time the file needs to be created anew, open the file with a w flag, which will open it for writing, and will try to create the file if it doesn't already exist, so you wouldn't ever need to delete it at all. Ash www.ashleysheridan.co.uk Hi, It is weird, because what is on my code for appending and writing looks like this: $myFile = testFile.txt; $fh = fopen($myFile, 'a'); fwrite($fh, $hello); fwrite($fh, \r\n); fclose($fh); The file itself gets executed continuously based on the number I have on the loop. And, my file for creating the file, I have shortened it to only 2 lines: $handle = fopen(testFile.txt, w); fclose($handle); What is interesting is that the files seem to be working, but the file keeps on getting appended rather than recreated when the my code to w the file get executed. I am using this with Actionscript, which calls the first function to open and write the file (or clean up the file), and then do whatever is needed in the second function to append the text to the file. Am I doing anything wrong here? Thanks in advance. _ Use Messenger to talk to your IM friends, even those on Yahoo! http://ideas.live.com/programpage.aspx?versionId=7adb59de-a857-45ba-81cc-685ee3e858fe
Re: [PHP] ArrayObject - Posibillity to add key = value pair per default?
Did you try: $a = new ArrayObject; $a['sometest'] = 'somevalue'; ? On Wed, Jan 14, 2009 at 10:42 AM, Edmund Hertle farn...@googlemail.com wrote: Hey, I've just discovered the ArrayObject class, but it seems to not be well documented, so here is my problem: You can use ArrayObject::append() to add a new value to the array, but is there also a method to add a new key and value? And I know that I could extend the class and write my own method but isn't this quite a base method for arrays in php? So maybe I just missed a obvious point? Quick example: Without ArrayObject: 1. $array[] = $value 2. $array[$key] = $value With ArrayObject: 1. $arrayObject-append($value) 2. ??? -eddy -- Abraços Edgar Ferreira da Silva Engenheiro de Software Campinas - SP (19) 8110-0733 http://edgarfs.com.br - Aprenda PHP, cole códigos, saiba das vagas de empregos: http://www.manjaphp.com.br -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ArrayObject - Posibillity to add key = value pair per default?
On Wed, Jan 14, 2009 at 6:18 AM, Edgar da Silva (Fly2k) silva.ed...@gmail.com wrote: Did you try: $a = new ArrayObject; $a['sometest'] = 'somevalue'; its also worth pointing out, the above syntax is available b/c ArrayObject implements the ArrayAccess interface. http://www.php.net/~helly/php/ext/spl/interfaceArrayAccess.html -nathan
[PHP] Re: ArrayObject - Posibillity to add key = value pair per default?
Edmund Hertle schrieb: Hey, I've just discovered the ArrayObject class, but it seems to not be well documented, so here is my problem: You can use ArrayObject::append() to add a new value to the array, but is there also a method to add a new key and value? And I know that I could extend the class and write my own method but isn't this quite a base method for arrays in php? So maybe I just missed a obvious point? Quick example: Without ArrayObject: 1. $array[] = $value 2. $array[$key] = $value With ArrayObject: 1. $arrayObject-append($value) 2. ??? -eddy Hi Eddy, use offsetSet( key, data) to do this. You can implements the Interface or extend from the Class to extend the functionality (think interceptors __SET and __GET) Regards Carlos Medina -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: iconv is messing up a spreadsheet generated by the Spreadsheet Excel Writer
On Wed, 14 Jan 2009 13:19:31 +0200, Thodoris wrote: Variable_name Value character_set_client utf8 character_set_connection utf8 character_set_databaselatin1 character_set_filesystem binary character_set_results utf8 character_set_server latin1 character_set_system utf8 What's the character set of the column you get the data from? The charset: latin1 and the collation: latin1_swedish_ci. I'm not sure exactly how these affect the data returned to PHP. The 'connection' and 'results' variables would suggest utf8. In any case, it must be one of 'latin1' or 'utf8'. What happens if you do: $worksheet-setInputEncoding('latin1'); /* or 'ISO-8859-1' */ It would still be helpful to see a hexdump. /Nisse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Quotes in querys
Hello, I am trying to get the following to work: Select Netid from Users where Netid = '$_SESSION[phpCAS][user]' Netid is a string type. No matter where of if I put the quotes, I still get array[phpCAS] not the value. If there is anything I still have trouble with after all these years its quoting variables. Help? Thanks Mike -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: ArrayObject - Posibillity to add key = value pair per default?
Edmund Hertle schrieb: Hey, I've just discovered the ArrayObject class, but it seems to not be well documented, so here is my problem: You can use ArrayObject::append() to add a new value to the array, but is there also a method to add a new key and value? And I know that I could extend the class and write my own method but isn't this quite a base method for arrays in php? So maybe I just missed a obvious point? Quick example: Without ArrayObject: 1. $array[] = $value 2. $array[$key] = $value With ArrayObject: 1. $arrayObject-append($value) 2. ??? -eddy Hi Eddy, use offsetSet( key, data) to do this. You can implements the Interface or extend from the Class to extend the functionality (think interceptors __SET and __GET) Regards Carlos Medina Thank you all. This is completly new to me (didn't thougt that it is possible to use [ ] on objects). So just for clarification:If I write a custom class (not an child of ObjectArray) and implement that array interface then I can use $customClass[$key] = $value and changing the functionality as I like to, for example create a nice usability? Or with an other point of view: Can I use those braces normally on every object? Or is this functionality introduced with implementing the array interface? -eddy
RES: [PHP] Quotes in querys
Try session_start(); $sql = SELECT Netid FROM User WHERE Netid='.$_SESSION['phpCAS']['user'].'; -Mensagem original- De: MikeP [mailto:mpel...@princeton.edu] Enviada em: quarta-feira, 14 de janeiro de 2009 14:17 Para: php-general@lists.php.net Assunto: [PHP] Quotes in querys Hello, I am trying to get the following to work: Select Netid from Users where Netid = '$_SESSION[phpCAS][user]' Netid is a string type. No matter where of if I put the quotes, I still get array[phpCAS] not the value. If there is anything I still have trouble with after all these years its quoting variables. Help? Thanks Mike -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quotes in querys
I am trying to get the following to work: Select Netid from Users where Netid = '$_SESSION[phpCAS][user]' Netid is a string type. No matter where of if I put the quotes, I still get array[phpCAS] not the value. Maybe try this : $q = 'Select Netid from Users where Netid = ' . $_SESSION[phpCAS][user] . ''; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quotes in querys
You can only interpolate ONE level of array or object indirection in a string. WORKS: ... $foo[x] ... ... $foo-x ... FAILS: ... $foo[x][y] ... ... $foo-x-y ... //almost for sure it fails, never tried... You can use curly braces in side a string to evaluate something: WORKS: ... {$foo[x][y]} ... ... {$foo-x-y} ... [soapbox] I personally think this is possibly the ugliest wart of variable/string interpolation. Not sure how/why it came about, but it makes zero sense, really... [/soapbox] ymmv -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: ArrayObject - Posibillity to add key = value pair per default?
In olden times, of PHP 3, you could for sure use -x and [x] interchangeably, as an Object then was little more than a C struct with a couple functions tacked on, as was an array. I think PHP 3 Object may actually have been implemented as a PHP array with some additional C functions on it, come to think of it... Anyway, I believe this feature has survived to this day, but would not swear to it in court. I think your code will be more readable if you stick with one style or the other, personally, but I suppose there may be cases where [x] is equally clear. Note that $customClass-key = $value; would probably also work, and be more in tune, even if it's not a declared member variable of the class. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quotes in querys
On Wed, Jan 14, 2009 at 11:17 AM, MikeP mpel...@princeton.edu wrote: Hello, I am trying to get the following to work: Select Netid from Users where Netid = '$_SESSION[phpCAS][user]' Netid is a string type. No matter where of if I put the quotes, I still get array[phpCAS] not the value. If there is anything I still have trouble with after all these years its quoting variables. Help? Thanks Mike -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Dude we just helped you with this same exact thing the other day. And you're still allowing SQL injection. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quotes in querys
Eric Butera eric.but...@gmail.com wrote in message news:6a8639eb0901140825h1d603d01i3ffcce919dca6...@mail.gmail.com... On Wed, Jan 14, 2009 at 11:17 AM, MikeP mpel...@princeton.edu wrote: Hello, I am trying to get the following to work: Select Netid from Users where Netid = '$_SESSION[phpCAS][user]' Netid is a string type. No matter where of if I put the quotes, I still get array[phpCAS] not the value. If there is anything I still have trouble with after all these years its quoting variables. Help? Thanks Mike -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Dude we just helped you with this same exact thing the other day. And you're still allowing SQL injection. No, actually I test my querys first and then wrap them in mysql_real_escape_string(). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quotes in querys
On Wed, Jan 14, 2009 at 11:34 AM, MikeP mpel...@princeton.edu wrote: Eric Butera eric.but...@gmail.com wrote in message news:6a8639eb0901140825h1d603d01i3ffcce919dca6...@mail.gmail.com... On Wed, Jan 14, 2009 at 11:17 AM, MikeP mpel...@princeton.edu wrote: Hello, I am trying to get the following to work: Select Netid from Users where Netid = '$_SESSION[phpCAS][user]' Netid is a string type. No matter where of if I put the quotes, I still get array[phpCAS] not the value. If there is anything I still have trouble with after all these years its quoting variables. Help? Thanks Mike -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Dude we just helped you with this same exact thing the other day. And you're still allowing SQL injection. No, actually I test my querys first and then wrap them in mysql_real_escape_string(). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Mike, Well to be fair, I don't see any escaping in Select Netid from Users where Netid = '$_SESSION[phpCAS][user]'. You could write: $sql = sprintf( Select Netid from Users where Netid = '%s', mysql_real_escape_string($_SESSION['phpCAS']['user']) ); and not have any of these problems. If you're escaping outside of that statement, then it's potentially tainting your data. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quotes in querys
Thanks, Thats the kind of help I was looking for. Mike c...@l-i-e.com wrote in message news:20090114162142.65944.qm...@o2.hostbaby.com... You can only interpolate ONE level of array or object indirection in a string. WORKS: ... $foo[x] ... ... $foo-x ... FAILS: ... $foo[x][y] ... ... $foo-x-y ... //almost for sure it fails, never tried... You can use curly braces in side a string to evaluate something: WORKS: ... {$foo[x][y]} ... ... {$foo-x-y} ... [soapbox] I personally think this is possibly the ugliest wart of variable/string interpolation. Not sure how/why it came about, but it makes zero sense, really... [/soapbox] ymmv -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: iconv is messing up a spreadsheet generated by the Spreadsheet Excel Writer
The charset: latin1 and the collation: latin1_swedish_ci. Trivia quiz at a MySQL presentation at my Chicago PHP User Group a few year ago comes in handy! The defaults for MySQL are actually latin1_swedish as that is the native language of the original developer, (?Monty Widenus?) This charset differs in only one character (or two chars switched?) from English. It seems unlikely to produce drastic problems in iconv, but I have no idea what I'm actually talking about. We now return you to your regularly scheduled program! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] switch vs elseif
At 2:18 PM -0600 1/13/09, Micah Gersten wrote: Jochem Maas wrote: switch (true) { case ($x === $y): // something break; This is a misuse of the switch statement. Switch is meant to compare values to a single variable as stated on the manual page: http://us2.php.net/switch Thank you, Micah Gersten Micah: I disagree. You may use a switch statement as Jochem demonstrated -- I do it all the time. Just because you think the value within the switch is supposed to be the value examined doesn't mean that doing it otherwise is wrong -- it's just a different way of using that statement. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quotes in querys
Doesn't anybody use prepared statements these days? It even helps MySQL AND Oracle cache an execution plan... Forgive me if I'm wrong, but: Caching an execution plan for a prepared statement that is run only once in the script is just overhead, no? Or can it actually re-use the same cached statement from a different connection by some magical matching up of the context??? Doesn't seem like the kind of thing that would be workable, but what do I know? Now if you said ... allows the DB to cold-stop any SQL injection you'd be 100% right. :-) So MikeP should really consider using prepared statements for that reason, as it lets the DB do the escaping. PS I think MikeP is saying he writes the code once and gets it working, then goes back and adds the escaping in later. This is fine if you ALWAYS remember to do that, but in a frenzy to release under pressure... Bad Idea! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quotes in querys
On Wed, Jan 14, 2009 at 8:41 AM, MikeP mpel...@princeton.edu wrote: Thanks, Thats the kind of help I was looking for. Mike c...@l-i-e.com wrote in message news:20090114162142.65944.qm...@o2.hostbaby.com... You can only interpolate ONE level of array or object indirection in a string. WORKS: ... $foo[x] ... ... $foo-x ... FAILS: ... $foo[x][y] ... ... $foo-x-y ... //almost for sure it fails, never tried... You can use curly braces in side a string to evaluate something: WORKS: ... {$foo[x][y]} ... ... {$foo-x-y} ... [soapbox] I personally think this is possibly the ugliest wart of variable/string interpolation. Not sure how/why it came about, but it makes zero sense, really... [/soapbox] ymmv -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Doesn't anybody use prepared statements these days? It even helps MySQL AND Oracle cache an execution plan... -- Kyle Terry | www.kyleterry.com
[PHP] Basic Authentication
Hi gang: Let's say that I don't want to use the htpasswd command from the UNIX shell to generate an encoded password -- how else can I create an encoded password string that would work in a .htaccess file using basic authentication? Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Authentication
2009/1/14 tedd t...@sperling.com: Let's say that I don't want to use the htpasswd command from the UNIX shell to generate an encoded password -- how else can I create an encoded password string that would work in a .htaccess file using basic authentication? AFAIK it's an MD5 hash, nothing more complicated than that. -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Authentication
On Wed, Jan 14, 2009 at 12:36 PM, Stuart stut...@gmail.com wrote: 2009/1/14 tedd t...@sperling.com: Let's say that I don't want to use the htpasswd command from the UNIX shell to generate an encoded password -- how else can I create an encoded password string that would work in a .htaccess file using basic authentication? AFAIK it's an MD5 hash, nothing more complicated than that. -Stuart I think the last time I used basic authentication I just generated passwords with crypt(). At that time, the hashes certainly weren't MD5 (I think they were only 13 characters), but based on the manual that seems to be variable with the system anyway. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quotes in querys
On Wed, Jan 14, 2009 at 9:11 AM, c...@l-i-e.com wrote: Doesn't anybody use prepared statements these days? It even helps MySQL AND Oracle cache an execution plan... Forgive me if I'm wrong, but: Caching an execution plan for a prepared statement that is run only once in the script is just overhead, no? Or can it actually re-use the same cached statement from a different connection by some magical matching up of the context??? Doesn't seem like the kind of thing that would be workable, but what do I know? Now if you said ... allows the DB to cold-stop any SQL injection you'd be 100% right. :-) So MikeP should really consider using prepared statements for that reason, as it lets the DB do the escaping. PS I think MikeP is saying he writes the code once and gets it working, then goes back and adds the escaping in later. This is fine if you ALWAYS remember to do that, but in a frenzy to release under pressure... Bad Idea! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php It is over head, but it caches the execution plan for multiple runs of the script. So different users with different data will use the same cached query on the database. Saving processing time. It also prevents SQL injection on the fly because you are indicating what data type each place holder will need to accept. -- Kyle Terry | www.kyleterry.com
Fwd: [PHP] Quotes in querys
On Wed, Jan 14, 2009 at 10:07 AM, Kyle Terry k...@kyleterry.com wrote: On Wed, Jan 14, 2009 at 9:11 AM, c...@l-i-e.com wrote: Doesn't anybody use prepared statements these days? It even helps MySQL AND Oracle cache an execution plan... Forgive me if I'm wrong, but: Caching an execution plan for a prepared statement that is run only once in the script is just overhead, no? Or can it actually re-use the same cached statement from a different connection by some magical matching up of the context??? Doesn't seem like the kind of thing that would be workable, but what do I know? Now if you said ... allows the DB to cold-stop any SQL injection you'd be 100% right. :-) So MikeP should really consider using prepared statements for that reason, as it lets the DB do the escaping. PS I think MikeP is saying he writes the code once and gets it working, then goes back and adds the escaping in later. This is fine if you ALWAYS remember to do that, but in a frenzy to release under pressure... Bad Idea! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php It is over head, but it caches the execution plan for multiple runs of the script. So different users with different data will use the same cached query on the database. Saving processing time. It also prevents SQL injection on the fly because you are indicating what data type each place holder will need to accept. -- Kyle Terry | www.kyleterry.com To elaborate even further, the whole point of prepared statements and created an execution plan is to tell the database EXACTLY how the query should be run. Preventing a drop table or 1=1 being injected. MySQL will just look at it, laugh, and store it in the table or throw an error. -- Kyle Terry | www.kyleterry.com -- Kyle Terry | www.kyleterry.com
Re: [PHP] Re: ArrayObject - Posibillity to add key = value pair per default?
On Wed, Jan 14, 2009 at 9:20 AM, Edmund Hertle edmund.her...@student.kit.edu wrote: Edmund Hertle schrieb: Hey, I've just discovered the ArrayObject class, but it seems to not be well documented, so here is my problem: You can use ArrayObject::append() to add a new value to the array, but is there also a method to add a new key and value? And I know that I could extend the class and write my own method but isn't this quite a base method for arrays in php? So maybe I just missed a obvious point? Quick example: Without ArrayObject: 1. $array[] = $value 2. $array[$key] = $value With ArrayObject: 1. $arrayObject-append($value) 2. ??? -eddy Hi Eddy, use offsetSet( key, data) to do this. You can implements the Interface or extend from the Class to extend the functionality (think interceptors __SET and __GET) Regards Carlos Medina Thank you all. This is completly new to me (didn't thougt that it is possible to use [ ] on objects). So just for clarification:If I write a custom class (not an child of ObjectArray) and implement that array interface then I can use $customClass[$key] = $value and changing the functionality as I like to, for example create a nice usability? all you have to do is implement ArrayAccess, then your objects can use the array notation. there are 4 methods youll need to define, per the interface, offsetExists($offset) offsetGet($offset) offsetSet($offset, $value) offsetUnset($offset) Or with an other point of view: Can I use those braces normally on every object? no, however some internal classes that do not explicitly implement ArrayAccess support array notation, such as SimpleXMLElement. Class [ internal:SimpleXML iterateable class SimpleXMLElement implements Traversable ] Or is this functionality introduced with implementing the array interface? its ArrayAccess, and yes; however internal classes dont *need* to implement it in order to expose the array notation, afaik. -nathan
Re: [PHP] Basic Authentication
At 12:51 PM -0500 1/14/09, Andrew Ballard wrote: On Wed, Jan 14, 2009 at 12:36 PM, Stuart stut...@gmail.com wrote: 2009/1/14 tedd t...@sperling.com: Let's say that I don't want to use the htpasswd command from the UNIX shell to generate an encoded password -- how else can I create an encoded password string that would work in a .htaccess file using basic authentication? AFAIK it's an MD5 hash, nothing more complicated than that. -Stuart I think the last time I used basic authentication I just generated passwords with crypt(). At that time, the hashes certainly weren't MD5 (I think they were only 13 characters), but based on the manual that seems to be variable with the system anyway. Andrew Andrew: Yeah, that's what I found as well -- it wasn't a MD5. So basically my question is What is it? Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Authentication
What it is depends on what encryption routines you have installed. The algorithm to authenticate detects the algorithm based on the hash. 32-char : MD5 $1$ : SHA-1 $2$ : SHA-2 etc. (Apologies if I got my tokens/algorithms wrong) If you just toss MD5s in there, it should work, I think, if you have MD5 installed and available. It picks the best available when it adds a new entry. So an old file might look like: #your box came with MD5 installed joe:MD5 alice:MD5 #you installed SHA-2 bob:SHA-2 lee:SHA-2 At least, that's been my experience so far... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP, Smarty, and Text
Robert Cummings wrote: On Tue, 2009-01-13 at 18:18 -1000, Daniel Kolbo wrote: Phpster wrote: What about stripping out all the 'nuances' and just reducing it to just the text where you then control the display and using your templates and css? Bastien Sent from my iPod On Jan 13, 2009, at 9:49 PM, Daniel Kolbo kolb0...@umn.edu wrote: Hello, I've been using PHP and Smarty for several years now and I am happy with this division of data from presentation. With this philosophy in mind, i am a bit perplexed as to how to handle the text on my sites. That is, the text is data, so i am motivated to store the text in a database, files, or the like, but then text is loaded with little markup nuances (random italics/weight/colors, etc...) that make template design rather ugly. This motivates me to put markup (maybe even my own brand of markup) around the text, and to store this markup-text combination in a database. But I don't like this either, because a lot of the people writing the content/text know word/writer not markup. So i am motivated to have them save their text as .html, and I parse this file and modify accordingly. However, i don't like this either as not all word/writer styles are 1-to-1 with CSS. Without any options I am back to thinking hard code the text with markup in included templates, but it hurts just thinking of updating/modifying. I have looked (briefly) at Web Content Management Systems, but this seems like overkill really, maybe i'm ignorant. What would the community suggest? The text can take on many forms, introduction text, about text, product information, articles, blurbs, (some changes daily, some doesn't) etc...where does all this text live in 'properly' designed site. Thanks in advance, dK Hello Bastien, The difficulty with implementing your suggestions is that say in a paragraph of text that has random bold or italics (etc...) (as determined by the one drafting the text), how would i recover these bold/italics if i remove them? Strip all tags except bold and italics. Then replace b with strong and i with em since the former tags are deprecated. If semantic meaning is not intended by b and i then replace with span class=bold and span class=italic and create those CSS styles. Cheers, Rob. Yes, okay, but who is putting the tags there in the first place? The writers who are drafting these in word/writer are not marking them up...So say I put tags around the required items, then when the writer goes to edit, they are going to say what is all this, it is not a 'seamless' division. I am really looking for a three fold division, 1) Logic/data, 2) presentation, and 3) text. Just like the logic side doesn't concern itself with presentation, I'd like the writers to not be concerned with presentation/markup either (except for using the styles available in word/writer). It seems a bit tricky...the writer is providing the data without PHP knowledge and some styles without Smarty knowledge. The question is how does one bridge this strange gap in a manageable and easily scalable way? dK
Re: [PHP] PHP, Smarty, and Text
On Wed, 2009-01-14 at 09:08 -1000, Daniel Kolbo wrote: Robert Cummings wrote: On Tue, 2009-01-13 at 18:18 -1000, Daniel Kolbo wrote: Phpster wrote: What about stripping out all the 'nuances' and just reducing it to just the text where you then control the display and using your templates and css? Bastien Sent from my iPod On Jan 13, 2009, at 9:49 PM, Daniel Kolbo kolb0...@umn.edu wrote: Hello, I've been using PHP and Smarty for several years now and I am happy with this division of data from presentation. With this philosophy in mind, i am a bit perplexed as to how to handle the text on my sites. That is, the text is data, so i am motivated to store the text in a database, files, or the like, but then text is loaded with little markup nuances (random italics/weight/colors, etc...) that make template design rather ugly. This motivates me to put markup (maybe even my own brand of markup) around the text, and to store this markup-text combination in a database. But I don't like this either, because a lot of the people writing the content/text know word/writer not markup. So i am motivated to have them save their text as .html, and I parse this file and modify accordingly. However, i don't like this either as not all word/writer styles are 1-to-1 with CSS. Without any options I am back to thinking hard code the text with markup in included templates, but it hurts just thinking of updating/modifying. I have looked (briefly) at Web Content Management Systems, but this seems like overkill really, maybe i'm ignorant. What would the community suggest? The text can take on many forms, introduction text, about text, product information, articles, blurbs, (some changes daily, some doesn't) etc...where does all this text live in 'properly' designed site. Thanks in advance, dK Hello Bastien, The difficulty with implementing your suggestions is that say in a paragraph of text that has random bold or italics (etc...) (as determined by the one drafting the text), how would i recover these bold/italics if i remove them? Strip all tags except bold and italics. Then replace b with strong and i with em since the former tags are deprecated. If semantic meaning is not intended by b and i then replace with span class=bold and span class=italic and create those CSS styles. Cheers, Rob. Yes, okay, but who is putting the tags there in the first place? The writers who are drafting these in word/writer are not marking them up...So say I put tags around the required items, then when the writer goes to edit, they are going to say what is all this, it is not a 'seamless' division. I am really looking for a three fold division, 1) Logic/data, 2) presentation, and 3) text. Just like the logic side doesn't concern itself with presentation, I'd like the writers to not be concerned with presentation/markup either (except for using the styles available in word/writer). It seems a bit tricky...the writer is providing the data without PHP knowledge and some styles without Smarty knowledge. The question is how does one bridge this strange gap in a manageable and easily scalable way? So apply the stripping and replacements to the content you have saved, but don't modify the saved content itself. You can add another field to the same table containing the data called formatted_content and save it alongside the original. The tags are being inserted by Microsoft when you copy/paste from one medium to another. I do beleive MS detects you are pasting from a Word document to an HTML format and transparently performs the conversion for you. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP unlink Permission Error
On Wed, 2009-01-14 at 07:48 -0500, Alice Wei wrote: Subject: RE: [PHP] PHP unlink Permission Error From: a...@ashleysheridan.co.uk To: aj...@alumni.iu.edu CC: php-general@lists.php.net Date: Tue, 13 Jan 2009 17:07:34 + On Tue, 2009-01-13 at 11:49 -0500, Alice Wei wrote: Subject: RE: [PHP] PHP unlink Permission Error From: a...@ashleysheridan.co.uk To: aj...@alumni.iu.edu CC: php-general@lists.php.net Date: Tue, 13 Jan 2009 16:50:31 + On Tue, 2009-01-13 at 11:33 -0500, Alice Wei wrote: Hi, Ashley: Sorry. To answer the question from your previous entry, it looks like that my permission could be set and changed for the folder, but when I do it on the file, I only get 0666. I have the latest code on another entry. Thanks a lot for your help. Alice Alice Wei Indiana University, Master of Information Science Application Programmer ProCure Treatment Centers, Inc. 420 N. Walnut St. Bloomington, IN 47404 812-330-6644 (office) 812-219-5708 (mobile) alice@procurecenters.com(email) http://www.procurecenters.com/index.php (web) __ Subject: RE: [PHP] PHP unlink Permission Error From: a...@ashleysheridan.co.uk To: aj...@alumni.iu.edu CC: php-general@lists.php.net Date: Tue, 13 Jan 2009 16:36:36 + snip/ No, we tend to bottom-post on this list. It's just how we roll... Ash www.ashleysheridan.co.uk __ Check the weather nationwide with MSN Search Try it now! The user that your web server is running under (I'm guessing apache of wwwrun) , does this have permission to write to the file. If not, it won't be able to set the permissions for it. You may need to exec out a sudo command to do it, but I wouldn't recommend this. If you need PHP to be able to delete the file, what put it there in the first place? Ash www.ashleysheridan.co.uk What I am trying to do here is that a user would be pushing a button so that the data entries would generate an outfile. The only issue is that the lines would be appended in the file, (I have no issues with this part writing to the file, no permission errors, etc). Therefore, before the outfile is generated, I need to have the prexisting outfile removed and recreated to be written to so that it always stays a new file for use. This is why this script as you have seen is as it is so that I can constantly check if the file exists, and generate a new file if there is. In this case, is there something I could do? Thanks in advance. Alice __ All-in-one security and maintenance for your PC. Get a free 90-day trial! Learn more! If your script is writing to the file, and the directory has 777 permissions, then there should be no trouble deleting the file. If that's still a problem, why not each time the file needs to be created anew, open the file with a w flag, which will open it for writing, and will try to create the file if it doesn't already exist, so you wouldn't ever need to delete it at all. Ash www.ashleysheridan.co.uk Hi, It is weird, because what is on my code for appending and writing looks like this: $myFile = testFile.txt; $fh = fopen($myFile, 'a'); fwrite($fh, $hello); fwrite($fh, \r\n); fclose($fh); The file itself gets executed continuously based on the number I have on the loop. And, my file for creating the file, I have shortened it to only 2 lines: $handle = fopen(testFile.txt, w); fclose($handle); What is interesting is that the files seem to be working, but the file keeps on getting appended rather than recreated when the my code to w the file get executed. I am using this with Actionscript, which calls the first function to open and write the file (or clean up the file), and then do whatever is needed in the second function to append the text to the file. Am I doing anything wrong here? Thanks in advance. __ Use Messenger to talk to your IM friends, even those on Yahoo! Talk now! How is Actionscript calling it? Are you sure that it is indeed calling it properly, and what happens if you execute only the PHP statements without any Actionscript? Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Authentication
What it is depends on what encryption routines you have installed. The algorithm to authenticate detects the algorithm based on the hash. 32-char : MD5 $1$ : SHA-1 $2$ : SHA-2 etc. (Apologies if I got my tokens/algorithms wrong) If you just toss MD5s in there, it should work, I think, if you have MD5 installed and available. It picks the best available when it adds a new entry. So an old file might look like: #your box came with MD5 installed joe:MD5 alice:MD5 #you installed SHA-2 bob:SHA-2 lee:SHA-2 At least, that's been my experience so far... The problem I have is that the sever I'm working on is not mine, thus no way for me to get shell access. I assumed that the server used a different encoding than MD5 because the string it generates is very short, such as: jYYjNLrifgUxk Clearly this is not MD5 encoding and thus the reason for my original post. I do have before and after examples I could use to identify what algorithm was used. I just need to know what algorithms could have been used and (if it's not too much to ask) working example of each. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quotes in querys
On Wed, 2009-01-14 at 11:17 -0500, MikeP wrote: Hello, I am trying to get the following to work: Select Netid from Users where Netid = '$_SESSION[phpCAS][user]' Netid is a string type. No matter where of if I put the quotes, I still get array[phpCAS] not the value. If there is anything I still have trouble with after all these years its quoting variables. Help? Thanks Mike I always go with this: Select Netid from Users where Netid = '{$_SESSION[phpCAS][user]}' The curly braces allow PHP to use the full variable you intended. Note that you may need single quote marks around the text in each square bracket block or PHP my give you a warning about an unintended string literal. Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Fwd: [PHP] Quotes in querys
On Wed, 2009-01-14 at 10:11 -0800, Kyle Terry wrote: On Wed, Jan 14, 2009 at 10:07 AM, Kyle Terry k...@kyleterry.com wrote: On Wed, Jan 14, 2009 at 9:11 AM, c...@l-i-e.com wrote: Doesn't anybody use prepared statements these days? It even helps MySQL AND Oracle cache an execution plan... Forgive me if I'm wrong, but: Caching an execution plan for a prepared statement that is run only once in the script is just overhead, no? Or can it actually re-use the same cached statement from a different connection by some magical matching up of the context??? Doesn't seem like the kind of thing that would be workable, but what do I know? Now if you said ... allows the DB to cold-stop any SQL injection you'd be 100% right. :-) So MikeP should really consider using prepared statements for that reason, as it lets the DB do the escaping. PS I think MikeP is saying he writes the code once and gets it working, then goes back and adds the escaping in later. This is fine if you ALWAYS remember to do that, but in a frenzy to release under pressure... Bad Idea! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php It is over head, but it caches the execution plan for multiple runs of the script. So different users with different data will use the same cached query on the database. Saving processing time. It also prevents SQL injection on the fly because you are indicating what data type each place holder will need to accept. -- Kyle Terry | www.kyleterry.com To elaborate even further, the whole point of prepared statements and created an execution plan is to tell the database EXACTLY how the query should be run. Preventing a drop table or 1=1 being injected. MySQL will just look at it, laugh, and store it in the table or throw an error. -- Kyle Terry | www.kyleterry.com See, I knew my computer was laughing at me... They all looked at me funny, but I knew it was true! Ash www.ashleysheridan.co.uk
Re: [PHP] Basic Authentication
There are a number of online tools for creating the proper htaccess and htpasswd files for basic auth. Here's a couple (forget which one I used last time I needed it, both have 'visited' links in my browser): http://www.wmtips.com/tools/htpasswd-generator/ http://www.htaccesstools.com/htaccess-authentication/ They should be secure enough since they don't really know what site you're going to use them on, but apply whatever paranoia you're comfortable with to using such tools. -TG - Original Message - From: tedd t...@sperling.com To: PHP-General php-general@lists.php.net Date: Wed, 14 Jan 2009 12:31:15 -0500 Subject: [PHP] Basic Authentication Hi gang: Let's say that I don't want to use the htpasswd command from the UNIX shell to generate an encoded password -- how else can I create an encoded password string that would work in a .htaccess file using basic authentication? Cheers, tedd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP, Smarty, and Text
Robert Cummings wrote: On Tue, 2009-01-13 at 18:18 -1000, Daniel Kolbo wrote: Phpster wrote: What about stripping out all the 'nuances' and just reducing it to just the text where you then control the display and using your templates and css? Bastien Sent from my iPod On Jan 13, 2009, at 9:49 PM, Daniel Kolbo kolb0...@umn.edu wrote: Hello, I've been using PHP and Smarty for several years now and I am happy with this division of data from presentation. With this philosophy in mind, i am a bit perplexed as to how to handle the text on my sites. That is, the text is data, so i am motivated to store the text in a database, files, or the like, but then text is loaded with little markup nuances (random italics/weight/colors, etc...) that make template design rather ugly. This motivates me to put markup (maybe even my own brand of markup) around the text, and to store this markup-text combination in a database. But I don't like this either, because a lot of the people writing the content/text know word/writer not markup. So i am motivated to have them save their text as .html, and I parse this file and modify accordingly. However, i don't like this either as not all word/writer styles are 1-to-1 with CSS. Without any options I am back to thinking hard code the text with markup in included templates, but it hurts just thinking of updating/modifying. I have looked (briefly) at Web Content Management Systems, but this seems like overkill really, maybe i'm ignorant. What would the community suggest? The text can take on many forms, introduction text, about text, product information, articles, blurbs, (some changes daily, some doesn't) etc...where does all this text live in 'properly' designed site. Thanks in advance, dK Hello Bastien, The difficulty with implementing your suggestions is that say in a paragraph of text that has random bold or italics (etc...) (as determined by the one drafting the text), how would i recover these bold/italics if i remove them? Strip all tags except bold and italics. Then replace b with strong and i with em since the former tags are deprecated. If semantic meaning is not intended by b and i then replace with span class=bold and span class=italic and create those CSS styles. Cheers, Rob. Yes, okay, but who is putting the tags there in the first place? The writers who are drafting these in word/writer are not marking them up...So say I put tags around the required items, then when the writer goes to edit, they are going to say what is all this, it is not a 'seamless' division. I am really looking for a three fold division, 1) Logic/data, 2) presentation, and 3) text. Just like the logic side doesn't concern itself with presentation, I'd like the writers to not be concerned with presentation/markup either (except for using the styles available in word/writer). It seems a bit tricky...the writer is providing the data without PHP knowledge and some styles without Smarty knowledge. The question is how does one bridge this strange gap in a manageable and easily scalable way? dK What about using a WYSIWYG Editor? http://tinymce.moxiecode.com/ Data created by the editor can then be parsed to change elements or add classes (and then should also be parsed back when again editing the data)
Re: [PHP] Basic Authentication
On Wed, Jan 14, 2009 at 2:34 PM, tedd tedd.sperl...@gmail.com wrote: What it is depends on what encryption routines you have installed. The algorithm to authenticate detects the algorithm based on the hash. 32-char : MD5 $1$ : SHA-1 $2$ : SHA-2 etc. (Apologies if I got my tokens/algorithms wrong) If you just toss MD5s in there, it should work, I think, if you have MD5 installed and available. It picks the best available when it adds a new entry. So an old file might look like: #your box came with MD5 installed joe:MD5 alice:MD5 #you installed SHA-2 bob:SHA-2 lee:SHA-2 At least, that's been my experience so far... The problem I have is that the sever I'm working on is not mine, thus no way for me to get shell access. I assumed that the server used a different encoding than MD5 because the string it generates is very short, such as: jYYjNLrifgUxk Clearly this is not MD5 encoding and thus the reason for my original post. I do have before and after examples I could use to identify what algorithm was used. I just need to know what algorithms could have been used and (if it's not too much to ask) working example of each. Cheers, tedd So can you not just use PHP's crypt() function? It doesn't require shell access, and like I said - it worked fine for me the last time I used basic auth. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Authentication
2009/1/14 tedd tedd.sperl...@gmail.com What it is depends on what encryption routines you have installed. The algorithm to authenticate detects the algorithm based on the hash. 32-char : MD5 $1$ : SHA-1 $2$ : SHA-2 etc. (Apologies if I got my tokens/algorithms wrong) If you just toss MD5s in there, it should work, I think, if you have MD5 installed and available. It picks the best available when it adds a new entry. So an old file might look like: #your box came with MD5 installed joe:MD5 alice:MD5 #you installed SHA-2 bob:SHA-2 lee:SHA-2 At least, that's been my experience so far... The problem I have is that the sever I'm working on is not mine, thus no way for me to get shell access. I assumed that the server used a different encoding than MD5 because the string it generates is very short, such as: jYYjNLrifgUxk Clearly this is not MD5 encoding and thus the reason for my original post. I do have before and after examples I could use to identify what algorithm was used. I just need to know what algorithms could have been used and (if it's not too much to ask) working example of each. Cheers, Did you read: http://de.php.net/manual/en/function.crypt.php ?I think if you just use crypt() it will work just fine. Those short Hashes would then be DES (i think this is standard on UNIX/Linux Server) -eddy
Re: [PHP] Quotes in querys
Ashley Sheridan a...@ashleysheridan.co.uk wrote in message news:1231962521.3613.13.ca...@localhost.localdomain... On Wed, 2009-01-14 at 11:17 -0500, MikeP wrote: Hello, I am trying to get the following to work: Select Netid from Users where Netid = '$_SESSION[phpCAS][user]' Netid is a string type. No matter where of if I put the quotes, I still get array[phpCAS] not the value. If there is anything I still have trouble with after all these years its quoting variables. Help? Thanks Mike I always go with this: Select Netid from Users where Netid = '{$_SESSION[phpCAS][user]}' The curly braces allow PHP to use the full variable you intended. Note that you may need single quote marks around the text in each square bracket block or PHP my give you a warning about an unintended string literal. Ash www.ashleysheridan.co.uk even though it might have it's drawbacks I've never had a problem with concat for sql statements. $sqlstmt = Select Netid from Users where Netid = ' . $_SESSION['phpCAS']['user']} . '; Frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Authentication
tedd wrote: What it is depends on what encryption routines you have installed. The algorithm to authenticate detects the algorithm based on the hash. 32-char : MD5 $1$ : SHA-1 $2$ : SHA-2 etc. (Apologies if I got my tokens/algorithms wrong) If you just toss MD5s in there, it should work, I think, if you have MD5 installed and available. It picks the best available when it adds a new entry. So an old file might look like: #your box came with MD5 installed joe:MD5 alice:MD5 #you installed SHA-2 bob:SHA-2 lee:SHA-2 At least, that's been my experience so far... The problem I have is that the sever I'm working on is not mine, thus no way for me to get shell access. I assumed that the server used a different encoding than MD5 because the string it generates is very short, such as: jYYjNLrifgUxk Clearly this is not MD5 encoding and thus the reason for my original post. I do have before and after examples I could use to identify what algorithm was used. I just need to know what algorithms could have been used and (if it's not too much to ask) working example of each. Cheers, tedd As others have said, use crypt(). http://php.net/manual/function.crypt.php has Example #2 Using crypt() with htpasswd. -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quotes in querys
On Wed, 2009-01-14 at 15:24 -0500, Frank Stanovcak wrote: Ashley Sheridan a...@ashleysheridan.co.uk wrote in message news:1231962521.3613.13.ca...@localhost.localdomain... On Wed, 2009-01-14 at 11:17 -0500, MikeP wrote: Hello, I am trying to get the following to work: Select Netid from Users where Netid = '$_SESSION[phpCAS][user]' Netid is a string type. No matter where of if I put the quotes, I still get array[phpCAS] not the value. If there is anything I still have trouble with after all these years its quoting variables. Help? Thanks Mike I always go with this: Select Netid from Users where Netid = '{$_SESSION[phpCAS][user]}' The curly braces allow PHP to use the full variable you intended. Note that you may need single quote marks around the text in each square bracket block or PHP my give you a warning about an unintended string literal. Ash www.ashleysheridan.co.uk even though it might have it's drawbacks I've never had a problem with concat for sql statements. $sqlstmt = Select Netid from Users where Netid = ' . $_SESSION['phpCAS']['user']} . '; Frank That wont work, you forgot to take out the extra } at the end ;) Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP, Smarty, and Text
One way to balance the author's need to have nice-looking output, and your need to keep the content/html under control is to provide the authors with a variety of template layouts with varying number/placement/sizes of images and blocks of text. Build a half-dozen of them, allow only ASCII text input, let the author pick their poison, and Bob's yer uncle, for many clients/projects. Make them generic enough and re-use them forever. :-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Zend Framework...where to start?
I've been reading about these great new 'frameworks' for PHP development. The most similar experience I have so far is using PEAR/Smarty in application development. I am becoming very interested in adding one (or more) of these frameworks to my work existence. I'm leaning toward the Zend Framework for the following reasons: 1. Zend's commitment to PHP in the enterprise environment 2. I'm studying for Zend PHP certification...so remaining within the same family sort of makes sense. 3. It's widely heralded as a very good 'framework' 4. Integration with my IDE, Zend Studio 5. Great support/userbase/forums/docs I'm getting ready to start a new project that is going to be somewhat of a stretch for me. It'll be probably the most complex project I've done where I'm the only designer/developer and have to do everything myself: from func spec to mockups to wireframes to database design to documentation to code to maintenance...all of it is me. What do you think, should I kill 2 birds with one stone and use the ZF to build this new project? Or would it slow me down to add 'learning the ins and outs of a new way of working' to my already long list of tasks and short time to complete them? Zend touts this thing as 'saving time' and 'letting you work more efficiently'. Will the new developer who is learning how to use ZF realize those efficiencies or are they only for the people who are quite experienced with the framework? I'm curious about whether it's practical to begin with a framework by using it on a real, production project. ?? John Corry
Re: [PHP] Zend Framework...where to start?
On Wed, Jan 14, 2009 at 3:36 PM, jco...@gmail.com wrote: I've been reading about these great new 'frameworks' for PHP development. The most similar experience I have so far is using PEAR/Smarty in application development. I am becoming very interested in adding one (or more) of these frameworks to my work existence. I'm leaning toward the Zend Framework for the following reasons: 1. Zend's commitment to PHP in the enterprise environment 2. I'm studying for Zend PHP certification...so remaining within the same family sort of makes sense. 3. It's widely heralded as a very good 'framework' 4. Integration with my IDE, Zend Studio 5. Great support/userbase/forums/docs I'm getting ready to start a new project that is going to be somewhat of a stretch for me. It'll be probably the most complex project I've done where I'm the only designer/developer and have to do everything myself: from func spec to mockups to wireframes to database design to documentation to code to maintenance...all of it is me. What do you think, should I kill 2 birds with one stone and use the ZF to build this new project? Or would it slow me down to add 'learning the ins and outs of a new way of working' to my already long list of tasks and short time to complete them? Zend touts this thing as 'saving time' and 'letting you work more efficiently'. Will the new developer who is learning how to use ZF realize those efficiencies or are they only for the people who are quite experienced with the framework? I'm curious about whether it's practical to begin with a framework by using it on a real, production project. ?? John Corry ZF isn't going to save you any time on a single project. The time savings is over time with multiple projects where everything is organized the same way, code sharing, new developers not having to learn something new each time, etc. It is also one of the hardest to actually use too since it can be customized on any part of it. I'd recommend it though because it does have a good community, lots of eyes on it, frequent releases, docs. The only way to really know if it works though is to use it for real. When I play code at home I'm never going to give myself the hard time about some weird edge case business rule that I have to at work. Using ZF on a project is going to make you have to do that and learn where it works and doesn't work for you. There's a lot more to this discussion though. So keep researching and trying different ones out. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP, Smarty, and Text
On Tue, Jan 13, 2009 at 6:49 PM, Daniel Kolbo kolb0...@umn.edu wrote: Hello, I've been using PHP and Smarty for several years now and I am happy with this division of data from presentation. With this philosophy in mind, i am a bit perplexed as to how to handle the text on my sites. That is, the text is data, so i am motivated to store the text in a database, files, or the like, but then text is loaded with little markup nuances (random italics/weight/colors, etc...) that make template design rather ugly. This motivates me to put markup (maybe even my own brand of markup) around the text, and to store this markup-text combination in a database. But I don't like this either, because a lot of the people writing the content/text know word/writer not markup. So i am motivated to have them save their text as .html, and I parse this file and modify accordingly. However, i don't like this either as not all word/writer styles are 1-to-1 with CSS. Without any options I am back to thinking hard code the text with markup in included templates, but it hurts just thinking of updating/modifying. I have looked (briefly) at Web Content Management Systems, but this seems like overkill really, maybe i'm ignorant. What would the community suggest? The text can take on many forms, introduction text, about text, product information, articles, blurbs, (some changes daily, some doesn't) etc...where does all this text live in 'properly' designed site. Thanks in advance, dK For specific requirements like this. I think it is very OK to set some rules when the user inputs the text. You can make the simple text area and make some custom tags for ur application only. For example bold in ur application means b in html. This way you can str_replace all that user enters in to watever class or text u want to to make it look pretty. Its an easier way and reliable way because you have the authority to validate user input if it does not match certian criteria that you may need. I don't know you can never blame user for what he enters. Not every user is computer literate and our code should always cater the needs of this kind of user and I feel its perfectly ok to tell the user to enter proper data if it doesnot meet ur standards. Thanks, V
Re: [PHP] PHP, Smarty, and Text
VamVan wrote: On Tue, Jan 13, 2009 at 6:49 PM, Daniel Kolbo kolb0...@umn.edu wrote: Hello, I've been using PHP and Smarty for several years now and I am happy with this division of data from presentation. With this philosophy in mind, i am a bit perplexed as to how to handle the text on my sites. That is, the text is data, so i am motivated to store the text in a database, files, or the like, but then text is loaded with little markup nuances (random italics/weight/colors, etc...) that make template design rather ugly. This motivates me to put markup (maybe even my own brand of markup) around the text, and to store this markup-text combination in a database. But I don't like this either, because a lot of the people writing the content/text know word/writer not markup. So i am motivated to have them save their text as .html, and I parse this file and modify accordingly. However, i don't like this either as not all word/writer styles are 1-to-1 with CSS. Without any options I am back to thinking hard code the text with markup in included templates, but it hurts just thinking of updating/modifying. I have looked (briefly) at Web Content Management Systems, but this seems like overkill really, maybe i'm ignorant. What would the community suggest? The text can take on many forms, introduction text, about text, product information, articles, blurbs, (some changes daily, some doesn't) etc...where does all this text live in 'properly' designed site. Thanks in advance, dK For specific requirements like this. I think it is very OK to set some rules when the user inputs the text. You can make the simple text area and make some custom tags for ur application only. For example bold in ur application means b in html. This way you can str_replace all that user enters in to watever class or text u want to to make it look pretty. Its an easier way and reliable way because you have the authority to validate user input if it does not match certian criteria that you may need. I don't know you can never blame user for what he enters. Not every user is computer literate and our code should always cater the needs of this kind of user and I feel its perfectly ok to tell the user to enter proper data if it doesnot meet ur standards. Thanks, V perhaps you need to make a high level internal decision in you're own brain.. decide if the text is in fact text, or is it fragments of html - decide which it is then treat it accordingly - if you decide it's html then all you need to do is sanitize it and save it wherever (database, flat files, anything); - note: i often think it's wise to save a plain text version of all html fragments in addition, saves you repeating code and is smaller if you want to save it in a fulltext indexed column (more space in the db sicne two versions, but faster better indexes as only on the plaintext) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend (or other) Framework...where to start?
Well, bummer. I *seriously* need to divine a way to increase my efficiency both immediately and for the long term as I maintain tomorrow the applications I build today. For the new-to-frameworks, is there a better/easier framework to use that will streamline the development process from the beginning? I've looked at Codeigniter and LOVE the user guide/documentation...the underlying philosophy of that product looks very attractive too. Any others? I'd love to have the time to 'play around' with one or more of these to get an idea of strengths/weaknesses...but due to schedule and commitments, this 'playing around' is going to have to take place in the production, for-hire context. Surely we're all familiar with 'on the job training', right? ; ) John Corry ZF isn't going to save you any time on a single project. The time savings is over time with multiple projects where everything is organized the same way, code sharing, new developers not having to learn something new each time, etc. It is also one of the hardest to actually use too since it can be customized on any part of it. I'd recommend it though because it does have a good community, lots of eyes on it, frequent releases, docs There's a lot more to this discussion though. So keep researching and trying different ones out... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend Framework...where to start? -- don't.
Not to start a Holy War (as these to framework or not to framework debates often turn into), but I personally had a horrible experience with using frameworks. I was forced to use Symfony at my last job and it was so cumbersome and slow to do even the simplest things. The whole MVC thing can be overkill. Plus the learning curve can be quite steep. Then if you want to hire other developers to work with you, you have to train them and let them ramp up on not only the framework but also your core project too! More wasted time. The pages are significantly slower than straight PHP by orders of magnitude: http://paul-m-jones.com/?p=315 The basic problem with frameworks is they try to be one thing for all people. This carries a lot of baggage with it. There's a lot of crap you end up pulling in that you don't want/need. Plus if you want to deviate at all, you either have to roll your own, or sometimes you simply just can't. They seem attractive with all their plugins and stuff, but honestly, rarely do the plugins do EXACTLY what you want, the way you want. It might be as simple as trying to change the look/feel of a button or something and you'll find out that you can't -- so now you have this website that has this section that doesn't look like the rest of your site. And if you find a bug, you have to try to either fix it yourself and then keep those changes migrated into new updates, or submit it to the developer and hope they implement them (and trust me, you can submit to them and have them rejected for all sorts of lame reasons -- even though the work has been done and you're using it!) I advise against it. Just follow good practices and use thin wrappers and functions. Don't get all OO googlie eyed and try to over-engineer and over-OO the code. OO is great for some things (like a User class) but don't start making some OO page renderer or form builder. Don't fall into the DB Abstraction trap either -- just use a wrapper around your DB calls (see attached), so you can swap out that wrapper if (and you almost never do) you change the DB. Don't be suckered by something like QuickForms -- you WILL run into limitations that you can't get around and are at their mercy. Don't buy the hype that DIV's are the magic bullet and TABLEs are poor design -- Tables are still the best and most ubiquitous way to align things in a browser agnostic way (including mobile phones, etc.) and to layout forms. I've not used Zend myself, so I can't say for certain, but the above tenements I think would still hold true. I guess I would trust the Zend one the most given they actually make PHP, but at this point in time, I would never choose to use a bloated framework. Then again, I write enterprise level and very custom applications (Saas) so maybe this doesn't apply if all you're trying to do is make yet another Blog or Photo-album or personal/corporate website or something generic/basic. I've been coding nearly 20 years and founded several $MM companies. That's my take (or rant depending on how you look at it). Daevid. http://daevid.com On Wed, 2009-01-14 at 20:36 +, jco...@gmail.com wrote: I've been reading about these great new 'frameworks' for PHP development. The most similar experience I have so far is using PEAR/Smarty in application development. I am becoming very interested in adding one (or more) of these frameworks to my work existence. I'm leaning toward the Zend Framework for the following reasons: 1. Zend's commitment to PHP in the enterprise environment 2. I'm studying for Zend PHP certification...so remaining within the same family sort of makes sense. 3. It's widely heralded as a very good 'framework' 4. Integration with my IDE, Zend Studio 5. Great support/userbase/forums/docs I'm getting ready to start a new project that is going to be somewhat of a stretch for me. It'll be probably the most complex project I've done where I'm the only designer/developer and have to do everything myself: from func spec to mockups to wireframes to database design to documentation to code to maintenance...all of it is me. What do you think, should I kill 2 birds with one stone and use the ZF to build this new project? Or would it slow me down to add 'learning the ins and outs of a new way of working' to my already long list of tasks and short time to complete them? Zend touts this thing as 'saving time' and 'letting you work more efficiently'. Will the new developer who is learning how to use ZF realize those efficiencies or are they only for the people who are quite experienced with the framework? I'm curious about whether it's practical to begin with a framework by using it on a real, production project. ?? John Corry attachment: db.inc.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend (or other) Framework...where to start?
John Corry wrote: For the new-to-frameworks, is there a better/easier framework to use that will streamline the development process from the beginning? I've been using my own I developed from the ground up for the past couple years, but have recently looked at cakePHP and I think it might be good for some new to frameworks. Drupal is awfully popular, but I've only glanced at it and get the impression there's a bit of a steep learning curve. I'd be very interest to hear what others think of both of these. -- == Skip Evans Big Sky Penguin, LLC 503 S Baldwin St, #1 Madison, Wisconsin 53703 608-250-2720 http://bigskypenguin.com Those of you who believe in telekinetics, raise my hand. -- Kurt Vonnegut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend (or other) Framework...where to start?
On Wed, Jan 14, 2009 at 4:30 PM, John Corry jco...@gmail.com wrote: Well, bummer. I *seriously* need to divine a way to increase my efficiency both immediately and for the long term as I maintain tomorrow the applications I build today. For the new-to-frameworks, is there a better/easier framework to use that will streamline the development process from the beginning? I've looked at Codeigniter and LOVE the user guide/documentation...the underlying philosophy of that product looks very attractive too. Any others? I'd love to have the time to 'play around' with one or more of these to get an idea of strengths/weaknesses...but due to schedule and commitments, this 'playing around' is going to have to take place in the production, for-hire context. Surely we're all familiar with 'on the job training', right? ; ) John Corry Good luck with that. ;) If you aren't willing to invest the effort you're not going to reap the rewards. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quotes in querys
It is over head, but it caches the execution plan for multiple runs of the script. So different users with different data will use the same cached query on the database. Saving processing time. It also prevents SQL injection on the fly because you are indicating what data type each place holder will need to accept. No, it's per session. http://dev.mysql.com/doc/refman/5.0/en/sql-syntax-prepared-statements.html The scope of a prepared statement is the client session within which it is created. Other clients cannot see it. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend Framework...where to start? -- don't.
On Wed, Jan 14, 2009 at 4:39 PM, Daevid Vincent dae...@daevid.com wrote: http://daevid.com It appears your browser does not support some of the advanced features this site requires. That is pretty enteprisey! ;D -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend Framework...where to start? -- don't.
On Wed, 2009-01-14 at 13:39 -0800, Daevid Vincent wrote: Not to start a Holy War (as these to framework or not to framework debates often turn into), but I personally had a horrible experience with using frameworks. I was forced to use Symfony at my last job and it was so cumbersome and slow to do even the simplest things. The whole MVC thing can be overkill. Plus the learning curve can be quite steep. Then if you want to hire other developers to work with you, you have to train them and let them ramp up on not only the framework but also your core project too! More wasted time. The pages are significantly slower than straight PHP by orders of magnitude: http://paul-m-jones.com/?p=315 The basic problem with frameworks is they try to be one thing for all people. This carries a lot of baggage with it. There's a lot of crap you end up pulling in that you don't want/need. Plus if you want to deviate at all, you either have to roll your own, or sometimes you simply just can't. They seem attractive with all their plugins and stuff, but honestly, rarely do the plugins do EXACTLY what you want, the way you want. It might be as simple as trying to change the look/feel of a button or something and you'll find out that you can't -- so now you have this website that has this section that doesn't look like the rest of your site. And if you find a bug, you have to try to either fix it yourself and then keep those changes migrated into new updates, or submit it to the developer and hope they implement them (and trust me, you can submit to them and have them rejected for all sorts of lame reasons -- even though the work has been done and you're using it!) I advise against it. Just follow good practices and use thin wrappers and functions. Don't get all OO googlie eyed and try to over-engineer and over-OO the code. OO is great for some things (like a User class) but don't start making some OO page renderer or form builder. Don't fall into the DB Abstraction trap either -- just use a wrapper around your DB calls (see attached), so you can swap out that wrapper if (and you almost never do) you change the DB. Don't be suckered by something like QuickForms -- you WILL run into limitations that you can't get around and are at their mercy. Don't buy the hype that DIV's are the magic bullet and TABLEs are poor design -- Tables are still the best and most ubiquitous way to align things in a browser agnostic way (including mobile phones, etc.) and to layout forms. I've not used Zend myself, so I can't say for certain, but the above tenements I think would still hold true. I guess I would trust the Zend one the most given they actually make PHP, but at this point in time, I would never choose to use a bloated framework. Then again, I write enterprise level and very custom applications (Saas) so maybe this doesn't apply if all you're trying to do is make yet another Blog or Photo-album or personal/corporate website or something generic/basic. I've been coding nearly 20 years and founded several $MM companies. That's my take (or rant depending on how you look at it). So... to summarize... you've had a bad experience with one framework and decided to paint the rest with the colour of your experience. Seems a bit obtuse. Cheers, Rob. Ps. I'm not in any way recommending my own, I've let the documentation for that lag, so this is about your opinion of frameworks in general from one experience, and not anything to do with me proferring my own :) -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend Framework...where to start? -- don't.
On Wed, 2009-01-14 at 13:39 -0800, Daevid Vincent wrote: Not to start a Holy War (as these to framework or not to framework debates often turn into), but I personally had a horrible experience with using frameworks. I was forced to use Symfony at my last job and it was so cumbersome and slow to do even the simplest things. The whole MVC thing can be overkill. Plus the learning curve can be quite steep. Then if you want to hire other developers to work with you, you have to train them and let them ramp up on not only the framework but also your core project too! More wasted time. The pages are significantly slower than straight PHP by orders of magnitude: http://paul-m-jones.com/?p=315 The basic problem with frameworks is they try to be one thing for all people. This carries a lot of baggage with it. There's a lot of crap you end up pulling in that you don't want/need. Plus if you want to deviate at all, you either have to roll your own, or sometimes you simply just can't. They seem attractive with all their plugins and stuff, but honestly, rarely do the plugins do EXACTLY what you want, the way you want. It might be as simple as trying to change the look/feel of a button or something and you'll find out that you can't -- so now you have this website that has this section that doesn't look like the rest of your site. And if you find a bug, you have to try to either fix it yourself and then keep those changes migrated into new updates, or submit it to the developer and hope they implement them (and trust me, you can submit to them and have them rejected for all sorts of lame reasons -- even though the work has been done and you're using it!) I advise against it. Just follow good practices and use thin wrappers and functions. Don't get all OO googlie eyed and try to over-engineer and over-OO the code. OO is great for some things (like a User class) but don't start making some OO page renderer or form builder. Don't fall into the DB Abstraction trap either -- just use a wrapper around your DB calls (see attached), so you can swap out that wrapper if (and you almost never do) you change the DB. Don't be suckered by something like QuickForms -- you WILL run into limitations that you can't get around and are at their mercy. Don't buy the hype that DIV's are the magic bullet and TABLEs are poor design -- Tables are still the best and most ubiquitous way to align things in a browser agnostic way (including mobile phones, etc.) and to layout forms. I've not used Zend myself, so I can't say for certain, but the above tenements I think would still hold true. I guess I would trust the Zend one the most given they actually make PHP, but at this point in time, I would never choose to use a bloated framework. Then again, I write enterprise level and very custom applications (Saas) so maybe this doesn't apply if all you're trying to do is make yet another Blog or Photo-album or personal/corporate website or something generic/basic. I've been coding nearly 20 years and founded several $MM companies. That's my take (or rant depending on how you look at it). Daevid. http://daevid.com On Wed, 2009-01-14 at 20:36 +, jco...@gmail.com wrote: I've been reading about these great new 'frameworks' for PHP development. The most similar experience I have so far is using PEAR/Smarty in application development. I am becoming very interested in adding one (or more) of these frameworks to my work existence. I'm leaning toward the Zend Framework for the following reasons: 1. Zend's commitment to PHP in the enterprise environment 2. I'm studying for Zend PHP certification...so remaining within the same family sort of makes sense. 3. It's widely heralded as a very good 'framework' 4. Integration with my IDE, Zend Studio 5. Great support/userbase/forums/docs I'm getting ready to start a new project that is going to be somewhat of a stretch for me. It'll be probably the most complex project I've done where I'm the only designer/developer and have to do everything myself: from func spec to mockups to wireframes to database design to documentation to code to maintenance...all of it is me. What do you think, should I kill 2 birds with one stone and use the ZF to build this new project? Or would it slow me down to add 'learning the ins and outs of a new way of working' to my already long list of tasks and short time to complete them? Zend touts this thing as 'saving time' and 'letting you work more efficiently'. Will the new developer who is learning how to use ZF realize those efficiencies or are they only for the people who are quite experienced with the framework? I'm curious about whether it's practical to begin with a framework by using it on a real, production project. ?? John Corry -- PHP General Mailing List (http://www.php.net/) To unsubscribe,
Re: [PHP] Zend Framework...where to start? -- don't.
On Wed, 2009-01-14 at 16:50 -0500, Eric Butera wrote: On Wed, Jan 14, 2009 at 4:39 PM, Daevid Vincent dae...@daevid.com wrote: http://daevid.com It appears your browser does not support some of the advanced features this site requires. That is pretty enteprisey! ;D I got the same message... 2001 called-- they'd like they're web technology back. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend Framework...where to start? -- don't.
On Wed, 2009-01-14 at 17:01 -0500, Robert Cummings wrote: On Wed, 2009-01-14 at 16:50 -0500, Eric Butera wrote: On Wed, Jan 14, 2009 at 4:39 PM, Daevid Vincent dae...@daevid.com wrote: http://daevid.com It appears your browser does not support some of the advanced features this site requires. That is pretty enteprisey! ;D I got the same message... 2001 called-- they'd like they're web technology back. Hmmm.. so I opened it up in Firefox and there's this little window just like one I programmed for IE/Firefox/Opera 4 years ago. Not sure why Opera isn't supported, or any other browser with JavaScript and CSS. Reall, if the browser doesn't support the window thingy, it should just degrade to a normal content box. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend Framework...where to start? -- don't.
On Wed, 2009-01-14 at 17:03 -0500, Robert Cummings wrote: On Wed, 2009-01-14 at 17:01 -0500, Robert Cummings wrote: On Wed, 2009-01-14 at 16:50 -0500, Eric Butera wrote: On Wed, Jan 14, 2009 at 4:39 PM, Daevid Vincent dae...@daevid.com wrote: http://daevid.com It appears your browser does not support some of the advanced features this site requires. That is pretty enteprisey! ;D I got the same message... 2001 called-- they'd like they're web technology back. Hmmm.. so I opened it up in Firefox and there's this little window just like one I programmed for IE/Firefox/Opera 4 years ago. Not sure why Opera isn't supported, or any other browser with JavaScript and CSS. Reall, if the browser doesn't support the window thingy, it should just degrade to a normal content box. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP Spoofing the user agent string in opera doesn't fix it either! Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Security question
This is mostly to make sure I understand how sessions are handled correctly. As far as sessions are concerned the variable data is stored on the server (be it in memory or temp files), and never transmitted accross the net unless output to the page? So this means I should be able to store the username and password for a program in session vars for quick validations, and if I force rentry of the password for sensitive areas (every time) even if someone mannages to spoof the sesid all they will have access to is non sensitive areas? This also assumes I, at least, quick validate at the start of every page immideately after starting the session. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend Framework...where to start? -- don't.
On Wed, Jan 14, 2009 at 5:03 PM, Robert Cummings rob...@interjinn.com wrote: On Wed, 2009-01-14 at 17:01 -0500, Robert Cummings wrote: On Wed, 2009-01-14 at 16:50 -0500, Eric Butera wrote: On Wed, Jan 14, 2009 at 4:39 PM, Daevid Vincent dae...@daevid.com wrote: http://daevid.com It appears your browser does not support some of the advanced features this site requires. That is pretty enteprisey! ;D I got the same message... 2001 called-- they'd like they're web technology back. Hmmm.. so I opened it up in Firefox and there's this little window just like one I programmed for IE/Firefox/Opera 4 years ago. Not sure why Opera isn't supported, or any other browser with JavaScript and CSS. Reall, if the browser doesn't support the window thingy, it should just degrade to a normal content box. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP I'm using Safari. :D -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Security question
On Wed, Jan 14, 2009 at 2:22 PM, Frank Stanovcak blindspot...@comcast.netwrote: This is mostly to make sure I understand how sessions are handled correctly. As far as sessions are concerned the variable data is stored on the server (be it in memory or temp files), and never transmitted accross the net unless output to the page? So this means I should be able to store the username and password for a program in session vars for quick validations, and if I force rentry of the password for sensitive areas (every time) even if someone mannages to spoof the sesid all they will have access to is non sensitive areas? This also assumes I, at least, quick validate at the start of every page immideately after starting the session. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Password should never be stored anywhere in clear text. You can store md5 version in session or database. As long as password is encrypted ure fine and safe. Thanks, V
Re: [PHP] Zend Framework...where to start? -- don't.
On Wed, Jan 14, 2009 at 2:18 PM, Eric Butera eric.but...@gmail.com wrote: On Wed, Jan 14, 2009 at 5:03 PM, Robert Cummings rob...@interjinn.com wrote: On Wed, 2009-01-14 at 17:01 -0500, Robert Cummings wrote: On Wed, 2009-01-14 at 16:50 -0500, Eric Butera wrote: On Wed, Jan 14, 2009 at 4:39 PM, Daevid Vincent dae...@daevid.com wrote: http://daevid.com It appears your browser does not support some of the advanced features this site requires. That is pretty enteprisey! ;D I got the same message... 2001 called-- they'd like they're web technology back. Hmmm.. so I opened it up in Firefox and there's this little window just like one I programmed for IE/Firefox/Opera 4 years ago. Not sure why Opera isn't supported, or any other browser with JavaScript and CSS. Reall, if the browser doesn't support the window thingy, it should just degrade to a normal content box. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP I'm using Safari. :D -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php His website made firefox crash! =[! -- Kyle Terry | www.kyleterry.com
[PHP] HTML pages are faster then php?
hi, as far as I know (at least I was told so) html page will download faster then the same page made with php getting the same info from mysql, right? let's pretend we are building php/mysq based website of one football team. there are pages of every player, about the team, games etc. in admin area there is form to enter player's data: first name, last name, DOB, place of birth, him number (jersey), previous teams, education,... we submit data and they are stored in database. and we just did for john doe, (id=12345), born on 1986-10-02 in Paris, TX (do you remember nastasia kinski? :-)) on front end there is list of players and you click on john doe's name and the page will show submitted data. what if we, together with storing john doe data into mysql, create html page 12345.html with all his data. and actually, when visitor clicks on his name on the list of players it will not open player.php?id=12345 then 12345.html? this page will download faster, right? downside, depending of type of the website, it could be thousands and thousands of pages, but still...? to edit john doe page, the administrator (in admin area) will pull the data from mysql, do the changes and submit new ones to mysql and overwrite 12345.html page. now, what's bad with this structure? what am I thinking wrong? thanks ll
Re: [PHP] HTML pages are faster then php?
On Wed, 2009-01-14 at 14:34 -0800, Lamp Lists wrote: hi, as far as I know (at least I was told so) html page will download faster then the same page made with php getting the same info from mysql, right? let's pretend we are building php/mysq based website of one football team. there are pages of every player, about the team, games etc. in admin area there is form to enter player's data: first name, last name, DOB, place of birth, him number (jersey), previous teams, education,... we submit data and they are stored in database. and we just did for john doe, (id=12345), born on 1986-10-02 in Paris, TX (do you remember nastasia kinski? :-)) on front end there is list of players and you click on john doe's name and the page will show submitted data. what if we, together with storing john doe data into mysql, create html page 12345.html with all his data. and actually, when visitor clicks on his name on the list of players it will not open player.php?id=12345 then 12345.html? this page will download faster, right? downside, depending of type of the website, it could be thousands and thousands of pages, but still...? to edit john doe page, the administrator (in admin area) will pull the data from mysql, do the changes and submit new ones to mysql and overwrite 12345.html page. now, what's bad with this structure? what am I thinking wrong? thanks ll I've seen CMS's do this kind of thing before, and really you only have an advantage if you are getting lots and lots (think many thousands) of visitors a day. The overhead isn't all that large and the user won't even notice it. The advantage to having the site done only in PHP/MySQL is that should you decide to add elements to the site in the future, with a CMS driven site it's much easier than having to edit the part of the CMS that is outputting the HTML files and then making it run through an re-create each and every page, which will be very slow each time you have to do it. Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HTML pages are faster then php?
From: Ashley Sheridan a...@ashleysheridan.co.uk To: Lamp Lists lamp.li...@yahoo.com Cc: php-general@lists.php.net Sent: Wednesday, January 14, 2009 4:47:28 PM Subject: Re: [PHP] HTML pages are faster then php? On Wed, 2009-01-14 at 14:34 -0800, Lamp Lists wrote: hi, as far as I know (at least I was told so) html page will download faster then the same page made with php getting the same info from mysql, right? let's pretend we are building php/mysq based website of one football team. there are pages of every player, about the team, games etc. in admin area there is form to enter player's data: first name, last name, DOB, place of birth, him number (jersey), previous teams, education,... we submit data and they are stored in database. and we just did for john doe, (id=12345), born on 1986-10-02 in Paris, TX (do you remember nastasia kinski? :-)) on front end there is list of players and you click on john doe's name and the page will show submitted data. what if we, together with storing john doe data into mysql, create html page 12345.html with all his data. and actually, when visitor clicks on his name on the list of players it will not open player.php?id=12345 then 12345.html? this page will download faster, right? downside, depending of type of the website, it could be thousands and thousands of pages, but still...? to edit john doe page, the administrator (in admin area) will pull the data from mysql, do the changes and submit new ones to mysql and overwrite 12345.html page. now, what's bad with this structure? what am I thinking wrong? thanks ll I've seen CMS's do this kind of thing before, and really you only have an advantage if you are getting lots and lots (think many thousands) of visitors a day. The overhead isn't all that large and the user won't even notice it. The advantage to having the site done only in PHP/MySQL is that should you decide to add elements to the site in the future, with a CMS driven site it's much easier than having to edit the part of the CMS that is outputting the HTML files and then making it run through an re-create each and every page, which will be very slow each time you have to do it. Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php right. I forgot about banners, advertising, and other stuff around main data. these will be static too... yup... stupid idea... :-)
[PHP] Re: HTML pages are faster then php?
Lamp Lists wrote: hi, as far as I know (at least I was told so) html page will download faster then the same page made with php getting the same info from mysql, right? let's pretend we are building php/mysq based website of one football team. there are pages of every player, about the team, games etc. in admin area there is form to enter player's data: first name, last name, DOB, place of birth, him number (jersey), previous teams, education,... we submit data and they are stored in database. and we just did for john doe, (id=12345), born on 1986-10-02 in Paris, TX (do you remember nastasia kinski? :-)) on front end there is list of players and you click on john doe's name and the page will show submitted data. what if we, together with storing john doe data into mysql, create html page 12345.html with all his data. and actually, when visitor clicks on his name on the list of players it will not open player.php?id=12345 then 12345.html? this page will download faster, right? downside, depending of type of the website, it could be thousands and thousands of pages, but still...? to edit john doe page, the administrator (in admin area) will pull the data from mysql, do the changes and submit new ones to mysql and overwrite 12345.html page. now, what's bad with this structure? what am I thinking wrong? thanks ll sounds like you're just thinking of a publish system (or maybe a cache system) - it works in theory you only generate a page when something changes on it, save the output and present that to the user instead. before you go down this route of publishing you want to work out whether you'll be having constantly changing data on the page, (think widgets, users currently online, how many times the articles been viewed, new articles posted etc), if the answer is yes then it may still be worth doing, or you may be better off using op code caching of some sort. One approach I've seen often that seems to work on high volume sites is to make a system which updates the html file, on view, once it's over X seconds, minutes old and when an update flag is detected, whichever comes first. This way high view pages/change will be cached for at least X whilst low view pages could stay static for hours/days. It strikes a nice balance and I'd personally recommend it. (recently I remade a high volume website like this, the website was previously running on 5 UI servers all at full load during peak hours, it's now sitting on 2 UI servers at av 25% load) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend (or other) Framework...where to start?
On Wed, Jan 14, 2009 at 04:30:59PM -0500, John Corry wrote: Well, bummer. I *seriously* need to divine a way to increase my efficiency both immediately and for the long term as I maintain tomorrow the applications I build today. For the new-to-frameworks, is there a better/easier framework to use that will streamline the development process from the beginning? I've looked at Codeigniter and LOVE the user guide/documentation...the underlying philosophy of that product looks very attractive too. Any others? If you're going to go with a prebuilt framework, I'd recommend CodeIgniter for your first time out. If the docs look good to you (and they are pretty good), you'll probably do fine with it. It's about the lightest weight platform out there. It doesn't get in your way too much, but gives you the benefits of using a framework. My beef with frameworks like this is that they have too much cruft. I checked one time and codeigniter (again, one of the *lightest* frameworks) open about 15 files before a byte gets written to the screen. There is a lot of stuff in there you don't need (benchmarking code, etc.). I'd hack that stuff out if I were using it for real. One of the things you'll have to get used to is the MVC way of doing things. When you first start writing PHP, you probably don't do things this way, but when you start using frameworks, you've got to starting thinking in terms of what the view will do, versus what the controller, versus what the model will do. It's just a change of viewpoint you have to get used to. In any case, I've used CodeIgniter and liked it. I just didn't like all the cruft in it. And their license is not a straight GPL-like license-- it requires attribution even on derivative projects and requires clear notice of any changes you make to their code. But for a framework, it's pretty good. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Authentication
At 2:19 PM -0600 1/14/09, Shawn McKenzie wrote: As others have said, use crypt(). http://php.net/manual/function.crypt.php has Example #2 Using crypt() with htpasswd. Thanks, but that doesn't really solve my problem. You see, I know the password and I know the encoded result -- what I don't know is what algorithm was used to generate the encoding. Here are all the algorithms I know of (this includes the above link you provided). http://webbytedd.com//md5/index.php However, none of them match what have. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Authentication
On Wed, 2009-01-14 at 18:17 -0500, tedd wrote: At 2:19 PM -0600 1/14/09, Shawn McKenzie wrote: As others have said, use crypt(). http://php.net/manual/function.crypt.php has Example #2 Using crypt() with htpasswd. Thanks, but that doesn't really solve my problem. You see, I know the password and I know the encoded result -- what I don't know is what algorithm was used to generate the encoding. Here are all the algorithms I know of (this includes the above link you provided). http://webbytedd.com//md5/index.php However, none of them match what have. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com Surely that's a good thing then? Security through obscurity and all that... Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend Framework...where to start? -- don't.
If anything this strengthens my point... First of all, that is my PERSONAL site (notice it is my NAME), so it is NOT enterprise or SaaS. Second it uses the www.winlike.net Javascript FRAMEWORK (which I heavily manipulated in PHP to make the menu dynamic, adding a tertiary menu level and various other stuff). I had to reverse engineer everything and it doesn't work in Safari, but I'm pretty sure it's because of a JS check and not actual functionality of the browser. It will work in FF or IE. So I can either try to figure out where in their GERMAN code which has been obfuscated, the check for browser is and fix it, then modify changes in future versions, or i can hope they fix it and do an upgrade. Either way, it sucks. Roll your own -- then you have full control and also know exactly how something works. On Wed, 2009-01-14 at 17:01 -0500, Robert Cummings wrote: On Wed, 2009-01-14 at 16:50 -0500, Eric Butera wrote: On Wed, Jan 14, 2009 at 4:39 PM, Daevid Vincent dae...@daevid.com wrote: http://daevid.com It appears your browser does not support some of the advanced features this site requires. That is pretty enteprisey! ;D I got the same message... 2001 called-- they'd like they're web technology back.
Re: [PHP] Basic Authentication
tedd wrote: At 2:19 PM -0600 1/14/09, Shawn McKenzie wrote: As others have said, use crypt(). http://php.net/manual/function.crypt.php has Example #2 Using crypt() with htpasswd. Thanks, but that doesn't really solve my problem. You see, I know the password and I know the encoded result -- what I don't know is what algorithm was used to generate the encoding. Here are all the algorithms I know of (this includes the above link you provided). http://webbytedd.com//md5/index.php However, none of them match what have. crypt with a salt? htpasswd --help: -d Force CRYPT encryption of the password (default). md5 = fixed 32 chars sha1 = fixed 40 chars no idea about the others but crypt does not have a fixed length. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Authentication
2009/1/15 tedd tedd.sperl...@gmail.com At 2:19 PM -0600 1/14/09, Shawn McKenzie wrote: As others have said, use crypt(). http://php.net/manual/function.crypt.php has Example #2 Using crypt() with htpasswd. Thanks, but that doesn't really solve my problem. You see, I know the password and I know the encoded result -- what I don't know is what algorithm was used to generate the encoding. Here are all the algorithms I know of (this includes the above link you provided). http://webbytedd.com//md5/index.php However, none of them match what have. Cheers, tedd I think I do not really understand your problem... searching for standard crypt algorithms? google, wikipedia and such should help. Just for clarification: you know that using md5, crypt and others does not create the same hash if you use them on the same passwort?
Re: [PHP] Basic Authentication
Could it be that you tested the correct algorithm but didn't use the correct salt or some other permutation to receive the same encoded result? -TG - Original Message - From: tedd tedd.sperl...@gmail.com To: Shawn McKenzie nos...@mckenzies.net, php-general@lists.php.net Date: Wed, 14 Jan 2009 18:17:35 -0500 Subject: Re: [PHP] Basic Authentication At 2:19 PM -0600 1/14/09, Shawn McKenzie wrote: As others have said, use crypt(). http://php.net/manual/function.crypt.php has Example #2 Using crypt() with htpasswd. Thanks, but that doesn't really solve my problem. You see, I know the password and I know the encoded result -- what I don't know is what algorithm was used to generate the encoding. Here are all the algorithms I know of (this includes the above link you provided). http://webbytedd.com//md5/index.php However, none of them match what have. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend Framework...where to start? -- don't.
On Wed, 2009-01-14 at 14:28 -0800, Kyle Terry wrote: On Wed, Jan 14, 2009 at 2:18 PM, Eric Butera eric.but...@gmail.com wrote: On Wed, Jan 14, 2009 at 5:03 PM, Robert Cummings rob...@interjinn.com wrote: On Wed, 2009-01-14 at 17:01 -0500, Robert Cummings wrote: On Wed, 2009-01-14 at 16:50 -0500, Eric Butera wrote: On Wed, Jan 14, 2009 at 4:39 PM, Daevid Vincent dae...@daevid.com wrote: http://daevid.com It appears your browser does not support some of the advanced features this site requires. That is pretty enteprisey! ;D I got the same message... 2001 called-- they'd like they're web technology back. Hmmm.. so I opened it up in Firefox and there's this little window just like one I programmed for IE/Firefox/Opera 4 years ago. Not sure why Opera isn't supported, or any other browser with JavaScript and CSS. Reall, if the browser doesn't support the window thingy, it should just degrade to a normal content box. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP I'm using Safari. :D -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php His website made firefox crash! =[! Um. I am using FF on Ubuntu right now at work, and it works just fine. I develop at home on XP and IE6 and IE7 and it also works. I guarantee you that crash was not related to my site. All of you are spending way too much time on something that is besides the point. My personal site has NOTHING to do with Symfony/Zend/Cake/etc. frameworks per se. The reason you can't load it in safari is a Javascript check and not PHP -- again off topic from this conversation. It doesn't degrade nicely b/c I never bothered to implement the other part of the Winlike kit which will degrade (as you can see on their site http://www.winlike.net as I honestly don't really care about Safari users (like 7% of the market) to be honest. It's my own personal site and if a Mac person can't use FF to view it, it's not sweat off either of our backs.) http://www.macobserver.com/article/2008/07/01.9.shtml Can we please get back on topic? If you really want to see my credentials, then go here: http://resume.daevid.com or go to my personal site in Firefox or IE.
Re: [PHP] Zend (or other) Framework...where to start?
On Wed, 2009-01-14 at 17:59 -0500, Paul M Foster wrote: On Wed, Jan 14, 2009 at 04:30:59PM -0500, John Corry wrote: Well, bummer. I *seriously* need to divine a way to increase my efficiency both immediately and for the long term as I maintain tomorrow the applications I build today. For the new-to-frameworks, is there a better/easier framework to use that will streamline the development process from the beginning? I've looked at Codeigniter and LOVE the user guide/documentation...the underlying philosophy of that product looks very attractive too. Any others? If you're going to go with a prebuilt framework, I'd recommend CodeIgniter for your first time out. If the docs look good to you (and they are pretty good), you'll probably do fine with it. It's about the lightest weight platform out there. It doesn't get in your way too much, but gives you the benefits of using a framework. My beef with frameworks like this is that they have too much cruft. I checked one time and codeigniter (again, one of the *lightest* frameworks) open about 15 files before a byte gets written to the screen. There is a lot of stuff in there you don't need (benchmarking code, etc.). I'd hack that stuff out if I were using it for real. One of the things you'll have to get used to is the MVC way of doing things. When you first start writing PHP, you probably don't do things this way, but when you start using frameworks, you've got to starting thinking in terms of what the view will do, versus what the controller, versus what the model will do. It's just a change of viewpoint you have to get used to. In any case, I've used CodeIgniter and liked it. I just didn't like all the cruft in it. And their license is not a straight GPL-like license-- it requires attribution even on derivative projects and requires clear notice of any changes you make to their code. But for a framework, it's pretty good. Paul -- Paul M. Foster OMG, and don't get me started on ORM. What a bloat that is. The amount of query overhead is rediculous. All these stupid objects for even the simplest of 'glue tables'. Straight SQL, optimized for your query and the data you need is significantly faster. But if you try to use that in a framework, you have other drama to deal with. Here is the base.class.php I wrote that gives the best of all worlds IMHO... attachment: base.class.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Senior Software Engineer / PHP Developer Job opportunity in Boulder, CO
Hi, I am Looking for a Senior Software Engineer to join our dynamic and growing Internet-based company. The qualified candidate will expand our web-based platform, building new features and products. You will effectively design, develop, and deploy applications based on open-source technologies such as Linux, Apache, MySQL, Perl and PHP. You will use outside of the box thinking to solve challenging problems as part of creating a novel Web 2.0 application platform. Requirements: * 4-6 years of commercial application development experience with open source technologies * Expert knowledge of Linux, Apache, MySQL and PHP. Perl/Python a bonus. * BA/BS in Computer Science or equivalent experience * Previous experience in object oriented analysis and design for large-scale data driven web applications. * Must be able to reference previous production website development experience in which you used object oriented design, flexible presentation layers, and collaborative development practices as core elements of the software lifecycle. * Must be able to work both independently and as part of a team. * Should be able to manage projects, communicate readily and clearly and stay on top of deadlines to ensure product release and delivery. Software Development Experience with the Following: * Linux, Apache, PHP 4, PHP 5, MySQL * Object-oriented design and distributed systems * Open source development tools, languages and application servers. * Competent with JavaScript, Prototype, Scriptaculous, Moo * Previous experience with version control systems, esp. SVN * Building distributed systems and/or large scale database applications. If you are interested please send resume to: n...@remycorp.com Nick Gasparro Managing Partner, REMY Corp. Denver, CO 80202 303-539-0448 Direct 303-547-7469 Cell n...@remycorp.commailto:n...@remycorp.com www.remycorp.comhttp://www.remycorp.com/ Click herehttp://www.linkedin.com/inviteFromProfile?firstName=Nickfrom=profilelastName=Gasparrokey=5604666 to invite me on linkedin
Re: [PHP] Zend Framework...where to start? -- don't.
On Wed, 2009-01-14 at 15:47 -0800, Daevid Vincent wrote: On Wed, 2009-01-14 at 14:28 -0800, Kyle Terry wrote: On Wed, Jan 14, 2009 at 2:18 PM, Eric Butera eric.but...@gmail.com wrote: On Wed, Jan 14, 2009 at 5:03 PM, Robert Cummings rob...@interjinn.com wrote: On Wed, 2009-01-14 at 17:01 -0500, Robert Cummings wrote: On Wed, 2009-01-14 at 16:50 -0500, Eric Butera wrote: On Wed, Jan 14, 2009 at 4:39 PM, Daevid Vincent dae...@daevid.com wrote: http://daevid.com It appears your browser does not support some of the advanced features this site requires. That is pretty enteprisey! ;D I got the same message... 2001 called-- they'd like they're web technology back. Hmmm.. so I opened it up in Firefox and there's this little window just like one I programmed for IE/Firefox/Opera 4 years ago. Not sure why Opera isn't supported, or any other browser with JavaScript and CSS. Reall, if the browser doesn't support the window thingy, it should just degrade to a normal content box. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP I'm using Safari. :D -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php His website made firefox crash! =[! Um. I am using FF on Ubuntu right now at work, and it works just fine. I develop at home on XP and IE6 and IE7 and it also works. I guarantee you that crash was not related to my site. All of you are spending way too much time on something that is besides the point. My personal site has NOTHING to do with Symfony/Zend/Cake/etc. frameworks per se. The reason you can't load it in safari is a Javascript check and not PHP -- again off topic from this conversation. It doesn't degrade nicely b/c I never bothered to implement the other part of the Winlike kit which will degrade (as you can see on their site http://www.winlike.net as I honestly don't really care about Safari users (like 7% of the market) to be honest. It's my own personal site and if a Mac person can't use FF to view it, it's not sweat off either of our backs.) http://www.macobserver.com/article/2008/07/01.9.shtml Can we please get back on topic? If you really want to see my credentials, then go here: http://resume.daevid.com or go to my personal site in Firefox or IE. Lol, on your resumé page, the popup says you're not a Java man, but then the actual resumé says you are... :p Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend Framework...where to start? -- don't.
On Wed, Jan 14, 2009 at 4:06 PM, Ashley Sheridan a...@ashleysheridan.co.ukwrote: On Wed, 2009-01-14 at 15:47 -0800, Daevid Vincent wrote: On Wed, 2009-01-14 at 14:28 -0800, Kyle Terry wrote: On Wed, Jan 14, 2009 at 2:18 PM, Eric Butera eric.but...@gmail.com wrote: On Wed, Jan 14, 2009 at 5:03 PM, Robert Cummings rob...@interjinn.com wrote: On Wed, 2009-01-14 at 17:01 -0500, Robert Cummings wrote: On Wed, 2009-01-14 at 16:50 -0500, Eric Butera wrote: On Wed, Jan 14, 2009 at 4:39 PM, Daevid Vincent dae...@daevid.com wrote: http://daevid.com It appears your browser does not support some of the advanced features this site requires. That is pretty enteprisey! ;D I got the same message... 2001 called-- they'd like they're web technology back. Hmmm.. so I opened it up in Firefox and there's this little window just like one I programmed for IE/Firefox/Opera 4 years ago. Not sure why Opera isn't supported, or any other browser with JavaScript and CSS. Reall, if the browser doesn't support the window thingy, it should just degrade to a normal content box. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP I'm using Safari. :D -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php His website made firefox crash! =[! Um. I am using FF on Ubuntu right now at work, and it works just fine. I develop at home on XP and IE6 and IE7 and it also works. I guarantee you that crash was not related to my site. All of you are spending way too much time on something that is besides the point. My personal site has NOTHING to do with Symfony/Zend/Cake/etc. frameworks per se. The reason you can't load it in safari is a Javascript check and not PHP -- again off topic from this conversation. It doesn't degrade nicely b/c I never bothered to implement the other part of the Winlike kit which will degrade (as you can see on their site http://www.winlike.net as I honestly don't really care about Safari users (like 7% of the market) to be honest. It's my own personal site and if a Mac person can't use FF to view it, it's not sweat off either of our backs.) http://www.macobserver.com/article/2008/07/01.9.shtml Can we please get back on topic? If you really want to see my credentials, then go here: http://resume.daevid.com or go to my personal site in Firefox or IE. Lol, on your resumé page, the popup says you're not a Java man, but then the actual resumé says you are... :p Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php AND you worked for WildTangent. Enough said. Haha. -- Kyle Terry | www.kyleterry.com
Re: [PHP] Zend Framework...where to start? -- don't.
On Wed, Jan 14, 2009 at 6:47 PM, Daevid Vincent dae...@daevid.com wrote: On Wed, 2009-01-14 at 14:28 -0800, Kyle Terry wrote: On Wed, Jan 14, 2009 at 2:18 PM, Eric Butera eric.but...@gmail.com wrote: On Wed, Jan 14, 2009 at 5:03 PM, Robert Cummings rob...@interjinn.com wrote: On Wed, 2009-01-14 at 17:01 -0500, Robert Cummings wrote: On Wed, 2009-01-14 at 16:50 -0500, Eric Butera wrote: On Wed, Jan 14, 2009 at 4:39 PM, Daevid Vincent dae...@daevid.com wrote: http://daevid.com It appears your browser does not support some of the advanced features this site requires. That is pretty enteprisey! ;D I got the same message... 2001 called-- they'd like they're web technology back. Hmmm.. so I opened it up in Firefox and there's this little window just like one I programmed for IE/Firefox/Opera 4 years ago. Not sure why Opera isn't supported, or any other browser with JavaScript and CSS. Reall, if the browser doesn't support the window thingy, it should just degrade to a normal content box. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP I'm using Safari. :D -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php His website made firefox crash! =[! Um. I am using FF on Ubuntu right now at work, and it works just fine. I develop at home on XP and IE6 and IE7 and it also works. I guarantee you that crash was not related to my site. All of you are spending way too much time on something that is besides the point. My personal site has NOTHING to do with Symfony/Zend/Cake/etc. frameworks per se. The reason you can't load it in safari is a Javascript check and not PHP -- again off topic from this conversation. It doesn't degrade nicely b/c I never bothered to implement the other part of the Winlike kit which will degrade (as you can see on their site http://www.winlike.net as I honestly don't really care about Safari users (like 7% of the market) to be honest. It's my own personal site and if a Mac person can't use FF to view it, it's not sweat off either of our backs.) http://www.macobserver.com/article/2008/07/01.9.shtml Can we please get back on topic? If you really want to see my credentials, then go here: http://resume.daevid.com or go to my personal site in Firefox or IE. Oh comon I was just playing. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Re: Re: Php and CSS where to put it
Hello Ashley, Am 2009-01-13 22:14:53, schrieb Ashley Sheridan: Yeah. Now my development goes like this: 1. Design for Firefox 2. Fix for Opera, Safari et al 3. Fix for IE But generally speaking, if it works in Firefox, it'll most likely behave itself in everything except IE ;) My experience too. However, my Website is about Renewable Energies, Low-Energie Electronics and Open Source (GNU/Linux) so I do not realy care about IE. :-D Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator 24V Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # http://www.tamay-dogan.net/ http://www.can4linux.org/ Michelle Konzack Apt. 917 ICQ #328449886 +49/177/935194750, rue de Soultz MSN LinuxMichi +33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
[PHP] Re: Holy crap
Am 2009-01-13 20:22:42, schrieb Daniel Brown: On Mon, Jan 12, 2009 at 14:30, Robert Cummings rob...@interjinn.com wrote: 2.0 is the new beta... what did you think Web 2.0 was all about? In Q3 2009, Microsoft is improving on that with Web 2.11 for Workgroups. I had W?? 3.11 for Workgroups in 1994. :-D ROTFL Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator 24V Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # http://www.tamay-dogan.net/ http://www.can4linux.org/ Michelle Konzack Apt. 917 ICQ #328449886 +49/177/935194750, rue de Soultz MSN LinuxMichi +33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
Re: [PHP] Re: Re: Re: Php and CSS where to put it
On Thu, 2009-01-15 at 01:42 +0100, Michelle Konzack wrote: Hello Ashley, Am 2009-01-13 22:14:53, schrieb Ashley Sheridan: Yeah. Now my development goes like this: 1. Design for Firefox 2. Fix for Opera, Safari et al 3. Fix for IE But generally speaking, if it works in Firefox, it'll most likely behave itself in everything except IE ;) My experience too. However, my Website is about Renewable Energies, Low-Energie Electronics and Open Source (GNU/Linux) so I do not realy care about IE. :-D Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator 24V Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant I unfortunately have to with my job, as most of the visitors to our sites and users of the internal systems I build use IE, although I am encouraging them to move to Firefox ;) Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Basic Authentication
On Wed, Jan 14, 2009 at 6:17 PM, tedd tedd.sperl...@gmail.com wrote: At 2:19 PM -0600 1/14/09, Shawn McKenzie wrote: As others have said, use crypt(). http://php.net/manual/function.crypt.php has Example #2 Using crypt() with htpasswd. Thanks, but that doesn't really solve my problem. You see, I know the password and I know the encoded result -- what I don't know is what algorithm was used to generate the encoding. I didn't get that from your original post at all. You asked how to create an encoded password string that would work in a .htaccess file using basic authentication. The crypt() function should do that. Have you tried creating a hash for a new password using crypt() and the function output into your .htaccess file? (Not comparing a known password to a known hash; just testing whether a hash that crypt() generates will work for your authentication.) Here are all the algorithms I know of (this includes the above link you provided). http://webbytedd.com//md5/index.php However, none of them match what have. Cheers, tedd This looks like a totally different question from your original post. Are you saying that you already have values in the .htaccess file that don't match what you expect when you run the known passwords through crypt()? What do you get when you try this? ?php if (crypt($password, $known_hash) == $known_hash) { echo 'Authenticated'; } else { echo 'Not Authenticated'; } ? It's been a while since I've used this, but I'm pretty sure it works regardless of the algorithm selected (internally) by the crypt() function. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend Framework...where to start? -- don't.
On Wed, Jan 14, 2009 at 7:26 PM, Eric Butera eric.but...@gmail.com wrote: On Wed, Jan 14, 2009 at 6:47 PM, Daevid Vincent dae...@daevid.com wrote: On Wed, 2009-01-14 at 14:28 -0800, Kyle Terry wrote: On Wed, Jan 14, 2009 at 2:18 PM, Eric Butera eric.but...@gmail.com wrote: On Wed, Jan 14, 2009 at 5:03 PM, Robert Cummings rob...@interjinn.com wrote: On Wed, 2009-01-14 at 17:01 -0500, Robert Cummings wrote: On Wed, 2009-01-14 at 16:50 -0500, Eric Butera wrote: On Wed, Jan 14, 2009 at 4:39 PM, Daevid Vincent dae...@daevid.com wrote: http://daevid.com It appears your browser does not support some of the advanced features this site requires. That is pretty enteprisey! ;D I got the same message... 2001 called-- they'd like they're web technology back. Hmmm.. so I opened it up in Firefox and there's this little window just like one I programmed for IE/Firefox/Opera 4 years ago. Not sure why Opera isn't supported, or any other browser with JavaScript and CSS. Reall, if the browser doesn't support the window thingy, it should just degrade to a normal content box. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP I'm using Safari. :D -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php His website made firefox crash! =[! Um. I am using FF on Ubuntu right now at work, and it works just fine. I develop at home on XP and IE6 and IE7 and it also works. I guarantee you that crash was not related to my site. All of you are spending way too much time on something that is besides the point. My personal site has NOTHING to do with Symfony/Zend/Cake/etc. frameworks per se. The reason you can't load it in safari is a Javascript check and not PHP -- again off topic from this conversation. It doesn't degrade nicely b/c I never bothered to implement the other part of the Winlike kit which will degrade (as you can see on their site http://www.winlike.net as I honestly don't really care about Safari users (like 7% of the market) to be honest. It's my own personal site and if a Mac person can't use FF to view it, it's not sweat off either of our backs.) http://www.macobserver.com/article/2008/07/01.9.shtml Can we please get back on topic? If you really want to see my credentials, then go here: http://resume.daevid.com or go to my personal site in Firefox or IE. Oh comon I was just playing. I'm not sure the rest of the class is now, though. :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend Framework...where to start? -- don't.
Lol, on your resumé page, the popup says you're not a Java man, but then the actual resumé says you are... :p No. I wrote Java for 3.5 years at WildTangent, a company I founded as employee #2 back in 1998, and left once I felt it was starting to become sketchy and we had grown to over 250 employees. That doesn't make me a Java man. The popup is correct. I have no desire to code in Java or C# or Perl or any other language but LAMP (well, maybe Ruby would be acceptable). I get a recruiter a day contacting me in spite of that message, but it does help to weed out the rest of them. Knowing a language or previously coding in it doesn't mean you want to continue to use it forever. AND you worked for WildTangent. Enough said. Haha. When we started WildTangent, we were the first company to do 3D graphics in a web page. We effectively put microsoft's Chrome out of business and we did amazing things. You could write full blown games using basic Javascript or Java IN a web page. You didn't need to know complex math or collision detection algorithms or trig or calc or anything. The average programmer could create games or other graphics (3D pie-charts, etc) easily. Now they're a less than average game company that doesn't even use the WebDriver and has a stigma of adware. I was proud of what I accomplished at WildTangent, despite what it has degraded into now (which I left in 10/2001, so had nothing to do with that debacle). *sigh* It's unfortunate you guys can't see past some superficial stuff and have an intelligent dialog about frameworks and help the OP with his question. Instead this has turned into an attack on me -- one of the few people who posted opinions and helpful insight for him to make an informed decision. Thanks to those who did agree with me, and even those who disagree'd politely. d.
[PHP] program to test php security
one of my client says his company do have a program to test php code for common programming security problem like sql injection etc i am curious but he do not want to tell what the program is. do this program exists? what is it? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend Framework...where to start? -- don't.
On Wed, Jan 14, 2009 at 5:17 PM, Daevid Vincent dae...@daevid.com wrote: Lol, on your resumé page, the popup says you're not a Java man, but then the actual resumé says you are... :p No. I wrote Java for 3.5 years at WildTangent, a company I founded as employee #2 back in 1998, and left once I felt it was starting to become sketchy and we had grown to over 250 employees. That doesn't make me a Java man. The popup is correct. I have no desire to code in Java or C# or Perl or any What is your gripe on perl? That language is awesome. other language but LAMP (well, maybe Ruby would be acceptable). I get a recruiter a day contacting me in spite of that message, but it does help to weed out the rest of them. Knowing a language or previously coding in it doesn't mean you want to continue to use it forever. AND you worked for WildTangent. Enough said. Haha. When we started WildTangent, we were the first company to do 3D graphics in a web page. We effectively put microsoft's Chrome out of business and we did amazing things. You could write full blown games using basic Javascript or Java IN a web page. You didn't need to know complex math or collision detection algorithms or trig or calc or anything. The average programmer could create games or other graphics (3D pie-charts, etc) easily. Now they're a less than average game company that doesn't even use the WebDriver and has a stigma of adware. I was proud of what I accomplished at WildTangent, despite what it has degraded into now (which I left in 10/2001, so had nothing to do with that debacle). *sigh* It's unfortunate you guys can't see past some superficial stuff and have an intelligent dialog about frameworks and help the OP with his question. Instead this has turned into an attack on me -- one of the few people who posted opinions and helpful insight for him to make an informed decision. Thanks to those who did agree with me, and even those who disagree'd politely. d. -- Kyle Terry | www.kyleterry.com
Re: [PHP] program to test php security
paragasu wrote: one of my client says his company do have a program to test php code for common programming security problem like sql injection etc i am curious but he do not want to tell what the program is. do this program exists? what is it? https://chorizo-scanner.com/ http://securityscanner.lostfiles.de/ http://www.security-database.com/toolswatch/Pixy-Code-Scanner-for-PHP.html http://www.codescan.com/index.html Have not used any of those personally. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP, Smarty, and Text
On 14/1/09 07:56, Robert Cummings wrote: Strip all tags except bold and italics. Then replaceb withstrong andi withem since the former tags are deprecated. Actually, b and i have not been formally deprecated in any standard. The closest thing to a prohibition on these elements is WCAG 1.0's Checkpoint 3.3 Use style sheets to control layout and presentation. If semantic meaning is not intended byb andi then replace withspan class=bold andspan class=italic and create those CSS styles. em is for stress. strong is for strong stress. In the third case, where semantic meaning _is_ intended by bold or italic but that meaning is _not_ stress, it's best to use relevant specific elements (code, var, cite, q, kbd, samp, etc.?) or failing that class names that express meaning not just style ( http://www.w3.org/QA/Tips/goodclassnames ). -- Benjamin Hawkes-Lewis -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend Framework...where to start? -- don't.
On Wed, Jan 14, 2009 at 01:39:02PM -0800, Daevid Vincent wrote: Not to start a Holy War (as these to framework or not to framework debates often turn into), but I personally had a horrible experience with using frameworks. I was forced to use Symfony at my last job and it was so cumbersome and slow to do even the simplest things. The whole MVC thing can be overkill. Plus the learning curve can be quite steep. Then if you want to hire other developers to work with you, you have to train them and let them ramp up on not only the framework but also your core project too! More wasted time. The pages are significantly slower than straight PHP by orders of magnitude: [1]http://paul-m-jones.com/?p=315 What a great link! I've never seen this kind of comparison before. HTML is 70% faster than straight PHP, and the frameworks (even codeigniter) deliver less than 20% of the performance of straight PHP. The basic problem with frameworks is they try to be one thing for all people. This carries a lot of baggage with it. There's a lot of crap you end up pulling in that you don't want/need. Plus if you want to deviate at all, you either have to roll your own, or sometimes you simply just can't. They seem attractive with all their plugins and stuff, but honestly, rarely do the plugins do EXACTLY what you want, the way you want. It might be as simple as trying to change the look/feel of a button or something and you'll find out that you can't -- so now you have this website that has this section that doesn't look like the rest of your site. And if you find a bug, you have to try to either fix it yourself and then keep those changes migrated into new updates, or submit it to the developer and hope they implement them (and trust me, you can submit to them and have them rejected for all sorts of lame reasons -- even though the work has been done and you're using it!) I advise against it. Just follow good practices and use thin wrappers and functions. Don't get all OO googlie eyed and try to over-engineer and over-OO the code. OO is great for some things (like a User class) but don't start making some OO page renderer or form builder. Don't fall into the DB Abstraction trap either -- just use a wrapper around your DB calls (see attached), so you can swap out that wrapper if (and you almost never do) you change the DB. Don't be suckered by something like QuickForms -- you WILL run into limitations that you can't get around and are at their mercy. Don't buy the hype that DIV's are the magic bullet and TABLEs are poor design -- Tables are still the best and most ubiquitous way to align things in a browser agnostic way (including mobile phones, etc.) and to layout forms. I agree and disagree. I agree there's waaay too much herd mentality in the programming field. (Fortunately, Linus Torvalds didn't listen to the academics who insisted that microkernels where THE WAY, or we wouldn't have Linux today.) OO is nifty for some things, but it's certainly not the fountain of reusability it was originally promoted to be. And I also agree about tables versus CSS. I can render a page very precisely with tables that would take me hours to get right with CSS. And I really don't give a crap about what experts say about anything. I find experts to be wrong much of the time. OTOH, I just finished writing about 80K lines of PHP/HTML, all by hand, no OO, no classes, no nothing. Each page in one file, except for a few helper functions in a couple of common files. I wouldn't want to go through that again. I've opted for a framework on rewriting this code, just to cut down on the number of lines of code I have to manually write. But I built my own framework, which doesn't call in 20 files for each page load. Very compact. Probably not suitable for every kind of project, but it works for this. Incidentally, I would differ from the reviewer in the link above only in this respect: He maintains that every line of code adds time. While this is true, I believe it's the number of files which have to be opened which drags down framework numbers the most. When I wrote C code, the CPU would blaze through the actual code, but file opens and reads consumed far more time than in-memory code execution. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend Framework...where to start? -- don't.
On Wed, Jan 14, 2009 at 6:17 PM, Paul M Foster pa...@quillandmouse.comwrote: On Wed, Jan 14, 2009 at 01:39:02PM -0800, Daevid Vincent wrote: Not to start a Holy War (as these to framework or not to framework debates often turn into), but I personally had a horrible experience with using frameworks. I was forced to use Symfony at my last job and it was so cumbersome and slow to do even the simplest things. The whole MVC thing can be overkill. Plus the learning curve can be quite steep. Then if you want to hire other developers to work with you, you have to train them and let them ramp up on not only the framework but also your core project too! More wasted time. The pages are significantly slower than straight PHP by orders of magnitude: [1]http://paul-m-jones.com/?p=315 What a great link! I've never seen this kind of comparison before. HTML is 70% faster than straight PHP, and the frameworks (even codeigniter) deliver less than 20% of the performance of straight PHP. The basic problem with frameworks is they try to be one thing for all people. This carries a lot of baggage with it. There's a lot of crap you end up pulling in that you don't want/need. Plus if you want to deviate at all, you either have to roll your own, or sometimes you simply just can't. They seem attractive with all their plugins and stuff, but honestly, rarely do the plugins do EXACTLY what you want, the way you want. It might be as simple as trying to change the look/feel of a button or something and you'll find out that you can't -- so now you have this website that has this section that doesn't look like the rest of your site. And if you find a bug, you have to try to either fix it yourself and then keep those changes migrated into new updates, or submit it to the developer and hope they implement them (and trust me, you can submit to them and have them rejected for all sorts of lame reasons -- even though the work has been done and you're using it!) I advise against it. Just follow good practices and use thin wrappers and functions. Don't get all OO googlie eyed and try to over-engineer and over-OO the code. OO is great for some things (like a User class) but don't start making some OO page renderer or form builder. Don't fall into the DB Abstraction trap either -- just use a wrapper around your DB calls (see attached), so you can swap out that wrapper if (and you almost never do) you change the DB. Don't be suckered by something like QuickForms -- you WILL run into limitations that you can't get around and are at their mercy. Don't buy the hype that DIV's are the magic bullet and TABLEs are poor design -- Tables are still the best and most ubiquitous way to align things in a browser agnostic way (including mobile phones, etc.) and to layout forms. I agree and disagree. I agree there's waaay too much herd mentality in the programming field. (Fortunately, Linus Torvalds didn't listen to the academics who insisted that microkernels where THE WAY, or we wouldn't have Linux today.) OO is nifty for some things, but it's certainly not the fountain of reusability it was originally promoted to be. And I also agree about tables versus CSS. I can render a page very precisely with tables that would take me hours to get right with CSS. And I really don't give a crap about what experts say about anything. I find experts to be wrong much of the time. OTOH, I just finished writing about 80K lines of PHP/HTML, all by hand, no OO, no classes, no nothing. Each page in one file, except for a few helper functions in a couple of common files. I wouldn't want to go through that again. I've opted for a framework on rewriting this code, just to cut down on the number of lines of code I have to manually write. But I built my own framework, which doesn't call in 20 files for each page load. Very compact. Probably not suitable for every kind of project, but it works for this. Incidentally, I would differ from the reviewer in the link above only in this respect: He maintains that every line of code adds time. While this is true, I believe it's the number of files which have to be opened which drags down framework numbers the most. When I wrote C code, the CPU would blaze through the actual code, but file opens and reads consumed far more time than in-memory code execution. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php I agree heavily on the file opening part. I hate having to look through a stack trace of 20 or 30 just to track down why an exception was thrown. We are working on moving our entire framework into less files and more of a core set of files that handles a lot of tasks. -- Kyle Terry | www.kyleterry.com