php-general Digest 19 Dec 2004 04:30:44 -0000 Issue 3178

[php-general-digest-help]

php-general Digest 19 Dec 2004 04:30:44 -0000 Issue 3178

Topics (messages 204658 through 204671):

mixed strings
        204658 by: Ian Firla

File Upload Problem
        204659 by: Wayne Donaho

Strip of code - what could be wrong?
        204660 by: Wiberg

Storing binary data within a php script.
        204661 by: Jamie
        204668 by: Jed Smith

Re: PHP + MSSQL Problem
        204662 by: Ben

PHP 5 MySql 4.1 issue - can't connect to mysql.sock
        204663 by: Barley
        204667 by: Jed Smith

Prado
        204664 by: Wiberg

Recursive Directory Iterator
        204665 by: Gerard Samuel

Re: 4.3.10 breaking things? Back working after reverting to 4.3.9
        204666 by: Ben

sanitizing/security
        204669 by: Sebastian
        204670 by: Robert Cummings
        204671 by: Jed Smith

Administrivia:

To subscribe to the digest, e-mail:
        [EMAIL PROTECTED]

To unsubscribe from the digest, e-mail:
        [EMAIL PROTECTED]

To post to the list, e-mail:
        [EMAIL PROTECTED]


----------------------------------------------------------------------

--- Begin Message ---

Hi All,

I'm wondering if anyone knows if there's a way of sending strings of
mixed type to a UDP socket.

I'm storing the data I need to send in an array. Parsing the array with
a foreach, I'm sending out the various pieces to the socket with fwrite.

Unfortunately, it seems that UDP terminates each message and the client
is expecting everything in one chunk with each byte of a specific type
(ie. ASCII, INTEGER, BCD)

Is there any way I can write a string of mixed types to an open UDP
socket as a single message?

Ian

--- End Message ---

--- Begin Message ---

I am trying to run a file upload using PHP as a CGI script and am running
into an odd error.

The error I am getting is the dreaded Server Error -- Error 500 Premature
end of script headers: php.cgi

Here is the diagnosis I have done.

1.  The php.cgi executable deals with scripts correctly when using the GET
method.
2.  The php.cgi script deals with POST method requests properly when the
     enctype is NOT multipart/form-data

This rules out suexec type errors.  (in any case the suexec log shows
everything is good).

3.  File uploads using the mod_php work fine (this rules out apache not
accepting the file)

4. the CGI log shows the request being sent to the script, and that there is
no result.

5. The above error is not script dependent, the error occurs with a on-line
script
    that prints the string "it ran" when the form enctype is
multipart/form-data.

6.  The upload script is being taken from a different box running different
versions of apache/php
     and the script works correctly there.

I have tried this with various version of php all with the same results.  I
have built it with php.4.3.10.

Here are the configure options from the phpinfo report:
'./configure' '--enable-force-cgi-redirect' '--with-openssl' '--with-curl'
'--with-mysql' '--with-cgi'
'--with-pfpro=/home/wayne/verisign/payflowpro/linuxrh9' '--with-gd'
'--with-jpeg-dir' '--with-zlib-dir' '--with-xpm-dir' '--with-freetype-dir'
'--enable-ftp'

I have the following file variables set:
error_reporting 2039
file_uploads On
log_errors On
max_input_time -1
post_max_size 8M
safe_mode off
upload_max_filesize  2M
upload_tmp_dir  /tmp


Any Ideas?

Thanks in Advance
Wayne

--- End Message ---

--- Begin Message ---

Hi there!

I'm trying to figure out some code I haven't done myself, but I don't get
what could
be wrong. Check this code out:

the coder says he when he import files, he gets a result that the line ends
at wrong positions... Is it 4096 that is wrong?

/G
@varupiraten.se


$file = $rad[url_productlist];
$OpenFile = @fopen($file, "r");

while (!feof ($OpenFile))
{
    $buffer = fgets($OpenFile, 4096);
    $rader[] = $buffer;
}

fclose ($OpenFile);

for($i=0; $i<count($rader); $i++) {

        // Delar av olika delar vid <>
        $del = explode("<>", $rader[$i]);

        insert into DBcode...

}

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.808 / Virus Database: 550 - Release Date: 2004-12-08

--- End Message ---

--- Begin Message ---

Hi all,

Well so far my attempts to make this work have failed so i thought i would 
try here. What i have is an installation script that has to write a few 
files to the webserver. Im trying to cut down on the amount of files that 
need to be uploaded/modified etc. So what im trying to do is include all the 
data in one file. What the user then uploads and the physical visual basic 
program activates the script what in turn sets up the web server side. The 
problem comes when im trying to handle the ascii values for the binary data. 
"Warning: Unexpected character in input: '' (ASCII=3) state=2."

I basicly have 3 questions.

1) Is it possible to store binary data in text form during transport and 
then using php's file writing functions to output the file?
2) How would i do it as i guess i have to encode the ascii characters but 
how would i do that?
3)Is there any better ways you suggest me to do this.

Im trying to this for two reasons first is to make the application usable by 
anyone and the second reason is to try to push the boundarys of the langage.

I would like anyones comments and views on this please. Any views might help 
me come to a result.

Thanks

Jamie 

--- End Message ---

--- Begin Message --- This is done in a few examples using base64_encode() and base64_decode(). A particular OpenGL example I can recall encoded a small (~20k) DLL directly into the PHP source that relied upon it, then unpacked it at runtime.

Ah, there it is:

   ** snip **

  if ( is_file( "SimpleWndProc.dll" ) ? filesize( "SimpleWndProc.dll" ) != 2560 
: 1 )
  {
     $dll = "eNrtVU9IFGEUf7NpTbZue1hCYqlvQT3JslsG0clt/aho1XHNDOnguDutY+uMzh80"
          . "KDrYQTPJS1TUoWMEdSpYrEOEsQl66yD9gT1ILCHhIcqDML35Zla3IgO7mQ9+733v"
          /* ... */
          . "dxBP8K4dRTzGcY6dBwcd8sBgVupS0lgfi9siXnQPAErZOyqrYXMXwO/8l7oiy5Fv"
          . "kdWIJ8pHfdFAdH90uzf+D/QDFVAQCA==";

    $dllout = fopen( "SimpleWndProc.dll", "wb" );

    if ( !$dllout )
      die( "Unable to extract SimpleWndProc.dll" );

    fwrite( $dllout, gzuncompress( base64_decode( $dll ) ) );
    fclose( $dllout );

  ---------------

That's from an iridium example. You just base64 encode the data and enclose it in a string. Of course, that's simply one way of doing it.

Jed

Jamie wrote:

Hi all,

Well so far my attempts to make this work have failed so i thought i would try here. What i have is an installation script that has to write a few files to the webserver. Im trying to cut down on the amount of files that need to be uploaded/modified etc. So what im trying to do is include all the data in one file. What the user then uploads and the physical visual basic program activates the script what in turn sets up the web server side. The problem comes when im trying to handle the ascii values for the binary data. "Warning: Unexpected character in input: '' (ASCII=3) state=2."

I basicly have 3 questions.

1) Is it possible to store binary data in text form during transport and then using php's file writing functions to output the file?
2) How would i do it as i guess i have to encode the ascii characters but how would i do that?
3)Is there any better ways you suggest me to do this.

Im trying to this for two reasons first is to make the application usable by anyone and the second reason is to try to push the boundarys of the langage.

I would like anyones comments and views on this please. Any views might help me come to a result.

Thanks

Jamie

--
     _
    (_)___    Jed Smith, Code Monkey
    | / __|   [EMAIL PROTECTED] | [EMAIL PROTECTED]
    | \__ \   +1 541 606-4145
   _/ |___/   Signed mail preferred (PGP 0x703F9124)
  |__/        http://personal.jed.bz/keys/jedsmith.asc

--- End Message ---

--- Begin Message ---

Alaor Barroso wrote:

It looks like PHP can't communicate with MSSQL but it
connect! Strange...

What server platform are you using? If you are on *nix you will need to install freetds and then build php with freetds support before you can use mssql with it. Under a windows server platform this may not be necessary, I have never tried on windows.

- Ben
--- End Message ---

--- Begin Message ---

I am familiar with MySql, Linux and database programming in general, but I
have not used PHP very much.

On my server, I had an application running just fine under PHP 4.1 and MySql
3.23. For various reasons, I needed to move to MySql 4.1. When I did so, the
PHP application was broken. I poked around and found that I needed to
upgrade to PHP 5 to get mysqli support. I did so with no problems. I built
PHP from source on a RedHat 7.3 box.

Here's the problem: I can only connect to MySql via a PHP script if I run
that script as root. Here is the example script I have been using:

<?php
$DB = mysqli_connect("localhost","user","pass");
if (! $DB) {
echo "No.";
} else {
echo "Yes.";
}
?>

If I run the script from a shell prompt as root, it outputs "Yes". If I run
as any other user, it outputs "No." It also gives this error:
Warning: mysqli_connect(): Can't connect to local MySQL server through
socket '/var/lib/mysql/mysql.sock' (13)

This means I can't run PHP scripts via apache.

I can log in to mysql via the command line with user/pass without any
problems.

Apache is connecting to PHP no problem, as I have a "Hello world" type PHP
script running and can access it via the web.

But no PHP script can connect to MySql unless it is run as root...

Can anyone point me in the right direction? I have a feeling this is
something very simple. Thanks!

Gregg

--- End Message ---

--- Begin Message ---

Try mysqli_connect("127.0.0.1", "user", "pass");

Then MySQLI will try to use TCP/IP as opposed to a local socket.

Jed

Barley wrote:

I am familiar with MySql, Linux and database programming in general, but I
have not used PHP very much.

On my server, I had an application running just fine under PHP 4.1 and MySql
3.23. For various reasons, I needed to move to MySql 4.1. When I did so, the
PHP application was broken. I poked around and found that I needed to
upgrade to PHP 5 to get mysqli support. I did so with no problems. I built
PHP from source on a RedHat 7.3 box.

Here's the problem: I can only connect to MySql via a PHP script if I run
that script as root. Here is the example script I have been using:

<?php
$DB = mysqli_connect("localhost","user","pass");
if (! $DB) {
echo "No.";
} else {
echo "Yes.";
}
?>

If I run the script from a shell prompt as root, it outputs "Yes". If I run
as any other user, it outputs "No." It also gives this error:
Warning: mysqli_connect(): Can't connect to local MySQL server through
socket '/var/lib/mysql/mysql.sock' (13)

This means I can't run PHP scripts via apache.

I can log in to mysql via the command line with user/pass without any
problems.

Apache is connecting to PHP no problem, as I have a "Hello world" type PHP
script running and can access it via the web.

But no PHP script can connect to MySql unless it is run as root...

Can anyone point me in the right direction? I have a feeling this is
something very simple. Thanks!

Gregg

--
     _
    (_)___    Jed Smith, Code Monkey
    | / __|   [EMAIL PROTECTED] | [EMAIL PROTECTED]
    | \__ \   +1 541 606-4145
   _/ |___/   Signed mail preferred (PGP 0x703F9124)
  |__/        http://personal.jed.bz/keys/jedsmith.asc

--- End Message ---

--- Begin Message ---

Hi there!

Anyone used PRADO? What's YOUR opinion? *curious*
http://www.xisc.com/

/G
@varupiraten.se


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.818 / Virus Database: 556 - Release Date: 2004-12-17

--- End Message ---

--- Begin Message --- This is my first time trying out the SPL iterators.
Im trying to figure out how to recursively move over a directory.
With the code that I've provided
1. Is this the correct way to use it? Im using recursive functions to go deep.
I thought, that the class would do that for me somehow...
2. As it stands, it doesn't report the correct directory structure.
For example, if I had a directory in the root with another directory under it,
the second directory doesnt get echoed.

Thanks

------
dirr('.');

function dirr($dir)
{
   $dir = new RecursiveDirectoryIterator($dir);

   foreach($dir as $foo)
   {
       echo $foo->getPathname() . '<br />';

       if ($foo->hasChildren())
       {
           $bar = $foo->getChildren();

           foreach($bar as $foo2)
           {
                if ($foo2->hasChildren())
                {
                    dirr($foo2->getPathname());
                }
                else
                {
                    echo $foo2->getPathName() . '<br />';
                }
           }
       }
   }
}

--- End Message ---

--- Begin Message --- Michael Sims wrote:

Ben wrote:

Reverting back to 4.3.9 with the same build configuration options used
in 4.3.10 has fixed the problems with the various scripts.

Do you use Zend Optimizer?

No, but thanks for the suggestion! Turning off php accelerator in my php.ini seems to have solved the problem for phpmyadmin and squirrelmail. Many thanks!

FWIW, if you are building pdflib 6.0.1 support into php I found I had to use the php binding files from pdflib instead of the ones included in the ext/pdf directory of the php source. And you should also be aware that the previously optional parameters for some of the pdf functions are no longer optional.

- Ben
--- End Message ---

--- Begin Message ---

just a question, what is the best way to sanitize your scripts when you're
using $_GET or $_REQUEST in a query?

eg, i usually just do:

if(is_numeric($_REQUEST['id']))
{
    mysql_query("SELECT id FROM table WHERE
id=".intval($_REQUEST['id'])."");
}

what about when the GET is text? just use htmlspecialchars?
just looking for some advice to help keep my apps secure.

cheers

--- End Message ---

--- Begin Message ---

On Sat, 2004-12-18 at 22:50, Sebastian wrote:
> just a question, what is the best way to sanitize your scripts when you're
> using $_GET or $_REQUEST in a query?
> 
> eg, i usually just do:
> 
> if(is_numeric($_REQUEST['id']))
> {
>     mysql_query("SELECT id FROM table WHERE
> id=".intval($_REQUEST['id'])."");
> }
> 
> what about when the GET is text? just use htmlspecialchars?
> just looking for some advice to help keep my apps secure.

For numeric values that I don't care about the value itself, only that
it's numeric:

    $qString =
        "SELECT * FROM table where id = ".(0 + $_GET['someVar'])." "

Binary operators are almost twice as fast as function calls.

As for text... addSlashes() for mysql database if I'm using the raw
mysql functions (which I don't do if I have a choice), otherwise I use
the database layer's quote function which takes into consideration the
database type.
 
Cheers,
Rob.
-- 
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting  |
| a powerful, scalable system for accessing system services  |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for       |
| creating re-usable components quickly and easily.          |
`------------------------------------------------------------'

--- End Message ---

--- Begin Message ---

mysql_escape_string() is what you're looking for.

Jed

Sebastian wrote:

just a question, what is the best way to sanitize your scripts when you're
using $_GET or $_REQUEST in a query?

eg, i usually just do:

if(is_numeric($_REQUEST['id']))
{
    mysql_query("SELECT id FROM table WHERE
id=".intval($_REQUEST['id'])."");
}

what about when the GET is text? just use htmlspecialchars?
just looking for some advice to help keep my apps secure.

cheers

--
     _
    (_)___    Jed Smith, Code Monkey
    | / __|   [EMAIL PROTECTED] | [EMAIL PROTECTED]
    | \__ \   +1 541 606-4145
   _/ |___/   Signed mail preferred (PGP 0x703F9124)
  |__/        http://personal.jed.bz/keys/jedsmith.asc

--- End Message ---