php-general Digest 1 Feb 2007 18:11:50 -0000 Issue 4602
Topics (messages 248136 through 248164):
Re: ereg() problem: solution
248136 by: jekillen
Re: ereg() problem
248137 by: jekillen
Pwersistent Queue
248138 by: chetan rane
248140 by: Nicholas Yim
Re: Need sql-editor
248139 by: Niklas Karlsson
PHP 4.4.5RC2
248141 by: Derick Rethans
Re: nested, referenced foreach & implicit current array pointer issues
248142 by: Roman Neuhauser
248149 by: Jochem Maas
248159 by: Roman Neuhauser
248160 by: Robert Cummings
248161 by: Németh Zoltán
CONTACT ...
248143 by: Man-wai Chang
Re: Parsing mail file
248144 by: tom
Re: [PHP-DEV] PHP 4.4.5RC2
248145 by: Edin Kadribasic
Re: Socket problem plz read.
248146 by: Scripter47
248147 by: Németh Zoltán
Who uses PHP
248148 by: Eric Gorr
248150 by: Jochem Maas
248151 by: Jay Blanchard
248152 by: Eric Gorr
248153 by: Eric Gorr
248154 by: Eric Butera
248155 by: Jochem Maas
248156 by: Eric Gorr
248157 by: Németh Zoltán
248158 by: Robert Cummings
Send Email to Mobile
248162 by: Marcelo Ferrufino Murillo
248164 by: Peter Lauri
Re: Manipulating "categories" in a mysql database
248163 by: Tim
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
php-general@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
Hi
In reference to my query about 'greed' in regex in php and the following
code
$x = ereg("<route name='$to' x='\.\./(.*)/in' rec='.*' />",
$get_route, $m);
I solved the immediate problem with the following:
<route name='$to' x='\.\./([a-z]{2}|a?u_[0-9a-z]{8})/in' rec='.*' />
as you can see, the regex is quite a bit more complicated and I
do not know if it will match all the possibilities that it will have to.
It looks like it should. one possibility that it is matching is just two
letters, in this case jk. The other possibility is u_ or au_ followed
by 8 randomly selected letters and/or numbers.
In short I was trying to be as simple and comprehensive as
possible with (.*) as the regular expression. But the idea of greed
came to mind when the match was containing far more than antic-
ipated. Greed is when the regular expression tries to match as much
as possible, in this case (.*) appears to be matching every instance of
anything and everything else in the way, so it ends up including the
entire balance of the line. A least that is my explanation. So I did
something more complicated to get what I wanted. Simplicity is not
always so simple.
Thanks for all responses.
JK
--- End Message ---
--- Begin Message ---
On Jan 31, 2007, at 4:38 PM, Richard Lynch wrote:
On Tue, January 30, 2007 8:36 pm, jekillen wrote:
I am having trouble with ereg().
The following is the problem code
$x = ereg("<route name='$to' x='../(.*)/in' rec='.*' />", $get_route,
$m);
testing $route I get:
$route = $m[1];
print $route.'<br>';
jk/in' rec='a_378e6dc4.xml' /> (out put of print)
jk is all I am looking for but
is it greed that is missing the
forward slash and the single quote?
No, it's that you put the parens () around only the .* and not around
what you wanted:
ereg("<route name='$to' x='\\.\\.(.*/in') rec='.*' />", ...
It seems like every time I do this I have to monkey around
with it until I get what I want.
Join the club. :-)
You may want to consider a couple actions:
Switch to PCRE http://php.net/pcre
It's better documented, less confusing, faster, and just better all
around.
Download and play around with "The Regex Coach" which provides a
visual feedback on what happens when you change the #$^%& inside your
pattern.
I have even changed the
formatting of files just so a regular expression would
work without this sort of trial and error.
Is there a way I can turn off greed in php's regex?
I haven't used ereg in so long, I can't answer this for ereg.
In PCRE, you use tack on 'U' after your end patter delimiter.
Thanks, I believe I do have pcre in my installation, and that
was my next target for investigation. As I turns out I got a
regex that works, albeit more complicated than (.*). See this
post subject + solution. by me.
thanks for the response.
JK
--- End Message ---
--- Begin Message ---
Hi everyone
I aneed top maintain a persisistent Queue can anyone help.
--
Have A plesant Day
Chetan. D. Rane
Location: Pune , India
Contact: +91-9890792762
otherID: [EMAIL PROTECTED]
[EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
Hello chetan rane,
use serialize, unserialize, array and file.
or xml
Best regards,
======= At 2007-02-01, 13:53:38 you wrote: =======
>Hi everyone
>
>I aneed top maintain a persisistent Queue can anyone help.
>
>
>--
>Have A plesant Day
>Chetan. D. Rane
>Location: Pune , India
>Contact: +91-9890792762
>otherID: [EMAIL PROTECTED]
> [EMAIL PROTECTED]
>
= = = = = = = = = = = = = = = = = = = =
Nicholas Yim
[EMAIL PROTECTED]
2007-02-01
--- End Message ---
--- Begin Message ---
Niklas Karlsson wrote:
> Hello everyone
>
>
>
> I need a good sql-editor where I can write sqlcode. The problem is that I
> don't have rights to list tables, functions and so on. Now I use EMS Sql
> Manger 2005, and if I want to write and execute sqlcode I need access to
the
> system tables, and I don't have it on this database.
>
>
>
> So, I need a sqlmanger that I cant write and execute sqlcode and don't
have
> the access, and where a can view the result nicely.
Chris wrote:
> Best to ask on a more appropriate list of forum - like one that
> discusses your chosen database whatever that may be (ms-sql?).
I use Postgresql. I have find a application that's fill my requirement.
QueryIT
http://www.dbtools.com.br/EN/queryit/
And next time, I am going to think about the subject.
Thanks
--- End Message ---
--- Begin Message ---
Hello!
I packed PHP 4.4.5RC2 today, which you can find here:
http://downloads.php.net/derick/
Please test it carefully, and report any bugs in the bug system, but
only if you have a short reproducable test case.
If everything goes well, we can release it somewhere at the end of next
week.
regards,
Derick
--
Derick Rethans
http://derickrethans.nl | http://ez.no | http://xdebug.org
--- End Message ---
--- Begin Message ---
# [EMAIL PROTECTED] / 2007-02-01 02:26:09 +0100:
> Roman Neuhauser wrote:
> > # [EMAIL PROTECTED] / 2007-01-31 19:41:42 +0100:
> >> instead I would suggest that your better off doing one of 2 things:
> >>
> >> 1. pass in the array to the function explicitly.
> >> 2. use a special function that can be called to retrieve the array
> >> from within your example function.
> >>
> >> bad advice? I'm open to being corrected :-)
> >
> > 2. is only marginally better than "global".
>
> if you use a function you can make sure it's output is
> consistent and you have a single point of control.
>
> personally I consider that some what more than a marginal gain.
Singleton is still an antipattern (in most cases).
If you're affraid that someone will break a convention which says that
the global associative array $foos has string indexes and values must be
positive integers, or that it needs to be an array at all
($GLOBALS['foos'] = new sabotage("haha")), you would be better off in
e. g. C++ with
std::map<std::string, uint32_t> foos;
voila, you don't need to worry anymore! Alas, global variables,
including those hidden behind accessors, are a grievous problem in C++
as well.
It's not control over data types, it's visibility of access that causes
most of the lossage. Wrapping the global in a function doesn't remove
the structural defect.
Been there, done that, got the scars.
--
How many Vietnam vets does it take to screw in a light bulb?
You don't know, man. You don't KNOW.
Cause you weren't THERE. http://bash.org/?255991
--- End Message ---
--- Begin Message ---
Roman Neuhauser wrote:
> # [EMAIL PROTECTED] / 2007-02-01 02:26:09 +0100:
>> Roman Neuhauser wrote:
>>> # [EMAIL PROTECTED] / 2007-01-31 19:41:42 +0100:
>>>> instead I would suggest that your better off doing one of 2 things:
>>>>
>>>> 1. pass in the array to the function explicitly.
>>>> 2. use a special function that can be called to retrieve the array
>>>> from within your example function.
>>>>
>>>> bad advice? I'm open to being corrected :-)
>>> 2. is only marginally better than "global".
>> if you use a function you can make sure it's output is
>> consistent and you have a single point of control.
>>
>> personally I consider that some what more than a marginal gain.
>
> Singleton is still an antipattern (in most cases).
the reliance on persistence being one of the major gripes about
Singleton (with regard to testing mostly) - which is kind of funny
and sad at the same time - persistence being at once the most basic expectation
of
an average computer user AND something which apparently CS people on whole
do everything to avoid providing.
totally besides the point - the second option merely suggests providing
a way to create a single source for the data - the source being more
reliable than a global named $arr.
this is not the same a Singleton pattern.
>
> If you're affraid that someone will break a convention which says that
> the global associative array $foos has string indexes and values must be
given an array of data that is used all over a php application then it quite
simply
saves alot fo headaches down the road to to agree on a convention that says
'we' will use a function to retrieve this data whenever it is needed (regardless
> positive integers, or that it needs to be an array at all
> ($GLOBALS['foos'] = new sabotage("haha")), you would be better off in
> e. g. C++ with
>
> std::map<std::string, uint32_t> foos;
please refrain from the old
'you-should-be-using-language-FOO-look-i'll-show-you-how-clever-I-am'
argument it's not really adding anything to this discussion.
>
> It's not control over data types, it's visibility of access that causes
> most of the lossage. Wrapping the global in a function doesn't remove
> the structural defect.
huh?
>
> Been there, done that, got the scars.
>
--- End Message ---
--- Begin Message ---
# [EMAIL PROTECTED] / 2007-02-01 15:46:39 +0100:
> Roman Neuhauser wrote:
> > # [EMAIL PROTECTED] / 2007-02-01 02:26:09 +0100:
> >> Roman Neuhauser wrote:
> >>> # [EMAIL PROTECTED] / 2007-01-31 19:41:42 +0100:
> >>>> instead I would suggest that your better off doing one of 2 things:
> >>>>
> >>>> 1. pass in the array to the function explicitly.
> >>>> 2. use a special function that can be called to retrieve the array
> >>>> from within your example function.
> >>>>
> >>>> bad advice? I'm open to being corrected :-)
> >>> 2. is only marginally better than "global".
> >> if you use a function you can make sure it's output is
> >> consistent and you have a single point of control.
> >>
> >> personally I consider that some what more than a marginal gain.
> >
> > Singleton is still an antipattern (in most cases).
>
> the reliance on persistence being one of the major gripes about
> Singleton (with regard to testing mostly)
Sorry, I don't understand this...
> totally besides the point - the second option merely suggests providing
> a way to create a single source for the data - the source being more
> reliable than a global named $arr.
>
> this is not the same a Singleton pattern.
Singleton in Design Patterns, p. 127:
: Intent
: Ensure a class only has one instance, and provide a global point of
: access to it.
The second part is IMO pretty much what you said.
> > If you're affraid that someone will break a convention which says that
> > the global associative array $foos has string indexes and values must be
>
> given an array of data that is used all over a php application then it quite
> simply
> saves alot fo headaches down the road to to agree on a convention that says
> 'we' will use a function to retrieve this data whenever it is needed
> (regardless
Agreeing on abandoning global variables would save even more headaches.
> > positive integers, or that it needs to be an array at all
> > ($GLOBALS['foos'] = new sabotage("haha")), you would be better off in
> > e. g. C++ with
> >
> > std::map<std::string, uint32_t> foos;
>
> please refrain from the old
> 'you-should-be-using-language-FOO-look-i'll-show-you-how-clever-I-am'
> argument it's not really adding anything to this discussion.
Originally I wanted to illustrate my point using PHP, but it's much more
code. Sorry if I hurt your feelings.
> > It's not control over data types, it's visibility of access that causes
> > most of the lossage. Wrapping the global in a function doesn't remove
> > the structural defect.
>
> huh?
If PHP was statically typed, global variables would still be a bad
smell. They are bad smell in C++ and Java, for example. It's too easy
to call getfoo() before you have set up $foo. The risk grows
exponentially: as soon as you add another global, $bar, you risk that
you or someone else will use getfoo() inside initbar(), and getbar()
inside initfoo() (or getfoo() inside initfoo()). Of course, it will be
several function calls deep, and quite probably only happen in a code
path that's rarly used (such as error handling).
--
How many Vietnam vets does it take to screw in a light bulb?
You don't know, man. You don't KNOW.
Cause you weren't THERE. http://bash.org/?255991
--- End Message ---
--- Begin Message ---
On Thu, 2007-02-01 at 16:42 +0100, Roman Neuhauser wrote:
>
> If PHP was statically typed, global variables would still be a bad
> smell. They are bad smell in C++ and Java, for example. It's too easy
> to call getfoo() before you have set up $foo. The risk grows
> exponentially: as soon as you add another global, $bar, you risk that
> you or someone else will use getfoo() inside initbar(), and getbar()
> inside initfoo() (or getfoo() inside initfoo()). Of course, it will be
> several function calls deep, and quite probably only happen in a code
> path that's rarly used (such as error handling).
Nopthing wrong with globals as long as they aren't used to punt data
around from function to function. I find globals quite useful when used
for configuration. I usually use a double level array. The first index
is a grouping index such as "someProject" the second index is the name
of the property. I could use a database table, but why incur an extra
query. I could use a class, but why increase complexity, I could use
functions, but complexity again. As for singletons... just use a static
class method.
<?php
class Foo extends Singleton
{
function Foo()
{
static $createdAlready = false;
if( $createdAlready )
{
die( 'Use Foo::getGlobalInstance() instead.' );
}
$createdAlready = true;
}
function getGlobalInstance()
{
static $singleton = null;
if( $singleton === null )
{
$singleton = &new Foo();
}
return $singleton;
}
}
?>
Now how hard was that!?
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--- End Message ---
--- Begin Message ---
On cs, 2007-02-01 at 10:53 -0500, Robert Cummings wrote:
> On Thu, 2007-02-01 at 16:42 +0100, Roman Neuhauser wrote:
> >
> > If PHP was statically typed, global variables would still be a bad
> > smell. They are bad smell in C++ and Java, for example. It's too easy
> > to call getfoo() before you have set up $foo. The risk grows
> > exponentially: as soon as you add another global, $bar, you risk that
> > you or someone else will use getfoo() inside initbar(), and getbar()
> > inside initfoo() (or getfoo() inside initfoo()). Of course, it will be
> > several function calls deep, and quite probably only happen in a code
> > path that's rarly used (such as error handling).
>
> Nopthing wrong with globals as long as they aren't used to punt data
> around from function to function. I find globals quite useful when used
> for configuration. I usually use a double level array. The first index
> is a grouping index such as "someProject" the second index is the name
> of the property. I could use a database table, but why incur an extra
> query. I could use a class, but why increase complexity, I could use
> functions, but complexity again.
I greatly agree with this. I use config arrays, and put all
initialization which sets up the elements of the config arrays in an
include file which is included everywhere.
And inside functions these config arrays are my only globals (besides
the superglobals of course).
greets
Zoltán Németh
> As for singletons... just use a static
> class method.
>
> <?php
>
> class Foo extends Singleton
> {
> function Foo()
> {
> static $createdAlready = false;
>
> if( $createdAlready )
> {
> die( 'Use Foo::getGlobalInstance() instead.' );
> }
>
> $createdAlready = true;
> }
>
> function getGlobalInstance()
> {
> static $singleton = null;
>
> if( $singleton === null )
> {
> $singleton = &new Foo();
> }
>
> return $singleton;
> }
> }
>
> ?>
>
> Now how hard was that!?
>
> Cheers,
> Rob.
> --
> .------------------------------------------------------------.
> | InterJinn Application Framework - http://www.interjinn.com |
> :------------------------------------------------------------:
> | An application and templating framework for PHP. Boasting |
> | a powerful, scalable system for accessing system services |
> | such as forms, properties, sessions, and caches. InterJinn |
> | also provides an extremely flexible architecture for |
> | creating re-usable components quickly and easily. |
> `------------------------------------------------------------'
>
--- End Message ---
--- Begin Message ---
Alberto Ferreira wrote:
> Teste
>
--
.~. Might, Courage, Vision, SINCERITY. http://www.linux-sxs.org
/ v \ Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (Ubuntu 6.10) Linux 2.6.19.2
^ ^ 19:27:01 up 20 days 22:39 0 users load average: 1.07 1.02 1.00
news://news.3home.net news://news.hkpcug.org news://news.newsgroup.com.hk
--- End Message ---
--- Begin Message ---
Easy!!
Pierre Pintaric :
Hello there,
I'm sure this question was ask 1,000 times, but I didn't find any
archive about this, that's why I need help...
Here is my problem:
I receive mail file from my MTA (ie QMail), that works fine. Now, I
would to find a class or a function that parse the mail and gives
headers informations, body of the mail (even if it is a multi-part mail)
and file attachments.
I found nothing in PEAR library, nothing on the web, ...
I don't what want to rebuild the wheel if somebody works on it and made
a good job...
If somebody uses a great function and want to share, I will please
him... :-)
Thanks for your help.
Pierre
--- End Message ---
--- Begin Message ---
The Windows build is ready as well:
http://downloads.php.net/edink/php-4.4.5RC2-Win32.zip
Edin
Derick Rethans wrote:
Hello!
I packed PHP 4.4.5RC2 today, which you can find here:
http://downloads.php.net/derick/
Please test it carefully, and report any bugs in the bug system, but
only if you have a short reproducable test case.
If everything goes well, we can release it somewhere at the end of next
week.
regards,
Derick
--- End Message ---
--- Begin Message ---
Richard Lynch skrev:
On Wed, January 31, 2007 9:39 am, Németh Zoltán wrote:
On sze, 2007-01-31 at 16:26 +0100, Scripter47 wrote:
I'm making a simple socket server that just receive some data, and
then
send some data back again to the client.
EDIT:
I forgot to tell that i need help!
I have search around for hours now, and the examples are always not
what
I needed :(
the program is written in Python, if that helps, and is something
like this
this is PHP list. go to Python list with that, I suggest
I believe the OP is asking how to write the PHP to RECEIVE that data
from the Python script.
That's what I want!
plz help me, with some sample code :)
Or, possibly, how to implement that same code in PHP.
http://php.net/sockets
is still my best answer...
--- End Message ---
--- Begin Message ---
On cs, 2007-02-01 at 14:45 +0100, Scripter47 wrote:
> Richard Lynch skrev:
> > On Wed, January 31, 2007 9:39 am, Németh Zoltán wrote:
> >> On sze, 2007-01-31 at 16:26 +0100, Scripter47 wrote:
> >>> I'm making a simple socket server that just receive some data, and
> >>> then
> >>> send some data back again to the client.
> >>>
> >>> EDIT:
> >>> I forgot to tell that i need help!
> >>>
> >>> I have search around for hours now, and the examples are always not
> >>> what
> >>> I needed :(
> >>>
> >>> the program is written in Python, if that helps, and is something
> >>> like this
> >> this is PHP list. go to Python list with that, I suggest
> >
> > I believe the OP is asking how to write the PHP to RECEIVE that data
> > from the Python script.
> >
> That's what I want!
>
> plz help me, with some sample code :)
ok, then you should read (as Richard also said)
http://php.net/sockets
there are examples in there and everything
Zoltán Németh
> > Or, possibly, how to implement that same code in PHP.
> >
> > http://php.net/sockets
> > is still my best answer...
> >
>
>
--- End Message ---
--- Begin Message ---
I've heard some concern expressed that PHP might be more insecure
then other methods of developing website where security was of prime
importance. Now, I personally do not believe this, but it would help
me to convince others if I could point to major sites, where security
(mostly with respect to the user authentication system) was extremely
important (financial sites, etc.) and where PHP was the primary
development platform.
Thank you.
--- End Message ---
--- Begin Message ---
Eric Gorr wrote:
> I've heard some concern expressed that PHP might be more insecure then
> other methods of developing website where security was of prime
> importance. Now, I personally do not believe this, but it would help me
> to convince others if I could point to major sites, where security
> (mostly with respect to the user authentication system) was extremely
> important (financial sites, etc.) and where PHP was the primary
> development platform.
google, yahoo.
for the rest search Zend.com or your favorite sdearch engine
>
> Thank you.
>
> --PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
[snip]
I've heard some concern expressed that PHP might be more insecure
then other methods of developing website where security was of prime
importance. Now, I personally do not believe this, but it would help
me to convince others if I could point to major sites, where security
(mostly with respect to the user authentication system) was extremely
important (financial sites, etc.) and where PHP was the primary
development platform.
[/snip]
Google for one. I am pretty sure Yahoo. Also, check out
http://www.shiflett.org as Chris is one of if not the leading expert in
security with PHP.
--- End Message ---
--- Begin Message ---
On Feb 1, 2007, at 9:47 AM, Jochem Maas wrote:
Eric Gorr wrote:
I've heard some concern expressed that PHP might be more insecure
then
other methods of developing website where security was of prime
importance. Now, I personally do not believe this, but it would
help me
to convince others if I could point to major sites, where security
(mostly with respect to the user authentication system) was extremely
important (financial sites, etc.) and where PHP was the primary
development platform.
google, yahoo.
For their user authentication system? Session management? Everything?
Don't suppose there would be any URL (press release, just general
info, etc.) with that information?
for the rest search Zend.com or your favorite sdearch engine
Thanks.
While zend.com, etc. will tell me who is using PHP, they do not
generally state exactly how it is being used and, as much as the who,
it is the how that is important.
--- End Message ---
--- Begin Message ---
On Feb 1, 2007, at 9:50 AM, Jay Blanchard wrote:
Also, check out
http://www.shiflett.org as Chris is one of if not the leading
expert in
security with PHP.
Great site. thank you.
--- End Message ---
--- Begin Message ---
On 2/1/07, Eric Gorr <[EMAIL PROTECTED]> wrote:
On Feb 1, 2007, at 9:50 AM, Jay Blanchard wrote:
>
> Also, check out
> http://www.shiflett.org as Chris is one of if not the leading
> expert in
> security with PHP.
Great site. thank you.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
http://afup.org/IMG/flickr_php.pdf
--- End Message ---
--- Begin Message ---
Eric Gorr wrote:
>
> On Feb 1, 2007, at 9:47 AM, Jochem Maas wrote:
>
>> Eric Gorr wrote:
>>> I've heard some concern expressed that PHP might be more insecure then
>>> other methods of developing website where security was of prime
>>> importance. Now, I personally do not believe this, but it would help me
>>> to convince others if I could point to major sites, where security
>>> (mostly with respect to the user authentication system) was extremely
>>> important (financial sites, etc.) and where PHP was the primary
>>> development platform.
>>
>> google, yahoo.
>
> For their user authentication system? Session management? Everything?
> Don't suppose there would be any URL (press release, just general info,
> etc.) with that information?
>
>> for the rest search Zend.com or your favorite sdearch engine
>
> Thanks.
>
> While zend.com, etc. will tell me who is using PHP, they do not
> generally state exactly how it is being used and, as much as the who, it
> is the how that is important.
ah right - please ignore my post - I wasn't really reading your question
properly,
my apologies
>
> --PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
On Feb 1, 2007, at 10:06 AM, Jochem Maas wrote:
Eric Gorr wrote:
On Feb 1, 2007, at 9:47 AM, Jochem Maas wrote:
Eric Gorr wrote:
I've heard some concern expressed that PHP might be more
insecure then
other methods of developing website where security was of prime
importance. Now, I personally do not believe this, but it would
help me
to convince others if I could point to major sites, where security
(mostly with respect to the user authentication system) was
extremely
important (financial sites, etc.) and where PHP was the primary
development platform.
google, yahoo.
For their user authentication system? Session management? Everything?
Don't suppose there would be any URL (press release, just general
info,
etc.) with that information?
for the rest search Zend.com or your favorite sdearch engine
Thanks.
While zend.com, etc. will tell me who is using PHP, they do not
generally state exactly how it is being used and, as much as the
who, it
is the how that is important.
ah right - please ignore my post - I wasn't really reading your
question properly,
my apologies
Well, if you do not know the answer to my particular question, I'm
curious how might you respond to someone who says:
PHP has to many security issues and should not be used with a
user authentication system.
We should use XXX.
You are not allowed to say 'Well, you're wrong. PHP is as secure as
anything else.' without explaining why.
Or, would you agree with the statement? Is there an 'XXX' that should
be used instead of PHP?
Given the limited number of options for maintaining state
information, I would be hard pressed to see how any language could be
inherently more security or why one could not write PHP code which
implemented the same techniques as 'XXX'.
(No, I do not know what 'XXX' might be.)
--- End Message ---
--- Begin Message ---
On cs, 2007-02-01 at 10:19 -0500, Eric Gorr wrote:
> On Feb 1, 2007, at 10:06 AM, Jochem Maas wrote:
>
> > Eric Gorr wrote:
> >>
> >> On Feb 1, 2007, at 9:47 AM, Jochem Maas wrote:
> >>
> >>> Eric Gorr wrote:
> >>>> I've heard some concern expressed that PHP might be more
> >>>> insecure then
> >>>> other methods of developing website where security was of prime
> >>>> importance. Now, I personally do not believe this, but it would
> >>>> help me
> >>>> to convince others if I could point to major sites, where security
> >>>> (mostly with respect to the user authentication system) was
> >>>> extremely
> >>>> important (financial sites, etc.) and where PHP was the primary
> >>>> development platform.
> >>>
> >>> google, yahoo.
> >>
> >> For their user authentication system? Session management? Everything?
> >> Don't suppose there would be any URL (press release, just general
> >> info,
> >> etc.) with that information?
> >>
> >>> for the rest search Zend.com or your favorite sdearch engine
> >>
> >> Thanks.
> >>
> >> While zend.com, etc. will tell me who is using PHP, they do not
> >> generally state exactly how it is being used and, as much as the
> >> who, it
> >> is the how that is important.
> >
> > ah right - please ignore my post - I wasn't really reading your
> > question properly,
> > my apologies
>
> Well, if you do not know the answer to my particular question, I'm
> curious how might you respond to someone who says:
>
> PHP has to many security issues and should not be used with a
> user authentication system.
> We should use XXX.
I think security mainly depends on the programmer and not on the
language he uses...
greets
Zoltán Németh
>
> You are not allowed to say 'Well, you're wrong. PHP is as secure as
> anything else.' without explaining why.
> Or, would you agree with the statement? Is there an 'XXX' that should
> be used instead of PHP?
>
> Given the limited number of options for maintaining state
> information, I would be hard pressed to see how any language could be
> inherently more security or why one could not write PHP code which
> implemented the same techniques as 'XXX'.
>
> (No, I do not know what 'XXX' might be.)
>
--- End Message ---
--- Begin Message ---
On Thu, 2007-02-01 at 10:19 -0500, Eric Gorr wrote:
>
> Well, if you do not know the answer to my particular question, I'm
> curious how might you respond to someone who says:
>
> PHP has to many security issues and should not be used with a
> user authentication system.
> We should use XXX.
>
> You are not allowed to say 'Well, you're wrong. PHP is as secure as
> anything else.' without explaining why.
> Or, would you agree with the statement? Is there an 'XXX' that should
> be used instead of PHP?
For the most part, any program in a mature language is as secure as the
least competent coder that worked with it. Following from that, if your
developers are competent, you are less likely to have security problems.
PHP provides all the tools necessary to write very secure applications,
most of the problems in the wild are due to incompetence especially as
relates to popular packages (such as PHPBB).
> Given the limited number of options for maintaining state
> information, I would be hard pressed to see how any language could be
> inherently more security or why one could not write PHP code which
> implemented the same techniques as 'XXX'.
Some languages provide features that essentially tie the developer's
hands behind their back and make it more difficult to introduce security
flaws. This idealogy only has limited success because no matter how
intelligent you think your language is, there is almost certainly a
human of marvellous counter intelligence that will do something
stupid... often by force of will.
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--- End Message ---
--- Begin Message ---
Hi guys, I have a script that send emails to mobiles:
<?php
$subject=$_REQUEST["sb"];
$nmobile=trim($_REQUEST["nmobile"]);
$message=$_REQUEST["message"];
$header="From: [EMAIL PROTECTED]";
//Bolivia providers
switch($nmobile[1]){
case 0: $company="@viva-gsm.com"; break;
case 1: $company="@entelmovil.com.bo";break;
case 2:
case 3: $company="@movil.com.bo"; break;
case 6:
case 7: $company="@tigo.com.bo";break;
}
$number="591".$nmobile.$company;
if( @mail($number,$subject,$message,$header))
echo "Message sent";
else echo "error";
?>
And this is the message in a mobile: [EMAIL PROTECTED] ................
I don´t know why appear the address [EMAIL PROTECTED] the address must
be: [EMAIL PROTECTED], could you help me please, thank you
--- End Message ---
--- Begin Message ---
This kind of hassle you can avoid if you use PHPMailer that you can find at
http://phpmailer.sourceforge.net
Best regards,
Peter Lauri
www.dwsasia.com - company web site
www.lauri.se - personal web site
www.carbonfree.org.uk - become Carbon Free
-----Original Message-----
From: Marcelo Ferrufino Murillo [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 01, 2007 6:17 PM
To: php-general@lists.php.net
Subject: [PHP] Send Email to Mobile
Hi guys, I have a script that send emails to mobiles:
<?php
$subject=$_REQUEST["sb"];
$nmobile=trim($_REQUEST["nmobile"]);
$message=$_REQUEST["message"];
$header="From: [EMAIL PROTECTED]";
//Bolivia providers
switch($nmobile[1]){
case 0: $company="@viva-gsm.com"; break;
case 1: $company="@entelmovil.com.bo";break;
case 2:
case 3: $company="@movil.com.bo"; break;
case 6:
case 7: $company="@tigo.com.bo";break;
}
$number="591".$nmobile.$company;
if( @mail($number,$subject,$message,$header))
echo "Message sent";
else echo "error";
?>
And this is the message in a mobile: [EMAIL PROTECTED] ................
I don´t know why appear the address [EMAIL PROTECTED] the address must
be: [EMAIL PROTECTED], could you help me please, thank you
--- End Message ---
--- Begin Message ---
> -----Message d'origine-----
> De : Richard Lynch [mailto:[EMAIL PROTECTED]
> Envoyé : jeudi 1 février 2007 02:35
> À : Tim
> Cc : php-general@lists.php.net
> Objet : Re: [PHP] Manipulating "categories" in a mysql database
>
> On Tue, January 30, 2007 12:36 pm, Tim wrote:
> > This is more of a conceptional question rather then a technical one.
> >
> > I am developping an online catalog, the catalog is a standard
> > categorie/subcat/subsubcat system using the following logic in my
> > database:
> >
> > cat_id cat_name
> >
> > 10 DVD
> > 1010 DVD/Action
> > 1020 DVD/Adventure
> > 20 CD
> > 2010 CD/Reggae
> > 2020 CD/Electro
> >
> > Up to now I enter the category id's manually from an administration
> > console.
> >
> > I would like to be able to have my console automagically generate a
> > cat_id
> > when my users add categories (so they don't have to bother with that
> > aspect
> > of adding a category) and I would also like to be able to move a
> > category up
> > or down in the way it displays on the page, as of now I am sorting by
> > cat_id
>
> Rule of thumb for SQL:
> Never ever ever sort by *_id, because it will almost alway send up
> biting you in the butt sooner or later.
>
> Add a 'rank' column and maintain that in your web application.
>
> > I have been for a while trying to develop a logical scheme to be able
> > to
> > generate the id's and change their cat_id to reflect a "new" position
> > in how
> > it displays (displaying DVD/Action after DVD/Adventure for example I
> > would
> > need to change the cat_id from 1010 to something above 1020 say 1021).
> > This
> > is fine as I can test the previous elements cat_id and add or subtract
> > 1 but
> > I get stuck when I have a cat_id say 1010 that I would want to put
> > between
> > 1011 and 1012. I'm having trouble developing the algorithm that would
> > allow
> > this..
>
> Once you separate the cat_id and the 'rank' you will have no problems.
>
> Your cat_id can just be auto_increment and never displayed to the user.
>
> Your 'rank' can be a simple integer, and to re-order you'll just do like:
>
> <?php
> //Assume cat_id # 7 needs to move to the 42nd place in the list:
> $cat_id = 7;
> $new_rank = 42;
> $query = "update catalog set rank = rank + 1 where rank >= $new_rank";
> mysql_query($query) or error_log(mysql_error() . " $query");
> $query = "update catalog set rank = $new_rank where cat_id = $cat_id";
> mysql_query($query) or error_log(mysql_error() . " $query");
> ?>
>
> This may create a "hole" in the rank listing, if $cat_id 7 used to be
> LOWER than 42.
>
> A little bit more effort can solve this, however.
> AFTER the above queries, tack on:
> if ($old_rank < $new_rank){
> $query = "update catalog set rank = rank - 1 where rank > $old_rank";
> mysql_query($query) or error_log(mysql_error() . " $query");
> }
>
> You could go even further and change the minimum number of ranks
> needed in any given change, to avoid thrashing the index on the rank.
> This would be crucial if your table was very large.
Thanks a lot, that put me in the right direction, I am studying this option
as I write this, I have drawn it up in a diagram and it looks quite simple
now.
I have also discovered a flaw in my database programming that made me
realize how badly I use the MySQL engine by doing the sorting at the
application-layer level rather then using the MySQL engine to sort the info
prior to sending back to the application..
Have now discovered, indexing, foreign keys, and joins :D
Great list, always opening new doors :)
Thank you much for all your suggestions!
Regards,
Tim
> --
> Some people have a "gift" link here.
> Know what I want?
> I want you to buy a CD from some starving artist.
> http://cdbaby.com/browse/from/lynch
> Yeah, I get a buck. So?
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
