php-general Digest 4 Apr 2008 09:53:18 -0000 Issue 5385
Topics (messages 272506 through 272516):
Re: How to get a code review?
272506 by: Ryan Panning
272511 by: Shawn McKenzie
Re: LDAP in php
272507 by: Nathan Nobbe
272508 by: pobox.verysmall.org
Re: [PHP-DB] php4 to php5
272509 by: Greg Bowser
272510 by: Jim Lucas
preg_replace Question
272512 by: Richard Luckhurst
272516 by: Per Jessen
Character set problems
272513 by: Rob Gould
272514 by: Robert Cummings
Re: APC & FastCGI != upload progress ?
272515 by: steve
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Robert Cummings wrote:
You could provide links to the source code and post the links here.
Pastebin is often used... http://www.pastebin.com
Cheers,
Rob.
Another good option is PHP Builder, they have a forum setup specifically
for code reviewing. They have a large user base too.
http://phpbuilder.com/board/forumdisplay.php?f=24
--- End Message ---
--- Begin Message ---
Nathan Nobbe wrote:
> On Thu, Apr 3, 2008 at 10:41 AM, David Jourard <[EMAIL PROTECTED]>
> wrote:
>
>> Nathan Nobbe wrote:
>>
>>> how much code is there ?
>>>
>> 200 lines
>
>
> i think ur safe posting that on the list directly. sometimes people post
> several thousand lines and those sort of things are overlooked.
>
> I work alone and this is basically my first program.
>
> i drink alone ;)
When I drink alone, I prefer to be by myself...
>
> I'm interested in feedback as to
>> a. Am I using the variables correctly wrt global and local and passing by
>> reference etc.
>> b. Did I use the correct functions or are there better ones
>> c. Security - of course
>> d. Any suggestions on improving overall style.
>>
>> e. Is it ok to put the include file in the cgi-bin with my perl scripts.
>>
>> For many of you this is basic stuff probably but I want to make sure I'm
>> getting it right.
>>
>> Note the login cookie is created by my perl script and the php program
>> simply has to check that the user is logged in.
>
>
> drop it in a post and well have a look.
>
> -nathan
>
--- End Message ---
--- Begin Message ---
On Thu, Apr 3, 2008 at 2:22 PM, [EMAIL PROTECTED] <[EMAIL PROTECTED]>
wrote:
> I am 100% aware of the fact that LDAP is a read optimized database (though
> I am not sure where this optimization goes when back end is PostgreSQL, for
> example - the LDAP "commands" seem simple and re-writing them into SQL can't
> be so much overhead; the explanation might be that PostgreSQL powered LDAP
> is not as fast as... - whatever, I'm not an expert and this analysis is not
> my goal, not now.).
afaik, the performance degrades severly; and its a little more complicated
to map to sql than one might initially suspect
http://www.openldap.org/doc/admin24/intro.html#LDAP%20vs%20RDBMS
> PHP is probably not going to give you blazing fast performance
> compared to an off-the-shelf LDAP server in C.
>
100% aware of that.
>
the other key facet of the open ldap (assume this implementation is what
were discussing [sorry if its an oversight]) is the use of berkdb internally
for which there is no php extension. if im not mistaken, the 'queries' are
compiled directly into the source.
i know your reqs for ldap usage are small, but im thinking it would be much
more straight-forward and less time consuming to just setup ldap, write some
php scripts to map / sync data from ur relational db to it and point the
client software to said ldap installation.
-nathan
--- End Message ---
--- Begin Message ---
Nathan Nobbe schrieb:
> I am 100% aware of the fact that LDAP is a read optimized database
> (though I am not sure where this optimization goes when back end is
> PostgreSQL, for example - the LDAP "commands" seem simple and
> re-writing them into SQL can't be so much overhead; the explanation
> might be that PostgreSQL powered LDAP is not as fast as... -
> whatever, I'm not an expert and this analysis is not my goal, not
now.).
>
> afaik, the performance degrades severly;
Yes, this reconfirms the LDAP strength as read-optimized.
> and its a little more
> complicated to map to sql than one might initially suspect
> http://www.openldap.org/doc/admin24/intro.html#LDAP%20vs%20RDBMS
Yes, that's why I decided to try a php LDAP read-only (for Thunderbird)
"implementation" - I could not see how I can map the LDAP to our SQL
(which implements object-relational mapping defined in XML text files
and could not be done without the php logic).
> the other key facet of the open ldap (assume this implementation is what
> were discussing [sorry if its an oversight])
No, we did not discuss any specific implementation. We are not against
them (or any of them).
Just for me to implement a simple php "LDAP" (read-only, for Thunderbird
use) seemed easier for prototyping purposes, than setting up LDAP and
writing something that updates it on every change in the original db.
But could be that I am wrong.
> is the use of berkdb
> internally for which there is no php extension. if im not mistaken, the
> 'queries' are compiled directly into the source.
I do not intend to use bdb - but our PostgreSQL, trying to write php
"LDAP server (read-only)" - which listens to the LDAP port, receives the
requests, gets what it needs from the db and gives it back in an LDAP way.
> i know your reqs for ldap usage are small, but im thinking it would be
> much more straight-forward and less time consuming to just setup ldap,
> write some php scripts to map / sync data from ur relational db to it
> and point the client software to said ldap installation.
May be at the end you are right...
But it was nice brainstorming so far and I'll play a bit, and may be
submit the results, in case anything interesting happens.
Thanks for your thoughts, though.
Iv
--- End Message ---
--- Begin Message ---
Sounds like you're talking about the register_globals functionality. It's a
php.ini setting that will cause $_POST['foo'] or $_GET['foo'] to be copied
to the global variable $foo. This is somewhat of a security risk, thus
disabled by default.
There's another superglobal array that you might find useful: $_REQUEST.
$_REQUEST consists of variables from $_GET,$_POST,$_COOKIE (in that order, I
believe).
http://us3.php.net/manual/en/reserved.variables.php
http://us3.php.net/manual/en/ini.core.php#ini.register-globals
--GREG
On Thu, Apr 3, 2008 at 6:40 PM, ioannes <[EMAIL PROTECTED]> wrote:
> I suppose I am behind the time in migrating from php4 to 5. That said, my
> main problem is getting variables recognised. I can see how to do it - you
> need to identify all the variables that could be sent from the page and then
> assign a name, as in $myvar=$_GET['myvar'] and ditto for POST variables if
> any. Is there a function to convert all get and post variables to $_GET and
> $_POST, or is that a security concern? The further I have got is this:
>
> function php5($var) {
> if(ISSET($_POST[$var])&&$_POST[$var]<>"") {
> $newvar=$_POST[$var];
> } else {
> $newvar=$_GET[$var];
> }
> return $newvar;
> }
>
> $input_variable=php5('input_variable');
>
> however I would like to do this for all variable, I tried iterating
> through the $_GET and $_POST arrays but could not get it to work.
>
> Anyway the main reason I am writing is:
>
> - where the web page form uses the POST method, but there are parameters
> in the URL after the ? sign, these 'get' parameters seem to stay there when
> you submit the form from eg <input type=submit> button. So, let's say the
> script will add a line if addlines=y, if before you submit the form you have
> ?addline=y in the URL you will continue to add lines according to the script
> even though there is no hidden variable on the page called 'addline',
> because every time you submit the form with POST you have addline=y in the
> URL - if the script looks at GET variables then this will feed into the
> script. This does not seem to happen with php4 - if the page does not
> submit an 'addline' variable from a form field, it will not feed into the
> script. So what's the rationale for that (the URL submitting the variables)
> and what is the usual solution? The problem arises on this particular page
> because of a mix of buttons, some are javascript and send the addline=y with
> onClick.
>
> John
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
Greg Bowser wrote:
Sounds like you're talking about the register_globals functionality. It's a
php.ini setting that will cause $_POST['foo'] or $_GET['foo'] to be copied
to the global variable $foo. This is somewhat of a security risk, thus
disabled by default.
There's another superglobal array that you might find useful: $_REQUEST.
$_REQUEST consists of variables from $_GET,$_POST,$_COOKIE (in that order, I
believe).
Here is a snippet from my php.ini file
; This directive describes the order in which PHP registers GET, POST, Cookie,
; Environment and Built-in variables (G, P, C, E & S respectively, often
; referred to as EGPCS or GPC). Registration is done from left to right, newer
; values override older values.
variables_order = "GPCS"
Get -> Post -> Cookie -> Session
With the latter overwriting the previous.
http://us3.php.net/manual/en/reserved.variables.php
http://us3.php.net/manual/en/ini.core.php#ini.register-globals
--GREG
On Thu, Apr 3, 2008 at 6:40 PM, ioannes <[EMAIL PROTECTED]> wrote:
I suppose I am behind the time in migrating from php4 to 5. That said, my
main problem is getting variables recognised. I can see how to do it - you
need to identify all the variables that could be sent from the page and then
assign a name, as in $myvar=$_GET['myvar'] and ditto for POST variables if
any. Is there a function to convert all get and post variables to $_GET and
$_POST, or is that a security concern? The further I have got is this:
function php5($var) {
if(ISSET($_POST[$var])&&$_POST[$var]<>"") {
$newvar=$_POST[$var];
} else {
$newvar=$_GET[$var];
}
return $newvar;
}
$input_variable=php5('input_variable');
however I would like to do this for all variable, I tried iterating
through the $_GET and $_POST arrays but could not get it to work.
Anyway the main reason I am writing is:
- where the web page form uses the POST method, but there are parameters
in the URL after the ? sign, these 'get' parameters seem to stay there when
you submit the form from eg <input type=submit> button. So, let's say the
script will add a line if addlines=y, if before you submit the form you have
?addline=y in the URL you will continue to add lines according to the script
even though there is no hidden variable on the page called 'addline',
because every time you submit the form with POST you have addline=y in the
URL - if the script looks at GET variables then this will feed into the
script. This does not seem to happen with php4 - if the page does not
submit an 'addline' variable from a form field, it will not feed into the
script. So what's the rationale for that (the URL submitting the variables)
and what is the usual solution? The problem arises on this particular page
because of a mix of buttons, some are javascript and send the addline=y with
onClick.
John
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Jim Lucas
"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."
Twelfth Night, Act II, Scene V
by William Shakespeare
--- End Message ---
--- Begin Message ---
Hi List
I am trying to perform a number of replacements of place holders in an html page
I am working on using preg_replace. I am stuck with a pronlem I can not work out
and would appreciate some help.
The code I have is as follows
$html = preg_replace('/%Amount/',$amount,$html);
$html is the source of a html page
$amount is set earlier to a value read from a file
When I view the html page the value of %Amount is not what I would expect.
e.g $amount = $524.00 however only 4.00 is displayed in the %Amount field on the
html page. I tried dropping the .00 from $amount to see if this might be a
length issue and then %Amount was just 4
Am I doing something obviously wrong here? I have checked the php manual and I
appear to be using preg_replace correctly.
Regards,
Richard Luckhurst
Product Development
Exodus Systems - Sydney, Australia.
[EMAIL PROTECTED]
Tel: (+612) 4751-9633
Fax: (+612) 4751-9644
Web: www.resmaster.com
=================================================
Exodus Systems - Smarter Systems, Better Business
=================================================
--- End Message ---
--- Begin Message ---
Richard Luckhurst wrote:
> e.g $amount = $524.00 however only 4.00 is displayed in the %Amount
> field on the html page. I tried dropping the .00 from $amount to see
> if this might be a length issue and then %Amount was just 4
> Am I doing something obviously wrong here? I have checked the php
> manual and I appear to be using preg_replace correctly.
>From the manual:
"replacement may contain references of the form \\n or (since PHP
4.0.4) $n, with the latter form being the preferred one"
If you use $amount ='\$524.00' instead of '$524.00', it'll work.
/Per Jessen, Zürich
--- End Message ---
--- Begin Message ---
I'm having a hard time figuring out why my character sets and data look when
when viewed in phpAdmin when browsing the table-columns, but then I go to show
the data on my web-page with PHP, I get garbage-characters where I should be
seeing apostrophs and special foreign-characters.
I copied all the header-data from the phpAdmin pages:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
where the characters all show up properly, and I've put this on my web-page.
Here's what I know about my database, according to myphpadmin:
>From the phpAdmin settings page:
MySQL charset: UTF-8 Unicode (utf8)
MySQL connection collation: utf8_unicode_ci
>From the Structure tab for my table:
Type: MyISAM
Collation: utf8_unicode_ci
So, based on the headers I'm using, and the myphpAdmin settings, is there
something I'm missing? I guess I was assuming since the headers are set for
utf-8, and the "MySQL charset = UTF-8 Unicode (utf8)", that everything would be
compatible.
--- End Message ---
--- Begin Message ---
On Thu, 2008-04-03 at 21:56 -0700, Rob Gould wrote:
> I'm having a hard time figuring out why my character sets and data look when
> when viewed in phpAdmin when browsing the table-columns, but then I go to
> show the data on my web-page with PHP, I get garbage-characters where I
> should be seeing apostrophs and special foreign-characters.
>
> I copied all the header-data from the phpAdmin pages:
>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
> <html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en" dir="ltr">
> <head>
>
> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
>
>
> where the characters all show up properly, and I've put this on my web-page.
>
> Here's what I know about my database, according to myphpadmin:
>
> >From the phpAdmin settings page:
>
> MySQL charset: UTF-8 Unicode (utf8)
> MySQL connection collation: utf8_unicode_ci
>
> >From the Structure tab for my table:
>
> Type: MyISAM
> Collation: utf8_unicode_ci
>
>
> So, based on the headers I'm using, and the myphpAdmin settings, is there
> something I'm missing? I guess I was assuming since the headers are set for
> utf-8, and the "MySQL charset = UTF-8 Unicode (utf8)", that everything would
> be compatible.
Do you have this in your php.ini?
default_charset = "utf-8"
Or if you want... the following in a .htaccess or virtual host config:
php_value default_charset utf-8
You can even manually output it from within your PHP code:
header( 'Content-Type: text/html; charset=utf-8' );
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--- End Message ---
--- Begin Message ---
I think FastCGI is buffering the upload, which is good I guess, just
nice to know. I'll put a comment in the php manual. The deflate thing
is a FastCGI bug, I searched the list and found a fix. I thought
mod_fastcgi was dead (it didn't even compile on Apache 2.2). It looks
like there was a release last year (after several years), so I'll take
that and patch it. I have to remember what my other patches have been
over the years!
FastCGI is *the* way to run PHP, but I think Apache is not the
platform for it anymore.
Is the COMMET implementation on the client side long polling
(reconnect) or does it stream using script tags? What goes on in the
server? Does it push the buffer of blank data that WebKit requires? Is
it a PHP daemon process running as a simple HTTP server?
On Wed, Apr 2, 2008 at 12:09 AM, Manuel Lemos <[EMAIL PROTECTED]> wrote:
> Hello,
>
> on 03/30/2008 02:52 PM steve said the following:
>
> > Hmmm... I am working on a PHP daemon for comet style connections...
> > I'll keep that idea in mind. I guess that using Flash is best solution
> > at the moment.. at least the only one I have working...
>
> I implement COMET connections with plain HTML with an hidden iframe.
> Actually I have been using that for a upload progress meter among other
> AJAX uses. Actually it is an AJAX plug-in of this forms class:
>
> http://www.phpclasses.org/formsgeneration
>
> Here is an example of a form upload progress done all in PHP and plain HTML:
>
> http://www.meta-language.net/forms-examples.html?example=test_upload_progress
>
> Here you can watch a tutorial video that explains the COMET AJAX
> implementation:
>
> http://www.phpclasses.org/browse/video/1/package/1/section/plugin-ajax.html
>
>
>
>
> > I'm guessing that FastCGI is buffering the upload until complete. PHP
> > docs might want to document that.
> >
> > FastCGI is also breaking Apache's deflate module, but that is another
> issue...
>
> Couldn't it be deflate buffering FastCGI output?
>
> --
>
> Regards,
> Manuel Lemos
>
> PHP professionals looking for PHP jobs
> http://www.phpclasses.org/professionals/
>
> PHP Classes - Free ready to use OOP components written in PHP
> http://www.phpclasses.org/
>
--- End Message ---
