php-general Digest 19 May 2008 06:39:58 -0000 Issue 5467
Topics (messages 274490 through 274500):
Re: Loading 2M array crashes program .. but only some of the time
274490 by: Ólafur Waage
Re: fsockopen + fputs
274491 by: Stut
sql syntax using sprintf
274492 by: Sudhakar
syntax of sprintf
274493 by: Sudhakar
274494 by: Ólafur Waage
Re: fsockopen on ssl://
274495 by: bob pilly
274496 by: Ólafur Waage
Re: Wanted, Dead or Alive: PHP/Drupal programmers in Chicago
274497 by: Larry Garfield
274500 by: Manuel Lemos
Re: problem with htmlspecialchars in version5.2.5
274498 by: Chris
Semi-OT: PHP Login with client security
274499 by: Tim Thorburn
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Are you using a persistent connection?
2008/5/18 Mary Anderson <[EMAIL PROTECTED]>:
> Hi all,
>
> I have a php - postgresql program which bombs with a statement that it has
> run out of memory. I am running php 5.1.6 and postgres 8.3.something. My
> program bombs, saying that it fails to allocate memory, when it is loading
> an SQL query result into a php array using pg_fetch_all. The SQL query
> works fine when I run it in psql. I am running php with a process limit
> size of 16M. Some of the time this query works, sometimes it dies. It is
> my impression that it dies after I have been running the php application for
> a while -- like there is memory that isn't being cleared up. But that is
> only an impression!
>
> What could be going wrong?
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
On 16 May 2008, at 00:04, debussy007 wrote:
I use fsockopen and fputs to call a distant URL, but I have the
following
error :
The requested URL /registration/test was not found on this server.
This is my code:
$req =
'username=' . $usr . '&password=' . $pass .
'&date_of_birth=' . $year . "-" . $month . "-" . $day .
'&email=' . $email . '&country=' . $country;
You should be using urlencode on these variables, otherwise you could
end up truncating the data.
$fp = fsockopen("www.example.com", 80, $errno, $errstr, 30);
if (!$fp) {
echo "$errstr ($errno)<br>\n";
} else {
$header = "POST /registration/test HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
fputs ($fp, $header . $req);
while (!feof($fp)) {
echo fgets($fp, 1024);
}
fclose($fp);
}
However the path www.example.com/registration/test exists
By which I assume you mean "it works in a browser". If not, make sure
it works in a browser first.
so why does it says it cannot find the requested url ?
You probably need a Host header to direct the request to the right
website. If you're going to be making manual HTTP requests I suggest
you use Firebug or similar to examine the requests your browser is
making. Even better read the HTTP spec, but I tend to be realistic in
my expectations. Alternatively I'd recommend looking at using the Curl
extension.
-Stut
--
http://stut.net/
--- End Message ---
--- Begin Message ---
until i started using the techniques for avoiding sql injection, i have been
using a normal insert and select sql query which worked fine.
i have a registration page where a user enters their username and if this
already exists i display a message by executing a select query and if the
username does not exist then i run an insert query.
after adopting the technique to avoid sql injection
if(get_magic_quotes_gpc())
{
$username = stripslashes($_POST["username"]);
$email = stripslashes($_POST["email"]);
}
else
{
$username = $_POST["username"];
$email = $_POST["email"];
}
previously my select and insert query were
INSERT INTO individuals(username, email) values('$username', '$email')
Select username from individuals where username = '$username'
presently the insert query is
$insertquery = sprintf("INSERT INTO individuals (username, email) VALUES
('%s', '%s')",
mysql_real_escape_string($username), mysql_real_escape_string($email));
This insert query is working however the select query is not doing its task
as before of checking if the username already exists or not, even if i
register with the same username again it does not alert that the username
exists.
the select query is
$selectqueryusername = sprintf("Select username from individuals where
username='%s'", mysql_real_escape_string($username));
should i change the syntax of the above select query or is there something
else in need to do to fix the select query.
please advice.
thanks.
--- End Message ---
--- Begin Message ---
until i started using the techniques for avoiding sql injection, i have been
using a normal insert and select sql query which worked fine.
i have a registration page where a user enters their username and if this
already exists i display a message by executing a select query and if the
username does not exist then i run an insert query.
after adopting the technique to avoid sql injection
if(get_magic_quotes_gpc())
{
$username = stripslashes($_POST["username"]);
$email = stripslashes($_POST["email"]);
}
else
{
$username = $_POST["username"];
$email = $_POST["email"];
}
previously my select and insert query were
INSERT INTO individuals(username, email) values('$username', '$email')
Select username from individuals where username = '$username'
presently the insert query is
$insertquery = sprintf("INSERT INTO individuals (username, email) VALUES
('%s', '%s')",
mysql_real_escape_string($username), mysql_real_escape_string($email));
This insert query is working however the select query is not doing its task
as before of checking if the username already exists or not, even if i
register with the same username again it does not alert that the username
exists.
the select query is
$selectqueryusername = sprintf("Select username from individuals where
username='%s'", mysql_real_escape_string($username));
should i change the syntax of the above select query or is there something
else in need to do to fix the select query.
please advice.
thanks.
--- End Message ---
--- Begin Message ---
Try this one
$sSQL = sprintf("SELECT username FROM individuals WHERE
username='%s'", mysql_real_escape_string($username));
$query = mysql_query($sSQL);
if($query !== false)
{
// do something
}
2008/5/18 Sudhakar <[EMAIL PROTECTED]>:
> until i started using the techniques for avoiding sql injection, i have been
> using a normal insert and select sql query which worked fine.
>
> i have a registration page where a user enters their username and if this
> already exists i display a message by executing a select query and if the
> username does not exist then i run an insert query.
>
> after adopting the technique to avoid sql injection
>
> if(get_magic_quotes_gpc())
> {
> $username = stripslashes($_POST["username"]);
> $email = stripslashes($_POST["email"]);
> }
> else
> {
> $username = $_POST["username"];
> $email = $_POST["email"];
> }
>
> previously my select and insert query were
>
> INSERT INTO individuals(username, email) values('$username', '$email')
> Select username from individuals where username = '$username'
>
> presently the insert query is
>
> $insertquery = sprintf("INSERT INTO individuals (username, email) VALUES
> ('%s', '%s')",
> mysql_real_escape_string($username), mysql_real_escape_string($email));
>
> This insert query is working however the select query is not doing its task
> as before of checking if the username already exists or not, even if i
> register with the same username again it does not alert that the username
> exists.
>
> the select query is
>
> $selectqueryusername = sprintf("Select username from individuals where
> username='%s'", mysql_real_escape_string($username));
>
> should i change the syntax of the above select query or is there something
> else in need to do to fix the select query.
>
> please advice.
>
> thanks.
>
--- End Message ---
--- Begin Message ---
Hi Manuel
Thanks for the reply. I have tested it with a timeout of 20 seconds and the
same thing occurs. It works as before from the command line and not form within
apache.. Any more ideas?
Cheers
Bob
----- Original Message ----
From: Manuel Lemos <[EMAIL PROTECTED]>
To: bob pilly <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Sent: Wednesday, 14 May, 2008 4:26:41 PM
Subject: Re: fsockopen on ssl://
Hello,
on 05/13/2008 04:37 PM bob pilly said the following:
> Hi all
>
> I have tried researching this issue but havent come up with any solution so
> im hoping someone has seen it before and can help. I have the following test
> script that uses fsockopen to connect to a https site, get the contents and
> outputs it.
>
> <?php
> $host = "www.microsoft.com";
> $path = "/";
> $fh = fsockopen("ssl://".$host, 443, $errno, $errstr, 5);//opens url for
> reading with a timeout of 2 seconds
>
> if (!$fh){
> echo "FAIL: $errno $errstr ";
> }
> else{
> $out = "GET $path HTTP/1.1\r\n";
> $out .= "Host: $host\r\n";
> $out .= "Connection: Close\r\n";
> $out .= "\r\n";
> fwrite($fh, $out);
> stream_set_timeout($fh,2);
> $info = stream_get_meta_data($fh);
> if($info['timed_out']){
> echo "TIMEOUT\n";
> }
> else{
> $haystack = "";
> while (!feof($fh)) {
> $haystack.= fgets($fh, 4096);
> }
> }
> print $haystack;
> fclose($fh);
> }
> ?>
>
> if i run this script using php -f test.php it works fine. However if i try
> and run this on my loca apache server i get the following error:
>
> Warning: fsockopen() [function.fsockopen]:unable to connect to
> ssl://www.microsoft.com:443 (A connection attemptfailed because the connected
> party did not properly respond after aperiod of time, or established
> connection failed because connected hosthas failed to respond.) in C:\Program
> Files\Apache Software Foundation\Apache2.2\htdocs\test.php on line 4
> FAIL: 10060 A connection attempt failed because the connected party didnot
> properly respond after a period of time, or established connectionfailed
> because connected host has failed to respond.
>
> As you can see from that error i am using windows and apache 2.2. My php
> version is 5.25. I have Registered Stream Socket Transports tcp, udp, ssl,
> sslv3, sslv2, tlsin my config.
I suspect that you are giving a very short timeout but then you are not
handling the timeout error properly.
Anyway, before reinventing the wheel, you may to try this HTTP client
class that supports many options including establishing SSL corrections
and setting and handling timeouts correctly.
http://www.phpclasses.org/httpclient
--
Regards,
Manuel Lemos
PHP professionals looking for PHP jobs
http://www.phpclasses.org/professionals/
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
__________________________________________________________
Sent from Yahoo! Mail.
A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html
--- End Message ---
--- Begin Message ---
Are you doing the command line on the same machine as the server?
Have you checked out the apache configuration? Since phpcli runs alone. (iirc)
2008/5/18 bob pilly <[EMAIL PROTECTED]>:
> Hi Manuel
>
> Thanks for the reply. I have tested it with a timeout of 20 seconds and the
> same thing occurs. It works as before from the command line and not form
> within apache.. Any more ideas?
>
> Cheers
>
> Bob
>
>
> ----- Original Message ----
> From: Manuel Lemos <[EMAIL PROTECTED]>
> To: bob pilly <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Sent: Wednesday, 14 May, 2008 4:26:41 PM
> Subject: Re: fsockopen on ssl://
>
> Hello,
>
> on 05/13/2008 04:37 PM bob pilly said the following:
>> Hi all
>>
>> I have tried researching this issue but havent come up with any solution so
>> im hoping someone has seen it before and can help. I have the following test
>> script that uses fsockopen to connect to a https site, get the contents and
>> outputs it.
>>
>> <?php
>> $host = "www.microsoft.com";
>> $path = "/";
>> $fh = fsockopen("ssl://".$host, 443, $errno, $errstr, 5);//opens url for
>> reading with a timeout of 2 seconds
>>
>> if (!$fh){
>> echo "FAIL: $errno $errstr ";
>> }
>> else{
>> $out = "GET $path HTTP/1.1\r\n";
>> $out .= "Host: $host\r\n";
>> $out .= "Connection: Close\r\n";
>> $out .= "\r\n";
>> fwrite($fh, $out);
>> stream_set_timeout($fh,2);
>> $info = stream_get_meta_data($fh);
>> if($info['timed_out']){
>> echo "TIMEOUT\n";
>> }
>> else{
>> $haystack = "";
>> while (!feof($fh)) {
>> $haystack.= fgets($fh, 4096);
>> }
>> }
>> print $haystack;
>> fclose($fh);
>> }
>> ?>
>>
>> if i run this script using php -f test.php it works fine. However if i try
>> and run this on my loca apache server i get the following error:
>>
>> Warning: fsockopen() [function.fsockopen]:unable to connect to
>> ssl://www.microsoft.com:443 (A connection attemptfailed because the
>> connected party did not properly respond after aperiod of time, or
>> established connection failed because connected hosthas failed to respond.)
>> in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\test.php on
>> line 4
>> FAIL: 10060 A connection attempt failed because the connected party didnot
>> properly respond after a period of time, or established connectionfailed
>> because connected host has failed to respond.
>>
>> As you can see from that error i am using windows and apache 2.2. My php
>> version is 5.25. I have Registered Stream Socket Transports tcp, udp, ssl,
>> sslv3, sslv2, tlsin my config.
>
> I suspect that you are giving a very short timeout but then you are not
> handling the timeout error properly.
>
> Anyway, before reinventing the wheel, you may to try this HTTP client
> class that supports many options including establishing SSL corrections
> and setting and handling timeouts correctly.
>
> http://www.phpclasses.org/httpclient
>
> --
>
> Regards,
> Manuel Lemos
>
> PHP professionals looking for PHP jobs
> http://www.phpclasses.org/professionals/
>
> PHP Classes - Free ready to use OOP components written in PHP
> http://www.phpclasses.org/
>
>
>
> __________________________________________________________
> Sent from Yahoo! Mail.
> A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html
--- End Message ---
--- Begin Message ---
(OK, alive would be preferable.)
Obligatory businessy description:
Palantir.net is looking for PHP programmers to join its growing team.
Palantir is one of the oldest web development shops in Chicago, dating back
to 1996. We develop customized web sites and web applications for a variety
of organizations, especially non-profit and cultural institutions. We
develop primarily using the Drupal open source Content Management Platform,
and are looking for skilled programmers to join our team in our Chicago
office.
The full rundown, and where to apply:
http://palantir.net/careers/programmer
Informal description:
So we've just moved into a brand new office in west Lincoln Park so that we
have room to expand, which is good because we have enough work to keep
everyone busy and then some. Palantir is a family company, and a great place
to work. (I've been here for 2.5 years now.) The working environment
includes a chalkboard wall, company issue Nerf guns, and a puppy. Oh yeah,
and all the stuff you need to get actual work done, too.
Palantir is primarily an open source company. As a programmer, 90% or better
of your job would involve working with Drupal, the leading open source
content management platform on the web. We strive to be good open source
citizens, too, contributing back to the community both in code and in other
ways, such as hosting design sprints for developers and sponsoring the recent
DrupalCon developers conference in Boston. Palantir's team includes several
high-profile names in the Drupal world as well. If you want to get paid to
work with and on a major open source project, this is the place to be. We're
open to people already experienced with Drupal as well as those new to the
community.
We are looking for full time on-site programmers, but are open to summer
interns as well. If you have questions, contact me off-list. To apply, see
the link above.
--
Larry Garfield AIM: LOLG42
[EMAIL PROTECTED] ICQ: 6817012
"If nature has made any one thing less susceptible than all others of
exclusive property, it is the action of the thinking power called an idea,
which an individual may exclusively possess as long as he keeps it to
himself; but the moment it is divulged, it forces itself into the possession
of every one, and the receiver cannot dispossess himself of it." -- Thomas
Jefferson
--- End Message ---
--- Begin Message ---
Hello,
You may want to look here at this PHP professionals directory. You can
even narrow your search for professionals that have the PHP specific
skills you need, like Drupal experience:
http://www.phpclasses.org/professionals/country/us/
on 05/18/2008 10:09 PM Larry Garfield said the following:
> (OK, alive would be preferable.)
>
> Obligatory businessy description:
>
> Palantir.net is looking for PHP programmers to join its growing team.
> Palantir is one of the oldest web development shops in Chicago, dating back
> to 1996. We develop customized web sites and web applications for a variety
> of organizations, especially non-profit and cultural institutions. We
> develop primarily using the Drupal open source Content Management Platform,
> and are looking for skilled programmers to join our team in our Chicago
> office.
>
> The full rundown, and where to apply:
>
> http://palantir.net/careers/programmer
>
> Informal description:
>
> So we've just moved into a brand new office in west Lincoln Park so that we
> have room to expand, which is good because we have enough work to keep
> everyone busy and then some. Palantir is a family company, and a great place
> to work. (I've been here for 2.5 years now.) The working environment
> includes a chalkboard wall, company issue Nerf guns, and a puppy. Oh yeah,
> and all the stuff you need to get actual work done, too.
>
> Palantir is primarily an open source company. As a programmer, 90% or better
> of your job would involve working with Drupal, the leading open source
> content management platform on the web. We strive to be good open source
> citizens, too, contributing back to the community both in code and in other
> ways, such as hosting design sprints for developers and sponsoring the recent
> DrupalCon developers conference in Boston. Palantir's team includes several
> high-profile names in the Drupal world as well. If you want to get paid to
> work with and on a major open source project, this is the place to be. We're
> open to people already experienced with Drupal as well as those new to the
> community.
>
>
> We are looking for full time on-site programmers, but are open to summer
> interns as well. If you have questions, contact me off-list. To apply, see
> the link above.
--
Regards,
Manuel Lemos
PHP professionals looking for PHP jobs
http://www.phpclasses.org/professionals/
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
--- End Message ---
--- Begin Message ---
It flance wrote:
> Hi,
>
> this statement:
> echo nl2br(htmlspecialchars($row['jobdescription'], ENT_QUOTES, 'UTF-8'));
>
> works for php4.3.10 but not for php5.2.5
What "doesn't work" exactly? What's the output in php4 compared to php5?
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
Hi all,
Having a slight problem with a demo I gave at a clients last week -
looking for a little advise. Part of my demo involved a password
protected area - the simplified process is: client enters password on
login page > if login/password match encrypted database, PHP session is
created, form forwards to a secured area > secured area checks to make
sure PHP session is valid > if valid display content, if not, return to
login screen.
This procedure is what I've used for many years, tested on a variety of
servers and connections. It works. During the demo with my client, I
was able to enter login/password info, the PHP session was created -
however the screen would not forward to the secured area. Instead I was
pretended with a blank screen (client only has an outdated/non-updated
version of IE6). If I were to type in the URL to the secured area, it
would display content properly. As a test, I logged out, closed my
browser and started again, this time entering an incorrect
login/password - again it would not forward to the next screen properly,
however this time when I typed in the full URL, it would not display as
the session hadn't been created.
I've spoken briefly with my clients IT person, however he's unwilling to
share any firewall information or really anything regarding their
security setup - which I understand as I'm not an employee and just a
contractor.
So, after long winded description - does anyone with network security
experience have any idea either a) what I would need to ask the IT
person to allow for their site only, or b) have any suggestions for
alternate password authentication that may work given the above conditions?
TIA
-Tim
--- End Message ---
