php-general Digest 7 Oct 2008 07:54:01 -0000 Issue 5722
Topics (messages 281504 through 281520):
Re: php framework vs just php?
281504 by: uaca man
281508 by: farid lópez
Re: The 'at' sign (@) variable prefix
281505 by: uaca man
281506 by: Daniel Brown
281507 by: mike
281515 by: Jochem Maas
281520 by: Aschwin Wesselius
Re: db_* => pg_*/my_*/ifx_* ?
281509 by: Ashley Sheridan
281517 by: Larry Garfield
Re: AJAX and PHP
281510 by: Ashley Sheridan
Re: How to capture origional client machine _directory_ and file name on
uploads?
281511 by: Ashley Sheridan
Required files not being parsed properly...
281512 by: Stephen Johnson
281513 by: Jim Lucas
281514 by: Eric Butera
Re: Drupal 6
281516 by: Larry Garfield
Re: Best Search Algorithm for Millions of record
281518 by: Hemant Patel
Re: Prefered Method for User authetification on VHosts
281519 by: Per Jessen
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
To be or not to be dump it your choice.
My framework it not just awesome it is super awesome.
Angelo
2008/10/6 Dan Joseph <[EMAIL PROTECTED]>:
> On Mon, Oct 6, 2008 at 1:01 PM, Jason Pruim <[EMAIL PROTECTED]> wrote:
>
>>
>> But... Which framework is better? :P
>>
>>
>>
>>
> Oh my.. now we're gonna get all those guys popping back up telling us how
> dumb we are and how awesome their frameworks are again!
>
> --
> -Dan Joseph
>
> www.canishosting.com - Plans start @ $1.99/month.
>
> "Build a man a fire, and he will be warm for the rest of the day.
> Light a man on fire, and will be warm for the rest of his life."
>
--- End Message ---
--- Begin Message ---
what is your framework??? uacaman.
i'm using symfony, but i'm reading the book. it's hard but there are so many
things you can do easily with symfony!
2008/10/7 uaca man <[EMAIL PROTECTED]>
> To be or not to be dump it your choice.
>
> My framework it not just awesome it is super awesome.
>
> Angelo
>
> 2008/10/6 Dan Joseph <[EMAIL PROTECTED]>:
> > On Mon, Oct 6, 2008 at 1:01 PM, Jason Pruim <[EMAIL PROTECTED]> wrote:
> >
> >>
> >> But... Which framework is better? :P
> >>
> >>
> >>
> >>
> > Oh my.. now we're gonna get all those guys popping back up telling us how
> > dumb we are and how awesome their frameworks are again!
> >
> > --
> > -Dan Joseph
> >
> > www.canishosting.com - Plans start @ $1.99/month.
> >
> > "Build a man a fire, and he will be warm for the rest of the day.
> > Light a man on fire, and will be warm for the rest of his life."
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
Atte
Farid H. López Durán
"La naturaleza del hombre es tal que puede conseguir la perfección
únicamente cuando
trabaja para el bienestar y la dignidad de sus conciudadanos". Karl Marx
--- End Message ---
--- Begin Message ---
Documentation is at:
http://br.php.net/manual/en/language.operators.errorcontrol.php
Angelo
2008/10/6 Crash Dummy <[EMAIL PROTECTED]>:
> I learned through osmosis that I could use the '@' sign to prevent an
> error with an uncertain variable. For example, if there is no $_GET[]
> value in this line,
>
> $query=$_GET["q"];
>
> I will get an error, but if I prefix the value with '@',
>
> [EMAIL PROTECTED]"q"];
>
> and no value is available, a null string is returned, and no error is
> generated.
>
> This is great, but I'd like to see it in writing. I can't find this
> feature in the documentation. Can someone steer me to it?
> --
> Dave
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
On Mon, Oct 6, 2008 at 3:03 PM, Crash Dummy <[EMAIL PROTECTED]> wrote:
> I learned through osmosis that I could use the '@' sign to prevent an
> error with an uncertain variable. For example, if there is no $_GET[]
> value in this line,
>
> $query=$_GET["q"];
>
> I will get an error, but if I prefix the value with '@',
>
> [EMAIL PROTECTED]"q"];
The @ is an error control operator, used to buffer the output and
store it in a variable - $php_errormsg.
Check it out:
http://php.net/manual/en/language.operators.errorcontrol.php
It's better to write clean, secure code, of course.... but
sometimes error control is a good thing, too.
--
</Daniel P. Brown>
More full-root dedicated server packages:
Intel 2.4GHz/60GB/512MB/2TB $49.99/mo.
Intel 3.06GHz/80GB/1GB/2TB $59.99/mo.
Intel 2.4GHz/320/GB/1GB/3TB $74.99/mo.
Dedicated servers, VPS, and hosting from $2.50/mo.
--- End Message ---
--- Begin Message ---
Mon, Oct 6, 2008 at 12:17 PM, Daniel Brown <[EMAIL PROTECTED]> wrote:
>> I will get an error, but if I prefix the value with '@',
>>
>> [EMAIL PROTECTED]"q"];
>
> The @ is an error control operator, used to buffer the output and
> store it in a variable - $php_errormsg.
> It's better to write clean, secure code, of course.... but
> sometimes error control is a good thing, too.
why not just use:
$query = isset($_GET['q']) ? $_GET['q'] : '';
that way it's always set.
or even better (what I recommend):
$query = filter_input(INPUT_GET, 'q', FILTER_SANITIZE_STRING);
and get an empty string or a sanitized string, depending on if something exists.
--- End Message ---
--- Begin Message ---
mike schreef:
> Mon, Oct 6, 2008 at 12:17 PM, Daniel Brown <[EMAIL PROTECTED]> wrote:
>
>>> I will get an error, but if I prefix the value with '@',
>>>
>>> [EMAIL PROTECTED]"q"];
>> The @ is an error control operator, used to buffer the output and
>> store it in a variable - $php_errormsg.
>
>> It's better to write clean, secure code, of course.... but
>> sometimes error control is a good thing, too.
>
> why not just use:
> $query = isset($_GET['q']) ? $_GET['q'] : '';
>
> that way it's always set.
>
> or even better (what I recommend):
> $query = filter_input(INPUT_GET, 'q', FILTER_SANITIZE_STRING);
>
> and get an empty string or a sanitized string, depending on if something
> exists.
>
Mike's ways are both better than suppressing the error not only because error
suppression in general sucks but because it's actually less performant to
trigger
this kind of error.
--- End Message ---
--- Begin Message ---
Jochem Maas wrote:
mike schreef:
Mon, Oct 6, 2008 at 12:17 PM, Daniel Brown <[EMAIL PROTECTED]> wrote:
I will get an error, but if I prefix the value with '@',
[EMAIL PROTECTED]"q"];
The @ is an error control operator, used to buffer the output and
store it in a variable - $php_errormsg.
It's better to write clean, secure code, of course.... but
sometimes error control is a good thing, too.
why not just use:
$query = isset($_GET['q']) ? $_GET['q'] : '';
that way it's always set.
or even better (what I recommend):
$query = filter_input(INPUT_GET, 'q', FILTER_SANITIZE_STRING);
and get an empty string or a sanitized string, depending on if something exists.
Mike's ways are both better than suppressing the error not only because error
suppression in general sucks but because it's actually less performant to
trigger
this kind of error.
I second that. The @ symbol actually does this:
@action();
Becomes:
$old = ini_set(“error_reporting”, 0);
action();
ini_set(“error_reporting”, $old);
So, if you put that a hundred times all over your code, the errors might
be suppressed but your app is slow too.
--
Aschwin Wesselius
/'What you would like to be done to you, do that to the other....'/
--- End Message ---
--- Begin Message ---
On Wed, 2008-10-01 at 17:44 +0200, Michelle Konzack wrote:
> Am 2008-09-30 19:58:03, schrieb Ashley Sheridan:
> > Hi Michelle, I'm not sure exactly what it is you're after. Are you
> > looking for software that will allow you to develop applications that
> > are database agnostic?
>
> What is "agnostic"?
>
> If you mean "database independant", the answer is yes.
>
> Most Applications do not need complex database specific queries and
> generaly I need only
>
> db_connect($server, $port, $db, $user, $pass)
> 1) using pconnect if possibel
> 2) there are already significant differences
> between pgsql and mysql
> db_error()
> 1) Works different between pgsql and mysql and ifx
>
> db_close($handle)
> 1) Works afaik with all databases the same way
>
> db_getarray() -> return array from SELECT
> 1) Hell of SELECT FROM WHERE...
>
> db_insert($handle, $table, $what, $where)
> db_update($handle, $table, $what, $where)
> db_delete($handle, $table, $what, $where)
> 1) Sometimes heavy differences for ALL databases...
>
>
> Thanks, Greetings and nice Day/Evening
> Michelle Konzack
> Systemadministrator
> 24V Electronic Engineer
> Tamay Dogan Network
> Debian GNU/Linux Consultant
>
>
I think you may need to write these wrappers yourself if you need them.
I don't know of any library that will provide these, and most PHP
systems I've used have their own like this as well.
Ash
www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On Wednesday 01 October 2008 10:44:29 am Michelle Konzack wrote:
> Am 2008-09-30 19:58:03, schrieb Ashley Sheridan:
> > Hi Michelle, I'm not sure exactly what it is you're after. Are you
> > looking for software that will allow you to develop applications that
> > are database agnostic?
>
> What is "agnostic"?
>
> If you mean "database independant", the answer is yes.
>
> Most Applications do not need complex database specific queries and
> generaly I need only
>
> db_connect($server, $port, $db, $user, $pass)
> 1) using pconnect if possibel
> 2) there are already significant differences
> between pgsql and mysql
> db_error()
> 1) Works different between pgsql and mysql and ifx
>
> db_close($handle)
> 1) Works afaik with all databases the same way
>
> db_getarray() -> return array from SELECT
> 1) Hell of SELECT FROM WHERE...
>
> db_insert($handle, $table, $what, $where)
> db_update($handle, $table, $what, $where)
> db_delete($handle, $table, $what, $where)
> 1) Sometimes heavy differences for ALL databases...
PHP does offer a unified API: PDO.
http://www.php.net/pdo
It offers a lot of good features, although it doesn't abstract out the SQL
itself or some more annoying design limitations of some databases (like
BLOB/CLOB handling in Postgres or Oracle).
I actually just recently finished (OK, it's not done yet but the bulk of it
is) implementing a PDO-based fully OOP DB abstraction layer for Drupal 7.
It's actually quite slick, but is still somewhat Drupal dependent right now
due to the need to know the table structure ahead of time for non-MySQL
databases. Eventually I want to split it out to its own standalone library,
but it's not at that point yet. (And due to the weirdness that is SQL, it's
actually a lot harder than you think to do such a thing well, especially
WHERE clauses and the excitement that are Merge queries. Tip: A simple array
is NOT sufficient for all of what WHERE can do.)
--
Larry Garfield
[EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
On Mon, 2008-10-06 at 17:09 +0200, Alain Roger wrote:
> And AFAIK it does not work on linux platform
>
> On Mon, Oct 6, 2008 at 3:36 PM, Wolf <[EMAIL PROTECTED]> wrote:
>
> > <!-- SNIP -->
> > > yes, flex is "flash for developers"; the main language is AS3 and it
> > > outputs swf's; flex is basically a program which allows you to use mix
> > > of pre-made ui elements & classes, css and AS3 to quickly make great
> > RIA's.
> >
> > Yup, but you have to have flash enabled. But some of us don't except for
> > specific sites due to ads being swfs as well.
> >
> > Wolf
> >
>
>
It can be made to work, but there is a lot of messing about. Not tried
it myself, but I have spoken to some people on the Papervision team who
have done it.
Ash
www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On Mon, 2008-10-06 at 12:35 -0400, J. Hill wrote:
> [Sorry Nathan.]
>
> Yes, I should have said "autopopulate". And from what I have found,
> you're right; it does appear java applets can do it, but I had hoped to
> avoid that option.
>
> > Eric Butera -- The file upload will only exist in the specified temp
> > directory . . ..
> Perhaps I should have explained more. If they make an error, I only
> wanted to autopopulate the field with the correct value rather than
> tracking the temp file. However, it appears your solution may be the
> best solution, other than using java applets. Messy. Bummer.
>
> > Richard Heyes -- Tes, keep your pesky nose out . . .
> I would love to keep my nose out ;-) Unfortunately, the request has
> been made by our paying clients who are the ones uploading the files.
>
> While I do appreciate the security issues, there are so many other
> vulnerabilities, the basic autopopulate concept seems to add very little
> to the mix.
>
> Thanks to all for the input.
>
> Jeff
>
>
> Nathan Rixham wrote:
> > J. Hill wrote:
> >> This should be trivial, but apparently not -- or maybe I just need
> >> more caffeine. My searches have come up empty.
> >>
> >> I am trying to get not only the original file name on uploads, but
> >> also the original directory on the client machine as well.
> >>
> >> The purpose is for users who make a mistake on another part of the
> >> form; when the form is returned for them to complete properly, all of
> >> the correct values are automatically filled in. That's trivial in
> >> most instances, but I'm not finding a solution for file uploads.
> >>
> >> This seems like a common need. Any suggestions?
> >>
> >> Thanks in advance,
> >>
> >> Jeff
> >>
> >>
> >
> > AFAIK that info is outside the security sandbox of web browsers; just
> > like you can't resend the file or autopopulate what file you want them
> > to upload.
> >
> > only way is to use a third party browser extension or app; java
> > uploader or such like and you may have some luck.
> >
>
This isn't possible, as people have explained, for security reasons.
What you can do though, is capture and semi-process the file uploaded in
the unsuccessful form submission and keep it in a sandbox until the form
gets submitted correctly. This would get round your problems, but you
will need a clean-up method to remove files that get left behind by
people giving up filling in the form correctly.
Ash
www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
OK .. I am upgrading to PHP5 on a clients box, and after doing so I have
run into the problem that files that get brought in by a require statement,
or include, end up just getting dumped to the browser as text..
For instance :
require("/home/tnr/incs/tnr_db.php");
$db = new mysql();
Produces what you see here :
http://www.thumbnailresume.com/index.html?allow=1
Any one have any thoughts on what is going on?
--
Stephen Johnson c | eh
The Lone Coder
office: 562.366.4433
fax: 562.278.0133
http://www.thelonecoder.com
continuing the struggle against bad code
http://www.fortheloveofgeeks.com
I¹m a geek and I¹m OK!
--
--- End Message ---
--- Begin Message ---
Stephen Johnson wrote:
> OK .. I am upgrading to PHP5 on a clients box, and after doing so I have
> run into the problem that files that get brought in by a require statement,
> or include, end up just getting dumped to the browser as text..
>
> For instance :
>
> require("/home/tnr/incs/tnr_db.php");
> $db = new mysql();
>
> Produces what you see here :
>
> http://www.thumbnailresume.com/index.html?allow=1
>
> Any one have any thoughts on what is going on?
>
> --
> Stephen Johnson c | eh
> The Lone Coder
>
> office: 562.366.4433
> fax: 562.278.0133
>
> http://www.thelonecoder.com
> continuing the struggle against bad code
>
> http://www.fortheloveofgeeks.com
> I¹m a geek and I¹m OK!
> --
>
>
>
>
Well, if you look at the source for the page, you will notice that you have a
<? at the top of the file. The default for PHP5 is to disable the
short_open_tag it is set to off by default. PHP4 was set to On
Change that restart apache. You should be good to go.
--
Jim Lucas
"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."
Twelfth Night, Act II, Scene V
by William Shakespeare
--- End Message ---
--- Begin Message ---
On Mon, Oct 6, 2008 at 7:28 PM, Stephen Johnson
<[EMAIL PROTECTED]> wrote:
> OK .. I am upgrading to PHP5 on a clients box, and after doing so I have
> run into the problem that files that get brought in by a require statement,
> or include, end up just getting dumped to the browser as text..
>
> For instance :
>
> require("/home/tnr/incs/tnr_db.php");
> $db = new mysql();
>
> Produces what you see here :
>
> http://www.thumbnailresume.com/index.html?allow=1
>
> Any one have any thoughts on what is going on?
>
> --
> Stephen Johnson c | eh
> The Lone Coder
>
> office: 562.366.4433
> fax: 562.278.0133
>
> http://www.thelonecoder.com
> continuing the struggle against bad code
>
> http://www.fortheloveofgeeks.com
> I¹m a geek and I¹m OK!
> --
>
>
>
>
$user_id = $_COOKIE['user_id'];
$logFile = "/home/tnr/query_logs/tnr.".$user_id.".query.log";
uh oh...
--- End Message ---
--- Begin Message ---
On Monday 06 October 2008 9:19:03 am Nathan Rixham wrote:
> So as part of my "new job" I've been asked to research and indeed get
> used to drupal 6; recon I guess.
>
> I've been using it for the past week; figured out all the best modules
> to do everything I want etc etc.
>
> q: do you use drupal 6
> sub-q: and love it
> sub-q: and would rather not
> sub-q: have had to move away due to lack of functionality
> sub-q: have found it actually didn't speed up but rather slowed development
> sub-q: constantly need to write your own php to get it to do what you want.
>
> Thanks for all responses, and please no "go to drupal forums" responses,
> that's like asking microsoft for honest feedback on microsoft products;
> I need the feedback from you skilled php programmers.
>
> ps: personally I've found it's looks v powerful and been a learning
> curve setting it all up + researching modules; but finding it "not
> great" for actually making real world sites!
>
> Many Regards
Well, I'm biased, too, as I'm a Drupal core developer. However, I also use it
professionally to build web sites for clients, mostly institutional
non-profits (museums, universities, etc.), and moving to Drupal was one of
the best decisions my company has ever made. You can't make Drupal do
everything, but you can come very close to "everything" if you know how to
work with it. :-)
In general, if you're not using Views and CCK, you're doing something wrong.
Seriously, that is The Way Of The Future.
You also need to not fall victim to the temptation to "just do it yourself",
especially when it comes to theming. Drupal's power comes from the fact
that, when you get down to it, it really is smarter than you in many ways if
you just learn to trust it. Odds are that whatever you want to do, there's
already a module that does 80% of it or more or else a way to piece together
existing modules to get 90% of it or so. I highly recommend these articles,
written by a colleague of mine:
http://www.palantir.net/blog/sustainable-markup-how-be-a-themer-drupal
http://www.palantir.net/blog/graycor-drupal-theming-works
Along the same lines, use the Zen theme as a base theme (as discussed in those
articles). Again, learn to trust it and don't try to rewrite all of its CSS
and change class names to what you're used to, etc. It's CSS is *really*
solid, and takes care of so much for you it's not even funny. (Disclaimer:
Zen was largely written by another colleague of mine.)
I've seen the same pattern in many people. They try to think that their code
is better than whatever Drupal happens to do, so they fight it and try to do
things "their way". And they waste time and produce something inflexible.
Eventually they realize that wait, Drupal really is that flexible and can do
what you want it to do, if you allow yourself to trust Drupal and go "with
the grain" rather than fighting it. Then you produce magic.
A smattering of Drupal sites that my company has done recently:
http://www.imamuseum.org/ (writeup: http://drupal.org/node/188312)
http://www.artic.edu/aic/collections (writeup: http://drupal.org/node/279485)
http://www.herron.iupui.edu/
http://artsci.wustl.edu/
http://www.firstbt.com/
http://www.virtualk.org/
For us, we no longer ask "so can Drupal do this?" We go straight to "so how
can we do this with Drupal?" because we are already confident that the answer
to the first question is "Yes we can". (Obama reference not intentional.)
--
Larry Garfield
[EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
It will be a Postgres SQL Database and Fields will be like descriptive as
well as Area of land,of street etc specific...
With Regards,
Hemant Patel
On Mon, Oct 6, 2008 at 8:30 PM, Micah Gersten <[EMAIL PROTECTED]> wrote:
> What type of data is in the fields? Also, which database engine?
>
> Thank you,
> Micah Gersten
> onShore Networks
> Internal Developer
> http://www.onshore.com
>
>
>
> Hemant Patel wrote:
> > I have couple of tables with 1,60,00000 records and now i need to
> > search the records based on some crieteria...so which will help me...?
> >
> >
> > On Mon, Oct 6, 2008 at 12:30 PM, Micah Gersten <[EMAIL PROTECTED]
> > <mailto:[EMAIL PROTECTED]>> wrote:
> >
> > The question is, what are you searching for in the records?
> >
> > Thank you,
> > Micah Gersten
> > onShore Networks
> > Internal Developer
> > http://www.onshore.com
> >
> >
> >
> > Hemant Patel wrote:
> > > My question is Whether I should go for Full Text Based search or
> > Database
> > > Search...?And is there algorithm in php which can help me in
> > this case...?
> > >
> > >
> >
> >
>
--- End Message ---
--- Begin Message ---
Michelle Konzack wrote:
> Currently I have
> [snip]
OK, so a plain file-password authentification. That's fine.
> I like to know, whether this is good enough or is there a
> better solution?
Good enough depends entirely on your security requirements, i.e. how
safe do you need the authenticated access to be? Are you protecting
something that is valuable to others? Etc etc.
/Per Jessen, Zürich
--- End Message ---
