php-general Digest 18 Oct 2008 01:38:49 -0000 Issue 5741
Topics (messages 282034 through 282063):
Re: PHP Dev Facts
282034 by: Jason Pruim
282035 by: András Csányi
282036 by: Dan Joseph
282037 by: Boyd, Todd M.
282038 by: Nathan Rixham
282039 by: Thorsten Suckow-Homberg
282043 by: Michal Sokolowski
282044 by: Jay Blanchard
282048 by: Nathan Rixham
282049 by: Daniel Brown
282050 by: Frank Stanovcak
282057 by: Paul Scott
282058 by: Brendon Van Heyzen
282059 by: Nathan Rixham
282060 by: Simon J Welsh
282063 by: VamVan
when mysql is down
282040 by: Rick Pasotto
282041 by: Eric Butera
282042 by: Stut
282045 by: Eric Butera
MYSQL insert problems
282046 by: Frank Stanovcak
282047 by: Frank Stanovcak
282062 by: chris smith
what's the difference in the following code?
282051 by: Lamp Lists
282052 by: Richard Heyes
282053 by: Eric Butera
Securing AJAX requests with PHP?
282054 by: Jay Moore
282055 by: Bastien Koert
282056 by: Jochem Maas
282061 by: Yeti
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
On Oct 16, 2008, at 7:14 PM, Nathan Rixham wrote:
Evening All,
I'd be /really/ interested to know who uses what!
*Procedural or OOP?*
Procedural, haven't learned OOP yet. and besides... $this = $that;
makes more sense to me then $this->$that; :)
*Dev OS*
OS X Leopard (What ever the most current version is)
*Dev PHP Version*
5.2.2 I believe
*Live Server OS*
It used to be a OS X Server running PHP 5.2.2. But after seeing how
fast one of my sites is that is hosted on another server, I may be
switching all my stuff away from hosting it my self :)
*Live Server PHP Version*
5.2.2
*Which HTTP Server Software (+version)?*
Currently, apache 1.2.8 on my box, apache 2.2 on my hosts box
*IDE / Dev Environment*
Apple Xcode 3. Mostly for the syntax highlighting.
*Preferred Framework(s)?*
Haven't found one I like yet.
*Do you Unit Test?*
Not currently... Need to research it more.
*Most Used Internal PHP Class*
probably HEREDOC...
*Preferred OS CMS*
I have used Joomla, and WordPress and like both. Drupal I haven't
tried yet but it looks rather nice.
*Anything else you use frequently in you're PHP'ing that's worth
mentioning:*
I do try and use subversion if I think the project will be larger then
a few files...But I'm not real good at that yet.
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
11287 James St
Holland, MI 49424
www.raoset.com
[EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
2008/10/17 Nathan Rixham <[EMAIL PROTECTED]>:
> Evening All,
>
> I'd be /really/ interested to know who uses what!
>
> *Procedural or OOP?*
OOP but sometimes i have to procedural.
> *Dev OS*
Gentoo Linux
> *Dev PHP Version*
PHP 5.2.6-pl7-gentoo with Suhosin-Patch 0.9.6.2
> *Live Server OS*
FreeBSD
> *Live Server PHP Version*
I don't know. 5.2.x
> *Which HTTP Server Software (+version)?*
Apache 2.2.x
> *IDE / Dev Environment*
Eclipse PDT or vim
> *Preferred Framework(s)?*
Zend Framework
> *Do you Unit Test?*
not yet.
> *Most Used Internal PHP Class*
PDT
> *Preferred OS CMS*
Drupal, but i don't like it.
--
- -
-- Csanyi Andras -- http://sayusi.hu -- Sayusi Ando
-- "Bízzál Istenben és tartsd szárazon a puskaport!".-- Cromwell
--- End Message ---
--- Begin Message ---
On Thu, Oct 16, 2008 at 7:14 PM, Nathan Rixham <[EMAIL PROTECTED]> wrote:
> Evening All,
>
> I'd be /really/ interested to know who uses what!
>
> *Procedural or OOP?*
>
OOP
>
> *Dev OS*
>
Windows & CentOS
>
> *Dev PHP Version*
>
Win 5.1.2, CentOS 5.2.6
>
> *Live Server OS*
>
Windows & CentOS
>
> *Live Server PHP Version*
>
Win 5.1.2, CentOS 5.2.6
>
> *Which HTTP Server Software (+version)?*
>
Win IIS, Cent Apache 2
>
> *IDE / Dev Environment*
>
PhpED
>
> *Preferred Framework(s)?*
>
None
>
> *Do you Unit Test?*
>
Sometimes
>
> *Most Used Internal PHP Class*
>
Soap & Curl
>
> *Preferred OS CMS*
>
I've only ever used Joomla, and it was once...
--
-Dan Joseph
www.canishosting.com - Plans start @ $1.99/month.
"Build a man a fire, and he will be warm for the rest of the day.
Light a man on fire, and will be warm for the rest of his life."
--- End Message ---
--- Begin Message ---
> -----Original Message-----
> From: Nathan Rixham [mailto:[EMAIL PROTECTED]
> Sent: Thursday, October 16, 2008 6:14 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] PHP Dev Facts
>
> *Procedural or OOP?*
Depends on the project.
Large scope: OOP
Small scope: (usually) Procedural
...but I've been known to go OOP on small projects if it seems more
logical.
> *Dev OS*
WinXP and Ubuntu 7
> *Dev PHP Version*
Home: 5.2.6
Work: 4.4.9
> *Live Server OS*
Home: Windows Server 2003 and Ubuntu
Work: Windows Server 2003
> *Live Server PHP Version*
Home: 5.2.6
Work: 4.4.9
> *Which HTTP Server Software (+version)?*
Home: IIS 6/7 and Apache 2.2.10
Work: IIS 6
> *IDE / Dev Environment*
Crimson Editor
> *Preferred Framework(s)?*
None
> *Do you Unit Test?*
Generally, no
> *Most Used Internal PHP Class*
cURL and SimpleXML (or whatever it's called now)
> *Preferred OS CMS*
None
> *Anything else you use frequently in you're PHP'ing that's worth
> mentioning:*
PCRE, baby!
Todd Boyd
Web Programmer
--- End Message ---
--- Begin Message ---
just a quick note to say I'll compile all this into something more
meaningful and publish later on tonight :-) nice to see so many responses.
--
nathan ( [EMAIL PROTECTED] )
{
Senior Web Developer
php + java + flex + xmpp + xml + ecmascript
web development edinburgh | http://kraya.co.uk/
}
--- End Message ---
--- Begin Message ---
> *Procedural or OOP?*
OOP
> *Dev OS*
Windows XP
> *Dev PHP Version*
5.2.6
> *Live Server OS*
-
> *Live Server PHP Version*
-
> *Which HTTP Server Software (+version)?*
Apache 2.2
> *IDE / Dev Environment*
UltraEdit
> *Preferred Framework(s)?*
Zend Framework, Ext JS
> *Do you Unit Test?*
Of course.
> *Most Used Internal PHP Class*
PDO
> *Preferred OS CMS*
Wordpress ;)
--- End Message ---
--- Begin Message ---
2008/10/17 Nathan Rixham <[EMAIL PROTECTED]>
> Evening All,
>
> I'd be /really/ interested to know who uses what!
>
> *Procedural or OOP?*
>
Mostly OO
>
> *Dev OS*
>
Ubuntu Hardy
>
> *Dev PHP Version*
>
5.2.? - I don't remember
>
> *Live Server OS*
>
CentOS, Fedora
>
> *Live Server PHP Version*
>
5.2.?
>
> *Which HTTP Server Software (+version)?*
>
Apache 2.2
>
> *IDE / Dev Environment*
>
Eclipse Ganymede + PDT
>
> *Preferred Framework(s)?*
Hopefully Zend soon, as I'm learning it now.
>
>
> *Do you Unit Test?*
No
>
>
> *Most Used Internal PHP Class*
PDO, Mysqli
>
>
> *Preferred OS CMS*
WordPress
>
>
> *Anything else you use frequently in you're PHP'ing that's worth
> mentioning:*
No
>
>
> ps: I'm not asking for any kind of research project, just interested and
> interested to know what's most common + might learn something/find some new
> tools/toys!
>
> pps: will reply myself as well but if I do here it'll make your intertwined
> replies messy!
>
> Many Regards
>
> Nathan
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
[snip]
just a quick note to say I'll compile all this into something more
meaningful and publish later on tonight :-) nice to see so many
responses.
[/snip]
It's Friday night, shouldn't you be going to the pub instead?
--- End Message ---
--- Begin Message ---
Jay Blanchard wrote:
[snip]
just a quick note to say I'll compile all this into something more
meaningful and publish later on tonight :-) nice to see so many
responses.
[/snip]
It's Friday night, shouldn't you be going to the pub instead?
wanna baby sit?
--
nathan ( [EMAIL PROTECTED] )
{
Senior Web Developer
php + java + flex + xmpp + xml + ecmascript
web development edinburgh | http://kraya.co.uk/
}
--- End Message ---
--- Begin Message ---
On Fri, Oct 17, 2008 at 12:11 PM, Jay Blanchard <[EMAIL PROTECTED]> wrote:
>
> It's Friday night, shouldn't you be going to the pub instead?
In another eight years he'll be glad to do that. Little-known
fact: Nate is the world's smartest 12-year-old.
</kidding>
--
</Daniel P. Brown>
More full-root dedicated server packages:
Intel 2.4GHz/60GB/512MB/2TB $49.99/mo.
Intel 3.06GHz/80GB/1GB/2TB $59.99/mo.
Intel 2.4GHz/320/GB/1GB/3TB $74.99/mo.
Dedicated servers, VPS, and hosting from $2.50/mo.
--- End Message ---
--- Begin Message ---
""Daniel Brown"" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> On Fri, Oct 17, 2008 at 12:11 PM, Jay Blanchard <[EMAIL PROTECTED]>
> wrote:
>>
>> It's Friday night, shouldn't you be going to the pub instead?
>
> In another eight years he'll be glad to do that. Little-known
> fact: Nate is the world's smartest 12-year-old.
>
> </kidding>
Shouldn't that be <!kidding> ?
>
> --
> </Daniel P. Brown>
> More full-root dedicated server packages:
> Intel 2.4GHz/60GB/512MB/2TB $49.99/mo.
> Intel 3.06GHz/80GB/1GB/2TB $59.99/mo.
> Intel 2.4GHz/320/GB/1GB/3TB $74.99/mo.
> Dedicated servers, VPS, and hosting from $2.50/mo.
--- End Message ---
--- Begin Message ---
On Fri, 2008-10-17 at 00:14 +0100, Nathan Rixham wrote:
> Evening All,
>
> I'd be /really/ interested to know who uses what!
>
> *Procedural or OOP?*
>
OOP
> *Dev OS*
>
Ubuntu 8.04
> *Dev PHP Version*
>
PHP-5.2.3
> *Live Server OS*
>
Debian
> *Live Server PHP Version*
>
PHP-5.2.3
> *Which HTTP Server Software (+version)?*
>
Apache 2
> *IDE / Dev Environment*
>
Zend Studio / Vim / nano
> *Preferred Framework(s)?*
>
Chisimba
> *Do you Unit Test?*
>
Yes - PHPUnit3
> *Most Used Internal PHP Class*
>
SPL classes
> *Preferred OS CMS*
>
Chisimba CMS
--Paul
All Email originating from UWC is covered by disclaimer
http://www.uwc.ac.za/portal/public/portal_services/disclaimer.htm
--- End Message ---
--- Begin Message ---
*Procedural or OOP?*
I try now to do everything OOP, its just worth spending the extra time
(depending) going the OOP route even on small tasks
*Dev OS*
Mac OS X 10.5.5
*Dev PHP Version*
5.2.6
*Live Server OS*
Gentoo linux (not sure version)
*Live Server PHP Version*
5.2.5 (haven't upgraded it, i've been lazy)
*Which HTTP Server Software (+version)?*
apache 2.2
*IDE / Dev Environment*
Zend Studio for eclipse, macvim
*Preferred Framework(s)?*
Zend Framework
*Do you Unit Test?*
None my of current projects, but future stuff i'm really going to push
for it.
*Most Used Internal PHP Class*
pdo, mysqli
*Preferred OS CMS*
none really
*Anything else you use frequently in you're PHP'ing that's worth
mentioning:*
Have to say using eclipse/zend for eclipse with mylyn/tasktop really
helps in keeping up with bug tracking (trac) with all my projects.
Helps to
keep everything organized, especially when management wants to know
what's going on. SVN is also crucial and its nice to have commit hooks
to work with trac.
--Brendon
On Oct 16, 2008, at 7:14 PM, Nathan Rixham wrote:
Evening All,
I'd be /really/ interested to know who uses what!
*Procedural or OOP?*
*Dev OS*
*Dev PHP Version*
*Live Server OS*
*Live Server PHP Version*
*Which HTTP Server Software (+version)?*
*IDE / Dev Environment*
*Preferred Framework(s)?*
*Do you Unit Test?*
*Most Used Internal PHP Class*
*Preferred OS CMS*
*Anything else you use frequently in you're PHP'ing that's worth
mentioning:*
ps: I'm not asking for any kind of research project, just interested
and interested to know what's most common + might learn something/
find some new tools/toys!
pps: will reply myself as well but if I do here it'll make your
intertwined replies messy!
Many Regards
Nathan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Brendon Van Heyzen wrote:
Have to say using eclipse/zend for eclipse with mylyn/tasktop really
helps in keeping up with bug tracking (trac) with all my projects. Helps to
keep everything organized, especially when management wants to know
what's going on. SVN is also crucial and its nice to have commit hooks
to work with trac.
cheers! 2 questions;
a- (more out of interest) any problems with tasktop? I've found it a bit
buggy/pain to install in ganymede (although mylyn works a dream)
b- mylyn with trac and svn; does the set-up allow yuo to automatically
submit the bug update/notes with the files to svn; ie bugtracker and svn
reports in sync if only via text? + have you compared to
mylyn/bugtracker? I'd be ultra-interested to know (and tbh would save me
some more research)
--- End Message ---
--- Begin Message ---
On 17/10/2008, at 12:14, Nathan Rixham wrote:
*Procedural or OOP?*
OOP
*Dev OS*
Mac OS 10.5.5
*Dev PHP Version*
5.2.5
*Live Server OS*
Linux 2.6.9-42.0.3.ELsmp #1 SMP
*Live Server PHP Version*
5.2.6
*Which HTTP Server Software (+version)?*
Apache 1.3.41 live and Apache 2.2.8 dev
*IDE / Dev Environment*
Zend Studio for Eclipse 6.1
*Preferred Framework(s)?*
Sapphire
*Do you Unit Test?*
Do now.
*Most Used Internal PHP Class*
Not sure. Whichever one Sapphire uses the most.
*Preferred OS CMS*
SilverStripe
*Anything else you use frequently in you're PHP'ing that's worth
mentioning:*
---
Simon Welsh
Admin of http://simon.geek.nz/
Who said Microsoft never created a bug-free program? The blue screen
never, ever crashes!
http://www.thinkgeek.com/brain/gimme.cgi?wid=81d520e5e
--- End Message ---
--- Begin Message ---
On Thu, Oct 16, 2008 at 4:14 PM, Nathan Rixham <[EMAIL PROTECTED]> wrote:
> Evening All,
>
> I'd be /really/ interested to know who uses what!
>
> *Procedural or OOP?*
OOP
>
>
> *Dev OS*
Centos , some time XAMPP n
>
>
> *Dev PHP Version*
5.2.6
>
>
> *Live Server OS*
Centos
>
>
> *Live Server PHP Version*
5.2.6
>
>
> *Which HTTP Server Software (+version)?*
Apache 2.0.2
>
>
> *IDE / Dev Environment*
Zend Studio
>
>
> *Preferred Framework(s)?*
Cake
>
>
> *Do you Unit Test?*
Yes most my apps. I use simpletest
>
>
> *Most Used Internal PHP Class*
Simplexml
>
>
> *Preferred OS CMS*
Drupal
>
>
> *Anything else you use frequently in you're PHP'ing that's worth
> mentioning:*
>
> ps: I'm not asking for any kind of research project, just interested and
> interested to know what's most common + might learn something/find some new
> tools/toys!
>
> pps: will reply myself as well but if I do here it'll make your intertwined
> replies messy!
>
> Many Regards
>
> Nathan
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
Today my hosting company took down the mysql server for about 1/2 hour.
As a result some php errors displayed.
All of my pages have a random quote from a mysql table. If it's not
available it's really not a big deal. However, some of the pages depend
entirely on data from the database.
What's the best way to handle this? If the mysql is required should I
redirect to the front page (which doesn't need mysql except for the
quote) or show a blank (or error message) content area (navigation would
still be available as it's the same on all pages)?
The quote is from an include file. What's the best way to output nothing
if the mysql connection fails?
I realize these are probably elementary questions but any advice would
be appreciated.
--
"... the state ... is not armed with superior honesty, but
with superior physical strength." -- Henry David Thoreau
Rick Pasotto [EMAIL PROTECTED] http://www.niof.net
--- End Message ---
--- Begin Message ---
On Fri, Oct 17, 2008 at 11:52 AM, Rick Pasotto <[EMAIL PROTECTED]> wrote:
> Today my hosting company took down the mysql server for about 1/2 hour.
> As a result some php errors displayed.
>
> All of my pages have a random quote from a mysql table. If it's not
> available it's really not a big deal. However, some of the pages depend
> entirely on data from the database.
>
> What's the best way to handle this? If the mysql is required should I
> redirect to the front page (which doesn't need mysql except for the
> quote) or show a blank (or error message) content area (navigation would
> still be available as it's the same on all pages)?
>
> The quote is from an include file. What's the best way to output nothing
> if the mysql connection fails?
>
> I realize these are probably elementary questions but any advice would
> be appreciated.
>
> --
> "... the state ... is not armed with superior honesty, but
> with superior physical strength." -- Henry David Thoreau
> Rick Pasotto [EMAIL PROTECTED] http://www.niof.net
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Depends on how you're fetching the data.
For instance in my scripts if I'm showing a list of records I'll do it
like this:
$items = $itemGateway->fetch();
if ($items->isSuccess() !== true OR $items->count() === 0) {
echo "<strong>No items exist</strong";
return;
}
while ($item = $items->fetchAssoc()):
// render content
endwhile;
This check ensures that if something goes wrong, I'm still covered.
Even if I can't connect it will just say no records exist. Of course
there are other ways of handling this too because internally if I
can't connect it will throw an exception, so I could just not catch
the exception and it'd bubble up showing the user an error page.
I can do this because my ItemGateway will call my db query method.
This then triggers the connect if it hasn't established one already.
So depending on your set up you might have to go upstream from your
data fetching with checks.
Perhaps something like:
// at top of your script/db include
$con = mysql_connect()
if (!is_resource($con)) {
set 500 error header
include error page
}
or
// inside your random_quote.php
$sql = "SELECT RANDOM ENTRY";
$res = mysql_query($sql, $con);
if (!is_resource($res)) {
// do nothing if random quote result doesn't exist
return;
}
So decide for yourself if the database not connecting is a fatal error
or not. If it is, then show an error page with a error header.
Otherwise just show a note saying oops.
--- End Message ---
--- Begin Message ---
On 17 Oct 2008, at 16:52, Rick Pasotto wrote:
Today my hosting company took down the mysql server for about 1/2
hour.
As a result some php errors displayed.
Firstly if they didn't tell you it was going to happen then I suggest
you change host. Unless it was an emergency, but even then they should
have contacted you as soon as they knew it was going to happen.
All of my pages have a random quote from a mysql table. If it's not
available it's really not a big deal. However, some of the pages
depend
entirely on data from the database.
What's the best way to handle this? If the mysql is required should I
redirect to the front page (which doesn't need mysql except for the
quote) or show a blank (or error message) content area (navigation
would
still be available as it's the same on all pages)?
The quote is from an include file. What's the best way to output
nothing
if the mysql connection fails?
I realize these are probably elementary questions but any advice would
be appreciated.
Production websites should have display_errors off in php.ini. This
will prevent the site from displaying PHP errors at all. PHP errors
can reveal more about your site than you want to share and could
potentially reveal holes.
To answer your question you simply need to check the return value from
the connection function. It sounds like you're not doing this and just
going ahead and trying to use the connection regardless. The best way
to avoid errors is to not do stuff that will cause them.
Ideally if you cannot create the page that was requested you should
return a 503 HTTP error, a message indicating a temporary problem and
end the script there. Not only does this inform your users that the
problem is temporary it also indicates to search engines that they
should not index this page right now but that the URL is still valid.
-Stut
--
http://stut.net/
--- End Message ---
--- Begin Message ---
On Fri, Oct 17, 2008 at 12:07 PM, Stut <[EMAIL PROTECTED]> wrote:
> On 17 Oct 2008, at 16:52, Rick Pasotto wrote:
>>
>> Today my hosting company took down the mysql server for about 1/2 hour.
>> As a result some php errors displayed.
>
> Firstly if they didn't tell you it was going to happen then I suggest you
> change host. Unless it was an emergency, but even then they should have
> contacted you as soon as they knew it was going to happen.
>
>> All of my pages have a random quote from a mysql table. If it's not
>> available it's really not a big deal. However, some of the pages depend
>> entirely on data from the database.
>>
>> What's the best way to handle this? If the mysql is required should I
>> redirect to the front page (which doesn't need mysql except for the
>> quote) or show a blank (or error message) content area (navigation would
>> still be available as it's the same on all pages)?
>>
>> The quote is from an include file. What's the best way to output nothing
>> if the mysql connection fails?
>>
>> I realize these are probably elementary questions but any advice would
>> be appreciated.
>
> Production websites should have display_errors off in php.ini. This will
> prevent the site from displaying PHP errors at all. PHP errors can reveal
> more about your site than you want to share and could potentially reveal
> holes.
>
> To answer your question you simply need to check the return value from the
> connection function. It sounds like you're not doing this and just going
> ahead and trying to use the connection regardless. The best way to avoid
> errors is to not do stuff that will cause them.
>
> Ideally if you cannot create the page that was requested you should return a
> 503 HTTP error, a message indicating a temporary problem and end the script
> there. Not only does this inform your users that the problem is temporary it
> also indicates to search engines that they should not index this page right
> now but that the URL is still valid.
>
> -Stut
>
> --
> http://stut.net/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Okay I just replaced 500 with 503 in my stuff. Thanks for the tip.
--- End Message ---
--- Begin Message ---
I'm using the following code to try and do a simple insert query. However
it won't insert the data into the table, and I get no error messages. What
have I done wrong this time?
<?php
session_start();
$connection = mysql_connect('localhost','yeah','right');
mysql_select_db('envelope1',$connection);
$filtered = $_SESSION['filtered'];
mysql_query('INSERT INTO shipped (FKOESalesOrder,FKUSUsers, DateEntered,
DateShipped,Quantity, Cases, Pallets, Weight, FKUSShippedBy, BillofLading,)
VALUES (' . $filtered['SalesOrder'] . ', 1, ' . date('MM/DD/YYYY', time()) .
', ' . $filtered['ShipDate'] . ', ' . $_SESSION['quantity'] . ', ' .
$_SESSION['cases'] . ', ' . $filtered['FullPallets'] . ', ' .
$filtered['Weight'] . ', ' . $filtered['ShippedBy'] . ', ' .
$filtered['BillofLading'] . ')', $connection);
$that = mysql_query('SELECT * FROM shipped',$connection);
$i = 0;
while($result_row = mysql_fetch_array($that,MYSQL_ASSOC)) {
echo ++$i;
foreach($result_row as $key => $value) {
echo $key . ' : ' . $value . '<br>';
};
echo '<br>';
};
mysql_close($connection);
include('..\VariableReveal.php');
?>
--- End Message ---
--- Begin Message ---
Just incase the problem was refrencing an array in an SQL statement I tried
this too with the same result.
<?php
session_start();
$connection = mysql_connect('localhost','FrankS','rastane');
mysql_select_db('envelope1',$connection);
$filtered = $_SESSION['filtered'];
$salesorder = $filtered['SalesOrder'];
$user = 1;
$date = date('m/d/Y', time());
$shipdate = $filtered['ShipDate'];
$quantity = $_SESSION['quantity'];
$cases = $_SESSION['cases'];
$pallets = $filtered['FullPallets'];
$weight = $filtered['Weight'];
$shippedby = $filtered['ShippedBy'];
$billoflading = $filtered['BillofLading'];
mysql_query("INSERT INTO shipped
(FKOESalesOrder,
FKUSUsers,
DateEntered,
DateShipped,
Quantity,
Cases,
Pallets,
Weight,
FKUSShippedBy,
BillofLading,)
VALUES
('$salesorder',
'$user',
'$date',
'$shipdate',
'$quantity',
'$cases',
'$pallets',
'$weight',
'$shippedby',
'$billoflading')", $connection);
$that = mysql_query('SELECT * FROM shipped',$connection);
$i = 0;
while($result_row = mysql_fetch_array($that,MYSQL_ASSOC)) {
echo ++$i;
foreach($result_row as $key => $value) {
echo $key . ' : ' . $value . '<br>';
};
echo '<br>';
};
mysql_close($connection);
include('..\VariableReveal.php');
?>
--- End Message ---
--- Begin Message ---
On Sat, Oct 18, 2008 at 3:22 AM, Frank Stanovcak
<[EMAIL PROTECTED]> wrote:
> I'm using the following code to try and do a simple insert query. However
> it won't insert the data into the table, and I get no error messages. What
> have I done wrong this time?
You will be getting an error.
echo mysql_error();
> DateShipped,Quantity, Cases, Pallets, Weight, FKUSShippedBy, BillofLading,)
Extra comma at the end of BillofLading.
Also you should really use mysql_real_escape_string for non-numeric
values, and at least check stuff like $_SESSION['quantity'] is a
number.
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
I'm reading "Essential PHP Security" by Chris Shiflett.
on the very beginning, page 5 & 6, if I got it correct, he said this is not
good:
$search = isset($_GET['search']) ? $_GET['search'] : '';
and this is good:
$search = '';
if (isset($_GET['search']))
{
$search = $_GET['search'];
}
what's the difference? I really can't see?
to me is more the way you like to write your code (and I like the top one :-) )?
thanks.
-ll
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--- End Message ---
--- Begin Message ---
> I'm reading "Essential PHP Security" by Chris Shiflett.
>
> on the very beginning, page 5 & 6, if I got it correct, he said this is not
> good:
>
> $search = isset($_GET['search']) ? $_GET['search'] : '';
>
> and this is good:
>
> $search = '';
> if (isset($_GET['search']))
> {
> $search = $_GET['search'];
> }
>
> what's the difference? I really can't see?
> to me is more the way you like to write your code (and I like the top one :-)
> )?
They appear to be the same (to me at least). Just remember that you
need to correctly sanitise or quote them before using them in a (for
example) SQL query. For example if $_GET['search'] contains single
quote, (or double quote), your query may break. Ensure you handle that
eventuality too.
--
Richard Heyes
HTML5 Graphing for FF, Chrome, Opera and Safari:
http://www.rgraph.org
--- End Message ---
--- Begin Message ---
On Fri, Oct 17, 2008 at 1:58 PM, Lamp Lists <[EMAIL PROTECTED]> wrote:
> I'm reading "Essential PHP Security" by Chris Shiflett.
>
> on the very beginning, page 5 & 6, if I got it correct, he said this is not
> good:
>
> $search = isset($_GET['search']) ? $_GET['search'] : '';
>
> and this is good:
>
> $search = '';
> if (isset($_GET['search']))
> {
> $search = $_GET['search'];
> }
>
> what's the difference? I really can't see?
> to me is more the way you like to write your code (and I like the top one :-)
> )?
>
> thanks.
>
> -ll
In this exact context there's no real difference. But in the real
world when you need to validate that a input value is a number and has
a minimum of X, a maximum of X, then your ternary shortcut will not
cut it.
I still wouldn't write mine either of those ways. Look into
ext/filter [1] or Zend validators [2]. I'm of the school where you
shouldn't sanitize a value, but rather validate it and escape it
appropriately based on usage context. This takes a lot of discipline
& can be dangerous if you forget even one spot.
[1] http://us3.php.net/manual/en/function.filter-input.php
[2] http://framework.zend.com/manual/en/zend.validate.html
--- End Message ---
--- Begin Message ---
I realize this isn't really about PHP, but I was hoping maybe someone
had a way to make AJAX a little bit more secure using PHP.
I was thinking of making my AJAX calls also pass the current session id,
and have my PHP script check to make sure it's a valid id, but I'm open
to other ideas.
Do you guys use PHP to make AJAX calls a little bit more secure? What
/do/ you use?
I hope this isn't too off-topic.
Thanks,
Jay
--- End Message ---
--- Begin Message ---
On Fri, Oct 17, 2008 at 3:08 PM, Jay Moore <[EMAIL PROTECTED]> wrote:
> I realize this isn't really about PHP, but I was hoping maybe someone had a
> way to make AJAX a little bit more secure using PHP.
>
> I was thinking of making my AJAX calls also pass the current session id,
> and have my PHP script check to make sure it's a valid id, but I'm open to
> other ideas.
>
> Do you guys use PHP to make AJAX calls a little bit more secure? What /do/
> you use?
>
> I hope this isn't too off-topic.
>
> Thanks,
> Jay
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
> I use a hashed user id and a one time token passed with every request. No
token or hash, and the scripts stops right there, then compares the token to
the value stored in the user's session object. If that passed, i validate
the user hash against the users session to ensure that they haven't just
been suspended or had their account altered in some way
--
Bastien
Cat, the other other white meat
--- End Message ---
--- Begin Message ---
Jay Moore schreef:
> I realize this isn't really about PHP, but I was hoping maybe someone
> had a way to make AJAX a little bit more secure using PHP.
>
> I was thinking of making my AJAX calls also pass the current session id,
the browser should still send the session cookie for async requests. so
you get this info for free.
using one-time tokens isn't going to hurt at all (well a few extra CPU cycles,
but whose counting :-))
> and have my PHP script check to make sure it's a valid id, but I'm open
> to other ideas.
>
> Do you guys use PHP to make AJAX calls a little bit more secure? What
> /do/ you use?
>
> I hope this isn't too off-topic.
>
> Thanks,
> Jay
>
--- End Message ---
--- Begin Message ---
>but whose counting :-))
Someone is for sure. Maybe the scheduler?
--- End Message ---
