php-general Digest 19 Oct 2008 02:25:17 -0000 Issue 5743
Topics (messages 282072 through 282090):
Re: what's the difference in the following code?
282072 by: Carlos Medina
282075 by: Yeti
282076 by: Dotan Cohen
282080 by: Robert Cummings
282083 by: Yeti
Re: Securing AJAX requests with PHP?
282073 by: Yeti
282074 by: Jay Moore
Convert video to FLV like youtube
282077 by: Ryan S
282078 by: Daniel Brown
282079 by: Daniel Brown
282082 by: Robert Cummings
282084 by: Dotan Cohen
282085 by: Nitsan Bin-Nun
282087 by: Ashley Sheridan
Re: paging at which level
282081 by: Robert Cummings
282086 by: Ashley Sheridan
Form Loop
282088 by: Terry J Daichendt
282089 by: Shawn McKenzie
282090 by: Rick Pasotto
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Hi,
why say Chris Shiflett that this is not good: because security problems
or because you cannot see very good what the code do?.
Regards
Carlos
Lamp Lists schrieb:
I'm reading "Essential PHP Security" by Chris Shiflett.
on the very beginning, page 5 & 6, if I got it correct, he said this is not
good:
$search = isset($_GET['search']) ? $_GET['search'] : '';
and this is good:
$search = '';
if (isset($_GET['search']))
{
$search = $_GET['search'];
}
what's the difference? I really can't see?
to me is more the way you like to write your code (and I like the top one :-) )?
thanks.
-ll
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--- End Message ---
--- Begin Message ---
I would understand it if it was like this ..
<?php
$search = isset($_GET['search']) ? $_GET['search'] : '';
# versus
if (isset($_GET['search'])) { $search = $_GET['search']; }
?>
In the first statement $search would either be set to $_GET['search']
or an empty string, whereas in the second statement $search would only
be set, if there is a $_GET['search']
//A yeti
--- End Message ---
--- Begin Message ---
2008/10/17 Lamp Lists <[EMAIL PROTECTED]>:
> I'm reading "Essential PHP Security" by Chris Shiflett.
>
> on the very beginning, page 5 & 6, if I got it correct, he said this is not
> good:
>
> $search = isset($_GET['search']) ? $_GET['search'] : '';
>
> and this is good:
>
> $search = '';
> if (isset($_GET['search']))
> {
> $search = $_GET['search'];
> }
>
> what's the difference? I really can't see?
> to me is more the way you like to write your code (and I like the top one :-)
> )?
>
> thanks.
>
> -ll
>
Chris posts here, you might want to stfa for his address and cc him
the question to the list. Just be sure not to bug him offlist, that is
generally frowned upon.
--
Dotan Cohen
http://what-is-what.com
http://gibberish.co.il
א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת
ä-ö-ü-ß-Ä-Ö-Ü
--- End Message ---
--- Begin Message ---
On Sat, 2008-10-18 at 08:44 -0700, Yeti wrote:
> I would understand it if it was like this ..
>
> <?php
> $search = isset($_GET['search']) ? $_GET['search'] : '';
> # versus
> if (isset($_GET['search'])) { $search = $_GET['search']; }
> ?>
>
> In the first statement $search would either be set to $_GET['search']
> or an empty string, whereas in the second statement $search would only
> be set, if there is a $_GET['search']
Wrong. They are equivalent. The second is probably just easier to follow
with a clearly defined default value outside the conditional block.
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--- End Message ---
--- Begin Message ---
> Wrong. They are equivalent. The second is probably just easier to follow
> with a clearly defined default value outside the conditional block.
Well, leaving out the default value at the 2nd if statement makes a
difference and that's what I did.
Here is the code I changed again ..
Set to $_GET['search'] or an empty string
<?php
$search = isset($_GET['search']) ? $_GET['search'] : '';
?>
Only set if there is a $_GET['search']
<?php
// no default value <<<
if (isset($_GET['search'])) $search = $_GET['search'];
?>
--- End Message ---
--- Begin Message ---
Ok, but how safe are tokens?
Thinking of man in the middle attacks they do not make much sense, do they?
--- End Message ---
--- Begin Message ---
Yeti wrote:
Ok, but how safe are tokens?
Thinking of man in the middle attacks they do not make much sense, do they?
That's what I was thinking too. If I'm deleting an entry from a
database with AJAX, I don't want someone looking at my Javascript and
saying, "Hmm, all I need to do is pass this info to this URL and I can
delete at will."
--- End Message ---
--- Begin Message ---
Hey!
Been googleing for a way to convert video to flv just like youtube and came
accross the flv SDK kit, unfortunately it seems to only support C++, Delphi and
C#
Have any of you guys come accross a php script that does this? any links,
pointers and code would be appreciated.
TIA,
R
------
- The faulty interface lies between the chair and the keyboard.
- Creativity is great, but plagiarism is faster!
- Smile, everyone loves a moron. :-)
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--- End Message ---
--- Begin Message ---
On Sat, Oct 18, 2008 at 12:54 PM, Ryan S <[EMAIL PROTECTED]> wrote:
>
> Been googleing for a way to convert video to flv just like youtube and came
> accross the flv SDK kit, unfortunately it seems to only support C++, Delphi
> and C#
FFMPEG is the standard now.
--
</Daniel P. Brown>
Founder, CEO - Parasane, LLC
http://www.parasane.net/
--- End Message ---
--- Begin Message ---
On Sat, Oct 18, 2008 at 1:02 PM, Daniel Brown <[EMAIL PROTECTED]> wrote:
>
> FFMPEG is the standard now.
.... err.... not just "now." Not sure why I typed that.
--
</Daniel P. Brown>
Founder, CEO - Parasane, LLC
http://www.parasane.net/
--- End Message ---
--- Begin Message ---
On Sat, 2008-10-18 at 09:54 -0700, Ryan S wrote:
> Hey!
>
> Been googleing for a way to convert video to flv just like youtube and came
> accross the flv SDK kit, unfortunately it seems to only support C++, Delphi
> and C#
>
>
> Have any of you guys come accross a php script that does this? any links,
> pointers and code would be appreciated.
I'm going to wager that any script that does this is punting to an
external library to perform the conversion. Using ffmpeg and mencoder
comes to mind.
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--- End Message ---
--- Begin Message ---
2008/10/18 Ryan S <[EMAIL PROTECTED]>:
> Hey!
>
> Been googleing for a way to convert video to flv just like youtube and came
> accross the flv SDK kit, unfortunately it seems to only support C++, Delphi
> and C#
>
>
> Have any of you guys come accross a php script that does this? any links,
> pointers and code would be appreciated.
>
Here is the script that I use to convert videos to flash for use on
http://dotancohen.com my personal website:
[EMAIL PROTECTED]:~$ cat .bin/video-flv_png
#!/bin/bash
filename="$@"
filename=${filename%.*}
ffmpeg -sameq -i "$@" -s 640x480 -ar 44100 -r 25 $filename.flv -pass 2
ffmpeg -itsoffset -0 -i "$@" -vcodec png -vframes 1 -an -f rawvideo
-s 640x480 $filename.1.png
ffmpeg -itsoffset -0.5 -i "$@" -vcodec png -vframes 1 -an -f
rawvideo -s 640x480 $filename.2.png
ffmpeg -itsoffset -1 -i "$@" -vcodec png -vframes 1 -an -f rawvideo
-s 640x480 $filename.3.png
In addition to the video it creates three png files, from the first
few frames of the video. I choose one of these pngs (rm the other two)
and use it as the thumbnail for the video in the flash-based player.
Feel free to check out my site for example code.
--
Dotan Cohen
http://what-is-what.com
http://gibberish.co.il
א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת
ä-ö-ü-ß-Ä-Ö-Ü
--- End Message ---
--- Begin Message ---
Straightforward and useful, I have added it to the "videos conversion"
snippets directory ;)
Sokot Sameh,
Nitsan Bin-Nun
On Sat, Oct 18, 2008 at 10:45 PM, Dotan Cohen <[EMAIL PROTECTED]> wrote:
> 2008/10/18 Ryan S <[EMAIL PROTECTED]>:
> > Hey!
> >
> > Been googleing for a way to convert video to flv just like youtube and
> came accross the flv SDK kit, unfortunately it seems to only support C++,
> Delphi and C#
> >
> >
> > Have any of you guys come accross a php script that does this? any links,
> pointers and code would be appreciated.
> >
>
> Here is the script that I use to convert videos to flash for use on
> http://dotancohen.com my personal website:
>
> [EMAIL PROTECTED]:~$ cat .bin/video-flv_png
> #!/bin/bash
> filename="$@"
> filename=${filename%.*}
> ffmpeg -sameq -i "$@" -s 640x480 -ar 44100 -r 25 $filename.flv -pass 2
> ffmpeg -itsoffset -0 -i "$@" -vcodec png -vframes 1 -an -f rawvideo
> -s 640x480 $filename.1.png
> ffmpeg -itsoffset -0.5 -i "$@" -vcodec png -vframes 1 -an -f
> rawvideo -s 640x480 $filename.2.png
> ffmpeg -itsoffset -1 -i "$@" -vcodec png -vframes 1 -an -f rawvideo
> -s 640x480 $filename.3.png
>
>
>
> In addition to the video it creates three png files, from the first
> few frames of the video. I choose one of these pngs (rm the other two)
> and use it as the thumbnail for the video in the flash-based player.
> Feel free to check out my site for example code.
>
> --
> Dotan Cohen
>
> http://what-is-what.com
> http://gibberish.co.il
> א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת
>
> ä-ö-ü-ß-Ä-Ö-Ü
>
--- End Message ---
--- Begin Message ---
On Sat, 2008-10-18 at 23:23 +0200, Nitsan Bin-Nun wrote:
> Straightforward and useful, I have added it to the "videos conversion"
> snippets directory ;)
>
> Sokot Sameh,
> Nitsan Bin-Nun
>
> On Sat, Oct 18, 2008 at 10:45 PM, Dotan Cohen <[EMAIL PROTECTED]> wrote:
>
> > 2008/10/18 Ryan S <[EMAIL PROTECTED]>:
> > > Hey!
> > >
> > > Been googleing for a way to convert video to flv just like youtube and
> > came accross the flv SDK kit, unfortunately it seems to only support C++,
> > Delphi and C#
> > >
> > >
> > > Have any of you guys come accross a php script that does this? any links,
> > pointers and code would be appreciated.
> > >
> >
> > Here is the script that I use to convert videos to flash for use on
> > http://dotancohen.com my personal website:
> >
> > [EMAIL PROTECTED]:~$ cat .bin/video-flv_png
> > #!/bin/bash
> > filename="$@"
> > filename=${filename%.*}
> > ffmpeg -sameq -i "$@" -s 640x480 -ar 44100 -r 25 $filename.flv -pass 2
> > ffmpeg -itsoffset -0 -i "$@" -vcodec png -vframes 1 -an -f rawvideo
> > -s 640x480 $filename.1.png
> > ffmpeg -itsoffset -0.5 -i "$@" -vcodec png -vframes 1 -an -f
> > rawvideo -s 640x480 $filename.2.png
> > ffmpeg -itsoffset -1 -i "$@" -vcodec png -vframes 1 -an -f rawvideo
> > -s 640x480 $filename.3.png
> >
> >
> >
> > In addition to the video it creates three png files, from the first
> > few frames of the video. I choose one of these pngs (rm the other two)
> > and use it as the thumbnail for the video in the flash-based player.
> > Feel free to check out my site for example code.
> >
> > --
> > Dotan Cohen
> >
> > http://what-is-what.com
> > http://gibberish.co.il
<> א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת
> >
> > ä-ö-ü-ß-Ä-Ö-Ü
> >
I've done a similar thing for a system at work, but I have noticed that
it sometimes creates buggy FLVs from WMV clips. It might just be the way
that the encodings differ, and despite working for a media company, I
still have no idea about all the differing rates (frames, video, audio)
inside of one clip, so I think it may just be my bad understanding of
it.
Ash
www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On Sat, 2008-10-18 at 12:54 +0200, Alain Roger wrote:
> Hi,
>
> i would like to know what is the best approach for paging ?
> usually i use PEAR and page thanks their table library, but to avoid high
> transfer of data from DB to PHP page it is better to do the paging at
> database level.
If you want top page data then you absolutely should NOT retrieve the
entire set of results (unless they are less than your paging length).
> I would like to know what is your point of view on this topic and what do
> you use to do ?
Use a paging system that takes a query or can build the query itself.
Most decent libraries or frameworks have something already built to do
so.
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--- End Message ---
--- Begin Message ---
On Sat, 2008-10-18 at 12:54 +0200, Alain Roger wrote:
> Hi,
>
> i would like to know what is the best approach for paging ?
> usually i use PEAR and page thanks their table library, but to avoid high
> transfer of data from DB to PHP page it is better to do the paging at
> database level.
> I would like to know what is your point of view on this topic and what do
> you use to do ?
>
> thx.
>
I've not used a library to achieve paging but doing it at the database
level is a must really, as you don't want to retrieve large data sets,
only to work on a small sub-section of them. As I've no experience of
using libraries for this, I've always coded the queries myself. LIMIT in
MySQL comes in real handy, but if you're using an older version of
MSSQL, then you will have to use nested selects like this:
SELECT * FROM
(
SELECT TOP 10 * FROM
(
SELECT TOP 20 * FROM table1 ORDER BY column1
)
ORDER BY column1 DESC
)
ORDER BY column1
Obviously the syntax is not entirely right, but it should help you get
the general idea for a query that returns results 10-20.
Ash
www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
I'm trying to create a form with a loop. I need to append a value to a field
name each time through the loop. For Instance:
while ($row = mysql_fetch_assoc($result)) {
$x=1;
echo "<tr>"; echo
"<td><input type='text' id='qty' name='quantity_' size='2'
value='$row[qty]' /></td>";
echo "</tr>";
$x++;
}
the name value quantity needs the value of x appended to it. quantity_1,
quantity_2 etc. What is the correct syntax to achieve this, especially the
parsing to get it to work. I suspect the dot operator to append it but I
can't get the parsing down.
Terry Daichendt
--- End Message ---
--- Begin Message ---
Terry J Daichendt wrote:
> I'm trying to create a form with a loop. I need to append a value to a
> field name each time through the loop. For Instance:
>
> while ($row = mysql_fetch_assoc($result)) {
> $x=1;
> echo "<tr>"; echo "<td><input type='text' id='qty'
> name='quantity_' size='2' value='$row[qty]' /></td>";
> echo "</tr>";
> $x++;
> }
>
> the name value quantity needs the value of x appended to it. quantity_1,
> quantity_2 etc. What is the correct syntax to achieve this, especially
> the parsing to get it to work. I suspect the dot operator to append it
> but I can't get the parsing down.
>
> Terry Daichendt
echo '<td><input type="text" id="qty" name="quantity_' . $x . '"
size="2" value="' . $row['qty']. '" /></td>';
However, I would use an array:
echo '<td><input type="text" id="qty" name="quantity[' . $x . ']"
size="2" value="' . $row['qty']. '" /></td>';
Depending upon your use, you can even leave out the index and let it
increment.
echo '<td><input type="text" id="qty" name="quantity[]" size="2"
value="' . $row['qty']. '" /></td>';
--
Thanks!
-Shawn
http://www.spidean.com
--- End Message ---
--- Begin Message ---
On Sat, Oct 18, 2008 at 08:07:26PM -0500, Shawn McKenzie wrote:
> Terry J Daichendt wrote:
> > I'm trying to create a form with a loop. I need to append a value to a
> > field name each time through the loop. For Instance:
> >
> > while ($row = mysql_fetch_assoc($result)) {
> > $x=1;
> > echo "<tr>"; echo "<td><input type='text' id='qty'
> > name='quantity_' size='2' value='$row[qty]' /></td>";
> > echo "</tr>";
> > $x++;
> > }
> >
> > the name value quantity needs the value of x appended to it. quantity_1,
> > quantity_2 etc. What is the correct syntax to achieve this, especially
> > the parsing to get it to work. I suspect the dot operator to append it
> > but I can't get the parsing down.
> >
> > Terry Daichendt
>
> echo '<td><input type="text" id="qty" name="quantity_' . $x . '"
> size="2" value="' . $row['qty']. '" /></td>';
>
> However, I would use an array:
>
> echo '<td><input type="text" id="qty" name="quantity[' . $x . ']"
> size="2" value="' . $row['qty']. '" /></td>';
>
> Depending upon your use, you can even leave out the index and let it
> increment.
>
> echo '<td><input type="text" id="qty" name="quantity[]" size="2"
> value="' . $row['qty']. '" /></td>';
Ids must be unique within a document.
--
"We may eventually come to realize that chastity is no more a virtue
than malnutrition." -- Alexander Comfort
Rick Pasotto [EMAIL PROTECTED] http://www.niof.net
--- End Message ---
