php-general Digest 20 Oct 2008 03:02:49 -0000 Issue 5745
Topics (messages 282105 through 282122):
Re: searching by tags....
282105 by: Martin Zvarík
282111 by: Ashley Sheridan
Re: logic for grabbing what we need from user-input addresses for AVS?
282106 by: Govinda
282107 by: Robert Cummings
282112 by: Ashley Sheridan
Re: Randomiser
282108 by: Chris
282109 by: Reese
282113 by: Chris
282114 by: Reese
Re: Form Loop
282110 by: Ashley Sheridan
Re: Securing AJAX requests with PHP?
282115 by: Bastien Koert
Best way to recieve image from url?
282116 by: Nitsan Bin-Nun
282117 by: Børge Holen
282118 by: Daniel Brown
282119 by: Micah Gersten
Re: Information on Cookies
282120 by: Micah Gersten
282121 by: Ashley Sheridan
Re: what's the difference in the following code?
282122 by: Andrew Ballard
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Ryan S napsal(a):
Hey,
this the first time I am actually working with "tags" but it seems quite
popular and am adding it on a clients requests.
By tags I mean something like wordpress' implementation of it, for example when
an author writes an article on babies the tags might be
baby,babies, new borns, cribs, nappies
or a picture of a baby can have the tags
baby,babies, new born, cute kid, nappies
the tags are comma separated above of course.
The way i am doing it right now is i have sayyyy an article or a pic saved in the db as
article_or_pic_address text
the_tags varchar(240)
My question is, when someone clicks on any one of the tags, do i do a LIKE
%search_term% search or...???
quite a few sites seem to have a very neat way of implementing this with (url
rewriting?) something like http://sitename/blog/tags/tag-comes-here/
Any help in the form of advise, code or links would be appreciated.
TIA.
Cheers!
Ryan
------
- The faulty interface lies between the chair and the keyboard.
- Creativity is great, but plagiarism is faster!
- Smile, everyone loves a moron. :-)
The main point here is WHAT SHOULD BE THE BEST DB STRUCTURE.
I got this feeling, from what I've read, that everybody wants to express
themselves so much, that they talk about something they know at least a
little about = SEO.
To the TOPIC: I think normalization would be a killer.
Imagine joining 3 tables (I really don't see more functionality here) OR
just selecting from 1.
--- End Message ---
--- Begin Message ---
On Sun, 2008-10-19 at 16:34 +0200, Martin Zvarík wrote:
> Ryan S napsal(a):
> > Hey,
> >
> > this the first time I am actually working with "tags" but it seems quite
> > popular and am adding it on a clients requests.
> >
> > By tags I mean something like wordpress' implementation of it, for example
> > when an author writes an article on babies the tags might be
> > baby,babies, new borns, cribs, nappies
> >
> > or a picture of a baby can have the tags
> >
> > baby,babies, new born, cute kid, nappies
> >
> > the tags are comma separated above of course.
> >
> > The way i am doing it right now is i have sayyyy an article or a pic saved
> > in the db as
> > article_or_pic_address text
> > the_tags varchar(240)
> >
> > My question is, when someone clicks on any one of the tags, do i do a LIKE
> > %search_term% search or...???
> >
> > quite a few sites seem to have a very neat way of implementing this with
> > (url rewriting?) something like http://sitename/blog/tags/tag-comes-here/
> >
> > Any help in the form of advise, code or links would be appreciated.
> >
> > TIA.
> >
> > Cheers!
> > Ryan
> > ------
> > - The faulty interface lies between the chair and the keyboard.
> > - Creativity is great, but plagiarism is faster!
> > - Smile, everyone loves a moron. :-)
> >
> >
> >
>
> The main point here is WHAT SHOULD BE THE BEST DB STRUCTURE.
>
> I got this feeling, from what I've read, that everybody wants to express
> themselves so much, that they talk about something they know at least a
> little about = SEO.
>
> To the TOPIC: I think normalization would be a killer.
> Imagine joining 3 tables (I really don't see more functionality here) OR
> just selecting from 1.
>
I think the reason we all got off topic here was because URL rewriting
was part of your original question.
As to your other question, I think that the best idea is to have a
separate table for the "tags", and link them to the unique id of the row
on the main table that contains the content. This way, searching for
specific tags, and producing counts (for weighting individual tags) is
an absolute doddle, and can be done with pure SQL rather than retrieving
all the information from the database and have PHP do the donkey work.
Ash
www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On Oct 18, 2008, at 11:10 PM, Robert Cummings wrote:
On Sat, 2008-10-18 at 22:56 -0600, Govinda wrote:
To cut down on fraudulent orders, our cc processor (whatever we call
them), to enable "Address Verification System (AVS)", ...
The
docs make this clear that they want: "The numeric portion of the
street address", ...
And how should the logic of my algorithm be written
if it was just for USA addresses? ... and more importantly - if I am
writing it to handle addresses from any country?
AVS systems I've used don't ask for the street number. They ask for
the
entire address and they do the matching for me and return a code
indicating what portions matched. For one client in particular an AVS
fail allows the order to go through, but it is flagged as peculiar and
requires someone to manually reject or allow the order to be
fulfilled.
This was necessary since a lot of AVS failures were encountered for
regular clients.
If I had to make a choice given your system, I think I would just grab
the integer value of the first address line. No concatenation, and no
fussing with a second line...
$number = (int)$input;
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
Yes, here also they want the entire billing data for different checks
to be run on the card validity (like postal code check, card security
code check, etc.), but for just this AVS (address) check in
particular, which I am asking about, they explicitly state which part
of that billing data they use: "The numeric portion of the street
address"
Thanks all for your replies!
-Govinda
--
(I have so much work that I have never bothered about my resume,
personal business site, sig file.. nothing. Nor do I have any fun
quote generator lined up. But since it is Sunday, and sig files seem
to be tolerated well, here's one quote off the top of my head:
"Now we measure power in terms of nourishing ability."
-Maharishi Mahesh Yogi
--- End Message ---
--- Begin Message ---
On Sun, 2008-10-19 at 10:03 +0100, Ashley Sheridan wrote:
> On Sun, 2008-10-19 at 01:10 -0400, Robert Cummings wrote:
> > On Sat, 2008-10-18 at 22:56 -0600, Govinda wrote:
> > > Hi all
> > >
> > > This is not exactly PHP, but an issue that we have to work out in code
> > > (whatever we use) -
> > > I am working on a shopping cart site which will have orders from any
> > > country.
> > >
> > > To cut down on fraudulent orders, our cc processor (whatever we call
> > > them), to enable "Address Verification System (AVS)", accepts a var/
> > > value which is "The numeric portion of the street address". It is
> > > "Required for AVS". Now to get this from what the user input, I can:
> > >
> > > - just read the *numeric* characters off the front of the first (of 2)
> > > address text inputs, stopping grabbing them once I reach any non-
> > > numeric char., or I could
> > > - get *any* numeric chars input in that text area and concatenate
> > > them all together (if there is more than one continuous run of them), or
> > > - get *any* numeric chars input in *either* of the address text areas
> > > and concatenate that all together (if there is more than one
> > > continuous run of them), or
> > > - (what are the other possibilities?)
> > >
> > > I am asking you guys/gals using AVS: what are they looking for? The
> > > docs make this clear that they want: "The numeric portion of the
> > > street address", but just because I can't think of addresses that
> > > don't match a pattern I am thinking of does not mean they don't exist
> > > or are not valid. And how should the logic of my algorithm be written
> > > if it was just for USA addresses? ... and more importantly - if I am
> > > writing it to handle addresses from any country?
> > >
> > > Thanks for any insight/logic based on experience, ;-)
> >
> > AVS systems I've used don't ask for the street number. They ask for the
> > entire address and they do the matching for me and return a code
> > indicating what portions matched. For one client in particular an AVS
> > fail allows the order to go through, but it is flagged as peculiar and
> > requires someone to manually reject or allow the order to be fulfilled.
> > This was necessary since a lot of AVS failures were encountered for
> > regular clients.
> >
> > If I had to make a choice given your system, I think I would just grab
> > the integer value of the first address line. No concatenation, and no
> > fussing with a second line...
> >
> > $number = (int)$input;
> >
> >
> It does sound like a bit of a flawed system you are using though, I
> mean, some addresses have only house names, not numbers, so there would
> be no number, and what about business addresses in business centres?
> "Unit 3 of Suchandsuch Business Centre, 20-30 Somesuch Road..." How
> would you go about getting the numerical part from that?
Is this targetted at me? Doesn't seem applicable to my own case since I
pass the entire address to the payment gateway.
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--- End Message ---
--- Begin Message ---
On Sun, 2008-10-19 at 11:26 -0400, Robert Cummings wrote:
> On Sun, 2008-10-19 at 10:03 +0100, Ashley Sheridan wrote:
> > On Sun, 2008-10-19 at 01:10 -0400, Robert Cummings wrote:
> > > On Sat, 2008-10-18 at 22:56 -0600, Govinda wrote:
> > > > Hi all
> > > >
> > > > This is not exactly PHP, but an issue that we have to work out in code
> > > > (whatever we use) -
> > > > I am working on a shopping cart site which will have orders from any
> > > > country.
> > > >
> > > > To cut down on fraudulent orders, our cc processor (whatever we call
> > > > them), to enable "Address Verification System (AVS)", accepts a var/
> > > > value which is "The numeric portion of the street address". It is
> > > > "Required for AVS". Now to get this from what the user input, I can:
> > > >
> > > > - just read the *numeric* characters off the front of the first (of 2)
> > > > address text inputs, stopping grabbing them once I reach any non-
> > > > numeric char., or I could
> > > > - get *any* numeric chars input in that text area and concatenate
> > > > them all together (if there is more than one continuous run of them), or
> > > > - get *any* numeric chars input in *either* of the address text areas
> > > > and concatenate that all together (if there is more than one
> > > > continuous run of them), or
> > > > - (what are the other possibilities?)
> > > >
> > > > I am asking you guys/gals using AVS: what are they looking for? The
> > > > docs make this clear that they want: "The numeric portion of the
> > > > street address", but just because I can't think of addresses that
> > > > don't match a pattern I am thinking of does not mean they don't exist
> > > > or are not valid. And how should the logic of my algorithm be written
> > > > if it was just for USA addresses? ... and more importantly - if I am
> > > > writing it to handle addresses from any country?
> > > >
> > > > Thanks for any insight/logic based on experience, ;-)
> > >
> > > AVS systems I've used don't ask for the street number. They ask for the
> > > entire address and they do the matching for me and return a code
> > > indicating what portions matched. For one client in particular an AVS
> > > fail allows the order to go through, but it is flagged as peculiar and
> > > requires someone to manually reject or allow the order to be fulfilled.
> > > This was necessary since a lot of AVS failures were encountered for
> > > regular clients.
> > >
> > > If I had to make a choice given your system, I think I would just grab
> > > the integer value of the first address line. No concatenation, and no
> > > fussing with a second line...
> > >
> > > $number = (int)$input;
> > >
> > >
> > It does sound like a bit of a flawed system you are using though, I
> > mean, some addresses have only house names, not numbers, so there would
> > be no number, and what about business addresses in business centres?
> > "Unit 3 of Suchandsuch Business Centre, 20-30 Somesuch Road..." How
> > would you go about getting the numerical part from that?
>
> Is this targetted at me? Doesn't seem applicable to my own case since I
> pass the entire address to the payment gateway.
>
> Cheers,
> Rob.
Not you Rob, don't be so paranoid ;) I was just saying it for Govinda's
benefit, as it seems to be particular to the system he is using, and I
just thought I'd point out a couple of the more obvious problems with
it.
Ash
www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
Andrew Barnett wrote:
I ended up using an example from the PHP website.
<?php
$input = array("Neo", "Morpheus", "Trinity", "Cypher", "Tank");
$rand_keys = array_rand($input, 2);
You're randomizing the whole array which when it gets large, will be
noticeable.
If you're using zero based arrays (like above - 'Neo' is item '0',
'Morpheus' is item '1'), I'd suggest something like this:
$input = array (...);
$num_keys = count($input);
$random_keys = array();
$num_to_fetch = 5;
for ($fetched = 0; $fetched < $num_to_fetch; $fetched++) {
$key = rand(0, $num_keys);
// if the key has already been picked,
// decrease "fetched" and try again
if (in_array($key, $random_keys)) {
$fetched--;
continue;
}
$random_keys[] = $key;
}
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
Andrew Barnett wrote:
I ended up using an example from the PHP website.
<?php
$input = array("Neo", "Morpheus", "Trinity", "Cypher", "Tank");
$rand_keys = array_rand($input, 2);
echo $input[$rand_keys[0]] . "\n";
echo $input[$rand_keys[1]] . "\n";
?>
Just extended the array to the number of lines I needed.
That works, but shuffle() is cleaner and then you can echo things
out with a foreach() expression.
http://www.php.net/manual/en/function.shuffle.php
Reese
--- End Message ---
--- Begin Message ---
Reese wrote:
Andrew Barnett wrote:
I ended up using an example from the PHP website.
<?php
$input = array("Neo", "Morpheus", "Trinity", "Cypher", "Tank");
$rand_keys = array_rand($input, 2);
echo $input[$rand_keys[0]] . "\n";
echo $input[$rand_keys[1]] . "\n";
?>
Just extended the array to the number of lines I needed.
That works, but shuffle() is cleaner and then you can echo things
out with a foreach() expression.
http://www.php.net/manual/en/function.shuffle.php
If you're doing a shuffle inside a loop, it's going to be even slower.
Might not be an issue for the OP but after your array gets to a certain
size, doing that will be a problem.
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
Chris wrote:
That works, but shuffle() is cleaner and then you can echo things
out with a foreach() expression.
http://www.php.net/manual/en/function.shuffle.php
If you're doing a shuffle inside a loop, it's going to be even slower.
Might not be an issue for the OP but after your array gets to a certain
size, doing that will be a problem.
Inside the loop? I envisioned shuffling the array, then launching
the loop. Probably it is possible to avoid but if shuffle fires
inside the loop, reshuffling seems like it would be an issue.
Reese
--- End Message ---
--- Begin Message ---
On Sun, 2008-10-19 at 09:31 -0500, Shawn McKenzie wrote:
> Rick Pasotto wrote:
> > On Sat, Oct 18, 2008 at 08:07:26PM -0500, Shawn McKenzie wrote:
> >> Terry J Daichendt wrote:
> >>> I'm trying to create a form with a loop. I need to append a value to a
> >>> field name each time through the loop. For Instance:
> >>>
> >>> while ($row = mysql_fetch_assoc($result)) {
> >>> $x=1;
> >>> echo "<tr>"; echo "<td><input type='text' id='qty'
> >>> name='quantity_' size='2' value='$row[qty]' /></td>";
> >>> echo "</tr>";
> >>> $x++;
> >>> }
> >>>
> >>> the name value quantity needs the value of x appended to it. quantity_1,
> >>> quantity_2 etc. What is the correct syntax to achieve this, especially
> >>> the parsing to get it to work. I suspect the dot operator to append it
> >>> but I can't get the parsing down.
> >>>
> >>> Terry Daichendt
> >> echo '<td><input type="text" id="qty" name="quantity_' . $x . '"
> >> size="2" value="' . $row['qty']. '" /></td>';
> >>
> >> However, I would use an array:
> >>
> >> echo '<td><input type="text" id="qty" name="quantity[' . $x . ']"
> >> size="2" value="' . $row['qty']. '" /></td>';
> >>
> >> Depending upon your use, you can even leave out the index and let it
> >> increment.
> >>
> >> echo '<td><input type="text" id="qty" name="quantity[]" size="2"
> >> value="' . $row['qty']. '" /></td>';
> >
> > Ids must be unique within a document.
> >
> Yeah, I just copied and pasted and was concentrating on the name.
>
> echo '<td><input type="text" id="qty' . $x . '" name="quantity[]"
> size="2" value="' . $row['qty']. '" /></td>';
>
> --
> Thanks!
> -Shawn
> http://www.spidean.com
>
Take out the id attribute on the input element though, as these must be
unique for an element, and the only reason to use them in this case
would be if you had label tags giving the input boxes a name.
Ash
www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On Sat, Oct 18, 2008 at 11:28 AM, Jay Moore <[EMAIL PROTECTED]> wrote:
> Yeti wrote:
>
>> Ok, but how safe are tokens?
>> Thinking of man in the middle attacks they do not make much sense, do
>> they?
>>
>
> That's what I was thinking too. If I'm deleting an entry from a database
> with AJAX, I don't want someone looking at my Javascript and saying, "Hmm,
> all I need to do is pass this info to this URL and I can delete at will."
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
True, but then my permission / auth / workflow schema defines all that. the
user won't like have that permission, the request will be logged and nothing
is ever deleted from the app in any case since I only allow soft (record
level flag ) deletes to ensure data integrity
--
Bastien
Cat, the other other white meat
--- End Message ---
--- Begin Message ---
Hi,
I have this function:
function saveImageFromUrl($image_url, $image_save)
{
$contents = file_get_contents($image_url);
$fp = fopen($image_save, 'w');
fwrite($fp, $contents);
fclose($fp);
}
As you can see it fetches the images contents and write them to new image on
my local directory.
Is this is the best way to do this? (I don't have curl)
Does file_get_contents() uses buffer to get the contents of the image? (in
case the server response is slow)
There is a better way?
Thanks in Advance,
Nitsan
--- End Message ---
--- Begin Message ---
On Oct 20, 2008, at 12:46 AM, Nitsan Bin-Nun wrote:
Hi,
I have this function:
function saveImageFromUrl($image_url, $image_save)
{
$contents = file_get_contents($image_url);
$fp = fopen($image_save, 'w');
fwrite($fp, $contents);
fclose($fp);
}
As you can see it fetches the images contents and write them to new
image on
my local directory.
Is this is the best way to do this? (I don't have curl)
Does file_get_contents() uses buffer to get the contents of the
image? (in
case the server response is slow)
the server will respond slow either way if it is slow to respond.
There is a better way?
Thanks in Advance,
Nitsan
--- End Message ---
--- Begin Message ---
On Sun, Oct 19, 2008 at 6:46 PM, Nitsan Bin-Nun <[EMAIL PROTECTED]> wrote:
>
> As you can see it fetches the images contents and write them to new image on
> my local directory.
> Is this is the best way to do this? (I don't have curl)
Do you have GET or wget on your server, with exec() privileges to
use them? Your method is good for cross-platform usage, but won't
follow redirects.
> Does file_get_contents() uses buffer to get the contents of the image? (in
> case the server response is slow)
> There is a better way?
As Borge suggested, it won't speed things up for you if the remote
server is slow, but if I understand you correctly, you want to know if
there's a way to keep it running on your end. Check into either using
it as a cron job, a forked process, or by setting max_execution_time
and ignore_user_abort(), et al.
--
</Daniel P. Brown>
More full-root dedicated server packages:
Intel 2.4GHz/60GB/512MB/2TB $49.99/mo.
Intel 3.06GHz/80GB/1GB/2TB $59.99/mo.
Intel 2.4GHz/320/GB/1GB/3TB $74.99/mo.
Dedicated servers, VPS, and hosting from $2.50/mo.
--- End Message ---
--- Begin Message ---
If you're using file_get_contents, why aren't you using file_put_contents?
Thank you,
Micah Gersten
onShore Networks
Internal Developer
http://www.onshore.com
Nitsan Bin-Nun wrote:
> Hi,
> I have this function:
>
>
> function saveImageFromUrl($image_url, $image_save)
> {
> $contents = file_get_contents($image_url);
>
> $fp = fopen($image_save, 'w');
> fwrite($fp, $contents);
> fclose($fp);
> }
>
> As you can see it fetches the images contents and write them to new image on
> my local directory.
> Is this is the best way to do this? (I don't have curl)
> Does file_get_contents() uses buffer to get the contents of the image? (in
> case the server response is slow)
> There is a better way?
>
> Thanks in Advance,
> Nitsan
>
>
--- End Message ---
--- Begin Message ---
Don't use cookies, use sessions.
Thank you,
Micah Gersten
onShore Networks
Internal Developer
http://www.onshore.com
Ben Stones wrote:
> I've read a few videos on cookie security and it makes sense that people can
> modify cookie values which is a problem I'm trying to figure out to *try*
> and prevent. What I'll first do is at the top of the page that validates if
> the cookie values is in the database, but what my next problem is they'd use
> usernames in the database as the vaues. Are there any preventable measures
> to prevent cookie forging or what not.
>
> Thanks.
>
>
--- End Message ---
--- Begin Message ---
On Sun, 2008-10-19 at 19:12 -0500, Micah Gersten wrote:
> Don't use cookies, use sessions.
>
> Thank you,
> Micah Gersten
> onShore Networks
> Internal Developer
> http://www.onshore.com
>
>
>
> Ben Stones wrote:
> > I've read a few videos on cookie security and it makes sense that people can
> > modify cookie values which is a problem I'm trying to figure out to *try*
> > and prevent. What I'll first do is at the top of the page that validates if
> > the cookie values is in the database, but what my next problem is they'd use
> > usernames in the database as the vaues. Are there any preventable measures
> > to prevent cookie forging or what not.
> >
> > Thanks.
> >
> >
>
Yeah, sessions are the way to go with this. They are (more often than
not) just special cookies themselves, and the only bit of information
stored is the session id in the cookie, and the rest is stored in server
memory (or sometimes a text file on the server.) The chances of someone
forging this is much less, and if you use sessions with https then this
is reduced much more, but at the end of the day, nothing is foolproof...
Ash
www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On Sat, Oct 18, 2008 at 2:34 PM, Robert Cummings <[EMAIL PROTECTED]> wrote:
>
> On Sat, 2008-10-18 at 08:44 -0700, Yeti wrote:
> > I would understand it if it was like this ..
> >
> > <?php
> > $search = isset($_GET['search']) ? $_GET['search'] : '';
> > # versus
> > if (isset($_GET['search'])) { $search = $_GET['search']; }
> > ?>
> >
> > In the first statement $search would either be set to $_GET['search']
> > or an empty string, whereas in the second statement $search would only
> > be set, if there is a $_GET['search']
>
> Wrong. They are equivalent. The second is probably just easier to follow
> with a clearly defined default value outside the conditional block.
>
> Cheers,
> Rob.
No, they are not. In the first statement, $search is the value of
$_GET['search'] if the key exists, or an empty string if it does not.
In the second statement, $search is the value of $_GET['search'] if
the key exists or retains its original value if the key does not
exist.
Andrew
--- End Message ---
