php-general Digest 16 Dec 2008 20:20:54 -0000 Issue 5849
Topics (messages 284654 through 284681):
Re: Create unique non-autoincrement key for 700,000records?
284654 by: Ondrej Kulaty
284655 by: Robert Cummings
284656 by: Ondrej Kulaty
284657 by: Robert Cummings
284679 by: Ashley Sheridan
Secure uploads tutorial
284658 by: Tim Starling
284660 by: tedd
284661 by: Peter Ford
Re: XML Get Value of Node DOMXPath
284659 by: Rob Richards
Re: Good PHP book?
284662 by: jordan.jdelaneydesign.com
284663 by: Richard Heyes
284664 by: Daniel Brown
284665 by: Daniel Brown
284666 by: Richard Heyes
284675 by: Jay Moore
284677 by: Robert Cummings
284678 by: Jay Moore
284680 by: Brendon Van Heyzen
custom php.ini
284667 by: John P
284668 by: Daniel Brown
284669 by: John Pillion
dynamic forms
284670 by: Marc Fromm
284671 by: Jay Blanchard
284672 by: ceo.l-i-e.com
FPDF Printing Ideas?
284673 by: Dan Shirah
284674 by: ceo.l-i-e.com
284676 by: Dan Shirah
checking local file size
284681 by: John P
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
I think he knows how to use it, he didn't show us a certain example where
and how he wants to use it, i just posted the way how i do generate an
unique identifier, if he use the first mentioned way -
AutoIncID+unix_timestamp - there can be a collision, when two users will
attempt to perform this task on the same id at the same time. yes, it's not
very probable but if you have system with many users it can happen
"Robert Cummings" <[email protected]> pí¹e v diskusním pøíspìvku
news:1229410766.9173.41.ca...@localhost...
> On Tue, 2008-12-16 at 07:35 +0100, Ondrej Kulaty wrote:
>> I use md5(microtime());
>
> I applaud the use of PHP on the "PHP" list... but I think the OP wants
> an SQL query :)
>
> Cheers,
> Rob.
> --
> http://www.interjinn.com
> Application and Templating Framework for PHP
>
--- End Message ---
--- Begin Message ---
On Tue, 2008-12-16 at 09:21 +0100, Ondrej Kulaty wrote:
> I think he knows how to use it, he didn't show us a certain example where
> and how he wants to use it, i just posted the way how i do generate an
> unique identifier, if he use the first mentioned way -
> AutoIncID+unix_timestamp - there can be a collision, when two users will
> attempt to perform this task on the same id at the same time. yes, it's not
> very probable but if you have system with many users it can happen
No it's impossible. Auto increment guarantees a unique auto incremented
ID. Adding the value returned by unix_timestamp() to this unique ID can
only create unique sums since both the auto increment ID and the time
are increasing. There cannot be a collision.
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--- End Message ---
--- Begin Message ---
Sorry you are right. He said he wants each row to have an unique ID so
AutoIncId+timestamp will satisfy it, But still i think that adding
microseconds timestamp is better because it will be harder for potential
hacker to guess.
--
S pozdravem
Ondøej Kulatý
---------------------
Winternet s.r.o.
odd. vývoje aplikací
tel. 585 209 132
www.winternet.cz
"Robert Cummings" <[email protected]> pí¹e v diskusním pøíspìvku
news:1229416450.9173.46.ca...@localhost...
> On Tue, 2008-12-16 at 09:21 +0100, Ondrej Kulaty wrote:
>> I think he knows how to use it, he didn't show us a certain example where
>> and how he wants to use it, i just posted the way how i do generate an
>> unique identifier, if he use the first mentioned way -
>> AutoIncID+unix_timestamp - there can be a collision, when two users will
>> attempt to perform this task on the same id at the same time. yes, it's
>> not
>> very probable but if you have system with many users it can happen
>
> No it's impossible. Auto increment guarantees a unique auto incremented
> ID. Adding the value returned by unix_timestamp() to this unique ID can
> only create unique sums since both the auto increment ID and the time
> are increasing. There cannot be a collision.
>
> Cheers,
> Rob.
> --
> http://www.interjinn.com
> Application and Templating Framework for PHP
>
--- End Message ---
--- Begin Message ---
On Tue, 2008-12-16 at 09:56 +0100, Ondrej Kulaty wrote:
> Sorry you are right. He said he wants each row to have an unique ID so
> AutoIncId+timestamp will satisfy it, But still i think that adding
> microseconds timestamp is better because it will be harder for potential
> hacker to guess.
I agree, but then each entry would need ot be updated individually.
Unfortunately MySQL doesn't appear to offer a time function to obtain
microseconds. However, using the same argument for non collision and
knowing that auto increment ID + unix_timestamp() must result in an
integer, one could use the following to produce a less guessable
outcome:
update
mytable
set
hash_field = md5( concat( AutoIdField + unix_timestamp(),
rand() ) )
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--- End Message ---
--- Begin Message ---
On Tue, 2008-12-16 at 09:56 +0100, Ondrej Kulaty wrote:
> Sorry you are right. He said he wants each row to have an unique ID so
> AutoIncId+timestamp will satisfy it, But still i think that adding
> microseconds timestamp is better because it will be harder for potential
> hacker to guess.
> --
>
>
> S pozdravem
> Ondej Kulat
> ---------------------
> Winternet s.r.o.
> odd. vvoje aplikac
> tel. 585 209 132
> www.winternet.cz
>
> "Robert Cummings" <[email protected]> pe v diskusnm pspvku
> news:1229416450.9173.46.ca...@localhost...
> > On Tue, 2008-12-16 at 09:21 +0100, Ondrej Kulaty wrote:
> >> I think he knows how to use it, he didn't show us a certain example where
> >> and how he wants to use it, i just posted the way how i do generate an
> >> unique identifier, if he use the first mentioned way -
> >> AutoIncID+unix_timestamp - there can be a collision, when two users will
> >> attempt to perform this task on the same id at the same time. yes, it's
> >> not
> >> very probable but if you have system with many users it can happen
> >
> > No it's impossible. Auto increment guarantees a unique auto incremented
> > ID. Adding the value returned by unix_timestamp() to this unique ID can
> > only create unique sums since both the auto increment ID and the time
> > are increasing. There cannot be a collision.
> >
> > Cheers,
> > Rob.
> > --
> > http://www.interjinn.com
> > Application and Templating Framework for PHP
> >
>
>
>
Surely better than creating some complex method by which to reference
the row, is to use methods of sanitising input that would prevent a
hacker from manipulating your queries?
Ash
www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
I thought the list might be interested in a tutorial for secure
web-based file uploads that I just wrote:
http://tstarling.com/blog/2008/12/secure-web-uploads/
-- Tim Starling
--- End Message ---
--- Begin Message ---
At 11:45 PM +1100 12/16/08, Tim Starling wrote:
I thought the list might be interested in a tutorial for secure
web-based file uploads that I just wrote:
http://tstarling.com/blog/2008/12/secure-web-uploads/
-- Tim Starling
Tim:
That's a good read -- thanks -- but it's more of an article than a tutorial.
In any event, instead of posting to your blog, I though starting a
dialog here might serve the php community better. So here goes:
In your blog you suggest looking for the magic number in image files
and not using getimagesize(). So what about this approach?
1. Restrict the File-Type.
2. Pass the file through exif_read_data() and see if File-Type and
MimeType match.
3. Resize the image.
Do you see any security problems this?
I can't imagine evil code still working after someone resizes the file.
Cheers,
tedd
PS: here's an example of both getimagesize() and exif_read_data():
http://webbytedd.com/bb/image-data/
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
tedd wrote:
> I can't imagine evil code still working after someone resizes the file.
>
Yeah, but the uploaded OpenOffice Writer doc won't look too good either... :)
I prefer to move files to an off-line store, run them through a unix 'file'
command (with a mime-type magic file) to get the mime-type, use that to decide
whether or not to accept, and then serve them back to clients through a script.
As an optional step, on really paranoid systems, I run a virus scan over the
upload (with clamav, usually).
<troll>
I'm not exactly sure what all the fuss is about protecting IE users from
malicious code - if they care then they shouldn't be using IE, and if they don't
care they shouldn't be on the internet.
</troll>
Tim's efforts do seem to be a bit of overkill...
--
Peter Ford phone: 01580 893333
Developer fax: 01580 893399
Justcroft International Ltd., Staplehurst, Kent
--- End Message ---
--- Begin Message ---
Stephen Alistoun wrote:
Hello all,
Need help to get the value of the node.
We know how to get the value of the city , item and itemPrice nodes below.
How do we get the value of NumberOfRooms?
$hotelElements = $xpath->query( 'xxxx', $searchReponseElement );
foreach( $hotelElements as $hotelElement )
{
$city = $xpath->query( 'City' , $hotelElement );
$item = $xpath->query( 'Item' , $hotelElement );
$itemPrice = $xpath->query( 'ItemPrice' , $hotelElement );
$confirmation = $xpath->query( 'Confirmation' , $hotelElement );
}
Here is an example of the XML Response:
<Hotel HasExtraInfo="true">
<City Code="AMS"><![CDATA[ Amsterdam ]]></City>
<Item Code="JAN"><![CDATA[ JAN LUYKEN HTL AND
RESIDENCE]]></Item>
<LocationDetails>
<Location Code="G1"><![CDATA[ Central ]]></Location>
</LocationDetails>
<StarRating>4</StarRating>
<HotelRooms>
<HotelRoom
Code="SB"
NumberOfRooms="1" />
<HotelRoom
Code="TB"
ExtraBed="true"
NumberCots="1"
NumberOfExtraBeds="2"
NumberOfRooms="1
SharingBedding="true" />
</HotelRooms>
Thanks
You can do it in a number of ways.
$rooms = $xpath->query('/Hotel/HotelRooms/HotelRoom');
/* Via DOMElement */
foreach ($rooms AS $room) {
echo $room->getAttribute('NumberOfRooms') . "\n\n";
}
/* Via XPath */
foreach ($rooms AS $room) {
$numrooms = $xpath->evaluate('number(./@NumberOfRooms)', $room);
echo $numrooms . "\n\n";
}
Rob
--- End Message ---
--- Begin Message ---
> Ashley Sheridan a écrit :
>> On Sun, 2008-12-14 at 16:33 -0600, jeffery harris wrote:
>>> Hi guys/gals. I'm a first time user. Does anyone know of a good php
>>> book?
>>>
>>>
>>>
>> I tend to trust O'Reilly books a lot for all things programming,
>> although I learnt largely with 'PHP, Apache, MySQL Web Development' from
>> WROX.
>>
>>
>> Ash
>> www.ashleysheridan.co.uk
>>
> Yes, I am agree with Ashley. This book must be read. But first, you
> should read the whole php documentations as Tim said (available on HTML
> offline). There is everything in it.
>
> Good luck !
>
> Zeuf
>
I learned from PHP For Dummies.
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
> I learned from PHP For Dummies.
The title of that book isn't doing itself any favours... :-)
--
Richard Heyes
HTML5 Graphing for FF, Chrome, Opera and Safari:
http://www.rgraph.org (Updated December 5th)
--- End Message ---
--- Begin Message ---
On Tue, Dec 16, 2008 at 11:25, Richard Heyes <[email protected]> wrote:
>> I learned from PHP For Dummies.
>
> The title of that book isn't doing itself any favours... :-)
You'd be surprised. The "For Dummies" series is one of the
best-selling franchises in mainstream publishing history.
--
</Daniel P. Brown>
http://www.parasane.net/
[email protected] || [email protected]
50% Off Hosting! http://www.pilotpig.net/specials.php
--- End Message ---
--- Begin Message ---
Forwarded back to the list, Mario. Please hit "Reply-All" to keep
it on the list.
On Tue, Dec 16, 2008 at 11:44, Kastner Mario <[email protected]> wrote:
> I also read the "for dummies" book when i started with php. It gives me a
> simple intro which power is behind php. My first application was a ftp client
> explained by the book. An essential is to read the online documentation on
> php.net.
--
</Daniel P. Brown>
http://www.parasane.net/
[email protected] || [email protected]
50% Off Hosting! http://www.pilotpig.net/specials.php
--- End Message ---
--- Begin Message ---
>>> I learned from PHP For Dummies.
>>
>> The title of that book isn't doing itself any favours... :-)
>
> You'd be surprised. The "For Dummies" series is one of the
> best-selling franchises in mainstream publishing history.
Still, calling your audience dumb is generally regarded as being "a
bad thing". But then, I am pap at business... :-)
--
HTML5 Graphing for FF, Chrome, Opera and Safari:
http://www.rgraph.org (Updated December 5th)
--- End Message ---
--- Begin Message ---
Richard Heyes wrote:
I learned from PHP For Dummies.
The title of that book isn't doing itself any favours... :-)
You'd be surprised. The "For Dummies" series is one of the
best-selling franchises in mainstream publishing history.
Still, calling your audience dumb is generally regarded as being "a
bad thing". But then, I am pap at business... :-)
Sounds like you need "Self Esteem for Dummies."
--- End Message ---
--- Begin Message ---
On Tue, 2008-12-16 at 13:41 -0600, Jay Moore wrote:
> Richard Heyes wrote:
> >>>> I learned from PHP For Dummies.
> >>> The title of that book isn't doing itself any favours... :-)
> >> You'd be surprised. The "For Dummies" series is one of the
> >> best-selling franchises in mainstream publishing history.
> >
> > Still, calling your audience dumb is generally regarded as being "a
> > bad thing". But then, I am pap at business... :-)
> >
>
> Sounds like you need "Self Esteem for Dummies."
I would never buy a "for Dummies" book. It's tantamount to admitting
you're a dummy. Instead i buy the "Idiot's guide" series.
Cheers,
Rob.
Ps. That was a lame attempt at humour... I extract and distill knowledge
from the Internet and save myself from having to buy books.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--- End Message ---
--- Begin Message ---
Ps. That was a lame attempt at humour... I extract and distill knowledge
from the Internet and save myself from having to buy books.
I hear they have that on computers now. I should check it out one of
these days. Maybe I'll buy a book.
--- End Message ---
--- Begin Message ---
Web Database Applications with PHP & MySQL, PHP in action, and php.net
--Brendon
On Dec 14, 2008, at 5:33 PM, jeffery harris wrote:
Hi guys/gals. I'm a first time user. Does anyone know of a good php
book?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Hello all,
In short, I'm trying to set my uploads_tmp_dir variable, as my hosting
provider has it set ot the default NULL (I'm using dreamhost).
I tried setting my own php.ini as instructed exactly on their wiki
(http://wiki.dreamhost.com/PHP.ini) but doing so causes PHP to essentially
die. phpinfo () gives a blank screen, $_SERVER['PHP_SELF'] isn't
recognized, and so on.
I don't *think* it's the actual php.ini file, as even using one identical to
what they're already using doesn't work.
what I did:
1) made a cgi-bin dir under my domain directory, and copied the server's
php.ini file to it
2) created a script wrapper in the cgi-bin folder with:
#!/bin/sh
exec /dh/cgi-system/php5.cgi $*
3) chmod 755 $HOME/[my domain root]/cgi-bin
chmod 755 $HOME/[my domain root]/cgi-bin/php-wrapper.cgi
chmod 640 $HOME/[my domain root]/cgi-bin/php.ini
4) added a .htaccess to my domain root, with:
Options +ExecCGI
AddHandler php5-cgi .php
Action php-cgi /cgi-bin/php-wrapper.cgi
Action php5-cgi /cgi-bin/php-wrapper.cgi
any pointers?
thanks
--- End Message ---
--- Begin Message ---
On Tue, Dec 16, 2008 at 11:39, John P <[email protected]> wrote:
> Hello all,
>
> In short, I'm trying to set my uploads_tmp_dir variable, as my hosting
> provider has it set ot the default NULL (I'm using dreamhost).
>
[snip!]
>
> any pointers?
You won't be able to modify the upload_tmp_dir option, as it's
PHP_INI_SYSTEM. However, you can modify some of the other options in
most cases.
I'm not certain about their configuration, but does DreamHost have
AllowOverrides turned on in their httpd.conf?
If so, just place a full php.ini file in your root web directory
(not just the line for uploads_tmp_dir, but an entire copy of the
file). If their Apache and PHP configuration allows it, you'll be
able to change several of the settings in that file. Those settings
that you can update will be PHP_INI_PERDIR[1] and higher.
KEY
1.) View the list in the appendix here:
http://www.php.net/manual/en/ini.php#ini.list
--
</Daniel P. Brown>
http://www.parasane.net/
[email protected] || [email protected]
50% Off Hosting! http://www.pilotpig.net/specials.php
--- End Message ---
--- Begin Message ---
""Daniel Brown"" <[email protected]> wrote in message
news:<[email protected]>...
> I'm not certain about their configuration, but does DreamHost have
> AllowOverrides turned on in their httpd.conf?
>
> If so, just place a full php.ini file in your root web directory
> (not just the line for uploads_tmp_dir, but an entire copy of the
> file). If their Apache and PHP configuration allows it, you'll be
> able to change several of the settings in that file. Those settings
> that you can update will be PHP_INI_PERDIR[1] and higher.
>
Thanks, that worked.
> KEY
> 1.) View the list in the appendix here:
> http://www.php.net/manual/en/ini.php#ini.list
>
> --
> </Daniel P. Brown>
> http://www.parasane.net/
> [email protected] || [email protected]
> 50% Off Hosting! http://www.pilotpig.net/specials.php
--- End Message ---
--- Begin Message ---
I would like to create a from that will pull and display information based on a
user's ID from a postgresql database into a textarea on the form, before the
submit button is clicked. Are there some tutorials on how to use PHP to
dynamically display information on a form as the form is being filled out?
Thanks
Marc
--- End Message ---
--- Begin Message ---
[snip]
I would like to create a from that will pull and display information
based on a user's ID from a postgresql database into a textarea on the
form, before the submit button is clicked. Are there some tutorials on
how to use PHP to dynamically display information on a form as the form
is being filled out?
[/snip]
Google for Ajax
--- End Message ---
--- Begin Message ---
If you have their ID when you generate the HTML FORM, there is no need for
anything as exotic as Ajax...
//get their $ID
//query the DB using $ID to get $whatever
echo "<TEXTAREA>", htmlentities($whatever), "</TEXTAREA>";
If you don't know their ID until the interact with other form elements, then,
yeah, go with Ajax...
But it would be pretty odd authentication mechanism that a front-end form would
"know" my ID correctly and safely with no server-side interaction!
--- End Message ---
--- Begin Message ---
Hello all,
I'm looking for some suggestions.
I'm writing a new application that generates PDF's on the fly with FPDF.
Basically I have a search page where you can search for customer records.
Once your search has returned the records you can then click on a link which
will send the record_id to the page that generates the PDF.
And while this brings up the PDF and I can click on the printer icon to
print the document, I want to be able to select multiple documents to print
at one time.
Example:
[ ] 12345
[ ] 12346
[ ] 12347
[ ] 12348
[ ] 12349
[ ] 12350
I want to select the first and last record to be printed, so I was thinking
I could od several things here.
Since the Output() of FPDF cannot be sent directly to a printer I was going
to
1) When someone clicks a checkbox, use the javascript onChange action to
generate and save the PDF in the background. So, when someone clicks a
checkbox, the page that generates my PDF would run without the user seeing
it...this page would save the PDF to a folder on the server and once all
checked items are selected the user will simply click on a "Print Selection"
link which will point to a PHP page that just says to print *.pdf from that
folder.
2) Allow the user to check all the documents they want to print and then
when the "Print Selection" link is clicked, pass all of the checkbox values
via $_POST to a new page which will run a loop that generates, prints and
deletes the files.
Does anyone have any experience or any better ideas to accomplish a
selective multiple document print for documents that don't initially exist?
Thanks,
Dan
--- End Message ---
--- Begin Message ---
Just generate a much larger PDF with all the pages they asked for and call it
done.
:-)
--- End Message ---
--- Begin Message ---
On Tue, Dec 16, 2008 at 2:32 PM, <[email protected]> wrote:
>
> Just generate a much larger PDF with all the pages they asked for and call
> it done.
> :-)
I don't think I can do it that way unfortunately.
They will be printing 100-300 records in bulk...the amount of time it would
take to generate one giant PDF file for all of the records would probably be
insane and definitely much longer than the users are willing to wait.
And also I don't believe you can loop the FPDF functions without it throwing
an error.
--- End Message ---
--- Begin Message ---
I know this isn't a php question (though I'm using PHP for the server
side... does that count?). I'm hoping though that some of you guys are just
as experienced in ajax as you are PHP, because I can't find any good ajax
forums.
you can respond to me personally if needed, to keep it off the php list....
my question:
I know there are alot of ajax/php upload progress bars out there, but
they're either complicated, unreliable, or just generally don't fit my
needs. Thus, i'm making my own.
One problem I'm running into though, is how to check the local file size as
compared to the uploaded file size.
I can check and display the total uploaded size (ie, 437kb uploaded so
far...), but to get the percent, I have to know the total size - BEFORE it's
fully uploaded. I would like to say "437kb of 932kb uploaded so far"... but
how do I get the "932" from the local file? It doesn't do too much good to
say how much has been uploaded if they don't know how much is left...
I know it's possible (most other meters do this) - I just can't figure out
how.
any hints?
Thanks
--- End Message ---
