php-general Digest 7 May 2009 23:04:14 -0000 Issue 6109
Topics (messages 292375 through 292387):
Re: $this = new Class();
292375 by: Richard Quadling
292376 by: Richard Quadling
Re: SQL Injection - Solution
292377 by: Jan G.B.
292381 by: Igor Escobar
Re: Remote MySQL Connecton Problems
292378 by: Ray Hauge
292379 by: Nathan Rixham
Re: speaking of control structures...
292380 by: Tom Worster
292382 by: Robert Cummings
292383 by: Nathan Rixham
292384 by: Tom Worster
292385 by: Al
292387 by: bruce
PHP 5.3.0RC2
292386 by: Johannes Schlüter
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
2009/4/30 Olivier Lalonde <[email protected]>:
> Hi all,
>
> Since I can't do $this = new Class(); within my class (it gives an
> error), I was looking for ways to get the same result by other means.
>
> I am actually working on an ORM and trying to implement lazy loading.
>
> $book = $orm->getBook('id'); // returns an Orm object
> $book->load();
>
> // $book should now be a Book instead instead of an Orm instance
>
> Of course, I oversimplified the problem. $book = $orm->getBook('id');
> doesn't return a Book instance right ahead because it is a chained
> method (i.e. $orm->getBook()->where(...)->prefetch(...)->etc....
> Therefore, it _has_ to return an Orm instance.
>
> Now, why not simply add ->load() at the end of the chain? Because it
> adds an extra step for developers that doesn't bring meaningful
> information. Instead of doing $book = $orm->getBook('id');, it would
> mean having to do $book = $orm->getBook('id')->load(); (which is
> longer to type :p). That's why I wanted to implement "lazy loading".
>
> $book = $dorm->getBook('id');
> echo $book->title; // title should be trapped by __set() and it should
> dynamically replace $book by an actual Book instance
>
> I tried doing the following, but PHP doesn't allow it:
>
> class A {
> public function transform() {
> $this = new B();
> }
> }
>
> class B {}
>
> $var = new A();
> $var->transform();
>
> This is not currently supported by PHP and I was wondering if there
> was anyway of getting around the problem, that doesn't involve
> 1) passing $var to the A class i.e:$var->var = $var;
> 2) looping $GLOBALS[]
> 3) using __call,__get and __set to proxy everything to the actual Book object
>
> PS1: don't lecture me about how I'm doing this all wrong. I've looked
> at the problem from every possible angle and this is the only
> solution.
> PS2: Another alternative would be to subclass the Orm object with
> Book, (class Orm extends Book {}), overload all properties/methods so
> we can catch when to load the object... but that would be an extreme
> pain in the ass.
> PS3: Another alternative would be to have a parameter that
> enables/disables chaining.
> $dorm->getBook('id', true); // chain (you now have to add ->load() at
> the end of the chain)
> $dorm->getBook('id', false); // dont chain, this returns a Book instance
>
> The point of all this is to keep the most friendly interface !
>
> Cheers,
> Olivier
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
In $orm->getBook('id') should be something similar to ...
$book = new ClassBook('id');
$book->load;
return $book;
surely?
--
-----
Richard Quadling
Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731
"Standing on the shoulders of some very clever giants!"
--- End Message ---
--- Begin Message ---
2009/5/7 Richard Quadling <[email protected]>:
> 2009/4/30 Olivier Lalonde <[email protected]>:
>> Hi all,
>>
>> Since I can't do $this = new Class(); within my class (it gives an
>> error), I was looking for ways to get the same result by other means.
>>
>> I am actually working on an ORM and trying to implement lazy loading.
>>
>> $book = $orm->getBook('id'); // returns an Orm object
>> $book->load();
>>
>> // $book should now be a Book instead instead of an Orm instance
>>
>> Of course, I oversimplified the problem. $book = $orm->getBook('id');
>> doesn't return a Book instance right ahead because it is a chained
>> method (i.e. $orm->getBook()->where(...)->prefetch(...)->etc....
>> Therefore, it _has_ to return an Orm instance.
>>
>> Now, why not simply add ->load() at the end of the chain? Because it
>> adds an extra step for developers that doesn't bring meaningful
>> information. Instead of doing $book = $orm->getBook('id');, it would
>> mean having to do $book = $orm->getBook('id')->load(); (which is
>> longer to type :p). That's why I wanted to implement "lazy loading".
>>
>> $book = $dorm->getBook('id');
>> echo $book->title; // title should be trapped by __set() and it should
>> dynamically replace $book by an actual Book instance
>>
>> I tried doing the following, but PHP doesn't allow it:
>>
>> class A {
>> public function transform() {
>> $this = new B();
>> }
>> }
>>
>> class B {}
>>
>> $var = new A();
>> $var->transform();
>>
>> This is not currently supported by PHP and I was wondering if there
>> was anyway of getting around the problem, that doesn't involve
>> 1) passing $var to the A class i.e:$var->var = $var;
>> 2) looping $GLOBALS[]
>> 3) using __call,__get and __set to proxy everything to the actual Book object
>>
>> PS1: don't lecture me about how I'm doing this all wrong. I've looked
>> at the problem from every possible angle and this is the only
>> solution.
>> PS2: Another alternative would be to subclass the Orm object with
>> Book, (class Orm extends Book {}), overload all properties/methods so
>> we can catch when to load the object... but that would be an extreme
>> pain in the ass.
>> PS3: Another alternative would be to have a parameter that
>> enables/disables chaining.
>> $dorm->getBook('id', true); // chain (you now have to add ->load() at
>> the end of the chain)
>> $dorm->getBook('id', false); // dont chain, this returns a Book instance
>>
>> The point of all this is to keep the most friendly interface !
>>
>> Cheers,
>> Olivier
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>
> In $orm->getBook('id') should be something similar to ...
>
> $book = new ClassBook('id');
> $book->load;
> return $book;
>
> surely?
>
> --
> -----
> Richard Quadling
> Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731
> "Standing on the shoulders of some very clever giants!"
>
Oops.
$book->load();
Sorry.
--
-----
Richard Quadling
Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731
"Standing on the shoulders of some very clever giants!"
--- End Message ---
--- Begin Message ---
What about declare, cast, unhex, exec etc.?
You Replace everything with "" isn't so good, I believe. Others
mentiond it before, that *, =, select, from ETC. are valid words and
characters in an other context.
Anayse some attacks before trying to defend them. Injections can be
heavily db-dependent, so filtering the common words might not be so
insightful.
If you really want to go the filter approach, then check out this
project and learn from them. ;)
http://php-ids.org/
byebye
2009/5/6 Igor Escobar <[email protected]>:
> Yeah yeah, i understood that, but, the point is... i sad previously, my
> function is not tied to any database.
>
> Is a generic function, i dont know who be use this, so i don't know, what is
> your data base so, i can't use functions like mysql_real_scape_string etc...
>
>
> Regards,
> Igor Escobar
> Systems Analyst & Interface Designer
>
> --
>
> Personal Blog
> ~ blog.igorescobar.com
> Online Portifolio
> ~ www.igorescobar.com
> Twitter
> ~ @igorescobar
>
>
>
>
>
> On Wed, May 6, 2009 at 3:00 PM, Bruno Fajardo <[email protected]> wrote:
>
>> 2009/5/6 Igor Escobar <[email protected]>:
>> > hun...by the way.... I forgot to mention, I am Brazilian and here in
>> Brazil
>> > these words are not common ...
>>
>> Igor,
>>
>> I'm brazilian too, but that is not the point. Deny the use of *any*
>> word as input in your app is unnecessary. The problem that you're
>> trying to solve, has been solved a long time ago.
>>
>> Bruno.
>>
>> >
>> > That is a recursive function and i can use array_map becouse i some cases
>> we
>> > obtain arrays of arrays and that will generate a error.
>> >
>> >
>> > Regards,
>> > Igor Escobar
>> > Systems Analyst & Interface Designer
>> >
>> > --
>> >
>> > Personal Blog
>> > ~ blog.igorescobar.com
>> > Online Portifolio
>> > ~ www.igorescobar.com
>> > Twitter
>> > ~ @igorescobar
>> >
>> >
>> >
>> >
>> >
>> > On Wed, May 6, 2009 at 2:36 PM, Shawn McKenzie <[email protected]>
>> wrote:
>> >
>> >> Igor Escobar wrote:
>> >> > Hunnn...
>> >> >
>> >> > So, what do you think now?
>> >> >
>> >> > function _antiSqlInjection($Target){
>> >> > $sanitizeRules =
>> >> > array('OR','FROM','SELECT','INSERT','DELETE','WHERE','DROP
>> >> > TABLE','SHOW TABLES','*','--','=');
>> >> > foreach($Target as $key => $value):
>> >> > if(is_array($value)): $arraSanitized[$key] =
>> >> > _antiSqlInjection($value);
>> >> > else:
>> >> > $arraSanitized[$key] = (!get_magic_quotes_gpc()) ?
>> >> > addslashes(str_ireplace(trim($sanitizeRules,"",$value))) :
>> >> > str_ireplace(trim($sanitizeRules,"",$value));
>> >> > endif;
>> >> > endforeach;
>> >> > return $arraSanitized;
>> >> > }
>> >> >
>> >> Stay on list please. I don't like the ternary or the brace omissions
>> >> (alternate syntax) :-) however....
>> >>
>> >> My point was that in my opinion you don't need the replace at all.
>> >> Also, do you really want to strip all 'or', * and = from all fields?
>> >> These may be perfectly valid in your app. Or is a very, very common
>> >> word, so is from and come to think of it, where, select, insert and
>> delete.
>> >>
>> >> For any of the SQL injections to work in your query, there will need to
>> >> be quotes or the backtick ` in the user supplied content. The quotes
>> >> are escaped by mysql_real_escape_string().
>> >>
>> >> I don't see any way for a SQL injection without the user input
>> >> containing quotes or the backtick to break out of your query or
>> >> prematurely terminate an expression. Some examples here, however they
>> >> don't mention the backtick:
>> >> http://us2.php.net/manual/en/security.database.sql-injection.php
>> >>
>> >> This might be more useful:
>> >>
>> >> ||||||function _antiSqlInjection($Target)
>> >> {
>> >> if(is_array($Target)) {
>> >> $Value = array_map('_antiSqlInjection', $Target);
>> >> } else {
>> >> if(get_magic_quotes_gpc()) {
>> >> $Target = stripslashes($Target);
>> >> }
>> >> // replace backtick with single quote or whatever
>> >> $Target = str_replace("`", "'", $Target);
>> >> $Value = mysql_real_escape_string($Target);
>> >> }
>> >> return $Value;
>> >> }
>> >>
>> >> Thanks!
>> >> -Shawn
>> >>
>> >>
>> >>
>> >
>>
>
--- End Message ---
--- Begin Message ---
Ok guys, thanks.
Regards,
Igor Escobar
Systems Analyst & Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Thu, May 7, 2009 at 7:32 AM, Jan G.B. <[email protected]> wrote:
> What about declare, cast, unhex, exec etc.?
> You Replace everything with "" isn't so good, I believe. Others
> mentiond it before, that *, =, select, from ETC. are valid words and
> characters in an other context.
>
> Anayse some attacks before trying to defend them. Injections can be
> heavily db-dependent, so filtering the common words might not be so
> insightful.
>
> If you really want to go the filter approach, then check out this
> project and learn from them. ;)
> http://php-ids.org/
>
>
> byebye
>
> 2009/5/6 Igor Escobar <[email protected]>:
> > Yeah yeah, i understood that, but, the point is... i sad previously, my
> > function is not tied to any database.
> >
> > Is a generic function, i dont know who be use this, so i don't know, what
> is
> > your data base so, i can't use functions like mysql_real_scape_string
> etc...
> >
> >
> > Regards,
> > Igor Escobar
> > Systems Analyst & Interface Designer
> >
> > --
> >
> > Personal Blog
> > ~ blog.igorescobar.com
> > Online Portifolio
> > ~ www.igorescobar.com
> > Twitter
> > ~ @igorescobar
> >
> >
> >
> >
> >
> > On Wed, May 6, 2009 at 3:00 PM, Bruno Fajardo <[email protected]>
> wrote:
> >
> >> 2009/5/6 Igor Escobar <[email protected]>:
> >> > hun...by the way.... I forgot to mention, I am Brazilian and here in
> >> Brazil
> >> > these words are not common ...
> >>
> >> Igor,
> >>
> >> I'm brazilian too, but that is not the point. Deny the use of *any*
> >> word as input in your app is unnecessary. The problem that you're
> >> trying to solve, has been solved a long time ago.
> >>
> >> Bruno.
> >>
> >> >
> >> > That is a recursive function and i can use array_map becouse i some
> cases
> >> we
> >> > obtain arrays of arrays and that will generate a error.
> >> >
> >> >
> >> > Regards,
> >> > Igor Escobar
> >> > Systems Analyst & Interface Designer
> >> >
> >> > --
> >> >
> >> > Personal Blog
> >> > ~ blog.igorescobar.com
> >> > Online Portifolio
> >> > ~ www.igorescobar.com
> >> > Twitter
> >> > ~ @igorescobar
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > On Wed, May 6, 2009 at 2:36 PM, Shawn McKenzie <[email protected]>
> >> wrote:
> >> >
> >> >> Igor Escobar wrote:
> >> >> > Hunnn...
> >> >> >
> >> >> > So, what do you think now?
> >> >> >
> >> >> > function _antiSqlInjection($Target){
> >> >> > $sanitizeRules =
> >> >> > array('OR','FROM','SELECT','INSERT','DELETE','WHERE','DROP
> >> >> > TABLE','SHOW TABLES','*','--','=');
> >> >> > foreach($Target as $key => $value):
> >> >> > if(is_array($value)): $arraSanitized[$key] =
> >> >> > _antiSqlInjection($value);
> >> >> > else:
> >> >> > $arraSanitized[$key] = (!get_magic_quotes_gpc()) ?
> >> >> > addslashes(str_ireplace(trim($sanitizeRules,"",$value))) :
> >> >> > str_ireplace(trim($sanitizeRules,"",$value));
> >> >> > endif;
> >> >> > endforeach;
> >> >> > return $arraSanitized;
> >> >> > }
> >> >> >
> >> >> Stay on list please. I don't like the ternary or the brace omissions
> >> >> (alternate syntax) :-) however....
> >> >>
> >> >> My point was that in my opinion you don't need the replace at all.
> >> >> Also, do you really want to strip all 'or', * and = from all fields?
> >> >> These may be perfectly valid in your app. Or is a very, very common
> >> >> word, so is from and come to think of it, where, select, insert and
> >> delete.
> >> >>
> >> >> For any of the SQL injections to work in your query, there will need
> to
> >> >> be quotes or the backtick ` in the user supplied content. The quotes
> >> >> are escaped by mysql_real_escape_string().
> >> >>
> >> >> I don't see any way for a SQL injection without the user input
> >> >> containing quotes or the backtick to break out of your query or
> >> >> prematurely terminate an expression. Some examples here, however
> they
> >> >> don't mention the backtick:
> >> >> http://us2.php.net/manual/en/security.database.sql-injection.php
> >> >>
> >> >> This might be more useful:
> >> >>
> >> >> ||||||function _antiSqlInjection($Target)
> >> >> {
> >> >> if(is_array($Target)) {
> >> >> $Value = array_map('_antiSqlInjection', $Target);
> >> >> } else {
> >> >> if(get_magic_quotes_gpc()) {
> >> >> $Target = stripslashes($Target);
> >> >> }
> >> >> // replace backtick with single quote or whatever
> >> >> $Target = str_replace("`", "'", $Target);
> >> >> $Value = mysql_real_escape_string($Target);
> >> >> }
> >> >> return $Value;
> >> >> }
> >> >>
> >> >> Thanks!
> >> >> -Shawn
> >> >>
> >> >>
> >> >>
> >> >
> >>
> >
>
--- End Message ---
--- Begin Message ---
Nathan Rixham wrote:
Ray Hauge wrote:
Hello everyone,
I've run into a bit of a sticky situation trying to connect to a
remote MySQL database. Here's the background:
Connecting from the command line on the web server works.
Connecting from a different vhost works.
There's no information in mysql_error. In fact, mysql_select_db('db')
or die(mysql_error()); doesn't produce any output.
The only way I know this isn't working is when I try to run a query,
the result resource is NULL.
If I copy the contents of the query and run it on the command line,
from the web server, I get the results I expected.
I manage both servers. I added the new login on the MySQL server and
also ran flush privileges. I've gone so far as to reboot both the
MySQL process and the apache process.
The versions of MySQL are slightly different 5.0.24a (web) vs 5.0.36(db).
It's getting late and I'm just grasping for straws.
Thanks!
Ray
and thus:
database server works - yes
user and login works locally - yes
user and login works remotely - yes
user and login works on box in question - yes
further debug:
do mysql connections work for any host at all in php? - todo
is the mysql module for php installed - todo check phpinfo() output
is error reporting enabled - todo set error_reporting to E_ALL
does a simple query such as "show databases" return any results
is query properly formatted and are variables properly replaced in php
version - todo check
I'd reckon that by the time you've checked all the above - you'll have
your own solution :)
regards!
Thanks Nathan!
I'm not sure what the problem was. I think I was tired and trying too
hard to solve an issue that didn't exist. I was thinking that
var_export($db_conn) would display "MySQL Resource Id #1" or something
similar, but it was displaying "NULL". I took out all my debugging code
and it's working fine now.
Ray
--- End Message ---
--- Begin Message ---
Ray Hauge wrote:
Nathan Rixham wrote:
Ray Hauge wrote:
Hello everyone,
I've run into a bit of a sticky situation trying to connect to a
remote MySQL database. Here's the background:
Connecting from the command line on the web server works.
Connecting from a different vhost works.
There's no information in mysql_error. In fact,
mysql_select_db('db') or die(mysql_error()); doesn't produce any output.
The only way I know this isn't working is when I try to run a query,
the result resource is NULL.
If I copy the contents of the query and run it on the command line,
from the web server, I get the results I expected.
I manage both servers. I added the new login on the MySQL server and
also ran flush privileges. I've gone so far as to reboot both the
MySQL process and the apache process.
The versions of MySQL are slightly different 5.0.24a (web) vs
5.0.36(db).
It's getting late and I'm just grasping for straws.
Thanks!
Ray
and thus:
database server works - yes
user and login works locally - yes
user and login works remotely - yes
user and login works on box in question - yes
further debug:
do mysql connections work for any host at all in php? - todo
is the mysql module for php installed - todo check phpinfo() output
is error reporting enabled - todo set error_reporting to E_ALL
does a simple query such as "show databases" return any results
is query properly formatted and are variables properly replaced in php
version - todo check
I'd reckon that by the time you've checked all the above - you'll have
your own solution :)
regards!
Thanks Nathan!
I'm not sure what the problem was. I think I was tired and trying too
hard to solve an issue that didn't exist. I was thinking that
var_export($db_conn) would display "MySQL Resource Id #1" or something
similar, but it was displaying "NULL". I took out all my debugging code
and it's working fine now.
Ray
easy done Ray, all too often I do the same things - "school boy" errors
in the early hours of the morning!
--- End Message ---
--- Begin Message ---
On 5/6/09 9:31 PM, "Clancy" <[email protected]> wrote:
> I can understand your reluctance to disregard your mother's advice, but
> unfortunately she
> had been brainwashed to accept the dogma of the day.
actually, i don't believe so. she did numerical work so she continued using
fortran and therefore gotos for the rest of her life. i think she just
didn't like goto. moreover, she was never dogmatic on any topic, it wasn't
in her nature.
anyway, how do you know how she came by her opinions?
--- End Message ---
--- Begin Message ---
On Thu, 2009-05-07 at 09:33 -0400, Tom Worster wrote:
> On 5/6/09 9:31 PM, "Clancy" <[email protected]> wrote:
>
> > I can understand your reluctance to disregard your mother's advice, but
> > unfortunately she
> > had been brainwashed to accept the dogma of the day.
>
> actually, i don't believe so. she did numerical work so she continued using
> fortran and therefore gotos for the rest of her life. i think she just
> didn't like goto. moreover, she was never dogmatic on any topic, it wasn't
> in her nature.
>
> anyway, how do you know how she came by her opinions?
Because that's how most people came by their opinion of goto? How did
you come by your opinion of goto? Oh yeah, your momma! Here let me open
your eyes a bit... I've done a grep on the PHP 5.2.9 source code, Apache
2.2.11 source code, and MySQL 5.1.33 source code for use of goto:
PHP 5.2.9: http://pastebin.com/f6b88957
Apache 2.2.11: http://pastebin.com/f2c7f5d93
MySQL 5.1.33: http://pastebin.com/f4441a891
It would seem that goto has a lot of use in modern code. Just because
someone tells you something, doesn't mean you should believe it at face
value. Goto has many important uses in programming. The goto that was
spurned is not really the goto in use today. The goto in use today
generally has scope within a well defined context such as a function.
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--- End Message ---
--- Begin Message ---
Robert Cummings wrote:
On Thu, 2009-05-07 at 09:33 -0400, Tom Worster wrote:
On 5/6/09 9:31 PM, "Clancy" <[email protected]> wrote:
I can understand your reluctance to disregard your mother's advice, but
unfortunately she
had been brainwashed to accept the dogma of the day.
actually, i don't believe so. she did numerical work so she continued using
fortran and therefore gotos for the rest of her life. i think she just
didn't like goto. moreover, she was never dogmatic on any topic, it wasn't
in her nature.
anyway, how do you know how she came by her opinions?
Because that's how most people came by their opinion of goto? How did
you come by your opinion of goto? Oh yeah, your momma! Here let me open
your eyes a bit... I've done a grep on the PHP 5.2.9 source code, Apache
2.2.11 source code, and MySQL 5.1.33 source code for use of goto:
PHP 5.2.9: http://pastebin.com/f6b88957
Apache 2.2.11: http://pastebin.com/f2c7f5d93
MySQL 5.1.33: http://pastebin.com/f4441a891
It would seem that goto has a lot of use in modern code. Just because
someone tells you something, doesn't mean you should believe it at face
value. Goto has many important uses in programming. The goto that was
spurned is not really the goto in use today. The goto in use today
generally has scope within a well defined context such as a function.
Cheers,
Rob.
further a switch statement pretty much is a goto (well a multiway goto),
and as I mentioned couple of days ago continue is pretty much a goto
as well - think its technical term is a "continuation" which is v
similar to a computed go to.
--- End Message ---
--- Begin Message ---
On 5/6/09 4:02 PM, "Al" <[email protected]> wrote:
> Here's the way I handle validating user form inputs. Each function validates
> several things and throws an error with the message stating what's wrong.
>
> try
> {
> checkEmailAddr($userSubmitedDataArray[EMAIL_ADDR_FIELD]);
> checkPhoneDigits($userSubmitedDataArray[PHONE_NUM_FIELD],
> 'phone');
> checkNotes($userSubmitedDataArray, $sizesArray);
> if(!empty($userSubmitedDataArray[CELLPHONE_NUM_FIELD]))
> {
> checkPhoneDigits($userSubmitedDataArray[CELLPHONE_NUM_FIELD],
> 'cell');
> checkCellCarrier($userSubmitedDataArray['carrier']);
> }
> }
>
> catch (Exception $e)
> {
> $userErrorMsg = $e->getMessage(); //Message text in check
> function
> }
>
> A typical function looks like this:
>
> function checkEmailAddr($emailAddr)
> {
> if(empty($emailAddr))
> {
> throw new Exception("No email address provided");
> }
>
> if(!preg_match("%...@%", $emailAddr))
> {
> throw new Exception("Email address missing mailbox name.");
> }
>
> if(!filter_var($emailAddr, FILTER_VALIDATE_EMAIL))
> {
> throw new Exception("Email address error. Syntax is wrong. ");
> }
> $domain = substr(strchr($emailAddr, '@'), 1);
> if(!checkdnsrr($domain))
> {
> throw new Exception("Email address warning. Specified domain
> \"$domain\" appears to be invalid. Check carefully.");
> }
> return true;
> }
thanks for the example, Al. the combination of checker functions and
exceptions (as far as i understand them, the exceptions chapter of the php
manual is a little terse) so you can throw from inside the checker seems
convenient.
--- End Message ---
--- Begin Message ---
Tom Worster wrote:
On 5/6/09 4:02 PM, "Al" <[email protected]> wrote:
Here's the way I handle validating user form inputs. Each function validates
several things and throws an error with the message stating what's wrong.
try
{
checkEmailAddr($userSubmitedDataArray[EMAIL_ADDR_FIELD]);
checkPhoneDigits($userSubmitedDataArray[PHONE_NUM_FIELD],
'phone');
checkNotes($userSubmitedDataArray, $sizesArray);
if(!empty($userSubmitedDataArray[CELLPHONE_NUM_FIELD]))
{
checkPhoneDigits($userSubmitedDataArray[CELLPHONE_NUM_FIELD],
'cell');
checkCellCarrier($userSubmitedDataArray['carrier']);
}
}
catch (Exception $e)
{
$userErrorMsg = $e->getMessage(); //Message text in check
function
}
A typical function looks like this:
function checkEmailAddr($emailAddr)
{
if(empty($emailAddr))
{
throw new Exception("No email address provided");
}
if(!preg_match("%...@%", $emailAddr))
{
throw new Exception("Email address missing mailbox name.");
}
if(!filter_var($emailAddr, FILTER_VALIDATE_EMAIL))
{
throw new Exception("Email address error. Syntax is wrong. ");
}
$domain = substr(strchr($emailAddr, '@'), 1);
if(!checkdnsrr($domain))
{
throw new Exception("Email address warning. Specified domain
\"$domain\" appears to be invalid. Check carefully.");
}
return true;
}
thanks for the example, Al. the combination of checker functions and
exceptions (as far as i understand them, the exceptions chapter of the php
manual is a little terse) so you can throw from inside the checker seems
convenient.
Incidentally, the throw new exception doesn't have to be in a function. it can
be simply in your code sequence. e.g.,
if($foo != 'boo') throw new Exception("foo is not equal to boo. ");
try/catch is a God sent for me. I'm big on telling the user everything that is
wrong with their entry and what to do about it. Prior to try/catch being
available, I'd have to have to test the return for "true" or a message and then
have logic to skip over the following checks to post a message for the user.
Keep in mind, with this approach, it is most useful if you want to inform users
about errors one at a time. If you want to get fancy, you can control the
exception handler. See manual on this.
--- End Message ---
--- Begin Message ---
you know...
interesting that goto can be found in code!!
-----Original Message-----
From: Robert Cummings [mailto:[email protected]]
Sent: Thursday, May 07, 2009 7:36 AM
To: Tom Worster
Cc: Clancy; [email protected]
Subject: Re: [PHP] speaking of control structures...
On Thu, 2009-05-07 at 09:33 -0400, Tom Worster wrote:
> On 5/6/09 9:31 PM, "Clancy" <[email protected]> wrote:
>
> > I can understand your reluctance to disregard your mother's advice, but
> > unfortunately she
> > had been brainwashed to accept the dogma of the day.
>
> actually, i don't believe so. she did numerical work so she continued
using
> fortran and therefore gotos for the rest of her life. i think she just
> didn't like goto. moreover, she was never dogmatic on any topic, it wasn't
> in her nature.
>
> anyway, how do you know how she came by her opinions?
Because that's how most people came by their opinion of goto? How did
you come by your opinion of goto? Oh yeah, your momma! Here let me open
your eyes a bit... I've done a grep on the PHP 5.2.9 source code, Apache
2.2.11 source code, and MySQL 5.1.33 source code for use of goto:
PHP 5.2.9: http://pastebin.com/f6b88957
Apache 2.2.11: http://pastebin.com/f2c7f5d93
MySQL 5.1.33: http://pastebin.com/f4441a891
It would seem that goto has a lot of use in modern code. Just because
someone tells you something, doesn't mean you should believe it at face
value. Goto has many important uses in programming. The goto that was
spurned is not really the goto in use today. The goto in use today
generally has scope within a well defined context such as a function.
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Hello!
we have packaged PHP 5.3.0RC2, which you can find here:
http://downloads.php.net/johannes/
Windows binaries are available here:
http://windows.php.net/qa/
This second release candidate focused on bug fixes and stability
improvements and we hope to only require minimal changes ahead
of the next release. Many, but not all, of the new features are
already integrated in the official documentation on php.net.
Please not that we are aware of minor issues including that we still
want to fix (though most of them have also affected PHP 5.2) and a
crash bug in affecting source files with a size of exact 8k (See Bug
#48934). Expect an RC3 in 2-3 weeks time, though for most users
there will not be a noticeable change meaning that now is the time
to start doing the final testing of PHP 5.3.0 before it gets released
with any unnecessary incompatibilities with your project.
Some additional links to get started:
http://cvs.php.net/viewvc.cgi/php-src/NEWS?view=markup&pathrev=PHP_5_3
http://wiki.php.net/doc/scratchpad/upgrade/53
Best Regards,
Lukas and Johannes
PHP 5.3 Release Managers
--- End Message ---
