php-general Digest 15 Jun 2009 14:50:53 -0000 Issue 6176
Topics (messages 294037 through 294047):
Re: socket communication programming
294037 by: Andrew Ballard
Re: preg_replace problem
294038 by: Andrew Ballard
Sorting mySQL query - one order from multiple fields
294039 by: George Langley
Search/Replace in entire database?
294040 by: Chris Payne
294041 by: Peter Ford
294042 by: Caner Bulut
294043 by: Michael Shadle
294045 by: tedd
Re: Uniquely identifying an array... as a key to another array
294044 by: Stuart
Re: Periodic Actions in PHP?
294046 by: tedd
Re: Preventing XSS Attacks
294047 by: Bob McConnell
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
On Sat, Jun 13, 2009 at 4:58 PM, HELP!<[email protected]> wrote:
> On Sat, Jun 13, 2009 at 10:28 PM, Manuel Lemos <[email protected]> wrote:
>
>> Hello,
>>
>> on 06/12/2009 11:41 AM HELP! said the following:
>> > hi
>> > I can not get the stream_get_contents() to work. it's returning empty.
>> > If you have a login details "ALOGINPASS 1A" cant you just fwrite($ft,
>> > "ALOGINPASS 1A"); or do you need to add other things
>> >
>> >
>> > what is the meaning of this string" GET / HTTP/1.0\r\nHost:
>> > www.example.com\r\nAccept <http://www.example.com/r/nAccept>:
>> */*\r\n\r\n"
>>
>> If that is regular HTTP, why don't you try an HTTP client class that
>> lets you customize your request parameters like this one?
>>
>> http://www.phpclasses.org/httpclient
>>
>> --
>>
>> Regards,
>> Manuel Lemos
>>
>> Find and post PHP jobs
>> http://www.phpclasses.org/jobs/
>>
>> PHP Classes - Free ready to use OOP components written in PHP
>> http://www.phpclasses.org/
>>
> Thanks. I need to access remote data via TCP. Connecting to the given
> port has been successful but getting acknowledgement from the remote server
> after sending the login packet is a problem. Is there anything wrong sending
> the login packet in strings? or what is the best way?
>
> I probably think the server is not detecting the end of the login message.
> Is there anyway you can add END of message to login package specified.
>
> Thnaks
>
>
>
The sample request you posted earlier is, as Shawn already pointed
out, malformed. If that is truly what you are sending (and that isn't
just a typo), you won't get the results you want.
If all you are trying to do is fetch data from a remote web server,
one of the packaged libraries like HTTPrequest will probably be all
you need. That way the code behind the API will make sure your
requests are well formed, and they also usually have handling built in
to detect HTTP response codes and follow redirect headers. All you
have to worry about is plugging the right data into the right places
in the API.
Andrew
--- End Message ---
--- Begin Message ---
On Sat, Jun 13, 2009 at 5:16 PM, Al<[email protected]> wrote:
>
>
> Al wrote:
>>
>> This preg_replace() should simply replace all "&" with "&" unless the
>> value is already "&"
>>
>> But; if $value is simple a quote character ["] I get ""e". e.g.,
>> "test" => "e;test"e;
>>
>> Search string and replace works as it should in Regex_Coach.
>>
>> echo $value.'<br />';
>> $value=preg_replace("%&(?!amp;)%i", "&", $value);
>> echo $value;
>>
>> I tried using \x26 for the "&" in the search string; didn't help.
>>
>> This seems too obvious to be a bug. Using php5.2.9
>>
>> Al.......
>
> I erred when I keyed this message. The "But,...." should be as, without the
> "e" on quote. Which is an HTML entity for quote.
>
> But; if $value is simple a quote character ["] I get """. e.g.,
> "test" => "test"
>
The regex that you posted won't replace an actual quote character at
all. Are you sure you aren't running the value through something like
htmlspecialchars() before it's getting into your regexp?
Andrew
--- End Message ---
--- Begin Message ---
Hi all. Am trying to sort baseball games by time, where there can be
up to 3 times listed per game.
Each game has an original "date" and "time" field, plus fields for 2
rain-out dates/times ("rodate1" "rotime1", "rodate2", "rotime2"), to
use if the game gets rained out. Note that rotime1 and rotime2 are
NULL if no time has been entered. Also note that the original date
and time fields are not changed - they are kept for posterity.
Usually, the rain-out date is set to a day that the teams were
already going to play each other again, with the rain-out game going
first. So need to sort those 2 games in order: rain-out first, then
normally-scheduled.
But, I can't just sort on the "time" field, as the rain-out game
could now have a different time. I need to use the rotime2 (if it
exists), else use the rotime1 (if it exists), else use the time.
Can not get my query order to work. One of the variations I've tried:
$theQuery = mysql_query("select variousFields from theTable where
date = '$currDate' ORDER BY CASE WHEN rotime2 THEN rotime2 WHEN
rotime1 THEN rotime1 ELSE time");
Is there a query sort that will work in this case? Is not the usual
"sort by last name, then sort by first name" scenario!
Thanks for any pointers.
George Langley
Multimedia Developer, Audio/Video Editor, Musician, Arranger, Composer
http://www.georgelangley.ca
--- End Message ---
--- Begin Message ---
Hi everyone,
I am in the middle of creating an editor where you can search and
replace on an individual column in a single table then I came across
something I need to be able to do but not sure how.
Is it posible (And if so please how :-) to search an entire database
and all tables within a database and do a find/replace on keywords
without having to specify each table/column within that table?
The people I am working for have made some big changes and one of them
is changing the names of one of their products, but this product name
appears EVERYWHERE in many tables and in lots of different column
names, and it would save so much time if I could do a single query
that would just search EVERYTHING within the database.
Thanks for any advice you can give me.
Regards
Chris Payne
--- End Message ---
--- Begin Message ---
Chris Payne wrote:
> Hi everyone,
>
> I am in the middle of creating an editor where you can search and
> replace on an individual column in a single table then I came across
> something I need to be able to do but not sure how.
>
> Is it posible (And if so please how :-) to search an entire database
> and all tables within a database and do a find/replace on keywords
> without having to specify each table/column within that table?
>
> The people I am working for have made some big changes and one of them
> is changing the names of one of their products, but this product name
> appears EVERYWHERE in many tables and in lots of different column
> names, and it would save so much time if I could do a single query
> that would just search EVERYTHING within the database.
>
> Thanks for any advice you can give me.
>
> Regards
>
> Chris Payne
Chris,
This is not really a PHP question, is it? More like a question for the support
group that corresponds to your database software...
However, in my experience databases don't allow a cross-table update in a single
query - you won't be able to do it in one query.
You will either have to
1. work out which columns and tables contain the name
2. script a query to make the changes for each separately
3. test it on a backup version of the database
4. fix the bugs
5 run the script on the live database.
OR (possibly)
1. block access to the database (to prevent any changes while you are
processing)
2. dump the whole DB to an SQL script
3. do a search and replace on the text of the SQL script
4. Drop the existing data and reload the database from your SQL dump
5. enable access again so that the users can find the (inevitable) mistakes.
These are both pretty time-consuming - sorry!
Then make a business case for the project of normalising the database, at least
with respect to the product names...
--
Peter Ford phone: 01580 893333
Developer fax: 01580 893399
Justcroft International Ltd., Staplehurst, Kent
--- End Message ---
--- Begin Message ---
Hi Chris,
MySQL introduced full - text indexing and searching capabilities back in
version 3.23.23. The implementation is straightforward and easy to use —
define a FULLTEXT index and use MATCH / AGAINST in the query. Consider this
example:
CREATE TABLE SOCIAL_EVENT (
EVENT_ID INTEGER UNSIGNED NOT NULL AUTO_INCREMENT,
USER_ID INTEGER UNSIGNED NOT NULL,
HEADLINE TEXT NOT NULL,
EVENT_TEXT TEXT NOT NULL,
EVENT_DATE TIMESTAMP NOT NULL,
PRIMARY KEY (EVENT_ID),
FOREIGN KEY (USER_ID)
REFERENCES SOCIAL_USER(USER_ID),
FULLTEXT INDEX (HEADLINE, EVENT_TEXT)
)
ENGINE=MyISAM DEFAULT CHARACTER SET latin1
COLLATE latin1_general_cs AUTO_INCREMENT=0;
Thanks.
Caner
2009/6/15 Chris Payne <[email protected]>
> Hi everyone,
>
> I am in the middle of creating an editor where you can search and
> replace on an individual column in a single table then I came across
> something I need to be able to do but not sure how.
>
> Is it posible (And if so please how :-) to search an entire database
> and all tables within a database and do a find/replace on keywords
> without having to specify each table/column within that table?
>
> The people I am working for have made some big changes and one of them
> is changing the names of one of their products, but this product name
> appears EVERYWHERE in many tables and in lots of different column
> names, and it would save so much time if I could do a single query
> that would just search EVERYTHING within the database.
>
> Thanks for any advice you can give me.
>
> Regards
>
> Chris Payne
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
You can always cheat. Use information_schema or just show databases
and show tables and loop through it. Just using information_schema is
perfect though i think then you can know or query on column type and
save some work.
Sent from my iPhone
On Jun 15, 2009, at 1:10 AM, Peter Ford <[email protected]> wrote:
Chris Payne wrote:
Hi everyone,
I am in the middle of creating an editor where you can search and
replace on an individual column in a single table then I came across
something I need to be able to do but not sure how.
Is it posible (And if so please how :-) to search an entire database
and all tables within a database and do a find/replace on keywords
without having to specify each table/column within that table?
The people I am working for have made some big changes and one of
them
is changing the names of one of their products, but this product name
appears EVERYWHERE in many tables and in lots of different column
names, and it would save so much time if I could do a single query
that would just search EVERYTHING within the database.
Thanks for any advice you can give me.
Regards
Chris Payne
Chris,
This is not really a PHP question, is it? More like a question for
the support
group that corresponds to your database software...
However, in my experience databases don't allow a cross-table update
in a single
query - you won't be able to do it in one query.
You will either have to
1. work out which columns and tables contain the name
2. script a query to make the changes for each separately
3. test it on a backup version of the database
4. fix the bugs
5 run the script on the live database.
OR (possibly)
1. block access to the database (to prevent any changes while you
are processing)
2. dump the whole DB to an SQL script
3. do a search and replace on the text of the SQL script
4. Drop the existing data and reload the database from your SQL dump
5. enable access again so that the users can find the (inevitable)
mistakes.
These are both pretty time-consuming - sorry!
Then make a business case for the project of normalising the
database, at least
with respect to the product names...
--
Peter Ford phone: 01580 893333
Developer fax: 01580 893399
Justcroft International Ltd., Staplehurst, Kent
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
At 9:17 PM -0700 6/14/09, Chris Payne wrote:
Hi everyone,
I am in the middle of creating an editor where you can search and
replace on an individual column in a single table then I came across
something I need to be able to do but not sure how.
Is it posible (And if so please how :-) to search an entire database
and all tables within a database and do a find/replace on keywords
without having to specify each table/column within that table?
The people I am working for have made some big changes and one of them
is changing the names of one of their products, but this product name
appears EVERYWHERE in many tables and in lots of different column
names, and it would save so much time if I could do a single query
that would just search EVERYTHING within the database.
Thanks for any advice you can give me.
Regards
Chris Payne
Chris:
The problem you cite is exactly why one should use relational
databases. If the people you are working for had done that, then you
would have only to edit one table.
The process works like this -- you have a product table that has an
unique id with other information about each product, such as its
name. However, every table that references that product does so via
the product's id and not the product's name. As such, each look-up
for the product name requires first to know the product's id and then
pull out the name associated with that id.
In any event, a little more work at the start saves tons later.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
2009/6/15 Eddie Drapkin <[email protected]>:
> Alright, here's the situation. I'm wrapping memcached, which takes a list
> of several servers, into a quasi-singleton. In other words, I want only one
> instance per set of servers, not per server.
>
> Assuming I had three memcached servers at localhost, 192.168.1.1 and
> 192.168.1.2, I wouldn't want one instance per server, but given that there
> are seven possible permutations of combinations / only one server
> configuration, MemcacheConnector::$instances could be an array with seven
> objects. I'm expecting MemcacheConnector::getInstance($array) to take an
> array formatted like 'server' => 'port'.
>
> Thusly, the question then becomes, what's the lightest possible way to store
> a unique-ish array as the key for MemcacheConnector::$instances? Having
> MemcacheConnector::getInstance() check for
> self::$instances[serialize($serverArray)] seems a huge waste of both ram and
> CPU time. Is there a better way?
Why not give each set of servers a name? Surely they're grouped
together for a reason, so give that reason a name.
-Stuart
--
http://stut.net/
--- End Message ---
--- Begin Message ---
At 9:22 PM +0330 6/14/09, Parham Doustdar wrote:
Actually, your message sparked an idea in my [slow] mind. :)
I can put the PHP code in a java script, and tell javascript to call it
every fifteen seconds. Best option, I think. :)
Any ideas?
Thanks!
Parham:
That's exactly what I've done here:
http://webbytedd.com/b/timed-php/
The only addition is that I use ajax.
The operation is outlined there. If you need additional details, just ask.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
From: Ashley Sheridan
> On Wed, 2009-06-10 at 18:28 +0200, Nitsan Bin-Nun wrote:
>> mysql_real_escape_string() only sanitise the input. I would
personally
>> only allow [a-zA-Z0-9-_] in search string but that's just me ;)
>> Validate the input in some way, or make extra sanitisation of it
>> before running the search query.
>>
>> Regarding the HTML output, just entities() it and you'll be good :)
>>
>> On Wed, Jun 10, 2009 at 6:32 PM, Ashley Sheridan
>> <[email protected]> wrote:
>>
>> On Wed, 2009-06-10 at 18:18 +0200, Nitsan Bin-Nun wrote:
>> > As far for the output, just html entities () it and you
will
>> be good.
>> >
>> > You better check the search query for sql injection, which
>> is more
>> > dangerous.
>> >
>> > HTH
>> > Nitsan
>> >
>> > On Wed, Jun 10, 2009 at 6:19 PM, Ashley Sheridan
>> > <[email protected]> wrote:
>> > Hi all,
>> >
>> > I'm looking at adding a new search feature to my
>> site, and one
>> > of the
>> > elements of this is to echo back in the search
>> results page,
>> > the
>> > original string the user searched for. Up until
now,
>> XSS
>> > hasn't (afaik)
>> > been an issue for my site, but I can see from a
mile
>> off this
>> > will be.
>> > What would you guys recommend to avoid this?
>> >
>> > I'd thought initially of using a mixture of
>> > html_special_chars() and a
>> > regex (as yet not sure what I'll be stripping out
>> with this)
>> > to sanitise
>> > the output for display on the results page, but is
>> this
>> > enough?
>> >
>>
>> I always use mysql_real_escape_string() for that sort of
>> thing, not had
>> a problem with it, but is there anything you think I should
be
>> wary of?
>>
>
> Well, I don't understand, what is the problem with
> mysql_real_escape_string() for sanitising input to use for a search?
It
> should escape anything out so that the query can't be used in ways
that
> I don't want no?
>
> I'd thought about using a whitelist-only regex, but that seems a
little
> limiting tbh, and as my site contains code, it's not unreasonable to
> expect some people might want to search for particular code excerpts.
What if we don't use MySQL? We are using Postgres on our web servers.
None of the MySQL libraries are available. I am currently reviewing a
half-dozen different and incomplete black-list sanitization functions
that don't to a very good job while removing characters that we need to
be able to use. I need to identify a clean strategy to replace or
restructure them.
Bob McConnell
Sorry for posting this so late, I just got back from a week of vacation.
bm
--- End Message ---
