php-general Digest 19 Aug 2010 21:26:31 -0000 Issue 6902
Topics (messages 307557 through 307581):
Re: How safe is a .htaccess file?
307557 by: Andre Polykanine
307574 by: Nathan Rixham
Re: tutorial failure
307558 by: e-letter
307559 by: Bob McConnell
307560 by: e-letter
307561 by: Colin Guthrie
307562 by: Ashley Sheridan
307563 by: e-letter
307564 by: Ashley Sheridan
307568 by: e-letter
307570 by: Ashley Sheridan
307573 by: HallMarc Websites
307576 by: e-letter
307581 by: Ashley Sheridan
possible issue with quotes (Magicquotes feature)?
307565 by: David Mehler
307566 by: Bob McConnell
307567 by: Marc Guay
307569 by: Ashley Sheridan
307571 by: David Mehler
openssl_pkey_new question
307572 by: tedd
307575 by: Nathan Rixham
cast changes value
307577 by: MartÃn Marqués
307578 by: Paul M Foster
307579 by: Nathan Rixham
307580 by: Cassiano Dal Pizzol
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
Hello Nathan,
Sorry, could you provide any links to read for a security noob?)
Actually, I know that the md5 is decryptable (there are bases with
words encrypted in md5), but I thought the SHA1 was secure...
--
With best regards from Ukraine,
Andre
Skype: Francophile
Twitter: http://twitter.com/m_elensule
Facebook: http://facebook.com/menelion
----- Original message -----
From: Nathan Rixham <[email protected]>
To: tedd <[email protected]>
Date: Thursday, August 19, 2010, 12:03:12 PM
Subject: [PHP] Re: How safe is a .htaccess file?
tedd wrote:
> Hi gang:
>
> The subject line says it all.
>
> How secure is a .htaccess file to store passwords and other sensitive
> stuff?
>
> Can a .htaccess file be viewed remotely?
Semi-safe,
.htaccess is prevented from being served by configuration options (which
come as default), however these can be overwritten so best to check by
doing a GET on the resource URI.
This doesn't prevent them from being exposed via other processes though,
for instance a poorly coded 'download.php?path=/path/to/.htaccess' could
still expose the file.
Typically, its obviously better to store only a hash of a password
rather than the pass in plain text, choosing the strongest algorithm you
can; password security is of course relative though, a sha-512 of
'password1' is far from secure.
A good way to approach encryption for files is to openssl_seal them
using a public key which is only available to your application - this
doesn't negate insecure code, but it at least ensures the raw files are
encrypted securely enough to negate any of these worries. (just keep
your private key safe, preferably in a pkcs12 w/a strong 64char+ pass)
Best,
Nathan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
tedd wrote:
tedd wrote:
Hi gang:
The subject line says it all.
How secure is a .htaccess file to store passwords and other sensitive
stuff?
Can a .htaccess file be viewed remotely?
Semi-safe,
.htaccess is prevented from being served by configuration options
(which come as default), however these can be overwritten so best to
check by doing a GET on the resource URI.
This doesn't prevent them from being exposed via other processes
though, for instance a poorly coded
'download.php?path=/path/to/.htaccess' could still expose the file.
Typically, its obviously better to store only a hash of a password
rather than the pass in plain text, choosing the strongest algorithm
you can; password security is of course relative though, a sha-512 of
'password1' is far from secure.
A good way to approach encryption for files is to openssl_seal them
using a public key which is only available to your application - this
doesn't negate insecure code, but it at least ensures the raw files
are encrypted securely enough to negate any of these worries. (just
keep your private key safe, preferably in a pkcs12 w/a strong 64char+
pass)
Best,
Nathan
Nathan:
I keep in running in circles because I keep getting differing
recommendations as to how to keep data secure.
If you read Chris Shiflett's book on "Essential PHP Security" -- he says
to keep everything in a database. This means keeping both encrypted data
AND the keys for decryption in the database.
I contacted Chris specifically and told him of what I was doing (all the
steps) and he approved. However, he said the main weakness in all
security practices is how one protects access to the database.
So that is my quest. How can I protect the username and password for the
database? Keep in mind that my scripts must also be able to read and use
them in accessing the database. So they must be accessible to scripts.
I figure using SetEnv to set the user and password in a .htaccess file
is about as secure as I can make it, but now you say even that could be
exposed.
So specifically, how would you hide the username and password for access
to a database WITHOUT using an "out of root" solution? Please be specific.
Hi Tedd,
Firstly, advising to keep the keys to your car in the ignition at all
times is pretty bad advise - I'll let you relate that to Chris's advice
yourself :-)
If your stuck in an environment where third parties have access to the
files on the file system and you need to put your username/password
(real keys to the data) on that filesystem, then I have to point out
that no file extension is more secure than another, there's no
difference between doing `cat .htaccess` and `cat config.php` you'll
still see the output - there's is a measure of difference however
between putting it in a web source-viewable file and non-source-viewable
file, but again your only a config setting away from being exposed to
the world.
Given the aforementioned and that the data is sensitive, I'd strongly
recommend moving to a different hosting environment:
- which is secure filesystem wise and only you have access to your files
- where the db server (or data tier) is on a private lan (preventing the
db server from public web attacks)
- where access to the db server (or data tier) is via a secured
connection [1] (encrypting data across the wire to prevent man in the
middle attacks and packet inspection)
In addition to application specific security measures such as encrypting
all sensitive data *before* sending to the database and storing the
encryption keys in a secure lockbox far away from the db or at least in
a pcks12 password protected file outside of the web root.
Now, to answer your specific question, specifically :p
If available I would use ioncube or suchlike to encrypt the source of my
PHP files (with the username pass in a php file as standard), and if I
still didn't feel like that was secure enough then I would:
create an pcks12 wrapped x509 certificate for my application:
http://pastebin.com/THW00RHt
(fill in lines 34+36 stick on web server, view in browser cert will dl)
Then I'd store the produced certificate.p12 on the file system
(preferably outside of web root, or with access restricted by .htaccess
config)
I'd then create a crypto class which provided methods to seal and open
(encrypt/decrypt) data using the keys from the x509 certificate, and
which could read the .p12 wrapped x509, like this:
http://pastebin.com/4FSx1XDa
I'd then instantiate the crypto class in my application as such:
$crypto = ApplicationCrypto::instantiate(
file_get_contents('certificate.p12'),
'PASSWORD-FOR-PKCS-HERE'
);
Then I'd load my database settings in to an object, serialize it,
encrypt the serialization and save it to a file on the filesystem as such:
$dbSettings = (object)array(
'username' => 'dbuser',
'password' => 'dbpass',
'host' => 'dbhost',
'database' => 'dbname'
);
$sealed = $crypto->seal(
json_encode( $dbSettings )
);
file_put_contents( 'dbconfig.x' , json_encode($sealed) );
Then to get the database settings back and use them I'd do the following:
$crypto = ApplicationCrypto::instantiate(
file_get_contents('certificate.p12'),
'PASSWORD-FOR-PKCS-HERE'
);
$sealed = json_decode( file_get_contents('dbconfig.x') );
$dbSettings = json_decode(
$crypto->open( $sealed->sealed , $sealed->key )
);
Further steps are possible, such as storing $sealed->key in a different
file or file system (as it's double key encryption, both the private key
from the certificate and a unique per item key is used).
But honestly, that's what I'd do - as a side note, generally the code
sealed information is encrypted strongly enough to be made public since
you need both keys, the decryption process, and the certificate wrapped
in a password protected p12 to turn it back in to anything readable.
Hope that helps a little,
Best,
Nathan
[1] http://dev.mysql.com/doc/refman/5.1/en/secure-connections.html
--- End Message ---
--- Begin Message ---
On 19/08/2010, David McGlone <[email protected]> wrote:
> Yes it is. But your computer needs the correct software to view that php
> file in a web browser as if it was a web page. If you do not have this
> software installed, then the web browser will ask you if you want to
> download the file instead.
>
The web browser views the php file as described previously; there is
no prompt to download the file.
--- End Message ---
--- Begin Message ---
From: e-letter
> On 19/08/2010, David McGlone <[email protected]> wrote:
>
>> Yes it is. But your computer needs the correct software to view that
php
>> file in a web browser as if it was a web page. If you do not have
this
>> software installed, then the web browser will ask you if you want to
>> download the file instead.
>>
> The web browser views the php file as described previously; there is
> no prompt to download the file.
David,
If the server is set up correctly, it interprets the PHP code and only
sends an HTML stream to the browser. The only way the browser would see
PHP is if the server is misconfigured. The browser will simply display
it as it would HTML. It doesn't know PHP from plain text. Actually, the
browser could not process PHP, since most of the resources needed are
still on the server.
Bob McConnell
--- End Message ---
--- Begin Message ---
On 19/08/2010, David McGlone <[email protected]> wrote:
> On Wed, 2010-08-18 at 23:08 +0100, e-letter wrote:
>> On 18/08/2010, David McGlone <[email protected]> wrote:
>> > On Wed, 2010-08-18 at 21:54 +0100, e-letter wrote:
>> >> On 18/08/2010, David McGlone <[email protected]> wrote:
>> >> >
>> >> > Do you have php5 installed?
>> >> >
>> >> Yes, but don't know how to confirm; I used urpmi to install.
>> >
>> > Use the command in a terminal: rpm -q php5
>> >
>> No package by this name in the repository; have libphp5_common5 installed.
>
> Ok let me ask you this, When you try to view a php file on your server
> does it ask you if you would like to download it?
I don't understand: isn't the example I provided a php file?
--- End Message ---
--- Begin Message ---
'Twas brillig, and e-letter at 19/08/10 13:35 did gyre and gimble:
> On 19/08/2010, David McGlone <[email protected]> wrote:
>
>> Yes it is. But your computer needs the correct software to view that php
>> file in a web browser as if it was a web page. If you do not have this
>> software installed, then the web browser will ask you if you want to
>> download the file instead.
>>
> The web browser views the php file as described previously; there is
> no prompt to download the file.
>
You are apparently using Mandriva as you mentioned urpmi in your
original email.
I strongly suggest you do: "urpmi task-lamp" as this will install all
the revenant packages.
I strongly suspect you have not installed the apache-mod_php package.
I should stress that you should *not* have to edit *any* files to get
your system up and running. If you do edit files (especially your apache
configuration) then you really do need to sit down and learn how
everything works and how things fit together.
As you're presumably just starting out, I'd recommend sticking to the
basics, install task-lamp and then go from there.
HTHs
Col
--
Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/
Day Job:
Tribalogic Limited [http://www.tribalogic.net/]
Open Source:
Mandriva Linux Contributor [http://www.mandriva.com/]
PulseAudio Hacker [http://www.pulseaudio.org/]
Trac Hacker [http://trac.edgewall.org/]
--- End Message ---
--- Begin Message ---
On Thu, 2010-08-19 at 09:41 +0100, e-letter wrote:
> On 19/08/2010, David McGlone <[email protected]> wrote:
> > On Wed, 2010-08-18 at 23:08 +0100, e-letter wrote:
> >> On 18/08/2010, David McGlone <[email protected]> wrote:
> >> > On Wed, 2010-08-18 at 21:54 +0100, e-letter wrote:
> >> >> On 18/08/2010, David McGlone <[email protected]> wrote:
> >> >> >
> >> >> > Do you have php5 installed?
> >> >> >
> >> >> Yes, but don't know how to confirm; I used urpmi to install.
> >> >
> >> > Use the command in a terminal: rpm -q php5
> >> >
> >> No package by this name in the repository; have libphp5_common5 installed.
> >
> > Ok let me ask you this, When you try to view a php file on your server
> > does it ask you if you would like to download it?
>
> I don't understand: isn't the example I provided a php file?
>
I think it's fairly clear that for whatever reason, PHP isn't properly
configured with Apache. You've mentioned you're using Mandriva, which,
coincidentally, is what i've just recently installed on my home machine.
It has a very good graphical package manager that you can use to install
PHP and Apache. I'm not at my home machine right now, so I don't recall
the exact name, but it's found somewhere in the Computer Settings main
menu dialogue. From here, you can install Apache and PHP, which will
configure Apache as well to recognise PHP scripts and execute them.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On 19/08/2010, Ashley Sheridan <[email protected]> wrote:
> I think it's fairly clear that for whatever reason, PHP isn't properly
> configured with Apache. You've mentioned you're using Mandriva, which,
> coincidentally, is what i've just recently installed on my home machine.
> It has a very good graphical package manager that you can use to install
> PHP and Apache. I'm not at my home machine right now, so I don't recall
> the exact name, but it's found somewhere in the Computer Settings main
> menu dialogue. From here, you can install Apache and PHP, which will
> configure Apache as well to recognise PHP scripts and execute them.
>
mcc (mandriva linux control centre) is the command (or more
specifically, rpmdrake)
To my knowledge, using this tool, all necessary files are installed. I
suspect that there is a fault with the way that mandriva builds the
packages.
--- End Message ---
--- Begin Message ---
On Thu, 2010-08-19 at 15:35 +0100, e-letter wrote:
> On 19/08/2010, Ashley Sheridan <[email protected]> wrote:
> > I think it's fairly clear that for whatever reason, PHP isn't properly
> > configured with Apache. You've mentioned you're using Mandriva, which,
> > coincidentally, is what i've just recently installed on my home machine.
> > It has a very good graphical package manager that you can use to install
> > PHP and Apache. I'm not at my home machine right now, so I don't recall
> > the exact name, but it's found somewhere in the Computer Settings main
> > menu dialogue. From here, you can install Apache and PHP, which will
> > configure Apache as well to recognise PHP scripts and execute them.
> >
> mcc (mandriva linux control centre) is the command (or more
> specifically, rpmdrake)
>
> To my knowledge, using this tool, all necessary files are installed. I
> suspect that there is a fault with the way that mandriva builds the
> packages.
As Colin suggested on another email, check to see if apache-mod_php was
installed too. It seems likely that it wasn't for some reason.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On 19/08/2010, Ashley Sheridan <[email protected]> wrote:
> As Colin suggested on another email, check to see if apache-mod_php was
> installed too. It seems likely that it wasn't for some reason.
How to verify please? Also, the instruction to use task-lamp; it seems
this is for mysql but the database to be used is postgresql?
--- End Message ---
--- Begin Message ---
On Thu, 2010-08-19 at 16:30 +0100, e-letter wrote:
> On 19/08/2010, Ashley Sheridan <[email protected]> wrote:
> > As Colin suggested on another email, check to see if apache-mod_php was
> > installed too. It seems likely that it wasn't for some reason.
>
> How to verify please? Also, the instruction to use task-lamp; it seems
> this is for mysql but the database to be used is postgresql?
Use the package manager to check and see if that was installed. I'm not
familiar with the command line for rpmi, having used Yum on Fedora
mostly, but on that you would just do a 'yum list apache-mod*' to see
what apache mods were installed and available, so I assume something
similar exists for rpmi.
The task-lamp will be using MySQL, as it is the 'm' of lamp (Linux,
Apache, MySQL & PHP)
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
-----Original Message-----
From: Ashley Sheridan [mailto:[email protected]]
Sent: Thursday, August 19, 2010 11:33 AM
To: e-letter
Cc: David McGlone; [email protected]
Subject: Re: [PHP] tutorial failure
On Thu, 2010-08-19 at 16:30 +0100, e-letter wrote:
> On 19/08/2010, Ashley Sheridan <[email protected]> wrote:
> > As Colin suggested on another email, check to see if apache-mod_php was
> > installed too. It seems likely that it wasn't for some reason.
>
> How to verify please? Also, the instruction to use task-lamp; it seems
> this is for mysql but the database to be used is postgresql?
Use the package manager to check and see if that was installed. I'm not
familiar with the command line for rpmi, having used Yum on Fedora
mostly, but on that you would just do a 'yum list apache-mod*' to see
what apache mods were installed and available, so I assume something
similar exists for rpmi.
The task-lamp will be using MySQL, as it is the 'm' of lamp (Linux,
Apache, MySQL & PHP)
Thanks,
Ash
http://www.ashleysheridan.co.uk
I agree with the earlier take on this situation; you need to start at the
beginning and learn the basics regarding the technologies BEFORE you try and
manage them. You're trying to drive a car when you don't even know what or
car is and how to operate one so you keep crashing.
Here are some great sites to check out:
http://wiki.mandriva.com/en/
http://www.pcstats.com/articleview.cfm?articleID=1868
http://www.wikivs.com/wiki/MySQL_vs_PostgreSQL
http://www.w3schools.com/
There are some great books out there as well to help you learn and I
recommend getting the reference guides as well. Since the gist of this
thread seems to be focused on the LAPP set-up and mainly an Apache (?)
configuration issue you might try the forums and mailing lists found there
as well.
I hope you find this helpful.
Marc Hall
HallMarc Websites
"Well, if all else fails; read the directions." - Dear old Dad, RIP
__________ Information from ESET Smart Security, version of virus signature
database 5379 (20100819) __________
The message was checked by ESET Smart Security.
http://www.eset.com
__________ Information from ESET Smart Security, version of virus signature
database 5379 (20100819) __________
The message was checked by ESET Smart Security.
http://www.eset.com
--- End Message ---
--- Begin Message ---
On 19/08/2010, HallMarc Websites <[email protected]> wrote:
> I agree with the earlier take on this situation; you need to start at the
> beginning and learn the basics regarding the technologies BEFORE you try and
> manage them. You're trying to drive a car when you don't even know what or
> car is and how to operate one so you keep crashing.
>
> Here are some great sites to check out:
> http://wiki.mandriva.com/en/
> http://www.pcstats.com/articleview.cfm?articleID=1868
> http://www.wikivs.com/wiki/MySQL_vs_PostgreSQL
> http://www.w3schools.com/
> There are some great books out there as well to help you learn and I
> recommend getting the reference guides as well. Since the gist of this
> thread seems to be focused on the LAPP set-up and mainly an Apache (?)
> configuration issue you might try the forums and mailing lists found there
> as well.
>
No response from apache forum. Looking at the web browser output from
the processing of the php file, the partial success of processing the
file suggests that the problem is with php; if it was due to apache,
html code would be affected as well?
--- End Message ---
--- Begin Message ---
On Thu, 2010-08-19 at 19:04 +0100, e-letter wrote:
> On 19/08/2010, HallMarc Websites <[email protected]> wrote:
> > I agree with the earlier take on this situation; you need to start at the
> > beginning and learn the basics regarding the technologies BEFORE you try and
> > manage them. You're trying to drive a car when you don't even know what or
> > car is and how to operate one so you keep crashing.
> >
> > Here are some great sites to check out:
> > http://wiki.mandriva.com/en/
> > http://www.pcstats.com/articleview.cfm?articleID=1868
> > http://www.wikivs.com/wiki/MySQL_vs_PostgreSQL
> > http://www.w3schools.com/
> > There are some great books out there as well to help you learn and I
> > recommend getting the reference guides as well. Since the gist of this
> > thread seems to be focused on the LAPP set-up and mainly an Apache (?)
> > configuration issue you might try the forums and mailing lists found there
> > as well.
> >
> No response from apache forum. Looking at the web browser output from
> the processing of the php file, the partial success of processing the
> file suggests that the problem is with php; if it was due to apache,
> html code would be affected as well?
>
No, because Apache doesn't need to process HTML in the same way it needs
to process PHP. The tag <?php in your code is being sent down to your
browser as HTML (view the source on the page you're browsing to) and
interpreted as a tag by your browser, hence what appears to be partially
processed output.
It's fairly clear by now that Apache does not know about your PHP
install (if there even is one)
I've just set up and installed PHP and Apache on my Mandriva box since
I've been at home, and it took all of 5 minutes from within the package
manager. Trust me, it's far easier to go that route than install the
packages one-by-one as you seem to be doing as, unless you know exactly
what packages you need, it's all too easy to miss installing something.
Are you able to install with the package manager, or is installing via
the command line absolutely necessary?
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
Hello,
I've got a php5 document and some items are showing up as question
marks. For example, the word President's in the code it is President's
however when displaying in the browser it's President?s the "'" is not
being displayed properly, this is occurring in several places and on
several pages.
The php version my hosting is using is 5.2.14, a check of phpinfo
shows magic_quotes_gpc as on, magic_quotes_runtime and
magic_quotes_sybase as off. Is this my issue?
Thanks.
Dave.
--- End Message ---
--- Begin Message ---
From: David Mehler
> I've got a php5 document and some items are showing up as question
> marks. For example, the word President's in the code it is President's
> however when displaying in the browser it's President?s the "'" is not
> being displayed properly, this is occurring in several places and on
> several pages.
> The php version my hosting is using is 5.2.14, a check of phpinfo
> shows magic_quotes_gpc as on, magic_quotes_runtime and
> magic_quotes_sybase as off. Is this my issue?
Not likely, magic quotes escapes MySQL style, which doubles up any
backslashes, not single quotes. The more likely issue is the character
encoding on your system is incompatible with the version used on the
server. If the server is using UTF and you only have an ASCII set, there
may not be a display character available on your browser for the code
used for that character on the server. I see this frequently when
viewing pages translated from other languages into English, or pages
generated by any number of Wikis and template packages. UTF is still a
quagmire of incompatible font sets.
Bob McConnell
--- End Message ---
--- Begin Message ---
I would chalk this up to that fancy, extra-curly, apostrophe that you
get when copying and pasting text from Microsoft Word or similar.
Marc
--- End Message ---
--- Begin Message ---
On Thu, 2010-08-19 at 11:24 -0400, Marc Guay wrote:
> I would chalk this up to that fancy, extra-curly, apostrophe that you
> get when copying and pasting text from Microsoft Word or similar.
> Marc
>
The characters Microsoft software introduces don't play nice with
non-Microsoft software, and cause a lot of problems like this for
web-based systems. If it helps, I wrote a small function to replace the
'bad' characters with the correct ones:
http://ashleysheridan.co.uk/coding/php/Remove_Rubbish_Microsoft_Markup
It can also remove the extra meta info stuff that seems to get thrown in
when you copy large amounts of text into a rich-text editor, as this
often breaks the display of content in non-MS browsers, although that is
a little experimental at the moment, as I've not really had the time to
test it exhaustively.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
Hello Everyone,
Thanks. Ash, i'll try your function and see how that works. The
original content came from word documents, but they were pasted in to
a text editor in this case notetab light. In the meta of the site the
character set is utf-8 I was told it was better to use that than
iso8859-1 if this is wrong i'd definitely like to know about it.
Any other suggestions let me know.
Thanks a lot.
Dave.
On 8/19/10, Ashley Sheridan <[email protected]> wrote:
> On Thu, 2010-08-19 at 11:24 -0400, Marc Guay wrote:
>
>> I would chalk this up to that fancy, extra-curly, apostrophe that you
>> get when copying and pasting text from Microsoft Word or similar.
>> Marc
>>
>
>
> The characters Microsoft software introduces don't play nice with
> non-Microsoft software, and cause a lot of problems like this for
> web-based systems. If it helps, I wrote a small function to replace the
> 'bad' characters with the correct ones:
>
> http://ashleysheridan.co.uk/coding/php/Remove_Rubbish_Microsoft_Markup
>
> It can also remove the extra meta info stuff that seems to get thrown in
> when you copy large amounts of text into a rich-text editor, as this
> often breaks the display of content in non-MS browsers, although that is
> a little experimental at the moment, as I've not really had the time to
> test it exhaustively.
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
>
--- End Message ---
--- Begin Message ---
Hi gang:
I'm trying to keep my questions simple.
Does the function "openssl_pkey_new" use 40, 56, 128, 256, or what
bit encryption?
Cheers,
tedd
--
-------
http://sperling.com/
--- End Message ---
--- Begin Message ---
tedd wrote:
Hi gang:
I'm trying to keep my questions simple.
Does the function "openssl_pkey_new" use 40, 56, 128, 256, or what bit
encryption?
Higher, and configurable, typically 512,1024,2048,4096
example:
$privkey = openssl_pkey_new( array('private_key_bits' => 2048 ) );
Best,
Nathan
--- End Message ---
--- Begin Message ---
I have values with 2 decimals that I multiple by 100 to make them
integers, but to be sure I do a cast using (int).
The thing is that (int) is changing the value of the integer. Here is
a var_dump of the original value, the value * 100, and the value after
casting to int.
string(5) "34.80"
float(3480)
int(3479)
Using floor() those the exact same thing.
Why is this?
--
Martín Marqués
select 'martin.marques' || '@' || 'gmail.com'
DBA, Programador, Administrador
--- End Message ---
--- Begin Message ---
On Thu, Aug 19, 2010 at 03:46:37PM -0300, Martín Marqués wrote:
> I have values with 2 decimals that I multiple by 100 to make them
> integers, but to be sure I do a cast using (int).
>
> The thing is that (int) is changing the value of the integer. Here is
> a var_dump of the original value, the value * 100, and the value after
> casting to int.
>
> string(5) "34.80"
> float(3480)
> int(3479)
>
> Using floor() those the exact same thing.
>
> Why is this?
Need to see your code. In cases like this, it's almost always been my
experience that the code is structured incorrectly to make it work the
way you expect.
Paul
--
Paul M. Foster
--- End Message ---
--- Begin Message ---
Martín Marqués wrote:
I have values with 2 decimals that I multiple by 100 to make them
integers, but to be sure I do a cast using (int).
The thing is that (int) is changing the value of the integer. Here is
a var_dump of the original value, the value * 100, and the value after
casting to int.
string(5) "34.80"
float(3480)
int(3479)
Using floor() those the exact same thing.
Why is this?
echo serialize("34.80" * 100);
3479.99999999999954525264911353588104248046875
int simply chops it, hence 3479
:)
--- End Message ---
--- Begin Message ---
http://www.php.net/manual/en/language.types.float.php
*Warning* Floating point precision
It is typical that simple decimal fractions like *0.1* or *0.7* cannot be
converted into their internal binary counterparts without a small loss of
precision. This can lead to confusing results: for example, *
floor((0.1+0.7)*10)* will usually return *7* instead of the expected *8*,
since the internal representation will be something like *7.9*.
This is due to the fact that it is impossible to express some fractions in
decimal notation with a finite number of digits. For instance, *1/3* in
decimal form becomes *0.3*.
So never trust floating number results to the last digit, and never compare
floating point numbers for equality. If higher precision is necessary,
thearbitrary
precision math functions <http://www.php.net/manual/en/ref.bc.php> and
gmp<http://www.php.net/manual/en/ref.gmp.php> functions
are available.
<http://www.php.net/manual/en/language.types.float.php>
-----
Cassiano Dal Pizzol
[email protected]
MSN: [email protected]
Twitter: razielbr
ICQ: 72941129
http://confraria-da-leitura.blogspot.com/
2010/8/19 Nathan Rixham <[email protected]>
Martín Marqués wrote:
>
>> I have values with 2 decimals that I multiple by 100 to make them
>> integers, but to be sure I do a cast using (int).
>>
>> The thing is that (int) is changing the value of the integer. Here is
>> a var_dump of the original value, the value * 100, and the value after
>> casting to int.
>>
>> string(5) "34.80"
>> float(3480)
>> int(3479)
>>
>> Using floor() those the exact same thing.
>>
>> Why is this?
>>
>>
> echo serialize("34.80" * 100);
>
> 3479.99999999999954525264911353588104248046875
>
> int simply chops it, hence 3479
>
> :)
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
