php-general Digest 24 Dec 2010 18:59:07 -0000 Issue 7100
Topics (messages 310227 through 310242):
Re: Server response very poor again
310227 by: Daniel P. Brown
310231 by: Al
310232 by: Daniel Brown
310233 by: Steve Staples
310234 by: Daniel P. Brown
310235 by: Bastien Koert
Re: Warning when calling session_start()
310228 by: Daniel P. Brown
Re: Stripslashes
310229 by: Ravi Gehlot
310237 by: Bob McConnell
310238 by: Ravi Gehlot
310239 by: Russell Dias
310240 by: Ravi Gehlot
Re: [SOLVED] Re: Upgraded system and now $_SERVER['SERVER_NAME'] is not more
working
310230 by: Ravi Gehlot
Re: accessing magic parent set
310236 by: David Harkness
Re: MP3 Player and PHP
310241 by: Sharl.Jimh.Tsin
Re: goto - My comments
310242 by: Jim Lucas
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
On Wed, Dec 22, 2010 at 12:17, Nicholas Kell <[email protected]> wrote:
>
> I am with Steve. Well, what I mean is, on this topic I am in agreement with
> Steve. My connection, etc. seems to be quite responsive.
Oh, that's what you mean! Several of us were speaking about it
the other day and thought you two were dating.
--
</Daniel P. Brown>
Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
(866-) 725-4321
http://www.parasane.net/
--- End Message ---
--- Begin Message ---
On 12/22/2010 12:17 PM, Nicholas Kell wrote:
On Dec 22, 2010, at 10:09 AM, Steve Staples wrote:
On Wed, 2010-12-22 at 10:19 -0500, Al wrote:
It was fixed about 3 or 4 weeks ago; but, has reverted to poor again. Many
times outs etc.
Took me 4 tries to post this.
Al...........
Not trying to sound rude or prickish... but is it your ISP or connection
to the intertubes? Or could it be an issue with your computer?
I've never had any problems posting, or retrieving mail from this list,
so I can't say/speak to a related issue.
Steve
I am with Steve. Well, what I mean is, on this topic I am in agreement with
Steve. My connection, etc. seems to be quite responsive.
I should have been more explicit. I meant to say the newsgroup access.
--- End Message ---
--- Begin Message ---
On Wed, Dec 22, 2010 at 12:39, Al <[email protected]> wrote:
>
> I should have been more explicit. I meant to say the newsgroup access.
Okay, that's what I figured. I've been saying for months now that
I'd set up an NNTP-only mirror, and keep getting sidetracked with
other things. I'll try to focus on that after the holidays.
--
</Daniel P. Brown>
Network Infrastructure Manager
Documentation, Webmaster Teams
http://www.php.net/
--- End Message ---
--- Begin Message ---
On Wed, 2010-12-22 at 12:49 -0500, Daniel P. Brown wrote:
> On Wed, Dec 22, 2010 at 12:17, Nicholas Kell <[email protected]> wrote:
> >
> > I am with Steve. Well, what I mean is, on this topic I am in agreement with
> > Steve. My connection, etc. seems to be quite responsive.
>
> Oh, that's what you mean! Several of us were speaking about it
> the other day and thought you two were dating.
>
> --
> </Daniel P. Brown>
> Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
> (866-) 725-4321
> http://www.parasane.net/
>
whoa... wait a sec there... i seem to recall this statement... ;)
"This seems to be the most likely, and considering how all messages
are permanently and independently archived and propagate throughout
the Internet, it might be a good reason not to go nuts in sending
unrelated and unintelligible messages of this nature in the future."
this could be one of those situations ;)
so now the whole world knows... GREAT! this was supposed to be a
secret.
--- End Message ---
--- Begin Message ---
On Wed, Dec 22, 2010 at 13:07, Steve Staples <[email protected]> wrote:
>>
> whoa... wait a sec there... i seem to recall this statement... ;)
>
> "This seems to be the most likely, and considering how all messages
> are permanently and independently archived and propagate throughout
> the Internet, it might be a good reason not to go nuts in sending
> unrelated and unintelligible messages of this nature in the future."
>
> this could be one of those situations ;)
Yes, you're right.... but mine was intelligible. ;-P
> so now the whole world knows... GREAT! this was supposed to be a
> secret.
As they say, 'tis the season to be jolly. It's up to each
individual to determine just *how* jolly.
--
</Daniel P. Brown>
Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
(866-) 725-4321
http://www.parasane.net/
--- End Message ---
--- Begin Message ---
On Wed, Dec 22, 2010 at 1:13 PM, Daniel P. Brown
<[email protected]> wrote:
> On Wed, Dec 22, 2010 at 13:07, Steve Staples <[email protected]> wrote:
>>>
>> whoa... wait a sec there... i seem to recall this statement... ;)
>>
>> "This seems to be the most likely, and considering how all messages
>> are permanently and independently archived and propagate throughout
>> the Internet, it might be a good reason not to go nuts in sending
>> unrelated and unintelligible messages of this nature in the future."
>>
>> this could be one of those situations ;)
>
> Yes, you're right.... but mine was intelligible. ;-P
>
>> so now the whole world knows... GREAT! this was supposed to be a
>> secret.
>
> As they say, 'tis the season to be jolly. It's up to each
> individual to determine just *how* jolly.
>
> --
> </Daniel P. Brown>
> Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
> (866-) 725-4321
> http://www.parasane.net/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Geez, and it ins't even Friday yet!
--
Bastien
Cat, the other other white meat
--- End Message ---
--- Begin Message ---
On Wed, Dec 22, 2010 at 11:43, Ravi Gehlot <[email protected]> wrote:
> session_start (); should be before everything...first thing in the page.
Unlike the body of your email, Ravi, which is why I've asked you
before not to top-post. Please follow the formats as outlined in the
list rules.
--
</Daniel P. Brown>
Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
(866-) 725-4321
http://www.parasane.net/
--- End Message ---
--- Begin Message ---
What are these magic quotes anyways?. What are they used for? escaping?
Regards,
Ravi.
On Tue, Nov 16, 2010 at 11:44 PM, Adam Richardson <[email protected]>wrote:
> On Tue, Nov 16, 2010 at 10:10 PM, Gary <[email protected]> wrote:
>
> > I was doing a test of stripslashes on a $_POST, when I recieved the
> email,
> > all of the slashes were still in the data posted.
> >
> > I used :
> >
> > $fname = stripslashes($_POST['fname']);
> >
> > I input G\\a//r\y\\, and was expecting, according to the manuel
> G\a//r*y\,
> > but got the original spelling.
> >
>
> In this case, you should get the original, if I'm understanding correctly.
> Think of it like a basic math problem:
>
> Step 1: Happens automatically when you submit the form and PHP receives the
> form variables
> input + slashes = slashed_input
>
> Step 2: This happens when you call stripslashes.
> slashed_input - slashes = input
>
> The goal of stripslashes is that it will undo what happened automatically
> using magic_quotes_gpc (which essentially calls addslashes on the GPC vars
> behind the scenes) so you'll end up with the original input.
>
> So, working through your example:
>
> 1. You inputted into a form G\\a//r\y\\ and submitted the form.
> 2. PHP received G\\a//r\y\\ and added slashes (G\\\\a//r\\y\\\\).
> 3. You called stripslashes (G\\a//r\y\\).
>
>
>
>
> >
> > I added:
> >
> > echo stripslashes($fname); and did get the expected result on the page,
> but
> > not in the email from the $_POST.
> >
>
> Here, you called stripslashes on something already stripped once, so you
> now
> have a new value (G\a//ry\).
>
>
> >
> > I also tried
> >
> > $fname = (stripslashes($_POST['fname']));
> >
>
> This would be no different than your attempt without enclosing parentheses.
>
> Now, let me just say that I detest magic_quotes, and it's best to run with
> them disabled so you don't even have to worry about this kind of issue
> (they've been deprecated.) But, perhaps you were just trying to learn
> about
> some piece of legacy code.
>
> Hope the explanation helps, Gary.
>
> Adam
>
> --
> Nephtali: PHP web framework that functions beautifully
> http://nephtaliproject.com
>
--- End Message ---
--- Begin Message ---
From: Ravi Gehlot
> What are these magic quotes anyways?. What are they used for?
escaping?
I wasn't there at the time, but I gather that the general idea was to
automagically insert escape characters into data submitted from a form.
However, they used a backslash as the escape character, which is not
universally recognized across database engines. Even the SQL standard
defines an escape as a single quote character.
We used to have magic quotes enabled, and came up with the following
code to clean up the mess it caused.
// If magic quotes is on, we want to remove slashes
if (get_magic_quotes_gpc()) {
// Magic quotes is on
$response = stripslashes($_POST[$key]);
} else {
$response = $_POST[$key];
}
For future releases of PHP, this will also need a check to see if
get_magic_quotes_gpc() exists first.
Bob McConnell
--- End Message ---
--- Begin Message ---
On Wed, Dec 22, 2010 at 3:34 PM, Bob McConnell <[email protected]> wrote:
> From: Ravi Gehlot
>
> > What are these magic quotes anyways?. What are they used for?
> escaping?
>
> I wasn't there at the time, but I gather that the general idea was to
> automagically insert escape characters into data submitted from a form.
> However, they used a backslash as the escape character, which is not
> universally recognized across database engines. Even the SQL standard
> defines an escape as a single quote character.
>
> We used to have magic quotes enabled, and came up with the following
> code to clean up the mess it caused.
>
> // If magic quotes is on, we want to remove slashes
> if (get_magic_quotes_gpc()) {
> // Magic quotes is on
> $response = stripslashes($_POST[$key]);
> } else {
> $response = $_POST[$key];
> }
>
> For future releases of PHP, this will also need a check to see if
> get_magic_quotes_gpc() exists first.
>
> Bob McConnell
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Bob,
Thank you very much. This is good information. What I found out from
http://us2.php.net/manual/en/function.stripslashes.php was the following:
"An example use of *stripslashes()* is when the PHP directive
magic_quotes_gpc<http://us2.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc>is
*on* (it's on by default), and you aren't inserting this data into a place
(such as a database) that requires escaping. For example, if you're simply
outputting data straight from an HTML form. "
So that means that stripslashes() isn't intended for DB insertions but only
straight output. So I will remove it from my code.
Thanks,
Ravi.
--- End Message ---
--- Begin Message ---
stripslashes() is rife with gaping security holes. For mysql
insertion rely on mysql_real_escape_string() or alternatively, you can
use prepared statements.
For outputting data on the page you should ideally be using
htmlspecialchars($var, ENT_QUOTES);
cheers,
Russ
On Thu, Dec 23, 2010 at 6:48 AM, Ravi Gehlot <[email protected]> wrote:
> On Wed, Dec 22, 2010 at 3:34 PM, Bob McConnell <[email protected]> wrote:
>
>> From: Ravi Gehlot
>>
>> > What are these magic quotes anyways?. What are they used for?
>> escaping?
>>
>> I wasn't there at the time, but I gather that the general idea was to
>> automagically insert escape characters into data submitted from a form.
>> However, they used a backslash as the escape character, which is not
>> universally recognized across database engines. Even the SQL standard
>> defines an escape as a single quote character.
>>
>> We used to have magic quotes enabled, and came up with the following
>> code to clean up the mess it caused.
>>
>> // If magic quotes is on, we want to remove slashes
>> if (get_magic_quotes_gpc()) {
>> // Magic quotes is on
>> $response = stripslashes($_POST[$key]);
>> } else {
>> $response = $_POST[$key];
>> }
>>
>> For future releases of PHP, this will also need a check to see if
>> get_magic_quotes_gpc() exists first.
>>
>> Bob McConnell
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
> Bob,
>
> Thank you very much. This is good information. What I found out from
> http://us2.php.net/manual/en/function.stripslashes.php was the following:
> "An example use of *stripslashes()* is when the PHP directive
> magic_quotes_gpc<http://us2.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc>is
> *on* (it's on by default), and you aren't inserting this data into a place
> (such as a database) that requires escaping. For example, if you're simply
> outputting data straight from an HTML form. "
>
> So that means that stripslashes() isn't intended for DB insertions but only
> straight output. So I will remove it from my code.
>
> Thanks,
> Ravi.
>
--- End Message ---
--- Begin Message ---
On Wed, Dec 22, 2010 at 4:21 PM, Russell Dias <[email protected]> wrote:
> stripslashes() is rife with gaping security holes. For mysql
> insertion rely on mysql_real_escape_string() or alternatively, you can
> use prepared statements.
>
> For outputting data on the page you should ideally be using
> htmlspecialchars($var, ENT_QUOTES);
>
> cheers,
> Russ
>
> On Thu, Dec 23, 2010 at 6:48 AM, Ravi Gehlot <[email protected]> wrote:
> > On Wed, Dec 22, 2010 at 3:34 PM, Bob McConnell <[email protected]> wrote:
> >
> >> From: Ravi Gehlot
> >>
> >> > What are these magic quotes anyways?. What are they used for?
> >> escaping?
> >>
> >> I wasn't there at the time, but I gather that the general idea was to
> >> automagically insert escape characters into data submitted from a form.
> >> However, they used a backslash as the escape character, which is not
> >> universally recognized across database engines. Even the SQL standard
> >> defines an escape as a single quote character.
> >>
> >> We used to have magic quotes enabled, and came up with the following
> >> code to clean up the mess it caused.
> >>
> >> // If magic quotes is on, we want to remove slashes
> >> if (get_magic_quotes_gpc()) {
> >> // Magic quotes is on
> >> $response = stripslashes($_POST[$key]);
> >> } else {
> >> $response = $_POST[$key];
> >> }
> >>
> >> For future releases of PHP, this will also need a check to see if
> >> get_magic_quotes_gpc() exists first.
> >>
> >> Bob McConnell
> >>
> >> --
> >> PHP General Mailing List (http://www.php.net/)
> >> To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >>
> > Bob,
> >
> > Thank you very much. This is good information. What I found out from
> > http://us2.php.net/manual/en/function.stripslashes.php was the
> following:
>
> "An example use of *stripslashes()* is when the PHP directive
> > magic_quotes_gpc<
> http://us2.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc
> >is
> > *on* (it's on by default), and you aren't inserting this data into a
> place
> > (such as a database) that requires escaping. For example, if you're
> simply
> > outputting data straight from an HTML form. "
> >
> > So that means that stripslashes() isn't intended for DB insertions but
> only
> > straight output. So I will remove it from my code.
> >
> > Thanks,
> > Ravi.
> >
>
Hello Russell,
When you use htmlspecialchars() it tries to escape single/double quotes with
a bunch of backslashes. I had stripslashes() in an attempt to try to get the
backslashes away but it didn't. So the solution was to disable magic quotes
in php.ini. With GoDaddy shared hosting, I had to rename php.ini over to
php5.ini in order to have this to work. Also had to include the command like
responsible for disabling magic quotes. Everything is good and clean now.
Now you type for example "Hunter's Reserve Circle" and it keeps it as it is.
Before it would print something like "Hunter'///////////s Reserve Circle".
With double quote, the situation would be even worse.
mysql_real_escape_string() is a must in order to avoid SQL injections.
Regards,
Ravi.
--- End Message ---
--- Begin Message ---
You probably have error_reporting turned on and that caught on errors. There
are new tougher rules/requirements with newer PHP versions.
Ravi.
--- End Message ---
--- Begin Message ---
On Wed, Dec 22, 2010 at 6:35 AM, Alexandru Patranescu <[email protected]>wrote:
> Is this the only way to access the magic __set from the parent class:
>
> parent::__set($columnName, $value);
>
Other than referencing the parent class by name which is worse, yes.
> I would have liked to work this way:
>
> parent::$columnName = $value;
>
The problem is that attributes are all attached to the object instance
($this). Only those that were defined by a class are associated with it. The
"parent::<method>" construct is used only to locate the method overridden by
the current method.
There is a self, a static and a parent
> Why is it only $this and not a $parent too?
>
I would guess the reasoning is that $this is a value (an object instance)
whereas the others are not.
David
--- End Message ---
--- Begin Message ---
search PHP、LAME keyword.
Best regards,
Sharl.Jimh.Tsin (From China **Obviously Taiwan INCLUDED**)
2010/12/23 Richard Quadling <[email protected]>:
> On 22 December 2010 15:06, Don Wieland <[email protected]> wrote:
>> Hello,
>>
>> Can someone recommend a web MP3 player? I need the following options:
>>
>> 1) Location and Duration of mp3 display (seconds)
>> 2) The ability to pass a start and end parameter and play a part of the song
>> 3) Loop parameter
>> 4) Call to the player to grab the mp3 Location and set it to a field so i
>> can insert it via PHP to mySQL
>> 5) Work is most popular browsers
>>
>> Free would be nice but I am will to pay a bit if it offers everything I
>> need.
>>
>> Any suggestions would be appreciated.
>>
>> Don
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>
> For playing MP3s (I have an alert system running in our call centre),
> I use SoundManager2. It's a JS library which allows me to play mp3
> files. They are controlled by an AJAX orientated request to PHP which
> gathers the data and determines what alert needs to be played.
>
> Was first running on IE6.
>
> --
> Richard Quadling
> Twitter : EE : Zend
> @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
On 12/23/2010 10:39 AM, Ethan Rosenberg, PhD wrote:
Jim -
Thanks ever so much!
Here is the code I used, as you suggested.
==========
$query = "select * from Intake3 where ";
Maybe I missed it, but you need to have a 1 after the where part in your
select. So...
$query = "SELECT * FROM Intake3 WHERE 1 ";
$allowed_fields = array('Site', 'MedRec', 'Fname', 'Lname',
'Phone', 'Sex', 'Height');
Here you are using two different arrays. Yes, I know, they are
basically the same, but they are truly not the same. In your case, use
$_POST
if(isset($_Request['Sex'])&& trim($_POST['Sex']) != '' )
{
if ($_REQUEST['Sex'] == "0")
{
$sex = 'Male';
}
else
{
$sex = 'Female';
}
}
Looking again at what I sent you before, it would have given you a few
errors if ran like that. Here is a better version of it. For the
above, you can change the logic and get rid of the isset and trim.
Also, make sure when you do a comparison against "0" that it is type
strict using === and not ==. I could pass FALSE or NULL as the value
and it would get by your test. If you look at the definition of empty()
it tells you that if empty is passed: "", 0, "0", NULL, FALSE, array(),
or var $var; in a class that the return of empty will be false. So,
this tells me that I can replace the multiple if/else statements above
with a single as below.
if ( empty($_POST['Sex']) )
{
$_POST['Sex'] = 'Male';
} else {
$_POST['Sex'] = 'Female';
}
The above does the same but without the extra work involved. Once you
have that, the following will work fine.
foreach ( $allowed_fields AS $field )
{
if ( ! empty( $_POST[$field] ) )
{
$value = mysql_real_escape_string( $_POST[$field] );
$query .= " AND `{$field}` = '{$value}' ";
}
}
printf($query);
========
This is the result I get for the query:
select * from Intake3 where AND `Site` = 'AA'
I can't figure out what is happening.
Would you please help.
Thanks again.
Ethan
+++++++++++
Date: Tue, 21 Dec 2010 22:33:17 -0800
From: Jim Lucas<[email protected]>
To: Ethan Rosenberg<[email protected]>
CC: "php-db-lists.php.net"<[email protected]>,
[email protected]
Subject: Re: [PHP] goto - My comments
On 12/18/2010 9:17 PM, Ethan Rosenberg wrote:
Dear List -
Thanks to all for your EXCELLENT comments. I definitly agree that goto
is a command to be avoided at all costs. In this case, I could not
figure out how to acheive the desired result without the goto. So....
being a newbie, I humbly request that you show [and at the same time
teach] me how to rewrite the code to eleiminate the goto.
Additionally, would you please do the same for the code I list below.
This code runs perfectly.
==============
This is the form:
<form action="srchrhsptl2.php" method="post">
<center>Site:<input type="text" name="Site" value="AA" />
Record Number:<input type="text" name="MedRec" />
First Name:<input type="text" name="Fname" />
Last Name:<input type="text" name="Lname" /><br /><br />
Phone:<input type="text" name="Phone" />
Height:<input type="decimal" name="Height" /></input><br /><br />
Male<input type="radio" name="Sex" value = "0"></input>
Female<input type="radio" name="Sex" value = "1"></input><br /><br
/><br />
<input type="submit" /><br /><br />
<input type="reset" value = "Clear Form" /></center>
</form>
Not sure if you can change the values for the Sex field to 'Male'&
'Female' respectively, but it would simplify the following example.
Here is my rendition of how I would do it.
<?php
...
$query = "select * from Intake3 where 1 ";
$allowed_fields = array('Site', 'MedRe', 'Fname', 'Lname',
'Phone', 'Sex', 'Height');
# deal with the special case first
# Normally you do not want to modify the _POST/_GET/_REQUEST array, but
# in this case, it is used as an quick example of how to get the data
# passed along. if you can change the field values to Male/Female you
# could remove the following section and have just the foreach() loop.
if ( ! empty($_POST['Sex']) )
{
if ( $_POST['Sex'] === '1' )
$_POST['Sex'] = 'Female';
else
$_POST['Sex'] = 'Male';
}
# Now deal with the rest...
foreach ( $allowed_fields AS $field )
{
if ( ! empty( $_POST[$field] ) )
{
$value = mysql_real_escape_string( $_POST[$field] );
$query .= " AND `{$field}` = '{$value}' ";
}
}
in the end, you will end up with a nicely formatted SQL query to execute.
I would suggest cleaning up the output code some and use *_assoc()
instead of the *_array() function call. It gives you back the array
version of the output. This way instead of calling $row[0],
$row[...] you would call $row['Fname'] or $row['Lname'] instead.
Get rid of all those commented out sections and you will have a good
script to play with.
Let us know what comes of it...
==============
THANK YOU EVER SO MUCH FOR YOUR HELP.
Ethan
--- End Message ---
