php-general Digest 20 Sep 2012 17:54:40 -0000 Issue 7972
Topics (messages 319154 through 319165):
about PHP's filter_var function
319154 by: lx
319155 by: Vikash Kumar
319156 by: Sebastian Krebs
319159 by: Jim Lucas
319160 by: Maciek Sokolewicz
319161 by: Sebastian Krebs
319162 by: Matijn Woudt
319163 by: Sebastian Krebs
319165 by: Jim Lucas
CURL vs Exif_imagetype()
319157 by: Rango
319158 by: Maciek Sokolewicz
Re: Programmers and developers needed
319164 by: Marc Guay
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
Hello:
I want to use filter_var function by this way:
$ip = "192.168.0.1";
if( !filter_var($ip, FILTER_VALIDATE_IP) )
{
echo "IP is not valid";
}
else
{
echo "IP is valid";
}
I want to check the string $ip is IP address or not.but my PHP version is
5.1.6.
and I know the filter_var requires at least PHP version 5.2.0.
so, Any other function in PHP 5.1.6 can slove this work and replace the
filter_var function ?
Thank you, I'm a new one, so I don't know much about PHP documentation.
By the way, The PHP version is required. so I can't upgrade it.
--- End Message ---
--- Begin Message ---
You can use regex to check the
format: /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/
You can also explode $ip on "." and check if every part is numeric and less
than 255.
On 20 September 2012 14:44, lx <lxlenovos...@gmail.com> wrote:
> Hello:
> I want to use filter_var function by this way:
>
> $ip = "192.168.0.1";
>
> if( !filter_var($ip, FILTER_VALIDATE_IP) )
> {
> echo "IP is not valid";
> }
> else
> {
> echo "IP is valid";
> }
>
> I want to check the string $ip is IP address or not.but my PHP version is
> 5.1.6.
> and I know the filter_var requires at least PHP version 5.2.0.
> so, Any other function in PHP 5.1.6 can slove this work and replace the
> filter_var function ?
>
> Thank you, I'm a new one, so I don't know much about PHP documentation.
>
> By the way, The PHP version is required. so I can't upgrade it.
>
--- End Message ---
--- Begin Message ---
Plaseplease update... 5.1.6 is from 2006! I read the "it's required",
but I can't imagine _anything_ that it's worth it to use such an
extremely outdated, unsupported and therefore insecure and inefficient
version... You know: There are 3 (!) new minor versions available right
now (5.2, 5.3 and 5.4).
However: Regarding your concrete problem I guess you can use ip2long()
if (ip2long($ip)) {
} else {
}
Regards,
Sebastian
Am 20.09.2012 11:14, schrieb lx:
Hello:
I want to use filter_var function by this way:
$ip = "192.168.0.1";
if( !filter_var($ip, FILTER_VALIDATE_IP) )
{
echo "IP is not valid";
}
else
{
echo "IP is valid";
}
I want to check the string $ip is IP address or not.but my PHP version is
5.1.6.
and I know the filter_var requires at least PHP version 5.2.0.
so, Any other function in PHP 5.1.6 can slove this work and replace the
filter_var function ?
Thank you, I'm a new one, so I don't know much about PHP documentation.
By the way, The PHP version is required. so I can't upgrade it.
--- End Message ---
--- Begin Message ---
On 09/20/2012 02:35 AM, Sebastian Krebs wrote:
Plaseplease update... 5.1.6 is from 2006! I read the "it's required",
but I can't imagine _anything_ that it's worth it to use such an
extremely outdated, unsupported and therefore insecure and inefficient
version... You know: There are 3 (!) new minor versions available right
now (5.2, 5.3 and 5.4).
However: Regarding your concrete problem I guess you can use ip2long()
if (ip2long($ip)) {
I would suggest a modification to this.
if ( ip2long($ip) !== false ) {
I suggest this because IP to long will return negative numbers for half
the IP range. Therefor 50% of your possible results would be considered
false when in fact they are valid IPs.
See Example #2 on this page:
http://php.net/manual/en/function.ip2long.php
} else {
}
Regards,
Sebastian
Am 20.09.2012 11:14, schrieb lx:
Hello:
I want to use filter_var function by this way:
$ip = "192.168.0.1";
if( !filter_var($ip, FILTER_VALIDATE_IP) )
{
echo "IP is not valid";
}
else
{
echo "IP is valid";
}
I want to check the string $ip is IP address or not.but my PHP version is
5.1.6.
and I know the filter_var requires at least PHP version 5.2.0.
so, Any other function in PHP 5.1.6 can slove this work and replace the
filter_var function ?
Thank you, I'm a new one, so I don't know much about PHP documentation.
By the way, The PHP version is required. so I can't upgrade it.
--
Jim Lucas
http://www.cmsws.com/
http://www.cmsws.com/examples/
--- End Message ---
--- Begin Message ---
On 20-09-2012 18:03, Jim Lucas wrote:
On 09/20/2012 02:35 AM, Sebastian Krebs wrote:
Plaseplease update... 5.1.6 is from 2006! I read the "it's required",
but I can't imagine _anything_ that it's worth it to use such an
extremely outdated, unsupported and therefore insecure and inefficient
version... You know: There are 3 (!) new minor versions available right
now (5.2, 5.3 and 5.4).
However: Regarding your concrete problem I guess you can use ip2long()
if (ip2long($ip)) {
I would suggest a modification to this.
if ( ip2long($ip) !== false ) {
I would actually suggest using inet_pton() instead of ip2long, since it
can also handle IPv6 adresses, not only v4 which people here seem to
think are the only ones in use on this planet. And I agree with Jim that
you really should use a strict equality check in this case.
- Tul
--- End Message ---
--- Begin Message ---
Am 20.09.2012 18:03, schrieb Jim Lucas:
On 09/20/2012 02:35 AM, Sebastian Krebs wrote:
Plaseplease update... 5.1.6 is from 2006! I read the "it's required",
but I can't imagine _anything_ that it's worth it to use such an
extremely outdated, unsupported and therefore insecure and inefficient
version... You know: There are 3 (!) new minor versions available right
now (5.2, 5.3 and 5.4).
However: Regarding your concrete problem I guess you can use ip2long()
if (ip2long($ip)) {
I would suggest a modification to this.
if ( ip2long($ip) !== false ) {
I suggest this because IP to long will return negative numbers for half
the IP range. Therefor 50% of your possible results would be considered
false when in fact they are valid IPs.
See Example #2 on this page:
http://php.net/manual/en/function.ip2long.php
No, negative numbers are "true" too. Only 0 is false, so '0.0.0.0' is
the only edge case.
} else {
}
Regards,
Sebastian
Am 20.09.2012 11:14, schrieb lx:
Hello:
I want to use filter_var function by this way:
$ip = "192.168.0.1";
if( !filter_var($ip, FILTER_VALIDATE_IP) )
{
echo "IP is not valid";
}
else
{
echo "IP is valid";
}
I want to check the string $ip is IP address or not.but my PHP
version is
5.1.6.
and I know the filter_var requires at least PHP version 5.2.0.
so, Any other function in PHP 5.1.6 can slove this work and replace the
filter_var function ?
Thank you, I'm a new one, so I don't know much about PHP documentation.
By the way, The PHP version is required. so I can't upgrade it.
--- End Message ---
--- Begin Message ---
On Thu, Sep 20, 2012 at 6:03 PM, Jim Lucas <li...@cmsws.com> wrote:
> On 09/20/2012 02:35 AM, Sebastian Krebs wrote:
>>
>> Plaseplease update... 5.1.6 is from 2006! I read the "it's required",
>> but I can't imagine _anything_ that it's worth it to use such an
>> extremely outdated, unsupported and therefore insecure and inefficient
>> version... You know: There are 3 (!) new minor versions available right
>> now (5.2, 5.3 and 5.4).
>>
>>
>> However: Regarding your concrete problem I guess you can use ip2long()
>>
>> if (ip2long($ip)) {
>
>
> I would suggest a modification to this.
>
> if ( ip2long($ip) !== false ) {
>
>
> I suggest this because IP to long will return negative numbers for half the
> IP range. Therefor 50% of your possible results would be considered false
> when in fact they are valid IPs.
>
> See Example #2 on this page:
> http://php.net/manual/en/function.ip2long.php
>
>
First of all, I agree with Maciek that inet_pton is the way to go
because of IPv6.
But, there seems to be some wrong information in your reply which bothers me.
First of all, ip2long only returns negative numbers on 32bit systems,
not on 64bit (which most servers are nowadays).
Second, there's nothing wrong with the if, if(-5) is still true. The
only difference is that you can differentiate between IP 0.0.0.0 and
false. But IP 0.0.0.0 is not valid anyway.
- Matijn
--- End Message ---
--- Begin Message ---
Am 20.09.2012 18:17, schrieb Maciek Sokolewicz:
On 20-09-2012 18:03, Jim Lucas wrote:
On 09/20/2012 02:35 AM, Sebastian Krebs wrote:
Plaseplease update... 5.1.6 is from 2006! I read the "it's required",
but I can't imagine _anything_ that it's worth it to use such an
extremely outdated, unsupported and therefore insecure and inefficient
version... You know: There are 3 (!) new minor versions available right
now (5.2, 5.3 and 5.4).
However: Regarding your concrete problem I guess you can use ip2long()
if (ip2long($ip)) {
I would suggest a modification to this.
if ( ip2long($ip) !== false ) {
I would actually suggest using inet_pton() instead of ip2long, since it
can also handle IPv6 adresses, not only v4 which people here seem to
think are the only ones in use on this planet. And I agree with Jim that
you really should use a strict equality check in this case.
IPv6 is a valid point, but inet_pton() triggers a warning in case of
invalid addresses, which makes it quite useless for validation in my
eyes. Also it's not available on windows before 5.3
And the strict comparison feels ... a little bit to much. Of course
depending on the use-case, I would treat 0.0.0.0 as invalid too.
- Tul
--- End Message ---
--- Begin Message ---
On 09/20/2012 10:00 AM, Matijn Woudt wrote:
On Thu, Sep 20, 2012 at 6:03 PM, Jim Lucas<li...@cmsws.com> wrote:
On 09/20/2012 02:35 AM, Sebastian Krebs wrote:
Plaseplease update... 5.1.6 is from 2006! I read the "it's required",
but I can't imagine _anything_ that it's worth it to use such an
extremely outdated, unsupported and therefore insecure and inefficient
version... You know: There are 3 (!) new minor versions available right
now (5.2, 5.3 and 5.4).
However: Regarding your concrete problem I guess you can use ip2long()
if (ip2long($ip)) {
I would suggest a modification to this.
if ( ip2long($ip) !== false ) {
I suggest this because IP to long will return negative numbers for half the
IP range. Therefor 50% of your possible results would be considered false
when in fact they are valid IPs.
See Example #2 on this page:
http://php.net/manual/en/function.ip2long.php
First of all, I agree with Maciek that inet_pton is the way to go
because of IPv6.
But, there seems to be some wrong information in your reply which bothers me.
First of all, ip2long only returns negative numbers on 32bit systems,
not on 64bit (which most servers are nowadays).
Second, there's nothing wrong with the if, if(-5) is still true. The
only difference is that you can differentiate between IP 0.0.0.0 and
false. But IP 0.0.0.0 is not valid anyway.
- Matijn
After some testing, I stand corrected. Wow, I wonder where I ran into
the issue of negative numbers equating to false. while loops maybe...
Strange. I must have ran into this issue years ago. I have always
performed strict (===) comparisons because I thought PHP would equate
negative numbers as false.
Learn something new every day...
--
Jim Lucas
http://www.cmsws.com/
http://www.cmsws.com/examples/
--- End Message ---
--- Begin Message ---
Hi,
I host a flash painting tool on my site, and wanted to add ability for the
users to add a background image from a given url, but I have to make sure
the url they add truely refers to a real jpg file, and not something else.
I found a methoed with exif_imagetype() that worked except my webhost has
disabled the allow_url_fopen due to security issues, instead they
recommented me to use CURL and said that the exif_imagetype() is not a
modern way to use php today. (what do I know)?
Question: Is it possible for me to use CURL to verify the authenticity of a
jpg file?
...and if so, how? Regards from Rango`
--- End Message ---
--- Begin Message ---
On 20-09-2012 13:48, Rango wrote:
Hi,
I host a flash painting tool on my site, and wanted to add ability for the
users to add a background image from a given url, but I have to make sure
the url they add truely refers to a real jpg file, and not something else.
I found a methoed with exif_imagetype() that worked except my webhost has
disabled the allow_url_fopen due to security issues, instead they
recommented me to use CURL and said that the exif_imagetype() is not a
modern way to use php today. (what do I know)?
Question: Is it possible for me to use CURL to verify the authenticity of a
jpg file?
...and if so, how? Regards from Rango`
Hi Rango,
without actually having the actual imagefile at your disposal, it is
impossible to determine if it's a valid imagefile or not. Curl is just a
set of function which help you in downloading that imagefile, it does
not in any way help you to figure out if an image is valid or not.
Your host probably told you that instead of giving an URL as the
argument to exif_imagetype() you should use curl to download the image,
and then pass a LOCAL path to exif_imagetype() instead. You simply
misinterpreted what they tried to tell you.
The reason for this is that the curl library is specifically created to
handle internet connections (and download, upload, post, etc.). Whereas
when allow_url_fopen is set to true, then all possible PHP functions can
suddenly try to download anything they want. This leads to a massive
increase in the chance of getting malicious scripts to run on your
webserver. Now, instead of opening all possible php functions to this
problem, they only allow curl to 'open urls', and as such limit the
potential problems.
So:
1. use curl to download the file (but first make sure it's not too large)
2. then (still) use exif_imagetype on that downloaded (and locally
stored!) file
3. remove the file from your system
Note however, that exif_imagetype is not perfect, and will at times
reject valid images. Though it doesn't happen very often.
- Tul
--- End Message ---
--- Begin Message ---
>> >Can we let this thread die now?
But it's almost Friday (again?)!
--- End Message ---
