Re: [PHP-DB] Database abuse help needed
Oh quite right, quite right I will never put my word down in stone and say that a particular rule/pattern or for that matter, anything I say, can be held to 100% certainty Who can? Ha You are quite right Ludvig, we can only work with what we are given. I merely attempt to "imagine" all the possibilities. Some people strive to create them. Its a delicate balance but at what point do we draw the line at automatted user input verification and simply using actual human verification methods? A computer will have a much more difficult time recognising a word which we read as slang but has been creatively disguised by a fellow human brain, there is no doubt there. I only merely tried to slightly improve his filtering regex pattern. Its never going to be perfect, but its an workable example. Anyway, tata! ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: "Ludvig Ericson" <[EMAIL PROTECTED]> To: "Julien Bonastre" <[EMAIL PROTECTED]> Cc: Sent: Sunday, March 12, 2006 11:31 AM Subject: Re: [PHP-DB] Database abuse help needed Well, no matter how long you spend on coding a regex - no sane one would capture all misspellings possible. It's impossible. Think of these: fukc, fucck, f uck, fu ck, fuc k, f ukc, fu kc, fuk c, fu kk, fawk, faak, fak, etc. There are quite a lot A not too sober Ludvig. On 3/12/06, Julien Bonastre <[EMAIL PROTECTED]> wrote: Yes.. elitism ;-) That is I The indentation, yes, formatting of emails across different clients will always be an issue. Regardless though, and thankfully, my code was only a few one liners, whereby the indentation didn't play a huge role at all in representing statements and their conditional execution basis [as there wasn't one :p ] Next, my snippet was an example, as I'm certain I mentioned. A slightly modified regex could be: /(fuc?k|dic?k|wank)(e(r|d|n)|hea?d|wit|ing?)?/i that would capture many more variations of these profanities and their common derivatives and suffixes.. [aside] That I assume was where you were going with the "spelling" issue??? [/end of aside] What is unpredictable by the way? You seem as though you are targetting the regex patterns themselves. Remember, there is no virtually no such thing as a "computer error", only humans that don't know how to use the computers. if a regex behaves differently that what you expected, there is beyond a 99.% certainty that it is due to not having formulated the regex correctly. There have been many a times when even I, yes, Supreme Commander of the entire known and even undiscovered Universe, have forged together a pattern, ran it, achieved desired results, then realised later down the track a certain word/condition it wasn't matching... Generally this is due to overlooking some small condition in the pattern or a particular situation you hadn't thought of. For example in the above regex I give I didn't rule out strings like: "F|_|CK" "F\_/CK" "D|CK" "W/\NK" which do look like the word I want to ensure doesn't exist on the site, Catch is? before I run this regex I also ensure the string firstly only contains the following char classes: /[a-z0-9_-]/i There we go.. Anyway, pick me more, please I love it!!! ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: "Ludvig Ericson" <[EMAIL PROTECTED]> To: "Julien Bonastre" <[EMAIL PROTECTED]> Cc: "Chris Payne" <[EMAIL PROTECTED]>; Sent: Sunday, March 12, 2006 12:18 AM Subject: Re: [PHP-DB] Database abuse help needed Erm, dude, chill out with the elitism. I think there's more then 2% knowing about regexes, and more then 5% of those 2% that can write "oh-so-complex regular expressions" (Either GMail mangled the indentation or you need help with that part, by the way >_>) Oh and you complain about it not catching spelling mistakes? Yours doesn't either - want to know why? Because they're so unpredictable. Cheers, toxik On 3/11/06, Julien Bonastre <[EMAIL PROTECTED]> wrote: > Well this is cute, really it is. > > > Kudos to all the in_array ideas and so forth > > > But really this is just an example. > > In reality this wouldn't work how you've planned. > > > For example take this quite realistic possibility. > >
Re: [PHP-DB] Database abuse help needed
No, I agree, for this matter you can never create a regular expression well written enough to match all or even most of the lingo we use. I've been thinking about that though, you could theoretically make the computer create sound-comparision between two words, like the soundex() function was made to do (but it isn't that exact so) On 3/12/06, Julien Bonastre <[EMAIL PROTECTED]> wrote: > Oh quite right, quite right > > I will never put my word down in stone and say that a particular > rule/pattern or for that matter, anything I say, can be held to 100% > certainty > > Who can? Ha > > > You are quite right Ludvig, we can only work with what we are given. I > merely attempt to "imagine" all the possibilities. Some people strive to > create them. > > Its a delicate balance but at what point do we draw the line at > automatted user input verification and simply using actual human > verification methods? > > > A computer will have a much more difficult time recognising a word which > we read as slang but has been creatively disguised by a fellow human > brain, there is no doubt there. > > > I only merely tried to slightly improve his filtering regex pattern. Its > never going to be perfect, but its an workable example. > > > > > Anyway, tata! > > ---oOo--- Allowing users to execute CGI scripts in any directory should > only be considered if: ... a.. You have no users, and nobody ever visits > your server. ... Extracted Quote: Security Tips - Apache HTTP > Server ---oOo--- --oOo---oOo-- Julien Bonastre > [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 > [EMAIL PROTECTED] > www.the-spectrum.org --oOo---oOo-- > - Original Message - > From: "Ludvig Ericson" <[EMAIL PROTECTED]> > To: "Julien Bonastre" <[EMAIL PROTECTED]> > Cc: > Sent: Sunday, March 12, 2006 11:31 AM > Subject: Re: [PHP-DB] Database abuse help needed > > > Well, no matter how long you spend on coding a regex - no sane one > would capture all misspellings possible. It's impossible. Think of > these: fukc, fucck, f uck, fu ck, fuc k, f ukc, fu kc, fuk c, fu kk, > fawk, faak, fak, etc. > > There are quite a lot > > A not too sober Ludvig. > > On 3/12/06, Julien Bonastre <[EMAIL PROTECTED]> wrote: > > Yes.. elitism ;-) > > > > That is I > > > > The indentation, yes, formatting of emails across different clients > > will > > always be an issue. Regardless though, and thankfully, my code was > > only > > a few one liners, whereby the indentation didn't play a huge role at > > all > > in representing statements and their conditional execution basis [as > > there wasn't one :p ] > > > > Next, my snippet was an example, as I'm certain I mentioned. > > > > A slightly modified regex could be: > > > > /(fuc?k|dic?k|wank)(e(r|d|n)|hea?d|wit|ing?)?/i > > > > > > that would capture many more variations of these profanities and their > > common derivatives and suffixes.. > > > > > > > > [aside] > > That I assume was where you were going with the "spelling" issue??? > > [/end of aside] > > > > > > What is unpredictable by the way? > > > > > > You seem as though you are targetting the regex patterns themselves. > > > > > > Remember, there is no virtually no such thing as a "computer error", > > only humans that don't know how to use the computers. > > > > > > if a regex behaves differently that what you expected, there is beyond > > a > > 99.% certainty that it is due to not having formulated the regex > > correctly. > > > > > > There have been many a times when even I, yes, Supreme Commander of > > the > > entire known and even undiscovered Universe, have forged together a > > pattern, ran it, achieved desired results, then realised later down > > the > > track a certain word/condition it wasn't matching... Generally this > > is > > due to overlooking some small condition in the pattern or a particular > > situation you hadn't thought of. > > > > > > For example in the above regex I give I didn't rule out strings like: > > "F|_|CK" > > "F\_/CK" > > "D|CK" > > "W/\NK" > > > > which do look like the word I want to ensure doesn't exist on the > > site, > > > > Catch is? before I run this regex I also ensure the string firstly > > only > > contains the following char classes: /[a-z0-9_-]/i > > > > There we go.. > > > > > > > > Anyway, pick me more, please I love it!!! > > > > > > > > ---oOo--- Allowing users to execute CGI scripts in any directory > > should > > only be considered if: ... a.. You have no users, and nobody ever > > visits > > your server. ... Extracted Quote: Security Tips - Apache HTTP > > Server ---oOo--- --oOo---oOo-- Julien Bonastre > > [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 > > [EMAIL PROTECTED] > > www.the-spectrum.org --oOo---oOo-- > > - Original Message - > > From: "Ludvig Ericson" <[EMAIL PROTECTED]> > > To: "Julien Bonastre" <[EMAIL PROTECTED]> > > Cc: "Chris Payne" <[EMAIL PROTECTED]>; > > Sent: Sunday, March 1
[PHP-DB] Ye old $_SESSION variables :)
I am wondering if http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Ye old $_SESSION variables :)
I may be wrong --- I am now wondering if some how I am giving a command elsewhere in the script that is causing the $_session[''] variables to dump. If anyone is really good at using these could you e-mail me directly so I could get further help? Ron On Sun, 2006-03-12 at 15:17 -0500, Ron Piggott (PHP) wrote: > I am wondering if > > > causes the > > session_id(); > > to change or be reset. > > Some how my $_SESSION[''] variables are "dumping" when I use the POST > command above. > > More importantly I am not sure what to do about it. > > Any ideas? > > Ron > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Excel to CSV
Thank you so much for all your responses. Yeah, finally I decided to use excel reader. It solved my problem. -Original Message- From: Micah Stevens [mailto:[EMAIL PROTECTED] Sent: Sunday, March 12, 2006 2:33 AM To: php-db@lists.php.net Subject: Re: [PHP-DB] Excel to CSV I've never used it, but: http://sourceforge.net/projects/phpexcelreader/ -Micah On Saturday 11 March 2006 5:53 am, [EMAIL PROTECTED] wrote: > The other response is half correct.. I havn't seen anything to read data > from Excel with PHP (although it's technically possible, just kind of > complicated) so the easiest solution is to use Excel and just have it load > the file and save it in CSV format. > > The part that's not entirely correct is the "PHP can't talk to Excel" part. > It's cumbersome, but PHP can use a COM connection to control Excel (or > Word or MapPoint or Access or Outlook..etc). This means you'd have to have > Excel loaded on the server that was running PHP, which may not be an > option. > > For an example of PHP + COM with Excel, check out: > > http://www.php.net/manual/en/class.com.php > > Look down the page for the entry posted by "flintjt at hotmail dot com" > > If COM doesn't work for you and you don't mind getting your hands dirty, I > believe you can get the Excel file format spec.. maybe through the > OpenOffice sources.. and figure out how to read XLS files that way. > > The Excel Object Model might help you with the proper > properties/methods/etc: > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dv_wrco re/ >html/wrgrfexcelworkbookobject.asp > > Good luck. > > -TG > > = = = Original message = = = > > Dear All, > > Have you any script/example how to Save As Excel file to CSV using PHP? > > Thanks & Regards, > > Anita > > ___ > Sent by ePrompter, the premier email notification software. > Free download at http://www.ePrompter.com. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Ye old $_SESSION variables :)
Ron Piggott (PHP) wrote: I am wondering if causes the session_id(); to change or be reset. Some how my $_SESSION[''] variables are "dumping" when I use the POST command above. More importantly I am not sure what to do about it. Any ideas? Ron I have no idea what "dumping" means. Do you mean they are being emptied? If they are being emptied, do you have register_globals on or off? -- Postgresql & php tutorials http://www.designmagick.com/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Date question
While I am rebuilding my crashed laptop (the machine that had all my intelligence), I started thinking about a select statement I need. I have log info in a table and want to extract it on a monthly basis. The date field is in -mm-dd format. What's a good way to select those dates that match 2006-02, for example. I apologize if the solution should be staring me in the face, but all my favorites and help files are toast, until I can restore some of them. TIA. Gerry
[PHP-DB] Cut down threads please!
Hi, This is a "Discussion Board", previous threads/posts are logged, recorded, saved to the WWW. I see no point to continue threads over and over and over again. Why not cut the threads down to a few lines that are important to the reply your making? If people need to know more about it there is a free website they can visit and look at it. It's quite annoying to follow a thread and find each time the thread is continued over and over in 5 lots of emails from the same person. Makes going through the list alot slower. I am not going to mention the one recently but most would be aware, the thread was continued, and still is, over about 10 replies, in all none has been removed from any reply. We're talking about 300 lines.. That's just stupid, CUT THEM DOWN PLEASE! Save everyone the hassle, I know of a few others a bit concerned on this also. Just thought I'd express my opinions. There is enough SPAM on the web already without things being repeated over and over again, yes maybe I am here but I am making a valid point. With that said, let's continue. No corrospondence entered into. J
Re: [PHP-DB] Date question
For example, you have table `logs` with `datelog` field and you want to select dates that match 2006-02. You can try this select statement: SELECT * FROM `logs` WHERE MONTH(datelog)='02' and YEAR(datelog)='2006' Hope that helps. LJ Regalado
Re: [PHP-DB] Date question
Gerry Danen wrote: While I am rebuilding my crashed laptop (the machine that had all my intelligence), I started thinking about a select statement I need. I have log info in a table and want to extract it on a monthly basis. The date field is in -mm-dd format. What's a good way to select those dates that match 2006-02, for example. I apologize if the solution should be staring me in the face, but all my favorites and help files are toast, until I can restore some of them. Which database are you using? Mysql has this: http://dev.mysql.com/doc/refman/5.1/en/date-and-time-functions.html Postgresql has: http://www.postgresql.org/docs/8.1/static/functions-datetime.html I'm sure others have the same sort of functionality. -- Postgresql & php tutorials http://www.designmagick.com/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Passwords
>>Sure, mysql.com and seasrch for crypt. Not sure why this is asked on a PHP list since it has nothing to do with PHP.> b) every language has a >>crypt function>Then I guess it's okay to have crypt questions/answers on >>"every >language" >list. >Then I guess it's okay to have crypt questions/answers on "every >language" >>list. Only if your "crypt" question relates to this board, PHP and DB. So no not any "crypt" question can be answered here. And being a smart "ass" won't buy you any favours either, or respect or anything. J
[PHP-DB] Plain-text or HTML?
Hello all, People on this list, is your email client plain-text or HTML supported? I think most email clients come with HTML support, but over the time I have done HTML emails they flop out and not display correctly. Is there a reason for this? Is there a way to send out HTML emails from a PHP script to email clients that will display correctly? Problem I tend to have is at times I write the HTML, test it on a webpage. Send it to my email clients shows well but on others like Yahoo! etc it shows crap. Than at times Yahoo! shows fine and other clients crap! Is there tag/codes needed to sort it out? Or is it just a tricky thing? Yahoo!, Hotmail is HTML based WWW clients so I guess you need to get your tables spot on that matches theirs to align correctly? Just need input on this! Thanks! J
[PHP-DB] Plain-text or HTML?
Hello all, People on this list, is your email client plain-text or HTML supported? I think most email clients come with HTML support, but over the time I have done HTML emails they flop out and not display correctly. Is there a reason for this? Is there a way to send out HTML emails from a PHP script to email clients that will display correctly? Problem I tend to have is at times I write the HTML, test it on a webpage. Send it to my email clients shows well but on others like Yahoo! etc it shows crap. Than at times Yahoo! shows fine and other clients crap! Is there tag/codes needed to sort it out? Or is it just a tricky thing? Yahoo!, Hotmail is HTML based WWW clients so I guess you need to get your tables spot on that matches theirs to align correctly? Just need input on this! Thanks! J
Re: [PHP-DB] Plain-text or HTML?
I have created several successful HTML and text based emails.. Its a secret called multipart MIME. The essence of email really. Just as an attachment is "embedded" into the same file as the images, html part and textual part. All you have to do is using 2 seperate boundaries, write out a textual [no HTML formatting, etc, use correct newlines etc] version out and then using same content write it into a HTML template version that can include formatting etc.. Ensure all images used are also encoded and added as multipart MIME segments. All this can be generally easily done via some email clients themselves. For example Microsoft's Outlook Express does multipart HTML/Text emails. If you just go and create a new email in Outlook and type out your content in HTML format [ensure you've selected Format->Rich Text HTML] Then save it and grab the message source, you will clearly see the boundaries it has defined for the alternative MIME part [the text/html] and the text/plain part. Simply reformat the text/plain part a bit if you want. Voila.. in most cases thats ready to rumble .. use it as an example of how to work it into your own email generation functions in php. Works a charm for me ;-) Good luck, let me know how you go! ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: "JeRRy" <[EMAIL PROTECTED]> To: Sent: Monday, March 13, 2006 2:25 PM Subject: [PHP-DB] Plain-text or HTML? Hello all, People on this list, is your email client plain-text or HTML supported? I think most email clients come with HTML support, but over the time I have done HTML emails they flop out and not display correctly. Is there a reason for this? Is there a way to send out HTML emails from a PHP script to email clients that will display correctly? Problem I tend to have is at times I write the HTML, test it on a webpage. Send it to my email clients shows well but on others like Yahoo! etc it shows crap. Than at times Yahoo! shows fine and other clients crap! Is there tag/codes needed to sort it out? Or is it just a tricky thing? Yahoo!, Hotmail is HTML based WWW clients so I guess you need to get your tables spot on that matches theirs to align correctly? Just need input on this! Thanks! J No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.384 / Virus Database: 268.2.1/279 - Release Date: 10/03/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.384 / Virus Database: 268.2.1/279 - Release Date: 10/03/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
