Re: [PHP] Re: png image doesn't show

[hugh danaher]

Thanks Richard,
I changed from using  to graph and now get my graph, on a page of its own,
without any error messages.  Works just fine, or will, when I change how it
gets its data.  However, I do want to have the graph display on a page with
other information so I'm back to wanting to use some sort of image tag.  Any
suggestions?
Hugh
- Original Message -
From: "Richard Lynch" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, July 05, 2002 9:59 PM
Subject: [PHP] Re: png image doesn't show


> >Hello all,
> >
> >I have been trying to modify the working of one of my pages which prints
a
> >png graph.  What I had was an included file named "graphit.php" which
> >creates a png file.  I used the function
> >imagepng($image,'temp.png') to create an image and then used  >src=temp.png> to have the image printed on the page.  This worked well
> >enough when only one user (me) was using the page, but I want more.  In
> >reading the imagepng() info in the manual, it states that I can output
the
> >raw image stream to the browser by leaving off the file name option.
I've
> >done this, but get nada!  How should this be done?
> >One of the notes (and it's in German) implies that I can call
"graphit.php"
> >using something like
> >
> > to get the image output.  Unfortunately, I get
> >nothing except the red X indicating a missing image.
> >
> >Any and all help is greatly appreciated.
>
> Tips:
>
> 1. Change graphit.php to have the header("Content-type: image/png") line
at
> the *END* of the script, right before you do imagepng($image)
>
> 2. Surf directly to graphit.php, and not the page with 
> in it.
>
> At this point, you'll probably find some PHP error messages from
graphit.php
> -- They don't look anything like a PNG image, so the browser can't display
> them :-)
>
>
>
> --
> Like Music?  http://l-i-e.com/artists.htm
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] help with eval problems...

[Paul Roberts]

On Fri, 5 Jul 2002, Kelly Meeks wrote:
> If I had this information stored in a database field, 
> ">
> 
> how could I assign it to a variable and output it?

  
you have to ?> first to leave php mode so you can do 

$content_output = "logo.gig";
$code = "";
eval("?>$code"); 

 which will echo the outut

or catch it with output buffering

$content_output = "logo.gig";
$code = "";
 ob_start(); 
eval("?>$code"); 
$evaled_code = ob_get_contents(); 
ob_end_clean(); 

I have used arrays in evals before you have to watch the quotes.

Paul Roberts
[EMAIL PROTECTED]



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] HTTPS vs. HTTP ?

[Miguel Cruz]

On Fri, 5 Jul 2002, Richard Lynch wrote:
> But unless you paid the $200 to get it from a CA, surfers will see a nasty
> (and totally inaccurate/misleading) warning about how insecure it is.

It is easy to launch a man-the-middle attack against a session being
initiated between a client and a server with a self-signed certificate.  
You just send the client a self-signed certificate of your own, and it
can't tell it apart from the real one - same error message shows up.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Sort with PHP or SQL?

[Miguel Cruz]

On Sat, 6 Jul 2002, Patrick Teague wrote:
> $query = "SELECT * " .
>  "FROM Headers LEFT JOIN Pages ON (Headers.Header_ID=Pages.Header_ID) " .
>  "ORDER BY HeaderOrder DESC, Header, PageOrder DESC, PageTitle;";
> 
> Any ideas on optimizing this?  DB stuff doesn't come near the top of things
> I'm good at :)  The other problem is that any pages that end up having no
> Header "disappear", which is a good thing on the menu, but a bad thing on
> the admin pages when you're trying to connect all of them.

SELECT from pages and use LEFT OUTER JOIN if you want to include pages
with no header.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Re: PHP Automatic Backup

[César Aracena]

Well, thanks for all the ideas. I will try to "communicate" with my
host, but I'm sure they will go like "...is not possible unless Cobalt
authorizes...". I also like the idea of making a hidden script that
visitors will activate...

C.

> -Original Message-
> From: Richard Lynch [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, July 06, 2002 2:06 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] Re: PHP Automatic Backup
> 
> >I was reading the post by Pag called “MySQL backups” and I have the
same
> >question, but not the shell access. It came to my mind, that if will
be
> >very useful for me, and probably for many of us newbie’s, to be able
to
> >build an automated PHP system that could make backups by itself at a
> >specified time… let’s say maybe every morning at 6 am, by
transferring
> >or uploading the MySQL files to another server. I noticed that this
> >could be done in PHPNuke, by clicking at “Backup Files”. ¿Is it
possible
> >to build this kind of unattended scripts with PHP or will it always
> >require a magical “click” from the administrator?
> >
> >I guess that it shouldn’t be possible, but it’s worth a shot.
> 
> It *MIGHT* be possible for you to do:
> 
>exec("/full/path/to/mysqldump -u USERNAME --password=PASSWORD
DBNAME",
> $output, $error);
>   echo implode('', $output);
>   if ($error){
> echo "OS Error: $error.  Check 'man errno', but it's almost always
> path/permissions.";
>   }
> ?>
> 
> If not, and if you have shell access on *another* machine, you could
use
> that machine to POST to the other machine a request to push the
button.
> Totally sucky way to do it, but you could.
> 
> It might be easier to just ask your ISP to create a cron job for you
that
> dumps the database to a file you can FTP regularly.  It would take
them
> about 5 minutes to do this.
> 
> If all else fails:  Just find another ISP that allows SSH access and
> switch
> hosts :-)
> 
> --
> Like Music?  http://l-i-e.com/artists.htm
> 
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Brand New Enviroment

[César Aracena]

Hi all.
 
I know this is not entirely a PHP-related question, but most of you have
been where I am now. I’m about to buy a used computer just for
development purposes and I have a couple of questions before I close the
deal.
 
1) It will probably be a Compaq Armada running a Celeron 600 and 256…
Does anyone knows about any trouble with Celeron based computers or
laptops in general?
 
2) After I get it, I will kill the HDD and start from scratch… Which
version of Windows should I use? I like Win XP Pro, but maybe I’m
letting some functionality out.
 
One more thing. After I install the OS ¿What should I install for
development in order to make full compatible scripts: IIS or Apache?
¿What versions of Apache (if so), MySQL and PHP should I use? ¿The
latest ones?
 
Thanks,
 
  Cesar Aracena
CE / MCSE+I
Neuquen, Argentina
+54.299.6356688
+54.299.4466621
 

[PHP] Sockets & 'requested address is not valid in its context'

[Zac Hillier]

Hi All,

I'm opening a port on a remote machine presently I'm using fsockopen() which
is fine for opening the port and sending data however I'm having trouble
reading data back from the port.

So I've considered using socket functions but do not appear to be able to
get a connection. When I run the code below pointing to 127.0.0.1 everything
runs fine however when I point to 192.168.123.193 (Another machine on the
local network without a server running) I get these errors.

Warning: socket_bind() unable to bind address [10049]: The requested address
is not valid in its context. in D:\php-dev\new.php on line 20
socket_bind() failed: reason: The requested address is not valid in its
context.

Warning: socket_listen() unable to listen on socket [10022]: An invalid
argument was supplied. in D:\php-dev\new.php on line 26
socket_listen() failed: reason: An invalid argument was supplied.


What does 'requested address is not valid in its context' mean?

Thanks

Zac


Code:

";
} else {
 echo 'socket';
}

if (($ret = socket_bind($sock, $address, $port)) == false) {
echo "socket_bind() failed: reason: " .
socket_strerror(socket_last_error($sock)) . "";
} else {
 echo 'bind';
}

if (($ret = socket_listen ($sock, 5)) == false) {
echo "socket_listen() failed: reason: " .
socket_strerror(socket_last_error($sock)) . "";
} else {
 echo 'listen';
}


socket_close ($sock);
?>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] How to copy a transparent png over an existing image using GD?

[Victor Spång Arthursson]

Hi!

I'm trying to copy a transparent (copyright) image over an existing 
using GD, but can't get it to work…

The copyright image is a png, and can be found here: 
.

Does anyone either know how to perform this, or knows a link to some 
tutorial who explains this step by step…?

My problem is that the transparent image loses its transparens when I do 
the copyimageresized…

Thankful for any help,

sincerely

Victor


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Charset/language request headers

[Alberto Serra]

ðÒÉ×ÅÔ!

I am not too familiar with the way language and charset requests are 
coupled by browsers. After processing the headers I get this two arrays 
(based on my personal Mozilla settings).

charset  -> Array ( [0] => KOI8-R [1] => utf-8 [2] => * )
language -> Array ( [0] => ru [1] => en [2] => fr [3] => it [4] => es )

All of charset requests appear to be related to russian only, while no 
indication at all is given on how to print out alternate languages.

Which seems to imply that we have no data about which charset should be 
used to present english or french/italian/spanish text and therefore we 
must maintain some proprietary associative table on our own.

Is that right or the alternate charachter sets are actually buried 
somewhere and it's just me being too ignorant to find them? I suspect I 
am right, because multilinguistic sites tend to show special chars as 
out of context cyrillic charachters on my browser... Which *is* pretty 
stupid. :(

ÐÏËÁ
áÌØÂÅÒÔÏ
ëÉÅ×


@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@

LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu?
lOrD i'M sHiNiNg...
YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is...


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] session problem

[Naintara Jain]

I am storing some values in session variables.
The behavior of the session is pretty unpredictable.

On the first page I begin with:
session_name("aname")
session_start()
session_register("var1","var2")

In another page I check for existing value of session variable "var2".
In the next page I have the following code:
session_name("aname")
session_start()

if(($var2)=="" || !isset($var2))
"invalid"

But the strange thing is that the session value is not accessible in the
other page.

I have tried passing the session id though session_id() in the URL.

Session handling has been giving me some trouble (windows 2000, IIS)
The strange thing is that it works some times.

Can anyone give any pointers?



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Charset/language request headers. Yes, it's true :(

[Alberto Serra]

ðÒÉ×ÅÔ!

Doing multiligual sites presumes you can somehow understand what the 
client expects from you. Browsers all are full of language settings, 
but... The HTTP specification is very little language negotiation 
oriented in itself (this is probably a consequence of its having started 
out in a 100% english speaking environment).

I have been checking the docs here and there, but that's the way it is. 
  If russian was my second choice there would be no way to decide 
whether I should be sent a KOI-8 doc or its cp-1251 equivalent. And 
although I am not a chinese speaker I do suspect the same problem to 
arise there. Now I finally understood what was the need for a russian 
edition of Apache.

You can check some docs here: http://www.cs.tut.fi/~jkorpela/http.html 
it's a pretty handy site.

All language negotiation specification ignores the charset issue. It 
appears as if the two things had been projected separetely, by people 
that simply did not know about each other. And since people speaking 
more than one language are a minority I would expect this issue to 
remain "as is" for a century or so...

ÐÏËÁ
áÌØÂÅÒÔÏ
ëÉÅ×

-- 


@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@

LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu?
lOrD i'M sHiNiNg...
YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is...


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

FW: [PHP] session problem

[Naintara Jain]

One thing I forgot to mention is that the same code works perfectly on the
web server (running on Apache and a Unix flavor).



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
t]On Behalf Of Naintara Jain
Sent: Saturday, July 06, 2002 6:09 PM
To: Php-General@Lists. Php. Net
Subject: [PHP] session problem


I am storing some values in session variables.
The behavior of the session is pretty unpredictable.

On the first page I begin with:
session_name("aname")
session_start()
session_register("var1","var2")

In another page I check for existing value of session variable "var2".
In the next page I have the following code:
session_name("aname")
session_start()

if(($var2)=="" || !isset($var2))
"invalid"

But the strange thing is that the session value is not accessible in the
other page.

I have tried passing the session id though session_id() in the URL.

Session handling has been giving me some trouble (windows 2000, IIS)
The strange thing is that it works some times.

Can anyone give any pointers?



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Making sessions last longer?

[Leif K-Brooks]

Is there any way to make sessions last longer without access to php.ini? 
 I know how to change the cookie length, but not how long the session is 
stored on the server.  Is this possible?


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: FW: [PHP] session problem

[B.C. Lance]

you might wanna check if register global is turned on or off.

Naintara Jain wrote:
> One thing I forgot to mention is that the same code works perfectly on the
> web server (running on Apache and a Unix flavor).
> 
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> t]On Behalf Of Naintara Jain
> Sent: Saturday, July 06, 2002 6:09 PM
> To: Php-General@Lists. Php. Net
> Subject: [PHP] session problem
> 
> 
> I am storing some values in session variables.
> The behavior of the session is pretty unpredictable.
> 
> On the first page I begin with:
> session_name("aname")
> session_start()
> session_register("var1","var2")
> 
> In another page I check for existing value of session variable "var2".
> In the next page I have the following code:
> session_name("aname")
> session_start()
> 
> if(($var2)=="" || !isset($var2))
>   "invalid"
> 
> But the strange thing is that the session value is not accessible in the
> other page.
> 
> I have tried passing the session id though session_id() in the URL.
> 
> Session handling has been giving me some trouble (windows 2000, IIS)
> The strange thing is that it works some times.
> 
> Can anyone give any pointers?
> 
> 
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] mail help, and php.ini help.

[Greg Scotts]

i`ve coded a mass-mailer for my site but the $from header doesn't work.

when i get a test message back from it it says from "Unprivileged user" =
not what i set it to.

How would i set it out using the syntax:

$to #
$from #
$subject #
$message #
mail($to, $from, $subject, $message)
___=20

Also, i was wondering how i could use my own PHP.INI config file on a =
remote webserver which hosts my site.

And can i set .php to something else, like .he for example?

-ReLik

[PHP] help help help!!!!!!pls........

[Balaji Ankem]

Hi dear friend,

I have multiple check boxes ...and I gave the single name to all check
boxes.

If I post to my php script I am not getting all the values as an
array.I am getting only one value(last value).


=




function checkitall()
{
var n=0,i=document.form1.OptionList.length;

while(n

Re: [PHP] Re: Sort with PHP or SQL?

[Pekka Saarinen]

At 7/5/2002, you wrote:
> >I'm working on a way to pull menus/pages from a database.  Currently I have
> >this working on 2 levels - Topic headers & actual page titles - & it prints
> >it out fairly nice & doesn't take long to load.  What I need to do is add a
> >level between the 2, a sub-header.
> >
> >I'm running both the apache server & mysql server on the same linux box as
> >the current load isn't very high.  I'm wondering whether it would be
> >better/easier to Load all the topic headers into an array, then any possible
> >sub-headers into a 2nd array, then the pages into a 3rd array (or even into
> >a multidimensional array?).  Then go through the arrays & match the pages.
> >Or would it be easier to write 1 huge SQL statement & have the SQL server
> >run the whole query?
>
>*ANY* time you can sort/search in SQL, or you can do it in PHP, the SQL way
>will be faster.
>
>I'm sure there's an exception to this rule, but I've never seen it :-)

Hi,

I have here a beta of my gallery software (normalized to fourth normal form 
and good use of indexes) where I did a user-selectable limit where you 
decide if pagination and sorting (SORT BY and ORDER by)  are done by PHP or 
by MySQL.

Especially ORDER BY is quite slow compared to other SQL commands and 
optimizing it may not always be easy: 
http://www.mysql.com/doc/O/R/ORDER_BY_optimisation.html

In Apache/MySQL under Windows XP the difference is small result sets is 
quite big (e.g. 0.07s vs. 0.12s), and in Linux box it is much smaller but 
still noticeable.  When result set gets bigger MySQL gains speed. The MySQL 
method also varies more in speed. So,  offer a "treshold" value choice from 
"use always PHP" to "use always SLQ"  and few steps in between, because 
there is no way of knowing which way works best in each server and image 
amount, without testing it.

Also, many virtual hosts share MySQL server(s), so offering a choice to use 
PHP for pagination and sorting on "own server RAM/CPU" may by beneficial. I 
also believe that anything that produces less load to MySQL is good.

This is just my experience: I believe in empirical research :)

Pekka



-
Pekka Saarinen
http://photography-on-the.net
-



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Sort with PHP or SQL?

[Pekka Saarinen]

At 7/6/2002, you wrote:
>SORT BY and ORDER by

I mean LIMIT and ORDER BY of course
Time for some more coffee.



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Survey: MySQL vs PostgreSQL for PHP

[Ilia A.]

On July 5, 2002 07:54 pm, Pete James wrote:
> "Ilia A." wrote:
> >  The biggest annoyance I've come across is
> > the fact that while using PostgreSQL with PHP is that when you fetch a
> > row you must specify the number of the result, while in MySQL, that is
> > handled internally by PHP for you. This means that your PHP scripts must
> > track the row numbers themselves.
>
> This is not so... see pg_fetch_array.  Since PHP 4.1.0, you no longer
> need the row number.

It may work without, but according to the manual on php.net
pg_fetch_array
pg_fetch_object
pg_fetch_row

REQUIRE a row number. If that is no longer the case as you claim, perphaps 
someone needs to inform the developers and have them update the 
documentation.


>
> > Now we come to the actual database speed itself. In this regard in most
> > applications MySQL is MUCH faster probably because it has to do allot
> > less work then PostgreSQL does. For example, lets analyze the most common
> > action performed in a database system, a SELECT. When you do a select in
> > MySQL, MySQL internally locks the table for the duration of the select.
> > PostgreSQL on the other hand does a row level lock, internally, for every
> > row you select.
>
> Is this really what you want?  Doesn't this mean that PostgreSQL would
> be more efficient for larger user volumes?  Locking an entire table
> isn't usually a good thing.
>

Not necessarily, locking entire table has its pluses and minuses. The BIG 
minues is that while the entire table is locked you cannot do anything until 
the lock is released. On the other hand, it is MUCH faster to lock the entire 
table then the inidividual rows. PostgreSQL would be more effecient on a 
system that does lots of locking, but on a system without or few locks MySQL 
will beat it hands down.

Ilia
FUDforum Core Developer
[EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] mail help, and php.ini help.

[Alberto Serra]

ðÒÉ×ÅÔ!

Greg Scotts wrote:
> $to #
> $from #
> $subject #
> $message #
> mail($to, $from, $subject, $message)

It always worked for me... you obviously checked variable content, did 
you? And I am not sure I got you right. Mail gets sent, it's just the 
sender address being wrong?

> Also, i was wondering how i could use my own PHP.INI config file on a =
> remote webserver which hosts my site.

You need a shell with root access. I doubt you will be given one.

> And can i set .php to something else, like .he for example?

Yes, if you are root :) You need to do it in your httpd.conf (that's 
actually something Apache must now. For PHP file extension is totally 
equivalent, you could have no extension at all and they would work. It's 
Apache that needs some rule for it to know how it's going to process the 
request).

ÐÏËÁ
áÌØÂÅÒÔÏ
ëÉÅ×


-- 


@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@

LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu?
lOrD i'M sHiNiNg...
YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is...


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] help help help!!!!!!pls........

[Alberto Serra]

Balaji Ankem wrote:

> I have multiple check boxes ...and I gave the single name to all check
> boxes.
> 
> If I post to my php script I am not getting all the values as an
> array.I am getting only one value(last value).

Correct. Since they are all named in the same way, the last one kills 
them all.

> If I give name as OptionList[] I am getting an error for selectAll
> option. 

I never came to think about it, but the [] thing may actually disturb 
jscript.

I usually do it like this:

HTML side


   
 
 
   Option 2
 

Hi


   
 
 
   Option 2
 

Hi



PHP side
-
   # put the received input into an ordered structure
   ##
   $count = 0;
   while ( isset($control[$count]) ) {

 # Build variable names;
 ###
 $w_OptionList = "OptionList_".$count;

 # get actual form values
 
 $OptionList[$count] = $$OptionList;

 $count++;
   }

Javascript
--
I never use selectAll. But you can easily walk the array down in the 
very same way.


ÐÏËÁ
áÌØÂÅÒÔÏ
ëÉÅ×

-- 


@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@

LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu?
lOrD i'M sHiNiNg...
YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is...


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Sort with PHP or SQL?

[Alberto Serra]

ðÒÉ×ÅÔ!

Pekka Saarinen wrote:
> Also, many virtual hosts share MySQL server(s), so offering a choice to 
> use PHP for pagination and sorting on "own server RAM/CPU" may by 
> beneficial. I also believe that anything that produces less load to 
> MySQL is good.

Absolutely true. First time a customer of mine wanted to host in the 
States he got offered Oracle on dedicated machine. Looked quite good, as 
usually having DB server on a dedicated machine performs *much* better.

Eventually, we found out that the yanks had *one* db server for 
something like 50 overloaded webservers. The poor dbbox was actually 
serving an incredible amount of MySql dbs, too.

So poor configuration must be taken into account. Especially when you 
are hired into a project and cannot really choose who the provider is 
going to be. In that case an oracle instance was *much* slower than a 
PHP sort out of a plain text file. And we are talking about a ridicolous 
amount of rows...

Everything may happen...

ÐÏËÁ
áÌØÂÅÒÔÏ
ëÉÅ×


-- 


@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@

LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu?
lOrD i'M sHiNiNg...
YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is...


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How to copy a transparent png over an existing image usingGD?

[Rasmus Lerdorf]

You need to use ImageCopyResampled() instead.  And don't forget to turn on
alpha blending beforehand using ImageAlphaBlending($im,true);

-Rasmus

On Sat, 6 Jul 2002, [ISO-8859-1] Victor Spång Arthursson wrote:

> Hi!
>
> I'm trying to copy a transparent (copyright) image over an existing
> using GD, but can't get it to work…
>
> The copyright image is a png, and can be found here:
> .
>
> Does anyone either know how to perform this, or knows a link to some
> tutorial who explains this step by step…?
>
> My problem is that the transparent image loses its transparens when I do
> the copyimageresized…
>
> Thankful for any help,
>
> sincerely
>
> Victor
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Thanks

[Skyhawk]

Thanks

"Val Petruchek" <[EMAIL PROTECTED]> escreveu na mensagem
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> FROM THE MANUAL:
>
> header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");// Date in the past
> header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
>  // always modified
> header("Cache-Control: no-store, no-cache, must-revalidate");  // HTTP/1.1
> header("Cache-Control: post-check=0, pre-check=0", false);
> header("Pragma: no-cache");  // HTTP/1.0
>
>
>
> --
> Sincerely, val petruchek
> "Skyhawk" <[EMAIL PROTECTED]> ÓÏÏÂÝÉÌ/ÓÏÏÂÝÉÌÁ × ÎÏ×ÏÓÔÑÈ ÓÌÅÄÕÀÝÅÅ:
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Please, How do I make for my webpage expires before time?
> >
> > Thanks
> >
> > I'm sorry my english, I'm brazilian.
> >
> >
>
>
>
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Figuring Out the Best Day in stats program

[JJ Harrison]

I have been going fine in a Web Stats program until now.

How can I figure out which day has had the most records(ie visitors)
inserted?

There is a time column which has unix timestamp of when the record was
inserted.

The best I can think of currently is:
To use a while loop to repeatedly query the DB.
then use an if statement to replace two variables(UNIX timestamp and number
of visitors) if the value returned is higher.

--
JJ Harrison
[EMAIL PROTECTED]
www.tececo.com



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Compiling PHP

[Leon Mergen]

Hello,

I'm currently camping with a problem... I have written a PHP application for
a client of mine, however, I do not want have him seeing the source code. I
know Zend has the Zend Encoder, however, this piece of software costs $2400
and since this is a one-time encoding request, I think this is a bit too
much ...

I want to know if anyone else knows another less expensive option to do
this.

Thanks in advance,

Leon  Mergen



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Stored Procedures

[James Drabb]

On Sat, 06 Jul 2002 01:16:28 -0500
"Richard Lynch" <[EMAIL PROTECTED]> wrote:

> > I'm using a postgres datbase for my PHP project, how do I make stored 
> >procedures?  Or if no SPs then what would be recomendation for building 
> >simple/reuseable "Put" and "Get" procedures for my data?
> 
> Well, if nothing else, PostgreSQL does support user-defined functions,
> going'way back.
> 
> Technically not quite the same as a Stored Procedure, but should do what
> you need.
> 
> Of course, *WHY* you want to add such a ridiculous layer of overhead to
> your code is beyond my comprehension, but that's another story... :-)
> 
> I once worked at a place where the head IT guy was convinced Stored
> Procedures were the bomb.
> 
> Alas, he didn't tell me that until after I had coded the most of the ASP
> application without them.
> 
> Meanwhile, deadlines were looming, and I wasn't migrating to Stored
> Procedures, since I was furiously coding all the change requests (well,
> okay, they were really "Features The Client Thought Up During Development
> Because He Didn't Design Anything Beforehand" but they were called change
> requests anyway.
> 
> So a new guy they hired was assigned the task of converting all my:
> 
> <%
>   $query = "select blah, blah, blah";
> %>
> 
> code into Stored Procedures.
> 
> Guess what?
> 
> *ONE* of the pages was a little faster.  The other hundred pages were just
> as fast with $query = "select..."
> 
> Guess what else?
> 
> When we migrated from SQL 6.5 to SQL 7.x, all the Stored Procedures puked.
> 
> Guess what else?
> 
> Before the Stored Procedure conversion, it was trivial to Push from the
> Dev box to the Production box.
> After the conversion, it was a nightmare.  I ended up writing an Admin
> tool to connect to both databases and compare the text of the Stored
> Procedure source (buried in badly-designed Microsoft tables) between the
> Dev Server and the Production Server.
> Of course, in the first round *ALL* the procedures were different, since
> Microsoft added/stripped altered the text of the Stored Procedures while
> copying them from Dev to Server in the first place.
> 
> Guess what else?
> 
> There weren't enough queries "the same" that there was any real code
> re-use.
>  I coded the application and the pages were designed properly in the first
> place, so very seldom were two queries the same.  If they had been the
> same, I would have put those two pages (features) into one.
> 
> Guess what else?
> 
> The new guy was in such a hurry, that in the few instances that two
> queries*were* the same, he didn't bother to figure that out, so we ended
> up with some Stored Procedures that were duplicates of others in
> everything except their name.
> 
> Guess what else?
> 
> The @@INSERT_ID I was using worked differently inside a Stored Procedure,
> so I wasted days tracking down a bug introduced by the Stored Procedures.
> 
> Guess what else?
> 
> When I went to edit the pages he had changed, I'd  have no idea what data
> was coming back from the Stored Procedure, without reading way too many
> lines of code.  With the $query = "select x, y, z" style, I knew exactly
> what I was getting.
> 
> All in all, the company spent 4 weeks of this guys' life, 40 hours a week,
> making the application less portable, less maintainable, and no faster.
> 
> And people wonder why I see little value in Stored Procedures.
> 
> -- 
> Like Music?  http://l-i-e.com/artists.htm
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 

Stored procedures are like any other type of programming construct.
You can do them right or you can do them wrong.  When making a stored
procedure you should stick to ansi SQL as much as possible.  Most of
my stored procedures I can move from a SQL Server 2000 box to an Oracle
8i box with not problems at all.   Stored procedures are NOT over head.
If you need to change an SQL statement, then you would have to search
through all your code to make changes intstead of just one stored proc.
If you don't see any speed increase from stored procs then you are doing
something wrong.  Stored procs are compile SQL statements.  Every
time a your php page does something like $query="Select * from MyTable"
the DB needs to parse the query and create an execution plan.  The stored
procs do it only ONCE the first time it is ran and all the other calls to
it save you many millisecond to seconds.  That might not sound like much
but if you have a site with more than 5 users you will see a difference.
The intranet I finished for my company has 100,000 users and sustains
almost 1,000 users per second.  The pages took 7 to 10 seconds without
stored procs and went down to 3-4 seconds with them.  Also, new features
needed to be added to the site and required some tables to be changed.
I only had to change one SQL in on location and everything was fine.

Jim Drabb

-- 
James Drabb JR - Programmer Analyst - Orlando, FL - [EMAIL PRO

Re: [PHP] HTTPS vs. HTTP ?

[Chris Shiflett]

Richard Lynch wrote:

>You can create your own SSL key pair very, very, very easily...
>
>But unless you paid the $200 to get it from a CA, surfers will see a nasty
>(and totally inaccurate/misleading) warning about how insecure it is.
>

They should. To do otherwise would be inaccurate and misleading.

>The transmission is no less secure -- It's that the web-server on the other
>end was too cheap to pay the $200 for a CA key.
>

No, the transmission is much less secure. You cannot be guaranteed the 
identity of the Web server you're communicating with. You think just 
because the HTTP transaction is encrypted that it is secure? What if 
you're encrypted transaction is taking place with some criminal? You 
still feel secure?

>Yes, the basic model for the security of all eCommerce is:
>
>"You pay some large corporation $200, and they trust you."
>

No, you pay some large corporation money, because the majority of 
browsers currently in use trust certificates issued by that corporation. 
They've had to undergo extensive C&A processes to ensure the integrity 
of their operation, and they've also had to shell out some big money to 
Microsoft and Netscape to have their root certificates installed and 
trusted into their browsers.

>Alas, the *BROWSER* makes it sound like the whole thing is very shady, when,
>in reality, if you trust the web-site (certainly more than I trust
>Microsoft!) then it's just as secure.
>

The browser *should* issue a warning when the identity of the Web server 
it is about to communicate with cannot be guaranteed. You seem to be 
confused about where the trust lies. If I trust the Web site 
http://www.mybuddy.org/ (hypothetical best friend's Web site), does that 
mean I should trust any certificate that is issued to www.mybuddy.org? 
What if the certificate's root CA was a criminal's PC? Are you *sure* 
that's your friend's Web site that you are communicating with?

However, if you do trust a certain CA (perhaps your own), you can import 
your root certificate into your browser and check some boxes to trust 
it. Luckily, browsers don't even allow a method for you to "trust" a 
domain name.

It is quite trivial to generate a certificate for www.amazon.com. It 
isn't too terribly difficult to make someone's computer think 
www.amazon.com is your Web site. Here come the encrypted credit card 
numbers. Good thing they're secure. :)

The point is, PKI isn't about encryption alone. In fact, the "textbook" 
answer to the question of what services PKI provides is:

1. Identification
2. Authentication
3. Authorization
4. Integrity
5. Confidentiality
6. Non-Repudiation

If it only provided confidentiality, quite honestly, PKI would be 
useless as it is implemented today.

Happy hacking.

Chris



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Survey: MySQL vs PostgreSQL for PHP

[Devrim GUNDUZ]

Hi,

On Fri, 5 Jul 2002, Lazor, Ed wrote:

> How many here feel PostgreSQL has surpassed MySQL as the better backend for
> PHP?  This would be based on performance (speed, scalability, etc.) and
> features.
> 

Surely PostgreSQL!!!

If you aim is creating a "database", then use PostgreSQL. if you want to 
use a database, for ex. for you web page, use MySQL... (well, 
use PostgreSQL anyway  :-) )

As written on postgresql.org : "The best open source database engine"

BEst regards.


-- 

Devrim GUNDUZ

[EMAIL PROTECTED]
[EMAIL PROTECTED]

Web : http://devrim.oper.metu.edu.tr
-





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] HTTPS vs. HTTP ?

[Chris Shiflett]

Richard Lynch wrote:

>In the HTTPS exchange, however, extra key-pairs are generated on the fly,
>and the private half of the new pair are exchanged, encrypted with the
>public halfs of the old pairs, so that the server and the browser are using
>a UNIQUE public/private pair so that nobody can snoop on them...
>
>Or, at least, it works something like that...  I'm telling you, you really
>don't need to understand this stuff if it gives you a headache as bad as it
>gives me :-)
>

If you want a basic understanding of PKI, how it works, what problems it 
solves, etc., I highly recommend a single chapter in a single book that 
will give you enough of a foundation to "get it" (esr style).

_PKI:_Implementing_and_Managing_E-Security_ from RSA Press, Chapter 2 
(50 pages - very clear and not too technical).

Happy hacking.

Chris



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] phpBB Info

[BrettM]

I wanna be able to do some stuff, which involves getting data from my phpBB
board.

Member Count: (this section should autoupdate)
Number Of Forums: (this section should autoupdate)
Highest Post Count: (this section shouldauto  update((member) with (post
count) posts))
Most Replied to topic: (this section should auto update((topic) with (number
of replys) replys))

Can someone give me the code to do this

the page with this on is in my base directory. My forums are in /forums



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP 4 broken after Apache upgrade

[Chris Garaffa]

OK, so I upgraded to Apache 1.3.26 on my RedHat machine after the security
stuff last week. Saved my old httpd.conf file, just in case, and I did need
it. Unfortunately, neither the old file, nor the new file, nor the new file
modified to include PHP support, work.
I added:
LoadModule php4_module  libexec/libphp4.so
AddModule libphp4.c
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source  .phps

to httpd.conf in their proper sections.
Also, added index.php as one of the possible index files (along with
index.html and index.shtml)
I checked libexec/; libphp4.so is there.
Then I get this:
[root@saturn /]apachectl start
Syntax error on line 276 of /usr/local/apache/conf/httpd.conf
Cannot add module via name 'libphp4.c'; not in list of loaded modules

OK, so I comment out AddModule libphp4.c, and
[root@saturn /]apachectl start
/usr/local/apache/bin/apachectl start: httpd started
[root@saturn /]

But then, I load up Internet Explorer, go to my site, and get this:
"Unhandled File Type" dialog box:
Internet Explorer doesn't know how to handle the type of file you have
selected.
You can choose to save this file to your disk or you can configure a Helper
Application for this file.
MIME Type: application/x-httpd-php
File Name:
-
I downloaded the file via Save File AsŠ and it is the php source for
index.php.

So do I need to reinstal PHP, or am I just missing something in the config
file?
-- 
Chris Garaffa
#!/usr/local/lib/php
$contact_info["Name"]   = "Chris Garaffa";
$contact_info["Email"]  = "[EMAIL PROTECTED]";
$contact_info["Work"]   = "[EMAIL PROTECTED]";
$contact_info["cell"]   = "203.803.9066"; 


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP 4 broken after Apache upgrade

[Devrim GUNDUZ]

Hi,

On Sat, 6 Jul 2002, Chris Garaffa wrote:

> OK, so I upgraded to Apache 1.3.26 on my RedHat machine after the security
> stuff last week. Saved my old httpd.conf file, just in case, and I did need
> it. Unfortunately, neither the old file, nor the new file, nor the new file
> modified to include PHP support, work.
> I added:
> LoadModule php4_module  libexec/libphp4.so
> AddModule libphp4.c
> AddType application/x-httpd-php .php
> AddType application/x-httpd-php-source  .phps
> 
> to httpd.conf in their proper sections.
> Also, added index.php as one of the possible index files (along with
> index.html and index.shtml)
> I checked libexec/; libphp4.so is there.
> Then I get this:
> [root@saturn /]apachectl start
> Syntax error on line 276 of /usr/local/apache/conf/httpd.conf
> Cannot add module via name 'libphp4.c'; not in list of loaded modules
> 
> OK, so I comment out AddModule libphp4.c, and
> [root@saturn /]apachectl start
> /usr/local/apache/bin/apachectl start: httpd started
> [root@saturn /]
> 
> But then, I load up Internet Explorer, go to my site, and get this:
> "Unhandled File Type" dialog box:
> Internet Explorer doesn't know how to handle the type of file you have
> selected.
> You can choose to save this file to your disk or you can configure a Helper
> Application for this file.
> MIME Type: application/x-httpd-php
> File Name:
> -
> I downloaded the file via Save File AsŠ and it is the php source for
> index.php.
> 
> So do I need to reinstal PHP, or am I just missing something in the config
> file?

You need to compile php with apache again, I think.

Best regards.


-- 

Devrim GUNDUZ

[EMAIL PROTECTED]
[EMAIL PROTECTED]

Web : http://devrim.oper.metu.edu.tr
-



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP 4 broken after Apache upgrade

[Chris Allen]

Reinstall php. Did you do that when you upgraded Apache? For static link you
need to re-install. For DSO not sure I do not run my systems that way. I
havent heard of anyone else having problems. I will be updating myself this
weekend so...

Also you need to have the apache server "handle" the php type. Thats why IE
complains.




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] phpBB Info

[Stuart Dallas]

On Saturday, July 6, 2002 at 5:35:26 PM, "BrettM" wrote:
> I wanna be able to do some stuff, which involves getting data from my phpBB
> board.

> Member Count: (this section should autoupdate)
> Number Of Forums: (this section should autoupdate)
> Highest Post Count: (this section shouldauto  update((member) with (post
> count) posts))
> Most Replied to topic: (this section should auto update((topic) with (number
> of replys) replys))

> Can someone give me the code to do this

> the page with this on is in my base directory. My forums are in /forums

This is not a place where you can get free development. It is here to provide
help to PHP developers. If you need some development done then there are plenty
of people/places that can assist you.

If I have misunderstood your post and you have tried to do this yourself but
are having problems, please post more information such as your source code
along with a full description of the problem(s) you're having including any
error messages.

-- 
Stuart


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP 4 broken after Apache upgrade

[Chris Garaffa]

That's exactly what I needed to do... Thanks Devrim and Chris for your quick
help.
AhhhŠ back to coding!
-- 
Chris Garaffa
#!/usr/local/lib/php
$contact_info["Name"]   = "Chris Garaffa";
$contact_info["Email"]  = "[EMAIL PROTECTED]";
$contact_info["Work"]   = "[EMAIL PROTECTED]";
$contact_info["cell"]   = "203.803.9066";


He who calles himself "Devrim GUNDUZ" (from <[EMAIL PROTECTED]>) wrote
on 7/6/02 1:15 PM:
> You need to compile php with apache again, I think.
> 


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: [PHP-GTK] Cannot enable extensions. Why?

[George Hester]

All fixed.  Install the new PHP using the installer to get mappings set (almost)
correctly in IIS 5. Make sure PHP works now.  Then rename C:\php to C:\php01.
Download the 5MB package with the components.  Then rename the directory that
conatins the files to php and put in C drive.  Leave the ini alone that the
installer put in and that may have been customized.  Make sure everything still
works.  Trash C:\php01.  Done.  Components will now work.  This issue resulted
from the versions of php.exe in the installer and in the 5MB being different
although both are called version 4.2.1.  Thanks everyone.  Steph and Jason.

--
George Hester
_
"Steph" <[EMAIL PROTECTED]> wrote in message
05ab01c224be$130cfe40$e09001d5@p2q4w7">news:05ab01c224be$130cfe40$e09001d5@p2q4w7...
> Having just caught up with most of the threads on this thanks to MARC,
> can you please now explain why on earth you are insisting on loading
> PHP-GTK dynamically through a web server?
>
> The results should be interesting to say the least ..
>
> - Original Message -
> From: "George Hester" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Saturday, July 06, 2002 5:49 AM
> Subject: Re: [PHP-GTK] Cannot enable extensions. Why?
>
>
> > Well thank you Jason.  The gtk is now running.  The last thing now is
> why I
> > cannot uncomment the extensions in the C:\WINNT\php.ini in my PHP
> 4.2.1
> > installation.  That issue still exists.
> >
> > In this script
> >
> > http://127.0.0.1/scripts/could.php
> >
> >  could.php ---
> >
> > 
> > 
> > From Newsgroup
> > 
> >  > $myvar = "Hello World1";
> > echo $myvar;
> > print ("Hello World 2");
> > ?>
> >  > $myvar1 = "This is a test!";
> > echo $myvar1;
> > ?>
> > 
> > 
> > -- End could.php --
> >
> > I get this:
> >
> > Hello World1Hello World 2This is a test!
> >
> > But if I uncomment php_w32api_dll in php.ini
> >
> > I get this error before the page loads in a message box:
> >
> > w32api: unable to initialize module
> > Module compiled with module API=20010901, debug=0, thread-safety=1
> > PHP compiled with module API=20020429, debug=0, thread-safety=1
> > These options need to match.
> >
> > and after the page loads:
> >
> > X-Powered-By: PHP/4.2.1 Content-type: text/html; charset=iso-8859-1
> Hello
> > World1Hello World 2This is a test! PHP Warning: w32api: Unable to
> initialize
> > module Module compiled with module API=20010901, debug=0,
> thread-safety=1 PHP
> > compiled with module API=20020429, debug=0, thread-safety=1 These
> options need
> > to match in Unknown on line 0
> >
> > All the versions off all the files of all the downloads in all the
> folders of
> > all that I know of are all what was directed to download from
> >
> > http://www.php.net/
> >
> > Namely:
> >
> > http://www.php.net/do_download.php?download_file=php-4.2.1-Win32.zip
> >
> > But I first ran:
> >
> >
> http://www.php.net/do_download.php?download_file=php-4.2.1-installer.exe
> >
> > and then just poped in the components from the first link.
> >
> > Trouble doing that?
> >
> > Thanks again.
> >
> > --
> > George Hester
> > _
> > "Steph" <[EMAIL PROTECTED]> wrote in message
> > 056301c224a8$a2800600$e09001d5@p2q4w7">news:056301c224a8$a2800600$e09001d5@p2q4w7...
> > > please follow the readme in the PHP-GTK download.  You cannot mix
> the
> > > dlls from separate builds and expect them to work, you should in
> fact be
> > > keeping both versions of PHP completely separate if you're intending
> to
> > > use a gui and web installation side by side.  Both php.ini's will
> need
> > > to be local to their respective version of php.exe.
> > >
> > > - Original Message -
> > > From: "George Hester" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> > > Sent: Saturday, July 06, 2002 3:37 AM
> > > Subject: [PHP-GTK] Cannot enable extensions. Why?
> > >
> > >
> > > > In Windows 2000 SP2 IIS 5
> > > > this statement works without issue:
> > > >
> > > > $myvar2 = strtoupper(substr(PHP_OS, 0, 3))
> > > >
> > > > and myvar2 = WIN
> > > >
> > > > but this statement right after it:
> > > >
> > > > dl('php_gtk.dll');
> > > >
> > > > leads to this error:
> > > >
> > > > Fatal error: Dynamically loaded extentions aren't enabled. in
> > > > c:\inetpub\scripts\could.php on line 17
> > > >
> > > > why?
> >
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] FTP commands

[Jose Arce]

Hi, i'm making a script, that logs some ftp characteristics, like resume 
support and stuff...i try using ftp_site(), but it's not working

I want to send a command like REST, but ftp_site() send the command like 
this: SITE REST, with the SITE before the command...any way to do it?
Thx :D

_
Únase al mayor servicio mundial de correo electrónico: 
http://www.hotmail.com/es


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Compiling PHP

[Chris Hewitt]

Leon,

This was discussed on this list at length, ending about a week or so 
ago. Please look in the archives for it. There was a lot of detail which 
may be useful to you. Basically the consenus answer was no.

Regards

Chris

Leon Mergen wrote:

>Hello,
>
>I'm currently camping with a problem... I have written a PHP application for
>a client of mine, however, I do not want have him seeing the source code. I
>know Zend has the Zend Encoder, however, this piece of software costs $2400
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: How to cast objects in arrays.

[Anas Mughal]

Thanks to everyone!!!
I have figured it out...
 
  Anas Mughal <[EMAIL PROTECTED]> wrote: I have a function getRow() that returns a 
new instance
of an object called IvActivity. I insert this new
instance into $list. I need to call getTitle method on
each of the inserted objects. However, I keep on
getting parse error on the line that does the casting.
Please help.


$i = 0;
while ($row = mysql_fetch_array($mysql_result)) {
$instance = $this->getRow($row);
$list[$i] = $intance; 
$i++;
}

// ...

foreach ($list as $item) {
$act = (IvActivity) $item;
echo "item: " . $act->getTitle();
}



(I also tried simple for loop with $list[$i] logic.
Unf, I am not able to cast those objects either.)

__
Do You Yahoo!?
Sign up for SBC Yahoo! Dial - First Month Free
http://sbc.yahoo.com



-
Do You Yahoo!?
New! SBC Yahoo! Dial - 1st Month Free & unlimited access

[PHP] Help w/ sessionl variables plz!

[Anthony Rodriguez]

The following PHP script doesn't pass $course ("statistics") to the next 
script.  Why?



Thanks!

Tony



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Uninitialized string offset

[Uri Even-Chen]

Thanks for the advice! I understand the problem now. I think they added
the Uninitialized
string offset in Version 4.1.0 (see
). That's why I didn't get this
warning before. Anyway, I think I'll just add a "@" sign to suppress
warnings. I tried it last nights and it works.

Uri.


Richard Lynch wrote:
> 
> >After upgrading to Red Hat Linux 7.3 (which also includes a new PHP
> >version), I saw this warning (Uninitialized string offset) on my apache
> >error log files. It refers to a line which was perfectly legal before:
> 
> The new settings in php.ini are error_reporting E_ALL by default.
> 
> Those errors have always been there, have always been generated, and you've
> been "ignoring" them.
> 
> >   if
> >(isset($GLOBALS['SPEEDY_GLOBAL_VARS']['CURRENT_USER']['UserName']))
> >
> >I always use isset to check if a variable is defined. Do you know why I
> >get this warning?
> 
> Best Guess:
> 
> PHP is only checking if the *LAST* array reference "isset" -- and to do
> that, *has* to assume that the others are there -- IE, that
> $GLOBALS['SPEEDY_GLOBAL_VARS']['CURRENT_USER'] is set...
> 
> Change it to this:
> 
> if (isset($GLOBALS['SPEEDY_GLOBAL_VARS'] &&
> $GLOBALS['SPEEDY_GLOBAL_VARS']['CURRENT_USER'] &&
> $GLOBALS['SPEEDY_GLOBAL_VARS']['CURRENT_USER']['UserName']){
> 
> --
> Like Music?  http://l-i-e.com/artists.htm



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] suppressing errors with "@"

[Uri Even-Chen]

Thanks! I also think it might be a bug. I reported it as a bug report.

Uri.


Miguel Cruz wrote:
> 
> On Sat, 6 Jul 2002, Uri Even-Chen wrote:
> > I tried to suppress warnings in isset expressions (Uninitialized string
> > offset warnings).  The original line was something like this:
> >
> > if (!(isset($GLOBALS['SPEEDY_GLOBAL_VARS']['PAGE_NAME'])))
> >
> > When I added the "@" sign like this:
> >
> > if (!(isset(@$GLOBALS['SPEEDY_GLOBAL_VARS']['PAGE_NAME'])))
> >
> > My program stopped working, and I got errors like:
> >
> > PHP Parse error:  parse error, expecting `T_VARIABLE' or `'$'' 
> >
> > Eventually, I put the "@" in this place:
> >
> > if (!(@isset($GLOBALS['SPEEDY_GLOBAL_VARS']['PAGE_NAME'])))
> >
> > Which works, but why didn't it work the other way?  Is it some kind of
> > PHP bug?
> 
> It does seem to be a disagreement with the manual:
> 
>http://www.php.net/manual/en/language.operators.errorcontrol.php
> 
> There it says that you can stick @ before a variable name.
> 
> miguel



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Help needed with hexdec();

[frank]

Hi Guys,
 
I have a problem wich I hope has been solved by someone :-)
 
Here's the deal,
 
I have to convert a perl script to PHP trying to do so I get negative
values from hexdec(), If I use (int)hexdec() the numbers aren't negative
anymore, but they do not add up to what they should.
 
Here's the perl line:
$a = FF ($a, $b, $c, $d, $temparr[8],  $S11, hex("698098d8"));
 
 
this is PHP:
$a = FF ($a, $b, $c, $d, $temparr[8],  $S11, hexdec("698098d8"));
 
FF is a function:
function FF($a,$b,$c,$d,$x,$s,$ac)
{
 $a += F($b,$c,$d) + $x + $ac;
 if ($a > hexdec(""))
   {
   $a = substr($a,strlen($a)-9,9) ;
   }
 $a = RL($a,$s);
 $a += $b;
 return $a;
}
 
F is also a function:
function F($x, $y, $z)
{
 return ((($x) & ($y)) | ((~$x) & ($z)));
}
 
Could anybody tell me what I am missing here?
 
e-mail:   [EMAIL PROTECTED]
 

FW: [PHP] HTTPS vs. HTTP ?

[Richard Lynch]

>:-)  Don't tell me if you're gonna use it for production!!!

Depends on your user-base.

If all of them know that the only difference is $119, and all of them
inherently trust your web-server and domain name to be correct, there is no
more risk with the free one.

It's a true shame that the general public has been so mis-led and
ill-informed on this issue.  While there are a zillion descriptions of how
the keys are exchanged, and how there are certificates here, there, and
everywhere, few bother to explain how this whole "Trust" model really works.

A web-site pays $200, and they are trusted.  End of story.

-- 
Like Music?  http://l-i-e.com/artists.htm



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] FW: upload file size

[Richard Lynch]

>I can't seem to upload file bigger than 5M even if I set the
>upload_max_filesize to 20M in php.ini and MAX_FILE_SIZE to 20M in the
>script. What's am I missing here? Is the temporary upload directory won't
>handle file this size? Please give me some pointers here. TIA.

Does  show a 20 M limit?

Is it using the php.ini file you think it's using?

-- 
Like Music?  http://l-i-e.com/artists.htm



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] HTTPS vs. HTTP ?

[Richard Lynch]

>On Fri, 5 Jul 2002, Richard Lynch wrote:
>> But unless you paid the $200 to get it from a CA, surfers will see a nasty
>> (and totally inaccurate/misleading) warning about how insecure it is.
>
>It is easy to launch a man-the-middle attack against a session being
>initiated between a client and a server with a self-signed certificate.  
>You just send the client a self-signed certificate of your own, and it
>can't tell it apart from the real one - same error message shows up.

"Easy" is relative.

What's more likely to occur:

A slime-ball with $200 makes a web-site to rip people off with a signed
certificate.
A hard-core hacker intercepts an HTTP connection.

Neither is a desired outcome.

The current Certificate Authority system works okay against the second one,
but doesn't really address the first.

-- 
Like Music?  http://l-i-e.com/artists.htm


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Stored Procedures

[Richard Lynch]

>Stored procedures are like any other type of programming construct.
>You can do them right or you can do them wrong.

Yeah, and GOTO is perfectly fine... In the right place.

>When making a stored
>procedure you should stick to ansi SQL as much as possible.

All my SQL was so dirt-simple, it couldn't have been non ANSI.

select name, skill from applicants where job_id = $job_id

>Most of
>my stored procedures I can move from a SQL Server 2000 box to an Oracle
>8i box with not problems at all.

Oh they *MOVED* okay.  Now update the Stored Procedures for sub-section A of
your on-line application on the Development box, and try to push the changes
through to the Production Server.

So, which Stored Procedures got changed?

You have to keep track of them all, cuz MS sure doesn't.

>Stored procedures are NOT over head.

They are a *LOT* of painful administrative overhead, and their gains are
mythical, not real.

>If you need to change an SQL statement, then you would have to search
>through all your code to make changes intstead of just one stored proc.

Bullshit.

If I have to change an SQL statement, I know right where it is, right where
it belongs, right in the code.

>If you don't see any speed increase from stored procs then you are doing
>something wrong.  Stored procs are compile SQL statements.  Every
>time a your php page does something like $query="Select * from MyTable"
>the DB needs to parse the query and create an execution plan.

Do you have *ANY* idea how quickly:

"select * from MyTable" can be parsed and an execution plan selected?!

It's CHUMP CHANGE in time.

*ONLY* if your SQL is so incredibly complicated that you can't even
understand it will the parse/compile time of SQL be a factor in performance.

>The stored
>procs do it only ONCE the first time it is ran and all the other calls to
>it save you many millisecond to seconds.  That might not sound like much
>but if you have a site with more than 5 users you will see a difference.
>The intranet I finished for my company has 100,000 users and sustains
>almost 1,000 users per second.  The pages took 7 to 10 seconds without
>stored
>procs and went down to 3-4 seconds with them.

*NOTHING* else changed, except you went to stored procedures?...

I'm from Missouri.  Show me.

>Also, new features needed to
>be
>added to the site and required some tables to be changed.  I only had to
>change
>one SQL in on location and everything was fine.

I only have to change one SQL in one location, and everything is fine.

-- 
Like Music?  http://l-i-e.com/artists.htm


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] HTTPS vs. HTTP ?

[Richard Lynch]

>>But unless you paid the $200 to get it from a CA, surfers will see a nasty
>>(and totally inaccurate/misleading) warning about how insecure it is.
>>
>
>They should. To do otherwise would be inaccurate and misleading.
>
>>The transmission is no less secure -- It's that the web-server on the other
>>end was too cheap to pay the $200 for a CA key.
>>
>
>No, the transmission is much less secure. You cannot be guaranteed the 
>identity of the Web server you're communicating with. You think just 
>because the HTTP transaction is encrypted that it is secure? What if 
>you're encrypted transaction is taking place with some criminal? You 
>still feel secure?

No, the *TRANSMISSION* is just as secure from snooping.  It's the
*RECIPIENT* whom you trust, or not.  Maybe they've hijacked DNS records and
are masquereding.  Maybe they just didn't pay the $200.  Maybe they paid
$200 and are crooks.

Do you really believe that for $200 (or $119, or $500) that they "proven"
themselves trustworthy?

>>Yes, the basic model for the security of all eCommerce is:
>>
>>"You pay some large corporation $200, and they trust you."
>>
>
>No, you pay some large corporation money, because the majority of 
>browsers currently in use trust certificates issued by that corporation. 
>They've had to undergo extensive C&A processes to ensure the integrity 
>of their operation, and they've also had to shell out some big money to 
>Microsoft and Netscape to have their root certificates installed and 
>trusted into their browsers.

And for the $200, they do a background check on everybody, or what?

What's to stop a criminal from getting a $200 certificate?  Nothing.

How do you *KNOW* that web-site isn't run by a criminal?  How do you know
they aren't collecting credit-card numbers?  How do you *KNOW* they aren't
storing them insecurely?

Fact is:  All you *KNOW* is that they paid Thawte, Microsoft, or some other
large corporation $200.  You don't know *anything* else about them.

>>Alas, the *BROWSER* makes it sound like the whole thing is very shady, when,
>>in reality, if you trust the web-site (certainly more than I trust
>>Microsoft!) then it's just as secure.
>>
>
>The browser *should* issue a warning when the identity of the Web server 
>it is about to communicate with cannot be guaranteed. You seem to be 
>confused about where the trust lies. If I trust the Web site 
>http://www.mybuddy.org/ (hypothetical best friend's Web site), does that 
>mean I should trust any certificate that is issued to www.mybuddy.org? 
>What if the certificate's root CA was a criminal's PC? Are you *sure* 
>that's your friend's Web site that you are communicating with?

If I *TRUST* mybuddy.org, the I *TRUST* them not to install a Certificate
from a criminal's PC !!!

I *TRUST* them not to have non-repudiated Certificates floating around out
there.

Conversely, if I don't know squat about mybuddy.org, all I know is they paid
somebody else I don't trust $200.

Maybe you just trust big corporations more than I do.  I dunno.

All I know is, the "Trust Model" *IS*

Somebody I don't trust pays somebody else I don't trust $200.  Period.

Doesn't instill a lot of faith in the system for *ME*.  Might be enough for
you to have Faith, but not me.

>However, if you do trust a certain CA (perhaps your own), you can import 
>your root certificate into your browser and check some boxes to trust 
>it. Luckily, browsers don't even allow a method for you to "trust" a 
>domain name.
>
>It is quite trivial to generate a certificate for www.amazon.com. It 
>isn't too terribly difficult to make someone's computer think 
>www.amazon.com is your Web site. Here come the encrypted credit card 
>numbers. Good thing they're secure. :)
>
>The point is, PKI isn't about encryption alone. In fact, the "textbook" 
>answer to the question of what services PKI provides is:
>
>1. Identification
>2. Authentication
>3. Authorization
>4. Integrity
>5. Confidentiality
>6. Non-Repudiation
>
>If it only provided confidentiality, quite honestly, PKI would be 
>useless as it is implemented today.

Do *YOU* trust the CA people to have thoroughly researched joesbotique.com
when you give them your credit card?

How do you know it's not a scam?

How do you know their certificate hasn't been stolen, and they haven't even
figured it out yet?  How do you know they were trustworthy people in the
first place?

You only *KNOW* that somebody, somewhere, at some time, paid $200 for that
"Certificate" and that nobody has noticed something skanky about it -- at
least not yet.

The more I think about this, the more I agree with people who just won't do
eCommerce at all...

-- 
Like Music?  http://l-i-e.com/artists.htm


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: mail help, and php.ini help.

[Richard Lynch]

>i`ve coded a mass-mailer for my site but the $from header doesn't work.

It works for about a million others.  Show us source code.

>when i get a test message back from it it says from "Unprivileged user" =
>not what i set it to.

That sounds more like email bouncing...

But it could be your sendmail/qmail/exim/fredmail telling you that the User
(see httpd.conf) that PHP runs as (see ) doesn't have
permission to "forge" email from some other address.

In which case your PHP syntax is fine, but your mail-sending MTA thingie is
not configured correctly.

>How would i set it out using the syntax:
>
>$to #
>$from #
>$subject #
>$message #
#>mail($to, $from, $subject, $message)

$success = mail($to, $subject, $message, "From: $from\r\nReply-to:
$from\r\n");
if (!$success){
  print("Failed to send email to $to with subject $subject\n");
}

>___=20
>
>Also, i was wondering how i could use my own PHP.INI config file on a =
>remote webserver which hosts my site.

Not usually, but most of the settings you have any right to change are
changeable in .htaccess

>And can i set .php to something else, like .he for example?

For example, create a file in your web directory, right next to your HTML
files, and name it ".htaccess"  (Yes, the "." is part of the name.)

Put this in it:

AddType application/x-httpd-php .he

Assuming your ISP used the *standard* mime-type (application/x-httpd-php)
all your .he files are now being handled by the PHP Module.

If your ISP didn't use the standard mime-type, you have to ask them what
they used.

If they don't understand the question (scary, but happened to me once) tell
them to do:

grep -i php httpd.conf

and send you the output.

Disclaimer:  The ISP in question may actually have simply mis-understood the
question the first time around, and didn't have to actually send me all the
output of the grep on the second go-around...

-- 
Like Music?  http://l-i-e.com/artists.htm


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: help help help!!!!!!pls........

[Richard Lynch]

>Re: help help help!!pls

First, use a valid subject.  Experts will simply hit "Delete" for such vague
subjects as "Help"

>I have multiple check boxes ...and I gave the single name to all check
>boxes.
>
>If I post to my php script I am not getting all the values as an
>array.I am getting only one value(last value).

Second, read the FAQ.

http://php.net/FAQ.php

Third, you are correct. :-)

PHP needs [] in order to automatically build the nifty array of values on
the PHP side.

JavaScript will not, no matter how hard you try (I tried *everything*) allow
you to force [] into the Name of an object.

Your choices are:
1. In JavaScript, refer to the objects by position, not name.
document.form1[1].checked or whatever

2. In HTML/JavaScript provide and ID=xxx attribute, and refer to objects by
ID.  Never tried it, don't even know what an ID is if it's not a name, and
can't promise it will work, but that's what somebody said *LAST* *WEEK* on
this list.

3. Don't use [] in HTML, and in PHP tear apart the $REQUEST_URI yourself, by
hand.  Wouldn't recommend this last one, but it would work.  Put  into your php script that accepts/process the POST, and you'll
see which variables have the checkbox names in them.  A little
http://php.net/explode and iteration, and you're done.


Please re-read the FAQ, though, as this question is addressed in there, so
it must be time for you to re-read it.

http://php.net/FAQ.php

-- 
Like Music?  http://l-i-e.com/artists.htm


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Figuring Out the Best Day in stats program

[Richard Lynch]

>I have been going fine in a Web Stats program until now.
>
>How can I figure out which day has had the most records(ie visitors)
>inserted?
>
>There is a time column which has unix timestamp of when the record was
>inserted.
>
>The best I can think of currently is:
>To use a while loop to repeatedly query the DB.
>then use an if statement to replace two variables(UNIX timestamp and number
>of visitors) if the value returned is higher.

Almost any time you do a while loop to repeatedly query the DB, you've done
something wrong. :-)

Either you are missing an SQL function that will do what you want, or you
just designed the db schema wrong and the application wrong in the first
place.

Fortunately, in this case, you're just missing an SQL function.

Dig through the manual of your database (you didn't say which one) in the
Date/Time functions section, and see if you can find one that will extract
the year and month from a timestamp.

You'll end up writing something not unlike this:

select count(*) as monthly_views
from visitors
group by extract('year', whattime), extract('month', whattime)
order by monthly_view desc
limit 1

The GROUP BY part is the "magic" -- It will do any "aggregate" function
(count, average, sum) broken down by whatever fields are listed.  In this
case, I broke it down by year & month.

If you wanted the most popular month over the last five years, it would be
something not unlike:

select count(*) as monthly_views
from visitors
where whattime + '@ 5 years' >= now()
group by extract('month', whattime)
order by monthly_view desc
limit 1

Disclaimers:
1. 'extract' is probably not the right function name.  You'll have to look
that up.
2. The "whattime + '@ 5 years'" works just nifty in PostgreSQL.  You have to
type more than that in MySQL, I think...  MySQL date arithmetic always gives
me a pain.

Always dig for a way to do it in SQL first.

-- 
Like Music?  http://l-i-e.com/artists.htm


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: phpBB Info

[Richard Lynch]

>I wanna be able to do some stuff, which involves getting data from my phpBB
>board.
>
>Member Count: (this section should autoupdate)

select count(*) from
some_table_whose_name_I_do_not_know_but_you_can_look_up_in_phpMyAdmin

>Number Of Forums: (this section should autoupdate)

select count(*) from
some_table_whose_name_I_do_not_know_but_you_can_look_up_in_phpMyAdmin

>Highest Post Count: (this section shouldauto  update((member) with (post
>count) posts))

select member.name, count(*) as score
from members, posts
where posts.member_id = members.member_id
group by posts.member_id, member_name
order by score desc
limit 1

>Most Replied to topic: (this section should auto update((topic) with (number
>of replys) replys))

This one I'd have to actually look at the phpBB schema to see how they did
their threading...

You'd have to pay me for this answer.  Sorry.

I'm willing to bet that if you do the first three for yourself, you can do
this last one with a minimal amount of effort.

Honestly, though, you really sound like that kid in school who walked in
without even trying to do his homework and said it was "too hard".

-- 
Like Music?  http://l-i-e.com/artists.htm


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: FTP commands

[Richard Lynch]

>
>Hi, i'm making a script, that logs some ftp characteristics, like resume 
>support and stuff...i try using ftp_site(), but it's not working
>
>I want to send a command like REST, but ftp_site() send the command like 
>this: SITE REST, with the SITE before the command...any way to do it?
>Thx :D

This is just a Wild Guess, since I haven't read the manual (did you?) but
I'm guessing that ftp_site() sends a command with "SITE" before it, but you
can use other functions to open up an FTP connection and send any old
command you like...

Just a guess, though.  I'd have to actually read the manual *for* you to
answer this one, and I'm not willing to do that.

http://php.net/ftp

-- 
Like Music?  http://l-i-e.com/artists.htm


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Help w/ sessionl variables plz!

[Richard Lynch]

>The following PHP script doesn't pass $course ("statistics") to the next 
>script.  Why?
>
>// file: "root/reg_users_2.php", updated: 07/06/02
>set_time_limit(300);
>session_start();
>session_register("course");
>$course="statistics";
>header ("location:estadisticas/contents.php");
>flush();
>exit;
>?>

Three problems.

1. You are missing a space after the : in your header("Location: ...");
2. Location should be capitalized.
3. You are sending Cookie headers (session_start) and Location header in the
same script, and that just won't work.

Don't do the Location.
Use a META tag, or re-design your application to just give them the contents
they want right there, not go off to some other page to give them the
contents.

-- 
Like Music?  http://l-i-e.com/artists.htm


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Help needed with hexdec();

[Richard Lynch]

>I have to convert a perl script to PHP trying to do so I get negative
>values from hexdec(), If I use (int)hexdec() the numbers aren't negative
>anymore, but they do not add up to what they should.

>From the manual:  http://php.net/hexdec
"The largest number that can be converted is 7fff or 2147483647 in
decimal."

I'm betting your numbers are bigger than that.

I wrote a less-limited hex2dec function years ago, and threw it up on Sklar,
or, uhhh, the *other* PHP code repository.  There were really only two, back
then... :-)

-- 
Like Music?  http://l-i-e.com/artists.htm


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] iptables logging

[James Drabb]

Hey group,

I have set up iptables based on the BLFS book.  I have a rule like:
# Log everything else:  What's Windows' latest exploitable
# vulnerability?
$IPTABLES -A INPUT -j LOG --log-prefix "FIREWALL:INPUT "
The output is going into /var/log/kern.log is there anyway I can
send it to a seperate file say /var/log/firewall.log?

Thanks,

Jim Drabb

-- 
James Drabb JR - Programmer Analyst - Orlando, FL - [EMAIL PROTECTED]
-

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP/MySQL and parameterized queries

[Henry]

Does MySQL support parameterized queries (e.g., "INSERT INTO table
(Col1,Col2) VALUES (?,?)"), and if so, is there a PHP function that allows
you to create and attach parameters to MySQL queries?

Thanks,
Henry



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] iptables logging

[James Drabb]

Opps, I sent to the wrong list : )

Sorry,

Jim Drabb

-- 
James Drabb JR - Programmer Analyst - Orlando, FL - [EMAIL PROTECTED]
-

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Error: Parse error: parse error, unexpected $ in...

[Shiloh Madsen]

Hi all. Im getting the above mentioned error: *Parse error*: parse 
error, unexpected $ in *c:\program files\apache 
group\apache\htdocs\login.php* on line *38* when I try to view the page 
I just created. As a forewarning, I am very new to PHP, so I may have 
done something stupid, and if it matters, I am also using windows, not 
*nix. Any help with this would be greatly appreciated.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Stored Procedures

[James Drabb]

On Sat, 06 Jul 2002 15:27:47 -0500
"Richard Lynch" <[EMAIL PROTECTED]> wrote:

> Do you have *ANY* idea how quickly:
> 
> "select * from MyTable" can be parsed and an execution plan selected?!
> 
> It's CHUMP CHANGE in time.
> 
> *ONLY* if your SQL is so incredibly complicated that you can't even
> understand it will the parse/compile time of SQL be a factor in
> performance.

It is "CHUMP CHANGE" when you make a tinie web site with 2 users.  Do the
math.  If you have a SQL statement that takes 250 milliseconds to parse
and create an execution plan, then 250 * 1,000,000 page request per week
(which is what the site I finished averages, the company I
work for has 110,000 employees) = ??? This is second grade math.

No matter how you look at it, 10 extra milliseconds here or there
adds up when you work on a big site.  The db's I work with are not
simple "select foo from bar" queries.  An enterprise db is usually pretty
complex.  My main reason for posting a reply was not to start a stupid
flame war with you.  It was from stopping you from filling the heads of
new programmers on this list with bunk.  Stored procedures are not junk!
I wonder why they are the most requested feature for MySQL?  Why would all
the Big DB's (Oracle, DB2, PostgreSQL, SQL Server, etc.) support them
if they had no benifit?  The biggest benifit is SPEED, the second is
the ability to encapsulate the underlying database structure.  A DBA can
change the db structure at will as long as the sproc returns the same
columns.


-- 
James Drabb JR - Programmer Analyst - Orlando, FL - [EMAIL PROTECTED]
-

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Error: Parse error: parse error, unexpected $ in...

[Jose Arce]

that error appears many times to me...you can show some code so we all can 
see what's wrong, but i've solved it adding a }, as i told you, manny times 
it has appear to me, and that's the way i've solved it :D

>From: Shiloh Madsen <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: [PHP] Error: Parse error: parse error, unexpected $ in...
>Date: Sat, 06 Jul 2002 20:03:35 -0500
>
>Hi all. Im getting the above mentioned error: *Parse error*: parse error, 
>unexpected $ in *c:\program files\apache group\apache\htdocs\login.php* on 
>line *38* when I try to view the page I just created. As a forewarning, I 
>am very new to PHP, so I may have done something stupid, and if it matters, 
>I am also using windows, not *nix. Any help with this would be greatly 
>appreciated.
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php




_
Únase al mayor servicio mundial de correo electrónico: 
http://www.hotmail.com/es


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] issue with script after php upgrade

[Jamie Novak]

Firstly, I apologize if this has already been asked in the past; I've
not been a regular reader of this list and I couldn't find mention of my
problem after a cursory search of the archives (which are a bit
overwhelming to search exhaustively)...

On one of my machines, I'm running PHP 4.1.2.  On another machine, I'm
running 4.2.1.  The script I'm having problems with runs fine under
4.1.2, but fails to work under 4.2.1.

What my script is doing is live file system browsing.  Over-simplified,
it reads a directory of files, then makes everything it finds active
links to be downloaded, or directories to be browsed. I pass everything
back to the script using $PHP_SELF, so there's no CGI or "forms"
involved in the transaction.  The URL after browsing down a directory,
and being parsed and returned to the browser, would look something like
this:

http://myserver/index.php?dir2=somedirectory

In 4.1.2, if I echo $dir2 at the beginning of the script just for
testing, it will echo the value of the variable without issue.  In
4.2.1, the variable never appears to get set at all, although it does
show up just the same in $QUERY_STRING under both versions of PHP, so I
know something is at least being passed back to the server.

Does this make sense how I explained it?  Can anybody tell me what's
changed between versions that would make the script (or, really, PHP)
ignore the value I'm passing back?  (I looked at the changelog, but
didn't really see anything that I understood to be related to the
problem I'm experiencing.)

TIA,
Jamie

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] HTTPS vs. HTTP ?

[Chris Shiflett]

Richard,

Honestly, I think you need to just buy on book on this. I think I 
explained things pretty clearly, and your confusion now seems to be 
based more on a lack of trusting my explanation more than anything. I 
can't imagine how you could still be this confused.

I will try to explain once more for the benefit of readers who may be 
wondering if anything you said is true.

Richard Lynch wrote:

>No, the *TRANSMISSION* is just as secure from snooping.  It's the
>*RECIPIENT* whom you trust, or not.  Maybe they've hijacked DNS records and
>are masquereding.  Maybe they just didn't pay the $200.  Maybe they paid
>$200 and are crooks.
>
>Do you really believe that for $200 (or $119, or $500) that they "proven"
>themselves trustworthy?
>

Now you've changed from "secure" to "secure from snooping." Notice the 
difference? It is significant. Like I said before, encrypting the 
transmission is useless by itself. To put it plainly:

encryption != security

What if you trust your friend who owns safeplace.org, and you want to do 
business with him? Maybe you visit his site and enter a credit card 
number somewhere. Thankfully, you notice that the lock icon is showing, 
and that he is using SSL. With this warped idea of SSL where encryption 
is all that counts, what if you find out that you're not really on 
safeplace.org? You're really at evilcriminal.org, and he has a virtual 
domain setup for safeplace.org. Also, he generated his own certificate 
for safeplace.org using his own CA (good thing there was not C&A process 
to undergo). So you have now sent the evil criminal your credit card 
number because you trusted his domain name. Good thing it's secure, right?

Hopefully it is clear that the trust in SSL relies on the trust of the 
certificate which relies on the trust of the root CA that issued that 
certificate. Trusting a domain name makes absolutely no sense.

>>>Yes, the basic model for the security of all eCommerce is:
>>>
>>>"You pay some large corporation $200, and they trust you."
>>>
>>>  
>>>
>>No, you pay some large corporation money, because the majority of 
>>browsers currently in use trust certificates issued by that corporation. 
>>They've had to undergo extensive C&A processes to ensure the integrity 
>>of their operation, and they've also had to shell out some big money to 
>>Microsoft and Netscape to have their root certificates installed and 
>>trusted into their browsers.
>>
>>
>
>And for the $200, they do a background check on everybody, or what?
>
>What's to stop a criminal from getting a $200 certificate?  Nothing.
>
>How do you *KNOW* that web-site isn't run by a criminal?  How do you know
>they aren't collecting credit-card numbers?  How do you *KNOW* they aren't
>storing them insecurely?
>
>Fact is:  All you *KNOW* is that they paid Thawte, Microsoft, or some other
>large corporation $200.  You don't know *anything* else about them.
>

This, I believe, is where your largest confusion lies. Read my first 
response to this again (quoted above). Did you read it? Read it again.

The C&A process is what someone like VeriSign undergoes, not the guy 
buying a certificate for evilcriminal.org.

>>The browser *should* issue a warning when the identity of the Web server 
>>it is about to communicate with cannot be guaranteed. You seem to be 
>>confused about where the trust lies. If I trust the Web site 
>>http://www.mybuddy.org/ (hypothetical best friend's Web site), does that 
>>mean I should trust any certificate that is issued to www.mybuddy.org? 
>>What if the certificate's root CA was a criminal's PC? Are you *sure* 
>>that's your friend's Web site that you are communicating with?
>>
>>
>
>If I *TRUST* mybuddy.org, the I *TRUST* them not to install a Certificate
>from a criminal's PC !!!
>
>I *TRUST* them not to have non-repudiated Certificates floating around out
>there.
>
>Conversely, if I don't know squat about mybuddy.org, all I know is they paid
>somebody else I don't trust $200.
>
>Maybe you just trust big corporations more than I do.  I dunno.
>
>All I know is, the "Trust Model" *IS*
>
>Somebody I don't trust pays somebody else I don't trust $200.  Period.
>
>Doesn't instill a lot of faith in the system for *ME*.  Might be enough for
>you to have Faith, but not me.
>

Alright, I'm starting to think you're trolling now. That might be funny 
on Slashdot, but it doesn't belong on this mailing list. I will clarify 
for those who need this information.

Here you are trusting a domain name again. That's a risky business, and 
luckily you didn't create a security model that anyone would implement 
on the Web. The same question arises yet again. How do you know that's 
the real mybuddy.org? Because it has a certificate from a CA that is not 
from a criminal's PC, right? How can you tell the difference between a 
CA from a criminal's PC and one from a place like VeriSign? Do you think 
it's just name recognition? Surely not. When you click past the warning 
that you seem to 

Re: [PHP] issue with script after php upgrade

[Jason Wong]

Jamie Novak said:

> On one of my machines, I'm running PHP 4.1.2.  On another machine, I'm
> running 4.2.1.  The script I'm having problems with runs fine under
> 4.1.2, but fails to work under 4.2.1.

> http://myserver/index.php?dir2=somedirectory

> In 4.1.2, if I echo $dir2 at the beginning of the script just for
> testing, it will echo the value of the variable without issue.  In
> 4.2.1, the variable never appears to get set at all, although it does
> show up just the same in $QUERY_STRING under both versions of PHP, so I
> know something is at least being passed back to the server.

php.ini > register_globals

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.com.hk



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I would like to ask about Photo Upload in mysql and reteive problem .

[Jason Wong]

Jimmy Lam said:

> I am a new bie here and I would like to know more about coding in
> upload photo file by client side and store in mysql database. also ,
> how can I show the photo in the HTML CODING embeded and get the
> image directly from the database ? thanks . could you mind provide
> some code to let me reference. ?? I am doing my project. I need this
> information in urgent. Please friendly give me advice here . thanks

Search archives for "upload mysql"

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.com.hk



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] issue with script after php upgrade

[Jamie Novak]

On 07/06, Jason Wong rearranged the electrons to read:
> php.ini > register_globals

Well, that was simple and stupid.  :/
Thank you for the prompt reply.  Obviously, that did the trick.

- Jamie

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Figuring Out the Best Day in stats program

[JJ Harrison]

Here is my code:



When I execute it I get this error:

Warning: Supplied argument is not a valid MySQL result resource in
C:\Inetpub\TecEco_PHP\stats_interface\summary.php on line 75
You have an error in your SQL syntax near ''year', time), extract('month',
time) order by monthly_view desc limit 1' at line 1

I don't know any advanced SQL so can't really debug it.

Could someone tell me what I am doing wrong please?


--
JJ Harrison
[EMAIL PROTECTED]
www.tececo.com


"Richard Lynch" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> >I have been going fine in a Web Stats program until now.
> >
> >How can I figure out which day has had the most records(ie visitors)
> >inserted?
> >
> >There is a time column which has unix timestamp of when the record was
> >inserted.
> >
> >The best I can think of currently is:
> >To use a while loop to repeatedly query the DB.
> >then use an if statement to replace two variables(UNIX timestamp and
number
> >of visitors) if the value returned is higher.
>
> Almost any time you do a while loop to repeatedly query the DB, you've
done
> something wrong. :-)
>
> Either you are missing an SQL function that will do what you want, or you
> just designed the db schema wrong and the application wrong in the first
> place.
>
> Fortunately, in this case, you're just missing an SQL function.
>
> Dig through the manual of your database (you didn't say which one) in the
> Date/Time functions section, and see if you can find one that will extract
> the year and month from a timestamp.
>
> You'll end up writing something not unlike this:
>
> select count(*) as monthly_views
> from visitors
> group by extract('year', whattime), extract('month', whattime)
> order by monthly_view desc
> limit 1
>
> The GROUP BY part is the "magic" -- It will do any "aggregate" function
> (count, average, sum) broken down by whatever fields are listed.  In this
> case, I broke it down by year & month.
>
> If you wanted the most popular month over the last five years, it would be
> something not unlike:
>
> select count(*) as monthly_views
> from visitors
> where whattime + '@ 5 years' >= now()
> group by extract('month', whattime)
> order by monthly_view desc
> limit 1
>
> Disclaimers:
> 1. 'extract' is probably not the right function name.  You'll have to look
> that up.
> 2. The "whattime + '@ 5 years'" works just nifty in PostgreSQL.  You have
to
> type more than that in MySQL, I think...  MySQL date arithmetic always
gives
> me a pain.
>
> Always dig for a way to do it in SQL first.
>
> --
> Like Music?  http://l-i-e.com/artists.htm
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] issue with script after php upgrade

[Alberto Serra]

ðÒÉ×ÅÔ!

Jamie Novak wrote:
> http://myserver/index.php?dir2=somedirectory
> 
> In 4.1.2, if I echo $dir2 at the beginning of the script just for
> testing, it will echo the value of the variable without issue.  In
> 4.2.1, the variable never appears to get set at all, although it does
> show up just the same in $QUERY_STRING under both versions of PHP, so I
> know something is at least being passed back to the server.
> 
> Does this make sense how I explained it?  Can anybody tell me what's
> changed between versions that would make the script (or, really, PHP)
> ignore the value I'm passing back?  (I looked at the changelog, but
> didn't really see anything that I understood to be related to the
> problem I'm experiencing.)
> 
> TIA,
> Jamie
> 

You did look for a leaf and missed the tree :)) Look for 
Register_globals in your php.ini file. It's *off* in the new versions 
and it should be so for security reasons. Just check the docs in the 
online manual and everything will be clear :))

ÐÏËÁ
áÌØÂÅÒÔÏ
ëÉÅ×


-- 


@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@

LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu?
lOrD i'M sHiNiNg...
YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is...


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] HTTPS vs. HTTP ?

[Alberto Serra]

ðÒÉ×ÅÔ!

Chris Shiflett wrote:
> Richard,
>> Do you really believe that for $200 (or $119, or $500) that they "proven"
>> themselves trustworthy?

LOL no, I don't. As a matter of fact crooks usually have more money in 
their pockets than honest people do, so it's highly possible that a 
crook will pay the money while the innocent will save his last cent :))

> Now you've changed from "secure" to "secure from snooping." Notice the 
> difference? It is significant. Like I said before, encrypting the 
> transmission is useless by itself. To put it plainly:
> 
> encryption != security
> 
> What if you trust your friend who owns safeplace.org, and you want to do 
> business with him? Maybe you visit his site and enter a credit card 
> number somewhere. Thankfully, you notice that the lock icon is showing, 
> and that he is using SSL. With this warped idea of SSL where encryption 
> is all that counts, what if you find out that you're not really on 
> safeplace.org? You're really at evilcriminal.org, and he has a virtual 
> domain setup for safeplace.org. Also, he generated his own certificate 
> for safeplace.org using his own CA (good thing there was not C&A process 
> to undergo). So you have now sent the evil criminal your credit card 
> number because you trusted his domain name. Good thing it's secure, right?

So, let's see if I got you right:

   1) SSL just says we our packets are difficult to open, that is,
  they are encrypted. Nothing more

   2) Our packets are difficult to open but they are totally open
  to Uncle Sam's control software, as the RSA thingy cannot
  shield them from "governmental inspection", which makes sense
  if you are writing software for an american citizen but
  it's pretty annoying if your customer is from somewhere else.

   3) A key is nothing more than a negotiation token, a mere building
  brick that is used to fire the process.

   4) the "trust" you buy is something like a fixed IP number, that is
  the guys in the major do certify that you *are* who you pretend
  to be.

   5) If the one I am pretending to be is a criminal, being trusted by
  Verisign (or whoever in their place) won't make any difference.
  Their "license" just means that you are really dealing with those
  you think you are dealing with and that they do bear legal
  responsibility for whatever will happen in the transaction.
  Again, legal action will eventually have different
  results depending on where the trusted company is based, since
  not all countries have the same normative set. But that has
  nothing to do with the SSL protocol in itself.

Now, there's a question regarding point 4). What if someone from 
www.goodguys.com
gets the certified key pair and hands it over to some crook outside the 
company? I hope this is not just as easy as it sounds (the key pairs 
will probably check something in the environment before starting to 
shout "YEAAAH!! IT'S MEEE!!!") but still...

As for point 2), please get me right. I have my own political opinions 
as anybody
else, but my concern here is a professional one, since my customers are 99%
not americans. Small-mid sized companies (including mine) usually do not 
give a
damn about having their messages read by american eyes (we are simply 
not worth the trouble of looking in our archives) but large companies 
and Govt. organizations are *much* less indifferent to the subject, and 
I guess it's understandable, they want their privacy to be for real.

ÐÏËÁ
áÌØÂÅÒÔÏ
ëÉÅ×

-- 


@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@

LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu?
lOrD i'M sHiNiNg...
YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is...


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Retrieving/Displaying hyperlinked images with PHP

[markbm]

I am trying to build a "product detail" page that pulls data from a MYSQL
database using PHP. The data for the page includes product images, which I
am trying to link to (i.e. from their location on the web server) instead of
loading the images into the database. However, I cannot find any sample code
that seems to work. Two questions:

1. Is this possible (i.e. to store the HYPERLINK to the image in the
database , and as the results are returned to the product detail screen, the
image file will be displayed)? OR RATHER do I need to store the physical
image file in the database location and query it that way?

2. The code sample below contains several lines that show a field populated
with text that I am returningthe line under the //Test comment is the
field that I'm trying to pull an image back for:

printf("REL_PLAN7: %s\n", mysql_result($result,0,"REL_PLAN7"));
printf("REL_PLAN8: %s\n", mysql_result($result,0,"REL_PLAN8"));
printf("REL_PLAN9: %s\n", mysql_result($result,0,"REL_PLAN9"));

//test
printf(mysql_result($result,0,FRONT_REND);

NOTE: "FRONT_REND" is the name of the database field, and it contains a full
web address, not relative.

Any help would be GREATLY appreciated. Thanks.

Mark




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] HTTPS vs. HTTP ?

[Richard Lynch]

>Honestly, I think you need to just buy on book on this. I think I 
>explained things pretty clearly, and your confusion now seems to be 
>based more on a lack of trusting my explanation more than anything. I 
>can't imagine how you could still be this confused.

What I can't imagine is how confused you must think I am -- Since I'm not AT
ALL confused.

>I will try to explain once more for the benefit of readers who may be 
>wondering if anything you said is true.

A great deal, nay all, of what I said was true.

Unfortunately, what you understood of it, was not true -- But that's not
what I typed.

>>No, the *TRANSMISSION* is just as secure from snooping.  It's the
>>*RECIPIENT* whom you trust, or not.  Maybe they've hijacked DNS records and
>>are masquereding.  Maybe they just didn't pay the $200.  Maybe they paid
>>$200 and are crooks.
>>
>>Do you really believe that for $200 (or $119, or $500) that they "proven"
>>themselves trustworthy?
>>
>
>Now you've changed from "secure" to "secure from snooping." Notice the 
>difference? It is significant. Like I said before, encrypting the 
>transmission is useless by itself. To put it plainly:

Notice how I first said *IN* *TRANSMISSION*.

Now, apparently, to *YOU* that wasn't sufficient to indicate:  "while the
packets are travelling from your browser to their destination".

When I first said "in transmission":

I did not mean "reaching the right destination"

I did not mean "the destination was worthy of trust"

I did not mean "reaching any destination at all"

I just meant "while the packets are travelling from your browser to their
destination" (whatever that destination might be).

Somehow, you read that as "Definitely reaching the intended party, and the
intended party being trusted"

Thus, I intentionally *ADDED* "secure from snooping" in my later post to
clarify what *I* mean when I say "in transmission".  I just mean "in
transmission".  Not reaching any particularly good nor bad end-point for
that transmission.

I think we both agree that any old certificate is secure from snooping,
right?

Now, since the only way I can see for it to be transmitted to the wrong
party at all would be for the evil-doer to hijack the domain name as well as
the SSL cert, I kinda figured it was a foregone conclusion the it was not
the "transmission" at issue -- It's the *DESTINATION* at risk.

Apparently I should have spelled that out from the beginning, since you
obviously misunderstood (and *still* misunderstand) my point.

>encryption != security

Obviously, since they aren't spelled the same way.

C&A SSL != security

either.

"More" secure than just encryption?  I suppose...  But not really enough
more to inspire any real confidence in a C&A Signed Certificate.

>What if you trust your friend who owns safeplace.org, and you want to do 
>business with him? Maybe you visit his site and enter a credit card 
>number somewhere. Thankfully, you notice that the lock icon is showing, 
>and that he is using SSL. With this warped idea of SSL where encryption 
>is all that counts, what if you find out that you're not really on 
>safeplace.org? You're really at evilcriminal.org, and he has a virtual 
>domain setup for safeplace.org. Also, he generated his own certificate 
>for safeplace.org using his own CA (good thing there was not C&A process 
>to undergo). So you have now sent the evil criminal your credit card 
>number because you trusted his domain name. Good thing it's secure, right?

What if evilcriminal.org *STOLE* the C&A signed certificate from
safeplace.org as well as hijacked their domain name?

What if evilcriminal.org set up safeplace.org and just *PAID* friggin'
Microsoft for a C&A signed certificate in the *FIRST* place.

Yes, a C&A signed certificate is nominally "better" than a non-signed one,
since you know that at some point, somebody paid somebody at least $119
(US), and that the certificate has the same domain name as the domain name
of the computer you are now surfing to.

You don't know it's the same computer, though, right?  It could easily be a
stolen Cert and hijacked domain.

For that matter, you don't know that a CRIMINAL purchased the C&A signed
Certificate in the first place.

I say again -- Do you *REALLY* believe that for $119, or even $500, that a
complete background check is run on the people running all those web-sites
with perfectly valid SSL Certificates that make the pretty lock icon close? 
I sure don't.

I consider a C&A Signed Certificate not significantly more reliable,
trustworthy, nor "safe" than an unsigned one.

I don't trust the signers.

I don't trust that the people on the other end are who they say they are.

I have a low trust factor all around.

>Hopefully it is clear that the trust in SSL relies on the trust of the 
>certificate which relies on the trust of the root CA that issued that 
>certificate. Trusting a domain name makes absolutely no sense.

Sigh.

I'll say it again:

I don't trust a domain name.

I have an *EQUAL* di

Re: [PHP] Re: FTP commands

[Jose Arce]

>From: "Richard Lynch" <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: [PHP] Re: FTP commands
>Date: Sat, 06 Jul 2002 17:02:20 -0500
>
> >
> >Hi, i'm making a script, that logs some ftp characteristics, like resume
> >support and stuff...i try using ftp_site(), but it's not working
> >
> >I want to send a command like REST, but ftp_site() send the command like
> >this: SITE REST, with the SITE before the command...any way to do it?
> >Thx :D
>
>This is just a Wild Guess, since I haven't read the manual (did you?) but
>I'm guessing that ftp_site() sends a command with "SITE" before it, but you
>can use other functions to open up an FTP connection and send any old
>command you like...
>
>Just a guess, though.  I'd have to actually read the manual *for* you to
>answer this one, and I'm not willing to do that.
>
>http://php.net/ftp
>
>--
>Like Music?  http://l-i-e.com/artists.htm
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php


_
Únase al mayor servicio mundial de correo electrónico: 
http://www.hotmail.com/es


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Thanks

[Alberto Serra]

ðÒÉ×ÅÔ!

Probably a stupid question. Is there anyway to force POSTing a form from
the refresh META?



IMHO that is NOT possible, but maybe I am wrong.

ÐÏËÁ
áÌØÂÅÒÔÏ
ëÉÅ×

-- 


@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@

LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu?
lOrD i'M sHiNiNg...
YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is...


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Posting with refresh META

[Alberto Serra]

ðÒÉ×ÅÔ!

Sorry, I forgot writing a intelligible subject on previous posting :( So 
I repeat.

Probably a stupid question. Is there anyway to force POSTing a form from
the refresh META?



IMHO that is NOT possible, but maybe I am wrong.

ÐÏËÁ
áÌØÂÅÒÔÏ
ëÉÅ×

-- 


@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@

LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu?
lOrD i'M sHiNiNg...
YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is...


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] HTTPS vs. HTTP ?

[Chris Shiflett]

Alberto Serra wrote:

> ðÒÉ×ÅÔ! 


I've always wondered what this is exactly. I'm going to assume it's a 
friendly greeting. :)

> Chris Shiflett wrote:
>
>> Richard,
>>
>>> Do you really believe that for $200 (or $119, or $500) that they 
>>> "proven"
>>> themselves trustworthy?
>>
>
> LOL no, I don't. As a matter of fact crooks usually have more money in 
> their pockets than honest people do, so it's highly possible that a 
> crook will pay the money while the innocent will save his last cent :)) 


Please watch the attribution here. I never posed that question (Do you 
really believe ...), as it is very misleading and would indicate that I 
have very little knowledge about PKI systems, which is not the case. I 
know that the purchase of a certificate from a trusted Certificate 
Authority is a very important part of the security that SSL provides, 
and I would not pose a rhetorical question in a weak attempt at 
trivializing this.

>> Now you've changed from "secure" to "secure from snooping." Notice 
>> the difference? It is significant. Like I said before, encrypting the 
>> transmission is useless by itself. To put it plainly:
>>
>> encryption != security
>>
>> What if you trust your friend who owns safeplace.org, and you want to 
>> do business with him? Maybe you visit his site and enter a credit 
>> card number somewhere. Thankfully, you notice that the lock icon is 
>> showing, and that he is using SSL. With this warped idea of SSL where 
>> encryption is all that counts, what if you find out that you're not 
>> really on safeplace.org? You're really at evilcriminal.org, and he 
>> has a virtual domain setup for safeplace.org. Also, he generated his 
>> own certificate for safeplace.org using his own CA (good thing there 
>> was not C&A process to undergo). So you have now sent the evil 
>> criminal your credit card number because you trusted his domain name. 
>> Good thing it's secure, right?
>
>
> So, let's see if I got you right:
>
>   1) SSL just says we our packets are difficult to open, that is,
>  they are encrypted. Nothing more 


NO! :)

That's what some other guy was trying to say. He is wrong.

SSL does much more than encrypt the communication. Part of my response 
was a bit satirical in a weak attempt at pointing out how ridiculous a 
notion this is. I guess it didn't help very much. :)

Note the use of the phrase, "With this warped idea of SSL where 
encryption is all that counts"

I apologize for adding to the confusion there. I was trying to point out 
how insecure this model would be if encryption were all that SSL 
provided and the only trust involved was the trust of a domain name.

>   2) Our packets are difficult to open but they are totally open
>  to Uncle Sam's control software, as the RSA thingy cannot
>  shield them from "governmental inspection", which makes sense
>  if you are writing software for an american citizen but
>  it's pretty annoying if your customer is from somewhere else.


No government, as far as I know, can break the public key cryptography 
currently being used by most SSL-enabled sites (using the strong 
security - 128 bit certificates). This includes the United States.

Now, SSL only encrypts your communication in transit, of course. I'm 
sure your local government could find a way to make the entity you are 
communicating with release the information in the communication to them. 
This is, of course, outside the scope of SSL.

>   3) A key is nothing more than a negotiation token, a mere building
>  brick that is used to fire the process.


A key, when spoken of as one entity, is a key pair. It contains both the 
public and private keys. The use of these in cryptography is called 
asymmetric cryptography. To understand asymmetric cryptography, it is 
helpful to first explain what symmetric cryptography is.

Symmetric cryptography is basically the use of a single key for the 
encryption and decryption. Most two-way encryption algorithms you are 
probably familiar with use this approach. For two people to effectively 
encrypt their communication with this approach, it is necessary for both 
parties to have the same key. To submit this key over the Internet would 
be a poor idea, because it could be intercepted, right? Ironically, most 
keys for use with symmetric cryptography are distributed over the 
Internet using asymmetric crptography. :) Others use some sort of 
physical transfer, like meeting each other on a dark street corner with 
a briefcase. :)

The problem with trying to use this type of approach to encrypt 
communication between a Web client and a Web server is pretty clear. If 
your customers can be anyone, then anyone must have access to the key. 
Thus, all of your customers would be able to decrypt communication from 
all of your other customers. Otherwise, if each client's communication 
was encrypted using a different key, you would have to have a separate 
key for each client, *plus* you would have to hav

Re: [PHP] HTTPS vs. HTTP ? - the weakest link

[B.C. Lance]

sorry to barge in. but the weakest link ain't in ssl. doesn't really 
matter how secure vs insecure it is. you can come up with the most 
secure technology in the whole world that no one can break into. the 
weakest link lies on the user/customer themselves.

you just need a trojan horse in their computer and there goes the 
neighbourhood. they can by all means send their credit card information 
over to amazon.com. but this piece of information will still be open to 
the person who plant the horse in the machine.

so i suppose the debate over here should really be: is ecommerce safe?
and not: http vs https


just my 2 cents
b.c. lance


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Thanks

[B.C. Lance]

not from meta refresh. but javascript could do that. set a timeout that 
will fire the submit event after 2 seconds. that will work.

b.c. lance

Alberto Serra wrote:
> ðÒÉ×ÅÔ!
> 
> Probably a stupid question. Is there anyway to force POSTing a form from
> the refresh META?
> 
> 
> 
> IMHO that is NOT possible, but maybe I am wrong.
> 
> ÐÏËÁ
> áÌØÂÅÒÔÏ
> ëÉÅ×
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Привет!

[Alberto Serra]

ðÒÉ×ÅÔ!

I detach this from current thread as it has nothing to do with it :)

now:
   ðÒÉ×ÅÔ! means "hello" (pronounce "preevjet", accent goes on je)
   ÐÏËÁmeans "bye"   (pronounce "paka" accent on last a)

The rest is just my name (Alberto, I am italian as of original 
nationality) and the name of the place I am, that is, Kiev, the capital 
of Ukraine :)

I got SOOO annoyed by charset trouble in the last week that I decided to 
do something to enhance people's consciousness on the matter, by mixing 
alphabeths and languages in all of my mails.

Yes, it IS a pointless effort made by a powerless dwarf. :)

ðÏËÁ
áÌØÂÅÒÔÏ
ëÉÅ×

-- 


@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@

LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu?
lOrD i'M sHiNiNg...
YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is...


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] HTTPS vs. HTTP ?

[Chris Shiflett]

I just explained this all in great detail, so please read that. I don't 
just think you are confused; I am positive you are.

However, I did notice that you are the same person who gives many good 
answers to other peoples' questions. This giving of your time to be 
helpful is commendable, and I apologize for mistaking you for a troll. I 
just honestly don't understand the confusion.

I'll only correct a couple of points that you seem to keep bringing up 
that are incorrect. I believe these might be the root of all confusion.

Richard Lynch wrote:

>Work with me here, okay?
>
>I steal his SSL certificate.
>I steal his domain name.
>I put them on my own web-server.
>
>When/how do the C&A people catch this?
>

In public key cryptography, it is the *keys*, not the digital 
certificate that encrypt/decrypt the communication.

In your example above, how do you propose stealing "his" private key? It 
is in his Web server, right? You have his digital certificate, but that 
only guarantees that his pulic key is associated with his domain name. 
Even if you can "steal" his domain name and somehow get traffic going to 
you, you can't decrypt the communication without the private key. This 
is why I tried to explain the necessity of generating the request for a 
digital certificate from the Web server that it will be installed on. If 
you steal his entire server as well and he doesn't report it to the CA 
that issued his certificate, he may as well let you run your rogue site 
off of his server; it's the same difference.

Think of it this way. Let's use https://www.amazon.com/ as an example. 
Do you trust doing business with them? I sure do; at least I trust 100% 
that my HTTP requests are going to get to the www.amazon.com server 
safely. If someone stole their SSL certificate:

1. They wouldn't be able to install it on any other Web server anyway 
(your item 3 above is invalid)
2. It only guarantees that Amazon's public key really belongs to 
www.amazon.com - we knew that already

So, you've done nothing.

Now, on to "stealing" their domain name. All of a sudden, Amazon is 
getting no traffic. Think they won't notice? Think it matters since the 
HTTP requests you'll be receiving can't be decrypted by you anyway?

>If I *really* trust the person who owns a domain name, they are going to
>take care of any hijack/theft just as quickly with an unsigned cert as they
>are with a signed cert.  I don't trust the C&A people to facilitate that
>process any faster or better than somebody I actually *DO* trust in the
>first place -- The person I personally know who owns that domain name who is
>going to make damn sure they catch and rectify any hijacking with or without
>a signed Cert as fast as possible.  I trust that person because I know them,
>not the C&A people I don't know personally, and who have *PROVEN* themselves
>untrustworthy.  I trust people, not corporations, not technology, and
>*CERTAINLY* not the C&A Signers.
>

This is the other major misunderstanding. How is your friend supposed to 
"take care of any hijack/theft" exactly? If someone "hijacks" all of his 
traffic, sure, he might notice a lack of traffic. However, what if only 
a small audience is targetted? A few people mistakenly go to the wrong 
www.friend.org site and do business. If there was no SSL warning letting 
them know that something was wrong, they would happily do business.

Your friend may be the best Web surfer in the world, but I doubt he can 
keep up with every Web site on the Web at all times to make sure that no 
one else is impersonating him. He has to rely on the technology, and 
that technology is SSL.

That's all for me. I'm going to start charging you for more information 
about SSL. :) I still strongly suggest you read a book. I even suggested 
a single 50 page chapter that will probably clarify everything for you. 
You seem to think you have a grasp about what is going on, but I can 
assure you that you don't.

I don't know how much clearer I can get. I've got other work to do.

Cheers.

Chris


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Thanks

[Alberto Serra]

B.C. Lance wrote:
> not from meta refresh. but javascript could do that. set a timeout that 
> will fire the submit event after 2 seconds. that will work.
> 
> b.c. lance
> 

ðÒÉ×ÅÔ!

I already have that and it works fine. The problem is when jscript is 
not working (or missing). I was trying to build up some panic tree in 
case jscript fails.

ÐÏËÁ
áÌØÂÅÒÔÏ
ëÉÅ×




-- 


@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@

LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu?
lOrD i'M sHiNiNg...
YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is...


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Thanks

[B.C. Lance]

you might wanna fire that javascript using onload from the body tag. 
that kinda assure the page is loaded successfully before the event takes 
off.

Alberto Serra wrote:
> I already have that and it works fine. The problem is when jscript is 
> not working (or missing). I was trying to build up some panic tree in 
> case jscript fails.
> 
> ÐÏËÁ
> áÌØÂÅÒÔÏ
> ëÉÅ×
> 
> 
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Thanks

[Alberto Serra]

B.C. Lance wrote:
> you might wanna fire that javascript using onload from the body tag. 
> that kinda assure the page is loaded successfully before the event takes 
> off.

ðÒÉ×ÅÔ!

It is there already. My problem is to do it something that will save my 
*ss in case jscript is *NOT* there. So it must be a no thrills HTML 
solution that will run anyway, no matter how poor in resources the 
browser is.

ÐÏËÁ
áÌØÂÅÒÔÏ
ëÉÅ×


-- 


@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@

LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu?
lOrD i'M sHiNiNg...
YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is...


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Thanks

[B.C. Lance]

hm... how about sticking couple of iframes that will load the piece of 
javascript and have each of the javascript in the iframe firing at 
different time? i suppose at least 1 copy of javascript will be there to 
do the intended work.

Alberto Serra wrote:
> It is there already. My problem is to do it something that will save my 
> *ss in case jscript is *NOT* there. So it must be a no thrills HTML 
> solution that will run anyway, no matter how poor in resources the 
> browser is.
> 
> ÐÏËÁ
> áÌØÂÅÒÔÏ
> ëÉÅ×
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Having more problems

[Shiloh Madsen]

The newbie is still having troubles heh. Maybe some kind soul can tell 
me what im doing wrong this time. This is the code for a page I am 
working on. When I try to bring up the page in a browser, I just get a 
white page, instead of having the HTML display. Anyone able to tell me why?







   Login Page

Unable to connect to the database server at this time.";
   exit();
} else {
mysql_select_db("GameDB",$LoginDB);
if (! @mysql_select_db("GameDB") )
   print "Unable to locate the Game Database.";
   exit();
}
?>

   body { color: white; background: black; }

"


   
   Login: 
   Password: 
   
   









-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Thanks -> Actually POSTING without javascript

[Alberto Serra]

ðÒÉ×ÅÔ!

B.C. Lance wrote:
> hm... how about sticking couple of iframes that will load the piece of 
> javascript and have each of the javascript in the iframe firing at 
> different time? i suppose at least 1 copy of javascript will be there to 
> do the intended work.

I realize I was being obscure :) BTW, the solution was obvious, I'll 
better explain what I am doing.

This is a "loader" utility that is put instead of the index.php script 
to configure a session by understanding what kind of client is calling, 
so it's very generical software that is shared among many a project.

In short, what index.php does is:
1) accept command line parameters (and the docs referrer) that are 
received and stock them somewhere for later use
2) sets a test cookie
3) generate a page that shows "loading..."

javascript in this page verifies user configuration (screen, java 
enabled, platform etc) and stuffs this data into a hidden form then 
sends it back to index.html where data will be used to understand 
whether we can rely on jscript and cookies within this session.

*The problem was here*. What if this second step fails? easy, I just 
leave the META as is and stock previous data on a session during the 
first execution of index.php

At this point index.php knows all it needs to fill in cionfiguration 
data and it just includes the real home page. From now on we will be 
able to tailor channelling (that is, cookies or not, jscript or not) 
without reasonable doubts. Yes, the user *may* change it's configuration 
during the session, but this is very low percentage of cases and we can 
live with it.

Well, that's the most general part of it. But at least it's clearer.

ÐÏËÁ
áÌØÂÅÒÔÏ
ëÉÅ×



-- 


@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@

LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu?
lOrD i'M sHiNiNg...
YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is...


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Having more problems

[Alberto Serra]

ðÒÉ×ÅÔ!

Shiloh Madsen wrote:
> 

> $LoginDB=@mysql_connect($dbhost, $dbuser, $dbpass);
> if (! $LoginDB) {
>   print "Unable to connect to the database server at this time.";
>   exit();
> } else {

This can be just:

$LoginDB=@mysql_connect($dbhost, $dbuser, $dbpass) or die('Unable to 
connect to the database server at this time.')


>  }
> ?>

Sorry, what exactly are you trying to do here?

As for a general advice:
   1) use libraries. Make yourself a public dibconnect funcion. Chances
  are your user/password will differ depending on where the code gets
  executed (production or development) You don't want to go thru
  hundreds of scripts the recode that, right?
   2) Look for a very old PD class called FastTemplate. I know people
  will object that it adds to general execution and lowers
  performance, but that will allow you to keep your HTML code
  well separated by your scripting. And it does help, especially
  when you are not sure about what you are doing.

ÐÏËÁ
áÌØÂÅÒÔÏ
ëÉÅ×


-- 


@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@

LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu?
lOrD i'M sHiNiNg...
YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is...


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Linked drop down selection lists and dynamically generated links

[Peter Goggin]

I have two related tables. The first has about 12 records, each of which is
related to about 12 records in the second table.  I want to have two
interconnectedt dropdown list fields. The fisrt is used to select from the
first table and when the value has been selected, use it to determine the
contents of the second drop down list.  Once the second field has been
selected I want to use this data to otain the name of the form to be used to
display data selected using the two fields.

Obviously I can do this by having interrelated pages where the value from
the first fields is carried to the second page and used to populate the
second drop down list. I can then presumably dynamically generate the link
to the required page and pass over what paraeters are needed.

Is there any way of doing this so within a single page?

Can this be done using only PHP or do I need to use Javascripts?
Where would I be able to find examples of code which does this sort of
processing?

Any adivice would be gratefully received.
Regards


Peter Goggin

Regards

Peter Goggin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Mailing all the elements of a form

[Jeremy Bowen]

Hey,

I have looked in PHP manual but I cannot seem to find what I am looking for.

I have a very large form that I need to be able to mail. I just don't want
to have to code all of the field into my mail() function.

Thanks,

Jeremy


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Thanks -> Actually POSTING without javascript

[B.C. Lance]

yes. now its clearer. hm... but i can't think of submitted the 
information if javascript is off on the client browser. unless you stick 
in a button telling the user to hit it if the page do not bring him to 
another after a specific timing. a button probably don't look 
presentable. use an image as the input type. that will probably brighten 
up the page.

in short, what i mean is let the user do the submit if javascript fails.

an image of brintney spear and a text on it telling the user to click on 
  sounds appealing to you? ;)

b.c. lance

Alberto Serra wrote:
> ðÒÉ×ÅÔ!
> 
> *The problem was here*. What if this second step fails? easy, I just 
> leave the META as is and stock previous data on a session during the 
> first execution of index.php
> 
> At this point index.php knows all it needs to fill in cionfiguration 
> data and it just includes the real home page. From now on we will be 
> able to tailor channelling (that is, cookies or not, jscript or not) 
> without reasonable doubts. Yes, the user *may* change it's configuration 
> during the session, but this is very low percentage of cases and we can 
> live with it.
> 
> Well, that's the most general part of it. But at least it's clearer.
> 
> ÐÏËÁ
> áÌØÂÅÒÔÏ
> ëÉÅ×
> 
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Linked drop down selection lists and dynamically generatedlinks

[Alberto Serra]

ðÒÉ×ÅÔ!

Peter Goggin wrote:
> Can this be done using only PHP or do I need to use Javascripts?

managing this in PHP should be considered *only* when jscript is not 
available. It's a matter of load distribution.

When doing client server applications (like the web is) you shall always 
remember that any interaction about the two entities adds up time to the 
result. Which, incidentally, is the point in using Stored Procedures 
(when they are properly coded and the db engine is capable of supporting 
them) instead of making tons of single SQL calls from a single PHP script.

Now, if all of your data is already on the client (somehow stoked in 
jscript variables) your user interaction will be quick and easy. If you 
call PHP any time you will get a serious delay (because you do issue a 
request along the net, then the server processes it and sends it back to 
your browser, that again processes it and shows it). So this should be 
considered an emergency solution only.

A 100% robust solution should contain both, and call PHP only if jscript 
is not available on the client. But this is costly and requires the two 
procedures to be realigned everytime you have some change going on. Most 
applications can just use javascript and forget about it.

ÐÏËÁ
áÌØÂÅÒÔÏ
ëÉÅ×


-- 


@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@

LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu?
lOrD i'M sHiNiNg...
YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is...


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Linked drop down selection lists and dynamically generated links

[César Aracena]

As Alberto says, PHP has to be used to do such thing ONLY when Java is
not acceptable. There are many JavaScript snippets out there that do
such things. Most of them are called *DOUBLE COMBO* but as I recently
found out in this list, and from a similar question I had, is NOT so
simple for PHP to figure out what was chosen in the second choice. Try
to read post made the last month and you'll get the answer to all this.

C.

> -Original Message-
> From: Alberto Serra [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, July 07, 2002 2:44 AM
> Cc: [EMAIL PROTECTED]
> Subject: Re: [PHP] Linked drop down selection lists and dynamically
> generated links
> 
> §±§â§Ú§Ó§Ö§ä!
> 
> Peter Goggin wrote:
> > Can this be done using only PHP or do I need to use Javascripts?
> 
> managing this in PHP should be considered *only* when jscript is not
> available. It's a matter of load distribution.
> 
> When doing client server applications (like the web is) you shall
always
> remember that any interaction about the two entities adds up time to
the
> result. Which, incidentally, is the point in using Stored Procedures
> (when they are properly coded and the db engine is capable of
supporting
> them) instead of making tons of single SQL calls from a single PHP
script.
> 
> Now, if all of your data is already on the client (somehow stoked in
> jscript variables) your user interaction will be quick and easy. If
you
> call PHP any time you will get a serious delay (because you do issue a
> request along the net, then the server processes it and sends it back
to
> your browser, that again processes it and shows it). So this should be
> considered an emergency solution only.
> 
> A 100% robust solution should contain both, and call PHP only if
jscript
> is not available on the client. But this is costly and requires the
two
> procedures to be realigned everytime you have some change going on.
Most
> applications can just use javascript and forget about it.
> 
> §á§à§Ü§Ñ
> §¡§Ý§î§Ò§Ö§â§ä§à
> §¬§Ú§Ö§Ó
> 
> 
> --
> 
> 
> @-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@
> 
> LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu?
> lOrD i'M sHiNiNg...
> YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE
> tHe TeSt, YeS iT iS
> ThE tEsT, yEs It Is
> tHe TeSt, YeS iT iS
> ThE tEsT, yEs It Is...
> 
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Mailing all the elements of a form

[B.C. Lance]

you could loop through $_POST (assuming you are using a post action) to 
extract the value out.

e.g.

$arr = array_keys($_POST);
for ($i = 0; $i < count($arr); $i++) {
   $msg.= "{$arr[$i]}: {$_POST[$arr[$i]]}\r\n";
}
echo $msg;

b.c. lance

Jeremy Bowen wrote:
> Hey,
> 
> I have looked in PHP manual but I cannot seem to find what I am looking for.
> 
> I have a very large form that I need to be able to mail. I just don't want
> to have to code all of the field into my mail() function.
> 
> Thanks,
> 
> Jeremy
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Thanks -> Actually POSTING without javascript

[Alberto Serra]

ðÒÉ×ÅÔ!


> an image of brintney spear and a text on it telling the user to click on 
>  sounds appealing to you? ;)

LOLOL yes, something like that :) when the second execution fails (that 
is, the refresh META sends back no data on the POST channel) we show the 
user a form with the local logo, where he just says what the dimensions 
of his screen are and we assume that javascript is not present within 
the sesion :)) The problem was just in not losing the referer and the 
passed link while doing all this snake-like contorsions :)

ÐÏËÁ
áÌØÂÅÒÔÏ
ëÉÅ×



-- 


@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@

LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu?
lOrD i'M sHiNiNg...
YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is...


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Mailing all the elements of a form

[César Aracena]

I suppose this is not the answer you are looking for, but it's the only
one a newbie like me knows. Try to build a $body variable and pass it to
the mail() function. Try this:

$from = $sender_field;

$subject = $subject_field;

$body = $form_field1;
$body .= $form_field2;
$body .= $form_field3;
$body .= $form_field4;
$body .= $form_field5;
$body .= $form_field6;

$headers = // extra headers IF any

and then do mail($from, $subject, $body, $headers);

You could do a very much smaller script simply by creating an array of
the form objects. Just name them like this:



After the information is passed to PHP, just make a loop which will make
an array of the form fields that are NOT null.

Hope this helps,

C.

> -Original Message-
> From: Jeremy Bowen [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, July 07, 2002 2:28 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] Mailing all the elements of a form
> 
> Hey,
> 
> I have looked in PHP manual but I cannot seem to find what I am
looking
> for.
> 
> I have a very large form that I need to be able to mail. I just don't
want
> to have to code all of the field into my mail() function.
> 
> Thanks,
> 
> Jeremy
> 
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] preg_match or not?

[Steve Fitzgerald]

I have been struggling for a couple of hours now trying to write a
preg_match expression to validate a dollar amount - the user may or may
not put in the decimals so I want to allow only digits plus a possible
period followed by two more digits. My eyes are now swimming and I just
can't seem to get right. This is what I have at the moment:

if (!preg_match("/[\d]+([\.]{1}[\d]{2})?/", $form_data[amount])) //
wrong amount

but it still allows invalid input. Can anyone help or is there a better
way to do it?

Thanks
Steve

Re: [PHP] Mailing all the elements of a form

[Alberto Serra]

Jeremy Bowen wrote:
> Hey,
> 
> I have looked in PHP manual but I cannot seem to find what I am looking for.
> 
> I have a very large form that I need to be able to mail. I just don't want
> to have to code all of the field into my mail() function.
> 
> Thanks,
> 
> Jeremy
> 
> 

ðÒÉ×ÅÔ!

*IF* the form is only to be mailed, and no other action shall be taken 
on the data it contains, you can use CGI processing instead of calling 
PHP. Can't remember the name of the call now, but there is something 
like that on every site.

*IF* you also want to process data *AND* mail it, you will have to to 
build the $body mail function or do some tricky things to have a second 
copy of your form built in a self-closing entity (DHTML can do that) 
which will perform the CGI action while your PHP script takes care of 
processing the original form.

Usually is much quicker to code the mail body. It depends on the context 
you are in.

ÐÏËÁ
áÌØÂÅÒÔÏ

-- 


@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@

LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu?
lOrD i'M sHiNiNg...
YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is...


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Linked drop down selection lists and dynamically generated links

[Naintara Jain]

You can use both JavaScript and PHP.
Initially use PHP to get your data, you can use 13 arrays to store this
data.
1st array stores the options for the 1st list.
The other 12 arrays can store options related to each item of the 1st
list/array.

Use JavaScript (client-side scripting, faster) to populate the 2nd list
based on the selection in the 1st list.
This way you do not run PHP (server-side scripting, slower) more than once
on the same page.

this is of course, keeping in mind, that your backend (database data) is not
changing every few seconds. If you are dealing with dynamic data, such that
the list options might be changing at every moment then you would need the
latest database data and PHP would need to be used after the selection in
the 1st list.

-Naintara


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
t]On Behalf Of Peter Goggin
Sent: Saturday, July 06, 2002 10:31 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Linked drop down selection lists and dynamically
generated links


I have two related tables. The first has about 12 records, each of which is
related to about 12 records in the second table.  I want to have two
interconnectedt dropdown list fields. The fisrt is used to select from the
first table and when the value has been selected, use it to determine the
contents of the second drop down list.  Once the second field has been
selected I want to use this data to otain the name of the form to be used to
display data selected using the two fields.

Obviously I can do this by having interrelated pages where the value from
the first fields is carried to the second page and used to populate the
second drop down list. I can then presumably dynamically generate the link
to the required page and pass over what paraeters are needed.

Is there any way of doing this so within a single page?

Can this be done using only PHP or do I need to use Javascripts?
Where would I be able to find examples of code which does this sort of
processing?

Any adivice would be gratefully received.
Regards


Peter Goggin

Regards

Peter Goggin


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Linked drop down selection lists and dynamically generatedlinks

[Alberto Serra]

Naintara Jain wrote:
> this is of course, keeping in mind, that your backend (database data) is not
> changing every few seconds. If you are dealing with dynamic data, such that
> the list options might be changing at every moment then you would need the
> latest database data and PHP would need to be used after the selection in
> the 1st list.

ðÒÉ×ÅÔ!

True! If you have dynamic stuff you might consider having an invisible 
entity on your page that gets refreshed at constant intervals with a 
server call and contains a flag result. Any time the flag is set 
user-interaction will fire the PHP refresh, while you will still be 
using javascript when possible.

This will save you a lot of user complaints. People hate to wait for a 
second. It's maaad world :)

This road leaves a potential inconsistency problem that you shall solve 
on the final PHP call: user might send in the data before the flag is 
set. In that case you shall refresh the data and ask the user to repeat 
input. It's called an "optimistic strategy" :)

Actually, whether you can use it or not depends on the update frequency 
of your dynamic data. Plus some tailoring on the intervals (you don't 
want to kill your server by sending it millions of "check-the-content" 
requests). Decision is based on the number of users and the update 
frequency.

ÐÏËÁ
áÌØÂÅÒÔÏ


-- 


@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@

LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu?
lOrD i'M sHiNiNg...
YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is...


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: preg_match or not?

[CC Zona]

In article <[EMAIL PROTECTED]>,
 [EMAIL PROTECTED] (Steve Fitzgerald) wrote:

> I have been struggling for a couple of hours now trying to write a
> preg_match expression to validate a dollar amount - the user may or may
> not put in the decimals so I want to allow only digits plus a possible
> period followed by two more digits. My eyes are now swimming and I just
> can't seem to get right. This is what I have at the moment:
> 
> if (!preg_match("/[\d]+([\.]{1}[\d]{2})?/", $form_data[amount])) //
> wrong amount
> 
> but it still allows invalid input. Can anyone help or is there a better
> way to do it?

It sounds like you need an exact match; note that your regex is matching 
against substrings, thus additional invalid characters are allowed to pass. 
Anchor the pattern, so that it essentially says "From beginning to end, the 
only chars allowed are one or more digits, optionally followed by the 
combination of a period then two more digits."  (The "^" and "$" special 
chars are anchors.)

A regex special character loses it "specialness" when it's either escaped 
with a backslash, or included within a square-bracketed character class; 
you don't need to do both.

The {1} is implied; you don't need it.

if (preg_match("/^\d+(\.\d{2})?$/", $form_data[amount]))
   {echo "Validated!";}
else
  {exit("That's not a dollar amount.");}

-- 
CC

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php