date:20041030

--- Steve Douville [EMAIL PROTECTED] wrote:
 I'm trying to write something to run as a cron job that will
 perform an sftp command and then run a batch file. I was trying
 to use:
 
 system(sftp [EMAIL PROTECTED])
 
 But that stalls and waits for a password before continuing with
 the script. Any ideas on how to pass the password when it's
 prompted?

Yes, you have to use a language like Expect.

If you want to stick with PHP, you're better off using an ssh key, so that
you're not prompted for the password.

Hope that helps.

Chris

=
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming December 2004http://httphandbook.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP in CGI ....php.in

2004-10-30 Thread Christian Ista


 #!/usr/bin/php -c /path/to/php.ini

I tried this

#!/usr/local/lib/php -c php.ini

In the php.ini :
register_globals = on

but that's not work

Any idea ?

Christian, 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Session and validation

2004-10-30 Thread Jason Barnett

Maybe that is my problem , that session variables will
get blown away when the validations are run in the
same page.  Shouldn't be right ?
A session variable will last the lifetime of the session... it's a php.ini 
setting.  Session variables should remain in the session store until it is 
collected by the garbage collector.

Let me ask though if I setup just a validation page,
then on success I'm still doing a redirect (cause it's
a multi page form)
Not sure what the question was here?
Or if I validate on the next page and there is an
error, I redirect back, but then I also have to
consider how the error is going to get printed on the
first page. 
You can store an error message in a session variable.  On the first page do your 
error output like you normally would, just check this session variable to see if 
there's an error.

In addition to this, you can put some javascript on the first page to validate 
on the client's side.  You shouldn't rely on this, but it can cut down on trips 
to the server with bad input.

Anyone ?
Stuart
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session and validation

--- Stuart Felenstein [EMAIL PROTECTED] wrote:
 I had this thread going yesterday. Then basically
 think it reached a stalemate.

I think you need to try to simplify your code to the most basic example
that demonstrates the problem. By doing this, you'll achieve one of two
things:

1. Figure out the problem yourself.
2. Generate a perfect example that we can use to better understand your
problem and suggest a solution.

 I'm wondering has anyone setup forms using session variables
 and validation.

Yes, this is very, very common. :-)

 Validation where the validating is done on the same page, and
 the redirected on success?

This is also very, very common.

 Let me ask though if I setup just a validation page,
 then on success I'm still doing a redirect (cause it's
 a multi page form)
 
 Or if I validate on the next page and there is an
 error, I redirect back, but then I also have to
 consider how the error is going to get printed on the
 first page.

How you design this is subjective, but my opinion is that redirects are
only handy when you want to avoid the user's browser asking whether to
resubmit a POST request when they're using the history mechanism, as I
describe here:

http://www.phpmag.net/itr/online_artikel/psecom,id,637,nodeid,114.html

Aside from that case (which is your case if you're using the POST method),
I prefer to include the appropriate module rather than redirecting the
user. It seems silly for them to request a resource only to be told to go
somewhere else to find it. If we know where it is, why not just return it?
That's the basis of my opinion. :-)

Hope that helps.

Chris

=
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming January 2004 http://httphandbook.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Re: Bug-Tracking-System in PHP ?

2004-10-30 Thread Reinhart Viane

Hmmm
No email support??

When a bug is posted, updated, a bug note is added, etc everyone who
subscribed to this 'topic' will receive a email on it
We use it in our firm and it works like a charm :)

-Original Message-
From: Michelle Konzack [mailto:[EMAIL PROTECTED] 
Sent: vrijdag 29 oktober 2004 16:51
To: [EMAIL PROTECTED]
Subject: [PHP] Re: Bug-Tracking-System in PHP ?


Am 2004-10-29 09:48:32, schrieb Reinhart Viane:
 Dunno if this is ok:
 http://www.mantisbt.org/

Nice features and 1.0 support postgresql
(can not use MySQL because some tools conflicts with postgresql)

Unfortunatly no E-Mail support...
:-(

Greetings
Michelle

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/ 
Michelle Konzack   Apt. 917  ICQ #328449886
   50, rue de Soultz MSM LinuxMichi
0033/3/8845235667100 Strasbourg/France   IRC #Debian (irc.icq.com)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] standard ini settings

2004-10-30 Thread Reinhart Viane

Can someone point me out the best ini settings?
Which are nowadays used as standards when scripts are writte?
 
I wanna make sure the codes i (try to) write meet this standards
 
Thx
 
  _  

Reinhart Viane 
 mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] 
Domos || D-Studio 
Graaf Van Egmontstraat 15/3 -- B 2800 Mechelen -- tel +32 15 44 89 01 --
fax +32 15 43 25 26 


STRICTLY PERSONAL AND CONFIDENTIAL 
This message may contain confidential and proprietary material for the
sole use of the intended 
recipient.  Any review or distribution by others is strictly prohibited.
If you are not the intended 
recipient please contact the sender and delete all copies.

[PHP] image files - upload and managment

2004-10-30 Thread Jaskirat Singh

Hi People,

I am writing a web app on LAMP.
The app is sort of yellow pages where people can login and post
advertisments with pictures.

App needs to allow users to upload pictures. (jpg and gif),
needs to create thumbnails of those pictures
and to store thumbnails and full pictures.

App needs to manage all those files - can be as much as 20K plus
images.

I think image file size, file type and image dimensions restrictions
should be easy to handle by using $_FILES array and  getimagesize
function.

The issues that I am thinking of and need suggestions about are

1) Storage and retrieval -  File system sounds like a better choice
over database. We are talking about 20 thousand plus pictures.

2) Thumbnails - Should I create those once and save it in a file when
the image is uploaded for the first time. Looks like a faster option
than creating them every time on the fly.

3) Security issues - I believe I must have a world writable 666
permissions directory to keep images as users of the web app are
uploading them. Does that create any security holes in my application?

4) Any thing else related to image uploads that one might need to take
care of. Are there any tutorials on image upload issues.


Thanks and HAND.

Jas

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session and validation

2004-10-30 Thread Stuart Felenstein


--- Chris Shiflett [EMAIL PROTECTED] wrote:

 --- Stuart Felenstein [EMAIL PROTECTED] wrote:
  I had this thread going yesterday. Then basically
  think it reached a stalemate.
 
 I think you need to try to simplify your code to the
 most basic example
 that demonstrates the problem. By doing this, you'll
 achieve one of two
 things:
 
 1. Figure out the problem yourself.
 2. Generate a perfect example that we can use to
 better understand your
 problem and suggest a solution.
 
Yes, this is exactly what I did and why I dredged up
this topic again:

Here is the example:

testarray (page1)
//Start the session
?php session_start(); 

//Check for the array on submit
if ( empty( $_SESSION['l_industry'] ) ) {
$_SESSION['l_industry']=array();
}
//Check to make sure user didnt exceed 5 selections
if (count($industry)  5) {
echo you have selected too many industries;
exit;
}
?
?php
//Redirect to results page if user stayed in 5 option
//range
if ($_SERVER[REQUEST_METHOD] == POST) {
 Header(Location:
http://www...com/TAresults.php;);
}
?!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0
Transitional//EN
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
?php //PHP ADODB document - made with PHAkt 2.7.3?
html
head
titleUntitled Document/title
meta http-equiv=Content-Type content=text/html;
charset=iso-8859-1
/head

body
table width=500 border=1 align=center
cellpadding=2 cellspacing=2
  tr
tdform name=form1 id=form1 method=post
action=
  select name=industry[] size=10
multiple=multiple id=industry[]
option value=1 ?php if (!(strcmp(1,
Please Select))) {echo SELECTED;}
?Accounting/option
option value=2 ?php if (!(strcmp(2,
Please Select))) {echo SELECTED;}
?Entertainment/option
option value=3 ?php if (!(strcmp(3,
Please Select))) {echo SELECTED;}
?label/option
option value=4 ?php if (!(strcmp(4,
Please Select))) {echo SELECTED;} ?Advertising
/option
option value=5 ?php if (!(strcmp(5,
Please Select))) {echo SELECTED;} ?Customer
Service/option
option value=6 ?php if (!(strcmp(6,
Please Select))) {echo SELECTED;} ?Informatin
Technology/option
  /select
  input type=submit name=Submit
value=Submit
/form/td
  /tr
/table
/body
/html

TAresults (page2):

?php session_start();

if ( empty( $_SESSION['l_industry'] ) ) {
$_SESSION['l_industry']=array();
}

if ( is_array( $_REQUEST['LurkerIndustry'] ) ) {
$_SESSION['l_industry'] = array_unique(
array_merge( $_SESSION['l_industry'],
 $_REQUEST['LurkerIndustry'] )
);
}
?
!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0
Transitional//EN
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
html xmlns=http://www.w3.org/1999/xhtml;
head
meta http-equiv=Content-Type content=text/html;
charset=iso-8859-1 /
titleUntitled Document/title
/head

body
?php
echo The time is.br /;
echo $industry['0'].br /; 
echo $industry['1'].br /; 
echo $industry['2'].br /; 
echo $industry['3'].br /; 
echo $industry['4'].br /; 
echo $industry['5'].br /; 
echo $industry['6'].br /; 
echo $industry['7'].br /; 
echo $industry['8'].br /; 
echo $industry['9'].br /; 
echo $industry['10'].br /; 
echo $industry['11'].br /;

?
?php
unset($l_industry);
?
/body
/html

The results here, are whether the check passes or not
the variables never echo. 
If I set action on page 1 to TAresults.php , then they
echo out fine.

Stuart

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Session and validation

2004-10-30 Thread Stuart Felenstein


--- Graham Cossey [EMAIL PROTECTED] wrote:

 So, if this is the result of a form submission how
 are you getting the POST 
 variables?
 How/where is $industry being set? I appears that you
 are assuming that
 variables are 'maintained' within a script, they are
 not. You have to
 remember that although you are running the same
 script it is not the same
 'instance' of the script as a request/response has
 occurred. You MUST pass
 and retrieve SESSION/POST/GET variables if you
 intend to use them in your
 script.
 
Yes, I see your point about the instance changing. I
made the change and set session = post prior to the
redirect and it's working proper.

Now, I will need to go back and try my other scripts
to see if this holds up in them.  I thought I already
tried , but a fresh start may help.

Stuart

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Session and validation

2004-10-30 Thread Graham Cossey

[snip]

 Here is the example:

 testarray (page1)
 //Start the session
 ?php session_start();

 //Check for the array on submit
 if ( empty( $_SESSION['l_industry'] ) ) {
 $_SESSION['l_industry']=array();
 }

$industry = $_POST['industry']; // ??

 //Check to make sure user didnt exceed 5 selections
 if (count($industry)  5) {
 echo you have selected too many industries;
   exit;
 }

So, if this is the result of a form submission how are you getting the POST
variables?
How/where is $industry being set? I appears that you are assuming that
variables are 'maintained' within a script, they are not. You have to
remember that although you are running the same script it is not the same
'instance' of the script as a request/response has occurred. You MUST pass
and retrieve SESSION/POST/GET variables if you intend to use them in your
script.

$_SESSION['x'] = $_POST['x'];
$_SESSION['y'] = $_POST['y'];
etc etc...

 ?
 ?php
 //Redirect to results page if user stayed in 5 option
 //range
 if ($_SERVER[REQUEST_METHOD] == POST) {
  Header(Location:
 http://www...com/TAresults.php;);
 }

You do not appear to have set the SESSION variables before redirecting to
the next page.

 ?!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0
 Transitional//EN
 http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
 ?php //PHP ADODB document - made with PHAkt 2.7.3?
 html
 head
 titleUntitled Document/title
 meta http-equiv=Content-Type content=text/html;
 charset=iso-8859-1
 /head

 body
 table width=500 border=1 align=center
 cellpadding=2 cellspacing=2
   tr
 tdform name=form1 id=form1 method=post
 action=

Not sure about this... have you used action=$PHP_SELF ?

   select name=industry[] size=10
 multiple=multiple id=industry[]
 option value=1 ?php if (!(strcmp(1,
 Please Select))) {echo SELECTED;}
 ?Accounting/option
 option value=2 ?php if (!(strcmp(2,
 Please Select))) {echo SELECTED;}
 ?Entertainment/option
 option value=3 ?php if (!(strcmp(3,
 Please Select))) {echo SELECTED;}
 ?label/option
 option value=4 ?php if (!(strcmp(4,
 Please Select))) {echo SELECTED;} ?Advertising
 /option
 option value=5 ?php if (!(strcmp(5,
 Please Select))) {echo SELECTED;} ?Customer
 Service/option
 option value=6 ?php if (!(strcmp(6,
 Please Select))) {echo SELECTED;} ?Informatin
 Technology/option
   /select
   input type=submit name=Submit
 value=Submit
 /form/td
   /tr
 /table
 /body
 /html

 TAresults (page2):

 ?php session_start();

 if ( empty( $_SESSION['l_industry'] ) ) {
 $_SESSION['l_industry']=array();
 }

 if ( is_array( $_REQUEST['LurkerIndustry'] ) ) {
 $_SESSION['l_industry'] = array_unique(
 array_merge( $_SESSION['l_industry'],
  $_REQUEST['LurkerIndustry'] )
 );
 }
 ?
 !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0
 Transitional//EN
 http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
 html xmlns=http://www.w3.org/1999/xhtml;
 head
 meta http-equiv=Content-Type content=text/html;
 charset=iso-8859-1 /
 titleUntitled Document/title
 /head

 body
 ?php
 echo The time is.br /;
 echo $industry['0'].br /;
 echo $industry['1'].br /;
 echo $industry['2'].br /;
 echo $industry['3'].br /;
 echo $industry['4'].br /;
 echo $industry['5'].br /;
 echo $industry['6'].br /;
 echo $industry['7'].br /;
 echo $industry['8'].br /;
 echo $industry['9'].br /;
 echo $industry['10'].br /;
 echo $industry['11'].br /;

Sorry, I cannot see where $industry is being set. This may just need

$industry = $_SESSION['industry'];


 ?
 ?php
 unset($l_industry);
 ?
 /body
 /html

 The results here, are whether the check passes or not
 the variables never echo.
 If I set action on page 1 to TAresults.php , then they
 echo out fine.

 Stuart

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Command Line Script

2004-10-30 Thread Steve Douville


 If you want to stick with PHP, you're better off using an ssh key, so that
 you're not prompted for the password.


Ahh, okay thanks. If anyone can point me to some useful docs, I'd appreciate
it. I've been looking on google but not really sure what's right and what's
not.

Thanks,
Steve

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] php compiler

Hi!
$a = 0;
$b = 1;
if ($a = 1  $b = 0) {
echo 'true ';
var_dump($a);
var_dump($b);
} else {
echo 'false ';
var_dump($a);
var_dump($b);
}
Runing this we get: true bool(false) int(0)
After the precedence table the first step could be evaluating the , 
but not this is what happen.

Can someone exactly explain how PHP process the condition?
THX in advance,
Felho
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] localeconv

Hi,
I just noticed an annoying issue with locales in PHP and I'm not sure if 
this behaviour is intended or it's a bug.

I'm doing the following:
setlocale(LC_ALL, 'de_DE');
$l = localeconv();
printf(Decimal point: %s\n, $l['decimal_point']);
printf(Thousands sep: %s\n, $l['thousands_sep']);
This should output a , as decimal point and a . as thousands 
separator but it does only output the standard characters (A dot as 
decimal point and nothing as thousands_sep).

My de_DE locale is properly set up. All other data returned by 
localeconv is correct (EUR currency, Euro currency symbol, monetary 
decimal point and monetary thousand separator and so on). Only the 
decimal_point and thousands_sep is not working.

Also interesting is that printf(%.2f, 123.45) correctly outputs 
123,45. So PHP IS using a comma as decimal point but why does it not 
show up in localeconv()?

I tried exactly the same code in C on the same machine and this is 
working perfectly:

#include locale.h

int main(int argc, char *argv[])
{
struct lconv *l;

setlocale(LC_ALL, de_DE);
l = localeconv();
printf(Decimal point: %s\n, l-decimal_point);
printf(Thousands sep: %s\n, l-thousands_sep);
return 0;
}
This outputs correct german decimal point and thousands separator.
Is there a reason for this misbehaviour of PHP? Or is it a bug? I 
encounter this with PHP 5.0.2 and 4.3.9.

--
Bye, K http://www.ailis.de/~k/ (FidoNet: 2:240/2188.18)
[A735 47EC D87B 1F15 C1E9  53D3 AA03 6173 A723 E391]
(Finger [EMAIL PROTECTED] to get public key)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] php compiler

2004-10-30 Thread Mike

You're assigning values in your test.

Use == instead of = in the if condition.

=M

-Original Message-
From: Hodicska Gergely [mailto:[EMAIL PROTECTED] 
Sent: Saturday, October 30, 2004 9:50 AM
To: [EMAIL PROTECTED]
Subject: [PHP] php compiler

Hi!

$a = 0;
$b = 1;
if ($a = 1  $b = 0) {
echo 'true ';
var_dump($a);
var_dump($b);
} else {
echo 'false ';
var_dump($a);
var_dump($b);
}

Runing this we get: true bool(false) int(0)

After the precedence table the first step could be evaluating the , 
but not this is what happen.

Can someone exactly explain how PHP process the condition?

THX in advance,
Felho

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php compiler

Hodicska Gergely wrote:
$a = 0;
$b = 1;
if ($a = 1  $b = 0) {
echo 'true ';
var_dump($a);
var_dump($b);
} else {
echo 'false ';
var_dump($a);
var_dump($b);
}
Runing this we get: true bool(false) int(0)
Are you sure you posted the example correctly? It outputs this: false 
bool(false) int(0)

And this output is absolutely correct. Your condition gives new values 
to $a and $b because you use = and not ==. So you do this:

$b = 0;
$a = 1  $b;
The condition checks the value of $a (which is false) and so you land in 
the else branch and that's why $b is int(0) and $a is bool(false)

I think you want this:
if ($a == 1  $b == 0)
--
Bye, K http://www.ailis.de/~k/ (FidoNet: 2:240/2188.18)
[A735 47EC D87B 1F15 C1E9  53D3 AA03 6173 A723 E391]
(Finger [EMAIL PROTECTED] to get public key)


signature.asc
Description: OpenPGP digital signature

Re: [PHP] Command Line Script

2004-10-30 Thread - Edwin -

Hi,

On Sat, 30 Oct 2004 09:42:13 -0400
Steve Douville [EMAIL PROTECTED] wrote:

 
  If you want to stick with PHP, you're better off using an
  ssh key, so that you're not prompted for the password.
 
 
 Ahh, okay thanks. If anyone can point me to some useful
 docs, I'd appreciate it. I've been looking on google but
 not really sure what's right and what's not.

Try this:
  http://www.google.com/search?q=ssh+no+password

I think the first one is the one you're looking for :)

Anyway, just try the other links on the page as well...

HTH,

-- 
- E - copperwalls was here ;)
There is going to be a resurrection. - Acts 24:15

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php compiler

2004-10-30 Thread Marek Kilimajer

Mike wrote:
You're assigning values in your test.
Use == instead of = in the if condition.
hmm, but he should not get what he gets anyways:
$a = 1 - evaluates to true, continue
$b = 0 - evaluates to false, so the whole if() condition is false, jump 
to else and print:

false
1
0
He gets:
true
false
0
I get (php-5.0.2):
false
false
0
Or am I missing something?
=M
-Original Message-
From: Hodicska Gergely [mailto:[EMAIL PROTECTED] 
Sent: Saturday, October 30, 2004 9:50 AM
To: [EMAIL PROTECTED]
Subject: [PHP] php compiler

Hi!
$a = 0;
$b = 1;
if ($a = 1  $b = 0) {
echo 'true ';
var_dump($a);
var_dump($b);
} else {
echo 'false ';
var_dump($a);
var_dump($b);
}
Runing this we get: true bool(false) int(0)
After the precedence table the first step could be evaluating the , 
but not this is what happen.

Can someone exactly explain how PHP process the condition?
THX in advance,
Felho
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php compiler

2004-10-30 Thread Marek Kilimajer

Marek Kilimajer wrote:
Mike wrote:
You're assigning values in your test.
Use == instead of = in the if condition.
hmm, but he should not get what he gets anyways:
$a = 1 - evaluates to true, continue
$b = 0 - evaluates to false, so the whole if() condition is false, jump 
to else and print:
ok, precedence :)
false
1
0
He gets:
true
false
0
I get (php-5.0.2):
false
false
0
Or am I missing something?
=M
-Original Message-
From: Hodicska Gergely [mailto:[EMAIL PROTECTED] Sent: 
Saturday, October 30, 2004 9:50 AM
To: [EMAIL PROTECTED]
Subject: [PHP] php compiler

Hi!
$a = 0;
$b = 1;
if ($a = 1  $b = 0) {
echo 'true ';
var_dump($a);
var_dump($b);
} else {
echo 'false ';
var_dump($a);
var_dump($b);
}
Runing this we get: true bool(false) int(0)
After the precedence table the first step could be evaluating the , 
but not this is what happen.

Can someone exactly explain how PHP process the condition?
THX in advance,
Felho

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php compiler

 Use == instead of = in the if condition.
Thx, I know the difference. The exapmle use willfuly =.
Felho
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php compiler

 It outputs this: false bool(false) int(0)
Yes, this the right output.
 And this output is absolutely correct. Your condition gives new values
 to $a and $b because you use = and not ==. So you do this:
Maybe you never read this:
http://hu2.php.net/manual/en/language.operators.php#language.operators.precedence
The result is not so obvious. There sould some internal behavior which
cause this.
Felho
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php compiler

Hodicska Gergely wrote:
  It outputs this: false bool(false) int(0)
Yes, this the right output.
And this output is absolutely correct. Your condition gives new values 
to $a and $b because you use = and not ==. So you do this:
Maybe you never read this:
http://hu2.php.net/manual/en/language.operators.php#language.operators.precedence 
The result is not so obvious. There sould some internal behavior which 
cause this.
I don't see the problem. The behaviour of your code matches the
precendences in my opinion:
$a = 1  $b = 0
PHP sees two expressions here:
$a = 1  $b   (because  has higher priority than =)
and
$b = 0;
So the condition resolves to 1  0 while $a is set to false and $b is
set to 0;
So where is the problem?
--
Bye, K http://www.ailis.de/~k/ (FidoNet: 2:240/2188.18)
[A735 47EC D87B 1F15 C1E9  53D3 AA03 6173 A723 E391]
(Finger [EMAIL PROTECTED] to get public key)


signature.asc
Description: OpenPGP digital signature

Re: [PHP] php compiler

Hodicska Gergely wrote:
$a = 1  $b = 0
PHP sees two expressions here:
After the precedence table the first thing should be evaluating 1  $b, 
so we get:
$a = false = 0
Which is not meaningful thing, and maybe this cause that the evaluating 
of the statment is not in the right order.
= has a right  associativity. This is well explained on the page you 
think I have not read. See Example 15-1. $b = 0 is evaluated first and 
the 1  $b is evaluated after that.

Everything else would make no sense. (1  $b) = 0 is not a valid 
expression and throws an error.

--
Bye, K http://www.ailis.de/~k/ (FidoNet: 2:240/2188.18)
[A735 47EC D87B 1F15 C1E9  53D3 AA03 6173 A723 E391]
(Finger [EMAIL PROTECTED] to get public key)


signature.asc
Description: OpenPGP digital signature

Re: [PHP] php compiler

If you see the output, it seems, that PHP evaluate first $b = 0, and 
this is the problem.

 $a = 1  $b = 0
 PHP sees two expressions here:
After the precedence table the first thing should be evaluating 1  $b, 
so we get:
$a = false = 0
Which is not meaningful thing, and maybe this cause that the evaluating 
of the statment is not in the right order.

Felho
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php compiler

= has a right  associativity. This is well explained on the page you 
Oke, but  has a higher precedence. The right  associativity has 
sense when all the operand has the same precedence.

Felho
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php compiler

Hodicska Gergely wrote:
Oke, but  has a higher precedence. The right  associativity has 
sense when all the operand has the same precedence.
I think the precedence of left and right associative operands can't be 
compared. The switch between associativities already separates the 
expression (if it could be explained this way). So you have to handle 
left-evaluated expressions and right-evaluated expressions 
separately. That's why $b = 0 and 1  $b are evaluated separately.

The PHP manual gives a fine example: Note:  Although ! has a higher 
precedence than =, PHP will still allow expressions similar to the 
following: if (!$a = foo()), in which case the output from foo() is put 
into $a.

And that's because = is right and ! is non-associative.
--
Bye, K http://www.ailis.de/~k/ (FidoNet: 2:240/2188.18)
[A735 47EC D87B 1F15 C1E9  53D3 AA03 6173 A723 E391]
(Finger [EMAIL PROTECTED] to get public key)


signature.asc
Description: OpenPGP digital signature

Re: [PHP] Session and validation

On Saturday 30 October 2004 10:27, Stuart Felenstein wrote:
 --- Chris Shiflett [EMAIL PROTECTED] wrote:
  --- Stuart Felenstein [EMAIL PROTECTED] wrote:
   I had this thread going yesterday. Then basically
   think it reached a stalemate.
 
  I think you need to try to simplify your code to the
  most basic example
  that demonstrates the problem. By doing this, you'll
  achieve one of two
  things:
 
  1. Figure out the problem yourself.
  2. Generate a perfect example that we can use to
  better understand your
  problem and suggest a solution.

 Yes, this is exactly what I did and why I dredged up
 this topic again:

 Here is the example:

In my reply to your 'dead' thread I suggested you concoct a barest minimum 
example.

Which means:

 //Check to make sure user didnt exceed 5 selections
 if (count($industry)  5) {
 echo you have selected too many industries;

No need to check for more than 5, just more than 1 would be sufficient for 
proof of concept.

 ?!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0

No need for extraneous useless HTML.

 table width=500 border=1 align=center

Ditto. What's the point of formatting it nicely?

Basically the less cruft there is the better the chance of you spotting the 
problem yourself, and the likelyhood of people actually wading through your 
code.

-- 
Jason Wong - Gremlins Associates - www.gremlins.biz
Open Source Software Systems Integrators
* Web Design  Hosting * Internet  Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
If you ever want to get anywhere in politics, my boy, you're going to
have to get a toehold in the public eye.
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] standard ini settings

On Saturday 30 October 2004 09:06, Reinhart Viane wrote:
 Can someone point me out the best ini settings?
 Which are nowadays used as standards when scripts are writte?

 I wanna make sure the codes i (try to) write meet this standards

The file 'php.ini-recommended' which is included in the source tarball has 
reasonably sane settings which you can use as a starting point to tweak to 
your satisfaction.

-- 
Jason Wong - Gremlins Associates - www.gremlins.biz
Open Source Software Systems Integrators
* Web Design  Hosting * Internet  Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
There cannot be a crisis next week.  My schedule is already full.
  -- Henry Kissinger
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] image files - upload and managment

On Saturday 30 October 2004 09:43, Jaskirat Singh wrote:

 1) Storage and retrieval -  File system sounds like a better choice
 over database. We are talking about 20 thousand plus pictures.

Using a file system is usually the better choice. With the quantity of files 
you're handling it might be wise to implement some kind of directory hashing. 
For example having several thousand files in a single directory using 
ext2/ext3 file system results in very poor performance.

 2) Thumbnails - Should I create those once and save it in a file when
 the image is uploaded for the first time. Looks like a faster option
 than creating them every time on the fly.

Definitely much faster to create it once (probably on upload) and store it 
rather than create on the fly each time. 

 3) Security issues - I believe I must have a world writable 666
 permissions directory to keep images as users of the web app are
 uploading them. Does that create any security holes in my application?

If you're on a shared-host there's really not much you can do to keep your 
files really (or even fairly) safe from your 'host mates'. What you can do is 
largely limited by how the system was configured. Storing files in the 
database can potentially add a layer of protection. If security is a concern 
then you should shell out the extra for a dedicated host.

-- 
Jason Wong - Gremlins Associates - www.gremlins.biz
Open Source Software Systems Integrators
* Web Design  Hosting * Internet  Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
I am more bored than you could ever possibly be.  Go back to work.
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] image files - upload and managment

2004-10-30 Thread Robby Russell

On Sat, 2004-10-30 at 02:43 -0700, Jaskirat Singh wrote:
Hi People,

I am writing a web app on LAMP.
The app is sort of yellow pages where people can login and post
advertisments with pictures.

App needs to allow users to upload pictures. (jpg and gif),
needs to create thumbnails of those pictures
and to store thumbnails and full pictures.

App needs to manage all those files - can be as much as 20K plus
images.

I think image file size, file type and image dimensions restrictions
should be easy to handle by using $_FILES array and getimagesize
function.

The issues that I am thinking of and need suggestions about are

1) Storage and retrieval - File system sounds like a better choice
over database. We are talking about 20 thousand plus pictures.

I would do it in the database (PostgreSQL in my case). The speed isn't
going to be much slower if you keep things optimized. You can even cache
your images if necessary on the filesystem (for high traffic images).

2) Thumbnails - Should I create those once and save it in a file when
the image is uploaded for the first time. Looks like a faster option
than creating them every time on the fly.

I just recently finished working on a project where I knew that would
automatically create a thumbnail version of each image on upload... but
then I realized that I might one day want to change the default
thumbnail sizes.. so what I did was have it create a thumbnail on the
fly from the database. (this way I can control the thumbnail size in the
future). The speed difference was hardly noticed. I have done what I
mentioned above and am now caching images that get loaded frequently.

3) Security issues - I believe I must have a world writable 666
permissions directory to keep images as users of the web app are
uploading them. Does that create any security holes in my application?

The database will help you add a nice layer of security.

4) Any thing else related to image uploads that one might need to take
care of. Are there any tutorials on image upload issues.

an example:
http://blog.planetargon.com/index.php?/archives/26_Uploading_images_into_PostgreSQL.html

and here is how you can display the images from the db. I am also using
mod_rewrite so that it looks like it's coming from the filesystem, for
example:

mydomain.com/images/mypic.jpg actually
calls ./image.php?filename=mypic.jpg

http://blog.planetargon.com/index.php?/archives/27_Displaying_image_from_PostgreSQL_large_object_with_PHP.html

hth,

-Robbyu

--
/***
* Robby Russell | Owner.Developer.Geek
* PLANET ARGON | www.planetargon.com
* Portland, OR | [EMAIL PROTECTED]
* 503.351.4730 | blog.planetargon.com
* PHP/PostgreSQL Hosting Development
*--- Now supporting PHP5 ---
/

signature.asc
Description: This is a digitally signed message part

Re: [PHP] (Regex) not working, take a quick look at it plz?

On Friday 29 October 2004 23:12, Ryan A wrote:

 I totally suck at RegEx (but am trying to learn), I got the following from
 the web, but its not working for me...
 can anyone spot what I am doing wrong or whats wrong please?

And what *exactly* is wrong?

What did you expect the code to do?

What did the code actually do?

Did you try debuggiong it yourself? print_r() or var_dump() everything.

-- 
Jason Wong - Gremlins Associates - www.gremlins.biz
Open Source Software Systems Integrators
* Web Design  Hosting * Internet  Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
Rome wasn't burnt in a day.
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] image files - upload and managment

2004-10-30 Thread raditha dissanayake

Robby Russell wrote:
On Sat, 2004-10-30 at 02:43 -0700, Jaskirat Singh wrote:
 

Hi People,
I am writing a web app on LAMP.
The app is sort of yellow pages where people can login and post
advertisments with pictures.
App needs to allow users to upload pictures. (jpg and gif),
needs to create thumbnails of those pictures
and to store thumbnails and full pictures.
App needs to manage all those files - can be as much as 20K plus
images.
I think image file size, file type and image dimensions restrictions
should be easy to handle by using $_FILES array and  getimagesize
function.
The issues that I am thinking of and need suggestions about are
1) Storage and retrieval -  File system sounds like a better choice
over database. We are talking about 20 thousand plus pictures.
   

I would do it in the database (PostgreSQL in my case). The speed isn't
going to be much slower if you keep things optimized. You can even cache
your images if necessary on the filesystem (for high traffic images).
 

Robby's post is full of usefull information however though I am a 
postgresql fan i beg to differ on this point. Speed is definitely going 
to be slower when you insert and retrieve from blob (bytea) fields in 
any database. That's probly why you  you think caching is needed for 
high traffic images  :-)

--
Raditha Dissanayake.

http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload
Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader
Graphical User Inteface. Just 128 KB | with progress bar.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Trouble with the ISAPI in PHP4

2004-10-30 Thread George Hester

If I am loading extensions in my php.ini file then this is what happens when I try try 
load the php4isapi.dll.
I go ahead and add it as an ISAPI filter the way it supposed to be done in IIS 5.  
Then I stop the IISAdmin
Service and restart it.  Then I start the Web Puublishing Service. This is where the 
issue arises.  If I am loading
extensions in my php.ini then I will get errors, ./extensions\php_gd2.dll not found  
for example of course loading
the php_gd2.dll extension in my php.ini.  The specific dll is not the issue.  It 
happens with any extension I have
loaded in my php.ini upon starting the Web Publishing Service.  Any ideas how to fix 
this? 
Thanks.


-- 
George Hester
__

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php compiler

2004-10-30 Thread Curt Zirzow

* Thus wrote Hodicska Gergely:
 If you see the output, it seems, that PHP evaluate first $b = 0, and 
 this is the problem.
 
  $a = 1  $b = 0
  PHP sees two expressions here:
 
 After the precedence table the first thing should be evaluating 1  $b, 
 so we get:
 $a = false = 0
 Which is not meaningful thing, and maybe this cause that the evaluating 
 of the statment is not in the right order.

 takes precedence to the left operator's expression and compares
it to the right side, you really want;

$a = 1  $b  $b = 0


In what ever case, your expression is rather unclear on what you
want to happen.  

if( 1  $b ) {
  $a = 1;
  $b = 0;
)


Curt
-- 
Quoth the Raven, Nevermore.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] php.ini Path at Runtime

Does anyone know whether there is a way to specify the path of php.ini
within httpd.conf or something similar? There is an environment variabled
named PHPRC that is almost useful enough, but it must exist within the
environment used to start Apache (e.g., using SetEnv in httpd.conf won't
work - the description of putenv() sounds much the same).

I am basically looking for an elegant method of specifying the path to the
php.ini to use when starting Apache, much like how I can specify the path
to httpd.conf with the -f flag:

/usr/local/apache/bin/httpd -f /path/to/httpd.conf

Thanks.

Chris

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php.ini Path at Runtime

2004-10-30 Thread Jonel Rienton

There was a very recent discussion about this, look up the archive from
the past week or 2.

regards,
Jonel

 Does anyone know whether there is a way to specify the path of php.ini
 within httpd.conf or something similar? There is an environment
 variabled named PHPRC that is almost useful enough, but it must exist
 within the environment used to start Apache (e.g., using SetEnv in
 httpd.conf won't work - the description of putenv() sounds much the
 same).

 I am basically looking for an elegant method of specifying the path to
 the php.ini to use when starting Apache, much like how I can specify the
 path to httpd.conf with the -f flag:

 /usr/local/apache/bin/httpd -f /path/to/httpd.conf

 Thanks.

 Chris

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php


-- 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Using Google's API with PHP

2004-10-30 Thread Chris Martin

Rahul S. Johari wrote:
Ave,
Has anyone been able to successfully use the Google API with PHP here? I've
been trying different scripts and each one gives me a similar Unexpected
T_Function error. 

The other script from digitalpoint.com does run but it doesn't read my $q,
basically it displays all results from google.. It doesn't actually read my
query at all.
Any help would be appreciated.
Ave.
Rahul S. Johari
Coordinator, Internet  Administration
Informed Marketing Services Inc.
(518) 266-0909 x154
http://www.informed-sources.com
I've done this using the NuSOAP class.
http://www.chriscodes.com/google/
I have a simple source code example. You'll need to include NuSOAP, and 
to replace Your Google License KEY in the example with Your Google 
License KEY.

http://www.chriscodes.com/google/google.phps
There's a somple tutorial at:
http://www.devshed.com/c/a/PHP/Using-The-Google-Web-APIs-With-PHP/
--
Chris Martin
Web Developer
Open Source  Web Standards Advocate
http://www.chriscodes.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP in CGI ....php.in

2004-10-30 Thread Jonel Rienton

Hi,
where did you place your php.ini?
regards,
Jonel
--
I not know English well, but I know 7 computer languages.
On Oct 30, 2004, at 2:48 AM, Christian Ista wrote:

#!/usr/bin/php -c /path/to/php.ini
I tried this
#!/usr/local/lib/php -c php.ini
In the php.ini :
register_globals = on
but that's not work
Any idea ?
Christian,
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php.ini Path at Startup

--- Jonel Rienton [EMAIL PROTECTED] wrote:
 There was a very recent discussion about this, look up the
 archive from the past week or 2.

If you're referring to the responses to this question:

http://marc.theaimsgroup.com/?l=php-generalm=109907804615206w=2

then it's a different issue. If you're not, maybe you can elaborate. I've
been active on this list for years, and I don't recall seeing the answer
to this question. :-)

I'm thinking it's because there isn't a way, and if this is the case, I
want to add it (or convince someone smarter than me to add it).

Just to clarify the question, I want to be able to start Apache and
specify which php.ini I want PHP to use, much like how I can with
httpd.conf:

/usr/local/apache/bin/httpd -f /path/to/httpd.conf

Chris

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] image files - upload and managment

2004-10-30 Thread Matthew Weier O'Phinney

* Robby Russell [EMAIL PROTECTED]:
 On Sat, 2004-10-30 at 02:43 -0700, Jaskirat Singh wrote:
  App needs to allow users to upload pictures. (jpg and gif),
  needs to create thumbnails of those pictures
  and to store thumbnails and full pictures.
  
  App needs to manage all those files - can be as much as 20K plus
  images.
  
  I think image file size, file type and image dimensions restrictions
  should be easy to handle by using $_FILES array and  getimagesize
  function.
  
  The issues that I am thinking of and need suggestions about are
  
  1) Storage and retrieval -  File system sounds like a better choice
  over database. We are talking about 20 thousand plus pictures.

 I would do it in the database (PostgreSQL in my case). The speed isn't
 going to be much slower if you keep things optimized. You can even cache
 your images if necessary on the filesystem (for high traffic images).

I have difficulty believing retrieving an image from a database will
have similar speed performance as simply grabbing it from the
filesystem... and if you're seeing a need to cache images on the
filesystem anyways, that's certainly already an argument against it.

  2) Thumbnails - Should I create those once and save it in a file when
  the image is uploaded for the first time. Looks like a faster option
  than creating them every time on the fly.

 I just recently finished working on a project where I knew that would
 automatically create a thumbnail version of each image on upload... but
 then I realized that I might one day want to change the default
 thumbnail sizes.. so what I did was have it create a thumbnail on the
 fly from the database. (this way I can control the thumbnail size in the
 future). The speed difference was hardly noticed. I have done what I
 mentioned above and am now caching images that get loaded frequently. 

Thumbnailing on the fly may have decent performance, but it *is* slower
than simply serving up an image. If you doubt that, try surfing from a
T1 connection some time (dial-up users may not notice the extra time
required to generate the image, but those on broadband will). In
addition, if you generate a thumbnail every time the image is requested,
you're making your server do extra work -- even if you're caching
oft-requested images.

I understand the argument regarding a future change in thumbnail sizes.
However, generating thumbnails on a filesystem of images is something
that is easily scripted and can be performed on an as-needed basis.
(ImageMagick is great for this sort of thing, and scripts in PHP using
GD could also be used.)

  3) Security issues - I believe I must have a world writable 666
  permissions directory to keep images as users of the web app are
  uploading them. Does that create any security holes in my application?

Depends on if you're on your own server or a shared host. One thing you
can do even on a shared host is to make one directory 777 and then have
PHP create directories within that; however, as noted by somebody else
previously, someone else on the shared host could be malicious then and
write over those directories.

If you're on your own server or a dedicated host, give read and write
permissions only to the web server and one or two groups.

 The database will help you add a nice layer of security.

If the OP is on a shared host, that is one of the rare instances I'd
suggest putting uploaded information into a database -- and only if
there's a liklihood of other clients on the server being malicious.
However, in a shared host environment, if a user *does* do something
malicious, you can usually complain to the service provider and get
compensation.


-- 
Matthew Weier O'Phinney   | mailto:[EMAIL PROTECTED]
Webmaster and IT Specialist   | http://www.garden.org
National Gardening Association| http://www.kidsgardening.com
802-863-5251 x156 | http://nationalgardenmonth.org

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Security: Forms and displaying invalid data

2004-10-30 Thread rjc

I have a form, that takes user input, and was wondering what are your 
thoughts of redisplaying user input back on the page after validation 
has failed.

Eg. they have to enter a date in format: '-mm-dd'
and they enter: script./script etc. or anything for that matter.
Although that would prob be too long for the field, but you get the idea.
How do other people out there tend to handle this? As it only affects 
the user that post the data if anything is malicious.

Some options that I have come up with are:
1. Displaying previous data (or empty field) for example if user is 
editing something.
2. Just displaying exactly what they entered again on the screen.
3. Stripping out certain undesirable characters before displaying.

Thanks,
Rob
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php.ini Path at Startup

2004-10-30 Thread Marek Kilimajer

Chris Shiflett wrote:
--- Jonel Rienton [EMAIL PROTECTED] wrote:
There was a very recent discussion about this, look up the
archive from the past week or 2.

If you're referring to the responses to this question:
http://marc.theaimsgroup.com/?l=php-generalm=109907804615206w=2
then it's a different issue. If you're not, maybe you can elaborate. I've
been active on this list for years, and I don't recall seeing the answer
to this question. :-)
I'm thinking it's because there isn't a way, and if this is the case, I
want to add it (or convince someone smarter than me to add it).
Just to clarify the question, I want to be able to start Apache and
specify which php.ini I want PHP to use, much like how I can with
httpd.conf:
/usr/local/apache/bin/httpd -f /path/to/httpd.conf
Chris
I think this should work:
PHPRC=/etc/php-2.ini /usr/local/apache/bin/httpd -f /path/to/httpd.conf
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] image files - upload and managment

2004-10-30 Thread Robby Russell

On Sat, 2004-10-30 at 22:30 +, Matthew Weier O'Phinney wrote:
 * Robby Russell [EMAIL PROTECTED]:
  On Sat, 2004-10-30 at 02:43 -0700, Jaskirat Singh wrote:
   App needs to allow users to upload pictures. (jpg and gif),
   needs to create thumbnails of those pictures
   and to store thumbnails and full pictures.
   
   App needs to manage all those files - can be as much as 20K plus
   images.
   
   I think image file size, file type and image dimensions restrictions
   should be easy to handle by using $_FILES array and  getimagesize
   function.
   
   The issues that I am thinking of and need suggestions about are
   
   1) Storage and retrieval -  File system sounds like a better choice
   over database. We are talking about 20 thousand plus pictures.
 
  I would do it in the database (PostgreSQL in my case). The speed isn't
  going to be much slower if you keep things optimized. You can even cache
  your images if necessary on the filesystem (for high traffic images).
 
 I have difficulty believing retrieving an image from a database will
 have similar speed performance as simply grabbing it from the
 filesystem... and if you're seeing a need to cache images on the
 filesystem anyways, that's certainly already an argument against it.
 

I tend to stick as much in the database with strict restraints. I know
that in my database, an image cannot be deleted unless several rules are
met. In the filesystem, a number of things could accidently delete the
wrong file. I treat my images as another piece of data and that data is
kept there by constraints.  

   2) Thumbnails - Should I create those once and save it in a file when
   the image is uploaded for the first time. Looks like a faster option
   than creating them every time on the fly.
 
  I just recently finished working on a project where I knew that would
  automatically create a thumbnail version of each image on upload... but
  then I realized that I might one day want to change the default
  thumbnail sizes.. so what I did was have it create a thumbnail on the
  fly from the database. (this way I can control the thumbnail size in the
  future). The speed difference was hardly noticed. I have done what I
  mentioned above and am now caching images that get loaded frequently. 
 
 Thumbnailing on the fly may have decent performance, but it *is* slower
 than simply serving up an image. If you doubt that, try surfing from a
 T1 connection some time (dial-up users may not notice the extra time
 required to generate the image, but those on broadband will). In
 addition, if you generate a thumbnail every time the image is requested,
 you're making your server do extra work -- even if you're caching
 oft-requested images.
 
 I understand the argument regarding a future change in thumbnail sizes.
 However, generating thumbnails on a filesystem of images is something
 that is easily scripted and can be performed on an as-needed basis.
 (ImageMagick is great for this sort of thing, and scripts in PHP using
 GD could also be used.)
 

As I can do when I want it to be a thumbnail. Infact, in PostgreSQL, I
can use plPHP, plPerl, psycopg, etc and perform these tasks within
database functions. This isn't an issue at all. 

Here are a few reasons why storing in the DB can be more useful. 

http://www.oracle.com/technology/products/intermedia/htdocs/why_images_in_database.html

Also, Gallery 2, is moving to a database backend, one would wonder why
that would be a good move, considering the sole purpose of gallery is to
display images. 

-Robby

-- 
/***
* Robby Russell | Owner.Developer.Geek
* PLANET ARGON  | www.planetargon.com
* Portland, OR  | [EMAIL PROTECTED]
* 503.351.4730  | blog.planetargon.com
* PHP/PostgreSQL Hosting  Development
*--- Now supporting PHP5 ---
/


signature.asc
Description: This is a digitally signed message part

RE: [PHP] Security: Forms and displaying invalid data

2004-10-30 Thread Graham Cossey

 -Original Message-
 From: rjc [mailto:[EMAIL PROTECTED]
 Sent: 30 October 2004 23:35
 To: [EMAIL PROTECTED]
 Subject: [PHP] Security: Forms and displaying invalid data

 I have a form, that takes user input, and was wondering what are your
 thoughts of redisplaying user input back on the page after validation
 has failed.

[snip]

 Some options that I have come up with are:
 1. Displaying previous data (or empty field) for example if user is
 editing something.
 2. Just displaying exactly what they entered again on the screen.
 3. Stripping out certain undesirable characters before displaying.

Personally I get really pd off when a form errors and does not return
any of my original entries, especially the larger ones. However, I
understand not re-displaying any 'sensitive' entries such as passwords,
security phrases etc. as they can aid the 'hackers'.

I would not strip out anything you won't accept as you could be giving clues
to the unscrupulous users as to what you will and won't accept.

Graham

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Security: Forms and displaying invalid data

2004-10-30 Thread Manuel Lemos

Hello,
On 10/30/2004 07:35 PM, Rjc wrote:
I have a form, that takes user input, and was wondering what are your 
thoughts of redisplaying user input back on the page after validation 
has failed.

Eg. they have to enter a date in format: '-mm-dd'
and they enter: script./script etc. or anything for that matter.
Although that would prob be too long for the field, but you get the idea.
How do other people out there tend to handle this? As it only affects 
the user that post the data if anything is malicious.

Some options that I have come up with are:
1. Displaying previous data (or empty field) for example if user is 
editing something.
2. Just displaying exactly what they entered again on the screen.
3. Stripping out certain undesirable characters before displaying.
I think you should always display exactly what the user entered but also 
never avoid doing server side validation before accepting a form with 
invalid values.

The only situation that I recommend discarding invalid values is when 
you pass context values (like for instance the id of a database field 
being edited) through an hidden field. If the field was hidden, it would 
not make much sense to tell the user that the value in the hidden field 
is invalid. An attacker already knows that the spoofed value is not 
valid. There is no point in bringing that up.

Anyway, if you expect a date, always use common methods like regular 
expressions to validate the accepted formats.

You may want to take a look at this forms generation and validation 
class that comes with several examples of how to validate all sorts of 
fields types and only accept the form until all that is submittted is valid.

It even comes with a plug-in that implements a custom date field made of 
several real fields that validates dates for you, including delimiting 
time ranges.

http://www.phpclasses.org/formsgeneration
--
Regards,
Manuel Lemos
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
PHP Reviews - Reviews of PHP books and other products
http://www.phpclasses.org/reviews/
Metastorage - Data object relational mapping layer generator
http://www.meta-language.net/metastorage.html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] image files - upload and managment