RE: [PHP] checking local file size
> > I already downloaded that, thanks. How do I apply it is my question. > > There's no documentation for the installation of it, that I see > > 'Course it is :) > > http://www.php.net/manual/en/install.pecl.php > > Linked from here: http://pecl.php.net/doc/index.php > I tried installing it like the documentation said... but I got the following errors. I contacted the hosting service (dreamhost) and they said they don't provide support for pecl, though they do support perl. Anyone? -- $ pecl install uploadprogress Failed to download pecl/uploadprogress within preferred state "stable", latest release is version 0.9.1, stability "beta", use "channel://pecl.php.net/uploadprogress-0.9.1" to install Cannot initialize 'uploadprogress', invalid or missing package file Package "uploadprogress" is not valid install failed $ pecl install uploadprogress-beta Cannot install, php_dir for channel "pecl.php.net" is not writeable by the current user .com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Can PHP be used to snatch images cross-domain?
Rob Gould wrote: Brilliant! Now why do all these other scripts I've found make it look so hard?? http://wiki.dreamhost.com/index.php/CURL curl can handle timeouts much better (file_get_contents will timeout when the server on the other end says so). it can also tell you if a 404 is returned, and handle basic authentication. file_get_contents is very simple. if i replace foo.png with a 404 page, that's what you'll get - and that's what you'll save as your image. -- Postgresql & php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Secure uploads tutorial
Peter Ford wrote: > tedd wrote: > >> I can't imagine evil code still working after someone resizes the file. >> >> > > Yeah, but the uploaded OpenOffice Writer doc won't look too good either... :) > > I prefer to move files to an off-line store, run them through a unix 'file' > command (with a mime-type magic file) to get the mime-type, use that to decide > whether or not to accept, and then serve them back to clients through a > script. > As an optional step, on really paranoid systems, I run a virus scan over the > upload (with clamav, usually). There are some file types, such as .png and .wav, where that approach is not at all secure. The file command will tell you that the file is image/png, but IE 6 will detect it as text/html and run scripts in it. The ClamAV step is almost pointless. It does nothing to deter an attacker who is targeting your site specifically. -- Tim Starling -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Can PHP be used to snatch images cross-domain?
Brilliant! Now why do all these other scripts I've found make it look so hard?? http://wiki.dreamhost.com/index.php/CURL Take a look at the last script on that site. I suppose it's because of all the error-handling. That last "downloader class" looks promising, through I'm not sure how to pass an URL into it to get and save to a special directory on my server. I like your example better. On Tuesday, December 16, 2008, at 09:41PM, "Robert Cummings" wrote: >On Tue, 2008-12-16 at 21:29 -0500, Rob Gould wrote: >> If I have a php script on my own server, can it be used to snatch a JPEG >> image off of another server on a different domain and upload it to my >> server? For example, could I provide an URL to an image on another server >> and a path on my own server in which to place it? I know in the world of >> Ajax, I could run into cross-domain security issues, but I'm wondering if I >> can get around that with PHP. >> > >Yes, this can be done quite easily. > > >$content = file_get_contents( 'http://www.foo.com/images/foo.png' ); >file_put_contents( '/tmp/foo.png', $content ); > >?> > >You will need fopen wrappers enabled for this to work. Either way, there >are other ways to skin the cat if fopen wrappers cannot be enabled. > >Cheers, >Rob. >-- >http://www.interjinn.com >Application and Templating Framework for PHP > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Secure uploads tutorial
tedd wrote: > At 11:45 PM +1100 12/16/08, Tim Starling wrote: >> I thought the list might be interested in a tutorial for secure >> web-based file uploads that I just wrote: >> >> http://tstarling.com/blog/2008/12/secure-web-uploads/ >> >> -- Tim Starling > > Tim: > > That's a good read -- thanks -- but it's more of an article than a > tutorial. > > In any event, instead of posting to your blog, I though starting a > dialog here might serve the php community better. So here goes: > > In your blog you suggest looking for the magic number in image files > and not using getimagesize(). So what about this approach? > > 1. Restrict the File-Type. > 2. Pass the file through exif_read_data() and see if File-Type and > MimeType match. > 3. Resize the image. > > Do you see any security problems this? > > I can't imagine evil code still working after someone resizes the file. > That depends on whether the resize preserves metadata. ImageMagick's -resize does. Internet Explorer will search the metadata looking for HTML tags and other indications of file type, if it's in the first 255 bytes. exif_read_data() only works for JPEG and TIFF, and IE is fairly secure for JPEG, so it's not a problem if you restrict uploads to JPEG. But if you extended your scheme to PNG, it's easy to imagine a vulnerability being exposed for IE 6 clients. The image data is another issue. Whether it's possible to construct an image such that, when resized by a certain factor and then compressed by a known algorithm, the resulting compressed stream contains given text, is an open question. I suspect it is, but it probably won't be a technique within reach of the average spammer until some security researcher publishes a script. -- Tim Starling -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Can PHP be used to snatch images cross-domain?
On Tue, 2008-12-16 at 21:29 -0500, Rob Gould wrote: > If I have a php script on my own server, can it be used to snatch a JPEG > image off of another server on a different domain and upload it to my server? > For example, could I provide an URL to an image on another server and a path > on my own server in which to place it? I know in the world of Ajax, I could > run into cross-domain security issues, but I'm wondering if I can get around > that with PHP. > Yes, this can be done quite easily. http://www.foo.com/images/foo.png' ); file_put_contents( '/tmp/foo.png', $content ); ?> You will need fopen wrappers enabled for this to work. Either way, there are other ways to skin the cat if fopen wrappers cannot be enabled. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Can PHP be used to snatch images cross-domain?
If I have a php script on my own server, can it be used to snatch a JPEG image off of another server on a different domain and upload it to my server? For example, could I provide an URL to an image on another server and a path on my own server in which to place it? I know in the world of Ajax, I could run into cross-domain security issues, but I'm wondering if I can get around that with PHP. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Create unique non-autoincrement key for 700,000 records?
On Wed, 2008-12-17 at 02:03 +0100, Jochem Maas wrote: > > or just: > > mysql_query("UPDATE test SET mykey=UUID()"); > > can't see any reason to go down the 'loop the dataset and roll your > own much less random, much more likely to collide, unique value' road. Not terribly random: 7e55a4d0-1d31-102c-8104-001fd05507bc 7e8e9ed4-1d31-102c-8104-001fd05507bc 7ec56be4-1d31-102c-8104-001fd05507bc 7efbb50a-1d31-102c-8104-001fd05507bc 7f339bf0-1d31-102c-8104-001fd05507bc But it's about as good as what has already come up :) I haven't come accross UUID() before. It looks time based to me. > sometimes less is more (although oddly more is never less ;-) What about when more is black holes? Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Phpmyadmin password
It flance wrote: Hi, I lost phpmyadmin password. Is there anyway to recover it? ask phpmyadmin: http://www.phpmyadmin.net/home_page/support.php -- Postgresql & php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Phpmyadmin password
It flance wrote: > Hi, > > I lost phpmyadmin password. Is there anyway to recover it? > > Thank you > > PHPMyAdmin uses MySQL's internal authentication. Log into your MySQL server and reset your password. http://dev.mysql.com/doc/refman/5.0/en/resetting-permissions.html Thank you, Micah Gersten onShore Networks Internal Developer http://www.onshore.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Phpmyadmin password
Hi, I lost phpmyadmin password. Is there anyway to recover it? Thank you -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Create unique non-autoincrement key for 700,000 records?
supp...@trafficregenerator.com schreef: >> On Monday, December 15, 2008 7:29 PM, gould...@mac.com wrote: >> ... > > error_reporting(E_ALL); > ini_set('error_reporting', E_ALL); > ini_set('display_startup_errors','1'); > ini_set('display_errors','1'); > > > function dec2base($dec) > { > $digits = "23456789ABCDEFGHJKLMNPQRSTUVWXYZ"; > $value = ""; > $base = strlen($digits); > while($dec>$base-1) > { > $rest = $dec % $base; > $dec = $dec / $base; > $value = $digits[$rest].$value; > } > > $value = $digits[intval($dec)].$value; > return (string) $value; > } > > /* > // Step 1) define database connection > > define('DB_HOST', 'localhost'); // Change this to the proper DB Host name > define('DB_USERNAME', 'myusername'); // Change this to the proper DB User > define('DB_PASSWD', 'mypassword'); // Change this to the proper DB User > password > define('DB_NAME', 'mydatabase'); // Change this to the proper DB Name > > @mysql_connect(DB_HOST, DB_USERNAME, DB_PASSWD) or die("Error: Database > connection information is incorrect"); > @mysql_select_db(DB_NAME) or die("Error: Database connection information > is incorrect"); > > */ > > /* > // Step 2) create test schema > > CREATE TABLE IF NOT EXISTS `test` ( > `id` int(11) NOT NULL auto_increment, > `mykey` varchar(20) NOT NULL, > PRIMARY KEY (`id`) > ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ; > > */ > > > /* > // Step 3) create 700,000 records > > for ($i=1; $i <= 70; $i++) > { > @mysql_query("INSERT INTO test VALUES ('', '')"); > } > > */ > > /* > // Step 4) update 700,000 records > > > // The larger this number is detrmines the size of "mykey" > $int = 100; > > $result = @mysql_query("SELECT id FROM test ORDER BY id ASC"); > > if (@mysql_num_rows($result) > 0) > { > while ($row = @mysql_fetch_object($result)) > { > // Add the two numbers together and base it > $mykey = dec2base($int+$row->id); > @mysql_query("UPDATE test SET mykey='".$mykey."' WHERE > id='".$row->id."'"); > } > } > > */ or just: mysql_query("UPDATE test SET mykey=UUID()"); can't see any reason to go down the 'loop the dataset and roll your own much less random, much more likely to collide, unique value' road. sometimes less is more (although oddly more is never less ;-) just be sure to read the docs regarding charsets and indexes to make sure you don't inadvertently create a performance problem (due to unused indexes): http://dev.mysql.com/doc/refman/5.0/en/miscellaneous-functions.html#function_uuid > ?> > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking local file size
In short, what next? http://pecl.php.net/package/uploadprogress I already downloaded that, thanks. How do I apply it is my question. There's no documentation for the installation of it, that I see 'Course it is :) http://www.php.net/manual/en/install.pecl.php Linked from here: http://pecl.php.net/doc/index.php -- Postgresql & php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] checking local file size
>> "Bojan Tesanovic" > wrote in message >> news:>... >>> Well you need to know the TMP file name that has been in progress of >>> upload, it is usually at /tmp folder >> >> I know how to get that... >> >>> also you need to know the actual size of file uploading, there is an >>> extension for PHP that will give you this info >>> but you need to compile it , on my cars site for uploading images I >>> am using this one >>> >>> http://blog.liip.ch/archive/2006/09/28/upload-progress-meter- >>> extension-for-php-5-2.html >>> >> >> I downloaded the uploadprogress zip from that site (their example looks like >> it provides what I'm looking for). At the expense of sounding ignorant... >> How do I add that extension to PHP? I looked through the example code, and >> I get the idea of what's happening, but I don't know how to add it to my >> server (I use shared hosting, though I have shell access). Does it need to >> be built into a *.so or *.dll and added to the PHP.ini file? If so, how do >> I build it? >> >> In short, what next? > > http://pecl.php.net/package/uploadprogress I already downloaded that, thanks. How do I apply it is my question. There's no documentation for the installation of it, that I see -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking local file size
John Pillion wrote: "Bojan Tesanovic" wrote in message news:... Well you need to know the TMP file name that has been in progress of upload, it is usually at /tmp folder I know how to get that... also you need to know the actual size of file uploading, there is an extension for PHP that will give you this info but you need to compile it , on my cars site for uploading images I am using this one http://blog.liip.ch/archive/2006/09/28/upload-progress-meter- extension-for-php-5-2.html I downloaded the uploadprogress zip from that site (their example looks like it provides what I'm looking for). At the expense of sounding ignorant... How do I add that extension to PHP? I looked through the example code, and I get the idea of what's happening, but I don't know how to add it to my server (I use shared hosting, though I have shell access). Does it need to be built into a *.so or *.dll and added to the PHP.ini file? If so, how do I build it? In short, what next? http://pecl.php.net/package/uploadprogress -- Postgresql & php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking local file size
"Bojan Tesanovic" wrote in message news:... > Well you need to know the TMP file name that has been in progress of > upload, it is usually at /tmp folder I know how to get that... > also you need to know the actual size of file uploading, there is an > extension for PHP that will give you this info > but you need to compile it , on my cars site for uploading images I > am using this one > > http://blog.liip.ch/archive/2006/09/28/upload-progress-meter- > extension-for-php-5-2.html > I downloaded the uploadprogress zip from that site (their example looks like it provides what I'm looking for). At the expense of sounding ignorant... How do I add that extension to PHP? I looked through the example code, and I get the idea of what's happening, but I don't know how to add it to my server (I use shared hosting, though I have shell access). Does it need to be built into a *.so or *.dll and added to the PHP.ini file? If so, how do I build it? In short, what next? Thanks > > On Dec 16, 2008, at 9:20 PM, John P wrote: > > > I know this isn't a php question (though I'm using PHP for the server > > side... does that count?). I'm hoping though that some of you guys > > are just > > as experienced in ajax as you are PHP, because I can't find any > > good ajax > > forums. > > > > you can respond to me personally if needed, to keep it off the php > > list > > > > my question: > > > > I know there are alot of ajax/php upload progress bars out there, but > > they're either complicated, unreliable, or just generally don't fit my > > needs. Thus, i'm making my own. > > > > One problem I'm running into though, is how to check the local file > > size as > > compared to the uploaded file size. > > > > I can check and display the total uploaded size (ie, 437kb uploaded so > > far...), but to get the percent, I have to know the total size - > > BEFORE it's > > fully uploaded. I would like to say "437kb of 932kb uploaded so > > far"... but > > how do I get the "932" from the local file? It doesn't do too much > > good to > > say how much has been uploaded if they don't know how much is left... > > > > I know it's possible (most other meters do this) - I just can't > > figure out > > how. > > > > any hints? > > > > Thanks > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > Bojan Tesanovic > http://classiccars.carster.us/ > > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] runtime access to static variable
Jack Bates wrote: > How do I access a static variable when I do not know the name of the > class until runtime? > > I have the following example PHP: > > ket% cat test.php > > class Test > { > public static > $STEPS = array( > 'foo', > 'bar'); > } > > $className = 'Test'; > > var_dump($className::$STEPS); > ket% > > Unfortunately when I run it I get: > > ket% php test.php > > Parse error: syntax error, unexpected T_PAAMAYIM_NEKUDOTAYIM > in /home/jablko/trash/test.php on line 13 > ket% > > I can call a static function using call_user_func(array($className, > 'functionName')), and I can access a class constant using > constant($className.'::CONSTANT_NAME'). How do I access a static > variable? > > > Check this out: http://us2.php.net/manual/en/language.oop5.static.php It actually won't work until 5.3.0 when they add late static binding. Thank you, Micah Gersten onShore Networks Internal Developer http://www.onshore.com Thank you, Micah Gersten onShore Networks Internal Developer http://www.onshore.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good PHP book?
On Tue, 2008-12-16 at 17:44 -0500, Daniel Brown wrote: > On Tue, Dec 16, 2008 at 17:30, Ashley Sheridan > wrote: > >> > > These stones? http://xkcd.com/505/ > > That's fantastic, Ash. I haven't seen that one. I'm CC'ing Tedd > directly on that. > > -- > > http://www.parasane.net/ > daniel.br...@parasane.net || danbr...@php.net > 50% Off Hosting! http://www.pilotpig.net/specials.php > Hehe, it's the only xkcd one I can remember with rocks in! Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good PHP book?
On Tue, Dec 16, 2008 at 17:30, Ashley Sheridan wrote: >> > These stones? http://xkcd.com/505/ That's fantastic, Ash. I haven't seen that one. I'm CC'ing Tedd directly on that. -- http://www.parasane.net/ daniel.br...@parasane.net || danbr...@php.net 50% Off Hosting! http://www.pilotpig.net/specials.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good PHP book?
On Tue, 2008-12-16 at 22:30 +, Ashley Sheridan wrote: > On Tue, 2008-12-16 at 17:22 -0500, Robert Cummings wrote: > > On Tue, 2008-12-16 at 22:21 +, Ashley Sheridan wrote: > > > On Tue, 2008-12-16 at 16:11 -0600, Jay Moore wrote: > > > > Daniel Brown wrote: > > > > > On Tue, Dec 16, 2008 at 17:04, Jay Moore > > > > > wrote: > > > > >> Floppies hold 1.4 megs now? Mine don't and they're even dual-sided. > > > > >> :( > > > > > > > > > > Jay, > > > > > > > > > > Throw out your 62K and 5.25" floppies and get with the 1980's, > > > > > brother. It's all about the 3.5" "hard" disks now. They're radical! > > > > > > > > > > > > > Ok. Let me back them up to these reel-to-reel tapes quick, just in > > > > case. > > > > > > > Hmm, what about punch cards as well, just in case those magnetic tapes > > > get ruined by an EMP... > > > > Cue Tedd and his stones in 3... 2... 1... > These stones? http://xkcd.com/505/ Pretty much... but with far more misplacements. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good PHP book?
On Tue, 2008-12-16 at 17:22 -0500, Robert Cummings wrote: > On Tue, 2008-12-16 at 22:21 +, Ashley Sheridan wrote: > > On Tue, 2008-12-16 at 16:11 -0600, Jay Moore wrote: > > > Daniel Brown wrote: > > > > On Tue, Dec 16, 2008 at 17:04, Jay Moore wrote: > > > >> Floppies hold 1.4 megs now? Mine don't and they're even dual-sided. :( > > > > > > > > Jay, > > > > > > > > Throw out your 62K and 5.25" floppies and get with the 1980's, > > > > brother. It's all about the 3.5" "hard" disks now. They're radical! > > > > > > > > > > Ok. Let me back them up to these reel-to-reel tapes quick, just in case. > > > > > Hmm, what about punch cards as well, just in case those magnetic tapes > > get ruined by an EMP... > > Cue Tedd and his stones in 3... 2... 1... > > Cheers, > Rob. > -- > http://www.interjinn.com > Application and Templating Framework for PHP > > These stones? http://xkcd.com/505/ Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good PHP book?
On Tue, Dec 16, 2008 at 17:22, Robert Cummings wrote: > > Cue Tedd and his stones in 3... 2... 1... Rocks[TM]. -- http://www.parasane.net/ daniel.br...@parasane.net || danbr...@php.net 50% Off Hosting! http://www.pilotpig.net/specials.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good PHP book?
On Tue, 2008-12-16 at 22:21 +, Ashley Sheridan wrote: > On Tue, 2008-12-16 at 16:11 -0600, Jay Moore wrote: > > Daniel Brown wrote: > > > On Tue, Dec 16, 2008 at 17:04, Jay Moore wrote: > > >> Floppies hold 1.4 megs now? Mine don't and they're even dual-sided. :( > > > > > > Jay, > > > > > > Throw out your 62K and 5.25" floppies and get with the 1980's, > > > brother. It's all about the 3.5" "hard" disks now. They're radical! > > > > > > > Ok. Let me back them up to these reel-to-reel tapes quick, just in case. > > > Hmm, what about punch cards as well, just in case those magnetic tapes > get ruined by an EMP... Cue Tedd and his stones in 3... 2... 1... Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good PHP book?
On Tue, 2008-12-16 at 17:07 -0500, Daniel Brown wrote: > On Tue, Dec 16, 2008 at 17:04, Jay Moore wrote: > > > > Floppies hold 1.4 megs now? Mine don't and they're even dual-sided. :( > > Jay, > > Throw out your 62K and 5.25" floppies and get with the 1980's, > brother. It's all about the 3.5" "hard" disks now. They're radical! He's right... standard was actually 1.44 megs... though I swear, every time I loaded one of those buggers I lost 10 to 50k to lost sectors. I think I still have a few 3.5" disks buried someplace cold with my save files for Rogue, Hero's Quest, and a slew of Dragonlance games. My wife calls me a packrat :) They're probably half consumed by mold or something. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good PHP book?
On Tue, 2008-12-16 at 16:11 -0600, Jay Moore wrote: > Daniel Brown wrote: > > On Tue, Dec 16, 2008 at 17:04, Jay Moore wrote: > >> Floppies hold 1.4 megs now? Mine don't and they're even dual-sided. :( > > > > Jay, > > > > Throw out your 62K and 5.25" floppies and get with the 1980's, > > brother. It's all about the 3.5" "hard" disks now. They're radical! > > > > Ok. Let me back them up to these reel-to-reel tapes quick, just in case. > Hmm, what about punch cards as well, just in case those magnetic tapes get ruined by an EMP... Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good PHP book?
On Tue, Dec 16, 2008 at 17:11, Jay Moore wrote: > > Ok. Let me back them up to these reel-to-reel tapes quick, just in case. Just be careful that you don't get the Michaelangelo or Friday The 13th viruses especially if you're converting over on a C-64 1541 drive. -- http://www.parasane.net/ daniel.br...@parasane.net || danbr...@php.net 50% Off Hosting! http://www.pilotpig.net/specials.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good PHP book?
Daniel Brown wrote: On Tue, Dec 16, 2008 at 17:04, Jay Moore wrote: Floppies hold 1.4 megs now? Mine don't and they're even dual-sided. :( Jay, Throw out your 62K and 5.25" floppies and get with the 1980's, brother. It's all about the 3.5" "hard" disks now. They're radical! Ok. Let me back them up to these reel-to-reel tapes quick, just in case. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good PHP book?
On Tue, Dec 16, 2008 at 17:04, Jay Moore wrote: > > Floppies hold 1.4 megs now? Mine don't and they're even dual-sided. :( Jay, Throw out your 62K and 5.25" floppies and get with the 1980's, brother. It's all about the 3.5" "hard" disks now. They're radical! -- http://www.parasane.net/ daniel.br...@parasane.net || danbr...@php.net 50% Off Hosting! http://www.pilotpig.net/specials.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good PHP book?
Robert Cummings wrote: On Tue, 2008-12-16 at 13:50 -0600, Jay Moore wrote: Ps. That was a lame attempt at humour... I extract and distill knowledge from the Internet and save myself from having to buy books. I hear they have that on computers now. I should check it out one of these days. Maybe I'll buy a book. Yeah, I got a good deal on the Internet compressed to 1.4 megs so I could carry it on a floppy disk. Cheers, Rob. Floppies hold 1.4 megs now? Mine don't and they're even dual-sided. :( -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good PHP book?
On Tue, 2008-12-16 at 13:50 -0600, Jay Moore wrote: > > Ps. That was a lame attempt at humour... I extract and distill knowledge > > from the Internet and save myself from having to buy books. > > > I hear they have that on computers now. I should check it out one of > these days. Maybe I'll buy a book. Yeah, I got a good deal on the Internet compressed to 1.4 megs so I could carry it on a floppy disk. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: runtime access to static variable
Jack Bates wrote: How do I access a static variable when I do not know the name of the class until runtime? I have the following example PHP: ket% cat test.php class Test { public static $STEPS = array( 'foo', 'bar'); } $className = 'Test'; var_dump($className::$STEPS); ket% Unfortunately when I run it I get: ket% php test.php Parse error: syntax error, unexpected T_PAAMAYIM_NEKUDOTAYIM in /home/jablko/trash/test.php on line 13 ket% I can call a static function using call_user_func(array($className, 'functionName')), and I can access a class constant using constant($className.'::CONSTANT_NAME'). How do I access a static variable? this is also a not great but usable, stricter and faster solution: steps() ); ?> really though why..? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: runtime access to static variable
Jack Bates wrote: How do I access a static variable when I do not know the name of the class until runtime? I have the following example PHP: ket% cat test.php class Test { public static $STEPS = array( 'foo', 'bar'); } $className = 'Test'; var_dump($className::$STEPS); ket% Unfortunately when I run it I get: ket% php test.php Parse error: syntax error, unexpected T_PAAMAYIM_NEKUDOTAYIM in /home/jablko/trash/test.php on line 13 ket% I can call a static function using call_user_func(array($className, 'functionName')), and I can access a class constant using constant($className.'::CONSTANT_NAME'). How do I access a static variable? this does beg the question why don't you know the classname at runtime.. seems to be a slight design flaw and may make sense for you to post the full problem (you must have chosen to implement this for a reason..) if you really really must do this, you'd be best off to have a look at reflection.. getStaticPropertyValue('STEPS') ); ?> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] runtime access to static variable
Try this, maybe: ($className)::$STEPS -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] runtime access to static variable
How do I access a static variable when I do not know the name of the class until runtime? I have the following example PHP: ket% cat test.php http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Create unique non-autoincrement key for 700,000 records?
On Monday, December 15, 2008 7:29 PM, gould...@mac.com wrote: I have a mySQL database with 700,000 records in it, which are presently keyed with an "auto-increment" field. What I'd like to do is create another field with a field where each and every record number has a unique keyvalue. Example: "su5e23vlskd" for records 1, and "34fdfdsglkdj4" for record 2. All that matters is that it's unique, and isn't a number that can be guessed or an "autoincrement" number, where a hacker can just figure out the keyvalue by incrementing numbers. It doesn't matter to me if each keyvalue field is just numbers, or a number/letter combination - - - all that matters is that each keyvalue field is unique. Is there an automatic way that mySQL could do that, or would I need to write a php script to somehow go through each record and create this unique value? Here is my answer to your question. You can use this same logic to create unique id's for many things. Hope this comes out okay in an email, if not I also put it online here: http://www.bigdoghost.com/downloads/php-284646.html $base-1) { $rest = $dec % $base; $dec = $dec / $base; $value = $digits[$rest].$value; } $value = $digits[intval($dec)].$value; return (string) $value; } /* // Step 1) define database connection define('DB_HOST', 'localhost'); // Change this to the proper DB Host name define('DB_USERNAME', 'myusername'); // Change this to the proper DB User define('DB_PASSWD', 'mypassword'); // Change this to the proper DB User password define('DB_NAME', 'mydatabase'); // Change this to the proper DB Name @mysql_connect(DB_HOST, DB_USERNAME, DB_PASSWD) or die("Error: Database connection information is incorrect"); @mysql_select_db(DB_NAME) or die("Error: Database connection information is incorrect"); */ /* // Step 2) create test schema CREATE TABLE IF NOT EXISTS `test` ( `id` int(11) NOT NULL auto_increment, `mykey` varchar(20) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ; */ /* // Step 3) create 700,000 records for ($i=1; $i <= 70; $i++) { @mysql_query("INSERT INTO test VALUES ('', '')"); } */ /* // Step 4) update 700,000 records // The larger this number is detrmines the size of "mykey" $int = 100; $result = @mysql_query("SELECT id FROM test ORDER BY id ASC"); if (@mysql_num_rows($result) > 0) { while ($row = @mysql_fetch_object($result)) { // Add the two numbers together and base it $mykey = dec2base($int+$row->id); @mysql_query("UPDATE test SET mykey='".$mykey."' WHERE id='".$row->id."'"); } } */ ?> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking local file size
Well you need to know the TMP file name that has been in progress of upload, it is usually at /tmp folder also you need to know the actual size of file uploading, there is an extension for PHP that will give you this info but you need to compile it , on my cars site for uploading images I am using this one http://blog.liip.ch/archive/2006/09/28/upload-progress-meter- extension-for-php-5-2.html On Dec 16, 2008, at 9:20 PM, John P wrote: I know this isn't a php question (though I'm using PHP for the server side... does that count?). I'm hoping though that some of you guys are just as experienced in ajax as you are PHP, because I can't find any good ajax forums. you can respond to me personally if needed, to keep it off the php list my question: I know there are alot of ajax/php upload progress bars out there, but they're either complicated, unreliable, or just generally don't fit my needs. Thus, i'm making my own. One problem I'm running into though, is how to check the local file size as compared to the uploaded file size. I can check and display the total uploaded size (ie, 437kb uploaded so far...), but to get the percent, I have to know the total size - BEFORE it's fully uploaded. I would like to say "437kb of 932kb uploaded so far"... but how do I get the "932" from the local file? It doesn't do too much good to say how much has been uploaded if they don't know how much is left... I know it's possible (most other meters do this) - I just can't figure out how. any hints? Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Bojan Tesanovic http://classiccars.carster.us/
Re: [PHP] Secure uploads tutorial
On Tue, 2008-12-16 at 16:02 +, Peter Ford wrote: > tedd wrote: > > I can't imagine evil code still working after someone resizes the file. > > > > Yeah, but the uploaded OpenOffice Writer doc won't look too good either... :) > > I prefer to move files to an off-line store, run them through a unix 'file' > command (with a mime-type magic file) to get the mime-type, use that to decide > whether or not to accept, and then serve them back to clients through a > script. > As an optional step, on really paranoid systems, I run a virus scan over the > upload (with clamav, usually). > > I'm not exactly sure what all the fuss is about protecting IE users from > malicious code - if they care then they shouldn't be using IE, and if they > don't > care they shouldn't be on the internet. > > Tim's efforts do seem to be a bit of overkill... > > -- > Peter Ford phone: 01580 89 > Developer fax: 01580 893399 > Justcroft International Ltd., Staplehurst, Kent > Go one further; punish all IE users by infecting them... Hmm, OK, so not my best or most serious suggestion maybe. I've relied on having the OS report the file-type using the aforementioned file command, and it seems to work OK. For really paranoid systems, I store the file in a non web-accessible location and use a binary safe fopen() to stream the file to the user. Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] checking local file size
I know this isn't a php question (though I'm using PHP for the server side... does that count?). I'm hoping though that some of you guys are just as experienced in ajax as you are PHP, because I can't find any good ajax forums. you can respond to me personally if needed, to keep it off the php list my question: I know there are alot of ajax/php upload progress bars out there, but they're either complicated, unreliable, or just generally don't fit my needs. Thus, i'm making my own. One problem I'm running into though, is how to check the local file size as compared to the uploaded file size. I can check and display the total uploaded size (ie, 437kb uploaded so far...), but to get the percent, I have to know the total size - BEFORE it's fully uploaded. I would like to say "437kb of 932kb uploaded so far"... but how do I get the "932" from the local file? It doesn't do too much good to say how much has been uploaded if they don't know how much is left... I know it's possible (most other meters do this) - I just can't figure out how. any hints? Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good PHP book?
Web Database Applications with PHP & MySQL, PHP in action, and php.net --Brendon On Dec 14, 2008, at 5:33 PM, jeffery harris wrote: Hi guys/gals. I'm a first time user. Does anyone know of a good php book? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Create unique non-autoincrement key for700,000records?
On Tue, 2008-12-16 at 09:56 +0100, Ondrej Kulaty wrote: > Sorry you are right. He said he wants each row to have an unique ID so > AutoIncId+timestamp will satisfy it, But still i think that adding > microseconds timestamp is better because it will be harder for potential > hacker to guess. > -- > > > S pozdravem > Ondej Kulat > - > Winternet s.r.o. > odd. vvoje aplikac > tel. 585 209 132 > www.winternet.cz > > "Robert Cummings" pe v diskusnm pspvku > news:1229416450.9173.46.ca...@localhost... > > On Tue, 2008-12-16 at 09:21 +0100, Ondrej Kulaty wrote: > >> I think he knows how to use it, he didn't show us a certain example where > >> and how he wants to use it, i just posted the way how i do generate an > >> unique identifier, if he use the first mentioned way - > >> AutoIncID+unix_timestamp - there can be a collision, when two users will > >> attempt to perform this task on the same id at the same time. yes, it's > >> not > >> very probable but if you have system with many users it can happen > > > > No it's impossible. Auto increment guarantees a unique auto incremented > > ID. Adding the value returned by unix_timestamp() to this unique ID can > > only create unique sums since both the auto increment ID and the time > > are increasing. There cannot be a collision. > > > > Cheers, > > Rob. > > -- > > http://www.interjinn.com > > Application and Templating Framework for PHP > > > > > Surely better than creating some complex method by which to reference the row, is to use methods of sanitising input that would prevent a hacker from manipulating your queries? Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good PHP book?
Ps. That was a lame attempt at humour... I extract and distill knowledge from the Internet and save myself from having to buy books. I hear they have that on computers now. I should check it out one of these days. Maybe I'll buy a book. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good PHP book?
On Tue, 2008-12-16 at 13:41 -0600, Jay Moore wrote: > Richard Heyes wrote: > I learned from PHP For Dummies. > >>> The title of that book isn't doing itself any favours... :-) > >>You'd be surprised. The "For Dummies" series is one of the > >> best-selling franchises in mainstream publishing history. > > > > Still, calling your audience dumb is generally regarded as being "a > > bad thing". But then, I am pap at business... :-) > > > > Sounds like you need "Self Esteem for Dummies." I would never buy a "for Dummies" book. It's tantamount to admitting you're a dummy. Instead i buy the "Idiot's guide" series. Cheers, Rob. Ps. That was a lame attempt at humour... I extract and distill knowledge from the Internet and save myself from having to buy books. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] FPDF Printing Ideas?
On Tue, Dec 16, 2008 at 2:32 PM, wrote: > > Just generate a much larger PDF with all the pages they asked for and call > it done. > :-) I don't think I can do it that way unfortunately. They will be printing 100-300 records in bulk...the amount of time it would take to generate one giant PDF file for all of the records would probably be insane and definitely much longer than the users are willing to wait. And also I don't believe you can loop the FPDF functions without it throwing an error.
Re: [PHP] Good PHP book?
Richard Heyes wrote: I learned from PHP For Dummies. The title of that book isn't doing itself any favours... :-) You'd be surprised. The "For Dummies" series is one of the best-selling franchises in mainstream publishing history. Still, calling your audience dumb is generally regarded as being "a bad thing". But then, I am pap at business... :-) Sounds like you need "Self Esteem for Dummies." -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] FPDF Printing Ideas?
Just generate a much larger PDF with all the pages they asked for and call it done. :-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] FPDF Printing Ideas?
Hello all, I'm looking for some suggestions. I'm writing a new application that generates PDF's on the fly with FPDF. Basically I have a search page where you can search for customer records. Once your search has returned the records you can then click on a link which will send the record_id to the page that generates the PDF. And while this brings up the PDF and I can click on the printer icon to print the document, I want to be able to select multiple documents to print at one time. Example: [ ] 12345 [ ] 12346 [ ] 12347 [ ] 12348 [ ] 12349 [ ] 12350 I want to select the first and last record to be printed, so I was thinking I could od several things here. Since the Output() of FPDF cannot be sent directly to a printer I was going to 1) When someone clicks a checkbox, use the javascript onChange action to generate and save the PDF in the background. So, when someone clicks a checkbox, the page that generates my PDF would run without the user seeing it...this page would save the PDF to a folder on the server and once all checked items are selected the user will simply click on a "Print Selection" link which will point to a PHP page that just says to print *.pdf from that folder. 2) Allow the user to check all the documents they want to print and then when the "Print Selection" link is clicked, pass all of the checkbox values via $_POST to a new page which will run a loop that generates, prints and deletes the files. Does anyone have any experience or any better ideas to accomplish a selective multiple document print for documents that don't initially exist? Thanks, Dan
Re: [PHP] dynamic forms
If you have their ID when you generate the HTML FORM, there is no need for anything as exotic as Ajax... //get their $ID //query the DB using $ID to get $whatever echo "", htmlentities($whatever), ""; If you don't know their ID until the interact with other form elements, then, yeah, go with Ajax... But it would be pretty odd authentication mechanism that a front-end form would "know" my ID correctly and safely with no server-side interaction! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] dynamic forms
[snip] I would like to create a from that will pull and display information based on a user's ID from a postgresql database into a textarea on the form, before the submit button is clicked. Are there some tutorials on how to use PHP to dynamically display information on a form as the form is being filled out? [/snip] Google for Ajax -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] dynamic forms
I would like to create a from that will pull and display information based on a user's ID from a postgresql database into a textarea on the form, before the submit button is clicked. Are there some tutorials on how to use PHP to dynamically display information on a form as the form is being filled out? Thanks Marc
Re: [PHP] custom php.ini
""Daniel Brown"" wrote in message news:... > I'm not certain about their configuration, but does DreamHost have > AllowOverrides turned on in their httpd.conf? > > If so, just place a full php.ini file in your root web directory > (not just the line for uploads_tmp_dir, but an entire copy of the > file). If their Apache and PHP configuration allows it, you'll be > able to change several of the settings in that file. Those settings > that you can update will be PHP_INI_PERDIR[1] and higher. > Thanks, that worked. > KEY > 1.) View the list in the appendix here: > http://www.php.net/manual/en/ini.php#ini.list > > -- > > http://www.parasane.net/ > daniel.br...@parasane.net || danbr...@php.net > 50% Off Hosting! http://www.pilotpig.net/specials.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] custom php.ini
On Tue, Dec 16, 2008 at 11:39, John P wrote: > Hello all, > > In short, I'm trying to set my uploads_tmp_dir variable, as my hosting > provider has it set ot the default NULL (I'm using dreamhost). > [snip!] > > any pointers? You won't be able to modify the upload_tmp_dir option, as it's PHP_INI_SYSTEM. However, you can modify some of the other options in most cases. I'm not certain about their configuration, but does DreamHost have AllowOverrides turned on in their httpd.conf? If so, just place a full php.ini file in your root web directory (not just the line for uploads_tmp_dir, but an entire copy of the file). If their Apache and PHP configuration allows it, you'll be able to change several of the settings in that file. Those settings that you can update will be PHP_INI_PERDIR[1] and higher. KEY 1.) View the list in the appendix here: http://www.php.net/manual/en/ini.php#ini.list -- http://www.parasane.net/ daniel.br...@parasane.net || danbr...@php.net 50% Off Hosting! http://www.pilotpig.net/specials.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] custom php.ini
Hello all, In short, I'm trying to set my uploads_tmp_dir variable, as my hosting provider has it set ot the default NULL (I'm using dreamhost). I tried setting my own php.ini as instructed exactly on their wiki (http://wiki.dreamhost.com/PHP.ini) but doing so causes PHP to essentially die. phpinfo () gives a blank screen, $_SERVER['PHP_SELF'] isn't recognized, and so on. I don't *think* it's the actual php.ini file, as even using one identical to what they're already using doesn't work. what I did: 1) made a cgi-bin dir under my domain directory, and copied the server's php.ini file to it 2) created a script wrapper in the cgi-bin folder with: #!/bin/sh exec /dh/cgi-system/php5.cgi $* 3) chmod 755 $HOME/[my domain root]/cgi-bin chmod 755 $HOME/[my domain root]/cgi-bin/php-wrapper.cgi chmod 640 $HOME/[my domain root]/cgi-bin/php.ini 4) added a .htaccess to my domain root, with: Options +ExecCGI AddHandler php5-cgi .php Action php-cgi /cgi-bin/php-wrapper.cgi Action php5-cgi /cgi-bin/php-wrapper.cgi any pointers? thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good PHP book?
>>> I learned from PHP For Dummies. >> >> The title of that book isn't doing itself any favours... :-) > >You'd be surprised. The "For Dummies" series is one of the > best-selling franchises in mainstream publishing history. Still, calling your audience dumb is generally regarded as being "a bad thing". But then, I am pap at business... :-) -- HTML5 Graphing for FF, Chrome, Opera and Safari: http://www.rgraph.org (Updated December 5th) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] Good PHP book?
Forwarded back to the list, Mario. Please hit "Reply-All" to keep it on the list. On Tue, Dec 16, 2008 at 11:44, Kastner Mario wrote: > I also read the "for dummies" book when i started with php. It gives me a > simple intro which power is behind php. My first application was a ftp client > explained by the book. An essential is to read the online documentation on > php.net. -- http://www.parasane.net/ daniel.br...@parasane.net || danbr...@php.net 50% Off Hosting! http://www.pilotpig.net/specials.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good PHP book?
On Tue, Dec 16, 2008 at 11:25, Richard Heyes wrote: >> I learned from PHP For Dummies. > > The title of that book isn't doing itself any favours... :-) You'd be surprised. The "For Dummies" series is one of the best-selling franchises in mainstream publishing history. -- http://www.parasane.net/ daniel.br...@parasane.net || danbr...@php.net 50% Off Hosting! http://www.pilotpig.net/specials.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good PHP book?
> I learned from PHP For Dummies. The title of that book isn't doing itself any favours... :-) -- Richard Heyes HTML5 Graphing for FF, Chrome, Opera and Safari: http://www.rgraph.org (Updated December 5th) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good PHP book?
> Ashley Sheridan a écrit : >> On Sun, 2008-12-14 at 16:33 -0600, jeffery harris wrote: >>> Hi guys/gals. I'm a first time user. Does anyone know of a good php >>> book? >>> >>> >>> >> I tend to trust O'Reilly books a lot for all things programming, >> although I learnt largely with 'PHP, Apache, MySQL Web Development' from >> WROX. >> >> >> Ash >> www.ashleysheridan.co.uk >> > Yes, I am agree with Ashley. This book must be read. But first, you > should read the whole php documentations as Tim said (available on HTML > offline). There is everything in it. > > Good luck ! > > Zeuf > I learned from PHP For Dummies. > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Secure uploads tutorial
tedd wrote: > I can't imagine evil code still working after someone resizes the file. > Yeah, but the uploaded OpenOffice Writer doc won't look too good either... :) I prefer to move files to an off-line store, run them through a unix 'file' command (with a mime-type magic file) to get the mime-type, use that to decide whether or not to accept, and then serve them back to clients through a script. As an optional step, on really paranoid systems, I run a virus scan over the upload (with clamav, usually). I'm not exactly sure what all the fuss is about protecting IE users from malicious code - if they care then they shouldn't be using IE, and if they don't care they shouldn't be on the internet. Tim's efforts do seem to be a bit of overkill... -- Peter Ford phone: 01580 89 Developer fax: 01580 893399 Justcroft International Ltd., Staplehurst, Kent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Secure uploads tutorial
At 11:45 PM +1100 12/16/08, Tim Starling wrote: I thought the list might be interested in a tutorial for secure web-based file uploads that I just wrote: http://tstarling.com/blog/2008/12/secure-web-uploads/ -- Tim Starling Tim: That's a good read -- thanks -- but it's more of an article than a tutorial. In any event, instead of posting to your blog, I though starting a dialog here might serve the php community better. So here goes: In your blog you suggest looking for the magic number in image files and not using getimagesize(). So what about this approach? 1. Restrict the File-Type. 2. Pass the file through exif_read_data() and see if File-Type and MimeType match. 3. Resize the image. Do you see any security problems this? I can't imagine evil code still working after someone resizes the file. Cheers, tedd PS: here's an example of both getimagesize() and exif_read_data(): http://webbytedd.com/bb/image-data/ -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] XML Get Value of Node DOMXPath
Stephen Alistoun wrote: Hello all, Need help to get the value of the node. We know how to get the value of the city , item and itemPrice nodes below. How do we get the value of NumberOfRooms? $hotelElements = $xpath->query( '', $searchReponseElement ); foreach( $hotelElements as $hotelElement ) { $city = $xpath->query( 'City' , $hotelElement ); $item = $xpath->query( 'Item' , $hotelElement ); $itemPrice = $xpath->query( 'ItemPrice' , $hotelElement ); $confirmation = $xpath->query( 'Confirmation' , $hotelElement ); } Here is an example of the XML Response: 4 Code="SB" NumberOfRooms="1" /> Code="TB" ExtraBed="true" NumberCots="1" NumberOfExtraBeds="2" NumberOfRooms="1 SharingBedding="true" /> Thanks You can do it in a number of ways. $rooms = $xpath->query('/Hotel/HotelRooms/HotelRoom'); /* Via DOMElement */ foreach ($rooms AS $room) { echo $room->getAttribute('NumberOfRooms') . "\n\n"; } /* Via XPath */ foreach ($rooms AS $room) { $numrooms = $xpath->evaluate('number(./@NumberOfRooms)', $room); echo $numrooms . "\n\n"; } Rob -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Secure uploads tutorial
I thought the list might be interested in a tutorial for secure web-based file uploads that I just wrote: http://tstarling.com/blog/2008/12/secure-web-uploads/ -- Tim Starling -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Create unique non-autoincrement key for700,000records?
On Tue, 2008-12-16 at 09:56 +0100, Ondrej Kulaty wrote: > Sorry you are right. He said he wants each row to have an unique ID so > AutoIncId+timestamp will satisfy it, But still i think that adding > microseconds timestamp is better because it will be harder for potential > hacker to guess. I agree, but then each entry would need ot be updated individually. Unfortunately MySQL doesn't appear to offer a time function to obtain microseconds. However, using the same argument for non collision and knowing that auto increment ID + unix_timestamp() must result in an integer, one could use the following to produce a less guessable outcome: update mytable set hash_field = md5( concat( AutoIdField + unix_timestamp(), rand() ) ) Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Create unique non-autoincrement key for700,000records?
Sorry you are right. He said he wants each row to have an unique ID so AutoIncId+timestamp will satisfy it, But still i think that adding microseconds timestamp is better because it will be harder for potential hacker to guess. -- S pozdravem Ondøej Kulatý - Winternet s.r.o. odd. vývoje aplikací tel. 585 209 132 www.winternet.cz "Robert Cummings" pí¹e v diskusním pøíspìvku news:1229416450.9173.46.ca...@localhost... > On Tue, 2008-12-16 at 09:21 +0100, Ondrej Kulaty wrote: >> I think he knows how to use it, he didn't show us a certain example where >> and how he wants to use it, i just posted the way how i do generate an >> unique identifier, if he use the first mentioned way - >> AutoIncID+unix_timestamp - there can be a collision, when two users will >> attempt to perform this task on the same id at the same time. yes, it's >> not >> very probable but if you have system with many users it can happen > > No it's impossible. Auto increment guarantees a unique auto incremented > ID. Adding the value returned by unix_timestamp() to this unique ID can > only create unique sums since both the auto increment ID and the time > are increasing. There cannot be a collision. > > Cheers, > Rob. > -- > http://www.interjinn.com > Application and Templating Framework for PHP > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Create unique non-autoincrement key for 700,000records?
On Tue, 2008-12-16 at 09:21 +0100, Ondrej Kulaty wrote: > I think he knows how to use it, he didn't show us a certain example where > and how he wants to use it, i just posted the way how i do generate an > unique identifier, if he use the first mentioned way - > AutoIncID+unix_timestamp - there can be a collision, when two users will > attempt to perform this task on the same id at the same time. yes, it's not > very probable but if you have system with many users it can happen No it's impossible. Auto increment guarantees a unique auto incremented ID. Adding the value returned by unix_timestamp() to this unique ID can only create unique sums since both the auto increment ID and the time are increasing. There cannot be a collision. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Create unique non-autoincrement key for 700,000records?
I think he knows how to use it, he didn't show us a certain example where and how he wants to use it, i just posted the way how i do generate an unique identifier, if he use the first mentioned way - AutoIncID+unix_timestamp - there can be a collision, when two users will attempt to perform this task on the same id at the same time. yes, it's not very probable but if you have system with many users it can happen "Robert Cummings" pí¹e v diskusním pøíspìvku news:1229410766.9173.41.ca...@localhost... > On Tue, 2008-12-16 at 07:35 +0100, Ondrej Kulaty wrote: >> I use md5(microtime()); > > I applaud the use of PHP on the "PHP" list... but I think the OP wants > an SQL query :) > > Cheers, > Rob. > -- > http://www.interjinn.com > Application and Templating Framework for PHP > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Create unique non-autoincrement key for 700,000 records?
Hi Rob, You can also use the PHP fonction Uniqid : md5(uniqid(rand(),true)); http://fr3.php.net/manual/en/function.uniqid.php Have a nice day. Zeuf Rob Gould a écrit : I have a mySQL database with 700,000 records in it, which are presently keyed with an "auto-increment" field. What I'd like to do is create another field with a field where each and every record number has a unique keyvalue. Example: "su5e23vlskd" for records 1, and "34fdfdsglkdj4" for record 2. All that matters is that it's unique, and isn't a number that can be guessed or an "autoincrement" number, where a hacker can just figure out the keyvalue by incrementing numbers. It doesn't matter to me if each keyvalue field is just numbers, or a number/letter combination - - - all that matters is that each keyvalue field is unique. Is there an automatic way that mySQL could do that, or would I need to write a php script to somehow go through each record and create this unique value? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php