Re: [PHP] Sending e-mail via socket
Andre Polykanine wrote: > Hello everyone, > I've just subscribed to the list, and I already have a question. > what I need to do is to send mail using sockets. Actually, the > built-in Mail() function is great and I wouldn't have to search for > something else if I didn't need more than one message to be sent at a > time. Say, I have ten or a hundred of users who want to receive a > notification about new blog entries. If I use the mail() function in > the loop, it will be performed too slow since it constantly opens and > closes the door, I mean, the SMTP connection. Use sendmail to drop the emails straight into your MTA queue. /Per -- Per Jessen, Zürich (6.9°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] unpacking an array of structs...
In the desktop app's memory the data is packed end-to-end already:
typedef struct MANGOpie
{
unsigned char mango;
unsigned short pie;
}
MANGOpie;
MANGOpie * pies = (MANGOpie *)malloc(count*sizeof(MANGOpie));
...and the entire 'pies' array is sent to the PHP script as binary data
using PUT.
On February 23, 2010, Nathan Nobbe wrote:
On Monday, February 22, 2010, php.l...@juun.com wrote:
I have a desktop app that has a data structure that looks like this:
typedef struct MANGOpie
{
unsigned char mango;
unsigned short pie;
}
MANGOpie;
I manage a C array of these things in memory:
MANGOpie * pies = (MANGOpie *)malloc(count*sizeof(MANGOpie));
I pass these to a PHP script on my webserver who needs to unpack the
array of structs.
The unpack() PHP function appears to be what I need, but it doesn't
like the formatting I'm using to describe an array of these structs:
"(Cmango/npie)*"
What it doesn't like are the parentheses. I've tried brackets and
curlies too, but nothing works. I have to have the parentheses to
tell the parser to repeat the entire struct:
mango
pie
mango
pie
mango
pie
...
Formatting without the parentheses -- "Cmango/npie*" -- is:
mango
pie
pie
pie
pie
pie
...
One workaround is to drop the struct and just manage two separate
parallel arrays of each data type in the desktop app:
unsigned char * mangos = (unsigned char
*)malloc(count*sizeof(unsigned char));
unsigned short * pies = (unsigned short
*)malloc(count*sizeof(unsigned short));
With PHP unpack() format strings:
"Cmango*"
"npie*"
But, I'd rather keep the struct for the sake of code clarity and neatness.
Another would be to iterate thru the binary data, unpacking one
struct at a time, but that would be slower, presumably.
Anyone know the trick to this?
I'm curious how you are getting to the point of calling pack() in the
first place. can we see the bit of your script that interacts with
this c code?
-nathan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] unpacking an array of structs...
I'm actually moving from a string-encoded transport to binary for
compactness. The array can potentially get pretty large. I'm shooting
for the smallest possible representation of the data, which is 1 char
and 1 short per data point.
On February 23, 2010, Rene Veerman wrote:
have you considered using json as transport?
http://json.org/ has code you can re-use.
On Tue, Feb 23, 2010 at 7:29 AM, php.l...@juun.com
wrote:
I have a desktop app that has a data structure that looks like this:
typedef struct MANGOpie
{
unsigned char mango;
unsigned short pie;
}
MANGOpie;
I manage a C array of these things in memory:
MANGOpie * pies = (MANGOpie *)malloc(count*sizeof(MANGOpie));
I pass these to a PHP script on my webserver who needs to unpack the array
of structs.
The unpack() PHP function appears to be what I need, but it doesn't
like the
formatting I'm using to describe an array of these structs:
"(Cmango/npie)*"
What it doesn't like are the parentheses. I've tried brackets and curlies
too, but nothing works. I have to have the parentheses to tell the parser
to repeat the entire struct:
mango
pie
mango
pie
mango
pie
...
Formatting without the parentheses -- "Cmango/npie*" -- is:
mango
pie
pie
pie
pie
pie
...
One workaround is to drop the struct and just manage two separate parallel
arrays of each data type in the desktop app:
unsigned char * mangos = (unsigned char *)malloc(count*sizeof(unsigned
char));
unsigned short * pies = (unsigned short *)malloc(count*sizeof(unsigned
short));
With PHP unpack() format strings:
"Cmango*"
"npie*"
But, I'd rather keep the struct for the sake of code clarity and neatness.
Another would be to iterate thru the binary data, unpacking one struct at a
time, but that would be slower, presumably.
Anyone know the trick to this?
Thanks.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] unpacking an array of structs...
On Monday, February 22, 2010, php.l...@juun.com wrote:
>
> I have a desktop app that has a data structure that looks like this:
>
> typedef struct MANGOpie
> {
> unsigned char mango;
> unsigned short pie;
> }
> MANGOpie;
>
>
>
> I manage a C array of these things in memory:
>
> MANGOpie * pies = (MANGOpie *)malloc(count*sizeof(MANGOpie));
>
>
>
>
> I pass these to a PHP script on my webserver who needs to unpack the array of
> structs.
>
> The unpack() PHP function appears to be what I need, but it doesn't like the
> formatting I'm using to describe an array of these structs:
>
> "(Cmango/npie)*"
>
> What it doesn't like are the parentheses. I've tried brackets and curlies
> too, but nothing works. I have to have the parentheses to tell the parser to
> repeat the entire struct:
>
> mango
> pie
> mango
> pie
> mango
> pie
> ...
>
>
>
> Formatting without the parentheses -- "Cmango/npie*" -- is:
>
> mango
> pie
> pie
> pie
> pie
> pie
> ...
>
>
>
> One workaround is to drop the struct and just manage two separate parallel
> arrays of each data type in the desktop app:
>
> unsigned char * mangos = (unsigned char *)malloc(count*sizeof(unsigned
> char));
> unsigned short * pies = (unsigned short *)malloc(count*sizeof(unsigned
> short));
>
> With PHP unpack() format strings:
>
> "Cmango*"
> "npie*"
>
> But, I'd rather keep the struct for the sake of code clarity and neatness.
>
>
>
> Another would be to iterate thru the binary data, unpacking one struct at a
> time, but that would be slower, presumably.
>
>
>
>
>
>
>
>
>
> Anyone know the trick to this?
I'm curious how you are getting to the point of calling pack() in the
first place. can we see the bit of your script that interacts with
this c code?
-nathan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] unpacking an array of structs...
have you considered using json as transport?
http://json.org/ has code you can re-use.
On Tue, Feb 23, 2010 at 7:29 AM, php.l...@juun.com wrote:
>
> I have a desktop app that has a data structure that looks like this:
>
> typedef struct MANGOpie
> {
> unsigned char mango;
> unsigned short pie;
> }
> MANGOpie;
>
>
>
> I manage a C array of these things in memory:
>
> MANGOpie * pies = (MANGOpie *)malloc(count*sizeof(MANGOpie));
>
>
>
>
> I pass these to a PHP script on my webserver who needs to unpack the array
> of structs.
>
> The unpack() PHP function appears to be what I need, but it doesn't like the
> formatting I'm using to describe an array of these structs:
>
> "(Cmango/npie)*"
>
> What it doesn't like are the parentheses. I've tried brackets and curlies
> too, but nothing works. I have to have the parentheses to tell the parser
> to repeat the entire struct:
>
> mango
> pie
> mango
> pie
> mango
> pie
> ...
>
>
>
> Formatting without the parentheses -- "Cmango/npie*" -- is:
>
> mango
> pie
> pie
> pie
> pie
> pie
> ...
>
>
>
> One workaround is to drop the struct and just manage two separate parallel
> arrays of each data type in the desktop app:
>
> unsigned char * mangos = (unsigned char *)malloc(count*sizeof(unsigned
> char));
> unsigned short * pies = (unsigned short *)malloc(count*sizeof(unsigned
> short));
>
> With PHP unpack() format strings:
>
> "Cmango*"
> "npie*"
>
> But, I'd rather keep the struct for the sake of code clarity and neatness.
>
>
>
> Another would be to iterate thru the binary data, unpacking one struct at a
> time, but that would be slower, presumably.
>
>
>
>
>
>
>
>
>
> Anyone know the trick to this?
>
> Thanks.
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] unpacking an array of structs...
I have a desktop app that has a data structure that looks like this:
typedef struct MANGOpie
{
unsigned char mango;
unsigned short pie;
}
MANGOpie;
I manage a C array of these things in memory:
MANGOpie * pies = (MANGOpie *)malloc(count*sizeof(MANGOpie));
I pass these to a PHP script on my webserver who needs to unpack the
array of structs.
The unpack() PHP function appears to be what I need, but it doesn't
like the formatting I'm using to describe an array of these structs:
"(Cmango/npie)*"
What it doesn't like are the parentheses. I've tried brackets and
curlies too, but nothing works. I have to have the parentheses to tell
the parser to repeat the entire struct:
mango
pie
mango
pie
mango
pie
...
Formatting without the parentheses -- "Cmango/npie*" -- is:
mango
pie
pie
pie
pie
pie
...
One workaround is to drop the struct and just manage two separate
parallel arrays of each data type in the desktop app:
unsigned char * mangos = (unsigned char
*)malloc(count*sizeof(unsigned char));
unsigned short * pies = (unsigned short
*)malloc(count*sizeof(unsigned short));
With PHP unpack() format strings:
"Cmango*"
"npie*"
But, I'd rather keep the struct for the sake of code clarity and neatness.
Another would be to iterate thru the binary data, unpacking one struct
at a time, but that would be slower, presumably.
Anyone know the trick to this?
Thanks.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PDOStatement::rowCount() bug?
On Mon, Feb 22, 2010 at 09:50:30PM -0500, Paul M Foster wrote: > Using MySQL 5.075, PHP 5.25 on Debian unstable. > > Has anyone noticed, when issuing a PDOStatement::rowCount() call after a > DELETE, UPDATE or INSERT, the return is uniformly zero, rather than the > actual number of rows affected? > > If so, is there a simple workaround? Update: MySQL 5.1.44. rowCount() appears to return 0 only on deletes, not updates or inserts. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PDOStatement::rowCount() bug?
On Mon, Feb 22, 2010 at 8:39 PM, Paul M Foster wrote:
> On Mon, Feb 22, 2010 at 08:18:25PM -0700, Nathan Nobbe wrote:
>
> > On Mon, Feb 22, 2010 at 7:50 PM, Paul M Foster
> wrote:
> >
> > Using MySQL 5.075, PHP 5.25 on Debian unstable.
> >
> > Has anyone noticed, when issuing a PDOStatement::rowCount() call
> after a
> > DELETE, UPDATE or INSERT, the return is uniformly zero, rather than
> the
> > actual number of rows affected?
> >
> >
> > quick test shows rowCount() working in all 3 cases:
> >
> > > /**
> > * lets test a PDOStatement::rowCount() bug
> > * using an sqlite3 memory resident database
> > */
>
> Nifty, but you'll notice that I'm using MySQL, not SQLite3. And you
> didn't mention which version PHP you're using.
>
it had occurred to me that you may be using a diff db and that could have
something to do w/ it; however, ive just made a slight alteration to the
script and its working np w/ mysql:
---
sql
---
mysql> create database TESTING;
Query OK, 1 row affected (0.00 sec)
mysql> use TESTING;
Database changed
mysql> CREATE TABLE TESTING (
-> id INT NOT NULL AUTO_INCREMENT,
-> name CHAR(30) NOT NULL,
-> PRIMARY KEY (id)
-> );
---
php
---
query("INSERT INTO TESTING (name) VALUES ('nate
dogg')");
echo 'Num rows inserted: ' . $oStmt->rowCount() . PHP_EOL;
$oStmt = $oPdo->query("UPDATE TESTING SET name = 'snoop dog' WHERE id =
1");
echo "Num rows updated: " . $oStmt->rowCount() . PHP_EOL;
$oStmt = $oPdo->query("DELETE FROM TESTING WHERE id = 1");
echo "Num rows deleted: " . $oStmt->rowCount() . PHP_EOL;
}
catch(Exception $oE)
{
die($oE->getMessage() . PHP_EOL);
}
?>
version
php version:
PHP 5.2.6-3ubuntu4.5 with Suhosin-Patch 0.9.6.2
mysql version:
Server version: 5.1.31-1ubuntu2
-nathan
Re: [PHP] PDOStatement::rowCount() bug?
On Mon, Feb 22, 2010 at 08:18:25PM -0700, Nathan Nobbe wrote: > On Mon, Feb 22, 2010 at 7:50 PM, Paul M Foster > wrote: > > Using MySQL 5.075, PHP 5.25 on Debian unstable. > > Has anyone noticed, when issuing a PDOStatement::rowCount() call after a > DELETE, UPDATE or INSERT, the return is uniformly zero, rather than the > actual number of rows affected? > > > quick test shows rowCount() working in all 3 cases: > > /** > * lets test a PDOStatement::rowCount() bug > * using an sqlite3 memory resident database > */ Nifty, but you'll notice that I'm using MySQL, not SQLite3. And you didn't mention which version PHP you're using. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PDOStatement::rowCount() bug?
On Mon, Feb 22, 2010 at 7:50 PM, Paul M Foster wrote:
> Using MySQL 5.075, PHP 5.25 on Debian unstable.
>
> Has anyone noticed, when issuing a PDOStatement::rowCount() call after a
> DELETE, UPDATE or INSERT, the return is uniformly zero, rather than the
> actual number of rows affected?
>
quick test shows rowCount() working in all 3 cases:
query('CREATE TABLE TESTING (id INTEGER PRIMARY KEY, name
TEXT)');
$oStmt = $oPdo->query("INSERT INTO TESTING (name) VALUES ('nate
dogg')");
echo 'Num rows inserted: ' . $oStmt->rowCount() . PHP_EOL;
$oStmt = $oPdo->query("UPDATE TESTING SET name = 'snoop dog' WHERE id =
1");
echo "Num rows updated: " . $oStmt->rowCount() . PHP_EOL;
$oStmt = $oPdo->query("DELETE FROM TESTING WHERE id = 1");
echo "Num rows deleted: " . $oStmt->rowCount() . PHP_EOL;
}
catch(Exception $oE)
{
die($oE->getMessage() . PHP_EOL);
}
?>
-
OUTPUT
-
Num rows inserted: 1
Num rows updated: 1
Num rows deleted: 1
-nathan
[PHP] PDOStatement::rowCount() bug?
Using MySQL 5.075, PHP 5.25 on Debian unstable. Has anyone noticed, when issuing a PDOStatement::rowCount() call after a DELETE, UPDATE or INSERT, the return is uniformly zero, rather than the actual number of rows affected? If so, is there a simple workaround? Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sending e-mail via socket
On Tue, Feb 23, 2010 at 02:16:24AM +0200, Andre Polykanine wrote:
> Hello everyone,
> I've just subscribed to the list, and I already have a question.
> what I need to do is to send mail using sockets. Actually, the
> built-in Mail() function is great and I wouldn't have to search for
> something else if I didn't need more than one message to be sent at a
> time. Say, I have ten or a hundred of users who want to receive a
> notification about new blog entries. If I use the mail() function in
> the loop, it will be performed too slow since it constantly opens and
> closes the door, I mean, the SMTP connection.
> So I need an alternative.
> And here's what I'm doing:
>
> function socketmail($to, $subject, $message) {
> $from="Oire.org Administration ";
> $connect = fsockopen ("smtp.yandex.ru", 25, $errno, $errstr, 30);
> if ($connect) {
> $out="HELO localhost\r\n";
> $out.="MAIL FROM: $from\n";
> $out.="RCPT TO: $to\n";
> $out.="DATA\r\n";
> $out.="Content-Type: text/plain; charset=utf-8\n";
> $out.="To: $to\n";
> $out.="Subject: $subject\n";
> $out.="\n\n";
> $out.=$message." \r\n";
> $out.=".\r\n";
> $out.="RSET\r\n";
> fwrite ($connect, $out);
> fclose ($connect);
> } else {
> die ("Error: ".$errstr." ($errno)");
> }
> }
>
> socketmail ("arthae...@yandex.ru", "this is a socket mail test",
> "Testing mail sending");
> ?>
>
> And what I get is absolutely nothing. No errors, no warnings, no
> message in the mailbox.
> So three questions:
> 1. What's wrong with my script?
> 2. How to look where the error exactly is? Can't get server logs for
> some reason (will talk to tech support probably).
> 3. How to do the same thing but with an ability to send multiple
> messages without closing the connection after each message?
First, if you're using the mail() function to talk to a *local* SMTP
server, you shouldn't have a long lag at all. The local SMTP server
should queue the messages and deal with the remote connections on its
own time, withough blocking..
Second, you're doing this socket operation as though it's a static
one-sided conversation. I'm not an expert, but SMTP conversations don't
normally work this way. You issue the HELO, wait for the response, issue
other commands, wait for the response, etc. The way you're doing it, if
your SMTP conversation runs into any snags (like the RCPT TO is not
recognized), you won't know it. Your function will simply ride over the
error, because it's not listening to the SMTP server.
Again, I'm not an expert, so maybe there's something I've overlooked.
Paul
--
Paul M. Foster
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sending e-mail via socket
have you tried mail() with a large bcc header?
On Tue, Feb 23, 2010 at 1:16 AM, Andre Polykanine wrote:
> Hello everyone,
> I've just subscribed to the list, and I already have a question.
> what I need to do is to send mail using sockets. Actually, the
> built-in Mail() function is great and I wouldn't have to search for
> something else if I didn't need more than one message to be sent at a
> time. Say, I have ten or a hundred of users who want to receive a
> notification about new blog entries. If I use the mail() function in
> the loop, it will be performed too slow since it constantly opens and
> closes the door, I mean, the SMTP connection.
> So I need an alternative.
> And here's what I'm doing:
>
> function socketmail($to, $subject, $message) {
> $from="Oire.org Administration ";
> $connect = fsockopen ("smtp.yandex.ru", 25, $errno, $errstr, 30);
> if ($connect) {
> $out="HELO localhost\r\n";
> $out.="MAIL FROM: $from\n";
> $out.="RCPT TO: $to\n";
> $out.="DATA\r\n";
> $out.="Content-Type: text/plain; charset=utf-8\n";
> $out.="To: $to\n";
> $out.="Subject: $subject\n";
> $out.="\n\n";
> $out.=$message." \r\n";
> $out.=".\r\n";
> $out.="RSET\r\n";
> fwrite ($connect, $out);
> fclose ($connect);
> } else {
> die ("Error: ".$errstr." ($errno)");
> }
> }
>
> socketmail ("arthae...@yandex.ru", "this is a socket mail test",
> "Testing mail sending");
> ?>
>
> And what I get is absolutely nothing. No errors, no warnings, no
> message in the mailbox.
> So three questions:
> 1. What's wrong with my script?
> 2. How to look where the error exactly is? Can't get server logs for
> some reason (will talk to tech support probably).
> 3. How to do the same thing but with an ability to send multiple
> messages without closing the connection after each message?
>
> Thanks!
>
> --
> With best regards from Ukraine,
> Andre
> Http://oire.org/ - The Fantasy blogs of Oire
> Skype: Francophile; Wlm&MSN: arthaelon @ yandex.ru; Jabber: arthaelon @
> jabber.org
> Yahoo! messenger: andre.polykanine; ICQ: 191749952
> Twitter: http://twitter.com/m_elensule
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP / mySQL Project... Real men use 'cat'
> -Original Message- > From: Ashley Sheridan [mailto:a...@ashleysheridan.co.uk] > > On Mon, 2010-02-22 at 14:39 -0800, Don Wieland wrote: > > > I am needing assistance IMMEDIATELY in finishing up a project (the > > developer went in to have shoulder surgery and will be out of > > commission for 3 weeks) and I need this finished soon. > > That only puts one arm out of action surely? > A real programmer would use the one hand! Real programmers use 'cat'. ;-) I don't see Stephen Hawking complaining... In fact, he raps about it! http://www.mchawking.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Sending e-mail via socket
Hello everyone,
I've just subscribed to the list, and I already have a question.
what I need to do is to send mail using sockets. Actually, the
built-in Mail() function is great and I wouldn't have to search for
something else if I didn't need more than one message to be sent at a
time. Say, I have ten or a hundred of users who want to receive a
notification about new blog entries. If I use the mail() function in
the loop, it will be performed too slow since it constantly opens and
closes the door, I mean, the SMTP connection.
So I need an alternative.
And here's what I'm doing:
";
$connect = fsockopen ("smtp.yandex.ru", 25, $errno, $errstr, 30);
if ($connect) {
$out="HELO localhost\r\n";
$out.="MAIL FROM: $from\n";
$out.="RCPT TO: $to\n";
$out.="DATA\r\n";
$out.="Content-Type: text/plain; charset=utf-8\n";
$out.="To: $to\n";
$out.="Subject: $subject\n";
$out.="\n\n";
$out.=$message." \r\n";
$out.=".\r\n";
$out.="RSET\r\n";
fwrite ($connect, $out);
fclose ($connect);
} else {
die ("Error: ".$errstr." ($errno)");
}
}
socketmail ("arthae...@yandex.ru", "this is a socket mail test",
"Testing mail sending");
?>
And what I get is absolutely nothing. No errors, no warnings, no
message in the mailbox.
So three questions:
1. What's wrong with my script?
2. How to look where the error exactly is? Can't get server logs for
some reason (will talk to tech support probably).
3. How to do the same thing but with an ability to send multiple
messages without closing the connection after each message?
Thanks!
--
With best regards from Ukraine,
Andre
Http://oire.org/ - The Fantasy blogs of Oire
Skype: Francophile; Wlm&MSN: arthaelon @ yandex.ru; Jabber: arthaelon @
jabber.org
Yahoo! messenger: andre.polykanine; ICQ: 191749952
Twitter: http://twitter.com/m_elensule
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP / mySQL Project...
On Mon, 2010-02-22 at 14:39 -0800, Don Wieland wrote: > Hello, > > I am needing assistance IMMEDIATELY in finishing up a project (the > developer went in to have shoulder surgery and will be out of > commission for 3 weeks) and I need this finished soon. > > Candidate must have good english skills, a solid knowledge of HTML, > CSS, PHP, mySQL, Javascript, AJAX, and JQuery. Developer may work > remotely. > > Please contact me via email, PRIVATELY, with your skills and sample of > online project you have done. Also, this will be an hourly job - so > what Hourly Rate you expect to get paid would be nice. > > Thanks! > > Don Wieland > D W D a t a C o n c e p t s > ~ > d...@dwdataconcepts.com > Direct Line - (949) 305-2771 > > Integrated data solutions to fit your business needs. > > Need assistance in dialing in your FileMaker solution? Check out our > Developer Support Plan at: > http://www.dwdataconcepts.com/DevSup.html > > Appointment 1.0v9 - Powerful Appointment Scheduling for FileMaker Pro > 9 or higher > http://www.appointment10.com > > For a quick overview - > http://www.appointment10.com/Appt10_Promo/Overview.html > > That only puts one arm out of action surely? A real programmer would use the one hand! Only joking, hope his/her surgery goes without any problems. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] $_POST vs $_REQUEST
On Mon, 2010-02-22 at 23:49 +0100, John Black wrote: > On 02/22/2010 11:42 PM, Michael Shadle wrote: > > The difference here is you can at least have some control over the data > > and expect it in a certain fashion. Also the behavior of cookies vs. get > > vs. post are different (cookies have length and expiration limits, get > > has length limits, post has server confgured limits) > > The cookie and post/get part is all mixed up now :) > > I use $_COOKIE when I want cookie information but I know that the data > is not to be trusted and is easily fabricated. > > When reading get or post I just use $_REQUEST nowadays because I don't > have to care how the submitting form is written. This makes my form > handling data more portable. > > -- > John > You may say I'm a dreamer, but I'm not the only one, > I hope some day you'll join us, And the world will live as one. > [John Lennon] > As many people have mentioned already, there's absolutely no security risk of using $_REQUEST over $_POST or $_GET. I generally use $_REQUEST unless I am specifically coding something that needs me to send data over both post and get at the same time. The thing is, just make sure you sanitise all the data that comes from the browser. That includes cookie values, post data, etc. Proper sanitisation is crucial and necessary, and no amount of obscurity about how you are getting your data will help. Thanks, Ash http://www.ashleysheridan.co.uk
[PHP] Re: PHP / mySQL Project...
Hi Don, i work for the company simplynetworks in germany. I have access to may programmers with the best quality to the best prices. We work quick and no dirty ;-) I am programmer too and my company offer you the best object oriented software of the market. Some references of my clients in Germany: DMC (Digital media center) - Neckermann (www.neckerman.de /nl/be) Shop development - 150 developer and many smoll teams. Development with PHP 4 and 5, JQuery, Prototype, CSS, XML, HTML, MYSQL and Oracle and so on. Astroshop.de (www.astroshop.de) Shop redesign and refactory. JQuery, PHP5 strong object oriented, SPL, MySQL, Zend Framework and EzComponents integration. ssc - services - Daimler Chrysler (SWAN Projekt for OFTP data transfer). PHP5 and Java, MySQL, HTML, CSS, Javascript,etc Speechconcept (linguistics) - Strong object oriented Software with DOJO, Zend Framework and many modules and very complex tasks. If you are interessing contact please to this email address. Regards Carlos Medina Don Wieland schrieb: Hello, I am needing assistance IMMEDIATELY in finishing up a project (the developer went in to have shoulder surgery and will be out of commission for 3 weeks) and I need this finished soon. Candidate must have good english skills, a solid knowledge of HTML, CSS, PHP, mySQL, Javascript, AJAX, and JQuery. Developer may work remotely. Please contact me via email, PRIVATELY, with your skills and sample of online project you have done. Also, this will be an hourly job - so what Hourly Rate you expect to get paid would be nice. Thanks! Don Wieland D W D a t a C o n c e p t s ~ d...@dwdataconcepts.com Direct Line - (949) 305-2771 Integrated data solutions to fit your business needs. Need assistance in dialing in your FileMaker solution? Check out our Developer Support Plan at: http://www.dwdataconcepts.com/DevSup.html Appointment 1.0v9 - Powerful Appointment Scheduling for FileMaker Pro 9 or higher http://www.appointment10.com For a quick overview - http://www.appointment10.com/Appt10_Promo/Overview.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST vs $_REQUEST
On 02/22/2010 11:42 PM, Michael Shadle wrote: The difference here is you can at least have some control over the data and expect it in a certain fashion. Also the behavior of cookies vs. get vs. post are different (cookies have length and expiration limits, get has length limits, post has server confgured limits) The cookie and post/get part is all mixed up now :) I use $_COOKIE when I want cookie information but I know that the data is not to be trusted and is easily fabricated. When reading get or post I just use $_REQUEST nowadays because I don't have to care how the submitting form is written. This makes my form handling data more portable. -- John You may say I'm a dreamer, but I'm not the only one, I hope some day you'll join us, And the world will live as one. [John Lennon] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST vs $_REQUEST
Op 2/22/10 8:39 PM, Slack-Moehrle schreef: > Hi All, > > I have Forms that I submit for processing. I have seen examples of people > using either $_POST or $_REQUEST. > > When would I choose one over the other? use $_POST, $_REQUEST is normally an amalgam of GET, POST and COOKIE - as such using $_REQUEST can open you up to a denial of service attack (if someone manages to place cookies with the same names as your form fields they will always override what was in the POST). avoid using $_REQUEST. > Also, I see examples of these being used with and without the single quotes > > Like: > > $_POST[j_orderValue] this generates an E_NOTICE and is bad practice, it's also slower, essentially PHP sees the CONSTANT j_orderValue which it can't find and does it's best to accomodate sloppy code by tranlating it into the string 'j_orderValue' try turning up the ini setting 'error_reporting' to include E_NOTICE warnings (and everything else) and see what else your code might be doing which isn't quite right ... it can be very helpful, I'm assuming you're running a local webserver, as running that in production is a bit pointless in my view (additionally having the ini setting 'display_errors' turned on in production is a security issue) > or > $_POST['j_orderValue'] > > Single quotes is best, correct to prevent sql injection? this does nothing for SQL injection prevention, for that you need the escaping function for the DB you use ... for MySQL that would be mysql_real_escape_string(). > -ML > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST vs $_REQUEST
The difference here is you can at least have some control over the data and expect it in a certain fashion. Also the behavior of cookies vs. get vs. post are different (cookies have length and expiration limits, get has length limits, post has server confgured limits) Like I said a properly coded app won't really suffer much but why allow for lazy coding practices and non properly coded apps to be exploited as easy? The great deal of apps out there are not properly coded. Again I reference my metaphor about dying. At least try to put effort into something. On Feb 22, 2010, at 2:26 PM, John Black technologies.org> wrote: On 02/22/2010 11:17 PM, Michael Shadle wrote: "Secure" might be the wrong term here. As you can easily change GET to POST and vice-versa and send any cookies you like, this is why I tried to revise my statement and quantify it better... in a properly coded app it doesn't present much issue. However, it encourages laziness and PHP's barrier to entry is so easy that there is a lot of people who consider a cookie to be trusted, and overriding it with a simple GET parameter is too easy of an attack vector. At least make it difficult. Just because someone believes that a cookie is something that can be trusted does not make it so. A properly coded app should not care how the client sends the information, only that the information is it valid and expected. A cookie is the same thing as $_POST or $_GET data but it can be stored for a period of time, what happens to the stored data is out of our control. Treating one any different from the other is just wrong and will create apps with security holes. For anybody who would like to try the GUI version of tampering with data sent to the server checkout TamperData for FireFox. -- John Klarmachen zum Ändern! http://www.youtube.com/v/AYM-_qfytfA -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP / mySQL Project...
Hello, I am needing assistance IMMEDIATELY in finishing up a project (the developer went in to have shoulder surgery and will be out of commission for 3 weeks) and I need this finished soon. Candidate must have good english skills, a solid knowledge of HTML, CSS, PHP, mySQL, Javascript, AJAX, and JQuery. Developer may work remotely. Please contact me via email, PRIVATELY, with your skills and sample of online project you have done. Also, this will be an hourly job - so what Hourly Rate you expect to get paid would be nice. Thanks! Don Wieland D W D a t a C o n c e p t s ~ d...@dwdataconcepts.com Direct Line - (949) 305-2771 Integrated data solutions to fit your business needs. Need assistance in dialing in your FileMaker solution? Check out our Developer Support Plan at: http://www.dwdataconcepts.com/DevSup.html Appointment 1.0v9 - Powerful Appointment Scheduling for FileMaker Pro 9 or higher http://www.appointment10.com For a quick overview - http://www.appointment10.com/Appt10_Promo/Overview.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST vs $_REQUEST
On Mon, Feb 22, 2010 at 22:37, Michael Shadle wrote: > On Mon, Feb 22, 2010 at 1:30 PM, David Murphy wrote: >> Richard, >> >> >> The use of $_REQUEST it no more a security hole than $_GET or $_REQUEST, >> they should ALL be treats as bad data until normalized and sanitized. The >> claim that it opens a security hole is just false, that’s like saying PHP >> is insecure, its not it just allows for lazy coding such as $_REQUEST. > > It represents a way for people to exploit coders who don't know any better. > > Expecting a cookie value to come through in $_REQUEST but you could > override using a query string parameter makes for easy exploitation. > Probably not catastrophic but much easier to brute force things if you > don't have to bother with cookies, or can fake a user identity easier; > things of that nature. > > If you coded your app well, in theory it won't make much difference, > however, why keep something out there that makes it easier for people > to mess with your site, period? Using $_REQUEST poses no security issues whatsoever. Just because there are incompetent programmers doesn't mean that a language feature is inherently insecure. It's entirely dependent on how you use it. A pen is also dangerous if you stab someone in the eye with it. Certain features in PHP may be dangerous if you give them to incompetent people who don't know what they're doing. Besides, whether or not you can "override" cookie values depends on whether the programmer also uses $_REQUEST for cookie values and the request_order php.ini directive. The value in the php.ini files that ship with PHP 5.3 default to only including GET and POST data for instance: http://svn.php.net/viewvc/php/php-src/tags/php_5_3_1/php.ini-production?view=markup#l671 If an attacker can do an HTTP GET request, he can most likely also do an HTTP POST request (and vice versa) and the input value will be no more (in)secure regardless of the source. Using $_GET/$_POST in place of $_REQUEST is no more than security theater in my opinion. -- Daniel Egeberg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST vs $_REQUEST
On 02/22/2010 11:17 PM, Michael Shadle wrote: "Secure" might be the wrong term here. As you can easily change GET to POST and vice-versa and send any cookies you like, this is why I tried to revise my statement and quantify it better... in a properly coded app it doesn't present much issue. However, it encourages laziness and PHP's barrier to entry is so easy that there is a lot of people who consider a cookie to be trusted, and overriding it with a simple GET parameter is too easy of an attack vector. At least make it difficult. Just because someone believes that a cookie is something that can be trusted does not make it so. A properly coded app should not care how the client sends the information, only that the information is it valid and expected. A cookie is the same thing as $_POST or $_GET data but it can be stored for a period of time, what happens to the stored data is out of our control. Treating one any different from the other is just wrong and will create apps with security holes. For anybody who would like to try the GUI version of tampering with data sent to the server checkout TamperData for FireFox. -- John Klarmachen zum Ändern! http://www.youtube.com/v/AYM-_qfytfA -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST vs $_REQUEST
On Mon, Feb 22, 2010 at 5:02 PM, Slack-Moehrle wrote: > John, > >>>Then if you use a MySQL database you would escape the string like this >>>$tmp = mysql_real_escape_string($_REQUEST['yyy']); > > >>>mysql_real_escape_string() protect from SQL injection by escaping your >>>string according to what your charset requires. > > Good point, I should be doing that. But only to String, not data stored in > MySQL as Int or Date, etc. > > -ML Just to clarify, while you would not use mysql_real_escape_string() for datatypes other than strings, you still need to do filtering, validation, and sanity checking on other datatypes as well. As I pointed out in another thread recently, these are just as vulnerable to SQL injection even though the variable values are expected to be integers or dates: $sql = "SELECT `my_id`, `my_message` FROM `my_comments` WHERE `my_id` = $my_id"; $sql = "SELECT `post_id`, `post_text`, `post_date` FROM `blog_posts` WHERE `post_date` BETWEEN '$first_post_date' AND '$last_post_date'"; IMO mysql_real_escape_string() (or any similar function used for different db vendors) is just a method to escape sequences that have special meaning in a SQL query. It is the LAST step you should perform when processing input to be saved in a MySQL database (when parameterized queries are not available), after you have done everything you can to ensure that ALL the values being passed in the query are valid. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST vs $_REQUEST
On Mon, Feb 22, 2010 at 2:07 PM, John Black wrote: > And how is this more secure? I can create a cookie, send post or get on my > client machine and send anything I want to the server. Just because you are > getting a cookie does not mean that you created it :) > > So you might as well use request because the data can not be trusted either > way. Kind of like saying "why bother exercising and keeping healthy - we're going to die anyway" "Secure" might be the wrong term here. As you can easily change GET to POST and vice-versa and send any cookies you like, this is why I tried to revise my statement and quantify it better... in a properly coded app it doesn't present much issue. However, it encourages laziness and PHP's barrier to entry is so easy that there is a lot of people who consider a cookie to be trusted, and overriding it with a simple GET parameter is too easy of an attack vector. At least make it difficult. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST vs $_REQUEST
On 02/22/2010 10:37 PM, Michael Shadle wrote: On Mon, Feb 22, 2010 at 1:30 PM, David Murphy wrote: Richard, The use of $_REQUEST it no more a security hole than $_GET or $_REQUEST, they should ALL be treats as bad data until normalized and sanitized. The claim that it opens a security hole is just false, that’s like saying PHP is insecure, its not it just allows for lazy coding such as $_REQUEST. It represents a way for people to exploit coders who don't know any better. Expecting a cookie value to come through in $_REQUEST but you could override using a query string parameter makes for easy exploitation. And how is this more secure? I can create a cookie, send post or get on my client machine and send anything I want to the server. Just because you are getting a cookie does not mean that you created it :) So you might as well use request because the data can not be trusted either way. -- John Gerechtigkeit entspringt dem Neid; denn ihr oberster Grundsatz ist: Allen das Gleiche. [Walther Rathenau] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST vs $_REQUEST
John, >>Then if you use a MySQL database you would escape the string like this >>$tmp = mysql_real_escape_string($_REQUEST['yyy']); >>mysql_real_escape_string() protect from SQL injection by escaping your >>string according to what your charset requires. Good point, I should be doing that. But only to String, not data stored in MySQL as Int or Date, etc. -ML -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST vs $_REQUEST
On Mon, Feb 22, 2010 at 1:30 PM, David Murphy wrote: > Richard, > > > The use of $_REQUEST it no more a security hole than $_GET or $_REQUEST, > they should ALL be treats as bad data until normalized and sanitized. The > claim that it opens a security hole is just false, that’s like saying PHP > is insecure, its not it just allows for lazy coding such as $_REQUEST. It represents a way for people to exploit coders who don't know any better. Expecting a cookie value to come through in $_REQUEST but you could override using a query string parameter makes for easy exploitation. Probably not catastrophic but much easier to brute force things if you don't have to bother with cookies, or can fake a user identity easier; things of that nature. If you coded your app well, in theory it won't make much difference, however, why keep something out there that makes it easier for people to mess with your site, period? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] $_POST vs $_REQUEST
Richard, The use of $_REQUEST it no more a security hole than $_GET or $_REQUEST, they should ALL be treats as bad data until normalized and sanitized. The claim that it opens a security hole is just false, thats like saying PHP is insecure, its not it just allows for lazy coding such as $_REQUEST. David Murphy -Original Message- From: richard.he...@gmail.com [mailto:richard.he...@gmail.com] On Behalf Of Richard Sent: Monday, February 22, 2010 3:03 PM To: Joseph Thayne Cc: Slack-Moehrle; php-general Subject: Re: [PHP] $_POST vs $_REQUEST Hi, > I am not sure what the security issues are you are referring to as the > $_REQUEST superglobal contains both $_GET and $_POST values. Could you > expound on that? Thanks. Not really, do a search. -- Richard Heyes HTML5 canvas graphing: RGraph - http://www.rgraph.net (updated 20th February) Lots of PHP and Javascript code - http://www.phpguru.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST vs $_REQUEST
On Mon, Feb 22, 2010 at 12:55 PM, Joseph Thayne wrote: > I am not sure what the security issues are you are referring to as the > $_REQUEST superglobal contains both $_GET and $_POST values. Could you > expound on that? Thanks. $_REQUEST opens you up to POST/GET values overriding cookie values or vice versa. It's best to choose your source of data specifically. I unset($_REQUEST) wherever I can to enforce stricter coding practices. To me it's lazy. If you really need to mix POST and GET, then you can always array_merge($_POST, $_GET) >> Use quoted strings - either single or double quotes. Eg: >> >> $myArray['myKey'] >> $myArray["myKey"] single quotes are better (by a marginal fraction) as it won't look for interpolated strings :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST vs $_REQUEST
> I have Forms that I submit for processing. I have seen examples of people > using either $_POST or $_REQUEST. > Look at this example: Now what do you thing $_REQUEST will return? You had better not even think. Just use $_POST or $_GET as you _know_ what they will return. Don't forget, there might even be a cookie with the name "foo". -- Dotan Cohen http://bido.com http://what-is-what.com Please CC me if you want to be sure that I read your message. I do not read all list mail. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST vs $_REQUEST
Hi Slack-Moehrle
Slack-Moehrle wrote on 22/02/2010 21:39:
Hi All,
I have Forms that I submit for processing. I have seen examples of people using
either $_POST or $_REQUEST.
When would I choose one over the other?
$_REQUEST['test'] is true on both $_GET['test'] and $_POST['test']
I use it from time to time if I have a edit link followed by a form
posting (where I use method=post), if I decide to have all editing in
one statement, IE:
if($_REQUEST['test']) {
if($_GET['test']) {
// make the form here
}
elseif($_POST['test']) {
// get posting from the form
}
}
Also, I see examples of these being used with and without the single quotes
Like:
$_POST[j_orderValue]
or
$_POST['j_orderValue']
Single quotes is best, correct to prevent sql injection?
Best practice is with '', if you have E_NOTICE on you'll get notices if
you use $_POST[test] instead of $_POST['test']
It has nothing to do with SQL injection here. But when dealing with SQL
statements it's best practice to use '', for instance if you are about
to insert and a number at some point could be inserted as part of the
statement: "price = 250" will do fine, but if price ain't entered "price
= " will cause an error, while "price = ''" will not make the sql insert
fail.
Regarding SQL injection, run all inputs through the function
mysql_real_escape_string()
--
Kind regards
Kim Emax - masterminds.dk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST vs $_REQUEST
Hi, > I am not sure what the security issues are you are referring to as the > $_REQUEST superglobal contains both $_GET and $_POST values. Could you > expound on that? Thanks. Not really, do a search. -- Richard Heyes HTML5 canvas graphing: RGraph - http://www.rgraph.net (updated 20th February) Lots of PHP and Javascript code - http://www.phpguru.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST vs $_REQUEST
> i'd expect without quotes to query a define('j_orderValue','??')..
oh, and that, if not defined, defaults to the string 'j_orderValue'.
So while your $_POST[] with or without quotes will "do the same", use
single-quotes anyway because it's "the right thing to do" ;)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST vs $_REQUEST
On 02/22/2010 09:39 PM, Slack-Moehrle wrote:
Hi All,
I have Forms that I submit for processing. I have seen examples of people using
either $_POST or $_REQUEST.
When would I choose one over the other?
When you don't care how you get the data use $_REQUEST.
$_REQUEST will contain $_GET,$_POST,$_COOKIE in the order specified in
php.ini. Don't know what the default is.
$_POST[j_orderValue]
Don't do that, PHP will bitch that you are attempting to use a constant
as a string or something like that. Make sure you enable error reporting
in php.ini and use
display_errors = On
error_reporting = E_ALL | E_STRICT
for development but not on your server unless you log only.
$_POST['j_orderValue']
There are a few ways to write this properly, depending on how you use
it. The above is how I usually use it but this is also possible.
x = $_POST['j_orderValue'] <= that is how I write it
x = $_POST["j_orderValue"] <= also ok because it is a stirng
for $x=0; $x < 10, $x++ )
$foo[$x] = $_POST["j_orderValue$x"]
is also possible
echo "foo $_POST[j_orderValue]";
echo "foo {$_POST['j_orderValue']}";
and a few more, there was a great thread a while back which listed
every possible combination.
Single quotes is best, correct to prevent sql injection?
SQL injects happen when you use the $_RESQUEST[] information, as is, in
your SQL string.
SELECT * FROM foo WHERE XXX=$_REQUEST['yyy'] <= very bad!
You should be doing:
... code sanity check here.
- is a number really number, length and so on ...
Then if you use a MySQL database you would escape the string like this
$tmp = mysql_real_escape_string($_REQUEST['yyy']);
and use it like this.
SELECT * FROM foo WHERE XXX=$tmp
mysql_real_escape_string() protect from SQL injection by escaping your
string according to what your charset requires.
--
John
Nur wer im Wohlstand lebt, schimpft auf ihn.
[Ludwig Marcuse]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST vs $_REQUEST
On Mon, Feb 22, 2010 at 9:39 PM, Slack-Moehrle
wrote:
> Hi All,
>
> I have Forms that I submit for processing. I have seen examples of people
> using either $_POST or $_REQUEST.
>
> When would I choose one over the other?
I like to be specific and go for $_POST, but some people want
flexibility in their code and use $_REQUEST.
It's usually no big deal to me.
>
> Also, I see examples of these being used with and without the single quotes
>
> Like:
>
> $_POST[j_orderValue]
> or
> $_POST['j_orderValue']
i'd expect without quotes to query a define('j_orderValue','??')..
and yea, use single quotes whereever possible..
it's my exp that
'bla bla $var da da' is harder to read (in syntax-highlighted source
editors) than
'bla bla '.$var.' da da'
that's aside from speed improvements, which do add up quickly in high
load situations.
> Single quotes is best, correct to prevent sql injection?
sql injection fixing is an evolving art, but you can start by pushing
all variables that can be changed by end-users going into a database
through a marshalling-function fixSQLinjectionToDB ($var) { return
addslashes($var); };
addslashes is the minimum fix i believe, but google around and give us
back the up-to-date uber-fix-function please :)
Might be wise to look ahead and use a unmarshalling function
placeholder fixSQLinjectionFromDB() for any (varchar/text) variable
coming from the database and being used by your program for anything.
You'll have to look ahead; if you allow endusers to store any text in
your database, you can't just re-use that text in your output HTML
another time. you will need something that strips bad html, s,
flash, and javascript, to be completely secure. I've once been
infected with a piece of very cryptic js (that loaded quite a bit more
into the browser) that caused my site to be blacklisted by google..
Big fat red-black warnings by firefox about it too..
lastly, it also helps to use something like adodb.sf.net as a database
abstraction engine, btw.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST vs $_REQUEST
Richard wrote: It's a wise choice to go with $_POST, unless your form is a GET form, in which case use $_GET. $_REQUEST has the potential to open your script(s) up to security issues. I am not sure what the security issues are you are referring to as the $_REQUEST superglobal contains both $_GET and $_POST values. Could you expound on that? Thanks. Use quoted strings - either single or double quotes. Eg: $myArray['myKey'] $myArray["myKey"] To answer your question though, the quotes will not protect you from SQL injection at all. It simply has to do with processing the values. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST vs $_REQUEST
On Tue, Feb 23, 2010 at 2:39 AM, Slack-Moehrle wrote: > Hi All, > > I have Forms that I submit for processing. I have seen examples of people > using either $_POST or $_REQUEST. > > When would I choose one over the other? > > Also, I see examples of these being used with and without the single quotes > > Like: > > $_POST[j_orderValue] > or > $_POST['j_orderValue'] > > Single quotes is best, correct to prevent sql injection? You must use quote. either single or double. It wont affect sql injection. Sanitize your data before using it in any sql. $_REQUEST['var'] means a variable var was passed in http request. $_POST['var'] means a post variable var was passed in http request. A get or cookie variable var2 will set $_REQUEST['var2']. When you are strictly expecting a Post variable 'var3' use $_POST['var3'], not $_REQEUST['var3']. This is because a $_GET['var3'] will make $_REQEUST['var3'] available to you which is not what you want. Correct me if I am wrong. -- Shiplu Mokaddim My talks, http://talk.cmyweb.net Follow me, http://twitter.com/shiplu SUST Programmers, http://groups.google.com/group/p2psust Innovation distinguishes bet ... ... (ask Steve Jobs the rest) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST vs $_REQUEST
Hi, > I have Forms that I submit for processing. I have seen examples of people > using either $_POST or $_REQUEST. > > When would I choose one over the other? It's a wise choice to go with $_POST, unless your form is a GET form, in which case use $_GET. $_REQUEST has the potential to open your script(s) up to security issues. > ... Use quoted strings - either single or double quotes. Eg: $myArray['myKey'] $myArray["myKey"] -- Richard Heyes HTML5 canvas graphing: RGraph - http://www.rgraph.net (updated 20th February) Lots of PHP and Javascript code - http://www.phpguru.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] $_POST vs $_REQUEST
Hi All, I have Forms that I submit for processing. I have seen examples of people using either $_POST or $_REQUEST. When would I choose one over the other? Also, I see examples of these being used with and without the single quotes Like: $_POST[j_orderValue] or $_POST['j_orderValue'] Single quotes is best, correct to prevent sql injection? -ML -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] help, please, understanding my problem
At 5:32 PM + 2/22/10, Ashley Sheridan wrote: On Mon, 2010-02-22 at 12:33 -0500, tedd wrote: At 3:15 PM + 2/22/10, Ashley Sheridan wrote: Also, your script tags need a type attribute: >
Re: [PHP] help, please, understanding my problem
On Mon, 2010-02-22 at 12:33 -0500, tedd wrote: > At 3:15 PM + 2/22/10, Ashley Sheridan wrote: > >Also, your script tags need a type attribute: > > > >
Re: [PHP] help, please, understanding my problem
At 3:15 PM + 2/22/10, Ashley Sheridan wrote: Also, your script tags need a type attribute:
Re: [PHP] help, please, understanding my problem
On Mon, 2010-02-22 at 09:09 -0600, Stan wrote:
> I have a PHP page that has
> require_once("genMyOverlay.js.php");
> .
> .
> .
> echo "";
> echo "doit(\"mydiv\");";
> echo "";
>
> genMyOverlay.js.php contains: createDiv() (see below) that creates a ID="mydiv"> and sets it up to overlay a portion of the wbe page and
> doit()starts it off.
>
> invoke the web page once and it works like it should. invoke the web page a
> second time (and thereafter until a new session) and it gets error:
> "doit is not defined"
>
> view the source (at the client browser) and it is identical both (all) times
>
> can anyone please help me understand what is happening?
>
> genMyOverlay.js.php contains
>
> echo "