[PHP] EasyPHP 5.3.9 with PHP 5.3.9 and PHP 5.4.0 RC6
New major version : EasyPHP 5.3.9 with PHP 5.3.9 and PHP 5.4.0 RC6 Plus Apache 2.2.21, MySQL 5.5.20, PhpMyAdmin 3.4.9, Xdebug 2.1.3. This version comes with a brand new administration page and new features : several versions of #PHP can be installed, same version can be installed several times with different settings, possibility to switch from one to another with a single click... Enjoy! Website : http://www.easyphp.org Screenshots : http://www.easyphp.org/screenshots.php Facebook page : http://www.facebook.com/easywamp Twitter : http://www.twitter.com/easyphp Google+ : https://plus.google.com/109064253798905195298 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Time zone in date function
On 31/01/2012 01:55, Ron Piggott wrote: On my clients account when I use “echo date(‘D, d M Y H:i:s');” the output is 5 hours ahead of us. How do I change it to my local time? Is there a way to specify “Eastern” time zone? I expect this would work: echo date(‘D, d M Y H:i:s' , ( strtotime( date(‘D, d M Y H:i:s') – 21600 ) ) ); I would prefer to specify Eastern time, so if the web host changes a server setting it will remain in Eastern time zone. Ron Hi Ron, I use this function to get the current time in a particular timezone: ?php /** * Return the current local time by timezone name * @param string $timezone * @return array * @author Ian Gibbons */ function getNowByTimezone($timezone){ $remote_timezone= new DateTimeZone($timezone); $remote_time= new DateTime(now, $remote_timezone); return getDate(strtotime($remote_time-format(Y-m-d H:i:s))); } ? Example: ? $london_time = getNowByTimezone(Europe/London); echo date(D, d M Y H:i:s, $london_time[0]); ? Regards Ian -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Cannot make bzip2 stream on the fly
header(Content-Description: File Transfer); header(Content-Disposition: attachment; filename=f.bzip2); header(Content-Type: application/x-bzip2); //header(Content-length: . strlen($zippedfile) . \n\n); header(Content-Transfer-Encoding: binary); ob_flush(); $bz = bzopen( 'php://output' , 'w' ); if ($bz===FALSE) { echo FALSE; return; } bzwrite($bz,hi); bzclose($bz); bzopen returns error: bzopen(): cannot represent a stream of type Output as a File Descriptor in case using stdout instead of output it works but produce zero result. Following works ok: $z = fopen( 'php://output' , 'w' ); if ($z===FALSE) { echo FALSE; return; } fwrite($z,hihi); fclose($z); Please, help! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Time zone in date function
On Tue, 31 Jan 2012 14:57:41 +1300, Simon J Welsh wrote: On 31/01/2012, at 2:55 PM, Ron Piggott wrote: On my clients account when I use ?echo date(?D, d M Y H:i:s');? the output is 5 hours ahead of us. How do I change it to my local time? Is there a way to specify ?Eastern? time zone? I expect this would work: echo date(?D, d M Y H:i:s' , ( strtotime( date(?D, d M Y H:i:s') ? 21600 ) ) ); I would prefer to specify Eastern time, so if the web host changes a server setting it will remain in Eastern time zone. Ron You can set the timezone for your script using date_default_timezone_set() http://php.net/manual/en/function.date-default-timezone-set.php (wrap your lines, folks!) Is there a reason _not_ to use viz: putenv(TZ=America/Anguilla); ?? Or, is it simple Just The Linux Way(tm) , i.e. there's always more than one way to do a 'thing'? Jonesy -- Marvin L Jones| jonz | W3DHJ | linux 38.24N 104.55W | @ config.com | Jonesy | OS/2 * Killfiling google banter.com: jonz.net/ng.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Cannot make bzip2 stream on the fly
On 31-01-2012 15:34, Michael Shestero wrote: header(Content-Description: File Transfer); header(Content-Disposition: attachment; filename=f.bzip2); header(Content-Type: application/x-bzip2); //header(Content-length: . strlen($zippedfile) . \n\n); header(Content-Transfer-Encoding: binary); ob_flush(); $bz = bzopen( 'php://output' , 'w' ); if ($bz===FALSE) { echo FALSE; return; } bzwrite($bz,hi); bzclose($bz); bzopen returns error: bzopen(): cannot represent a stream of type Output as a File Descriptor in case using stdout instead of output it works but produce zero result. Following works ok: $z = fopen( 'php://output' , 'w' ); if ($z===FALSE) { echo FALSE; return; } fwrite($z,hihi); fclose($z); Please, help! What exactly are you trying to do? From the top section it seems like you're trying to output back via the standard output channel, meaning as the body of a response. This assumes you're working in a client/server relationship, where PHP is invoked server-side as a script, and its response is being sent back to the client (browser). But then all of a sudden, you start opening php://output which is an output stream which exists solely in the cli-mode! So, your answer is simply: 1. in the case of a browser/server type of relation: ?php header(Content-Description: File Transfer); header(Content-Disposition: attachment; filename=f.txt.bz2); header(Content-Type: application/x-bzip2); header(Content-Transfer-Encoding: binary); $compressed_string = bzcompress(hi); echo $compressed_string; 2. In the case that you're using php-cli, get rid of all the header stuff. It's useless here. - Tul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Time zone in date function
On Tue, Jan 31, 2012 at 4:22 PM, Jonesy gm...@jonz.net wrote: On Tue, 31 Jan 2012 14:57:41 +1300, Simon J Welsh wrote: On 31/01/2012, at 2:55 PM, Ron Piggott wrote: On my clients account when I use ?echo date(?D, d M Y H:i:s');? the output is 5 hours ahead of us. How do I change it to my local time? Is there a way to specify ?Eastern? time zone? I expect this would work: echo date(?D, d M Y H:i:s' , ( strtotime( date(?D, d M Y H:i:s') ? 21600 ) ) ); I would prefer to specify Eastern time, so if the web host changes a server setting it will remain in Eastern time zone. Ron You can set the timezone for your script using date_default_timezone_set() http://php.net/manual/en/function.date-default-timezone-set.php (wrap your lines, folks!) Is there a reason _not_ to use viz: putenv(TZ=America/Anguilla); ?? Or, is it simple Just The Linux Way(tm) , i.e. there's always more than one way to do a 'thing'? Jonesy From the PHP Manual: every call to a date/time function will generate a E_NOTICE if the timezone isn't valid, and/or a E_WARNING message if using the system settings or the TZ environment variable. So that will generate E_WARNING messages. - Matijn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] When to call mysqli::close
Hi good people, When should i call mysqli::close ? Should I call $stmt-close() at the end of the method(below) . Or should I call it after every condition ensuring that I close the database connection even if the process fails at some stage e.g bind param public function function_name($id,$new_id ){ $query = UPDATE TABLE SET name = ? WHERE field = ? ; if($stmt=$this-prepare($query)){ if($stmt-bind_param(is, $id, $new_id)){ if($stmt-execute()){ }else{//Could not execute the prepared statement $message = Could not execute the prepared statement; } }else{//Could not bind the parameters $message = Could not bind the parameters; } }else{ $message = Could not prepare the statement; } return $message } Kind regards Albert Kamau Saf : 0720550742
Re: [PHP] When to call mysqli::close
On 31 Jan 2012, at 16:28, Albert Kamau wrote: When should i call mysqli::close ? Should I call $stmt-close() at the end of the method(below) . Or should I call it after every condition ensuring that I close the database connection even if the process fails at some stage e.g bind param This has little to do with MySQLi and lots to do with where the variable is assigned. public function function_name($id,$new_id ){ $query = UPDATE TABLE SET name = ? WHERE field = ? ; if($stmt=$this-prepare($query)){ If this succeeds then you have a statement variable, so whatever happens from now on you'll need to clean up this variable. if($stmt-bind_param(is, $id, $new_id)){ if($stmt-execute()){ }else{//Could not execute the prepared statement $message = Could not execute the prepared statement; } }else{//Could not bind the parameters $message = Could not bind the parameters; } At this point you clean up $stmt because you know it's been assigned. There's no point in doing it in every else above because all paths through the code will reach here regardless of any errors. If one of the elses above was returning out of the method then you'd need to make sure you clean up $stmt before than happens. }else{ If you get in here then $stmt evaluates to false, so there's nothing to clean up. $message = Could not prepare the statement; } return $message } You may want to think about the order of your conditions. Personally I like to have the expression in the if evaluate to true if there was a problem, that way the error handling and the thing that caused the error are next to each other which I feel makes the code easier to read. Consider… public function function_name($id, $new_id) { // Initialise the return value $message = false; // Prepare the statment $stmt = $this-prepare('UPDATE TABLE SET name = ? WHERE field = ?'); if (!$stmt) { $message = 'Could not prepare the statement'; } else { // Bind the parameters and execute the statment if (!$stmt-bind_param('is', $id, $new_id)) { $message = 'Could not bind the parameters'; } elseif (!$stmt-execute()) { $message = 'Could not execute the prepared statement'; } else { // Everything worked, probably want to do something with // $message here. } // Clean up the statement $stmt-close(); } return $message } Also, I know this is probably just an example, but based on the function parameters either your SQL is wrong or the order of the parameters is wrong when binding, possibly both. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Cannot make bzip2 stream on the fly
Thank you for response. Script is server-side. It is to send a packed data as file (but the source isn't actually a file) via HTTP to client. bzcompress() are not suitable, because it cannot pack the stream on the fly (I have to store all amount of data in local variable before call it). My task is already SOLVED in the different way: $bz = fopen('php://output', 'w'); $param = array('blocks' = 6, 'work' = 0); stream_filter_append($bz, 'bzip2.compress', STREAM_FILTER_WRITE, $param); ...writing to $bz using fwrite() as into stream... fclose($bz); it gives exactly what I need. But still I wonder why bzopen() isn't work, meanwhile the phpdoc tells that it should work that way. --- Maciek Sokolewicz wrote: On 31-01-2012 15:34, Michael Shestero wrote: header(Content-Description: File Transfer); header(Content-Disposition: attachment; filename=f.bzip2); header(Content-Type: application/x-bzip2); //header(Content-length: . strlen($zippedfile) . \n\n); header(Content-Transfer-Encoding: binary); ob_flush(); $bz = bzopen( 'php://output' , 'w' ); if ($bz===FALSE) { echo FALSE; return; } bzwrite($bz,hi); bzclose($bz); bzopen returns error: bzopen(): cannot represent a stream of type Output as a File Descriptor in case using stdout instead of output it works but produce zero result. Following works ok: $z = fopen( 'php://output' , 'w' ); if ($z===FALSE) { echo FALSE; return; } fwrite($z,hihi); fclose($z); Please, help! What exactly are you trying to do? From the top section it seems like you're trying to output back via the standard output channel, meaning as the body of a response. This assumes you're working in a client/server relationship, where PHP is invoked server-side as a script, and its response is being sent back to the client (browser). But then all of a sudden, you start opening php://output which is an output stream which exists solely in the cli-mode! So, your answer is simply: 1. in the case of a browser/server type of relation: ?php header(Content-Description: File Transfer); header(Content-Disposition: attachment; filename=f.txt.bz2); header(Content-Type: application/x-bzip2); header(Content-Transfer-Encoding: binary); $compressed_string = bzcompress(hi); echo $compressed_string; 2. In the case that you're using php-cli, get rid of all the header stuff. It's useless here. - Tul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] differences in between these env. variables
On Jan 29, 2012, at 7:01 PM, Adam Richardson wrote: On Sun, Jan 29, 2012 at 11:38 AM, Tedd Sperling tedd.sperl...@gmail.com wrote: On Jan 27, 2012, at 12:45 PM, Adam Richardson wrote: On Fri, Jan 27, 2012 at 12:09 PM, Tedd Sperling tedd.sperl...@gmail.com wrote: On Jan 11, 2012, at 9:24 PM, tamouse mailing lists wrote: Is there ever a case where SCRIPT_NAME does not equal PHP_SELF? Was this every answered? I would like to know. Cheers, tedd Yep, can be different: http://stackoverflow.com/questions/279966/php-self-vs-path-info-vs-script-name-vs-request-uri Adam I should have been more clear -- I understand: [PHP_SELF] = /test.php/foo/bar [SCRIPT_NAME] = /test.php/ by practice is different. I should have used basename() in my question. The main point I was trying to get was which one is more secure and not subject to cross-site scripting or other such security issues? IOW, if you had to bet your life on it, which would be most secure in reporting an accurate basename()? That's an interesting question. Because $_SERVER['SCRIPT_NAME'] doesn't include path info appended to the get request, it greatly limits the attack surface, so I try to use it when I can. However, there are times when you want the ability to pass in additional path info (e.g., pretty urls), and that makes $_SERVER['PHP_SELF'] quite useful. In terms of securely using $_SERVER['PHP_SELF'], the one thing I don't ever recommend is trying to sanitize input (this view is in stark contrast to some of the resources online that detail how to safely use $_SERVER['PHP_SELF'] through a combination of techniques including sanitization.) I suggest that any time script receives that doesn't meet its expectations, the script should throw away the data and kindly communicate to the user that they'll have to try the request again with valid data. To use $_SERVER['PHP_SELF'] safely, the most important thing is context. In order for an XSS attack to succeed, it has to sneak in data that is structurally meaningful in the context of its use. If the web page outputs $_SERVER['PHP_SELF'] in an href such as the one below, then a double quote (or any of its possible encodings which buggily sneak through older browsers, but modern browsers seem to have corrected many of these issues) must be escaped: // if a double quote comes through PHP_SELF here and is not escaped, we're in trouble // https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.232_-_Attribute_Escape_Before_Inserting_Untrusted_Data_into_HTML_Common_Attributes a href=?php echo $_SERVER['PHP_SELF']; ?Link back to this page/a So, in the above case, I would first filter the PHP_SELF value through a regex that establishes a whitelist of valid values and/or characters (if you know all the possible paths of your app ahead of time, make sure there's a match; if you know that the path info only includes letters a-z, make sure there are they are the only characters you allow; etc.), and then for valid input, escape the output using htmlspeciachars(). NOTE: Developers who fail don't use quotes on attributes would have to be much more careful and escape several other characters in the above example. That all said, if PHP_SELF was being echoed out into a script tag, the above technique would be insufficient to protect against XSS, as the content of the script tag has many more structurally meaningful characters that have to be watched for and escaped. So, it really varies by the context of use. I'd use SCRIPT_NAME where I don't need the path info (but I'd still likely whitelist it's possible values and escape it's output.) And, if I needed the path info, I'd whitelist the possible PHP_SELF values and then escape the output according to the context. That all said, if my life depended on security of the app, I'd probably be very slow to put up any web pages, as the amount of testing and auditing I'd want to perform would be on the scale of years ;) Adam Adam: Thank you for your most thoughtful answer -- it was very informative. I won't be using echo $_SERVER['PHP_SELF']; for any forms or links. Cheers, tedd. _ t...@sperling.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] free space
is there any free server where one can practice php(myadmin) - sql without installing on personal computer?
[PHP] Re: Time zone in date function
On Tue, 31 Jan 2012 17:15:48 +0100, Matijn Woudt wrote: On Tue, Jan 31, 2012 at 4:22 PM, Jonesy gm...@jonz.net wrote: Is there a reason _not_ to use viz: putenv(TZ=America/Anguilla); ?? Or, is it simple Just The Linux Way(tm) , i.e. there's always more than one way to do a 'thing'? From the PHP Manual: every call to a date/time function will generate a E_NOTICE if the timezone isn't valid, and/or a E_WARNING message if using the system settings or the TZ environment variable. So that will generate E_WARNING messages. Ya, but... I am using that _very_ statement and get no E_WARNING. The timezone illustrated _is_ valid. IWFM. I believe the PHP manual is 'awkwardly' written in this case. Better would be if that *whole* sentence above was re-written beginning with If the timezone is invalid, every call , and/or an E_WARNING ... As written, it could be construed to mean an E_WARNING is _always_ generated for setting the TZ environment variable. Jonesy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] free space
On Tue, Jan 31, 2012 at 1:59 PM, saeed ahmed mycomputerbo...@gmail.comwrote: is there any free server where one can practice php(myadmin) - sql without installing on personal computer? Not that I know of. There may be some, but I wouldn't bother. You can find Virtualbox server images pre-made from sites such as this: http://virtualboxes.org/images/ubuntu/ #5 has apache, mysql and php installed (a LAMP package). You can use Virtualbox to run the server virtually, without having to install everything on your dev computer. Similar packages for Xen and VMWare are available, just go googling. -- --Zootboy Sent from my PC.
RE: [PHP] free space
-Original Message- From: Sean Greenslade [mailto:zootboys...@gmail.com] Sent: Tuesday, January 31, 2012 2:50 PM To: saeed ahmed Cc: PHP General Subject: Re: [PHP] free space On Tue, Jan 31, 2012 at 1:59 PM, saeed ahmed mycomputerbo...@gmail.comwrote: is there any free server where one can practice php(myadmin) - sql without installing on personal computer? Not that I know of. There may be some, but I wouldn't bother. You can find Virtualbox server images pre-made from sites such as this: http://virtualboxes.org/images/ubuntu/ #5 has apache, mysql and php installed (a LAMP package). You can use Virtualbox to run the server virtually, without having to install everything on your dev computer. Similar packages for Xen and VMWare are available, just go googling. -- --Zootboy Sent from my PC. I might suggest you read about the security issues when using phpmyadmin and understand how to secure it as well. I would never use the script personally because of the limitations and the measures you have to put in place to secure it are exhausting and limited by hosting providers . I would always work locally to ensure stability and ensuring that bad sql statements do not take down your service. Just my thoughts about phpmyadmin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php