Re: [PHP] Greate day for you,
2010/4/7 Nilesh Govindarajan : > On 04/07/10 21:41, Chris G wrote: >> >> http://sites.google.com/site/vfgbyuhoi6/kewe2w >> > > Bloody asshole spammer. > Is there no spam filter at lists.php.net ? It was probably a virus or a trojahn, not intentionally sent to the list by the OP... > > -- > Nilesh Govindarajan > Site & Server Administrator > www.itech7.com > मेरा भारत महान ! > मम भारत: महत्तम भवतु ! > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP MySQL Insert Statements
2010/3/11 Martine Osias : > Hi, > > My insert statements on this web page don't execute. The select statements > do work. This tells me that the database connection is working. The username > and password are the administrator's. What else could prevent the insert > statements from executing? Would you mind giving us some hints about how the INSERT statements looks like? Thanks. > > Thank you. > > > Martine > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Execution order of PHP
2010/3/10 Andrew Ballard : > On Wed, Mar 10, 2010 at 9:54 AM, Bruno Fajardo wrote: > [snip] >> 2010/3/10 Auke van Slooten : >>> This is not what I meant. I should perhaps mention that it's an xml-rpc >>> client and the method calls are remote method calls. The multiCall method >>> gathers multiple method calls into a single request. >>> >>> The trick I'm using now is to set a private property in the $client->__get() >>> method when the property you're accessing is 'system'. From then untill you >>> call the method 'multiCall', instead of calling the methods (in this case >>> methodOne and methodTwo) the client creates a new object with the call >>> information (method name and arguments) and returns that. In multiCall all >>> arguments are therefor call information objects and multicall creates a >>> single request based on that information. >> >> Hmm, you cleared that to me now... If you need to first create the >> property "system" and then call a method in that object "system", >> can't you do something like: >> >> $client->system = null; >> $client->system->multiCall( >> $client->methodOne(), >> $client->methodTwo() >> ); >> >> I'm not testing these snippets of code, so sorry if I'm getting something >> wrong. >> >> Cheers, >> Bruno. >> > [snip] > > I'm not sure you would want to assign null to $client->system. After > all, __set() might not be defined. Yes, you're right, Andrew. Setting the property to null is not the best choice in this case. > > I agree with Rob here. If order is really crucial, then call the > statements in the correct order: > > > /** > * causes $client to call __get() in order to resolve > * 'system' > */ > $system = $client->system; > This was my point too, to create the object before the call to multiCall(), I just messed my example with the null assignment... :-) The code you suggested must solve the OP issue. Cheers, Bruno. > > /** > * You should add some handling here to make sure that > * $system is really an object that implements your > * multiCall() method, and not something else (like null). > */ > > > $system->multiCall( > $client->methodOne(), > $client->methodTwo() > ); > > ?> > > > > Andrew > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Execution order of PHP
2010/3/10 Auke van Slooten : > Bruno Fajardo wrote: >> >> 2010/3/10 Auke van Slooten >>> >>> Hi, >>> >>> In a hobby project I'm relying on the order in which the following piece >>> of PHP code is executed: >>> >>> $client->system->multiCall( >>> $client->methodOne(), >>> $client->methodTwo() >>> ); >> >> Can't you call the methods $client->methodOne() and >> $client->methodTwo() before the call to $client->system->multiCall()? >> That way, you could store they values in local variables, and then >> pass them to the $client->system->multiCall(), assuring that those >> methods are executed before the multiCall(). Something like: >> >> $methodOne = $client->methodOne(); >> $methodTwo = $client->methodTwo(); >> $client->system->multiCall($methodOne, $methodTwo); > > Hi, > > This is not what I meant. I should perhaps mention that it's an xml-rpc > client and the method calls are remote method calls. The multiCall method > gathers multiple method calls into a single request. > > The trick I'm using now is to set a private property in the $client->__get() > method when the property you're accessing is 'system'. From then untill you > call the method 'multiCall', instead of calling the methods (in this case > methodOne and methodTwo) the client creates a new object with the call > information (method name and arguments) and returns that. In multiCall all > arguments are therefor call information objects and multicall creates a > single request based on that information. Hmm, you cleared that to me now... If you need to first create the property "system" and then call a method in that object "system", can't you do something like: $client->system = null; $client->system->multiCall( $client->methodOne(), $client->methodTwo() ); I'm not testing these snippets of code, so sorry if I'm getting something wrong. Cheers, Bruno. > > So in your example the client would simply call methodOne and methodTwo and > return the results. Then it would try to do a multiCall with whatever the > previous methods have returned. > > regards, > Auke van Slooten > Muze > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Execution order of PHP
2010/3/10 Auke van Slooten > > Hi, > > In a hobby project I'm relying on the order in which the following piece of > PHP code is executed: > > $client->system->multiCall( > $client->methodOne(), > $client->methodTwo() > ); > > Currently PHP always resolves $client->system (and executes the __get on > $client) before resolving the arguments to the multiCall() method call. Hi! Can't you call the methods $client->methodOne() and $client->methodTwo() before the call to $client->system->multiCall()? That way, you could store they values in local variables, and then pass them to the $client->system->multiCall(), assuring that those methods are executed before the multiCall(). Something like: $methodOne = $client->methodOne(); $methodTwo = $client->methodTwo(); $client->system->multiCall($methodOne, $methodTwo); Cheers, Bruno. > > Is this order something that is specified by PHP and so can be relied upon to > stay the same in the future or is it just how it currently works. > > If it cannot be relied upon to stay this way, I will have to rewrite the > multiCall method and API... > > regards, > Auke van Slooten > Muze > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to get the 'return type' of a function?
2010/2/23 Daniel Egeberg
>
> 2010/2/23 Dasn :
> > Hello guys, I try to use 'ReflectionFunction' to retrieve the info of a
> > function.
> > For example:
> > >
> > $rf = new ReflectionFunction('strstr');
> > echo $rf;
> > ?>
> > === output ==
> >
> > Function [ function strstr ] {
> >
> > - Parameters [3] {
> > Parameter #0 [ $haystack ]
> > Parameter #1 [ $needle ]
> > Parameter #2 [ $part ]
> > }
> > }
> >
> > The problem is there's no 'return type' (i.e. 'string' in this example)
> > info about the function.
> >
> > Could you tell me how to retrieve the 'return type'?
> > Thanks.
> >
> >
> > --
> > Dasn
>
> That's not possible. Consider this function:
>
> function foo()
> {
> switch (rand(0, 1)) {
> case 0: return 42;
> case 1: return 'bar';
> }
> }
>
> What should the return type be?
Mixed?
http://www.php.net/manual/en/language.pseudo-types.php#language.types.mixed
>
> --
> Daniel Egeberg
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cookies & sessions
2010/1/20 : > When you are working with sessions, provided you start your program with > session_id(), you > can then do anything you like with session variables at any point in your > program. Hi, You meant session_start() instead of session_id(), right? But yes, once you started a session (before any output is sent to the browser, that includes echo and print statements, empty space chars, etc) you can do anything you like with the $_SESSION array, being able to read the stored values in other requests / scripts of your app, as long as the session is started. > In my > original question I asked if there was a cookie equivalent. As far as I know, yes, there is. You set a cookie using the setcookie() function. This function, in the same way as session_start(), must be called before any output is sent to the browser. Once a cookie is set in the client, you can read the $_COOKIE array in any subsequent request of your client, in any point of your app, just like session. > > Someone said there was, but the above is simply demonstrating that their > suggested > solution doesn't work. It appears there is no solution, but that the > workaround is to turn > on output buffering, at least until you finish setting cookies, so that you > can be certain > that no output is generated before this point. You don't need to use output buffering at all. You only need this mechanism if your script needs to output stuff before the session_start() or setcookie() functions get executed. Well, I hope this information is helpful. Cheers, Bruno. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cookies & sessions
2010/1/19 : > I am trying for the first time to use cookies. The manual contains the > statement "Cookies > are part of the HTTP header, so setcookie() must be called before any output > is sent to > the browser." > > When I first started using sessions, I was alarmed to read a very similar > statement about > sessions, but I soon found that if I started my program with the statement > "session_start();" I could then set up, access, modify or clear any session > variable at > any time in my program. This is enormously useful, as I can put the session > handling at > any convenient point in my program, and can precede them with diagnostics if > I need to. > > However I have almost immediately found that while I appear to be able to > read cookies at > any time, I cannot set them when I would like to. Is there any similar trick > which will > work with cookies? The only trick is that you have to call setcookie() before any output is sent to the browser, just like the session_start() behavior. > If I really have to work out what they should be, and then set them up, > before issuing any diagnostics, etc, it will make life decidely more > complicated. (I > assume that I can set several cookies using successive calls to setcookie()?) Yes, each one with a differente name. > > I was also somewhat surprised to find that a cookie is used to implement > sessions. Does > this place any limitations on using both sessions and cookies in the same > program? > No. The cookie in PHP that implements session is by default called PHPSESSID. As long as your other cookies are named differently, you should be fine. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What's the best way to extract HTML out of $var?
2010/1/15 alexus : > What's the best way to extract HTML out of $var? > > example of $var > > $var = "http://http://stackoverflow.com/"Stack Overflow" > I want > > $var2 = "http://starckoverflow.com/"; > example: preg_match(); > > what else? Hi, If you simply wants to remove all tags from the string, try using the strip_tags function (http://php.net/strip_tags). > > -- > http://alexus.org/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] header("Location:...") fails
2010/1/13 Richard S. Crawford
>
> Here is a snippet of code that is going to be the death of me:
>
>
> // Create a new project
> $projectcode = strtoupper(addslashes($_POST['projectcode'])); // project
> code
>
> // Make sure the project code is unique
> if (!$existingproject = mysql_query("select * from pb_versions where
> projectcode like '".strtoupper($projectcode)."'")) {
> die ("Could not check for existing project code!".mysql_error());
> }
>
> $numprojects = mysql_num_rows($existingproject);
>
> if ($numprojects > 0) {
> $pid = mysql_result($existingproject,0,"versionID");
> header("Location:managebudget.php?e=1&pid=$pid");
> }
>
>
> Now, even if $numprojects is 1, 2, 3, etc., the header() command is not
> executed. Strangely, a header("Location") command later on in the script
> *is* executed. I've output the value of $numprojects, so I know that it's
> greater than 0, so the command
> header("Location:managebudget.php?e=1&pid=$pid"); *should* be executed...
> but it isn't. (Weirdly, if I put a die() command *after* this header()
> command, it works... but it seems pathologically inelegant to do so.)
There's nothing in wrong in putting a die command after the
header("Location"). In fact, it is common. The header() command by
itself don't imply in the send of the request. You can have many
header() commands in sequence, and the header will be sent only in the
end of the process.
Cheers,
Bruno.
>
> Obviously, I'm missing something incredibly basic. Can anyone help me figure
> this out?
>
>
> --
> Richard S. Crawford (rscrawf...@mossroot.com)
> http://www.mossroot.com
> Publisher and Editor in Chief, Daikaijuzine (http://www.daikaijuzine.com)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SVG and PHP
2010/1/5 Alice Wei
>
> Hi,
>
> Just went online and saw an SVG generated from Python, and wanted to do
> the similar thing by loading the SVG into an PHP script. Here is the script
> that I have:
>
>
> #Load the Map
> $ourFileName= "USA_Counties_with_FIPS_and_names.svg";
> $fh = fopen($ourFileName, "r") or die("Can't open file");
> fclose($fh);
>
> ?>
>
> The problem is that my screen appears as blank even though I could open up
> USA_Counties_with_FIPS_and_names.svg and see the entire US Map. Does anyone
> know what I might have done wrong here?
>
Aren't you just opening the file? I think that you need to print it in some
way suitable to your application.
Try using fread() or other function to read the contents of the file.
>
> Thanks in advance.
>
> Alice
>
> _
> Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
> http://clk.atdmt.com/GBL/go/177141664/direct/01/
Re: [PHP] Dual PHP installation and session sharing
Hi, Zareef. I have not tried storing session in a database, and I think it's not an option in my case, since I'm working on a legacy software that uses distributed databases across several servers. Actually, I guess it would be easier to setup a new webserver, running PHP 5 only, and discontinue the current one. But if there's a chance to share session in the actual environment, I would certainly prefer that. Thanks for the reply! 2009/7/19 Zareef Ahmed > > > On Sat, Jul 18, 2009 at 1:34 AM, Bruno Fajardo wrote: >> >> Hi all, >> >> I'm using Apache/2.2.3 (Linux/SUSE), running PHP 4.4.7 in CGI mode, in a >> dual installation with PHP 5.1.2 running as an Apache module. >> Scripts with .php5 extension are executed by PHP 5, and those with .php are >> executed by PHP 4, and everything runs as expected. >> My question is: is it possible to share session data between .php and .php5 >> scripts in this environment? All my tests failed. > > have you tried using database as session storage and setting session id > manually in your application. >> >> >> Thanks in advance! > > > > -- > Zareef Ahmed :: A PHP Developer in India ( Delhi ) > Homepage :: http://www.zareef.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Dual PHP installation and session sharing
Hi all, I'm using Apache/2.2.3 (Linux/SUSE), running PHP 4.4.7 in CGI mode, in a dual installation with PHP 5.1.2 running as an Apache module. Scripts with .php5 extension are executed by PHP 5, and those with .php are executed by PHP 4, and everything runs as expected. My question is: is it possible to share session data between .php and .php5 scripts in this environment? All my tests failed. Thanks in advance!
Re: [PHP] Best Encryption Algorithm
Hi there! Try out AES. http://en.wikipedia.org/wiki/Advanced_Encryption_Standard Bruno. 2009/6/3 Hemant Patel > > Hello Everyone, > Hope you all are doing great. > Now we are creating a application which has high level > of security so its obvious that we will require a algorithm for > encryption/decrytpion.So Can anybody suggest me the best algorithm for > encryption(irrespective of any languageJust a Algorithm). > > > With Regards, > Hemant Patel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MYSQL 5 auto increment not working
2009/5/21 Leidago !Noabeb > Hi All > > > I know this is not strictly a PHP question, but i have a problem whenever i > insert a record using PHP. Basically the auto increment field does not work > at all. Here's the structure of the table that i'm using: > > CREATE TABLE `children` ( > `cid` int(4) NOT NULL auto_increment, > `cname` char(50) default NULL, > `csname` char(50) default NULL, > PRIMARY KEY (`cid`) > ) ENGINE=InnoDB > > I use PHP 5.1 and MYSQL 5 > > I'm pretty sure the code i use to insert the data is sound since i've > tested > it with older versions of MYSQL. > > Has anyone else had similar problems? Did you left empty the field `cid` (PK) in your INSERT statement?
Re: [PHP] Variables not initialized. Is it possible to...
This kind of tip is raised in form of notices. So, to enable that, use the following function on top of your scripts: error_reporting(E_ALL | E_NOTICE); Best regards, Bruno. 2009/5/18 Paul M Foster > On Mon, May 18, 2009 at 05:38:37PM +0200, Cesco wrote: > > > Is it possible to set a parameter in PHP 5 to ask the interpreter to > > raise an error every time I try to use a variable that wasn't > > initialized before ? > > > > For example, I've write this piece of code in Python: > > > > > > print(DonaldDuck) > > > > > > I get this error: > > > > Traceback (most recent call last): > > File "/Users/Cesco/Desktop/prova.py", line 3, in > > print(DonaldDuck); > > NameError: name 'DonaldDuck' is not defined > > > > > > Until now I've seen that when I write this PHP equivalent: > > > > > > echo($DonaldDuck); > > > > > > When I try to run it, the PHP writes a blank string, because the > > variable is not yet initialized and PHP assumes that its value is an > > empty string (I guess) > > > > > > I'd like to have the same behaviour of Python in PHP, do you think > > that it is possible? > > Set your error reporting higher: > > error_reporting(E_ALL); > > at the top of your script. > > Paul > -- > Paul M. Foster > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] Re: SQL Injection - Solution
2009/5/6 Igor Escobar :
> hun...by the way I forgot to mention, I am Brazilian and here in Brazil
> these words are not common ...
Igor,
I'm brazilian too, but that is not the point. Deny the use of *any*
word as input in your app is unnecessary. The problem that you're
trying to solve, has been solved a long time ago.
Bruno.
>
> That is a recursive function and i can use array_map becouse i some cases we
> obtain arrays of arrays and that will generate a error.
>
>
> Regards,
> Igor Escobar
> Systems Analyst & Interface Designer
>
> --
>
> Personal Blog
> ~ blog.igorescobar.com
> Online Portifolio
> ~ www.igorescobar.com
> Twitter
> ~ @igorescobar
>
>
>
>
>
> On Wed, May 6, 2009 at 2:36 PM, Shawn McKenzie wrote:
>
>> Igor Escobar wrote:
>> > Hunnn...
>> >
>> > So, what do you think now?
>> >
>> > function _antiSqlInjection($Target){
>> > $sanitizeRules =
>> > array('OR','FROM','SELECT','INSERT','DELETE','WHERE','DROP
>> > TABLE','SHOW TABLES','*','--','=');
>> > foreach($Target as $key => $value):
>> > if(is_array($value)): $arraSanitized[$key] =
>> > _antiSqlInjection($value);
>> > else:
>> > $arraSanitized[$key] = (!get_magic_quotes_gpc()) ?
>> > addslashes(str_ireplace(trim($sanitizeRules,"",$value))) :
>> > str_ireplace(trim($sanitizeRules,"",$value));
>> > endif;
>> > endforeach;
>> > return $arraSanitized;
>> > }
>> >
>> Stay on list please. I don't like the ternary or the brace omissions
>> (alternate syntax) :-) however
>>
>> My point was that in my opinion you don't need the replace at all.
>> Also, do you really want to strip all 'or', * and = from all fields?
>> These may be perfectly valid in your app. Or is a very, very common
>> word, so is from and come to think of it, where, select, insert and delete.
>>
>> For any of the SQL injections to work in your query, there will need to
>> be quotes or the backtick ` in the user supplied content. The quotes
>> are escaped by mysql_real_escape_string().
>>
>> I don't see any way for a SQL injection without the user input
>> containing quotes or the backtick to break out of your query or
>> prematurely terminate an expression. Some examples here, however they
>> don't mention the backtick:
>> http://us2.php.net/manual/en/security.database.sql-injection.php
>>
>> This might be more useful:
>>
>> ||function _antiSqlInjection($Target)
>> {
>> if(is_array($Target)) {
>> $Value = array_map('_antiSqlInjection', $Target);
>> } else {
>> if(get_magic_quotes_gpc()) {
>> $Target = stripslashes($Target);
>> }
>> // replace backtick with single quote or whatever
>> $Target = str_replace("`", "'", $Target);
>> $Value = mysql_real_escape_string($Target);
>> }
>> return $Value;
>> }
>>
>> Thanks!
>> -Shawn
>>
>>
>>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SQL Injection - Solution
Hi there!
2009/5/6 Igor Escobar
>
> Hi folks,
> Someone know how i can improve this function to protect my envairounment
> vars of sql injection attacks.
>
> that is the function i use to do this, but, some people think is not enough:
>
> * @uses $_REQUEST= _antiSqlInjection($_REQUEST);
> * @uses $_POST = _antiSqlInjection($_POST);
> * @uses $_GET = _antiSqlInjection($_GET);
> *
> * @author Igor Escobar
> * @email blog [at] igorescobar [dot] com
> *
> */
>
> function _antiSqlInjection($Target){
> $sanitizeRules =
> array('OR','FROM,'SELECT','INSERT','DELETE','WHERE','DROP TABLE','SHOW
> TABLES','*','--','=');
> foreach($Target as $key => $value):
> if(is_array($value)): $arraSanitized[$key] =
> _antiSqlInjection($value);
> else:
> $arraSanitized[$key] =
> addslashes(strip_tags(trim(str_replace($sanitizeRules,"",$value;
> endif;
> endforeach;
> return $arraSanitized;
>
>
> }
>
> You can help me to improve them?
What if someone posts, in any form of your app, a message containing
"or", "from" or "where"? Those are very common words, and eliminate
them is not the best solution, IMO.
Use mysql_real_escape_string() like Shawn said, possibly something
like this would do the trick (from
http://br2.php.net/manual/en/function.mysql-query.php):
$query = sprintf("SELECT firstname, lastname, address, age FROM
friends WHERE firstname='%s' AND lastname='%s'",
mysql_real_escape_string($firstname),
mysql_real_escape_string($lastname));
Cheers,
Bruno.
>
>
>
> Regards,
> Igor Escobar
> Systems Analyst & Interface Designer
>
> --
>
> Personal Blog
> ~ blog.igorescobar.com
> Online Portifolio
> ~ www.igorescobar.com
> Twitter
> ~ @igorescobar
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RE: AJAX with POST
Ajax is asynchronous. The option of asynchronous or synchronous can be set
in the XMLHTTPRequest object (used by Ajax), but a synchronous call is not
Ajax.
Cheers,
Bruno.
2009/4/5 Phpster
> Ajax can be both async and sync. Itsbthe fourth param in the open call and
> I believe by default it's a sync call not async
>
> Bastien
>
> Sent from my iPod
>
> On Apr 4, 2009, at 21:33, Skip Evans wrote:
>
> But my function using GET does seem to wait.
>>
>> Granted I cobbled it together from various samples and didn't author it
>> from my own deep understanding of the exact process, but here's the snippet
>> that does the real work.
>>
>> req.open('GET', url, false);
>> req.send(null);
>>
>> if(req.responseText) {
>> if(req.responseText.substring(0,7) == 'debug!!') {
>> alert(req.responseText.substring(7));
>> }
>> }
>>
>> return(req.responseText);
>>
>> It seems to wait until it has data to return, because it works perfectly.
>> I can send it a URL from another function and get the data back from server
>> to the function as expected.
>>
>> The only part of it I'm unsure of is this:
>>
>> req.send(null);
>>
>> What does that do? As I said, I cobbled this function from examples, got
>> it working, and presto, was off and running.
>>
>> Skip
>>
>>
>> Brad Broerman wrote:
>>
>>> Well, as the "A" in Ajax is asynchronous, there's no real way to make it
>>> wait. What you would normally do is use a callback:
>>> function createXHRObject( )
>>> {
>>> if (typeof XMLHttpRequest != "undefined")
>>> {
>>> return new XMLHttpRequest();
>>> }
>>> else if (typeof ActiveXObject != "undefined")
>>> {
>>> return new ActiveXObject("Microsoft.XMLHTTP");
>>> }
>>> else
>>> {
>>> throw new Error("XMLHttpRequest not supported");
>>> }
>>> }
>>> function sendAjaxRequest( websvcurl , params, callbackFn )
>>> {
>>> var xhrObject = createXHRObject();
>>> xhrObject.open("POST", websvcurl, true);
>>> xhrObject.onreadystatechange = function()
>>> {
>>> if (xhrObject.readyState == 4)
>>> {
>>> if( xhrObject.responseXML != null )
>>> {
>>> callbackFn (xhrObject.responseXML);
>>> }
>>> }
>>> }
>>> xhrObject.setRequestHeader("Content-type",
>>> "application/x-www-form-urlencoded");
>>> xhrObject.setRequestHeader("Content-length", params.length);
>>> xhrObject.setRequestHeader("Connection", "close");
>>> xhrObject.send(params);
>>>
>>> }
>>> -Original Message-
>>> From: Skip Evans [mailto:s...@bigskypenguin.com]
>>> Sent: Saturday, April 04, 2009 5:30 PM
>>> To: php-general@lists.php.net
>>> Subject: AJAX with POST
>>> Hey all,
>>> At the risk of being told this is a PHP and not a JS list, but
>>> also knowing the discussions on this list, to the benefit of
>>> all I believe, very wildly, I'm posting this JS code snippet
>>> for some advice.
>>> As I posted earlier, my AJAX app that uses a GET to post to
>>> the server (and get a response), fails on IE with larger data,
>>> so I thought I'd take a shot at writing a POST function, but
>>> so far I can get it to get the data back, but the problem is
>>> by the time the data has come back the function has already
>>> returned null back to the calling function. What I need this
>>> function to do is wait for the data to come back and then send
>>> it back to caller. Here's the function. Any advice would be
>>> greatly appreciated. (The code to get the appropriate object
>>> per browser has been omitted.)
>>> http.open("POST", url, true);
>>> //Send the proper header information along with the request
>>> http.setRequestHeader("Content-type",
>>> "application/x-www-form-urlencoded");
>>> http.setRequestHeader("Content-length", url.length);
>>> http.setRequestHeader("Connection", "close");
>>> http.send(url);
>>> http.onreadystatechange = function() {//Call a function when
>>> the state changes.
>>> if(http.readyState == 4 && http.status == 200) {
>>> alert('['+http.responseText+']');
>>> return (http.responseText);
>>> }
>>> }
>>> --
>>>
>>> Skip Evans
>>> Big Sky Penguin, LLC
>>> 503 S Baldwin St, #1
>>> Madison WI 53703
>>> 608.250.2720
>>> http://bigskypenguin.com
>>>
>>> Those of you who believe in
>>> telekinesis, raise my hand.
>>> -- Kurt Vonnegut
>>>
>>
>> --
>>
>> Skip Evans
>> Big Sky Penguin, LLC
>> 503 S Baldwin St, #1
>> Madison WI 53703
>> 608.250.2720
>> http://bigskypenguin.com
>>
>> Those of you who believe in
>> telekinesis, raise my hand.
>> -- Kurt Vonnegut
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/u
Re: [PHP] Re: Extract result from a https remote server response
Assigning the return of file_get_contents to a variable? Didn't get your point... 2009/2/13 m a r k u s > > Shawn McKenzie wrote: >> >> Shawn McKenzie wrote: >>> >>> m a r k u s wrote: Hi all, Example : https://www.moneybookers.com/app/email_check.pl?email=t...@toto.com&cust_id=123546&password=123 The MB server response displayed is : Illegal operation. We would like to put the result below in a php variable and process it . An idea ? PS: The server is secured. The php functions like file(), file_get_contents(), readfile(), fopen() has been tested. Regards -- m a r k u s > > >> allow_url_fopen = On > > > We have no control of the MB remote server configuration. > > -- > m a r k u s > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] sprintf thousand separator.
Can you extend the JPGraph class, intercepting the desired method, formatting the output the way you need? 2009/2/11 João Cândido de Souza Neto > > No, I can´t, because if I do it how can jpgrhph render without numeric data? > hehehe > > "Richard Heyes" escreveu na mensagem > news:af8726440902110523x63ce5485p6534d10063eb4...@mail.gmail.com... > >> Thanks for your answer, but my real problem is to get thousand separator > >> in > >> jpgraph class which uses sprintf to display almost everithing; > > > > Can you format it first, and then pass it to JPGraph ? > > > > -- > > Richard Heyes > > > > HTML5 Canvas graphing for Firefox, Chrome, Opera and Safari: > > http://www.rgraph.org (Updated January 31st) > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php validate user password
Or, like the article suggested, a random portion for the hash... I agree with you, Micah. The hash collision is a problem, and must be avoided. Same password hashes for different users are very good candidates for a dictionary attack. Probably, in most of this cases, users picked "easy" passwords, like "1234" or "admin". Cheers 2009/2/9 Micah Gersten > > onlist this time... > > tedd wrote: > > > > > > > > > > I think the MD5() hash is a pretty good way and if the weakness is the > > > user's lack of uniqueness in determining their passwords, then we can > > > focus on that problem instead of looking to another hash. And besides, > > > the solution presented was to create a salt and use that -- that's > > > just another step in the algorithm process not much different than > > > what I propose. > > > > > > Cheers, > > > > > > tedd > > > > > > > The MD5 hash IS the problem. The problem isn't the uniqueness of the > passwords, but rather the uniqueness of the hash. The solution is to use > another hash that does not have the same collision issues. > > Thank you, > Micah Gersten > onShore Networks > Internal Developer > http://www.onshore.com > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- Bruno Fajardo - Desenvolvimento bruno.faja...@dinamize.com - www.dinamize.com Dinamize RS - Porto Alegre-RS - CEP 90420-111 Fones (51) 3027 7158 / 8209 4181 - Fax (51) 3027 7150 Dinamize BA - Lauro de Freitas - Fone 71 3379.7830 Dinamize SC - Joinville - Fone 47 3025.1182 Dinamize DF - Asa Norte - Brasília - Fone 61 3274.1172 Dinamize SP - São Paulo - Fone 11 6824.6250 Dinamize PR - Curitiba - Fone 41 3306.4388 Dinamize RS - Caxias do Sul - Fone 54 3533.4333 Dinamize RJ - Rio de Janeiro - Fone 21 2169.6311 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php validate user password
tedd,
I think that the problem of the "duplicated hashes" in the database
(in the case of two users using the same password) persists with a
constant prefix in the passwords. Although the random salt portion get
stored in the database concatenated to the hash, the attacker don't
know the string length of the salt, making the attack very difficult.
Cheers
2009/2/9 tedd :
> At 2:02 PM + 2/9/09, Stuart wrote:
>>
>> 2009/2/9 Michael Kubler :
>>>
>>> These days SHA should really be used instead of MD5, and you should be
>>> SALTing the password as well.
>>> Here's a great guide :
>>> http://phpsec.org/articles/2005/password-hashing.html
>>
>> Good advice. I would also advise against stripping and trimming
>> anything from passwords. By removing characters you're significantly
>> reducing the number of possible passwords.
>
> I read the article and didn't find any objection to it, but before we all
> jump on the SHA bus, why can't we do this:
>
> 1. Allow the user to pick whatever password they want.
>
> 2. After entry, add a token string to it, such as 'a14fmw9'.
>
> 3. Do a M5() hash and store the hash the dB.
>
> When the user wants to log back in:
>
> 1. They enter their password.
>
> 2. We add the token string ('a14fmw9') to it.
>
> 3. Then we M5() the string and compare that hash with what's stored. That
> will work.
>
> Furthermore, if the token string is stored in the script, or in a
> configuration file, and not in the database (as suggested by the author),
> then if someone obtains access to the database, all the dictionary and other
> such brute force attacks will be more difficult because the hashes are more
> complex than one would normally expect, right?
>
> If not so, then where am I wrong?
>
> Another scheme would be simply to use the user's password and generate a
> hash. Then reverse the users password and generate another hash. Then
> shuffle the two hashes, or take pairs, or quads, or any number of other
> techniques to obscure the hash. As long at the process can be reversed, it
> will work.
>
> From my limited view, a minor amount of work can throw a major monkey wrench
> in any method of trying to crack a hash -- am I wrong?
>
> Cheers,
>
> tedd
>
> --
> ---
> http://sperling.com http://ancientstones.com http://earthstones.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] long echo statement performance question
I am so stick to Smarty that I never tried other solutions, like Savant. Thanks for the tip, I'll try it right away. Cheers. 2009/2/6 Eric Butera : > On Fri, Feb 6, 2009 at 1:43 PM, Bruno Fajardo wrote: >> Well, Smarty's caching layer is very fast. Maybe not as fast as an >> echo statement, but apparentely Frank was also interested in separate >> logic from presentation, and a series of echo's is not the best >> solution in my opinion. :-) >> But the best solution depends of the context of the application, i agree. > > Right on. I was just playing anyways. I'm a strong supporter of > things like Savant & Zend_View. Use PHP, but for read only type of > things with no logic. > > -- > http://www.voom.me | EFnet: #voom > -- Bruno Fajardo - Desenvolvimento bruno.faja...@dinamize.com - www.dinamize.com Dinamize RS - Porto Alegre-RS - CEP 90420-111 Fones (51) 3027 7158 / 8209 4181 - Fax (51) 3027 7150 Dinamize BA - Lauro de Freitas - Fone 71 3379.7830 Dinamize SC - Joinville - Fone 47 3025.1182 Dinamize DF - Asa Norte - Brasília - Fone 61 3274.1172 Dinamize SP - São Paulo - Fone 11 6824.6250 Dinamize PR - Curitiba - Fone 41 3306.4388 Dinamize RS - Caxias do Sul - Fone 54 3533.4333 Dinamize RJ - Rio de Janeiro - Fone 21 2169.6311 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] long echo statement performance question
Well, Smarty's caching layer is very fast. Maybe not as fast as an echo statement, but apparentely Frank was also interested in separate logic from presentation, and a series of echo's is not the best solution in my opinion. :-) But the best solution depends of the context of the application, i agree. 2009/2/6 Eric Butera : > On Fri, Feb 6, 2009 at 12:15 PM, Bruno Fajardo wrote: >> In my opinion, you would achieve better results using a template >> engine, like Smarty (http://www.smarty.net/). In addition, your code >> would be entirely separated from presentation in a elegant way. >> >> 2009/2/6 Frank Stanovcak : >>> I'm in the process of seperating logic from display in a section of code, >>> and wanted to make sure I wasn't treading on a performance landmine here, so >>> I ask you wizened masters of the dark arts this... >>> >>> is there a serious performance hit, or reason not to use long, ie more than >>> 30 - 40 lines, comma conjoined echo statments... >>> >>> echo 'blah', $var, 'blah', $var2,...ad nauseum >>> >>> ... to output mixed html and php var values? If so could you refer me to a >>> work around, or better way? >>> >>> Frank >>> >>> >>> >>> -- >>> PHP General Mailing List (http://www.php.net/) >>> To unsubscribe, visit: http://www.php.net/unsub.php >>> >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> > > In a thread about performance you suggest Smarty? Really? :D > > -- > http://www.voom.me | EFnet: #voom > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] long echo statement performance question
In my opinion, you would achieve better results using a template engine, like Smarty (http://www.smarty.net/). In addition, your code would be entirely separated from presentation in a elegant way. 2009/2/6 Frank Stanovcak : > I'm in the process of seperating logic from display in a section of code, > and wanted to make sure I wasn't treading on a performance landmine here, so > I ask you wizened masters of the dark arts this... > > is there a serious performance hit, or reason not to use long, ie more than > 30 - 40 lines, comma conjoined echo statments... > > echo 'blah', $var, 'blah', $var2,...ad nauseum > > ... to output mixed html and php var values? If so could you refer me to a > work around, or better way? > > Frank > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Bruno Fajardo - Desenvolvimento bruno.faja...@dinamize.com - www.dinamize.com Dinamize RS - Porto Alegre-RS - CEP 90420-111 Fones (51) 3027 7158 / 8209 4181 - Fax (51) 3027 7150 Dinamize BA - Lauro de Freitas - Fone 71 3379.7830 Dinamize SC - Joinville - Fone 47 3025.1182 Dinamize DF - Asa Norte - Brasília - Fone 61 3274.1172 Dinamize SP - São Paulo - Fone 11 6824.6250 Dinamize PR - Curitiba - Fone 41 3306.4388 Dinamize RS - Caxias do Sul - Fone 54 3533.4333 Dinamize RJ - Rio de Janeiro - Fone 21 2169.6311 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Blank page of hell..what to look for
Maybe X-Debug (http://www.xdebug.org/) could help you find bugs in
your code, and
for development environments it's recommended to use the most
sensitive level of messages
(turn on E_STRICT and E_NOTIVE, for example).
2009/2/5 Ashley Sheridan
>
> On Thu, 2009-02-05 at 12:22 -0500, Paul M Foster wrote:
> > On Thu, Feb 05, 2009 at 11:11:03AM -0600, Terion Miller wrote:
> >
> > >
> > > Speaking of IDE, which do people on here prefer, I have been using
> > > Dreamweaver CS3 just because as originally a designer I was/am used to
> > > it...
> > > I did finally find the problem but moving an echo("damnit"); from line to
> > > line commenting out everything below it...Oi ...is this ever going to get
> > > easier for me I often wonder...
> >
> > Use Vim. ;-}
> >
> > Paul
> > --
> > Paul M. Foster
> >
> Any editor with coloured syntax highlighting will help. Just scanning
> through the script visually should let you spot the obvious errors, and
> then breaking the script down into chunks with echo statements is the
> next step. You don't need to break it down line by line, that takes
> ages! Instead, put one halfway through your code, that will let you know
> if the error is in the top or bottom half, then just keep breaking it
> down half at a time and soon you'll have the part the error is in. It's
> just a typical trial-and-error algorithm.
>
>
> Ash
> www.ashleysheridan.co.uk
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
