RE: [PHP] List

[Chris W. Parker]

On Tuesday, April 24, 2007 6:02 PM Richard Lynch 
said:

> I do not have any problems, but I'm not using Outlook, and never will.

Okay...

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Question about OO design

[Chris W. Parker]

On Monday, April 09, 2007 4:24 PM Jochem Maas
 said:

>> Ok. I see what you're saying. If I populate all that data during the
>> constructor why would I ever call the function again right?
> 
> you could refresh the data if needed - but basically the idea is
> to cut down the user data grab into a single sql call.

[snip useful bits]

Thanks for the help Jochem! I appreciated it.



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Question about OO design

[Chris W. Parker]

On Monday, April 09, 2007 3:51 PM Jochem Maas
<mailto:[EMAIL PROTECTED]> said:

Thanks for the response Jochem.

> Chris W. Parker wrote:

[snip]

> you probably only want one DB call to
> populate the User object with all the relevant
> user data at the point where the object is created.

[snip]

Ok. I see what you're saying. If I populate all that data during the
constructor why would I ever call the function again right?

[snip]

>> As I started to write this and use it I get the feeling that there
>> should also be an Event class that is extended by the User class.
>> Reason 
> 
> if you use an Event class then it should just represent an Event (and
> a User object would [probably] contain an array of Event objects).
> AFAICT there is no good reason to have Event extend User.

I see.

>> being that each User object is a reference to the currently logged in
>> user, not anyone else.
> 
> the User class is merely a representation of *a* user - you can
> use an instance for the currently logged in user, but that doesn't
> stop you from using the same class to model the collection of users
> that fall under a given manager.

I see.

> // you might need to f around with returning references here,
> // (I can never quite get that right without a bit of trial and error
> in php4) function getEmployees()
> {
>   // consider caching the result?
>   $emps = array();
>   if ($this->is_manager) {
> 
>   // get user data from db
>   $sql = "SELECT * FROM users WHERE
manager_id={$this->id}";
> 
>   // error checking?
>   $db =& DB::singleton();
>   $db->execute($sql);
>   while ($data = $db->getRow())
>   $emps[] =& new User($data);
>   }
> 
>   return $emps;
> }

How do I reference a User object within the $emps array?

Is it like $emps[0]->accrual ?




Thanks,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Question about OO design

[Chris W. Parker]

Hello,
 
I'm working on a project now and I'd like to get some feedback on how to
implement a proper class (or two).

This is an application that records an employee's used vacation time.
There are two tables: (1) events, (2) users.

Users:

id (int)
name (varchar)
email (varchar)
balance (mediumint, stored in seconds) // this is the balance for
   // the user after all events
   // have been accounted for.
accrual (smallint, stored in seconds)
is_manager (bool)

Events:

id (int)
uid (int, users.id)
date (date)
duration (smallint, stored in seconds)
balance (smallint, stored in seconds) // this is the balance for
  // the user at the time the
  // event was added.
created (datetime)


Currently I have just one class called User that looks like this:


(I'm dealing with PHP4.)

class User
{
var id;
var name;
var email;
var balance;
var accrual;
var is_manager;

function User($user_id)
{
$this->id = $user_id;
$this->name = get_name();
// ...
$this->accrual = get_accrual();
}

function get_name()
{
// get name from db
$sql = "...";

$db =& DB::singleton();
$db->execute($sql);
}

function get_email()
function get_accrual()
function is_manager()
{
// same as above more or less
}

function get_events()
{
// this function gets all the events for
// the current users and returns them
// as an array.
}

function add_event()
{
// this function adds a single event for
// the current user. it also recalculates
// the 'balance' for each event because
// of data display requirements.
}

function del_event($event_id)
{
// delete an event from the current user's
// events list based on $event_id.
}
}


As I started to write this and use it I get the feeling that there
should also be an Event class that is extended by the User class. Reason
being that each User object is a reference to the currently logged in
user, not anyone else. But if you're a manager you have the
responsibility to approve/deny and/or add/delete events for your
employees.

But with that in mind I've gone from a class that handles the currently
logged in user to one that handles the currently logged in user plus any
number of other users.

I guess I'm thinking of this in the same terms as db normalization. Ex:
I could add an extra price_level column to my products table each time I
need a new pricing level but it's probably better to create a separate
table called products_prices. It's slightly more complicated but it
would allow me to have as many pricing levels as I want without
modifying my databse or code.


I'd appreciate any kind of feedback on this. If I haven't been clear
with something please let me know.



Thanks,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Why do some pages repeat a previous page's action(s) after redirect?

[Chris W. Parker]

On Tuesday, April 03, 2007 12:35 PM Chris Shiflett
 said:

>> But sometimes when I'm back at the form page (after the redirect)
>> and I refresh the page it does the previous page's actions again.
> 
> Can you provide a raw HTTP dump of the complete scenario?

Two things:

1. How do I do that?

2. The issue has gone away. I don't know what I've done differently. I
haven't changed the way I handle sessions, redirects, or form
submission. All that stuff is still the same.



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Why do some pages repeat a previous page's action(s) after redirect?

[Chris W. Parker]

On Tuesday, April 03, 2007 11:44 AM Tijnema ! 
said:

> This is the only behavior i know of, a refresh action does the same
> action he did for loading the current page again. If you submit data
> to that page, it will resubmit the data. If you're using the
> Location:URL header entry, the browser doesn't "saves" this action as
> an action did by the browser itself, and so it will submit the data to
> the page where you redirect. If you want to bypass this, you should
> use the javascript window.location method instead.

formpage.php:








process.php:

http://www.domain.com/formpage.php";);
exit;

?>

With those two pages in mind you're saying that after I submit the form
on formpage.php, do stuff on process.php, then get redirected back to
formpage.php that it will replay my form submission when I hit refresh?


Thanks,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Why do some pages repeat a previous page's action(s) after redirect?

[Chris W. Parker]

Hello,
 
I have a form page and a processing page. After submitting the form the
processing page does whatever it needs to do (insert a record, send back
validation errors, etc.) After determing what to do it always redirects
somewhere with header('Location: URL');

But sometimes when I'm back at the form page (after the redirect) and I
refresh the page it does the previous page's actions again. And again
and again.

Why would it do that? Shouldn't a refresh just resubmit whatever is in
the address bar and not go through a certain path?

The only way I've found to make it stop redoing the previous page's
actions is to put my cursor in the address bar and press enter.

I don't remember seeing this behavior in the past so I wonder if it has
something to do with Apache's or PHP's configuration.
 
 
Thanks,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Security: Passing URLs between pages for redirect

[Chris W. Parker]

Hi.

Currently I'm building a small application for internal office use but
I'd like to get some feedback on a certain aspect of it.

When someone tries to access a page they do not have access to they are
redirected to the login page with the URL they tried to access in the
querystring. This URL is then snuck into the login form as a hidden
variable (called 'nexturl') so they can be sent back to the page they
came from after a successful login.

I can see this happening when someone bookmarks one of their own pages
and then tries to go directly there after their session has ended.
Instead of making them navigate all the way back to that page I figure
I'll just send them directly.

My question for the list is: Are there any validation checks I should do
on the 'nexturl' variable before it is used as a redirect?

The only situation I can come up with where this could be exploited is
if someone sends a malicious URL through email to another employee with
the intention of course being that after they successfully login they
will be redirected to desired URL.

Are there any "best practices" for this kind of thing? Would it be
enough to verify that the page being redirected to is within my own
domain?



Thanks,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Name Capitalization

[Chris W. Parker]

On Monday, March 19, 2007 10:24 AM Leonard Burton
 said:

> For instance, McDonald needs to remain that way even if it comes in as
> MCDONALD, or mcdonald.
[snip]
> Yeah, nothing is a "perfect solution" but anything is better than
> nothing.

That's probably true when you're talking about cash in your pocket but
probably not in this case.

> Guys, Thanks for the replies and the link to the recent thread, even
> though that didn't discuss any solutions to the problem I am asking
> about (other than to point it out which helps because it points out a
> few of the name problems)!

That's because there are no solutions. There are "options" but not
solutions.

Here is one option. Make a long list (array) of search/replace pairs and
loop through your text replacing as necessary.

'mcdonald' => 'McDonald'
'mcdowell' => 'McDowell'
'o\'reilly' => 'O\'Reilly'
'de la rosa' => 'De La Rosa'
etc ad nauseum...


Let us know when you're done! :)

Also, there's no difference between MCDONALD and mcdonald if you convert
everything to lower (or upper) case first.

Thanks,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Can't get PHP errors to display or log consistently

[Chris W. Parker]

On Monday, March 19, 2007 11:28 AM Brad Fuller
 said:

> Syntax errors like that will cause a startup error, which means your
> code 
> can't be evaluated.  So those 2 lines of code that turn the error
> reporting 
> on never get executed.

Oooohh it's a "startup error". Didn't know that.

Now everything seems to be working the way I want it to.



Thanks!
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Can't get PHP errors to display or log consistently

[Chris W. Parker]

On Friday, March 16, 2007 4:04 PM Robert Cummings
 said:

Update:

Now that I've corrected my mistake in php.ini and set the level of error
reporting that I want I can see *most* errors.

But shouldn't the following produce a visible error?



If I comment the x I see 'hello'. If I uncomment the x I don't see
anything.



Thanks,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Can't get PHP errors to display or log consistently

[Chris W. Parker]

On Friday, March 16, 2007 12:49 PM Robert Cummings
 said:

> If either project overrides the error handler than a custom error
> handler is in place. All depends on whether the code that sets it gets
> run.

(Was at lunch.)

I see. In that case how do I override it in this project?

Can the two projects coexist without causing trouble for one another?



Thanks,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Can't get PHP errors to display or log consistently

[Chris W. Parker]

On Friday, March 16, 2007 12:37 PM Robert Cummings
 said:

> Is there a custom error handler in place?
> 
> Try grepping for set_error_handler.

Not in this project. Being used in another project wouldn't count
towards this one would it?



Thanks.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Can't get PHP errors to display or log consistently

[Chris W. Parker]

Hello,
 
Using CentOS 4 and I can't get errors to display on the page AT ALL or
log errors consistently. Some errors get logged (forgetting to us
$this-> in a class for example) but most don't.
 
I've tried:
* using .htaccess to set the error reporting.
* checking and double checking my php.ini file for the correct
setting.
* using error_reporting(E_ALL) at the top of my page.
 
Nothing works.
 
When a page has an error it's goes blank. Nothing is sent to the client.
 
There must be a setting somewhere that is overriding all of this. Any
ideas?
 
 
Thanks,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Storing dynamic attribute data in a db

[Chris W. Parker]

On Thursday, January 18, 2007 5:09 PM Paul Novitski
 said:

> Are you considering keeping all the levels of your data tree in a
> single table because you can't predict how many levels there will
> be?  If you CAN predict its depth, wouldn't it be simpler and easier
> to conceive, code, and debug with N tables chained in parent-child
> relationships?
> 
> I'm not asking rhetorically but seriously, for discussion.  How are
> you weighing the pros & cons of using MPTT?

Good question.

In my case it is not possible to determine the depth of each product's
attributes. We deal with many different manufacturers and they all set
their products up differently. Some have (maybe) one attribute while
others can have four or five. I wouldn't doubt that sometime in the
future I will see six or more.

Also, I personally prefer not to hard code values and to instead make
everything flexible. I've done that in the past and it kicks my butt
when requirements change and I have to go through and "fix" things. I
prefer a slightly higher learning curve in the beginning for greater
flexibility in the future.

Lastly, I don't know if you're familiar with MPTT but it's actually
quite easy to work with once you have a stable set of functions to
manipulate the tree. (I got mine from the Sitepoint article where I
learned about it a few years ago.)

Hope that answers your question.


Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Storing dynamic attribute data in a db

[Chris W. Parker]

On Thursday, January 18, 2007 3:51 PM Chris 
said:

Hey Chris,

> If you have to write a 6 page document to explain what's going on,
> that's probably bad.. because in 6 months time if you need to revisit
> it, you're going to have issues.

hehe I wouldn't say that my other emails were 6 pages(!) but I tend to
ramble on sometimes. And not only that, sometimes complicated problems
are difficult to explain simply. As I think we've discovered. :P

> Why do you think you need to use a tree? I'm sure it's just a case of
> me not understanding something..
>
> Anyway I'd move the attributes to another table (pseudo-sql):
[snip]
> Then you can get all attributes easily:
> 
> select * from attributes where productid='X';

Consider this. You have three attributes: Color, Size, Collar.

Colors:

Red
Green
Blue

Sizes:

Small
Medium
Large

Collars:

V-Neck
Plain
Turtleneck

If the manufacturer allowed me to order any combination of the above
attributes (and their options) I would need to create only three tables
to organize it: products, products_attributes, and
products_attributes_options. This would allow me to do basically what
your SQL from above does.

1. Give me all the attributes for product 'X'.
2. Then give me all the options for all the attributes returned in Step
1.
3. Display three dropdown boxes.

But the complication comes when the manufacturer says:

1. You can only order a turtleneck if the shirt is green.
2. You can only order red shirts in small and medium.

At this point there is a breakdown in the data.

With the three table setup how can I indicate these requirements in the
data? I don't think I can, but I'm not positive.

On the other hand, if I use a hierarchical dataset I can make the
following tree:

(Copy and paste this into Notepad if it doesn't appear aligned
properly.)
Root
|-Red
| |-Small
| | |-V-Neck
| | |-Plain
| |-Medium
|   |-V-Neck
|   |-Plain
|-Green
| |-Small
| | |-V-Neck
| | |-Plain
| | |-Turtleneck
| |-Medium
| | |-V-Neck
| | |-Plain
| | |-Turtleneck
| |-Large
|   |-V-Neck
|   |-Plain
|   |-Turtleneck
|-Blue
  |-Small
  | |-V-Neck
  | |-Plain
  |-Medium
  | |-V-Neck
  | |-Plain
  |-Large
|-V-Neck
|-Plain

The reason I am writing to the list is to see if there is an easier way
to do this or if I'm heading in the right direction.

> No idea what price modifier is or if it applies to specific attributes
> but if it does, move it as well.

I should have left this part out... It's just the amount the price of a
product will change for that option. Example: Large green shirts are +$5
while all small shirts are -$2.



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Storing dynamic attribute data in a db

[Chris W. Parker]

Hello,

This is now my 3rd attempt at writing this email. :) The first two were
pretty long...
 
I'm currently working on trying to find a solution that is both simple
and flexible for storing the data of a complicated set of dynamic
options for some of our products. My current thinking is that I will use
Modified Preorder Tree Traversal to organize the data. Each record will
have the following:
 
id (auto-number)
sku (related product's sku)
lft (hierarchy data)
rgt (hierarchy data)
attribute (like: Size, Color, Style)
option (like: Blue, Large, Plain)
pricemodifier (-$20, +$20)

This kind of data is not difficult to handle if every combination that
is available through the different options is actually available from
the manufacturer. However, some combinations are not possible so the
data needs to represent itself that way. For example, all t-shirts come
in Red, Green, or Blue but only Green shirts come in Large. All other
colors have only Small and Medium.

Is there a standard way to handle this kind of thing if not, how would
you handle it?

(On a side note, when the solution is found, could it be called a
"pattern"?)



Thanks,
Chris.

p.s. Yes this is the short email.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] +AFs-OT+AF0- Working with version control

[Chris W. Parker]

Hello,

This is off topic but I wanted to get the list member's opinions on the
subject as it will probably benefit someone else.

Currently I don't use version control at all. What I do instead is have
one directory that contains my development website and one directory
that contains the live website which I do not directly modify. When I
need to fix something or add a new feature I edit the development site
and copy the files that I've changed.

Sometimes I will start on a new feature before I am able to finish a
previous one. This is a major problem when the features overlap and I
have to edit the same file for both features. Even if I finish one of
the features I cannot publish the files because the other feature is not
ready yet.

What I'm looking to the list for is how I can overcome this through
version control.

What I'm thinking I'd do is create a base level (say v1.0) that I then
create a branch for every new feature and then merge those things
together. The issue I see in this case is the merging.

Is this a sound strategy or should I just realize that I can't publish
until all current features enhancements are completed?


Thanks,
Chris.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Data validation at the db level

[Chris W. Parker]

Jay Blanchard 
on Thursday, September 07, 2006 5:16 PM said:

> There are all sorts of ways to validate data at the DB level and this
> is a PHP question how?

Just because!

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Data validation at the db level

[Chris W. Parker]

Hey everyone,

Is there any work being done in the database world for data validation
at the db level?

It would be cool to just define a field as being an email address (of
length nn) instead of saying a TEXT field (of length nn) and validating
it in the application layer. Same goes for other things as well.

Sure, it's not really possible to account for all different types of
data, but the basics would be nice. (email, numbers only, letters only,
alphanumeric only, [a-z0-9#-] only, etc.)



Chris.



 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Format of Encrypted Password

[Chris W. Parker]

Kevin Murphy 
on Tuesday, September 05, 2006 3:27 PM said:

> The passwords are called in the application by:
> 
> $_SERVER['PHP_AUTH_PW']

> Is there any way to tell how these passwords were encrypted?

Have you tried searching the entire codebase for that string? Might get
you some clues.

>From the commandline (and at the root of the codebase):

# grep -R PHP_AUTH_PW *



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] OT alternate website authentication methods

[Chris W. Parker]

Everyone,

Been out of the office for a few days...

As nearly everyone has pointed out, the downside(s) to visual/audial
authentication methods are greater than the benefits


Thanks!
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Shopping cart

[Chris W. Parker]

Richard Lynch 
on Tuesday, August 22, 2006 10:30 AM said:

> Guys, don't take this wrong but...
> 
> How do you think all the other PHP shopping carts got started?...
> 
> Pretty much the same way.
> 
> So you really need to spend the next couple months figuring out what
> they did wrong, why they did that, and how to avoid doing it...

Finally, some sanity.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] OT alternate website authentication methods

[Chris W. Parker]

Hello,

Last night I was reading Chris Shiflett's PHP Security book from
O'Reilly and got to thinking about ways to authenticate a user other
than using a password.

Ideas:

1. Use flash to allow the user to draw an image. If the original image
created during signup is within an acceptable range of the image used to
authenticate, let them in.

2. (I saw this somewhere else... don't remember where or what it's
called.) Use flash (again) to allow the user to click on an image in
certain places. I think it was that you clicked the image in three
places and then when you later authenticated you were supposed to click
in those same places plus one more (to throw off anyone looking over
your shoulder I think). As long as three of the 4 places clicked matched
your original points (within a certain tolerance) you were
authenticated.


I'm not sure that these systems are any more SECURE than a simple
username/password combo (keep in mind though, you'll also need some kind
of username) but at the very least it seems that it could be more
usable.


I'd be interested in hearing your thoughts as well as any links for
further reading.



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] active directory and PHP

[Chris W. Parker]

Richard Lynch 
on Friday, August 18, 2006 9:47 AM said:

> Active Directory is a bastardized LDAP with goofy idiosyncracies to
> drive you crazy.

And you're speaking from experience?

> Never use AD myself.

Oh wait, I guess not... :/





Chris.

p.s. I'm just having fun.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Looking for caveats to the following code

[Chris W. Parker]

Hello,

While experimenting with some object stuff I stumbled upon something new
(although not object related).

Normally I would do this:




Using the same function above I discovered I can do this:



The issue is whether or not this is a safe test. My initial thought is
that it is safe since I'm simply checking for true/false-ness. I either
check for '!== false' explicitly or (in the case of the latter example)
check that something other than 'false' is returned.

It's slightly less readable but it seems more efficient (if nothing more
than to save on the number of lines typed).

Thoughts?


Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] I need an array of state abbrev to names...

[Chris W. Parker]

Daevid Vincent 
on Thursday, August 17, 2006 12:58 PM said:

> B/c I'm too busy (and lazy) to hand type it all in, wondering if
> someone has an array of state abbreviations to names like so...
> 
> $states = array(
> ...
>   'NY' => 'New York',
>   'WA' => 'Washington',
> ...
> );

HERE LAZY!

$GLOBALS['usps_states_list'] = array(
0 => array('name'=>'Alaska','code'=>'AK','contiguous'=>true),
1 => array('name'=>'Alabama','code'=>'AL','contiguous'=>true),
2 => array('name'=>'American Samoa','code'=>'AS','contiguous'=>false),
3 => array('name'=>'Arizona','code'=>'AZ','contiguous'=>true),
4 => array('name'=>'Arkansas','code'=>'AR','contiguous'=>true),
5 => array('name'=>'California','code'=>'CA','contiguous'=>true),
6 => array('name'=>'Colorado','code'=>'CO','contiguous'=>true),
7 => array('name'=>'Connecticut','code'=>'CT','contiguous'=>true),
8 => array('name'=>'Delaware','code'=>'DE','contiguous'=>true),
9 => array('name'=>'District of
Columbia','code'=>'DC','contiguous'=>true),
10 => array('name'=>'Federated States of
Micronesia','code'=>'FM','contiguous'=>false),
11 => array('name'=>'Florida','code'=>'FL','contiguous'=>true),
12 => array('name'=>'Georgia','code'=>'GA','contiguous'=>true),
13 => array('name'=>'Guam','code'=>'GU','contiguous'=>false),
14 => array('name'=>'Hawaii','code'=>'HI','contiguous'=>false),
15 => array('name'=>'Idaho','code'=>'ID','contiguous'=>true),
16 => array('name'=>'Illinois','code'=>'IL','contiguous'=>true),
17 => array('name'=>'Indiana','code'=>'IN','contiguous'=>true),
18 => array('name'=>'Iowa','code'=>'IA','contiguous'=>true),
19 => array('name'=>'Kansas','code'=>'KS','contiguous'=>true),
10 => array('name'=>'Kentucky','code'=>'KY','contiguous'=>true),
21 => array('name'=>'Louisiana','code'=>'LA','contiguous'=>true),
22 => array('name'=>'Maine','code'=>'ME','contiguous'=>true),
23 => array('name'=>'Marshall
Islands','code'=>'MH','contiguous'=>false),
24 => array('name'=>'Maryland','code'=>'MD','contiguous'=>true),
25 => array('name'=>'Massachusetts','code'=>'MA','contiguous'=>true),
26 => array('name'=>'Michigan','code'=>'MI','contiguous'=>true),
27 => array('name'=>'Minnesota','code'=>'MN','contiguous'=>true),
28 => array('name'=>'Mississippi','code'=>'MS','contiguous'=>true),
29 => array('name'=>'Missouri','code'=>'MO','contiguous'=>true),
30 => array('name'=>'Montana','code'=>'MT','contiguous'=>true),
31 => array('name'=>'Nebraska','code'=>'NE','contiguous'=>true),
32 => array('name'=>'Nevada','code'=>'NV','contiguous'=>true),
33 => array('name'=>'New Hampshire','code'=>'NH','contiguous'=>true),
34 => array('name'=>'New Jersey','code'=>'NJ','contiguous'=>true),
35 => array('name'=>'New Mexico','code'=>'NM','contiguous'=>true),
36 => array('name'=>'New York','code'=>'NY','contiguous'=>true),
37 => array('name'=>'North Carolina','code'=>'NC','contiguous'=>true),
38 => array('name'=>'North Dakota','code'=>'ND','contiguous'=>true),
39 => array('name'=>'Northern Mariana
Islands','code'=>'MP','contiguous'=>false),
40 => array('name'=>'Ohio','code'=>'OH','contiguous'=>true),
41 => array('name'=>'Oklahoma','code'=>'OK','contiguous'=>true),
42 => array('name'=>'Oregon','code'=>'OR','contiguous'=>true),
43 => array('name'=>'Palau','code'=>'PW','contiguous'=>false),
44 => array('name'=>'Pennsylvania','code'=>'PA','contiguous'=>true),
45 => array('name'=>'Puerto Rico','code'=>'PR','contiguous'=>false),
46 => array('name'=>'Rhode Island','code'=>'RI','contiguous'=>true),
47 => array('name'=>'South Carolina','code'=>'SC','contiguous'=>true),
48 => array('name'=>'South Dakota','code'=>'SD','contiguous'=>true),
49 => array('name'=>'Tennessee','code'=>'TN','contiguous'=>true),
50 => array('name'=>'Texas','code'=>'TX','contiguous'=>true),
51 => array('name'=>'Utah','code'=>'UT','contiguous'=>true),
52 => array('name'=>'Vermont','code'=>'VT','contiguous'=>true),
53 => array('name'=>'Virgin Islands','code'=>'VI','contiguous'=>false),
54 => array('name'=>'Virginia','code'=>'VA','contiguous'=>true),
55 => array('name'=>'Washington','code'=>'WA','contiguous'=>true),
56 => array('name'=>'West Virginia','code'=>'WV','contiguous'=>true),
57 => array('name'=>'Wisconsin','code'=>'WI','contiguous'=>true),
58 => array('name'=>'Wyoming','code'=>'WY','contiguous'=>true),
59 => array('name'=>'Armed Forces
Africa','code'=>'AE','contiguous'=>false),
60 => array('name'=>'Armed Forces Americas (except
Canada)','code'=>'AA','contiguous'=>false),
61 => array('name'=>'Armed Forces
Canada','code'=>'AE','contiguous'=>false),
62 => array('name'=>'Armed Forces
Europe','code'=>'AE','contiguous'=>false),
63 => array('name'=>'Armed Forces Middle
East','code'=>'AE','contiguous'=>false),
64 => array('name'=>'Armed Forces
Pacific','code'=>'AP','contiguous'=>false));

Please send me a check $250. Thanks!



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Creating User Friendly URLS

[Chris W. Parker]

tedd 
on Thursday, August 17, 2006 8:29 AM said:

>> And then stripping out the "index.php", and using the remainder  for
>> both the URL and the database lookup.
> 
> Why not just place all your pages inside folders with the names you
> want and then link to the folders?

Because he said "database lookup" and that means there are no files to
be put into any "folders".



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Easier way to get the name of a variable?

[Chris W. Parker]

Hello,

After some "intense" searching of Google I found one example at
http://us2.php.net/language.variables on how to get the name of a
variable. But it looks pretty expensive.

 $val) {
 if($val === $new) $vname = $key;
   }
   $var = $old;
   return $vname;
  }
?>

Anyone aware of a simple language construct(?) that can do this? I'm on
PHP 4.3.9.



Thanks,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Setting flags versus checking for existing/nonexisting values

[Chris W. Parker]

Brad Bonkoski 
on Tuesday, August 15, 2006 10:04 AM said:

> Pros: potentially more readable code.
> Cons: Wasted energy typing unnecessary lines of code.
> Really I would say it comes down to coder preference.
> 
> (and why would you avoid the latter all together?  Testing a boolean
> may be cleaner, but setting the boolean still relies on the value of
> $value, so if that value was fubar then the boolean would be too.)

Thanks for the response. Those are basically the same assumptions I had.
I was curious to find out if there were more points I should be aware
of.

To answer your question, in case the cons outweigh the pros. If I felt
an overwhelming majority of the people on the list said, "In my
experience you should always set flags because you'll run into a, b, c,
d, e, f, g, etc." I would probably agree to avoid the latter practice
altogether.


Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Setting flags versus checking for existing/nonexisting values

[Chris W. Parker]

Hello,

Is it a better practice to set flags to determine the action of your
code or is it perfectly acceptable to have your code determine what it
should do based on the existence (or lack thereof) of data?

For example:



versus:



Of course this is an overly simplistic example but you get the idea.

Are there pros and cons to both sides or should I just avoid the latter
example all together?



Thanks,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] OT? Verifying mail was received

[Chris W. Parker]

tedd 
on Thursday, August 10, 2006 7:59 PM said:

> Not a php solution, but send them all a buck via PayPal. For $90
> you'll learn if their email addresses are correct.
> 
> That should be cheaper than writing a program to figure it out for
> you, if it can be done.

Here's an even better idea. Why don't YOU send me the $90 and then I'll
keep it. How about that?



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] OT? Verifying mail was received

[Chris W. Parker]

Richard Lynch 
on Thursday, August 10, 2006 1:14 PM said:

> Keep in mind that for many mere mortals, the process of dealing with
> your email confirmation goes like this:
> 
> 1. surf to site, put in email
> 2. check email, find nothing.
> 3. go back to site, use work/home/other email
> 4. success!
> 
> So of those 90 customers, at least some of them are activated, only
> under a different email, rather than diving into spam filters and all
> that.

True true. Good point.

In this case monitoring my logs will help to know that at least my
server has sent the email successfully.

> Virtually all the things you COULD do to attempt to monitor the email
> getting read or not will drastically INCREASE the odds that the email
> will get marked as spam and trashed before they CAN open it.

Another good point.

> Perhaps it would be better to allow for an optional phone number by
> the visitor to be put in, that you can call if they don't activate
> their account, to help them out.
> 
> 90 phone calls is a lot of calls, but it probably beats having fewer
> activations because your tracking attempts get your emails banned.
> 
> Just a thought.

All good ideas!



Thanks,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] OT? Verifying mail was received

[Chris W. Parker]

Hello,

I have about 90 customers who have created accounts but not yet
activated them in the past 11 months. That's less than one every 3.6
days but compared to our total number of customers, it's right at the
edge of being a significant number.

I'm curious to find a way to determine if the mail was actually
delivered to the customer's mailbox. I know there are many factors
involved in this, the most difficult of which being spam filters.

One method I thought of was to put a web bug in the email which will
effectively tell me if the email was read or not. Perhaps by the time
the customer gets the click-this-link-to-activate-your-account email
they've lost interest and ignore it. Or maybe they do in fact read it
but they just don't click. A web bug will help me to determine this.

On the other hand, a web bug won't tell me if the mail actually reached
their inbox. The only way I can come up with to even closely determine
this is to monitor my sendmail logs for proof that their mail server (at
the very least) accepted the message.

Has anyone implemented something like this already and have code to
share with regards to parsing the sendmail log? Or are there more clever
or more simple ways to do this out there?


Thanks!
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Best way to get PHP5

[Chris W. Parker]

Jonathan Duncan 
on Wednesday, August 09, 2006 3:55 PM said:

> If you want to really learn Linux, try Gentoo.  If you just want a
> very good and easy to use Linux, go with SuSE.

To keep this related to the question I asked...

Do either of the latest builds of these distros have PHP5?


Thanks,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Best way to get PHP5

[Chris W. Parker]

Jack Gates <mailto:[EMAIL PROTECTED]>
on Wednesday, August 09, 2006 10:16 AM said:

> On Wednesday 09 August 2006 12:02, Chris W. Parker wrote:
>> I know that Fedora Core 5 offers PHP 5.1.2 but I've heard some
>> negative things about it in general (FC5).
> 
> What sort of negative things have you heard in general about (FC5)?

Honestly I don't remember. But I've now got a generally negative view of
FC5 versus previous versions (last one I used was 4 I think).

If you're aware of any FUD that's been spread about it, feel free to
speak the truth.



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Best way to get PHP5

[Chris W. Parker]

Jochem Maas 
on Wednesday, August 09, 2006 11:05 AM said:

[snip useful stuff]

> 1. you can skip 'make test'
> 2. if in doubt do 'make clean' before 'make'
> 3. rinse and repeat 'configure', 'make', 'make install' as required
> 4. do './configure --help' to see all the options you can pass to
> configure 
> 5. get stuck with a configure option (for instance enabling GD) come
> back here :-)

Thanks Jochem. That's exactly what I'll do! :)



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Best way to get PHP5

[Chris W. Parker]

Hello,

Generally (well, actually 100%) I just use whatever version of PHP is
included with a certain distro (Redhat pre-Fedora, Fedora Core, CentOS).
None of the versions I've used have come with PHP5 and I'd really like
to get with the times and use PHP5.

I know that Fedora Core 5 offers PHP 5.1.2 but I've heard some negative
things about it in general (FC5).

I've never compiled PHP myself so admittedly I'm a bit skeered... Is the
recommended path to just go with whatever distro I prefer and then
download PHP5 from php.net and install it myself?



Thanks,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Enterprise grade CMS+Ecomm

[Chris W. Parker]

Larry Garfield <mailto:[EMAIL PROTECTED]>
on Thursday, July 20, 2006 6:36 PM said:

> On Thursday 20 July 2006 11:30, Chris W. Parker wrote:
> 
> Drupal has its own ecommerce suite that is reasonably robust all on
> its own.

Yeah I saw that module. I think today I am going to try to set them both
up.


Thanks for your input.
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Enterprise grade CMS+Ecomm

[Chris W. Parker]

Brady Mitchell 
on Thursday, July 20, 2006 12:25 PM said:

> The answer to this question depends heavily on your needs.  What kind
> of functionality do you need to get out of your website?  If you are
> looking for a website that is similar to others in function, than I
> would definitely suggest looking at an existing CMS package.
[snip]
> The bottom line is that there are lots of great CMS options, and the
> best way to choose one is to know exactly what you want from a CMS and
> compare them with that in mind.

Yeah I understand that it's a pretty open ended question, and thanks for
the info about Drupal. We want to maintain 2 different sites as well and
authenticating against the same table sounds nice.

But as for recommendations, keeping in mind the difficulty in answering
a question like mine, I am mostly just looking for things like what
you've said: "I use $cms because I like that it can do $feature."


Thanks,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Enterprise grade CMS+Ecomm

[Chris W. Parker]

Hello,

So we're getting ready to redo our website once again to integrate some
modern changes and a shift in branding. I'm currently looking at all my
options as far as software goes. The question I have to answer is "Do I
write everything by myself from scratch and spend 3-6 months doing it?
Or do I spend that same amount of money on a prebuilt system and spend 1
month integrating our new branding?"

The answer doesn't even have to be specifically one way or the other. It
could be a mixture of the two. Perhaps I use something like Drupal
(which I have no experience with) for the CMS part and write my own
ecommerce application. Or perhaps I write my own basic CMS and purchase
an ecommerce application?

I've seen X-Cart and at first glance it doesn't look terrible so far. At
least the design templates look to be pretty flexible.

I'm definitely not interested in osCommerce or derivatives thereof. Why?
Because I've worked with osC in the past and I dislike it very much.

As for a CMS, I just watched a video on Drupal 4.7 and it looks quite
interesting. Opinions?

I'm also currently looking at www.opensourcecms.com and have been to the
Joomla, XOOPS, Xaraya, and Mambo websites also.



Thanks,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Image submit with mouse over

[Chris W. Parker]

Chris W. Parker <>
on Monday, July 17, 2006 10:23 AM said:

> motherboards. Or how about this one? "My can't keeps walking on my
> keyboard while I'm trying to write a PHP page. What should I do?"

Okay that should be CAT, not can't.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Image submit with mouse over

[Chris W. Parker]

Skip Evans 
on Friday, July 14, 2006 4:33 PM said:

> My apologies to all. I assumed that JS questions
> would be entertained as the application is within
> a PHP app.

No need to apologize. My off-list email wasn't meant to berate but
merely let you know what the purpose of this list is.

But perhaps we should also field questions about how to repair
motherboards since, after all, PHP runs on servers, and servers use
motherboards. Or how about this one? "My can't keeps walking on my
keyboard while I'm trying to write a PHP page. What should I do?"


Thank you, you're beautiful. I'll be here all week folks.

Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Better way of doing this? (menu and submenus)

[Chris W. Parker]

Ryan A 
on Wednesday, June 21, 2006 10:51 AM said:

> @K. Bear - Thanks for the link, I'll check it out as
> soon as i get a little time.

Read that article. I personally like the "Nested Set" (also called
Modified Preorder Tree Traversal) method. It may at first be a little
daunting but once you understand how it works, it all makes sense. Only
one table is needed and you can have as many children, grand children,
etc. as want/need.



Chris.

p.s. I found out about it originally here at Sitepoint:
http://www.sitepoint.com/article/hierarchical-data-database/2 The
diagram at Sitepoint is better than the original article (though the
original article seems to be more indepth).

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Paged Results Set in MySQL DB with one result

[Chris W. Parker]

tedd 
on Friday, May 12, 2006 12:23 PM said:

> That's as it should be -- and technically, "Next" did appear so the
> page wasn't blank.

Splitting hairs aside, a user, "civilian" or not, would not expect they
need to click "Next" from a "blank page" to get to the content they are
looking for.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Paged Results Set in MySQL DB with one result

[Chris W. Parker]

tedd 
on Friday, May 12, 2006 11:01 AM said:

> At 6:03 PM +0100 5/12/06, Porpoise wrote:
>> "tedd" <[EMAIL PROTECTED]> wrote in message
>> news:[EMAIL PROTECTED]
>> 
>>> 
>>> Try this:
>>> 
>>> http://xn--ovg.com/ajax_page1
>>> 

>> Eerrrm... Blank Page!?!
> 
> It shouldn't be blank.
> 
> There should be a Next/Previous button -- isn't there?
> 
> If so, then click "Next"
> 
> If not, please tell me.

I got a blank page too. Had to click "Next" before any content would
appear.

Fx 1.5.0.3 on Windows 2000


Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Another Shell Caught

[Chris W. Parker]

Wolf 
on Thursday, May 11, 2006 8:01 AM said:

> If any of you guys want to know when I get another shell caught on my
> site, email me off-list and I'll set you up as a mailing list
> personally. 
> 
> This new one is the r57shell and is picked up by Symantec

What is a shell and why is being "caught"?



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Test URL length please (Pretty much 0T)

[Chris W. Parker]

Ryan A 
on Thursday, May 04, 2006 4:08 PM said:

>> Are you sure you searched on this subject?
> 
>> "maximum url length" in Google turns up a number of
>> resources saying "2083" due to IE's limit.
> 
> Yes, I mentioned that in my original post...

Yes I know, that's why I said, "are you sure". To question your claim of
having searched.

> but read
> that carefully, it says "IE's limit",not everyone uses
> IE and if you continue sifting through googles results
> you will see that it also mentions some servers
> settings may allow more or less. Infact, your test
> itself proves that it was worth it coz you took it way
> up more than the 2083 limit that you found :-)

Well of course but that's because I wasn't using IE so my point is that
I don't think it matters (that I got over 2083). I would be willing to
say that 3/4 of all internet users are on IE still so tweaking server
settings and testing with browsers other than IE is useless. Unless of
course you know exactly your audience's setup (for example in a
corporate setting where you know your client's setup) in which case this
could possibly be worthwile. But then again if someone is passing long
strings like that they should rethink their implementation anyway... so
back to square one.



Chris.

p.s. If I sound snippy it's because I'm at the office later than
planned because something has not gone as planned...

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Test URL length please (Pretty much 0T)

[Chris W. Parker]

Ryan A 
on Thursday, May 04, 2006 1:36 PM said:

> (Basically, I am checking to see how many characters
> we can have in a URL that the server will accept and
> process, the script checks 200-1000 chars.. add more
> if you want to)

Without any tweaking of the server mine went up to 4000 without a
problem. However, 5000 always times out.

Fx 1.5, Apache 2, Fedora 4, PHP 4.3.11


fwiw,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Maximum URL length (Pretty much 0T)

[Chris W. Parker]

Ryan A 
on Thursday, May 04, 2006 1:18 PM said:

> Thanks for replying, thats an idea, but was hoping
> people from this list could reply with their
> experiences because my local server might be different
> from production servers that you guys access everyday
> (as the article i read said that this setting varies
> from browser to browser and server to server)...

Are you sure you searched on this subject?

"maximum url length" in Google turns up a number of resources saying
"2083" due to IE's limit.

But really, do you need to know an exact number? Do you realize how BIG
2083 characters is? Here, as an example, is 2000:






























Are you really planning to jam that much data into the URL? At most I'd
suspect you could wind up using a few hundred. But beyond that you
probably need to rethink your implementation.

Just be wise about it and don't get wrapped around the axle while trying
to find a hard and fast rule/number.



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Maximum URL length (Pretty much 0T)

[Chris W. Parker]

Jay Blanchard 
on Thursday, May 04, 2006 10:42 AM said:

> [snip]
> - Anything else you wish to add pertaining to the
> above.
> [/snip]
> 
> People who use GET requests are lazy.

What does...

Edit User #241241

...have to do with being lazy?



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Maximum URL length (Pretty much 0T)

[Chris W. Parker]

Ryan A 
on Thursday, May 04, 2006 10:38 AM said:

> - Anything else you wish to add pertaining to the
> above.

You could try sending an insanely long value to a script on your page
and see how much of the actual data it received before being truncated
or causing an error.

Open notepad (if on Windows) and hold down the 1 key for about a 2
minutes. Then copy all that and paste it back into notepad. Then put all
that into a page like this: (Oh and you'll need to know exactly how many
1's are in your document.)




I received $number_of_chars";

?>

click me!




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Creating an OO Shopping Cart

[Chris W. Parker]

Richard Lynch 
on Thursday, May 04, 2006 2:06 AM said:

> Contact the bank with which you already HAVE a merchant account for
> your point-of-sale credit card swiper thingies.

Already have the info in front of me. :)

> If you're re-doing it anyway, you might as well do it right. :-)

I totally agree.


Thanks Richard!

Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Creating an OO Shopping Cart

[Chris W. Parker]

Edward Vermillion 
on Wednesday, May 03, 2006 4:15 PM said:

> Ahh!! *thud*
> 
> Count me in the heart attack group. So would it be a reasonable risk
> if it was *your* cc # that was stolen? And do your customers *know*
> that you're handling their sensitive info in this way? I.E. is there
> a big red lettered notice that they see before they hit submit?
> 
> Would *you* be willing to have your cc sitting in the db at all
> times? I'd think that would be a reasonable request.

Overall I think you bring up a good point but I don't think our method
is unreasonable. There's risk involved in everything and I do in fact
think it is a reasonable risk, even for my cc. I bought something
oversees once and my cc was used to buy jewelry in another country. That
was a number of years ago and I've since made numerous other purchases
on the internet (without any problems). Those purchases were made on
both well known and mom&pop shops around the world.

I'm definitely open to suggestions on how we can minimize our customers'
risk. Even moving to an online cc processor if need be. In fact I
wouldn't be surprised if our current merchant account company has the
ability to process cards online. But until that kind of system can be
implemented what suggestions do you have for me right now?



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Creating an OO Shopping Cart

[Chris W. Parker]

Steve 
on Friday, April 21, 2006 5:58 PM said:

> So everyone's aware, I have NO intention of storing credit card #'s. I
> don't see why anyone needs to.. especially after reading Richard's
>  past posts in the archive.

Perhaps if you don't use a merchant account and process all your cards
in house instead?? We keep the cc numbers stored until the card has been
run at which time the site attendant clicks an icon in the
administration side that does two things (1) sends an email giving some
shipping details to the customer, (2) changes the cc number from
4111--- to ---.

We don't get a lot of orders* so at worst if the db were stolen there'd
be possibly 5-10 cc numbers in there. Some people (possibly Richard)
would have a heart attack to hear something like that but we've decided
that it's a reasonable risk.

This is the implementation we decided to take with the cart I wrote
myself. It's better than the old version which never removed or
protected the cards in any way. (It was an out-of-the-box solution.)

I would be extremely interested to learn about the flaws in our current
implementation so that I can continue to improve it (short of using an
online cc processor).


Thanks,
Chris.

* But if we did get a lot of orders I would reconsider even the current
implementation and decided whether or not it was suitable. In fact I'm
going to be redoing the entire thing coming up soon so this is good.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Sanity checker?

[Chris W. Parker]

Ezra Nugroho 
on Wednesday, May 03, 2006 10:51 AM said:

> Well,

Reservoir,

> I envision a tool that would audit your php code, and tell you if your
> code is good or not, if it has scaling issues, etc, etc. Basically it
> tells if your php code is "sane" or not.

Is this even possible? How could one program determine that another was
"sane"? You might be able to write a program that can determine where
optimizations could be made, but "sanity"?


fwiw,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] ????,????????????

[Chris W. Parker]

Yeah it's Chinese. I can see the characters fine. The subject is just ? marks, 
though I'm not sure why.

-Original Message-
From: Rory Browne [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, May 02, 2006 4:45 PM
    To: Chris W. Parker
Cc: php-general@lists.php.net
Subject: Re: [PHP] ,


It's probably some unrenderable character set - like chinese or 
something like that.



On 5/3/06, Chris W. Parker < [EMAIL PROTECTED] <mailto:[EMAIL 
PROTECTED]> > wrote: 

Yes definitely. I totally agree. Please send me more on the 
product/service you're giving away/trying to sell to me/us. I'd really like to 
see/hear/experience more. 

Thanks/Regards/Sincerely!
Chris.

-Original Message-
From: abzgjisf5 [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 02, 2006 3:23 PM
To: php-general@lists.php.net
Subject: [PHP] ,


华明集团有限公司

与多家省市公司合作，现有部份余额发票可对外代开,收取费用低,可提供给贵公司作帐及（进项）抵扣用，降低成本、提高效率。
收费如下：

普通商品销售发票及建筑安装专用发票，加工修理等普通发票按金额大小算：5万以下收2个点，5万以上收1.5，50万以上收1个点；(金额越大价钱越优惠) 
代开范围:商品销售、运输物流、广告、服务、建筑安装等，　
本公司郑重承诺所用票据均为各单位在税务局所申领，可上网查询或到税务局抵扣验证。（国内各大城市均有我们的合作公司）　

（金额越大、价钱越优惠，以上价钱仍有商量）
本公司开出的发票绝对正规，均可先验票后收钱。

   联系人:吕先生

联系电话:13620912191

E-MAIL:[EMAIL PROTECTED]

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] ????,????????????

[Chris W. Parker]

Yes definitely. I totally agree. Please send me more on the product/service 
you're giving away/trying to sell to me/us. I'd really like to 
see/hear/experience more.

Thanks/Regards/Sincerely!
Chris.

-Original Message-
From: abzgjisf5 [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, May 02, 2006 3:23 PM
To: php-general@lists.php.net
Subject: [PHP] ,


华明集团有限公司

与多家省市公司合作，现有部份余额发票可对外代开,收取费用低,可提供给贵公司作帐及（进项）抵扣用，降低成本、提高效率。
 收费如下：
 普通商品销售发票及建筑安装专用发票，加工修理等普通发票按金额大小算：5万以下收2个点，5万以上收1.5，50万以上收1个点；(金额越大价钱越优惠)
代开范围:商品销售、运输物流、广告、服务、建筑安装等，　
本公司郑重承诺所用票据均为各单位在税务局所申领，可上网查询或到税务局抵扣验证。（国内各大城市均有我们的合作公司）　

（金额越大、价钱越优惠，以上价钱仍有商量）
 本公司开出的发票绝对正规，均可先验票后收钱。

   联系人:吕先生

联系电话:13620912191

E-MAIL:[EMAIL PROTECTED]

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Standard style of writing your code

[Chris W. Parker]

Richard Lynch 
on Saturday, April 29, 2006 12:12 AM said:

> Okay, but let's do keep this fairly serious, and let's NOT let it
> devolve into the usual religious flame-war this topic gets to...

Yeah I should have asked off list as I'm not interested in debating,
just simply curious of the other side's point of view.


Thanks!
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Standard style of writing your code

[Chris W. Parker]

Richard Lynch 
on Monday, April 24, 2006 11:50 PM said:

> So no matter what was actually typed, *I* would see:
> 
> function foo ($x) {
>   //body
> }
> 
> but some heretic who doesn't know any better would see:
> function foo($x)
> {
>   //body
> }
> 
> Now *THAT* would be a feature worth paying for in an IDE! :-)

Setting aside the fact that you're completely wrong about your preference... ;)

What, in your mind, is the advantage to putting the opening brace on the same 
line as the function call, logic statement, etc.? (Btw, this is a serious 
question!)



Chris.

p.s. Yes I'm still alive. Just haven't been able to work on any web related 
stuff for a long time here are work. :( The downside of being the IT department.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Re: How to account for misspellings and alternatives insearching?

[Chris W. Parker]

Jochem Maas 
on Friday, October 28, 2005 1:33 AM said:

> James Benson wrote:
>> Not sure about the numbers but soundex could be useful
>> 
>> http://php.net/soundex
> 
> right and maybe its easier to just index thing like '5.11' as
> '511' - ie just stripping off everything not alphanumeric ...

How do I "index thing like '5.11' as '511'"? (I know how to strip off
the characters. It's the indexing part that I'm not sure about.)

> and never underestimate a users ability to start writing about eating
> dessert in the desert, no doubt they had sandcakes. ;-)

Better yet! Icecream flavored snakes!


Thanks,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] How to account for misspellings and alternatives in searching?

[Chris W. Parker]

Hello,

On my site right now if someone searches for "511" (a misspelling of the
manufacturer 5.11) they are not presented with the right products
because 511 is not found anywhere in the database.

I've got a few ideas on how to solve this but I want to find one that
requires as little administrative overhead as possible.

1. I could add a field to the db for each product that would be used for
associated words for a product as well as misspellings.

PROS: Very customizable on an individual product level.
CONS: Would need to be updated for each and every product individually.

2. Make a field for each manufacturer's record for alternate
spellings/keywords.

PROS: Little administrative overhead.
CONS: Is only manufacturer name based and could not account for specific
products.

3. Both #1 and #2.

PROS: Flexible.
CONS: Lots of administrative overhead.

4. A one-to-many table that associates individual words with product
skus. This one is pretty much the opposite of #1 with one key
difference: the interface. It would be probably be easier to enter a
desired word and then choose each sku from a multi-select dropdown than
it would be to go from product to product entering one word at a time.

5. I'm not sure how this would be accomplished from a technical
standpoint but it would be nice to have the program know that when
someone types in "511" they really meant "5.11". Or (hopefully this
isn't a bad example) if they type in "dessert" (as in cake and icecream)
they really meant "desert" (as in snakes and sand).

In my case that wouldn't be a bad assumption since our site will never
contain the word desert unless it's a misspelling.


What does everyone think? What other options are out there?



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Ugh, w32 anything is making me want to drink!

[Chris W. Parker]

Jordan Miller 
on Friday, October 21, 2005 1:32 PM said:

> I agree with John. It looks like you either need a hammer or the
> rooftop of a 5-story building...

How is he supposed to smash a computer with the rooftop of a
5-story building? It's too big!!

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Upgraded mail server today, testing functionality! (Sorry!)

[Chris W. Parker]

I know I know I know. I don't like test message either but since I
started the upgrade I haven't received any new PHP mailings. Could be
just because of low traffic, but I need to make sure.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Still struggeling with my first script...

[Chris W. Parker]

twistednetadmin 
on Friday, October 14, 2005 5:15 PM said:

> All: Sorry. I forgot to write what's wrongstupid me...

No problem. You'll get used to it. (I don't mean you'll get used to
being stupid! I mean you'll get used to including all the relevant
info!)

> It's just rather annoying that all the tutorials I
> have tried seems to fail. How can I learn when I'm apparently given
> the wrong information.

The best way to learn is start with the very basics (which according to
this one example you are not). First try to simply connect to a database
and execute a simple query.

> ---
> Guildlogin.php
> ---
> This should create a session variable for the authentication, but it
> fails at some point.

The way to debug this is by adding simple echo statements in each block
of code. This will tell you what path the code is taking while
processing.



> I have checked the sessiondata on my testserver,
> and that shows blank.

Does every page that uses the $_SESSION variable have session_start() at
beginning?

> I don't get any sql
> errors, so I don't think that is the problem. But then againit is
> my first script, and I could offcourse be wrong. I'm not sure where I
> should put the echo $sql; to check the query. Since the Guildlogin.php
> sends me directly to the error page at the end of execution.

You should place the echo statement immediately before the SQL query is
executed. (See below.)

> 
> Code for Guildlogin.php:
> --
>  include ("connections/HOoStest.php");
> 
> 
> 
> session_start();
> if (@$_GET['guildaction'] == "login");
> {
> 
> $sql = "SELECT guilduser_name FROM guildlogin
> WHERE guilduser_name='$_POST[guilduser_name]'";

$_POST[guilduser_name] should look like {$_POST['guilduser_name']}.

When an array is within a string it needs to be wrapped in curly braces.
You should also always quote all your keys with ' so that the parser
doesn't get confused with constants.

Put the echo statement immediately before the following line.

> $result = mysql_query($sql) or die("Couldn't execute query.");


That's all I have time for right now.


HTH,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Still struggeling with my first script...

[Chris W. Parker]

twistednetadmin 
on Friday, October 14, 2005 12:39 PM said:

> Here are all the scripts original. It still won't work. I can't see
> what's wrong with it???
> It's from the tutorial PHP5 and Mysql for dummies.

What exactly is the problem? "It still won't work" is not the problem,
nor is "I can't see what's wrong with it???".

> I have shorted
> it down though, since I am the only one who will register the User
> with a password. What I did was removing the Switch at the beginning
> of the loginscript(Guildlogin1.php) and change it with an if
> statement instead. Don't think that is the problem though.

Did it work before you made these changes?



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] creating a shopping cart.

[Chris W. Parker]

Jay Blanchard 
on Monday, October 03, 2005 5:30 AM said:

> A basic flowchart could have helped you to answer your question and
> broken down the processes into their componenet parts. Heck, you
> don't even need fancy flowcharting software...just write down the
> steps.

Believe it or not (you who have not actually used a flowchart for
planning your code) you really *will* find flaws before you waste time
coding.

Another thing I've found is that it's not important to get hung up on
what-shapes-do-what* in your flowchart. Just start making the chart and
revising it as necessary, putting as much detail as you can.



Chris.

* Except for diamonds being logic gates (e.g. is the value hot or cold?
yes/no), hotdogs being beginning and ending markers of a
process/function/page, and squares being a process itself (e.g. "add 5
to the variable"). Having those in mind will help you keep things
organized. You can later branch out into all the other shapes.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Mixing PHP & VBSCript

[Chris W. Parker]

Jay Blanchard 
on Thursday, September 29, 2005 1:34 PM said:

> Darn right 'wow'!
> 
> I can keep the ASP seperate from the PHP by use of the proper tags
> for this instance. So...
> 
> <% stuff here gets executed by ASP %>
> 

Wow. I didn't think that would work! haha

> Nuts, huh?

Yes.



C.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Mixing PHP & VBSCript

[Chris W. Parker]

Jay Blanchard 
on Thursday, September 29, 2005 11:03 AM said:

> I have a situation where I have to fix an app interface that was
> constructed with hundreds of lines of VBScript. The quickest way for
> me to do this would be to replace the offending VBScipt with PHP.
> Does anyone see any potential problems with doing this? I did a
> diagram on paper and see no gotcha's..TIA 

You don't mean within the same file do you? If so (though I doubt it)
I'm sure there will be lots of problems! 

On the other hand if you're just having one file (that may be written in
vbs) talk to another file (PHP perhaps) via GET, POST, or COOKIE I don't
see why you would have a problem. Working with the SESSION might be a
problem though.


Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Array Select from database

[Chris W. Parker]

Silvio Porcellana 
on Wednesday, September 28, 2005 9:37 AM said:

> In addiction, I would (SQL)escape the values joined: supposing you are
> using MySQL, I'd do:
> $values = join("', '", array_map('mysql_real_escape_string', $array));

Now that's a Freudian slip if I ever saw one. :)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] mysql/php date functions..

[Chris W. Parker]

John Nichel 
on Monday, September 26, 2005 12:43 PM said:

> I don't convert it.  I store the UNIX timestamp in an INT(11) column.

This is going to be a basic question I'm sure but why INT and not
VARCHAR? Is it simply because a timestamp is a number?



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] mysql/php date functions..

[Chris W. Parker]

bruce 
on Monday, September 26, 2005 11:13 AM said:

> i'm concerned that i can't seem to craft/create a basic sql cmd
> within mysql to get a value (other than NOW()) to work...
[snip]
> my question is why???

MySQL timestamps are different from UNIX timestamps.


Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Bitwise operators

[Chris W. Parker]

[EMAIL PROTECTED] 
on Monday, September 26, 2005 9:18 AM said:

> So i ask what this output?
> 
> $a = 4;
> $b = 3;
> 
> echo  $a << $b;
> echo  $a >> $b;

You just spent 3-5 minutes writing an email and now almost 10 minutes
waiting for a reply to something that would have taken you 2 minutes to
test on your own.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] OT - database and indexes... but anyone please?

[Chris W. Parker]

Gustav Wiberg 
on Saturday, September 24, 2005 9:48 PM said:

> Thanx!

Ok so I had to look up and down that message 3 or 4 times before I found
this insignificant one line response. TRIM YOUR POSTS!

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] basic user/input form questions... more validation!

[Chris W. Parker]

bruce 
on Thursday, September 22, 2005 4:19 PM said:

> the articles i've seen imply that if you addslashes, you also need to
> stripslashes on the backend...

That's probably because gpc_magic_quotes (I think that's what it's
called) is turned on and doing addslashes will "double" escape
everything leaving you with a \ in the db.

No escaping: Hello, I'm...
Result after db insertion: Error, cannot insert

gpc_magic_quotes: Hello, I\'m...
Result after db insertion: Hello, I'm...

gpc_magic_quotes + addslahes: Hello, I\\\'m...
Result after db insertion: Hello, I\'m...

So when you retrieve the data you would indeed have to do stripslashes()
because escapging is being done wrong. With distributed apps it's a good
practice to determine whether or not gpc_magic_quotes is turned on and
then act accordingly. I don't know if mysql_real_escape_string() is
subject to over escaping or not. You'd have to test it.


Hth,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] basic user/input form questions... more validation!

[Chris W. Parker]

bruce 
on Friday, September 23, 2005 10:46 AM said:

> which is why it's critical/important to really lay out (architect)
> your app and to think about how the app should be handling various
> data types. this also goes to thiking about how you name variables in
> your app. 
> 
> all of this is really software design 101

Oh whatever, I don't quote everything in my own apps anyway. You just
seem to be so confused about this whole thing* that it'd be easier for
you to just quote everything and escape everything and run everything
through htmlspecialchars().


Chris.

* Not that I'm not completely confused about other subjects myself.

And doesn't anyone know how to trim anymore?

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Subtracting dates w/o database interaction (MySQL)

[Chris W. Parker]

Philip Thompson 
on Friday, September 23, 2005 9:12 AM said:

> I'm needing to find the number of days between two dates without
> using an database functions (DATE_SUB, etc)... only PHP. Is there an
> easy way to accomplish this? I have searched the PHP site, but have
> not been successful in finding anything that will assist me.
> 
> Any help would be appreciated.

There might be an easier way but... convert to timestamp, subtract
smaller number from bigger number, figure out how much time has passed.



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] basic user/input form questions... more validation!

[Chris W. Parker]

bruce 
on Thursday, September 22, 2005 3:33 PM said:

> further investigation seems to imply that 'strings' that are to be
> inserted into the mysql db should be 'backslashed' for the chars >
> \x00, \n, \r, \,'," and \x1a.

That's what escaping is.

> the mysql_real_escape_string function
> requires a db connection and the app might not have opened up a
> connection to the db at this point in the code.. (or i could rewrite
> the code!!)

Unless you have warnings print to the screen you should be fine. Or you
could just suppress the errors on that one function.

>  numeric data:
>   -doesn't need quoting, but it shouldn't hurt to quote anyway..
>(quote all numeric values inserted in the db...)
> -but wouldn't this require the app to detect numeric vals in
>  the db, and to convert the 'type'!!)

No. Why would it? If you quote everything then there's no need to check
for type.

> -how does this affect date/float vars...

I'm not sure. Check the MySQL manual on column types.

> extracting data from the db:
> 
>  numeric data
>   -get the data/val from the db
>-check the type/convert the db to int/float/date/etc...

No type conversion is necessary. PHP is a loose typed language.

>  string data
>   -get the vals from the db,
>-strip any slashes that were added to the data/vars
>-process/use accordingly...

As I said in my previous email, stripping of slashes is not necessary.
The reason data is escaped before it's put into the database is so that
you don't confuse the engine.

$string_data = "Hello I'm a string.";

$sql = "INSERT INTO table (thestring)
VALUES ('$string_data')";

That would be the same as:

INSERT INTO table (thestring) VALUES 'Hello I'm a string'

The engine is going to choke on the apostrophe in I'm. With escaping it
would be ... VALUES 'Hello I\'m a string'.

When you retrieve that data you'll get exactly "Hello I'm a string."
There will be no backslash.

It also prevents SQL injection attacks.

> have i left anything out..??

I don't know.


hth,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Opensource webshop

[Chris W. Parker]

Gustav Wiberg 
on Thursday, September 22, 2005 1:21 PM said:

> Hi there!

Hi.

> I'm just beginning to test if there is some interest in an
> opensource-webshop...

Do you mean a shopping cart?

> The admin-part is not opensource..

Hmm... why not? And do I have to pay for it? Is it web based? If so, is
it encoded or something?

> Interested?
> http://www.varupiraten.se/doc.php

The site doesn't seem to work. It's just not loading.


Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] basic user/input form questions... more validation!

[Chris W. Parker]

bruce 
on Thursday, September 22, 2005 11:58 AM said:

> hey chris...

Hi.

> so you're sayng that if data is outside of a-zA-Z0-9 "'" then it
> should probably fail the regex anyway.. and it should error out..

(Where did that apostrophe come from? That wasn't in my list on
purpose.)

Yes and no. It all depends on what kind of data you're expecting. Here
are some quick assumptions.

(Assuming US style data.)

A zip code should only contain: 0-9 -
A zip code does not need to be escaped because it doesn't have any
special db characters in it like the apostrophe.

A name should only contain: a-z A-Z 0-9 - '
A name should be escaped because it might possibly have an apostrophe in
it.

A phone number should only contain: 0-9 ( ) - .
A phone number does not need to be escaped because it doesn't have any
special db characters in it like the apostrophe.

A paragraph (or rather, very general input) on the other hand is more
complicated because it's very application specific. If your paragraph
could possibly have some HTML in it and still be valid then of course
you would not be using simply a-z A-Z 0-9 for validation. But at the
same time you would definitely want to escape the string.

> if
> i understnad you, you're also saying that if the information has an "
> ' " in it, then it should be escaped, but you didn't say how.!

Yes that's correct. Google is your friend. But in any case you can do
mysql_escape_string(). (Note: You don't have to deslash your data on the
way out, it only happens on the way in.)

> also, what's the function of the 'addslashes', and when is it used?!

I don't use addslahes() much. A good place to start reading would be
www.php.net/addslahes


hth,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] basic user/input form questions... more validation!

[Chris W. Parker]

bruce 
on Thursday, September 22, 2005 11:05 AM said:

> if the app allows the user to enter the input (call it 'foo') and then
> submits the form via a POST, where the data is then written to the
> db, what kind of validation should occur?

Depends on what kind of a form field 'foo' is. Is it a name? A zip code?
A phone number?

If it's a zip code you can do a simple regex "\d{5}(-\d{4})?" to make
sure it follows the correct (US) format. If it passes the test you know
it's safe to be put into the database. This kind of data does not need
to be escaped.

On the other hand if it's a name you'll first want to make sure it's the
correct length and contains only the characters you want it to. If the
data passes all the tests you'll definitely want to escape the string
before you insert it into the db because some names might have an
apostrophe in them which will cause an error during insertion. No need
to run htmlspecialchars() in this case since a name that has < or > (or
similar characters) should fail the test anyway.

> and where should the validation take place?

Validation should take place before the value is used.



> for my $0.02 worth, there should be be validation of the 'foo' var, to
> determine if the var is legitimate. there should also be
> validation/filterin of the var when it's placed in the db_sql
> command...

No need to validate data twice. As stated above, validation should
happen before the data is used at all and I would do the escaping just
before the data is inserted into the db.

> my question (and it's basic), what validation should be performed on
> the 'foo' var, and why? i've seen htmlspecialchars/magic_quotes/etc..
> in varius articles, but i can't find a definitive answer!!

See above.

> also, when inserting/updating a db item, what is the 'correct'
> process for data? should all data that gets inserted into a db be
> quoted? if it should, what's the 'standard' practice?

Again, if the data requires escaping, escape it. If not, there's no
need.

If the data falls outside the realm of a-zA-Z0-9 it has a high potential
for escaping.

> psuedo examples of this stuff would be really helpful!
> 
> thanks for clarifying some of these issues...


hth,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] security/sql issues with php

[Chris W. Parker]

bruce 
on Wednesday, September 21, 2005 6:03 PM said:

> since i
> assume the '%x' chars traslate into something other than straight
> text, i assume that the html function you mention strips out these
> chars, or it returns a true/false if the data is valid.

Those characters are url encoded. If you were to do:



...and then viewed the source you'd see actual html and not the %x
characters.

If the data you're receiving should not have any html in it you should
use htmlspecialchars() to convert things like < and > to < and >,
which are harmless to the browser and will simply print < and > to the
screen. Viewing the source will show you < and >.



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] security/sql issues with php

[Chris W. Parker]

bruce 
on Wednesday, September 21, 2005 5:10 PM said:

> but in all honesty

thanks for being honest.

> , if you're going to write an app, and you're going
> to do something with the data, it makes sense to me that you
> 'know'/ensure that you're dealing with the correct kind of data.

i haven't read anyone even hint at the contrary.

> as i
> see it, this allows you another way (low entropy) to determine that
> the information you're getting is correct/valid. it also allows you
> to know what functions you should/shouldn't preform on the data...

you are correct. that's what data validation does.

> thoughts...

Yes. Your emails/electronic tranmissions are very/mostly hard/difficult
to read/understand because of/as a result of all the
alternative/choose-your-own-adventure paths each and every one/all of
your sentences can take...



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Re: Suggestions for class design

[Chris W. Parker]

Murray @ PlanetThoughtful 
on Tuesday, September 20, 2005 8:15 AM said:

> And it's also worth mentioning at this point that it might present
> more of a challenge to the original poster to implement and make use
> of a complex data abstraction package [1] than to learn a solution
> that not only addresses his specific question but also helps in his
> learning as a programmer.

Yep. You got it.

Basic building blocks are much better for me than taking an already
mature system and shoehorning it into my app, or rather, shoehorning my
app into it.


Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Suggestions for class design

[Chris W. Parker]

Sorry I've been so quiet on this topic since I started it but I've
basically been overwhelmed with information! :) I was hoping the
answer(s) would be a lot more plain and simple than it(they) has been so
I could get to implementing some things right away. But I'm afraid it's
going to take me longer than I'd hoped.

It would be great if someone could contribute some more fleshed out and
basic code, but I know we're probably all busy.

As I have spare time I'll go over again (and again) the messages in this
topic as well as Propel and Metastorage.


Thanks,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Is my feedback form being successfully abused?

[Chris W. Parker]

Jochem Maas 
on Tuesday, September 20, 2005 2:37 AM said:

> this 'fairly recent' class of attack is already quite well documented,
> google around for more info.

Actually I did do some googling on it before posting and was relatively
confident that the attempt to exploit the form wasn't actually
successful. I posted to the list to find out if indeed it was being
exploited despite the lack of evidence in the maillog.

> I don't if any mail classes out there deal with this issue for you,
> I wrote a simple function to attempt to check for 'problem' message
> bodies:

Thanks for the code. I'll try to get it implemented soon.


Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Suggestions for class design

[Chris W. Parker]

Anas Mughal 
on Monday, September 19, 2005 4:02 PM said:

> The simplest way to solve this problem is as follows:
> 
> - Have your Customer class hold only attributes for a customer. This
> class would only have getter and setter methods. In the Java world,
> this is referred to as a JavaBean.  
> - Then, have a DAO class that does your data access functions.
> 
> Here is a sample DAO class:
[snip]

Ahh.. I guess this is the same thing that Michael Sims suggested?

> class CustomerDAO {
> 
> 
> function getCustomer(..) {
> ...
> //return a customer
> }

So I return a Customer object that has the set and get methods? And does
that mean I do the following?

->set_first_name()
->set_last_name()
->set_address_1()
->set_address_2()
->set_address_3()
->set_city()
->set_state()
etc.

Or is there a better way to handle it?

> function getCustomers(..) {
> ...
> // return a collection of customers
> }

How do I return a collection of customers?



Thanks,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Suggestions for class design

[Chris W. Parker]

Michael Sims 
on Monday, September 19, 2005 12:04 PM said:

> Basically you're implementing DAO's (Data Access Objects), similar to
> what an ORM (Object Relational Mapper) tool would do for you.
[snip]

Thanks for the info, and I'll check out the Propel site a little later,
but this is basically what I was saying I don't understand.

"I'd appreciate some actual code recommendations as I have a hard time
understanding the abstract descriptions of how objects should work and
be designed."



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Suggestions for class design

[Chris W. Parker]

Jay Blanchard 
on Monday, September 19, 2005 10:53 AM said:

> I think that it should be a stand alone class. The Customers class
> could instantiate the needed number of Customer objects and the
> methods of the Customers class could affect each Customer object.

I'm stuck on how I convert 'SELECT id, name FROM customers WHERE id >
nn' into "the needed number of Customer objects".

Here's an attempt:

class Customers
{
var $customers = array();

function get_customers($sql)
{
// instantiate db object
$db = new DB::singleton();

// get results of $sql
$results = $db->execute($sql);

foreach($results as $v)
{
// instantiate one Customer object
$tmp = new Customer;

// populate it with data
$tmp->id   = $v['id'];
$tmp->name = $v['name'];

// store it in array
$this->customers[] = $tmp;
}
}

function delete_customers()
{
// loop through array of customer objects ...
foreach($this->customers as $customer_obj)
{
// ... deleting each customer one at a time
$customer_obj->delete_customer();
}
}
}



Thanks,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Suggestions for class design

[Chris W. Parker]

Jay Blanchard 
on Monday, September 19, 2005 10:40 AM said:

> [snip]
> Where I get tripped up is when I realize I'll need to at some point
> get more than one customer at a time and thus I want to add a method
> called 'get_customers()'.
> [/snip]

> Why, at any point, would you need to get more than one customer?

Good question.

When I need more than one customer is when I'm displaying them all on an
administration page. Maybe a better example class would be Products. One
individual product is displayed on the product's detail page, but in the
search results I'd normally be using the same Product class to display
all the results which forces me to create a 'get_products()' method.

> One
> answer is that all customers or a group of customers will need to be
> updated/edited with the same information. Therefore you need a
> seperate class for multiple customers which could then be extended by
> group. A group of customers is a seperate object. Make sense?

Well, yes I think it does, but what I'm missing is how this new object
interacts with the original one if it does at all. And what would I call
it? 'Multiple_Customers'? Or.. perhaps just 'Customers'! :)

Do I extend the Customer class or is it a stand alone class?



Thanks,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Suggestions for class design

[Chris W. Parker]

Hello,

Every time I write some classes I always come across the same
fundamental problem that I haven't figured out how to solve/approach
yet. I'm not exactly sure how to put it into words simply but here
goes...

Let's take for example a class called 'Customer' that (obviously)
manipulates customers in the database. Here is a very basic Customer
class. (Data validation and the like are left out for brevity.)

class Customer
{
var $id;
var $name;

function add_customer()
{
// create sql statement
$sql = "INSERT INTO ...";

// create db connection
$db =& DB::singleton();

// execute SQL
$db->execute($sql);
}

function delete_customer()
{
// create sql statement
$sql = "DELETE FROM ...";

// create db connection
$db =& DB::singleton();

// execute SQL
$db->execute($sql);
}

function get_customer()
{
// create sql statement
$sql = "SELECT ... FROM ...";

// create db connection
$db =& DB::singleton();

// execute SQL
$customer = $db->execute($sql);

// populate object variables
$this->id   = $customer['id'];
$this->name = $customer['name'];
}
}

(Unless I've already got some major design flaws I think we should be
good to go.)

Where I get tripped up is when I realize I'll need to at some point get
more than one customer at a time and thus I want to add a method called
'get_customers()'.

Since an object should be a single instance of something (e.g. ONE
customer) how do I justify adding the method 'get_customers()'? Or
better yer, how do I properly add a method like that? (A method where
instead of using a SQL statement to return ONE customer's data I instead
return a record set with more than one customer.)

The class in its current state can't handle data like that so I have to
then rethink the design and a new object variable called $customers
where I store the record set that is in return accessed directly by the
calling page itself.

With the way I'm working with these objects now they seem less like
objects and more like an organized collection of functions.


I'd appreciate some actual code recommendations as I have a hard time
understanding the abstract descriptions of how objects should work and
be designed.



Thanks,
Chris.

Thanks!
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Is my feedback form being successfully abused?

[Chris W. Parker]

Hello,

About a few weeks ago I started seeing three emails that all come at the
same time (within the same minute) that seem to be trying to exploit a
feedback form I have on our website. Everytime someone submits a
feedback form I am sent the information they entered. The To and From
address are hard coded.

Here is an example message

[begin]
== Name ==

  [EMAIL PROTECTED]

== Agency ==

  [EMAIL PROTECTED]
Content-Type: multipart/mixed; boundary="===1815270735=="
MIME-Version: 1.0
Subject: a8f1a36a
To: [EMAIL PROTECTED]
bcc: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]

This is a multi-part message in MIME format.

--===1815270735==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

thgfxnes
--===1815270735==--


== Email ==

  [EMAIL PROTECTED]

== Comment ==

[EMAIL PROTECTED]
[end]

It seems to me that the attemped exploit is unsuccessful because I
cannot find "dtdegq" or "mhko321" in /var/log/maillog. But I wanted to
send this to the list in case someone knows different.


Thanks,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Re: Best way to mass mail

[Chris W. Parker]

Manuel Lemos 
on Monday, September 12, 2005 3:15 PM said:

> If you use PHP mail() function it just calls the sendmail wrapper. If
> you loose messages, you should check the logs of the installed MTA.
> Your problem seems to be misconfiguration like you are not setting a
> valid return path address or your machine does not have a reverse
> record for its IP in the DNS.

Thanks for the suggestion(s). I will look into it.


Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] incrementing in a for loop

[Chris W. Parker]

D A GERM 
on Monday, September 12, 2005 1:01 PM said:

> [CODE]
> for ($myLoop = 0; $myLoop < 100; $myLoop= $myLoop + 5)
> {
> print "my loop: $myLoop";
> }
> [/CODE]

Where's the code?


Oh there it is!

:)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Re: Best way to mass mail

[Chris W. Parker]

Manuel Lemos 
on Monday, September 12, 2005 2:41 PM said:

> If you use
> the mail() function, it uses whatever is installed in your machine
> because by default it calls the sendmail program.

I am aware of that but the problem I'm having is inconsistent mailings.
For example, an email is supposed to be sent to me everytime someone
creates a new account on our website but I only get about 1 out of 5 of
these emails and I have no idea why. I was trying to take PHP out of the
loop with regards to sending email so that I could rule out PHP as being
the problem.



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Re: Best way to mass mail

[Chris W. Parker]

Manuel Lemos 
on Monday, September 12, 2005 1:36 PM said:

> If he is running postfix on the same machine that postfix is running,
>   it does not make much sense to send the message via SMTP because it
> is a much slower way to do the same thing.

I'm not. I was hoping to glean a method for Postfix that I could apply
to sendmail.


Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Re: Best way to mass mail

[Chris W. Parker]

Matthew Weier O'Phinney 
on Monday, September 12, 2005 6:55 AM said:

> Mails are then queued to an MTA -- in our case, Postfix.

This is the part I don't know how to do. Can you explain/show some code?


Thanks,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Checking a date for validity

[Chris W. Parker]

Todd Cary 
on Wednesday, September 07, 2005 3:39 PM said:

>/* Is date good */
>function is_date_good($date) {
>  if (strtotime($date) == -1) {
>$retval = 0;
>  } else {
>if (strpos($date, "/") > 0) {
>  $parts = explode("/", $date);
>} elseif (strpos($date, "-") > 0) {
>  $parts2 = explode("-", $date);
>  $parts[0] = $parts2[1];
>  $parts[1] = $parts2[2];
>  $parts[2] = $parts2[0];

Why $parts2?

Just use $parts instead, like you did in the other two blocks.

Change it to:

>if (strpos($date, "/") > 0) {
>  $parts = explode("/", $date);
>} elseif (strpos($date, "-") > 0) {
>  $parts = explode("-", $date);
>} else {
>  $parts = explode(".", $date);
>}

> Is there a simplier solution?

How about strtotime()? In your function you're pretty much only
accepting a certain number of formats for your date already so you could
probably go with just passing the date (in whatever format it's given)
to strtotim() and check for a 'false' or a timestamp.


Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: FW: [PHP] [NEWBIE GUIDE] For the benefit of new members

[Chris W. Parker]

Rick Emery 
on Friday, August 05, 2005 4:54 PM said:

> Well, as I found out when I Google'd before I posted, it *lists*
> plenty of JavaScript mailing lists. But it can hardly "recommend a
> good" one, which is what I asked for, can it? I was soliciting
> opinions.

Yes I know, but I was hoping you wouldn't notice (because that's what
makes the joke so great)! :)



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: FW: [PHP] [NEWBIE GUIDE] For the benefit of new members

[Chris W. Parker]

Rick Emery 
on Friday, August 05, 2005 4:20 PM said:

> Can anybody recommend a good JavaScript mailing list?

If by anybody you mean Google, then yes anybody can recommend a good
JavaScript mailing list.


Hope this helps!
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php