[PHP] Re: ' (Single Quotes) in user inputs
[EMAIL PROTECTED] (Ben) writes: Any ideas on dealing with this would be greatly appreciated. Disable magic_quotes, and handle all escaping of characters yourself, I would absolutely prefer that. But beware of sql-injection. Leave magic_quotes on, and use stripslashes() on your input. -- Christian Jul Jensen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: php4 and php5 on the same apache server
[EMAIL PROTECTED] (Jacob Friis Larsen) writes: How can I run both php4 and php5 on the same apache server? You can't, the two modules are incompatible. What you can do, is to run two instances of the webserver on two different ports. This article describe the idea pretty well. http://www.schlitt.info/applications/blog/archives/83_How_to_run_PHP4_and_PHP_5_prallel.html -- ./mvh Christian Jul Jensen Frelance webprogrammer TYPO3 Typehead Denmark -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] safe_mode, sym-links and stat
Hi
I'm running PHP in safe mode, and have symlinked executables to the
execution_dir, that works great. With one exception, it is not
possible to check the existence of the files, before executing them.
It seems to me that stat / lstat resolves the ownership of the orig
executables and safe_mode decides that I cannot have access, which is
true, but I only want to know if the files that I'm about to execute,
ie. the symlinks, exists.
Is this a bug, or have I misunderstood something. Any suggestions on
how I can solve this.
Example:
?php
$smed = ini_get('safe_mode_exec_dir');
$id = $smed.'identify';
var_dump(stat($id));
var_dump(lstat($id));
echo 'br /is_file: ';
var_dump(is_file($id));
echo 'br /is_link: ';
var_dump(is_link($id));
echo 'br /is_executable: ';
var_dump(is_executable($id));
echo 'br /is_readable: ';
var_dump(is_readable($id));
echo 'br /br /br /';
passthru($id.' -version');
?
Result:
Warning: stat() [function.stat]: SAFE MODE Restriction in effect. The script whose
uid/gid is 33/33 is not allowed to access /var/lib/typo3/shared/smexec/identify owned
by uid/gid 0/0 in /var/www/file_existence_check.php on line 6
Warning: stat() [function.stat]: stat failed for /var/lib/typo3/shared/smexec/identify
in /var/www/file_existence_check.php on line 6
bool(false)
Warning: lstat() [function.lstat]: SAFE MODE Restriction in effect. The script whose
uid/gid is 33/33 is not allowed to access /var/lib/typo3/shared/smexec/identify owned
by uid/gid 0/0 in /var/www/file_existence_check.php on line 7
Warning: lstat() [function.lstat]: Lstat failed for
/var/lib/typo3/shared/smexec/identify in /var/www/file_existence_check.php on line 7
bool(false)
is_file: bool(false)
is_link: bool(false)
is_executable: bool(false)
is_readable: bool(false)
Version: ImageMagick 6.0.6 08/31/04 Q16 http://www.imagemagick.org Copyright:
Copyright (C) 1999-2004 ImageMagick Studio LLC
--
./Christian Jul Jensen
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How to do type/existence checking in PHP5
Hi In PHP5 the behaviour of illegal string offsets has changed. This is documented in the 'thin changes' file. This gives a problem in checking for existence / types of values, directly into a deeper level of a multidimensional array. I reported this as a bug[1] because I find the behaviour unfortunate, and furthermore it's inconsistent. This was refused, with a note 'So don't do it'. I think it's a really bad idea not to check the existence/types of values, before using them, so how should this be done properly in PHP5, without risking fatal errors in the case of a non-existent array? This is a problem in migrating applications from PHP4 because the error will not appear unless the value deosn't exist, which is exactly why you do the check. [1] http://bugs.php.net/bug.php?id=28107 -- ./mvh Christian Jul Jensen Frelance webprogrammer TYPO3 Typehead Denmark -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: How to do type/existence checking in PHP5
Hi
Thanks for taking time to look into this.
[EMAIL PROTECTED] (Red Wingate) writes:
this is a plain design fault on your side:
I'm sorry, but I don't agree. It is standard in PHP4, and one of the
advantages of having a type loose programming language.
Now this makes sense as you first of all would make sure if $a is an
array and not start with the first index ( which doesn't exist as $a
is not even an array )
I understand what the logic behind is, and actually your example, does
not give a fatal error as $['foo'] returns a char, and you can call
is_array with that. Furthermore it's inconsistent, as it behaves
differently depending on which function you call.
In PHP4 this is valid
$my_array = $some_weird_function_that_returns_a_multidim_array();
if(is_array($my_array['some']['special']['value']['that']['i']['need']))
{
apply_logic();
}
in PHP5, in order not to risk a fatal error, this would have to be:
$my_array = $some_weird_function_that_returns_a_multidim_array();
if( is_array($my_array['some'])
is_array($my_array['some']['special'])
is_array($my_array['some']['special']['value'])
is_array($my_array['some']['special']['value']['that'])
is_array($my_array['some']['special']['value']['that']['i'])
is_array($my_array['some']['special']['value']['that']['i']['need'])
) {
apply_logic();
}
IMHO that's not very nice. You could argue that ending up in
situations like this is bad design, still it's valid in PHP4.
You cannot even encapsulate in a function, because that gives a fatal
error when you call the function (which makes sense).
I find this to be a problem, because it makes it hard to migrate
scripts from PHP4, and I'd rather spend my time using the new object
model and XML support, than going through old scripts to make sure
they comply with a new behaviour which I see no good reason for.
--
./mvh Christian Jul Jensen
Frelance webprogrammer
TYPO3 Typehead Denmark
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
