[PHP] Re: printf and number_format rounding
Duffy, Scott E [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Are printf and number_format supposed to round? echo ($hcount-$lcount)/$hilow. ; echo number_format(($hcount-$lcount)/$hilow,2,'.',''); 0.208333 0.21 0.145833 0.15 0.17 0.17 0.083 0.08 Printf (%.2f,($hcount-$lcount)/$hilow); Does the same. It would appear to be. If there is a function to print just to the digit could you point me in the direction? So I would want 0.20 0.14 0.16 0.08 respectively. --- You could have the number_format return an extra digit, and then strip that extra digit off. $str = number_format(($hcount-$lcount)/$hilow,3,'.',''); $str = substr($str, 0, 4); // (something like this) DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: programming contests as a way of finding/evaluating offshoretalent...
bruce [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] i'm looking for opinions on the worth of programming contests as a way of judging the talent of potential software developers... any thoughts/pros/cons would be appreciated.. My first thought is: Won't be a good criteria for determining the worth of a programmer. Most contests are skewed into some obscure corner of programming, and typically don't require good programming skills. Usually, they are for fun and require you to pull strange facts out of the recesses of your brain. DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] set_time_limit(90*60) and still timing out after 5 minutes on Windows
I have a Windows server (IIS) with PHP and MySQL installed on it. I have a script that is automatically ran every evening. This script has a set_time_limit(90*60) (90 minutes) at the top, but the script seems to just stop functioning after 5 minutes. I do *not* get the line about execution time exceeded. Hmmm ... Maybe this is an IIS setting? Any ideas? DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: set_time_limit(90*60) and still timing out after 5 minutes on Windows
Dan Baker [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I have a Windows server (IIS) with PHP and MySQL installed on it. I have a script that is automatically ran every evening. This script has a set_time_limit(90*60) (90 minutes) at the top, but the script seems to just stop functioning after 5 minutes. I do *not* get the line about execution time exceeded. Hmmm ... Maybe this is an IIS setting? It WAS an IIS setting (buried very deep). MetaEdit is a utility needed to alter a setting LM - W3SVC - CGITimeout DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: fopen failing, permission denied
Chris [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Dan Baker wrote: I have the following code snippet: $h = fopen($path/file.txt, 'x+'); And it generates the following error: Warning: fopen(/home/./myarea/file.txt): failed to open stream: Permission denied The path is correct, but the php process doesn't seem to have file permissions in the folder. Is there some magic I can do to allow php to have file rights to the myarea folder? (This is on a purchased ISP site) Go in through ftp or ssh and fix the permissions. If you only want to read the file, then it only needs to be 644. If you need to write the file it will either need to be 646 or 664. That's your only option apart from deleting the file (through ftp) and recreating it through your php script ... or getting your host to change to the CGI version of php which is most unlikely to happen. I'm actually trying to create the file (thus the 'x+' mode). The file doesn't exists. It appears to me that the php process doesn't have permission to the entire folder. My ftp client has full access to the folder (myarea), but the php process doesn't. The folder is under the http folder. I'll check if I can alter the permissions on the myarea folder. DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: fopen failing, permission denied
(SOLVED, see below) Dan Baker [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Chris [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Dan Baker wrote: I have the following code snippet: $h = fopen($path/file.txt, 'x+'); And it generates the following error: Warning: fopen(/home/./myarea/file.txt): failed to open stream: Permission denied The path is correct, but the php process doesn't seem to have file permissions in the folder. Is there some magic I can do to allow php to have file rights to the myarea folder? (This is on a purchased ISP site) Go in through ftp or ssh and fix the permissions. If you only want to read the file, then it only needs to be 644. If you need to write the file it will either need to be 646 or 664. That's your only option apart from deleting the file (through ftp) and recreating it through your php script ... or getting your host to change to the CGI version of php which is most unlikely to happen. I'm actually trying to create the file (thus the 'x+' mode). The file doesn't exists. It appears to me that the php process doesn't have permission to the entire folder. My ftp client has full access to the folder (myarea), but the php process doesn't. The folder is under the http folder. I'll check if I can alter the permissions on the myarea folder. I took the suggestion from Chris, and checked the permissions on the myarea folder. They were set so others could NOT write. I added this permission, and everything works great now! Thanks for the pointer Chris DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] fopen failing, permission denied
I have the following code snippet: $h = fopen($path/file.txt, 'x+'); And it generates the following error: Warning: fopen(/home/./myarea/file.txt): failed to open stream: Permission denied The path is correct, but the php process doesn't seem to have file permissions in the folder. Is there some magic I can do to allow php to have file rights to the myarea folder? (This is on a purchased ISP site) Thanks DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Reading binary http post
Dirk Vanden Boer [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I have a C++ application that posts binary data to a php script that I created using libcurl. Everything works fine except when my binary data happens to start with the '' symbol. In that case I can't read the http post data (isset returns false). The post argument then looks like data=ÑÚA Reading the post is done like this: if (isset($_POST['data']) Is there a way to fix this problem? A quick-n-dirty method is to prepend a known letter to the data, like an A: data=AÑÚA Then, ignore the first character of the data, since it is known to be the A character. I would think that if the data contains an in the middle of the data, you may not be getting all the data. data=ABCxyz=123 $_POST['data'] = ABC $_POST['xyz'] = 123 DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Ternary operators
Carl Furst [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hey all, Question about ternary operators. You can't really use functions INSIDE ternary operators, right? They can only be tokens and operators? You *can* use functions inside of ternary operators, as long as they return a value. The ternary operator acts like a r-value, like a number. $fabulous = 1; $fabulous = FunctionCall(x,y,z)? 1 : 2; $fabulous = $checkValue? FunctionCall1(x) : FunctionCall2(y); DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: define() or $variable for application settings?
Matt Arnilo S. Baluyos (Mailing Lists) [EMAIL PROTECTED]
wrote in message
I have a config.inc.php file which basically contains all the
configuration info that the applications needs (directory/file
locations, database credentials, etc). The information there is set
using the define() function.
However, I've seen some open-source projects which either use
$variables or associative arrays to save the values.
My application works pretty fine but I'd like to solicit opinions from
everyone on what they are using in this case. Also, I have plans of
putting up a sort of coding guidelines for the company so it might
help to have other opinions on this one.
Another option you can use is to create a Config class, and place all your
configuration state in it. This is probably the slowest, but easy to code
with.
class Config
{
function Username()
{
return Snoopy;
}
function Password()
{
return Secret;
}
};
This class is accessible anywhere, and your newer editors assist you -- type
Config:: and you get a list of all your available configuration values.
It also makes it easy to have a configuration value that depends on state
(like Debug, depends on which machine or folder it is running from).
I also have a class called Settings that are user-configurable within the
website admin page. All settings are placed inside a table, and the user
can monkey with them at there will. Settings::GetValue(Color) returns the
user-defined value from the table.
Just some thoughts
DanB
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: The Big Date and Time Debacle
Stephen Martindale [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I am having great difficulty understanding dates and times with PHP and MySql. As far as I understand them, the PHP date and time construct is timezone and DST aware, but MySql's DATETIME and TIMESTAMP fields are not. I believe that this is where my confusion originates from. After searching the web and the docs for hours, I have not managed to find an article that explains how this system works and what the best practices are for an application that may be used in many timezones, some with DST and some without. Please point me in the direction of a good source on this subject. I am new to PHP, coming from a several-year-long period of C++ and, recently, ASP.NET. (Ok, I admit it, I only started using PHP a week ago!) I wrote a time class in PHP, and use it to manage all my dates and times. Basically, I use an INT to store the timestamp in the database, which is a simple timestamp (see PHP functions: time(), date(), strtotime(), mktime(), , strftime()). DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: How to destroy HTTP authentication (from PHP)?
Olaf Greve [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi all, Alright: here's a bit of a challenge (so as to avoid the word issue) ;) my colleagues have run into previously: how to kill HTTP authentication... dumb answer The browser only remembers one authentication. So, you could simply take them to a new page requiring a different authentication. Obviously, they would be required to enter new username and password -- but, it would clear the previous authentication. /dumb answer DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: forwarding from virtual email account to real email account
Binay [EMAIL PROTECTED] wrote: Hi All, Is it possible that we create a virtual email account(no physical existence) e.g [EMAIL PROTECTED] which will be associated with a real email account e.g. [EMAIL PROTECTED] so that if any body sends the email to virtual email account [EMAIL PROTECTED] will be automatically forwarded to the real email account [EMAIL PROTECTED] Is it achievable using PHP ? Are you trying to process the email between [EMAIL PROTECTED] and [EMAIL PROTECTED] ? And, are you trying to do that processing with PHP? Something like a PHP file that gets launched everytime an email lands in [EMAIL PROTECTED] mailbox, then that PHP file loads the email, processes it, and forwards the processed email to [EMAIL PROTECTED] Sounds like a cool idea. I don't know how to do it, but sounds cool. DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: New to PHP
Jedidiah [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I mentioned earlier that I recently switched my site over to PHP. snip I can no longer preview my pages without uploading the files to the server. This can really become a problem when I am making slight formatting changes to my CSS file where I need to refresh the page every few seconds until I get the look just right. Is it really worth changing all the files to PHP files and using includes? Is there any way around this, or am I stuck uploading?? There are a couple things you can do: (1) Create a local webserver/PHP environment, like others have suggested (2) Made yourself a small test bed are on your external server, upload your files, and try them out. If you have a fast internet connection, this usually isn't too bad. Dan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: href links not working in XP
Marlin Unruh [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I apologize because I posted this question earlier under Re: [PHP] href difference between OS's, and am still struggling with the problem. I think I have fished all the way around the lake, with no results. I cannot get href links to local files to work on an XP machine. This is an issue that happened with the release of Service Pack 2 (I think it was SP2). You are NOT allowed to click on a link that accesses the C: drive -period-. The browser simply ignores you. We got around this issue by mapping a network drive to our own C: drive, and generating links to that mapped drive. SP2 allows you to then click on these links. FYI: We used to be able to simply put our own IP address as a trusted site, but SP2 doesn't even allow that any more. DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: href difference between OS's.
Marco Kaiser [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] just link directly to the specific file like a href=C:\path\to\your\file.exeLink Local/a NOTE: XP SP2 will *not* open this file. The new security will not open files on local drives. You will need to map a network drive to a folder on your local drive: MAP L: to C:\My CAD Files a href=L:\folder\file.cadfile.cad/a DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Re: Re: Re: better way to mix html and php code?
Robert Cummings [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I am interested in how this works, but am skeptical. No problem, the programming in X template instead of programming in PHP objection is raised often. I've given previous arguments about the merits of templates and concise data retrieval, display logic versus business logic, and meta tags versus traditional tags. Everything done in TemplateJinn can be done in PHP, absolutely since templates compile to PHP pages, but templates provide a layer between the soup of PHP necessary to accomplish that, and the designer. Even as a developer I don't want to engage in the soup necessary to accomplish everything TemplateJinn now does for me -- unfortunately I maintain some sites that do employ the soup system. Thank you for the time and effort of explaining this. It sounds fascinating, and worthy of investigating. I will spend some time looking into this. Thanks again. DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Re: better way to mix html and php code?
Robert Cummings [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Here is an example of a layout template: - jinn:prepend/ html head titlejinn:pageTitle//title style type=text/css !-- jinn:template path=css/main.template/ -- /style jinn:accumulatorFlush name=javaScriptTags/ jinn:accumulatorFlush name=javaScriptTags dynamic=true/ // -- /script /head I'm curious ... how do you generally handle forms and urls? What if the programmer wants to add a link, something like: a href=page.php?op=Viewid=1234View my info/a How is the data (op=Viewid=1234) separated from the formatting? Thanks DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Re: Re: better way to mix html and php code?
Robert Cummings [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
On Mon, 2005-11-21 at 13:41, Dan Baker wrote:
There are two ways for retrieving data. The first you have seen is the
tag form, but obviously that's a problem when the data goes into a tag
:) For this there is the embed form (a simple example follows but data
can be retrieved from modules/components in the same way):
a href=page.php?op=Viewid={jinn:echo value={jinn:getValue name=_GET,
path=id}}
So, how do you go about having optional links? Like, admin people get a
button that other don't?
Thanks for the info!
DanB
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Re: Re: better way to mix html and php code?
Robert Cummings [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
On Mon, 2005-11-21 at 13:41, Dan Baker wrote:
I'm curious ... how do you generally handle forms and urls? What if the
programmer wants to add a link, something like:
a href=page.php?op=Viewid=1234View my info/a
How is the data (op=Viewid=1234) separated from the formatting?
There are two ways for retrieving data. The first you have seen is the
tag form, but obviously that's a problem when the data goes into a tag
:) For this there is the embed form (a simple example follows but data
can be retrieved from modules/components in the same way):
a href=page.php?op=Viewid={jinn:echo value={jinn:getValue name=_GET,
path=id}}
It appears that the data op=View is embedded in the html data. This seems
strange, because the PHP programmer is the one who needs to set this value,
not the page designer.
Also, the jinn:getValue seems a lot like programming -- The id value must
come from a database, based on who is currently logged in. I assume it can
be done, but seems like these queries would get rather complex, as well as
redundant. Seems like you are changing from programming in PHP to
programming in this new jinn language.
I am interested in how this works, but am skeptical.
DanB
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Formatting of a number
Scott Parks [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi- I have a number that I am trying to format. It is data coming from a main frame and has 8 characters assigned to it (6 and two decimal places). I have zerofill set up in MySQL on this field and am working on the best way to display the number. Currently I have this: $sOutput = number_format(rtrim($sValue,'0') /100,2); What I am running into is this, I have a number in this field as: 3145900, using the above I will get: 314.59, which is wrong, it needs to be 3,145.90. Yet, if I have a number of: 749450, I get the result I am looking for of 749.45. I did not see a way to tell trim I only want one 0 cut? Just convert the string into a number, and work with it as a number: // first, convert the string into a number (assuming 3 decimals, as your example shows) $nValue = floatval($sValue) / 1000; // then, format it $sOutput = number_format($nNumber, 2); DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: better way to mix html and php code?
[EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi to all, always wondered what's better way to mix html and php code. Here are three ways of the same code. Which one you prefer? (And why, of caurse :)) (snip) I think third solution would be the best solution? IF you are doing a complex site, then the third option is almost mandatory. You typically do not know what code will be in the header, until you have processed some of the page. Building the page as-you-go, allows for easy alteration of previously built HTML code. Complex sites are extremely difficult to create using the template approach, because of the variety of output. I would highly agree with James Benson about CSS. DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Re: better way to mix html and php code?
Robert Cummings [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Thu, 2005-11-17 at 14:34, Dan Baker wrote: [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi to all, always wondered what's better way to mix html and php code. Here are three ways of the same code. Which one you prefer? (And why, of caurse :)) (snip) I think third solution would be the best solution? IF you are doing a complex site, then the third option is almost mandatory. You typically do not know what code will be in the header, until you have processed some of the page. Building the page as-you-go, allows for easy alteration of previously built HTML code. Complex sites are extremely difficult to create using the template approach, because of the variety of output. Ummm... bullturds :) (snip) Now anywhere in the modules (which incidentally get loaded before the content), or anywhere else in a sub-template content can be accumulated in any of the above accumulator names. I have worked on plenty of complex sites, and my JavaScript and other content always goes EXACTLY where it's supposed to be, regardless of where the logic exists that determines it's need to exist. For instance to include on load javascript from any module: Looks very good. I rescind my previous post. I haven't worked with templates of this magnitude before. DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Create a numeric hash from a text string?
Quick-n-easy: int crc32 ( string str ) -- make sure to read the manual about the unsigned/signed issue. DanB Brian Dunning [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Does anyone know if there's a handy way to create a numeric hash from a text string? I'm trying to generate an integer as a sort of quick dirty checksum for text strings. Needs to be a decimal integer, not hex or otherwise. Any clever ideas appreciated. :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Good user comment system?
How about good ol' phpbb? http://www.phpbb.com/ DanB Guy Brom [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi all, Anyone familiar with a good user-comment system for PHP, preferably one that works with adodb and has thread-like design (where users can answer each other). Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PDF printing under windows.
Dave Lists [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
I'm generating PDFs under windows using PDFlib and all is easy. What I am
wondering though, and google reveals nothing usefull, can I print the PDF
to a network printer from windows? I'm presuming to print the file I would
ahve to use COM and open it under Acrobat? Anyone done this before and
have any pointers? I'm printing out invoices and what to automate the
task.
I print PDF files using the following code (which prints them to the default
printer):
SHELLEXECUTEINFO sei;
ZeroMemory(sei, sizeof(SHELLEXECUTEINFO));
sei.cbSize = sizeof(SHELLEXECUTEINFO);
sei.fMask = SEE_MASK_FLAG_NO_UI | SEE_MASK_NOCLOSEPROCESS;
sei.lpVerb = _T(print);
sei.lpFile = pFile;// - complete path to file to print
sei.hwnd = CDLBUtils::g_Data.m_hWnd;
sei.nShow = SW_HIDE;
if (ShellExecuteEx(sei) sei.hInstApp (HINSTANCE)32) {
// ok
} else {
// failed
}
Note1: You can change the default printer before calling this.
Note2: Acrobat will launch, and may stay running even after the printing
process has finished
DanB
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Question about including files and server load
Jay Paulson [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
I just started working with a new company and they handed me some of their
php code for me to look over. I noticed that they have a TON of include
files being called into their scripts. For example, instead of having one
file called functions.php and then having all their functions in that one
file they have put each function into it's separate file and then have a
define_functions.php file that creates each function. However, within the
function itself it declared something like this:
function xyz($abc) { return include(xyz_func.php); }
function abc($xyz) { return include(abc_func.php); }
I was wondering isn't this putting a bigger load on a server by including
so many files for each function? Also, I was wondering what everyone's
opinion was on this approach in terms of maintenance. Do you think it's
better practice to put all your functions in one file or do it in this
manner?
Fascinating!
The concept is that only the code that actually gets executed is ever
loaded/compiled. Pretty sneaky!
IF you had a gargantuan amount of code, that was tightly tied together --
yet, typically not much of it was really used on most pages -- this is a
pretty good design. I would be interested in some timing tests, but I'm
sure there is a point when this type of design would actually decrease the
load on the server (because, the only code that needs to be compiled is the
code that is executed).
DanB
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Server Time Out
Kevin Cloutier [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I'm new to this newsgroup and I'm psyched I found it. But, my newsreader (Thunderbird), keeps returning a Connection to server news.php... has timed out when ever I try to dload or refresh the messages. Anyone have a suggestions on what I can do? I'm assuming it's just a setting I need to change? I use gmane.comp.php.general to access the lists. They require a valid email address, but I haven't had any spam into this special email address I created. See: http://gmane.org/ DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: trying to figure out the best/efficient way to tell whois loggedintoa site..
Ben [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Dan Baker wrote:
The *main* reason I use $_REQUEST is so I can code up GET and POST pages
that all are handled by the same php functions. I may have an item
called Key that contains what the end-user is expected to be doing
(User.Create or User.Edit or whatever). Then I may have a link (GET)
that has ?Key=User.Create, while a form (POST) that has a hidden value
Key with value User.Create. I don't really care if it came from a
GET or POST -- if the data is all valid, I'll allow it to work.
How are you passing your values to your functions? If you stick to local
variables in your functions they won't care where you got the values from.
Deal with the post or get values in whatever script handles your form
submissions and have it pass the values on to your functions.
IE
In your post handling script:
$result=doSomething($_POST['this'],$_POST['that']);
In your get handling script:
$result=doSomething($_GET['this'],$_GET['that']);
Aha! I direct my form's to the *exact* same page as GET's, so I don't even
know if a POST or GET sent the data (generally speaking). A typical page
looks something like the following:
*Every* request goes to a single page (Maybe called Page.php), which does
session management, includes several files that every page needs, and then
decodes what page the end-user is actually interested in, something like:
$key = explode('.', danbRequest::clean('key', 'a0._'));
Now, $key[0] = the Primary key, the main critter the end-user is trying to
do.
and $key[1]... = secondary keys (maybe Edit or Create or whatever).
This first key is used to branch off to various pages to handle that
specific Key. Usually, I have 1 file per Key:
if ($key[0] == 'Account')
{
include_once('..\Account.php');
account_Handler($key);
}
else if ($key[0] == 'Cart')
{
include_once('..\Cart.php');
cart_Handler($key);
}
DanB
ps The above function danbRequest::clean() is a handy little function that
performs almost all my cleaning of $_REQUEST values. The first argument is
the name, the second argument is a list of valid characters to allow. The
example given (danbRequest::clean('key', 'a0._')) will look for
$_REQUEST['key'], if not found it returns false, if found -- it takes the
value and cleans it to only include 'a0._' (all letters, all digits, all
dots and underscores).
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: trying to figure out the best/efficient way to tell whois logged into a site..
(snipped)
Ben [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Gustav Wiberg wrote:
if (isset($_REQUEST[frmUsername])) {
$un = $_REQUEST[frmUsername];
If you're going to use $_REQUEST you might as well just turn on register
globals (no, don't!).
If you're expecting a post look for a $_POST, if you're expecting a get
look for a $_GET. Ditto with cookies. You really need to know where your
variables are coming from if you want a measure of security.
Why is using $_REQUEST a security issue? You know every value in the entire
array came from the end-user, and needs to be validated somehow. If your
code is written so the end-user can send this data to you via a
POST/GET/COOKIE, why not use $_REQUEST?
Just trying to learn.
DanB
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Re: trying to figure out the best/efficient way to tellwhois logged into a site..
Jim Moseby [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
(snipped)
Ben [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Gustav Wiberg wrote:
if (isset($_REQUEST[frmUsername])) {
$un = $_REQUEST[frmUsername];
If you're going to use $_REQUEST you might as well just
turn on register
globals (no, don't!).
If you're expecting a post look for a $_POST, if you're
expecting a get
look for a $_GET. Ditto with cookies. You really need to
know where your
variables are coming from if you want a measure of security.
Why is using $_REQUEST a security issue? You know every
value in the entire
array came from the end-user, and needs to be validated
somehow. If your
code is written so the end-user can send this data to you via a
POST/GET/COOKIE, why not use $_REQUEST?
Suppose you have a form that posts set hidden values. A malicious user
could modify the URI to change those values.
Which raises the question, in the scenario above, you may have an
identical
'post' value and 'get' value submitted to the same page. Which takes
precidence in $_REQUEST?
Interesting idea. But, a malicious user would probably send a POST, with
the modified hidden values. Using $_REQUEST may make it easier for them to
alter the values, but your php page needs to handle the possibility of
modified values anyway.
IF you have the identical POST and GET value-names, you will need to use
$_GET and $_POST to identify them. But, this isn't a security issue, more
of a coding-style issue.
So, I still don't see a security problem -- unless I misunderstood the
modified hidden post values issue.
DanB
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: trying to figure out the best/efficient way to tell whois loggedinto a site..
Ben [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Dan Baker wrote: Why is using $_REQUEST a security issue? You know every value in the entire array came from the end-user, and needs to be validated somehow. If your code is written so the end-user can send this data to you via a POST/GET/COOKIE, why not use $_REQUEST? On the one hand, you can't trust anything that came from the client, but on the other if you're expecting a variable to come from a cookie and instead it comes from a get you know something weird is going on, but using $_REQUEST you'll be oblivious. You ought to know where your variable values are coming from, $_REQUEST hides this. Interesting, but I think I wouldn't spend the extra code to detect if I was expecting a POST, but got a GET. If I didn't get the value from POST, I'd just assume it wasn't there -- I wouldn't go looking elsewhere for it, and report an error. The *main* reason I use $_REQUEST is so I can code up GET and POST pages that all are handled by the same php functions. I may have an item called Key that contains what the end-user is expected to be doing (User.Create or User.Edit or whatever). Then I may have a link (GET) that has ?Key=User.Create, while a form (POST) that has a hidden value Key with value User.Create. I don't really care if it came from a GET or POST -- if the data is all valid, I'll allow it to work. In older versions of PHP4 this is even more of an issue since $_FILE information was also included in $_REQUEST. If someone uploades a file while including conflicting information from another source (cookie, post, get) this could lead to all sorts of problems. I didn't know this one. This might cause problems for me. And the lazy guy answer... typing $_POST and $_GET is faster than typing $_REQUEST ;-). This is, by far, the best reason I've ever heard! grin DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: How large string in cookie?
Gustav Wiberg [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] How large can a string be in a cookie? (the value-parameter) If you need (or want) a lot of data stored in cookies, I recommend doing the following: store a single cookie with a unique id (something like CookieID=ajhciuy978kjn), then use this CookieID as a key into a database table, where you can store unlimited data for each browser. I've done this, and it works very nicely. Just, be careful about preventing cookie theft, if anything important is stored. DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Sessions, URL, --enable-trans-id
I am using sessions, but every relative URL gets a ?PHPSESSID=... appended to it. I'm assuming this is happening because of some setting that has been set in PHP. I work on an ISP server, so I don't have much control over the PHP configuration. Is there any way I can turn this feature off, even though I don't have access to the configuration files? Thanks DanB PS I'm using cookies to propagate the SID (which works), but the argument is still appended to every URL. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: sscanf() not returning info
Simon Fredriksson [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Can anyone tell me what is wrong here? ?php $data = a class=\new20030101\ href=\Zero01.jpg\Pic 1/a; $info = sscanf($data,a class=\%s\ href=\%s\%s/a); var_dump($info); ? One way to do this is: ?php $data = a class=\new20030101\ href=\Zero01.jpg\Pic 1/a; sscanf($data,a class=\%s\ href=\%s\%s/a, $class, $href, $text); echo Class = $classbr; echo href = $hrefbr; echo test = $textbr; ? Another way is: ?php $data = a class=\new20030101\ href=\Zero01.jpg\Pic 1/a; list ($class, $href, $text) = sscanf($data,a class=\%s\ href=\%s\%s/a); echo Class = $classbr; echo href = $hrefbr; echo test = $textbr; ? DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP vs. ColdFusion
Rick Emery [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Quoting Rick Emery [EMAIL PROTECTED]: My employer has (finally) decided to take full advantage of our intranet, and wants to move from client-server applications to web-based applications. [snipped] Any input would be greatly appreciated. Opinions are welcome (especially from programmers with experience in both), but I have to sell it to management (I'm already on the PHP side), so links to data or articles comparing the two are best. Ugh, we're *never* going to make a decision. My boss just sent me this email: [snipped] Anybody care to provide words of wisdom to me before I meet with her? I hate doing this, as I'm sure everybody has better things to do, but I *really* want to sell PHP. Background Info I've been programming since around 1974. I've been using PHP for the past 5 (or so) years. I've always used PHP in conjunction with a MySQL database. I've used PHP/MySQL for two public websites, that are still running nicely today. /Background Info I'm currently using PHP/MySQL for an internal-use-only database. Some of the statistics of this internal-website are as follows: The actual PHP source code is over 668KB in size. There are 50 tables in the database, using over 4MB of disk space. The largest table has over 20,000 records in it. In the past week, MySQL has had the following stats: 471MB of traffic 500,000 queries This internal-website is used by our customer service center, as well as our Sales team. It is easy to maintain or upgrade. DanB PS: The application we sell is written in C++. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP MySQL insert
Jon [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Please help with an insert problem. Sometimes $data1 could have a comma and that messes up the insert. how do I get around that? $query = insert into testtable6 (indx, col1, col2) values (NULL, '$data1', '$data2'); mysql_db_query(testdb, $query); You are looking for the addslashes function. It prepares data for database querys: $query = insert into testtable6 (indx, col1, col2); $query .= values (NULL, ' . addslashed($data1) . '; $query .= ,' . addslashed($data2) . '; mysql_db_query(testdb, $query); Also, you will need to use the removeslashes function when you get data from a query. DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
