Re: [PHP] Mysql strategy
Chris wrote: David Tulloh wrote: Dotan Cohen wrote: If I have to perform 30 LIKE searches for different keywords in a varchar field, which strategy would be recommended: 1) 30 searches, one for each keyword 2) To select the varchar field from all the rows, and search through them with php's array functions? It's not going to make a great deal of difference if you do the processing in the MySQL or the PHP, in this case it's basically the same operation in each. I suspect that efficiently recreating the LIKE functionality in PHP wouldn't be trivial to do, if you are just doing straight comparisons the MySQL STRCMP function should be faster. I'd say there will be a big difference. Pulling in 10,000 entries from the database and then sorting them in php will take a lot of memory (and database time to retrieve all of the entries). Getting the database to restrict that number of entries will take a little time but it doesn't have to return all entries, your php memory won't blow out and it won't have bugs in it. Yes, of course, much better to run it in the database, my bad. I was concentrating far too much on the processing complexity. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Regular expressions
John Meyer wrote: Is there a way to make a regular expression to match on a particular way the letters are arranged? For instance, if you had a word: THAT It could match on any word in the dictionary that had the form: 1231 I think something like this might be possible using lookbehind assertions. It's not the kind of pattern that regex was designed for though, it would probably be easier to write the processing using PHP character indexing. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Mysql strategy
Dotan Cohen wrote: If I have to perform 30 LIKE searches for different keywords in a varchar field, which strategy would be recommended: 1) 30 searches, one for each keyword 2) To select the varchar field from all the rows, and search through them with php's array functions? It's not going to make a great deal of difference if you do the processing in the MySQL or the PHP, in this case it's basically the same operation in each. I suspect that efficiently recreating the LIKE functionality in PHP wouldn't be trivial to do, if you are just doing straight comparisons the MySQL STRCMP function should be faster. If you are worried about the speed of this query I'd suggest rethinking your database structure. Text field comparisons will always be relatively slow compared to numeric comparisons or numeric lookups. My reading of this query however is that it should be 30 OR comparisons, no joins involved. In this case the query will scale linearly with your database size so you shouldn't worry too much about it slowing down over time. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] One-page password-protected file
Breaking this down you have a hardcoded password. In the script you store a hash of the password rather than the actual password. Upon first access you take a hash of the password and compare it against your stored hash. If it's a match you have an authentic user. The authentic user is then supplied with a cookie that contains a hashed version of your hash. On further logins you check the cookie information against a hashed version of your stored hash password. I think that this last step is really very flawed. You gain nothing against people finding the cookie file on the harddrive because the hashed version in the cookie is enough to access the page as a logged in user. You gain nothing against people sniffing the traffic to get the password, they already have the password from the first page, they can also pick up the cookie from the traffic and simply reuse it. You actually allow someone who sees your sourcecode to log in as they can calculate a hash on the string in your file and feed that in as a cookie. Hashing a hash is in general a bad idea as you actually decrease the randomness. I think the best option would be to store the original password in the cookie and hash it on each page access just as you currently do for the first access. David Dotan Cohen wrote: > I'm in the horrible situation where I need a one-page script to hold > it's own password and validate itself. I coded this together, I want > this lists opinion as to whether or not it holds water, considering > the circumstance: > > > $sha1_pw="5218lm849l394k1396dip4'2561lq19k967e'30"; > > if ( $_COOKIE["password"] != sha1($sha1_pw) ) { >$varis=explode("/",$PATH_INFO); >$pre_password=explode("&",$varis[1]); >if ( sha1( substr($pre_password[0],0) ) == $sha1_pw ) { >setcookie("password", sha1($sha1_pw) ); >header("Location: ".$_SERVER["SCRIPT_NAME"]."/".rand(999,9)); >exit; >} else { >print "Fvck Off"; >exit; >} > } > > // REST OF PAGE > > ?> > > The idea is that the user could call the page like this: > http://server.com/directory/page.php/MyPassword > and the page would refresh to not show his password, yet keep him logged > in. > > Thanks for any and all input. > > Dotan Cohen > > http://nanir.com > http://what-is-what.com/what_is/html.html > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Passing JAVASCRIPT variable to PHP Script...
Captain wrote: > Hi geeks, > i am uploading a file to server. Uploading part is working fine. i > am struggle with minor part. actually before uploading file, i am checking > for existance of a file. If it is not exists, directly i am uploading that > file. If it exists, i sud ask user that "This file is exits. Do You really > want to Upload it?"...If YES, i will overwrite it. otherwise, i won't do > anything. > i am using javascript for popup windows. i used confirm() > function(CANCEL / OK). > the problem is, i am not able to get the variable value for php > script. Of course, php is server side programming language & javascript > client side programming language. > Plz see my code & give the solution. You hit the nail right on the head, javascript is client side, PHP is server side. This means that PHP completely finishes it's execution before the javascript starts to run. To get this to work you need to do most of the work in the javascript. Prompt the user for the file and the filename. In javascript send a request to the PHP server and pass the filename as a GET or POST variable. The PHP script that recieves this checks if the file exists and echos true of false for the javascript to recieve, the PHP script then exists. The javascript recieves this value and prompts the user to confirm if the file exists. The javascript can then handle the false value or make an upload request if the file is to be sent. This kind of processing is generally refered to as AJAX, searching on that term will give you a whole pile of examples. David PS: Geeks isn't normally seen as a complimentary term. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Set Variable = Long HTML String?
You can mingle double and singal quotes. So choose one for the PHP quotes and one for the HTML quotes, HTML will use both interchangably. For example your string could become: $var = " Hey all. > > I'm overhauling my PHP based CMS and want to know how to set a variable > equal to an HTML string, but without having to escape all the quotes! You can mingle double and singal quotes. So choose one for the PHP quotes and one for the HTML quotes, HTML will use both interchangably. For example your string could become: $var = " Example: > > $var = " > onChange="MM_jumpMenu('parent',this,0);"> >News Options >doc_path > ?>admin/news/add/1/>Add >doc_path > ?>admin/news/update/1/>Update >doc_path > ?>admin/news/delete/1/>Delete > > "; > > This will die due to all the unescaped strings, not to mention the $this->doc_path ?> statements. > > How to pull this off? I don't want to include the HTML snippets as they are > "sprinkled" throughout my classes. > > TIA, > > --Noah > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP 5, PDO in debian
Martin Marques wrote: > Does anyone have an idea on when PDO is going to be available in Debian? > not a clue... http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348882 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] alternatively
Ross wrote: > How can I get this line to work > > $mail_body .= " sans-serif\"> Title: $row['title'] "; > > The $row['title'] variable is the problem. Drop the quotes when you are inside a quoted string. $mail_body .= "... Title: $row[title] "; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] a function for retuned vatiable
extract() - http://www.php.net/extract - does what you are after. However often it's easier to handle the array as you have a better idea of what variables are available, particularily if you are working with multiple tables. Ross wrote: > What I need is a quick way to assign variable names to the same value of the > row name. > > example.. > > $query= "SELECT * from $table_name WHERE sname=='hulford'"; > > $result = mysql_query($query) or die('Error, query failed'); > while ($row=mysql_fetch_array($result)) { > > > $email = $row['email']; > $name=$row['name']; > $address = $row['address']; > > //this goes on for 30 fields is there a way to automate this? > > > } > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] People who bought this also bought (amazon style) functionality...logic problem
You have a User table and a Product table, then a linking table that joins users with products that they have bought. Given product A you get all users {B} who have bought product A, you then get a list of all products {C} that they have bought. You group {C} by product and get a count, order by the count, return the product and limit the query to return only 5 entries. All this is possible in one SQL statement, the SQL is left as an exercise to the reader. As this is an O(n^2) query it won't scale particularily well, so you should cache the results somewhere, probably in the product table. This could be regenerated every week or two as it doesn't actually need to be very current. David Ryan A wrote: > Hey all, > > I want to write a "module" for xcart (a commercial > 'shopping cart') which would be like what Amazon.com > offers when you go to shop on their site... when you > click on a product to see its details you get a little > box below that recommends more products based on what > others have purchased > > eg: > If you click on a toy helicopter it would recommend > extra rotor blades,landing gear etc > > eg 2: > If you click on Eminem's latest album it would show > you his other two albums that people bought with this > album > > etc > > I'm trying to work out the logic to do this... and > quite frankly have hit a brick wall. > > So far: > --- > I was thinking when someone (Joe) purchases X with > product id Y I would put that in a seperate table, > then when someone (Jane) else comes looking at item Y > I would display everything that Joe bought... > but then it gets a little complicated, if Jane buys Y > and other stuff that Joe didnt buy... how do I merge > what Joe and Jane bought to display to the next > visitor? (I can only dispaly 5 recommendations at > once) > > > > I would appreciate any tips/advise and code you can > give me, would be fantastic of course if you have > worked with xcart or have already done this. > > (shameless plug) > I think this was one of the suggested features of > Dan's open source PHPCart > (http://code.google.com/p/phpcart) unfortunatly I dont > have the OO skill to take part in that project and no > time either as we need a cart immd. > Note: > I dont get anything for recommending the above cart > (or xcart for that matter) but if you are interested > in joining a free os cart project, you might want to > think of looking into the above. > > Thanks in advance, > Ryan > > -- > - The faulty interface lies between the chair and the keyboard. > - Creativity is great, but plagiarism is faster! > - Smile, everyone loves a moron. :-) > > __ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Print or Echo takes lots of time
Google Kreme wrote: > On 25 Sep 2006, at 06:11 , Sancar Saran wrote: > ... > > If this is generating hundred of K of HTML, use ' instead of " > > (yes, it's faster). > I've seen this stated several times and at first glance it seems to make sense. The double quoted version has all the \n and related characters that need to be handled. Except that php is a C program and uses the printf family of functions. This means that all the single quoted strings actually have to be converted to escaped versions of double quoted strings, so internally '\n' becomes "\\n". You can see this in some benchmarks, I ran the following script and a single quoted version from the command line. I ran each 10 times, interleaved to try to balance changes in the system load. I found that the double quoted version averaged 5.5516 seconds against the single quoted script of 5.5627. Which really goes to show that while the double quoted version is faster the difference is almost completely irrelevent. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mail() help
Your email is going to the bulk mail folder because the email provider believes that it's spam. It's nothing specifically wrong with your email, there is no "this isn't spam" flag, otherwise everyone would set it. To figure out why the email is being marked as spam, check the program that is doing the filtering. Most of the filtering programs will list the tests which matched in the headers. You can then try and fix the problems highlighted. A few suggestions from what you provided below, I believe your From header is incorrect. You could try not sending HTML in the message or sending properly formed and MIME typed HTML, along with a non-HTML version. David suresh kumar wrote: > Hi, > I am using php mail function to send mails to our customers.but when i > send mail to them.it is getting received in customers bulk folder .i want > mail to get received in customers inbox.i dont know the reason why its > getting stored in bulk folder. > >i attached the code.below,any one help me > > $to='[EMAIL PROTECTED]'; > > $subject='Password from MyAdTV'; > > $headers = 'MIME-Version: 1.0' . "\r\n"; > > $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; > > $headers .= 'From: MyADTV @yahoo.co.in>' . > "\r\n"; > > $headers.= 'X-Mailer: PHP/' . phpversion(). "\r\n"; > > $sendmessage = "Here is the information you requestedYour > Logon name and Password details for MyADTV Account your LogonName > is : suresh your Password is rajaysIf You Want > To Login into Your MyADTV Account, href=\"Click'>http://myadtv.com/login.php\";>Click Here"; > > > mail($to,$subject,$sendmessage,$headers); > > > Christopher Weldon <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > suresh kumar wrote: > >>Hi to all, >>i am having one doubt regarding php mail function.i am using php mail() >>function to send mail to the users.but when i send mail throught php its >>going to the users bulk folder but not to the user inbox.i dont know the >>reason. >> >>Is there any setting that is requried in the php.ini file (or) the user have >>to change their setting in their mail (or) is there any option available to >>send mail to the user inbox.tnxs for reply >> >>A.suresh >> >> >> >> >>- >>Find out what India is talking about on - Yahoo! Answers India >>Send FREE SMS to your friend's mobile from Yahoo! Messenger Version 8. Get it >>NOW > > > There are several things you need to check for, and probably add to your > emails that you're sending. > > Number one, add additional headers to make SPAM / Bulk filters realize > the message is not SPAM or should not be considered SPAM. IE: > > $headers = "From: Suresh Kumar \r\n". > "X-Mailer: PHP 4.3.2\r\n". > "X-Sender: $_SERVER['HTTP_HOST']\r\n". > "X-Comment: If you can put a comment here, do it.\r\n"; > > mail($to, $subject, $body, $headers); > > The above is considering you have already declared the $to, $subject, > and $body variables. Also, make sure your $subject is not > 'undisclosed-recipients;' or something like that - it's a big no-no and > will definitely flag some SPAM filters. Put a valid e-mail address - but > you can still use the BCC-headers and everything should go just fine. > Alternatively, if your list is not too large, it looks better to run a > for / while loop to send each recipient a message directly (ie: not > using BCC) as that will cut down on the SPAM probability. > > Second, if you are making MIME emails, make sure you are doing so > correctly. You can learn about creating multipart/alternative MIME > emails more at www.php.net/mail. > > Finally, if none of the above works, it would be helpful for us to see > the headers of the received message from one of your recipients where > the message was put in the BULK folder. > > - -- > Christopher Weldon, ZCE > President & CEO > Cerberus Interactive, Inc. > [EMAIL PROTECTED] > 979.739.5874 > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.1 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFFBaG2Zxvk7JEXkbERAgZiAKCJVQfno2fAca13Sx7aXPWD2WMgUwCeOMBX > grbViYDnAXXy8l1i4liVHzE= > =ka5I > -END PGP SIGNATURE- > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] does magic_quotes_gpc prevents sql injection through forms?
With magic_quotes_gpc or addslashes it's harder to do injection attacks but it's still possible. http://shiflett.org/archive/184 demonstrates an attack using php and mysql with multi-byte characters. I think the more likely attack is actually due to how annoying magic_quotes is. You have to remove it to do any work, then you have to remember to put it back on because you aren't escaping your sql. A final point is that it looks like magic_quotes will be removed from PHP6. David Reinhart Viane wrote: > After some comments on my code I went on a 'fieldtrip' to learn about sql > injection... > > Now after testing some examples with single and double quotes and mysql > comment (--) I haven't find any way to insert edit or delete any data in the > database. > The loginscript is rather simple: > > $query="SELECT FROM persons WHERE login='$login' AND password='$password'"; > $result=mysql_query($query) or die(mysql_error()); > > The form has action POST. > Now magic_quotes_gpc escapes every quote I insert. > > Does this mean with magic_quotes_gpc on I am secured enough concerning > mysql-injection through forms? > > Thx > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Comparing strings... need advice. :)
Micky Hulse wrote: > Hi, > > I am looking for the most secure/efficient way to compare these two > strings: > > /folder1/folder2/folder3/folder4/ > /folder1/folder2/folder3/folder4/file.php > > Basically I am trying to setup as many security features as possible for > a simplistic (home-grown/hand-coded) CMS... > > This appears to work: > > $haystack = '/folder1/folder2/folder3/folder4/someFileName.php'; > $needle = '/folder1/folder2/folder3/folder4/'; > if(substr_count($haystack, $needle) === 1) echo "yea"; > > Before making changes to "someFileName.php" I want to make sure it is > within the allowed path ($needle). > > I would appreciate any advice. Even RTFM is cool. :D > Using your technique I would try an attack like: '/etc/passwd;/folder1/folder2/folder3/folder4/' or '/folder1/folder2/folder3/folder4/../../../../etc/passwd' or some other variant depending on how you then use the file. I'm a big fan of lists of allowed files, typically I use aliases too. $allow_files = array('page' => '/folder/.../filename.php'). This list can be automatically generated and used by mod_rewrite to boost speed. By using a fixed list of files like this it's impossible to be attacked on your filename. Assuming you don't want to go that strong and want to allow your users to set the filename you have to try and lock down the path. By not allowing them to change the path you can hold them in the directory you set. Check for any / characters and reject or strip them out. Use '/folder1/folder2/.../'.$file. It's vital if you do this that you don't allow any way to upload files in to the directory you execute from. If you want to allow them to set the path or part of the path then the check gets far more complicated. You have to catch .. and // patterns, ensuring that you don't combine to form a // and catch cases like '.\./'. If you need to have multiple directories I would strongly suggest using dynamically generated fixed lists. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Emphasizing first letter of string?
Micky Hulse wrote: > Hi, > > It is getting late, and I do not think I am thinking clearly... > > What would be the best way to wrap tag around the first letter > of a string? > > I know it has to be a combination of str_replace() and substr(), but due > to my level of sleepiness I am having a lot of trouble working this one > out... > > Basically, if a config variable == true I want my script to loop through > an array of strings and emphasize the first letter of each string. > > Make sense? Sorry, I am pretty sleepy... Hmmm, I am betting I will > discover the answer as soon as I send this email. :D > > Anyway, any help would be great! It sounds like you really need some sleep. $string = "hello world"; echo "".$string{0}."".substr($string, 1); David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] array problems
Chris G wrote: > Hi all > > Having a prob with a php script... > > 3 arrays > > $datay1=array(140,110,50,60); > > $datay2=array(35,90,190,190); > > $datay3=array(20,60,70,140); > > which have to be passed to a class like this > > $gbarplot = new GroupBarPlot(array($bplot1,$bplot2,$bplot3)); > > if I get data from a database, how can I automatically increment the $datay > > arrays. for instance > > currently with my loop that follows, I am only creating one array > > ($data1y) - but I now need to create various from user input. > > $query = "SELECT rep_value_perc FROM report_values WHERE rep_l_per_id = > > '$_GET[per_id]'"; > > $result = mysql_query($query) or die (mysql_error()); > > while($line = mysql_fetch_array($result)) { > > $data1y[] = $line['rep_value_perc']; > > } > > This gives me just the one array from the above example, $datay1. How would > > you dynamically create the all of the above arrays? > > At present the $_GET[per_id] is only one value $_GET[per_id] = 2 > > What happens when it becomes more than one, like $_GET[per_id] = array > > (1,2,34,4,561,334) > > If I need to assign each one of the $_GET[per_id] a new $data array > variable > > in the loop above how would you do it? > > Am I making sense? > > Thanks to anyone that reads this... > > Regards > > Chris > I'm going to attempt to summarise what you said, or my interpretation of it. You want to create a dynamic list of variables based on the users input, those variables happen to be arrays. I would suggest creating a data array. This array will contain a series of arrays built from the user input. The following psudo code will achieve this. foreach ($user_input_array as $user_input) { $data_member = array(); # Create an empty array Do SQL query stuff foreach ($sql_results as $sql_member) { $data_member[] = $sql_member; } $data[] = $data_member; } You can now do your function call as $gbarplot = new GroupBarPlot($data); And now a bit of bonus advice. The SQL query that you provided earlier has a giant SQL injection attack problem. I'd recomend reading a little about SQL injection attacks and getting it patched up. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Easier way to get the name of a variable?
Chris W. Parker wrote: > Hello, > > After some "intense" searching of Google I found one example at > http://us2.php.net/language.variables on how to get the name of a > variable. But it looks pretty expensive. > > > > Anyone aware of a simple language construct(?) that can do this? I'm on > PHP 4.3.9. > get_defined_vars() can get you a list of all the currently defined variables. If you have the value of the variable, you can use array_search() to find the (first) key. I do have some misgivings about what you are trying to do though. I can't see a case where this would be the best way to solve a problem. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Best way to get PHP5
Chris W. Parker wrote: > Hello, > > Generally (well, actually 100%) I just use whatever version of PHP is > included with a certain distro (Redhat pre-Fedora, Fedora Core, CentOS). > None of the versions I've used have come with PHP5 and I'd really like > to get with the times and use PHP5. > > I know that Fedora Core 5 offers PHP 5.1.2 but I've heard some negative > things about it in general (FC5). > > I've never compiled PHP myself so admittedly I'm a bit skeered... Is the > recommended path to just go with whatever distro I prefer and then > download PHP5 from php.net and install it myself? > Virtually all distros should have php5 as an option these days. Though frequently it's named php5 rather than simply php. Debian, and probably several other distributions, only offer it in their testing branch. As a general rule I would recomend not installing from source, you can seriously damage your system with multiple versions of programs, files going in places they shouldn't and running in to dependancy hell. The distributions that I am familiar with provide packages for the php extensions so you don't have to recompile to add them. IF you do install from source, using your package management system to grab the source dependancies can simplify things significantly. On a Debian based distribution this can be done with `apt-get build-dep php5`. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Regular expression to find from start of string to first space
Dave M G wrote: > PHP, > > Shouldn't this regular expression select everything from the start of > the string to the first space character: > > $firstWord = preg_match('#^*(.*) #iU', $word); > > It doesn't, so clearly I'm wrong, but here's why I thought it would: > > The enclosing has marks, "#", I *think* just encloses the expression. I > was told to use them before, but I can't find them here: > http://jp2.php.net/manual/en/reference.pcre.pattern.syntax.php > > The caret, "^", says to start at the beginning of the line. > > The first asterix, "*" after the caret says to use any starting character. Here's where you go wrong. The * means match the previous character 0 or more times. In this case I'm actually not sure what it would do. Given that you grab everything with the (.*) the first * is not needed at all. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PDO and PGSQL: ERROR: syntax error at or near "SET"
Erik Gyepes wrote: > ... > $query = "INSERT INTO users SET uid = :uid, login = :login, password = > :password"; > ... > When running the script I get the following error message: Error!: > SQLSTATE[42601]: Syntax error: 7 ERROR: syntax error at or near "SET" at > character 19 > The INSERT INTO ... SET ... syntax is not standard SQL. It's a mysql extension that isn't supported by any other sql databases, such as postgresql. The proper insert syntax is here: http://www.postgresql.org/docs/8.0/interactive/dml.html#DML-INSERT David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Image list performance ISSUE
Andy wrote: > ... > I want to know... is this a big performance issue or not(the image is handled > by php and not by apache directly) > > OR... > > Is there any other way to handle this situation??? > > Thanx, > Andy. I'd recomend doing a bit of benchmarking to figure out if the performance hit is acceptable. Using php is the easiest solution. Assuming that PHP is too slow for you, you can actually solve this issue with some abuse of mod_rewrite. You can use cookies to control the access by using the cookie variable with mod_rewrite, it's accessible as HTTP_COOKIE. You will need to parse the cookie string yourself. This allows you to do something like link to user.png and set a cookie user=35 and have mod_rewrite change it to access the 35.png file. You can also do things like block anything that doesn't match 35.png. You can't do anything fancy like DB based permissions though. Using cookies is still not secure however. You can obstuficate it fairly well but a determined user can still get around any cookie protections. You can beef up the mod_rewrite to handle this by using an external program via RewriteMap and php session files, even database access is possible. However 99% of the time I don't think that it would be worth it. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sending data to persistent process stdin
Ville Mattila wrote: > Hello readers, > > I have been thinking of making a simple web-based interface to control > my media center box (running debian linux). Being a bit enthustiatic, I > thought I could use some generic tools for playing media files and write > the whole UI by my own. > > I found mpg123 program that can be run in "remote mode" (mpg123 -R) so > that playback can be controlled via stdin. Writing "LOAD " to > the stdin will begin output, "PAUSE" will stop it and so on. > > How could I use PHP and its process functions to send something to stdin > of a persistent process? I would like to run mpg123 only once, > whichafter a few PHP scripts would send data and proper commands to its > stdin. Maybe a kind of daemon process would be needed? Anyway, sending > data to a daemon can be problematic... Maybe a kind of socket wrapper? > Well - I have no experience about socket functions of PHP... > > Tips and tricks are welcome, or should I just go to the local hi-tech > market and by a CD player LOL :D > I have done something similar using both mpg321 and madplay. However I used signals rather than holding open stdin. It's a little ugly but very simple, From memory: STOP pauses CONT resumes QUIT causes it to stop playing and terminates the process To play a new song, start a new process. USR1 does something, I think USR2 does something too. I just can't remember what. There should be documentation for mpg123 that explains all the signals and how it reacts. If not you could find it fairly easily by browsing the source. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] memory leak - how to find it?
Robin Getz wrote: > I am trying to debug a php script that I downloaded, which has a memory > leak in it. > > I was looking for a way to find what variables were in php's memory, and > what size, they were, but I couldn't find anything? > > The script is a off-line wiki conversion tool (walks through a wiki to > create a bunch of html files for off line viewing). As the tools walks > the files, and does the conversion, I can see the memory consumption go > up and up as it walks the files, until it hits the mem limit, and crashes. > > Any suggestions appreciated. > > Thanks > -Robin > xdebug has some advanced tools to help you track down these kind of problems. I believe that there are also some other similar php debugging extensions. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] sorting in array
weetat wrote: > Hi all , > > I have array value as shown below, i have paste my test php code below: > I have problem when doing usort() when 'country' = '', i would like to > display records where country = '' last. Any ideas how to do that ? > ... You might try searching the list's archive's. This question has been asked and answered several times before. http://aspn.activestate.com/ASPN/Mail/Message/php-general/3172783 http://aspn.activestate.com/ASPN/Mail/Message/php-general/3199536 http://aspn.activestate.com/ASPN/Mail/Message/php-general/3212898 one of the solutions offered: http://aspn.activestate.com/ASPN/Mail/Message/3172873 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] xml v php question
Larry Garfield wrote: > Disable short tags. > > If short tags are enabled, the PHP parser sees the mode. It then starts parsing the "xml" and sees that it's not proper PHP, > and freaks out. > > You can: > > a) Use PHP to print out the XML declaration as a string: > '; ?> > > b) Disable short tags so that the PHP parser ignores > The correct answer is (b). (PHP 6 won't even have short tags, so get used to > not having them.) > Can you find anywhere where this was announced? I don't recall seeing any decision on it. A quick search found several mentions of the devs deciding to keep short tags when going from php 4 to php 5. The php 6 todo list shows that <% will be removed but http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] pg_query and COPY in transaction
Luis Magaña wrote: > I have the following code: > > pg_query($conn,"BEGIN TRANSACTION; > DELETE FROM codigo_postal; > COPY > codigo_postal(codigo_postal,asentamiento,tipo_asentamiento,municipio,estado) > FROM '$tmpfname2' DELIMITER '|'; > COMMIT"); > > It is suppoused as I understand it, that if an error occurs on the copy > statement, then the codigo_postal table should still have all of the > previous records. Actually I've tested it within psql and it works as > expected. > > However, the shown code does not. If an error occurs on the copy > transaction, the data on the table gets deleted. > The above code looks like it should work. I have done similar stuff in the past. A useful trick that you might like to try is that PHP automatically will automatically wrap a query with multiple parts into a transaction for you. I believe it will also do slightly more advanced clean up of the commit/rollback than the default. Doing it this way might work better for you. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend Studio, phpMyAdmin, and mysql.sock
This sounds like a Zend Studio problem and question. It could possibly be a MySQL or even a phpMyAdmin question. It doesn't really have anything to do with PHP. You paid Zend for the product, ask them how it works. David Dave M G wrote: > PHP List, > > I am trying out Zend Studio for editing and debugging my PHP scripts. > > When I first ran it, it kept giving me this error: > Can't connect to local MySQL server through socket /tmp/mysql.sock > > After some research on the web, I found that this could be solved by > editing /etc/mysql/my.conf so that it said: > socket = /tmp/mysql.sock > > I was not thrilled about the idea of changing my MySQL server to meet > the needs of one application, but I wanted to see if it would work, and > it does. > > But, now phpMyAdmin doesn't work, saying: > The server is not responding (or the local MySQL server's socket is not > correctly configured) > > So what I really want to do is put my /etc/mysql/my.conf file back to > the way it was, and make Zend listen on mysql's default socket, not on > /tmp/mysql.sock. > > But, after much searching on the web, and in the Zend forums, I can't > find any information on configuring Zend in this matter. > > What do I need to do to make Zend listen on the MySQL socket that I want > it to listen on? > > (Which, by the way, is /var/run/mysqld/mysqld.sock) > > Thank you for any advice. > > -- > Dave M G > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sanity checker?
Ezra Nugroho wrote: > It was a long time since I post any question to this list, like back at > php 3x time. Boy, a lot has change now. > > So I actually did kick some funny bones, not quite flames yet. And > that's good, I don't really like that. > > > We aren't going to take the time > to answer a rhetorical question when you can STFW, RTFM, or RTA. > > > Who are "we"? I hope you are not talking about php community in general. > I would be really sad if that's true. Unfortunately, it seems like > that's the trend in this list. I want newbies to succeed, hence my talk > about such tool. O.W. newbies will go to RoR instead. > > Anyways, > > Have you ever seen things like > > for ($i = 0; $i < count($some_array); $i++) { > //do stuff > } > > > Do you know how slow it is if $some_array gets big compared to > > $array_count = count($some_array); > for ($i = 0; $i < $array_count; $i++) { > //do stuff > } > > > Of course you do! > But newbies might not Of course! Every time you ask for the count of an array PHP loops through every item meaning that a doing many counts on a large array (an O(n^2) operation) reduces your program to a crippling crawl. Hang on a tic, that doesn't sound like the PHP that I know. PHP knows the size of the array, doing a count(array) just returns an existing internal number. The count() function doesn't get any slower with the array size and calling a simple function isn't significantly slower than accessing a variable. In fact, the above examples with an array of 100,000 elements didn't result in either script being consistantly faster than the other. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] design?
Sjef wrote: > Hi there, > > I am starting a new, very small project. A simple question and answering > form. In one screen, question and answer can be typed, the strings will be > saved in a database table questions which holds question and answer (as > there is only one answer to a question). There will be a webpage displaying > all the questions, clickable to the webpage of the answer to the question > clicked. > > I want to create a class Question for dealing wiht the questions and a class > answer for the answers. Each could contain an array with the their part of > the content of the database table. The class Question manages the class > Answer, so when instantiating the Question, the Answer will follow. > Beside of this I want to create a 'visual' component class that creates the > lists as displayed on the webpage. > > Is this a good idea? Or should I not bother, and just create one class > Question that also deals with the Answers. > You have essentially three pages: one that displays a form and inputs the entered data to a database; one that gets a list of questions from the database; one that displays a specific question/answer pair. As a ballpark estimate, I'd say that the above should be possible in under 100 lines of PHP code. You are looking at creating a Question class, an Answer class and a Visual/List class. The net result being that you double the number of PHP files and considerably increase the amount of code, there isn't much opportunity for code reuse here. Now, if the objective is to play with php OOP then go ahead. I would even suggest a DB class, a TableRow class, the Question and Answer then inherit from the TableRow, a TableRows class from which your List class would inherit. Maybe throw a few in to control the templates etc. as well. If the objective is just to get the job done and the site out, I don't see why you should bother with OOP at all. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] working on a template system...
Martin Alterisio wrote: > 2006/6/28, Jon Anderson <[EMAIL PROTECTED]>: > >> >> I really don't understand why people have such disregard for PHP as a >> template system... I'm not saying one way is better or worse (it's >> really a matter of preference), just that the PHP way isn't implicitly >> bad or messy... >> >> /* The Smarty way */ >> $smarty->assign('display_variable',$display_variable); >> ... >> {* template *} >> >> {foreach key=key item=var from=$display_variable} >> {$key}{$var} >> {/foreach} >> >> >> /* The PHP way */ >> >>$var) { ?> >> >> >> >> >> Is it really *that* bad? >> >> jon >> >> [snipage] >> > Have you (all of you questioning the use of templates) ever worked in a > project with more than one developer, where part of the team ARE NOT > coders? I have. > WE understand code, but that's not the case for everyone else. Graphic > designers don't like code, they even don't like html for crying out loud (I > think they have a good point there btw). Editor, writers, marketing people > they all give a damn about php and the like, but, still they need or > want to > mess up with how things look like, and they really don't like the idea of > having to wait two laboral days to change the fricking color of a link, or > have an newsletter email typo corrected. They need templates, they love > templates. Just put it in dreamweaver (or the like), fix the look, upload > and we're back on business, why the hell should I have to call the damn > coder? The problems that you outlined above have nothing to do with the template language used, more about the structure of the site and the level of control given to the content developers. Having a simple content specific file which the content developer can change directly is a basic must. Having that file contain smarty template magic or straight php template magic is a far less important question, why bother with smarty when php will work just as well? The biggest issue I see with using php as a template language is that too much control is given to the content developers. You don't want some smartarse throwing complex code around, hacking or opening holes in your security or creating nasty bugs. > > [sniped pointless flame] BTW: My prefered template varient of the above loop. $link): ?> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple "if()" statements
Grae Wolfe - PHP wrote: > ... > want. Any help would be great! > > > if($row[1]="none") { > print(""); > print("$row[0] $row[2]"); > print(""); > } else > if($row[1]=$row[2]) { > print(""); > print("$row[0] $row[2]"); > print(""); > } else > print(""); > print("$row[0] ($row[1]) $row[2]"); > print(""); > Indenting is your friend, indented version of what you had. if($row[1]="none") { print(""); print("$row[0] $row[2]"); print(""); } else if($row[1]=$row[2]) { print(""); print("$row[0] $row[2]"); print(""); } else print(""); print("$row[0] ($row[1]) $row[2]"); print(""); The bigest problem with the above is that both the else becomes unclear when they finish due to the lack of {}. The ifs should also be using an == instead of an =, you want to compare not assign. I'm also going to throw in an elseif for fun, to get this (hopefully) improved version: if($row[1] == "none") { print(""); print("$row[0] $row[2]"); print(""); } elseif($row[1] == $row[2]) { print(""); print("$row[0] $row[2]"); print(""); } else { print(""); print("$row[0] ($row[1]) $row[2]"); print(""); } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql-* versus db_* statements
It's currently a little bit late in the US and you only waited 2 hours since your last post. While this is an international list the majority of the posters are US based. Not getting a response within two hours at this time is not unusual and you should probably be more patient. As for your problem, what is DB.php? Is it the pear DB class? You can't mix mysql functions and pear DB functions like you are doing. You should choose one or the other and stick with it, mixing them is just trouble. As for your final statement, you can do everything with the built in mysql functions that you can using DB.php. DB.php simply wraps the mysql calls. If you choose to go the DB route, you should probably try the pear list, and try waiting more than two hours before complaining. David [EMAIL PROTECTED] wrote: > Could someone explain the behaviour of the following code fragments. I have a > serious problem with db-statements. > > ## > ## > > >>require_once "DB.php"; >>require_once "knowledge.inc"; >>require_once "template-new.inc"; >> >> >>function setupQuery($search_eb) >>{ >> // Show the wines stocked at the winestore that match >> // the search criteria >> >> $query = "SELECT * >> FROM knowledge_db >> WHERE MATCH (autor,problem) AGAINST ('$search_eb') >> OR id = ('$search_eb') >> OR autor = ('$search_eb') >> OR stichwort = ('$search_eb') >> OR date_new = ('$search_eb') >> OR anlage = ('$search_eb')"; >> >> // Add region_name restriction if they've selected anything >> >> //$query .= "ORDER BY data_new"; >> return ($query); >>} >> >>error_reporting(E_ALL); >> >> >>// Show the user the knowledge that match their query >>function showKnowledges($connection, &$template) >>{ >> >> >> // Produce a heading for the top of the page >> >> global $dsn; >> >> >> $template->setCurrentBlock(); >> >> $template->setVariable("SUCH-KRITERIUM","Such-Kriterium: >> {$_SESSION["searchFormVars"]["search_eb"]}"); >> >> $browseString = "search_eb=" . >> urlencode($_SESSION["searchFormVars"]["search_eb"]); >> >> $search = ($_SESSION["searchFormVars"]["search_eb"]); >> >> $link = mysql_connect("localhost", "root", "040573"); >> >> $template->parseCurrentBlock(); >> >> >> >>mysql_select_db("knowledge", $link); >> >>// Encode the search parameters for embedding in links to other pages >>// $connection = DB::connect($dsn, true); >>$query = setupQuery($_SESSION["searchFormVars"]["search_eb"]); >>//$result = $connection->query($query); >>//var_dump ($query); >>[EMAIL PROTECTED]($query); >> >>... >> > > ### > ## > ##why I could not use the DB statement $result = $connection->query($query) > instead of the mysql statement [EMAIL PROTECTED]($query); Further on, the > same situation appears in the code, which ##looks like: > >> >> for ( $rowCounter = 0; >>($rowCounter < SEARCH_ROWS) && >>(( $rowCounter + $_SESSION["searchFormVars"]["offset"]) < >> mysql_num_rows($result)) && >>($row = mysql_fetch_array($result)); >> //($row >> =mysql_fetch_row($_SESSION["searchFormVars"]["offset"]+$rowCounter)); >> // ($row = & $result->fetchRow(DB_FETCHMODE_ASSOC, >> $_SESSION["searchFormVars"]["offset"]+$rowCounter)); >> $rowCounter++) >> > > # > > ## > ## > ## I could not use the DB statement ($row = & > $result->fetchRow(DB_FETCHMODE_ASSOC, > $_SESSION["searchFormVars"]["offset"]+$rowCounter)); > ## instead of the mysql code ($row = mysql_fetch_array($result)). But in > that case, there is not the same meaning between the msyql and DB statement. > However, I need the DB assignation for ## faultless work. What can I do? > > > >>best reagards, Georg >> >> > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CLI - php shell script worked under php4, breaks under php5
[EMAIL PROTECTED] wrote: > A while back I wrote a little read-eval-print loop that essentially > constituted a very basic php shell: > > http://weston.canncentral.org/misc/phpsh.txt > > This has almost always run fine for me with the cgi versions of php 4, and > often proves to be a great help in quickly testing various snippets of code. > > However, I just recently tried to use this with PHP 5.1.2, and found that it > doesn't work. Specifically, it seems to wait for input to be typed without > issuing a prompt. Upon entering a line, there's no response, until one > presses ctrl-d. At this point, it throws a parse error: > > syntax error, unexpected ')' in phpsh5(23): eval()'d code on line 1 > > regardless of whether or not there are in fact any unmatched parenths (or any > parenths at all) on the entered line. And it apparently doesn't execute any > of the code at all until one enters "exit" as a command. > > I've tried switching from /dev/stdin to php://stdin, tried adding -f or -a to > the processing options nothing seems to make a difference. I also tried > removing my "_readln()" function, and simple entering a default expression. > This produces the expected (if repetetive and ultimately practically useless) > results, so I assume it's something in my _readln() function that throws it > off. > > Any ideas how to get this to work with PHP 5? > Works for me, PHP 5.1.4. Prehaps you have some kind of output buffering enabled. Using the -n command line switch will disable your php.ini which should stop anything like that. The syntax error you are getting is caused by not entering any input. Your line 23 becomes: $returnval = eval("return();"); Return expects some value to be provided, hence the syntax error. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Fails to enable dynamic library support
>From the dl page of the manual, "Note: dl() is not supported in multithreaded Web servers..." By passing the --enable-maintainer-zts flag you are forcing PHP into running in multithreaded mode. David Artzi, Yoav (Yoav) wrote: > In my phpinfo() I get (under standard): > Dynamic Library support not available > > I can't seem to get PHP to be configured to allow dynamic libraries. My > php.ini is: > enable_dl="1" > extension_dir="/usr/local/lib/php/extensions/no-debug-zts-20050922/" > extension=logmanager.so > > And myconfigure line is: > './configure' '--host=powerpc-wrs-linux-gnu' '--build=i686-linux' > '--prefix=/usr/local' '--enable-releasemode' '--enable-xml' > '--cache-file=config.cache' '--enable-libxml' > '--with-libxml-dir=/home/artzi/work/down/temp/target/usr/local' > '--disable-simplexml' '--enable-dom' '--enable-soap' '--with-db' > '--enable-memory-limit' '--disable-safe-mode' '--enable-sockets' > '--enable-track-vars' '--enable-trans-sid' '--enable-magic-quotes' > '--enable-inline-optimization' '--without-pear' '--disable-all' > '--disable-shared' '--enable-static' '--disable-ipv6' '--disable-wddx' > '--disable-bcmath' '--disable-debug' '--disable-calendar' > '--disable-ftp' '--with-zlib' '--with-exec-dir=/usr/local/appweb' > '--sysconfdir=/usr/local/appweb' '--with-gnu-ld' '--with-openssl=/usr' > '--without-aolserver' '--without-apache' '--without-continuity' > '--without-pi3web' '--enable-mbstring' '--disable-mbregex' > '--enable-session' '--enable-pcntl' '--enable-pdo' '--with-pdo-sqlite' > '--with-pcre-regex' '--enable-spl' '--enable-tokenizer' > '--disable-rpath' > '--with-snmp=/home/artzi/work/down/temp/target/usr/local' > '--enable-ctype' '--with-ctype' '--with-tsrm-pthreads' > '--enable-threadsafe' '--enable-maintainer-zts' '--enable-embed=shared' > '--enable-cgi' '--enable-cli' > > > I can't seem to understand where I go wrong. Obviously something is > wrong, but what? > > Thanks, > > Yoav. > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] sort multidimension array
Examine your function for the case of cmpcountry("Thailand", ""); if($country2 == '') is true if($country1 < $country2) is false Then ($country1 < $country2) is false again and 1 is returned. This means that "" is less than "Thailand", and should be sorted higher. The easiest way to fix this is actually to remove the inner ifs in both your if blocks, they are not necessary. The second if block should also return -1. David weetat wrote: > Hi all, > > I have multi-arrays as shown below: > I implemented usort() to sort the array by 'country' field in the array. > However there some empty string value in the array and i setup my > cmpcountry() function to sort array, however , some country empty string > value are sort first . > > Any ideas what happen in the cmpcountry() function ? > > The result of sort array below is : > >Singapore >Singapore >Thailand >'' >Thailand >'' >'' >Malaysia >Phillipines > > > function cmpcountry($a, $b) > { > > $country1 = $a['country']; > $country2 = $b['country']; > > if($country1 == ''){ > if($country1 < $country2){ > return 1; > } > } > > if($country2 == '') { > if($country1 < $country2){ > return 1; > } > } > > return ($country1 < $country2) ? -1 : 1; > } > > usort($arraytest,"cmpcountry"); > > $arraytest= array( > array > ( > 'country' => 'Thailand', > 'city' => 'Z' > ) > , > array > ( > 'country' => 'Thailand', > 'city' => 'M' > ) > , > array > ( > 'country' => 'Singapore', > 'city' => 'G' > ) > , > array > ( > 'country' => 'Singapore', > 'city' => 'B' > ) > , > array > ( > 'country' => '', > 'city' => 'U' > ) > , > array > ( > 'country' => '', > 'city' => 'Y' > ) > , > array > ( > 'country' => '', > 'city' => 'J' > ) > > ); > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] For Loop
Are you sure that you don't want an array? Arrays are normally much better for this type of thing. That said, ${"p{$i}name"} = 'foo'; David Albert Padley wrote: > I have a regular for loop - for($i=1; $i<100; $i++) > > Within the loop I need to create variables named: > > $p1name; > $p2name; > $p3name; > etc. > > The integer portion of each variable name needs to be the value of $i. > > I can't seem to get my syntax correct? > > Can someone point me in the right direction? > > Thanks. > > Albert Padley > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Session
James Nunnerley wrote: > ... > > It works a treat, however what I want to understand is how the session is > kept relevant to that particular user's session - mainly because my boss > wants to check there's no security implication. > > ... > The session is stored on the server, typically in a file in /tmp. This gives the additional security needed for your type of application because the data is never directly seen by the user. The link to the user is provided by a variable, typically stored as a cookie though it can be passed via GET if cookies are disabled. The variable contains a random string which links to the temporary session file. All the handling of the session, retrieving the data etc. is done by PHP for you. An example of this in practice: The first page starts a session, setting $_SESSION['foo'] = 'bar'; A cookie is created in the header, setting the variable PHPSESSION = '232323'; At the end of the request a file /tmp/sess_232323 is created, this contains a slight variant of serialize($_SESSION); The second page starts a session, php grabs $_COOKIE['PHPSESSION'] and looks up the file /tmp/sess_232323, reading in the data. You can now access $_SESSION['foo']. The above is slightly simplified but it gives you a good idea of what happens and some of the security risks that remain. Most of the fixed strings I used above are configurable including the variable used in the cookie, the timeout for the cookie, the location of the session files, the starting bit of the session file and how quickly the server side session files are deleted. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] GET, POST, REQUEST
I don't think that using request over post adds anything in the way of security, at the most it's going to delay an attacker for up to a minute. I advocate using request if it's convenient, it can also open a few nice tricks for advanced users. Using request allows me to bookmark a login page, so hitting the bookmark will log me in and take me straight to the main page. Passing data through get instead of post is not necessarily a malicious attack. David Ben Ramsey wrote: > On 6/17/06 3:07 PM, Anthony Ettinger wrote: > >> it's more like painting the color of your front door, but still >> leaving it unlocked. It doesn't change the fact that people can still >> open the door. >> >> every input field needs to be validated regardless of get vs. post. >> the web developer toolbar for firefox can easily convert all form >> fields to one or the other, so it's trivial to send a get request as >> post, and vice-versa. >> > > Which is why, if you read the last paragraph of my post, it said that > there are two things you must do: 1) always check the origin of the > input and 2) always filter (validate) the input. > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] GET, POST, REQUEST
Martin Marques wrote: > Yesterday when reading some doc on PHP I noticed the $_REQUEST > predefined array, which looked like a solution to having to check in GET > and POST data (I'm not sure if it will really have an impact on my > program yet). Yes, request is simply a merge of these arrays. It can be very useful and tends to be rather under used in PHP examples. > > The thing is, I also saw this description: > > Variables provided to the script via the GET, POST, and COOKIE input > mechanisms, and which therefore cannot be trusted. > > Now, why shouldn't it be trusted? > No user data should be trusted. It's possible for the user to provide absolutely anything in these variables and unless you check it, you have no idea what you have actually received. This covers everything provided from the user, get, post and cookie variables, $_REQUEST as an amalgamation of these three should be equally untrusted. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Help with some clever bit operations
The example starting values $existing = 181; # = 10110101 $new = 92; # = 01011100 $mask = 15; # = Get the bits that will be changed $changing = $new & $mask; # = 12 = 1100 Get the bits that won't be changed $staying = $existing & ~$mask; # = 176 = 1011 Combine them together $result = $changing ^ $staying; # = 188 = 1000 David Niels wrote: > Hi, > > I have a problem I can solve with some loops and if-thens, but I'm sure it > can be done with bit operations -- that would be prettier. I've tried to > work it out on paper, but I keep missing the final solution. Maybe I'm > missing something obvious... > > The problem: A function tries to update an existing value, but is only > allowed to write certain bits. > > There are 3 variables: > A: the existing value, eg. 10110101 > B: what the function wants to write, eg. 01011100 > C: which bits the function is allowed to write, eg. > > With these examples, 1000 should be written. > > How do I combine A, B and C to get that result? > > > Thanks, > Niels > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] substring with numric values
Jonas Rosling wrote: > Is there any easy way to "trim" or pick out the none decimal values in a > [numeric] value? Like: > > 1,333 = 1 > 5,667 = 5 > 12,145 = 12 > 15,997 = 15 $variable = "1,333"; $trimmed = (int)$variable; # = 1 David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HTTP HEADERS
kartikay malhotra wrote: > Hi all! > > I use HTTP POST to upload a file. I've a PHP script running on the server. > Are HTTP headers passed with this request? How can I see the headers passed > to the server? Headers are passed by the client and server with every request. The Firefox Tamper Data extension shows the headers being sent and allows you to modify them on the fly. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP, Javascript, and Forms
Beauford wrote: > Hi, > > I have a form with about 20 fields in it and have two drop down menus in > which the second one changes depending on the previous one. This is done > with a javascript which reloads the page. > > The problem with this is that everything the user has put in so far gets > erased when the page reloads. I am using PHP sessions, but at this point > these fields are not saved yet. > > Is there a way to do this using sessions, or some other PHP function. All > the javascript I've looked at reloads the page. > Javascript can do this easily, you set up your variable content section in a div. Then use div.innerHTML = newcontent. Only the content of the div will change. Searching for innerHTML should give you a few tutorials and full examples. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] calling JS function from php
suresh kumar wrote: > I am facing one problem in my project.I am trying to call a javascript > function from php.but it not executing.this is my code. > This is not a php problem, php produces a text file which is interpreted by the browser as html and javascript. Have a look at your html/javascript (view source) and figure out the problem. The use of php is completely incidental. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going through 2 arrays at once
Pavleck, Jeremy D. wrote: > how do I go through 2 arrays at > once with different keys? > > for ( $i = 0; $i < sizeof($logicalDrive); $i++) { > echo "$arrLogDrive[$i]\n"; > } > > for (reset($logicalDrive); $i = key($logicalDrive); next($logicalDrive)) > { > echo "$i: $logicalDrive[$i]\n"; > } The slight complication here is that you are iterating through an indexed and an associative array. There are two easy solutions, building on each of the above loops. As you don't care about the key of the second array you can convert it to an indexed array using array_values(). $logicalDrive_indexed = array_values($logicalDrive); for($i=0; $i\n"; } Alternatively the next() function works for indexed arrays. for(reset($arrLogDrive), reset($logicalDrive); current($arrLogDrive)!==false && current($logicalDrive)!==false; next($arrLogDrive), next($logicalDrive)) { echo current($arrLogDrive).": ".current($logicalDrive)."\n"; } The second approach will have problems if either of the arrays contain the value false. Personally I would use the first loop. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Parsing images
Robert Cummings wrote: > On Thu, 2006-05-11 at 13:48, tedd wrote: > >>At 12:11 PM -0400 5/11/06, Robert Cummings wrote: >> >>>On Thu, 2006-05-11 at 11:47, tedd wrote: >>> At 9:28 AM +0300 5/11/06, Dotan Cohen wrote: >Hey all, it is possible to parse capcha's in php? I'm not asking how >to do it, nor have I any need, it's just something that I was >discussing with a friend. My stand was that ImageMagik could crack >them. She says no way. What are your opinions? > >Thanks. > >Dotan Cohen >http://what-is-what.com >>> >>> > Of course -- it's trivial. >>> All images can be broken down into signals and analyzed as such. If you have any coherent data, it will show up. If it has to conform to glyphs, it most certainly can be identified. You want something that's not trivial, take a look at medical imaging and analysis thereof. >>> >>>Extracting passcodes from captcha text is not what I'd call trivial. >>>It's one thing to pull trends out of an image, it's quite another to >>>know that a curvy line is the morphed vertical base of the capital >>>letter T. Similarly knowing that the intensity of red in an area is >>>related to the existence of some radioacive tracer agent, isn't quite >>>the same as knowing that the curvy letter T might be red, yellow, green, >>>yellow blended to green,. etc etc. The human eye and brain are amazing >>>accomplishments, and while someday we may match their ability in code, I >>>don't think it's this year. >> >>We've been doing edge detection, noise suppression, data analysis, >>and OCR for over 30 years. While it may not be obvious, it's still >>trivial in the overall scheme of things. The bleeding edge is far >>beyond this technology. > > > Edge detection, noise suppression, and data analysis don't quite equate > to recognition. Also 30 years of OCR still requires that the sample be > good quality and conform to fairly detectable patterns. If this is so > trivial, I await the release of your captcha parser. The spammers would > probably pay you millions for it. Where exactly is this bleeding edge, > and where can I read more about it? I think you're quite wholeheartedly > being naive about the complexity of visual recognition. Prove me wrong. I also agree most are breakable. I've done a very small amount of character recognition processing and most of the captcha's I've seen would be breakable. The ones that look hard such as the bugs.php.net captcha, I end up getting wrong about 1/3rd of the time. There is a substantial difference between standard OCR and captcha breaking. With OCR you need to get it right 99% of the time, with a captcha if you can get it one time in 1000 you can still get into a website several times a second. Really though, there are easier ways to do it. My favorite story was a small free porn site that required you to enter a captcha to get in. They were taking the captcha's they needed to break and getting horny teenagers to do the recognition phase for them. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] sorting troubles
William Stokes wrote: > Hello, > > Any idea how to sort this? > > I have a column in DB that contains this kind of data, > A20,B16,B17C14,C15,D13,D12 etc. > > I would like to print this data to a page and sort it ascending by the > letter an descending by the number. Can this be done? PHP has the usort() function which allows you to sort by another function. This allows you to very neatly sort by virtually any criteria. I knocked up a fairly simple function to do the sort that you described. The format for the comparison function is in the usort() documentation as well as several examples. $b{0}) return 1; elseif($a{0} < $b{0}) return -1; else { $a_num = substr($a, 1); $b_num = substr($b, 1); if($a_num > $b_num) return -1; elseif($a_num < $b_num) return 1; else return 0; } } $arr = explode(',', 'A20,B16,B17,C14,C15,D13,D12'); print_r($arr); usort($arr, 'weird_comparison'); print_r($arr); ?> David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php newbie having trouble going to list page
David Doonan wrote: > I'm having trouble getting the correct results on a list page. > > The first query is pulling the name of active authors from the d/b and > linking to a list page that is supposed to return essay titles by the > requested author. The list page however is displaying essay titles by > all authors. > > No doubt something is wrong with the where clause in the List page > query. I've tried countless variations on the syntax for Author.ID = > Author.ID without success. > > Sorry for so basic a question. > > - > author page query = > > $query_GetAuthors = "SELECT Distinct Author.Autholr_Name, Author.ID, > Writings.Writings_Author FROM Author, Writings > WHERE Author.Autholr_Name = Writings.Writings_Author and >Author.ID = Author.ID"; > ... > > author page link = > $row_GetAuthors['Autholr_Name']; ?> > > > - > List page query = > > $query_GetAuthorList = "SELECT Writings.Writings_Author, > Writings.Writings_Title, DATE_FORMAT(Writings_Date, '%M %D, %Y') as > Writings_Date, Writings.Writings_Text, Writings.ID, > Author.Autholr_Name, Author.ID FROM Writings, Author > WHERE Writings.ID = Writings.ID AND > Author.Autholr_Name = Writings.Writings_Author AND > Author.ID = Author.ID > ORDER BY Writings.Writings_Date desc"; > ... Nowhere in your query are you actually specifying which author you want to get results for. You need to use the variable passed to the page as part of the query. Try adding something like the following to your where block. "Author.ID = ".mysql_real_escape_string($_GET['ID']) David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Best Way to Pass Variables between PHP files
Alan Schneider wrote: > I tired sending via name-value pairs with the following but it did not work > > require (DIR_WS_INCLUDES . 'filenames.php?lv_user_id=$user_id'); > > "DIR_WS_INCLUDES" is a defined constant and filenames.php is NOT a web page; > just a php file that sets the file names to be used in the application. > > Is there a way I can do it with include or require? > Include and require files share the same variable space as the parent file. You can think of it as being the same as copy & pasting the text directly into the same file. Hence, $user_id is available in filenames.php, just call as you would in the parent file. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Magic quotes good or Bad?
Angelo Zanetti wrote: > Hi guys. > ... So on my live server should I enable > magic_quotes_gpc or should I use addslashes() and stripslashes()? > > Thanks in advance. In addition to all the other replies saying that magic quotes are evil which I completely agree with, it should also be noted that magic quotes has been removed from PHP 6. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Here is a silly question
I put all the generic include files such as the header and menu in their own directory. Then I put that directory in the include_path ini variable. I would normally set it in the virtualhost file but .htaccess should work as well, you can even set it in the script. This means I can simply include the file using: David Mace Eliason wrote: > Hi, > > This is come thing that I have struggled with now and again. I usaually > us php code to make it work, but was wondering how others deal with this > > I use includes in most of the web applications that I work on to include > the header, footer, menu etc. > > The problem that I always run into as a project gets bigger is my links > to pages. If all the files are in the root directory theres no problem. > > If I have some files in a folder and call my menu for example include("../menu.php"); ?> I have to call if from the parent > directory. But then of course > all the links are wrong. Root becomes the calling directory. > > I usually use a php variable to place the ../ if its needed. > > How does everyone else deal with this type of problem. I have a times > places an extra copy of the footer, menu, header etc in each directory > but it is a pain to change links > when you have multiple locations to do it in. > > Thanks for any suggestions. > > I would be nice to have a simple way to have my include files in a > common place that works and keeps the links right. > > Scandog > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Three quickies anyone?
Ryan A wrote: > ... > 1. > I start my CLI scripts with: > #!/usr/local/etc/php > > as thats the path on my machine... the problem is some of these scripts will > have to be installed on clients machines by them... any easy way for them > to find out whats the path PHP is installed on their machine? (this q is > more of a doubt really) > > is it the same as $_SERVER["include_path"] > I don't think I even have a $_SERVER["include_path"], I certainly wouldn't count on it pointing to the php binary. As another user pointed out, `which php` is probably the safest way. If you are concerned about a simple method for clients, a quick bash script which finds php and adds the appropriate line to the top of the file would be simple. Getting them to install a webpage to find out where the php binary is seems excessive. > > 2. > This ones more of an Apache question but related to my php script and I > think its safe to assume everyone on this list has worked with Apache and > some have a ing good understanding of the server. > > Basically I am trying to pipe some data into my php script by adding this to > my .htaccess file: > CustomLog "| /home/petpass/public_html/test/testing.php" > > but it gives me an error as I try to access the directory where the > .htaccess file is in > > it works perfectly fine when/if I add the exact same directive in my > httpd.conf file though so, does the format need to be changed in some > way to add it to my .htaccess file or is it simply not allowed in the > htaccess file? > The logging directives including CustomLog can't be set in the .htaccess file. You can set it in the server config or in a virtual host config. > > > 3. > This should be a rather simple question but I just confused myself after > reading/searching google (i do that to myself sometimes, totally > unintentional really) > Can I run CLI/Shell scripts > eg: scripts that began with the #! > on machines that have PHP loaded as a CGI and as a module or only as a CGI > or only as a module? > You can use the CGI executable to execute shell scripts however you will get http headers like Content-type: and HTML versions of output from a few functions such as phpinfo. You can't execute scripts using the Apache module. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Will PHP6 have threads (yet)?
Daevid Vincent wrote: > It would be fantastic if PHP 6 was multi-threaded so you could spin threads > to do simultaneous tasks. Is there any plans for this? I think that this was last dicussed in December http://www.zend.com/zend/week/week266.php#Heading5, the conclusion was no. For simultaneous tasks you can use process control via pcntl_fork(). > > It would also be great if you could exec() or system() a program to run > without blocking on a return. Sometimes I just want some other task to > happen independantly without waiting (for example, call a program that *IS* > threaded). This isn't multithreading, this is using a background process. You can do this using system() or exec() with the standard shell backgrounding &. I assume you have to do it differently in windows. You could also try pcntl_exec(). > > Many other languages including JAVA, Perl, Python and Ruby are all > multi-threaded, and it's a continuing source of frustration that PHP isn't. > Different tools are for different jobs. If you are trying to write a listen server that creates threads to handle incoming requests or something similar, I'd recomend not using PHP. For a webpage, threads typically aren't required. David Tulloh -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie security concerns
>> >> If this is the value directly from the cookie, it's an example of a >> cross-site scripting (XSS) vulnerability. >> >>> header("Location: $HTTP_REFERER"); >> >> >> This is an HTTP response splitting vulnerability, because the Referer >> header (like the Cookie header) is provided by the client. Future >> versions of PHP will not allow more than one header per header() call, >> but this has been possible until now. >> >> >>> 3. If so, what do I do to correct this? >> >> >> Don't trust any input without inspecting it first. In your case, this >> is particularly easy, because you can just make sure that the value is >> one of the few valid values. >> >> Hope that helps. >> >> Chris > > > Chris: > > Yes, it helps and I thank you for your comments. > > Your question: "It's not entirely clear from this example, but am I > correct in assuming that $thestyle is the same as $_COOKIE['thestyle'] > in this case? In other words, are you relying on register_globals or > assigning the value yourself?" > > The example is here: > > http://www.sperling.com/examples/styleswitch/ > > The complete php code (i.e., switch.php) is: > >setcookie ('thestyle', $set, time()+31536000, '/', '', 0); >header("Location: $HTTP_REFERER"); >?> > > And the value is assigned by the user via a click: > >Green or href="switch.php?set=style1">Red > > And, the style sheet is determined by: > > > > As such, I am expecting the user to provide the value of 'thestyle' via > his choice. > > However, let's say a malicious user would try to do something -- what > could he actually do? The user could insert arbitary HTML where you have the variable. For example they could insert: style1.css">...http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP + MMS Live Streaming + Protect URL.
It's a fairly standard authentication problem. I would solve it by using sessions. In the page and video stream start by checking for an authenticated flag in the session array. If the flag is present, display the content. If not, show a login page. When they login, set the authenticated flag and redirect them back to their original page. As you want to have people copy and paste the url, make sure that you set the use_only_cookies flag in the php config. Otherwise the session id may be part of the URL and defeat your authentication. David Gentil de Bortoli Júnior wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hello, guys. > > I have a little problem here and I would like to know if you > have any idea about how to handle it. > > I have an URL which is streaming a live TV channel and I need to > implement, using PHP, some kind of validation to allow that only > one person (login) watch it. I mean, multiple logins are not allowed. > > So far, so good. > > My problem is that the URL can be copied and pasted. I'm trying to > figure it out how to hide and/or protect this URL to permit only > logged in people can see the streaming. > > Do you have any idea? > > Thanks in advance and excuse me about my English. > > - -- > Gentil de Bortoli Júnior > Chave GPG: http://gentil.bortoli.com.br/gpg > > "There Is No Gene For The Human Spirit" > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.2 (GNU/Linux) > > iD8DBQFEEDUDR/xCJbtXupkRAnp8AJsHqC9QKWGEY/UEYf7eexyO719msACdEJJ1 > 93swUZjs1RZlpgmDpotXh5k= > =/Mqa > -END PGP SIGNATURE- > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Expiring other resources with HTTP headers
I don't think you can expire another file, I would consider any ability to do so a bug in the browser. Someone with too much time on their hands could possibly turn something like that into a security risk. I would solve the changing javascript problem by subtly altering the pages that use the javascript file. A web browser will recognise menu.js, menu.js?ver=1 and menu.js?ver=2 as different pages. You can use this for your application by including menu.js?ver=$ver in each of your pages. When the menu is modified and regenerated, increment $ver. Every client will refetch menu.js as it views it as a different file. David William Lovaton wrote: > Hello everybody, > > I write here to find out if this is possible: > > I want to expire an static file in the web browser through an HTTP > header (Expires, Cache-Control or something else) sent from a PHP > program. The usual thing is that those headers apply only to the > program or file sending those headers, what I want is that a program > sends those headers to affect a different file in the browser cache. > > In more detail, My web app generates a JavaScript file from the > information stored in the database, that file represents the user menu > and it is what the user sees in the web browser. Now, through an apache > directive I set expiration times for several kinds of static resources > so the web server doesn't get slash dotted with lots of unnecessary > requests (this is a web app with lots of traffic). > > Although the JavaScript files are generated from PHP, it is seen as > static content from the web browser POV. Right now I have set the > expiration time for the menu files to 20 minutes. But let's say an > admin user change the permissions of a user and the affected user hits a > link that says "Regenerate menu". What will happen is that the > JavaScript file will be regenerated on the web server but there is a > chance that the browser won't see the change because the file is still > valid in the cache. > > I know I could reduce the expiration time to reduce this problem but > most of the time those files do not change. What can I do to notify the > web browser that the file in the cache is no longer valid? > > I hope there is enough information here and that somebody can give me a > hint in the right direction. > > Thanks, > > -William > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Linux distributions and tools for Linux/Apache/PHP/MySQL dev
Curt Zirzow wrote: > On Sat, Feb 25, 2006 at 01:41:06PM -0900, Chris Lott wrote: > >>I'm making the switch from Windows to Linux for mydesktop and >>development environment and would greatly appreciate suggestions for >>development tools on this platform. Ubuntu seems to be getting all the >>press, but suggestions about Linux distributions are welcome as well! > Basically what everyone else has said... they all work basically the same, it's just personal preference. I've tried a few and personally find Debian the best, I run screaming from anything that uses rpms. > > Before I get into what distib to use there are a few things i'd > like to point out: > > 1) Avoid using the packaging system the OS provides for the > developement server. If you do, you will be under the control > of the OS for your choice of versions of webserver, db server, > php, or any dependency that is needed for those. > I would consider the above to be the worst advice you could possibly give someone starting out in Linux land. The easiest, nastiest and most confusing way to screw up your linux install is to start manually installing packages. I killed my first install and nearly my second before I learnt my lesson. Dependancy hell is the reason why package management systems exist, to compile php5 on a fairly clean debian install I would need to install roughly 130 packages, there is no way that I'm going to try to do that by hand. When one of my friends starts using linux I give tell them to never do a manual install. You stick with the packages supplied or go with unofficial packages like debian backports. Compiling packages has it's place, many of my computers have a manually compiled PHP, but it's definantly not something to do on a first date. I also use the package manager to get all the dependancies (apt-get build-dep php5) and all the related programs such as apache and postgres. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How secure is this?
Your example fails for me, Firefox and Mozilla. The rpc.php file doesn't seem to return anything. To answer your question though, a bot is capable of getting anything that a human can, probably more. It's all a question of effort. As the email scrapers get plenty of hits looking for standard email addresses, they don't put much effort into getting addresses from people who try to hide them (people who hide them are also less likely to fall for spam). In the current environment, I don't think any bot is going to bother running javascript, so any obstuftication using javascript should be safe. David tedd wrote: Hi gang: A few days ago I posted my first attempt ajax. I posed the question "Could a bot find my email address contained within the code?" There was some discussion, but I wasn't sure as to what the decision was, so I made another example, which can be found at: http://www.xn--ovg.com/aja How secure is this from bots? Could a bot (or anyone) get to my email address via the code? Of course, you can read my email address by looking at the site, but I think I've hidden the code well enough from bots -- am I wrong? And if so, how would a bot, or anyone for that matter, find it? Thanks for looking and any suggestions you may have. tedd PS: This site works for: Opera 8.5+, Safari, Netscape 7.2+, Mozillia 1.6+, FireFox 1.0.7+, Konqueror 3.4.0+, and IE 5+ (except Mac) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php 4 v php 5
tedd wrote: > Hi: > > Curt. said: > >> PHP 4.4.2 - Released Jan 13 2006 >> php 5.1.2 - Released Jan 12 2006 >> PHP 5.0.5 - Released Sept 6 2005 >> >> I wouldn't expect any more releases of 5.0.x version. > > > Pardon my ignorance -- I have enough problems pounding out code to spend > time following what's happening at the higher levels. But, considering > the above statement, are there continuing development paths for both php > 4 and 5 independently? > > If so, what's the distinction between the two, oop? And if so, what > about non-oop stuff -- do they share common libraries, or what? > Generally, how does all of this fit together? > > Thanks. > > tedd > PHP 5.1 is the active development branch. 5.1.2 is the latest release of that branch. 4.4 and 5.0 are old branches, they are not actively being developed. Security and some bug fixes are applied to these branches, hence the recent releases. If you are developing new code, I'd recomend using 5.1. Some servers still use 4.4 and should probably be avoided. There's fairly substantial differences between 4 & 5 making upgrading an issue; I suspect the devs will get tired of patching up version 4 soon, making security an issue. David Tulloh -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] __call() and interfaces
I find __call() to be a nasty solution, particularily from a self-documenting code point of view. I personally only use call when the function names are defined at run time; as you clearly know the function names, I would be implementing them as normal functions. If there is a lot of repeated code, implement the repeated code in a private function. Each of your methods then does it's own unique thing, calling the private function for the common processing. This way you don't have any copy-paste code, you implement your Interface and your code is easy to read, understand and maintain. David Mike Pfaff wrote: > Hello World :) > > I need to write a class that implements a predefined interface. In my > class all(or most) methods will use the same code. At first i thought > the ideal solution would be to handle this by defining the magic > __call() method in my class, but PHP then complains about the interface > not being completely implemented. (Is there no way to tell PHP that the > methods are handled by __call()?) > > Options i see right now: > a) Just omit "implements SomeInterface" and PHP will stop complaining. > This would be suboptimal as i want my class to "officially" conform to > the standardized API which is defined in the interface. > b) Implement all methods and just copy-paste the code. I find this > rather ugly and it's a hassle to maintain. Is there a better solution > than copy-paste(Keep in mind that the methods vary in argument types, > argument counts and return value types)? > > Somehow neither a) nor b) seems "the right way" to do what i want, so i > would be glad to hear your opinions on this. I would also be interested > what the best solution would be from a performance point of view. > > Regards, > Mike > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] anyone care to explain the logic behind this output ....
(Don't you hate it when people forget to post back to the list...) The secret is actually hidden in the docs, http://php.net/manual/en/language.operators.comparison.php When comparing $a < $b, you compare the first value of $a (0) to the value with the same key in $b (1). 0 < 1 --> true When you compare $b < $a, the first value of $b is 0, with a key of 1. The value in $a is 1, 0 < 1 --> true The discussion on php-dev, where you found this example, reveals that PHP makes the assumption that $a > $b == $b < $a. This means that they can reuse the less than function for greater than calls. In this case the assumption isn't actually valid. $a > $b should be 0 > 1 --> false. David Jochem Maas wrote: > THIS CODE > > > php -r ' > $a = array(0, 1); > $b = array(1 => 0, 0 => 1); > var_dump($a < $b); // true > var_dump($a > $b); // true > var_dump($b < $a); > var_dump($b > $a); > > echo "\n\$a:\n"; var_dump((bool)$a, (int)$a, (string)$a, intval($a), > strval($a)); > echo "\n\$b:\n"; var_dump((bool)$b, (int)$b, (string)$b, intval($b), > strval($b)); > ' > > OUTPUTS (on php5.0.4): > > > bool(true) > bool(true) > bool(true) > bool(true) > > $a: > bool(true) > int(1) > string(5) "Array" > > $b: > bool(true) > int(1) > string(5) "Array" > > WHICH MEANS THAT: > > > one the one hand $a is greater than AND less than $b > but on the other hand casting $a OR $b to either a boolean, > integer or string results in the exact same value. ie: > > php -r ' > $a = array(0, 1); $b = array(1 => 0, 0 => 1); > var_dump( ((($a > $b) === ($b > $a)) === ((int)$a === (int)$b)) ); // > WTF IT'S TRUE > ' > > weird? I think so - but then again I'd never test that array $a is > greater than array $b because this is meaningless to me (in what way is $a > greater - how is this quantified, what 'rules' determine 'greatness' in > this context?) > > PS - changing the $b array to something else (anything else as far as i > can tell) > causes the weirdness to not occur - which gives me the impression this > could be a bug, > anyone else get this impression? for instance try changing the second > line of > the code above to (merely switching the order or the defined array > elements): > > $b = array(0 => 1, 1 => 0); > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] REGEX query
I assume that the text inside can change around a fair bit. If the string is of a fixed with or simple format you can just use substr() and friends, it's simpler and faster. That said, there is really two approaches that I can see with this string. You can match on the spaces to extract the 'RV-6', something like '/\s\S+\s/' should do the trick, that pulls out some non-whitespace characters from between two whitespace characters, including the whitespace characters. Then just add the () on again afterwards. The other approach would be to use preg_replace to get rid of the \(EX\) portion by replacing it with an empty string. Personally I would probably use the first technique as I generally don't like using replace functions in this way. A pattern which should match is '/\\\(.*?\)\\/', the mess of \ is because \ ( and ) all need to be escaped with a \. David phplists wrote: > Hi, > > I'm still trying to get to grips with REGEX and have hit a hurdle with > the following: > > I have this bit of text: > (\(EX\) RV-6 ) > > I want to remove the '\(EX\)' part of it > so leaving just: ( RV-6 ) > > Any suggestions would be most appreciated. > > Thanks > Alexis > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Configure question
try using php_flag, php_admin_flag as some restrictions on which files it can be used in. David PHP wrote: > Hi, > I have php5 and apache2.2. > > In this directive: > > > php_admin_flag engine on > php_admin_flag register_globals on > php_admin_flag file_uploads on > AddType application/x-httpd-php .php .php4 .php3 .phtml > > the register globals and file uploads options are being ignored completely. > > I know the rest works, because if I take out either other line, it will > stop parsing php pages. > > Do those directive not work in php5 any more? > > Thanks. > > > > > No virus found in this outgoing message. > Checked by AVG Free Edition. > Version: 7.1.375 / Virus Database: 267.15.0/248 - Release Date: 2/1/2006 > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Passing Credentials
You want to use sessions, they allow you to store information such as login details between requests. Have a look at a simple tutorial, like this Zend one. http://www.zend.com/php/beginners/php101-10.php News1 wrote: > Rory, > > Thanks for the feedback -- I will try to be clearer. > > Yes, I want to login into a web page and from there get to another webpage. > > The webcams are on my network. I can access them directly; however, I would > like to create a page where several are visible at once. So, I would like > to be able to log into a "master" page, if you will, and from there be able > to access multiple webcam web pages from this "master" page. Right now I > can do it, but I have to authenticate for each webcam I access. Since I am > using authentication to access the "master" page, I would like to skip this > step for the webcams and be able to access them directly and automatically > pass the username/password credentials. > > Thanks again! I hope this is clearer. > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Counting files in directory and subdirectory!
That is some nasty code... Anything that has repitition like that needs a substantial rewrite, but I'm guessing that you know that, hence the e-mail. I just knocked up the following function, powered by the magic of recursion. It should be close to what you were trying to do. function count_files($path) { $number_of_files = 0; foreach(scandir($path) as $dir) { if($dir{0} == '.') continue; # Ignore hidden files if(is_dir($path.'/'.$dir)) $number_of_files += count_files($path.'/'.$dir); else $number_of_files++; } return $number_of_files; } echo count_files("amrs"); David Nicholas Couloute wrote: > here is what I tried but it doesn't work! any advice suggestions or > something? > > $count = 0; > $dir = "/amrs"; > $files1 = scandir($dir); > if ($files1 !== '.' && $files1 !== '..') { > foreach ($files1 as $files2){ > $dir2 = "/amrs/$files2"; > $files3 = scandir($dir2); > if ($files3 !== '.' && $files3 !== '..') { > foreach ($files3 as $files4){ > $dir3 = "/amrs/$files2/$files4"; > $files5 = scandir($dir3); > if ($files5 !== '.' && $files5 !== '..') { > foreach ($files5 as $files6){ > $count++; > } > } > } > } > } > } > echo "$count"; > ~Nick Couloute > co-owner/Web Designer > Sidekick2Music.Com > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Controling buffer: php/smarty or apache?
The browsers use a whole bunch of different ways to figure out how it should render the page and if it should do it on the fly or wait until the page is fully downloaded. Assuming the content you are testing is the same for the static and dynamic pages you should probably start looking for little things that may be different. From what I've read, adding extra column information to the table tag and making sure the doctype is correct so you don't end up in quirks mode are both large factors. Using 'wget ---save-headers' and 'diff' will help you find any small difference between the pages. David robert mena wrote: > Hi, > > I am facing a strange problem. My site, even tough designed to appear > quickly at user's browser, appears at "once". If I test the static HTML > version it starts to appear as downloaded If I test the php generated > version the page seems render as a whole. > > I am using smarty as a template and it seems to be related to a buffer > somewhere: php/smarty or apache. > > I've used microtime and from the begin of the php script until after the > smarty->display it takes from 0.05s (min) to 0.32s (max) > > Any tips of how can I figure out what is "slowing" down my site? > > tks > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Managing upload files in multiple servers(pawns)
Duncan Hill wrote: > > Use a shared file system such as NFS for upload storage. > ... > Shared storage is probably the better bet - perhaps with clever code that > tries a local disk first, then the shared storage if not found on local. If > found shared and not local, pull to local. > I think a shared file system is the way to go, but think that Intermezzo or Coda would be much better than NFS. They have the caching built in, including file change detection. They also don't have nasty timeout problems when the file server goes poof. (I've never used either in a production system) David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Function Overloading
PHP doesn't natively support function redefining. Functions with variable length arguments are a different ballgame in PHP. Have a look at func_num_args[1] and the other functions in the "Function handling" section of the manual. 1: http://php.net/func_num_args Labunski wrote: > "PHP does not support function overloading." > So, is there any other way of getting a number of parameters(variables) > passed to a function? > > aka. > function fruits($apple, $banana, $kiwi, $grape){ > > #should (somehow) output 4 > > } > > OK. if it was an array, than I could use count($array), but now I'm stuck! > > Thanks in advance! > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] http protocols defining what gets sent between web server and browser
I find the LiveHTTPHeaders extension for firefox to be very good for this kind of thing. http://livehttpheaders.mozdev.org/ It gives you a realistic (as opposed to theoretical) view of exactly what is being sent between the browser and the server. Networking details that you listed like the mac address are handled in the networking layer rather than by the browser, you probably also want to look up TCP/IP headers. David bruce wrote: hi... this might not be a php question but might still provide interest... I'm working on a project, and need to know if there's anyone who's a guru with Web Server/Client interactions. Basically, I'm trying to get a much better/deeper understanding of the HTTP protocols defining the information that is sent/transfered between the web server/client browser apps. I'm interested in understanding what the various information is that gets transfered between the apps, as well as understanding what information can be spoofed/altered on the client side, as it goes back to the server. I know you can get the querystring information from the get/put/request/etc... I'm more interested in any other information that gets transferred as potentially part of the header structure, like machine id, mac address, date/time, etc I'm interested in whether this can be spoofed/altered, and potentially rendered invalid by a 'man in the middle' type of attack. Searching google isn't getting me what i really want!! So, if you have the skills/expertise in this area, and you're willing to talk to me for a few minutes, I'd appreciate it. As stated, the underlying reason for the questions is to get a better understanding of 'man in the middle attacks' as this applies to web server apps. Thanks bruce [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Regex for balanced brackets?
I think you are doing it wrong, though reading other people's regex easily is a skill I lack. It is however very possible. The php manual has a section on recursive regex where it explains how to solve the bracket problem. http://php.net/manual/en/reference.pcre.pattern.syntax.php#regexp.reference.recursive I think of recursive regex as creating goto loops, with all the power and problems that come with it. You will also have to enable the multiline flag for your test data. David Jeffrey Sambells wrote: I came across this method of matching brackets with regex in .NET http://puzzleware.net/blogs/archive/2005/08/13/22.aspx but I am wondering if it is possible to do the same in PHP? I've tried it a bit but I can't seem to get it to work properly. I'm just wondering if I am doing something wrong or if it is just not possible. Thanks. here is the code I was playing with: [^{}]+ | \{ (?P) | \} (?P<-DEPTH>) )* (?(DEPTH)(?!)) \} PATTERN; $subject = << - Jeff -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] better way to mix html and php code?
Curt Zirzow wrote: > On Wed, Nov 16, 2005 at 10:12:53AM -0600, [EMAIL PROTECTED] wrote: > >>Hi to all, >>always wondered what's better way to mix html and php code. Here are >>three "ways" of the same code. Which one you prefer? (And why, of caurse :)) >> Personally, I present solution 2b. I also don't like the idea of a(nother) templating language either. When doing html like this I also like using short tags because it looks better and the colon syntax for ifs as I find it easier for non-programmers and easier to follow in large blocks of html. That should be enough to get everyone here screaming. I would also wrap this file inside a layout script and/or use prepend and append files. Depending on the overall use I'd consider pushing some of it into another file. There is too much php code in there at the moment. David Solution 2b: :: [ Add New Product ] » [ ] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Output_Buffer problem
The documentation[1] lists output_buffering as changeable PERDIR. This means you can't set it in the file. Instead you should look into setting it in the apache .htaccess file. 1: http://php.net/manual/en/ref.outcontrol.php Todd Cary wrote: > My client has switched to a shared server, so direct access to the > php.ini is not availble. Our calendar program expects to have > output_buffering set to On ("1"). > > Currently, I get the expected error of > > Warning: Cannot modify header information - headers already sent by > (output started at > /home/content/s/f/y/sfycadmin/html/php/calendar/private/ltw_config.php:375) > in > /home/content/s/f/y/sfycadmin/html/php/calendar/private/ltwdisplaymonth.php > on line 283 > > At the top of ltwdisplaymonth.php, I tried ini_set(output_buffering, > "1"), but that does not appear to have an effect. > > Have I missed something? > > Todd > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] protect password?
Richard Lynch wrote: On Fri, November 4, 2005 5:44 pm, Pablo Gosse wrote: By setting the file readable only by root this problem is completely eliminated. Unless a hacker has the root password, they will not be able to compromise the information in this file. This is how I understand it, at least. If Chris reads this perhaps he can confirm this for me? If only 'root' can read the file, and PHP can read the file (IE, your script still works) then you have HUGE problems, because your PHP script, and all of Apache, is running as 'root'... I think you've missed the trick of the method. The file is included into the Apache config, not into php. So Apache reads the file before it lowers itself to the http user. This means that PHP can't read the file, but it can still get the information via Apache. Further, the file doesn't have to be readable only by root, just not readable by the http user. So owning the file personally and putting -rw--- permissions on it should be sufficient, and achievable on a shared host. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP from the command line
Many linux distributions use a different php config file for the apache and cli versions. Using two different configurations might explain the problems you are seeing. David Robbert van Andel wrote: I run a linux webserver with Apache and PHP5. Does anyone out there know why a php script would work from the command line but fail when running it through a web browser? In particular, I'm trying to get a connection to an MSSQL server but PHP fails to connect when I run the script with a web browser. My regular scripts (i.e. ones without any mssql functions) work fine from the browser. When I run the script from the command line, the connection succeeds. Any idea if this is a PHP error or an apache error. If this is an apache error, does anyone know what I need to search for to find an answer? Thanks, Robbert van Andel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] create HTML page on the fly
Angelo Zanetti wrote: > ... > > I assume that I will use fwrite() to add the HTML to the file, I need to > know how to actually create the file before adding the content to it. > You need to open the file before you can write to it, you do that using fopen(). You can choose to create a file or modify an existing on by using the fopen mode flags. The different flags are outlined in the documentation, I think you will be wanting to use 'w'. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] GET variables and mySQL functions inside an Image header.
Kristopher Kane wrote: I am currently in Afghanistan and don't have much access to look these questions up. I consider them basic and regret having to post them here. When passing variables using GET as in: index.php?first=value?second=value My script is reading the first value, however through an included file and another function, it can't read the second. What scope do these variables have? Or what other reasons for not being able to read the variables might there be? Your GET syntax is wrong, you should be using: index.php?first=value&second=value The way you were doing it you should see the second variable contained within the first value. Second: When dynamcially creating an image: I am drawing an image based on data retreived from a mySQL resource. However, my DB code is in the same file as the php image file and I get the non-descriptive error of "Error in the image 'url'" Are you allowed to do any other functions inside an image header other than image functions? (Functions being; open a connection to mySQL and do queries) Thank you for your help, -Kristopher Kane You can use any valid PHP code before or after sending an image header so long as you don't inadvertantly output to the browser. I am not sure what that error message means though, I'm sure someone who uses the image functions more frequently could give you some clues. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] IIS/PWS 5 Help
You have to view the file through the IIS server, not directly. So once you have IIS configured to work with PHP you can access it by typing http://127.0.0.1/filename in your browser. Opening the file directly means that it doesn't get passed through the IIS server and never gets parsed by PHP. David amafind wrote: Morning, I'm missing something... I've done everything and can't get PHP to run on IIS/PWS 5 on Windows 2000. If I double click on the PHP file, then the browser opens and displays my PHP script without interpreting it. What am I missing? Also, trying to find the correct place/person to ask this question has eluded me. I click on links and end up going round in circles, always back at the same page :o( Regards, Alf Wallis [EMAIL PROTECTED] www.amafind.co.za 083 679 4093 011 973 3589 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Mail-format...
It looks like somebody is trying to launch an e-mail injection attack. Looking at your code, I don't think you are vulnerable. You can read more about e-mail injection at http://securephp.damonkohler.com/index.php/Email_Injection You could also send nasty e-mails to [EMAIL PROTECTED], telling them to stop trying to hack your website. David Gustav Wiberg wrote: Hi there! I wonder why I get get these kind of mails (look down below in this mail) I recieve them sometimes... ...I have a code like this... $name = $_POST["frmNamn"]; $email = $_POST["frmEpost"]; //Send mail that there is a new member // mail("[EMAIL PROTECTED]","Ny medlem - Stammis Internet","Namn: $name, Epost:$email"); /G http://www.varupiraten.se/ Namn: [EMAIL PROTECTED] Content-Type: multipart/mixed; boundary=\"===0158601545==\" MIME-Version: 1.0 Subject: c1805938 To: [EMAIL PROTECTED] bcc: [EMAIL PROTECTED] From: [EMAIL PROTECTED] This is a multi-part message in MIME format. --===0158601545== Content-Type: text/plain; charset=\"us-ascii\" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit aienglpcm --===0158601545==-- , Epost:[EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php