Re: [PHP] Avoiding SQL injections: htmlentities() ?
With htmlentities() you are safe also to potential XSS attacks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mail() Alternative?
Another way is the famous phpmailer() class. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A little disturbing query !!!
> Hello, Hi, > $query = "SELECT * FROM templates where ".$_POST[searchtype]." LIKE > '%".$_POST[searchterm]."%'"; Although it works, always put the array index as a string between quotes. $_POST[searchterm] to $_POST['searchterm'] > > But now I need the search to be more advanced, the user may enter a > price range to find results within a range of two numbers, I have added > to the form two textfields the first for the low price ($lprice) the > second for the high price ($hprice).. the 'price' field is located in > the same table (templates). You can start with a basic query like $sql = 'SELECT * FROM `templates` WHERE `price` < %s AND `price` > %s AND `%s` LIKE '%s'; If there's no start price, you put in the query `price` + 1, as `price` will be always lower than `price` + 1. if(!_POST['sprice'] ) { $sprice = '`price` + 1; } And the same with endprice ($eprice).. Then you replace the %s $sql = sprintf( $sql, $sprice, $eprice, $a, '%'.$b.'%' ); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mail()
Hello Sebastian, It'd very useful for those who want to help you out, a good explanation of your error. For example, you're not quoting some error or some error logs that you found related to this behavior. For instance, if you refer to: http://uk.php.net/mail You'll see there's a note explaining that in order to use mail(), PHP must have access to the sendmail binary _during installation_. May be, during some upgrade, this did not work (it has happened to me several times) In the other hand, if the mail() seems to work, but the mail is not getting delivered successfully, there're some other things to check. Best, Guillermo Rauch. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SimpleXML add a node
php.net/dom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] sorting arrays
Hello Brian, Everytime you're looking for an specific function to do some job, look at the php functions list. In this case: http://ar2.php.net/manual/es/ref.array.php These are the most common ones i use: array_reverse usort uksort uasort and obviusly sort Hope this helps, Guillermo Rauch -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Undefined Variable Problems...
Also, since this is a very massive list with high traffic, quote when necessary. For example, consider this message: > Can i draw something ? Yes you can > Thanks You're welcome In that case quote is quite useful :D -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Opening files....
> Hello, > I want to open files in a directory other than the Document root via > HTTP on the client machine. How do i do it ? Yes, it's possible Just supose you have the images under /var/images/. This won't be acceded by apache since it's out of documentroot. You can set up some alias to /var/images For example alias /images/ /var/images/ The problem is, that most servers don't let users access directories outside the DocumentRoot of the customers VirtualHost. Also, if you can read that directory, you can create a path images in your documentroot, and create a .htaccess file like this: ErrorDocument 404 image.php In image.php you catch the referrer with $_SERVER['http_referrer'] and display the image sending the header img/jpeg > Also, Is there a way that I can force the .JPG files to open in a > particular software ? No. Best, Guillermo Rauch. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: help with adding
You really don't have to put the index in a single dimension input array. Just put qty[] And you'll get it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] source code protection
> Hi there! > > What's the point of doing that? The PHP-codes are well protected if they are > on a well > configured server. Sometimes you want to sell protected code $.$ > > /G > @varupiraten.se -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Like ternary but without the else.
On Fri, 25 Feb 2005 18:39:56 -0500, Brian V Bonini <[EMAIL PROTECTED]> wrote: > On Fri, 2005-02-25 at 13:36, Chris W. Parker wrote: > > How can I turn the following into something that resembles the ternary > > operator? > > > > > > > if($something) > > { > > $this = $that; > > } > > > > ?> > > $this = (isset($something)) ? $something : $that; > > The expression (expr1) ? (expr2) : (expr3) evaluates to expr2 if expr1 > evaluates to TRUE, and expr3 if expr1 evaluates to FALSE. > > -- > > s/:-[(/]/:-)/g > > BrianGnuPG -> KeyID: 0x04A4F0DC | Key Server: pgp.mit.edu > == > gpg --keyserver pgp.mit.edu --recv-keys 04A4F0DC > Key Info: http://gfx-design.com/keys > Linux Registered User #339825 at http://counter.li.org > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > What the user actually requested is the following method, fairly used in bash scripting. ($a == $b) && $a = 'asdasd'; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] what does this mean?
Including more than one you can make a complex control structure, not just if else $a = ($a == 0) ? ($b < $a ) ? $b : $a :$c; On Fri, 25 Feb 2005 13:26:51 -0600, Jay Blanchard <[EMAIL PROTECTED]> wrote: > [snip] > on which page of php.net can I find out what this code does? > $a = $b? $a :"dian"; > [/snip] > > It is a ternary IF statement...verbose > > if ($a = $b){ > $a; > } else { > "dian"; > } > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] best way todo a case insensitive str_replace
http://ar2.php.net/str_ireplace On Mon, 21 Feb 2005 15:54:33 -, pmpa <[EMAIL PROTECTED]> wrote: > Hi all. > > What is the best way to do a string insensitive replace? > Currently I am doing: > > $replace = "g r"; > $arr = explode(" ",$replace); > $text = "PHP is GreaT!"; > for($i=0;i $text = > str_replace(strtolower($arr[$i]),"".strtolower($arr[$i])."",$text); > $text = > str_replace(strtoupper($arr[$i]),"".strtoupper($arr[$i])."",$text); > } > > Works except for "Ph","PhP","gr" etc... > I am looking for suggestions before using str_split(); because my $replace > string can be a bit large :) > > Thanks in advance. > > Pedro. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] issue with accents and mysql
Try SHOW VARIABLES LIKE 'character_set%' and verify your character set is latin1. If not, see http://dev.mysql.com/doc/mysql/en/charset-database.html On Tue, 15 Feb 2005 22:04:30 +, mario <[EMAIL PROTECTED]> wrote: > Hello, > > please help me on the following issue. > please reply to [EMAIL PROTECTED] too. > (I asked for help on the php-db ml, but nobody replied) > > I have hacked the following function: > function accents($text) { > global $export; > $search = array ( 'à', 'è', 'ì', 'ò' , 'ù'); > $replace = array ( '\\`{a}', '\\`{e}', '\\`{i}', '\\`{o}', '\\`{u}'); > $export= str_replace($search, $replace, $text); > return $export; > } > > It works fine, as long as I feed it with a string: > accents('à') --> \`{a} > > The issue is when I get 'à' from a mysql table. > I.e., for some record of a mysql table Table, let à the value of the > field Field, and say > $result = mysql_fetch_array($answer, MYSQL_BOTH), > where $answer= mysql_query(SELECT * FROM Table). > > Now accents($result['Field']) returns à (instead of \`{a}). > Why? I have no idea. > > Any hint is welcome. > Thanks a lot > mario > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Fatal Error Handling
On Wed, 9 Feb 2005 08:21:25 -0800 (PST), Richard Lynch <[EMAIL PROTECTED]> wrote: > James Taylor wrote: > > So finally quit that music thing and got a real job? :-) > > [Sorry. I'm sure you've heard them all, but I couldn't resist...] > > > I have a set of functions which are potentially dangerous in terms of > > memory hogging, and need to protect from memory overflow - this is I > > want to detect when the memory overflow occurs. > > > > The manual says that eval() will return false on a fatal error, so I > > thought I could do something like the following, where it would produce > > a "O" for each itteration, and when it failed (memory overflow) it would > > continue and echo the last line. What I get however is this attached to > > the end. > > > > Any advice would be gratefully recieved (and perhaps, the documentation > > on eval updating if it can not catch all fatal errors) > > > > #! /usr/bin/php > > > $y = 0; > > $str = ""; > > $code = '$str .= $str . "."; return true;'; > > $x = TRUE; > > while($x != FALSE){ > >$x = eval($code); > >echo "O"; > >$y ++; > > } > >echo "\n $y it's \n\n ". $str; > > ?> > > > > run: > > $ ./intellirun2.php > > OO > > Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to > > allocate 4194305 bytes) in > > /home/jt/work2/sms/web/stats/intellirun2.php(8) : eval()'d code on line 1 > > You may or may not have some success by preceding the eval with a @ and/or > using http://php.net/error_reporting and/or using > http://php.net/set_error_handler to trap the error. > > If you are using PHP 5, a try/catch block may also be useful to consider. > > I suspect that eval() DOES return false, once you get the error_reporting > under control instead of relying on the rather crude default error > handling. > > -- > Like Music? > http://l-i-e.com/artists.htm > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > I think a try catch block wouldn't be enough, as most functions throw warning messages instead exceptions. You should set a custom error handler and throw the exception by yourself, if you want to. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ability to use extract to $this vars in a class
If i understand you correctly, you want to extract all the keys and generate class members with them.. // Define class test class test { // We pass an array to the constructor function __construct( $arr ) { foreach($arr as $key => $val ) { $this->{$key} = $val; } // For this example, i print the structure of the object print_r($this); } } $tests = array( 'hi' => 'bye', 'hey' => 'ho', 'lets' => 'go'); $test = new test($tests); I forgot in the previous message to mention that if the member exists, it will be overriden. In addition, you shouldn't use this, as you don't have control over the accessing to the vars. Instead, you should store them in a previously defined array (for example private $_vars; ) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Secure system calls -- how
This article may help: http://www.onlamp.com/pub/a/php/2003/08/28/php_foundations.html On Tue, 08 Feb 2005 20:38:48 +, Jennifer Goodie <[EMAIL PROTECTED]> wrote: > -- Original message -- > From: Niels <[EMAIL PROTECTED]> > > Hi list, > > > > I'm doing an intranet website for managing users. I need to be able to > > change passwords, move files and folders around and that kind of thing. > > What is the best way? > > > > I wouldn't use system calls to move files around. PHP has built in file > system functions. Why shell out to do something that is built in? > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] array_map() problems
Hi Jeffery, To use a class method as a valid callback, you should pass an array like $_POST = array_map(array($this, 'StripSlashesDeep'), $_POST); Hope this helps, -Guillermo On Mon, 7 Feb 2005 17:10:32 -0600, Greg Donald <[EMAIL PROTECTED]> wrote: > On Tue, 08 Feb 2005 09:37:11 +1100, Jeffery Fernandez > <[EMAIL PROTECTED]> wrote: > > I have the following 2 functions which I intend to clean GPC off slashes > > if magic_quotes_gpc is turned on. > > > > function StripGpcSlashes() > > { > > if (get_magic_quotes_gpc()) > > { > > $_POST = array_map('StripSlashesDeep', $_POST); > > $_GET = array_map('StripSlashesDeep', $_GET); > > $_COOKIE = array_map('StripSlashesDeep', $_COOKIE); > > } > > } > > > > function StripSlashesDeep($value) > > { > > $value = is_array($value) > > ? array_map('StripSlashesDeep', $value) > > : stripslashes($value); > > > > return $value; > > } > > > > However when I call $this->StripGpcSlashes(); from within a class, I get > > the following error: > > */ array_map(): The first argument, 'StripSlashesDeep', should be either > > NULL or a valid callback /* > > > > Anyone have suggestions as to what I am doing wrong ? > > Mine works fine, but I don't use it in any classes: > > set_magic_quotes_runtime(0); > if(get_magic_quotes_gpc() == 0){ >$_GET = isset($_GET) ? array_map("slashes", $_GET) : array(); >$_POST = isset($_POST) ? array_map("slashes", $_POST) : array(); >$_COOKIE = isset($_COOKIE) ? array_map("slashes", $_COOKIE) : array(); > } > > function slashes($var){ > if(is_array($var)) > return array_map("slashes", $var); > else > return addslashes($var); > } > > -- > Greg Donald > Zend Certified Engineer > http://destiney.com/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Strange key behaviour
On Tue, 08 Feb 2005 00:19:20 +0100, Johannes Reichardt <[EMAIL PROTECTED]> wrote: > Hey there! Hi Johannes > > i have a routine like this: > > $myarray['1'] = 'aösldfjkasöldkjf'; > > foreach($myarray as $key => $value) { > echo $key{0}; // outputs nothing > echo substr($key,0); // outputs 1 like intended > } > > Any ideas why this is like that? I am using $key is just a string, not an array. You should call it as $key. foreach($myarray as $key => $value) { echo $key // outputs 1 } Good luck, -Guillermo > > php 4.3.11-dev > > - Johannes > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] help-regarding-file_get_contents
Does the server support passive FTP connections? Extracted from the PHP Manual: PHP 3, PHP 4, PHP 5. ftps:// since PHP 4.3.0 * ftp://example.com/pub/file.txt * ftp://user:[EMAIL PROTECTED]/pub/file.txt * ftps://example.com/pub/file.txt * ftps://user:[EMAIL PROTECTED]/pub/file.txt Allows read access to existing files and creation of new files via FTP. If the server does not support passive mode ftp, the connection will fail. See http://docs.php.net/en/wrappers.html. -Guillermo On Mon, 7 Feb 2005 12:46:25 -0800 (PST), vijayaraj nagarajan <[EMAIL PROTECTED]> wrote: > hi john > i am a php user... > one help from you.. > i could download the contents of an url from http:// > sitesbut when i tried downloading the contents > from an ftp site... > i get this error... > > Warning: file_get_contents(): php_hostconnect: connect > failed in /var/www/html/get.php on line 3 > > Warning: > file_get_contents(ftp://ftp.ncbi.nih.gov/genbank/gbrel.txt): > failed to open stream: FTP server reports 229 Entering > Extended Passive Mode (|||50334|) in > /var/www/html/get.php on line 3 > This is the content of the retreived file... > > could you suggest me how to go about this... > thanks for spending your valuable time... > > --- John Holmes <[EMAIL PROTECTED]> wrote: > > > From: "vijayaraj nagarajan" > > <[EMAIL PROTECTED]> > > > > > i would like to fetch the content of a url. > > > and then would like to put in my page... > > dynamically > > > refreshing it once in a day... > > > > > > is it possible to do this in php. > > > i have used perl get url option and then parse the > > > file, with the date and time function...to do > > this. > > > > $file = > > file_get_contents('http://www.domain.com/page.php'); > > > > Save $file locally and you have your copy. use cron > > to run the command once > > per day. > > > > __ > Do you Yahoo!? > Read only the mail you want - Yahoo! Mail SpamGuard. > http://promotions.yahoo.com/new_mail > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php