RE: [PHP] Pirate PHP books online?
> > The problem with that, though, is that a lot of publishers require > exclusivity, so an author is bound (no pun intended) by contract not > to publish elsewhere - including on their own website. > The idea of even offering an electronic version should be to drive sales for the hard copy. Maybe offer a "Condensed Version" electronically, that has enough content that readers can get enough of a feel for the product to drive a buying decision. Throughout, make reference to the full version having more complete content, complete with an "order now" link. This method worked well for Readers Digest! JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] duration of mp3 file
> > Allow bunnies ... > > Any takers on this ... I JUST want the duration of the mp3 > file - with a > small function if possible ... I honestly don't want to use a > class like > http://www.phpclasses.org/browse/package/112.html > > The coding is terrible and SERIOUSLY over inflated for what I want. > > Anyone know of a simple class / function ? > > S > Apparently, you can read the header of the file to find the bitrate, then calculate the approximate play duration from that info and the filesize. Here is information on the mp3 file format: http://mpgedit.org/mpgedit/mpeg_format/mpeghdr.htm ...and here is a discussion thread that provides the calculation and other links: http://www.hydrogenaudio.org/forums/lofiversion/index.php/t46563.html I've never done this, and apparently there is an issue with MP3s that have variable bitrates, but maybe this will get you started in the right direction. HTH - JM <-- not anything like a bunny ;-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] About Fraud Prevention
> > I'm trying to make a program with PHP, that prevents > ecommerce fraud orders. > Technically, what's the most effective way to prevent fraud orders on > e-commerce web sites? That's a really general question. More specific questions generate more specific answers. My advice to you would be to leave credit card processing to third parties that specialize in processing credit cards, like paypal or any of the other vendors that do it. Let them worry about fraud prevention. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Include images in php file
>...it is more handy to have just one file instead of a > folder system. Thats why $deity gave us gzip. ;-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP Brain Teasers
> On 6/26/07, Jim Moseby <[EMAIL PROTECTED]> wrote: > > > > > > Jim, I didn't get any parse errors when I tested it, it just > > > output the stuff. You're right though that is what > they say > > > > > > > > > Bah - thwarted (again) by PHP4. :( > > > > How so? I didn't use any 5th Generation-specific code http://us.php.net/try says: "PHP 5 has an exception model similar to that of other programming languages" I take that to mean that the throw/catch/try stuff is specific to PHP5, no? Maybe its a cut/paste error? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP Brain Teasers
> > Jim, I didn't get any parse errors when I tested it, it just > output the stuff. You're right though that is what they say > Bah - thwarted (again) by PHP4. :( -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP Brain Teasers
> So here's the first one (it's simple): > > > function at($level) { > $level == 10 ? $ret = "winner" : ''; > $level == 15 ? $ret = "try" : ''; > $level == 20 ? $ret = "first" : ''; > $level == 25 ? $ret = "user" : ''; > $level == 30 ? $ret = "place" : ''; > $level == 35 ? $ret = "again" : ''; > $level == 40 ? $ret = "succeed" : ''; > $level == 45 ? $ret = "last" : ''; > $level == 50 ? $ret = "finish" : ''; > return $ret; > } > > if(at(20) != "succeed") { > try { > $e = "again"; > throw new Exception($e); > } catch(Exception $e) { > echo "Try ".$e->getMessage()."\n"; > } > } > ?> The correct answer is: "Parse error: parse error, unexpected '{' in /var/www/html/m.php on line 17" Oh well, you know what they say: "If at first you don't succeed..." JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Date
> > > How do I break $start_date into 3 variables --- 4 digit year, 2 digit > month and 2 digit day? > > $start_year = ; > $start_month = ; > $start_day = ; > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Date
> > > How do I break $start_date into 3 variables --- 4 digit year, 2 digit > month and 2 digit day? > > $start_year = ; > $start_month = ; > $start_day = ; > Can you give us an example of $start_date? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Cannot un-subscribe from list
> I am currently trying to unsubscribe from this mailing list, > however I > am nor very successful in doing this. The mailer program will > refuse to > accept my address for removal, it will simply continue to > send mail to > my address. Why is this happening and how can I stop it? > > Mark If you are receiving mail from one of the mailing lists, there should be absolutely no reason that you would be unable to unsubscribe yourself from the list, except for your ability to follow the directions at http://www.php.net/unsub.php . However, if you find yourself unable to unsubscribe from the mailing list, send an email to [EMAIL PROTECTED] Make sure to include the complete headers from one of the messages you have received from the mailing list. Keep in mind that there's a human being at the other end of that last email address, so you'll have to be patient. (blatantly plagiarized from the unsubscribe page) JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Calendar
> > I did that and either they are not free or suck... dont appreciate the comment > > > On 6/13/07, Jim Moseby <[EMAIL PROTECTED]> wrote: > > > > > > Is there a decent free calendar? I just need to show a few events on a > > > calendar. > > > > You could try your bank. They usually have free calendars, coffee mugs, > > pencils, etc. ;-) > > > > Seriously though, type 'php calendar' into google and see what happens. 1) Please don't top-post. 2) Please include the list in your replies. 3) Please search dictionary.com for 'humor', and learn to recognize it. hint: A winkie ';-)' is a clue! You will likely get a more useful response from the list members if you include enough information. For instance, what do you mean by 'decent'? (One man's 'decent' is another man's 'sucks') What do you mean by 'calendar'? Do you mean a full-blown scheduling system, or do you just want to display a one month calendar? Do you need a database back end, or will the content be static? What is the problem you are trying to solve? etc... Just trying to help. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Calendar
> > Is there a decent free calendar? I just need to show a few events on a > calendar. You could try your bank. They usually have free calendars, coffee mugs, pencils, etc. ;-) Seriously though, type 'php calendar' into google and see what happens. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] need to collect credit card details
> > I have a paypal account setup and am going to upgrade to the virtual > terminal, however the client would like to collect the credit > card details > as security (he is a hotelier) > > Is it possible to securely send these details via the > internet or should I > suggest he just gets them to phone them through? > You need to use an encrypted link, like SSL. But there are almost certainly safer ways to accomplish your goals than handling credit cards yourself. The fact that you ask this question suggests that you and your client might have not thoroughly thought through the implications. Generally, it is a really, really BAD idea to store credit card information (on systems, on paper slips, on post-it notes). One little oversight, one little compromise, and all of a sudden you have potentially 1000s of YOUR CUSTOMER'S credit cards leaked into who knows who's hands. Assuming you're lucky enough to know that it has happened at all, you will then be faced with cleaning the whole mess up. Irrepairable damage will have been done to your, and your client's reputations. The legal ramifications are staggering. Make sure you get a signed release from liability from your client so he can't come after you if he gets sued. If you consider the implications and decide to go forward anyway, I suggest you read a LOT about internet security. http://phpsec.org/library/ is a great place to start with regards to the PHP aspects of this. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Going from simple to super CAPTCHA
> -Original Message- > From: Tijnema [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 12, 2007 1:34 PM > To: Robert Cummings > Cc: tedd; Stut; Jim Lucas; php-general@lists.php.net > Subject: Re: [PHP] Going from simple to super CAPTCHA > > > On 6/12/07, Robert Cummings <[EMAIL PROTECTED]> wrote: > > On Tue, 2007-06-12 at 19:23 +0200, Tijnema wrote: > > > On 6/12/07, Robert Cummings <[EMAIL PROTECTED]> wrote: > > > > On Tue, 2007-06-12 at 18:19 +0200, Tijnema wrote: > > > > > On 6/12/07, Robert Cummings <[EMAIL PROTECTED]> wrote: > > > > > > On Tue, 2007-06-12 at 12:01 -0400, Robert Cummings wrote: > > > > > > > On Tue, 2007-06-12 at 11:56 -0400, Robert Cummings wrote: > > > > > > > > > > > > > > > > > > > > > > > > (1 * 100) / 100 = .10 = 10% of the time > > > > > > > > > > > > > > Bad math alert... (1 * 100) / 100 = 10;) > > > > > > > > > > > > > > Still the same answer though, was just mixing > what I wrote with what I > > > > > > > was thinking :) > > > > > > > > > > > > Bleh, what's wrong with me today... it's 1% not > 10%. Still within reason > > > > > > for a spammer. > > > > > > > > > > > > *smacks head to clear the fog* > > > > > > > > > > > > > > > > So, that means that you need to allow maximum of 10 > attempts per few > > > > > minutes, so that there will be 0,1% change ;) > > > > > > > > Using Ted's technique I've found the perfect CAPTCHA -- > and it's fun > > > > too: > > > > > > > >http://shorl.com/nomojeryprafri > > > > > > > > Cheers, > > > > Rob. > > > > > > Hmm, LOL > > > > > > Ok, found him ;) He's under the ground ... :P > > > > Heheh, nah, not this time... he's in one of the bumper cars :) > > > > Cheers, > > Rob. > > I see ;) > > So you want to take this picture, change the position of bin laden > randomly, and then just let every user before they post find bin laden > ;) > At least you don't have to worry about 'W' posting in your forums. He'll still be looking 5 years from now. ;) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: any security problems with this?
> Ross wrote: > > I have a page of functions that I include in my page head. > In this I have a > > function to connect. I can then just call this on each page > when i need it. > > Does doing it this way cause any potential security risks? > > > > function connect() { > > $host="localhost"; > > $user="x"; > > $password="xx"; > > $dbname="x"; > > > > $link = mysql_connect($host, $user, $password) or die > ('somethng went > > wrong:' .mysql_error() ); > > mysql_select_db($dbname, $link) or die ('somethng went > wrong, DB error:' > > ..mysql_error() ); > > > > } > > > The function can only be run if you call it in one of your > scripts, when > the database is needed. The user has no way of calling the > function or > seeing the code, so there shouldnt be any security risks at all. > Unless, of course, his page of functions is named 'readme.txt' and lives in document root. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] need to alter FROM address when sending with PHP forms
> > My company has a RH ES4 web server running apache/2.2.2 and PHP 5.1.4. > Our PHP programmer has developed quite a few PHP email forms and each > time an email is sent, the FROM: address is > [EMAIL PROTECTED] I don't know if this is a PHP > problem or apache problem (or even a sendmail problem for that matter) > so I am asking both lists for help. I have tried lookup up apache docs > and PHP docs to alter the FROM: address to no avail. No matter what I > and my programmer try in PHP or apache the from address stays coming > from the user apache runs as @webserver.domain.com (obviously I mean > the FQDN of the server). We would like to be able to alter the FROM: > address per form as we should be able to do in PHP. If there is a PHP > fix for this any help would be appreciated. If this is definitely NOT > a PHP problem, please let me know and I will move on from there. Thank > you. You will need to set the From: header. I use the awesome phpmailer class that makes sending complex emails really easy. http://phpmailer.sourceforge.net/ JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: File Upload - post_max_size and upload_max_filesiz e in GBs
> > Any suggestion to use some other applet. Any freeware etc. Or > one not so > expensive and which overcomes this php's 1.99 gb limit. > I will again suggest http://radinks.com/upload/ . It does not use POST to transfer huge files. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] logging of sql queries - success/failed
> I've got a script that imports several CSV files via the Load > Data File > command. > > I need to know if each import query was successful or failed. > > > > Is there a way to log the success/failure of each query including how > many rows were inserted? > > > I assum you are using MySQL, since you didn't specify. Typically, mysql_query() will return false if the query failed, and mysql_affected_rows() will return the number of rows affected. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] File Upload - post_max_size and upload_max_filesize in GBs
> > > Rumor has it that uploaded files are stored in memory before being > > committed > > to disk. If so, the amount of free RAM available to PHP > would be the limit > > to the filesize regardless of the ini file settings. > > I don't think that is the case. File is written to temp > directory as it is > uploaded. > And the qeustion is of php having negative values after I > specify post size > limit to 4G > There is a comment in the documentation for move_uploaded_file() that indicates the entire file is saved in memory prior to writing to the temporary upload area. Maybe this is not true. Read it for yourself. Its just a comment, so who knows? Also, there is an indication that you may need to tweak memory_limit in php.ini. > > You should probably use another method of transport for > files that large. > > FTP immediately comes to mind. > > You mean ftp client? Like cute ftp. If yes, the problem is > that along with > uploading the file I also have to update database to > associate that file > with some user etc. It needs to be web based. > After a quick search I found an applet that handles file uploads, and can use FTP as the transport protocol. http://radinks.com/upload/ JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] File Upload - post_max_size and upload_max_filesize in GBs
> > Hello, > > I want to allow uploading of huge video files, which may be > as big as 4 GB. But when I try to set > > post_max_size = 4G > upload_max_filesize = 4G > > in php.ini, it doesn't work and everything in post (posted > data) is ignored. > > I get a warning about size of posted data greater than some > negative number. > > I read somewhere that php stores this data in integer. > > I have tested it on 64 bit system (php 5.1.6 installed on > Mandriva 2007.0) as well as 32 bit system (php 5.2.2 > installed on windows xp sp2). > > Value up to, I think, 2147483647 bytes or ( around 1.999.. gb) works > > We need to allow uploading of 4 GB files. Is there any solution. > > Regards, > Sukhwinder Singh Rumor has it that uploaded files are stored in memory before being committed to disk. If so, the amount of free RAM available to PHP would be the limit to the filesize regardless of the ini file settings. You should probably use another method of transport for files that large. FTP immediately comes to mind. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] More include issues
> > I have error_reporting set to E_ALL and display_errors is set to On. > > And no errors are displayed As a troubleshooting step, use require() instead if include(). It will return an error message if error_reporting() allows it to. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Strings
> > your syntax is broken because of the weird quotes it seems. I agree. After replacing all the superscripted 2's and 3's with proper quotes, the examples both work as expected. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Did I find a bug in PHP 5.2.2?
> It worked yesterday. I don't have any idea what could cause your problem, but with your permission I think I'll have some t-shirts printed up with this slogan. ;-) JM --- "It worked yesterday." - unknown -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Check if Record was Entered Today.
> -Original Message- > From: Rahul Sitaram Johari [mailto:[EMAIL PROTECTED] > Sent: Thursday, May 24, 2007 1:42 PM > To: PHP > Subject: [PHP] Check if Record was Entered Today. > > > > Ave, > > I have a dbase (dbf) database and I¹m using PHP¹s dbase > function to open & > search the database. > Each row in the database contains an Account Number and the > Date it was > inserted. > > I want to search this database for to see if the Account > number ($thekey) > was inserted today (using date() to find out today¹s date). > > Essentially, here¹s the code: > > $db = dbase_open(try.dbf", 0); > if ($db) { > $record_numbers = dbase_numrecords($db); > for ($i = 1; $i <= $record_numbers; $i++) { > $row = dbase_get_record_with_names($db, $i); > > $thedate = date(mdY); > if(($row['ACC'] == $thekey) && ($row['DATE'] == > $thedate)) { > echo "The Account Number has already been entered > once today"; > echo $row['DATE']." : ".$thedate; > exit; > } > else { > echo "The Account Number exists but not entered > today"; > echo $row['DATE']." : ".$thedate; > exit; > } > } > } > > The problem is the scripts stops at the first entry of the > Account Number, > and is not looping through all the rows which contain the > Account Number. So > if the Account Number was entered yesterday, it stops and > gives ³The Account > Number exists but not entered today² even though the Account > Number does > exist in another row with Today¹s Date. > > How do I make it loop through all the rows and check if there > is any entry > with the Account Number & Today¹s Date? > > Thanks, 'exit' terminates the script. You should not be using exit there. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] How to eject cd-rom with php code?
> > Hi all, > > I am writing a script and need to eject the cd-rom drive at > > some point. > > Does anyone have an idea how to do this? > > This is a simple command isn't it? > > I greatly appreciate your help > > Blessings, > > Chetanji > > Found this little snippet on the php.net site. ( > http://us2.php.net/manual/en/ref.com.php) > > Might work for you: > > Using the Windows Media Player OCX and the latest snap of PHP > 5.1 i was able > to eject a CD-ROM drive > > //create an instance of Windows Media Player > $mp = new COM("WMPlayer.OCX"); > //ejects the first cd-rom on the drive list > $mp->cdromcollection->item(0)->eject(); > > ?> > > HTH > > JM > I should amend this to say that this will eject the cdrom drive on the WINDOWS server that PHP is running on. If you're looking to eject the CD on the CLIENT, you're out of luck. To eject a CD on a linux based server, maybe a simple 'exec('eject')' will work. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] How to eject cd-rom with php code?
> Hi all, > I am writing a script and need to eject the cd-rom drive at > some point. > Does anyone have an idea how to do this? > This is a simple command isn't it? > I greatly appreciate your help > Blessings, > Chetanji Found this little snippet on the php.net site. ( http://us2.php.net/manual/en/ref.com.php) Might work for you: Using the Windows Media Player OCX and the latest snap of PHP 5.1 i was able to eject a CD-ROM drive cdromcollection->item(0)->eject(); ?> HTH JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] ftp root dir?
r? > > > Can I assume that all ftp_connect()s will make the current > dir the DOC_ROOT? > > If not, how can I insure the ftp root dir is the same as DOC_ROOT? > > You can't use the absolute path with ftp. > > chdir() doesn't change the ftp current dir. > > if you ftp_chdir() and it's already on the root, it posts an error. > > ftp_pwd() simply returns "/", which simply says it's on its > root, where ever that is. The ftp_* functions behave just as any ftp client behaves, AFAIK. If you log into the FTP server via your favorite command-line FTP client, you are seeing the exact same behaviour as the ftp_* functions will see. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] ftp_get() - OpenVMS - semicolon in filenames
I am trying to use the php ftp_* functions to access files on an OpenVMS UCX FTP server. I can log in and list the files, but I can't use ftp_get() to get any of them. Instead I get a 'file not found' back from ftp_get(). I think the problem is in OpenVMS naming conventions. OpenVMS saves files with a semicolon and a version number appended to the end. So instead of overwriting files, it increments the version number. In my case, I have directory with ~100 files, all with the same name and different version numbers. For instance: FILENAME.EXT;1 FILENAME.EXT;2 {...} FILENAME.EXT;100 ...so my first suspicion is that ftp_get() doesn't understand what to do with the semicolon. STFW turns up a bug in PHP where garbage is appended to ASCII type transfers from OpenVMS, but I don't think that is relevant to this problem. I will likely have to deal with this if I can get the file to transfer, but one step at the time. If I use 'get' in a command line FTP client from the LAMP box I'm developing this on, I just specify the version number as part of the filename as you would expect. I have tried escaping the semicolon with a backslash. ftp_get() returns a "Warning: ftp_get: File specification syntax error" message. This is my first foray into the ftp_* functionality of PHP. Hopefully, someone here will have had to deal with this already, and will have an answer. Here is the code I have so far, for what its worth: -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] IE7 => end tag?
> > The extra comma at the end of the array definition is still > valid syntax in > PHP. Try for yourself: > > php -r '$a = array("a" => "foo", "b" => "bar",); print_r($a);' Interesting. Do you mean 'Valid Syntax' in that it 'works without error', or 'Valid Syntax' in that 'it was designed to work that way'? If the former, then I would argue as to whether it is valid syntax, since depending on it would be dangerous. If the latter, then I have learned something new, and I'd like to know more about why it is designed to work that way, and how I could use it to my advantage. > > NULL is a special type that means just that: > http://uk.php.net/manual/en/language.types.null.php > > Enclosing it in quotes will define it as a string, something entirely > different. I am aware of what a NULL is. I suggested the quotes as a troubleshooting step, since code prior to the NULL was not being displayed. A 'knee jerk' suggestion, I concede. (Feel free to substitite your own descriptive phrase for 'knee jerk' if you must) :-) JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] IE7 => end tag?
> > #-- .meta info > include("../plugins/lib/pluginmetadata.php"); > $_cached = !empty($_POST); > ewiki_pmd($_cached); > #-- defaults for the separately handled database settings in $db[] > if (!($db = $_REQUEST["db"])) { > $db = array("type" => NULL, > "server" => "localhost", > "dbname" => "test", > "table" => "ewiki", > "dir" => "/tmp", > "dba" => "/tmp/wiki.dbm", > ); > } > > > > > NULL, and the following text is displayed in browser > Who knows how to change this behavior? I don't know if this will fix your problem, but you have an extraneous comma after'"dba" => "/tmp/wiki.dbm",'. Also try enclosing NULL in quotes and see if your problem goes away. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Reading & Writing XML Documents...
> > Can anyone point me to some good online reference/examples of > reading/writing XML documents? > With regards to PHP? Sure! http://us2.php.net/xml JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Selecting a special row from the database
> > About the sql injection, the db user I set for this has only select > privileges, should I be worried even with this ? > Absolutely. If I have select privs, I could possibly select passwords, credit card numbers, or whatever else sensitive info you have in your db. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] INSERT Array Values into mySQL Table
> > $sql = "INSERT INTO table (f1, f2, f3, ". implode(",", > array_keys($pr1)) .") > VALUES ('abc', '123', '456', ". implode(",", > array_values($pr1)) > .")"; > > HTH, > > Brad Might not work if the array values need to be enclosed in quotes. I would build the query string in a foreach loop and execute the query afterwards. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] voucher manipulation
> > Alo, > > I have a client looking to do the following; > > There is a standard "voucher" design, in the format of JPG > ... now ... they > wish to create a voucher system where if you reach so many > points etc you > can claim a voucher (using the design) with a expiry date ... > current + > 30days and a unique voucher number. > > Now, I have looked at ImageCreateFromjpeg etc ... but ... > cant figure out > how to place the text on it within the specified areas. It > will then be > emailed to the user. > > Does anyone know of an idea out there already I can take a > look at ... or > some advice? > Steven, Have a look at http://php.net/imagettftext . Also, here is a code snippet from something I did a long time ago to brand uploaded images. Maybe you can modify it for your needs or get an idea of how to proceed. It contains two slightly offset imagettftext() calls because I wanted a "drop shadow" effect to the brand. -[code]--- $fontpath =$_SERVER['DOCUMENT_ROOT']."/PAPYRUS.TTF"; function brand_image($big_pic){ // Draw border and brand big_pic $ims=getimagesize($big_pic); $img = ImageCreateTrueColor($ims[0],$ims[1]); $black = imagecolorallocate ($img, 0, 0, 0); $white = imagecolorallocate ($img, 255, 255, 255); imagecopy($img,$org_img, 0, 0, 0, 0, $ims[0], $ims[1]); for($x=0;$x<$tnborderwidth;$x++){imagerectangle($img,$x,$x,$ims[0]-(1+$x),$i ms[1]-(1+$x), $black);} imagettftext($img,20, 0, $ims[0]-260, $ims[1]-20, $black, $fontpath, $brandtext); imagettftext($img,20, 0, $ims[0]-262, $ims[1]-22, $white, $fontpath, $brandtext); imagejpeg($img,$big_pic,90); imagedestroy($img); } //function brand_image --[/code]--- JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] CSS vs. Tables OT
> In > fact, I may be going out on a limb here, but I challenge anyone to > describe a layout that isn't covered. I want a layout that looks identical in every browser without resorting to something like: switch($browser){ case 'IE':include('ie.css'); case 'Mozilla':include('mozilla.css'); {...} default:throw_hands_up_in_disgust(); ) I don't think thats possible right now, is it? JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] redirect with header still not working
> > Have tried the full url for the header and it still doesn't > work. I may have > to resort to...javacript redirects unless someone can suggest > a way around > it. > > Here is the phpinfo(); > > http://s202801613.websitehome.co.uk/info.php > > > Is is 1and1 hosting if anyone had had any experience of them. > > thanks, > > > R. I have several sites with 1and1, and I use header() with no problems. The main issue I have run into with header() is that your script can produce NO OUTPUT prior to the header() call. Not even a whitespace, else header() will not work. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Download multiple sound files?
> = = = Original message = = = > > Hey all, > > I have a need to allow a user to download multiple > sound files (mp3s, typically) from a single link. > I've been looking at various solutions via Google, > but have not seen one yet to do this. > > Can anyone point me in the right direction or give > me a lead on how this can be done? > > Thanks! > Skip > I remember, way back when, transferring multiple files was simple. The good ole days of ZModem. Maybe todays technology will catch up eventually. ;^) JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] finding a particular record within a MySQL result set
> > > I've looked at those, but both approaches requires traversing > through > the entire mysql result set to create another array ( could > be memory > intensive if the result set is large...100,000 ? ) > > -James > I agree. That's why I said the mysql group will give you better answers. Really, the best solution is to just get your answer from mysql. I am 100% sure you can forge an SQL query or series of queries that will return the number you want. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] finding a particular record within a MySQL result set
> > You will probably get a better approach from the mysql list, > but from a PHP > solution perspective, I'd load up an array with the result > set and use key() > to get the number. > > The example at http://php.net/key does exactly that. > Or array_search() :) JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] finding a particular record within a MySQL result set
> > I've cross posted this to the MySQL list... > > Here's my original post. > > > Is there some quick way to do the following in MySQL? (I know I > > can use PHP to search through the result set, but I wanted to see > > if there's a quick way using some sort of query) > > > > Let's say I know that Joe is from Maine. > > I want to do a query of all employees from Maine, ordered > by hiring > > date, and figure out where Joe falls in that list. (i.e. which > > record number is he?) > > > > -James > > > > > Here's my new plan of attack... > > Right now I'm trying to use PHP to do a binary search on the result > set so I don't have to traverse the entire result set. > > I'm using PHP's mysql_data_seek() to move the pointer within the > result set and looking at the data to do the necessary comparisons. > > What do people think of this approach? > You will probably get a better approach from the mysql list, but from a PHP solution perspective, I'd load up an array with the result set and use key() to get the number. The example at http://php.net/key does exactly that. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php-mysql problem
> i need help regarding a sql query in my php app. > > the query is : > $SQL = "SELECT DISTINCT(EMail) FROM mena_guests WHERE > Voted = 'yes' > LIMIT $startingID,$items_numbers_list"; > > i want to sort this query by the number of the repeated EMail counts. > can anyone help me with that please ? A) Is this a PHP question? If so, please post the PHP code you are having trouble with. B) While you could dump the results of your query into an array, and use sort() or the other array sorting methods to sort it any way you wanted to (thus making this a PHP question), it would certainly be more efficient to have MySQL return a properly sorted result set to begin with. C) It appears that by your use of DISTINCT(), you will not have repeating EMail values in your result set, thus you could not sort it by repeating emails. D) You will find many more relevant answers and many more willing participants if you were to post your question to a MySQL oriented list. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Random Unique ID
> Rabih Tayyem writes: > > > PS: I don't take credit for the code as it is a modified version of > > a code I found long time back (this same code is running on one of > > my applications for months without any problem).. > > Thanks. I'll find use for that! > > However, altho I know that by making the random number big enough > the likelyhood of collisions can be made vanishingly small, I was > actually concerned with eliminating the possibility of collisions > altogether by checking to see if the number had been used before. > > I just don't know how to do that properly with Mysql. Perhaps it > is necessary to lock to table, check, make the insert and then > unlock it. But I was hoping that there would be a simpler way. Replied off-list with a solution. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] IP to City detection
PHP] IP to City detection > > > There's a MaxMind's GeoLite City service for that. It's free. > > http://www.maxmind.com/app/geolitecity > That is probably a better alternative than the one I sent, which relies on data from api.hostip.info. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] IP to City detection
> Hi people, > > Is there a way to detect the city of a person based on the IP > address? I > mean something like ip2nation http://www.ip2nation.com/ but for cities > so I can use it in my PHP web application. > > Thanks for any help you can give me, > > -William > I have one that 'sort of' works. It might be a start for you. I don't take credit for it, but I can't find in the source code any credits. I'll send it to you off list. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Keep the PHP list ON TOPIC! (was: [PHP] MYSQLyog)
> > Jonathan Kahan wrote: > > I will look at Jim's suggestion. I tried the % and it still failed. > > FYI-I have seen posts here much less related to PHP than my > own without > > such responses. > > so that make's your totally offtopic question okay then does? > I suppose you condone murder also because, heck, others have > done it before, right? > > > And yes in my mind this is part of PHP in that PHP > > interacts with MYSQL and thus this has a bearing on my > ability to write > > PHP programs in the future. > > your mind seems rather clouded or just plain narrow. > you can't connect to a mysql server using some window gui app > ... there is > no php there, period. > > > I have already written a few PHP programs > > without using the mysql functions which yes are a part of PHP. > > technically the mysql wrapper functions are part of a php extension. > there are plenty of people who run php without the mysql > extension btw. > > > This is > > an email support group-I am not attempting a masters thesis here. > > this is general php support list - please do come back when > you have trouble > with mysql_connect(), mysql_query() and the like. > > otherwise go get your help from the correct source, I'm sure there is > plenty to be found at mysql.com for example (or webyog.com???). > Put another (kinder? gentler?) way: While the fine folks of the PHP General list might be able to make a pretty good guess as to the solution to your non-PHP problem, you would find much better, quicker, more accurate (and less prickly) advice from the MYSQLyog or MYSQL support lists. The more we can keep the topic focused on PHP here, the better the perpetual archive will be for PHP knowledge seekers going forward. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Problem with MySQL
> > > > Warning: mysql_select_db(): Access denied for user > 'ODBC'@'localhost' (using password: NO) in > z:\home\localhost\www\2.php on line 12 > > > > Warning: mysql_select_db(): A link to the server could not > be established in z:\home\localhost\www\2.php on line 12 > > > > Warning: mysql_query(): Access denied for user > 'ODBC'@'localhost' (using password: NO) in > z:\home\localhost\www\2.php on line 14 > > > > Warning: mysql_query(): A link to the server could not be > established in z:\home\localhost\www\2.php on line 14 > > Database Selected: i" > > > > what does it' mean? > > It just means that you are using a wrong username/password combination > to connect. Or that the user ODBC does not have access granted to the database or table he is trying to access. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: [PHP-WIN] Re: [PHP] Re: Question on virus/worms
> > Seak, Teng-Fong wrote: > > No, I don't deserve anything because, as I've written in the > > original post (but I suppose you didn't notice), the website is > > outsourced and made by a 3rd company. Then you should be having this conversation with the 3rd party. They need to validate *EVERY* bit of data that comes into the script from outside. This includes items passed on the URL, POSTed items, uploaded files, etc. You CANNOT TRUST that your URL has not been tampered with, regardless of the scripting language you use (ASP, PHP, JSP, etc) If they do not validate the inputted data, they have problems like you have seen. Relying on register_globals is taboo. Any competent PHP programmer knows that, and likely has known it for a long time. > I know ASP and JSP, but not PHP. I've not got much time > to invest > into this. Sounds like you need a good consultant. My rates are reasonable. ;-) JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Installing php and mysql on linux
> I am attempting to start the mysql rpm in Red hat as a first > step prior to > downloading and activating the php-mysql rpm. I was > attempting to follow > steps based on the link below. the php rpm is loaded and > activated as I have > been able to execute php scripts. When I attempt to follow > those directions, > I get the below errors. Does anyone know why I got the below > errors or can > help me through this process? > > Thanks > > http://kbase.redhat.com/faq/FAQ_39_3633.shtm > > > [EMAIL PROTECTED] var]# rpm -q mysql-server > mysql-server-4.1.20-1.FC4.1 > [EMAIL PROTECTED] var]# rpm -q mysql > mysql-4.1.20-1.FC4.1 > [EMAIL PROTECTED] var]# up2date mysql > bash: up2date: command not found > [EMAIL PROTECTED] var]# up2date mysql-server > bash: up2date: command not found > [EMAIL PROTECTED] var]# ./up2date mysql > bash: ./up2date: No such file or directory > [EMAIL PROTECTED] var]# ./up2date mysql-server > bash: ./up2date: No such file or directory > [EMAIL PROTECTED] var]# ./up2date mysql > bash: ./up2date: No such file or directory > [EMAIL PROTECTED] var]# > Unless the up2date binary is in the current directory, leave off the './' at the beginning. Type the command exactly as it appears in the directions. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Intro to PHP question
> > He wanted to use it for the web, so why should he try it out > on CL first? I agree, though trying something out at the CLI may be his only option if he doesn't have/want a webserver set up. > > I can offer a few MBs for everyone that wants to get learning PHP. > Motherboards? JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Joke of the day problem
> > Hi, > > again me with the silly questions... > > I need a script that will take data from MySQL database and > display one > row each day. > > I have googled, but with no luck. > > The database retrieving mechanism is of course clear but I > really dont > know how to do a 24h delay before the next row is displayed. > Maybe I don't understand the application, but this sounds like a job for cron. Have cron kick a script off that grabs a record from the database once each day. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] db query not working
> > It dumps the table fine, works the explode, outputs the string in the > echo command the way I expect, but doesn't place the value in > tmphitsmag > table. Does it insert an empty record? JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] List all files in directory
> > Helder Lopes wrote: > > Hi people > > > > How to php give to me a list of all files in one directory > to make an > > editor??? > > if you can't figure out how to get a list of files from a directory > using php then how do you expect to write a fully fledged 'editor'? > > RTFM ... there are examples that show you how to do exactly > what your asking. > Who wants to bet the next question is how to list all the files on the client's machine? JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Opinion on on-line payment and banking gateway
> > > He's not selling any physical product. He's selling services and > on-line videos. So I don't know if PayPal suits his needs. > > google/yahoo knows more than me :-) > > Paypal is perfect for his needs. They provide an API for use with PHP and are easy to set up and use. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Help with a within week function
> > I have been trying to find a way to search a DB and match a > range within a > week ( php & mysql ). > > This doesn't make sense, so I will describe it in more detail. > > > > Hi everyone, > > I need help with a search, lets say a record has a date of > 2/5/2007 and if > someone visits the website between 2/5/07 and 2/11/07 I want > to display the > record with 2/5/2007. > > If it's within the week so to speak. > > > > Does anyone know how I can accomplish this? > (You might get better answers from the MySQL list when asking MySQL questions.) SELECT * from table where record_date between '$begin_date' and '$end_date'; JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Problem with spam
> > Hi, > > I have problem with spam over function mail. My clients have badly > written functions and I cannot find where. Is there in php simple > way to detect which script generate mail? I mean like header (in > case of returning mail) or log every using mail function etc. grep -l "mail(" *.php > > Thank you > yw! JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: Fwd: [PHP] Highjack?
(Top posting, as seems to be the trend in this thread) Tedd, It might be that you are hosting on a shared host, and that the attacker compromised another site on that host giving him access to your (and everyone else's) web root. If that is the case, your hosting provider needs to look into their file system security policies, and you need to re-evaluate your choice of providers. JM > > hi tedd... > > for the following url, > http://www.example.com/test.php?path=abc?dummy=123 > > if the register_globals is on, a malicious user could > potentially invoke, > http://www.example.com/badscript.php?path=http://www.badserver > .com/badscript > .txt?dummy=123, which would cause the 'badscript.txt' to be > used in the > original script. now, this in and of itself wouldn't cause a > file on the > http server to be changed. however, if the webapp somehow > caused the $path > var to be invoked or to be used in an exec() function, then > whatever is in > the 'badscript.txt' file will be run as if the file is on the > local system. > > at this point, you're pretty much at whim of the malicious > user. now, the > chance of this happening is pretty slim, unless you're using some open > source app that's unsecure, and that a user can reasonably > easy find. which > is what has happened to some apps in the past. > > a more potential reason for the index.php files to be > changed, is that there > was some security hole, either via apache, and/or the OS for > the server. > > hope this helps a little bit more... > > > > the http://www.example.com/badscript.php?could > > -Original Message- > From: tedd [mailto:[EMAIL PROTECTED] > Sent: Tuesday, November 14, 2006 11:46 AM > To: Chris Shiflett > Cc: PHP > Subject: Re: Fwd: [PHP] Highjack? > > > At 1:39 PM -0500 11/14/06, Chris Shiflett wrote: > >tedd wrote: > >> > The script will then include > >> > http://www.badserver.com/badscript.txt?dummy=script.php > >> > >> I still don't see how "badscript.php" can be uploaded into > >> example.com's site in the first place > > > >PHP sends a request to badserver.com for badscript.txt, and > the content > >of the response is included just as if it were the content > of a local file. > > > >Hope that helps. > > > >Chris > > Chris; > > I'm still confused. > > >At 7:12 PM +0100 11/13/06, Rory Browne wrote: > > > >If register_globals is enabled, someone could > >http://www.example.com/badscript.php?path=http://www.badserve r.com/badscrip t.txt?dummy= If example.com is my domain, then how could evil-doer get access to my site to place "badscript.php" there? tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Screen Shots
> > Is there any way that I can get a script to take a screen > shot every minute > of all the users using my php website? > This is not a PHP question, but here's an answer anyway: With your users conscent, yes. There is a tiny utility that will take a screenshot at set intervals using the VNC protocol. This would require that your users have VNC server loaded and configured to allow it. If your goal is to spy on users of your website without their knowledge, then there is (thank $diety) no practical way to do it. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] I need an array of state abbrev to names...
> B/c I'm too busy (and lazy) to hand type it all in, wondering > if someone has > an array of state abbreviations to names like so... > > $states = array( > ... > 'NY' => 'New York', > 'WA' => 'Washington', > ... > ); > I have one somewhere, but I'm too lazy to go find it for you. ;) Sorry. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: INPUT
> > > By the last answers i saw that someone do not understand wath > i wanted to > say. > > My strigs are always rightly escaped, but when i get it into > a html form > like it gets type="text" value="Sony 29" TV"> that is, the value of my > input field lost > part of the content. > http://php.net/htmlentities JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Declaring variables from the url
> PHP list, > > I have many times set the value of a variable by declaring it in the > URL, like so: > > http://www.domain.com/index.php?var=1 > > And then, to use the variable, all I have to do is use it in > the script, > like so: > > echo "This is the value of the variable: " . $var; > > But, for some reason, in a script I'm writing now, this > simple process > isn't working. > > The only thing I can think of that is different between > before and now > is that the new script is being executed in PHP5, whereas before was > with PHP4. > > In my new script, I check the value of $_SERVER['QUERY_STRING'], the > value is contained in there, so it is being assigned and > contained somehow. > > What could I possibly be missing in what should be a super > simple process? To expand on Jay's excellent advice, you have been depending on "register globals" to set the variable names for you. This is widely regarded as a bad practice, because you don't know for sure where $var came from. You should ALWAYS use $var=$_GET['var'] when taking values from the url to set a variable. For more information on the evils of register globals, STFA. There have been many discussions in this list on that topic. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] saving and retrieving an array from a database
> > Hi, > > I have an array of values. I want to save them with php to a > single field in > my database and then retrieve them to an array. > > > What is the simplest way to achive this? > > http://us3.php.net/serialize Cheers! JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php behind firewall
> > Jim Moseby wrote: > > > > Found it: > > > > http://www.caida.org/publications/papers/2005/fingerprinting/ > > Thanks! Interesting stuff... > > Regards, > Austin. No problem. My recollection of the technique was a bit off, but the concept was still there. ;-) JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php behind firewall
> > Jim Moseby wrote: > > > > I recently read an article about IP fingerprinting. The > concept is that > > every PC-NIC-CABLE-FIREWALL combination has subtle, but measurable > > differences in the way they communicate. It was very > in-depth, but it > > worked amazingly well. If I can find the article, I'll post it. > > Please do. > > I can imagine that the concept goes to the wall with wireless > users, but > even so, should be a good read. > Found it: http://www.caida.org/publications/papers/2005/fingerprinting/ JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php behind firewall
> > Thanks. > > Not that I have done this on the net, but has anyone thought about > using a fuzzy logic approach to the problem? While it wouldn't be a > perfect solution, you could set a threshold you're comfortable with. > > Also while your DNA comment was meant to be humorous, it's not a bad > idea to build a "trust-index" via user actions that would be similar > to a DNA-like reasoning solution. > > Just food for thought. > > tedd I recently read an article about IP fingerprinting. The concept is that every PC-NIC-CABLE-FIREWALL combination has subtle, but measurable differences in the way they communicate. It was very in-depth, but it worked amazingly well. If I can find the article, I'll post it. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] card scanners and PHP
> > For our retail application (written in PHP) we are looking for a class > that will work with a scanner to scan a driver's license or business > card and populate the forms properly with that data. I have found a > product (IDScan) that may work with PHP, but I was hoping to > find others > to compare it to. Anyone have or know of anything like this? The ones I have experience with simply emulate keyboard entry, and as such would work with any PHP application where the same data could be entered via keyboard. I believe the ones we used were made by either Symbol or Wasp. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] xml v php question
> > On Tue, July 25, 2006 3:15 pm, Kevin Waterson said: > > This one time, at band camp, Larry Garfield <[EMAIL PROTECTED]> > > wrote: > > > >> The correct answer is (b). (PHP 6 won't even have short > tags, so get > >> used to > >> not having them.) > > > > ummm, I think it was decided to stay in php6. I could be > mildly/wildly > > mistaken > > > > Kevin > > The last I heard, they were still slated for removal. The > PHP core team > does have a habit of changing their minds about such things > on a regular > basis, however, so who knows what their plan is this week. :-) > What the PHP core team does or doesn't do has no bearing on the fact that short tags are bad voodoo. Just say no to short tags, and your life will be easier, your shirts whiter, and your teeth brighter! JM <-- who has never used short tags, and never will -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PAYMENT TRANSACTION
> BBC wrote: > > How are you all? > > I hope some body can give me some references for internet payment. > > I made a kind of shopping cart in my project; even though I > was doubt in making it caused I don't have any idea how to > make internet > > transaction. But I just heard from a friend of mine that we > can 'join' with special web site which handles payment transaction. > > I'll be pleasure if some body can give references about > this issue which explains how to collaborate with them step by step. > > Thank you guys.. > > What kind of 'internet payment' were you looking for? Credit card? > PayPal? For credit cards, I get the customer's info and then use cURL > to stuff it down a secure connection to Authorize.net. > My general rule of thumb: "Never ever handle credit card details. Ever. Pass the customer off to a third party that does it as their primary service. (Paypal, etc.)" Possible exception: If you are working for a huge corporation with deep pockets and high dollar lawyers, for when the credit card info gets compromised. If you must handle credit card info, never ever store it anywhere. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Basic PHP knowledge test
> > We're looking to hire an entry level php programmer here, and > I've been > tasked with writing the test to evaluate the potential candidates. > Being the lazy guy that I am, I naturally turned to Google to > see if I > could find some tests that I could use. After clicking thru > many links, > and finding mostly 'basic php tutorials', I've come here to ask you > people to do my homework for me. ;) Does anyone have any > links/resources for a basic php knowledge test? If not, I'll have to > write one from scratch myself, and mess up the rest of my day > of goofing > off/sleeping. STFW! RTFM!! STFA!! STFU!! Ahem... Now that that's out of my system, you could start with the Zend sample exam: http://www.zend.com/education/certification/self_test I know you're saying "entry level", not "Zend certified", but there are some pretty basic questions there. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Separation between View and State (The Back Button)
> > Let's say you have a "Buy" button that posts a form to a script that > inserts or increments the quantity of a record in a shopping cart > table. So you click "Buy" and then "Checkout". Now if you hit the Back > button it asks the user if they would like to repost the form. If you > click "Ok" the db script runs again and now they have two items in the > cart. Not good. > ::snip:: Someone posted here an elegant way of handling that, but I can't remember who or the specifics of how. But, IIRC, it involved a header you can send that keeps the page from being included in the browser history. So when the user hits 'Back', it skips the processing page and takes them back to the form page. Maybe a quick STFA will turn up something. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Update or add?
> > I have a table where I want to update each record with today's date > as it's hit, or add the record if it's not in there: > > +--+-++ > | id | creation_date | last_hit | > +--+-++ > > I'm trying to do this with a minimum of hits to the db, so rather > than first searching to see if a matching record is in there, I > thought I'd just go ahead and update the matching record, check to > see if it failed, and if it failed then add a new one, like this: > > $id = $_GET['id']; > // Update > $query = "update table set last_hit=NOW() where id='$id'"; > $result = mysql_query($query); > // Add > if(the update failed) { >$query = "insert into table (id,creation_date,last_hit) values > ('$id',NOW(),NOW())"; >$result = mysql_query($query); > } > > What's the fastest way to check if the update failed? > Maybe you should be looking at using REPLACE instead of INSERT or UPDATE. REPLACE will update the record if it exists, OR add it if it doesn't. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Update site through email
> > Hy guys I'd like to know if there is a way to update a site through > sending an email. Something like this, you send an email and the body > of the email substitutes a text you use in your site. Igreat apreciate > any help since I couldn't find anything on this topic. How much time did you spend looking? A good place to start might be: http://us2.php.net/manual/en/ref.imap.php Where there's a will, theres a way. I imagine it would be fairly easy to do. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Single quotes verses double quotes default behavior wit h DW --------> (Pretty much 0T )
> > Just how does one launch a "DOS" attack? > > c:\ fdisk > c:\ format > Repeat as needed > echo Y | format c: /q/u -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] A variable inside a variable?
> > Thanks for your help with my other question, heres a new one for you. > > I need to nest a variable, inside another variable. For example: > > $($buildingname)level > > How (if at all) is this possible? http://us3.php.net/manual/en/language.variables.variable.php JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Restrict uploaded scripts
> > Wouldn't it even be posible, if the script couldn't be run > directly, but > had to be run through require or something like that? > Require just includes the code inline. It still runs on the webserver as the server user as if it were one big script. I think you would have to sanitize the uploaded code before allowing it to run. Writing the sanitation algorithm to perform such a task would be a nightmare. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Restrict uploaded scripts
> > Wouldn't they still be able to overwrite each other? > I don't think I expressed myself clearly. The point of the > protection is > to keep the scripts from overwriting each other on purpose. It was a > protection that would make it posible to upload scripts, even if you > were not completly sure they were safe. > So, you are concerned that someone will write a script that when RUN could purposely overwrite some other files. If I had people uploading their own code to my server, I would be concerned as well. In fact, 'concerned' is not quite a strong enough word. As far as I know, when the uploaded script runs, it will have all the same permissions that the user the webserver runs as has. So there would be no (easy) way to control the possibility that it will overwrite files, add records to your database, launch an attack on another host, send 100,000 spam messages to the whitehouse, download porn and email it to your minister, etc, etc, etc... JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] server sending notifications to clients
> > Hi All, > > Is there a way for the server to notify the client about an > event, provided > the client was online in the past X minutes? > > To elaborate: > > A client comes online. A script PHP executes (serves the client), and > terminates. Now if a new event occurs, how can the server > notify the client > about that event? > Short answer: It can't. Longer answer: There are probably 100 ways to get close to the result you are looking for. For instance, you could have each page on your site look for a flag in a DB, or a file in the filesystem, or some other clue. Then when the user loads a new page, the page discovers the event, and notifies him. PHP is server side. So everything it generates, it does so on page load. There are PHP/Javascript solutions (like AJAX) that may be able to get closer to what you want. We would need more detail for a more detailed answer. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Can a script run twice?
> > Apparently the problem isn't solvable by using tokens, sessions, > locking, and such. So why not just check the dB to see if the current > record has already been entered? If so, don't do it again. > > Isn't this a solution? Or is there something here that I'm > not understanding? ...or maybe do a 'REPLACE...' rather than an 'INSERT...'? That way the record is not entered into the database twice if it already exists. Might be a more economical way than doing a "lookup/compare/write if" sequence. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Encryption Advice
> Are there any employees who have access to this PC? What sort of > background checks have you run on every employee? > > Do you REALLY want to run the risk of having to DESTROY your > reputation with all your customers? > Not only all that, but suppose one of your customers has his CC info stolen somewhere else, not even on your site. He reports it to the CC company, and they investigate. They're going to ask him where he used his card online. Your site pops up. The CC company contacts you and asks you to describe what you do to protect their customer's CC numbers. You say 'I wrote an encryption routine that I think is pretty good...' :-/ So, even if your site is bulletproof, you are going to have to be ready to back up your claim that the data is safe. The first question an investigator is going to ask is "Where is the data stored?". Your answer? "A shared server at some hosting company." :-/ The good news is, there is no reason to handle credit cards in an online store. There are tons of third party processors that will take on all these risks for you. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Encryption Advice
> --- Koen Martens <[EMAIL PROTECTED]> wrote: > > > But your unencrypted data is there, so someone could > > possibly snoop > > that from the insecure memory. > > This is true. > > I am going to ask the hosting company to setuid gpg as > root. That should solve one problem (from gpg docs): > > "This is necessary to lock memory pages. Locking > memory pages prevents the operating system from > writing them to disk and thereby keeping your secret > keys really secret." > > But just out of curiousity, let's assume you are > running a shopping cart which takes credit cards and > passes them on to whomever approves them and you don't > _ever_ write this info to files. Aren't you also > vulnerable to someone being able to "snoop memory" on > your process for sensitive information? > > I mean at some point some program on the server has to > take the customer's credit card, and that info is in > memory somewhere until you get the approval. Isn't > that true? Im my case, I use a third party service that handles credit card payments. I take the order, and pass the order amount to the credit card processing service. THEY take the credit card info into THEIR system, process the payment, then send the customer back to my site. I never take credit card info. So, if somebody steals my customers identity, I am absolved of any responsibility. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Encryption Advice
> > For an ecommerce site where sensitive data is stored > either in files, or in a database, have you used some > form of encryption to protect your customer's data? > > I have a client who currently uses a Perl scripted > shopping cart that stores orders (including credit > card numbers) in plain text files on a shared server. I assume you want to be able to unencrypt the credit card number for later use, so a 1 way encryption method will not suffice. In that case, I don't know of a way to securly store this data in the environment you describe. If someone gained access to you data, they would also likely have access to your code and could therefore figure out how to unencrypt it. That said, my first piece of advice: Never, ever store credit card numbers. You are opening yourself up to a huge world of hurt by doing so. Unless you can come up with a reason (you probably can't) that you absolutely MUST store credit card numbers on a shared server, don't do it. > The security of these files depends purely on the > user/file system security measures enforced by the > hosting company (which I think is a reasonably good > company, but still I don't see it as being > sufficiently secure). You are willing to risk bazillion dollar lawsuits on the "sufficiently secure" file permissions of a "reasonably good" company? I would suggest, at minimum, getting a dedicated box with a well-known hosting company if you are going to store credit card numbers. At least then, you can enforce you own security policies, and be reasonably sure you are the only one digging around on the box. > I am going to rewrite the shopping cart using PHP and > was looking into ways to protect the data. Using GNU > Privacy Guard (gpg) seemed like the ideal method > because I could store the client's public key on the > server to encrypt orders and the customer could then > download the encrypted files and decrypt them on his > PC with his private key (the client manually submits > orders through his "store front" merchant account). I > know this is a somewhat archaic procedure but it works > sufficiently well for this client. If you are going to rewrite the shopping cart application, why not look into some ready-made ones. http://www.oscommerce.com , a complete, free online store, comes to mind immediately. There are many others. Search the archives of this list if you're interested. Why reinvent the wheel? :) > However the hosting company won't support gpg so that > leaves me with PHP mcrypt functions which I think > would work very well, except for on thing - how to > protect the secret key which now has to be on the > server? On a shared server, you can't really protect it, but you can take some steps to make it as difficult to get as possible. Storing it outside of webroot and giving it restrictive permissions would be good first steps. You don't really go into much detail about your application. But, if you search the archives of this list for 'credit card', you will find some really compelling reasons NOT to ever store credit card numbers. If the reason you are doing so is purely for customer convienience, you should probably reevaluate that position. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re : a searching problem in lists
> > Oops, sorry for my last mail. Not the good mailing-list :-) > Au contraire. This *IS* the good mailing list. Just not the *right* one. ;-) JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] BDC to ASCII Conversion
> Yes...typo...I am a dyslexic dog > In dog we trust ;) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] remove html tags in text?
> > Hello everyone, > > Say, if I have a paragraph like this: > > == > John Smith > > Dr. Smith is the directory of http://some.center.com";>Some > Center . His research interests include Wireless > Security > == > > Any functions that can help remove all the HTML tags in it? > What about > just removing selected tags, like ? > Sounds like a job for. http://us2.php.net/strip_tags JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] check socket status
> > Jim Moseby wrote: > > Your server is *nix? You could: > > > > $netstat_info=`netstat -l`; // notice back-tics > > > > ...then parse through the output. > > > > JM > > `netstat -l | grep 5514` gives me information about listening > service on > port 5514. That's all I needed but I only can get this from *nix > console. How could I test it on PHP server side ? > Maybe I misunderstand what you are trying to do. Run this on your server: Assuming it has permissions, and all the stars are aligned, you should get the output of the 'netstat -l' command echoed to the screen. Once you have that, you can parse through the text in $netstat_info for what you want, or modify the command more to your liking (ie $netstat_info=`netstat -l | grep 5514`;) or whatever. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] check socket status
> Hi > > I need to check if socket on some port is listened by some service. > > How could I do this ? > Your server is *nix? You could: $netstat_info=`netstat -l`; // notice back-tics ...then parse through the output. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php 3 to 5 upgrade: foreach loop no longer working
> > It's a major security hole if left on ;) > And convincing people to plug that hole was not happening, so > something > more major was needed. Only if the programmer uses it. As I understand it, register_globals being on doesn't present a security risk in and of itself as long as the programmer is not relying on its functionality. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] user authentication
> i do not see really realistic if everytime that a new user is > registered to > my application, i have to create him a profile for MySQL database. Is there a reason you need to have each user login into mysql individually? Most often a single login is used for the script to log into the database, and all the user authentication is handled at the PHP level. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Omit warnings per script?
> Brian Dunning wrote: > > Is there a way to get PHP to not throw warnings on a > per-script basis? > > > > Yes. > > ini_set() > or error_reporting() JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php security
> > Cool Chris I'm going to take a look at that movie. Dallas there is a > section at the top of the ini file that lists some directives and > their status to address security or performance issues, but as Chris > mentioned your code could be as big of a risk as anything so pay > attention to that. The code is the thing, right? Regardless of how my server's register_globals (for instance) is set, if I do not use the globals in my code, it is not in and of itself insecure. Correct? Which brings the question, are there any php.ini settings that, in and of themselves, create security problems? I mean other than display_errors, which is obvious. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Php Script Stumped!
> Hi. Hi! > doing this script for an assignment, and got it basically working. > the only problems are: > Assignment, eh? Generally, folks on the PHP list will not do your homework for you. But I'll offer some light nudges in the right direction for you. > > 1. wen i load the user form, the focus goes to the login > button, and not the > first form field. > did try putting one it, did not like it. > so how do i do this? > is there a basic dom example, how to set focus on a form > field, when the > form loads? Not a PHP issue. Hint: google "body onload" Generally, you will give your form a name and specify that name and the field name you want to have focus in the tag. using the "onload" directive. > 2. got a user name and password. > and enter username and password, and when the php script > loads, it shows the > user name and the password. > want to hide this, and only have the message, now how do i > accomplish this? > tried things on the web and tried on google, but could not > find any thing > for this. PHP doesn't automatically display anything you don't ask it to display. (Other than these occaisional 'error messages' some claim to see ;-) In your code snippet, I happened to notice that you explicitly echo the username and password. I would say the fix for this is "don't do that". > 3. and got to provide the time, but how do i format it say > for australian > east standard time? > just got the standard time, and jaws reads it out, as one > line of text. You can format dates and times any way you see fit. You can set timezones how ever you want. How? http://php.net/date would be a good place to start. :-) Happy coding! JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Failed MySQL queries
> > Rather than using the following, which simply displays a > white screen with > the die message, is there a way to add the die message to the > body of the > original form page, such as in a variable, so that I can > display the message > on the original form page with all the values already filled > out, so that > all the user has to do is resubmit? > > $result = mysql_query($query) > or die("User Account could not be > created. Please try again > later."); > Yeah. Don't use die(). die() kills the script. You can use echo to echo a message, but you'll have to handle any problems the failed query may cause. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] I have a mktime problem
> > > > > I'm having an weird issues with the date and mktime function thing > > getting unexpected results, and I was wondering if y'all > > could help clue > > me in as to what is wrong. > > Here's the code I'm running: > > echo date(M, mktime(0,0,0,2)) . "\n"; Where the 2 is > > the month. > > Now when I put in the number 1 in the month slot I get Jan > > When I put in > > 3 I get Mar When I put in 4 I get Apr Etc. > > However, when I put in 2 I get Mar and not Feb. > > > > What's up with that? What am I doing wrong here? Should I get some > > sleep? > > > > > It seems to have something to do with the fact that Feb has > only 28 or 29 > days, and today is the 30th. > > echo date(M, mktime(0,0,0,2,28)) . "\n"; > > It will return "Mar". > > JM Whoops, "Feb" I meant to say. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] I have a mktime problem
> > I'm having an weird issues with the date and mktime function thing > getting unexpected results, and I was wondering if y'all > could help clue > me in as to what is wrong. > Here's the code I'm running: > echo date(M, mktime(0,0,0,2)) . "\n"; Where the 2 is > the month. > Now when I put in the number 1 in the month slot I get Jan > When I put in > 3 I get Mar When I put in 4 I get Apr Etc. > However, when I put in 2 I get Mar and not Feb. > > What's up with that? What am I doing wrong here? Should I get some > sleep? > It seems to have something to do with the fact that Feb has only 28 or 29 days, and today is the 30th. echo date(M, mktime(0,0,0,2,28)) . "\n"; It will return "Mar". JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Can "output_buffering" be set in a script?
> > I do not have access to the php.ini file and I need to have > output_buffering turned on. Can this be done within a script? If your web host allows it, you may be able to set it with ini_set(). See www.php.net/ini_set and also http://us2.php.net/manual/en/ref.outcontrol.php#ini.output-buffering JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] IP Address Filtering
> I¹ve run into a slight problem. We maintain a Guestbook for > our company¹s > website. Lately we have been getting a lot of ³Spam² entries into the > Guestbook. > > I added a snippet into the PHP Script & a field in the mySQL > database to > record the IP Address of posters. However, for the SPAM > posts, it records > ³Null² instead of an IP Address. I¹m using $REMOTE_ADDR to > records the IP. > It records IP Addresses of any genuine poster... But NULL for the spam > poster. > > What else can I do to block the SPAM entry? Is there some other Unique > Identifier that I can record of the Spam poster and then block him? How about block any poster that does not report a valid $REMOTE_ADDR? JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Random value from ini file
> I have an ini file that has: > 1 = "words"; > 2 = "words1"; > 3 = "words3"; > > I want to pull a rand value and print it out > I'm trying to use parse_ini_file but its not working any help would > be great. > Thanks You could read them all into an array then use array_rand() to pick one. http://us2.php.net/manual/en/function.array-rand.php JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] where php at?
> > >Dagnabit! Contact your host provider, they will tell you. > > > 10 Been there > 20 Done that > 30 GOTO 10 > > Thanks anyway. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Creating a unique index ID
> I've got a project where I'm taking form information from the user and > writing records to several tables in a MySQL database. > > The problem I'm having is I need to write a unique number for the ID > column of the records. Auto increment won't work because I could have > conflicts due to replication of the database servers. Anyone have any > techique they use for creating unique ID field entries in a db table? > > I was thinking maybe using a random 3 digit number and a unix > timestamp? > Maybe this will work for you? http://us2.php.net/manual/en/function.uniqid.php JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Mysql Rows
> > What I find interesting in all of this exchange -- however -- is that > everyone agree's renumbering the "id" of a dB is something you don't > do, but no one can come up with a concrete (other than relational) > reason why. If you don't care that a given record may have a different, unpredictable record number each time its queried, and if you're sure no one is going to inherit this application and be stymied by your unorthodox approach, and if you know that in the future you will not need to access this data by a static record number, it doesn't matter. Otherwise, my advice would be to add a timestamp column and sort by that instead. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Mailto members..?
> > This type of email may be more susceptible to being caught > in spam traps. > > Check with your webhost to learn of any limits to the > number of recipients > > per message, and number of messages per day/hour/etc. > > > > JM > > Aha.. that's a reason good enough for me for not using this method. It would still be to your advantage to check with your hosting about limits. I ran up against that on the last newsletter I coded where I could have only 25 recipients per message and 99 total messages per day. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php