[PHP] snmpwalk

[MAAS]

Hi

Iam trying to use snmpwalk but I get this:

Parse error: parse error, unexpected T_VARIABLE in
c:\inetpub\wwwroot\alarm.php on line 7

This Is my code:



ALARM ???







-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] MIB and snmp

[MAAS]

Iam trying to get some data on a php homepage. I get the data vith snmp msg.
I get som msg, but when I try to get a speciall object ID i get this:

ALARM 27 (port 52):
Warning: Error in packet. Reason: (noSuchName) There is no such variable
name in this MIB. in c:\inetpub\wwwroot\alarm.php on line 6

Warning: This name does not exist: enterprises.2606.1.0.47 in
c:\inetpub\wwwroot\alarm.php on line 6


ALARM 26 (port 50):
Warning: Error in packet. Reason: (noSuchName) There is no such variable
name in this MIB. in c:\inetpub\wwwroot\alarm.php on line 8

Warning: This name does not exist: enterprises.2606.1.0.46 in
c:\inetpub\wwwroot\alarm.php on line 8

Anyone what to do??






-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] SNMP -> LOG

[MAAS]

Hi

I would like to collect data from snmpget and log it.
Anyone have a idea how to do this?

// maas, Sweden



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] fputs - need help!

[MAAS]

Hi

I use this line

fputs ($sysname_log, "$time - SystemName: $sysname\n");

I would like to get a log file, and everytime I refresh this page it will
make a new line and write
$the local time - SystemName: $sysname
So after a while it will look like this

$the local time - SystemName: $sysname
$the local time - SystemName: $sysname
$the local time - SystemName: $sysname

BUT, this is not working, I don´t get a new line, everything is on the same
line. Why??
I use WIN2K and IIS.





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] CRON JOB

[MAAS]

What do I have to do before I can run my file.php as a cron job in Linux?




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] snmp / php / linux /error

[MAAS]

Iam trying to use my php file in a Linux machine.

#!/usr/local/bin/snmp_guard.php -q



Then I start it with php snmp_guard.php

All I get is

Call to undefeind funcion snmpget()

WHY??



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] cookies and carts

[Jochem Maas]

Allen McCabe schreef:
> I have a shopping cart type system set up which keeps track of the cart
> contents using a SESSION variable, where $_SESSION['cart'][$item_id'] is
> equal to the quantity, so the name/value pair is all the information I need.
> 
> But sessions are unreliable on the free server I am currently using for this
> website (not my choice), so I had start using cookies because users were
> being sporadically logged out, sometimes just on a page refresh.
> 
> I want to find a way to set a cookie to remember the cart items as well, and
> I thought setting a cookie for each item/quantity pair was the way to go
> until I started trying to figure out how to unset all those cookies if the
> user empties their cart.
> 
> Is there any way to set cookies with an array for the name? Intead of
> $_COOKIE['item_number'] have $_COOKIE['cart']['item_number'] like I have the
> SESSION?

1. use one cookie for this (and other data)
2. DO NOT USE serialize()/unserialize() to pack/extract the data

using unserialize() opens you up to alsorts of potential hacks (IMHO), keep the 
data
structure simple and revalidate it's entire contents everytime you read it in
(assuming your article ids are INTs, all the data should be [valid] INTs - 
anything
else and the cookie should be deleted).

here is some code to play with: (written directly in my email client, no 
garantees is
parses or works as is)

 $quant)
$out[] = $artId.':'.$quant;

return join('|', $out);
}

function parseCookieCartStr($s)
{
$data  = array();
$items = explode('|', $s);

if (!is_array($items))
return killCookieCart();

if (count($items)) foreach ($items as $item) {
$item = explode(':', $item);

if (is_array($item) || count($item) !== 2)
return killCookieCart();

foreach ($item as $v)
if (!$v || ($v != (int)$v))
return killCookieCart();

if (!isValidArtId($item[0]) || ($item[1] < 1)
return killCookieCart();

if (isset($data[ $item[0] ]))
return killCookieCart();

$data[ $item[0] ] = $item[1];
}

return $data;
}

function killCookieCart()
{
// TODO: delete cookie
}

function isValidArtId($id)
{
return true; // TODO: valid article id
}

?>

you can secure your code further by using the filter extension in combination
with a regexp filter in order to retrieve the cookie data from the request,
here's a regexp that matches only non empty strings with digit, colon and pipe 
chars:

#^[\d:\|]+$#




PS - hello again list.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] mysterious include problem

[Jochem Maas]

Hi Allen,

gonna be a bit ruthless with you :).

1. your not filtering your input (your open to include being hacked)
2. your not validating or error checking (e.g. does the include file exist??)
3. keeping large numbers of content pages with numerical filenames is a 
maintenance
nightmare and incidentally not very SEO friendly
4. your not doing much debugging (I guess) - try using var_dump(), echo, 
print_r(),
etc all over your code to figure out what it's doing (e.g. var_dump($_GET, 
$_POST) and
print("HELLO - I THINK \$_GET['page'] is set."))

personally I never rely on relative paths - I always have the app determine a
full path to the application root (either at install/update or at the beginning
of a request)

also I would suggest you use 1 include file for all your scripts (rather than
per dir) ... copy/past code sucks (read up on the DRY principe).

additionally look into FrontController patterns and the possibility to
stuff all that content into a database which gives all sorts of opportunities
for management/editing.



maybe I've bombarded you with unfamiliar concepts, functions and/or syntax.
if so please take time to look it all up ... and then come back with questions 
:)

have fun.

Allen McCabe schreef:
> I have been using includes for my content for a while now with no problems.
> Suddenly it has stopped working, and it may or may not be from some changes
> I made in my code structure.
> 
> I use default.php for most or all of my pages within a given directory,
> changing the content via page numbers in the query string.
> 
> 
> So on default.php, I have the following code:
> 
> 
>  if(isset($_GET['page']))
> {
>   $thispage = $_GET['page'];
>   $content = 'content/'.$_GET['page'].'.inc';
> }
> else
> {
>   $thispage = "default";
>   $content = 'content/default.inc';
> }
> ?>
> , ,  etc.
> 
> 
> 
> I have a content subdirectory where I store all the pages with files such as
> "default.inc, 101.inc, 102.inc, etc.
> 
> As I said, this has been working fine up until now, if I use the url
> "user/default.php" or just "user/" I get this error:
> 
> 
> *Warning*: include(content/.inc)
> [function.include]:
> failed to open stream: No such file or directory in *
> /home/a9066165/public_html/user/default.php* on line *89*
> 
> AND
> 
> *Warning*: include()
> [function.include]:
> Failed opening 'content/.inc' for inclusion
> (include_path='.:/usr/lib/php:/usr/local/lib/php') in *
> /home/a9066165/public_html/user/default.php* on line *89*
> 
> But if I use "user/default.php?page=default"  I get the correct content.
> 
> It's acting as if page is set, but set to NULL, and then trying to find an
> include at path "content/.inc"  what's going on??
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] mysterious include problem

[Jochem Maas]

Ashley Sheridan schreef:
> On Tue, 2009-12-08 at 17:32 +0100, Jochem Maas wrote:
> 
>> Hi Allen,
>>
>> gonna be a bit ruthless with you :).
>>
>> 1. your not filtering your input (your open to include being hacked)
>> 2. your not validating or error checking (e.g. does the include file exist??)
>> 3. keeping large numbers of content pages with numerical filenames is a 
>> maintenance
>> nightmare and incidentally not very SEO friendly
>> 4. your not doing much debugging (I guess) - try using var_dump(), echo, 
>> print_r(),
>> etc all over your code to figure out what it's doing (e.g. var_dump($_GET, 
>> $_POST) and
>> print("HELLO - I THINK \$_GET['page'] is set."))
>>
>> personally I never rely on relative paths - I always have the app determine a
>> full path to the application root (either at install/update or at the 
>> beginning
>> of a request)
>>
>> also I would suggest you use 1 include file for all your scripts (rather than
>> per dir) ... copy/past code sucks (read up on the DRY principe).
>>
>> additionally look into FrontController patterns and the possibility to
>> stuff all that content into a database which gives all sorts of opportunities
>> for management/editing.
>>
>> >
>> $page= isset($_GET['page']) && strlen($_GET['page'])
>>  ? basename($_GET['page'])
>>  : null
>>  ;
>>
>> if (!$page || !preg_match('#^[a-z0-9]+$#i', $page))
>>  $page = 'default';
>>
>> $file = dirname(__FILE__) . '/content/' . $page . '.inc';
>>
>> if (!file_exists($file) || !is_readable($file)) {
>>  error_log('Hack attempt? page = '.$page.', file = '.$file);
>>  header('Status: 404');
>>  exit;
>> }
>>
>> // echo header
>> include $file;
>> // echo header
>>
>> ?>
>>
>> maybe I've bombarded you with unfamiliar concepts, functions and/or syntax.
>> if so please take time to look it all up ... and then come back with 
>> questions :)
>>
>> have fun.
>>
>> Allen McCabe schreef:
>>> I have been using includes for my content for a while now with no problems.
>>> Suddenly it has stopped working, and it may or may not be from some changes
>>> I made in my code structure.
>>>
>>> I use default.php for most or all of my pages within a given directory,
>>> changing the content via page numbers in the query string.
>>>
>>>
>>> So on default.php, I have the following code:
>>>
>>>
>>> >> if(isset($_GET['page']))
>>> {
>>>   $thispage = $_GET['page'];
>>>   $content = 'content/'.$_GET['page'].'.inc';
>>> }
>>> else
>>> {
>>>   $thispage = "default";
>>>   $content = 'content/default.inc';
>>> }
>>> ?>
>>> , ,  etc.
>>> 
>>>
>>>
>>> I have a content subdirectory where I store all the pages with files such as
>>> "default.inc, 101.inc, 102.inc, etc.
>>>
>>> As I said, this has been working fine up until now, if I use the url
>>> "user/default.php" or just "user/" I get this error:
>>>
>>>
>>> *Warning*: include(content/.inc)
>>> [function.include<http://lpacmarketing.hostzi.com/user/function.include>]:
>>> failed to open stream: No such file or directory in *
>>> /home/a9066165/public_html/user/default.php* on line *89*
>>>
>>> AND
>>>
>>> *Warning*: include()
>>> [function.include<http://lpacmarketing.hostzi.com/user/function.include>]:
>>> Failed opening 'content/.inc' for inclusion
>>> (include_path='.:/usr/lib/php:/usr/local/lib/php') in *
>>> /home/a9066165/public_html/user/default.php* on line *89*
>>>
>>> But if I use "user/default.php?page=default"  I get the correct content.
>>>
>>> It's acting as if page is set, but set to NULL, and then trying to find an
>>> include at path "content/.inc"  what's going on??
>>>
>>
> 
> 
> The SEO factor here is only minor. Very little weight is given to the
> filename of a page, much more is given to the content and the way it is
> marked up.

'friendly' - i.e. humanreadable URLs are ++

with regard to SEO, I only know it has impact on real estate sites.

> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
> 
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I have not seen any messages for a couple of days...

[Jochem Maas]

Ashley Sheridan schreef:
> On Thu, 2009-12-10 at 11:26 -0500, Robert Cummings wrote:
> 
>> tedd wrote:
>>> At 10:29 AM -0500 12/10/09, Robert Cummings wrote:
 No, it's been broken for days. You won't get any emails for at least 
 another week.
>>> What's been broken?
>>>
>>> I've been receiving [PHP] post everyday.
>> Nothing is broken... it was a joke. How could it be broken if you 
>> receive my response... ;)
>>
>> Cheers,
>> Rob.
>> -- 
>> http://www.interjinn.com
>> Application and Templating Framework for PHP
>>
> 
> 
> Telepathic email servers? I've heard they're becoming more popular these
> days.

no, your confused with that other list php-psychics. :-) (STA)

> 
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
> 
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] trying to launch kate from the browser....

[Jochem Maas]

Op 1/8/10 1:41 PM, Rene Veerman schreef:
> I'm working on a better var_dump (http://mediabeez.ws/htmlMicroscope/,
> LGPL), and want to launch my kate editor when i click in the browser on a
> line in my trace-log.
> 
> I'm trying to exec() this line, but it returns 1 (which is i believe a
> general error)
> 
> echo "hhh" | sudo -u rene -S /bin/sh -c "export HOME=/home/rene/ && kate
> -l 21 -u
> /media/500gb/data2/www/htdocs/naaah/maintenance/maintenanceLogic.php"
> 
> if i open a terminal, do
> 
> sudo su www-data
> 
> and then execute the line above,
> then kate actually jumps to the right file, or opens it, etc.
> 
> but from the browser, it won't work. exec($str,$o,$r); $r===1.
> i could use some help here..
>

seems everyone has the wrong idea about what your trying to do. it is possible,
given that your webserver and your browser are running on the machine - if the 
webserver
manages to start Kate up then you'll see the editor on your screen.

the only problem you *seem* to have is the fact that your webserver doesn't 
have the
ness. permissions to run the exec command (I'd guess it's specifically related 
to the fact
that the user apache runs as doesn't have the perms to run sudo, at least not 
in the context
of your user account) ... try fudging your sudoers file to give the user your 
apache instance
runs as the perms to run 'sudo kate' as you ... then restart apache (just in 
case) and see what
happens.



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Display just 1 record in a query

[Jochem Maas]

Op 1/13/10 12:43 AM, Robert Cummings schreef:
> 
> deal...@gmail.com wrote:
>> On Jan 12, 2010, at 1:57 PM, Ashley Sheridan wrote:
>>
>>> Depends on how you're creating running the query. You could do 
>>> something like:
>>>
>>> echo mysql_result($result, 1, 'fieldname');
>>>
>>> Where $result is your result object and 1 is a 0 indexed array, so 
>>> would be the second result.
>>
>> Thanks Ryan, Ashley & Kim for the good techniques...
>>
>> - in my case I was trying to pull a random record from a query of 
>> Table1 - then do a 2nd query from 1st so
>>
>> mysql_result worked fine for my needs like:
>>
>>
>> ... do query 1... 'cur' - SELECT id FROM myTable1
>>
>> $ran = rand(0, $totalRows_cur - 1); // pick random rec row within 
>> total count
>>
>> $pick1 = mysql_result($cur, $ran); // get the ID from the choice - 
>> (like id=252)
>>
>> ... do query 2 // where relatedID = $pick1 of myTable2
> 
> Put your random logic into the query:
> 
> SELECT
> something
> FROM
> somewhere
> WHERE
> condition
> ORDER BY
> RAND()
> LIMIT
> 1

please read the following to understand the consequences and
possible performance problems with this approach:

http://www.titov.net/2005/09/21/do-not-use-order-by-rand-or-how-to-get-random-rows-from-table/

personally I go with the 2 query approach

 ... or even to use a specific field to store a generated random value
(with suitable index) for each record, the stored values can be regenerated
in an out-of-band process (e.g. cron job) ... such a setup would suffice in
situations where frontend response speed is of primary concern and it's
acceptable to return the same 'random' record over a given period (i.e.
the time between random value regeneration)

> Cheers,
> Rob.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] POLL: To add the final ?> or not...

[Jochem Maas]

Op 1/14/10 11:37 PM, Kim Madsen schreef:
> Ashley Sheridan wrote on 14/01/2010 23:30:
> 
>>> What is the difference between:
>>>
>>> >> print "hello PHPeople";
>>> ?>WHITESPACE
>>>
>>> and
>>>
>>> >> print "hello PHPeople";
>>> WHITESPACE
>>>
>>> Same shit when I look at it, a sloppy developer is what it is :-)
>>>
>>> -- 
>>> Kind regards
>>> Kim Emax - masterminds.dk
>>>
>>
>> Plenty of differences, if you include the first one as a file, the
>> whitespace gets sent to the browser because it is not part of the PHP,
>> and so is assumed to be HTML. Once this happens, the headers have been
>> sent, so you can't use different headers in your script.
> 
> Hmm... you could be right. I guess I just never made that mistake :-)

could be right? that implies you don't know and didn't bother to test it.
I'd postulate that is sloppy. In another post you mention your reliance on
your favorite editor - relying blindly on your editor to 'do the right thing'
could also be considered sloppy (no tool is perfect all of the time).

pretty much every php dev has run into the issue of header() calls failing
due to whitespace, it's almost a rite of passage - I'd only call it a mistake
if you don't bother to test your code to the extent that you actually get into
a situation that you put something so obviously broken into a production env.

you mention that you guess as to whether you made the mistake in question, 
obviously
a an off the cuff remark and no worth tripping over in it's own right but it 
does
raise an interest point, namely that only sloppy devs are satified with guess 
work,
diligent devs either know or they don't and when they don't they take the time 
to
research and test until they feel confident to say that they do know - rather 
esoteric,
probably not very pragmatic, but there you have it nonetheless.

you offer to different pieces of pseudo-code and call them 'the same shit when 
you
look at it' - again there's an argument to say that's sloppy (in terms of 
reading code)
considering they are not identical in source nor resultant output.

... same shit, different day ... or to put it another way, be very careful what 
you
post on a techie mailing list - you never know when some pendantic SOB is going 
to
rip you another 'one' in reply ;-).

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] integrating shipping with shopping cart site - OT

[Jochem Maas]

Op 1/18/10 10:47 AM, Angelo Zanetti schreef:
> Hi all, 
> 
> We are about to start a new project. Custom written shopping cart - quite
> simple actually. However we have a concern when it comes to calculating the
> shipping cost for an order.
> 
> For each product we can determine the base cost based on weight, therefore
> we can determine the total weight of an order. 
> 
> However we are struggling to determine how to calculate the shipping based
> on where the delivery is going.
> 
> In terms of DB and PHP would the best way to calculate it be done by having
> a list of countries to ship to and a rate for each? Then you can apply the
> rate to the current order (calculate according to the order weight).
> 
> Problems arise when shipping to different parts of a country EG: 
> 
> New York vs California (quite far apart). Perhaps we should have a list of
> cities but that could be massive?
> 
> I know there is a PHP class / system that integrates with UPS but I don't
> think the client is going to use UPS.
> 
> Perhaps you can tell me how you have handled this issue in the past.
> 
> Apologies if it is slightly off topic but it does still relate to PHP
> indirectly.

I'd start with defining shippingcost 'sets', each defining a number of
costs by weight bands, some 'table defs':

set:
-
id  name

set_bands:
--
set_id  upper_weightcost


then it would be a case of linking (many-to-many relation) 'regions' to sets,
if you approach this with a tree of regions you can effectively set values at
a continent, country, state/province level ... as such you would only need to
relate a 'shippingcostset' to a state if the shippingcosts are different to
the given country's shippingcosts.

world
 - north america
   - california
 - south america
 - europe
   - france
   - UK

then your left with the problem of determining the smallest defined region a 
given
address physically falls into .. using geo-spatial magic in the DB would be one
way to do it.

this is a hard problem (unless, maybe, the client is willing to sacrifice 
precision
and instead using highly averaged shipping cost definitions to cover the real 
differences
in costs - i.e. a fixed fee for all of europe, whereby such fee is just above 
the
average real cost the client pays for shipping).

my guess would be that building such a thing is hard, and would take lots of
time ... best bet is to hook into the webservice of whatever shipping company 
the
client intends to use ... even if you have to build your end of the webservice 
from
scratch it will be many factors less hard that building a user-manageable, 
shipping cost
algorythm.

- sorry it's all a bit vague, I'm very tired :) my eyes are starting to bleed.


> 
> Thanks in advance.
> Angelo
> 
> 
> http://www.wapit.co.za
> http://www.elemental.co.za 
> 
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Zend debugger doesn't work

[Jochem Maas]

Op 1/18/10 10:38 AM, Ali Asghar Toraby Parizy schreef:
> Hi
> I have installed php 5.3.1 (with thread safety = on) recently And I

I would try without thread safety to start with, 'std' setup uses
the pre-fork model which doesn't need it and *may* cause probs. [fast]CGI
doesn't need thread safety either IIRC.

> tried to install zend debugger yesterday. I downloaded zend debugger
> extension from http://downloads.zend.com/pdt/server-debugger/
> But I didn't find dll module for 5.3.x release. So I tried dll file in
> 5_2_x_comp folder. When I start Apache, I have a line in log file that

that 5.2 version won't work.

> says:

I think you can DL a 5.3 compatible module from:

http://www.zend.com/en/products/studio/downloads

requires registration IIRC.

> Apache/2.2.14 (Win32) PHP/5.3.1 configured -- resuming normal operations
> And phpinfo() says nothing about debugger module! What do you think
> about this thing? I haven't seen any error, But there is no debug
> session!

if your not seeing any errors related to failing to load then you have
either not made the required changed to php.ini or the changes you made are
not at all correct (and php is ignoring them) ... I did also read stuff about 
the
zend_* php.ini directives no longer supporting the '_ts' variants in php5.3, but
I have on idea if that is correct.

> Should I wait for 5.3.x release of zend debugger?


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Foreign Characters Break in MySQL

[Jochem Maas]

Op 1/22/10 2:28 AM, Ryan Park schreef:
> Forgot to reply all.
> 
> You can see that it's in the middle of the sql statement.
> It looks fine here but some how it breaks during the query.
> 
>  mysql_connect("localhost", "adminID", "password") or die(mysql_error());
> echo "Connected to MySQL";
> 
> mysql_select_db("databasename") or die(mysql_error());
> echo "Connected to Database";
> 
> $sql = "INSERT INTO xe_modules (module_srl, module, module_category_srl,
> layout_srl, menu_srl, site_srl, mid, skin, browser_title, description,
> is_default, content, open_rss, header_text, footer_text, regdate) VALUES
> ('135', 'bodex', '0', '53', '0', '0', 'free', 'xe_default', '자유게시판
> ', '', 'N', '', 'Y', '', '', UNIX_TIMESTAMP());";

you need to:

1. have some understanding of char encoding and character sets.
2. define you DB[tables] to use a collation that supports the stuff you want to 
enter.
3. you need to connect to the DB with a suitable charset (google 'SET NAMES')
4. you need to make sure the data you are putting into your queries is in that 
same charset.

basically you need UTF8 - be prepared for some pain and a lot of reading in 
order
to get to grips with these concepts, I've personally found that encoding, 
charsets et al
are not the easiest things to one's head round.

> 
> mysql_query($sql) or die(mysql_error());
> 
> mysql_close();
> ?>
> 
> On 1/21/2010 5:19 PM, Jim Lucas wrote:
>> Ryan Park wrote:
>>   
>>> Hello I'm currently trying to use PHP to insert foreign characters
>>> into one of the mysql database tables.mysql_query() worked
>>> seamlessly, but when I check the inserted data on phpMyAdmin it shows
>>> the foreign characters in broken letters, like this ì‹œíŒ<-
>>> jibberish...The foreign characters show fine when I'm typing it out
>>> on my editor to code PHP, but it gets broken into unrecognizable
>>> symbols when put into mysql database columns.
>>> I tried to create the same thing this time through phpMyAdmin console
>>> and it worked great, the foreign characters showed correctly as they
>>> should.The column that I'm trying to put the foreign characters into
>>> is set as utf8_general_ci.I wish to use PHP to insert the data into
>>> the database because I'll be inserting massive amounts of them at
>>> once, so I just can't continue with this problem at hand.
>>> I'll greatly appreciate any help, thank you.
>>> _
>>> Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
>>> http://clk.atdmt.com/GBL/go/196390709/direct/01/
>>>  
>> How about showing a little of the insert code.  ie: how you are
>> gathering the
>> data, how you are preping the data, and the actual insert statement.
>>
>>
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Enforce a constant in a class.

[Jochem Maas]

Op 1/22/10 4:55 PM, Richard Quadling schreef:
> 2010/1/22 Ashley Sheridan 
>> Constants are there for things that should never change. If you ever need to 
>> change them, then whoever created the base class either didn't think things 
>> through properly, or you're not. Imagine  a class that sets the value of π 
>> (as is the erstwhile example for constants) If further classes that 
>> implemented it were of a particular historical persuasion, then they might 
>> want to redefine the constant as just 3. It seemed like a good idea to the 
>> historical Roman Catholics at the time (it was defined as 3 in the Bible 
>> after all) but it doesn't make it the correct value (imagine the problems 
>> with volume calculations!)
>>
>> Constants are so called for a good reason!
> 
> And in the class that I want to enforce the presence of the constant,
> it will be constant.
> 
> I just want to enforce the presence.

constants in interfaces are not meant for this. a class constant doesn't
constitute an interface. I believe constants in interfaces are allowed purely
because it is helpful to have them defined outside of the global space and
somewhere where all implementors of said interface can realiably reference them.

I would suggest you need to define some extra methods in your interface e.g.

function getKillNotes();
function getKillTypeFlag();

> 
> 
> --
> -
> Richard Quadling
> "Standing on the shoulders of some very clever giants!"
> EE : http://www.experts-exchange.com/M_248814.html
> EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp
> Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731
> ZOPA : http://uk.zopa.com/member/RQuadling
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Foreign Characters Break in MySQL

[Jochem Maas]

Op 1/22/10 9:41 AM, Ashley Sheridan schreef:
> On Fri, 2010-01-22 at 03:47 +0100, Jochem Maas wrote:
> 
>> Op 1/22/10 2:28 AM, Ryan Park schreef:
>>> Forgot to reply all.
>>>
>>> You can see that it's in the middle of the sql statement.
>>> It looks fine here but some how it breaks during the query.
>>>
>>> >> mysql_connect("localhost", "adminID", "password") or die(mysql_error());
>>> echo "Connected to MySQL";
>>>
>>> mysql_select_db("databasename") or die(mysql_error());
>>> echo "Connected to Database";
>>>
>>> $sql = "INSERT INTO xe_modules (module_srl, module, module_category_srl,
>>> layout_srl, menu_srl, site_srl, mid, skin, browser_title, description,
>>> is_default, content, open_rss, header_text, footer_text, regdate) VALUES
>>> ('135', 'bodex', '0', '53', '0', '0', 'free', 'xe_default', '자유게시판
>>> ', '', 'N', '', 'Y', '', '', UNIX_TIMESTAMP());";
>>
>> you need to:
>>
>> 1. have some understanding of char encoding and character sets.
>> 2. define you DB[tables] to use a collation that supports the stuff you want 
>> to enter.
>> 3. you need to connect to the DB with a suitable charset (google 'SET NAMES')
>> 4. you need to make sure the data you are putting into your queries is in 
>> that same charset.
>>
>> basically you need UTF8 - be prepared for some pain and a lot of reading in 
>> order
>> to get to grips with these concepts, I've personally found that encoding, 
>> charsets et al
>> are not the easiest things to one's head round.
>>
>>>
>>> mysql_query($sql) or die(mysql_error());
>>>
>>> mysql_close();
>>> ?>
>>>
>>> On 1/21/2010 5:19 PM, Jim Lucas wrote:
>>>> Ryan Park wrote:
>>>>   
>>>>> Hello I'm currently trying to use PHP to insert foreign characters
>>>>> into one of the mysql database tables.mysql_query() worked
>>>>> seamlessly, but when I check the inserted data on phpMyAdmin it shows
>>>>> the foreign characters in broken letters, like this ì‹œíŒ<-
>>>>> jibberish...The foreign characters show fine when I'm typing it out
>>>>> on my editor to code PHP, but it gets broken into unrecognizable
>>>>> symbols when put into mysql database columns.
>>>>> I tried to create the same thing this time through phpMyAdmin console
>>>>> and it worked great, the foreign characters showed correctly as they
>>>>> should.The column that I'm trying to put the foreign characters into
>>>>> is set as utf8_general_ci.I wish to use PHP to insert the data into
>>>>> the database because I'll be inserting massive amounts of them at
>>>>> once, so I just can't continue with this problem at hand.
>>>>> I'll greatly appreciate any help, thank you.
>>>>> _
>>>>> Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
>>>>> http://clk.atdmt.com/GBL/go/196390709/direct/01/
>>>>>  
>>>> How about showing a little of the insert code.  ie: how you are
>>>> gathering the
>>>> data, how you are preping the data, and the actual insert statement.
>>>>
>>>>
>>>
>>
>>
> 
> 
> You're also forgetting one of the most important elements of this. If
> you're displaying the characters on a web page, chances are that you
> need to add a corresponding meta tag to inform the browser that the
> content is utf-8
> 
> 
> 
> Otherwise the browser will attempt to guess from the first few
> characters of output, and because of the large headers in some websites,
> will guess completely wrong.

that was point 4. in my original post, I'd also say that the META tag is a bit
lame on it's own ... better off actually setting the proper content encoding 
HTTP header
(and using the META tag as well to cover for dumb ass browsers)

> 
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
> 
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Enforce a constant in a class.

[Jochem Maas]

Op 1/22/10 5:19 PM, Richard Quadling schreef:
> 2010/1/22 Jochem Maas :
>> constants in interfaces are not meant for this. a class constant doesn't
>> constitute an interface. I believe constants in interfaces are allowed purely
>> because it is helpful to have them defined outside of the global space and
>> somewhere where all implementors of said interface can realiably reference 
>> them.
> 
> Yep.
> 
>> I would suggest you need to define some extra methods in your interface e.g.
>>
>>function getKillNotes();
>>function getKillTypeFlag();
> 
> The other option would be to be able to _easily_ detect the presence
> of a class constant.
> 
> Without an error.
> 
> Fatal or otherwise.
> 
> $rfClass = ReflecionClass('KilledClass');
> if (in_array('KILL_SWITCH_NOTES', $rfClass->getConstants())) { ...}
> 
> seems the only way.
> 
> You can't use getConstant('KILL_SWITCH_NOTES') as False is returned
> for failure with no differentiation for a False value. Grrr.
> 

defined() ??? besides you can cache the reflection results - and maybe you
only need the reflection stuff when code is in development mode, I'm assuming
your using it to detect coding/developer errors.

> 
> 
> 
> Thanks to you all for the discussion.
> 
> Regards,
> 
> Richard.
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Foreign Characters Break in MySQL

[Jochem Maas]

Op 1/22/10 5:18 PM, Ashley Sheridan schreef:

...

> 
> You'd be surprised how many people still use a dumb browser!

well, no not really - but then we're in the same business :)
I wasn't discounting the use of the encoding META tag, just pointing
out that it's a hack we have to use (and that we should be using it in addition
to setting proper encoding HTTP headers)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Weird Array Issue...

[Jochem Maas]

Op 1/23/10 3:28 AM, Don Wieland schreef:
> Hi,
> 
> I have defined a stored procedure in my mySQL DB and when I call the
> procedure in my mySQL browser it returns the CORRECT results:
> 
> DROP PROCEDURE IF EXISTS `Get_OHC_Years`;
> DELIMITER $$
> CREATE definer=`do...@`` PROCEDURE `Get_OHC_Years`()
> BEGIN
>   SELECT (YEAR(ohc_Date)) as ohc_year FROM Office_Hours_Cuttoff GROUP BY
> YEAR(ohc_Date) ORDER BY YEAR(ohc_Date) ASC;
> END
> $$
> 
> It returns:
> -- ohc_year--
> 2010
> 2009
> 2008
> 2007

I doubt it will return the values in the order you have shown.

> 
> I was assuming this will return an array in my PHP when I call it:
> 
> /**
> *Get All Office Hours Cut-off YEARS
> */
> $db->next_result();

this call to next_result() seems strange.

> $years = $db->query("CALL Get_OHC_Years()") or die("Records not
> found.");
> $yRow = $years->fetch_array();
> echo "";
>  print_r($yRow);
>  echo "";
> 
> But the result it returns on my page is:
> 
> Array (
> [0] => 2007
>  [ohc_year] => 2007
> 
> What am I missing?  Thanks!

the bit where you actually RTM or source?

you seem to be assuming what the fetch_array() call does,
not being able to tell exactly what kind of object $db
is I'll hazard a guess that fetch_array() is a wrapper method
for mysql_fetch_array() - you'd want mysql_fetch_assoc()
instead, and you'll need to loop to fetch all the rows.

maybe try something like:

echo "";
while ($yRow = $years->fetch_assoc())
print_r($yRow);
echo "";

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] importNode issue

[Jochem Maas]

highlight_string() function might be an easier route?

Op 1/25/10 9:55 AM, Michael A. Peters schreef:
> I'm experiencing a slight problem with importNODE putting unwanted
> carriage returns in the the output.
> 
> Here's my function:
> 
> // syntax highlighting
> include_once('Text/Highlighter.php');
> 
> function syntaxHighlight($dom,$lang,$code) {
>$hl =& Text_Highlighter::factory($lang);
>$out = $hl->highlight($code);
>//die($out);
>$tmpDOM = new DOMDocument('1.0','UTF-8');
>$tmpDOM->loadXML($out);
>$foo = $tmpDOM->saveXML();
>//die($foo);
> 
>$nodeList = $tmpDOM->getElementsByTagName('div');
>$impDIV = $nodeList->item(0);
>$returnDIV = $dom->importNode($impDIV,true);
> 
>return $returnDIV;
>}
> 
> -=-
> 
> Here's my test:
> 
> $code  =" $code .="require_once('/path/to/something');" . "\n";
> $code .="function somefunc(\$myfoo,\$mybar) {" . "\n";
> $code .="   \$myfoobar = \$myfoo . \$mybar;" . "\n";
> $code .="   return \$myfoobar;" . "\n";
> $code .="   }" . "\n";
> $code .="?>" . "\n";
> 
> $fooTest = syntaxHighlight($dom,'PHP',$code);
> 
> -=-
> 
> If I uncomment the die($out) - I get what I expect spit to the screen,
> view source shows code that will do what I want.
> 
> If instead I uncomment die($foo) - I also get what I expect spit to
> screen. view source shows code that will do what I want.
> 
> However, if the function is allowed to continue, the imported div has
> carriage returns between each and every  which of course
> completely breaks the browser display because they are inside a
>  node.
> 
> Anyone know why importNode does this and how to fix it?
> 
> The only (untried) solution I can think of is to replace each carriage
> return with a  and every space with   and then replace the
>  with a  or some such hackery before running
> loadXML() on it. But I would rather not do that.
> 
> php 5.2.12 built against libxml 2.6.26
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Migrating legacy code - changing session name

[Jochem Maas]

Op 1/26/10 9:25 AM, Rory McKinley schreef:
> Hello List
> 
> A client has asked me to migrate a few scripts that have been running
> merrily under PHP4 to PHP5.2. Part of these scripts have integration
> with PHPMyAdmin
> using the single sign-on and so they make use of the following code :
> 
> session_write_close();
> session_name("blah");
> session_start();
> 
> Now, assuming that prior to session_write_close(), I have a session
> that (amongst other elements) contains the following:
> 
> $_SESSION['a'] = (an instance of Object A)
> $_SESSION['b'] = (an instance of Object B)
> $_SESSION['c'] = (an instance of Object C)
> 
> After session_start(), I have the following :
> 
> $_SESSION['a'] = (an instance of Object C)
> $_SESSION['b'] = (an instance of Object C)
> $_SESSION['c'] = (an instance of Object C)

sounds to me like the objects are a stored in a variable, each time
the same variable that the var in question is assigned by reference
(this is done in php4 code quite a bit so that objects that are
passed around are not copied - which makes them useless in many instances)

the following code mkight help you to understand what it is (that I think)
is happening:

// php4 compatible class
class Foo { var $s; function Foo($s) { $this->s = $s; } };

$store = array();
$var   = new Foo("A");
$store["A"] =& $var;
$var   = new Foo("B");
$store["B"] =& $var;
$var   = new Foo("C");
$store["C"] =& $var;

var_dump($store);

> 
> This does not consistently happen, only under particular circumstances
> (it seems to be a certain set of elements in $_SESSION triggers it).
> For instance, if I unset $_SESSION['b'] * prior* to doing
> session_write_close() - the behaviour stops, and the elements are
> retained. Has anybody seen this before?
> 
> 
> Vital Stats:
> 
> PHP5.2
> Apache1.3
> FastCGI
> Sessions are stored using PHP5's default session handling.
> 
> Thanks in advance
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: > 120 meg of json analyzed by the browser...

[Jochem Maas]

Op 1/28/10 5:03 PM, Rene Veerman schreef:
> Oh, i forgot to mention that firefox takes about a gigabyte of memory
> after having stalled at "200mb parsed" in a 330mb document..
> 
> And despite using setTimeout(), firefox frequently freezes (for about
> 2 to 10 minutes), before updating the decoding-status display again.
> 
> I'd really appreciate someone checking my non-eval() json
> parser-decoder to see if my code is at fault, or if i've triggered a
> firefox 'bug'.

just guessing but I doubt you have a real issue in your parser-decoder,
the memory used by firefox seems reasonable to my untrained eye - I'd guess
that a factor 5 memory overhead is normal given the amount of abstraction
involved in the browser doing it's thing.

pretty cool what your trying to do - but, totally nuts of course :)

I would think that you're only recourse really is to chunk the output
of both the server and the browser so that you can, theoretically, page
through the data structure in the browser ... might be totally inpractical,
if not impossible. not to mention you likely to have to use file-based storage
for the chunks of output on the server side to avoid running out of mem.

hard problem!

> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] how do I use php://memory?

[Jochem Maas]

Op 1/30/10 1:35 AM, Mari Masuda schreef:
> Hello,
> 
> I have a function that uses tidy to attempt to clean up a bunch of crappy 
> HTML that I inherited.  In order to use tidy, I write the crappy HTML to a 
> temporary file on disk, run tidy, and extract and return the clean(er) HTML.  
> The program itself works fine but with all of the disk access, it runs quite 
> slowly.  I saw on this page (http://www.php.net/manual/en/wrappers.php.php) 
> that I could write to memory by using php://memory.  Unfortunately, I could 
> not quite get it to work.  The problem is that in the below function, the 
> code within the [[[if (file_exists($dirty_file_path))]]] does not get run if 
> I change [[[$dirty_file_path]]] to "php://memory".  Has anyone ever 
> successfully used php://memory before?  If so, what can I do to use it in my 
> code?  Thank you.

what does it matter that it runs slowly, run it once and be done with it?
alternatively use the php tidy extension and avoid the file system and shelling 
out altogether.

actually I'd imagine shelling out from a webserver process is the bottle neck 
and not saving/reading
from the file system.

lastly I don't suppose you've heard of /dev/shm ?

and, er, no, I don't have experience with php://memory but you might try 
searching for
other people's code:


http://www.google.com/codesearch?q=php%3A%2F%2Fmemory&hl=en&btnG=Search+Code

> //==
> function cleanUpHtml($dirty_html, $enclose_text=true) {
> 
>   $parent_dir = "/filesWrittenFromPHP/";
>   $now = time();
>   $random = rand();
>   
>   //save dirty html to a file so tidy can process it
>   $dirty_file_path = $parent_dir . "dirty" . $now . "-" . $random . 
> ".txt";
>   $dirty_handle = fopen($dirty_file_path, "w");
>   fwrite($dirty_handle, $dirty_html);
>   fclose($dirty_handle);
> 
>   $cleaned_html = "";
>   $start = 0;
>   $end = 0;
> 
>   if (file_exists($dirty_file_path)) {
>   exec("/usr/local/bin/tidy -miq -wrap 0 -asxhtml --doctype 
> strict --preserve-entities yes --css-prefix \"tidy\" --tidy-mark no 
> --char-encoding utf8 --drop-proprietary-attributes yes  --fix-uri yes " . 
> ($enclose_text ? "--enclose-text yes " : "") . $dirty_file_path . " 2> 
> /dev/null");
> 
>   $tidied_html = file_get_contents($dirty_file_path);
>   
>   $start = strpos($tidied_html, "") + 6;
>   $end = strpos($tidied_html, "") - 1;
>   
>   $cleaned_html = trim(substr($tidied_html, $start, ($end - 
> $start)));
>   }
>   
>   unlink($dirty_file_path);
> 
> 
>   return $cleaned_html;
> }
> //==
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Sessions across subdomains

[Jochem Maas]

Op 1/30/10 2:25 AM, Ben Miller schreef:
> Hi, I've always thought that session data was subdomain specific and would
> not carry over between http://www.mydomain.com and
> https://secure.mydomain.com, but it seems to be working for me now.  Can I
> rely on this and post from http://www.mydomain.com to
> https://secure.mydomain.com and simply pass a hidden input containing
> PHPSESSID, or do I need to pass each key=>value pair that _SESSION contains
> at www.  and reset them as _SESSION vars at secure.
>  ? 
> 

1. cookies are shared automatically on SUB domains, so if you set your cookie 
domain
to example.com it will be available at both www.example.com and 
secure.example.com

2. cookies can have a HTTPS flag set which means they will not be shared with 
non-HTTPS
connections.

3. DONT put the contents of $_SESSION on the wire. (given the question you're 
asking I'd
hazard a guess you don't have the skills to sufficiently

4. google/read/search/learn about the security implications of sharing a cookie 
between
HTTPS and non-HTTPS domains.

5. session_regenerate_id() - I would use this if you intend to pass session ids 
around,
although it will probably give you a stack of problems in terms of usability 
(e.g. back button usage),
actually I'd use it any time you log someone in or out or have a user perform a 
particularly
sensitive action.

6. the $_SESSION will only be available on both sites if they are both on the 
same server
and running with the same session ini settings (i.e. session save path, session 
name) - different
servers could obviously be using a shared filesystem or an alternative session 
storage (e.g.
memcached or database server).

7. consider not sharing the session - instead pass just the data that you need 
(e.g. shopping
basket contents etc) and either including a hash of the data (which uses a 
secret string that
is not included in the form/url/etc but that both servers/sites know about 
AND/OR using 2-way
public key encryption on the data that you pass in between the servers/sites

personally for higher end commercial sites I prefer to just to put everything 
on HTTPS
solving all potential issues with sharing a cookie or data between nonHTTPS and 
HTTPS sites,
and everything directly related ... the cost being extra overhead per request - 
but hardware
is cheap and security is difficult to get exactly right.

the biggest names on the web have [had] security loophopes/problems related to 
these issues, and they
generally have tons of man power and some very clever/knowledgable people on 
their teams - which is to say:
your chance (and mine for that matter) of not making any mistakes on this front 
are slimmer than theirs.

> Thanks in advance,
> 
> Ben
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] In need of PHP to JS collapsable array printing routine?

[Jochem Maas]

Op 1/30/10 12:54 AM, Daevid Vincent schreef:
> I'm  wondering if anyone has a PHP debug-type routine that will take a PHP
> array and output it to the web page, but make all the dimensions of the
> array collapsable, ideally showing each sub-key (or index) as the name to
> click to expand it again.
> 
> I'm dealing with some rather huge datasets in multi-dimensional hashes and
> printing them out with a beautified print_r() is just not cutting it
> anymore. I need to collapse them down to wrap my head around them. Some of
> them have 6 or more dimensions!
> 
> I use jQuery for JS if that helps (in case your routine requires that too).

what everyone else said ... additionally check out the recent archives for
posts by Rene Veerman ... his current pet project seems to be something that
would be of interest you.

> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Magento shopping cart

[Jochem Maas]

Op 2/1/10 10:02 PM, Skip Evans schreef:
> Hey all,
> 
> Anyone ever use the Magento shopping cart? Pluses, minuses, opinions? I
> have a client that is pretty adamant about using it, but I've found over
> just about any I've used I can do a better service to the client by
> writing them from scratch. It's easy and they always get exactly what
> they want.
> 
> I see they seem to have a lot of plug ins, but I think someone just told
> him it is the best cart to use so he's sort of fixated on it.
> 
> Like I said, I typically find I can custom write one with better
> results. I found xCart, for example, to contain some of the worst code I
> had ever seen and it turned me off to third party carts.

I find the only time a custom solution is suitable is when there is a large
budget and very specific requirements, which usually translates into atleast:

1. specialized discounting mechanisms
2. tight integration with a 'big' backend system (e.g. SAP, Siebel, etc)
3. custom data-related workflows

I just spent some time looking at XCart for someone - seeing the frontend I 
figured
the requested changes would be a piece fo cake, the reality is that making those
changes was practically impossible and definitely not ecomonically viable. the 
XCart
code is complete pants.

I also took a dive into the Magento codebase, a quick perusal shows a well 
defined
structure, tidy code, well commented, modular. looks very good really - learning
curve is a bit steep but that's down to the fact that it's a very complete and
sophicated package ... additionally there is a big, well organized community 
behind
it ... I would hazard a guess and say that it's a very good bet.

> Skip
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] database abstraction layer

[Jochem Maas]

Op 2/3/10 12:19 AM, Ashley Sheridan schreef:
> On Wed, 2010-02-03 at 00:21 +0100, Rene Veerman wrote:
> 
>> the auto_increment sytnax is not uniform across servers, is it?
>>
>> On Wed, Feb 3, 2010 at 12:11 AM, Ashley Sheridan
>> wrote:
>>
>>>  I saw it happen on a site that was getting only about 3000 hits a day. It
>>> just takes the right combination of circumstances and it all goes pear
>>> shaped. You really should get out of the habit of doing it.
>>>
> 
> 
> It is a MySQL only function. MSSQL has @@IDENTITY, not sure how other
> engines implement it.

firebird does it via what they call 'generators', 2 seconds of searching
shows postgres has this:

CREATE TABLE tableName (
 id serial PRIMARY KEY,
 name varchar(50) UNIQUE NOT NULL,
 dateCreated timestamp DEFAULT current_timestamp
);

you can bet you ass that every other DB out there that's worth it's salt
has atomic id incrementor functionality exposed in some way or other.

@Rene: all that talk of maxId functions and random retries etc, etc, is 
complete pooh.
don't do it, **please** use the proper tools provided by the DB in question.

> 
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
> 
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Thinking of moving to .NET because of standalone... any suggestions?

[Jochem Maas]

Op 2/3/10 6:09 PM, Ryan S schreef:
> Hey Guys,
> 
> Coming from a C and Java background I just loved PHP and have been 
> programming with it for years thanks in a large part to the kind people on 
> this list... present and past (Immediately the name John Holmes comes to 
> mind.. i hope the dude is well)
> but now I have have to leave PHP or split time between php and .NET for just 
> one reason:
> 
> .NET offers a way to run programs using the Windows GUI / stand alone 
> executable
> 
> There always was talk on the list about running php code as standalone, but 
> since I had a long absence from the list sorry if I missed any new updates... 
> but I'm hoping someone can offer a way to run php standalone executable.
> 
> Before posting I always google, and the main results I have gotten so far is:
> priado blender
> and PHP-GTK
> 
> but no way to kind of drag and drop what you need like visual studio (i dont 
> know how to use it yet, but been reading) or some other visual development 
> tool like visual basic.
> 
> I need to make a few standalones programs that will run (mostly) on 
> Windows... is there any other way that I have not found that i can use PHP 
> instead of learning something new like .NET?
> 
> I have resisted going "the microsoft way" for years.. looks like my luck has 
> run out...

I don't think that you'll get much else than Blender or PHP-GTK - so from that 
perspective
I'd hazard a guess that your not going to be finding anything that will allow 
you use php
for desktop development in the way you require.

come to think of it M$ has been doing something to shoehorn PHP into the .NET 
env ... I have
no idea whether this would be anything that could bare fruit for you, you'd 
have to google.

as an alternative you might consider Adobe Flex Builder - you get WYSIWYG-ness, 
you can leverage javascript
skills (by way of ActionScript) and it's runs on the AIR platform - so it's 
nice and desktoppy but
with the added bonus of being cross-platform. just a thought.

> 
> Thanks,
> Ryan
> 
> 
> 
>   
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Manual problems

[Jochem Maas]

Op 2/4/10 1:32 AM, clanc...@cybec.com.au schreef:
> Recently I have frequently found, especially in the morning (GMT 2200 - 
> 0200), that I can
> open a bookmark in the manual, for example 
> http://www.php.net/manual/en/ref.image.php.
> But if I then do a search of any type I get 'The page cannot be displayed'.  
> I then cannot
> reach any page, including the one I originally opened.
> 
> This morning, after some fiddling, I found that if I closed the browser, and 
> re-opened it
> I could then see the original bookmark again, and link to some pages, but 
> others would
> again crash the browser, as would all searches.
> 
> I am using IE6, and have seen a message that I should update my browser, but 
> only when the
> page is displaying properly.  Firefox 3.5.5 immediately converted the above to
> http://au2.php.net/manual/en/ref.image.php. and then told me "The manual page 
> you are
> looking for (http://au2.php.net/manual/en/ref.image.php.) is not available on 
> this server
> right now."

there are stacks of mirrors. try one of:

au.php.net
tw.php.net
tw2.php.net
tn.php.net
tn2.php.net
sg.php.net
sg2.php.net

... guessing those are closest to you.

as for using IE6 ... WTF ... you do realise this is essentially a web 
developers mailing list right?


> 
> Is this due to maintenance, or somesuch, or is it something in my system?
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Warning?

[Jochem Maas]

Op 2/6/10 4:29 PM, tedd schreef:
> Hi:
> 
> Has anyone encountered this warning?
> 
> Warning: Unknown: Your script possibly relies on a session side-effect
> which existed until PHP 4.2.3. Please be advised that the session
> extension does not consider global variables as a source of data, unless
> register_globals is enabled. You can disable this functionality and this
> warning by setting session.bug_compat_42 or session.bug_compat_warn to
> off, respectively in Unknown on line 0
> 
> I seem to remember this happening before, but I don't remember the
> solution. As I remember, it wasn't really reporting an error, but
> something else. I just don't remember how I dealt with it before.
> 
> I don't know how to set session.bug_compat_warn to off.

doesn't this work?:



otherwise you'll have to set it in php.ini (or a .htaccess file)

IIRC it means your using session_register() .. which is depreciated and
will be dropped in 5.3 ... AFAIK best practices is not to use this function
but instead assing to the $_SESSION superglobal.

e.g.

do:

 
> Any ideas?
> 
> Cheers,
> 
> tedd
> 
> PS: I'm using php 5.2.10 and register_global is OFF.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Warning?

[Jochem Maas]

Op 2/7/10 3:40 PM, tedd schreef:
> At 7:02 PM + 2/6/10, Jochem Maas wrote:
>> Op 2/6/10 4:29 PM, tedd schreef:
>>>  Hi:
>>>
>>>  Has anyone encountered this warning?
>>>
>>>  Warning: Unknown: Your script possibly relies on a session side-effect
>>>  which existed until PHP 4.2.3. Please be advised that the session
>>>  extension does not consider global variables as a source of data,
>>> unless
>>>  register_globals is enabled. You can disable this functionality and
>>> this
>>>  warning by setting session.bug_compat_42 or session.bug_compat_warn to
>>>  off, respectively in Unknown on line 0
>>>
>>>  I seem to remember this happening before, but I don't remember the
>>>  solution. As I remember, it wasn't really reporting an error, but
>>>  something else. I just don't remember how I dealt with it before.
>>>
>>>  I don't know how to set session.bug_compat_warn to off.
>>
>> doesn't this work?:
>>
>> 
>>
>> otherwise you'll have to set it in php.ini (or a .htaccess file)
>>
>> IIRC it means your using session_register() .. which is depreciated and
>> will be dropped in 5.3 ... AFAIK best practices is not to use this
>> function
>> but instead assing to the $_SESSION superglobal.
> 
> Jochem:
> 
> Two things:
> 
> 1. Your solution worked. Setting --
> 
> 
> 
> -- worked!!! Thank you.

np :)

> 
> 2. I don't use session_register(). So has to be something else, but I
> don't know what that might be.
> 
> Anyone have any ideas?

pretty sure Shawn nailed it.

> 
> Daniel?
> 
> Cheers,
> 
> tedd
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] pecl install geoip doesnt work. Warning: opendir(/var/tmp/pear-build-root/install-geoip-1.0.7//var/www/pear): failed to open dir: No such file or directory in PEAR/Builder.php on line 188

[Jochem Maas]

Op 2/8/10 4:35 AM, David Taveras schreef:
> /root/bin/pecl install geoip

without giving it much thought ... try this:

> sudo /root/bin/pecl install geoip

this is assuming you we're not running the command as root in the first place.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Persistent flag in memory

[Jochem Maas]

Op 2/11/10 4:37 AM, Teus Benschop schreef:
> Good day,
> 
> May I ask you, gurus, whether it is possible to set a flag in PHP that
> persists for the duration of the server being switched on?
> 
> If the server would be power cycled, the flag would be off. Similarly if
> the web server would be restarted the flag would be off also.
> 
> I do realize that such a thing would be possible to be done in MySQL by
> using a table with flags in memory: CREATE TABLE IF NOT EXISTS timer
> (flag int) ENGINE = MEMORY;
> 
> But is this also possible in PHP?

take a look at memcache, or APC in terms of memory storage, although it might 
be possible
to have the web server setup a $_ENV value (I do this myself sometimes with the
mod_rewrite extension of apache).

as such php is a 'share nothing' architecture - so essentially there is no 
concept of
server level global/persisent vars. if your coming from .NET or Java et al this 
may be a
little shocking but it is by design, it requires a somewhat different approach 
(possibly)
to application design.

> 
> Thanks for any help,
> 
> Teus Benschop
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] HTML5 description

[Jochem Maas]

Op 2/10/10 9:08 PM, Robert Cummings schreef:
> From the editor's draft:
> 
> "
> The aside element represents a section of a page that consists of
> content that is tangentially related to the content around the aside
> element, and which could be considered separate from that content. Such
> sections are often represented as sidebars in printed typography.
> 
> The element can be used for typographical effects like pull quotes or
> sidebars, for advertising, for groups of nav elements, and for other
> content that is considered separate from the main content of the page.
> "
> 
> Dear God, please don't suggest it be used for noise like sidebars,
> advertising, or non related groups of nav elements. Asides are NOT often
> represented AS sidebars in printed typography, they are often
> represented IN sidebars of printed typography. This distinction is
> fundamentally different.
> 
> I've never read a serious article where suddenly an aside is made where
> it says:
> 
> BUY! BUY! BUY! BUY OUR JUNK TODAY!!
> 
> An aside is tangential to the content (as in the working draft of the
> spec), this means it is related in some way, usually enriching the
> information/experience rather than watering it down with nonsense.
> 
> I beg you to reconsider your wording for this element's description.

as an aside, I think I'll wait until there is some general consensus on the
actual constructive usage of this sort of tag until I use it - personally I
really think this is too vague.

the concepts of what is structural, what is semantic and what is style are too
mixed up and vague for me to worry, just yet, about the details of these 
new-fangled
HTML5 tags (not mention browser support).

@Rob - your browswer compability 'hack' example in another recent thread is a
perfect example or the problems we face with trying to delineate between 
styling and
semantics and as such I think I lot of what HTML5 adds is arbitrary and rather
vague (the CANVAS and video stuff not withstanding)

personally I don't give a hoot - browsers (and more importantly the users, and 
the
various versions they run - and will be running for quite some time) mean that,
as fas as I'm concerned, HTML5 and everything it may entail is still a pipe 
dream.

As long as people run IE6 or IE7 (actually any POS browser that doesn't properly
attempt to implement current standards) such things as semantically marked up 
ASIDES
(as vague as the concept might) are rather irrelevant to the day to day 
business of
building web sites/applications that accessible/relevant/usable/etc to the 
general
public.

rgds,
Jochem

 PS. from a semantics POV, Robert Cummings is, IMHO, spot on in his assessment 
- I do enjoy
his posts, he's a sharp cookie with plenty to offer and I always enjoy reading 
his
argumentation and opinion!


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] OT: [very mild rant-like commentary] Fwd: IMPORTANT: your message to public-html-comments

[Jochem Maas]

did I send the below message? must have been
an artifact of the defacto 'Reply-to-All' on this
mailing list. I dislike this kind of nonsense, It's in no
way stopping SPAM engines and just means more stuff
to be undertaken by real people

prlease, as if a SPAM BOT can't catch this kind of message and hit
the given link with the appropriate request headers (and then submit
the relevant form data) ...

... so, against my so-called principals, I did the confirmation ...
as a result my email will presumabably go to some W3C list and well
as being archived on any number of their websites ... where email harvesting
bots will be able to scrap my address and add it to the umpteeth
spam list ... not that I care (I host at a great company called Nedlinux.nl
who take care of filtering most of that kind of rubbish on a daily basis) ..
but you see the irony :D

 Originele bericht 
Onderwerp: IMPORTANT: your message to public-html-comments
Datum: Thu, 11 Feb 2010 05:09:05 +
Van: W3C List Manager 
Aan: joc...@iamjochem.com

This is a response to a message apparently sent from your address to
public-html-comme...@w3.org:

Subject: Re: [PHP] HTML5  description
From:Jochem Maas 
Date:Thu, 11 Feb 2010 05:08:25 +

Your message has NOT been distributed to the list; before we distribute it,
we need your permission to include your message in our Web archive of all
messages distributed to this list.

Please visit:

http://www.w3.org/Mail/review?id=76fd349c4f9a4ba3ee6b

and follow the simple procedure listed to give us permission to include
your message in our Web archives. It should take less than one minute
of your time, and only needs to be done once.

If you do not give us this permission by Thu Feb 18 05:09:05 UTC 2010,
your message will be deleted from our systems without being distributed
to the list.

Please do not reply to this message; for more information on this system,
including information on how to provide feedback, please see:

http://www.w3.org/2002/09/aa/

Note: W3C's mailing lists may not be used for unsolicited bulk email
of any kind!


-- 
W3C Postmaster, http://www.w3.org/Mail/


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Persistent flag in memory

[Jochem Maas]

Op 2/11/10 5:42 AM, Teus Benschop schreef:
> Thank you for the hints given. I'll look into the various options given.
> The main reason for the need for a persistent flag in memory is that
> several installations where the PHP code would be deployed do not have
> access to crontab, so I am simulating crontab's functionality by letting
> a PHP script run forever. Page visits would start that script, but once
> the first visitor has started the script, next visitors would only start
> it if the script had died. Here is where the persistent flag is needed.
> Normally the script will never die unless at server reboot, or perhaps
> if some timeout limit has been exceeded. If I would touch a file in the
> filesystem as a flag, this would persist even after server reboot, so
> that means that my simulated crontab would never restart, since it looks
> like it runs. Teus.

whatever it is that your trying to do, it sounds like one of two things:

1. you have hosting that is unsuitable for your needs
2. you are tackling the problem incorrectly

at any rate, as far I'm concerned, you should never have a long running
php process via a web server. (obviously this is the point that someone
posts a brilliant use case to prove me wrong ;-)

could you detail what is is you're actuallt trying to do, chances are people
have:

a. got a better alternative
b. already invented the particular wheel you're trying to build
c. you really do need shell (or even just control panel) access to run a cron 
job

> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Persistent flag in memory

[Jochem Maas]

Op 2/11/10 6:34 AM, Teus Benschop schreef:
> On Thu, 2010-02-11 at 05:53 +, Jochem Maas wrote:
>> whatever it is that your trying to do, it sounds like one of two things:
>>
>> 1. you have hosting that is unsuitable for your needs
>> 2. you are tackling the problem incorrectly
>>
>> at any rate, as far I'm concerned, you should never have a long running
>> php process via a web server. (obviously this is the point that someone
>> posts a brilliant use case to prove me wrong ;-)
>>
>> could you detail what is is you're actuallt trying to do, chances are people
>> have:
>>
>> a. got a better alternative
>> b. already invented the particular wheel you're trying to build
>> c. you really do need shell (or even just control panel) access to run a 
>> cron job
>>
> 
> What I am trying to achieve is to have a php script run once a minute
> and do a few tasks. There are some constraints:
> - Users usually install the php application on their local machines, be
> it Linux, Windows, or Macintosh.
> - The application is defined as needing zero-configuration, i.e. it runs
> out of the box.

much too vague. no mention of a webserver ... zero-config and needing to install
are somewhat mutually exclusive.

I still have the feeling you're using the wrong tool for the job somehow,
I may be wrong or drunk or both ;)

> 
> Teus.
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Persistent flag in memory

[Jochem Maas]

Op 2/11/10 7:25 AM, Teus Benschop schreef:
> On Thu, 2010-02-11 at 06:46 +, Jochem Maas wrote:
>> Op 2/11/10 6:34 AM, Teus Benschop schreef:
>>> On Thu, 2010-02-11 at 05:53 +, Jochem Maas wrote:
>>>> whatever it is that your trying to do, it sounds like one of two things:
>>>>
>>>> 1. you have hosting that is unsuitable for your needs
>>>> 2. you are tackling the problem incorrectly
>>>>
>>>> at any rate, as far I'm concerned, you should never have a long running
>>>> php process via a web server. (obviously this is the point that someone
>>>> posts a brilliant use case to prove me wrong ;-)
>>>>
>>>> could you detail what is is you're actuallt trying to do, chances are 
>>>> people
>>>> have:
>>>>
>>>> a. got a better alternative
>>>> b. already invented the particular wheel you're trying to build
>>>> c. you really do need shell (or even just control panel) access to run a 
>>>> cron job
>>>>
>>>
>>> What I am trying to achieve is to have a php script run once a minute
>>> and do a few tasks. There are some constraints:
>>> - Users usually install the php application on their local machines, be
>>> it Linux, Windows, or Macintosh.
>>> - The application is defined as needing zero-configuration, i.e. it runs
>>> out of the box.
>>
>> much too vague. no mention of a webserver ... zero-config and needing to 
>> install
>> are somewhat mutually exclusive.
>>
>> I still have the feeling you're using the wrong tool for the job somehow,
>> I may be wrong or drunk or both ;)
> 
> Well, on the web server, this usually would be Apache, though one user
> indicated he would use some light httpd instead. Then, of course, yes,
> installation is not zero-config, but what I mean is that after
> installation no further configuration steps would be needed, e.g. if the
> user unpacks a tarball in the web root, it should run straightaway, or
> if he does 'apt-get install ', no further configuration would
> be needed. I thought therefore that using visitors page requests was a
> clever way of initiating starting a php script. At the moment I've got
> the following code:

if you're doing all this already in order to facilitate a multi-platform
install ... why not go the extra yard and have the install process setup
a cronjob (or scheduled task, launchd entry, etc, depending on platform)?

> $crontable = Database_Cron::getInstance ();
> if ($crontable->getFlag ()) die;
> $crontable->setFlag ();
> ignore_user_abort(true);
> set_time_limit(0);
> while(1)
> {
>   $log = Database_Logs::getInstance();
>   $log->log ("Minutely maintenance routine started");
>   .. do some maintenance ...
>   $log->log ("Minutely maintenance routine finished");
>   sleep(60);
> }

of itself this seems like reasonable code, people argue about
the finer details but you seem to be writing clean and tidy stuff.

as such I still don't think this kind of thing belongs in a webserver
process.

I have recently been using daemontools (*nix/bsd compatible daemon management
tools ... also used to manage qmail processes) to actually keep a
long running / perpetual script running ... it's a very robust bit of
kit which takes care of running just one instance of whatever
and restarting it if it happens to die ... very nice, very simple, not
available on Windows (AFAIK) ... and helps to keep this kind
of management logic out of the actual php app.

> This uses the mechanism of a sql table in memory, which seems fine for
> the moment, since it is volatile and would disappear if the user
> restarts his laptop (or if the Amazon cloud reboots ;) - thus next time
> the user visits any page, this script would be restarted and do the
> maintenance till the user shuts down, and so on. I still have to look
> into the other mechanisms of creating a volatile flag.
> 
> I think therefore, with my limited experience of PHP, that the above
> does well, though improvements are welcome.

I'd think your php is an issue - little bit I've seen suggests you
code diligently, it's merely the vehicle your using to have the script run
perpetually that irks me.

> About scripts running forever, I don't see a problem here since most of
> the time it sleeps anyway, and when I look in my Ubuntu 9.10 laptop,
> doing "ps ax" gives 194 live processes already, so what does the one
> single extra sleeping process matter?

in practice not much on a personal machine - nonetheless it's wasteful
and technically a webserver is u

Re: [PHP] Persistent flag in memory

[Jochem Maas]

Op 2/11/10 3:48 PM, Teus Benschop schreef:
>> On Thu, 2010-02-11 at 09:27 -0500, Bastien Koert wrote:
>> Could the app be converted to an Adobe AIR app or use PHPdock (
>> http://www.nusphere.com/products/phpdock.htm ) to run local? There are
>> a number of security issues that surround installing a webserver and a
>> database locally on a users machine that may become issues.
> 
> It probably could be converted into a local application using these
> technologies, interesting technologies, by the way. The snag that will
> be hit though is that the application is licensed under the GPL v 3.
> Both tools you mention are closed source, I believe, and in addition I
> am not sure whether these work for Windows only, leaving Mac and Unix
> out. Will contributors to the applications be willing to buy the
> technologies? The security issues that you mention should be taken
> seriously. Teus.

Adobe AIR is a free platform - incl. a free SDK, it runs on Win, Mac and Linux.
AFAICT there is no restriction for developing GPL code that runs on the Air
platform ... obviously you'll not be using PHP inside Air - javascript and/or
actionscript would be the language in which the app logic is written.

> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Mysql statement works in phpmyadmin but not in php page

[Jochem Maas]

Op 2/11/10 10:51 PM, James McLean schreef:
> On Fri, Feb 12, 2010 at 8:27 AM, Joseph Thayne  wrote:
>>
>> Actually, the syntax is just fine.  I personally would prefer it the way you
>> mention, but there actually is nothing wrong with the syntax.
>>
>>> The ,'$date1'"." is not correct syntax, change it to ,'".$date."'
> 
> My personal preference these days is to use Curly braces around
> variables in strings such as this, I always find excessive string
> concatenation such as is often used when building SQL queries hard to
> read, and IIRC there was performance implications to it as well
> (though I don't have access to concrete stats right now).
> 
> In your case, the variable would be something like this:
> 
> $query="INSERT INTO upload_history (v_id,hour,visits,date) VALUES
> ({$v_id}, {$hour}, {$visits}, '{$date}')";

actually IIRC the engine compiles that to OpCodes that equate to:


$query = 'INSERT INTO upload_history (v_id,hour,visits,date) VALUES ('.$v_id.', 
'.$hour.', '.$visits.', '\''.{$date}.'\')';

> 
> Much more readable and maintainable IMO.
> 
> No need for the trailing semicolon in SQL that uses an API like you
> are using so save another char there too.
> Backticks around column names are not required and IMO again they just
> make the code hard to read. Just because phpMyAdmin uses them, doesn't
> mean we all need to.
> 
> Cheers
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] optional object arguments to a function

[Jochem Maas]

Op 2/13/10 8:05 AM, Michael A. Peters schreef:
> I've started working on a class using DOMDocument to assemble MathML in
> php. The class, assuming I actually succeed, will eventually be used for
> parsing LaTeX math equations to MathML without the need to have TeX
> installed. I probably won't be able to support all the possibilities for
> equations that LaTeX does w/o a TeX install (and definitely not user
> defined macros) but I suspect I can (hopefully) cover most of the common
> stuff.
> 
> One thing I don't know how to do, though, is write a function where
> arguments are optional object.
> 
> IE for a function to generate an integral, the limits are optional but
> if specified must be an object (since they may be an equation
> themselves). I want the default to be some kind of a null object so I
> know to do nothing with it if it is null.
> 
> With string/integer you just do
> 
> function foo($a='',$b='',$c=false) {
>   }
> 
> How do I specify a default null object, or otherwise make the argument
> argument optional?

this first one doesn't work:

dobar();// works
$f->dobar($e);  // catchable fatal
$f->dobar((object)array()); // catchable fatal - check the error msg!?!?

?>

... but if you're able/willing to specify a user defined class then you
have this option:

dobar($b);
$f->dobar();

?>

> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] SQL insert () values (),(),(); how to get auto_increments properly?

[Jochem Maas]

Op 2/13/10 10:08 AM, Lester Caine schreef:
> Rene Veerman wrote:
>> Hi.
>>
>> I'm looking for the most efficient way to insert several records and
>> retrieve the auto_increment values for the inserted rows, while
>> avoiding crippling concurrency problems caused by multiple php threads
>> doing this on the same table at potentially the same time.
> 
>> Any clues are greatly appreciated..
>> I'm looking for the most sql server independent way to do this.
> 
> Rene
> The 'correct' way of doing this is to use a 'sequence' which is
> something introduced in newer versions of the SQL standard.
> Firebird(Interbase) has had 'generators' since the early days (20+
> years) and these provide a unique number which can then be inserted into
> the table.
> 
> ADOdb emulates sequences in MySQL by creating a separate table for the
> insert value, so you can get the next value and work with it, without
> any worries. The only 'problem' is in situations were an insert is
> rolled back, a number is lost, but that is ACTUALLY the correct result,
> since there is no way of knowing that a previous insert WILL commit when
> several people are adding records in parallel.

this is all true and correct ...

but that doesn't answer the problem. how do you get the IDs of all the records
that we're actually inserted in a multi-insert statement, even if you generate 
the
IDs beforehand you have to check them to see if any one of the set INSERT 
VALUEs failed.

@Rene:

I don't think there is a really simple way of doing this in a RDBMS agnostic
way, each RDBMS has it's own implementation - although many are alike ... and 
MySQL is
pretty much the odd one out in that respect.

it might require a reevaluation of the problem, to either determine that 
inserting
several records at once is not actually important in terms of performance (this 
would depend
on how critical the speed is to you and exactly how many records you're likely 
to be inserting
in a given run) and whether you can rework the logic to do away with the 
requirement to
get at the id's of the newly inserted records ... possibly by indentifying a 
unique
indentifier in the data that you already have.

one way to get round the issue might be to use a generated GUID and have an 
extra field which
you populate with that value for all records inserted with a single query, as 
such it could
function as kind of transaction indentifier which you could use to retrieve the 
newly
inserted id's with one extra query:

$sql = "SELECT id FROM foo WHERE insert_id = '{$insertGUID}'";

... just an idea.

> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] SQL insert () values (),(),(); how to get auto_increments properly?

[Jochem Maas]

Op 2/13/10 11:36 AM, Eric Lee schreef:
> 
> 
> On Sat, Feb 13, 2010 at 6:55 PM, Jochem Maas  <mailto:joc...@iamjochem.com>> wrote:
> 
> Op 2/13/10 10:08 AM, Lester Caine schreef:
> > Rene Veerman wrote:
> >> Hi.
> >>
> >> I'm looking for the most efficient way to insert several records and
> >> retrieve the auto_increment values for the inserted rows, while
> >> avoiding crippling concurrency problems caused by multiple php
> threads
> >> doing this on the same table at potentially the same time.
> >
> >> Any clues are greatly appreciated..
> >> I'm looking for the most sql server independent way to do this.
> >
> > Rene
> > The 'correct' way of doing this is to use a 'sequence' which is
> > something introduced in newer versions of the SQL standard.
> > Firebird(Interbase) has had 'generators' since the early days (20+
> > years) and these provide a unique number which can then be
> inserted into
> > the table.
> >
> > ADOdb emulates sequences in MySQL by creating a separate table for the
> > insert value, so you can get the next value and work with it, without
> > any worries. The only 'problem' is in situations were an insert is
> > rolled back, a number is lost, but that is ACTUALLY the correct
> result,
> > since there is no way of knowing that a previous insert WILL
> commit when
> > several people are adding records in parallel.
> 
> this is all true and correct ...
> 
> but that doesn't answer the problem. how do you get the IDs of all
> the records
> that we're actually inserted in a multi-insert statement, even if
> you generate the
> IDs beforehand you have to check them to see if any one of the set
> INSERT VALUEs failed.
> 
> @Rene:
> 
> I don't think there is a really simple way of doing this in a RDBMS
> agnostic
> way, each RDBMS has it's own implementation - although many are
> alike ... and MySQL is
> pretty much the odd one out in that respect.
> 
> it might require a reevaluation of the problem, to either determine
> that inserting
> several records at once is not actually important in terms of
> performance (this would depend
> on how critical the speed is to you and exactly how many records
> you're likely to be inserting
> in a given run) and whether you can rework the logic to do away with
> the requirement to
> get at the id's of the newly inserted records ... possibly by
> indentifying a unique
> indentifier in the data that you already have.
> 
> one way to get round the issue might be to use a generated GUID and
> have an extra field which
> you populate with that value for all records inserted with a single
> query, as such it could
> function as kind of transaction indentifier which you could use to
> retrieve the newly
> inserted id's with one extra query:
> 
>$sql = "SELECT id FROM foo WHERE insert_id = '{$insertGUID}'";
> 
> ... just an idea.
> 
> >
> 
> 
> 
> Hi
> 
> I would like to learn more correct  way from both of you.
> May I ask what is a sequences ?

it an RDBMS feature that offers a race-condition free method of
retrieving a new unique identifier for a record you wish to enter,
the firebird RDBMS that Lester mentions refers to this as 'generators'.

to learn more I would suggest STW:

http://lmgtfy.com/?q=sql+sequence

> 
> 
> Thanks !
> 
> 
> Regards,
> Eric
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] optional object arguments to a function

[Jochem Maas]

Op 2/13/10 8:59 PM, Richard Quadling schreef:
> On 13 February 2010 10:07, Jochem Maas  wrote:

...

>>
> 
> Try stdClass.

I guess you didn't read what I wrote then.

> If you know the class type, then that can be the type hint.
> 
> You can also use func_get_args() to read all the parameters and type
> check them if there are MANY optional parameters.
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] $_POST vs $_REQUEST

[Jochem Maas]

Op 2/22/10 8:39 PM, Slack-Moehrle schreef:
> Hi All,
> 
> I have Forms that I submit for processing. I have seen examples of people 
> using either $_POST or $_REQUEST.
> 
> When would I choose one over the other?

use $_POST, $_REQUEST is normally an amalgam of GET, POST and COOKIE - as such 
using $_REQUEST can open you up
to a denial of service attack (if someone manages to place cookies with the 
same names as your form fields they will always
override what was in the POST).

avoid using $_REQUEST.

> Also, I see examples of these being used with and without the single quotes
> 
> Like:
> 
> $_POST[j_orderValue]

this generates an E_NOTICE and is bad practice, it's also slower, essentially 
PHP sees the
CONSTANT j_orderValue which it can't find and does it's best to accomodate 
sloppy code by
tranlating it into the string 'j_orderValue'

try turning up the ini setting 'error_reporting' to include E_NOTICE warnings 
(and everything else)
and see what else your code might be doing which isn't quite right ... it can 
be very helpful,
I'm assuming you're running a local webserver, as running that in production is 
a bit pointless
in my view (additionally having the ini setting 'display_errors' turned on in 
production is a
security issue)

> or
> $_POST['j_orderValue']
> 
> Single quotes is best, correct to prevent sql injection?

this does nothing for SQL injection prevention, for that you need the escaping 
function
for the DB you use ... for MySQL that would be mysql_real_escape_string().

> -ML
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] $_POST vs $_REQUEST

[Jochem Maas]

Op 2/23/10 10:27 AM, Ashley Sheridan schreef:
> On Tue, 2010-02-23 at 09:19 +, Richard wrote:
> 
>> Hi,
>>
>> Well people better than me (how is that possible?!) have said that
>> $_REQUEST has the potential to open your app up to security
>> vulnerabilities, and that it should be avoided because of that. Here's
>> a post from Stephan Esser about it on the PHP-Internals list:
>>
>> http://www.mail-archive.com/intern...@lists.php.net/msg32832.html
>>
>> Stephan heads up the Hardened-PHP project and when it comes to
>> security, I don't know of anyone better. So, if he advises not to use
>> _REQUEST, it's a good idea to follow that advice.
>>
>> -- 
>> Richard Heyes
>>
> 
> 
> Well, he's only saying there that it 'most probably vulnerable' and
> mentions that cookies can overwrite post and get data. This isn't a
> problem with $_REQUEST itself but rather an applications' use of it. So
> what if someone crafts a cookie to send a bad value. If someone has the
> gen to do that, then they are going to know how to send get and post
> values as well. Only decent sanitisation will be able to protect against
> this.
> 
> If the order of override variables in $_REQUEST is such an issue too,
> use the request_order ini setting to specify the order you'd prefer.
> 
> I've never had any issues with using $_REQUEST, but found a lot of
> advantages to using it, as I often use a mix of data sources in the same
> app.

and that is exactly Essers point. you use $_REQUEST and assume the data came
from either GET or POST ... I'd hazard a guess your apps never expect such 
'mixed'
data to be coming via COOKIE ... so your app will work as 'advertised' but if 
some
one happens to slip a cookie onto someone else machine whose name matches some
rather important GET/POST input then it's that user who potentially has just 
suffered
a denial of service - and you'll get the blame for the fact things don't work 
and
you'll probably never be able to work out that it's a rogue cookie on the 
client putting
a spanner in the works. (imagine you have an 'id' parameter and I managed to 
set a
cookie on your users' machine called 'id' with a value of 1 ... have fun with 
that)

you should be as strict with exceptable input vectors as you are with 
sanitisation
of the actual input.

use of $_REQUEST is rather lazy - if you want to except either POST or GET for 
a given
input write a simple wrapper function for that specific requirement - this will 
also
save you from unforeseen problems related to incorrect or changed values for the
request_order ini setting.

> 
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
> 
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How to get the 'return type' of a function?

[Jochem Maas]

Op 2/24/10 1:16 AM, Ashley Sheridan schreef:
> On Tue, 2010-02-23 at 19:19 -0600, Kevin Kinsey wrote:
> 
>> Ashley Sheridan wrote:
>>> is_quantum() is pretty useful as well, if you want to see if it's sort
>>> of there and not at the same time. Probably turns into a cat in a box at
>>> some point too, everything quantum has cats in...
>>>
>>> Thanks,
>>> Ash
>>
>> So, should we add to the list:
>>
>> is_schrodingers_cat_alive()
>>
>> ??
>>
>> KDK
>>
> 
> 
> I think PHP would crash trying to return the boolean value from that
> one!

no. either it returns a random boolean, or the func signature is missing a
boolean $weOpenedTheBox parameter ... in which case it should be fully 
deterministic. :)

> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
> 
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] $_POST vs $_REQUEST

[Jochem Maas]

Op 2/22/10 10:49 PM, John Black schreef:
> On 02/22/2010 11:42 PM, Michael Shadle wrote:
>> The difference here is you can at least have some control over the data
>> and expect it in a certain fashion. Also the behavior of cookies vs. get
>> vs. post are different (cookies have length and expiration limits, get
>> has length limits, post has server confgured limits)
> 
> The cookie and post/get part is all mixed up now :)
> 
> I use $_COOKIE when I want cookie information but I know that the data
> is not to be trusted and is easily fabricated.
> 
> When reading get or post I just use $_REQUEST nowadays because I don't
> have to care how the submitting form is written. This makes my form
> handling data more portable.

a. if your updating/inserting/storing data for the user you should require
POST in order to mitigate CSRF et al - not to mention using a nonce in your 
forms.

b. when you use $_REQUEST like you do you assume it's either GET or POST data, 
but
it might be COOKIE data ... which will overwrite what is sent via GET or POST 
in the
$_REQUEST array .. which creates a potential for a denial-of-service attack on 
the
users of a site:

imagine an 'id' parameter for displaying articles, then imagine a
user was tricked into loading a cookie onto his machine for your domain with the
name of 'id' and a value of 1 ... said user would only ever be able to see the
article referred to be id=1 if you wrote code that took the 'id' parameter from 
the
$_REQUEST var.

... I advocate not trusting any data *and* being explicit about the input 
vectors
on which any particular piece of data is accepted in a given context. (GET, 
POST and COOKIE
are 3 different vectors)



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] $_POST vs $_REQUEST

[Jochem Maas]

Op 2/24/10 11:18 AM, Ashley Sheridan schreef:
> On Wed, 2010-02-24 at 07:55 +, Jochem Maas wrote:
> 
>> Op 2/22/10 10:49 PM, John Black schreef:
>>> On 02/22/2010 11:42 PM, Michael Shadle wrote:
>>>> The difference here is you can at least have some control over the data
>>>> and expect it in a certain fashion. Also the behavior of cookies vs. get
>>>> vs. post are different (cookies have length and expiration limits, get
>>>> has length limits, post has server confgured limits)
>>>
>>> The cookie and post/get part is all mixed up now :)
>>>
>>> I use $_COOKIE when I want cookie information but I know that the data
>>> is not to be trusted and is easily fabricated.
>>>
>>> When reading get or post I just use $_REQUEST nowadays because I don't
>>> have to care how the submitting form is written. This makes my form
>>> handling data more portable.
>>
>> a. if your updating/inserting/storing data for the user you should require
>> POST in order to mitigate CSRF et al - not to mention using a nonce in your 
>> forms.
>>
>> b. when you use $_REQUEST like you do you assume it's either GET or POST 
>> data, but
>> it might be COOKIE data ... which will overwrite what is sent via GET or 
>> POST in the
>> $_REQUEST array .. which creates a potential for a denial-of-service attack 
>> on the
>> users of a site:
>>
>> imagine an 'id' parameter for displaying articles, then imagine a
>> user was tricked into loading a cookie onto his machine for your domain with 
>> the
>> name of 'id' and a value of 1 ... said user would only ever be able to see 
>> the
>> article referred to be id=1 if you wrote code that took the 'id' parameter 
>> from the
>> $_REQUEST var.
>>
>> ... I advocate not trusting any data *and* being explicit about the input 
>> vectors
>> on which any particular piece of data is accepted in a given context. (GET, 
>> POST and COOKIE
>> are 3 different vectors)
>>
>>
>>
> 
> 
> Which becomes a moot point if you use the request_order ini setting to
> specify the ordering of the overriding of variables in $_REQUEST.

which I think is another bit of magic I can do without. besides you don't
always have control of the ini file (and you obviously can't change this value
during the running of the script as $_REQUEST is already defined)

> I do see what you're getting at, and yes there are concerns to be had
> with one global array overriding another if you don't know to look out
> for such a caveat. The thing is, there are many times where $_REQUEST is
> just perfect. Imagine a stylesheet picker, that remembers the visitors
> choice in a cookie. You can utilise $_REQUEST to handle the whole thing
> very easily, and in a way that makes sense.

which would require a request_order of CPG - the opposite of what it normally 
is,
which is a complete WTF for any new developer of the code base, all so you can
save a couple of lines of very simple code. I don't think it's worth it.

BUT given that you do know what all the ramification are and can control the
request_order in your environment then it's true to say that in your case there
is no actual problem.

> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
> 
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Uninstalling PHP?

[Jochem Maas]

Op 2/28/10 12:08 AM, Austin Powers schreef:
> ""Austin Powers""  wrote in message 
> news:ca.b0.29124.619a8...@pb1.pair.com...
>> Three weeks ago I was working through the Lynda.com "PHP with MySQL
>> Training" because I wanted to begin using PHP (surprise, surprise).
>>
>> Anyway, on this video course the teacher explains that because installing
>> PHP and MySQL is so well understood on a Mac that we may as well just 
>> follow
>> his steps and do it manually.  Well, he is installing a different version 
>> of
>> PHP and MySQL to the ones that I was able to download and while what he 
>> was
>> saying way somewhat similar I am guessing that  there is a difference
>> somewhere, and (well) it's not working.
>>
>> I AM A COMPLETE NOVICE WITH LINUX/FREEBSD.  It had not been my intention 
>> to
>> learn the intricacies of Linux.  However, I am now neck deep in a mire of
>> confusion that even MAMP can't seem to sort out for me.
>>
>> It is purely a guess that I need to start again from a complete clean 
>> setup
>> (reformatting my hard disk and reinstall OS X again) but that is pretty 
>> much
>> out of the question.
>>
>> I guess my question is:
>>
>> "How can I completely uninstall PHP so that I can start again?"
>>
>> Thanks.
>>
> 
> 
> I did a:
> 
>find / -name 'apachectl' 2. /dev/null
> 
> and it came back with:
> 
> /usr/sbin/apachectl
> /Applications/MAMP/Library/bin/apachectl

Mac OS X has an install of apache by default, the control script for that
is:

/usr/sbin/apachectl

if your installing MAMP (or a custom setup) you'll want to deactivate the 
default
installation ... go to System Preferences > Sharing then turn off "Web Sharing"

if you want to deinstall MAMP there should be a deinstaller program in 
/Application/MAMP,
once you've run that you can just delete that whole directory. then you can try 
to install
again by mounting the MAMP .dmg file and running the installer.

> 
> so I do:
> 
>cd /Application/MAMP/Library/bin
> 
> and then:
> 
>./apachectl graceful
> 
> and it came back with:
> 
>httpd not running, trying to start
>(13) permission denied: make_sock: could not bind to address {::]:80
>(13 permission denied: make_sock: could not bind to address 0.0.0.0:80
>no listening sockets available, shutting down
>Unable to open logs

this is a permissions thing - you need to run the command using sudo (as 
explained in
another post)

> 
> Does this mean that httpd is not running, and that I need to make some 
> change to the httpd.conf file?  If so, then what changes do I need to make? 
> 
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Want to learn to work with Zend Framework?

[Jochem Maas]

Op 3/4/10 9:14 PM, Daniel Brown schreef:
> On Thu, Mar 4, 2010 at 14:59, mrfroasty  wrote:
>> Looks expensive, definately NO
> 
> Then do not reply.  It was an offer to the community at large, not
> just you and the other top-poster.  ;-P
> 

quite. and it's not like Zend send such offers to the list everyday, in fact
I don't think I've seen anything from them here before at all.

this list is not moderated, as such we're liable to receive stuff now and
again that we're not personally interested in ... just ignore it.

to those that argue it's expensive - quality training is, that's the
nature of the business and the subject matter we deal with.

to those that argue that it's spam, I would disagree - the 'ad' is directly
relevant to php developers, the sender's employer is reputable, the recipients
are all members of an unmoderated mailing list that is generally (pun intended)
known to be very flexible and lax with regard to the exceptability of posts and
lastly the actual sender is a traceable person with a working email address.

everything pretty much above board as far as I'm concerned.

I would suggest that Zend don't send such 'ad's too often purely because that
might offend the very people they are trying to reach, additionally they might
consider that when they do send things like this to also include links/etc to
relevant/new resource that are freely available ... I'd personally wouldn't
mind an occasional email pointing out some new article about, for instance,
'Best Practices' which also includes info about upcoming courses ... a bit of
give and take in that vein might garner a more positive response, in general,
from members of this list.

... your thoughts on a post card ;-)



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Division by 0

[Jochem Maas]

Op 3/10/10 6:23 PM, Joseph Thayne schreef:
> Looks to me like you are closing your form before you put anything in
> it.  Therefore, the loan_amount is not set making the value 0.  Follow
> the math, and you are dividing by 1-1.
> 
> Change this line:
> 
> 
> 
> to:
> 
> 

this is a XSS waiting to happen. I can put something like the following in
the request uri:

index.php?" onsubmit="evil()">http://www.evil.com/evi.js";>

with regard to the original problem - some input validation is in order.

(pow($intCalc,$totalPayments) - 1);

if $intCal and $totalPayments are both equal to 1 then either something
is wrong and the calc shouldn't be done or some other calc needs to
be done.

every value being POSTed should be checked that it's been set, and that
it's a valid numeric value (for the numeric fields) ... if anything is
missing show the form again and display an error message without doing
the calculation.

> 
> and you should be good to go.
> 
> Joseph
> 
> Gary wrote:
>> I have a mortgage amortization script that was working fine,now it
>> seems to have gone awry. Below is the entire script plus input page. 
>> I am getting an error
>>
>> Warning: Division by zero in
>> /home/content/J/a/y/Jayski/html/one2one/Ricksrecursivefunctions.php on
>> line 47
>>
>> Which is  (pow($intCalc,$totalPayments) - 1);
>>
>> Frankly I am not even sure the information is being passed to the script.
>>
>> Anyone see what I am missing?
>>
>> Gary
>>
>>
>> Calculate your Loan
>> 
>>
>> 
>> 
>>  
>>   Loan Amount
>>  USD
>> > src="images/help.png" class="noborder"/>
>>   
>> 
>>   Type of
>> Loan
>>   
>> 
>>   Installment
>>   Balloon
>> 
>> > src="images/help.png" class="noborder"/>
>>   
>>
>>  Term of Loan
>> 
>> Months
>> > onmouseout="UnTip()">> />
>> 
>>  
>>  Interest
>> Rate
>>  Per
>> Annum> onmouseover="Tip('Percentage (%) charged on loan on an annual basis.
>> Please see our FAQs for information on usury rates. If no
>> amount is entered this will be 0%.')" onmouseout="UnTip()">> src="images/help.png" class="noborder" />
>> 
>> 
>> 
>> 
>> 
>> 
>> >
>> function amortizationTable($paymentNum, $periodicPayment, $balance,
>>$monthlyInterest) {
>> $paymentInterest = round($balance * $monthlyInterest,2);
>> $paymentPrincipal = round($periodicPayment - $paymentInterest,2);
>> $newBalance = round($balance - $paymentPrincipal,2);
>> print "
>>$paymentNum
>>\$".number_format($balance,2)."
>>\$".number_format($periodicPayment,2)."
>>\$".number_format($paymentInterest,2)."
>>\$".number_format($paymentPrincipal,2)."
>>";
>>  # If balance not yet zero, recursively call amortizationTable()
>>  if ($newBalance > 0) {
>> $paymentNum++;
>> amortizationTable($paymentNum, $periodicPayment, $newBalance,
>>   $monthlyInterest);
>>  } else {
>> exit;
>>  }
>> } #end amortizationTable()
>>
>># Loan balance
>>$balance =($_POST['loan_amount']);
>>
>># Loan interest rate
>>$interestRate = ($_POST['int_rate']);
>>
>># Monthly interest rate
>>$monthlyInterest = ("$interestRate / 12");
>>
>># Term length of the loan, in years.
>>$termLength =($_POST['loan_term']);
>>
>># Number of payments per year.
>>$paymentsPerYear = 12;
>>
>># Payment iteration
>>$paymentNumber =($_POST['loan_term']);
>>
>># Perform preliminary calculations
>>$totalPayments = $termLength * $paymentsPerYear;
>>$intCalc = 1 + $interestRate / $paymentsPerYear;
>>$periodicPayment = $balance * pow($intCalc,$totalPayments) *
>> ($intCalc - 1) /
>> (pow($intCalc,$totalPayments) - 1);
>>$periodicPayment = round($periodicPayment,2);
>>
>># Create table
>>echo "";
>>print "
>>   Payment
>> NumberBalance
>>   PaymentInterestPrincipal
>>   ";
>>
>># Call recursive function
>>amortizationTable($paymentNumber, $periodicPayment, $balance,
>> $monthlyInterest);
>>
>># Close table
>>print "";
>>
>> ?>
>> 
>>
>>
>> __ Information from ESET Smart Security, version of virus
>> signature database 4932 (20100310) __
>>
>> The message was checked by ESET Smart Security.
>>
>> http://www.eset.com
>>
>>
>>
>>
>>
>>   
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Execution order of PHP

[Jochem Maas]

Op 3/10/10 1:29 PM, Auke van Slooten schreef:
> Hi,
> 
> In a hobby project I'm relying on the order in which the following piece
> of PHP code is executed:
> 
> $client->system->multiCall(
>   $client->methodOne(),
>   $client->methodTwo()
> );
> 
> Currently PHP always resolves $client->system (and executes the __get on
> $client) before resolving the arguments to the multiCall() method call.
> 
> Is this order something that is specified by PHP and so can be relied
> upon to stay the same in the future or is it just how it currently works.
> 
> If it cannot be relied upon to stay this way, I will have to rewrite the
> multiCall method and API...

I think you can probably rely on the call order but given no formal spec
for php it's not ironclad - multiCall() will never be called before
methodOne() or methodTwo() because the return values of those are needed to
pass to multiCall() BUT you can't say for sure whether $client->system will
be evaluated before the methodOne() and methodTwo() calls ... looking at
it the code doesn't actually require it, in practice it doubt the engine
will change so dramatically that the call order would change.

but who cares. the code is full of magic, which makes it difficult to understand
and maintain ... fix it so that it's explicit about what it's doing so that
other developers who read it will grasp the concept without having to dig
into your magic methods. this solves the problem of undiscernable magic and
possible issues with resolution order in the future as well (which if they
happened would be a royal PITA to debug, given the magic methods involved)

> 
> regards,
> Auke van Slooten
> Muze
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Division by 0

[Jochem Maas]

Op 3/10/10 11:39 PM, Daniel Egeberg schreef:
> On Wed, Mar 10, 2010 at 23:44, Dmitry Ruban  wrote:
>> Hi Jochem,
>>
>> Jochem Maas wrote:
>>>
>>> Op 3/10/10 6:23 PM, Joseph Thayne schreef:
>>>>
>>>> Looks to me like you are closing your form before you put anything in
>>>> it.  Therefore, the loan_amount is not set making the value 0.  Follow
>>>> the math, and you are dividing by 1-1.
>>>>
>>>> Change this line:
>>>>
>>>> 
>>>>
>>>> to:
>>>>
>>>> 
>>>
>>> this is a XSS waiting to happen. I can put something like the following in
>>> the request uri:
>>>
>>> index.php?" onsubmit="evil()">>> src="<a  rel="nofollow" href="http://www.evil.com/evi.js"">http://www.evil.com/evi.js"</a>;>
>>>
>> Apparently it's not going to work. PHP_SELF does not include query string.
>> So it is safe to use it this way.
>>
>> Regards,
>> Dmitry
> 
> No, it is not safe...
> 
> This won't work:
>   index.php?" onsubmit="evil()"> src="<a  rel="nofollow" href="http://www.evil.com/evi.js"">http://www.evil.com/evi.js"</a>;>
> 
> But this will:
>   index.php/" onsubmit="evil()"> src="<a  rel="nofollow" href="http://www.evil.com/evi.js"">http://www.evil.com/evi.js"</a>;>

yeah sorry, I was lax and made the query string mistake,
the issue stands though as Daniel pointed out.



> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Division by 0

[Jochem Maas]

Op 3/11/10 2:44 PM, Mike Roberts schreef:
> I have tried and tried, countless times to be removed from this list...
> still when I go to my deleted items I can see that emails leak through.
> If there is an administrator who can simply delete me ( simply because I
> can not seem to do this correctly) I would greatly appreciate it. Thank
> You!
> 
> 
> 
> 

no there is not (really!), either search the archives, search php.net
look at the bottom of any of the email sent via the list or check the
email headers of email sent via the list - any one of those will give
you a way out.

but that probably is a bit of a technical challenge, so try this:

send a blank email to php-general-unsubscr...@lists.php.net using the email
account you are subscribed to the list to. all things being equal you should
recieve a message saying either that you've been removed or that you need to
confirm the removal (which means either replying once more to that message
or clicking a link).

PS - it's generally considered bad form to reply to someone else's thread rather
than send a new message when you're not engaging the current conversation.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP backup in Minnesota

[Jochem Maas]

Op 3/11/10 10:05 PM, Ken Kixmoeller schreef:
> Hey, folks  ---  -
>
>
>  -- Session-based, no cookies.

sessions are cookie based. unless your passing the
session id around via a URL parameter, which is a no-no.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I need a fresh look at storing variables in MySQL

[Jochem Maas]

Hi Tedd,

just a few thoughts that might help ...

Op 3/13/10 6:10 PM, tedd schreef:
> Hi gang:
> 
> I just completed writing a survey that has approximately 180 questions
> in it and I need a fresh look at how to store the results so I can use
> them later.

first off - wasn't there a cut'n'dried piece of survey software out there
that did the job? don't know off hand what the 'market' currently offers but
I'm pretty sure there are a number of candidate php-based wotsits.

as such they might be worth looking at just to check out their data models.

> The survey requires the responder to identify themselves via an
> authorization script. After which, the responder is permitted to take
> the survey. Everything works as the client wants so there are no
> problems there.
> 
> My question is how to store the results?
> 
> I have the answers stored in a session variable, like:
> 
> $_SESSION['answer']['e1']
> $_SESSION['answer']['e2']
> $_SESSION['answer']['e2a']
> $_SESSION['answer']['e2ai']
> $_SESSION['answer']['p1']
> $_SESSION['answer']['p1a']
> $_SESSION['answer']['p1ai']
> 
> and so on. As I said, there are around 180 questions/answers.
> 
> Most of the answers are integers (less than 100), some are text, and
> some will be null.
> 
> Each "vote" will have a unique number (i.e., time) assigned to it as
> well as a common survey id.

what happens when 2 people vote at the same time?

> 
> My first thought was to simply record the "vote" as a single record with
> the answers as a long string (maybe MEDIUMTEXT), such as:
> 
> 1, 1268501271, e1, 1, e2, 16, e2a, Four score and ..., e2a1, ,

that would make life very difficult if you wanted to use the

> Then I thought I might make the data xml, such as:
> 
> 11268501271116Four
> score and ...

doesn't seem like XML is the answer at all. isn't it Larry Garfield with the
sig line that says:

Sometime a programmer has a problem and thinks "I know I'll use XML",
now he has 2 problems.

:)

> That way I can strip text entries for <> and have absolute control over
> question separation.
> 
> Then I thought I could make each question/answer combination have it's
> own record while using the vote_id to tie the "vote" together. That way
> I can use MySQL to do the heavy lifting during the analysis. While each
> "vote" creates 180 records, I like this way best.

is there only ever going to be one survey of which the questions/structure
is now fixed/definitive?

if so I'd probably opt for the simple approach of a table
with 180 columns purely because that would make for the easiest
reporting queries (no self-referencing joins needed to answer the
question posed below ... which would be the case if you normalized
the data to one row per question+answer+vote[r])

... although possibly not speediest in terms of SQL performance
(you'd have to be careful with creating lots of indexes because that
would affect insert performance)

basically one table with 180 answer columns and an addition primary [voter?] 
key,
possibly also a survey id if your going to be repeating the survey over time.

a more normalized approach would be to define all the questions and their
answer types in one table, surveys in another, with answers per qestion in 
another:

survey table:
id  INT (PK)
nameVARCHAR
dateTIMESTAMP

questions table:
id  INT (PK)
positionINT - order of questions
survey_id   INT
questionVARCHAR/TEXT
question_type   ENUM?

voters  table:
id  INT (PK)
nameVARCHAR ??

answers tables:
id  INT (PK)
voter_idINT
question_id INT
answer  ?

with the answer values in the answers table you might consider a field for
each question_type you define so that you can use a proper data type - this
would be somewhat denormalized because you'd only ever use one of those fields
per row but it might come in handy.



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I need a fresh look at storing variables in MySQL

[Jochem Maas]

Op 3/14/10 11:45 AM, Ashley Sheridan schreef:
> On Sun, 2010-03-14 at 12:25 +0100, Rene Veerman wrote:
> 
>> On Sun, Mar 14, 2010 at 12:24 PM, Rene Veerman  wrote:
>>>
>>> I'd love to have a copy of whatever function you use to filter out bad
>>> HTML/js/flash for use cases where users are allowed to enter html.
>>> I'm aware of strip_tags() "allowed tags" param, but haven't got a good list
>>> for it.
>>>
>>
>> oh, and even  tags can be used for cookie-stuffing on many browsers..
>>
> 
> 
> Yes, and you call strip_tags() before the data goes to the browser for
> display, not before it gets inserted into the database. Essentially, you
> need to keep as much original information as possible.

I disagree with both you. I'm like that :)

let's assume we're not talking about data that is allowed to contain HTML,
in such cases I would do a strip_tags() on the incoming data then compare
the output ofstrip_tags() to the original input ... if they don't match then
I would log the problem and refuse to input the data at all.

using strip_tags() on a piece of data everytime you output it if you know
that it shouldn't contain any in the first is a waste of resources ... this
does assume that you can trust the data source ... which in the case of a 
database
that you control should be the case.

at any rate, strip_tags() doesn't belong in an 'anti-sql-injection' routine as
it has nothing to do with sql injection at all.

> 
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
> 
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Splitting a string ...

[Jochem Maas]

Op 3/15/10 1:54 AM, Ashley M. Kirchner schreef:
> I'm not a regexp person (wish I was though), and I'm hoping someone can give
> me a hand here.  Consider the following strings:
> 
>  
> 
> -  domain\usern...@example.org
> 
> -  domain\username
> 
> -  the same as above but with / instead of \  (hey, it happens)
> 
> -  usern...@example.org
> 
> -  username
> 
>  
> 
> Essentially I have a sign-up form where folks will be typing in their
> username.  The problem is, in our organization, when you tell someone to
> enter their username, it could end up being any of the above examples
> because they're used to a domain log in procedure where in some cases they
> type the whole thing, in other cases just the e-mail, or sometimes just the
> username.
> 
>  
> 
> So what I'd like is a way to capture just the 'username' part, regardless of
> what other pieces they put in.  In the past I would write a rather
> inefficient split() routine and eventually get what I need.  With split()
> getting deprecated, I figured I may as well start looking into how to do it
> properly.  There's preg_split(), str_split(), explode() . possibly others.
> 
>  
> 
> So, what's the proper way to do this?  How can I capture just the part I
> need, regardless of how they typed it in?
> 



... just off the top of my head, probably could be done better than this.
I would recommend reverse engineering the given regexp to find out what
it's doing exactly ... painstaking but worth it to go through it char by char,
it might be the start of a glorious regexp career :)

>  
> 
> Thanks!
> 
>  
> 
> A
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Event Handling

[Jochem Maas]

Op 3/15/10 8:24 AM, Midhun Girish schreef:
> Hi ,
> Just as David Hutto has said,What you need is the cronjob... Make a script
> say "check.php" which checks the db to see if any new entries are made...
> and if yes send the mail ...
> 
> now using the cronjob feature in linux os(which will be provided as a
> service in your linux hosting cpanel), set a cronjob which calls the "
> http://www.yoursite.com/check.php"; URL every minute now a trigger will
> be there every minute to the script and the emails will be send irrespective
> of whether anyone is browsing the site or not hope it is clear...
> 

use cron - yes
have cron call a web URL - no, instead just call the script via the php CLI 
sapi,
e.g. a cmdline as follows in cron:

/usr/env php /path/to/your/check.php &> /dev/null

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Event Handling

[Jochem Maas]

Op 3/15/10 12:00 PM, David Hutto schreef:
> On Mon, Mar 15, 2010 at 7:31 AM, Jochem Maas  wrote:
> 
>> Op 3/15/10 8:24 AM, Midhun Girish schreef:
>>> Hi ,
>>> Just as David Hutto has said,What you need is the cronjob... Make a
>> script
>>> say "check.php" which checks the db to see if any new entries are made...
>>> and if yes send the mail ...
>>>
>>> now using the cronjob feature in linux os(which will be provided as a
>>> service in your linux hosting cpanel), set a cronjob which calls the "
>>> http://www.yoursite.com/check.php"; URL every minute now a trigger
>> will
>>> be there every minute to the script and the emails will be send
>> irrespective
>>> of whether anyone is browsing the site or not hope it is clear...
>>>
>>
>> use cron - yes
>> have cron call a web URL - no, instead just call the script via the php CLI
>> sapi,
>> e.g. a cmdline as follows in cron:
>>
>> /usr/env php /path/to/your/check.php &> /dev/null
>>
> 
> 
> I do believe removing the /dev/null will send error messages during the
> building of the script, correct?
> 

the '&> /dev/null' redirects all output - I kind of make the assumption that the
script would be logging stuff to a file or something when in production.

so, yes, remove the redirection when your developing/testing the script.



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP in HTML code

[Jochem Maas]

Op 3/13/10 3:49 PM, Jorge Gomes schreef:
> First of all, i recommend the use of normal php tags () because
> the short tags are atm marked as* **DEPRECATED*.

that's a documentation error.

> 
> You should also echo your values to the page, instead using the shortcut  (stop being a lazy ass! :P):

it's not lazy, it's succinct and much easier to read (once you know what it 
means),
but ... if you require portable code and your liable to be running on shared
hosting where you don't control the ini settings you might consider not using 
it.

it is often feasable to turn them on explicitly in your 'init' routine so that
your template/output code can use short tags:



I can't recall that this is ever locked down on a server so that you can't
change it, although the default if quite often set to FALSE.

> 
> 
> 
> 
> 
> 
> 
> 
> remember that between tags, we have normal php code.
> 
> Rewards

how much?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Event/Exhibition Organizers Management Software

[Jochem Maas]

hi gang[tm],

I've been STFW for some kind of CRM package specifically geared at
event/exhibition organizers. I'm not having any luck, there *seems* to
be stuff out there but most of it's geared at single exhibitor/corporate
entity event management as opposed to the organization of events
where 100s of exhibitors need be approached, sold stand space to and
manage - of those that do seem to what I'd like they are a bit vague on
their website and don't give any pricing info (as usual price is a big issue :).

I've looked at the possibilities of using Salesforce or SugarCRM but neither
seem to have plugins/modules aimed at the specific requirements I have.

Basically I want something to manage:

1. multiple expos/exhibitions
2. selling standspace
3. manage tickets/ticket campaigns
4. floorplan management/creation/etc
5. speaker/debate-panel management
6. exhibitor pack/documentation management
5. the usual invoicing/lead/crm stuff

does anyone know of anything that comes remotely close?

rgds,
Jochem

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Fwd: Re: [PHP] another question on setting include paths for a project

[Jochem Maas]

oops, mailed the OP direct rather than the list. sorry.

 Originele bericht 
Onderwerp: Re: [PHP] another question on setting include paths for a project
Datum: Mon, 22 Mar 2010 15:58:28 +
Van: Jochem Maas 
Aan: Robert P. J. Day 

Op 3/22/10 2:18 PM, Robert P. J. Day schreef:
> 
>   to recap regarding an earlier question i asked regarding extending
> include paths, i have an existing project (call it "proj" currently
> all under a top-level directory also named "proj") which can be SVN
> checked out anywhere under a user's home directory.  so in my case, i
> might have my svn working copy under, say,
> /home/rpjday/stuff/work/proj/, and all proj-related content under
> that.
> 
>   at the moment, there are some subdirs under proj/ like "common" and
> "utils" and "debug", and all includes or requires throughout the
> working copy are currently and awkwardly of the form:
> 
>   include '../../proj/utils/somescript.php';
> 
> in short, every script that needs to include another one somewhere
> else in the code structure sadly needs to know its precise relative
> location.
> 
>   my proposal is to get rid of most of that by:
> 
> 1) having developers set a single env var PROJ_DIR in their login
>session, reflecting wherever the heck they checked out their
>working copy to, then ...
> 2) having said developers uniformly extend their directly callable PHP
>scripts with something at the very top like:
> 
>   set_include_path(getenv('PROJ_DIR') . PATH_SEPARATOR . get_include_path());
> 
> not only will that let them simplify their command-line callable
> scripts to say just:
> 
>   include 'utils/somescript.php';
> 
> also, as i read it, that newly-extended include path percolates down
> through all PHP scripts invoked directly or indirectly from this one,
> right?  so while i could add that set_include_path() to every single
> PHP script everywhere in the code base, it's really only necessary to
> add it to those PHP scripts that people intend to *invoke* directly --
> every other script will pick it up automatically as it's called, is
> that correct?  (did i phrase that meaningfully?)
> 
>   that was part one.
> 
>   the new additional complication is that some of those PHP scripts
> will manually construct HTTP POST requests and ship those requests off
> to PHP scripts that live under a public_html/ directory, whose
> scripts might *also* want to include some of those very same utils/ or
> common/ scripts but that modified include path will, of course, not
> carry across a POST request, so what's the standard way to similarly
> modify the include path of the scripts on the server end?
> 
>   (unsurprisingly, all those "server-side" PHP scripts are also part
> of the entire SVN checkout just so i can keep everything in the same
> place for testing.)
> 
>   so how can i have those "server-side" scripts extend their search
> path based on, perhaps, the same environment variable?
> 
>   thoughts?

I think the whole 'set an ENV var in their shell session' idea is overkill.
everything is checked out from svn, the structure of the project is known,
there is no reason not to use relative paths for the includes, there is
no need to tell the scripts where stuff is in this scenario - they can
work it out automatically.

the following might give you an idea for a bit of bootstrap code that's included
by everything:

define('INC_DIR', dirname(__FILE__));

this would allow all other code to use absolute paths and allow you to set
the include_path to ''.

how do the cmdline scripts know which URL to hit ... I would assume that this
URL can change depending on whose checkout it is and the context (dev/prod),
that means there is already a config file or some such - possibly a good place
to stick the include path or define the include dir.

... and now for something 'completey' different:

another trick I've used is to use custom ini settings in conjunction with
get_cfg_var() - each developer/installation would have their own custom ini
file (which you can store in svn too) .. the ini file would be symlinked to
from the dir php is setup to read additional ini files from, the contents of
the ini file would be something like:

[My Cool App]
my_cool_app.public_url  = 'http://local.coolapp/';
my_cool_app.inc_dir = '/path/to/cool/app/';

you can then grab these values from anywhere using 
get_cfg_var('my_cool_app.inc_dir'),
often I find that additional config stuff is needed per installation - mostly 
related
to webserver setup (which sometimes differs somewhat between live and dev 
installs -
SSL may not be a

Re: [PHP] Will PHP ever "grow up" and have threading?

[Jochem Maas]

Op 3/23/10 12:02 AM, Daevid Vincent schreef:
> I've been using PHP for a decade or so (since PHP/FI) and love it. The one



well they certainly ripped you a new one didn't they :)

why no threads? shared-nothing architecture, that's very deliberate, it has draw
backs as well as advantages, either way you have to understand the reasoning and
how to leverage it. shared-nothing obviously doesn't lend itself to writing fast
daemonized code, then again it wasn't meant to.

I'd say that named function/method parameters would be a nice addition though -
although having said that a decent IDE with code completion (DocBlocks) and 
well commented,
well structured code mitigate the issue, for me anyway.

> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP to access shell script to print barcodes

[Jochem Maas]

Op 3/23/10 3:27 AM, Rob Gould schreef:
> I am trying to replicate the functionality that I see on this site:
> 
> http://blog.maniac.nl/webbased-pdf-lto-barcode-generator/
> 
> Notice after you hit SUBMIT QUERY, you get a PDF file with a page of 
> barcodes.  That's _exactly_ what I'm after.
> Fortunately, the author gives step-by-step instructions on how to do this on 
> this page:
> 
> http://blog.maniac.nl/2008/05/28/creating-lto-barcodes/
> 
> 
> So I've gotten through all the steps, and have created the 
> "barcode_with_samples.ps" file, and have it hosted here:
> 
> http://www.winecarepro.com/kiosk/fast/shell/
> 
> Notice how the last few lines contain the shell-script that renders the 
> postscript:
> 
> #!/bin/bash
> 
> BASE=”100″;
> NR=$BASE
> 
> for hor in 30 220 410
> do
> ver=740
> while [ $ver -ge 40 ];
> do
> printf -v FNR “(%06dL3)” $NR
> echo “$hor $ver moveto $FNR (includetext height=0.55) code39 barcode”
> let ver=$ver-70
> let NR=NR+1
> done
> done
> 
> 
> I need to somehow create a PHP script that "executes" this shell script.  And 
> after doing some research, it sounds like
> I need to use the PHP exec command, so I do that with the following file:
> 
> http://www.winecarepro.com/kiosk/fast/shell/printbarcodes.php
> 
> Which has the following script:
> 
>  
> $command="http://www.winecarepro.com/kiosk/fast/shell/barcode_with_sample.ps";;
> exec($command, $arr);
> 
> echo $arr;
> 
> ?>
> 
> 
> And, as you can see, nothing works.  I guess firstly, I'd like to know:
> 
> A)  Is this PHP exec call really the way to go with executing this shell 
> script?  Is there a better way?  It seems to me like it's not really 
> executing.

that's what exec() is for. $command need to contain a *local* path to the 
command in question, currently your
trying to pass a url to bash ... which obviously doesn't do much.

the shell script in question needs to have the executable bit set in order to 
run (either that or change to command to
run bash with your script as an argument)

I'd also suggest putting the shell script outside of your webroot, or at least 
in a directory that's not accessable
from the web.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Will PHP ever "grow up" and have threading?

[Jochem Maas]

Op 3/24/10 10:40 AM, Rene Veerman schreef:
> I subscribe to this list to share tips on software designs.
> 
> Getting and keeping your respect i'm not even interested in.
> 
> I'm interested in the quality of your tips on problems i post, as tips can
> lead faster to products, leads to money, leads to my personal freedom and
> options in life.
> Respect cannot be used to buy bread and butter.
> 

Someone who respects you will buy you a sandwich if you need it.

But seemingly you're only interested in leveraging other peoples time and
experience to further your own career, good luck with that around here.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] More efficient thumbnail script

[Jochem Maas]

Curt Zirzow wrote:
> On 1/16/07, Jochem Maas <[EMAIL PROTECTED]> wrote:
>> Curt Zirzow wrote:
>> > On 1/16/07, Jochem Maas <[EMAIL PROTECTED]> wrote:
>> >> ...
>> >> if ($cacheState) {
>> >> $headers = getallheaders();
>> >> if (isset($headers['If-Modified-Since']) &&
>> >> ($headers['If-Modified-Since'] == $lastModified)) {
>> >
>> > I was waiting for this to be mentioned...
>> >
>> > I would use a more detailed approach: http://pastebin.ca/319054
>>
>> could you clarify alittle? (beyond not using the apache specific
>> getallheaders()
>> function - I chose to go that route because I never run on anything
>> other than apache)
>>
>> is the value of $headers['If-Modified-Since'] identical to
>> $_SERVER['HTTP_IF_MODIFIED_SINCE'] or *can* they differ (i.e. would
>> it be stupid to assume that apache 'normalized' the modidfied-since
>> string?)
> 
> they should be identical, the one thing, iirc, is that the
> getallheaders() returns what exactly the client sent, so if the client
> sent 'if-modified-since:' then the assoc array would be
> $headers['if-modified-since'].

given that there may be difference in capitalization and the fact that
getallheaders() is apache specific it seems to me that using
$_SERVER['HTTP_IF_MODIFIED_SINCE'] would be better (not to mention saving
a function call).

> 
>>
>> is my code borked or merely not covering a number of edge cases related
>> to older or more exotic browsers - my code does output 304 headers
>> at the right time AFAIHT.
> 
> As far as i can see nothing is wrong.
> 
> After looking at rfc2616 i dont know why there is that $http_size
> thing going on in the code i posted; must be from a very early draft
> of HTTP/1.0 (as noted by the date in my comment)
> 
> Forget i said anything.

given enough time it's garanteed ;-)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] dynamic lists

[Jochem Maas]

Kevin Murphy wrote:
> 
> 
> On Jan 17, 2007, at 1:39 PM, Brad Fuller wrote:
> 
>>> -Original Message-
>>> From: Jay Blanchard [mailto:[EMAIL PROTECTED]
>>> Sent: Wednesday, January 17, 2007 4:05 PM
>>> To: Don; php-general@lists.php.net
>>> Subject: RE: [PHP] dynamic lists
>>>
>>> [snip]
>>> By dynamic drop list I mean the type where the options
>>> contained in the subsequent list depend on what was picked in
>>> the previous list without clicking submit.
>>> [/snip]
>>>
>>> PHP is server side, you need to do this with AJAX or Javascript
>>>
>>> -- 
>>> PHP General Mailing List (http://www.php.net/) To
>>> unsubscribe, visit: http://www.php.net/unsub.php
>>>
>>
>> Don,
>>
>> There's a few different ways to do this.
>>
>> #1) Submit the form (to itself) when a user chooses an option from the
>> first
>> list (using onChange=form.submit()) then with PHP query the database
>> for the
>> second set of options.
>>
>> #2) Use JavaScript to store all the values and pop them in when the user
>> chooses an option from the first list (using onChange=someFunction(...)).
>>
>> I like #2.  If you need a starting point, google for "javascript dynamic
>> select list"
>>
>> Hope that helps,
>>
>> Brad
> 
> FYI... Neither #1 or #2 are considered good practice for
> Accessibility/ADA compliance. If you are using a keyboard or screen
> reader to view your website, it will always pick the first one in the
> list and you won't have the option of even seeing the rest of the list.
> Basically, anything that uses onchange or onselect will cause
> accessibility issues. The only way to accomplish this is using onclick
> or submitting the form.

that stance basically negates everything 'ajax', flash, video and everything
considered to be remotely 'web2.0' - is the 'low-common-denominator' case
always the correct choice?

I understand the importance of accessibility but the practicality of most
peoples' job in this sector means satisfying the requirements of a client
that demands such dynamic functionality such as the auto-selection example
given here.

is there not an argument that screen-reader and [braille] keyboard software
are somwhat responsible for being capable of 'keeping up' - given that an
onclick can be handled why not an 'onchange' (in theory)?


> 
> --Kevin Murphy
> Webmaster: Information and Marketing Services
> Western Nevada Community College
> www.wncc.edu
> 775-445-3326
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] dynamic lists

[Jochem Maas]

Roman Neuhauser wrote:
> # [EMAIL PROTECTED] / 2007-01-17 23:20:23 +0100:
>> Kevin Murphy wrote:
>>> On Jan 17, 2007, at 1:39 PM, Brad Fuller wrote:
 #1) Submit the form (to itself) when a user chooses an option from the
 first list (using onChange=form.submit()) then with PHP query the
 database for the second set of options.

 #2) Use JavaScript to store all the values and pop them in when the user
 chooses an option from the first list (using onChange=someFunction(...)).

 I like #2.  If you need a starting point, google for "javascript dynamic
 select list"
>>> FYI... Neither #1 or #2 are considered good practice for
>>> Accessibility/ADA compliance. If you are using a keyboard or screen
>>> reader to view your website, it will always pick the first one in the
>>> list and you won't have the option of even seeing the rest of the list.
>>> Basically, anything that uses onchange or onselect will cause
>>> accessibility issues. The only way to accomplish this is using onclick
>>> or submitting the form.
>> that stance basically negates everything 'ajax', flash, video and everything
>> considered to be remotely 'web2.0' - is the 'low-common-denominator' case
>> always the correct choice?
>  
> And what about the my-ajax-is-longer-than-your-ajax (or whatever's "in"
> right now (is "in" still a "cool" word?)) lemming-march mentality?

I think 'correct' was the wrong word. still thinking what the right word
should be.

bare in mind I was playing devil's advocate rather than defending a particular
stance.

> 
>> I understand the importance of accessibility but the practicality of most
>> peoples' job in this sector means satisfying the requirements of a client
>> that demands such dynamic functionality such as the auto-selection example
>> given here.
>  
> That's typically a result of poor user requirements capture. :)

of course the level of requirement/functional specification one can do is
dependant on (at least) 2 things:

1. budget - building a small (<5000 euros) site leaves not much money for 
developing
detailed specs, it easy enough to blow 5 grand on a preliminary investigation 
let
alone something that resembles a fullblown spec.

2. client - can the client even comprehend the specs and the ramifications they 
entail,
a small local business has no idea (or interest) in the problems, ramifications 
and
technicalities of site building - he/she "just want's a website".

> 
>> is there not an argument that screen-reader and [braille] keyboard software
>> are somwhat responsible for being capable of 'keeping up' - given that an
>> onclick can be handled why not an 'onchange' (in theory)?
> 
> Yeah, wheelchairs can move along a sidewalk, so what's stopping them
> from walking up and down stairs? 

no doubt the economics of greed - technically it possible to, I mean Honda
built a freakin' robot that runs up stair and I seen multiple axel wheelchairs
on TV more than 15 years ago (anyone in England know the 'Tomorrows World'
program from the time when it was still about real science? ;-) that were 
capable
of traversing stairs.

but applying the extreme accessiblity mantra to the stairs analogy would mean
making stairs more or less illegal. should we sue companies out of existence 
because
they have a set of stairs? should stairs be illegal?

> If you haven't written an open source
> browser on par with mozilla for blind people, 

has anyone actually achieved that? actually my comment was aimed purely
at commercial software, which, for now, AFAICT is the only real option for
disabled people - and it's not a cheap option either, so the bar is
set very high in the economic sense, disabled people in a low/no income
are often shut out purely on budgetary grounds.

should commercial vendors that supply tools to enable disabled people
be held to a [very] high standard?

additionally it could be said that the only feasible proposition is
to make the the enabling tools adapt to the environment they are intended
to make accessible? to return to the wheel chair analogy: it's completely
impractical to replace all stairs in the world with suitable ramps but it
is technically achievable to build a wheelchair that is capable
of navigating a world full of chairs.

> it's IMO polite to not
> raise the bar for them unless necessary. KISS and all that.

there are plenty of multi-billion dollar corporations that pay nothing more than
lip service to accessibility - those same companies are the examples alot of
my clients point at when telling me what they want. (I'm painting
with a broad brush here)

if I completely refuse to 'raise the bar' then I'm going to be flipping burgers
at sooner than I'd like - my clients will go else where.

so I'm stuck between doing 'the right thing' and paying the bills - all this
is rather a moot issue in a world where millions of disabled people don't even 
have access
to running water, let alone wheelchairs - so extending KISS approach all the 
way down the

Re: [PHP] Broken compatibility with escaping { in php 5.2

[Jochem Maas]

Bogdan Ribic wrote:
> Hi all,
> 
> Try this:
> 
> $a = '';
> echo "\{$a}";
> 
> from php 4, it outputs "{}", from php 5.2 (one that comes with Zend 5.5)

no-one here supports Zend.

> it outputs "\{}", thus breaking existing scripts.

AFAICT the escaping in that string is wrong - the fact that it did work
the way you want it to is probably sheer luck.

lastly I ran your tests and determined at the least that the 'break'
occur *prior* to 5.2. at a guess it probably changed in 5.0, here are my 
results:

# php -r 'echo "php",phpversion(),":\n"; $a = ""; var_dump("\{$s}");'  ;
  php5 -r 'echo "php",phpversion(),":\n"; $a = ""; var_dump("\{$s}");'

OUTPUT:

php4.3.10-18:
string(2) "{}"
php5.1.2:
string(3) "\{}"

> 

be pragmatic - fix your script :-)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Broken compatibility with escaping { in php 5.2

[Jochem Maas]

Németh Zoltán wrote:
> On cs, 2007-01-18 at 14:19 +0100, Jochem Maas wrote:
>> Bogdan Ribic wrote:
>>> Hi all,
>>>
>>> Try this:
>>>
>>> $a = '';
>>> echo "\{$a}";
>>>
>>> from php 4, it outputs "{}", from php 5.2 (one that comes with Zend 5.5)
>> no-one here supports Zend.
>>
>>> it outputs "\{}", thus breaking existing scripts.
>> AFAICT the escaping in that string is wrong - the fact that it did work
>> the way you want it to is probably sheer luck.
>>
>> lastly I ran your tests and determined at the least that the 'break'
>> occur *prior* to 5.2. at a guess it probably changed in 5.0, here are my 
>> results:
>>
>> # php -r 'echo "php",phpversion(),":\n"; $a = ""; var_dump("\{$s}");'  ;
>>   php5 -r 'echo "php",phpversion(),":\n"; $a = ""; var_dump("\{$s}");'
>>
>> OUTPUT:
>>
>> php4.3.10-18:
>> string(2) "{}"
>> php5.1.2:
>> string(3) "\{}"
>>
>> be pragmatic - fix your script :-)
> 
> is this the correct form:
> 
> $a = '';
> echo "\{$a\}";
> 
> if I want to get "{}" a result?
> 
> (I think it is)

testing would given you certainty.

I tested it and, although I would have thought it was correct,
it did not given the desired result, the following 2 do give what
your looking for:

echo "{{$s}}", " ", '{'.$s.')';

> 
> greets
> Zoltán Németh
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] dynamic lists

[Jochem Maas]

tedd wrote:
> At 2:33 PM -0800 1/17/07, Kevin Murphy wrote:
>> Not saying I disagree with you. which is why i tossed it out there
>> as an FYI rather than anything else. But its something that you should
>> be aware of when designing a site and weighing your options. For me,
>> working for a governmental institution, I really don't have a choice.
>> I can't throw anything into the website that has a negative ADA
>> impact unless of course I have an alternate way of accomplishing
>> the same thing.
> 
> Not only working for the government (which has enough sites that fail
> compliance anyway), but if you're a company who wishes to do business
> with the US Government, then web site compliance is required (Section 508).
> 

do business with the US Government? I'd rather be flipping burger for a major
US Corporation :-/ (no doubt if you dig deep enough the US Corp is owned by some
Japanese or Middle Eastern conglomerate.

http://en.wikipedia.org/wiki/Oligarchy (and that applies to just about every
'democracy' if you ask me.)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Broken compatibility with escaping { in php 5.2

[Jochem Maas]

Bogdan Ribic wrote:
> 
>>
>> be pragmatic - fix your script :-)
> 
> I did :)
> 
> It was a part of code generator, and I had something like :
> $res .= "function $this->insert_prefix() \{$this->_global_db\n";
> 
> and replaced it with
> 
> $res .= "function $this->insert_prefix() {{$this->_global_db}\n";
> 
> ... in about 20 locations.
> 
> But the complaint is that whichever is "correct" version, it cannot be
> much more correct than the other, and certainly not worth breaking
> existing functionality. Mine was easy to fix, but this might introduce
> weird bugs somewhere else.

I'm not the authority that could comment on that one way or the other,
no doubt there is a good & complicated explanation as to why this changed
- you might try asking the internals list (don't tell them I sent you :-).


> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP5 Cross Compilation

[Jochem Maas]

Kiran Malla wrote:
> Hello,
> 
> I am trying to cross compile PHP-5.2.0 for arm linux.
> 
> # export CC=/usr/local/arm/3.3.2/bin/arm-linux-gcc
> # export AR=/usr/local/arm/3.3.2/bin/arm-linux-ar
> # export LD=/usr/local/arm/3.3.2/bin/arm-linux-ld
> # export NM=/usr/local/arm/3.3.2/bin/arm-linux-nm
> # export RANLIB=/usr/local/arm/3.3.2/bin/arm-linux-ranlib
> # export STRIP=/usr/local/arm/3.3.2/bin/arm-linux-strip
> 
> # ./configure --host=arm-linux --sysconfdir=/etc/appWeb
> --with-exec-dir=/etc/appWeb/exec
> 
> Result of this configure is,
> 
> Checking for iconv support... yes
> checking for iconv... no
> checking for libiconv... no
> checking for libiconv in -liconv... no
> checking for iconv in -liconv... no
> configure: error: Please reinstall the iconv library.
> 
> I have installed libiconv-1.11 on my system. The command 'which iconv'
> shows
> '/usr/local/bin/iconv'. I have no clue why configure is failing due to
> missing iconv.
> 
> Somebody please throw some light on this issue.

maybe some*thing* will do:

./configure --help

I'm guessing it'll tell you how to instruct configure on where iconv is
living.

> 
> Regards,
> Kiran
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] regular expression help!

[Jochem Maas]

William Stokes wrote:
> Hello Roman,
> 
> Could you specify the functionality of your script a bit please. (How it 
> works)

it's a hint as to how you might use simpleXML to extract the values of a src
attribute from the definition of an img tag.

> 
> I forgot to mention that this part:
> 
> ',
> 
> is not always the same. The image properties can vary.
> 
> Thanks
> -Will
> 
> 
> 
> 
> "Roman Neuhauser" <[EMAIL PROTECTED]> kirjoitti 
> viestissä:[EMAIL PROTECTED]
>> # [EMAIL PROTECTED] / 2007-01-18 12:34:36 +0200:
>>> I need to strip all characters from the following text string exept the
>>> image path...
>>>
>>> ">> src=\"../../images/new/thumps/4123141112007590373240.jpg\" />"...and then
>>> store the path to DB. Image path lengh can vary so I guess that I need to
>>> extract all characters after scr=\"until next\"or 
>>> somethig
>>> similar.
>> This passes with 5.2:
>>
>> class ImgSrcTest extends Tence_TestCase
>> {
>>private $src, $str, $xml;
>>function setUp()
>>{
>>$this->src = 'fubar.jpg';
>>$this->str = sprintf(
>>'',
>>$this->src
>>);
>>$this->xml = new SimpleXmlElement($this->str);
>>}
>>function testReturnsAttributeAsSimpleXMLElements()
>>{
>>return $this->assertEquals('SimpleXMLElement', 
>> get_class($this->xml['src']));
>>}
>>function testCastToStringYieldsTheAttributeValue()
>>{
>>return $this->assertEquals($this->src, strval($this->xml['src']));
>>}
>> }
>>
>> -- 
>> How many Vietnam vets does it take to screw in a light bulb?
>> You don't know, man.  You don't KNOW.
>> Cause you weren't THERE. http://bash.org/?255991 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Newbie - help with a foreach

[Jochem Maas]

Németh Zoltán wrote:
> On cs, 2007-01-18 at 02:04 -0800, pub wrote:
>> On Jan 18, 2007, at 2:00 AM, Németh Zoltán wrote:
>>


...

> maybe you should use a parameter for it, place it into the link in the
> first query loop, get it here and query based on it
> 
> like "SELECT * FROM job WHERE id={$_GET['job_id']}" or whatever

SQL INJECTION WAITING TO HAPPEN.


...

>>  foreach($row as $url)
>>  {
>>  $row = mysql_fetch_array($result2,MYSQL_ASSOC);
>>  if ("url={$row['url']}")

what is this IF statement supposed to be doing???
because it will always evaluate to true

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Security Question

[Jochem Maas]

Al wrote:
> I've got a website on a virtual-host, Apache/Linux system running php
> scripts.
> 
> I particular, I've designed a CMS where designated individuals compose
> and edit text in an html textarea, and then save the raw text in files.
> Custom [i.e., proxie] tags are used for emphasizing and the formating
> text [e.g., Red Text]. The raw text is converted to W3C
> compliant, html code for user rendering. When processing the text, I
> remove all php start codes [ not obvious to me how the text can be executed when it's treated as pure
> text sent to the client.
> 
> Now the question.  Does anyone see an obvious security hole?

if you don't strip out stuff like ' evil haxor code here; '
then that's one thing that can bite.

it's hard to say what holes there may be without seeing the code
that does the conversion from 'raw text' to 'html' .

another security issue is whether anyone could overwrite existing 'content'
text files on the server - only your CMS should have write access to these.

any php code in the files can't be run at all *unless* your using include
on the given text files or your running the content of the text files through
eval()

> 
> Thanks.
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP5 Cross Compilation

[Jochem Maas]

Kiran Malla wrote:
> Hello,
> 
> What are all the flags and variables to set to cross compile PHP for arm? I
> didn't get any info on the query I posted earlier. If anyone has tried php
> on arm linux, please let me know the steps.

if google didn't give any answers then I might suggest the php internals
mailing list as a place to post a question - chances are that there are not
a lot of people here that know jack shit about cross compiling.

> 
> Thanks so much,
> 
> Regards,
> Kiran
> 
> On 1/18/07, Kiran Malla <[EMAIL PROTECTED]> wrote:
>>
>> Hello,
>>
>> I am trying to cross compile PHP-5.2.0 for arm linux.
>>
>> # export CC=/usr/local/arm/3.3.2/bin/arm-linux-gcc
>> # export AR=/usr/local/arm/3.3.2/bin/arm-linux-ar
>> # export LD=/usr/local/arm/3.3.2/bin/arm-linux-ld
>> # export NM=/usr/local/arm/3.3.2/bin/arm-linux-nm
>> # export RANLIB=/usr/local/arm/3.3.2/bin/arm-linux-ranlib
>> # export STRIP=/usr/local/arm/3.3.2/bin/arm-linux-strip
>>
>> # ./configure --host=arm-linux --sysconfdir=/etc/appWeb
>> --with-exec-dir=/etc/appWeb/exec
>>
>> Result of this configure is,
>>
>> Checking for iconv support... yes
>> checking for iconv... no
>> checking for libiconv... no
>> checking for libiconv in -liconv... no
>> checking for iconv in -liconv... no
>> configure: error: Please reinstall the iconv library.
>>
>> I have installed libiconv-1.11 on my system. The command 'which iconv'
>> shows '/usr/local/bin/iconv'. I have no clue why configure is failing
>> due to
>> missing iconv.
>>
>> Somebody please throw some light on this issue.
>>
>> Regards,
>> Kiran
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Where can I get the Printer extension?

[Jochem Maas]

Chris wrote:
> Chuck Anderson wrote:
>> Chris wrote:
>>> Chuck Anderson wrote:
>>>  
 It thought it would be bundled with my Windows version pf Php 4.4.1,
 but it is not.

 I've searched for it and can't find it at php.net.
 
>>>
>>> You didn't search very hard.
>>>   
>>
>>> On this page:
>>>
>>> http://php.net/printer
>>>
>>> Read the bit under "Installation".
>>>
>>> "This PECL extension is not bundled with PHP."
>>>
>>> and
>>>
>>> "You may obtain this unbundled PECL extension from the various PECL
>>> snaps pages (select the appropriate repository for your version of
>>> PHP): PECL for PHP 4.3.x, PECL for PHP 5.0.x  or PECL Unstable."
>>>
>>>   
>>
>> I did look there.  I did read that.
>>
>> You didn't try those links, though, did you?  (Not Found)
>>
>> (btw,  I asked in another group and just found that it is located
>> here: )
>>
>> I don't see how to get there from the main PECL site, but there it is.
> 
> Consider myself reprimanded :P

not too much :-) ...

http://snaps.php.net/win32/PECL_5_0/NOT FOUND
http://snaps.php.net/win32/ DIR LISTING
http://snaps.php.net/   WEB INTERFACE

> 
> However you didn't mention that the links didn't work ;)
> 
> Post a documentation bug at http://bugs.php.net :)
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] non-blocking request to a url (via curl or file_get_contents or whatever)...

[Jochem Maas]

hi,

I have a tradedoubler webbug to implement in site - not a problem as such - but
I have a slight issue when it comes to online payments.

I have an order processing page that is requested *directly* by an online 
payment service
in order to tell the site/system that a given order has successfully completely,
this occurs prior to the online payment service redirecting the user back to my 
site...

at the end of the order processing the order (basically the order is marked as 
completed)
is removed from the session in such a way that there is no longer anyway to 
know details
about the order, so by the time the user comes back to the site I don't have 
the required
info to create the required webbug url...

which led me to the idea/conclusion that I must (in the case of successful 
online payments)
generate the webbug url in the order processing page while the relevant order 
details are
still available and then make a request to the webbug url directly from the 
server...

I could make this request by simply doing this:

file_get_contents($webbugURL);

but this would block until the data was returned, but I don't want to wait for 
a reply and
I definitely give a hoot about the content returned ... all I want is for the 
request to
go out on the wire and then have my script immediately continue with what it 
should be doing.

I believe this would require creating a non-blocking connection in some way, 
but I'm stuck
as to the correct way to tackle this. I've been reading about non-blocking 
sockets/streams etc
but I'm just becoming more and more confused really, anyone care to put me out 
of my misery?

rgds,
Jochem

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Security Question

[Jochem Maas]

Al wrote:
> Good point about the ' evil haxor code here; '.  That's
> bad for our users, not the site, per se.

what is bad for your users is bad for your site, on top of that
the script is running in the context of your domain - all sorts of
nasty possibilities that could affect your site.

> 
> Raw text to html is primarily done with a series of preg_replace()
> operations.

what/how [exactly] the transformation is done determines
whether your safe.

> 
> No include() or exec() allowed near the text.
> 
> Sounds like I'm in pretty good shape.

maybe, maybe not - see above.

(do you practice any sports? ;-P)

...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] non-blocking request to a url (via curl or file_get_contents or whatever)...

[Jochem Maas]

because I like talking to myself :-P 

Jochem Maas wrote:
> hi,
> 

...

> I definitely give a hoot about the content returned ... all I want is for the 
> request to
> go out on the wire and then have my script immediately continue with what it 
> should be doing.
> 
> I believe this would require creating a non-blocking connection in some way, 
> but I'm stuck
> as to the correct way to tackle this. I've been reading about non-blocking 
> sockets/streams etc
> but I'm just becoming more and more confused really, anyone care to put me 
> out of my misery?

did more reading, still unsure of the whole thing, this is what I have right 
now:

$url = array('', 'tbs.tradedoubler.com', '/report?blablablabla');
$isSSL = true;
$proto = $isSSL ? 'ssl://' : 'http://';
$port  = $isSSL ? 443 : 80;
$errno = $errstr = null;
if ($sock = fsockopen($proto.$url[1], $port, $errno, $errstr, 10)) {
stream_set_blocking($sock, 0);
fwrite($sock, "GET {$url[2]} HTTP/1.0\r\n");
fwrite($sock, "Host: {$url[1]}\r\n");
//fwrite($sock, "Content-length: 0\r\n");
//fwrite($sock, "Accept: */*\r\n");
fwrite($sock, "\r\n");
fclose($sock);
}

does this make any sense, will this work at all?
would the 10 second timeout [potentially] negate all the hard work?

> 
> rgds,
> Jochem
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] non-blocking request to a url (via curl or file_get_contents or whatever)...

[Jochem Maas]

Roman Neuhauser wrote:
> # [EMAIL PROTECTED] / 2007-01-20 00:33:10 +0100:
>> I have a tradedoubler webbug to implement in site
> 
> Pardon my ignorance, what's "a tradedoubler webbug"?

http://www.tradedoubler.com/pan/public should explain;
a webbug is merely an  tag with a src pointing to some
kind of tracking script.


> 
>> I have an order processing page that is requested *directly* by an online 
>> payment service
>> in order to tell the site/system that a given order has successfully 
>> completely,
>> this occurs prior to the online payment service redirecting the user back to 
>> my site...
>>
>> at the end of the order processing the order (basically the order is marked 
>> as completed)
>> is removed from the session in such a way that there is no longer anyway to 
>> know details
>> about the order, so by the time the user comes back to the site I don't have 
>> the required
>> info to create the required webbug url...
> 
> Wou should still have the order id, or how do they tell you *which*
> order was it? What data do you need? I'm having trouble understanding
> your email at all. Could you try again, using shorter sentences? :)

I think that probably the whole story is a bit superfluous, essentially the 
question is
simply: how do I make a non-blocking http request and let the script continue 
immediately
without ever caring about what response/content is returned by the http request.

nonetheless here is 'flow' of what I was describing.

1. user stuffs things into shopping basket on [my] site (data stored in session)
2. user goes to check out.
3. user chooses online payment.
4. user is redirected to online payment provider site
5. user completes payment successfully
6. online payment provider site contacts [my] site/server directly with 
transaction status/details
7. user is shown 'thank you' page on online payment provider site
8. user is redirected back to [my] site and shown 'real' 'thank you' page.

step 6 does not involve the user or the browser *at all* it's a direct server 
to server
communication. the request the online payment provider makes to my server 
causes the
order to be completed, saved to a database and the relevant data to be removed 
from
the users session. (completed orders 'disappear' from the website - this was a 
'security'
requirement of the client).

normally in step 8 the webbug would be placed on the 'thank you' page, but in 
this case
the data needed to craft the webbug's url is no longer available - the solution 
is
to perform the request the the webbug's url represents directly from my server 
during the
code that runs as a result of the request made by the online payment provider 
in step 6.

this is easy if I merely do this:

file_get_contents($webbugURL);

BUT this means the http request this entails would block further processing
of my script until the request returns it's content, what I would like to do is
make the request without waiting for *any* kind of communication from the server
reference in the $webbugURL.

does this make sense?


>  

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Request for...

[Jochem Maas]

Wikus Moller wrote:
> Hi.
> 
> Since this is a mailing list for web developers, I thought I might as
> well post an o f f  t o p i c request.
> Does anyone know of any website where I can get a exe or jar sitemap
> generating software? 

php.

> Particularly not GsiteCrawler as it uses too much
> system resources. A java applet would be nice. And, if possible, free
> of charge ^.^
> 
> And does anyone know how and if a j a v a applet can be extracted from
> a webpage?(also a class)

yes is can. scrap the relevant page, find the relevant url and
make a request for that resource. bingo~

> 
> Thanks
> Wikus
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] non-blocking request to a url (via curl or file_get_contents or whatever)...

[Jochem Maas]

Roman Neuhauser wrote:
> # [EMAIL PROTECTED] / 2007-01-20 01:30:55 +0100:
>>> I definitely give a hoot about the content returned ... all I want
>>> is for the request to go out on the wire and then have my script
>>> immediately continue with what it should be doing.
>>>
>>> I believe this would require creating a non-blocking connection in
>>> some way, but I'm stuck as to the correct way to tackle this. I've
>>> been reading about non-blocking sockets/streams etc but I'm just
>>> becoming more and more confused really, anyone care to put me out of
>>> my misery?
>> did more reading, still unsure of the whole thing, this is what I have
>> right now:
>>
>>  $url = array('', 'tbs.tradedoubler.com', '/report?blablablabla');
>> $isSSL = true;
>> $proto = $isSSL ? 'ssl://' : 'http://';
>> $port  = $isSSL ? 443 : 80;
>> $errno = $errstr = null;
>> if ($sock = fsockopen($proto.$url[1], $port, $errno, $errstr, 
>> 10)) {
>> stream_set_blocking($sock, 0);
>> fwrite($sock, "GET {$url[2]} HTTP/1.0\r\n");
>> fwrite($sock, "Host: {$url[1]}\r\n");
>> //fwrite($sock, "Content-length: 0\r\n");
>> //fwrite($sock, "Accept: */*\r\n");
>> fwrite($sock, "\r\n");
>> fclose($sock);
>> }
>>
>> does this make any sense, will this work at all?
>> would the 10 second timeout [potentially] negate all the hard work?
> 
> Yes, you need to wait for the socket to connect, and that's synchronous
> in all cases.  I don't know enough about sockets in PHP to help further
> here, but if the semantics follows write(2) behavior in C, then what you
> have is broken. Non-blocking IO means the fwrite() could return before
> it could write all you gave it (it returns how many bytes it's written).

ah yes, I did read that, you pointing it out has made it become clearer.
that would mean the 'fastest' I could push out the http request is
probably by doing:

if ($sock = fsockopen($proto.$url[1], $port, $errno, $errstr, 4)) {
fwrite($sock, "GET {$url[2]} HTTP/1.0\r\n");
fwrite($sock, "Host: {$url[1]}\r\n");
fwrite($sock, "\r\n");
fclose($sock);
}

but I'd have to check with tradedoubler if they could indicate what their
'report' server's maximum response time could be (hopefully very low) for the
timeout AND find out whether their 'report' server does something similar
to ignore_user_abort().

anyway thanks for your input!

> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] non-blocking request to a url (via curl or file_get_contents or whatever)...

[Jochem Maas]

Roman Neuhauser wrote:
> # [EMAIL PROTECTED] / 2007-01-20 16:50:48 +0100:
>> Roman Neuhauser wrote:
>> 1. user stuffs things into shopping basket on [my] site (data stored in 
>> session)
>> 2. user goes to check out.
>> 3. user chooses online payment.
>> 4. user is redirected to online payment provider site
>> 5. user completes payment successfully
>> 6. online payment provider site contacts [my] site/server directly with 
>> transaction status/details
>> 7. user is shown 'thank you' page on online payment provider site
>> 8. user is redirected back to [my] site and shown 'real' 'thank you' page.
> 
> That was perfect, thanks a lot!
>  
>> normally in step 8 the webbug would be placed on the 'thank you' page,
>> but in this case the data needed to craft the webbug's url is no
>> longer available - the solution is to perform the request the the
>> webbug's url represents directly from my server during the
>> code that runs as a result of the request made by the online payment
>> provider in step 6.
> 
> Is it important that the callback gets called synchronously?  

dunno - definitely going to ask though!
in fact I feel stupid for not contemplating it myself,
I have a nasty suspicion that the script behind the url that the
tradedoubler webbug points to does stuff with the info the user's
browser would normally provide ...

in which case I would need to do something else - like generate the
webbug url at the point that I can (during order finalization) and store the
generated url in the relevant user's session and then use/place the webbug with
that url at the first opportunity to

> Is the
> order reconstructible from the callback url? 

to some extent but I don't think that is relevant to my current little puzzle.

> If not I'd write
> a small script to fetch urls from a database table and feed them to
> wget or similar. 

you've got me thinking about it from a totally different angle, and I've
got to understanding sockets/streams a little too! I now have enough ammo
to 'kill' the problem.

thank you very much for lending me your brain :-)

> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Request for...

[Jochem Maas]

Børge Holen wrote:
> On Saturday 20 January 2007 17:09, Stut wrote:
>> Wikus Moller wrote:

...

>> -Stut
>>
>> Easily annoyed today. 

dunno - I reckon the OP was trying pretty hard ;-)

>> Must be a Saturday, I never could get the hang of
>> Saturdays.
> 
> ah,,... you say, I'm just ackin' to get rid of Tuesdays.
> Saturdays is quite alright, in fact... this is the 
> dontwannadonothingandgetsawaywithitday!

I'm with Garfield - f*** mondays :-)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Request for...

[Jochem Maas]

Jay Blanchard wrote:
> [snip]
> Since this is a mailing list for web developers, I thought I might as
> well post an o f f  t o p i c request.
> Does anyone know of any website where I can get a exe or jar sitemap
> generating software? Particularly not GsiteCrawler as it uses too much
> system resources. A java applet would be nice. And, if possible, free
> of charge ^.^
> 
> And does anyone know how and if a j a v a applet can be extracted from
> a webpage?(also a class)
> [/snip]
> 
> Wikus my dear fellow, are their Java mailing lists? Would you like me to
> find one for you? Are you familiar with Google?
> 
> Better yet, how about one in PHP for free? I went to Google and typed in
> 'site map generator PHP' and the first result was
> http://www.softswot.com/sitemapinfo.php. Not only is the web site done
> in PHP, but the application is as well. How cool is that?
> 
> Listen up butt-bite. Next time, before you respond off list to those who
> tried to give you even the teeniest bit of help please demonstrate that
> you tried to help yourself get the answer or showed a modicum of
> initiative. Hundreds will attempt to help you when you have shown that
> you tried to help yourself.
> 

and otherwise you risk getting "Blanch'ed" (like what they do with vegetables)

so for the rest of the list here's 2 new 'verbs' in honour of 2 fine members
(I can't help if their names 'fit'):

to be Lynched   - to receive a 2000 word essayon the topic of your 
choice followed by a *shrug*
to be Blanched  - to be told (in one of many, many ways) to 
RTFM/STFW/get-your-head-out-of-your-arse

>  
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Security Question

[Jochem Maas]

Al wrote:
> Here is part of my proxie tags to html tags translation array. Looks
> pretty safe to me. There is other code to recognize paragraphs and
> lists, etc.

any 'real' html in the content your 'translating' is still going to
be there after translation - and therefore sent to the client,
quite impossible to say, with out know the code or the realiability of the
content source (e.g. the people that generate the content files)
how safe it actually is.

I would suggest you go to http://phpsec.org - chances are you learn something
that you have yet to consider at this point in time :-)


> 
> $translate_array= array(
> ''=> ' ''=> '',
> ''=> '" target="_blank">',
> ""=> '=> "\">",
> ''=> '',
> ''=> " ''  => '">',
> ''=> "\n",
> ''=> "\n",
> ''=> "",
> ''=> "\n",
> ''=> '',
> ''=> '',
> ''=> " style=\"text-decoration:underline\" href=\"$request_url\">Return to
> previous page\n",
>  );
> 
> Jochem Maas wrote:
>> Al wrote:
>>> Good point about the ' evil haxor code here; '.  That's
>>> bad for our users, not the site, per se.
>>
>> what is bad for your users is bad for your site, on top of that
>> the script is running in the context of your domain - all sorts of
>> nasty possibilities that could affect your site.
>>
>>> Raw text to html is primarily done with a series of preg_replace()
>>> operations.
>>
>> what/how [exactly] the transformation is done determines
>> whether your safe.
>>
>>> No include() or exec() allowed near the text.
>>>
>>> Sounds like I'm in pretty good shape.
>>
>> maybe, maybe not - see above.
>>
>> (do you practice any sports? ;-P)
>>
>> ...
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Warning: session_destroy

[Jochem Maas]

Andre Dubuc wrote:
> Hi,
> 
> To stop bots from accessing secured pages, I've added the following code to a 
> banner page that is called by every page. Furthermore, each page starts with 
>  and includes the banner page:
> 
> 'top1.php' [banner page]
> 
>if((eregi("((Yahoo! Slurp|Yahoo! Slurp China|.NET CLR|Googlebot/2.1|
> Gigabot/2.0|Accoona-AI-Agent))",$_SERVER['HTTP_USER_AGENT'])))
>   { 
>   if ($_SERVER['HTTPS'] == "on")
>   {
>   session_destroy();
>   header("Location: http://localhost/logout.php";);
>   }
>   }
> ?>
> 
> I'm testing on localhost with the browser set to 'Googlebot/2.1' - and the 
> code works great. Any page that is set for https is not served, and if https 
> has been set by a previous visit, it goes to http://somepage.
> 
> However, checking the live version, I get an secure-error_log entry:
> 
> "PHP Warning:  session_destroy() [ href='function.session-destroy'>function.session-destroy]: Trying to 
> destroy uninitialized session"

which page is causing the error? is it logout.php perhaps? does that page
call session_destroy too?

your browser making a request with the user-agent set to 'GoogleBot Blabla'
is not the same as an actual googlebot that's making a request - in the 
difference
could lie the problem

is session_start() actually returning true we you call it in script run as a 
result of
a request initialized by a bot?

btw: do you need to send the bot to logout.php if you've just destroyed the 
session?
also, why not just redirect to an http url if it's a bot connecting via https
and forget trying to destroy the session?

> 
> Question is: didn't the session_start(); on the calling page take effect, or 
> is this some other problem?
> 
> Is there something like 'isset' to check whether 'session_destroy(); is 
> needed? [I've tried isset, it barfs the code.]
> 
> Tia,
> Andre
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I lied, another question / problem

[Jochem Maas]

Roman Neuhauser wrote:
> # [EMAIL PROTECTED] / 2007-01-17 16:59:26 +0100:
>> Roman Neuhauser wrote:
>>> re_format(7) on FreeBSD:
>>>
>>>  A bracket expression is a list of characters enclosed in `[]'.
>>>  (...)
>>>  If two characters in the list are separated by `-', this is
>>>  shorthand for the full range of characters between those two
>>>  (inclusive) in the collating sequence, e.g. `[0-9]' in ASCII
>>>  matches any decimal digit.
>>>  (...)
>>>  Ranges are very collating-sequence-dependent, and portable programs
>>>  should avoid relying on them.
>> one other thing ...
>>
>> wouldn't it be fair to assume (safety through paranoia) that
>> ctype_alnum() would suffer the same problem? (given the manual's
>> indication that ctype_alnum() and the offending regexp are equivalent?)
> 
> isalnum(3) uses isalpha(3) and isdigit(3), so yes, their results are
> locale-dependent (LC_CTYPE, see setlocale(3)), but don't depend on
> collating sequence. 

so really the doc's are slightly misleading or even incorrect,
I will try to formulate a succinct question for internals@ to ask whether
this should be reported as documentation bug.

as a side note: do you have any real world example of where this
collation issue might actually bite someone making use of the aforementioned
regexp range?

> isdigit(3):
> 
>  The isdigit() function tests for a decimal digit character.  Regardless
>  of locale, this includes the following characters only:
> 
>  ``0'' ``1'' ``2'' ``3'' ``4''
>  ``5'' ``6'' ``7'' ``8'' ``9''
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: most powerful php editor

[Jochem Maas]

Gregory Beaver wrote:
> Vinicius C Silva wrote:
>> hi everyone!
>>
>> i'd like to ask something maybe commonly asked here. what is the most
>> powerful php editor?
> 
> I am

that's it, consider yourself enrolled in a Celebrity Death Match
against mr Lerdorf :-P


> 
> Yours,
> Greg
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Forced File Downloads

[Jochem Maas]

Don wrote:
> I've been having my forced downloads sometimes finish prematurely using
> readfile(). I'm downloading a Windows .exe file.
> 
> I've read several posts that have suggested the substitution of a fread/feof
> loop to write out the download in smaller chunks. I tried using a function
> (readfile_chunked) I found in the user comments on php.net.
> 
> But for some odd reason, every time the downloaded file is one byte larger
> than the original file, and it's not being recognized as a valid Windows 
> file.


does the end of your download script look like this?:

?>

by which I mean does it actually resemble one of the following strings:

$end = "?>
";
$end = "?> ";


is there a space or newline AFTER the last closing php tag?

avoid this PITA type of bug and never ever add a closing php tag
*if* it's the last thing in the file .. the php engine will see that it's 
reached
EOF and consider that as a closing tag as far as trying to parse any code
goes.

> 
> I'm using PHP 4.4.4 on a shared Linux server running Apache.
> IE and FireFox both exhibit the problem on the Windows end. I'm
> using WinXP SP2.
> 
> I've listed relevant snippets below. $file_name is the fully qualified
> path to the (.exe) file.
> 
> Any ideas?
> #=
> 
> # Download the File
> 
> #=
> 
> header("Pragma: public");
> 
> header("Expires: 0");
> 
> header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
> 
> header("Cache-Control: private", false);
> 
> header("Content-Description: File Transfer");
> 
> header("Content-Type: application/octet-stream");
> 
> header("Accept-Ranges: bytes");
> 
> header("Content-Disposition: attachment; filename=" . $file_name . ";");
> 
> header("Content-Transfer-Encoding: binary");
> 
> header("Content-Length: " . @filesize($file_path));
> 
> header ("Connection: close");
> 
> @ignore_user_abort();
> 
> @set_time_limit(0);
> 
> // @readfile($file_path);
> 
> readfile_chunked($file_path, FALSE);
> 
> exit();
> 
> ..
> 
> function readfile_chunked($filename, $retbytes = true) {
> 
>  $chunksize = 8 * 1024; // how many bytes per chunk
> 
>  $buffer = '';
> 
>  $cnt = 0;
> 
>  $handle = fopen($filename, 'rb');
> 
>  if ($handle === false) {
> 
>  return false;
> 
>  }
> 
>  while (!feof($handle)) {
> 
>  $buffer = fread($handle, $chunksize);
> 
>  echo $buffer;
> 
>  ob_flush();
> 
>  flush();
> 
>  if ($retbytes) {
> 
>  $cnt += strlen($buffer);
> 
>  }
> 
>  }
> 
>  $status = fclose($handle);
> 
>  if ($retbytes && $status) {
> 
>  return $cnt; // return num. bytes delivered like readfile() does.
> 
>  }
> 
>  return $status;
> 
> }
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] First Character In A String

[Jochem Maas]

Christopher Deeley wrote:
> Can anyone tell me if there is a function to return the first letter in a
> string, such as:
> 
> $surname="SMITH";
> $forename="ALAN";
> 
> Is there a function which I can use to make $forename "A", so I can display
> it as A SMITH?

another alternative to the other answers you have had,
this alternative introduces you to the 'String access and modification by 
character'
functionality as described here:

http://nl2.php.net/manual/en/language.types.string.php


 0)
 ? $forename[0]
 : ''
 ;

echo trim($initial.' '.$surname);

> 
> Thank You In Advance
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] proxy

[Jochem Maas]

[EMAIL PROTECTED] wrote:
> Hi list,
> 
> I am trying to create a link checker that would look for broken URLs
> with help of the following code"
> 
> $handle = @fopen("http://www.circle.am";, "r");
> if ($handle):
> print "OK";
> else:
> print "Error";
> endif;
> 
> The problem is that I want to check if the links are accessible under
> certain proxy, so is there any way to tell the script to open the URL
> under a proxy?

the curl extension is [probably] what your looking for:

http://php.net/curl

check out the user-notes, there is an example in there for specifying
a request via a given proxy.

> 
> Thank you in advance.
> 
> Ed
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] First Character In A String

[Jochem Maas]

Robert Cummings wrote:
> On Sun, 2007-01-21 at 16:02 +0100, Jochem Maas wrote:
>> >
>> $initial = (is_string($forename) && strlen($forename) > 0)
>>   ? $forename[0]
>>   : ''
>>   ;
>>
>> echo trim($initial.' '.$surname);
>>
>> ?>
> 
> That sure is verbose Jochem...

agreed, it was done on purpose in the spirit of 'give the OP
a hint about not assuming anything about the input', I could have done this:



which is as short as I can make it :-) it also assumes that the OP
actually santized the incoming data ($forename) before doing *anything* with
it.

> 
>  
> echo trim( substr( (string)$forename, 0, 1 ).' '.$surname );
> 
> ?>
> 
> Cheers,
> Rob.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] First Character In A String

[Jochem Maas]

Robert Cummings wrote:
> On Sun, 2007-01-21 at 16:27 +0100, Jochem Maas wrote:
>> Robert Cummings wrote:
>>> On Sun, 2007-01-21 at 16:02 +0100, Jochem Maas wrote:
>>>> >>>
>>>> $initial = (is_string($forename) && strlen($forename) > 0)
>>>> ? $forename[0]
>>>> : ''
>>>> ;
>>>>
>>>> echo trim($initial.' '.$surname);
>>>>
>>>> ?>
>>> That sure is verbose Jochem...
>> agreed, it was done on purpose in the spirit of 'give the OP
>> a hint about not assuming anything about the input', I could have done this:
>>
>> 
>>
>> which is as short as I can make it :-) it also assumes that the OP
>> actually santized the incoming data ($forename) before doing *anything* with
>> it.
> 
> Oh, I didn't make mine as short as I could, I sanitized it, and didn't
> cheat by using the error suppression operator ;)

consider it my evil streak :-)
indeed yours is the better.

> 
>>> echo trim( substr( (string)$forename, 0, 1 ).' '.$surname );

now we can get on with having a flame war as to the 'best' way to style
your code, because obviously this is better ;-) ...

echo trim(substr((string)$forename, 0, 1).' '.$surname);

> 
> Cheers,
> Rob.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php