[PHP] IMPORTANT: PHP does NOT cause browser issues.

2007-01-11 Thread Raphael Martins

Hi everybody.

Due some recent messages in this list and other CSS/XHTML list, I´ve decided
to post this to clarify a very common question: PHP is compatible with ALL
browsers. Why? Because PHP runs at the server, aside from the browser. The
only thing the browser will see is the response (in plain text or html
code). The response code may be incompatible, but not the PHP code. So,
again: PHP is compatible with ALL browsers because PHP does not run at the
browser.

The other issue is: "I would like to run some PHP code when the user click a
link or press a button". Sorry pal... unless you use AJAX or iFrames, it
will not gonna happen. Consider post this types of questions in Javascript
or AJAX lists.
As said before, PHP runs at the server and this kind of problem require
client-side scripting.

Questions about rendering bugs in HTML should be posted at CSS or HTML
Lists.

Sorry if I sounded too cranky. But it´s for a good reason.

Good PHPíng.

P.S.: My suggestion is to send a message explaining that to every member
that joins the list.

--
"Love all. Trust a few. Do wrong to none."


Re: [PHP] Please Help with simple Noob problem

2007-01-11 Thread Raphael Martins

Use  instead of , or try to add some space
after the 
Hello all. I seem to be having a terrible tim ewith something that is
so simple it makes me sick.  I have a server running FC2.  it has
Apache 2.x.x on it and it came installed with php-4.x.x.  Sorry I
don't have the exact versions but fatigue and frustration has taken
over.  I can get them if you really need them.  Here's the major
problem.  When I try and view a simple php page in the browser, it
doesn't display anything that has to do with the php tags.  By that I
mean it won't recognize the  php directives (I guess).  I made a
simple page (the infamous phpinfo ()  page) right out of the books.
Saved it as test.php just like it said.  Made sure that apache is
running and browsed to the page. Nothing, no errors, no nothing.  I
have made up some other pages (mostly from some php books - real
simple ones) to view and they all display the same action.

Now when these machines (I actually have a couple of these servers and
they all act the same) were installed, it was from FC2 CD's with the
webserver full package.  There were all kinds of php files installed,
etc.  In my httpd.conf file it calls the php.ini file, etc.  So it
seems to be all there.

Can anyone out there help me figure out how to make this work?  I
would be truly indebted to you, put you on my Christmas card list, etc.

Thanks in advance to all of you kind and wonderful people.

Scott



Re: [PHP] Mysql strategy

2006-11-14 Thread Raphael Martins

Larry Garfield escreveu:

On Monday 13 November 2006 17:51, Chris wrote:

  

It's not going to make a great deal of difference if you do the
processing in the MySQL or the PHP, in this case it's basically the same
operation in each.  I suspect that efficiently recreating the LIKE
functionality in PHP wouldn't be trivial to do, if you are just doing
straight comparisons the MySQL STRCMP function should be faster.
  

I'd say there will be a big difference. Pulling in 10,000 entries from
the database and then sorting them in php will take a lot of memory (and
database time to retrieve all of the entries). Getting the database to
restrict that number of entries will take a little time but it doesn't
have to return all entries, your php memory won't blow out and it won't
have bugs in it.



As a general rule, I try to push as much logic into the query as I can for the 
simple reason that MySQL is optimized C and my PHP code gets interpreted.  
The odds of me writing something in PHP that's faster than MySQL AB's C code 
are slim. :-)  The exception is grouping, which I've often had to do in PHP 
with a loop to rebuild a result array.  The performance hit for that is not 
that big, however, and if you free() the result set afterward then the memory 
usage is not a major issue either.


If you're finding your query is slow, look into your indexes.  Just today I 
cut a single query from 230 seconds to 21 seconds just by adding two 
indexes. :-)


  
I´m buiding a system that perform searches based on comma-separated 
"tags". I´m using the MySQL FIND_IN_SET function.


:D

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Prevent XSS using DOM Extension and/or SimpleXML

2006-11-14 Thread Raphael Martins

Hi there!

I´m building a form validator using PHP and JS. It´s working fine by 
now, but I want to make a little improvement. Here is how its working now:


 1. The user fill the form. Every time he leaves the field, the JS
code match the value against a regexp to validate.
 2. When the user submits the form, the PHP script match all the
values against the same regexp's.

Now, i want to validate my fields to prevent XSS, allowing my html tags 
but only the attributes that I want.

I thought something like: (the tags and the valid attributes).
array(""),
  "a"=>array("href","name","rel"),
  "ol"=>array(""),
  "ul"=>array(""),
  "li"=>array(""),
  "h2"=>array(""),
  "h3"=>array(""),
  "h4"=>array(""),
  "h5"=>array(""),
  "h6"=>array(""),
  "strong"=>array(""),
  "em"=>array("")  );
$valid_elements = "<".join("><",array_keys($form_html_validation)).">";
$userInput = strip_tags($userInput,$valid_elements);
//perform DOM Attribute Validation
?>
But I don´t know how to loop over every attribute for each tag in the 
DomTree.


Someone has any ideas?

Thank You

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] DOM Validation using PHP

2006-11-13 Thread Raphael Martins

Hi there!

I´m building a form validator using PHP and JS. It´s working fine by 
now, but I want to make a little improvement. Here is how its working now:


  1. The user fill the form. Every time he leaves the field, the JS
 code match the value against a regexp to validate.
  2. When the user submits the form, the PHP script match all the
 values against the same regexp's.

Now, i want to validate my fields to prevent XSS, allowing my html tags 
but only the attributes that I want.

I thought something like: (the tags and the valid attributes).
array(""),
   "a"=>array("href","name","rel"),
   "ol"=>array(""),
   "ul"=>array(""),
   "li"=>array(""),
   "h2"=>array(""),
   "h3"=>array(""),
   "h4"=>array(""),
   "h5"=>array(""),
   "h6"=>array(""),
   "strong"=>array(""),
   "em"=>array("")  
);

$valid_elements = "<".join("><",array_keys($form_html_validation)).">";
$userInput = strip_tags($userInput,$valid_elements);
//perform DOM Attribute Validation
?>
But I don´t know how to loop over every attribute for each tag in the 
DomTree.


Someone has any ideas?

Thank You

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Permanent Links - Blog

2006-11-08 Thread Raphael Martins

Hi,

How do I implement that
"http://myhost/blog/date/of/post/name-of-the-post"; thing, instead of
"http://myhost/blog/view.php?id=id-of-the-post"; ?
I´ve seen this in many blogs, but it´s easy to implement?
See it in action at wikipedia, blogger blogs, simplebits
.

Both simplebits and wikipedia is written in PHP, I guess.

Help!

Thank you

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Permanent Links - Blog

2006-11-08 Thread Raphael Martins

Hi,

How do I implement that 
"http://myhost/blog/date/of/post/name-of-the-post"; thing, instead of 
"http://myhost/blog/view.php?id=id-of-the-post"; ?

I´ve seen this in many blogs, but it´s easy to implement?
See it in action at wikipedia, blogger blogs, simplebits 
.


Both simplebits and wikipedia is written in PHP, I guess.

Help!

Thank you

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] FTP

2006-10-08 Thread Raphael Martins

I will be sending files over my php script... One client asked me for a
project where he allow clients to send some large files (like 50mb)...I
thought that FTP (via PHP)  will allow that.

Today he just give the FTP server user and password to his clients, but he
is worried about the security (of course!). Is there a better way? I was
thinking in split the files in several .RAR volumes... (actually, the client
will send his .RAR files instead of a 50mb file), and use remote scripting
to upload each file separatly.

Any Ideas?

Thank you!

2006/10/8, Yannick Warnier <[EMAIL PROTECTED]>:


Le samedi 07 octobre 2006 à 20:50 -0300, Raphael Martins a écrit :
> Hi,
>
> When I send files via FTP, the file size is limited to the php.ini max
> upload value?
> Thank you!

No, unless you handle the FTP server with a PHP script. php.ini only
limits the size of files handled by PHP (generally via HTTP), so it
should not affect FTP (unless your FTP server is in PHP).

Yannick

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] FTP

2006-10-07 Thread Raphael Martins

Hi,

When I send files via FTP, the file size is limited to the php.ini max
upload value?
Thank you!


[PHP] FTP

2006-10-06 Thread Raphael Martins

Hi,
I need to send large files over my website...I was wondering if I could do
this using the PHP FTP Commands. The files will be larger then the
MAX_UPLOAD_SIZE in php.ini.

Is that possible? Or should I use a regular FTP program?

Thank you!