NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > PHP Discussion Digest> 2003-05

php-general Digest 30 May 2003 00:21:24 -0000 Issue 2086

php-general-digest-helplists.php.net
Date: Thu May 29 2003 - 19:21:24 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

php-general Digest 30 May 2003 00:21:24 -0000 Issue 2086

Topics (messages 149390 through 149507):

Re: Decrypting data with GnuPG
        149390 by: Pierre-Luc Soucy
        149398 by: Pierre-Luc Soucy
        149487 by: Evan Nemerson
        149489 by: Pierre-Luc Soucy

PHP and Flash
149391 by: César Aracena
149400 by: Sancar Saran

Re: corrupt images
149392 by: Al

Re: strip_tags() Quandry....
        149393 by: CF High
        149456 by: Carl Furst
        149457 by: CPT John W. Holmes
        149506 by: CF High

Re: Netbilling PHP Script
        149394 by: Mike Morton
        149405 by: Jason Wong
        149409 by: Mike Morton
        149410 by: Justin French
        149417 by: Mike Morton
        149424 by: Adam Voigt
        149427 by: Cal Evans
        149437 by: Jason Wong

making sense of time(), date() and strtotime()
149395 by: Justin French
149401 by: Rasmus Lerdorf

session_regenerate_id()
149396 by: Dan Joseph

A good function
        149397 by: Daniel J. Rychlik
        149399 by: Dan Joseph
        149423 by: Shaun

Re: Variables don't pass... *sniff*
        149402 by: Wendell Brown
        149403 by: Rasmus Lerdorf
        149404 by: Ford, Mike [LSS]
        149406 by: Wendell Brown
        149491 by: George Whiffen

Re: Date question
        149407 by: Shaun
        149411 by: Wendell Brown
        149415 by: Ford, Mike [LSS]
        149418 by: Jason Wong

How to create mail alias?
149408 by: Praveen Kumar

Re: Help with eval()
        149412 by: zavaboy
        149422 by: David Grant
        149425 by: zavaboy
        149428 by: David Grant
        149444 by: Marek Kilimajer
        149454 by: zavaboy

GD2 Bundled with PHP v 4.3.2
149413 by: Dave O Keeffe
149420 by: Ford, Mike [LSS]

easy update
149414 by: Edward Peloke
149416 by: Joe Stump

Random Blank Output wit 4.3.2
149419 by: Andy BIERLAIR

Re: PHP OOP x Procedural Performance
        149421 by: rush
        149426 by: Joe Stump
        149436 by: Johnson, Kirk
        149438 by: Joe Stump
        149446 by: Michael Sweeney
        149458 by: Ernest E Vogelsinger
        149460 by: rush
        149466 by: Dan Joseph

Links in e-mail
        149429 by: christian tischler
        149431 by: Joe Stump
        149432 by: Adam Voigt
        149433 by: ruusvuu.whitney.dns2go.com
        149461 by: Manuel Lemos

ldap_add() troubles
149430 by: Cecile

Structered or Object Oriented?
149434 by: Jaime Diaz
149484 by: Rey Segundo Guerrero Proenza

[sessions] using [sockets]. Very tough!
        149435 by: Nicholas F. Singh
        149445 by: Marek Kilimajer
        149448 by: Nicholas F. Singh
        149452 by: Marek Kilimajer
        149455 by: Nicholas F. Singh

Re: Biding Arrays from Oracle Stored Procedure to PHP Variables
149439 by: Gregory Watson
149507 by: Lang Sharpe

PHP.INI question.
149440 by: Ananth Kesari

Getting POSTed values from dynamically named checkboxes
        149441 by: Dillon, John
        149442 by: David Grant
        149443 by: CPT John W. Holmes

Can we use one PHP.INI directive to set the other?
149447 by: Ananth Kesari
149474 by: Catalin Trifu

easy conversion to a date?
        149449 by: Anthony
        149451 by: Jordan S. Jones
        149453 by: Michael Sweeney
        149459 by: Anthony

Re: vpopmail what is it???
149450 by: Jason Wong

imagecreatefromjpeg()
        149462 by: Edward Peloke
        149464 by: Steve Keller
        149465 by: Steve Keller
        149468 by: Edward Peloke
        149471 by: Edward Peloke
        149475 by: Steve Keller

opendir(), readdir() question..
149463 by: ef
149472 by: Catalin Trifu

Opening a Dynamic Pop Up Window
        149467 by: Jeffrey L. Fitzgerald
        149477 by: Monty
        149494 by: Jeffrey L. Fitzgerald
        149499 by: Jeffrey L. Fitzgerald
        149503 by: Kevin Stone

\n outputs \r\n ??
        149469 by: Michael Isaacs
        149473 by: Catalin Trifu
        149501 by: Jaap van Ganswijk

Best Approach for defining User Access Levels
149470 by: Monty

Ebay Cookie? Login Help w/ Script
149476 by: sevenfiftyflat

request
        149478 by: Marius
        149479 by: Weston Houghton
        149488 by: Evan Nemerson

sound
        149480 by: Bobby
        149481 by: Jordan S. Jones
        149482 by: Julien Wadin
        149483 by: Bobby
        149485 by: Brian S. Drexler
        149486 by: Alex Earl
        149495 by: zerof
        149496 by: ruusvuu.whitney.dns2go.com

e-mailing with attachements
149490 by: Artoo Smith
149492 by: Ernest E Vogelsinger

Variables not being past
        149493 by: The Doctor
        149497 by: Catalin Trifu
        149498 by: Philip Olson

Can't change a cookie
149500 by: Brian Dunning

Anyone have oci8 working on MacOSX?
149502 by: Sapporo

Array conversion
149504 by: John Wulff
149505 by: Ernest E Vogelsinger

Administrivia:

To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net

To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net

To post to the list, e-mail:
php-generallists.php.net

----------------------------------------------------------------------

attached mail follows:

Hi,

Does that mean that there is no way to achieve this with PHP and that I
should rather use the --passphrase-fd argument?

Thanks,

Pierre-Luc

Evan Nemerson wrote:
> GnuPG doesn't use stdin to read the password, which is where you're
> sending it. It uses a more low-level interface (check out the below link
> if you're interested) where they interact directly with the virtual
> console.
>
> Try piping to your command- that won't work either
>
> echo $PASSPHRASE | \
> /usr/bin/gpg \
> --homedir=/path/to/.gnupg \
> --no-secmem-warning \
> --always-trust \
> --yes \
> --output /path/to/output.txt \
> --decrypt /path/to/testtext.asc
>
> GnuPG source code for TTY I/O:
> http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/*checkout*/gnupg/util/ttyio.c?rev=1.28&content-type=text/plain
>
>
>
> On Wed, 2003-05-28 at 16:14, Pierre-Luc Soucy wrote:
>
>>Hi,
>>
>>I would like to decrypt data encoded with GnuPG without including the
>>private key passphrase in the command to prevent people from viewing it
>>with "ps".
>>
>>Here is the code I wrote:
>>
>>====
>>$command = "/usr/bin/gpg --homedir=/path/to/.gnupg --no-secmem-warning
>>--always-trust --yes --output /path/to/output.txt --decrypt
>>/path/to/testtext.asc";
>>$passphrase = '***********';
>>
>>$fp = popen($command, 'w+');
>>fputs($fp, $passphrase);
>>pclose($fp);
>>
>>print "Done";
>>exit;
>>======
>>
>>I assumed that the fputs() function would write the passphrase at the
>>prompt, but that doesn't seem to be the case - the command does not
>>create the output.txt file when ran by the PHP program (which is running
>>as a CGI under my user BTW) while it works when ran from the shell.
>>
>>Any idea why?
>>
>>Thanks!
>>
>>Pierre-Luc Soucy
>>
>
>

attached mail follows:

From the GnuPG docs:

--passphrase-fd n

Read the passphrase from file descriptor n. If you use 0 for n, the
passphrase will be read from stdin. This can only be used if only one
passphrase is supplied. Don't use this option if you can avoid it.

I added --passphrase-fd 0 to my command so the passphrase should
normally be read from stdin (according to the docs), but it still does
not work. Any idea? I am unfortunately not familiar with C code, so I
can difficultly find solutions to my problems by reading the GnuPG source.

Thanks!

Pierre-Luc

attached mail follows:

Are you appending a newline to your passphrase?

$passphrase = "my gnupg passphrase\n";

On Thursday 29 May 2003 06:56 am, you wrote:
> From the GnuPG docs:
>
> --passphrase-fd n
>
> Read the passphrase from file descriptor n. If you use 0 for n, the
> passphrase will be read from stdin. This can only be used if only one
> passphrase is supplied. Don't use this option if you can avoid it.
>
> I added --passphrase-fd 0 to my command so the passphrase should
> normally be read from stdin (according to the docs), but it still does
> not work. Any idea? I am unfortunately not familiar with C code, so I
> can difficultly find solutions to my problems by reading the GnuPG source.
>
> Thanks!
>
> Pierre-Luc
>
> Evan Nemerson wrote:
> > GnuPG doesn't use stdin to read the password, which is where you're
> > sending it. It uses a more low-level interface (check out the below link
> > if you're interested) where they interact directly with the virtual
> > console.
> >
> > Try piping to your command- that won't work either
> >
> > echo $PASSPHRASE | \
> > /usr/bin/gpg \
> > --homedir=/path/to/.gnupg \
> > --no-secmem-warning \
> > --always-trust \
> > --yes \
> > --output /path/to/output.txt \
> > --decrypt /path/to/testtext.asc
> >
> > GnuPG source code for TTY I/O:
> > http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/*checkout*/gnupg/util/ttyio.c?re
> >v=1.28&content-type=text/plain
> >
> > On Wed, 2003-05-28 at 16:14, Pierre-Luc Soucy wrote:
> >>Hi,
> >>
> >>I would like to decrypt data encoded with GnuPG without including the
> >>private key passphrase in the command to prevent people from viewing it
> >>with "ps".
> >>
> >>Here is the code I wrote:
> >>
> >>====
> >>$command = "/usr/bin/gpg --homedir=/path/to/.gnupg --no-secmem-warning
> >>--always-trust --yes --output /path/to/output.txt --decrypt
> >>/path/to/testtext.asc";
> >>$passphrase = '***********';
> >>
> >>$fp = popen($command, 'w+');
> >>fputs($fp, $passphrase);
> >>pclose($fp);
> >>
> >>print "Done";
> >>exit;
> >>======
> >>
> >>I assumed that the fputs() function would write the passphrase at the
> >>prompt, but that doesn't seem to be the case - the command does not
> >>create the output.txt file when ran by the PHP program (which is running
> >>as a CGI under my user BTW) while it works when ran from the shell.
> >>
> >>Any idea why?
> >>
> >>Thanks!
> >>
> >>Pierre-Luc Soucy

Cats are intended to teach us that not everything in nature has a function.

-Garrison Keillor

attached mail follows:

I just tried, but that didn't correct the problem - the output.txt file
is still not generated:

<?
$command = "/usr/bin/gpg --homedir=/path/to/homedir/.gnupg
--no-secmem-warning --passphrase-fd 0 --always-trust --yes --output
/path/to/homedir/.gpgkeys/temp/output.txt --decrypt
/path/to/homedir/.gpgkeys/temp/testtext.asc";
$passphrase = 'MY_PASSPHRASE'."\n";

$fp = popen($command, 'w+');
fputs($fp, $passphrase);
fputs($fp, $passphrase);
pclose($fp);

print "Done";
exit;
?>

Regards,

Pierre-Luc

Evan Nemerson wrote:
> Are you appending a newline to your passphrase?
>
> $passphrase = "my gnupg passphrase\n";
>
>
>
> On Thursday 29 May 2003 06:56 am, you wrote:
>
>> From the GnuPG docs:
>>
>>--passphrase-fd n
>>
>> Read the passphrase from file descriptor n. If you use 0 for n, the
>>passphrase will be read from stdin. This can only be used if only one
>>passphrase is supplied. Don't use this option if you can avoid it.
>>
>>I added --passphrase-fd 0 to my command so the passphrase should
>>normally be read from stdin (according to the docs), but it still does
>>not work. Any idea? I am unfortunately not familiar with C code, so I
>>can difficultly find solutions to my problems by reading the GnuPG source.
>>
>>Thanks!
>>
>>Pierre-Luc
>>
>>Evan Nemerson wrote:
>>
>>>GnuPG doesn't use stdin to read the password, which is where you're
>>>sending it. It uses a more low-level interface (check out the below link
>>>if you're interested) where they interact directly with the virtual
>>>console.
>>>
>>>Try piping to your command- that won't work either
>>>
>>>echo $PASSPHRASE | \
>>>/usr/bin/gpg \
>>>--homedir=/path/to/.gnupg \
>>>--no-secmem-warning \
>>>--always-trust \
>>>--yes \
>>>--output /path/to/output.txt \
>>>--decrypt /path/to/testtext.asc
>>>
>>>GnuPG source code for TTY I/O:
>>>http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/*checkout*/gnupg/util/ttyio.c?re
>>>v=1.28&content-type=text/plain
>>>
>>>On Wed, 2003-05-28 at 16:14, Pierre-Luc Soucy wrote:
>>>
>>>>Hi,
>>>>
>>>>I would like to decrypt data encoded with GnuPG without including the
>>>>private key passphrase in the command to prevent people from viewing it
>>>>with "ps".
>>>>
>>>>Here is the code I wrote:
>>>>
>>>>====
>>>>$command = "/usr/bin/gpg --homedir=/path/to/.gnupg --no-secmem-warning
>>>>--always-trust --yes --output /path/to/output.txt --decrypt
>>>>/path/to/testtext.asc";
>>>>$passphrase = '***********';
>>>>
>>>>$fp = popen($command, 'w+');
>>>>fputs($fp, $passphrase);
>>>>pclose($fp);
>>>>
>>>>print "Done";
>>>>exit;
>>>>======
>>>>
>>>>I assumed that the fputs() function would write the passphrase at the
>>>>prompt, but that doesn't seem to be the case - the command does not
>>>>create the output.txt file when ran by the PHP program (which is running
>>>>as a CGI under my user BTW) while it works when ran from the shell.
>>>>
>>>>Any idea why?
>>>>
>>>>Thanks!
>>>>
>>>>Pierre-Luc Soucy
>
>

attached mail follows:

Hi all,

I just made a pretty little flash banner with buttons and everything...
Does anyone knows if I can make the flash buttons links with dynamic
content? I need to fetch cartain common pages but with different
variables.

Thanks in advanced,

-----------------------
Cesar Aracena
listsicaam.com.ar
http://www.icaam.com.ar
Cel: +54.299.635-6688
Tel/Fax: +54.299.477-4532
Cipolletti, Rio Negro
R8324BEG
Argentina

---------------------------
Soluciones profesionales en
Internet y Comunicaciones
http://www.icaam.com.ar

attached mail follows:

On Thursday 29 May 2003 14:31, César Aracena wrote:
> Hi all,
>
> I just made a pretty little flash banner with buttons and everything...
> Does anyone knows if I can make the flash buttons links with dynamic
> content? I need to fetch cartain common pages but with different
> variables.
>
> Thanks in advanced,
>

Hi,
I try to do same think a while ago, You have to pass variable into flash code.
I think Flash 6.0 able to do this. Also I found that code. Which is work
with flash 4.0.

<html>
<head>
<title>moock>> web>> flash>> importing a cookie using a query string</title>
</HEAD>

<!--

// name: flash cookie importer, query string version
// version: 1.0.1
// author: colin moock
// description: passes the value of the first variable in
// a browser's cookie to a flash movie.

// last updated: june 2, 2000

window.document.cookie = "msg = Burak"

// if the cookie isn't empty
if (window.document.cookie != "") {
// get the value of the cookie.
var theCookie = document.cookie;

        // extract the value of our cookie variable from the cookie.
        // ! note that this example only handles a single-variable cookie.
        theCookie =
theCookie.substring((theCookie.indexOf("=")+1),theCookie.length);
}
else {
        // if there's no cookie, then set the tracker to the default label.
        theCookie = null;
}

// write the object/embed tags with the cookie appended to the .swf file name
document.write(
        "<OBJECT"
        + "CLASSID=clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
        + "WIDTH=550"
        + "HEIGHT=400"
        +
"CODEBASE=http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=4,0,2,0'>"
        + "<PARAM NAME=MOVIE VALUE=import-cookie.swf?cookie=" + theCookie +
">"
        + "<PARAM NAME=PLAY VALUE=true>"
        + "<PARAM NAME=LOOP VALUE=false>"
        + "<PARAM NAME=QUALITY VALUE=high>"
        + "<PARAM NAME=MENU VALUE=false>"
        + "<EMBED"
        + " SRC=import-cookie.swf?cookie=" + theCookie
        + " WIDTH=550"
        + " HEIGHT=400"
        + " PLAY=true"
        + " LOOP=false"
        + " QUALITY=high"
        + " MENU=false"
        + " TYPE=application/x-shockwave-flash"
        + "
PLUGINSPAGE=http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash>"
        + "</EMBED>"
        + "</OBJECT>"
        );
// -->
</SCRIPT>

</DIV>

</BODY>
</HTML>

But I.m not sure work well with php
If you get workable solution, can you shared us?

attached mail follows:

Check that you are using the correct MIME type.

There is a note on this in the User Contributed Notes under the function definition.

Jason Jacobs wrote:

>Hi all. I've been struggling with getting images to upload cleanly. I'm using php 4.2.2. When I look at the uploaded file info, it gives me no errors and the file size is fine. But the picture is all messed up. I'm using the move_uploaded_file function. The max size is 8mb in php.ini, and I set the MAX_FILE_SIZE in the form to 100k. None of the images I'm testing have been over 30k.
>
>I've seen that some people have had this problem, but a solution hasn't been consistent. Some said to use copy() and some said it's a bug in PHP. If anyone knows what's going on I'd appreciate some advice. Thanks!
>
>-jason
>
>

attached mail follows:

Hey Justin.

Sorry for the late reply -- got totally wrapped up in utilizing that highly
useful bit of reg exp code.

Thanks for the heads up; it certainly solved the problem.

Unfortunately, or fortunately, new problems have arisen -- time to dive into
learning some reg exp syntax........

Thanks again,

--Noah

"Justin French" <justinindent.com.au> wrote in message
news:BAFA6BAC.2804D%justinindent.com.au...
> on 28/05/03 2:56 PM, CF High (noahnewminddesign.com) wrote:
>
>
> > I've got a chunk of HTML text I'd like to format for insertion into our
> > mySql db.
> >
> > Let's say $html_string equals the following:
> >
> > <tr>
> > <td>1</td>
> > <td>Bardo, Jesse</td>
> > <td>S</td>
> > <td>A</td>
> > <td>Andover, MA</td>
> > </tr>
> >
> > To setup this chunk of text for insertion I first use
> > strip_tags($html_string); that results in:
> >
> > 1
> > Bardo, Jesse
> > S
> > A
> > Andover, MA
> >
> > I then use str_replace(",","",$html_string) to create a space delimited
> > string.
>
> exactly... for starters, there might be tabs (\t), newlines (\n, \r,
\n\r),
> plus multiple spaces (" ").
>
> this is DEFINITELY a quick hack, adapted from code on
> au.php.net/preg-replace... someone with more regular expression knowledge
> can probably get this down to 1 or 2 lines, with a perfomance gain as well
> :)
>
> <?
>
> $html = "<tr>
> <td>1</td>
> <td>Bardo, Jesse</td>
> <td>S</td>
> <td>A</td>
> <td>Andover, MA</td>
> </tr>";
>
> $html = preg_replace ("'<[\/\!]*?[^<>]*?>'si", ' ', $html);
> $html = preg_replace ("'([\r\n])[\s]+'", ' ', $html);
> $html = preg_replace ("([\s]+)", ' ', $html);
> $html = trim($html);
>
> echo "<pre>"; print_r($html); echo "</pre>";
>
> ?>
>
> You'll need to test it thoroughly, and make sure it's ok on larger blocks
of
> text, like whatever your target source is, to make sure it doesn't bog
> anything down.
>
>
>
> Justin
>

attached mail follows:

Yes, no problem! Glad it worked out. you may wish to actually study the
perlre man page on perl.com. This goes into the most details and talks about
how PERL actually EXTENDS shell regular expressions significantly and
excellent resource that I have used many many times.

I figure since PHP regexps are perl compatible, might as well go to the
source, no?

My other suggestion is that if you are taking this HTML and putting into a
database, especially MySQL you should scrub for pipes, nulls and slashes,
hackers can exploit user input to open a tty or shell or even access user
files like /etc/passwd and mess wid ya.... here are a few regexps that do
that

For pipes:
preg_replace('/\|/g','',$html_string);
For nulls:
Preg_replace('/\0/g','',$html_string);
For slashes
preg_replace('/\//g','',$html_string); # to be clearer, you can use s!\/!
g; just so you can see where the regexp begins and ends.

Some other useful ones for data like the stuff you're doing:
Spaces at the beginning:
/^\s/
spaces at the end:
/\s$/
<br> tags into \n
preg_replace('!\<br\>!', "\n", $string);

regular expressions are key.. if you have an editor like bbedit on the mac
or UltraEdit on the PC it will make your life SO much easier. Especially if
you are a database massager, oh man the hours I have saved!

-----Original Message-----
From: Noah [mailto:noahnewminddesign.com]
Sent: Thursday, May 29, 2003 12:34 PM
To: Carl Furst
Subject: Re: [PHP] strip_tags() Quandry....

Hey Carl.

Sorry for the late reply -- got totally wrapped up in utilizing that highly
useful bit of reg exp code.

Thanks for the heads up; it certainly solved the problem.

Unfortunately, or fortunately, new problems have arisen -- time to dive into
learning some reg exp syntax........

Thanks again,

--Noah

----- Original Message -----
From: "Carl Furst" <cfurstintracommunities.org>
To: "CF High" <noahnewminddesign.com>
Sent: Tuesday, May 27, 2003 8:49 PM
Subject: RE: [PHP] strip_tags() Quandry....

use regular expressions:

preg_replace("/\s+/"," ",$html_string);

-----Original Message-----
From: CF High [mailto:noahnewminddesign.com]
Sent: Tuesday, May 27, 2003 11:57 PM
To: php-generallists.php.net
Subject: [PHP] strip_tags() Quandry....

Hey all.

I've got a chunk of HTML text I'd like to format for insertion into our
mySql db.

Let's say $html_string equals the following:

<tr>
    <td>1</td>
    <td>Bardo, Jesse</td>
    <td>S</td>
    <td>A</td>
    <td>Andover, MA</td>
</tr>

To setup this chunk of text for insertion I first use
strip_tags($html_string); that results in:

1
Bardo, Jesse
S
A
Andover, MA

I then use str_replace(",","",$html_string) to create a space delimited
string.

Here's where I believe the problem occurs. There are apparently numerous
blank spaces within the string. I've tried replacing the blank spaces, or
whatever is separating the data to no avail.

I've tried a number of aimless efforts to get the string properly formatted,
but no luck -- any suggestions?

Thanks for helping me over this hurdle.......

--Noah

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

> Yes, no problem! Glad it worked out. you may wish to actually study the
> perlre man page on perl.com. This goes into the most details and talks
about
> how PERL actually EXTENDS shell regular expressions significantly and
> excellent resource that I have used many many times.
>
> I figure since PHP regexps are perl compatible, might as well go to the
> source, no?
>
> My other suggestion is that if you are taking this HTML and putting into a
> database, especially MySQL you should scrub for pipes, nulls and slashes,
> hackers can exploit user input to open a tty or shell or even access user
> files like /etc/passwd and mess wid ya.... here are a few regexps that do
> that

While I agree that regexp are powerful and useful, the examples you gave are
better suited to using str_replace(), trim(), or nl2br() calls rather than a
regular expression.

Also, about the "warning" for inserting data into a database... try not to
scare people to much. If you have

column = '$value'
or
column = "$value"

in your query, as long as you've run addslashes on $value to escape single
quotes in the first case and double quotes in the second, there's no
vulnerabilities.

If you have

column = $column

then you BETTER make sure that $column is a number and only a number. When
you put unquoted (unquoted within the actual SQL, not PHP) values into your
SQL, that's when you open yourself up to vulnerabilities if you're not
validating that the value is only a number.

> For pipes:
> preg_replace('/\|/g','',$html_string);
> For nulls:
> Preg_replace('/\0/g','',$html_string);
> For slashes
> preg_replace('/\//g','',$html_string); # to be clearer, you can use s!\/!
> g; just so you can see where the regexp begins and ends.

str_replace('|','',$html_string);
etc...

> Some other useful ones for data like the stuff you're doing:
> Spaces at the beginning:
> /^\s/
> spaces at the end:
> /\s$/

trim()

> <br> tags into \n
> preg_replace('!\<br\>!', "\n", $string);

nl2br();

---John Holmes...

attached mail follows:

Hey John; Hey Carl.

I've heard this debate before; i.e. regular expressions vs. PHP string
formatting functions.

The problem I'm dealing with will require, I believe, a combination of
preg_replace(), str_replace(), strstr(), and str_pos().

To my limited knowledge, there is no way to remove white space with PHP
string functions; when I use strip_tags on a block of html text, whitespace
results; thus the need for preg_replace().

The rest can most likely be taken care of with PHP string functions,
although I'm running into a few headaches with user errors; i.e. when a
coach types up his/her team roster and mistakenly adds extra spaces between
fields (e.g. player height = 6' 2" instead of 6' 2"), or roster fields do
not match up with our roster table fields (e.g. one team roster has a field
for player's favorite professional athlete) -- in these cases it may be that
I'll need to use regular expressions to crawl through roster string data
looking for word boundaries and the like.

I'm new to regular expressions to say the least -- just took the dive in
yesterday; much to learn.......

If either of you feel like elaborating on the pros and cons of regular
expressions vs. PHP string functions, let me know.

--Noah

----- Original Message -----
From: "CPT John W. Holmes" <holmes072000charter.net>
To: "Carl Furst" <cfurstintracommunities.org>; "Noah"
<noahnewminddesign.com>
Cc: <php-generallists.php.net>
Sent: Thursday, May 29, 2003 10:18 AM
Subject: Re: [PHP] strip_tags() Quandry....

While I agree that regexp are powerful and useful, the examples you gave are
better suited to using str_replace(), trim(), or nl2br() calls rather than a
regular expression.

Also, about the "warning" for inserting data into a database... try not to
scare people to much. If you have

column = '$value'
or
column = "$value"

in your query, as long as you've run addslashes on $value to escape single
quotes in the first case and double quotes in the second, there's no
vulnerabilities.

If you have

column = $column

str_replace('|','',$html_string);
etc...

> Some other useful ones for data like the stuff you're doing:
> Spaces at the beginning:
> /^\s/
> spaces at the end:
> /\s$/

trim()

> <br> tags into \n
> preg_replace('!\<br\>!', "\n", $string);

nl2br();

---John Holmes...

attached mail follows:

I have to get this off my chest, and I tried to send it directly to Jason
off list, but the email bounces back. Why? Probably because he gets a lot
of these emails. Don't like what I have to say? Tough luck, I am sick of
unconstructive emails hitting the list putting people down. If you cannot
or will not answer someone, just don't answer them at all. Be helpful, not
hurtful. Oops, should take my own advice and not post this at all, but I
need to get it off my chest, I am sure that I am not the only one thinking
it:

Jason:

Why do you bother to answer on the php list at all? 90% of the messages
from you are 'search google' if you do not have constructive info to offer,
why bother to answer at all. I am directing this to you because the list
does not need to see my crap about it, but it just makes me sick to see you
over and over putting people down who are just asking for help.

Really, I have been a member of MANY lists over the years, and I truly have
never seen anyone as negative as you. If you do not have a useful answer to
the question just don't answer- you clutter the list and my inbox.

And no, 'search google' is not a good answer - at the best of times it is
tough to wade through all the crap that google spits at you, at the worst of
times, most people do not even know what to search for to narrow it down!
Never mind searching the list archive - half the time all I get back is your
emails saying 'search google'!

Geeze, look what you have made me do, get pissed of and waste my time
flaming you. What a waste of our time.

On 5/29/03 5:43 AM, "Jason Wong" <php-generalgremlins.biz> wrote:

> On Thursday 29 May 2003 17:36, Ralph wrote:
>> I have to setup credit card verification/processing with Netbilling.com,
>> does anybody know of a PHP based Netbilling gateway script or class?
>
> Have you searched google?

--
Cheers

Mike Morton

****************************************************
*
* Tel: 905-465-1263
* Email: mikewebtraxx.com
*
****************************************************

"Indeed, it would not be an exaggeration to describe the history of the
computer industry for the past decade as a massive effort to keep up with
Apple."
- Byte Magazine

Given infinite time, 100 monkeys could type out the complete works of
Shakespeare. Win 98 source code? Eight monkeys, five minutes.
-- NullGrey

attached mail follows:

On Thursday 29 May 2003 21:49, Mike Morton wrote:
> I have to get this off my chest, and I tried to send it directly to Jason
> off list, but the email bounces back. Why? Probably because he gets a lot
> of these emails.

Because I don't like spam.

> Why do you bother to answer on the php list at all? 90% of the messages
> from you are 'search google'

Probably because 90% of the questions on the list can be answered by searching
google?

> if you do not have constructive info to
> offer, why bother to answer at all.

So constructive info would be for ME to search google and present the results
neatly in my reply? Somehow I don't think so.

> I am directing this to you because the
> list does not need to see my crap about it, but it just makes me sick to
> see you over and over putting people down who are just asking for help.

Non-specific questions get non-specific answers.

If the OP wanted a better answer the question asked should have been something
like:

I'm looking for a script to do blahblah, I searched on google/etc and found A,
B and C. However I need features X, Y and Z.

Because:

1) We know the OP has done some homework
2) We know which packages the OP has already looked at and thus would not
recommend them
3) We know what specific features the OP would like and thus can make an
informed recommendation

> And no, 'search google' is not a good answer - at the best of times it is
> tough to wade through all the crap that google spits at you,

So a good answer would be for ME to search google and present the results
neatly in my reply? Somehow I don't think so.

> at the worst
> of times, most people do not even know what to search for to narrow it
> down!

Well in this particular case "php netbilling" would have been a good start.
Not exactly rocket science.

> Never mind searching the list archive - half the time all I get back
> is your emails saying 'search google'!

Probably it's because a lot of people look to the list as a first resort
instead of consulting the manual, the archives and google. Thus they keep
asking the same questions over and over again.

> Geeze, look what you have made me do, get pissed of and waste my time
> flaming you. What a waste of our time.

Well if you have nothing better to do then maybe you should search google try
out all the links then present an executive summary for our friend the OP so
that he can save himself some time.

--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------

attached mail follows:

Jason, you are a sad sad man.

The point I was simply trying to make was that YOU do not have to do
ANYTHING. Don't search google, don't spend any time on it at all, don't
even email.

There are plenty of people here that are willing to help - if you are not -
piss off.

Not everyone has your complete knowledge and massive experience and extreme
brainpower, and we are not all able to utilize our pitiful intellects to
your level and utilize all the useful resources that google has to offer.

As for this list being the first resort, why not? Who are you to determine
whether this list is a first, last or any other kind of resource? Do you
own it, do you manage or moderate it in any way? If so, then perhaps you
should write an FAQ that is presented with the welcome to the list email
that states all the obvious answers, if not, then leave the moderation to
those who's job it is.

This is a list containing noobs, vets and everything inbetween. You have to
be considerate to all levels. You sir, are not. You are arrogant (your
problem not mine), rude (your problem not mine), and overall just not a nice
person on this list. If you are different in real life, cool, by try to use
some restraint on the list why don't you!

That is all, back to our regular programming :)

On 5/29/03 10:28 AM, "Jason Wong" <php-generalgremlins.biz> wrote:

> On Thursday 29 May 2003 21:49, Mike Morton wrote:
>> I have to get this off my chest, and I tried to send it directly to Jason
>> off list, but the email bounces back. Why? Probably because he gets a lot
>> of these emails.
>
> Because I don't like spam.
>
>> Why do you bother to answer on the php list at all? 90% of the messages
>> from you are 'search google'
>
> Probably because 90% of the questions on the list can be answered by searching
> google?
>
>> if you do not have constructive info to
>> offer, why bother to answer at all.
>
> So constructive info would be for ME to search google and present the results
> neatly in my reply? Somehow I don't think so.
>
>> I am directing this to you because the
>> list does not need to see my crap about it, but it just makes me sick to
>> see you over and over putting people down who are just asking for help.
>
> Non-specific questions get non-specific answers.
>
> If the OP wanted a better answer the question asked should have been something
> like:
>
> I'm looking for a script to do blahblah, I searched on google/etc and found A,
> B and C. However I need features X, Y and Z.
>
> Because:
>
> 1) We know the OP has done some homework
> 2) We know which packages the OP has already looked at and thus would not
> recommend them
> 3) We know what specific features the OP would like and thus can make an
> informed recommendation
>
>> And no, 'search google' is not a good answer - at the best of times it is
>> tough to wade through all the crap that google spits at you,
>
> So a good answer would be for ME to search google and present the results
> neatly in my reply? Somehow I don't think so.
>
>> at the worst
>> of times, most people do not even know what to search for to narrow it
>> down!
>
> Well in this particular case "php netbilling" would have been a good start.
> Not exactly rocket science.
>
>> Never mind searching the list archive - half the time all I get back
>> is your emails saying 'search google'!
>
> Probably it's because a lot of people look to the list as a first resort
> instead of consulting the manual, the archives and google. Thus they keep
> asking the same questions over and over again.
>
>> Geeze, look what you have made me do, get pissed of and waste my time
>> flaming you. What a waste of our time.
>
> Well if you have nothing better to do then maybe you should search google try
> out all the links then present an executive summary for our friend the OP so
> that he can save himself some time.

--
Cheers

Mike Morton

****************************************************
*
* Tel: 905-465-1263
* Email: mikewebtraxx.com
*
****************************************************

"Indeed, it would not be an exaggeration to describe the history of the
computer industry for the past decade as a massive effort to keep up with
Apple."
- Byte Magazine

Given infinite time, 100 monkeys could type out the complete works of
Shakespeare. Win 98 source code? Eight monkeys, five minutes.
-- NullGrey

attached mail follows:

Mike,

I agree that at times Jason (and plenty of others, including myself on a bad
day) tend to use the "search google" and "RTFM" replies a lot, but the
reality is that if people did a quick search in the manual, and a quick
search on google, this list would be a lot less cluttered.

It also goes a long way in showing that the original poster isn't simply
lazy, and has made SOME effort to find the answer before posting to a list.

We'd also have well-formed questions like:

    "I checked out the manual page on file uploads, and tried getting
    the example script to work, but I'm getting the following error
    (...) -- can anyone offer advice?"

Rather than:

"I can't get file uploading to work, please read my 2000 line
script and tell me what's wrong"

I just had a kick around google, and couldn't find much to do with
netbilling and PHP (apart from http://dreamcost.com/?page=dreamaccount), but
the fact is if the OP had mentioned that he/she had already searched google
with little success, this whole discussion could have been avoided :)

Which is better? Teaching someone the answer to a problem, or teaching
someone how to find the answer (and future answers) themselves?

"Search google" may not be a detailed answer, or even a polite one, but in
many cases (not necessarily this OP of this thread) a lazy question deserves
a lazy response.

Justin French

on 30/05/03 12:49 AM, Mike Morton (mikewebtraxx.com) wrote:

> I have to get this off my chest, and I tried to send it directly to Jason
> off list, but the email bounces back. Why? Probably because he gets a lot
> of these emails. Don't like what I have to say? Tough luck, I am sick of
> unconstructive emails hitting the list putting people down. If you cannot
> or will not answer someone, just don't answer them at all. Be helpful, not
> hurtful. Oops, should take my own advice and not post this at all, but I
> need to get it off my chest, I am sure that I am not the only one thinking
> it:
>
> Jason:
>
> Why do you bother to answer on the php list at all? 90% of the messages
> from you are 'search google' if you do not have constructive info to offer,
> why bother to answer at all. I am directing this to you because the list
> does not need to see my crap about it, but it just makes me sick to see you
> over and over putting people down who are just asking for help.
>
> Really, I have been a member of MANY lists over the years, and I truly have
> never seen anyone as negative as you. If you do not have a useful answer to
> the question just don't answer- you clutter the list and my inbox.
>
> And no, 'search google' is not a good answer - at the best of times it is
> tough to wade through all the crap that google spits at you, at the worst of
> times, most people do not even know what to search for to narrow it down!
> Never mind searching the list archive - half the time all I get back is your
> emails saying 'search google'!
>
> Geeze, look what you have made me do, get pissed of and waste my time
> flaming you. What a waste of our time.
>
>
> On 5/29/03 5:43 AM, "Jason Wong" <php-generalgremlins.biz> wrote:
>
>> On Thursday 29 May 2003 17:36, Ralph wrote:
>>> I have to setup credit card verification/processing with Netbilling.com,
>>> does anybody know of a PHP based Netbilling gateway script or class?
>>
>> Have you searched google?
>
> --
> Cheers
>
> Mike Morton
>
> ****************************************************
> *
> * Tel: 905-465-1263
> * Email: mikewebtraxx.com
> *
> ****************************************************
>
> "Indeed, it would not be an exaggeration to describe the history of the
> computer industry for the past decade as a massive effort to keep up with
> Apple."
> - Byte Magazine
>
> Given infinite time, 100 monkeys could type out the complete works of
> Shakespeare. Win 98 source code? Eight monkeys, five minutes.
> -- NullGrey
>

attached mail follows:

Justin:

Point well taken, and I agree for the most part. Teaching people to learn
themselves is a much better solution that just giving the answer, however it
CAN be done in a constructive and helpful manner, rather than a rude and
abrupt one.

I have not noticed your responses, so I cannot comment, other than they did
not particularily jump out at me as rude as Jason's did.

<step on soapbox>
There is a lot of experience on this list, but we all have to remember that
there is also a lot of inexperience on this list. When someone asks a
simple question they do not always even understand what they are asking, and
may not even know how to ask the correct question. That is why if we do not
have an answer that is constructive, then we should not post it.
</step off soapbox>

That is not to say that I am the judge of a constructive or non-constructive
answer, just that if you do not have anything nice to say, then don't say
anything at all!

Anyway, arguing noob teaching ethics is not paying the bills, so back to
that at least! :)

On 5/29/03 9:42 AM, "Justin French" <justinindent.com.au> wrote:

> Mike,
>
> I agree that at times Jason (and plenty of others, including myself on a bad
> day) tend to use the "search google" and "RTFM" replies a lot, but the
> reality is that if people did a quick search in the manual, and a quick
> search on google, this list would be a lot less cluttered.
>
> It also goes a long way in showing that the original poster isn't simply
> lazy, and has made SOME effort to find the answer before posting to a list.
>
>
> We'd also have well-formed questions like:
>
> "I checked out the manual page on file uploads, and tried getting
> the example script to work, but I'm getting the following error
> (...) -- can anyone offer advice?"
>
> Rather than:
>
> "I can't get file uploading to work, please read my 2000 line
> script and tell me what's wrong"
>
>
> I just had a kick around google, and couldn't find much to do with
> netbilling and PHP (apart from http://dreamcost.com/?page=dreamaccount), but
> the fact is if the OP had mentioned that he/she had already searched google
> with little success, this whole discussion could have been avoided :)
>
>
> Which is better? Teaching someone the answer to a problem, or teaching
> someone how to find the answer (and future answers) themselves?
>
> "Search google" may not be a detailed answer, or even a polite one, but in
> many cases (not necessarily this OP of this thread) a lazy question deserves
> a lazy response.
>
> Justin French
>
>
>
>
>
>
> on 30/05/03 12:49 AM, Mike Morton (mikewebtraxx.com) wrote:
>
>> I have to get this off my chest, and I tried to send it directly to Jason
>> off list, but the email bounces back. Why? Probably because he gets a lot
>> of these emails. Don't like what I have to say? Tough luck, I am sick of
>> unconstructive emails hitting the list putting people down. If you cannot
>> or will not answer someone, just don't answer them at all. Be helpful, not
>> hurtful. Oops, should take my own advice and not post this at all, but I
>> need to get it off my chest, I am sure that I am not the only one thinking
>> it:
>>
>> Jason:
>>
>> Why do you bother to answer on the php list at all? 90% of the messages
>> from you are 'search google' if you do not have constructive info to offer,
>> why bother to answer at all. I am directing this to you because the list
>> does not need to see my crap about it, but it just makes me sick to see you
>> over and over putting people down who are just asking for help.
>>
>> Really, I have been a member of MANY lists over the years, and I truly have
>> never seen anyone as negative as you. If you do not have a useful answer to
>> the question just don't answer- you clutter the list and my inbox.
>>
>> And no, 'search google' is not a good answer - at the best of times it is
>> tough to wade through all the crap that google spits at you, at the worst of
>> times, most people do not even know what to search for to narrow it down!
>> Never mind searching the list archive - half the time all I get back is your
>> emails saying 'search google'!
>>
>> Geeze, look what you have made me do, get pissed of and waste my time
>> flaming you. What a waste of our time.
>>
>>
>> On 5/29/03 5:43 AM, "Jason Wong" <php-generalgremlins.biz> wrote:
>>
>>> On Thursday 29 May 2003 17:36, Ralph wrote:
>>>> I have to setup credit card verification/processing with Netbilling.com,
>>>> does anybody know of a PHP based Netbilling gateway script or class?
>>>
>>> Have you searched google?
>>
>> --
>> Cheers
>>
>> Mike Morton
>>
>> ****************************************************
>> *
>> * Tel: 905-465-1263
>> * Email: mikewebtraxx.com
>> *
>> ****************************************************
>>
>> "Indeed, it would not be an exaggeration to describe the history of the
>> computer industry for the past decade as a massive effort to keep up with
>> Apple."
>> - Byte Magazine
>>
>> Given infinite time, 100 monkeys could type out the complete works of
>> Shakespeare. Win 98 source code? Eight monkeys, five minutes.
>> -- NullGrey
>>
>

--
Cheers

Mike Morton

****************************************************
*
* Tel: 905-465-1263
* Email: mikewebtraxx.com
*
****************************************************

"Indeed, it would not be an exaggeration to describe the history of the
computer industry for the past decade as a massive effort to keep up with
Apple."
- Byte Magazine

Given infinite time, 100 monkeys could type out the complete works of
Shakespeare. Win 98 source code? Eight monkeys, five minutes.
-- NullGrey

attached mail follows:

Agreed, if you don't have something usefull to say,
don't say anything at all.

On Thu, 2003-05-29 at 10:57, Mike Morton wrote:
> Justin:
>
> Point well taken, and I agree for the most part. Teaching people to learn
> themselves is a much better solution that just giving the answer, however it
> CAN be done in a constructive and helpful manner, rather than a rude and
> abrupt one.
>
> I have not noticed your responses, so I cannot comment, other than they did
> not particularily jump out at me as rude as Jason's did.
>
> <step on soapbox>
> There is a lot of experience on this list, but we all have to remember that
> there is also a lot of inexperience on this list. When someone asks a
> simple question they do not always even understand what they are asking, and
> may not even know how to ask the correct question. That is why if we do not
> have an answer that is constructive, then we should not post it.
> </step off soapbox>
>
> That is not to say that I am the judge of a constructive or non-constructive
> answer, just that if you do not have anything nice to say, then don't say
> anything at all!
>
> Anyway, arguing noob teaching ethics is not paying the bills, so back to
> that at least! :)
>
> --
> Cheers
>
> Mike Morton
>
> ****************************************************
> *
> * Tel: 905-465-1263
> * Email: mikewebtraxx.com
> *
> ****************************************************
>
> "Indeed, it would not be an exaggeration to describe the history of the
> computer industry for the past decade as a massive effort to keep up with
> Apple."
> - Byte Magazine
>
> Given infinite time, 100 monkeys could type out the complete works of
> Shakespeare. Win 98 source code? Eight monkeys, five minutes.
> -- NullGrey
--
Adam Voigt (adamcryptocomm.com)
Linux/Unix Network Administrator
The Cryptocomm Group

attached mail follows:

Mike,

I'm glad you vented. Now let me. I say none of this in anger and quite a lot
of it in amusement. Please don't take this the wrong way. (By saying that
I'm insuring that you WILL take it the wrong way!) :)

Why is it helpful to give a person the answer to a question that has been
answered before? Why is it not more helpful to show them how to find the
answer to their question and possibly to the next one...and the net
one...and the next one. All of us at one point or another have gotten mad
because they've been told to RTFM. (UTFG, UTFW, etc.) But the fact of the
matter is if you get told that a couple of time, you may actually start
doing it. Jason's search google answer is very appropriate for many
questions asked on this list.

The people who answer questions here do it of their own free will, for no
pay, and in the case of independent consultants, at the expense of their
paying work. (Those of you who are employed and posting from work are just
slacking!) :) Therefore, it is their right to answer in the way that they
feel most helpful. If RTFM is the quickest way to get a newb to start
reading the manual instead of asking (yet again) how the mail() function
works then that's what will be posted.

Telling people like Jason off as you have done feels really good. But at
some point Jason will decide that it's no longer worth while to bother to
read this list and drop. Then you can tell off someone else who knows what
they are talking about because they don't follow your rules of
etiquette...and maybe they will leave. At some point, you will find
yourself in the list all by yourself. (except for the newb over in the
corner still twiddling with the mail() function)

It boils down to this. mailing lists have been around longer than you or I
have been on the Internet. (Unless you are Vint Cerf and if you are I HUMBLY
apologize and bow at your feet!) The rules of mailinglist etiquette
(especially for technical lists, which this is) have matured over the years
and are not really up for discussion. If you don't like them, go elsewhere,
start your own list. Otherwise, play nice.

most humbly,
=C=

----- Original Message -----
From: "Mike Morton" <mikewebtraxx.com>
To: <php-generallists.php.net>
Sent: Thursday, May 29, 2003 8:49 AM
Subject: Re: [PHP] Netbilling PHP Script

> I have to get this off my chest, and I tried to send it directly to Jason
> off list, but the email bounces back. Why? Probably because he gets a
lot
> of these emails. Don't like what I have to say? Tough luck, I am sick of
> unconstructive emails hitting the list putting people down. If you cannot
> or will not answer someone, just don't answer them at all. Be helpful,
not
> hurtful. Oops, should take my own advice and not post this at all, but I
> need to get it off my chest, I am sure that I am not the only one thinking
> it:
>
> Jason:
>
> Why do you bother to answer on the php list at all? 90% of the messages
> from you are 'search google' if you do not have constructive info to
offer,
> why bother to answer at all. I am directing this to you because the list
> does not need to see my crap about it, but it just makes me sick to see
you
> over and over putting people down who are just asking for help.
>
> Really, I have been a member of MANY lists over the years, and I truly
have
> never seen anyone as negative as you. If you do not have a useful answer
to
> the question just don't answer- you clutter the list and my inbox.
>
> And no, 'search google' is not a good answer - at the best of times it is
> tough to wade through all the crap that google spits at you, at the worst
of
> times, most people do not even know what to search for to narrow it down!
> Never mind searching the list archive - half the time all I get back is
your
> emails saying 'search google'!
>
> Geeze, look what you have made me do, get pissed of and waste my time
> flaming you. What a waste of our time.
>
>
> On 5/29/03 5:43 AM, "Jason Wong" <php-generalgremlins.biz> wrote:
>
> > On Thursday 29 May 2003 17:36, Ralph wrote:
> >> I have to setup credit card verification/processing with
Netbilling.com,
> >> does anybody know of a PHP based Netbilling gateway script or class?
> >
> > Have you searched google?
>
> --
> Cheers
>
> Mike Morton
>
> ****************************************************
> *
> * Tel: 905-465-1263
> * Email: mikewebtraxx.com
> *
> ****************************************************
>
> "Indeed, it would not be an exaggeration to describe the history of the
> computer industry for the past decade as a massive effort to keep up with
> Apple."
> - Byte Magazine
>
> Given infinite time, 100 monkeys could type out the complete works of
> Shakespeare. Win 98 source code? Eight monkeys, five minutes.
> -- NullGrey
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

attached mail follows:

On Thursday 29 May 2003 22:49, Mike Morton wrote:

> There are plenty of people here that are willing to help - if you are not -
> piss off.

For the record the gentleman posted the question twice. I didn't even bother
to answer the first one (and no-one else did). When he posted again he was
obviously desperate (or more likely impatient) and may have kept on posting
until he got an answer.

And to suggest that "have you searched google?" is rude, is beyond my powers
of reasoning.

> Not everyone has your complete knowledge and massive experience and extreme
> brainpower, and we are not all able to utilize our pitiful intellects to
> your level and utilize all the useful resources that google has to offer.

If you think it requires massive intellect to be able to use a search engine
then I really do pity you. Honestly.

> As for this list being the first resort, why not?

Obviously you do not know how mailing lists work.

> Who are you to determine
> whether this list is a first, last or any other kind of resource?

Of course you can use it as a first resort, but very soon people will get fed
with replying to your questions if they can be answered in the manual,
archives etc.

> Do you own it, do you manage or moderate it in any way?

No, what gave you that impression?

> If so, then perhaps you
> should write an FAQ that is presented with the welcome to the list email
> that states all the obvious answers, if not, then leave the moderation to
> those who's job it is.

The problem is not lack of information, the problem is that people don't read.
Case in point: a few days ago someone asked whether there was a FAQ section
on www.php.net.

attached mail follows:

I have $_POST['day'] (1-31), $_POST['month'] (1-12), $_POST['year']
(2003-2004).

I store all dates as unix (epoch) timestamps, and generate the timestamp for
the event with:

strtotime('{$_POST['month']}/{$_POST['day']}/{$_POST['day']}');

Everything works fine on my LAN (Australia), but when I upload my database
to the live server (US), the dates are a day behind (when echo'd with
date('Y-m-d')), presumably due to the time difference between the two
servers.

Timestamps generated directly on the live server appear correct when echoed
out using date.

How can I reliably generate timestamps which will work on any server, and
reliably convert these timestamps to human readable format (eg
date('Y-m-d')) on any server?

Is the key to use GMT in the strtotime() string and use gmdate() instead of
date()? Or is it more complex than that?

Thanks,

Justin French

attached mail follows:

If you have your date components split up already the way you do, you
should be using mktime().

Next you have to determine which timezone your information is from. If
you consider your month/day/year values to be GMT values, then use
gmmktime() to generate your timestamp. Otherwise, make sure you
putenv("TZ=whatever") the timezone that matches your data before your call
to mktime().

It is important to understand that a UNIX timestamp (seconds since 1970
epoch) carries no timezone information. A single UNIX timestamp
represents one specific second all over the world. That is, if I gave you
the timestamp for when my baby was born, it would be the exact second this
happened. This might be Monday here, but Tuesday in Australia. Timezone
information is only applied once you go to display a human-readable date
from the unix timestamp. gmdate() is just a special-case that does about
the same as:

   $old = getenv("TZ");
   putenv("TZ=GMT");
   echo date("M d Y H:i:s",$timestamp);
   putenv("TZ=$old");

It is in there because GMT is needed for all sorts of stuff and we figured
having a shortcut version of the above was a good idea.

If you really want to use strtotime() you can just tack the timezone
associated with your data onto the end of the string. In your example:

strtotime("{$_POST['month']}/{$_POST['day']}/{$_POST['day']} GMT");

if your month/day/year are in GMT.

-Rasmus

On Thu, 29 May 2003, Justin French wrote:

> I have $_POST['day'] (1-31), $_POST['month'] (1-12), $_POST['year']
> (2003-2004).
>
> I store all dates as unix (epoch) timestamps, and generate the timestamp for
> the event with:
>
> strtotime('{$_POST['month']}/{$_POST['day']}/{$_POST['day']}');
>
> Everything works fine on my LAN (Australia), but when I upload my database
> to the live server (US), the dates are a day behind (when echo'd with
> date('Y-m-d')), presumably due to the time difference between the two
> servers.
>
> Timestamps generated directly on the live server appear correct when echoed
> out using date.
>
>
> How can I reliably generate timestamps which will work on any server, and
> reliably convert these timestamps to human readable format (eg
> date('Y-m-d')) on any server?
>
>
> Is the key to use GMT in the strtotime() string and use gmdate() instead of
> date()? Or is it more complex than that?
>
>
> Thanks,
>
> Justin French
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

attached mail follows:

Hi,

I know this function is new, however, does anyone have any documentation on
it? There is nothing on php.net...

-Dan Joseph

attached mail follows:

What is a good function for striping white space and removing \\..\.. and possible "," Anything that would be considered unwanted user input???

I looked at trim() but its doesnt do all the things I need it to do.

-Dan

attached mail follows:

Hi,

Have a look at: http://us2.php.net/manual/en/function.ereg-replace.php

That might do what you want.

-Dan Joseph

> What is a good function for striping white space and removing
> \\..\.. and possible "," Anything that would be considered
> unwanted user input???
>
> I looked at trim() but its doesnt do all the things I need it to do.

attached mail follows:

how about stripslashes();

http://www.php.net/manual/en/function.stripslashes.php

HTH

Shaun

"Dan Joseph" <djosephduhq.us> wrote in message
news:GHEOLLAIKHCPIJMHLDCGOEBOCGAA.djosephduhq.us...
> Hi,
>
> Have a look at: http://us2.php.net/manual/en/function.ereg-replace.php
>
> That might do what you want.
>
> -Dan Joseph
>
> > What is a good function for striping white space and removing
> > \\..\.. and possible "," Anything that would be considered
> > unwanted user input???
> >
> > I looked at trim() but its doesnt do all the things I need it to do.
>

attached mail follows:

On Thu, 29 May 2003 10:33:16 +0100, Ford, Mike [LSS]
wrote:

>Well, how about references, then? (And me, personally, I'd use isset()
>rather than is_array().)
>
> if (isset($_POST)):
> $POST = &$_POST;
> else:
> $POST = &$HTTP_POST_VARS;
> endif;

I was told that PHP didn't do pointers - just goes to show that you
can't believe everything your told. Thanks for the POINTER. ;)

attached mail follows:

On Thu, 29 May 2003, Wendell Brown wrote:

> On Thu, 29 May 2003 10:33:16 +0100, Ford, Mike [LSS]
> wrote:
>
> >Well, how about references, then? (And me, personally, I'd use isset()
> >rather than is_array().)
> >
> > if (isset($_POST)):
> > $POST = &$_POST;
> > else:
> > $POST = &$HTTP_POST_VARS;
> > endif;
>
> I was told that PHP didn't do pointers - just goes to show that you
> can't believe everything your told. Thanks for the POINTER. ;)

It isn't a pointer. It is a reference which you should think of as a
symbol table alias. A pointer, at least by my definition, is a memory
address. In PHP it isn't a memory address, just another entry in the
symbol table that references the same data as another symbol.

-Rasmus

attached mail follows:

> -----Original Message-----
> From: Wendell Brown [mailto:wbrownarkie.net]
> Sent: 29 May 2003 15:18
>
> On Thu, 29 May 2003 10:33:16 +0100, Ford, Mike [LSS]
> wrote:
>
> >Well, how about references, then? (And me, personally, I'd
> use isset()
> >rather than is_array().)
> >
> > if (isset($_POST)):
> > $POST = &$_POST;
> > else:
> > $POST = &$HTTP_POST_VARS;
> > endif;
>
> I was told that PHP didn't do pointers - just goes to show that you
> can't believe everything your told. Thanks for the POINTER. ;)

Umm -- it doesn't -- these are *references* which are *not* pointers (but work just as well in this instance). For the official word on this, see http://www.php.net/language.references .

Cheers!

Mike

---------------------------------------------------------------------
Mike Ford, Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Beckett Park, LEEDS, LS6 3QS, United Kingdom
Email: m.fordlmu.ac.uk
Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211

attached mail follows:

On Thu, 29 May 2003 07:21:01 -0700 (Pacific Standard Time), Rasmus
Lerdorf wrote:

>It isn't a pointer. It is a reference which you should think of as a
>symbol table alias. A pointer, at least by my definition, is a memory
>address. In PHP it isn't a memory address, just another entry in the
>symbol table that references the same data as another symbol.

I understood the logical distinction, I guess I should have said "most
of the benefits of a pointer without many of the potential headaches".

Pointers in C are REAL memory addresses, HOWEVER, in many (if not most)
situations they are used as symbol table aliases. It's when they
AREN'T carefully used this way that memory overwrites happen.

As I said, most of the good without most of the bad. :)

attached mail follows:

Daniel,

Switch register_globals back on, and everything works as it always did.
So do it!

All this fuss about register_globals being insecure is a complete load
of rubbish. This issue really bores me, but it seems programmers are
wasting a lot of time on it, so I guess I'd better run through the
arguments one more time...

1. You can never know whether the input to your script came from a real
GET, a COOKIE, or a POST. It's very easy to create a simulated GET,
COOKIE or POST. You don't even need a programming language if you've
got the right tools. Even with php, (hardly a typical hacking tool),
it's only a few lines of code.

2. That means that checking to make sure a variable was specifically a
GET, COOKIE or POST variable has no security value whatsoever.

3. On the other hand, not worrying about how your script got its request
variables (i.e. register globals is on) is intrinsically sound
programming practice. Your code should work and your logic should be
sound regardless of what happened before your script got executed. It's
one of the great advantages of the internet. For example, on searches,
you can have exactly the same search code and results page driven from a
search form, or a link on another page, or a remote http request. You
code once, but your code can be used in many different ways.

4. In any case, register globals off only protects the sloppy programmer
from the sloppy hacker. It doesn't stop the good programmer from being
as cautious as they like. You can already control the order in which
variables are registered e.g. to make POST variables always override
COOKIES or vice versa. And, you can, if you really need to,
double-check with the global variables, HTTP_POST_VARS etc.

5. When it comes to access control, (which seems to be where the bogus
security argument starts), there is only one safe approach. That is to
require that a valid username and password are supplied with every
request and then check them in every script. It's not hard, it doesn't
take long and it's the proper way to do it. There's a whole section of
the http protocol, http authentication, which is designed precisely to
make this easy.

But hey, don't worry about all this guff. Just switch register globals
back on. If your system administrator/ISP won't let you, just refer
them to this mail and tell them I'd be happy to explain anything they
don't get.

Keep it simple!

George

danielrhesusb.dk wrote:
> Hi all!
>
> I'm using Apache 2.0.45, PHP 4.3.2RC4, and MySQL 3.23.49 on Windows 2003
> Server Standard.
>
> I have a problem passing variables between pages. They simply get lost.
> Neither GET nor POST pass values, and even "hardcoding" them into the URL,
> like
>
> htpp://localhost/comeon.php?aVariable=ding&anotherVariable=dong
>
> and putting this in comeon.php:
>
> echo("Values: $aVariable, $anotherVariable");
>
> only outputs
>
> Values: ,
>
> ...I've tried with RC3 of PHP, even 4.3.1, but it doesn't work. I've used
> PHP on my machine with Apache 2 before, and it worked fine. Actually I used
> the same scripts fine on my old config. This was on XP however, so I'm not
> sure if it's got something to do with the OS. I'm hoping it's a
> configuration issue.
>
> Any ideas are VERY much appreciated =).
>
> Thanks,
> Daniel
>
>
> » There are 10 kinds of people - those who know binary and those who don't.
> «
>

attached mail follows:

of course ;)

but i couldn't find a reference to this particular problem...

"Jay Blanchard" <jay.blanchardniicommunications.com> wrote in message
news:C8F323573C030A448F3E5A2B6FE2070B0101F728nemesis...
Have you checked the date functions at http://www.php.net ?

-----Original Message-----
From: Shaun [mailto:shaunmania.plus.com]
Sent: Thursday, May 29, 2003 6:39 AM
To: php-generallists.php.net
Subject: [PHP] Date question

Hi,

For a given date, how can i find out the date of the day of the begining
of that week?

Thanks for your help

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

On Thu, 29 May 2003 15:40:00 +0100, Shaun wrote:

>of course ;)
>
>but i couldn't find a reference to this particular problem...

I don't think you are going to find a standard PHP function to do this.
You are going to have to do something like this (I haven't tried it
but I think it will do what you want):

// Get a starting time
$d = strtotime( "12/31/2003" );

// Get the date of the Sunday on/or before that date

$s = strtotime( "-" . date("w", $d) . " days", $d );

attached mail follows:

> -----Original Message-----
> From: Shaun [mailto:shaunmania.plus.com]
> Sent: 29 May 2003 15:40
>
> of course ;)
>
> but i couldn't find a reference to this particular problem...
>
> "Jay Blanchard" <jay.blanchardniicommunications.com> wrote in message
> news:C8F323573C030A448F3E5A2B6FE2070B0101F728nemesis...
> Have you checked the date functions at http://www.php.net ?
>
> -----Original Message-----
> From: Shaun [mailto:shaunmania.plus.com]
> Sent: Thursday, May 29, 2003 6:39 AM
> To: php-generallists.php.net
> Subject: [PHP] Date question
>
>
> Hi,
>
> For a given date, how can i find out the date of the day of
> the begining
> of that week?

Have you tried searching the list archives? I'm pretty sure I answered this
one with a strtotime() solution not that long ago, but it wasn't the most
intuitively obvious way to do it. If you can't find that post, let me know
and I'll see if I can dig it out of my Outbox archive.

Cheers!

Mike

attached mail follows:

On Thursday 29 May 2003 22:40, Shaun wrote:
> of course ;)

Try:

    $start_date_ts = time();
    if ('Mon' != date('D', $start_date_ts)) {
      $start_date_ts = strtotime("last monday");
    }
    $start_date = strftime("%Y-%m-%d", $start_date_ts);
    echo $start_date;

Season to taste.

attached mail follows:

Dear List,
I want too create a mail alias, How can I do that?
I am using PHP, Postfix, Cyrus, LDAP. I need to create aliases in
/etc/postfix/aliases file. Can I create usin