NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > PHP Discussion Digest> 2005-10

php-general Digest 4 Oct 2005 05:21:33 -0000 Issue 3718

php-general-digest-helplists.php.net
Date: Tue Oct 04 2005 - 00:21:33 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

php-general Digest 4 Oct 2005 05:21:33 -0000 Issue 3718

Topics (messages 223566 through 223589):

Re: passing a variable with php_self
223566 by: Jeffrey Sambells

Re: Upper case problem
223567 by: John Nichel

Re: Image resizing...
223568 by: Matt Darby
223570 by: Matt Darby

Re: PHP & SOAP for production
223569 by: Ben

Re: session_name("CCLTrolley")
        223571 by: John Taylor-Johnston
        223572 by: Robert Cummings
        223573 by: John Taylor-Johnston
        223574 by: Robert Cummings
        223577 by: John Taylor-Johnston
        223578 by: Robert Cummings
        223579 by: John Taylor-Johnston
        223580 by: John Taylor-Johnston

Making MYSQL's RAND() more random
223575 by: Graham Anderson
223576 by: Greg Donald

Re: creating a shopping cart.
223581 by: Chris W. Parker

Can I call .html file as a form action instead of .php?
        223582 by: MI SOOK LEE
        223583 by: Stephen Johnson
        223584 by: Chris Shiflett
        223585 by: Jasper Bryant-Greene

Handling competing edits in a wiki engine?
        223586 by: Murray . PlanetThoughtful
        223587 by: Jasper Bryant-Greene
        223588 by: Philip Hallstrom

chown function
223589 by: Keith Spiller

Administrivia:

To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net

To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net

To post to the list, e-mail:
php-generallists.php.net

----------------------------------------------------------------------

attached mail follows:

oops, that should be htmlentities, not htmlspecialchars.

- Jeff

On 3-Oct-05, at 11:51 AM, Jeffrey Sambells wrote:
>
> $PHP_SELF should not be used because it will not work without
> register_globals being enabled. Rather, you should use $_SERVER
> ['PHP_SELF'] for it as above however...
>
> Don't forget to check for XSS! Using PHP_SELF you could simply
> change the URL in the browser to:
>
> /path/to/script.php"><script>alert('hello');</script><b "
>
> so always run on htmlspecialchars on PHP_SELF!
>
> <a href="<? echo htmlspecialchars($_SERVER['PHP_SELF']).'?
> action=bigger';?>">
>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jeffrey Sambells
Director of Research and Development
Zend Certified Engineer (ZCE)

We-Create Inc. ~ Internet Solutions
http://wecreate.com
jeffwecreate.com
office: 519.745.7374
cell: 519.897.2552
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Get Mozilla Firefox at http://spreadfirefox.com/community/?
q=affiliates&id=466&t=50

attached mail follows:

Jay Blanchard wrote:
> [snip]
> I am having problems with users who upload text that only contains upper
> case
> letters. For example "SEARCHING FOR". Is there a way to detect this via
> PHP?`
> I would like to have the script return him to the form and inform him that
> this
> is not allowed.
> So basicly I need a sort of regex which does detect upper case letters in a
> row.
> Has anybody ann idea how such an regex could look like?
> [/snip]
>
> /A-Z/
>

/[A-Z]/

Freaking Windows users. ;)

--
John C. Nichel
ÜberGeek
KegWorks.com
716.856.9675
johnkegworks.com

attached mail follows:

Sonia wrote:

>Hi All
>
>I've been working on finishing a project SGML2IMAGE and I am sort of having
>trouble with resizing of images. I am trying to just use the GD library so
>when I distro the package it will not need any other things installed to be
>used. Now I am using...
>
>imagecreatetruecolor ();
>imagecreatefrom___ ();
>imagecopyresampled ();
>image___ ();
>
>But the thumbnails look blurry for any image less than 50% of the original
>image created by the PHP SGML parser. So my question seeing I am not very
>good with the GD library. Am I using the best functions to do the resize or
>should I be using some other image function(s) that may give better results!
>To give you a idea of what I am doing see the demo running on my note
>book....
>
>http://24.218.192.217/capture.php
>
>Thanks....
>
>sonia
>
>
>
Here is the method I use:

            $destimg=imagecreatetruecolor($aspect_w, $aspect_h);
            $srcimg=imagecreatefromjpeg($path.$files[$i]);
            imageantialias($destimg,true);

imagecopyresized($destimg,$srcimg,0,0,0,0,$aspect_w,$aspect_h,ImageSX($srcimg),ImageSY($srcimg));
            imagejpeg($destimg,$dest_dir.$image_name);

imageantialias() might do some good in your case.

HTH!
Matt Darby

attached mail follows:

Sonia wrote:

Matt Darby

attached mail follows:

Reuben D. Budiardja said the following on 10/01/05 14:41:
> Hello,
> On Saturday 01 October 2005 17:13, jonathan wrote:
>
>>you could try the native SOAP extension in php5.

>
> I've looked at the php.net and saw "(no version information, might be only in
> CVS)" in the docs. So is this already in the released version of PHP 5 or
> not ?

Yes, already in the release version:
http://ca3.php.net/manual/en/ref.soap.php

For php4 try nusoap:
http://sourceforge.net/projects/nusoap/

- Ben

attached mail follows:

Excellent. Thanks. I think I follow what you have done. But to clarify,
and learn, what are you doing with -= ?
$trolley[$item] -= $quantity;
Likewise, i had not followed what you were doing with the lines I
commented out. They did not seem to work, and I succeeded in doing what
I wanted without them. I'm a prof, as you can tell, and always have a
question for an answer ;).
Thanks for your time and patience,
John

   //Delete an entry:
   if( isset( $_SESSION['TrolleyContents'][$_POST['RNum']] ) )
   {
   # $_SESSION['TrolleyContents'][$_POST['RNum']] -= 1;
   # if( $_SESSION['TrolleyContents'][$_POST['RNum']] <= 0 )
   # {
           unset( $_SESSION['TrolleyContents'][$_POST['RNum']] );
   # }
   }

Robert Cummings wrote:

> On Sun, 2005-10-02 at 01:01, Robert Cummings wrote:
>
>> If you go with an array system might I suggest the following change to
>> what I wrote:
>
>
> I'm resending a better way to do the simple trolley since you seemed to
> have created a Frankensteinian merge of the two examples I sent
> previously.
> if( isset( $trolley[$item] ) )
> {
> $trolley[$item] -= $quantity;
>
> if( $trolley[$item] < 1 )
> {
> unset( $trolley[$item] );
> }
> }

attached mail follows:

On Mon, 2005-10-03 at 14:11, John Taylor-Johnston wrote:
> Excellent. Thanks. I think I follow what you have done. But to
> clarify, and learn, what are you doing with -= ?
> $trolley[$item] -= $quantity;
> Likewise, i had not followed what you were doing with the lines I
> commented out. They did not seem to work, and I succeeded in doing
> what I wanted without them. I'm a prof, as you can tell, and always
> have a question for an answer ;).
> Thanks for your time and patience,
> John

> > if( isset( $trolley[$item] ) )

"isset" checks that the item with ID $item is in the trolley. No need to
decrease the quantity if it's not there.

> > {
> > $trolley[$item] -= $quantity;

The expression:

$trolley[$item] -= $quantity;

is a short form for the following:

$trolley[$item] = $trolley[$item] - $quantity;

Essentially we decrease the quantity of the given item by $quantity.

> > if( $trolley[$item] < 1 )
> > {

Above we check if we subtracted more items than is physically possible
:)

> > unset( $trolley[$item] );

If there are 0 or less items then there's no point having 0 of the item
in the trolley, so we unset the item from the array, which essentially
removes it completely. To view the difference at each step you can do
the following:

<?php

if( isset( $trolley[$item] ) )
{
echo "Trolley before removing $quantity of $item<br />";
trolleyPrint();

$trolley[$item] -= $quantity;

echo "Trolley after removing $quantity of $item<br />";
trolleyPrint();

    if( $trolley[$item] < 1 )
    {
        unset( $trolley[$item] );

        echo "Trolley after cleaning up empty entry for $item<br />";
        trolleyPrint();
    }
}

Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'

attached mail follows:

Is that over kill? No matter how I slam it, still referring to my
Frankensteinian merge, "unset" does the job.
http://testesp.flsh.usherbrooke.ca/db/trolley.php
But then again, I will not require a quanity of items. The visitor will
only want one copy of a bibliographic entry :-\ - I hope?!
You were checking to see if there was a greater than 1 quantity of
post[RNum], right?
Thanks,
John

    //Delete an entry:
    if( isset( $_SESSION['TrolleyContents'][$_POST['RNum']] ) )
    {
    # $_SESSION['TrolleyContents'][$_POST['RNum']] -= 1;
    # if( $_SESSION['TrolleyContents'][$_POST['RNum']] <= 0 )
    # {
            unset( $_SESSION['TrolleyContents'][$_POST['RNum']] );
    # }
    }

Robert Cummings wrote:

>>Thanks for your time and patience,
>>John
>>
>>
>The expression:
> $trolley[$item] -= $quantity;
>is a short form for the following:
> $trolley[$item] = $trolley[$item] - $quantity;
>Essentially we decrease the quantity of the given item by $quantity.
>if( $trolley[$item] < 1 )
>{
>#Above we check if we subtracted more items than is physically possible
>unset( $trolley[$item] );
>#If there are 0 or less items then there's no point having 0 of the item
>#in the trolley, so we unset the item from the array, which essentially
>#removes it completely. To view the difference at each step you can do
>#the following:
>
><?php
>
>if( isset( $trolley[$item] ) )
>{
> echo "Trolley before removing $quantity of $item<br />";
> trolleyPrint();
>
> $trolley[$item] -= $quantity;
>
> echo "Trolley after removing $quantity of $item<br />";
> trolleyPrint();
>
> if( $trolley[$item] < 1 )
> {
> unset( $trolley[$item] );
>
> echo "Trolley after cleaning up empty entry for $item<br />";
> trolleyPrint();
> }
>}
>
>?>
>
>Cheers,
>Rob.
>
>

--
John Taylor-Johnston
-----------------------------------------------------------------------------
"If it's not Open Source, it's Murphy's Law."

' ' ' Collège de Sherbrooke:
ô¿ô http://www.collegesherbrooke.qc.ca/languesmodernes/
- 819-569-2064

°v° Bibliography of Comparative Studies in Canadian, Québec and Foreign Literatures
/(_)\ Université de Sherbrooke
^ ^ http://compcanlit.ca/ T: 819.569.2064

attached mail follows:

On Mon, 2005-10-03 at 14:51, John Taylor-Johnston wrote:
> Is that over kill? No matter how I slam it, still referring to my
> Frankensteinian merge, "unset" does the job.
> http://testesp.flsh.usherbrooke.ca/db/trolley.php
> But then again, I will not require a quanity of items. The visitor will
> only want one copy of a bibliographic entry :-\ - I hope?!
> You were checking to see if there was a greater than 1 quantity of
> post[RNum], right?

Yep the frankensteinian version should work fine if you never want a
quantity greater than one, I was just trying to head off problems before
they occurred, but confused the issue since you don't need quantities :)

I took a look at your link and it appears to be working fine, though you
haven't yet wired up the viewcart.php page :)

attached mail follows:

Robert Cummings wrote:
>I took a look at your link and it appears to be working fine, though you
>haven't yet wired up the viewcart.php

When I create viewcart.php, what is the best way to extract and display
the contents of $_SESSION['TrolleyContents'] ?

Do I use my $sql value?
or in my while statement where
$mydata->RNum = $_SESSION['TrolleyContents'][??]] echo $mydata->RNum,
$mydata->field1, $mydata->field2

Do I implode or explode $_SESSION['TrolleyContents']?

John

$myconnection = mysql_connect($server,$user,$pass);
mysql_select_db($db,$myconnection);
$sql = select * where RNum ... ?
$news = mysql_query($sql1) or die ...
    while ($mydata = mysql_fetch_object($news))
    {
while $_SESSION['TrolleyContents'][??]
echo $mydata->RNum -
    }

echo implode( ',', $_SESSION['TrolleyContents'] ); gives me a comma
delimited.
http://ca3.php.net/explode
http://ca3.php.net/implode

attached mail follows:

On Mon, 2005-10-03 at 16:38, John Taylor-Johnston wrote:
> Robert Cummings wrote:
> >I took a look at your link and it appears to be working fine, though you
> >haven't yet wired up the viewcart.php
>
> When I create viewcart.php, what is the best way to extract and display
> the contents of $_SESSION['TrolleyContents'] ?
>
> Do I use my $sql value?
> or in my while statement where
> $mydata->RNum = $_SESSION['TrolleyContents'][??]] echo $mydata->RNum,
> $mydata->field1, $mydata->field2
>
> Do I implode or explode $_SESSION['TrolleyContents']?

Use "foreach" to traverse the array and display each trolly entry nicely
(probably as you do in the search results).

attached mail follows:

In the search results, I use something longwinded:

You are talking about doing this, below. It looks a little clunky,
doesn't it?

foreach ($_SESSION['TrolleyContents'] as $value) {

$sql = "select * where RNum= $value";
$news = mysql_query($sql1) or die ...
   while ($mydata = mysql_fetch_object($news))
   {
   echo "$mydata->RNum - $mydata->field1: $mydata->field2.";
   }
}

Thanks,
John

Robert Cummings wrote:

>On Mon, 2005-10-03 at 16:38, John Taylor-Johnston wrote:
>
>
>>Robert Cummings wrote:
>> >I took a look at your link and it appears to be working fine, though you
>> >haven't yet wired up the viewcart.php
>>
>>When I create viewcart.php, what is the best way to extract and display
>>the contents of $_SESSION['TrolleyContents'] ?
>>
>>Do I use my $sql value?
>>or in my while statement where
>>$mydata->RNum = $_SESSION['TrolleyContents'][??]] echo $mydata->RNum,
>>$mydata->field1, $mydata->field2
>>
>>Do I implode or explode $_SESSION['TrolleyContents']?
>>
>>
>
>Use "foreach" to traverse the array and display each trolly entry nicely
>(probably as you do in the search results).
>
>
>

attached mail follows:

>Use "foreach" to traverse the array and display each trolly entry nicely

This might be cleaner? I'm not sure if I'm using while and list right,
but somehting like that?

$glquery = mysql_query($sql);
while ($mydata = mysql_fetch_object($glquery)) {

  while (list($_SESSION['TrolleyContents'], $value) = $mydata->RNum)
  {
  echo "$mydata->RNum - $mydata->field1: $mydata->field2.";
  }

}

attached mail follows:

what would be the best way to make MYSQL's RAND() more random ?

my random result set always seems pretty predictable. The first record
in the result set always seems to be the same 4 tracks :(
Would adding some kind of random seed like RAND($randomNumberGenerator)
work ?
If so, how do you implement this ?

$sql = "SELECT media.id,
         artist.name as artist,
         artist.spanish as bio,
         artist.purchaseLink,
         artist.picture,
         media.spanish as trackName,
         media.path,
         media.quality,
         mediaType.id as mediaType
         FROM artist, media, playlistItems, mediaType
         WHERE playlistItems.playlist_id = $myID
         AND playlistItems.media_id = media.id
         AND media.artist_id = artist.id
         AND media.mediaType_id = mediaType.id
         ORDER BY RAND($randomSeed) LIMIT 0, 30";

many thanks in advance

attached mail follows:

On 10/3/05, Graham Anderson <grahamasiren.cc> wrote:
> what would be the best way to make MYSQL's RAND() more random ?

http://dev.mysql.com/doc/mysql/en/mathematical-functions.html:

<snip>
RAND() is not meant to be a perfect random generator, but instead a
fast way to generate ad hoc random numbers that is portable between
platforms for the same MySQL version.
</snip>

You might try pulling the results into a PHP array and then use PHP's
random functions instead. I always got good randomness with
mt_rand().

--
Greg Donald
Zend Certified Engineer
MySQL Core Certification
http://destiney.com/

attached mail follows:

Jay Blanchard <mailto:jay.blanchardTHERMON.com>
on Monday, October 03, 2005 5:30 AM said:

> A basic flowchart could have helped you to answer your question and
> broken down the processes into their componenet parts. Heck, you
> don't even need fancy flowcharting software...just write down the
> steps.

Believe it or not (you who have not actually used a flowchart for
planning your code) you really *will* find flaws before you waste time
coding.

Another thing I've found is that it's not important to get hung up on
what-shapes-do-what* in your flowchart. Just start making the chart and
revising it as necessary, putting as much detail as you can.

Chris.

* Except for diamonds being logic gates (e.g. is the value hot or cold?
yes/no), hotdogs being beginning and ending markers of a
process/function/page, and squares being a process itself (e.g. "add 5
to the variable"). Having those in mind will help you keep things
organized. You can later branch out into all the other shapes.

attached mail follows:

Hello,
Some guy told me that I can call the .html file as a form action instead of
..php file.
So he said I could do something like this,
echo "<td><a href=\"editStaff.html?id=$id\">Edit</a></td>";

instead
echo "<td><a href=\"editStaff.php?id=$id\">Edit</a></td>";

editStaff.html and editStaff.php have the same content, only the file name
is different. But if I do the former way(call editStaff.html as a form
action), it doesn't work. It calls some files but looks horrible.
So the advice of the guy was wrong, or did I do something wrong?

Thanks,

attached mail follows:

This should work fine -- more then likely you do not have your apache (or
whatever web server you use) configured to allow .html files to be parsed as
php files.

You will need to update your web server configuration.

On 10/3/05 6:31 AM, "MI SOOK LEE" <lmsook10hotmail.com> wrote:

> Hello,
> Some guy told me that I can call the .html file as a form action instead of
> ..php file.
> So he said I could do something like this,
> echo "<td><a href=\"editStaff.html?id=$id\">Edit</a></td>";
>
> instead
> echo "<td><a href=\"editStaff.php?id=$id\">Edit</a></td>";
>
> editStaff.html and editStaff.php have the same content, only the file name
> is different. But if I do the former way(call editStaff.html as a form
> action), it doesn't work. It calls some files but looks horrible.
> So the advice of the guy was wrong, or did I do something wrong?
>
> Thanks,

--
Stephen Johnson
The Lone Coder

http://www.ouradoptionblog.com
*Join us on our adoption journey*

stephenthelonecoder.com
http://www.thelonecoder.com

*Continuing the struggle against bad code*
--

attached mail follows:

MI SOOK LEE wrote:
> Some guy told me that I can call the .html file as a form action
> instead of .php file.

You can, but unless you configure your web server to consider .html
files to be PHP scripts, it doesn't make much sense. HTML documents are
static, so you wouldn't be able to do anything with the data.

Hope that helps.

Chris

--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/

attached mail follows:

Chris Shiflett wrote:
> MI SOOK LEE wrote:
>
>> Some guy told me that I can call the .html file as a form action
>> instead of .php file.
>
>
> You can, but unless you configure your web server to consider .html
> files to be PHP scripts, it doesn't make much sense. HTML documents are
> static, so you wouldn't be able to do anything with the data.

Two things to add:

1/ Setting your webserver to consider all .html files to be PHP scripts
is good and bad. It is sometimes considered good because it hides the
fact that you're using PHP from potential attackers (but they'd have to
know about a vulnerability in PHP first, so as long as you keep
up-to-date...), but it's sometimes bad because it causes PHP to process
all HTML files, even if they don't have any PHP in them, which slows
things down.

2/ Passing parameters in the query string to a static HTML page can very
occasionally be useful if you intend to do something with those
parameters in JavaScript.

--
Jasper Bryant-Greene
Freelance web developer
http://jasper.bryant-greene.name/

attached mail follows:

Hi All,

I've recently been working on building my own wiki engine for my blog
site. While the majority of the engine is complete, a remaining concern
I have is how to handle competing edits (ie when two or more people are
editing the same wiki page simultaneously).

I'm wondering if anyone else on the list has given this some thought?
How would / do you handle competing edits to the same entry in a wiki
application?

Just to add a little extra information: all 'edits' are in fact
'inserts'. Entries are stored in a mysql table. The engine simply
displays the most recent record for the entry being viewed. This is, of
course, to allow for retrieval of an historical version of the entry
should one or more entries be vandalized.

Much warmth,

Murrray PlanetThoughftul
---
"A man, a canoe, and a dream to climb Mt Everest..."
http://www.planetthoughtful.org

attached mail follows:

Murray PlanetThoughtful wrote:
> I've recently been working on building my own wiki engine for my blog
> site. While the majority of the engine is complete, a remaining concern
> I have is how to handle competing edits (ie when two or more people are
> editing the same wiki page simultaneously).
>
> I'm wondering if anyone else on the list has given this some thought?
> How would / do you handle competing edits to the same entry in a wiki
> application?

Just like Wikipedia -- that is, send a timestamp in a hidden form field
with the edit box. When the form is submitted, throw an error if there
is an edit more recent than that timestamp (an "edit conflict").

If your pages have sections, like Wikipedia's, then you can configure
your software to only throw an error if there is an edit conflict with
that section.

Also, it's probably a good idea to make use of transactions in an
ACID-compliant storage engine like MySQL's InnoDB, if possible.

--
Jasper Bryant-Greene
Freelance web developer
http://jasper.bryant-greene.name/

attached mail follows:

> I've recently been working on building my own wiki engine for my blog
> site. While the majority of the engine is complete, a remaining concern
> I have is how to handle competing edits (ie when two or more people are
> editing the same wiki page simultaneously).
>
> I'm wondering if anyone else on the list has given this some thought?
> How would / do you handle competing edits to the same entry in a wiki
> application?
>
> Just to add a little extra information: all 'edits' are in fact
> 'inserts'. Entries are stored in a mysql table. The engine simply
> displays the most recent record for the entry being viewed. This is, of
> course, to allow for retrieval of an historical version of the entry
> should one or more entries be vandalized.

Seems like you have a couple of choices.

1 - Lock the page when the first user edits it until they save their
changes. Has the advantage that it's pretty easy code-wise. The
disadvantage being that if that first user leaves, but doesn't save/cancel
his edit, how/when do you decide to release lock? This would be similar
to how Visual Source Safe or RCS does it.

2 - Allow shared edits and programatically merge the changes back into the
master document. This is how CVS does it. So you could do something like
this:

- user A starts editing document.

- user B starts editing document.

- user A saves his changes. this copy is now the most recent as the
system would check to see that no changes were made to the "master copy"
while user A was making changes.

- user B saves his changes. the system would see that the "master copy"
had been updated and would merge the changes into B's copy and save that.

In this last step you could do it a couple of different ways.

When user B saves his changes, the system could create a diff file between
the most recent version of the document and the one that was the basis for
B's changes -- this would be the changes user A made. Then you could
merge those changes into B's document. If there was a conflict (ie. user
A and user B made changes to the same line) user B would have to resolve
the differences. This is exactly how CVS handles it.

Or, you could just create a diff file and make user B manually apply the
patch until he's happy.

If you have access to a unix box take a look at the 'diff' and 'patch'
commands...

good luck!

attached mail follows:

Hello,

I'm using:

chown("$endpath", "admin");

to try to change the owner of directories after using mkdir()
to create them. It continues to fail on my remote Fedora server.

I know the path is correct because mkdir() works perfectly.
Apache sets the owner as 48 when the directory is created.

I am not running in safe mode.

The php.net documentation does not make certain things
clear to me... For example, do I need to be using a user id
number instead of a name? Will the chown only work if
the server is setup as a super user?

Any help would be greatly appreciated.

Larentium

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]