NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > PHP Discussion Digest> 2005-11

php-general Digest 12 Nov 2005 02:50:18 -0000 Issue 3789

php-general-digest-helplists.php.net
Date: Fri Nov 11 2005 - 20:50:18 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

php-general Digest 12 Nov 2005 02:50:18 -0000 Issue 3789

Topics (messages 225608 through 225662):

Re: PHP 5 && OO && performance && exceptions
225608 by: cron.odi.com.br
225611 by: Jochem Maas

Re: security code
        225609 by: Jochem Maas
        225610 by: Gustavo Narea
        225612 by: Gustavo Narea
        225614 by: Edward Vermillion
        225621 by: Richard Lynch

Re: php session in ie
        225613 by: Stephen Leaf
        225615 by: M
        225622 by: sunaram patir
        225623 by: Richard Lynch
        225628 by: sunaram patir
        225633 by: Richard Lynch
        225634 by: Richard Lynch
        225639 by: sunaram patir
        225640 by: sunaram patir
        225641 by: Richard Lynch
        225642 by: Andras Kende
        225657 by: Stephen Leaf

Cannot find bison and Flex even when those are installed
        225616 by: Jurgen
        225618 by: Dan McCullough
        225619 by: Jurgen
        225620 by: Jurgen
        225643 by: Gustavo Narea

Re: a code question..??
        225617 by: bruce
        225625 by: comex
        225630 by: Richard Lynch
        225631 by: Richard Lynch

Re: sending/notifying a server process
225624 by: Richard Lynch

Re: Array_merge, safety and race condition?
225626 by: Richard Lynch

Re: Unable to send variables to MySQL table
225627 by: Satyam

Re: Inserting a NULL value into MySQL via PHP
225629 by: Richard Lynch

Changing databases from MySQL to Oracle
        225632 by: Janet Smith
        225635 by: Jay Blanchard
        225637 by: Bernhard Janetzki
        225638 by: Bernhard Janetzki

Re: Security Issues - Where to look?
225636 by: GamblerZG

arrays question
225644 by: cybermalandro cybermalandro
225654 by: Brent Baisley

Re: DOMDocument needs a way to format XML code
        225645 by: Daevid Vincent
        225652 by: Rob Richards
        225653 by: Daevid Vincent

fopen on windows
        225646 by: Jay Blanchard
        225647 by: Jasper Bryant-Greene
        225648 by: Jay Blanchard
        225649 by: Jasper Bryant-Greene
        225650 by: Nathan Tobik
        225651 by: Jay Blanchard

Filtering and Escaping (Was: Select and $_POST)
225655 by: Chris Shiflett
225656 by: Jasper Bryant-Greene

What is the purpose of sessions extension?
225658 by: GamblerZG
225660 by: Jasper Bryant-Greene

Re: Select and $_POST
225659 by: GamblerZG

Question about session
225661 by: Bagus Nugroho
225662 by: Esteamedpw.aol.com

Administrivia:

To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net

To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net

To post to the list, e-mail:
php-generallists.php.net

----------------------------------------------------------------------

attached mail follows:

Some more thought.

To solve this problem would be necessary to create some utility class like
System in java and that way should be possible to do a System::echo($string)
based on type, i guess this can be accomplished using overloading.

Am I making any sense?

----- Original Message -----
From: <cronodi.com.br>
To: <php-generallists.php.net>
Sent: Thursday, November 10, 2005 6:47 PM
Subject: Re: [PHP] PHP 5 && OO && performance && exceptions

> I was not considering that, I was using $obj_string->getValue(), the
> __toString method and type casting could save me some keystrokes :)
>
>
>
> Anyway, did you abandon the development with the basic types class?
>
>
>
> Angelo
>
>
>
> ----- Original Message -----
> From: "Jake Gardner" <gardner.jakegmail.com>
> To: <cronodi.com.br>
> Sent: Wednesday, November 09, 2005 1:37 PM
> Subject: Re: [PHP] PHP 5 && OO && performance && exceptions
>
>
> I myself was considering creating classes such as String, but I ran
> into more basic problems before performance, for example:
>
> class String {
> protected $Value;
> function __construct($Value) {
> $this->Value = $Value;
> }
> }
> $SomeString = new String("Hello World!");
> Print($SomeString); // Does not print "Hello World!"
>
> The way around this was still unsatisfactory:
> class String {
> protected $Value;
> function __construct($Value) {
> $this-> Value = $Value;
> }
> function __toString() {
> return $this->Value;
> }
> }
> $SomeString = new String("Hello World!");
> Print($SomeString); // Prints "Hello World!"
>
> Because this has obvious limitations, and is only a fix for strings;
> this doesnt work for functions that expect integer values.
>
> In reality, there really is no way to use PHP to rewrite a type in PHP
> without using the PHP "omni-type".
>
> However, you can use type casting as it is:
>
>
http://us2.php.net/manual/en/language.types.type-juggling.php#language.types.typecasting
>
> http://us2.php.net/manual/en/function.settype.php
>
>
> On 11/9/05, cronodi.com.br <cronodi.com.br> wrote:
> > Hello,
> >
> >
> >
> > Currently I'm make some utilities classes and I took the idea from java
to
> > make some wrappers class like String, Integer and so on. This allows me
to
> > use the type hint for basic types in php. Anyone have a clue if
replacing
> > the all in one type in php for objects types will degrade the
performance?
> >
> >
> >
> > Also for every controller class that I'm making I'm also making
exceptions
> > class of every error that it can generate. Same questions: It will
> > degrade performance to throw an exception instead of lest say a pear
error
> > or return false?
> >
> >
> >
> > Just for know, I'm doing this because I believe that it will eliminate
> > some o problems o development and will eliminate some basic validations.
> >
> >
> >
> >
> >
> > Any tips appreciate
> >
> >
> >
> > Angelo
> >
> >
> >
> >
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

attached mail follows:

read the internals archive - there is a chap there who is developing an php module
that makes objects wrappers for basic types available.

but imho:

$str = new String("W T F !!!!!!!!!!!!!!!!!!");
echo $str->getValue(), $str, $str->__toString();

is just a bit OTT. also creating and rolling out (to a group of
developers) a set of classes to use in place of basic types on the basis
of a _belief_ that it may eliminate some development errors seems to be
not an unsound basis for such as decision.

chances are that half the time developers will 'forget' the
'basetype' classes, your dealing with egos you know :-).

but then again maybe in a couple of years we will only have objects to
represent types - although so long as at least Rasmus is 'on the bridge'
of starship NCC-17-PHP I imagine that won't be happening - IFAIR the creator is a fan
of straigtforward procedural code in most cases - apologies to Rasmus if I misread him.

cronodi.com.br wrote:
> Some more thought.
>
>
>
> To solve this problem would be necessary to create some utility class like
> System in java and that way should be possible to do a System::echo($string)
> based on type, i guess this can be accomplished using overloading.
>
>
>
> Am I making any sense?
>
>
>
> ----- Original Message -----
> From: <cronodi.com.br>
> To: <php-generallists.php.net>
> Sent: Thursday, November 10, 2005 6:47 PM
> Subject: Re: [PHP] PHP 5 && OO && performance && exceptions
>
>
>
>>I was not considering that, I was using $obj_string->getValue(), the
>>__toString method and type casting could save me some keystrokes :)
>>
>>
>>
>>Anyway, did you abandon the development with the basic types class?
>>
>>
>>
>>Angelo
>>
>>
>>
>>----- Original Message -----
>>From: "Jake Gardner" <gardner.jakegmail.com>
>>To: <cronodi.com.br>
>>Sent: Wednesday, November 09, 2005 1:37 PM
>>Subject: Re: [PHP] PHP 5 && OO && performance && exceptions
>>
>>
>>I myself was considering creating classes such as String, but I ran
>>into more basic problems before performance, for example:
>>
>>class String {
>> protected $Value;
>> function __construct($Value) {
>> $this->Value = $Value;
>> }
>>}
>>$SomeString = new String("Hello World!");
>>Print($SomeString); // Does not print "Hello World!"
>>
>>The way around this was still unsatisfactory:
>>class String {
>> protected $Value;
>> function __construct($Value) {
>> $this-> Value = $Value;
>> }
>> function __toString() {
>> return $this->Value;
>> }
>>}
>>$SomeString = new String("Hello World!");
>>Print($SomeString); // Prints "Hello World!"
>>
>>Because this has obvious limitations, and is only a fix for strings;
>>this doesnt work for functions that expect integer values.
>>
>>In reality, there really is no way to use PHP to rewrite a type in PHP
>>without using the PHP "omni-type".
>>
>>However, you can use type casting as it is:
>>
>>
>
> http://us2.php.net/manual/en/language.types.type-juggling.php#language.types.typecasting
>
>>http://us2.php.net/manual/en/function.settype.php
>>
>>
>>On 11/9/05, cronodi.com.br <cronodi.com.br> wrote:
>>
>>>Hello,
>>>
>>>
>>>
>>>Currently I'm make some utilities classes and I took the idea from java
>
> to
>
>>>make some wrappers class like String, Integer and so on. This allows me
>
> to
>
>>>use the type hint for basic types in php. Anyone have a clue if
>
> replacing
>
>>>the all in one type in php for objects types will degrade the
>
> performance?
>
>>>
>>>
>>>Also for every controller class that I'm making I'm also making
>
> exceptions
>
>>>class of every error that it can generate. Same questions: It will
>>>degrade performance to throw an exception instead of lest say a pear
>
> error
>
>>>or return false?
>>>
>>>
>>>
>>>Just for know, I'm doing this because I believe that it will eliminate
>>>some o problems o development and will eliminate some basic validations.
>>>
>>>
>>>
>>>
>>>
>>>Any tips appreciate
>>>
>>>
>>>
>>>Angelo
>>>
>>>
>>>
>>>
>>>
>>
>>--
>>PHP General Mailing List (http://www.php.net/)
>>To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>
>

attached mail follows:

shucks, now your getting all pedantic. I really don't think that a few words
and well meant principles should be getting in the way of world-domination and/or
global-brainwashing aspirations of a couple of media-cartels. ;-)

>
> I mean, it's all very well to discriminate against those people way
> far away whom you will never see in the first place, but they're not
> any farther away any more, are they? :-^
> [tongue firmly planted in cheek, folks!]
>
> And if you are a large corporation, you very well may be subject to
> laws with significant risks attached ($$$) for not being accessible.
> Google for "Olympic Committee blind user Australia big fine" for more
> on that topic. That alone makes it worth considering.
>
> Probably the best reason not to use CAPTCHA is that it can already be
> bypassed by OCR in most cases by a determined person. (Google for it)
>
> That means that within a very short period of time, script kiddies and
> web-POST-spammers [*] will have OCR anti-CAPTCHA technology rolled
> into their tool-kits.
>
> Another very good reason is that even normal users have a not-so-good
> experience with the damn things. I've gotten way too many
> indecipherable images and had to click multiple times to get one that
> was usuable in a single session for some stupid forum post I wanted to
> contribute. Not my idea of a pleasant web-surfing experience.
> Certainly not something that makes me want to contribute more to that
> site.
>
> I slapped a CAPTCHA (bad, home-rolled) into a guestbook on a site that
> had been targetted and was getting hundreds of junk posts a day -- but
> it's not something I deploy as a matter of course. And I don't expect
> it to survive more than a year before I have to just get rid of the
> guestbook. (Assuming the client keeps the site up at all, which is
> under review.)
>
> * So, is there a term for the web moral-equivalent of "spammer"?
> Those link-farm visitors who clutter up your site. blammers, perhaps?
> (blog-spammers).

blammer just doesn't sound evil enough ;-).
for the rest, good stuff, as usual, Richard :-)

attached mail follows:

Hello.

Richard Lynch wrote:
> On Thu, November 10, 2005 10:45 am, Gustavo Narea wrote:
>
>>CAPTCHA tests are indispensables. The problem comes when you *only*
>>use
>>visual tests (such as "visual turing numbers").
>>
>>If you need CAPTCHA tests, you may use them both visuals and audibles.
>>This is a good example: https://www.e-gold.com/acct/login.html
>
>
> So the user who is both blind AND deaf?
>
> Or the blind user who is at a library computer with no audio output?

You may find many possible solutions on the web-page I suggested. For
example: Logic puzzles
<http://www.w3.org/TR/2003/WD-turingtest-20031105/#logic>.

As I said previously, It depends on the target of your website. For
instance, if your website is for web designers, you may only need to use
visual turing numbers: They must have a user agent which is able to
process images and I cannot imagine a blind web designer.

On the other hand, if your website is for programmers, you may want to
know that programmers can be blind (although you won't take this into
account): http://www.blindprogramming.com

> I saw some research where out of four people with "normal" hearing,
> all four were unable to distinguish the crappy audio output into the
> correct word and use a site.
>
> Granted, a very small sample, and the audio from the test site may
> well have been at the low end of the spectrum for quality. But it was
> a real site, and these were just regular people roped in for a test of
> the audio's usefulness.
>
> As "cool" as CAPTCHA seems at first, I don't think it's going to be a
> long-term solution.

In the meantime, I think It's the best we can do.

Best regards.

--
Gustavo Narea.
PHP Documentation - Spanish Translation Team.
Valencia, Venezuela.

attached mail follows:

Hello.

Richard Lynch wrote:
> On Thu, November 10, 2005 10:11 am, Jochem Maas wrote:
>
>><rant mode="troll" sarcasm="true" anger="+3" replies="duck">
>
> ...
>
>>or put another way - is there a good reason why the web should be any
>>less
>>discriminating than the rest of society.
>
>
> Yes.
>
> It's the WORLD WIDE WEB.
>
> I mean, it's all very well to discriminate against those people way
> far away whom you will never see in the first place, but they're not
> any farther away any more, are they? :-^
> [tongue firmly planted in cheek, folks!]

Yes, I agree with you here.

> And if you are a large corporation, you very well may be subject to
> laws with significant risks attached ($$$) for not being accessible.
> Google for "Olympic Committee blind user Australia big fine" for more
> on that topic. That alone makes it worth considering.

But it depends on the country. It should be something international.

At least in Venezuela, It isn't so.

> Another very good reason is that even normal users have a not-so-good
> experience with the damn things.

I agree with you. On the other hand, in many sites, visual turing
numbers are very hard to understand.

Regards.

--
Gustavo Narea.
PHP Documentation - Spanish Translation Team.
Valencia, Venezuela.

attached mail follows:

Gustavo Narea wrote:
> Hello.
>

[snip]

> As I said previously, It depends on the target of your website. For
> instance, if your website is for web designers, you may only need to use
> visual turing numbers: They must have a user agent which is able to
> process images and I cannot imagine a blind web designer.
>

Well, that's debatable, even among the designers who have use of their
eyes. ;)

But all kidding aside, I have met one and I'm sure that there are
others. Who better to design an accessible site than a designer who
experiences the same difficulties as other impaired web surfers.

attached mail follows:

On Fri, November 11, 2005 8:47 am, Gustavo Narea wrote:
> On the other hand, if your website is for programmers, you may want to
> know that programmers can be blind (although you won't take this into
> account): http://www.blindprogramming.com

What I found most interesting about this site:

PHP's total presence there is one (1) link to a site with one (1)
on-line tutorial from 2002...

Which, as far as I can tell, is not particularly enhanced for the
vision-impaired.

Hopefully this is not actually an authoritative reference.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

For security.. *never* store the password in a cookie..
if you must... instead do some sort of encryption on it and some other value
store that and use it for verification.

On Friday 11 November 2005 05:43 am, sunaram patir wrote:
> Hi, i am having problem with internet explorer. i am working on a
> project on building a website where i need to keep track of the users
> i.e. i use a login system in there in short. with the following code i
> check whether the user is logged in or not.
> <?php
> session_start();
>
> $_SESSION['myurl']=$_SERVER['PHP_SELF'];
> if(!isset($_SESSION['student_username']) &&
> !isset($_SESSION['student_password']))
> header("Location: login.php");
> ?>
>
> if the user is not logged in, it redirects to the login page login.php
> as is shown in the above code. now the user is allowed to log in
> through the following code:
>
>
> <?php
> session_cache_limiter('private_no_expire');
> session_set_cookie_params(0,"/","schools.zenrays.com");
> session_start();
> $auth=false;
> ................
> ................
> ................
>
> if($auth){
> $_SESSION["student_username"]=$Effectivelogin;
> $_SESSION["student_password"]=$pass;
> if(isset($_SESSION['myurl']))
> header("Location:
> http://schools.zenrays.com".$_SESSION['myurl']); else
> header("Location: http://schools.zenrays.com/students");
>
> }
>
> it works fine in firefox and msn explorer. in internet explorer, when
> i visit to a
> link in any page it asks for the login details again. could anyone
> please help me out?!
> regards,
> sunaram

attached mail follows:

Stephen Leaf wrote:
> For security.. *never* store the password in a cookie..

OP stores the password in session

attached mail follows:

i will for sure. thanks.
On 11/11/05, M <listsgazelasport.sk> wrote:
> Stephen Leaf wrote:
> > For security.. *never* store the password in a cookie..
>
> OP stores the password in session
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

attached mail follows:

On Fri, November 11, 2005 5:20 am, sunaram patir wrote:
> session_start();

This one here... (see below)

> header("Location: login.php");

Not crucial, but you'd save some HTTP connections by just doing:

require 'login.php';
exit;

instead of bouncing the user's agent back and forth

> session_cache_limiter('private_no_expire');
> session_set_cookie_params(0,"/","schools.zenrays.com");
> session_start();

... will probably not match this one here.

You've set the Cookie Parameters here to very specific values.

You should do that consitently on every session_start() to make sure
your site's cookies are always operating under the same conditions.

> if(isset($_POST['submit'])){
> include("../database.inc");
> $login=trim($_POST['login']);
> $pass=trim($_POST['pass']);
> $Effectivelogin=strtoupper($login);
> $auth=false;

You really ought to do more validation than that...
http://php.net/mysql_real_escape_string

Possibly limit 'login' to alphanumeric and 'pass' to non-control
characters.

> then the user is redirected back to the page he visited. it workd fine

You also won't need to re-direct the user back to what they wanted --
The URL will already be what they asked for when the login works.
Change the ACTION= to ACTION="<?php echo $_SERVER['PHP_SELF']?>"

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

>
> instead of bouncing the user's agent back and forth
>
> > session_cache_limiter('private_no_expire');
> > session_set_cookie_params(0,"/","schools.zenrays.com");
> > session_start();
>
> ... will probably not match this one here.
>
> You've set the Cookie Parameters here to very specific values.
>
> You should do that consitently on every session_start() to make sure
> your site's cookies are always operating under the same conditions.
i included the tfollowing two lines to my starting script on each
page, but still not working
session_cache_limiter('private_no_expire');
session_set_cookie_params(0,"/","schools.zenrays.com");
when i call var_dump($_COOKIE), it returns null. i can't make out
what's happening!

attached mail follows:

He's not storing the password in a Cookies.

He's storging it in a $_SESSION

Which is still a Risk, especially on a shared server, but it's not
necessarily in the category of "Never do this"

On Fri, November 11, 2005 9:48 am, Stephen Leaf wrote:
> For security.. *never* store the password in a cookie..
> if you must... instead do some sort of encryption on it and some other
> value
> store that and use it for verification.
>
> On Friday 11 November 2005 05:43 am, sunaram patir wrote:
>> Hi, i am having problem with internet explorer. i am working on a
>> project on building a website where i need to keep track of the
>> users
>> i.e. i use a login system in there in short. with the following code
>> i
>> check whether the user is logged in or not.
>> <?php
>> session_start();
>>
>> $_SESSION['myurl']=$_SERVER['PHP_SELF'];
>> if(!isset($_SESSION['student_username']) &&
>> !isset($_SESSION['student_password']))
>> header("Location: login.php");
>> ?>
>>
>> if the user is not logged in, it redirects to the login page
>> login.php
>> as is shown in the above code. now the user is allowed to log in
>> through the following code:
>>
>>
>> <?php
>> session_cache_limiter('private_no_expire');
>> session_set_cookie_params(0,"/","schools.zenrays.com");
>> session_start();
>> $auth=false;
>> ................
>> ................
>> ................
>>
>> if($auth){
>> $_SESSION["student_username"]=$Effectivelogin;
>> $_SESSION["student_password"]=$pass;
>> if(isset($_SESSION['myurl']))
>> header("Location:
>> http://schools.zenrays.com".$_SESSION['myurl']); else
>> header("Location: http://schools.zenrays.com/students");
>>
>> }
>>
>> it works fine in firefox and msn explorer. in internet explorer,
>> when
>> i visit to a
>> link in any page it asks for the login details again. could anyone
>> please help me out?!
>> regards,
>> sunaram
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

On Fri, November 11, 2005 12:06 pm, sunaram patir wrote:
>> > session_start();
> session_cache_limiter('private_no_expire');
> session_set_cookie_params(0,"/","schools.zenrays.com");
> when i call var_dump($_COOKIE), it returns null. i can't make out
> what's happening!

Is $_COOKIE NULL in the browsers that work, or just in IE?

If it's only in IE, then is IE configured to not accept Cookies from
your site, or perhaps never from 3rd-party sites, or perhaps Security
settings are preventing the Cookies from being accepted...

You can't force the User to accept your Cookies.

Perhaps consider using trans_sid in php.ini to embed the Session ID in
the URL instead of a Cookie.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

array(1) { ["PHPSESSID"]=> string(32)
"337a44c0d6c9ed3cf4ba4e97d707589e" } is returned by firefox on calling
var_dump($_COOKIE). NULL in ie.

On 11/11/05, Richard Lynch <ceol-i-e.com> wrote:
> On Fri, November 11, 2005 12:06 pm, sunaram patir wrote:
> >> > session_start();
> > session_cache_limiter('private_no_expire');
> > session_set_cookie_params(0,"/","schools.zenrays.com");
> > when i call var_dump($_COOKIE), it returns null. i can't make out
> > what's happening!
>
> Is $_COOKIE NULL in the browsers that work, or just in IE?
>
> If it's only in IE, then is IE configured to not accept Cookies from
> your site, or perhaps never from 3rd-party sites, or perhaps Security
> settings are preventing the Cookies from being accepted...
>
> You can't force the User to accept your Cookies.
>
> Perhaps consider using trans_sid in php.ini to embed the Session ID in
> the URL instead of a Cookie.
>
> --
> Like Music?
> http://l-i-e.com/artists.htm
>
>
>

attached mail follows:

On 11/11/05, Richard Lynch <ceol-i-e.com> wrote:
> On Fri, November 11, 2005 12:06 pm, sunaram patir wrote:
> >> > session_start();
> > session_cache_limiter('private_no_expire');
> > session_set_cookie_params(0,"/","schools.zenrays.com");
> > when i call var_dump($_COOKIE), it returns null. i can't make out
> > what's happening!
>
> Is $_COOKIE NULL in the browsers that work, or just in IE?
>
>
>
> Perhaps consider using trans_sid in php.ini to embed the Session ID in
> the URL instead of a Cookie.
>
Please look at http://schools.zenrays.com/phpinfo.php . trans_sid is on.

attached mail follows:

Try setting session.use_cookies to "Off" so PHP won't even try to use
Cookies.

On Fri, November 11, 2005 12:49 pm, sunaram patir wrote:
> On 11/11/05, Richard Lynch <ceol-i-e.com> wrote:
>> On Fri, November 11, 2005 12:06 pm, sunaram patir wrote:
>> >> > session_start();
>> > session_cache_limiter('private_no_expire');
>> > session_set_cookie_params(0,"/","schools.zenrays.com");
>> > when i call var_dump($_COOKIE), it returns null. i can't make out
>> > what's happening!
>>
>> Is $_COOKIE NULL in the browsers that work, or just in IE?
>>
>>
>>
>> Perhaps consider using trans_sid in php.ini to embed the Session ID
>> in
>> the URL instead of a Cookie.
>>
> Please look at http://schools.zenrays.com/phpinfo.php . trans_sid is
> on.
>

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

----- Original Message -----
From: "sunaram patir" <sunaramgmail.com>
To: <php-generallists.php.net>
Sent: Friday, November 11, 2005 5:31 AM
Subject: [PHP] php session in ie

Hi, i am having problem with internet explorer. i am working on a
project on building a website where i need to keep track of the users
i.e. i use a login system in there in short. with the following code i
check whether the user is logged in or not.
<?php
session_start();

$_SESSION['myurl']=$_SERVER['PHP_SELF'];
if(!isset($_SESSION['student_username']) &&
!isset($_SESSION['student_password']))
header("Location: login.php");
?>

if the user is not logged in, it redirects to the login page login.php
as is shown in the above code. now the user is allowed to log in
through the following code:

<?php
session_cache_limiter('private_no_expire');
session_set_cookie_params(0,"/","schools.zenrays.com");
session_start();

if(isset($_POST['submit'])){
  include("../database.inc");
  $login=trim($_POST['login']);
  $pass=trim($_POST['pass']);
  $Effectivelogin=strtoupper($login);
  $auth=false;
  $connection=mysql_connect($host,$user,$password);
  mysql_select_db($database,$connection);
  $query="SELECT password FROM students WHERE userID='$Effectivelogin'";
  $result=mysql_query($query);
  if(mysql_num_rows($result)){
       while($row=mysql_fetch_array($result))
  {

       if($row[0]!=$pass)
             echo ("Wrong Username/Password!");
        else
              $auth=true;
  }
  }

  if($auth){
        $_SESSION["student_username"]=$Effectivelogin;
        $_SESSION["student_password"]=$pass;
        if(isset($_SESSION['myurl']))
           header("Location:
http://schools.zenrays.com".$_SESSION['myurl']);
        else
           header("Location: http://schools.zenrays.com/students");

}

}
?>
<html>
<head>
<title>User Authentication</title>
</head>
<body>
<form method="post">
LoginID:
<input type="text" name="login"><br>
Password:
<input type="password" name="pass"><br>
<input type="submit" name="submit" value="Login">
</form>

</body>

</html>

then the user is redirected back to the page he visited. it workd fine
in firefox and msn explorer. in internet explorer, when i visit to a
link in any page it asks for the login details again. could anyone
please help me out?!

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Hello,

I used this article for sessions with success
http://www.sitepoint.com/article/users-php-sessions-mysql

Best regards,

Andras Kende
http://www.kende.com

attached mail follows:

if it's a risk then it's in my never get into the practice of doing this
category.
Passwords should always be used to verify and discarded. never saved in any
form which can be seen directly or decoded.

And true $_SESSION isn't a cookie.. however there are some systems that a
cookie is used like a session. in both cases I'd personally feel uneasy
storing a password like that.

On Friday 11 November 2005 12:23 pm, Richard Lynch wrote:
> He's not storing the password in a Cookies.
>
> He's storging it in a $_SESSION
>
> Which is still a Risk, especially on a shared server, but it's not
> necessarily in the category of "Never do this"
>
> On Fri, November 11, 2005 9:48 am, Stephen Leaf wrote:
> > For security.. *never* store the password in a cookie..
> > if you must... instead do some sort of encryption on it and some other
> > value
> > store that and use it for verification.
> >
> > On Friday 11 November 2005 05:43 am, sunaram patir wrote:
> >> Hi, i am having problem with internet explorer. i am working on a
> >> project on building a website where i need to keep track of the
> >> users
> >> i.e. i use a login system in there in short. with the following code
> >> i
> >> check whether the user is logged in or not.
> >> <?php
> >> session_start();
> >>
> >> $_SESSION['myurl']=$_SERVER['PHP_SELF'];
> >> if(!isset($_SESSION['student_username']) &&
> >> !isset($_SESSION['student_password']))
> >> header("Location: login.php");
> >> ?>
> >>
> >> if the user is not logged in, it redirects to the login page
> >> login.php
> >> as is shown in the above code. now the user is allowed to log in
> >> through the following code:
> >>
> >>
> >> <?php
> >> session_cache_limiter('private_no_expire');
> >> session_set_cookie_params(0,"/","schools.zenrays.com");
> >> session_start();
> >> $auth=false;
> >> ................
> >> ................
> >> ................
> >>
> >> if($auth){
> >> $_SESSION["student_username"]=$Effectivelogin;
> >> $_SESSION["student_password"]=$pass;
> >> if(isset($_SESSION['myurl']))
> >> header("Location:
> >> http://schools.zenrays.com".$_SESSION['myurl']); else
> >> header("Location: http://schools.zenrays.com/students");
> >>
> >> }
> >>
> >> it works fine in firefox and msn explorer. in internet explorer,
> >> when
> >> i visit to a
> >> link in any page it asks for the login details again. could anyone
> >> please help me out?!
> >> regards,
> >> sunaram
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
>
> --
> Like Music?
> http://l-i-e.com/artists.htm

attached mail follows:

Dear group

I tried to install php 4.3.11 on Linux Suse 6.4. I've installed bison and
flex in /usr/local/

When I run ./configure in my php-dir he tells me he can't find bison and
flex.

How can I solve this matter

Jurgen Campforts
Lichtaartsebaan 58
2460 Kasterlee
Tel: 0496/60.25.75
http://www.wandelmee.be

attached mail follows:

You might have to change the configure option from
with-bison=/usr/local/bison to with-bison=/usr or even with-bison=

Happens to me alot.

This would also be a better email for the PHP INSTALL list

On 11/11/05, Jurgen <ptagiwandelmee.be> wrote:
> Dear group
>
> I tried to install php 4.3.11 on Linux Suse 6.4. I've installed bison and
> flex in /usr/local/
>
> When I run ./configure in my php-dir he tells me he can't find bison and
> flex.
>
> How can I solve this matter
>
> Jurgen Campforts
> Lichtaartsebaan 58
> 2460 Kasterlee
> Tel: 0496/60.25.75
> http://www.wandelmee.be
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

attached mail follows:

Everything is installed, I already have a running PHP on my box but without
gd-support, now i wanted to add gd-support, so i builded gd with the proper
extensions (jpeg, png, etc), then i made make clean in the php-folder where
the source is, then the configure and it fails on bison and flex, strange
because it is installed

regards

Jurgen Campforts
Lichtaartsebaan 58
2460 Kasterlee
Tel: 0496/60.25.75
http://www.wandelmee.be
<http://www.scnoorderwijk.be>
****************************************************************************
********************************
In 2010 naar Compostella, of naar Rome? In ieder geval, ik ga naar het
zuiden.
****************************************************************************
********************************

-----Oorspronkelijk bericht-----
Van: Marco Kaiser [mailto:marco.kaisergmail.com]
Verzonden: vrijdag 11 november 2005 17:51
Aan: Jurgen
Onderwerp: Re: [PHP] Cannot find bison and Flex even when those are
installed

Hi,

> When I run ./configure in my php-dir he tells me he can't find bison and
> flex.

try to install also the dev packages and the automake and buildconf tools.

--
Marco Kaiser

attached mail follows:

Hi again,

Nothing of your ideas helped out.

mayby i'm not sure if this was right, but i performed followed command:
PATH=/usr/local/bin:$PATH

I installed bison, flex and all others in /usr/local/ so I put the bin-dir
in my path-var. Fired the whole configure-bunch again and it was up and
running.

-----Oorspronkelijk bericht-----
Van: Dan McCullough [mailto:dan.mcculloughgmail.com]
Verzonden: vrijdag 11 november 2005 18:04
Aan: Jurgen
Onderwerp: Re: [PHP] Cannot find bison and Flex even when those are
installed

Yes but if you haven't installed the dev packages then the libraries
that PHP needs isn't available. If you have installed the dev then
you should try the bison flag with only the = sign and no path.

On 11/11/05, Jurgen <ptagiwandelmee.be> wrote:
> Everything is installed, I already have a running PHP on my box but
without
> gd-support, now i wanted to add gd-support, so i builded gd with the
proper
> extensions (jpeg, png, etc), then i made make clean in the php-folder
where
> the source is, then the configure and it fails on bison and flex, strange
> because it is installed
>
> regards
>
> Jurgen Campforts
> Lichtaartsebaan 58
> 2460 Kasterlee
> Tel: 0496/60.25.75
> http://www.wandelmee.be
> <http://www.scnoorderwijk.be>
>
****************************************************************************
> ********************************
> In 2010 naar Compostella, of naar Rome? In ieder geval, ik ga naar het
> zuiden.
>
****************************************************************************
> ********************************
>
>
> -----Oorspronkelijk bericht-----
> Van: Marco Kaiser [mailto:marco.kaisergmail.com]
> Verzonden: vrijdag 11 november 2005 17:51
> Aan: Jurgen
> Onderwerp: Re: [PHP] Cannot find bison and Flex even when those are
> installed
>
>
> Hi,
>
> > When I run ./configure in my php-dir he tells me he can't find bison and
> > flex.
>
> try to install also the dev packages and the automake and buildconf tools.
>
> --
> Marco Kaiser
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

attached mail follows:

I'm not pretty sure, but I think I did this before running ./configure:

# export YACC=bison

Cheers.

Dan McCullough wrote:
> You might have to change the configure option from
> with-bison=/usr/local/bison to with-bison=/usr or even with-bison=
>
> Happens to me alot.
>
> This would also be a better email for the PHP INSTALL list
>
> On 11/11/05, Jurgen <ptagiwandelmee.be> wrote:
>
>>Dear group
>>
>>I tried to install php 4.3.11 on Linux Suse 6.4. I've installed bison and
>>flex in /usr/local/
>>
>>When I run ./configure in my php-dir he tells me he can't find bison and
>>flex.
>>
>>How can I solve this matter
>>
>>Jurgen Campforts
>>Lichtaartsebaan 58
>>2460 Kasterlee
>>Tel: 0496/60.25.75
>>http://www.wandelmee.be
>>
>>--
>>PHP General Mailing List (http://www.php.net/)
>>To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>

--
Gustavo Narea.
PHP Documentation - Spanish Translation Team.
Valencia, Venezuela.

attached mail follows:

would the approach be to use an iframe, and some sort of ajax code, to allow
the user to interact with the dialog/code within the iframe. keep in mind,
that the code within the iframe would be running on the remote server...

-bruce

-----Original Message-----
From: comex [mailto:comexkgmail.com]
Sent: Thursday, November 10, 2005 7:57 PM
To: php-generallists.php.net
Subject: Re: [PHP] a code question..??

> the app B server would then return a result, based on the user input...
i'm
> trying to figure out how to essentially allocate a section of the page, to
a
> remote application. after i've finished with the remote stuff, the user
> could go ahead and select other items/buttons on the page that are in the
> current environment

You could just use an iframe...

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

> would the approach be to use an iframe, and some sort of ajax code, to allow
> the user to interact with the dialog/code within the iframe. keep in mind,
> that the code within the iframe would be running on the remote server...

Sorry, I had forgotten the content of the original question. If what
you want is a login dialog, then it would probably be easiest to make
your own login form, then use CURL (or HttpClient
(http://scripts.incutio.com/httpclient/index.php), which doesn't
require anything external) like the other posters suggested when the
form is submitted, to pretend to be a person filling out app B's login
dialog.

attached mail follows:

On Thu, November 10, 2005 6:02 pm, bruce wrote:
> in your example, wouldn't app A, essentially download the code from
> app B,
> and run the source on app A? or would the code be run on app B, with
> the
> resulting html/content/page being transferred to app A?

Yes, but I've NEVER in this entire thread understood which server you
wanted to run the code in the first place...

If you want B to run the code, then just web-scrape the results.

If you want A to run the code, then have B deliver code to A to run.

You can do whichever one you want.

> would this be better if it were perhaps done as a soap client/server
> process... of course, the fact that the user's php would have to have
> the
> soap extensions installed would be an issue...

Which goes back to our earlier statement, that you've abstracted this
out so well, and left out so many details, that none of us really
understand what you're trying to do in the first place.

Which doesn't really matter:
Whichever one you want to do, you can do it.

If you want to add the overhead of SOAP and require B to have SOAP to
play with you, that's fine. If not, that's fine too.

I've been thinking about buying a new car. Which car should I buy?

This is the level at which you're asking us to help you, so it should
be no surprise our answer seems like it's just "Yes."

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

On Thu, November 10, 2005 7:41 pm, bruce wrote:
> +-------------------------------+
> | |
> | user |
> | 'sub_btn' |
> | |
> | |
> | |
> | |
> | blah |
> | blah |
> | blah |
> | |
> | |
> | |
> +-------------------------------+
>
> in this example, the user/sub_btn is generated from the app B
> server/system.

Presumably blah, blah, blah is on A, right?...

> the user would then fill in the 'user' and hit the 'sub_btn', causing
> the
> information to be sent back to the app B server.
>
> the app B server would then return a result, based on the user
> input... i'm
> trying to figure out how to essentially allocate a section of the
> page, to a
> remote application. after i've finished with the remote stuff, the
> user
> could go ahead and select other items/buttons on the page that are in
> the
> current environment

> i'm not sure what's the best approach to this...

How much do you trust the remote applications?

How much power do you need to give them for them to be able to
generate the correct output for their space allocated to them?

How much data needs to transfer for them to know what content to
generate?

How much content will the be generating?

How flexible will this need to be for A and B content decisions?

What sort of volume of traffic are you looking at?

Until we know more, our answer remains:
"Yes, you can do this any number of ways, depending on what you want
to do"

You can web-scrape, you can SOAP, you can RPC, you can require source
code back and forth, you can get the elves to do all the work for you.

We don't know which way you want to go with this either, because we
don't know any of the parameters that affect the decisions, much less
know what you're actually trying to do.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

On Fri, November 11, 2005 4:57 am, tony yau wrote:
> I have a server process that sends fax,print, etc (both in C# and in
> Java).
> Currently it polls says the fax table in the database for any fax
> jobs.
>
> How can I get my PHP script to call or notify these services directly
> so not
> having to wait for the next poll.
> I can't open a socket to the server vai the PHP so what mechanism do I
> use?

Why can't you open a socket to the server?
http://php.net/fsockopen

If you really can't do that, then just make it poll more often, I
guess, so the wait time is insignificant.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

On Thu, November 10, 2005 6:44 pm, Ezra Nugroho wrote:
> $array1 = array_merge ($array1, $array2);
>
> So far the code gives me what I want. However, suppose if $array1 is
> extremely huge, am I introducing a bug here because of possible race
> condition? It's possible that array_merge has two write something to
> $array1 (left hand side) before it even finishes reading it (argument)
> in the first place. Let alone merging the two.

The assignment operator (=) computes the right-hand side completely
before putting its value in the left-hand side.

Your large arrays might get dumped to swap on the hard drive and burn
pits into the platters, and they might thrash the CPU until it catches
on fire, but there's no race condition in this statement.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

It is a good idea to check for errors, like this:

mysql_query($add_to_db) or die('Error inserting SQL data at ' . __LINE__ . '
<br/>' . $add_to_db .'<br/>' . mysql_error());

If there is no error (non-null return value from mysql_query()) the
expresion after the OR does even get looked at, since (TRUE or whatever) is
TRUE so it doesn't even bother to check 'whatever'. If the first evaluates
as FALSE (in this case null) then it needs to evaluate the part after the
OR, which is irrelevant in this case since it will die.

""Stewart Priest"" <smileystewartpriest.com> wrote in message
news:003001c5e561$f882fe90$0201a8c0stewartpriest.com...
Hi folks... a bit of a newbie question I'm afraid...

I've written this script shown below. It gets its variables from a form, and
then it (supposedly!) writes these values into a MySQL table ('invoices').

The script executes with no errors, but when I check the table, the table is
still empty. I can manually insert the data directly into the table, and
when I echo the variables in the script, the values are displayed whe I run
it, but for reasons unknown, the values are not written to the table.

Any ideas? The code is below.

Many thanks.
Stewart

<?php

// this opens the connection to the db
include 'library/opendb.php';

// this adds detals to the invoice table
$item1_desc = $_REQUEST['item1_desc'];
$item2_desc = $_REQUEST['item2_desc'];
$item3_desc = $_REQUEST['item3_desc'];
$item4_desc = $_REQUEST['item4_desc'];
$item1_cost = $_REQUEST['item1_cost'];
$item2_cost = $_REQUEST['item2_cost'];
$item3_cost = $_REQUEST['item3_cost'];
$item4_cost = $_REQUEST['item4_cost'];
$delivery_cost = $_REQUEST['delivery_cost'];

$add_to_db = "insert into invoices (item1_desc, item1_cost, item2_desc,
item2_cost, item3_desc, item3_cost, item4_desc, item4_cost, delivery_cost)
values ('$item1_desc', '$item1_cost', '$item2_desc', '$item2_cost',
'$item3_desc', '$item3_cost', '$item4_desc', '$item4_cost',
'$delivery_cost')";
mysql_query($add_to_db);

attached mail follows:

On Thu, November 10, 2005 11:15 pm, Curt Zirzow wrote:
> <?php
>
> $sql_quoted = array(); // shiflett' -- style
>
> $myFieldValue = isset($POST['myFieldValue'])? $_POST['myFieldValue']:
> '';
>
> if (strlen(trim($myFieldValue)) {
> $sql_quoted['myField'] = "'" .
> mysql_real_escape_string($myFieldValue) . "'";
> } else {
> $sql_quoted['myField'] = 'NULL';
> }

I personally would do this part all in one shot:

$field = (isset($_CLEAN['field']) && strlen($_CLEAN['field'])) ?
"'$_CLEAN[field]" : 'NULL';

Otherwise, I find myself too distracted by all the assignments and
if/else logic, and too likely to mess them up later with code changes
in earlier/later lines.

Note that you already have the apostrophes in $field for non-NULL, so
you would just do:

$query = "insert into foo (field) values($_CLEAN[field])";

with no apostrophes

$_CLEAN represents an escaped and filtered string, or an unset index,
if nothing was in $_POST to start with. Or you can just use the empty
string '' in $_CLEAN if you find that easier to process.

More than one way to skin a cat.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

I am new to PHP and am trying to learn how it works.

We have a PHP program that is using MySQL. We are wanting to use our Oracle database instead. The Oracle database is on a different server that our PHP program. Does any one know how I can change connections from MySQL to Oracle?

We have this line in our dba.php.......
$tli_connection = dbconnect($dsn, $user, $pass);

In our config.php we have the following that defines the above............
        $dsn = "some.where.com"; // MySQL hostname (somethingsomewhere.someextension)
        $user = "MYSQL USER NAME GOES HERE"; // Username with sufficient rights to the DB - need update, select, delete, insert only
        $pass = "MYSQL PASSWORD FOR ABOVE USER"; // Password for the above user

Thanks

Jan Smith
Systems Analyst
Indiana State University
Terre Haute, Indiana
Phone: (812) 237-8593
Email: jsmith7isugw.indstate.edu

attached mail follows:

[snip]
I am new to PHP and am trying to learn how it works.

We have a PHP program that is using MySQL. We are wanting to use our Oracle
database instead. The Oracle database is on a different server that our PHP
program. Does any one know how I can change connections from MySQL to
Oracle?

We have this line in our dba.php.......
$tli_connection = dbconnect($dsn, $user, $pass);

In our config.php we have the following that defines the above............
        $dsn = "some.where.com"; // MySQL hostname
(somethingsomewhere.someextension)
        $user = "MYSQL USER NAME GOES HERE"; // Username with sufficient
rights to the DB - need update, select, delete, insert only
        $pass = "MYSQL PASSWORD FOR ABOVE USER"; // Password for the above
user
[/snip]

The first place is to look in the manual http://www.php.net/oracle

For a connection; http://us3.php.net/manual/en/function.ora-plogon.php

attached mail follows:

On Friday 11 November 2005 19:21, Janet Smith wrote:
> I am new to PHP and am trying to learn how it works.
>
> We have a PHP program that is using MySQL. We are wanting to use our Oracle
> database instead. The Oracle database is on a different server that our PHP
> program. Does any one know how I can change connections from MySQL to
> Oracle?
>
[..]
>
>
> Thanks

Hi,
have a look at http://de3.php.net/manual/en/ref.oci8.php

Greets Boerni

attached mail follows:

On Friday 11 November 2005 19:29, Bernhard Janetzki wrote:
> On Friday 11 November 2005 19:21, Janet Smith wrote:
> > I am new to PHP and am trying to learn how it works.
> >
> > We have a PHP program that is using MySQL. We are wanting to use our
> > Oracle database instead. The Oracle database is on a different server
> > that our PHP program. Does any one know how I can change connections from
> > MySQL to Oracle?
>
> [..]

Hi,
have a look at http://de3.php.net/manual/en/ref.oci8.php

Greets Boerni

attached mail follows:

Richard Lynch wrote:
> On Thu, November 10, 2005 3:29 pm, GamblerZG wrote:
>
>>>IMO, the best way is to re-generate SIDs on each request, but such
>>>method will decrease perfomance of a script.
>
> But if Cookies are off, you just destroyed their "Back" button in
> their browser, which should be a crime.

Call me evil, but I prefer not to use GET-based sessions (after seing at
least 3 websites hacked because of that stuff), so users without cookies
can't login anyway.

attached mail follows:

I have this that looks like this

array(3) {
  [0]=>
  array(2) {
    [0]=>
    string(1) "1"
    [1]=>
    string(1) "2"
  }
  [1]=>
  array(2) {
    [0]=>
    string(3) "492"
    [1]=>
    string(3) "211"
  }
  [2]=>
  array(2) {
    [0]=>
    string(2) "11"
    [1]=>
    string(2) "20"
  }
}

I want to loop through so I can get and print "1","492","11" and
"2","211","20" What is the best way to do this? I suck with arrays and
I can't get my looping right.

Thanks for your help anybody!

attached mail follows:

Here's a few loops that should work. You can actually just use the
first loop to concatenate text string instead create array items, but
I wasn't sure what type of processing you wanted to do with the result.

//Convert Array from 3 rows by 2 cols -> 2 rows by 3 cols
for($i=0; $i<count($mainArray); $i++ ) {
     for ( $x=0; $x<count($mainArray[$i]); $x++ ) {
         $resultArray[$x][] = $mainArray[$i][$x];
     }
}

Resulting Array
Array
(
     [0] => Array
         (
             [0] => 1
             [1] => 492
             [2] => 11
         )

     [1] => Array
         (
             [0] => 2
             [1] => 211
             [2] => 20
         )
)

//Convert array items to text string with "," separator
for($i=0; $i<count($resultArray); $i++) {
$resultArray[$i] = '"'.implode('","',$resultArray[$i]).'"';
}

Resulting Array:
Array
(
[0] => "1","492","11"
[1] => "2","211","20"
)

On Nov 11, 2005, at 3:25 PM, cybermalandro cybermalandro wrote:

> I have this that looks like this
>
> array(3) {
> [0]=>
> array(2) {
> [0]=>
> string(1) "1"
> [1]=>
> string(1) "2"
> }
> [1]=>
> array(2) {
> [0]=>
> string(3) "492"
> [1]=>
> string(3) "211"
> }
> [2]=>
> array(2) {
> [0]=>
> string(2) "11"
> [1]=>
> string(2) "20"
> }
> }
>
> I want to loop through so I can get and print "1","492","11" and
> "2","211","20" What is the best way to do this? I suck with arrays and
> I can't get my looping right.
>
> Thanks for your help anybody!
>

--
Brent Baisley
Systems Architect
Landover Associates, Inc.
Search & Advisory Services for Advanced Technology Environments
p: 212.759.6400/800.759.0577

attached mail follows:

I have a feature request (and I'm a bit disappointed that this isn't already
in the DOMDocument, when there are nearly useless methods like
"normalize()")... Ruby has this built in. xmllint has the --format
parameter. But yet PHP's DOMDocument has no way of cleaning up the code.

Could someone please make a method in PHP v5.x to format the XML. After
adding/deleting nodes, the XML gets fairly messy. Ideally it would have an
offset character position to start the indent (default of 0 or left margin),
and a parameter for how many spaces to use for each indentation (default of
say 4 or 5 (same as a tab)).

You could just make this optional parameters to saveXML(), but I think it's
more flexible to have a DOMDocument->format(offset,spaces);

attached mail follows:

Daevid Vincent wrote:
> I have a feature request (and I'm a bit disappointed that this isn't already
> in the DOMDocument, when there are nearly useless methods like
> "normalize()")... Ruby has this built in. xmllint has the --format
> parameter. But yet PHP's DOMDocument has no way of cleaning up the code.
>
> Could someone please make a method in PHP v5.x to format the XML. After
> adding/deleting nodes, the XML gets fairly messy. Ideally it would have an
> offset character position to start the indent (default of 0 or left margin),
> and a parameter for how many spaces to use for each indentation (default of
> say 4 or 5 (same as a tab)).
>
> You could just make this optional parameters to saveXML(), but I think it's
> more flexible to have a DOMDocument->format(offset,spaces);

You mean like calling $doc->formatOutput = TRUE; prior to save?

Rob

attached mail follows:

Holy Shit! Yes. That's awesome!

"You had me at EHLO" --E.Webb (10.04.05)

> -----Original Message-----
> From: Rob Richards [mailto:rrichardsphp.net]
> Sent: Friday, November 11, 2005 1:41 PM
> To: Daevid Vincent
> Cc: php-generallists.php.net
> Subject: Re: REQ: DOMDocument needs a way to format XML code
>
> Daevid Vincent wrote:
> > I have a feature request (and I'm a bit disappointed that
> this isn't already
> > in the DOMDocument, when there are nearly useless methods like
> > "normalize()")... Ruby has this built in. xmllint has the --format
> > parameter. But yet PHP's DOMDocument has no way of cleaning
> up the code.
> >
> > Could someone please make a method in PHP v5.x to format
> the XML. After
> > adding/deleting nodes, the XML gets fairly messy. Ideally
> it would have an
> > offset character position to start the indent (default of 0
> or left margin),
> > and a parameter for how many spaces to use for each
> indentation (default of
> > say 4 or 5 (same as a tab)).
> >
> > You could just make this optional parameters to saveXML(),
> but I think it's
> > more flexible to have a DOMDocument->format(offset,spaces);
>
> You mean like calling $doc->formatOutput = TRUE; prior to save?
>
> Rob
>
>
>

attached mail follows:

$theFile = fopen("docs/InstallationInstructionMaster.txt", "r") || die;

while(!feof($theFile)){
$theLine = fgets($theFile, 4096);
echo $theLine . "<br>\n";
}
fclose($theFile);

The above code appears to work, but all that is output is lines of line
breaks....no data. The file is a tab delimited test file;

Form Number Date / Rev Description Controlled by Engineering
Controlled by R&D Controlled by Marketing Located on Thermon.com Copy
Located in Shipping Copy Located in Mfg

Installation Instructions - Heating Cables / Industrial

PN50207 0802 Electric Heat Tracing Installation Procedures
X X X
TEP0066 0800 Electric Heat Tracting Maintenance & Troubleshooting Guide
X X X
TMP0006 0901 Electrical Safety Precautions for Electric Heat Tracing

10A024 1002 Instal Inst. MI Mineral Insulated Heating Cable w/ SS Tie
Wire
MIQFAB 0802 Field Testing Procedures for MI Trace Heating Cable

Am I missing something other than an ice cold beer?

attached mail follows:

Jay Blanchard wrote:
> $theFile = fopen("docs/InstallationInstructionMaster.txt", "r") || die;

I'm not sure if it would make any difference, but I usually use "or" in
this case rather than "||", and I know they have different operator
precedence.

> while(!feof($theFile)){
> $theLine = fgets($theFile, 4096);
> echo $theLine . "<br>\n";
> }
> fclose($theFile);
>
> The above code appears to work, but all that is output is lines of line
> breaks....no data. The file is a tab delimited test file;
>[snip]
> Am I missing something other than an ice cold beer?

Well, it's a pretty model example of a line-by-line file read. I can't
see anything wrong with it, so perhaps the problem lies elsewhere.
There's no other files with the same name in your include_path?

Maybe something to do with auto_detect_line_endings or whatever it's
called, in php.ini? (I know, probably a long shot.)

attached mail follows:

[snip]
Well, it's a pretty model example of a line-by-line file read. I can't
see anything wrong with it, so perhaps the problem lies elsewhere.
There's no other files with the same name in your include_path?

Maybe something to do with auto_detect_line_endings or whatever it's
called, in php.ini? (I know, probably a long shot.)
[/snip]

The output now looks like....
Array
(
    [0] =>
)
Array
(
    [0] =>
)
Array
(
    [0] =>
)

based on the following code;

$theFile = fopen("docs/InstallationInstructionMaster.txt", "rb") || die;

while(!feof($theFile)){
        $theLine = fgets($theFile);
        $lineArray = explode("\t", $theLine);
        print_r($lineArray);
}
fclose($theFile);

It appears that something is getting read, but what?

attached mail follows:

Jay Blanchard wrote:
> [snip]
> Well, it's a pretty model example of a line-by-line file read. I can't
> see anything wrong with it, so perhaps the problem lies elsewhere.
> There's no other files with the same name in your include_path?
>
> Maybe something to do with auto_detect_line_endings or whatever it's
> called, in php.ini? (I know, probably a long shot.)
> [/snip]
>
> The output now looks like....
>[snip]
> based on the following code;
>
> $theFile = fopen("docs/InstallationInstructionMaster.txt", "rb") || die;
>
> while(!feof($theFile)){
> $theLine = fgets($theFile);
> $lineArray = explode("\t", $theLine);
> print_r($lineArray);
> }
> fclose($theFile);
>
> It appears that something is getting read, but what?

Blank lines. Just to see if the problem is fgets(), try this:

// Left off the "b" because it ain't binary :)
$theFile = file_get_contents( "docs/InstallationInstructionMaster.txt",
"r" ) or die;
$lines = explode( "\n", $theFile );

foreach( $lines as $line ) {

$line = explode( "\t", $line );
print_r( $line );

}

attached mail follows:

I've always used:

fopen("C:\\dir\\dir\\file.txt");

on windows, I'm not sure how PHP interprets the slashes internally
though...

Nate Tobik
(412)661-5700 x206
VigilantMinds

> $theFile = fopen("docs/InstallationInstructionMaster.txt", "rb") ||
die;

attached mail follows:

[snip]
Blank lines. Just to see if the problem is fgets(), try this:

// Left off the "b" because it ain't binary :)
$theFile = file_get_contents( "docs/InstallationInstructionMaster.txt",
"r" ) or die;
$lines = explode( "\n", $theFile );

foreach( $lines as $line ) {
$line = explode( "\t", $line );
print_r( $line );
}
[/snip]

That works, as does the following;

$lines = file('docs/InstallationInstructionMaster.txt');

foreach ($lines as $line){
echo $line . "<br />\n";
}

So, I am perplexed. fgets() seems to have a problem of some sort. Any clues?
Not that what I want to do requires fgets(), just curious now as I will use
one of the other two methods.

attached mail follows:

Richard Lynch wrote:
> Suppose PHP had a superglobal $_CLEAN which was an empty array.

This seems like a decent idea, for two reasons:

1. Developers don't have to remember to initialize their array, which
offers some protection. PHP can do this for them.

2. Variable scope issues are not a concern. Currently, using this
technique within functions and classes is clumsy at best.

However, most security issues like XSS and SQL injection aren't really
input filtering problems. Often, input filtering can effectively
eliminate these vulnerabilities (and there's no excuse to not be
filtering input), but escaping addresses the root cause of the problem.
For example:

<?php

header('Content-Type: text/html; charset=UTF-8 ');
echo htmlentities($_GET['foo'], ENT_QUOTES, 'UTF-8');

Although this example demonstrates a lack of input filtering, it does
not demonstrate a cross-site scripting (XSS) vulnerability.

The problem is that input is a lot easier to manage, because data is
clearly identifiable as such. Output is a completely different story,
because what's considered data and what isn't depends upon the context,
and only the developer really knows:

<?php

$first_name = 'Chris';
$last_name = 'Shiflett';
$city = 'New York';
$state = 'NY';

$name = "<b>$first_name $last_name</b>";
$location = "<i>$city, $state</i>";

echo "<p>My name is $name, and I live in $location.</p>";

If you think of this example from the perspective of echo, it's
difficult to tell what part of the string is meant to be only data. In
this case, the data is Chris, Shiflett, New York, and NY. The HTML tags
are meant to be interpreted. As the developer, that's easy for me to
know, but it's hard to make this easier to keep up with. At best, any
solution requires developers to declare their intent somehow.

In the past, I've recommended simple naming conventions like Ben
demonstrated earlier. These work well, but it takes a good bit of
discipline. Now I'm trying to think of something better. I've also been
looking around at other languages and frameworks, and I haven't found an
elegant solution (meaning, they all require clumsy syntax or just as
much discipline).

> What does Chris Shiflett use to validate an email? Enquiring
> minds want to know! :-)

I'm afraid I'll only disappoint you. :-)

I'm pretty lenient with email addresses and use the pattern from the PHP
Cookbook (David Sklar and Adam Trachtenberg). I usually modify it to not
allow angled brackets, since I don't know any email address that has
those (but, they're probably OK as far as the spec goes).

I rely on escaping to protect against things like XSS and SQL injection,
so the filtering just gives me reasonable assurance that the email
address looks right and has a good chance of being a real email address.
I always send something (password, token, etc.) to an email address if I
care to make sure it works.

Chris

--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/

attached mail follows:

Chris Shiflett wrote:
> I'm pretty lenient with email addresses and use the pattern from the PHP
> Cookbook (David Sklar and Adam Trachtenberg). I usually modify it to not
> allow angled brackets, since I don't know any email address that has
> those (but, they're probably OK as far as the spec goes).

I always try to enter my email address like this when asked for it on a
form:

Jasper Bryant-Greene <jasperalbum.co.nz>

That is a perfectly valid (according to RFC822) email address. Those
that do bother to validate usually spit it out as invalid.

Just to demonstrate that it's not quite as simple as it might first
appear :)

Jasper

attached mail follows:

What is the purpose of sessions extension?

The reason I ask is because learning to deal with all its functions, ini
options and quirks took me _much_ more time than writing pure-php
replacement. (That is, without using session_set_save_handler().)

attached mail follows:

GamblerZG wrote:
> What is the purpose of sessions extension?
>
> The reason I ask is because learning to deal with all its functions, ini
> options and quirks took me _much_ more time than writing pure-php
> replacement. (That is, without using session_set_save_handler().)

I realise that yours might be a special case, but for most situations I
have only had to do session_start() and then simply used $_SESSION as if
it were any other array with the simple difference that it persists
across requests. When done with the session, use session_destroy() if
you feel the need.

I'm not sure how that could be harder than writing a pure-PHP
replacement for the session extension...

attached mail follows:

Curt Zirzow wrote:
> There is a pecl extension that you can register, custom
> superglobals although it comes with some extra stuff as well:
> http://php.net/runkit

I wish it would be a part of core distribution. Would be extremely useful.

attached mail follows:

I have session code which written WindowsXP and It wotk properly as expected, but when I'm used in Windows 2K, it got error as;
Notice: Undefined index: loginMessage in C:\CentralData\forms\mainForm.php on line 65
I'am used Apache 2.0 and PHP 5.0.4.
Is php.ini setting on W2K different with XP

Thxs in advance
bgs

attached mail follows:

There's no code. You need to put your code in the Email so we can see it...

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]