NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > PHP Discussion Digest> 2006-04

php-general Digest 21 Apr 2006 23:36:57 -0000 Issue 4085

php-general-digest-helplists.php.net
Date: Fri Apr 21 2006 - 18:36:57 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

php-general Digest 21 Apr 2006 23:36:57 -0000 Issue 4085

Topics (messages 234472 through 234539):

Re: no offense to Rasmus... are you kidding me
234472 by: Ryan A
234481 by: Jay Blanchard

Re: Session contamination?
        234473 by: Ben Liu
        234474 by: Ben Liu
        234524 by: Richard Lynch
        234532 by: Richard Lynch

performance criteria on DEFINE()
        234475 by: Andy
        234477 by: Jochem Maas
        234489 by: Andy
        234515 by: Richard Lynch

forms and variables?
        234476 by: William Stokes
        234478 by: Jay Blanchard
        234480 by: Jochem Maas
        234484 by: tedd
        234514 by: Richard Lynch

Re: FQDN of the server thru CLI
234479 by: Edin Kadribasic

Re: PHP6 just became my worst nightmare.
234482 by: Derick Rethans
234535 by: Jochem Maas

asociative array syntax
234483 by: Merlin
234493 by: Rafael

Export data with PHPMyAdmin
        234485 by: William Stokes
        234486 by: William Stokes
        234487 by: Jochem Maas
        234494 by: Duffy, Scott E

Re: Creating an OO Shopping Cart
        234488 by: Martin Alterisio
        234490 by: Nicolas Verhaeghe
        234520 by: Richard Lynch
        234521 by: Richard Lynch
        234522 by: Stut
        234526 by: Richard Lynch
        234527 by: Nicolas Verhaeghe
        234530 by: Nicolas Verhaeghe
        234538 by: Robert Cummings

Re: Form to page force download
        234491 by: Rafael
        234505 by: Peter Lauri
        234517 by: Richard Lynch

Re: Passing Form As Argument
        234492 by: tedd
        234518 by: Richard Lynch
        234528 by: Nicolas Verhaeghe
        234537 by: Richard Lynch

strange php url
        234495 by: nicolas figaro
        234496 by: tg-php.gryffyndevelopment.com
        234500 by: Kevin Kinsey
        234501 by: Joe Wollard
        234503 by: tg-php.gryffyndevelopment.com
        234507 by: Joe Wollard
        234508 by: tg-php.gryffyndevelopment.com
        234512 by: Richard Lynch
        234513 by: Richard Lynch

Preg_match() regex
        234497 by: Jeff
        234499 by: Joe Henry
        234502 by: Rafael
        234511 by: Richard Lynch

Validating XML
234498 by: Brad Bonkoski

Re: PDF to Text
234504 by: Ray Hauge
234506 by: Al

unexpected T_NEW on object property
        234509 by: Paul Barry
        234510 by: Richard Lynch
        234531 by: Jochem Maas
        234539 by: M. Sokolewicz

permissions
        234516 by: Benjamin Adams
        234519 by: Stut
        234525 by: Jon Anderson
        234529 by: Richard Lynch

Re: How to add on libPDF to php
234523 by: Richard Lynch

Re: any better way...
234533 by: Richard Lynch

Re: Linebreak
234534 by: Richard Lynch
234536 by: Jochem Maas

Administrivia:

To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net

To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net

To post to the list, e-mail:
php-generallists.php.net

----------------------------------------------------------------------

attached mail follows:

> You guys make me laugh... :)

:-)

> (And I really actually mean that in a nice way...
> that last bit was
> quite funny. And yes, size does matter... some don't
> like it _too_
> big.)

Damn, just my luck....

:-D

> As far as AJAX is concerned: yeah, it's a bitch.
> I've gotten it to
> work pretty cleanly in a newer project of mine with
> little
> discrepencies, and, hopefully, if what I've been
> doing is good enough,

You might want to wait a bit and then check out
weberdev as Tedd from the list has written quite a
sweet ajax ("mini-framework"?) that he has been kind
enough to share with me when I was experimenting with
ajax, you can either write to him and _request him to
give you some sample code or wait a bit as he told me
he's going to submit it to weberdev soon.

As for writing your opinions, I say go for it, but
remember that you will get responses to it...some that
you may like and..well, you kind of know the rest :-D

One suggestion, if you are going to write articles
like the last one (which personally I didnt go for
either - putting it mildly ;-) ) please put it on a
page where people can comment directly under it so it
wont be like this original thread and this sub-thread
which is so far OT ,flaming etc, I for one would
appreciate that.

My two cents..

Mvh,
-Ryan

------
- The faulty interface lies between the chair and the keyboard.
- Creativity is great, but plagiarism is faster!
- Smile, everyone loves a moron. :-)

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

attached mail follows:

[snip]
it's about our philosophies.
[/snip]

Too bad your article didn't reflect that as well as you might have
liked. And Web 2.0 is a label, the underlying philosophy has been there
for years (before you ever got Dreamweaver to write your first line of
HTML for you). Ajax is a label for a loose group of tools some cat wrote
about a couple of years ago. Agile development is a label (just as
Extreme Programming is) to describe a quicker turn-around from concept
to working application that cuts out several steps that will be "handled
later". Your disjointed article does a disservice to any philosophy or
tool mentioned within it.

Those of us who have been doing this for a while (some for decades) have
examined and re-examined our philosophies so many times it would curl
the peach fuzz on your baby-fatted butt.

Dude, you're 20 years old and quite frankly wet behind the ears. You
have brilliant potential (as I have said before after reviewing Canvas)
but you have a long way to go.

P.S. For those of you who wanted this off-list just don't read it. You
know what the subject is.

attached mail follows:

Ach, correction: "Chuck is correct here." = "*Richard* is correct here."

No morning coffee yet, sorry.

- Ben

On Apr 20, 2006, at 7:22 PM, Richard Lynch wrote:

> On Thu, April 20, 2006 1:46 pm, Ben Liu wrote:
>> After a bit more research, I think I understand why Jochem recommends
>> use of session_save_path() rather than just naming each session
>> differently. The former method provides more security as you can set
>> the location where session cookies are stored. This will help prevent
>> an attacker from gaining access to session information and then using
>> it to gain inappropriate access to the application the session was
>> created for or even other applications running on the same shared
>> server. Anyway, I think that's why.
>
> ::Possible False Sense Of Security Alert::
>
> If a Bad Guy can read the session data, moving it to a different
> directory is probably not going to help, really...
>
> Unless you are running with different Usernames for each client on
> your shared server, using FastCGI + suexec or some similar method, the
> cookie files are STILL just as readable by the same Bad Guys, using
> the same methods. They just have to change their to:
> <?php $path = "/other/path/to/other/cookies";?>
> before they start their damage.
>
> There may well be other GREAT reasons for using a different save path,
> or a different path for the Cookie, or session_name over each other,
> but I don't think Security is the reason behind any of the choices.
>
> I'd personally use ini_set as the last choice because it's remotely
> possible that the setting can't be changed from within a script, as a
> few are like that -- Or, worse, that they can be changed today, but
> in, say PHP 6 or PHP 7, they won't be for some obscure reason we
> cannot predict today.
>
> session_name() seems less likely to just disappear completely as a
> feature than a "minor" change to a php.ini setting and where it is
> allowed.
>
> But that's just my paranoid logic. :-)
>
> --
> Like Music?
> http://l-i-e.com/artists.htm
>
>

attached mail follows:

Hi Chuck,

Glad this discussion has been of use to you. I can't help much with
where your /tmp directory might be. if you echo session_save_path()
it should tell you where your session cookies are being saved to on
your server.

I have read recommendations that you set a different path for the
cookies using session_save_path(), and yes they recommend some place
within your home directory structure. The problem this creates is in
garbage collection. The standard *nix cron jobs will clear everything
out of /tmp on a regular basis whereas some directory you create will
not be subject to this regular housekeeping unless you write some
script to do it or create a custom cron job.

My interpretation of managing this problem, at this point is:

If you are on a shared server and have an application or applications
that have sensitive data and require an adequate level of security,
you should move the session cookies somewhere away from /tmp and
dealing with the garbage collection issues. Alternatively, perhaps
you shouldn't be using shared hosting or you could encrypt the
sessions cookies somehow.

If you are on a shared server and don't have sensitive data, changing
the session name should be enough to prevent cross-contamination of
session variables.

I'm still reading/learning so if I'm wrong, someone else please jump in.

- Ben

On Apr 21, 2006, at 12:05 AM, Chuck Anderson wrote:

> This has been a very interesting discussion, as I have had the same
> "problem," but never thought much about the fact that I could do
> anything about it.
>
> As to session save path, when I run phpinfo (at my remote Linux
> server) it tells me that it is set to "no value." This means it
> would default to /tmp. Where is this tmp directory? I have looked
> at the tmp directory that is one level above my site's www
> directory (outside of the web space), but I do not see any session
> data there. That's why I am asking if it is a system wide
> directory, or is it the one in my home directory.
>
> If I set the path myself, what would be a good location? (I assume
> it should be outside the web space). Should I make up some random
> folder name (one time) and story my session data within that
> directory, within my own home directory?
>
> Ben Liu wrote:
>
>> Hello All,
>>
>> I'm using a single development server to host multiple client
>> projects, many of which require session management. I've noticed that
>> sometimes when I test these various web apps (which are simply in
>> separate sub directories) I get session leakage where logging in and
>> establishing a session on one app allows me access to (automatically
>> logs me in) to other app(s) on the same server. Or sometimes a
>> session
>> variable will be set across all the apps, like $_SESSION['username'].
>>
>> Is this due to the fact that sessions are established between client
>> browsers and servers, regardless of directory/sub directory?
>>
>> What is the best way to avoid/prevent this problem? Should I be using
>> specific Session ID's or Session names?
>>
>> Thanks for any help,
>>
>> - Ben
>>
>
>
> --
> *****************************
> Chuck Anderson • Boulder, CO
> http://www.CycleTourist.com
> Integrity is obvious.
> The lack of it is common.
> *****************************
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

attached mail follows:

On Thu, April 20, 2006 11:05 pm, Chuck Anderson wrote:
> As to session save path, when I run phpinfo (at my remote Linux
> server)
> it tells me that it is set to "no value." This means it would default
> to
> /tmp. Where is this tmp directory? I have looked at the tmp directory
> that is one level above my site's www directory (outside of the web
> space), but I do not see any session data there. That's why I am
> asking
> if it is a system wide directory, or is it the one in my home
> directory.

It is what you are calling a "system wide directory"

It is named /tmp and it is at the very tip-top of your directory
structure.

Actually, it doesn't HAVE to be called /tmp nor does it HAVE to be at
the tip-top directory. It doesn't even HAVE to be on the same hard
drive as your home directory. Hell, it might even be on a RAM disk on
some souped-up machines. In Windoze, it might be called C:/temp Or
not. But who cares about Windows anyway? Still, it's usually /tmp at
the tip-top, and your post indicates that you probably have some
indicator that that is true.

From a shell (or php exec) you should be able to do:
ls /
and see '/tmp' in the output.

You may even be able to do:
ls /tmp
and see what is in there.

Or you might not, as you might not have permission to poke around in
there. And that's a Good Thing.

Hopefully, whatever *IS* in there, you can't view all of it.

tmp directories are handled specially by the operating system.

The exact rules differ from OS to OS and configuration to
configuration, but for starters, you should generally assume that
anything in /tmp is subject to being wiped out when the machine
reboots. It might not be set up that way, but it's safer to assume it
is, because it might be.

Access to tmp directories is often handled as a special case, to allow
users that normally have no access to the file system at all, to be
allowed to make/delete tmp files.

> If I set the path myself, what would be a good location? (I assume it
> should be outside the web space). Should I make up some random folder
> name (one time) and story my session data within that directory,
> within
> my own home directory?

Your best bet, if possible, is to use s sub-directory of /tmp for
yourself, or for each application, or for whatever you want to
separate from the rest of /tmp

This will keep your stuff separate, but you still enjoy all the
benefits of system tmp directory behaviour.

Unless, of course, you specifically WANT your sessions to survive a
re-boot for some reason, and you are willing to take care of lingering
sessions and the permissions gotchas of rolling your own...

Think long and hard before doing this, as there are subtle permissions
things involved (either way you go) that you don't want to overlook.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

On Fri, April 21, 2006 6:28 am, Ben Liu wrote:
> Yes, Chuck is correct here. The security issue I raised has to do
> with multiple users on the same shared server, which is how some
> hosting companies manage their clients. Each user may have a
> different home directory and has separation from other users,
> however, usually the same /tmp directory is used to store all the
> session cookies for all the users on the server. By running a simple
> script in your area you can read all the sessions managed by the
> server including sessions generated by other users. By moving the
> session cookies to a directory within your own user area it may make
> them more difficult to find, but it does not guarantee security as
> Chuck points out. This is discussed at [http://php.net/manual/en/
> ref.session.php] as pointed out by Jochem.

I wouldn't rely on the home directories and open_basedir as a real
super big security fence...

I believe that on some versions of PHP on some servers under some
httpd.conf setting which seem perfectly reasonable, a symlink from a
directory within open_basedir to a file you really shouldn't be able
to read lets you in.

Or, at least, I know I have used something like this to help people
retrieve files for which they managed to lose access through sheer
stupidity.

The restrictions PHP can impose are, really, kind of just hacks to try
to fix something that is basically way outside the realm and control
of PHP in the first place.

They're useful hacks, mind, and will stop the casual snoop.

But it's not something to bet the bank on.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

Hi,

We have a big multilanguage project. For a while we used gettext to translate the pages, but we gave up on this because of many problems.

Out solution is to create a file for each language which includes the "label" definitions.

for ex:
define("LABEL1", "label 1");
define("LABEL2", "label 2");
etc...

Now, one of this file can contain more than 2000 defines and we make a calculation that we will reach 8000 in 2 years.

I made some testing(generated many label) in including these files into the project it seemed to work fine.

I don't know how php handles these defines(memory usage, CPU etc) so the question is: how much affects the performace the inclusion of a lot of defines???

Andy.

attached mail follows:

Andy wrote:
> Hi,
>
> We have a big multilanguage project. For a while we used gettext to translate the pages, but we gave up on this because of many problems.
>
> Out solution is to create a file for each language which includes the "label" definitions.
>
> for ex:
> define("LABEL1", "label 1");
> define("LABEL2", "label 2");
> etc...
>
> Now, one of this file can contain more than 2000 defines and we make a calculation that we will reach 8000 in 2 years.
>
> I made some testing(generated many label) in including these files into the project it seemed to work fine.
>
> I don't know how php handles these defines(memory usage, CPU etc) so the question is: how much affects the performace the inclusion of a lot of defines???

creating constants is _very_ slow...
if gettext is too much hassle (I can understand that ;-) it's a pity, but you have the alternative of
using an array:

$Lang = array(
'LABEL1' => 'hallo!',
// etc
);

OR install APC and write a routine that uses apc_define_constants() (not on every request obviously -
well it will becomne obvious when you read up on apc and that function in particular) and
apc_load_constants(). which means you can still use define() and not suffer the speed hit - although
be prepared to use up a little RAM :-).
note that although this means you will use the constants in your app the definition of the LABEL=>text pairs
will be an array if you go the APC route.

http://php.net/apc

ps - the info on constants and apc is regurgitation of advice/info coming direct from Rasmus.
I have never tested it, I assume he knows what he's talking about (otherwise why would he bother to
write apc_load_constants()/apc_define_constants()?)

pps - use single quotes for the __minimal__ decrease in processing that the skipping of
string interpolation causes.

>
> Andy.

attached mail follows:

Thanks for the suggests.
I will have to make some tests to see what will happen, especially how fast.
I will post after that my opinion.

Regards,
Andy.

----- Original Message -----
From: "Jochem Maas" <jochemiamjochem.com>
To: "Andy" <frumar-sd.net>
Cc: <php-generallists.php.net>
Sent: Friday, April 21, 2006 3:52 PM
Subject: Re: [PHP] performance criteria on DEFINE()

> Andy wrote:
>> Hi, We have a big multilanguage project. For a while we used gettext to
>> translate the pages, but we gave up on this because of many problems. Out
>> solution is to create a file for each language which includes the
>> "label" definitions. for ex: define("LABEL1", "label 1");
>> define("LABEL2", "label 2");
>> etc...
>>
>> Now, one of this file can contain more than 2000 defines and we make a
>> calculation that we will reach 8000 in 2 years. I made some
>> testing(generated many label) in including these files into the project
>> it seemed to work fine. I don't know how php handles these defines(memory
>> usage, CPU etc) so the question is: how much affects the performace the
>> inclusion of a lot of defines???
>
>
> creating constants is _very_ slow...
> if gettext is too much hassle (I can understand that ;-) it's a pity, but
> you have the alternative of
> using an array:
>
> $Lang = array(
> 'LABEL1' => 'hallo!',
> // etc
> );
>
> OR install APC and write a routine that uses apc_define_constants() (not
> on every request obviously -
> well it will becomne obvious when you read up on apc and that function in
> particular) and
> apc_load_constants(). which means you can still use define() and not
> suffer the speed hit - although
> be prepared to use up a little RAM :-).
> note that although this means you will use the constants in your app the
> definition of the LABEL=>text pairs
> will be an array if you go the APC route.
>
> http://php.net/apc
>
> ps - the info on constants and apc is regurgitation of advice/info coming
> direct from Rasmus.
> I have never tested it, I assume he knows what he's talking about
> (otherwise why would he bother to
> write apc_load_constants()/apc_define_constants()?)
>
> pps - use single quotes for the __minimal__ decrease in processing that
> the skipping of
> string interpolation causes.
>
>>
>> Andy.
>
>
>

attached mail follows:

On Fri, April 21, 2006 7:52 am, Jochem Maas wrote:
> Andy wrote:
>> Now, one of this file can contain more than 2000 defines and we make
>> a calculation that we will reach 8000 in 2 years.

Seems to me you could extend your testing to generate 8000 constants
in a file pretty easily, and just benchmark it and find out if it's
acceptable.

Hell, go for 16000 and 32000 tests as well, and benchmark those.

The pattern should be obvious pretty quickly, and you'll know, beyond
a shadow of a doubt, if you will be happy in 2 years. (On this
issue.)

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

Hello,

Probably a stupid one but anyway...

In PHP. Is it possible to point to a variable with the HTML form name by
which it was posted from?

Example:

//point to the variable with something like or somenthing???
$AddNew.SomeVar

<form name="AddNew" method="post" action="<? $PHP_SELF ?>">
$SomeVar = "Add";
</form>

<form name="DeleteOld" method="post" action="<? $PHP_SELF ?>">
$SomeVar = "Del";
</form>

Or do I just have name the variables uniquely?

Thanks
-Will

attached mail follows:

[snip]
Probably a stupid one but anyway...

In PHP. Is it possible to point to a variable with the HTML form name by

which it was posted from?

Example:

//point to the variable with something like or somenthing???
$AddNew.SomeVar

<form name="AddNew" method="post" action="<? $PHP_SELF ?>">
$SomeVar = "Add";
</form>

<form name="DeleteOld" method="post" action="<? $PHP_SELF ?>">
$SomeVar = "Del";
</form>

Or do I just have name the variables uniquely?
[/snip]

You could write a function...looks like you're trying to do something
similar to DOM.

attached mail follows:

take the following code and do some experimentation:

echo '<pre>';
echo "POST vars: \n";
var_dump($_POST);
echo "GET vars: \n";
var_dump($_GET);
echo '</pre>';

stick that in your page that contain the form and start playing with
different form fields, different form fields names, etc, etc - everytime you
submit you'll know see what's being submitted.

enjoy

William Stokes wrote:
> Hello,
>
> Probably a stupid one but anyway...
>
> In PHP. Is it possible to point to a variable with the HTML form name by
> which it was posted from?
>
> Example:
>
> //point to the variable with something like or somenthing???
> $AddNew.SomeVar

this is not asp.NET/asp.NOT, so "no" to that question.

god only knows what you mean by the form examples below...

>
> <form name="AddNew" method="post" action="<? $PHP_SELF ?>">
> $SomeVar = "Add";
> </form>
>
> <form name="DeleteOld" method="post" action="<? $PHP_SELF ?>">
> $SomeVar = "Del";
> </form>
>
> Or do I just have name the variables uniquely?

I would, in general, recommend calling every $x. ;-)

>
> Thanks
> -Will
>

attached mail follows:

At 3:45 PM +0300 4/21/06, William Stokes wrote:
>Hello,
>
>Probably a stupid one but anyway...
>
>In PHP. Is it possible to point to a variable with the HTML form name by
>which it was posted from?
>
>Example:
>
>//point to the variable with something like or somenthing???
>$AddNew.SomeVar
>
><form name="AddNew" method="post" action="<? $PHP_SELF ?>">
>$SomeVar = "Add";
></form>
>
><form name="DeleteOld" method="post" action="<? $PHP_SELF ?>">
>$SomeVar = "Del";
></form>
>
>Or do I just have name the variables uniquely?
>
>Thanks
>-Will

-Will:

Sure, you're almost there, just make a hidden variable $whichform and
use it like so:

HTH's

tedd
--
--------------------------------------------------------------------------------
http://sperling.com

attached mail follows:

On Fri, April 21, 2006 7:45 am, William Stokes wrote:
> In PHP. Is it possible to point to a variable with the HTML form name
> by
> which it was posted from?

The FORM name attribute was an add-on for Javascript client-side.

It is not transmitted by HTTP.

PHP never sees it.

> Or do I just have name the variables uniquely?

Yes.

Or you could just add ONE new INPUT in each form to tell you which
FORM was used:
<INPUT TYPE="HIDDEN" NAME="FORM" VALUE="AddNew" />

Or you could have just ONE form and use buttons with name for your
INPUTs:
<form name="irrelevant" ...>
<input type="submit" name="AddNew" value="Add" />
<input type="submit" name="DeleteOld" value="Del" />
</form>

The button the user clicked on is sent as a variable with HTTP.
EXCEPTIONS:
If there is only ONE submit button, and if the user hits "Enter" (aka
"Return") instead of actually clicking on the button, then some
browser do not send the button name/value.
If you use JavaScript to do the submit, it's your problem to add
whatever inputs you need in JavaScript to make things work... As well
as anything in JavaScript works, anyway.

Or you could have the FORMs have different ACTION attributes so you
know which form sent the data because you have scripts dedicated to a
specific purpose instead of some monolithic mess trying to be-all
do-all end-all.

Or you can use arrays in the NAME attributes to organize things in
some cases -- probably not in this particular instance, but keep it in
mind for INPUT elements within the same form.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

php_uname('n')

Edin

Venkat Venkataraju wrote:
> Hi All
>
> I'm writing a bunch of cron scripts that send reports periodically using
> phpmailer.
>
> I'm having a hard time trying to find the FQDN of the server. I need
> that information to construct the from address for the emails.
>
> The $_ENV['HOSTNAME'] works only if the script is executed manually. the
> cron does not pass the HOSTNAME env variable to the scripts.
>
> When executed from the CLI, the $_SERVER['HOSTNAME'] does not have the
> fqdn, but just the hostname part of the FQDN.
>
> Unless i hard code the corntab file with
> HOSTNAME=fqdn
>
> i do not want to hardcode the hostname anywhere as these script will be
> copied onto many servers. is there a way i can find the fully qualified
> domain name thru PHP?
>
> Thanks
> /V
>

attached mail follows:

Jochem Maas wrote:
> apparently calling a dynamic function using static syntax
> will cause an E_FATAL.

? That's just how OO design works... If you have a non-static method you
can always have a $this-> lingering in there. Now, if you call this
method with the static syntax, $this suddenly doesn't exist... Design
wise trying to do something like this is just fundamentally wrong. That
it was supported in PHP 5 can be considered as the bug and it was just
fixed...

The other way (calling a static function dynamically) ofcourse does not
give any problems.

Derick

attached mail follows:

hi Derick,

Derick Rethans wrote:
> Jochem Maas wrote:
>
>> apparently calling a dynamic function using static syntax
>> will cause an E_FATAL.
>
>
> ? That's just how OO design works... If you have a non-static method you
> can always have a $this-> lingering in there. Now, if you call this
> method with the static syntax, $this suddenly doesn't exist... Design
> wise trying to do something like this is just fundamentally wrong. That
> it was supported in PHP 5 can be considered as the bug and it was just
> fixed...

thank you for replying, much appreciated.

given the ammount of time I have to fix my code I think I'll be able
to figure out a way to refactor my code :-) I just had a bit of a meltdown,
thought that I had 2.5 years worth of code development go down the drain
and needed to vent (well maybe not 'needed').

I still have plenty to learn, it's hard to keep up with the amazing stuff
you guys are producing (and all to easy to get 'it' wrong).

as a average joe php programmer It was quite painful to go thru all the BC
breaking changes that occured going from php5beta2 to php5.1.2 - somethings still
irk me (like the array_merge() changes) because I don't really see the point ...
but I understand that alot of changes really were improvements. and obviously you devs
are also humans so the occasional oversight and mistake can be expected -
it must be hard developing software thats being jumped on and used by so many
people (once functionality is out there - whether it's considered broken or not -
it's difficult to get it back in the bag!)

again thanks for your reply, and keep up the good work - I for one am very much
looking forward to the new date functionality, unicode (although it scares me
****less - I guess I read too much internals mail that I don't fully understand ;-)
, static late binding and all the other great stuff that's coming our way!

kind regards,
Jochem.

attached mail follows:

Hi there,

I would like to associate to 2 variables the same content.

Example:

'gm_GM', 'gm_CH' => array(

unfortunatelly this syntax does not work. It simply overwrites gm_GM

Any ideas on how to make this possible?

Thank you for any hint,

Merlin

attached mail follows:

Merlin wrote:
> I would like to associate to 2 variables the same content.
> Example:
>
> 'gm_GM', 'gm_CH' => array(
>
> unfortunatelly this syntax does not work. It simply overwrites gm_GM
> Any ideas on how to make this possible?

'gm_GM' is not overwritten, do a print_r($array) to verify. What
you're telling PHP to do is to add a secuential index whose value is
'gm_GM', then an asociative index 'gm_CH' whose value is an array.

        If you want to assign the same value to both index, you need to simply do
   'gm_GM' => $value,
   'gm_CH' => $value,
or
   $array['gm_GM'] = $array['gm_CH'] = $value;
--
Atentamente,
J. Rafael Salazar Magaña
Innox - Innovación Inteligente
Tel: +52 (33) 3615 5348 ext. 205 / 01 800 2-SOFTWARE
http://www.innox.com.mx

attached mail follows:

Hello,

I'm using PhpMyadmin 2.6.3 on operators server for DB management. I would
from time to time like to export the whole DB to text file and move the DB
to my own test server. Problem is that when I dump the whole DB to a file
all scandic fonts are incorrect. If I dump the data to screen they are
correct. Data Collation in the DB is latin1_swedish_ci.

Since the amount of data and tables are increased dumping everything to
screen is not very convenient. Any ideas how to do this right?

Thanks
-Will

attached mail follows:

Forgot to say that the scandic fonts are ok in the tables...

""William Stokes"" <kallesoperamail.com> kirjoitti
viestissä:F3.4B.19715.1B3E8444pb1.pair.com...
> Hello,
>
> I'm using PhpMyadmin 2.6.3 on operators server for DB management. I would
> from time to time like to export the whole DB to text file and move the DB
> to my own test server. Problem is that when I dump the whole DB to a file
> all scandic fonts are incorrect. If I dump the data to screen they are
> correct. Data Collation in the DB is latin1_swedish_ci.
>
> Since the amount of data and tables are increased dumping everything to
> screen is not very convenient. Any ideas how to do this right?
>
> Thanks
> -Will

attached mail follows:

phpmyadmin have their own support channels.

as do mysql.

William Stokes wrote:
> Hello,
>
> I'm using PhpMyadmin 2.6.3 on operators server for DB management. I would
> from time to time like to export the whole DB to text file and move the DB
> to my own test server. Problem is that when I dump the whole DB to a file
> all scandic fonts are incorrect. If I dump the data to screen they are
> correct. Data Collation in the DB is latin1_swedish_ci.
>
> Since the amount of data and tables are increased dumping everything to
> screen is not very convenient. Any ideas how to do this right?
>
> Thanks
> -Will
>

attached mail follows:

Use mysqldump. Quick & easy.

-----Original Message-----
From: William Stokes [mailto:kallesoperamail.com]
Sent: Friday, April 21, 2006 8:56 AM
To: php-generallists.php.net
Subject: [PHP] Re: Export data with PHPMyAdmin

Forgot to say that the scandic fonts are ok in the tables...

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

You don't need the unserialize(), it's done internally by the
session_start().
All the things you put inside $_SESSION, except for resources, will be
rebuilt when the session is regenerated. This way you don't need to worry
about serializing.
Read the manual section about sessions.

2006/4/21, Steve <email.weblistsgmail.com>:
>
> Hi
>
> Thanks for all your help so far.
>
> I've combined all your thoughts, and from what I understand, for every
> page I have that interacts with the cart, I need to have something like
> the following code.
>
> So basically, on every page, be it a page that displays the contents of
> the cart, the checkout, or catalog pages, at the top of the code I
> always need to check if files are being added, deleted or changed qty.
> Is this correct?
>
> This is my biggest concern. What's the best way to interact with the
> Cart class when adding/removing items?
>
> Thanks
> Steve
>
>
> <?php
>
> // This File: catalog.php
> require_once 'Cart.php';
> session_start();
>
> /* Establish connection to the cart
> ************************************ */
> if ( isset($_SESSION["cart"] )
> $cart = unserialize($_SESSION["cart"]);
> else
> $cart = new Cart();
>
> /* Modify the cart for this user
> ************************************ */
> if ( isset($_GET['add']) )
> $cart->addItem($_GET['add']);
> if ( isset($_GET['remove']) )
> $cart->removeItem($_GET['remove']);
>
> /* Save the cart's state
> ************************************ */
> $_SESSION['cart'] = $cart;
>
> /* Display the catalog
> ************************************ */
> echo <<<HEREDOCS
> blah blah
> HEREDOCS;
>
> ?>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

attached mail follows:

Nicolas Verhaeghe wrote:
> [snip]
>
>
>>I'm creating my own Object Oriented PHP Shopping Cart.
>
>
> Okaaaaaaay.
>

...

>
> To answer our friend, he seems to have to learn to develop simple
> applications before starting building something as complex as a
> shopping cart. Not only complex, but also sensitive, because the end
> of the process is to handle credit card numbers, and I would not trust
> a beginner to handle that type of information.

get ready for a 'Richard Lynching' with regard to the CC statement. ;-)

unless your name is VISA (or somethin gin a similar vein) you don't ever
touch a creditcard number - ever, ever, ever. this saves you getting sued,
your house being sold from underneath and consequently your wife leaving
you.

Richard Lynch has given very detailed responses to the issues of handling
credit cards on numerous occasions on this list - do yourself a favor and
search the archives and read what he had to say - his is sound advice imho.

>
> Functions that perform operations such as manipulating objects (a
> shopping cart is an object, after all, so are the items, and the
> client's
> information) are simply performed at the top and the functions which
display
> the changes or prompts the buyer for operations are shown at the bottom,
> it's all very straight and linear.
>

----------------------

Actually you do not touch a credit card when your name is Visa. Credit card
authorization is done with credit card processors and of course you have to
"touch" credit card numbers in order to communicate with those.

attached mail follows:

On Thu, April 20, 2006 11:24 pm, Steve wrote:
> > Yes, there is a TON of source code, and Yes, most of it is very
> very
> > very badly-written, and Yes, that's because they started typing
> just
> > like you are now instead of actually figuring all this [bleep] out
> in
> > advance. :-)
>
> Thank you for taking the time to respond and assist me.
>
> Do you have any specific shopping carts that you would recommend I
> take
> a look at? Any that ARE well written.

Donning my flame-retardant underwear...

No.

They all suck.

There is no decent security-concious well-designed Open Source / Free
PHP Shopping Cart available to date.

So examine all the big-name ones and see where they went wrong.

Let the flames begin.

Or not, as I'm betting not one of you can say something I haven't
heard yet...

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

On Fri, April 21, 2006 12:21 am, Steve wrote:
> So basically, on every page, be it a page that displays the contents
> of
> the cart, the checkout, or catalog pages, at the top of the code I
> always need to check if files are being added, deleted or changed qty.
> Is this correct?

Yes.

> This is my biggest concern. What's the best way to interact with the
> Cart class when adding/removing items?

Just include Cart.php which does all that.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

Richard Lynch wrote:
> Or not, as I'm betting not one of you can say something I haven't
> heard yet...

When I close my eyes I see images of donkeys with unicorn-like horns
jumping over the moon with ponies on their backs. To be perfectly honest
it does worry me sometimes.

-Stut

attached mail follows:

On Fri, April 21, 2006 5:09 am, Jochem Maas wrote:
> Nicolas Verhaeghe wrote:
> get ready for a 'Richard Lynching' with regard to the CC statement.
> ;-)

Oh, let's do the children's version today. :-)

You know that game Hot Potato?

Yeah?

Good.

A CC # is just like the Hot Potato in that game.

You do NOT want it in your hands a nano-second longer than it has to be.

[subtle shift to adult computer design version]

You certainly don't want to put it into anything like permanent
storage like your database or on your hard drive!

You want to hand it off to your Merchant Account API ASAP!, and you
want to ERASE that CC number from your memory banks *FOREVER* as
totally wiped out gone forever as you can.

If you could, you'd like to apply a Stun Gun right to that portion of
RAM and just WASTE the 16 bytes into a burned-out shell of useless
nano-circuitry...

Okay, that's a little extreme (and impossible) but it is not that far
off from the desired philosophical goal.

Every beginner on the planet seems to make this mistake, at least in
their initial design.

I know quite a few have made it all the way past development,
implementation, review, launch, and long-term usage!

Some guys are shaking their heads in denial on this, but I swear to
god, I have seen it. I am not making this [bleep] up. Credit card
numbers have been sitting for YEARS in some boutique home-rolled
shopping cart system MySQL database with the oh-so-clever
username/password of nobody/nobody or www/www

Hell, I'll even posit that SOME have managed to configure MySQL with %
access for the hostname -- Though I personally have never seen that.

I can only hope that my continued (and freely-admitted annoying) rant
on this topic stops at least ONE beginner from making this mistake.

Cuz god knows somebody on this list was kind enough to stop ME a
decade ago when I was about to do it, and it's foolish, incredibly
risky, and carries penalties beyond comprehension.

Thanks.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

-----Original Message-----
From: Richard Lynch [mailto:ceol-i-e.com]
Sent: Friday, April 21, 2006 2:18 PM
To: Steve
Cc: php-generallists.php.net; Richard Lynch
Subject: Re: [PHP] Creating an OO Shopping Cart

On Thu, April 20, 2006 11:24 pm, Steve wrote:
> > Yes, there is a TON of source code, and Yes, most of it is very
> very > very badly-written, and Yes, that's because they started
> typing just
> > like you are now instead of actually figuring all this [bleep] out
> in
> > advance. :-)
>
> Thank you for taking the time to respond and assist me.
>
> Do you have any specific shopping carts that you would recommend I
> take a look at? Any that ARE well written.

Donning my flame-retardant underwear...

No.

They all suck.

There is no decent security-concious well-designed Open Source / Free PHP
Shopping Cart available to date.

So examine all the big-name ones and see where they went wrong.

Let the flames begin.

Or not, as I'm betting not one of you can say something I haven't heard
yet...

------------------

No flaming from me, I would add fuel to the fire.

First of all, unless you are really a newbie, do not ever use a shopping
cart solution which hackers could download to analyze the flaws.

Second, like you, I think they all suck.

Either they have too many bells and whistles, or are poorly coded, or have
includes calling includes calling includes.

The best example of this is OsCommerce, because it has the three flaws
listed above.

attached mail follows:

[snip]

Some guys are shaking their heads in denial on this, but I swear to god, I
have seen it. I am not making this [bleep] up. Credit card numbers have
been sitting for YEARS in some boutique home-rolled shopping cart system
MySQL database with the oh-so-clever username/password of nobody/nobody or
www/www

[/snip]

----------------------------

I know what you are talking about, I have seen that type of tables with
literally thousands of CC numbers collected over the years, along with name
on the card and expiry, of course.

As a programmer it is your duty to report this to your client and to keep
track, because if one day someone resells this list, you could be liable.

Unless, of course, you are a Soprano.

attached mail follows:

On Fri, 2006-04-21 at 17:59, Nicolas Verhaeghe wrote:
> [snip]
>
> Some guys are shaking their heads in denial on this, but I swear to god, I
> have seen it. I am not making this [bleep] up. Credit card numbers have
> been sitting for YEARS in some boutique home-rolled shopping cart system
> MySQL database with the oh-so-clever username/password of nobody/nobody or
> www/www
>
> [/snip]
>
> ----------------------------
>
> I know what you are talking about, I have seen that type of tables with
> literally thousands of CC numbers collected over the years, along with name
> on the card and expiry, of course.
>
> As a programmer it is your duty to report this to your client and to keep
> track, because if one day someone resells this list, you could be liable.

*hahah* I've seen it too, in the database, and then the guy also had a
debug log that wrote the data to the log file. Bigger problem was that
the log file was xwrxwrxwr right smack in request land with no access
restrictions :/ He never turned the debug log off.

Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'

attached mail follows:

Peter Lauri wrote:
[···]
> 1. Fill out a form on a web page
> 2. Lands on a thank you page and force a download of a pdf
>
> Right now I solve this by outputting the thank you page and then using a
> javascript to redirect to the download.php that consist of the following:
>
> header('Content-type: application/pdf');
> header('Content-Disposition: attachment; filename="eguide.pdf"');
> readfile('http://www.thedomain.com/download/eguide.pdf');
>
> Unfortunally it seams like some browsers blocks my javascript that redirects
> to that address. If JavaScript is enabled, this works fine.
>
> How would you solve this? Any method in PHP? I was hoping to be able to do
> the thing that download.php does in the same file as the output of my thank
> you page.

So... why don't you do it that way? I have a function similar to your
code (for "sending" the file) and call it whenever I need it in the
'main' page (no special page for download used) You may want to try
yourself
--
Atentamente,
J. Rafael Salazar Magaña
Innox - Innovación Inteligente
Tel: +52 (33) 3615 5348 ext. 205 / 01 800 2-SOFTWARE
http://www.innox.com.mx

attached mail follows:

Yes I am using that for the moment. The problem is that for the moment I
require javascript to make it work. And I know there are browsers that block
javascript, my client has already had a customer complaining that the
download did not start. Temporary I solved it by puttning a link "it the
download does not start within a few seconds, please click here".

/Peter

-----Original Message-----
From: Rafael [mailto:rsalazarinnox.com.mx]
Sent: Friday, April 21, 2006 9:22 PM
To: php-generallists.php.net
Subject: [PHP] Re: Form to page force download

Peter Lauri wrote:
[···]
> 1. Fill out a form on a web page
> 2. Lands on a thank you page and force a download of a pdf
>
> Right now I solve this by outputting the thank you page and then using a
> javascript to redirect to the download.php that consist of the following:
>
> header('Content-type: application/pdf');
> header('Content-Disposition: attachment; filename="eguide.pdf"');
> readfile('http://www.thedomain.com/download/eguide.pdf');
>
> Unfortunally it seams like some browsers blocks my javascript that
redirects
> to that address. If JavaScript is enabled, this works fine.
>
> How would you solve this? Any method in PHP? I was hoping to be able to do
> the thing that download.php does in the same file as the output of my
thank
> you page.

So... why don't you do it that way? I have a function similar to
your
code (for "sending" the file) and call it whenever I need it in the
'main' page (no special page for download used) You may want to try
yourself
--
Atentamente,
J. Rafael Salazar Magaña
Innox - Innovación Inteligente
Tel: +52 (33) 3615 5348 ext. 205 / 01 800 2-SOFTWARE
http://www.innox.com.mx

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

On Fri, April 21, 2006 1:53 am, Peter Lauri wrote:
> 1. Fill out a form on a web page
>
> 2. Lands on a thank you page and force a download of a pdf
>
> Right now I solve this by outputting the thank you page and then using
> a
> javascript to redirect to the download.php that consist of the
> following:
>
> header('Content-type: application/pdf');
>
> header('Content-Disposition: attachment; filename="eguide.pdf"');
>
> readfile('http://www.thedomain.com/download/eguide.pdf');
>
> Unfortunally it seams like some browsers blocks my javascript that
> redirects
> to that address. If JavaScript is enabled, this works fine.
>
> How would you solve this? Any method in PHP? I was hoping to be able
> to do
> the thing that download.php does in the same file as the output of my
> thank
> you page.

Did you consider looking at the source to the download.php page?

Cuz if that's what you want to do, then that's where you solution is.

At a guess, I'd say you want to add a META HTTP-EQUIV=Refresh tag to
your thank you page.

I can't promise EVERY browser will support/honor it, but it does not
rely on JavaScript and has a MUCH larger install-base than JS.

Personally, I'd rather you just gave me a link to the dman PDF and put
a little thank you next to it, so I don't have to waste my time
surfing to your thank page to get what I want. [shrug]

I believe that if you examine this from the user's point of view,
you'll find that to be a nicer experience.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

At 3:46 PM -0700 4/20/06, Chris Kennon wrote:
>I'm new to the list so "Hello" to all. I'm drafting a function.php
>page, which will be included() in the pages in need. How would I
>pass a form as an argument of a function? From the name parameter of
>the form element or perhaps an ID:
>
>function checkForm(theForm){
> //Form validation code omitted.
>}

You can't pass the form, but you can pass the form content, which is
probably what you want anyway.

If it were me, I would place a form value ($theForm) in each fomr as
a <input> hidden variable that would identify which form and I would
pass that to your checkForm($theFrom) function.

From there, I would set up a switch which would channel your
validation. The variables to validate, of course, would be in your
$_POST or $_GET arrays. That should be simple enough.

>Also, I seem to recall some caution is needed when using
>user-defined functions?

No more so than any other syntax, just do it right.

tedd

--
--------------------------------------------------------------------------------
http://sperling.com

attached mail follows:

On Fri, April 21, 2006 1:02 am, Nicolas Verhaeghe wrote:
> I'm new to the list so "Hello" to all. I'm drafting a function.php
> page, which will be included() in the pages in need. How would I pass
> a form as an argument of a function? From the name parameter of the
> form element or perhaps an ID:
>
>
> function checkForm(theForm){
> //Form validation code omitted.

You wouldn't.

See, you probably don't really want to pass every form through the
same validation function, because every form is different.

And every input should have the strictest validation possible for that
input.

So you can't really have a generic checkForm function, any more than
you can turn on your "Security" switch and magically make it safe.

It just plain doesn't work like that.

So your function, for now, should just know what form it is checking
because there is only one form it checks.

You might maybe some day want a big framework of standarized input
names and checks can be automated on some standard kinds of inputs.
But that's a whole different animal from what I'm pretty sure you are
doing today. And it never works all that well, imho, as there are too
many subtle differences in the needs for data validation.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

From: Richard Lynch [mailto:ceol-i-e.com]
Sent: Friday, April 21, 2006 2:15 PM
To: Nicolas Verhaeghe
Cc: php-generallists.php.net
Subject: RE: [PHP] Passing Form As Argument

You wouldn't.

See, you probably don't really want to pass every form through the same
validation function, because every form is different.

And every input should have the strictest validation possible for that
input.

So you can't really have a generic checkForm function, any more than you can
turn on your "Security" switch and magically make it safe.

It just plain doesn't work like that.

So your function, for now, should just know what form it is checking because
there is only one form it checks.

-----------------------

I have functions which dynamically generate client-side javascript
validation functions according to the name of the field, its type (text,
password, email, drop down, radio button, textarea, and what not).

Same thing server-side.

TIMTOWTDI but I cannot be the only one with the idea.

attached mail follows:

On Fri, April 21, 2006 4:56 pm, Nicolas Verhaeghe wrote:
> I have functions which dynamically generate client-side javascript
> validation functions according to the name of the field, its type
> (text,
> password, email, drop down, radio button, textarea, and what not).
>
> Same thing server-side.

Allow me to expand on why I think this is (generally) a wrong-headed
approach.

Consider a simple, common example: The phone number.

Now, if you're doing this the Right Way and restricting only to the
characters known to be valid, then you want only:
[0-9]

To be nice to users, maybe you allow '-' and space as well.

Of course, if it's taking international phone numbers, you want to let
them type that leading + sign, but not if it's US-only.

Now, if it's a businees-oriented phone number, you want to allow
something like: 1-800-CALL-ATT because, by god, they paid big money to
get the digits they want and the right to promote/market that 800
number with alpha-characters in it.

Yet, to be as restrictive as possible for non-business use with home
telephone numbers, you wouldn't want to let that slip by, so you can
avoid more pranksters.

If you look at it carefully, most of your data in most of your
applications *IS* that complicated.

Phone numbers? See above.

Postal Codes? US or World? Zip +4 or not? Should you not
cross-check with country code and a specific regex, for those
countries where you KNOW what it should be, and you expect many users?

Email address? Man, you could spend a year trying to get this one
right, and still have it wrong.

So, all-in-all, the "rule" for how to sanitize data, IN MY OPINION, is
too application-specific and too domain-specific to be generalized and
maintain the level of security most programmers and clients would
desire, given the cost/benifit ratios involved for using a
pre-packaged sanitizer, or a clear in-line regex of what is kosher for
THIS application and THIS domain.

To drive this home: If the rule is complicated enough to want a
generalized function to handle it, it's probably complicated enough
that you do NOT want to over-generalize by using a package function,
but want to use the RIGHT regex for that application.

This is just my philosophical position, and I'm NOT the expert.

Somebody could show me a whiz-bang pre-packaged sanitizer tomorrow
that had all the flags/cases covered and let me tweak them to my
satisfaction. The fact that about 1,027 attempts by others to do this
have, so far, failed, doesn't negate that. I'm not THAT bull-headed.
:-)

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

Hi,

could anyone tell me why the following url doesn't generate a "page not
found" ?
http://www.php.net/manual/en/function.checkdnsrr.php/manual/

you can try with a longer url after the last .php.

I tried with ../manual instead of manual and this produces a 404.

I checked with www.php.net because my own site does the same and I
wanted to be sure it didn't come from my config.

thanks

Nicolas Figaro

attached mail follows:

Not sure about php.net specifically, but two things to note here:

If you leave off a filename at the end of the URL, the web server will look for a 'default' document. On apache and unix systems I believe the default is "index.html" and on IIS systems it's something like "Default.htm". Most of the time there are other options like you might add a "index.php" if your site uses PHP.

The other thing that could happen is they could be using something like the Apache mod_rewrite (some info at http://www.modrewrite.com/ among others) which can dynamically change the requested URL to a more standard URL before sending back to the user.

Something like this:
http://www.testserver.com/tgryffyn/homepage/middlesection

Could be turned into something like:
http://www.testserver.com/userpage.php?user=tgryffyn&page=home#middleanchor

But to the user requesting the page, it'll always look like the first URL.

Forgive me if I got any syntax or capability of mod_rewrite wrong, never used it myself just know that's the general sort of thing that it does.

You might be getting a 404 on using ../manual because they're using mod_rewrite and it didn't know how to deal with "../manual" because "manual" isn't part of a path but actually part of the rewrite rules. and the "../" part of it didn't fit into those rules or got translated to a non-existant page

This:
http://www.php.net/manual/en/function.checkdnsrr.php/manual/

Might become something like (ignoring everythin after the function reference):
http://www.php.net/manual.php?l=en&function=checkdnsrr

I'm not sure why you'd get a 404 by changing the second 'manual' to '../manual' but could have something to do with rewrite rules or something.

Just some thoughts.

-TG

= = = Original message = = =

Hi,

could anyone tell me why the following url doesn't generate a "page not
found" ?
http://www.php.net/manual/en/function.checkdnsrr.php/manual/

you can try with a longer url after the last .php.

I tried with ../manual instead of manual and this produces a 404.

I checked with www.php.net because my own site does the same and I
wanted to be sure it didn't come from my config.

thanks

Nicolas Figaro

___________________________________________________________
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.

attached mail follows:

>Hi,
>
>could anyone tell me why the following url doesn't
>generate a "page not found" ?

http://www.php.net/manual/en/function.checkdnsrr.php/manual/

>you can try with a longer url after the last .php.
>
>I tried with ../manual instead of manual and this produces a 404.
>
>I checked with www.php.net because my own site does the same and I
>wanted to be sure it didn't come from my config.
>
>thanks
>
>Nicolas Figaro

tg-phpgryffyndevelopment.com wrote:

>The other thing that could happen is they could be
>using something like the Apache mod_rewrite (some
>info at http://www.modrewrite.com/ among others) which
>can dynamically change the requested URL to a more
>standard URL before sending back to the user.
>
>Something like this:
>http://www.testserver.com/tgryffyn/homepage/middlesection
>
>Could be turned into something like:
>http://www.testserver.com/userpage.php?user=tgryffyn&page=home#middleanchor
>
>But to the user requesting the page, it'll always look like the first URL.
>
>Forgive me if I got any syntax or capability of mod_rewrite wrong,
>never used it myself just know that's the general sort of thing that it does.
>
>

Pretty good thoughts, there. Some years ago, Tim Perdue
(of PHPBuilder and SourceForge fame) had a popular
article on "Search Engine Friendly URL's" (or some such),
in which he described use of the Apache ForceLocal
directive to make a site just One Big Script, parsing
the slashed portions of the query string as variables
(instead of GET, a la "?section=man&term=foo") so that
the browser appears to be accessing documents in subfolders,
but it's really just telling the server to grab a page with certain
values defined in the URI.

It sure looks like a possibility of this or similar magic in
this case. Of course, I could be way off my tree...

Kevin Kinsey

--
Byte your tongue.

attached mail follows:

I believe Kevin is on the right track there. To expand a bit, you can use
$_SERVER['PATH_INFO'] with these urls instead of $_GET to make use of the
data it contains

example for url http://www.example.com/index.php/foo/bar
<?php
echo $_SERVER['PATH_INFO'];
?>

produces:
/foo/bar

You can then parse this string, (generally by using the '/' character as a
deliminator) and extract the data. MediaWiki even provides information
(can't think of where at the moment) on how to use Apache's mod_rewrite to
hide index.php thus making the url even cleaner:
http://www.example.com/foo/bar

Cheers!
- Joe

On 4/21/06, Kevin Kinsey <kdkdaleco.biz> wrote:
>
> >Hi,
> >
> >could anyone tell me why the following url doesn't
> >generate a "page not found" ?
>
> http://www.php.net/manual/en/function.checkdnsrr.php/manual/
>
> >you can try with a longer url after the last .php.
> >
> >I tried with ../manual instead of manual and this produces a 404.
> >
> >I checked with www.php.net because my own site does the same and I
> >wanted to be sure it didn't come from my config.
> >
> >thanks
> >
> >Nicolas Figaro
>
> tg-phpgryffyndevelopment.com wrote:
>
> >The other thing that could happen is they could be
> >using something like the Apache mod_rewrite (some
> >info at http://www.modrewrite.com/ among others) which
> >can dynamically change the requested URL to a more
> >standard URL before sending back to the user.
> >
> >Something like this:
> >http://www.testserver.com/tgryffyn/homepage/middlesection
> >
> >Could be turned into something like:
> >
> http://www.testserver.com/userpage.php?user=tgryffyn&page=home#middleanchor
> >
> >But to the user requesting the page, it'll always look like the first
> URL.
> >
> >Forgive me if I got any syntax or capability of mod_rewrite wrong,
> >never used it myself just know that's the general sort of thing that it
> does.
> >
> >
>
> Pretty good thoughts, there. Some years ago, Tim Perdue
> (of PHPBuilder and SourceForge fame) had a popular
> article on "Search Engine Friendly URL's" (or some such),
> in which he described use of the Apache ForceLocal
> directive to make a site just One Big Script, parsing
> the slashed portions of the query string as variables
> (instead of GET, a la "?section=man&term=foo") so that
> the browser appears to be accessing documents in subfolders,
> but it's really just telling the server to grab a page with certain
> values defined in the URI.
>
> It sure looks like a possibility of this or similar magic in
> this case. Of course, I could be way off my tree...
>
> Kevin Kinsey
>
> --
> Byte your tongue.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

attached mail follows:

You could do that... a "poor man's mod_rewrite" might involve something like this and making the main PHP parsing script your 404 page.. so no matter where you went on a page, the 404 redirect to your PHP script would parse the request (or would you get the post-redirected URL? in which case you'd have to get the 'referrer' maybe? not sure..).

Sounds like it could have some security issues though..giving too much power to the user and what they enter in the URL being used as variable data.. definitely would want to scrub that input hard.

-TG

= = = Original message = =
I believe Kevin is on the right track there. To expand a bit, you can use
$_SERVER['PATH_INFO'] with these urls instead of $_GET to make use of the
data it contains

example for url http://www.example.com/index.php/foo/bar
<?php
echo $_SERVER['PATH_INFO'];
?>

produces:
/foo/bar

Cheers!
- Joe

___________________________________________________________
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.

attached mail follows:

No arguments here ;-). For what it's worth, I've used this technique just to
simply clean up the url's a bit. With that in mind, I usually don't need to
do a terrible amount of scrubbing because I'm using the variables in the url
more for navigation. So
http://www.example.com/index.php/edit/customer/1234simply tells my
script to display a form that will allow the user to edit
customer 1234, if the first sections of $_SERVER['PATH_INFO'] isn't exactly
what I'm expecting then I moce on to whatever the default action is (except
of course for the customer id at the end). Really this isn't any different
than http://www.example.com/index.php?action=edit&type=customer&id=1234 in
terms of security. If I'm wrong someone please let me know as I do use this
technique quite a bit.

- Joe

On 4/21/06, tg-phpgryffyndevelopment.com <tg-phpgryffyndevelopment.com>
wrote:
>
> You could do that... a "poor man's mod_rewrite" might involve something
> like this and making the main PHP parsing script your 404 page.. so no
> matter where you went on a page, the 404 redirect to your PHP script would
> parse the request (or would you get the post-redirected URL? in which case
> you'd have to get the 'referrer' maybe? not sure..).
>
> Sounds like it could have some security issues though..giving too much
> power to the user and what they enter in the URL being used as variable
> data.. definitely would want to scrub that input hard.
>
> -TG
>
> = = = Original message = = =
>
> I believe Kevin is on the right track there. To expand a bit, you can use
> $_SERVER['PATH_INFO'] with these urls instead of $_GET to make use of the
> data it contains
>
> example for url http://www.example.com/index.php/foo/bar
> <?php
> echo $_SERVER['PATH_INFO'];
> ?>
>
> produces:
> /foo/bar
>
> You can then parse this string, (generally by using the '/' character as a
> deliminator) and extract the data. MediaWiki even provides information
> (can't think of where at the moment) on how to use Apache's mod_rewrite to
> hide index.php thus making the url even cleaner:
> http://www.example.com/foo/bar
>
> Cheers!
> - Joe
>
>
> ___________________________________________________________
> Sent by ePrompter, the premier email notification software.
> Free download at http://www.ePrompter.com.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

attached mail follows:

All depends on how the data is used after it's interpreted/split:

http://www.example.com/index.php/edit/customer/1234

$action = "edit";
$type = "customer";
$id = "1234";

header("Location: http://www.example.com/index.php?action=$action&type=$type&id=$id");

In this case, what happens if someone does:
http://www.example.com/index.php/edit/customer/1234&adminaccess

$action = "edit";
$type = "customer";
$id = "1234&adminaccess;

header("Location: http://www.example.com/index.php?action=$action&type=$type&id=$id");

redirects to:
http://www.example.com/index.php?actioníit&typestomer&id34&adminaccess

Or if that data was used in a SQL query, you could open yourself up to a SQL injection attack.... basically all the kind of concerns you have when handling user input in general, but you have to ask yourself "What could someone do is they manually entered a URL instead of just clicking on a link that we generated... what other data is passed via $_GET vars or other data that's affected by the pre-rewrite URL).

Maybe your stuff is ok... maybe the worst that happens is it looks for an id of "1234&adminaccess and doesn't find it.

Security tends to involve dealing with what we know is a security risk... while hacking (the illegal kind) is only limited by the imagination and skill of the hacker. So good security relies on as much imagination and creativity as you can conjure up and hopefully it's more than the hacker trying to poke at your system. :) In other words, ALWAYS think of the worst-case scenario when thinking about security... isolate, restrict and scrub your input vigorously..hah

-TG

And you split on the forward slash.. you might get:

= = = Original message = =
No arguments here ;-). For what it's worth, I've used this technique just to
simply clean up the url's a bit. With that in mind, I usually don't need to
do a terrible amount of scrubbing because I'm using the variables in the url
more for navigation. So
http://www.example.com/index.php/edit/customer/1234simply tells my
script to display a form that will allow the user to edit
customer 1234, if the first sections of $_SERVER['PATH_INFO'] isn't exactly
what I'm expecting then I moce on to whatever the default action is (except
of course for the customer id at the end). Really this isn't any different
than http://www.example.com/index.php?actioníit&typestomer&id34 in
terms of security. If I'm wrong someone please let me know as I do use this
technique quite a bit.

- Joe

___________________________________________________________
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.

attached mail follows:

On Fri, April 21, 2006 10:04 am, nicolas figaro wrote:
> could anyone tell me why the following url doesn't generate a "page
> not
> found" ?
> http://www.php.net/manual/en/function.checkdnsrr.php/manual/
>
> you can try with a longer url after the last .php.
>
> I tried with ../manual instead of manual and this produces a 404.
>
> I checked with www.php.net because my own site does the same and I
> wanted to be sure it didn't come from my config.

Because it is incredibly USEFUL to have extra information in the URL
after the actual script that does the work.

Because that URL does, in fact, point to a valid document.

Because the "/manual" part is just passed in to the
'function.checkdnsrr.php' script.

Actually, that last statement is quite possible a lie.

It's quite possible that what YOU think of as the
'function.checkdnsrr.php' page is actually a script named 'manual'

And that the script named 'manual' looks for things like '/en' and
'/function.checkdnsrr.php' in order to determine what page to serve
up.

You could read the php.net source to find out for sure, by clicking on
the link in the bottom right corner of the PHP website.

To try this out on your own server, do this:

1. Create a file called 'myscript.php'

2. Put this in it:
<?php echo $_SERVER['PATH_INFO'];?>

3. Surf to these two URLs:
http://yoursite.com/myscript.php/foo
http://yoursite.com/myscript.php/bar

There are all sorts of uses for this kind of thing, and you'll end up
hearing me rant more about some of them if you stick around :-)

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

On Fri, April 21, 2006 1:11 pm, tg-phpgryffyndevelopment.com wrote:
> You could do that... a "poor man's mod_rewrite" might involve
> something like this and making the main PHP parsing script your 404
> page.. so no matter where you went on a page, the 404 redirect to your
> PHP script would parse the request (or would you get the
> post-redirected URL? in which case you'd have to get the 'referrer'
> maybe? not sure..).

Actually, I consider it a vastly superior solution to mod_rewrite for
several reasons:

#1. Don't have to restart Apache just to add some new wrinkle.
[When your mod_rewrite rules are in httpd.conf and not .htaccess]

#2. Works on all servers, including shared servers where mod_rewrite
and/or .htaccess is turned completely off for perofrmance.

#3. Screwing up a rule doesn't take down your whole site, or
everything below the directory of your .htaccess -- You only screw up
one page where you are messing with the rules of the translation.

#4. About 100 X simpler to understand than mod_rewrite regular
expression syntax and all that L/R business I never did figure out,
really.

#5. It's PHP. :-)

#6. Can log specific data about interesting rules, not a monolithic
and sometimes quite expensive logging for debugging.

> Sounds like it could have some security issues though..giving too much
> power to the user and what they enter in the URL being used as
> variable data.. definitely would want to scrub that input hard.

You would scrub it EXACTLY the same way you scrub GET data, POST data,
and COOKIE data.

You are literally just translating the search not-so-friendly:
script.php?x=5&y=7
into the very search friendly:
script.php/x=5/y=7

Also note that for rich media such as PDF and FDF, some versions of IE
will simply choke on:
http://example.com/test.pdf?whatdate=7-1-2006
But they're quite happy with:
http://example.com/test/whatdate=7-1-2006/whatever.pdf

In fact, there is NO WAY the browser can tell that it's not retrieving
a plain ol' PDF just by looking at the URL.

And that's a very good thing because browsers suck at dynamic rich
media such as images, PDF, etc

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

Hey all,

Regex pattern question here. I need to match on "Foo-F00", "Foo-foo",
"foo-Foo". I know in perl you can use the /i to specify "case
insensitive" matching. Is there any such switch that can be used in
preg_match() in PHP?

Thanks,

Jeff

attached mail follows:

On Friday 21 April 2006 9:44 am, Jeff wrote:
> Regex pattern question here. I need to match on "Foo-F00", "Foo-foo",
> "foo-Foo". I know in perl you can use the /i to specify "case
> insensitive" matching. Is there any such switch that can be used in
> preg_match() in PHP?

http://us3.php.net/manual/en/reference.pcre.pattern.syntax.php
--
Joe Henry
www.celebrityaccess.com
jhenrycelebrityaccess.com

attached mail follows:

As Joe implied with his link, the preg_* family is called PCRE (Perl
Compatible Regular Expression), and that's because they accept a
Perl-style regexp as a string, i.e. '/foo-foo/i' would do it.

Jeff wrote:
> Regex pattern question here. I need to match on "Foo-F00", "Foo-foo",
> "foo-Foo". I know in perl you can use the /i to specify "case
> insensitive" matching. Is there any such switch that can be used in
> preg_match() in PHP?
--
Atentamente,
J. Rafael Salazar Magaña
Innox - Innovación Inteligente
Tel: +52 (33) 3615 5348 ext. 205 / 01 800 2-SOFTWARE
http://www.innox.com.mx

attached mail follows:

On Fri, April 21, 2006 10:44 am, Jeff wrote:
> Regex pattern question here. I need to match on "Foo-F00", "Foo-foo",
> "foo-Foo". I know in perl you can use the /i to specify "case
> insensitive" matching. Is there any such switch that can be used in
> preg_match() in PHP?

If you go to the http://php.net/preg_match page, and then on the left
in the navigation you'll see an outline of subjects.

From any function in the manual, it's always a Good Idea to also read
the General Topic which is its "parent" in that outline.

If you do so, you will, almost-for-sure, soon find that there is an
entire page of the manual devoted to answering questions like this
one.

Hope that helps.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

Hello,
Anyone have pointers to good tutorials out there for validating XML with
DTD?
I have looked at the top comment on:
http://www.php.net/manual/en/ref.xmlreader.php#xmlreader.constants

Where you set the parser property to validate, but it is kind of like a
black box...what is it using the validate the XML schema? I am working
with an XML document and a DTD file which is separate, do the files have
to share a name with a different extension, or does the DTD somehow have
to be embedded?

TIA
-Brad

attached mail follows:

On Thursday 20 April 2006 19:23, Richard Lynch wrote:
> Actually, it's "possible" just bloody difficult.
>
> You're looking into a topic known as OCR (Optical Character Recognition).
>
> One OS project for this is:
> GOCR (aka JOCR)
> It's GOCR on freshmeat and JOCR on sourceforge because they name they
> wanted was "taken" by another project. :-(
>
> A commercial product known as OmniPages is probably the "best"
> solution, unfortunately.
>

Thanks for the info. It makes sense that the scanner puts makes the image and
puts that on the PDF. I'll have to look into GOCR, or just scrap the idea I
had. Luckily I'm still just in the planning stage and we haven't figured out
how all the processes are going to work :)

Thanks again,

--
Ray Hauge
Programmer/Systems Administrator
American Student Loan Services
www.americanstudentloan.com
1.800.575.1099

attached mail follows:

Jay Blanchard wrote:
> [snip]
>> I am trying to find a way for a program to search through the text on
> a
>> PDF. My first thought was to use pdftotext, but the PDFs generated by
> our
>> commercial scanner/copier/printer machine do not seem to work with
>> pdftotext... it just outputs two CRLFs. I've been looking around on
> the
>> net for something similar that might work.
>>
>> Anyone know of something like that?
>>
>> Thanks,
>> --
>> Ray Hauge
>
> Things I forgot to post:
>
> It is a PHP script. I was planning on using shell_exec() to call the
> program
> and read the output from stdout.
> [/snip]
>
> Sounds like the PDF's are images and therefore will not be readable by
> anything, save for eyeballs. I have run into this quite a bit. The
> scanner scans the doc via a TWAIN driver, which then converts the info
> into an image of that which was scanned. It would be like trying to read
> text programmatically from a JPEG.....not really possible.

http://www.cs.wisc.edu/~ghost/ will do it.

attached mail follows:

With php5, I'm trying to create an object that has a property that is
another object. First I have this class:

<?php
class Address {

    public $address1;
    public $address2;
    public $city;
    public $state;
    public $zip;

}
?>

Then I have another class:

<?php
require_once('model/Address.class.php');
class User {
public $name;
public $address = new Address();
}
?>

Then if I try to use the user object like this:

<?php
require_once('model/User.class.php');

$user = new User();
$user->name = 'Paul Barry';
$user->address->city = 'Washington';

?>
<?= $user->name ?> lives in <?= $user->address->city ?>

I get this error:

Parse error: syntax error, unexpected T_NEW in /app/model/User.class.php on
line 5

What am I doing wrong?

attached mail follows:

On Fri, April 21, 2006 2:17 pm, Paul Barry wrote:
> public $address = new Address();

I believe this is true:

At this time, you can only initialize class properties to CONSTANTS.

So you could use 'Address' or 42 or NULL or TRUE/FALSE, but not new
Address();

Actually, I think an array might also be do-able, come to think of it...

But for sure, the error message is saying you can't have 'new' there.

You'll have to initialize $this->address in the constructor.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

Paul Barry wrote:

>
> Then I have another class:
>
> <?php
> require_once('model/Address.class.php');
> class User {
> public $name;
> public $address = new Address();

this is wrong. you can define the property in the class
with a constant or scalar value (i.e. literal string,
numeric value or an array) but not a return value of a
function or a 'new' object.

you should initialize the $address property in the contructor
of the User object like so:

class User {
public $name;
public $address;

      function __construct($name = '')
      {
        $this->name = strval($name);
         $this->address = new Address;
      }
}

it's good practice to only set values to the objects
properties once it's contructed (or while it's being
constructed - as per my example).

> }
> ?>

attached mail follows:

Jochem Maas wrote:
> Paul Barry wrote:
>
> ..
>
>>
>> Then I have another class:
>>
>> <?php
>> require_once('model/Address.class.php');
>> class User {
>> public $name;
>> public $address = new Address();
>
>
> this is wrong. you can define the property in the class
> with a constant or scalar value (i.e. literal string,
> numeric value or an array) but not a return value of a
> function or a 'new' object.
just to nag, an array is not a