NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > PHP Discussion Digest> 2006-08

php-general Digest 5 Aug 2006 05:27:39 -0000 Issue 4275

php-general-digest-helplists.php.net
Date: Sat Aug 05 2006 - 00:27:39 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

php-general Digest 5 Aug 2006 05:27:39 -0000 Issue 4275

Topics (messages 240131 through 240179):

Re: The difference between ereg and preg?
        240131 by: John Nichel
        240132 by: Robert Cummings
        240174 by: Dave M G
        240175 by: Robert Cummings

Re: php behind firewall
        240133 by: tedd
        240134 by: John Nichel
        240135 by: tedd
        240136 by: Jim Moseby
        240137 by: Austin Denyer
        240139 by: Jim Moseby
        240140 by: Jochem Maas
        240141 by: John Nichel
        240142 by: Jochem Maas
        240143 by: Austin Denyer
        240144 by: Adam Zey
        240145 by: Jochem Maas
        240146 by: Austin Denyer
        240147 by: Jim Moseby
        240148 by: Richard Lynch
        240154 by: Richard Lynch

Re: Saving a dynamic file
240138 by: Miguel Guirao

Re: PHP Frameworks - Opinion
        240149 by: Manuel Lemos
        240153 by: Robert Cummings
        240157 by: Manuel Lemos
        240159 by: Manuel Lemos
        240161 by: Robert Cummings
        240173 by: Manuel Lemos

Re: Newbie Form Question
240150 by: Richard Lynch

Re: Problem with wrapper script for Tidy
240151 by: Richard Lynch

Re: Postcode proximity classes
240152 by: Richard Lynch

Re: Regular Expresson for checking password strength
240155 by: Al

Re: problem using &&
240156 by: Richard Lynch

Re: Big files management
240158 by: Richard Lynch

Re: pop up "save dialog" box
240160 by: Richard Lynch

Re: mail headers
240162 by: Richard Lynch

Re: Lots of queries!
240163 by: Richard Lynch

Re: Error Reporting for file commands
240164 by: Richard Lynch

Re: PHP Developer Needed in San Jose, CA w/ Occasional Travel to Palo Alto
240165 by: Richard Lynch

Please help me with in_array
        240166 by: Chris G
        240169 by: Jochem Maas
        240172 by: Jochem Maas

Re: Efficiency question
240167 by: Richard Lynch

Re: database connections
240168 by: Richard Lynch
240170 by: Richard Lynch

Re: xml v php question
240171 by: Richard Lynch

Upload files problem with IIS server
240176 by: Mace Eliason
240179 by: chris smith

Strip non-alphanumerics from beginning and end?
240177 by: Brian Dunning
240178 by: Robert Cummings

Administrivia:

To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net

To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net

To post to the list, e-mail:
php-generallists.php.net

----------------------------------------------------------------------

attached mail follows:

Dave M G wrote:
> PHP List,
>
> Recently I wrote a piece of code to scrape data from an HTML page.
>
> Part of that code deleted all the unwanted text from the very top of the
> page, where it says "<!DOCTYPE", all the way down to the first instance
> of a "<ul>" tag.
>
> That code looks like this:
> ereg_replace("<!DOCTYPE(.*)<ul>", "", $htmlPage);
>
> It works fine. But I noticed that on almost all the tutorial pages I
> looked at, they just about always used preg_replace, and not ereg_replace.
>
> It seemed that the main difference was that preg_replace required
> forward slashes around the regular expression, like so:
> preg_replace("/<!DOCTYPE(.*)<ul>/", "", $htmlPage);
>
> But that didn't work, and returned an error.

You need to comment out the '!'

> Since ereg was working, though, I figured I would just stick with it.
>
> Still, I thought it worth asking:
>
> Is there any reason why either ereg or preg would be more desirable over
> the other?
>

Perl compatible regexs are faster* and more powerful. Course, writing a
good Perl regex is an art form in itself (probably why O'Reilly released
a book just on regexs), and takes some time (and headaches) to master
(if one ever does master it).

The difference in the people who use one or the other? Probably nothing
more than their background. Those of us who worked with Perl before php
are more than likely gravitate towards preg. Those who didn't, or had
little Perl regex experience more than likely went to the POSIX (ereg)
style as it's a bit easier to pick up.

*I'm sure there are some out there who will dispute this.

--
John C. Nichel IV
Programmer/System Admin (ÜberGeek)
Dot Com Holdings of Buffalo
716.856.9675
jnicheldotcomholdingsofbuffalo.com

attached mail follows:

On Fri, 2006-08-04 at 13:03 -0400, John Nichel wrote:
>
> Perl compatible regexs are faster* and more powerful. Course, writing a
> good Perl regex is an art form in itself (probably why O'Reilly released
> a book just on regexs), and takes some time (and headaches) to master
> (if one ever does master it).
>
> The difference in the people who use one or the other? Probably nothing
> more than their background. Those of us who worked with Perl before php
> are more than likely gravitate towards preg. Those who didn't, or had
> little Perl regex experience more than likely went to the POSIX (ereg)
> style as it's a bit easier to pick up.
>
> *I'm sure there are some out there who will dispute this.

I use POSIX primarily because it was a standard and because PCRE was not
originally enabled by default. Seems funny that the POSIX version is
being deprecated *heh*.

Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'

attached mail follows:

Jochem

Thank you for your continued assistance.

> ^--- remove the caret as you dont want to only match when the line
> starts with <li> (the <li> can be anywhere on the line)
>
Ah, I get it now. I was confused about the meaning of the caret.

> I'll assume you also have the mb extension setup.
>
Yes, I do.

This regular expression is tricky stuff, and its behaviour is not what
I'd expect.

After much experimentation, I discovered that I needed to take the last
"s" out of my syntax. This was the "s" that states that the search could
span across line breaks.

I assumed that the behaviour would be to start at one instance of <li>
and continue until the first instance of <br> and extract that as a
variable. And then start again at the next instance of <li> and so on.

But instead it seems to be starting from the extreme outside and work
it's way inwards from both ends, thus trapping all text between the very
first <li> in the source string, and the very last <br> in the source.

So if the "s" option is on to span across lines, then it gets only one
match for the whole HTML document, containing everything between the
very first <li> and the very last <br>. If I take off the "s" option,
then it only looks at <li> and <br> tags within each line, thus
returning small, discreet matches.

I personally don't think this is very rational behaviour, so either I'm
doing something wrong still, or perhaps it's me who isn't very rational.
Either is likely.

--
Dave M G

attached mail follows:

On Sat, 2006-08-05 at 10:50 +0900, Dave M G wrote:
> Jochem
>
> Thank you for your continued assistance.
>
> > ^--- remove the caret as you dont want to only match when the line
> > starts with <li> (the <li> can be anywhere on the line)
> >
> Ah, I get it now. I was confused about the meaning of the caret.
>
> > I'll assume you also have the mb extension setup.
> >
> Yes, I do.
>
> This regular expression is tricky stuff, and its behaviour is not what
> I'd expect.
>
> After much experimentation, I discovered that I needed to take the last
> "s" out of my syntax. This was the "s" that states that the search could
> span across line breaks.
>
> I assumed that the behaviour would be to start at one instance of <li>
> and continue until the first instance of <br> and extract that as a
> variable. And then start again at the next instance of <li> and so on.
>
> But instead it seems to be starting from the extreme outside and work
> it's way inwards from both ends, thus trapping all text between the very
> first <li> in the source string, and the very last <br> in the source.
>
> So if the "s" option is on to span across lines, then it gets only one
> match for the whole HTML document, containing everything between the
> very first <li> and the very last <br>. If I take off the "s" option,
> then it only looks at <li> and <br> tags within each line, thus
> returning small, discreet matches.

Check out the greediness modifier. Greediness determines whether it
extends the matching to the largest possible match or the smallest
possible match. By default regexes are greedy.

> I personally don't think this is very rational behaviour, so either I'm
> doing something wrong still, or perhaps it's me who isn't very rational.
> Either is likely.

It's perfectly valid since it is correctly matching the pattern, just an
issue of how greed ;)

attached mail follows:

At 12:55 PM -0400 8/4/06, John Nichel wrote:
>Wait, are you telling me that I can't auth my customers based on IP
>alone? Great, now how do I let them view their sensitive data? ;)

Okay, how do you?

tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com

attached mail follows:

tedd wrote:
> At 12:55 PM -0400 8/4/06, John Nichel wrote:
>> Wait, are you telling me that I can't auth my customers based on IP
>> alone? Great, now how do I let them view their sensitive data? ;)
>
> Okay, how do you?
>

Retina scan, and DNA sample.

Seriously though, not by IP in any way, shape or form. The only
'sensitive' data I keep for customers to view is their order history.
Credit card numbers are trashed the moment I get a response back from
the cc gateway. To get to that they just need their username and
password. If they want the system to 'remember' their login, I use a
hash of quite a few variables that I place into a cookie on their browser.

The only place I use IP to help identify a user (not really a user, but
a particular computer) is on our Intranet...and I can only safely (for
the most part) rely on this because I control the network and the IP
addresses.

--
John C. Nichel IV
Programmer/System Admin (ÜberGeek)
Dot Com Holdings of Buffalo
716.856.9675
jnicheldotcomholdingsofbuffalo.com

attached mail follows:

At 1:26 PM -0400 8/4/06, John Nichel wrote:
>tedd wrote:
>>At 12:55 PM -0400 8/4/06, John Nichel wrote:
>>>Wait, are you telling me that I can't auth my customers based on IP
>>>alone? Great, now how do I let them view their sensitive data? ;)
>>
>>Okay, how do you?
>
>Retina scan, and DNA sample.
>
>Seriously though, not by IP in any way, shape or form. The only
>'sensitive' data I keep for customers to view is their order
>history. Credit card numbers are trashed the moment I get a response
>back from the cc gateway. To get to that they just need their
>username and password. If they want the system to 'remember' their
>login, I use a hash of quite a few variables that I place into a
>cookie on their browser.
>
>The only place I use IP to help identify a user (not really a user,
>but a particular computer) is on our Intranet...and I can only
>safely (for the most part) rely on this because I control the
>network and the IP addresses.

Thanks.

Not that I have done this on the net, but has anyone thought about
using a fuzzy logic approach to the problem? While it wouldn't be a
perfect solution, you could set a threshold you're comfortable with.

Also while your DNA comment was meant to be humorous, it's not a bad
idea to build a "trust-index" via user actions that would be similar
to a DNA-like reasoning solution.

Just food for thought.

tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com

attached mail follows:

>
> Thanks.
>
> Not that I have done this on the net, but has anyone thought about
> using a fuzzy logic approach to the problem? While it wouldn't be a
> perfect solution, you could set a threshold you're comfortable with.
>
> Also while your DNA comment was meant to be humorous, it's not a bad
> idea to build a "trust-index" via user actions that would be similar
> to a DNA-like reasoning solution.
>
> Just food for thought.
>
> tedd

I recently read an article about IP fingerprinting. The concept is that
every PC-NIC-CABLE-FIREWALL combination has subtle, but measurable
differences in the way they communicate. It was very in-depth, but it
worked amazingly well. If I can find the article, I'll post it.

attached mail follows:

Jim Moseby wrote:
>
> I recently read an article about IP fingerprinting. The concept is that
> every PC-NIC-CABLE-FIREWALL combination has subtle, but measurable
> differences in the way they communicate. It was very in-depth, but it
> worked amazingly well. If I can find the article, I'll post it.

Please do.

I can imagine that the concept goes to the wall with wireless users, but
even so, should be a good read.

Regards,
Austin.

attached mail follows:

>
> Jim Moseby wrote:
> >
> > I recently read an article about IP fingerprinting. The
> concept is that
> > every PC-NIC-CABLE-FIREWALL combination has subtle, but measurable
> > differences in the way they communicate. It was very
> in-depth, but it
> > worked amazingly well. If I can find the article, I'll post it.
>
> Please do.
>
> I can imagine that the concept goes to the wall with wireless
> users, but
> even so, should be a good read.
>

Found it:

http://www.caida.org/publications/papers/2005/fingerprinting/

attached mail follows:

Jim Moseby wrote:
>> Jim Moseby wrote:
>>> I recently read an article about IP fingerprinting. The
>> concept is that
>>> every PC-NIC-CABLE-FIREWALL combination has subtle, but measurable
>>> differences in the way they communicate. It was very
>> in-depth, but it
>>> worked amazingly well. If I can find the article, I'll post it.
>> Please do.

I had read about this before, will read it again.
but I suspect that my current server will probably have a
hard time calculating the finger print for each connection. :-)

>>
>> I can imagine that the concept goes to the wall with wireless
>> users, but
>> even so, should be a good read.
>>
>
> Found it:
>
> http://www.caida.org/publications/papers/2005/fingerprinting/
>
> JM
>

attached mail follows:

Jochem Maas wrote:
> Jim Moseby wrote:
>>> Jim Moseby wrote:
>>>> I recently read an article about IP fingerprinting. The
>>> concept is that
>>>> every PC-NIC-CABLE-FIREWALL combination has subtle, but measurable
>>>> differences in the way they communicate. It was very
>>> in-depth, but it
>>>> worked amazingly well. If I can find the article, I'll post it.
>>> Please do.
>
> I had read about this before, will read it again.
> but I suspect that my current server will probably have a
> hard time calculating the finger print for each connection. :-)
>

Well, if you would stop using the Vic20, and upgrade!

--
John C. Nichel IV
Programmer/System Admin (ÜberGeek)
Dot Com Holdings of Buffalo
716.856.9675
jnicheldotcomholdingsofbuffalo.com

attached mail follows:

John Nichel wrote:
> Jochem Maas wrote:
>> Jim Moseby wrote:
>>>> Jim Moseby wrote:
>>>>> I recently read an article about IP fingerprinting. The
>>>> concept is that
>>>>> every PC-NIC-CABLE-FIREWALL combination has subtle, but measurable
>>>>> differences in the way they communicate. It was very
>>>> in-depth, but it
>>>>> worked amazingly well. If I can find the article, I'll post it.
>>>> Please do.
>>
>> I had read about this before, will read it again.
>> but I suspect that my current server will probably have a
>> hard time calculating the finger print for each connection. :-)
>>
>
> Well, if you would stop using the Vic20, and upgrade!

how dare you call my altair a vic20. new-fangled rubbish. ;-)
you want real authentication? get some carrier pidgeons like us real
programmers.

attached mail follows:

Jochem Maas wrote:
> John Nichel wrote:
>>
>>Well, if you would stop using the Vic20, and upgrade!
>
> how dare you call my altair a vic20. new-fangled rubbish. ;-)
> you want real authentication? get some carrier pidgeons like us real
> programmers.

So, how many different tunes did you get your Altair to play over the
radio? #;-D

My first machine wasn't quite an Altair, but it did make the Vic look
space-age - I started with a ZX81.

The carrier pigeon trick only works for IP though. And packet traces
can be a tad messy...

Regards,
Austin.

attached mail follows:

tedd wrote:
> At 1:26 PM -0400 8/4/06, John Nichel wrote:
>> tedd wrote:
>>> At 12:55 PM -0400 8/4/06, John Nichel wrote:
>>>> Wait, are you telling me that I can't auth my customers based on IP
>>>> alone? Great, now how do I let them view their sensitive data? ;)
>>>
>>> Okay, how do you?
>>
>> Retina scan, and DNA sample.
>>
>> Seriously though, not by IP in any way, shape or form. The only
>> 'sensitive' data I keep for customers to view is their order history.
>> Credit card numbers are trashed the moment I get a response back from
>> the cc gateway. To get to that they just need their username and
>> password. If they want the system to 'remember' their login, I use a
>> hash of quite a few variables that I place into a cookie on their
>> browser.
>>
>> The only place I use IP to help identify a user (not really a user,
>> but a particular computer) is on our Intranet...and I can only safely
>> (for the most part) rely on this because I control the network and the
>> IP addresses.
>
> Thanks.
>
> Not that I have done this on the net, but has anyone thought about using
> a fuzzy logic approach to the problem? While it wouldn't be a perfect
> solution, you could set a threshold you're comfortable with.
>
> Also while your DNA comment was meant to be humorous, it's not a bad
> idea to build a "trust-index" via user actions that would be similar to
> a DNA-like reasoning solution.
>
> Just food for thought.
>
> tedd

Either account-based authentication, or a unique ID stored in a cookie,
that's how I've done it.

Regards, Adam Zey.

attached mail follows:

Austin Denyer wrote:
> Jochem Maas wrote:
>> John Nichel wrote:
>>> Well, if you would stop using the Vic20, and upgrade!
>> how dare you call my altair a vic20. new-fangled rubbish. ;-)
>> you want real authentication? get some carrier pidgeons like us real
>> programmers.
>
> So, how many different tunes did you get your Altair to play over the
> radio? #;-D
>
> My first machine wasn't quite an Altair, but it did make the Vic look
> space-age - I started with a ZX81.

I was only joking about the altair - the closest I have got to one of those
is a documentary on the Discovery channel :-P

I do remember having a Spectrum48, although it was only ever used to play
'Horace goes Skiing'

>
> The carrier pigeon trick only works for IP though. And packet traces
> can be a tad messy...

seperates the men from the boys ;-)

>
> Regards,
> Austin.

attached mail follows:

Jim Moseby wrote:
>
> Found it:
>
> http://www.caida.org/publications/papers/2005/fingerprinting/

Thanks! Interesting stuff...

Regards,
Austin.

attached mail follows:

>
> Jim Moseby wrote:
> >
> > Found it:
> >
> > http://www.caida.org/publications/papers/2005/fingerprinting/
>
> Thanks! Interesting stuff...
>
> Regards,
> Austin.

No problem. My recollection of the technique was a bit off, but the concept
was still there. ;-)

attached mail follows:

On Fri, August 4, 2006 10:25 am, Andrew Senyshyn wrote:
> I need to get local user IP, but server with apache and php is in
> another subnetwork.
> So from server environment I can get only router's IP.
> The only solution that I see - is getting with some magic algorithm
> local IP from brouser and sending it to server.
> My application is for intranet, so I don't see any reason to make
> users
> authorization.
> Any ideas for this?

Don't.

If it's a transparent proxy, you can get their IP.

If it's NOT a transparent proxy, you can't get their IP, by design,
and nothing you can do will change that, at least in PHP. That's the
whole point of a transparent proxy.

Suppose you wrote some JS to send you the 'local' IP -- Even if that
works, which I suspect not, it would be pointless, since you'd end up
with a few hundred people with IP addresses such as 192.168.1.100,
which is a meaningful IP address only in their subnet, not in the
larger network in general.

Now, to your specific case:
If you can get the browser to send you the IP, then a Bad Guy can
write their browser to send you whatever IP they want, thus defeating
your so-called authentication.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

On Fri, August 4, 2006 1:08 pm, Jim Moseby wrote:
>>
>> Jim Moseby wrote:
>> >
>> > I recently read an article about IP fingerprinting. The
>> concept is that
>> > every PC-NIC-CABLE-FIREWALL combination has subtle, but measurable
>> > differences in the way they communicate. It was very
>> in-depth, but it
>> > worked amazingly well. If I can find the article, I'll post it.
>>
>> Please do.
>>
>> I can imagine that the concept goes to the wall with wireless
>> users, but
>> even so, should be a good read.
>>
>
> Found it:
>
> http://www.caida.org/publications/papers/2005/fingerprinting/

Just to be pedantic...

It's using the clock skew of the user's computer, and I don't think
that has anything to do with PC-NIC-CABLE-FIREWALL combination
communication.

Rather, it is the error margin of the internal clock chip within the
device, as I understand it...

Or not, as I don't claim to understand that article 100%...

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

Using the OB functions I got it done!!
Thanks y'all!!

Miguel

-----Original Message-----
From: Weber Sites [mailto:webersitesgmail.com]On Behalf Of WeberSites
LTD
Sent: Sabado, 29 de Julio de 2006 02:00 p.m.
To: 'MIGUEL ANTONIO GUIRAO AGUILERA'; php-generallists.php.net
Subject: RE: [PHP] Saving a dynamic file

I'm not sure I understand.
If you just need to save the output (e.g. HTML), you can use OB.
If you can generate the page on the fly from your DB than you already
have the data so what do you need to save?

Sincerely

berber

Visit the Weber Sites Today,
To see where PHP might take you tomorrow.
PHP code examples : http://www.weberdev.com
PHP & MySQL Forums : http://www.weberforums.com
Learn PHP & MySQL Playing Trivia : http://www.webertrivia.com
PHP content for your site : http://content.weber-sites.com
SEO Data Monitor http://seo.weberdev.com

-----Original Message-----
From: MIGUEL ANTONIO GUIRAO AGUILERA [mailto:miguel.guiraomail.telcel.com]
Sent: Saturday, July 29, 2006 4:01 AM
To: php-generallists.php.net
Subject: [PHP] Saving a dynamic file

Hi!!

I'm in the need of saving to a file a dynamic page that I generated from a
PHP script, taking data from a table!!

So far I have figured out two options:

1) Save the page as a XML document so it can be editable in a word processor
later. Do I have to write line by line until I'm done with the document?

2) Use a class to convert & save the dynamic page into a Word document.

Is there any other options available??
Regards
------------------------------------------------
MIGUEL GUIRAO AGUILERA
Logistica R8 - Telcel
Tel: (999) 960.7994

Este mensaje es exclusivamente para el uso de la persona o entidad a quien
esta dirigido; contiene informacion estrictamente confidencial y legalmente
protegida, cuya divulgacion es sancionada por la ley. Si el lector de este
mensaje no es a quien esta dirigido, ni se trata del empleado o agente
responsable de esta informacion, se le notifica por medio del presente, que
su reproduccion y distribucion, esta estrictamente prohibida. Si Usted
recibio este comunicado por error, favor de notificarlo inmediatamente al
remitente y destruir el mensaje. Todas las opiniones contenidas en este mail
son propias del autor del mensaje y no necesariamente coinciden con las de
Radiomovil Dipsa, S.A. de C.V. o alguna de sus empresas controladas,
controladoras, afiliadas y subsidiarias. Este mensaje intencionalmente no
contiene acentos.

This message is for the sole use of the person or entity to whom it is being
sent. Therefore, it contains strictly confidential and legally protected
material whose disclosure is subject to penalty by law. If the person
reading this message is not the one to whom it is being sent and/or is not
an employee or the responsible agent for this information, this person is
herein notified that any unauthorized dissemination, distribution or copying
of the materials included in this facsimile is strictly prohibited. If you
received this document by mistake please notify immediately to the
subscriber and destroy the message. Any opinions contained in this e-mail
are those of the author of the message and do not necessarily coincide with
those of Radiomovil Dipsa, S.A. de C.V. or any of its control, controlled,
affiliates and subsidiaries companies. No part of this message or
attachments may be used or reproduced in any manner whatsoever.

attached mail follows:

Hello,

on 08/03/2006 02:49 PM Robert Cummings said the following:
>>>> The point of the post is that there is no framework in particular to
>>>> recommend. I use my own packages for my needs. They suit me well. It
>>>> does not mean they will suit everybody.
>>> How would you know that there is no framework to recommend if you neve
>>> ruse anyone's code but your own. How could you have possibly given any
>>> framework sufficient attention to have any idea of its pros and cons?
>> I know many frameworks that exist, I have seen their code and their
>> documentation, which is more than enough to reach the conclusion that
>> using the frameworks that exist is not better that using my own
>> solutions for my own purposes.
>
> Aaaah, so you are trully a genius to be able to at a glance of
> documentation and source code fully deduce the usefulness of something.
> I bow before you.

Be seriuos. Nobody needs to actually use any framework to see that it is
not suitable for your needs, when you can just browse the source code
and documentation. It would be insane to try all PHP frameworks that
exist to reach that conclusion.

>>> You can't have your cake and eat it too. You're either pro-choice with a
>>> myriad of choices to choose from, or you're anti-choice and want only
>>> one framework style. Get of the fence!
>> Having standard API specifications does not prevent anybody to choose
>> using solutions based on APIs that do not conform to any standard
>> specifications.
>>
>> Furthermore I do not think that seem to understand the difference
>> between an API specification and API implementation. J2EE is an API
>> specification with many implementations from different vendors: Sun,
>> IBM, Oracle, BEA, JBoss (this last one is Open Source). You can choose
>> the implementation you want.
>>
>> There is plenty of choice to anybody. If you want to use a J2EE
>> implementation to build your applications, otherwise you are free to use
>> something else.
>
>
> It's seems people have chosen... and they've chosen not to bother with
> some kind of standard API. That's not to say one won't emerge, but it
> doesn't seem like it's important at this time.

Sure, but you are missing the point about the way Java specifications
are built. They gather around interested players in the field of each
kind of framework, so it is more consensual that just an unilateral
proposal.

If version 1.0 of an API is not good enough, they gather again,
eventually joining more interested players and build a better
specification. For instance, JDBC API specification had at least 3 major
versions.

There is no need to create a new completely backwards incompatible API
specification. Everybody would loose with that.

Building a completely new API specification would make sense if it was
for very different purposes.

>> Let me give a concrete example, I have developed some plug-ins for this
>> forms class that provide auto-complete support to text inputs and linked
>> select inputs. They use AJAX to retrieve auto-complete text options and
>> switch the linked select options from a database on the server.
>>
>> http://www.phpclasses.org/formsgeneration
>>
>> It is not viable for me to support all database API that exist for PHP.
>> Actually it is already a big deal that that I could find time to support
>> MySQL (directly) or a bunch of other databases using Metabase or
>> PEAR::MDB2 API.
>>
>> The developers that use other database API cannot benefit from these
>> auto-complete and linked select plug-ins, unless they develop variants
>> of the plugins that support the database API that they prefer, but then
>> they would be on their own as I would not be able to provide support to
>> them.
>
> There's this thing called an adapter pattern. Great for retrofitting
> other people's code without actually modifying it.

That is what Metabase and PEAR::MDB2 do, database adapting, same API
and same behavior for all supported databases.

Furthermore, the plug-in sub-classes that support different databases,
only override a few base class methods . It would not be hard to adapt
them for more API.

I just do not have the time nor the interest to build variants for the
bazillions of other database abstraction layers.

Some do not even support the necessary abstraction features. For
instance, AFAIK other database abstraction layers besides Metabase and
PEAR::MDB2 do not support pattern escaping.

This is necessary to escape wildcards characters that should be taken
literally in patterns. It is needed to implement the auto-complete
feature using SQL conditions of type field LIKE 'typed-text%'. If
typed-text contains % or _, it must be escaped. Some databases like MS
SQL need to escape other characters too.

>> Everybody looses opportunities with this. If there was a standard API
>> database specification for PHP like PDBC similar to JDBC, there would be
>> no such problem.
>
> There are two ways for standards to come about. They can be hand picked
> or they can emerge. Hand picked requires the "community organization" of
> which you speak. Emergent standards requires the popular vote. I'm in
> the latter camp, let the developers speak to the merits of any given
> standard. And if they don't speak, it's probably not important.

Right. The problem is that in the PHP world there are too many
incompatible APIs for the same purposes in use by many people. This does
not help people like the original poster that wanted specific
recommendations. He will have too loose a lot of time and patience,
probably to reach the conclusion that he will have to write his own
framework.

Regards,
Manuel Lemos

Metastorage - Data object relational mapping layer generator
http://www.metastorage.net/

PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/

attached mail follows:

On Fri, 2006-08-04 at 17:15 -0300, Manuel Lemos wrote:
> Hello,
>
> on 08/03/2006 02:49 PM Robert Cummings said the following:
> >>>> The point of the post is that there is no framework in particular to
> >>>> recommend. I use my own packages for my needs. They suit me well. It
> >>>> does not mean they will suit everybody.
> >>> How would you know that there is no framework to recommend if you neve
> >>> ruse anyone's code but your own. How could you have possibly given any
> >>> framework sufficient attention to have any idea of its pros and cons?
> >> I know many frameworks that exist, I have seen their code and their
> >> documentation, which is more than enough to reach the conclusion that
> >> using the frameworks that exist is not better that using my own
> >> solutions for my own purposes.
> >
> > Aaaah, so you are trully a genius to be able to at a glance of
> > documentation and source code fully deduce the usefulness of something.
> > I bow before you.
>
> Be seriuos. Nobody needs to actually use any framework to see that it is
> not suitable for your needs, when you can just browse the source code
> and documentation. It would be insane to try all PHP frameworks that
> exist to reach that conclusion.

And there's the rub... your article was not about what YOU needed it was
what YOU considered to be the best framework for everyone based on
briefly browsing the code. Your article, if it had any real merit, would
have reported on the actual trial of a substantial number of frameworks
so that you could provide a valuable analysis instead of superficial
opinion. Remember a recommendation, is not about YOU, it's about those
reading the article. I can agree with your previous statement until you
start recommending it in general.

> >>> You can't have your cake and eat it too. You're either pro-choice with a
> >>> myriad of choices to choose from, or you're anti-choice and want only
> >>> one framework style. Get of the fence!
> >> Having standard API specifications does not prevent anybody to choose
> >> using solutions based on APIs that do not conform to any standard
> >> specifications.
> >>
> >> Furthermore I do not think that seem to understand the difference
> >> between an API specification and API implementation. J2EE is an API
> >> specification with many implementations from different vendors: Sun,
> >> IBM, Oracle, BEA, JBoss (this last one is Open Source). You can choose
> >> the implementation you want.
> >>
> >> There is plenty of choice to anybody. If you want to use a J2EE
> >> implementation to build your applications, otherwise you are free to use
> >> something else.
> >
> >
> > It's seems people have chosen... and they've chosen not to bother with
> > some kind of standard API. That's not to say one won't emerge, but it
> > doesn't seem like it's important at this time.
>
> Sure, but you are missing the point about the way Java specifications
> are built. They gather around interested players in the field of each
> kind of framework, so it is more consensual that just an unilateral
> proposal.
>
> If version 1.0 of an API is not good enough, they gather again,
> eventually joining more interested players and build a better
> specification. For instance, JDBC API specification had at least 3 major
> versions.
>
> There is no need to create a new completely backwards incompatible API
> specification. Everybody would loose with that.
>
> Building a completely new API specification would make sense if it was
> for very different purposes.

I wasn't missing the point. I am quite aware of how the process works
behind closed doors with a select few high profile companies and
committees. I'm also quite aware of the pros of standardization, but I
don't necessarily feel that hand picking the standard is necessarily
better than an emergent standard. Either way, as I keep saying, if there
was a strong enough desire for such standardization then I'm sure people
would be forming such groups. maybe with the launch of Zend Framework
there will be a rallying point, but then again, maybe it will just be
yet another framework.

> >> Let me give a concrete example, I have developed some plug-ins for this
> >> forms class that provide auto-complete support to text inputs and linked
> >> select inputs. They use AJAX to retrieve auto-complete text options and
> >> switch the linked select options from a database on the server.
> >>
> >> http://www.phpclasses.org/formsgeneration
> >>
> >> It is not viable for me to support all database API that exist for PHP.
> >> Actually it is already a big deal that that I could find time to support
> >> MySQL (directly) or a bunch of other databases using Metabase or
> >> PEAR::MDB2 API.
> >>
> >> The developers that use other database API cannot benefit from these
> >> auto-complete and linked select plug-ins, unless they develop variants
> >> of the plugins that support the database API that they prefer, but then
> >> they would be on their own as I would not be able to provide support to
> >> them.
> >
> > There's this thing called an adapter pattern. Great for retrofitting
> > other people's code without actually modifying it.
>
> That is what Metabase and PEAR::MDB2 do, database adapting, same API
> and same behavior for all supported databases.
>
> Furthermore, the plug-in sub-classes that support different databases,
> only override a few base class methods . It would not be hard to adapt
> them for more API.
>
> I just do not have the time nor the interest to build variants for the
> bazillions of other database abstraction layers.
>
> Some do not even support the necessary abstraction features. For
> instance, AFAIK other database abstraction layers besides Metabase and
> PEAR::MDB2 do not support pattern escaping.
>
> This is necessary to escape wildcards characters that should be taken
> literally in patterns. It is needed to implement the auto-complete
> feature using SQL conditions of type field LIKE 'typed-text%'. If
> typed-text contains % or _, it must be escaped. Some databases like MS
> SQL need to escape other characters too.

If there was enough need for Metabase to support other layers then I'm
sure the community would be submitting the code for you. But then again,
you probably wouldn't accept outside code into your own codebase since
that would violate your internal dislike for external code *lol*.
Touché!

> >> Everybody looses opportunities with this. If there was a standard API
> >> database specification for PHP like PDBC similar to JDBC, there would be
> >> no such problem.
> >
> > There are two ways for standards to come about. They can be hand picked
> > or they can emerge. Hand picked requires the "community organization" of
> > which you speak. Emergent standards requires the popular vote. I'm in
> > the latter camp, let the developers speak to the merits of any given
> > standard. And if they don't speak, it's probably not important.
>
> Right. The problem is that in the PHP world there are too many
> incompatible APIs for the same purposes in use by many people. This does
> not help people like the original poster that wanted specific
> recommendations. He will have too loose a lot of time and patience,
> probably to reach the conclusion that he will have to write his own
> framework.

>From your earlier statement, he could supposedly choose a framework just
from browsing the source code. At any rate, he probably wasted time
reading your article that purported to recommend a framework when in
fact it had nothing of substantial value to say about any particular
framework.

attached mail follows:

Hello,

on 08/03/2006 02:53 PM Robert Cummings said the following:
>>> The main thing in Manual's post that got me writing this in the first
>>> place was :
>>>
>>> "Imagine if there would be only one PDBC (JDBC for PHP). Instead of that
>>> we have a never ending choice of PHP database abstraction layers that
>>> does not help newcoming developers that are lost and don't know what to
>>> use."
>> I admit I have not expressed myself clearly. What I meant is not that
>> people should be disallowed to implement alternative APIs, but rather
>> that they should not feel the need to do it.
>
> I think you may be missing the point. Many people probably don't feel
> the "need" to create an alternative API, they may just feel the desire
> to do so. It's a great way to practice your skills, and in the end, you
> have a nice API that meets your needs.

I do not think many people want to reinvent the wheel. Only those that
feel forced to do it, because the alternatives are insufficient, will do
it, only if they feel capable of doing it.

If there were consensual API specifications like in Java world, very few
people would feel forced to reinvent the wheel.

>> In the Java world, JDBC is the de facto standard because Java developers
>> do not feel the need to develop other database APIs. That happens
>> because JDBC is a standard API defined by several players from the SQL
>> database world that sit together and defined a consensual API specification.
>>
>> In the PHP world there is no such organization nor the vision of the
>> benefits of cooperating to define such standards. I already gave an
>> example of the benefits of having such standard API specifications in
>> the other comment to Rob.
>
> Almost all APIs can be wrapped when necessary. Hell, the PHP engine is
> in many cases just a wrapper around a C API.

The things you say just to avoid agreeing! ;-)

Most of those C APIs are also not based in any consensual standard API
specifications. Because of that, there will always be people that
rewrite other API for the same purpose either in C or even in pure PHP.
The lack of consense is the problem.

Regards,
Manuel Lemos

Metastorage - Data object relational mapping layer generator
http://www.metastorage.net/

PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/

attached mail follows:

Hello,

on 08/03/2006 02:52 PM Kilbride, James P. said the following:
>> I admit I have not expressed myself clearly. What I meant is
>> not that people should be disallowed to implement alternative
>> APIs, but rather that they should not feel the need to do it.
>>
>> In the Java world, JDBC is the de facto standard because Java
>> developers do not feel the need to develop other database
>> APIs. That happens because JDBC is a standard API defined by
>> several players from the SQL database world that sit together
>> and defined a consensual API specification.
>
> This is partially true because Java is owned and managed by SUN, and SUN
> is all about developing API's, both to ensure that it's own later work
> will work, and because it meant a better way for people to interface.

I do not agree with that. Many Java API are defined by many parties
besides Sun.

For instance, the JDBC specification was defined by an experts group
from several companies listed here:

http://www.jcp.org/en/jsr/detail?id=54

> By the same token Pear_DB, and the follow ons were much like the early
> versino of JDBC. As is PDO in a lot of ways. The majority of the
> database specifics have been abstracted out and a general interface has
> emerged. Unlike in Java though, the PDO and Pear_(M)DB(2) families
> haven't settled yet(nor did JDBC overnight) but they are being developed
> by the community. And many people DO recognize the advantage of

The matter here is not PHP versus Java. The matter is using APIs defined
in consense with several interested parties of the community.

The PHP community is very uncooperative. Let me give you an example.

It happens that I am the Metabase developer. Metabase is the base of
PEAR::MDB. PEAR::MDB2 is the follow-up of PEAR::MDB.

Before PEAR::MDB existed, I invited ADODB author to cooperate and
develop a common PHP database instead of keep copying Metabase features
to provide the same functionality with an incompatible API. He refused
to cooperate without giving a proper reason.

When I tried to submit Metabase to PEAR, it was refused with all
possible lame excuses that PEAR people could find then. They demanded a
complete rewrite to match their style guidelines. That was completely
inviable to me as Metabase had already over 12,000 lines of code.

Instead I proposed that somebody does it. Fortunately Lukas Smith was
brave enough to accept the proposal. It took a lot of time to convert
all the code and many bugs appeared when none existed due to normal
human misunderstanding mistakes.

Meanwhile Metabase continued to evolve and PEAR::MDB too, but
independently, hardly benefiting of mutual efforts. Several tools have
been developed around each API. Tools for one API do not work with
another API without a signficant conversion effort.

It would have been much better if all parties have sit together and
cooperate in defining a consensual API. I am not even talking about
having a single API implemention. Different implementations could exist
based on the same API specification. It would all have been much better
for all the PHP community.

> But you could argue, how is PDO not a standard interface like JDBC? How
> was it not designed by the community and put out there for people to
> implement their own methods for it?

Forget PDO, it is yet another attempt to succeed where PHP ODBC and DBX
extensions have failed. PDO is not based on consensual API
specification. Therefore, it is ill fated to be used only by a fraction
of the PHP users. The same goes to Zend Framework and other unilateral
developements. That was the point of the blog post.

While different API developers do not open their minds and cooperate
with each other, nobody will benefit from consensual API specifications
in the PHP world.

Regards,
Manuel Lemos

Metastorage - Data object relational mapping layer generator
http://www.metastorage.net/

PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/

attached mail follows:

On Fri, 2006-08-04 at 17:23 -0300, Manuel Lemos wrote:
> Hello,
>
> on 08/03/2006 02:53 PM Robert Cummings said the following:
> >>> The main thing in Manual's post that got me writing this in the first
> >>> place was :
> >>>
> >>> "Imagine if there would be only one PDBC (JDBC for PHP). Instead of that
> >>> we have a never ending choice of PHP database abstraction layers that
> >>> does not help newcoming developers that are lost and don't know what to
> >>> use."
> >> I admit I have not expressed myself clearly. What I meant is not that
> >> people should be disallowed to implement alternative APIs, but rather
> >> that they should not feel the need to do it.
> >
> > I think you may be missing the point. Many people probably don't feel
> > the "need" to create an alternative API, they may just feel the desire
> > to do so. It's a great way to practice your skills, and in the end, you
> > have a nice API that meets your needs.
>
> I do not think many people want to reinvent the wheel. Only those that
> feel forced to do it, because the alternatives are insufficient, will do
> it, only if they feel capable of doing it.
>
> If there were consensual API specifications like in Java world, very few
> people would feel forced to reinvent the wheel.

I beg to differ. I think a good number of people really enjoy
re-inventing the wheel :)

attached mail follows:

Hello,

on 08/03/2006 05:18 PM Martin Alterisio said the following:
>> Anyway, you may want to read this more in depth reflection of the state
>> of the PHP framework world and recommendations on how to pick what suits
>> best for you:
>>
>> http://www.phpclasses.org/blog/post/52-Recommended-PHP-frameworks.html
>
>
> Sorry to intrude with my usual obnoxious behaviour, but this is starting to
> affect my self-esteem (what's left of it). Am I the only one who has a
> really hard time reading the blog posts in phpclasses.org? Everytime a
> reference to this blog is posted I lose track of the discussion, because I
> can't really grasp what Lemos is talking about.
>
> I'd like to make some some constructive criticism, not just to Lemos but to
> the community in general, since I think many of us need to improve our
> writing skills:
>
> 1 - Don't make loooong boooring posts.

This blog in reality is the site monthly announcement newsletter. Some
months there is more to tell than in others. I usually put a list of
contents when the post is about many subjects.

> 2 - Get to the point. Introduction are great when they are not two pages
> long.

I don't know what you mean by introduction. Usually there is a summary
that goes in the RSS feed that is no longer than 3 or 4 paragraphs.

> 3 - Stick to the topic. Or use appropiate titles.

> 4 - If the topic is inherently long, use distinguishable headers and
> subheaders. It's a pain in the ass to read a 5 pages long article that
> looks
> the same everywhere, with no easy way to know what is the subtopic of what
> are you reading now.

As I said, these posts often cover many topics. It may not seem by topic
sections use titles. The problem is that this newsletter posts used to
go by e-mail to the site subscribers in plain text, so there was no way
to format titles.

Anyway, now that you mentioned it I applied an additional regular
expression to add title formatting when presenting it in the site. Just
let me know if it looks ok now.

> 5 - Don't talk so much about your life! You can always make another blog
> for
> that... Unless your personal experience can bring an unique insight of the
> point you're trying to make.

I suppose you may be talking about other peoples blogs. Personal blogs
are supposed to be personal. This is the PHPClasses site blog. Usually
it covers matters about the site developments and matters of interest to
the site users. It does not talk about my life. It may talk about my
experience when it is relevant to the post topic.

Regards,
Manuel Lemos

Metastorage - Data object relational mapping layer generator
http://www.metastorage.net/

PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/

attached mail follows:

On Fri, August 4, 2006 7:14 am, David Ellsworth wrote:
> I was wondering how simple it would be to set up a script to provide a
> subscribe/unsubscribe form for a list serve. The form would send an
> email to
> the subscribe address or unsubscribe address as selected.

It's pretty simple:

<?php
  if (isset($_REQUEST['email'])){
    $success = mail($_REQUEST['action'], 'un/subscribe',
'un/subscribe', "From: $_REQUEST[email]\r\nReply-to:
$_REQUEST[email]");
    if ($success) echo "Status Change Sent";
    else echo "Unable to send Status Change";
  }
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<input type="radio" name="action" value="subscribelists.php.net">
Subscribe
<input type="radio" name="action" value="unsubscribelists.php.net">
Unsubscribe<br />
<input name="email">
</form>

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

Did you try to use "-" as the file and pipe the output?...

That might work...

As far as the Tidy not validating the included PHP, I'm not sure what
you mean, but I don't see this making the PHP code any less secure
than it was before you wrapped Tidy around it...

On Fri, August 4, 2006 6:21 am, Frank Arensmeier wrote:
> Hello.
>
> Since my ISP does not provide the tidy module for Apache, I tested
> writing a wrapper script for a locally installed tidy binary. In
> general, the script is triggered by a modification to the .htaccess
> file like so:
>
> AddHandler server-parsed .php
> Action server-parsed /tidy_wrapper.php5
>
> All php pages are by that means "treated" by the script
> tidy_wrapper.php5.
>
> Here is the code for tidy_wrapper.php5:
>
> <?php
>
> chdir ( dirname ( $_SERVER['PATH_TRANSLATED'] ) );
> ob_start();
> include ( $_SERVER['PATH_TRANSLATED'] );
> $output = ob_get_contents();
> ob_end_clean();
>
> // Including a line with the commend "" will turn
> off tidy conversion
>
> if ( !stristr ( $output, "" ) ) {
> $localfile = tempnam ( '../tmp', "tmp" );
> $handle = fopen($localfile, "w");
> fwrite($handle, $output);
> fclose($handle);
>
> $command = '/Library/WebServer/CGI-Executables/tidy -iq --show-
> errors 0 --show-warnings 0 -wrap 100 ' . $localfile . ' 2>&1';
>
> exec ( $command, $output_exec );
> echo implode ( "\n", $output_exec );
> unlink ( $localfile );
> } else {
> echo $output;
> }
> exit;
> ?>
>
> Although the script is actually working fine, there is at least one
> downside: speed. As you can see, the output buffer must be written to
> a file in order to be processed by tidy. I was not able to get tidy
> to accept a string for processing. Doing so, tidy throws en error. I
> have looked through tidy documentation without finding any clues. I
> would appreciate any hints. Any ideas for a walk-around for that file
> saving-thing would be welcome!
>
> Otherwise, I strongly feel that this script might become/be a
> security hole. Because it does not validate the included PHP code, it
> could be misused for doing bad stuff, or am I wrong? Once more, any
> suggestions are welcome.
>
> regards,
> /frank
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

On Thu, August 3, 2006 4:27 pm, tedd wrote:
> At 2:23 PM -0500 8/3/06, Richard Lynch wrote:
>>Note that the number of zip codes is around 60K in the TIGER data,
>> and
>>there have been a whole mess of zip codes added since then.
>
>
> Can you get the postal code by themselves? The last time I looked at
> TIGER data it was in quadrants of around the size of approximately a
> township (6 x 6 miles).

I just loaded in the Zips table and ignored the other ones I didn't
need...

You have to download the whole thing, but don't have to suck it all
into your DB.

I forget what all I went through to import it, many years ago...

After that, any application I write that needs the zip code stuff just
uses the other DB to get it, or if it's on another server, does the
occasional lookup through an HTTP request -- Since I cache the
long/lat on the local table anyway, it only does a lookup when
somebody's zip code changes, so that's pretty infrequent for my usage.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

Adam Zey wrote:
> Al wrote:
>> James Nunnerley wrote:
>>> I want to have a regular expression that check the following criteria
>>> are
>>> met by $password:
>>>
>>> - contains at least 6 characters (any)
>>> - has at least 1 letter
>>> - has at least 1 number
>>> - other 6 characters can be anything...
>>>
>>> I'm happy to work out the structure of a postcode etc, but to be
>>> honest I'm
>>> still fairly new to working with regular expressions.
>>>
>>> What the best/easiest way to check whether a variable contains a
>>> range? It
>>> might be RegExp don't do this?
>>>
>>> Cheers
>>> Nunners
>>
>> It can be done; but, it's simpler to simply to make an if() with
>> (strlen($password) > 5) && (strlen($password) < max) &&
>> pre_match("%[a-z]+%i"%, $password) && preg_match("%\d+%", $password)
>
> Some mistakes there:
>
> 1) You want to assign strlen to a variable before the if, since you're
> calling it twice in the if. I'm not certain how fast strlen is, but it's
> usually a bad idea to repeat useless function calls like that.
>
> 2) Isn't your second function call supposed to be preg_match, and not
> pre_match?
>
> Regards, Adam Zey.

You are correct on both counts. Getting the strlen() first will save about .01usec.

attached mail follows:

On Wed, July 26, 2006 8:40 am, Jochem Maas wrote:
>> How did you know that he had an extra space in $u?

Actually...

Since he's getting them from a file, and since fread() and friends
INCLUDE the newline at the end, I would now suggest that the "extra"
character is a single newline, and not a space.

The correct solution there is to remove the newline, and only the
newline, in case somebody wants to use a space at the end of their
password.

Even if space is not allowed, using trim() here is not the Right Place
to enforce that validation of a password.

I'm probably being to pedantic and picuyane again, aren't I? :-)

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

On Wed, July 26, 2006 5:16 am, Yannick Warnier wrote:
> I'm trying to deal with big files (over 4GB) with PHP4.3.9 ans PHP4.4
> but obviously it's not really possible.

You can't use something like file_get_contents() or file() because it
would pull the whole 4GB into RAM, but
http://php.net/fopen
http://php.net/fread
should work just fine...

> Is there a library somewhere that allows elementary operations on
> these
> kinds of files by, for example, using the operating systems commands
> (Linux in this case)?

You could use:
http://php.net/exec
to run the Linux commands.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

On Wed, July 26, 2006 7:00 am, Jay Blanchard wrote:
> [snip]
> I have code below which save MYSQL to csv file. I am using ADODB
> library to do this.
>
> The saving MYSQL to csv file is ok .
> However i need to allow the the user to enter file name for csv
> file.
>
> Anybody have any ideas how to do this? Thanks
> [/snip]
>
> If you want a true pop-up you will have to use a JavaScript
> http://www.codefoot.com/javascript/script_invoke_saveas.html

I think you will find this useful:
http://richardlynch.blogspot.com/

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

On Tue, July 25, 2006 11:47 pm, Chris wrote:
> There's a default for reply-to in the php.ini? What's the variable
> called - I can't see one. I can see these:

> ; For Win32 only.
> sendmail_from = melocalhost.com
>
> ; For Unix only. You may supply arguments as well (default: 'sendmail
> -t -i').
> ;sendmail_path =
>
> but they have nothing to do with the reply-to address.

I think you would want something like:

sendmail_path = /usr/bin/sendmail -froot -t -i

The -froot sets the 'from' as documented in man sendmail.

But that's only supposed to be for trusted users, and it's unlikely
that you configured sendmail for the PHP/Apache user to be trusted...

But this is the Right Path to follow for this issue, I think.

Have fun reading sendmail docs. :-)

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

Put this at the top of the script:
<?php error_reporting(E_ALL);?>

Also, it's possible that the browser is timing out if the script is
too slow.

Another issue is that if you are closing/reopening the 2 database
connections between steps 2 and 3, then it's probably not very
efficient. Keeping them both open is much more efficient.

On Tue, July 25, 2006 2:39 pm, Philip Thompson wrote:
> Hi all.
>
> I have a list of people in a database who live in particular rooms.
> Next semester, they may live somewhere else, so I need to update my
> database. (I know the data becomes stale, but not that often.) Here's
> what I'm doing to update:
>
> 1. Pull list of IDs from database A - store in array
> 2. Foreach ID in array, search database B to see if they have a new
> room
> 2a. If no, go back to step 2 and go to next ID
> 3. Compare new room to current room
> 3a. If different, update the record to new room
>
> That's basically it. Now, I know this works (sorta) because the
> records are updating with the appropriate information. Here's the
> problem I'm running into: it only does a certain amount and then
> quits!! WHY!!?!
>
> The total number of records I have is 1335 - pulled from step 1.
> However, when I go through the list and query for new rooms, it
> stops... randomly... not even at the same record each time. Sometime
> it's 230, sometimes it's 476 - truly random from what I can tell. I
> am sorting the query (ORDER BY) each time, so I know it's the same
> order.
>
> Any thoughts on why this is happening? Possibly a buffer issue?
>
> Thanks in advance.
> ~Philip
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

On Tue, July 25, 2006 10:32 am, James Nunnerley wrote:
> We've created a file manager which allows users to access their web
> space on
> a server. It's working brilliantly, except that it would seem there
> are
> some caching issues, either by the system cache or the web server
> cache that
> are causing us a headache.
>
> When the script tries to delete a file, we always check (using
> file_exists)
> to see whether the file exists before it's deleted.

But if some other process is deleting that file, you have a race
condition.

It's pointless to check before you delete, really -- You simply have
to use the result from unlink() to know if it worked or not.

> The check comes back true, but the unlink then fails, saying no file
> or
> directory there!
>
> We've tried turning off all errors (using error_reoprting(0) ) but
> this
> would seem to have little difference in the error - it still comes
> back with
> a failure.

Any time the solution is error_reporting(0) then you are doing
something fundamentally wrong.

> We are using our own error handling, but before the command is carried
> out,
> there is this 0 call...

If you use set_error_handler(), it is called regardless of
error_reporting() settings.
http://php.net/set_error_handler

> Does anyone know how we can stop these errors?

I would suggest that you make sure that you are using the FULL PATH to
unlink() -- Relying on any kind of relative path is just going to get
you into trouble.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

On Mon, July 24, 2006 11:58 pm, Paul Scott wrote:
>
> On Mon, 2006-07-24 at 14:17 -0500, Franco Pawlisz wrote:
>
>> My Client is specifically looking for a developer with strong front
>> end PHP experience knowledge of Java and or Ruby is a major plus.
>>
>
> What the heck is "front end PHP", or am I misinterpreting the bad
> punctuation (or lack thereof)?

Recruiters tend to scribble notes and then munge them and then you get
the most interesting job requirements... :-)

I'm pretty sure it's not this:
http://pecl.php.net/package/PHPScript
which is what "front end PHP" would actually mean to any developer.
:-)

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

Hi all

I have been stuck on this problem for 4 hours. Please anyone that can help
here I would appreciate it.

If I print_r($_GET) I have

Array ([question] => Array ( [10] => 1 [11] => 2 [12] => 1 [13] => 1)'

So now I try

foreach($_GET['question'] as $key) {
      if(!in_array($key, $_SESSION['question'])) {
           print "not matched lets update<br>".
                 "$_GET[question][$key]"; // HERE I WANT IT TO SHOW $key
is 10 and its value should be 1 (as printed in the Array above)
      }
     else {
          print "matched";
      }
}

Where it gets to the section "not matched" I need to print out from the
question array question[$key][$value] (question '10' => '1' as above)

I am not sure if I am even making sense here anymore...

Thanks in advance

Chris

attached mail follows:

Message-ID: <44D3C58A.70503

iamjochem.com>
Date: Sat, 05 Aug 2006 00:09:14 +0200
From: Jochem Maas <jochem

iamjochem.com>
MIME-Version: 1.0
To: Chris G <thunderbox

gmail.com>
CC: php-general

lists.php.net
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP] Please help me with in_array

Chris G wrote:
> Hi all
>
> I have been stuck on this problem for 4 hours. Please anyone that can help
> here I would appreciate it.
>
> If I print_r($_GET) I have
>
> Array ([question] => Array ( [10] => 1 [11] => 2 [12] => 1 [13] => 1)'
>
>
> So now I try
>
> foreach($_GET['question'] as $key) {

foreach($_GET['question'] as $key => $value) {

> if(!in_array($key, $_SESSION['question'])) {
> print "not matched lets update<br>".
> "$_GET[question][$key]"; // HERE I WANT IT TO SHOW $key
> is 10 and its value should be 1 (as printed in the Array above)
> }
> else {
> print "matched";
> }
> }
>
>
>
> Where it gets to the section "not matched" I need to print out from the
> question array question[$key][$value] (question '10' => '1' as above)
>
>
>
> I am not sure if I am even making sense here anymore...
>
> Thanks in advance
>
>
> Chris
>

attached mail follows:

Chris G wrote:
> I have already tried using
>
> foreach($_GET['question'] as $key => $value)
>
> the in_array function does not work with it for some reason.

'does not work with it' ??

use var_dump(); to see what's actually in your variables.

>
>
> On 8/5/06, *Jochem Maas* <jochemiamjochem.com
> <mailto:jochemiamjochem.com>> wrote:
>

> foreach($_GET['question'] as $key => $value) {
>

var_dump($key, $value);

> > if(!in_array($key, $_SESSION['question'])) {
> > print "not matched lets update<br>".
> > "$_GET[question][$key]"; // HERE I WANT IT TO
> SHOW $key
> > is 10 and its value should be 1 (as printed in the Array above)
> > }
> > else {
> > print "matched";
> > }
> > }
> >
> >
> >
> > Where it gets to the section "not matched" I need to print out
> from the
> > question array question[$key][$value] (question '10' => '1' as above)
> >
> >
> >
> > I am not sure if I am even making sense here anymore...
> >
> > Thanks in advance
> >
> >
> > Chris
> >
>
>

attached mail follows:

On Tue, July 25, 2006 11:41 pm, Paul Scott wrote:
> I have googled around a bit, but not really found anything useful...
>
> Which is more efficient? A case switch or a $$method style method?
>
> An example:
>
> switch($action) {
> case 'edit':
> //do some stuff
> .......
> return "edit_tpl.php";
>
> case 'whatever':
> //blah
> ......
> ......
> }
>
> OR:
>
> $method=$this->convertToMethod($action);

A user-defined function will almost always be more expensive than a
built-in language construct...

If you were willing to just do:

$this->$action();

and to hell with validating $action to be sure it was kosher, it would
be faster...

But your validation of $action to be sure it's not an internal method
you don't want them calling would probably look something like:
switch($action){
  case 'known_action':
  case 'other_action':
    return true;
  break;
  default:
    error_log("Possible hack attempt $_SERVER[REMOTE_ADDR]");
    echo "Invalid Action";
    return false;
  break;
}

So now you have a switch/case just as big as you would have had anyway.

> unset($action);
> return $this->$method();
>
> Hope this is reasonably clear... Note the return on the latter code.
>
> If anyone has any ideas around this, please let me know! Are there
> underlying security risks in doing it this way?

If convertToMethod() is not checking against a known list of valid
'action' you are making a security hole.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

On Mon, July 24, 2006 10:46 am, Ryan A wrote:
> This is not really a problem, more like a slightly OT
> question.
>
> Recently I have been testing some "CMS/carts/BB
> boards" and other related software, sometimes at the
> end of the page the software outputs the time it took
> to generate the page and the number of database calls.
>
> I have seen some scripts give the number of database
> calls in the hundreds (from 100 - 400) just to
> generate one single damn page.
> Isnt that just too much?
>
> Or am I blowing smoke and MySql can handle that
> without a sweat on a shared hosting environment? (with
> say....100 page requests per minute?)

You'd have to time the DB call on your own system to get truly
meaningful data.

The function call to a database on localhost to send a simple query
and get back a tiny result set is very very very cheap, usually.

A big-long-ass complex query is "expensive" but only in the SQL side,
not in PHP side.

A large result set is killer for both SQL and PHP, and the pipe in
between.

It's possible that 100 small queries are faster then a big query, in
some cases, but generally not, for the same given result set.

It's also possible that the database API has some kind of caching
system, so that the "hundreds" of calls are not actually hitting the
DB, but are getting counted anyway.

You're on your own to find out what the metrics actually mean. :-)

I'd pay more attention to actual user-percieved performance than just
the number of DB calls.

Something that does one super-fast DB call in a splintered second and
then outputs HTML that takes the browser 30 seconds to render is a lot
worse than something that does 100 not-so-fast DB calls but generates
quickly-rendered HTML.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

On Mon, July 24, 2006 1:33 pm, Ryan A wrote:
> Hey Rob,
> Thanks for replying.
>
>
>> It's usually a sign of poor programming and/or
>> purist OOP programming.
>>
>> When I say purist OOP programming...
>> I saw
>> one really retarded
>> implementation of this kind of system where an
>> excess of 20000 queries
>> were issued to the database -- on a homepage
>> nonetheless :/
>
>
> That IS retarded, I wonder why someone would want to
> do that.

Because they learned from Java which has an entirely different
architecture with a shared cached DB store across the application
servers, wherein such a technique makes a whole hell of a lot more
sense.

And because they don't REALLY understand the power of OOP, and are too
literal-minded when architecting class inheritence -- But that
describes about 99% of the so-called OOP developers "out there" so
there ya go.

> I was curious about this because I am working on a
> project (with other team players) and we have a way of
> building something with either lots more (complicated)
> code and fewer database calls or less code and
> multiple tables.
>
> If we take the second option (multiple tables) I am
> talking about maybe 15 database calls per page, and
> the site will get around (i guess) 300-750 requests
> for a page a minute at is peak.

Measure it and see.

I've seen times when 15 DB calls was a hell of a lot cheaper than 1 DB
call, depending on the indexes in the DB and the query and...

There's just no way to predict this without a detailed analysis of the
DB schema and the queries and the hardware and...

It's almost-for-sure faster for you to write 2 prototype examples with
realistic-sized data and throw Apache benchmark at them to find out
your answer.

> I wouldnt be going to those extremes, was thinking of
> around 5-15 queries per page.

15 queries per page, with a good schema and reasonable queries is
chump-change.

15 bad queries on a page will kill you before you even launch. :-)

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

On Tue, July 25, 2006 8:33 am, David Tulloh wrote:
> Larry Garfield wrote:
>> Disable short tags.
>>
>> The correct answer is (b). (PHP 6 won't even have short tags, so
>> get used to
>> not having them.)
>
> Can you find anywhere where this was announced? I don't recall seeing
> any decision on it.
>
> A quick search found several mentions of the devs deciding to keep
> short
> tags when going from php 4 to php 5. The php 6 todo list shows that
> <%
> will be removed but <? will stay.

The Meeting Notes from the Devs getting together in Paris sez:
http://www.php.net/~derick/meeting-notes.html#remove-support-for-and-script-language-php-and-add-php-var

This may be out-dated...

Personally, I would not miss <? much, but <?= is quite convenient, if
it would just work ALWAYS instead of by configuration option.

Oh well.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

Hi,

I am having problems with uploading files to a windows server using
php. I have used the same script on other server with no problems.

From what I can tell this new server is running windows with IIS. I
think the problem is with the path.

Does anyone have any suggestions? Here is a snipet of some of the code.

$uploadDir = "/gamestats/";

  $uploadFile = $uploadDir . $_FILES['bannerfile']['name'];
  echo $bannerfile . "<br>"; /* added for testing */
  echo $uploadDir . "<br>"; /* added for testing */
  echo $uploadFile . "<br>"; /* added for testing */

  if (move_uploaded_file($_FILES['bannerfile']['tmp_name'], $uploadFile))
  {
     ..........

I have also ran $_SERVER["PATH_TRANSLATED"] to see what the path is and
used it but that didn't help either.

Thanks

attached mail follows:

On 8/5/06, Mace Eliason <meliasonshaw.ca> wrote:
> Hi,
>
> I am having problems with uploading files to a windows server using
> php. I have used the same script on other server with no problems.
>
> From what I can tell this new server is running windows with IIS. I
> think the problem is with the path.
>
> Does anyone have any suggestions? Here is a snipet of some of the code.
>
> $uploadDir = "/gamestats/";
>
> $uploadFile = $uploadDir . $_FILES['bannerfile']['name'];
> echo $bannerfile . "<br>"; /* added for testing */
> echo $uploadDir . "<br>"; /* added for testing */
> echo $uploadFile . "<br>"; /* added for testing */
>
> if (move_uploaded_file($_FILES['bannerfile']['tmp_name'], $uploadFile))
> {
> ..........

and the errors you get are... ?

check the folder is writable:

echo "is_writable: " . is_writable($uploadDir) . "<br/>";

Is that the whole code? I doubt this would work on linux platforms
either because your script will not be able to create /gamestats (ie
in the / folder, not in your /home/httpd/domain.com folder or
where-ever it is).

IIS needs the destination folder marked with 'modify' permissions in
IIS so you can create and delete files, maybe that's the problem.
--
Postgresql & php tutorials
http://www.designmagick.com/

attached mail follows:

Is there a command to strip all non-alphanumerics form the beginning
and end of a string?

Ex.: '&^%kj.h,kj..*(' becomes 'kj.h,kj'

attached mail follows:

On Fri, 2006-08-04 at 19:12 -0700, Brian Dunning wrote:
> Is there a command to strip all non-alphanumerics form the beginning
> and end of a string?
>
> Ex.: '&^%kj.h,kj..*(' becomes 'kj.h,kj'

<?php

$text = ereg_replace( '^[^[:alnum:]]+', '', $text );
$text = ereg_replace( '[^[:alnum:]]+$', '', $text );

application/pgp-signature attachment: