|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
php-general Digest 11 Aug 2006 00:33:57 -0000 Issue 4286
php-general-digest-help
lists.php.net
Date: Thu Aug 10 2006 - 19:33:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
php-general Digest 11 Aug 2006 00:33:57 -0000 Issue 4286
Topics (messages 240458 through 240527):
Re: problem with quotes (single and double) in forms
240458 by: afan.afan.net
240459 by: afan.afan.net
240506 by: Richard Lynch
240507 by: afan.afan.net
240508 by: Richard Lynch
240509 by: afan.afan.net
Re: Including Google Ads
240460 by: bruce
240464 by: Jochem Maas
240465 by: bruce
240467 by: KermodeBear
240472 by: Adam Zey
240478 by: KermodeBear
240519 by: Chris
loop in horizontal direction (php-html)
240461 by: Reinhart Viane
240469 by: Al
240473 by: Marcus Bointon
240486 by: Al
240491 by: Al
240499 by: Richard Lynch
Re: Best way to get PHP5
240462 by: Jonathan Duncan
240466 by: David Tulloh
240468 by: Robert Cummings
Re: preg_match
240463 by: Al
Re: List Meeting NNOT
240470 by: Adam Zey
240471 by: Jay Blanchard
240474 by: Paul Scott
240479 by: John Nichel
240512 by: Jochem Maas
Re: Greek Characters from MySQL to PHP to the Browser: ??????
240475 by: Colin Guthrie
calendar Q
240476 by: William Stokes
240477 by: Brad Bonkoski
240498 by: Richard Lynch
INPUT
240480 by: João Cândido de Souza Neto
240481 by: Warren Vail
240482 by: Jochem Maas
240483 by: Warren Vail
240484 by: Jochem Maas
240485 by: Warren Vail
240487 by: João Cândido de Souza Neto
240489 by: Jochem Maas
240490 by: Jochem Maas
240492 by: João Cândido de Souza Neto
240493 by: Jim Moseby
240495 by: Richard Lynch
240503 by: Jochem Maas
240505 by: João Cândido de Souza Neto
OT? Verifying mail was received
240488 by: Chris W. Parker
240494 by: Richard Lynch
240525 by: Chris W. Parker
Re: Create an EUC-JP encoded file just for download, not to be kept on server
240496 by: Richard Lynch
240501 by: Richard Lynch
Re: [ATTN: Kevin W] Comment form spammer
240497 by: Micky Hulse
240500 by: Robert Cummings
Re: Comment form spammer
240502 by: Richard Lynch
240504 by: Richard Lynch
240516 by: Micky Hulse
240521 by: Micky Hulse
Re: returning to the same page after log in
240510 by: Richard Lynch
Re: Dividing, and keeping, text from the first space
240511 by: Richard Lynch
240515 by: Richard Lynch
Re: sessions no longer work
240513 by: Richard Lynch
Re: Cron running 'Hello world' script dies with "Could not startup."
240514 by: Richard Lynch
Re: Multiple Includes vs. One Long Include (Functions)
240517 by: Richard Lynch
240518 by: Richard Lynch
240520 by: Rasmus Lerdorf
Re: break up variable and put each element in an array
240522 by: Richard Lynch
b4nl() - What, Why, Where...
240523 by: Micky Hulse
240524 by: Chris
240526 by: Micky Hulse
240527 by: Chris
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net
To post to the list, e-mail:
php-generallists.php.net
----------------------------------------------------------------------
attached mail follows:
hm. good idea. actually, it's, at least, the most safe way.
:)
thanks.
-afan
> afanafan.net wrote:
>> Hi to all.
>>
>> Have a web site on server where magic quote is turned On. Because of
>> problems with quotes within forms, I was thinking to turn it Off. I
>> wonder
>> how much work I'll have to change code to accept new setting? Are we
>> talking about major changes or something that could be done in day or
>> two
>> (the site has few couple-pages long forms and about 10 "regular" contact
>> us/register/edit membership/edit account/... forms)?
>
> Copy it to a server where magic quotes is off and see what breaks. That
> will give you an idea of what needs fixing.
>
> --
> Postgresql & php tutorials
> http://www.designmagick.com/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
This is what I found and started to use: created magic_quotes_off.php
if (get_magic_quotes_gpc())
{
function stripslashes_deep($value)
{
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
return $value;
}
$_POST = array_map('stripslashes_deep', $_POST);
$_GET = array_map('stripslashes_deep', $_GET);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
}
and included i header.php (header of every page).
-afan
> Chris wrote:
>> Chris wrote:
>>> J R wrote:
>>>> try to use this few lines of code.
>>>>
>>>> function stripMagicQuotes(&$var)
>>>> {
>>>> if (get_magic_quotes_gpc()) {
>>>> $var = stripslashes($var);
>>>> }
>>>> return $var;
>>>> }
>>>>
>>>> this way you don't really have to worry if magic quotes is on or off.
>>>
>>> Then he has to modify all the code to call that function ;)
>>>
>>
>> Hmm actually:
>>
>> $_POST = stripMagicQuotes($_POST);
>>
>> should do it I guess.. not exactly ideal but would work quickly.
>>
>
> Argh, self-replying (*think before hitting send*) :(
>
> Of course that function would need a bit more modification but should be
> able to get it recursive without too many problems.
>
> --
> Postgresql & php tutorials
> http://www.designmagick.com/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
On Wed, August 9, 2006 9:07 am, afanafan.net wrote:
> Have a web site on server where magic quote is turned On. Because of
> problems with quotes within forms, I was thinking to turn it Off. I
> wonder
> how much work I'll have to change code to accept new setting? Are we
> talking about major changes or something that could be done in day or
> two
> (the site has few couple-pages long forms and about 10 "regular"
> contact
> us/register/edit membership/edit account/... forms)?
>
> I have access to php.ini. Could I just turn magic quotes Off to see
> what's
> going on and what forms will not work and how to fix it?
>
> On http://www.zend.com/manual/security.magicquotes.disabling.php that
> ini_set() is not an option, but there is an solution to disable magic
> quotes at runtime. Means, I can use this to change code (prepare for
> turning off) on pages with forms? Correct?
If you can use .htaccess, here is what I would do:
Step 1:
Copy all the forms and stuff to a new directory, like, say, 'new'
Step 2:
Use .htaccess in the 'new' directory to turn off Magic Quotes
php_value magic_quotes_gpc 0
Now, test and debug all your forms in 'new' and make sure they all
behave correctly with the setting turned off.
You may even want to set up 'new' so that it connects to a different
database, so you can test heavily without any risk to the 'real' data.
Just be sure to not mess up when you move the files back to the real
site that you don't keep using the fake database.
This provides you with a low-risk easy way to take as much time as you
need to get the job done, while your current site stays up and
running, at least as well as it was running before.
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
good idea!
:)
thanks richard!
-afan
> On Wed, August 9, 2006 9:07 am, afanafan.net wrote:
>> Have a web site on server where magic quote is turned On. Because of
>> problems with quotes within forms, I was thinking to turn it Off. I
>> wonder
>> how much work I'll have to change code to accept new setting? Are we
>> talking about major changes or something that could be done in day or
>> two
>> (the site has few couple-pages long forms and about 10 "regular"
>> contact
>> us/register/edit membership/edit account/... forms)?
>>
>> I have access to php.ini. Could I just turn magic quotes Off to see
>> what's
>> going on and what forms will not work and how to fix it?
>>
>> On http://www.zend.com/manual/security.magicquotes.disabling.php that
>> ini_set() is not an option, but there is an solution to disable magic
>> quotes at runtime. Means, I can use this to change code (prepare for
>> turning off) on pages with forms? Correct?
>
> If you can use .htaccess, here is what I would do:
>
> Step 1:
> Copy all the forms and stuff to a new directory, like, say, 'new'
>
> Step 2:
> Use .htaccess in the 'new' directory to turn off Magic Quotes
> php_value magic_quotes_gpc 0
>
> Now, test and debug all your forms in 'new' and make sure they all
> behave correctly with the setting turned off.
>
> You may even want to set up 'new' so that it connects to a different
> database, so you can test heavily without any risk to the 'real' data.
> Just be sure to not mess up when you move the files back to the real
> site that you don't keep using the fake database.
>
> This provides you with a low-risk easy way to take as much time as you
> need to get the job done, while your current site stays up and
> running, at least as well as it was running before.
>
> --
> Like Music?
> http://l-i-e.com/artists.htm
>
>
>
attached mail follows:
On Thu, August 10, 2006 7:54 am, afanafan.net wrote:
> This is what I found and started to use: created magic_quotes_off.php
>
> if (get_magic_quotes_gpc())
> {
> function stripslashes_deep($value)
> {
> $value = is_array($value) ?
> array_map('stripslashes_deep', $value) :
> stripslashes($value);
>
> return $value;
> }
>
> $_POST = array_map('stripslashes_deep', $_POST);
> $_GET = array_map('stripslashes_deep', $_GET);
> $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
> }
The downside here is that having Magic Quotes on has a slight
performance penalty, and then recursing through all the stuff to just
undo that has a slight (but higher) performance penalty.
While it's unlikely to matter on a boutique site, or even on a
moderately busy site, this would probably not be a Good Idea if
performance is near the top of your list...
I'm just guessing here -- Maybe all this is so fast it just doesn't
matter.
Still seems kinda icky to me compared to a simple php.ini or .htaccess
change if you control the environment.
Obviously, if your source is released to the world at large, and you
have zero control over the environment, you're stuck with this magical
un-do.
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
My thought was to use this until I do all changes. Once the changes are
done - turn off magic_quote_gpc in php.ini.
but, agree, redo whole site on separate place (under 'new' or on other
box) is much better solution.
-afan
> On Thu, August 10, 2006 7:54 am, afanafan.net wrote:
>> This is what I found and started to use: created magic_quotes_off.php
>>
>> if (get_magic_quotes_gpc())
>> {
>> function stripslashes_deep($value)
>> {
>> $value = is_array($value) ?
>> array_map('stripslashes_deep', $value) :
>> stripslashes($value);
>>
>> return $value;
>> }
>>
>> $_POST = array_map('stripslashes_deep', $_POST);
>> $_GET = array_map('stripslashes_deep', $_GET);
>> $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
>> }
>
> The downside here is that having Magic Quotes on has a slight
> performance penalty, and then recursing through all the stuff to just
> undo that has a slight (but higher) performance penalty.
>
> While it's unlikely to matter on a boutique site, or even on a
> moderately busy site, this would probably not be a Good Idea if
> performance is near the top of your list...
>
> I'm just guessing here -- Maybe all this is so fast it just doesn't
> matter.
>
> Still seems kinda icky to me compared to a simple php.ini or .htaccess
> change if you control the environment.
>
> Obviously, if your source is released to the world at large, and you
> have zero control over the environment, you're stuck with this magical
> un-do.
>
> --
> Like Music?
> http://l-i-e.com/artists.htm
>
>
>
attached mail follows:
umm chris...
do you really think he didn't read the google website.. was there a section
of the site you wanted him to pay attention to... or were you trying to add
to the entropy of the universe??
-----Original Message-----
From: Chris [mailto:dmagickgmail.com]
Sent: Wednesday, August 09, 2006 11:13 PM
To: C.F. Scheidecker Antunes
Cc: php-generallists.php.net
Subject: Re: [PHP] Including Google Ads
C.F. Scheidecker Antunes wrote:
> Hello all,
>
> How do I include Google Ads on my PHP script?
Read the google website.
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
bruce wrote:
> umm chris...
>
> do you really think he didn't read the google website.. was there a section
> of the site you wanted him to pay attention to... or were you trying to add
> to the entropy of the universe??
do the answers to these questions really interest you? are you not
adding to the entropy yourself?
now if you were to reply to me asking em whether I was now adding to
the entropy we could start a kind of reecursive/cascading entropy ...
which might be fun.
the domino effect ... something to watch out for when you have all
your ducks in a row.
:-P
>
>
> -----Original Message-----
> From: Chris [mailto:dmagickgmail.com]
> Sent: Wednesday, August 09, 2006 11:13 PM
> To: C.F. Scheidecker Antunes
> Cc: php-generallists.php.net
> Subject: Re: [PHP] Including Google Ads
>
>
> C.F. Scheidecker Antunes wrote:
>> Hello all,
>>
>> How do I include Google Ads on my PHP script?
>
> Read the google website.
>
> --
> Postgresql & php tutorials
> http://www.designmagick.com/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
attached mail follows:
hey jochem...
i had thought of that as i was flying across the keyboard!!! but i figured
hey!! what the heck.. go with it...
thanks for the laugh... back to work!
-----Original Message-----
From: Jochem Maas [mailto:jochemiamjochem.com]
Sent: Thursday, August 10, 2006 6:28 AM
To: bedouglasearthlink.net
Cc: 'Chris'; 'C.F. Scheidecker Antunes'; php-generallists.php.net
Subject: Re: [PHP] Including Google Ads
bruce wrote:
> umm chris...
>
> do you really think he didn't read the google website.. was there a
section
> of the site you wanted him to pay attention to... or were you trying to
add
> to the entropy of the universe??
do the answers to these questions really interest you? are you not
adding to the entropy yourself?
now if you were to reply to me asking em whether I was now adding to
the entropy we could start a kind of reecursive/cascading entropy ...
which might be fun.
the domino effect ... something to watch out for when you have all
your ducks in a row.
:-P
>
>
> -----Original Message-----
> From: Chris [mailto:dmagickgmail.com]
> Sent: Wednesday, August 09, 2006 11:13 PM
> To: C.F. Scheidecker Antunes
> Cc: php-generallists.php.net
> Subject: Re: [PHP] Including Google Ads
>
>
> C.F. Scheidecker Antunes wrote:
>> Hello all,
>>
>> How do I include Google Ads on my PHP script?
>
> Read the google website.
>
> --
> Postgresql & php tutorials
> http://www.designmagick.com/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
attached mail follows:
>> I do not want to include it only but to be able to set the keywords for
>> the add.
> You do not define that. Google scans your pages and shows relevant ads
> according to your pages content.
Actually, you can. I'm doing this for an advertising system with the company
I work for right now. You set the 'google_kw' variable before including
their awful JavaScript. You can also add 'google_city' and 'google_region'
for more local ads, as well as some other goodies.
The default behavior is for Google to crawl the page on display the relevant
ads, but supplying a key word prevents them from doing this (saving you
bandwidth) and giving you more control over what is displayed.
This is all documented in their AdSense documentation.
HTH,
K. Bear
attached mail follows:
KermodeBear wrote:
>>> I do not want to include it only but to be able to set the keywords for
>>> the add.
>
>> You do not define that. Google scans your pages and shows relevant ads
>> according to your pages content.
>
> Actually, you can. I'm doing this for an advertising system with the company
> I work for right now. You set the 'google_kw' variable before including
> their awful JavaScript. You can also add 'google_city' and 'google_region'
> for more local ads, as well as some other goodies.
>
> The default behavior is for Google to crawl the page on display the relevant
> ads, but supplying a key word prevents them from doing this (saving you
> bandwidth) and giving you more control over what is displayed.
>
> This is all documented in their AdSense documentation.
>
> HTH,
> K. Bear
Modifying Google's javascript code even in the slightest (such as
messing around with variables) is against the AdSense terms of service,
and is a good way to get your account revoked really fast. Only premium
publishers that get express permission from Google are allowed to mess
with those variables. It's possible that your company is a premium
AdSense customer, but Mr. Antunes is almost certainly not.
Regards, Adam Zey.
attached mail follows:
> Modifying Google's javascript code even in the slightest
> (such as messing around with variables) is against the
> AdSense terms of service, and is a good way to get your
> account revoked really fast. Only premium publishers that get
> express permission from Google are allowed to mess with those
> variables. It's possible that your company is a premium
> AdSense customer, but Mr. Antunes is almost certainly not.
Interesting! Of this I was unaware. All the business stuff is taken care of
by someone else. I guess where I work is considered 'premium', which is
pretty darn scary when I think about it. (o; Thanks for the heads up, I've
been considering adding some ad stuff to a few small sites of my own.
> Regards, Adam Zey.
attached mail follows:
bruce wrote:
> umm chris...
>
> do you really think he didn't read the google website.. was there a section
> of the site you wanted him to pay attention to... or were you trying to add
> to the entropy of the universe??
It's all documented on their website, why would anyone on this list (or
any other list) be able to help more than their own documentation? Tons
of people have used it. It's a simple RTFM question and a simple RTFM
answer.
--
Postgresql & php tutorials
http://www.designmagick.com/
attached mail follows:
Hey,
I've been wondering.
I know it's possible to make a php loop that each time generates a new <tr>.
In that case the results are stored under eachother.
Now I want to know if I can do the same in a horizontal direction.
The result should be something like this, I loop through available projects:
Project1 Project2 Project3 Project4 ...
1 45 89 5 8
2 23 9 65 31
3 23 91 55 73
4 11 90 82 38
The first column is fixed, but I have an unkown amount of projects
Hope this aint to much html related.
Thanks in advance,
Reinhart Viane
attached mail follows:
Reinhart Viane wrote:
> Hey,
>
> I've been wondering.
> I know it's possible to make a php loop that each time generates a new <tr>.
> In that case the results are stored under eachother.
> Now I want to know if I can do the same in a horizontal direction.
>
> The result should be something like this, I loop through available projects:
>
> Project1 Project2 Project3 Project4 ...
> 1 45 89 5 8
> 2 23 9 65 31
> 3 23 91 55 73
> 4 11 90 82 38
>
>
> The first column is fixed, but I have an unkown amount of projects
>
> Hope this aint to much html related.
>
> Thanks in advance,
> Reinhart Viane
If I understand your question..
Simply use a foreach() for each <tr>, and include another foreach(), inside the <tr> foreach(), for each <td>. <td>s
don't need to be terminated with </td>s
attached mail follows:
On 10 Aug 2006, at 16:39, Al wrote:
> <td>s don't need to be terminated with </td>s
That is, assuming you don't want your pages to validate. As closing
your tags is so trivially easy, it's really not worth not doing! I
recently encountered a site that contained 3500 unclosed font tags on
a single page; This is a very good way of making a browser go very
slowly and eat lots of memory.
Marcus
--
Marcus Bointon
Synchromedia Limited: Creators of http://www.smartmessages.net/
marcussynchromedia.co.uk | http://www.synchromedia.co.uk/
attached mail follows:
Marcus Bointon wrote:
> On 10 Aug 2006, at 16:39, Al wrote:
>
>> <td>s don't need to be terminated with </td>s
>
> That is, assuming you don't want your pages to validate. As closing your
> tags is so trivially easy, it's really not worth not doing! I recently
> encountered a site that contained 3500 unclosed font tags on a single
> page; This is a very good way of making a browser go very slowly and eat
> lots of memory.
>
> Marcus
> --Marcus Bointon
> Synchromedia Limited: Creators of http://www.smartmessages.net/
> marcussynchromedia.co.uk | http://www.synchromedia.co.uk/
>
>
Forgot to mention </font> tags ARE required.
I don't use <font> tags because they are depreciated and are a poor substitute for using styles.
attached mail follows:
Marcus Bointon wrote:
> On 10 Aug 2006, at 16:39, Al wrote:
>
>> <td>s don't need to be terminated with </td>s
>
> That is, assuming you don't want your pages to validate. As closing your
> tags is so trivially easy, it's really not worth not doing! I recently
> encountered a site that contained 3500 unclosed font tags on a single
> page; This is a very good way of making a browser go very slowly and eat
> lots of memory.
>
> Marcus
> --Marcus Bointon
> Synchromedia Limited: Creators of http://www.smartmessages.net/
> marcussynchromedia.co.uk | http://www.synchromedia.co.uk/
>
>
Best double check your facts. W3C specs say the </td> and </tr> are optional.
http://www.w3.org/TR/html4/index/elements.html
I do it all the time and ALL my work W3C validates. Try it.
attached mail follows:
On Thu, August 10, 2006 8:32 am, Reinhart Viane wrote:
> I've been wondering.
> I know it's possible to make a php loop that each time generates a new
> <tr>.
> In that case the results are stored under eachother.
> Now I want to know if I can do the same in a horizontal direction.
>
> The result should be something like this, I loop through available
> projects:
>
> Project1 Project2 Project3 Project4 ...
$item_count = 0;
while (... = mysql_result($result)){
if (($item_count % 5) == 0) echo "<tr>\n";
$item_count++;
echo "<td>$project_id</td>\n";
> 1 45 89 5 8
if (($item_count % 5) == 4) echo "</tr>\n";
}
> 2 23 9 65 31
> 3 23 91 55 73
> 4 11 90 82 38
>
>
> The first column is fixed, but I have an unkown amount of projects
>
> Hope this aint to much html related.
>
> Thanks in advance,
> Reinhart Viane
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
On Wed, 9 Aug 2006, Chris W. Parker wrote:
> Jonathan Duncan <mailto:jonathannacnud.com>
> on Wednesday, August 09, 2006 3:55 PM said:
>
>> If you want to really learn Linux, try Gentoo. If you just want a
>> very good and easy to use Linux, go with SuSE.
>
> To keep this related to the question I asked...
>
> Do either of the latest builds of these distros have PHP5?
>
>
> Thanks,
> Chris.
>
I just checked the Gentoo portage tree and it has PHP 5.1.4 in it already.
Having it in the portage tree means it is as good as installed.
I just checked the SuSE Linux 10.1 package listing and it comes with
5.1.2:
http://www.novell.com/products/linuxpackages/suselinux/index_all.html
The answer to your question is yes.
Jonathan
attached mail follows:
Chris W. Parker wrote:
> Hello,
>
> Generally (well, actually 100%) I just use whatever version of PHP is
> included with a certain distro (Redhat pre-Fedora, Fedora Core, CentOS).
> None of the versions I've used have come with PHP5 and I'd really like
> to get with the times and use PHP5.
>
> I know that Fedora Core 5 offers PHP 5.1.2 but I've heard some negative
> things about it in general (FC5).
>
> I've never compiled PHP myself so admittedly I'm a bit skeered... Is the
> recommended path to just go with whatever distro I prefer and then
> download PHP5 from php.net and install it myself?
>
Virtually all distros should have php5 as an option these days. Though
frequently it's named php5 rather than simply php. Debian, and probably
several other distributions, only offer it in their testing branch.
As a general rule I would recomend not installing from source, you can
seriously damage your system with multiple versions of programs, files
going in places they shouldn't and running in to dependancy hell. The
distributions that I am familiar with provide packages for the php
extensions so you don't have to recompile to add them.
IF you do install from source, using your package management system to
grab the source dependancies can simplify things significantly. On a
Debian based distribution this can be done with `apt-get build-dep php5`.
David
attached mail follows:
On Fri, 2006-08-11 at 00:29 +1000, David Tulloh wrote:
> Chris W. Parker wrote:
> > Hello,
> >
> > Generally (well, actually 100%) I just use whatever version of PHP is
> > included with a certain distro (Redhat pre-Fedora, Fedora Core, CentOS).
> > None of the versions I've used have come with PHP5 and I'd really like
> > to get with the times and use PHP5.
> >
> > I know that Fedora Core 5 offers PHP 5.1.2 but I've heard some negative
> > things about it in general (FC5).
> >
> > I've never compiled PHP myself so admittedly I'm a bit skeered... Is the
> > recommended path to just go with whatever distro I prefer and then
> > download PHP5 from php.net and install it myself?
> >
>
> Virtually all distros should have php5 as an option these days. Though
> frequently it's named php5 rather than simply php. Debian, and probably
> several other distributions, only offer it in their testing branch.
>
> As a general rule I would recomend not installing from source, you can
> seriously damage your system with multiple versions of programs, files
> going in places they shouldn't and running in to dependancy hell. The
> distributions that I am familiar with provide packages for the php
> extensions so you don't have to recompile to add them.
Ummmm, it's pretty simplistic under linux to have mutliple versions. In
fact I have every almost every version since 4.1.0 installed and easily
activated.
I keep a master /usr/local/php/ directory in which each version is
housed and the currently active version is focused by a soft-link
(I have phpWeb versions also since I compile in different features and
they work under the same principle):
::/usr/local/php> ls -al | grep phpCgi
lrwxrwxrwx 1 root root 12 2006-07-31 14:28 phpCgi -> phpCgi-4.4.2/
drwxrwxr-x 16 root root 4.0K 2004-08-25 22:20 phpCgi-4.1.0/
drwxrwxr-x 16 root root 4.0K 2004-08-25 22:20 phpCgi-4.1.1/
drwxrwxr-x 16 root root 4.0K 2004-08-25 22:20 phpCgi-4.1.2/
drwxrwxr-x 17 root root 4.0K 2004-08-25 22:20 phpCgi-4.2.0/
drwxrwxr-x 15 root root 4.0K 2004-08-25 22:20 phpCgi-4.2.1/
drwxrwxr-x 16 root root 4.0K 2004-08-25 22:20 phpCgi-4.2.2/
drwxr-xr-x 16 root root 4.0K 2004-08-25 22:20 phpCgi-4.2.3/
drwxr-xr-x 18 root root 4.0K 2004-08-25 22:20 phpCgi-4.3.0/
drwxrwxr-x 18 root root 4.0K 2004-08-25 22:20 phpCgi-4.3.1/
drwxr-xr-x 18 root root 4.0K 2005-03-23 00:03 phpCgi-4.3.10/
drwxr-xr-x 18 root root 4.0K 2005-07-16 12:55 phpCgi-4.3.11/
drwxrwxr-x 18 root root 4.0K 2004-08-25 22:20 phpCgi-4.3.2/
drwxrwxr-x 18 root root 4.0K 2004-08-20 19:23 phpCgi-4.3.3/
drwxrwxr-x 18 root root 4.0K 2004-08-20 19:30 phpCgi-4.3.4/
drwxr-xr-x 18 root root 4.0K 2005-06-24 01:41 phpCgi-4.3.5/
drwxr-xr-x 18 root root 4.0K 2004-08-20 19:37 phpCgi-4.3.6/
drwxr-xr-x 18 root root 4.0K 2004-08-20 19:40 phpCgi-4.3.7/
drwxr-xr-x 18 root root 4.0K 2004-08-20 19:43 phpCgi-4.3.8/
drwxr-xr-x 18 root root 4.0K 2005-03-23 00:02 phpCgi-4.3.9/
drwxr-xr-x 18 root root 4.0K 2006-03-13 16:41 phpCgi-4.4.0/
drwxr-xr-x 18 root root 4.0K 2006-08-05 15:03 phpCgi-4.4.2/
lrwxrwxrwx 1 root root 12 2006-07-31 14:29 phpCgi5 -> phpCgi-5.1.1/
drwxr-xr-x 18 root root 4.0K 2004-08-20 19:47 phpCgi-5.0.0/
drwxr-xr-x 18 root root 4.0K 2004-04-07 11:53 phpCgi-5.0.0RC1/
drwxrwxr-x 18 root root 4.0K 2004-10-03 09:47 phpCgi-5.0.1/
drwxr-xr-x 18 root root 4.0K 2005-03-23 00:09 phpCgi-5.0.2/
drwxr-xr-x 18 root root 4.0K 2005-03-23 00:12 phpCgi-5.0.3/
drwxr-xr-x 18 root root 4.0K 2005-11-30 23:08 phpCgi-5.1.1/
Then in my /usr/local/bin/ I link to the phpCgi link...
rootblobule:/usr/local/bin> ls -al | grep phpCgi
lrwxrwxrwx 1 root root 43 2006-07-31 16:03 pear
-> /usr/local/php/phpCgi/installation/bin/pear*
lrwxrwxrwx 1 root root 46 2006-07-31 16:03 peardev
-> /usr/local/php/phpCgi/installation/bin/peardev*
lrwxrwxrwx 1 root root 43 2006-07-31 16:03 pecl
-> /usr/local/php/phpCgi/installation/bin/pecl*
lrwxrwxrwx 1 root root 42 2006-07-31 16:03 php
-> /usr/local/php/phpCgi/installation/bin/php*
lrwxrwxrwx 1 root root 49 2006-07-31 16:03 php-config
-> /usr/local/php/phpCgi/installation/bin/php-config*
lrwxrwxrwx 1 root root 45 2006-07-31 16:03 phpize
-> /usr/local/php/phpCgi/installation/bin/phpize*
And the magic happens by using the following magical parameters for the
configure script:
--prefix=/usr/local/php/${PHP_VERSION_DIR}/installation \
--exec-prefix=/usr/local/php/${PHP_VERSION_DIR}/installation
This makes it really simple to test code with any given version of PHP
since all I need to do is change the softlink in the /usr/local/php/
directory.
For web testing, I change the link and restart the webserver.
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
attached mail follows:
Jon wrote:
> preg_match_all("/Charges \s\s+ $total x (.+) /siU", $single, $from_invoice);
>
> The text has "Charges" then a variable amount of spaces a previously picked
> decimal number" x " (and the data I want)" "
>
> is this correct or am I missing something? It seems to work sometimes and
> not others and I have not quite figured out what makes it fail.
>
> The error I get is
> Warning: preg_match_all(): unknown modifier '#' in "file"
Gracious, did you start a long thread. Several workable solutions are provided.
I'd like to offer some general advice, I learned from experience.
I never use "/" as the delimiter; there are too many chances for errors. I generally use "%", unless my haystack can
possible contain it. It is easier to spot syntax errors, for example. Otherwise, I use a delimiter that cannot be in my
haystack and is not a regex reserved character. Rarely is there a delimiter that is both in the haystack and is a
reserved character; if so, I just use literal code "\" as required.
I never use repeated special characters e.g., "\s\s" use "*", "+" or "{n,m}" as needed.
I rarely use "dot all" [e.g., "."] it accepts everything and can make testing very difficult. Invariably, there is a
combination I never thought of to test. I use explicit statements for everything that can be in my haystack [e.g., \d,
\w, [a-z], [0-9], \s, \S, etc.]
I always use the Reg Coach for complicated patterns and build and test the pattern one step at a time.
Al.........
attached mail follows:
Paul Scott wrote:
> On Wed, 2006-08-09 at 18:54 -0500, Jay Blanchard wrote:
>
>> Yes, but not everyone can get to or goes to conferences. And this would
>> stand on its own don'tcha think? I think that Chicago is perfect,
>> because it is centrally located (kinda') and a neat place to boot.
>>
>
> Kinda...Chicago is a bit of a drive for us in Cape Town, South
> Africa... ;)
>
> --Paul
>
>
>
> ------------------------------------------------------------------------
>
> All Email originating from UWC is covered by disclaimer http://www.uwc.ac.za/portal/uwc2006/content/mail_disclaimer/index.htm
It's still a bit of a drive when you live in Montreal and don't have a
car. About an 18 hour drive, plus a few hours for bus stops and border
crossings.
Regards, Adam Zey.
attached mail follows:
[snip]
It's still a bit of a drive when you live in Montreal and don't have a
car. About an 18 hour drive, plus a few hours for bus stops and border
crossings.
[/snip]
That is why the Wright Brothers did what they did. ;)
attached mail follows:
> That is why the Wright Brothers did what they did. ;)
>
I prefer the Zeppelin personally...
--Paul
All Email originating from UWC is covered by disclaimer http://www.uwc.ac.za/portal/uwc2006/content/mail_disclaimer/index.htm
attached mail follows:
Adam Zey wrote:
<snip>
> It's still a bit of a drive when you live in Montreal and don't have a
> car. About an 18 hour drive, plus a few hours for bus stops and border
> crossings.
>
Canadians are welcome to come? That's it, count me out!
:-p
--
John C. Nichel IV
Programmer/System Admin (ÜberGeek)
Dot Com Holdings of Buffalo
716.856.9675
jnicheldotcomholdingsofbuffalo.com
attached mail follows:
Jay Blanchard wrote:
> Here is a thought that a couple of us have shared off-list; why don't we
> list denizens plan a get together? A face-to-face with the good, the bad
> and the ugly. A mano y' mano curly brace holy war. Beers and meat. The
> whole 9.2 Mb's.
>
> So, what say you? Shall we start a more formal process? Set a date and a
> place some time in the near (6 mos. or so) future? All are welcome, from
> the newest of new to the crotchitiest of old.
>
> Double-dog dare you.
while I do enjoy the challenge of a swim accross the Atlantic, I just
cant manage to scrape together the cash to finance the support team and
the big jar of vaseline.
not to mention I'd be all wet when I arrived.
>
attached mail follows:
John Wells wrote:
> Thanks to everybody's suggestions, problem solved. Yes, the default
> encoding for PHP's mysql client is latin1. So a quick query of:
>
> "SET NAMES 'utf8'"
>
> *per connection* works it all out.
>
> The articles and links were very helpful in alluminating some of the
> other particulars of working with utf-8. These will take a bit more
> reading and studying...
Glad you got it sorted.
For me, I've had best success treating all tables as latin1, with the
connection also using lating and just "knowing" that all the text is
UTF8 encoded.... It certainly hasn't come back to bite me in the bum yet!
Col.
attached mail follows:
Hello,
I have a calendar script that displays a simple mini calendar view one month
at a time. User can click any date and the calendar opens another page that
displays that date's events. I would like to highlight to the mini calendar
view dates that have an event in database. So what would be a simple way to
check for events while the selected months days are printed to screen?
Thanks
-Will
attached mail follows:
Really depends on how you display the calendar...
if you go day by day building the table cells, then it should be easy
enough because you should already have the date you are working with...
so a query like "select count(*) from events where date='date'" and if
count is > 0 then display it differently.
On the other hand if you are using pre-canned functions to dump out the
entire month, then it would prove more difficult.
-B
William Stokes wrote:
> Hello,
>
> I have a calendar script that displays a simple mini calendar view one month
> at a time. User can click any date and the calendar opens another page that
> displays that date's events. I would like to highlight to the mini calendar
> view dates that have an event in database. So what would be a simple way to
> check for events while the selected months days are printed to screen?
>
> Thanks
> -Will
>
>
attached mail follows:
On Thu, August 10, 2006 12:14 pm, William Stokes wrote:
> I have a calendar script that displays a simple mini calendar view one
> month
> at a time. User can click any date and the calendar opens another page
> that
> displays that date's events. I would like to highlight to the mini
> calendar
> view dates that have an event in database. So what would be a simple
> way to
> check for events while the selected months days are printed to screen?
Depending on the number of records, the PHP<->MySQL connection speed,
and the indexes or lack thereof on your date column...
1. You could do a query for each date like:
select count(*) from events where whatdate = '$date'
2. You could pre-fill an array with dates that have an event:
select whatdate from events
where whatdate >= '$month/1/$year'
and whatdate < '{$month+1}/1/$year' /*might need something better here*/
group by whatdate
order by whatdate
while (list($whatdate) = mysql_fetch_row($result)){
$event_date[$whatdate] = true;
}
Then, while filling out the calendar, just check:
if (isset($event_date[$date])){
//color it as having events
}
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
Hi everyone,
Excuse me by off-topic.
I´ve been a little trouble in showing data in html form.
e.g.: In a e-commerce my client have a "Sony 29" TV" that when i put it in a
input value, it seems just "Sony 29" it´s caused by the quote in the data,
someone knows how can i fix it?
Thanks all.
--
João Cândido de Souza Neto
Curitiba Online
joaocuritibaonline.com.br
(41) 3324-2294 (41) 9985-6894
http://www.curitibaonline.com.br
attached mail follows:
http://us3.php.net/manual/en/function.addslashes.php
Good luck,
Warren Vail
> -----Original Message-----
> From: João Cândido de Souza Neto [mailto:joaocuritibaonline.com.br]
> Sent: Thursday, August 10, 2006 11:11 AM
> To: php-generallists.php.net
> Subject: [PHP] INPUT
>
> Hi everyone,
>
> Excuse me by off-topic.
>
> I´ve been a little trouble in showing data in html form.
>
> e.g.: In a e-commerce my client have a "Sony 29" TV" that
> when i put it in a input value, it seems just "Sony 29" it´s
> caused by the quote in the data, someone knows how can i fix it?
>
> Thanks all.
>
>
> --
> João Cândido de Souza Neto
> Curitiba Online
> joaocuritibaonline.com.br
> (41) 3324-2294 (41) 9985-6894
> http://www.curitibaonline.com.br
>
> --
> PHP General Mailing List (http://www.php.net/) To
> unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
João Cândido de Souza Neto wrote:
> Hi everyone,
>
> Excuse me by off-topic.
why; are you writing the app in ASP or something? ;-)
>
> I´ve been a little trouble in showing data in html form.
>
> e.g.: In a e-commerce my client have a "Sony 29" TV" that when i put it in a
> input value, it seems just "Sony 29" it´s caused by the quote in the data,
> someone knows how can i fix it?
echo htmlentities('Sony 29" TV', ENT_QUOTES);
or
echo htmlspecialchars('Sony 29" TV');
>
> Thanks all.
>
>
attached mail follows:
Just happened to think of one other thing you might want to be aware of;
When a query behaves like this, your site is usually vulnerable to the "Sql
Injection Hack". Basically this is where someone sticks an insert query
into one of your data form fields (quotes are involved), and the additional
query is used for something like adding themselves as an administrator to
your site. I believe the addslashes I mentioned before would fix this for
this field, but you may want to check other text fields on your forms.
Warren Vail
> -----Original Message-----
> From: João Cândido de Souza Neto [mailto:joaocuritibaonline.com.br]
> Sent: Thursday, August 10, 2006 11:11 AM
> To: php-generallists.php.net
> Subject: [PHP] INPUT
>
> Hi everyone,
>
> Excuse me by off-topic.
>
> I´ve been a little trouble in showing data in html form.
>
> e.g.: In a e-commerce my client have a "Sony 29" TV" that
> when i put it in a input value, it seems just "Sony 29" it´s
> caused by the quote in the data, someone knows how can i fix it?
>
> Thanks all.
>
>
> --
> João Cândido de Souza Neto
> Curitiba Online
> joaocuritibaonline.com.br
> (41) 3324-2294 (41) 9985-6894
> http://www.curitibaonline.com.br
>
> --
> PHP General Mailing List (http://www.php.net/) To
> unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
Warren Vail wrote:
> http://us3.php.net/manual/en/function.addslashes.php
adding a slash to a quote char that is part of an html tag's attribute's
value is not the correct way to encode the quote (actually it's not correct
anywhere in an html document) - although I wouldn't be surprised if it worked :-/
see: htmlentities() or htmlspecialchars()
>
> Good luck,
>
> Warren Vail
>
>
>> -----Original Message-----
>> From: João Cândido de Souza Neto [mailto:joaocuritibaonline.com.br]
>> Sent: Thursday, August 10, 2006 11:11 AM
>> To: php-generallists.php.net
>> Subject: [PHP] INPUT
>>
>> Hi everyone,
>>
>> Excuse me by off-topic.
>>
>> I´ve been a little trouble in showing data in html form.
>>
>> e.g.: In a e-commerce my client have a "Sony 29" TV" that
>> when i put it in a input value, it seems just "Sony 29" it´s
>> caused by the quote in the data, someone knows how can i fix it?
>>
>> Thanks all.
>>
>>
>> --
>> João Cândido de Souza Neto
>> Curitiba Online
>> joaocuritibaonline.com.br
>> (41) 3324-2294 (41) 9985-6894
>> http://www.curitibaonline.com.br
>>
>> --
>> PHP General Mailing List (http://www.php.net/) To
>> unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>
attached mail follows:
Many of the older PHP implementations don't have the mysql_escape_string
function, if not addslashes should work.... I would be interested to know
what might get past the addslashes function that the mysql_escape_string
function catches.
Warren Vail
> -----Original Message-----
> From: Jochem Maas [mailto:jochemiamjochem.com]
> Sent: Thursday, August 10, 2006 11:31 AM
> To: Warren Vail
> Cc: 'João Cândido de Souza Neto'; php-generallists.php.net
> Subject: Re: [PHP] INPUT
>
> Warren Vail wrote:
> > Just happened to think of one other thing you might want to
> be aware
> > of;
> >
> > When a query behaves like this, your site is usually
> vulnerable to the
> > "Sql Injection Hack". Basically this is where someone sticks an
> > insert query into one of your data form fields (quotes are
> involved),
> > and the additional query is used for something like adding
> themselves
> > as an administrator to your site. I believe the addslashes I
> > mentioned before would fix this for this field, but you may
> want to check other text fields on your forms.
>
> the way I read it he had an output problem not an input problem.
> but if it is an input problem then is does indeed have an SQL
> injection vulnerability, assuming he is using MySQL (other
> dbs have different functions) I would recommend using
> mysql_escape_string()/mysql_real_escape_string() instead of
> addslashes() because they are far more robust and clever
> functions dedicated to proper escaping of data to be put into a query.
>
> >
> > Warren Vail
> >
> >
> >> -----Original Message-----
> >> From: João Cândido de Souza Neto
> [mailto:joaocuritibaonline.com.br]
> >> Sent: Thursday, August 10, 2006 11:11 AM
> >> To: php-generallists.php.net
> >> Subject: [PHP] INPUT
> >>
> >> Hi everyone,
> >>
> >> Excuse me by off-topic.
> >>
> >> I´ve been a little trouble in showing data in html form.
> >>
> >> e.g.: In a e-commerce my client have a "Sony 29" TV" that
> when i put
> >> it in a input value, it seems just "Sony 29" it´s caused
> by the quote
> >> in the data, someone knows how can i fix it?
> >>
> >> Thanks all.
> >>
> >>
> >> --
> >> João Cândido de Souza Neto
> >> Curitiba Online
> >> joaocuritibaonline.com.br
> >> (41) 3324-2294 (41) 9985-6894
> >> http://www.curitibaonline.com.br
> >>
> >> --
> >> PHP General Mailing List (http://www.php.net/) To
> unsubscribe, visit:
> >> http://www.php.net/unsub.php
> >>
> >>
> >
>
>
attached mail follows:
Thanks a lot by your answers everyone.
Tomorow i´ll be back in this system and i´ll test it.
""João Cândido de Souza Neto"" <joaocuritibaonline.com.br> escreveu na
mensagem news:42.05.04634.4677BD44pb1.pair.com...
> Hi everyone,
>
> Excuse me by off-topic.
>
> I´ve been a little trouble in showing data in html form.
>
> e.g.: In a e-commerce my client have a "Sony 29" TV" that when i put it in
> a
> input value, it seems just "Sony 29" it´s caused by the quote in the data,
> someone knows how can i fix it?
>
> Thanks all.
>
>
> --
> João Cândido de Souza Neto
> Curitiba Online
> joaocuritibaonline.com.br
> (41) 3324-2294 (41) 9985-6894
> http://www.curitibaonline.com.br
attached mail follows:
Warren Vail wrote:
> Just happened to think of one other thing you might want to be aware of;
>
> When a query behaves like this, your site is usually vulnerable to the "Sql
> Injection Hack". Basically this is where someone sticks an insert query
> into one of your data form fields (quotes are involved), and the additional
> query is used for something like adding themselves as an administrator to
> your site. I believe the addslashes I mentioned before would fix this for
> this field, but you may want to check other text fields on your forms.
the way I read it he had an output problem not an input problem.
but if it is an input problem then is does indeed have an SQL injection vulnerability,
assuming he is using MySQL (other dbs have different functions) I would
recommend using mysql_escape_string()/mysql_real_escape_string() instead of
addslashes() because they are far more robust and clever functions dedicated to
proper escaping of data to be put into a query.
>
> Warren Vail
>
>
>> -----Original Message-----
>> From: João Cândido de Souza Neto [mailto:joaocuritibaonline.com.br]
>> Sent: Thursday, August 10, 2006 11:11 AM
>> To: php-generallists.php.net
>> Subject: [PHP] INPUT
>>
>> Hi everyone,
>>
>> Excuse me by off-topic.
>>
>> I´ve been a little trouble in showing data in html form.
>>
>> e.g.: In a e-commerce my client have a "Sony 29" TV" that
>> when i put it in a input value, it seems just "Sony 29" it´s
>> caused by the quote in the data, someone knows how can i fix it?
>>
>> Thanks all.
>>
>>
>> --
>> João Cândido de Souza Neto
>> Curitiba Online
>> joaocuritibaonline.com.br
>> (41) 3324-2294 (41) 9985-6894
>> http://www.curitibaonline.com.br
>>
>> --
>> PHP General Mailing List (http://www.php.net/) To
>> unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>
attached mail follows:
Warren Vail wrote:
> Many of the older PHP implementations don't have the mysql_escape_string
> function, if not addslashes should work....
this is true.
> I would be interested to know
> what might get past the addslashes function that the mysql_escape_string
> function catches.
not sure about that but one assumes MySQL is better equipped to know
how to properly/safely escape data - besides mysql_real_escape_string()
is character set aware. on top of this you don't know what the future will bring
mysql(_real)_escape_string() is better in terms of future proofing.
if anyone answer Warren's question I would be interested to read about it too :-)
>
> Warren Vail
>
>
>> -----Original Message-----
>> From: Jochem Maas [mailto:jochemiamjochem.com]
>> Sent: Thursday, August 10, 2006 11:31 AM
>> To: Warren Vail
>> Cc: 'João Cândido de Souza Neto'; php-generallists.php.net
>> Subject: Re: [PHP] INPUT
>>
>> Warren Vail wrote:
>>> Just happened to think of one other thing you might want to
>> be aware
>>> of;
>>>
>>> When a query behaves like this, your site is usually
>> vulnerable to the
>>> "Sql Injection Hack". Basically this is where someone sticks an
>>> insert query into one of your data form fields (quotes are
>> involved),
>>> and the additional query is used for something like adding
>> themselves
>>> as an administrator to your site. I believe the addslashes I
>>> mentioned before would fix this for this field, but you may
>> want to check other text fields on your forms.
>>
>> the way I read it he had an output problem not an input problem.
>> but if it is an input problem then is does indeed have an SQL
>> injection vulnerability, assuming he is using MySQL (other
>> dbs have different functions) I would recommend using
>> mysql_escape_string()/mysql_real_escape_string() instead of
>> addslashes() because they are far more robust and clever
>> functions dedicated to proper escaping of data to be put into a query.
>>
>>> Warren Vail
>>>
>>>
>>>> -----Original Message-----
>>>> From: João Cândido de Souza Neto
>> [mailto:joaocuritibaonline.com.br]
>>>> Sent: Thursday, August 10, 2006 11:11 AM
>>>> To: php-generallists.php.net
>>>> Subject: [PHP] INPUT
>>>>
>>>> Hi everyone,
>>>>
>>>> Excuse me by off-topic.
>>>>
>>>> I´ve been a little trouble in showing data in html form.
>>>>
>>>> e.g.: In a e-commerce my client have a "Sony 29" TV" that
>> when i put
>>>> it in a input value, it seems just "Sony 29" it´s caused
>> by the quote
>>>> in the data, someone knows how can i fix it?
>>>>
>>>> Thanks all.
>>>>
>>>>
>>>> --
>>>> João Cândido de Souza Neto
>>>> Curitiba Online
>>>> joaocuritibaonline.com.br
>>>> (41) 3324-2294 (41) 9985-6894
>>>> http://www.curitibaonline.com.br
>>>>
>>>> --
>>>> PHP General Mailing List (http://www.php.net/) To
>> unsubscribe, visit:
>>>> http://www.php.net/unsub.php
>>>>
>>>>
>>
>
>
attached mail follows:
By the last answers i saw that someone do not understand wath i wanted to
say.
My strigs are always rightly escaped, but when i get it into a html form
like <input type="text" value="<? echo $field;?>"> it gets <input
type="text" value="Sony 29" TV"> that is, the value of my input field lost
part of the content.
""João Cândido de Souza Neto"" <joaocuritibaonline.com.br> escreveu na
mensagem news:42.05.04634.4677BD44pb1.pair.com...
> Hi everyone,
>
> Excuse me by off-topic.
>
> I´ve been a little trouble in showing data in html form.
>
> e.g.: In a e-commerce my client have a "Sony 29" TV" that when i put it in
> a
> input value, it seems just "Sony 29" it´s caused by the quote in the data,
> someone knows how can i fix it?
>
> Thanks all.
>
>
> --
> João Cândido de Souza Neto
> Curitiba Online
> joaocuritibaonline.com.br
> (41) 3324-2294 (41) 9985-6894
> http://www.curitibaonline.com.br
attached mail follows:
>
>
> By the last answers i saw that someone do not understand wath
> i wanted to
> say.
>
> My strigs are always rightly escaped, but when i get it into
> a html form
> like <input type="text" value="<? echo $field;?>"> it gets <input
> type="text" value="Sony 29" TV"> that is, the value of my
> input field lost
> part of the content.
>
<input type="text" value="<? echo htmlentities($field);?>">
http://php.net/htmlentities
JM
attached mail follows:
On Thu, August 10, 2006 1:54 pm, Jochem Maas wrote:
> Warren Vail wrote:
>> Many of the older PHP implementations don't have the
>> mysql_escape_string
>> function, if not addslashes should work....
>
> this is true.
>
>> I would be interested to know
>> what might get past the addslashes function that the
>> mysql_escape_string
>> function catches.
>
> not sure about that but one assumes MySQL is better equipped to know
> how to properly/safely escape data - besides
> mysql_real_escape_string()
> is character set aware. on top of this you don't know what the future
> will bring
> mysql(_real)_escape_string() is better in terms of future proofing.
>
> if anyone answer Warren's question I would be interested to read about
> it too :-)
As I understand it, the only known issues are, in fact, with
non-Latin1 character sets not being escaped properly, and leaving a
big fat security door unlocked because of it.
There is a theoretical possibility that something in Latin1 +
addslashes is still hinky, but it seems unlikely at this point in
time, after most of a decade of hacking...
This is NOT an endorsement of "sticking with" addslashes because you
are "sure" you'll never need anything more than Latin1 !!!
You *should* switch, even if only for the theoretical risk-reduction.
And because you only THINK you won't need more than Latin1, and you're
wrong. :-)
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
Richard Lynch wrote:
> On Thu, August 10, 2006 1:54 pm, Jochem Maas wrote:
>> Warren Vail wrote:
>>> Many of the older PHP implementations don't have the
>>> mysql_escape_string
>>> function, if not addslashes should work....
>> this is true.
>>
>>> I would be interested to know
>>> what might get past the addslashes function that the
>>> mysql_escape_string
>>> function catches.
>> not sure about that but one assumes MySQL is better equipped to know
>> how to properly/safely escape data - besides
>> mysql_real_escape_string()
>> is character set aware. on top of this you don't know what the future
>> will bring
>> mysql(_real)_escape_string() is better in terms of future proofing.
>>
>> if anyone answer Warren's question I would be interested to read about
>> it too :-)
>
> As I understand it, the only known issues are, in fact, with
> non-Latin1 character sets not being escaped properly, and leaving a
> big fat security door unlocked because of it.
>
> There is a theoretical possibility that something in Latin1 +
> addslashes is still hinky, but it seems unlikely at this point in
> time, after most of a decade of hacking...
>
> This is NOT an endorsement of "sticking with" addslashes because you
> are "sure" you'll never need anything more than Latin1 !!!
>
> You *should* switch, even if only for the theoretical risk-reduction.
>
> And because you only THINK you won't need more than Latin1, and you're
> wrong. :-)
beautifully put as as always :-)
>
attached mail follows:
Ok guys.
I used htmlentities and everything work fine.
Thanks gang.
""João Cândido de Souza Neto"" <joaocuritibaonline.com.br> escreveu na
mensagem news:42.05.04634.4677BD44pb1.pair.com...
> Hi everyone,
>
> Excuse me by off-topic.
>
> I´ve been a little trouble in showing data in html form.
>
> e.g.: In a e-commerce my client have a "Sony 29" TV" that when i put it in
> a
> input value, it seems just "Sony 29" it´s caused by the quote in the data,
> someone knows how can i fix it?
>
> Thanks all.
>
>
> --
> João Cândido de Souza Neto
> Curitiba Online
> joaocuritibaonline.com.br
> (41) 3324-2294 (41) 9985-6894
> http://www.curitibaonline.com.br
attached mail follows:
Hello,
I have about 90 customers who have created accounts but not yet
activated them in the past 11 months. That's less than one every 3.6
days but compared to our total number of customers, it's right at the
edge of being a significant number.
I'm curious to find a way to determine if the mail was actually
delivered to the customer's mailbox. I know there are many factors
involved in this, the most difficult of which being spam filters.
One method I thought of was to put a web bug in the email which will
effectively tell me if the email was read or not. Perhaps by the time
the customer gets the click-this-link-to-activate-your-account email
they've lost interest and ignore it. Or maybe they do in fact read it
but they just don't click. A web bug will help me to determine this.
On the other hand, a web bug won't tell me if the mail actually reached
their inbox. The only way I can come up with to even closely determine
this is to monitor my sendmail logs for proof that their mail server (at
the very least) accepted the message.
Has anyone implemented something like this already and have code to
share with regards to parsing the sendmail log? Or are there more clever
or more simple ways to do this out there?
Thanks!
Chris.
attached mail follows:
On Thu, August 10, 2006 1:48 pm, Chris W. Parker wrote:
> I have about 90 customers who have created accounts but not yet
> activated them in the past 11 months. That's less than one every 3.6
> days but compared to our total number of customers, it's right at the
> edge of being a significant number.
Keep in mind that for many mere mortals, the process of dealing with
your email confirmation goes like this:
1. surf to site, put in email
2. check email, find nothing.
3. go back to site, use work/home/other email
4. success!
So of those 90 customers, at least some of them are activated, only
under a different email, rather than diving into spam filters and all
that.
Virtually all the things you COULD do to attempt to monitor the email
getting read or not will drastically INCREASE the odds that the email
will get marked as spam and trashed before they CAN open it.
Perhaps it would be better to allow for an optional phone number by
the visitor to be put in, that you can call if they don't activate
their account, to help them out.
90 phone calls is a lot of calls, but it probably beats having fewer
activations because your tracking attempts get your emails banned.
Just a thought.
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
Richard Lynch <mailto:ceol-i-e.com>
on Thursday, August 10, 2006 1:14 PM said:
> Keep in mind that for many mere mortals, the process of dealing with
> your email confirmation goes like this:
>
> 1. surf to site, put in email
> 2. check email, find nothing.
> 3. go back to site, use work/home/other email
> 4. success!
>
> So of those 90 customers, at least some of them are activated, only
> under a different email, rather than diving into spam filters and all
> that.
True true. Good point.
In this case monitoring my logs will help to know that at least my
server has sent the email successfully.
> Virtually all the things you COULD do to attempt to monitor the email
> getting read or not will drastically INCREASE the odds that the email
> will get marked as spam and trashed before they CAN open it.
Another good point.
> Perhaps it would be better to allow for an optional phone number by
> the visitor to be put in, that you can call if they don't activate
> their account, to help them out.
>
> 90 phone calls is a lot of calls, but it probably beats having fewer
> activations because your tracking attempts get your emails banned.
>
> Just a thought.
All good ideas!
Thanks,
Chris.
attached mail follows:
On Wed, August 9, 2006 11:15 pm, Richard Lynch wrote:
> On Wed, August 9, 2006 11:20 am, Dave M G wrote:
>> How do I create a file that the user saves, and is not stored on the
>> server?
>
> http://richadlynch.blogger.com
Curses!
Foiled again!
Can't even type my own name :-v
http://richardlynch.blogspot.com/
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
On Wed, August 9, 2006 11:40 pm, Dave M G wrote:
> Robert said:
>> It's all about the headers...
>> header( "Content-type: text/csv" );
This only forces a download if the browser has not been configured to
do something special with text/csv
application/octet-stream
is the correct answer to force a download.
>> header( "Content-disposition: inline; filename=$filename" );
This only works on some browsers, not all browsers.
Unless you actually want to "fix" bug reports for the next 3 years on
this page, with an ever-expanding list of headers that never quite
work right:
http://richardlynch.blogspot.com/
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
Ack, your email provider thinks my email is spam... not sure why. I got
a bounce-back with this link:
Permanent Failure: 553_5.3.0_<kevin[kevin's
domain].net>..._REJECT:550_Spam_filter_activated_see_http://[kevin's
domain].net/spam/
Sorry to hit the PHP list, but I really wanted to thank you for your help.
attached mail follows:
On Thu, 2006-08-10 at 13:38 -0700, Micky Hulse wrote:
> Ack, your email provider thinks my email is spam... not sure why. I got
> a bounce-back with this link:
>
> Permanent Failure: 553_5.3.0_<kevin[kevin's
> domain].net>..._REJECT:550_Spam_filter_activated_see_http://[kevin's
> domain].net/spam/
>
> Sorry to hit the PHP list, but I really wanted to thank you for your help.
*lol* Because he added it to the list. I'm in there too *lol*.
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
attached mail follows:
On Wed, August 9, 2006 11:33 pm, Micky Hulse wrote:
> Yeah, I would prefer to not setup a CAPTCHA too (although, I would
> like
> to learn how to script one)... hopefully implementing your (and
> everyone
> else's) great suggestions will really make my script hard to spam.
I rolled my own, because I thought it would be a useful learning
experience.
And, I kinda sorta documented it.
Well, I put the source up on-line anyway. :-)
So here's one crude hack way to do it, if you just want the basics of
how it's done:
http://voodookings.net/eyesonly_example.htm
After you pass the CAPTCHA, it links to source.
The connect.inc file is not available, as it has database password in
it, but other than pg_connect() there is nothing interesting in there
anyway.
You're on your own converting the oh-so-complicated (not!) SQL to
MySQL instead of PostgreSQL...
I'm pretty sure just changing mysql_query() and flipping $connection,
$query to $query, $connection will do it.
Note that if you are already using SESSIONs, then you could just toss
the $token in $_SESSION -- I, however, was not, and did not want to
start issuing cookies just for the CAPTCHA to work.
The web2 dictionary is Webster's older dictionary, now in the public
domain, and is installed on my server by the webhost -- so presumably
is readily available.
I also intentionally added zero "noise" to my CAPTCHA -- though you
obviously can make the PNG as complicated as you like.
I figure if the spammers want to OCR the CAPTCHA, I'm just gonna take
the damn guestbook down.
Though I later did that kinda thing for a client, and it ain't as
tricky as one might think...
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
On Wed, August 9, 2006 11:42 pm, Micky Hulse wrote:
> Micky Hulse wrote:
>> I just commented-out all of the PHP in the old script and added one
>> line: die("#%$# off!");
>
> Actually... is there anything more I can do at this point to fight
> back?
> Can I use something better than die()? Or, is it best just to let
> them
> figure it out and go away?
You can tie up their connection, wasting your connection...
I suppose you could do:
header("Location: 127.0.0.1");
and then they'd be trying to surf to their own computer, if they are
following re-directs in their hack attempt...
Though odds are really good they are watching for that.
Bottom line:
Nope, probably not much you can do.
More's the pity.
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
Richard Lynch wrote:
> You can tie up their connection, wasting your connection...
If it were my own site, I might think about doing something like wasting
my connection...
> I suppose you could do:
> header("Location: 127.0.0.1");
> and then they'd be trying to surf to their own computer, if they are
> following re-directs in their hack attempt...
> Though odds are really good they are watching for that.
Oooh, good call. Interesting idea. I was thinking about doing something
with a header redirect, but I also did not want to do anything too crazy
- mostly because it is not my sight.
> Bottom line:
> Nope, probably not much you can do.
> More's the pity.
Yep. I think I will just leave it at die();
Many thanks for the input.
Cheers! :D
Micky
attached mail follows:
Richard Lynch wrote:
> I rolled my own, because I thought it would be a useful learning
> experience.
Sounds like what I am thinking. :)
> And, I kinda sorta documented it.
> Well, I put the source up on-line anyway. :-)
> So here's one crude hack way to do it, if you just want the basics of
> how it's done:
> http://voodookings.net/eyesonly_example.htm
Kick-butt! Thanks for sharing. :D
> After you pass the CAPTCHA, it links to source.
>
> The connect.inc file is not available, as it has database password in
> it, but other than pg_connect() there is nothing interesting in there
> anyway.
> ...
> Note that if you are already using SESSIONs, then you could just toss
> the $token in $_SESSION -- I, however, was not, and did not want to
> start issuing cookies just for the CAPTCHA to work.
Hehe, sounds like what I am thinking... I really do not even want to
touch her site much as I am working on a re-design now and probably
going to use a CMS to manage content. But, I will still be using the
contact form, so all you your (and others) help is greatly appreciated.
> The web2 dictionary is Webster's older dictionary, now in the public
> domain, and is installed on my server by the webhost -- so presumably
> is readily available.
Nice, was not aware of that dictionary, googling now. :)
> I also intentionally added zero "noise" to my CAPTCHA -- though you
> obviously can make the PNG as complicated as you like.
> I figure if the spammers want to OCR the CAPTCHA, I'm just gonna take
> the damn guestbook down.
Lol, ya... that is kinda where I am coming from. If my client does not
solve her probs after I fix-up the contact form script, then I will
suggest she just asks folks to use an email program and manually contact
her.
Did I mention "spammer suck" already? Well, at least they are good
motivators.
Thanks Richard, you rock!
Cheers,
Micky
attached mail follows:
On Wed, August 9, 2006 8:18 am, Sjef wrote:
> Hello all!
> This is a bit difficult to explain.
> On a site I am building I sometimes use the GET method to forward
> values to
> the next page. There are certain pages that you need to be logged in
> to to
> be able to see data. So you arrive at the page, you realize that you
> are not
> logged in, so you type your username/password and hit 'log in'. Then
> the
> page gets severely messed up as the GET data are not forwarded (at
> least, I
> think that's the problem). Any ideas how to solve this?
> I tried to send a header("location: ...") with the document_root and
> request_uri as the location, but that doesn't do the trick.
In the ideal world, you'd be using PHP session_start to handle the
login, so their login would persist, and you'd never hit this problem.
Assuming you've done that, but their session times out, or, perhaps,
you are forwarding from some place that requires no login, and they
weren't logged in, you would need to change the LOGIN routine to
accept a parameter of the URL of where they were trying to go.
$_SERVER['PHP_SELF'] and $_SERVER['REQUEST_URI'] and friends would do
that.
After a successful login, you could just do a header("Location: ")
back to the URL they wanted in the first place.
An even simple option, often, is to avoid all the header("Location: ")
bouncing around, and just include() whatever it is they should be
getting.
And if you include 'login.inc' and THAT file can simple check their
credentials and do nothing, or put out a FORM to POST back to the same
page and then exit, you can often avoid the header("Location: ")
entirely.
This can make debugging and following process flow through the
application a heck of a lot easier, since you're not trying to
de-construct URLs and figure out where you're getting bounced to all
the time.
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
On Wed, August 9, 2006 1:30 am, Dave M G wrote:
> This regular expression stuff is way tricky.
>
> Thanks to help from this list, I have an expression that will select
> the
> first word of a string, up to the first white space:
> "#^(.*)\s#iU"
>
> But after some consideration, I realized that I wanted to keep both
> parts of the original text. The first word, and then everything that
> came after it, should be divided and stored in separate variables.
$pattern = "#^([^\\s]*)(\\s*)(.*\$)#sU";
preg_match($pattern, $input, $parts);
echo "Before whitespace: $parts[1]<br />\n";
echo "Whitespace: $parts[2]<br />\n";
echo "After whitespace: $parts[3]<br />\n";
De-construction:
#^ Anchored at the beginning of the string
([^\\s]*) Capture everything that's not whitespace
(\\s*) Capture a contiguous run of whitespace
(.*\$) Capture anything at all to the end of the string
#sU 's' is mult-line, and U is ungreedy
Aha!
You may need to use (.*\$)? to get the greedy back "on" for the ending
bit, so that \$ does not match the FIRST newline, but matches the END
of the string.
Please find and download "The Regex Coach" and play around with it.
Its real-time syntax/pattern/match highlighting makes Regex a hell of
a lot easier to figure out.
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
On Wed, August 9, 2006 5:07 am, Dave M G wrote:
> The brackets indicate a sub-expression.
The parens indicate that you want to CAPTURE the matched characters.
Inside of [ ] the parens would be a sub-expression, however.
> First question, why is there an extra backslash before the space
> marker
> "\s"? Isn't that an escape character, so wouldn't that turn the
> following space marker into a literal backslash followed by an "s"?
PHP uses \ as an escape character.
PCRE *also* uses \ as an escape character.
So, in PHP, the \\ *does* turn into \s -- You are correct on that.
In PCRE \s means "whitespace" -- the s is not just an 's' character
alone, it's an \s which means