|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
php-general Digest 15 Aug 2006 22:29:30 -0000 Issue 4295
php-general-digest-help
lists.php.net
Date: Tue Aug 15 2006 - 17:29:30 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
php-general Digest 15 Aug 2006 22:29:30 -0000 Issue 4295
Topics (messages 240694 through 240736):
login script
240694 by: Ross
240696 by: Stut
240697 by: Dave Goodchild
240714 by: Andrew Kreps
Image Destroy
240695 by: Tom Chubb
240698 by: chris smith
240699 by: chris smith
Mail reply-path
240700 by: bob pilly
240711 by: Jon Anderson
240736 by: Richard Lynch
Re: Internet Explorer doesn't display UTF-8 page using UTF-8 encoding
240701 by: tedd
Re: php and dynamic forms
240702 by: tedd
Re: header lost session variables.
240703 by: Joćo Cāndido de Souza Neto
sorting array after array_count_values
240704 by: afan.afan.net
240735 by: Richard Lynch
Capturing System output
240705 by: Brad Bonkoski
240706 by: Ray Hauge
240707 by: Brad Bonkoski
240708 by: KermodeBear
240709 by: Stut
240710 by: Ray Hauge
240734 by: Richard Lynch
system, exec, shell_exec, passthru [RESOLVED]
240712 by: p.willis.telus.net
Setting flags versus checking for existing/nonexisting values
240713 by: Chris W. Parker
240716 by: Brad Bonkoski
240719 by: Chris W. Parker
240723 by: Robert Cummings
240732 by: Richard Lynch
readdir() question
240715 by: John Meyer
240726 by: Tom Chubb
240731 by: Richard Lynch
ftp_chmod
240717 by: tedd
240718 by: John Nichel
240733 by: tedd
Easier way to get the name of a variable?
240720 by: Chris W. Parker
240729 by: Richard Lynch
240730 by: Robert Cummings
Max File Upload
240721 by: Tom Ray [Lists]
240722 by: John Nichel
240725 by: Jeremy Privett
240728 by: Richard Lynch
'weird error' possibly related to APC... how to begin debugging?
240724 by: Jochem Maas
240727 by: Richard Lynch
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net
To post to the list, e-mail:
php-generallists.php.net
----------------------------------------------------------------------
attached mail follows:
Hello,
I have a couple of questions
first how do I check two tables is it?
$sql = "SELECT * FROM mytable, mytable2 WHERE username = '$username' AND
userpass = '$userpass'";
Secondly my table just sends and returns straight values from the db but I
expect some kind of encription is required. What is a simple, secure method.
md5() or another method. Do I store an encypted file on the server and just
decrypt it at the php page.
my auth script at present
<?php
session_start();
$auth = false; // Assume user is not authenticated
$username= $_REQUEST['username'];
$userpass= $_REQUEST['userpass'];
if (isset($username) && isset($userpass)) {
$sql = "SELECT * FROM mytable WHERE
username = '$username' AND
userpass = '$userpass'";
// Execute the query and put results in $result
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
// Get number of rows in $result.
$num_rows = mysql_num_rows($result);
if($num_rows == 0) {
}
else {
$_SESSION['username']= $username;
$_SESSION['userpass']= $userpass;
header("Location: disclaimer.php");
$auth = true;
}
}
Thanks.
attached mail follows:
Ross wrote:
> first how do I check two tables is it?
>
> $sql = "SELECT * FROM mytable, mytable2 WHERE username = '$username' AND
> userpass = '$userpass'";
>
That depends on what you are trying to achieve. Your example makes no
sense at all. What are you trying to get from each table? How are they
linked? etc! However, since this is a PHP list I suggest you try
Googling for an introductory SQL tutorial or a SQL mailing list.
> Secondly my table just sends and returns straight values from the db but I
> expect some kind of encription is required. What is a simple, secure method.
> md5() or another method. Do I store an encypted file on the server and just
> decrypt it at the php page.
>
> my auth script at present
>
> <?php
> session_start();
> $auth = false; // Assume user is not authenticated
> $username= $_REQUEST['username'];
> $userpass= $_REQUEST['userpass'];
> if (isset($username) && isset($userpass)) {
> $sql = "SELECT * FROM mytable WHERE
> username = '$username' AND
> userpass = '$userpass'";
> // Execute the query and put results in $result
> $result = mysql_query( $sql )
> or die ( 'Unable to execute query.' );
> // Get number of rows in $result.
> $num_rows = mysql_num_rows($result);
> if($num_rows == 0) {
>
> }
> else {
> $_SESSION['username']= $username;
> $_SESSION['userpass']= $userpass;
> header("Location: disclaimer.php");
>
> $auth = true;
> }
> }
>
If that's your login script you have bigger problems than securing the
passwords in the database. There is no escaping applied to the username
and password you get from the browser - this is a massive security hole.
See http://php.net/mysql_real_escape_string about that one.
As far as securing the password goes, the most common approach is to
store the MD5 hash in the DB. What you want is something like this...
<?php
session_start();
$auth = false; // Assume user is not authenticated
$username = $_REQUEST['username'];
$userpass = $_REQUEST['userpass'];
if (!empty($username) && !empty($userpass))
{
$sql = "SELECT * FROM mytable WHERE
username = '".mysql_real_escape_string($username)."' AND
userpass = md5('".mysql_real_escape_string($userpass)."')";
// Execute the query and put results in $result
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
// Get number of rows in $result.
if (mysql_num_rows($result) == 0)
{
// Login failed, blah blah blah
}
else
{
$_SESSION['username']= $username;
$_SESSION['userpass']= $userpass;
header("Location: disclaimer.php");
$auth = true;
}
}
?>
-Stut
attached mail follows:
On 15/08/06, Ross <rossaztechost.com> wrote:
>
>
> Hello,
>
> I have a couple of questions
>
> first how do I check two tables is it?
>
> $sql = "SELECT * FROM mytable, mytable2 WHERE username = '$username' AND
> userpass = '$userpass'";
>
>
> Secondly my table just sends and returns straight values from the db but I
> expect some kind of encription is required. What is a simple, secure
> method.
> md5() or another method. Do I store an encypted file on the server and
> just
> decrypt it at the php page.
>
> my auth script at present
>
> <?php
> session_start();
> $auth = false; // Assume user is not authenticated
> $username= $_REQUEST['username'];
> $userpass= $_REQUEST['userpass'];
> if (isset($username) && isset($userpass)) {
> $sql = "SELECT * FROM mytable WHERE
> username = '$username' AND
> userpass = '$userpass'";
> // Execute the query and put results in $result
> $result = mysql_query( $sql )
> or die ( 'Unable to execute query.' );
> // Get number of rows in $result.
> $num_rows = mysql_num_rows($result);
> if($num_rows == 0) {
>
> }
> else {
> $_SESSION['username']= $username;
> $_SESSION['userpass']= $userpass;
> header("Location: disclaimer.php");
>
> $auth = true;
> }
> }
>
> Question 1 - you are doing a join so there has to be a linking index
> between the two table ie select * from table1, table2 where table1.id =
> table2.userid (for example). Question 2 - md5 is sufficient, depends on
> what your are storing (ie credit card numbers may require a stronger
> encyption method. To check:
$pass = md5(password);
select * from table 1 where password = '$pass';
I think the php and mysql md5 functions differ but I may be wrong!
--
http://www.web-buddha.co.uk
http://www.projectkarma.co.uk
attached mail follows:
I would hope that MD5 hashing is MD5 hashing no matter where it
originates. However, I think it's better to use the database server's
implementation. I believe it is less likely to be changed in future
versions, and it removes some processing time from the front end.
Additionally, if you ever move away from PHP, you have one less line
of platform-specific code to change.
On 8/15/06, Dave Goodchild <buddhamagnetgmail.com> wrote:
>
> $pass = md5(password);
> select * from table 1 where password = '$pass';
>
> I think the php and mysql md5 functions differ but I may be wrong!
>
attached mail follows:
I know this will be really simple, but I'm struggling to get my head round
the use of imagedestroy()
I have some code which uploads an image, resizes to create a smaller image
and thumbnail then deletes the source image.
My question is which images need to be destroyed?
I've read the even reusing a variable name still keeps the old one in
memory.
Here is the code...
$image1 = basename($_FILES['image1']['name']);
$image2 = basename($_FILES['image2']['name']);
$image3 = basename($_FILES['image3']['name']);
$uploaddir = '/home/public_html/images/upload/';
$uploadfile1 = $uploaddir . basename($_FILES['image1']['name']);
$uploadfile2 = $uploaddir . basename($_FILES['image2']['name']);
$uploadfile3 = $uploaddir . basename($_FILES['image3']['name']);
// echo '<pre>';
if (move_uploaded_file($_FILES['image1']['tmp_name'], $uploadfile1)) {
echo "Image1 is valid, and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
echo "<BR>";
}
// echo '<pre>';
if (move_uploaded_file($_FILES['image2']['tmp_name'], $uploadfile2)) {
echo "Image2 is valid, and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
echo "<BR>";
}
// echo '<pre>';
if (move_uploaded_file($_FILES['image3']['tmp_name'], $uploadfile3)) {
echo "Image3 is valid, and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
echo "<BR>";
}
echo "Car inserted into database";
// Now Resize Images
/* resizeToFile resizes a picture and writes it to the harddisk
*
* $sourcefile = the filename of the picture that is going to be resized
* $dest_x = X-Size of the target picture in pixels
* $dest_y = Y-Size of the target picture in pixels
* $targetfile = The name under which the resized picture will be stored
* $jpegqual = The Compression-Rate that is to be used
*/
function resizeToFile ($sourcefile, $dest_x, $dest_y, $targetfile,
$jpegqual)
{
/* Get the dimensions of the source picture */
$picsize=getimagesize("$sourcefile");
$source_x = $picsize[0];
$source_y = $picsize[1];
$source_id = imageCreateFromJPEG("$sourcefile");
/* Create a new image object (not neccessarily true colour) */
$target_id=imagecreatetruecolor($dest_x, $dest_y);
/* Resize the original picture and copy it into the just created image
object. Because of the lack of space I had to wrap the parameters to
several lines. I recommend putting them in one line in order keep your
code clean and readable */
$target_pic=imagecopyresampled($target_id,$source_id,
0,0,0,0,
$dest_x,$dest_y,
$source_x,$source_y);
/* Create a jpeg with the quality of "$jpegqual" out of the
image object "$target_pic".
This will be saved as $targetfile */
imagejpeg ($target_id,"$targetfile",$jpegqual);
return true;
}
//Set Quality to Max
$jpegqual = '100';
//Resize Main Image
$sourcefile = $uploadfile1;
$targetfile = $uploaddir . 'main_' . basename($_FILES['image1']['name']);
$dest_x = '570';
$dest_y = '428';
resizeToFile ($sourcefile, $dest_x, $dest_y, $targetfile, $jpegqual);
$sourcefile = $uploadfile2;
$targetfile = $uploaddir . 'main_' . basename($_FILES['image2']['name']);
$dest_x = '570';
$dest_y = '428';
resizeToFile ($sourcefile, $dest_x, $dest_y, $targetfile, $jpegqual);
$sourcefile = $uploadfile3;
$targetfile = $uploaddir . 'main_' . basename($_FILES['image3']['name']);
$dest_x = '570';
$dest_y = '428';
resizeToFile ($sourcefile, $dest_x, $dest_y, $targetfile, $jpegqual);
//Create Thumbnails
$sourcefile = $uploadfile1;
$targetfile = $uploaddir . 'thumb_' . basename($_FILES['image1']['name']);
$dest_x = '120';
$dest_y = '90';
resizeToFile ($sourcefile, $dest_x, $dest_y, $targetfile, $jpegqual);
$sourcefile = $uploadfile2;
$targetfile = $uploaddir . 'thumb_' . basename($_FILES['image2']['name']);
$dest_x = '120';
$dest_y = '90';
resizeToFile ($sourcefile, $dest_x, $dest_y, $targetfile, $jpegqual);
$sourcefile = $uploadfile3;
$targetfile = $uploaddir . 'thumb_' . basename($_FILES['image3']['name']);
$dest_x = '120';
$dest_y = '90';
resizeToFile ($sourcefile, $dest_x, $dest_y, $targetfile, $jpegqual);
//Delete Uploaded Source Files as no longer required
if(file_exists($uploadfile1))
unlink($uploadfile1);
if(file_exists($uploadfile2))
unlink($uploadfile2);
if(file_exists($uploadfile3))
unlink($uploadfile3);
Should I be using imagedestroy($sourcefile) each time I create an image or
imagedestroy($targetfile) or both?
Many thanks in advance.
Tom
attached mail follows:
On 8/15/06, Tom Chubb <tomchubbgmail.com> wrote:
> I know this will be really simple, but I'm struggling to get my head round
> the use of imagedestroy()
> I have some code which uploads an image, resizes to create a smaller image
> and thumbnail then deletes the source image.
> My question is which images need to be destroyed?
Straight from the manual:
imagedestroy() frees any memory associated with image image. image is
the image identifier returned by one of the image create functions,
such as imagecreatetruecolor()
So any time you call imagecreate* functions you need to also do an imagedestroy.
In your case you need to add
imagedestroy($target_id);
imagedestroy($source_id);
just before
imagejpeg ($target_id,"$targetfile",$jpegqual);
return true;
}
--
Postgresql & php tutorials
http://www.designmagick.com/
attached mail follows:
On 8/15/06, chris smith <dmagickgmail.com> wrote:
> On 8/15/06, Tom Chubb <tomchubbgmail.com> wrote:
> > I know this will be really simple, but I'm struggling to get my head round
> > the use of imagedestroy()
> > I have some code which uploads an image, resizes to create a smaller image
> > and thumbnail then deletes the source image.
> > My question is which images need to be destroyed?
>
> Straight from the manual:
> imagedestroy() frees any memory associated with image image. image is
> the image identifier returned by one of the image create functions,
> such as imagecreatetruecolor()
>
> So any time you call imagecreate* functions you need to also do an imagedestroy.
>
> In your case you need to add
>
> imagedestroy($target_id);
> imagedestroy($source_id);
>
>
> just before
>
> imagejpeg ($target_id,"$targetfile",$jpegqual);
> return true;
> }
Oops! Move those imagedestroy calls after imagejpeg but before the return ;)
--
Postgresql & php tutorials
http://www.designmagick.com/
attached mail follows:
Hi all
Im trying to send emails using the mail() function but im having a problem. Because the box that the scripts sit on is a shared web-hosting package the Reply-path part of the header always comes up as nobodyserver.hosting.com but i have set the from part of the header to automailmydomain.net. A lot of people are not getting the emails (most are) and im picking that its because the domains on the 2 header parts are different and they have some sort of antispam policy which blocks these. Apart from changing the domains or email addresses to be the same has anyone seen this problem before and if so can you give advice or point me to some relevant docs on it? I have tried to change the Replay-path: part of the header with code but it seems to default to the above.
Thanks in advance for any help!!
Cheers
Bob
---------------------------------
Try the all-new Yahoo! Mail . "The New Version is radically easier to use" The Wall Street Journal
attached mail follows:
bob pilly wrote:
> Im trying to send emails using the mail() function but im having a problem. Because the box that the scripts sit on is a shared web-hosting package the Reply-path part of the header always comes up as nobodyserver.hosting.com but i have set the from part of the header to automailmydomain.net. A lot of people are not getting the emails (most are) and im picking that its because the domains on the 2 header parts are different and they have some sort of antispam policy which blocks these. Apart from changing the domains or email addresses to be the same has anyone seen this problem before and if so can you give advice or point me to some relevant docs on it? I have tried to change the Replay-path: part of the header with code but it seems to default to the above.
I think you're looking for the 'Return-Path' header rather than the
reply-path. (Or perhaps even Reply-To?)
Try something like this:
$from = 'A User <userhost.com>';
$eol = "\r\n"; /* or sometimes "\n" */
$headers = "Return-Path: $from$eol";
$headers .= "From: $from$eol";
mail($to,$subject,$message,$headers);
attached mail follows:
On Tue, August 15, 2006 6:54 am, bob pilly wrote:
> Im trying to send emails using the mail() function but im having a
> problem. Because the box that the scripts sit on is a shared
> web-hosting package the Reply-path part of the header always comes up
> as nobodyserver.hosting.com but i have set the from part of the
> header to automailmydomain.net. A lot of people are not getting the
> emails (most are) and im picking that its because the domains on the 2
> header parts are different and they have some sort of antispam policy
> which blocks these. Apart from changing the domains or email addresses
> to be the same has anyone seen this problem before and if so can you
> give advice or point me to some relevant docs on it? I have tried to
> change the Replay-path: part of the header with code but it seems to
> default to the above.
The Reply-path: you want to change is not a normal header, so you can
cross off the idea of fixing it with the 4th arg to mail().
If you are using current PHP, there is yet another bonus argument, the
5th one, for this specific purpose, documented in the manual:
http://php.net/mail
If you are NOT using a version of PHP that has that 5th arg, then you
could maybe use ini_set on the sendmail_path to add the -f there. (see
man mail).
That, however, would require that the user PHP runs as, which is what
Apache runs as, be a trusted user in sendmail.cf, which your webhost
may or may not have decided is a Good Idea, based on how much they
trust their clients.
Going farther afield, you could attempt to find an SMTP
host/server/setup that would allow you to set these values to what you
want -- I *think* that's do-able... I never had to go that far,
personally, so can't be certain.
You may also want to convince the recipients to white-list your
address, so that the From/Reply-path/etc are all irrelevant for spam
filtering. This has the advantage of being a long-term solution, for
any reasonable implementation of spam-filtering that allows
whitelisting by the recipient, no matter what spam-filtering "rules"
are brought to bear in the future.
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
At 7:42 PM -0500 8/14/06, Richard Lynch wrote:
>
>What a mess MS makes of things!
Except sales.
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
attached mail follows:
At 1:24 AM -0400 8/15/06, Robert Cummings wrote:
>On Tue, 2006-08-15 at 13:02 +0800, Bigmark wrote:
>> Does anyone have a simple example script.
>>
>
>In the first form include a hidden field that identifies the form when
>you are checking the post values after submission. This way you know
>exactly what form was submitted. Second if the first form has been
>submitted then you know that you need to present the second form also.
>THe second form should also have a hidden field so that it may be
>identified upon submission. In this way you can detect which form was
>submitted (submit buttons are problematic for determining which form was
>submitted). Then when you detect that the second form was submitted you
>can handle it's data as you please and then only present the first form.
>
>A basic example follows (completely unchecked for typos/errors):
-snip- Rob's most excellent code.
To expand, one could also run the self referencing loop through a
switch statement controlled by the hidden value and have as many
"forms" as you wanted. I do this all the time.
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
attached mail follows:
So, could anyone here then explain why in other server my system it works
fine?
I check the two servers configuration and it“s the same, they has only one
difference, one“s running php 5.0 and the other“s running php 5.1.4
Is there some difference between this two versions?
""Joćo Cāndido de Souza Neto"" <joaocuritibaonline.com.br> escreveu na
mensagem news:13.17.19138.B7570E44pb1.pair.com...
> Hi guys.
>
> Anyone here know why in some cases when i use (header("Location: ???");
> the system lost the session variables?
>
> Any tips will be apreciated.
> Thanks in advantge.
>
>
>
> --
> Joćo Cāndido de Souza Neto
> Curitiba Online
> joaocuritibaonline.com.br
> (41) 3324-2294 (41) 9985-6894
> http://www.curitibaonline.com.br
attached mail follows:
hi to all!
I have an array of products $products
$products = array_count_values($products);
now I have an array where $key is product number and $value is how many
times I have such a product in the array.
I want to sort this new array that product with the most "duplicates" are
on the first place, but what ever I use (rsort, krsort,..) i loose product
numbers (key).
any suggestions?
thanks.
-afan
attached mail follows:
On Tue, August 15, 2006 9:01 am, afanafan.net wrote:
> I have an array of products $products
> $products = array_count_values($products);
> now I have an array where $key is product number and $value is how
> many
> times I have such a product in the array.
> I want to sort this new array that product with the most "duplicates"
> are
> on the first place, but what ever I use (rsort, krsort,..) i loose
> product
> numbers (key).
http://php.net/asort
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
Hello All..
Had this problem in the past, and always programmed around it, but
wondering if there is an easier way.
Good Example:
Creating a setup for connecting to a mysql database. Want to do
something simple to make sure they have entered a valid
username/password for the database.
So, the idea is something like:
$rc = exec("mysql -u $user -p{$pass}", $output);
The problem is one error, the stderr does not go to the output array,
but rather to the screen.
Previously I would redirect the stderr to a file, and then evaluate the
contents of the file, but is there an easier way to get this into the
PHP variable with no risk of having the output make it through to the
screen?
Thanks
-Brad
attached mail follows:
On Tuesday 15 August 2006 09:19, Brad Bonkoski wrote:
> Hello All..
>
> Had this problem in the past, and always programmed around it, but
> wondering if there is an easier way.
>
> Good Example:
> Creating a setup for connecting to a mysql database. Want to do
> something simple to make sure they have entered a valid
> username/password for the database.
> So, the idea is something like:
> $rc = exec("mysql -u $user -p{$pass}", $output);
> The problem is one error, the stderr does not go to the output array,
> but rather to the screen.
>
> Previously I would redirect the stderr to a file, and then evaluate the
> contents of the file, but is there an easier way to get this into the
> PHP variable with no risk of having the output make it through to the
> screen?
>
> Thanks
> -Brad
I'd take a look at shell_exec. There'sa comment about capturing stderr. I'm
not sure if shell_exec captures stderr, but it should at least point you in
the right direction. Just do a search for stderr and you should find some
good info.
--
Ray Hauge
Programmer/Systems Administrator
American Student Loan Services
www.americanstudentloan.com
1.800.575.1099
attached mail follows:
Stut wrote:
> Brad Bonkoski wrote:
>> Had this problem in the past, and always programmed around it, but
>> wondering if there is an easier way.
>>
>> Good Example:
>> Creating a setup for connecting to a mysql database. Want to do
>> something simple to make sure they have entered a valid
>> username/password for the database.
>> So, the idea is something like:
>> $rc = exec("mysql -u $user -p{$pass}", $output);
>> The problem is one error, the stderr does not go to the output array,
>> but rather to the screen.
>>
>> Previously I would redirect the stderr to a file, and then evaluate
>> the contents of the file, but is there an easier way to get this into
>> the PHP variable with no risk of having the output make it through to
>> the screen?
>
> I may be missing something, but why in the name of all that is holy
> would you want to shell out to try connecting to mysql? Why not use
> mysql_connect and avoid the potentially massive security hole you're
> building?
>
> -Stut
>
Perhaps poor illustration of the question...the question being how to
issue system like commands in PHP which would allow you to trap not only
stdout, but also stderr.
-Brad
attached mail follows:
Hello,
If you are working on a Linux system, you can try appending:
2>&1
To the end of your command, so that you end up with:
Mysql -u $user -p{$pass} 2>&1
What this does is tell the shell to redirect anything from stderr to go
through stdout.
If you want to get -really- fancy you can use proc_open, which will give you
handles for the process' stdout, stderr, and stdin.
HTH,
K. Bear
> -----Original Message-----
> From: Brad Bonkoski [mailto:bbonkoskimediaguide.com]
> Sent: Tuesday, August 15, 2006 10:38 AM
> To: Stut
> Cc: PHP List
> Subject: Re: [PHP] Capturing System output
>
>
>
> Stut wrote:
> > Brad Bonkoski wrote:
> >> Had this problem in the past, and always programmed around it, but
> >> wondering if there is an easier way.
> >>
> >> Good Example:
> >> Creating a setup for connecting to a mysql database. Want to do
> >> something simple to make sure they have entered a valid
> >> username/password for the database.
> >> So, the idea is something like:
> >> $rc = exec("mysql -u $user -p{$pass}", $output); The
> problem is one
> >> error, the stderr does not go to the output array, but
> rather to the
> >> screen.
> >>
> >> Previously I would redirect the stderr to a file, and then
> evaluate
> >> the contents of the file, but is there an easier way to
> get this into
> >> the PHP variable with no risk of having the output make it
> through to
> >> the screen?
> >
> > I may be missing something, but why in the name of all that is holy
> > would you want to shell out to try connecting to mysql? Why not use
> > mysql_connect and avoid the potentially massive security
> hole you're
> > building?
> >
> > -Stut
> >
> Perhaps poor illustration of the question...the question
> being how to issue system like commands in PHP which would
> allow you to trap not only stdout, but also stderr.
> -Brad
>
> --
> PHP General Mailing List (http://www.php.net/) To
> unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
attached mail follows:
Brad Bonkoski wrote:
> Had this problem in the past, and always programmed around it, but
> wondering if there is an easier way.
>
> Good Example:
> Creating a setup for connecting to a mysql database. Want to do
> something simple to make sure they have entered a valid
> username/password for the database.
> So, the idea is something like:
> $rc = exec("mysql -u $user -p{$pass}", $output);
> The problem is one error, the stderr does not go to the output array,
> but rather to the screen.
>
> Previously I would redirect the stderr to a file, and then evaluate
> the contents of the file, but is there an easier way to get this into
> the PHP variable with no risk of having the output make it through to
> the screen?
I may be missing something, but why in the name of all that is holy
would you want to shell out to try connecting to mysql? Why not use
mysql_connect and avoid the potentially massive security hole you're
building?
-Stut
attached mail follows:
On Tuesday 15 August 2006 09:38, Brad Bonkoski wrote:
> Stut wrote:
> > Brad Bonkoski wrote:
> >> Had this problem in the past, and always programmed around it, but
> >> wondering if there is an easier way.
> >>
> >> Good Example:
> >> Creating a setup for connecting to a mysql database. Want to do
> >> something simple to make sure they have entered a valid
> >> username/password for the database.
> >> So, the idea is something like:
> >> $rc = exec("mysql -u $user -p{$pass}", $output);
> >> The problem is one error, the stderr does not go to the output array,
> >> but rather to the screen.
> >>
> >> Previously I would redirect the stderr to a file, and then evaluate
> >> the contents of the file, but is there an easier way to get this into
> >> the PHP variable with no risk of having the output make it through to
> >> the screen?
> >
> > I may be missing something, but why in the name of all that is holy
> > would you want to shell out to try connecting to mysql? Why not use
> > mysql_connect and avoid the potentially massive security hole you're
> > building?
> >
> > -Stut
>
> Perhaps poor illustration of the question...the question being how to
> issue system like commands in PHP which would allow you to trap not only
> stdout, but also stderr.
> -Brad
Best example I found was:
$shell_return = shell_exec($shell_command." 2>&1");
that should redirect stderr to stdout and thus you'd get both.
--
Ray Hauge
Programmer/Systems Administrator
American Student Loan Services
www.americanstudentloan.com
1.800.575.1099
attached mail follows:
On Tue, August 15, 2006 9:19 am, Brad Bonkoski wrote:
> Had this problem in the past, and always programmed around it, but
> wondering if there is an easier way.
>
> Good Example:
> Creating a setup for connecting to a mysql database. Want to do
> something simple to make sure they have entered a valid
> username/password for the database.
> So, the idea is something like:
> $rc = exec("mysql -u $user -p{$pass}", $output);
> The problem is one error, the stderr does not go to the output array,
> but rather to the screen.
>
> Previously I would redirect the stderr to a file, and then evaluate
> the
> contents of the file, but is there an easier way to get this into the
> PHP variable with no risk of having the output make it through to the
> screen?
In some OSes, in some shells, you can use:
mysql -u $user -p{$pass} 2>&1
The 2>&1 is special code for "redirect stdrrr (aka 2) to stdout (aka 2)"
Unless it's 2&>1 which I always forget which is which...
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
Hello,
This problem has now been resolved.
The problem as described below was NOT caused by
PHP. The problem was actually a file permissions/ownership problem.
A.) The apache webserver runs as a user with specific
priviledges. On this particular server the webserver runs as user
'apache'.
B.) The file that CGI/PHP 'myprog' was attempting to open for input
was owned by a different user. The user 'apache' had no rights to
the file.
C.) Because the CGI was unable to open the input file, several
following output files failed to be generated. Thus the error in PHP.
The resolution was to place files, to be accessed by the apache webserver
user, in directories and files that are owned by apache:apache, or
nobody:nogroup.
chown apache:apache /mydirectory
cd mydirectory
chown apache:apache -R *
[or]
chown nobody:nogroup /mydirectory
cd mydirectory
chown nobody:nogroup -R *
I hope this helps people with similar problems in the future.
All the best,
Peter
>Hello,
>
>I am trying the run an external application with
>command line arguments using PHP under linux.
>
>ie:
>
>$command="myprog $arg1 $arg2 > textfile.txt";
>system("echo \"$command\" > test.txt");
>system($command);
>
>$handle=fopen("textfile.txt","r");
>if($handle!=NULL)
>{
> while(!feof($handle))
> {
> ...
> }
> fclose($handle);
>}
>
>
>I test my input arguments for the 'system' call by dumping
>the command into a text file. I can then test the command in
>the console. The commands work fine when run from the console.
>
>The commands don't work when run through the system command.
>I have tried system, exec, passthru, and shell_exec to no avail.
>
>Am I missing some permissions thing in my php.ini file?
>
>Thanks for any insight,
>
>Peter
>
attached mail follows:
Hello,
Is it a better practice to set flags to determine the action of your
code or is it perfectly acceptable to have your code determine what it
should do based on the existence (or lack thereof) of data?
For example:
<?php
if($value == 1)
{
$flag = true;
}
if($flag === true)
{
echo "I wish I could come to the PHP meetup in Chicago! :(";
}
?>
versus:
<?php
if($value == 1)
{
echo "I wish I could come to the PHP meetup in Chicago! :(";
}
?>
Of course this is an overly simplistic example but you get the idea.
Are there pros and cons to both sides or should I just avoid the latter
example all together?
Thanks,
Chris.
attached mail follows:
Chris W. Parker wrote:
> Hello,
>
> Is it a better practice to set flags to determine the action of your
> code or is it perfectly acceptable to have your code determine what it
> should do based on the existence (or lack thereof) of data?
>
> For example:
>
> <?php
>
> if($value == 1)
> {
> $flag = true;
> }
>
> if($flag === true)
> {
> echo "I wish I could come to the PHP meetup in Chicago! :(";
> }
>
> ?>
>
> versus:
>
> <?php
>
> if($value == 1)
> {
> echo "I wish I could come to the PHP meetup in Chicago! :(";
> }
>
> ?>
>
> Of course this is an overly simplistic example but you get the idea.
>
> Are there pros and cons to both sides or should I just avoid the latter
> example all together?
>
>
>
> Thanks,
> Chris.
>
>
Pros: potentially more readable code.
Cons: Wasted energy typing unnecessary lines of code.
Really I would say it comes down to coder preference.
(and why would you avoid the latter all together? Testing a boolean may
be cleaner, but setting the boolean still relies on the value of $value,
so if that value was fubar then the boolean would be too.)
-Brad
attached mail follows:
Brad Bonkoski <mailto:bbonkoskimediaguide.com>
on Tuesday, August 15, 2006 10:04 AM said:
> Pros: potentially more readable code.
> Cons: Wasted energy typing unnecessary lines of code.
> Really I would say it comes down to coder preference.
>
> (and why would you avoid the latter all together? Testing a boolean
> may be cleaner, but setting the boolean still relies on the value of
> $value, so if that value was fubar then the boolean would be too.)
Thanks for the response. Those are basically the same assumptions I had.
I was curious to find out if there were more points I should be aware
of.
To answer your question, in case the cons outweigh the pros. If I felt
an overwhelming majority of the people on the list said, "In my
experience you should always set flags because you'll run into a, b, c,
d, e, f, g, etc." I would probably agree to avoid the latter practice
altogether.
Chris.
attached mail follows:
On Tue, 2006-08-15 at 10:12 -0700, Chris W. Parker wrote:
> Brad Bonkoski <mailto:bbonkoskimediaguide.com>
> on Tuesday, August 15, 2006 10:04 AM said:
>
> > Pros: potentially more readable code.
> > Cons: Wasted energy typing unnecessary lines of code.
> > Really I would say it comes down to coder preference.
> >
> > (and why would you avoid the latter all together? Testing a boolean
> > may be cleaner, but setting the boolean still relies on the value of
> > $value, so if that value was fubar then the boolean would be too.)
>
> Thanks for the response. Those are basically the same assumptions I had.
> I was curious to find out if there were more points I should be aware
> of.
>
> To answer your question, in case the cons outweigh the pros. If I felt
> an overwhelming majority of the people on the list said, "In my
> experience you should always set flags because you'll run into a, b, c,
> d, e, f, g, etc." I would probably agree to avoid the latter practice
> altogether.
If it's just the mere existence that determines the value then isset()
is fine. But if the value is determined by a boolean value of the
variable and defaults to some value when not set, then I almost always
assign to a flag so that subsequent checks don't need to perform both
the isset() check and the value check (presuming you care about E_NOTICE
which I do :)
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
attached mail follows:
On Tue, August 15, 2006 11:53 am, Chris W. Parker wrote:
> Is it a better practice to set flags to determine the action of your
> code or is it perfectly acceptable to have your code determine what it
> should do based on the existence (or lack thereof) of data?
>
> For example:
>
> <?php
>
> if($value == 1)
> {
> $flag = true;
> }
>
> if($flag === true)
> {
> echo "I wish I could come to the PHP meetup in Chicago! :(";
> }
>
> ?>
>
> versus:
>
> <?php
>
> if($value == 1)
> {
> echo "I wish I could come to the PHP meetup in Chicago! :(";
> }
>
> ?>
>
> Of course this is an overly simplistic example but you get the idea.
>
> Are there pros and cons to both sides or should I just avoid the
> latter
> example all together?
If the test is as simple as $value == 1, then setting a flag and
testing the flag is silly, over-engineered, and error-prone, and it
leads to code cruft which leads to bugs as alternative branches are
less clear than if the test is done in-line.
If the logic to figure out $flag is complicated, with multiple inputs,
and the result is used in multiple places, then, by all means, figure
it out once, and give the flag A GOOD NAME VARIABLE so that you can
reference it again and again later, rather than wade through
complicated test code over and over.
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
I have a script to list the files in a directory:
<select name="letters">
<?php
$open = opendir(".");
while ($file = readdir($open) != false) {
?>
<option value="<?=$file?>"><?=$file?></option>
<?php
}
?>
</select>
</form>
And all I am getting are "1"s. I think I'm doing it right, what is the
disconnect?
attached mail follows:
On 15/08/06, John Meyer <john.l.meyergmail.com> wrote:
>
> I have a script to list the files in a directory:
>
> <select name="letters">
> <?php
> $open = opendir(".");
> while ($file = readdir($open) != false) {
> ?>
> <option value="<?=$file?>"><?=$file?></option>
> <?php
> }
> ?>
> </select>
> </form>
>
> And all I am getting are "1"s. I think I'm doing it right, what is the
> disconnect?
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Straight from the PHP readdir help... http://uk2.php.net/readdir
<?php
if ($handle = opendir('.')) {
while (false !== ($file = readdir($handle))) {
if ($file != "." && $file != "..") {
echo "$file\n";
}
}
closedir($handle);
}
?>
It does however strip out '.' or '..' but I'm sure you'll get the hang of
it.
HTH
attached mail follows:
On Tue, August 15, 2006 12:04 pm, John Meyer wrote:
> I have a script to list the files in a directory:
>
> <select name="letters">
> <?php
> $open = opendir(".");
> while ($file = readdir($open) != false) {
> ?>
> <option value="<?=$file?>"><?=$file?></option>
> <?php
> }
> ?>
> </select>
> </form>
>
> And all I am getting are "1"s. I think I'm doing it right, what is
> the
> disconnect?
It's not a readdir question. It's an Order of Operations question.
:-)
$file = readdir($open) != false
You probably believe that PHP is going to magically "know" that you
want this bit:
readdir($open) != false
to be done "first"
But PHP can't read your mind.
It's going to look at the facts of the case.
= and != have equal priority in PHP,
and in case of a "tie" it will evaluate them left-to-right:
$file = readdir($open)
This gives you the name of the file.
PHP then does the != false bit, comparing the name of a file with false.
Unless your filename starts with one or more '0' characters, and then
has alpha characters for the first non-numeric characters after the
'0's, then it ain't gonna be equal to false, and it will always return
1.
'afile' != false ----> 1
'filename' != false -> 1
'000name' != false --> 0
'012name' != false --> 1
You really do need to put the parentheses in there, so PHP does things
in the rigth order, just like the manual says to:
http://php.net/readdir
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
Hi gang:
Before php 5, how did you guys handle ftp_chmod?
Keep in mind: a) I'm working on a shared host; b) I'm trying to
change permissions via php 4; c) because of (a) (I think) functions
such as chmod() don't work; d) and lastly, any references/code on how
to manage files (i.e., delete files and change permissions) via php 4
on a shared *nix server would be greatly appreciated.
Thanks in advance.
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
attached mail follows:
tedd wrote:
> Hi gang:
>
> Before php 5, how did you guys handle ftp_chmod?
>
Oh, I'd probably try the code outlined in the user contributed section
of the ftp_chmod manual page.
> Keep in mind: a) I'm working on a shared host; b) I'm trying to change
> permissions via php 4; c) because of (a) (I think) functions such as
> chmod() don't work; d) and lastly, any references/code on how to manage
> files (i.e., delete files and change permissions) via php 4 on a shared
> *nix server would be greatly appreciated.
>
Unless your shared host has those functions disabled, they should work
fine as long as you have proper permission to do things like chmod and
delete (unlink).
--
John C. Nichel IV
Programmer/System Admin (ÜberGeek)
Dot Com Holdings of Buffalo
716.856.9675
jnicheldotcomholdingsofbuffalo.com
attached mail follows:
At 1:20 PM -0400 8/15/06, John Nichel wrote:
>tedd wrote:
>>Before php 5, how did you guys handle ftp_chmod?
>
>Oh, I'd probably try the code outlined in the user contributed
>section of the ftp_chmod manual page.
Bingo !
Who would have thought exactly what I wanted was where I should have looked.
Thanks for putting up with me.
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
attached mail follows:
Hello,
After some "intense" searching of Google I found one example at
http://us2.php.net/language.variables on how to get the name of a
variable. But it looks pretty expensive.
<?php
function vname(&$var, $scope=false, $prefix='unique', $suffix='value')
{
if($scope) $vals = $scope;
else $vals = $GLOBALS;
$old = $var;
$var = $new = $prefix.rand().$suffix;
$vname = FALSE;
foreach($vals as $key => $val) {
if($val === $new) $vname = $key;
}
$var = $old;
return $vname;
}
?>
Anyone aware of a simple language construct(?) that can do this? I'm on
PHP 4.3.9.
Thanks,
Chris.
attached mail follows:
On Tue, August 15, 2006 1:19 pm, Chris W. Parker wrote:
> After some "intense" searching of Google I found one example at
> http://us2.php.net/language.variables on how to get the name of a
> variable. But it looks pretty expensive.
>
> <?php
> function vname(&$var, $scope=false, $prefix='unique',
> $suffix='value')
> {
> if($scope) $vals = $scope;
> else $vals = $GLOBALS;
> $old = $var;
> $var = $new = $prefix.rand().$suffix;
> $vname = FALSE;
> foreach($vals as $key => $val) {
> if($val === $new) $vname = $key;
> }
> $var = $old;
> return $vname;
> }
> ?>
>
> Anyone aware of a simple language construct(?) that can do this? I'm
> on
> PHP 4.3.9.
There is no function that can do this, because any given variable may
have several different "names" based on the current scope.
$foo = 5;
function bar ($x) { return baz ($x); }
function baz ($z) {
echo "What's your name?<br />Who's your daddy?<br />\n";
echo vname($z);
}
$foobar = $foo;
bar($foobar);
Do you expect 'x' or 'foo' or 'foobar' as the output of your vname()
function?
I don't even know what you're going to get from reading that hack
above, much less what to expect.
You can come at this "backwards" by passing in the NAME of a variable,
and using variable variables within the function to get the value.
But 99.9% of the time one does that, one should have been using an
array in the first place, and not variable variables.
If you want to associate a name with a value throughout your program,
you should DEFINITELY be using some kind of structure designed for
that.
Associative arrays work very well for this.
Objects with properties also work.
If the names are not predictable, the array solution is probably best,
as there is movement in the PHP Internals list that may (or may not)
make it impossible to dynamically add a property to an object. I've
lost track of where that thread ended, so apologies if this is a
non-issue.
The array is probably the more correct construct for un-predictable
names, unless there are pre-existing instances that are immutably and
inherently already bound to the name/value you wish to store.
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
On Tue, 2006-08-15 at 16:50 -0500, Richard Lynch wrote:
>
> If the names are not predictable, the array solution is probably best,
> as there is movement in the PHP Internals list that may (or may not)
> make it impossible to dynamically add a property to an object.
Yikes!! Do you remember the subject line of the thread? i think that
would break a lot of sites if they removed the ability to dynamically
add object properties.
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
attached mail follows:
Is there anyway to overwrite the max file upload in php.ini per instant?
I'd like to have users controlled on a certain website to have more then
average uploads but the site runs on a shared hosting environment.
attached mail follows:
Tom Ray [Lists] wrote:
> Is there anyway to overwrite the max file upload in php.ini per instant?
> I'd like to have users controlled on a certain website to have more then
> average uploads but the site runs on a shared hosting environment.
>
http://us3.php.net/ini_set
--
John C. Nichel IV
Programmer/System Admin (ÜberGeek)
Dot Com Holdings of Buffalo
716.856.9675
jnicheldotcomholdingsofbuffalo.com
attached mail follows:
http://us2.php.net/manual/en/ini.core.php#ini.upload-max-filesize
In later versions of PHP, you can't use ini_set to set upload_max_filesize
... The changeable option is PHP_INI_PERDIR now, meaning you can only change
it in php.ini, .htaccess or httpd.conf ...
http://us2.php.net/manual/en/ini.php#ini.list
Like it says in the user contributed notes on that page, you have to use
php_value in .htaccess to adjust the setting.
Example: php_value upload_max_filesize 20M
---
Jeremy C. Privett
Director of Product Development
Zend Certified Engineer
Completely Unique
jprivettcompletelyunique.com
Phone: 303.459.4819
Fax: 303.459.4821
Web: www.completelyunique.com
This email may contain confidential and privileged material for the sole use
of the intended recipient. Any review or distribution by others is strictly
prohibited. If you are not the intended recipient please contact the sender
and delete all copies. Your compliance is appreciated.
-----Original Message-----
From: John Nichel [mailto:johnkegworks.com]
Sent: Tuesday, August 15, 2006 12:32 PM
To: php-generallists.php.net
Subject: Re: [PHP] Max File Upload
Tom Ray [Lists] wrote:
> Is there anyway to overwrite the max file upload in php.ini per instant?
> I'd like to have users controlled on a certain website to have more then
> average uploads but the site runs on a shared hosting environment.
>
http://us3.php.net/ini_set
--
John C. Nichel IV
Programmer/System Admin (ÜberGeek)
Dot Com Holdings of Buffalo
716.856.9675
jnicheldotcomholdingsofbuffalo.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
On Tue, August 15, 2006 1:50 pm, Jeremy Privett wrote:
> http://us2.php.net/manual/en/ini.core.php#ini.upload-max-filesize
>
> In later versions of PHP, you can't use ini_set to set
> upload_max_filesize
> ... The changeable option is PHP_INI_PERDIR now, meaning you can only
> change
> it in php.ini, .htaccess or httpd.conf ...
>
> http://us2.php.net/manual/en/ini.php#ini.list
>
> Like it says in the user contributed notes on that page, you have to
> use
> php_value in .htaccess to adjust the setting.
>
> Example: php_value upload_max_filesize 20M
I do not know if it's still true, but at one time, if the
upload_max_filesize had already been set in httpd.conf/php.ini, the
.htaccess did not actually over-ride it, unless it was lower.
IOW, the actual max size was the MINIMUM of htppd.conf/php.ini (the
webhost) .htaccess (the application developer) and whatever was in
that special value in the FORM (the web designer)
This may have been a bug.
It may have been a feature.
It may no longer be true.
My memory could be completely wrong, too :-)
But, for sure, ini_set ain't gonna work as it's MUCH too late in the
game for a file upload change.
Also, I don't think '20M' will work in httpd.conf, as I don't think
Apache considers '20M' to be a valid numeric value...
You may need to use 20000000 to get aproximately 20 Meg.
You're on your own for whom to believe about what is the correct
number to get exactly 20 Meg. :-)
To solve the original problem, your safest bet is probably a different
setting inside the VirtualHost of the httpd.conf -- I'm pretty sure
that will follow the "rules" of VirtualHost inheritence and give your
special customers that extra leeway.
If all else fails, just crank up the number for everybody. It
probably will make a lot of customers happy, and not hurt anybody very
much. :-)
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
the error is this:
PHP Fatal error: Exception thrown without a stack frame in Unknown on line 0
as you might guess line 0 doesn't exist in my 'Unknown' file... the problem is compounded
by the fact that the error appears only sporadically (I personally only see them
occasionally in the log).
I'm running APC version 3.0.8, I have tried running APC 3.0.10 but that gives me a plethora
of segfaults that I'd rather not get into.
does anyone have any idea as to what could be the cause?
cheers,
Jochem
attached mail follows:
On Tue, August 15, 2006 2:27 pm, Jochem Maas wrote:
> the error is this:
>
> PHP Fatal error: Exception thrown without a stack frame in Unknown
> on line 0
I've seen messages like this in "eval"ed code.
I think I also saw something like this that was something really sick
in the guts of PHP itself and it happened at startup from a buggy CVS
version...
> I'm running APC version 3.0.8, I have tried running APC 3.0.10 but
> that gives me a plethora
> of segfaults that I'd rather not get into.
>
> does anyone have any idea as to what could be the cause?
Is it feasible to try running without APC at all? If you can do that,
and narrow down the problem to APC it would reduce your search space
for the bug.
Do you have any "eval" calls in your code? Precede them with
time-stamped error_log of what you are about to eval() and then see if
they correspond with your other error message.
--
Like Music?
http://l-i-e.com/artists.htm
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]