yeah but uh–appending a hidden form field to a post request isnt really hidden if its in plain view anyone can
November 5, 2007 at 8:29 pm
· Filed under Tomcat
Professional JSP Web Hosting Services
Text_Diff)=
?
has anyone experienced this problem?
top of the script add error_reporting( E_ALL ); ini_set( 'display_errors', 'on' );
do you have a link to a script that does this? I'm an ubernewbie
still figuring out how to set those globals and such
just add what I said to the top, after the php
thx
and print_r($_POST); will show you the whole _POST array, maybe that helps. check the form's method is set to 'post' also
Anyone know why SoapServer would seemingly crash (fail to return XML) if it doesn't return a certain number of entries through an array element?
hi, is it possible to assign an objet to a $_SESSION
Something like http://www.php.net/serialize ?
nope, What I'd like to is something like $_SESSION['user'] = new User();
is that possible?
– newbie
what?
surfero, why wouldn't it be possible?
because it does not work for me!
I mean, I cannot advise further
http://localhost/html/test.php?text=Test1#Test. I am doing this…!
surfero, i see no reason why it wouldn't work except you making a mistake
but $SmsText = $_GET['text']; and $SmsText is always Test1
?
it will be, Mishu
# is an anchor and so not part of the query
#foo points at an anchor, it's not a parameter value
damn :p
^^
anyway, I'm off - cya
Nomikos, , So no way to make it part of query
you might be able to fish it out of the $_SERVER array somewhere, haven't tried though. otherwise, JavaScript.. sub-optimal, I know
Mishu, #anchor is client side
browser doesn't report it beeing clicked to the server, so don't bother looking for $_SERVER var
just tried, 'fraid you'll have to use JS
hmm!
print_r() will display all the values in an array?
yep
it's a sort of debug function
also look at var_dump()
will do.
and print_r($r,$out); will put the same output to $out
so print_r() isn't good for non-debugging kind of use?
ill check out var_dump()
if you find a use for it, by all means 
chris_punches, you most likely don't want to look at its output
users would hate it
ok so its messy
no
just not userfriendly
oh
but look at it for yourself
i appreciate the help, guys; bear with me while I get through the manual. bbl
welcome
Mishu I get this error when I try it
session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at
Ahh!
surfero, php.net/ob_start()
surfero, php.net/ob_start
ubuntu bad group
bye bye
I do not understand what that function does
surfero, read about output buffering
and trust me on this it is 100% what you need
also read http://www.php.net/manual/en/faq.using.php#faq.using.headers-sent
Hello… anyone here already worked in a 2-way SMS project?
this is ridiculous
thaks now I think I get it!
what is?
most welcome
Where does PHP fetch its DNS settings from?
It temps to ignore the DNS server host stated in /etc/resolv.conf
PRIVMSG Nickserv :identify alskqpwo
…
syntax?
again really thanks I finally solved my problem
I have vim+xdebug when i try to step to a program when the script jumps to a new file i get a EOFError. any suggestion ?
=$var?
PRIVMSG Nickserv :identify alskqpwo
… again
surfero, most welcome; i like people that think
nukem: thanks
Anyone any clue on my DNS question?
I have vim+xdebug when i try to step to a program when the script jumps to a new file i get a EOFError. when tracing a single file it's fine.
Jorijn, didn't get it
cba reading buffer
1 • Jorijn • Where does PHP fetch its DNS settings
4 • Jorijn • It temps to ignore the DNS server stated in
The DNS server its currently using fails every once in a while
i don't think it does
interesting password
I have 127.0.0.1 stated in /etc/resolv.conf
But it uses another one
try putting it in /etc/hosts
Jorijn, is it the first one in there?
nukem, ?
Yes it is noimnot
I have vim+xdebug when i try to step to a program when the script jumps to a new file i get a EOFError. when tracing a single file it's fine.
Jorijn, did you restart the webserver after adding it?
chances are it caches things
Hmm..
I'll try that
on one of my pages it looks as if one of my varables is change with out me telling it to.
no, that failed
You fail.
Hi all, I can some one tell me how I can get my external ip adress from an intranet ?
-= F =-
_pragma, ?
any idea noimnot?
how can I stop this?
$ip = $_SERVER['REMOTE_ADDR']; just gives my lan ip
whatismyip.com
trying to do through php web hosting code Jorijn
Jorijn, there is a nameserver setting at httpd.conf
hmm..
jamesdean, http://checkip.dyndns.org/
regex it out with file_get_contents
jamesdean, file_get_contents("http://checkip.dyndns.org/");
thankyou peeps
","",file_get_contents("http://checkip.dyndns.org/"));
jamesdean, that will work^^
hi does anyone use egroupware here?
HostnameLookups Off
Thats the only one I found
Jorijn, read apache man?
will try noimnot thanx
Hmm, I'll look through it noimnot
Be back in a bit
I have vim+xdebug when i try to step to a program when the script jumps to a new file i get a EOFError. when tracing a single file it's fine.
PRIVMSG Nickserv :identify alskqpwo
mm some people just don't learn i take it
shit now that I can do $_SESSION['user'] = new User(); Then I can´t do $user =$_SESSION['user'] ; echo $user-name;
that does not work
u need to serialize the object
Request header field is missing ':' separator. can somebody help me ?
nukem what's that?
hi folks
Jorijn, not sure this is of any help but look here http://www.linuxjournal.com/?q=node/8121/print
hey … I have a problem …how do I create a php info page?
how do I restart apache, but let current proccesses finish - and how do I know when it restarts ?
is there any class or function that can help me in converting an html host file to a LaTeX one?
php phpinfo(); ?
$_SESSSI['var'] = serialize($object);
then unserialize() it to read/use it
read in manual about serialize()/unserialize()
mh I see
hey noimnot you id worked but there html there, how would go about scrubing the html out
Thanks noimnot, ill look into it
anyone?
Jorijn, seems you can specify several nameservers in an order
service httpd reloads. will reload the setting without shutdown
yes, if using dhcp
but then again, dunno if that helps you
well its the nameserver config
it should use resolv.conf
but it isn't using it, for some reason
how are you specifying the nameservers?
nameserver 127.0.0.1
and could it be that your local nameserver just doesn't respond or gives no result so it goes on to use the next one?
probably ur routes are not setup properly
and you got only that one in there?
there is no next one
and 127.0.0.1 is allowed to recurse
so only 1 nameserver in that file?
yes
and apache does what?
apache does.. i don't know?
apache doesn't resolv stuff normally
?
what do you mean?
i mean apache calls php
strip_tags never mind ?
so if php is confused apache is responsible, no?
Ehmm
Could be possible
Jorijn, http://forum.psoft.net/archive/index.php/t-12413.html
is that your problem too?
yes
then read
can somebody help-me with sending http requests with sockets ? ( windows )
branco, no
branco, read RFC 2616
ok, ty
np
use curl
nukem, he said sockets
not some library 
^_^ save's him time writing all that stuff.
nukem, time is not always an issue
i for one did the same
(read the rfc)
I can not make it work…mierda..
just to understand stuff.. helps with lots of things
i trying, but this do not have support for what i need…, thanks for help, and sorry for me english ;D
surfero, you have to echo everything..
i know, i wrote a php socket listener so ajax can know how much file is loaded. dog slow though.
if you close php mode (?) output stuff and then open php mode again (php) output buffering will fail
serialize() function is the one used to store stuff in $_SESSION
nukem, then your implementation sucked
lol, php host is slow with sockets. eats up too much memory when receiving the file. stopped bec php5 has file upload progress.
besides from php beeing miserable with everything but simple hypertextmanipulation its pretty ok
$header .= "Content-Type: multipart/form-data; boundary=-1 \r\n";
$header .= "Content-Length: 208 \r\n";
$header .= "—1 \r\n";
$header .= "Content-Disposition: form-data; name=\"userfile\"; filename=\"stopillegalspying.gif\" \r\n";
$header .= "Content-Type: image/gif \r\n";
$header .= "test ";
$header .= "—1–";
$header .= "\r\n\r\n";
sorry for flood
i do udp socket calls and its pretty fast
Request header field is missing ':' separator.
—1
branco, read RFC 2616
what is the error ? in telnet it work
branco, read RFC 2616
you are guessing what could work
read what the server is expecting
nukem I see but I do $_SESSION['user'] = serialize($objet) then $objet =unserialize($_SESSION[''user]); echo $objet-property; But this does not work.. is it correct?
the erro are in \r\n windows man -.-' in telnet it work
is it possible to use mod-rewrite when $_SESSION['this_test'] == TRUE? F.e. /this/file should be only downable if $_SESSION['this_test'] is true, and when not instead of the download it appears a 403 or something else?
branco, read RFC 2616
branco, you seem to have no idea what oyu are doing
branco, read RFC 2616
repetition teaches the donkey
use session_encode()
good night
session_decode()
bye cu
ok, i go read 170 pages of english, without knowing english….
lol
what s your problem?
how can I know how much secound there is until midnight?
how secure is this "slow-down-download-thing": http://www.mamo-net.de/popup.php?action=showpost&id=4 and does this thing doesn't need much mb, f.e. when my file is = 30mb i need minimum 30+ mb php.ini cache?
php is not for file downloading
only idea 
hi, I have a question. after I add a new pair into an SORTED array, would the result be sorted?
how can I know how much secound there is until midnight?
you have to resort it
no? not shure
ksort(array) can sort
(f.e.)
i see. thanks!
^Sprint^: i allready read your quesiton, mom
:}
hello
hey, using php and gd, is there a way to resize images to a smaller size but using bicubic or some other technic? I'm using imagecopyresized but it's pixel resizing and the small immage looks of rather bad quality
0" (i think last) and than substract it with our current
theres imageresample or something
not sure, but if not, imagemagick should be able to do that
not sure what its called
what about mktime?
^Sprint^: sry, but this should wowrk
how to escape a character in a regular expression ?
hmm … imagecopyresampled ?
like . and _ (if used instead of /)
yeah smoothly interpolating pixels
thanks bXi
^Sprint^: Yes!
is it possible to use mod-rewrite when $_SESSION['this_test'] == TRUE? F.e. /this/file should be only downable if $_SESSION['this_test'] is true, and when not instead of the download it appears a 403 or something else?
-instead
no problem
or how can i forbid direct links of my file /yo/mom/foobar, but allow "internt" links?
nice
it looks so much better
make sure that the content is only accessable if the referring uri is from your domain
oh
n/m, misread your question.
np
$mktime=mktime(0, 0, 0, date("m",time()), date("d",time()), date("Y",time()));
so you don't want people to be able to link to an image or something on a forum, but you want google images to be able to index it or something?
this is what I did, but what now I need to do
^Sprint^: problem?
1186866000
^Sprint^: wait a sec, first my problem
ok
thx
hm google, great idea how you would solve it - yes, with google
this might help http://www.javascriptkit.com/howto/htaccess10.shtml
i will look, thanks!
no problem.
ty
ok I made it
ok I'm not
29/04/1970 - 02:12:42
12/08/2007 - 00:47
9] PHP Warning: PHP Startup: Unable to load dynamic library 'CPHP\ext\php_mysql.dll' - The specified module could not be
but what i dont understand is the actual file is there CPHP\ext\php_mysql.dll does exist and i dont understand why php cant load it
anyone had the same prob or is a php bug in 5.2.3
what's wrong with this line?
^Sprint^: paste code pls in a paste-server, reading here is confusing
$sql = "INSERT INTO Users(name, email, hash) VALUES ('$clean['username']', '$clean['email']', '$clean['hash']');";
what is the address?
no idea, google for it
looks fine d03boy
why thats mysql saying?
there a millions of paste service
are there ways to submit form data without having the user hit a submit button , aside from javascript's this.form.submit() ?
$sql = "INSERT INTO Users (name, email, hash) VALUES ('".$clean[username]."', '".$clean[email]."', '".$clean[hash]."');";
sprint, is there any way to clean it up without ending the doubel quotes?
from php graywhite .. no
i meant from things besides php or javascript?
there is, but what I told you its what really good.
besides other programming languages that is
not really nah only javascript this.form.submit(); why cant you use that?
might be easier to just use $sql = sprintf("INSERT INTO Users (name, email, hash) VALUES ('%s', '%s', '%s')", $var1, $var2, $var3);
"convert" a button into text or image hosting via css or so
XB23 i can just wondering
(only idea)
such questions provoke my natural inclination to stab people
the only way i know of is the js way
k
garrett__, i might contemplate that…
looks cleaner to me and it's a lot less likely to run into annoying "/' problems.
but it's personal preference
^Sprint^: write me personally, should work
woah you can do that in php?
garrett__, i'll try it
i'm getting higher number and I need to get lees then 430000
with reference to what?
the echo sprintf('%s',"hi"); thing
ya, im guessing thats the safest way to do it. thats how other languages require you to do it
ofcourse theirs probably does more checks
yeah. check the php docs.
$dbh = new PDO(); $stmt = $dbh-prepare('INSERT INTO (name, email) VALUES (?, ?)'); $stmt-execute($clean);
i think this is the best practice?
right now I am using an eregi function, but it only picks up the first instance of what I'm searching for… any ideas as to how I can do this multiple times, each producing a different result?
yeah, i'd use a DBI that cleaned input strings, too, but *shrug*
assuming there's more than 1 instance of the regex
eregi? that is crap
Hey, i have some variables having some text say 14045478989 . I need to remove 1 from it incase its of 11 digit….!
I could use preg, just assume there's more than 1 of what I need to find
the perlcompatible regex library is much better
and I need to collect all of them
How can i do so..?
as opposed to the first instance
wee, doctrine has secondary sequences
screw YOU MySQL
i heard that xpath in simplexml was slow, is this true?
Hey, i have some variables having some text say 14045478989 . I need to remove 1 from it incase its of 11 digit….!
How can i do so..?
mishu, what?
FYI, I need to check if its a 11 digit and if 1st digit is 1 if its 1 then i need to remove and have last 10 digit in some other string!
i still don't understand what you're asking.
can you provide an example?
garrett__, Okay! Sure… say i have some var $test = 14045478989 . Now its a 11 digit number and 1st digit of it is 1
Maximum execution time of 60 seconds exceeded"
garrett__, if this is a case then i require to have another variable which keeps 4045478989
garrett__, i.e. last 10 digits..!
ah, ok
gn8 and thanks a lot garrett__
Mishu, substr
something like, if(first digit of string is 1) { $string2 = substr($string1, 1, 10); }
}
substr will create a string from an input string given an input string, the position in the string to start from, and the number of characters to include. not too difficult. check the php manual
How i achieve this
also it needs to be 11 digit..!
assuming the number is a string
not an integer
if($string[0] == 1)
FYI, and strlen will give lenght?
if(strlen($string) == 11 && string[0] == 1) { $string2 = substr($string1, 1, 10); } }
good ev
er, i meant $string1 not $string in the if statement.
kennst sich zufällig jemand mit dynamischen text in php und dessen formatierung aus ?
englisch bitte
oh … sry …
does anybody know something about creating dynamic text … and formating ?
HI
i´m a php beginner so my new learning by doing projekt ist … creatig dynamic text on a backgound image … so ich found a signature genarator whitch makes nice shadow lines around the text …
sry german between english xD
still pretty easy to understand
http://pastebin.com/d3ac6cea3
its a basic login script
make sure that $_POST['username'] has been sanitized before you put it in an sql statement.
I was told it would work, but its not very secure, because someone could enter a query into one of the fields and it would be processed
im just not sure what to do to make it more secure 
htmlspecialchars
befor every var … so no injection
you're reading in a variable from a post field–specifically the person's username and password. make sure that you strip all speciail characters from this and sanitize it before it gets put into your sql statement at line 8.
look @ this http://de2.php.net/manual/de/function.htmlspecialchars.php
i can barely read that
lol
now i can
wait, so i run the value of 'username' though that special characters function?
yup
Guest549, why would you think htmlspecialchars would do anything to protect against SQL injection?
and strip quotes.
#apache
DARKGirl, mysql_real_escape_string()
because it replace important string chars like ,,",',&
or learn to use PDO and prepared statements
is that function just was effective as PDO?
Guest549, the only "important" char for mysql is ' - you are just screwing with the data making it not enter what you think it enters
but you're still sort'a screwed if someone says "OR 1=1"
hi
DARKGirl, as long as you use it properly
i'm building php-5.2.3 with apache-2.2.2.4
i'd probably just run a regex and disallow logins with special characters
php programmers for hire?
should I build a shared module or static version
garett_ your rights … but try to wirte OR 1=1 without "
Guest549, jesus man - stop it already - you would cure cancer by killing the patient "see no more cancer"
here's some useful information from the php manual that relates exactly to what you're working on. http://www.php.net/manual/en/security.database.sql-injection.php
database escaping functions and prepared statements exist for a reason. htmlspecialchars is not one of those functions. htmlspecialchars purpose is to make content output in web browsers without the browser parsing any of it as html. period.
how do I get minutes from (timestamp1 - timestamp2) and also how can I display the difference in hours:minutes if there are more than 60 minutes? Thanks
thankee, moment whilist I read please
grigora /60
and write a function
there is nothing available that already does this?
and make sure to read the last link in the footers.. http://www.askbee.net/articles/php/SQL_Injection/sql_injection.html there's some decent code you can use.
grigora, not in stock php - I'm sure others have done it though - not exactly hard tho
ok, thanks
helo everyone
"Never connect to the database as a superuser or as the database owner. Use always customized users with very limited privileges.
"
doesnt that make it difficult to code?
nope. make a database for a specific purpose, i.e: your blog
no
hey hey
make a user for that database with update/insert/delete permissions. that way if someone does hack the account, they can't add accounts to the db or trash the entire database.
you mean crack right?
ok, I can create a new user in my mysql database right now. which privleges should I give the user that logs on to the server?
ah, thanks–yes
oh
lol
said it before me
hehe
give them login privleges
although if someone wants to hack into my DB at work and tune it by all means
get rid of the "into" and you have a valid sentence
ok, I created a user called 'trunk'
i need to automate you and embed you in my email client.
heh
thats all? update/insert/delete?
inf = garblemarblemumbleglah
uhm, i thinks so–let me chec
depends on what you want to do if you need to add stuff to the database then you will need insert, if you want to modify stuff then you will need update, etc..
that is if your php script needs to do those things then give the user those permissions
oh, you're going to want SELECT, too/
this is for user create and logins
they cant remove themselves
if your php script doesn't need it for normal operation, then make another account to administrate the database
they have to email ME to remove it manually
Hello, folks.
I think select,insert,update and delete should cover you.. though my guess is that you might not need delete if you take care of that stuff through phpmyadmin or the cli
then select,insert,update should be all you need
so don't give them delete, would they need to change anything about themselfs?
update probably just incase users need to be able to change their passwords
hmm well they can edit their profiles
I've got a header include, but I find that I have to include various CSS files depending on what php file is including it. Is there any way for a file started in an include() to discover which file is invoking it?
just be careful with your coding, you don't want user A to be able to edit user B's profile
lol they better not. were all on the same team
are you writing this program from scratch?
this is a developer website
so is it from scratch?
pretty much, yes
ok
lagg
so you are using session to track logged on users?
yes
ok
so when the user logs in do you have any GET, POST, hidden feilds, or cookies that contains the user's user name?
or are you storing this in the session?
I havent even gotten that far yet
if you're writing something from scratch, you might want to consider using some pacakges to abstract a lot of the grunt work.. i.e: use a DBI instead of mysql_query (most will clean input for you) and try to find other packages for whatever tasks you might beed to accomplish. you'll wind up
doing a lot less work.
ok well keep that type of stuff in the session
Is there any kind of variable that will allow an invoked script to discover its own file name?
$0
although I don't think PHP has that in it
__FILE__
$_SERVER['PHP_SELF'], if I remember corectly.
SCRIPT_NAME may exist in server too
depends on what you mean by "its own file name"
excellent, thanks
i'm using it for an include() to know where it's being invoked from.
use __FILE__ then
dirname(__FILE__)
Why?
http://us2.php.net/reserved.variables there's plenty there.
because your include will be relative to that position, no?
depending if you want the name of the file, the file relative to the http:// address, the location relative to the root filesyste /home/httpd/foo.php, etc.
the webroot, the document root and the file system root
or do you mean using it inside an include?
accordingly.
Hrm. I may be best off defining this myself in the start of every file.
wait
mysqli_real_escape_string() removes all the special characters from the string?
I dont understand what mysqli_real_escape_string() outputs. so if I filtered "union select '1', concat(uname||'-'||passwd) as name, '1971-01-01', '0' from usertable;" though that function, would I get, "union select 1 concat uname passwd as name 1971 01 01 0 from usertable"?
hold on, i'll check
i use a dbi, so i haven't used those functions in ages.
it looks like that function just adds escape strings–it doesn't actually remove any symbols.
so it wont work?
nah
it should work
no, I mean to prevent hacking
the "dangerous" symbols will get escaped and subsequently be treated as mysql data instead of a mysql instruction
Does the gd library come with PHP 5.2.3?
ah ok
i.e: the ' symbol will be \', and mysql will say "ah, there's a ' character in the string" instead of "oh, encountered an ' character, which i should interpret as part of the issued command"
one last thing before i implement it in my code
k
nvermind
just an extension
the format is mysqli_real_escape_string(LOGIN, $string_to_parse) right?
ain't ut just mysqli_real_escape_string($string_to_esacpe) .. ?
thats what i was wondering
lol
it returs the escaped string
I think it would be silly to have to log in everytime you want to parse a string
note that you need to have an open db connection for it to work
but of course
it checks the db config for escape chars and such
hmm, what do you mean
do I have to set those escape chars manually?
nope, you wont
Are you getting compile errors with GD in PHP 5.2.3?
No I am fine.
Just uncommented the extension in the ini and it worked perfect.
I didn't need to compile
Haven't coded php in ages though, so dont believe eerything I have to say (rails ftw)
what's the "authority" part of an url ?
CakePHP ftw, eff rails
or can someone point me to the url specs?
actually, ruby is the best shitz
*
hehe, python's quite good also. Even though I feel like all of those are just ripping rails
from what i've read, there's a scheme (http:///) an authority (foo.com) and a path (/bar.html)
rails is hella slow man
so the authority would be the domain including tld
Neah, running under mongrel it pwns
Native php is faster though
ty
hmm
I don't even think Rails running under Mongrel is faster than PHP under FastCGI…
its asking for a mysqli link
But of course, mod_php should be the fastest.
what is mysqli?
"MySQL Improved"
(sigh)
and let me guess
its seperate from a mysql login
A mysqli link is a resource link to your database.
It's the resource that's returned by the connect function.
Pure Erb is, dont have any large php framework that I've seen any benches to compare with though
right, but if ive already logged into the database using the mysql do I have to log into mysqli seperately?
and, the php fcgi loader owns the rb one
Me neither.
if you are using mysql_connect() then use mysql_real_escape_string() and not mysqli_real_escape_string()
ah oki
Look at the Twitter guys. They created the largest Rails application (largest as in, largest load).. they had to strip all of the beautiful things that makes Rails… well the things that makes it Rails. That sucks.
Anyway, the performance of rails aint an issue. There are huge pages running it fine.
Just to get the performance.
Twitter says otherwise, Sotai_
really? Didn't know that. Kinda sucks.
Can I read about it anywhere?
Let me see if I can find a link.
$usernam = mysql_real_escape_string($_POST['username']);
and then
$result = mysql_query("SELECT * FROM TABLE WHERE username = $usernam);
Can see they still use de default helpers though. Maybe they stripped the active record stuff?
$result = mysql_query("SELECT * from TABLE WHERE username = '$username'"); string values have to be escaped enclosed by ' ' quotes
http://www.radicalbehavior.com/5-question-interview-with-twitter-developer-alex-payne/
sans escaped
brb
I don't know the details. The problem they had the most I think was dealing with multiple databases from multiple Rails applications running from multiple Mongrel instances.
They have the money to upgrade their hardware, but hardly the time to customize their software.
Time is very important.
Ah, okey. There are other pages almost the size of twitter (saw a list a while ago), wonder if they experienced the same problems..
so that sould effectively prevent people from runing SQL stuff from the username field?
guys, does anyone knows how can I access this? http://www.pastebin.ca/653978
I'm sure they do.
etc
Ruby applications aren't scalable. Let's hope this Christmas, by the time Ruby 2 hits the streets we'll have a very mature and optimized YARV.
How can I tell if a string is properly escaped for a MySQL query?
$obj-name — $obj should be replaced by the variable name you're using.
You shouldn't have to. If you do, you screwed up somewhere.
excellent, thank you very much
You're welcome. You should also read the PHP manual on getting started.
Yeah, that'd be awesome. I totally love the language and the framework. It's so goddam fun to develop web apps. I got so bored in php
yeah, I should learn OO php, going to do it this week end
yeah
You should learn it, yes. Then decide if it's right for you or not.
I got fed up with PHP, not tired of it. Haven't written any serious PHP code in a long time and I've never been happier.
Though, I don't let my knowledge go to waste.. I still help out every now and then
woo!
than you so much for helping me
I'm trying to decide whether it's best to check for gpc_magic_quotes and use addslashes() to escape strings, or just use mysql_real_escape_string() with mysqli.
well I am working with php from some years ago, maybe 3 or 4. But never used it as OO programming language
It's best to check with for magic quotes.
I am a specialist at spaguetti scritps )
I think that's what i meant. I just hate the feeling when you _have_ to finish this stuff, and have 4h off basic trivial coding to "look forward" to : /
Sounds like you want Perl
why's that?
I need to change my name so tab completion doesn't have you misname me again…
Yes, you should change your nick
I only type upto "Dig"
no probels
Just sounds like Perl is well suited for it
For "spaghetti scripts"
Does that help?
Sure.
ahhh heheh
Or will it interfere with DARKGirl?
I just got fed up with the language itself. All of PHP's inconsitencies, things that made no sense, things that I was doing to satisfy the interpreter.
I switched to Ruby a while back because it seemed more like a language for humans, not computers.
I'll make the effort to type "Darc" before I hit tab
But it doesn't conflict, btw
I guess X-Chat does it alphabetically.
Yeah, somehow you dont end up spending an hour for some wierd syntax error that "shouldn't" even occur
Compilers and interpreters are the nerd's worst enemy.
is it ok to offer work in channel?
Not in this channel.
damn
!+jobs
no job posting / asking for jobs on ##php (see /msg php-bot g7). You might want to check out: ##php.jobs http://www.geekfinder.com, http://www.monster.com, http://www.rentacoder.com or http://www.getacoder.com, or php.net/links, "Developers and Job Opportunities".
thx
You're welcome.
I am using this IRC network for about 10 years, and now I found that I could type ku+tab and had autocompletion
It has nothing to do with the network, Toerkeium.
too bad there isnt anyone in php.jobs
It has to do with your client software being able to do it or not.
mIRC; I meant
Post a job on any of the above listed sites.
You should get a pretty quick response.
yeah .. i have some things up on craigslist
rentacoder.com is probably one of the most popular ones out there.
Wow, I sympathize with you. You used that half-assed IRC client for 10 years?
k .. thx again
No problem.
What's a good client for the Mac? I'm using Ircle, at the moment.
use x-chat, it's sweet
I like Colloquy, but sometimes it's annoying because of the bug it has with Webkit.
(I use Colloquy when I'm on OS X, that is)
X-Chat Aqua
haha, well you know, I am not crazy about irc clients functionality. It sends what I write, that's enough for me and now that I discovered this autocopletion stuff, my god, I have mIRC for 10 more years
Colloquy is more aesthetically satisfying than X-Chat Aqua
I got used to x-chat what I used linux. Been using it on both osx and win scince then
There's also some client called Linkinus or something like that… haven't tried it yet but it looks good (for OS X)
rentacoder is absurd. "i want a myspace clone" and some company from india responds 10 seconds later with a $200 bid
Damn those Indians.
It is. Is there anything you feel is missing with the client?
Missing from Colloquy?
xchat aqude lacks a proper xdcc gui
Yes
i don't care about that portion–just the fact that the quotes are completely unrealistic.
hello everybody
X-Chat Aqua lacks a proper GUI, period
Nah, it's fine
I don't find that Colloquy is missing anything. It has everything I could ever want in an IRC client… including DCC.
can you help me for a newby task ?
There's just that one bug in Webkit that sometimes gives you blank channel windows.
what if that people just did it and sold it many times? why woundlt they charge you only $200 for it?
It's never been fixed yet, because the Webkit guy needs to fix it.
good point.
hadn't thought of that
…. that's not a bad idea.
of course not, and more coming from rentacoder.com, that's something that I saw many times because there is too much competition
Too much competition with India, that is.
Once again, damn them.
i should build an intranet social networking site for large business so that you can get to know way too much about your coworkers and hopefully be able to make a grassroots petition for a mandatory company-funded martini lunch
bi should build an intranet social networking site for large business so that you can get to know way too much about your coworkers and hopefully be able to make a grassroots petition for a mandatory company-funded martini lunch/b
ask for a linkedin clone then
Okey. Can you configure startup servers/channels, nickserv auth and such? Can you see the last visible message marked when you switch back to colloquy from another window?
yes, yes, no.
there is too much competition from india and … ?
They work for cheap. Too cheap.
That's why they get all the work.
i want to view the result of an sql query in a table
can you give mesomehelp ?
it's a lot cheaper to live in india..
I want a million dollars.
though i've had some really excellent indian TAs
and i honestly have a fondness for the accent
they don't have "potable" clean water, if that says something to you
ohhhhh !
what ???
If there was a genocide of all of India… it was probably by some angry American PHP coder.
nah, helpdesk
also, there are places and places to find jobs
kuje.; hahahah
well, india is not a well known country by its excellent quality of life
I had a indian partner for a proyect once, and found that indian people is far qualified for programming than other 1st world countries
i'm notfrom india !!!
just clearing my point heh
No problem
You know, we are all here to learn from each other
of course
Nobody was born an expert
nah, for sure. But I could say that I meet people from different countries, and there is a big difference between them, speaking in general.
that's why I spoke about indian people, they have very good minds
yes sure
yes
india is the world mind
especially in IT
are you indian?
you soud like an indian guy
:P
no
heheh
and you ?
haha no, but I wound't have any problem to switch to
sure
just kidding
I am proud to be argentinian
cool
i like maradona
yeah, a player huh ?
Not sure what room to ask this, but I'll try here. When I try to open one specific php file, the browser tries to download it instead of displaying it.
Anyone have any ideas?
it's your web server?
where would be a good place to learn about using cookies instead of php sessions?
But the weird thing here is, that the name of the file is schedule.php
to remove these sorts of links from my google errors log http://www.forgemodels.com/contact.php?PHPSESSID=485264546bfc5ebe184324e17956dc4a
If I change it to schedule2.php it works fine.
i'm fro mmorocco
if you download the file, is there any php code?
i'm fro morocco
do you know about it ?
yes, it's the actual file.
not really, I just traveled a couple of times, not time to do it for vacations. Just a couple of times and for work
Are in the exact same location? the files I mean
cool
sorry
i must go now
see you next time
see ya giz_bmz
yes.
a pleasure .)
yea
a pleasure too
nice to meet you
then I don't have idea.
Can you do me a favor? What do you get here: http://www.ubrollerhockey.com/schedule.php
No games are currently scheduled for the date range you selected.
wtf.
Yeah, I just tried remotely from another computer and it worked. One outside of this network..
it's your computer
But on my two laptops here they're both downloading the file.
And one is Ubuntu, the other WinXP
it's strange that you get the php code
you are not lying to me right?
How is that possible? That means if this could be replicated on purpose someone could get pw's that would be in the file..
I'm not lying. That would be an interesting lie though.
you should try to find what's wrong and report it
http://www.henke37.cjb.net/index.php?page=phpsafety
I don't even know where to begin looking..
It's one of the strangest things I've seen.
i'll take a look.
check your vhost settings and mime types configurations in your pc. I would look for something related to your own network or workstations rather than something general
hmm.. this is interesting.
I just shut the apache server off, tried going to ./roster.php go the normal couldn't find, when to schedule.php and still got a prompt to download the file.
I'm wondering if it could be this stupid squid caching server my apt. complex has in place.
I'm going to kill these people. Really annoying.
surely
I'm thinking it has to be that.. What do you think?
any idea why PHP 5.2.3 won't compile as a fast-cgi?
hi all
but then even squid shoudn't cache the php code, just the resultant page
How else would it serve a page from a server which isn't running.
./configure –prefix=/usr/local/php5-fcgi –enable-fastcgi –enable-discard-path –enable-force-cgi-redirect
that's what I'm using to configure it
guys, is XMLWriter can use non UTF-8 encoding? 5.2.1 php
jinx, get rid of "enable-discard-path"
you check for apache logs, vhost logs, while trying to "download" or accesing the php file. And see if apache is logging the access to it
if not, then it happens somewhere else
Yeah. I tired all that. And it's not getting there which I thought was weird.
Even weirder is no output to live http headers when I try to go to that page.
sapi/cgi/README.FastCGI
was the squid proxy configured before or after the web server?
Before I think..
The squid server isn't mine.
baraboom, what does enable-discard-path do?
It's for this apartment complex all outbounds go through it.
dunno, just know its incompatible
The web server is mine and somewhere else.
with fastcgi
k, thanks
But it seems to do a lot of funky things
what I could think is that if the squid server cached the file from the web server while the web server wasn't configured to serve php files, then it could have cached the schedule.php file.
Hi guys
Can someone please help me figure out how to read an image into an array?
not sure if what I said is stupid or not, tough
I want to figure out what color each pixel position is.
For example, [0][6] = "purple", or 253526, or whtaever.
No, it's what I was thinking too after it did the same thing with the server off. But like squid won't display this page for some reason, I just get a completely blank page here: http://www.inlinehockeycentral.com/forums.php
And elsewhere.
And it seems to be only on this network.
no idea really
still around?
gtg, see ya
sure
just finished reading your article
looks good
nice detailed intros–one thing, though. on the CSS vulnerabilities section, you mentioned "hidden values." might want to add some clarification that hidden values aren't hidden form fields, as hidden form fields still show up in the page source.
it ask me to download the index.php file
if i have users entering html but i only want to allow certain tags. what do you recommend?
Toerkeium, get a starndards compliant browser
snoop-, avoid striptags with a secound paramater, it isn't as nice as you think
THanks for your time. I'll have to yell at the place again on monday.
what do you mean
oh thanks
i get it
what I mean is that it might allow stuff you'd rather not
like those event hander atteributes
garrett__, I am well aware that it is in the source
np
striptags?
it is a php function
yeah, but, uh–appending a hidden form field to a post request isn't really hidden if it's in plain view. anyone can then just add that form field to their form and the php script will still process it. wouldn't it be better to disallow posts that don't come from your domain.. or barring that,
using php to transparently append a value K to the post variable, and ignoring the POST request if value K isn't appended to the POST variable?
garrett__, you don't understand
the hidden value is session specific
i'll re-read.
maybe i misinterpreted what you said
I was probably unclear on that
I should rewrite that part
something is wrong with $_SESSION = array_merge($_SESSION, $row);!
yeah. lots of typos
how do I create a session properly?
session_start(); session_register('row_array'); $_SESSION['row_array'] = $row;
you have to register a variable before you can store it in the session.
session_register is not to be used with $_SESSINO
oh
right
huh
$_SESSION['row_array'] = $row
garrett__, I reworder that section, reload
*clicks*
hmm
ok, ill try
ahh, ok. looks good.
might want to do some editing, though. lots of typos and things like "Php scripts very often does side effects"
this is what I have so far: $_SESSION['logged_in'] = true; $_SESSION = array_merge($_SESSION, $row);
sorry, but I am afraid I don't see the issue there
is english your primary language?
no
whats going on?
$_SESSION['logged_in'] = true; $_SESSION['somevar'] = $row;
but when rereading that statement, I see the issue
you don't need the array_merge thing.
can anyone help me with a MYSQL record update problem from a php form?
$_SESSION is an associtive array. an array that has a key and value pair. to put something in the session, just make up a key for it and assign a value to it. $_SESSION['somevar'] = $row makes a key value pair of 'somevar'=$row. so if you say $_SESSION['somevar'] you get $row.
in principle, what you're trying to do makes sense, but it's not that complicated.
if english isn't your primary language, i understand. it looks good.
btw, I fixed that bad wording
oki, ill leave it somevar
but
when I run the script
I get errors
i have a form that shows a record from a mysql database, allows the user to update a field and tries to do an update, but the update never happens
you can name it whatever you want. it can be 'somevar' 'foo' any string. name it something that makes sense to you
can you pastbin the code and the error? or c/p the error if it's not too long
oki
no its not too long
still not enough information. Can you either post your code somewhere, or give more info?
let me save and re-execute
cool. technically it looks good, so no worries. there's some good information there.
yes i can
thank you
np
http://pastebin.com/m67c0039e
the link to the code
might want to mention that your not a native english speaker, though, so people don't just disregard it on a presentation basis.
i can give you a link to the page if you need
I don't think that might be needed
Does anybody know how to grab http://www.google.com/google.jpg into an image resource? $im = function(google.com/google.jpg); ?
thanks for your help InsolentDreams
just a thought–no worries.
I just want to fix the wording instead to raise the quality for real
on sql injections, 'storage' is a noun, 'store' is a noun and a verb. in your instance, you want 'store' instead of 'storage'.
at least i think storage is a noun…
http://pastebin.com/d4de622a9
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource
lol, garrett
well, the fix is good
good editing advice so far
$usernam = mysql_qyery(…… it's just a typo. $username instead of $usernam
Cannot modify header information - headers already sent
oh
first thing I'd do when debugging forms is usually start with print_r-ing the $_REQUEST variable to see what's being set. And then go through all your if statements starting at line 32 to make sure it's being executed properly by putting erroneous echos inside each if statement.
*blush*
:P
i spent an hour on a piece of code trying to figure out why something wasn't compiling and it was due to a typo
var_dump beats print_r
there's something to be said for having to declare a variable before you can use it
ID, i tried putting echo statements inside the if conditional statements, but nothing ever printed to the screen
how's it all going now?
then, i tried to purposely give a bad table name for the query and got no error message.
Exactly, it's not executing there
It means your pageaction isn't being set for one reason or another
yes, so what would the conflict be, in your opinion?
print_r (or var_dump for all I care) your request variables to make sure after you submit your form that pageaction is being set correctly.
for future reference, when you get something like "mysql_num_rows() supplied arguement is not a valid mysql result resource" that means that mysql_query didn't return a result, and so the problem has to due with the mysql query.
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource
Can someone please figure out how to turn this URL into an image resource? Please? http://www.google.com/trends/viz?q=blog,shadowserver&graph=weekly_img&sa=N
will try, thanks
also something about not being able to modify header informaiton
small improvment, but my code is still buggy
when I thought it wasnt
well… read the error DARKGirl
you can't always have answers given to you.
something went wrong with your query. mysql_error() should tell you what.
specifically, look at your SQL query. is your users table actually named TABLE?
oh not anymore. I remember I changed it earlier today
print_r show $pageaction to be set to "update"
thats expected
but the conditional doesn't execute
replace "TABLE" with the name of the mysql table..
whee
/php/badcreds.php was not found on this server
the way that your header() is written, those files need to be in the same directoy as the script that references them.
oh no no
thats an expected error
oh, ok
thats why I said whee
ahhh
dig
that document doesnt exist
(yet)
ID, i think the $fullname var is not being set from some reason
I like using exceptions and a shit load of print statements
hi
whee! it works!
I also spotted another typo
validation is not a field in my database
dig
ummmm will hte php_svn.dll php-5.2.1 (5_2) extenstion work with php 5.2.3??
the*
on unix, i'd guess no, since I'm pretty sure that version information is respected.
w…t…f…
but i don't know for certain if that applies to n.n.x releases
I changed some of my parameters from references to normal pass-by-copy and I got a 14% speed boost
can anybody explain that? o_O
google for 'php version information dll usage' or something. the great oracle knows mostthings
graett__, i might aswell just give it heck anyway, if i fuck up my localhost server then meh, i can always reinstall php XD
http://www.pgregg.com/projects/php/code/code_debug_timing.php
how do I prevent someone from just typing in a webpage, like the Welcome screen when they have not yet logged in?
like…prevent pages from direct access
set a variable in your session
if(!isset($_SESSION['logged_in') || $_SESSION['logged_in'] == false) { header('login.php'}; }
only set $_SESSION['logged_in'] = true after you've authenticated their login and password
dugg!
-.-
oh cool
dugg?
i think he means digg
i usually write a class for authenticating users with a method like isLoggedIn() or something and check if(!isLoggedIn()) { dostuff; } on the top of my pages
though most scaffoldings like symfony have this stuff built in
so i don't do that much anymre
classes are too advanced for me. I need to keep it simple
ok
well, then just write a function that's globally accessable that does the same thing
site_functions.php or something and include that in your pages.
well cant i put that bit of code at the top of every protected page?
yeah
that's what i'm saying
oh
is there a way to make sure a page has been accessed from another?
yeah, but that's not a very secure mechanism
i mean, I wouldnt understand why someone would want to access 'badcreds.php', but I would rather it come from a bad login attempt
and it'll probably break if someone types in a url or uses the back button
oh, lol ok
well, there's no harm in letting someone access badcreds.php; the only thing you need to prevent is people accessing pages without logging in
i only meant for pages I am somewhat indifferent if they access them
ah
DARKGirl, check if $_SERVER['PHPINFO'] matches __FILE__ - if it does then the file was accessed directly - not included in a different page
PHP_SELF even
syntax still cool?
To echo the contents
nice
only with short_open_tags - best to avoid
k thanks
that's a shame, it's a lot cleaner for templating
for the reason Qube mentioned.
you know, they refused the php= tag
Any idea what the logic was behind deprecating that syntax?
they never deprecated it
it is just possible to disable in php.ini
wow, that little bit of code is very simple and elegant
oh, okay. then what's the problem with it?
very nice way of protecting pages
logankoester, personally, never use php inside a "html" page anyway… it's all echo html from within a php script
I cant really move on until I actually visually design some pages
the template! I need the template!
bah
thanks
I wish I had root on this server
could just install rails and be done with it
thems fightin words
hehe nah, I'm quite tired of that conversation
I saw a script that had {something} in its template.tpl. Then it loaded the tpl file with file_get_contents and replaced those {blabla} with preg_replace Seemed cool
that sounds like what smarty does
or you can let the php engine do that
and get the whoule set of loops and everything
lol
trust me, php does everything smart does, but without the extra slowdown
smarty also has a nice {section} block for creating if/while/for loops and a nifty way of dealing with looping through associative arrays for building select menus and wahtnot.
garrett__, just like php has
*shrug* i liked smarty.
I do not
so.. file_get_contents and preg_replace ftw?
but i use symfony, so performance isn't usually one of my major concerns
foutrelis, that is also reimplementing php
i'd rather have a site with half a million lines of code be understandable than fast. it's easier to buy more hardware than it is to manage something that's not written clearly
sure, once in a while you do need a new formating engine, mainly due to who is writing the indata
smarty.. ha ha ha.. dumby
(in reference to symfony)
you wouldn't allow just any visitor to execute php code
with power comes the risk of missuse
I assume youve designed pages before, yes?
yup
mind if I ask you a non php question?
i try to leave that to the designers, though.
sure; shoot.
its been plaguging me for ages and no one can give me a straight answer. What default with should I design the site on
I know if i make it too large, people with smaller resolutions would have to use the horisontal scroll bars to compensate. I dont want that
i usually try to design something that's functional/good at 1024xx768, since, as far as i know, most computers i used in 1996 did 1024×768..
if I make it too small, it would look silly on a larger resolution. someone told me about scaling images or whatnot, but what I really want is to make a page where the content seems to 'float' in the centre and have boarder edges on the sides regardless of resolution and general browser window
size
hm
my site is not going to be super snazzy–it doesnt have to be. Its a developer site for my MMO project. everyone on my team will use it to share data in a central area
i saw this on digg the other day.
http://snook.ca/archives/html_and_css/six_keys_to_understanding_css_layouts/
might be useful for you
it needs to be simple, but no so simple that it looks like a toddler had some fun in paint
well, figure out what content you need, first of all. sketch something out. take a look at some simple css designs that you can use for your needs. figure out which one works best with your content and then style it as you see fit.
