| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
Comments:
<0> what's a good way to weed out special chars ?
<0> i need to create directory name
<1> MarkR: http://www.decomp.nl/2.php
<2> ks: The best way is to weed in non-special chars
<2> Remi_Woler: Well DOCUMENT_ROOT looks fine to me.
<3> ks: preg_replace
<4> hey, can someone please help me try and figure out why i keep getting this file stream error http://pastebin.com/644703
<1> MarkR: yeah, but the whole 'www' directory does not exist (anywhere)
<5> why are methods in php referenced by the docs as methods but the literal reserved words are "function"? can we use "method"?
<2> Remi_Woler: I'm sure it does. Maybe you just cannot see it.
<0> Stormchaser does ctype covers special chars ?
<1> MarkR: my realpath is /home/3161/decomp.nl/HTML/
<2> Maybe, but the web server sees it in /www
<0> like walk through using ctype_cntrl, ctype_space, etc
<3> ks: no. Your logic is too twisted to work.
<2> Your FTP server might not be on the same machine
<3> <3> ks: preg_replace
<0> ok, thanks
<1> MarkR: that is the path that php echoes in a WARNING
<2> I'd be inclined to suggest that the path that Apache sees is the right one to use, anything else is wrong
<6> can anybody help me please - im not an php expert but I've been using e107 (good stuff) as far as creating a webste that has a nice look like html thats easy is there any way I can do that in php as well - I know about WAMP, etc but I want to know how to refer to images to create nice looking website
<4> hey, can someone please help me try and figure out why i keep getting this file stream error http://pastebin.com/644703
<0> does anyone have list of special chars that cannot be contained in filename under Linux ?
<4> im probably no doing the function right but i dunno how to do it
<1> MarkR: usually: definately, but in this case, I have my doubts
<2> Remi_Woler: And ***uming that you put your settings directory in that dir (HTML), then will it open the file correctly?
<1> MarkR: settings/ is right under HTML/. It opens the file for reading fine, just not for writing
<2> I wonder if it's NFS mounted readonly?
<4> thats the same prob i think im having
<1> MarkR: could be, can't check that afaik (have no shell access, due to a 'misconfiguration' on their side)
<2> ks: There are almost none (/ obviously, and NUL). But most special characters you should not put in a filename
<7> is there a way to check if a cl*** function exists? like if (function_exists('cl***::methodName'))
<7> ??
<8> "SQL is the Fortran of databases -- nobody likes it much, the language is ugly and ad hoc, every database supports it, and we all use it."
<8> _Slick_Rick: did you even *bother* looking?
<9> itrebal it is not
<2> Remi_Woler: I am beginning to suspect that the files are kept on a remote filesystem which is not writeable remotely at all. Therefore, you're always getting access denied. This means you can't write files into your own web space, only tmp
<2> Obviously if it's a problem you should take it up with your sysadmin
<8> Jymmm: just ammused someone would say that
<4> Warning: fopen(file.txt): failed to open stream: Permission denied in /HDextra/optikkore/www/ok/u2.php on line 11
<4> can't open file
<2> After all, they're providing a service for you. They should change the config for the developers, not the other way around.
<4> is that an OS issue?
<9> itrebal you're the one that said it!
<10> itrebal: Meh, I can't say I'm especially fond of SQL, but that quote is a bit off.
<8> Jymmm: no i didn't
<0> is there a good use for overloading method in php ?
<8> its from the "lex & yacc" book
<1> MarkR: in /etc/fstab is no sign of a remotely mounted fs. You could have a point though. Well, they are not really providing a service for me, it's for a friend of me. But the company states that they don't support custom php scripting. If you want something that really works, you will have to let them do the coding.
<9> itrebal: The logs never lie you bastard! [12:46:18] <8> "SQL is the Fortran of databases -- nobody likes it much, the language is ugly and ad hoc, every database supports it, and we all use it."
<1> MarkR: I just wish he knew what that ment when he choose his hosting company :)
<10> itrebal: SQL should be more like LISP! SQLISP! :O
<8> Jymmm: i dunno what you mean: (03:43:20 PM) itrebal: "SQL is the Fortran of databases -- nobody likes it much, the language is ugly and ad hoc, every database supports it, and we all use it." -- Yex & Yacc
<8> FlamingCows: :)
<2> Remi_Woler: Well, if you develop a PHP application, you presumably will be choosing everything about the platform. If the ISP cannot provide one (managed/shared) which fulfils your requirements, you need to use a dedicated server and set it up yourself.
<2> I think you'll find that the time saved by having a dedicated server set up *exactly* how you want it is enormous.
<9> itrebal: No, that's NOT what you said. scroll back and read!
<2> Certainly, no problem with the ISP deciding to do random upgrades to untested versions of things
<10> Jymmm: He had the quotation marks. :|
<1> MarkR: I do have a dedicated box myself in the AMS-IX, I will be developing a new site for him, I just need a very tiny fix for the mean time
<9> FlamingCows I dont care if he had a stick up his butt!
<10> Jymmm: That's not quite the same thing...
<2> Remi_Woler: Basically, it is my professional opinion that shared hosting is a false economy
<1> MarkR: I totally agree
<11> greetings!
<2> And in my experience, providers very rarely give their clients adequate notice when upgrading things (or changing things); and the clients even less frequently p*** on these messages to the developers
<0> MarkR you were right, probably it's easier to check for letters, numbers and certain specchars
<1> MarkR: thanks for helping anyway. I'll just use MySQL in the mean time. Won't be that long :)
<11> quick question..i want to define a function that returns an object
<11> should i return &$instanceofObnject?
<11> or function &functionName()?
<2> dealt: No, use PHP5 then it's no problem.
<1> MarkR: Huh? Notices? Is that something a developer should get? :p
<2> Remi_Woler: :)
<11> MarkR: what do u mean?, im using php5
<3> !+u
<12> Surely you mean 'you', not 'u'? The letter 'u' is not a personal pronoun. Talking like this in ##php may get you silenced. For details, /msg php-bot aolbonics
<8> FlamingCows: (select [first-name] [last-name] :from [employee] :field-names nil :order-by '(([first-name] :asc) ([last-name] :desc))) is some CLSQL (Common Lisp SQL)
<11> ooopsie
<1> MarkR: I am kinda used to not getting any notices at all, and have the pressure to get the site fixed at the worst possible time :)
<11> MarkR: what do you mean?, im using php5
<3> itrebal: Since when are you using LISP? :)
<2> Dear clients, tomorrow morning at 5am we will be upgrading to PHP6 beta with the very-unstable accelerator. We know that there is almost no chance that you will have tested your apps with this, and no way that they will work. Moreover, your developers are not going to get this message before then anyway, have a good evening - Your ISP.
<1> MarkR: rofl!
<2> dealt: In PHP5, objects are p***ed by reference anyway, so you do not need to return a reference.
<8> Stormchaser: since never :) i just metioned that to a friend (happens to be a LISP programmer)
<11> Mar
<3> hehe
<11> MarkR: gee thanks
<8> MarkR: i run PHP6 on my server
<13> does PHP automatically filter GET and POST requests? to remove dangerous characters? (' " / \ = etc.)
<11> last question: then what function &function() means in the first place?
<8> aridese: if magic_quotes_gpc is on, but it should NOT be, it creates the possibility of security holes
<2> dealt: In PHP5+, non-objects are still p***ed and returned by value normally.
<2> The & makes them be returned by reference. This means that it could be a global, member variable or something, and it will return a reference. There are not too many cases where this is particularly useful for non-objects.
<13> itrebal, so if it does filter it, it creates even more security holes and the application should sanitize input manually?
<8> aridese: correct
<13> itrebal, thanks
<11> MarkR: ok sir. thanks a lot
<2> itrebal: Haven't they removed magic_quotes_gpc in PHP6 anyway ?
<8> MarkR: yup
<14> magic_quotes_gpc filtering input and being a security risk?
<14> wow
<2> I find that magic_quotes_gpc being on, does not create a security problem. However, it does create data corruption (i.e. the terrible multiplying backslashes, they're worse than Tribbles)
<15> lol
<16> Programmers make the security problem when they rely on it for code.
<17> house is on! channel 5!
<13> is magic_quotes_gpc the only PHP SQL injection protection?
<16> Seadog: uhm, we don't all have the same channels
<8> aridese: no, there are functions like mysql_real_escape_string (mysql)
<17> bleh
<17> lies!
<17> you all have the same ones ;)
<16> aye, and the same zipcodes
<8> aridese: one reason it can create security holes, is because developers automatically ***ume it escapes everything that hte database needs escaped, which it doesn't, therefore allowing security holes
<13> itrebal, is that function safe and sanitized to use?
<17> well, postcodes technically :P
<2> aridese: Automatically filtering requests is an error-prone business, because it has false positives which blocks genuine data. Things like Apache's mod_security and IIS's ASPNET request filtering module both suffer from this. PHP does not provide anything which does that by default.
<13> itrebal, ah i see. what exactly does it escape?
<13> MarkR, interesting
<8> aridese: i'm not sure, slashes i think, quotes, parenthesis, etc... mysql related characters
<13> ah
<2> I've actually coded my own little request filtering module which takes out ascii control characters, because I can't see any case where I could ever want them in get, post or cookies
<8> i think there should be an amazingly smart function called escape_query(query); and it automaticly cleans up, and escapes all necissary things lol
<2> It also takes newlines and tabs out of cookies
<18> hi! i have a dynamic array - after every entry i should insert another string - if there is only one entry in the array it should just leave it.. how can i do this?
<8> phatbyte: ...what?
<13> hm, and is there a function that would filter out HTML and jabbascript ?
<8> aridese: there is htmlspecialchars
<8> aridese: but it only escapes it
<10> !tell aridese about func strip_tags
<13> thanks
<8> aridese: one thing you should consider is leaving the input exactly as it is until you output it, thatway if you need the original input for one reason or another, you still have it
<3> !botsnack
<12> :), Stormchaser
<13> FlamingCows, what about all those nasty XSS scripting attack that people have?
<10> As long as you strip the tags or escape them in some way, you should be fine.
<13> ok
<4> how would i p*** the value of a textbox to a function
<8> aridese: if people do <script...>javascript</script> it will leave the javascript part, but remove the script tags, therefore not being escapes
<8> escaped*
<4> just $texbox name?
<8> optikkore: is it a post or a get function?
<8> form*
<19> need help with a simple regular expression, how do i check a string only contains numbers and the character '.'
<13> itrebal, but without the <script> it won't execute, right?
<8> aridese: correct, Axsuul: i think /[0-9.]/
<3> BigE: Your quit message is cool :)
<8> BigE: i second that
<20> Axsuul: '/^[0-9.]+$/'
<13> BigE, thirded
Return to
#php
or
Go to some related
logs:
#qemu
make-jpkg: command not found
#sendmail
kde ubuntu permission denied ejecting cdrom
qmail [root@localhost ~]# telnet localhost 143
fc5 ntpd.conf
amarok dcop kded mediamanager fullList gnome
gentoo cobal
#gimp
+mpeg321 +download
|
|