| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Comments:
<0> Dj_FlyBy : I imagine your $_POSTed data contains a ' somewhere in the entry. Rather than using inline $_POST['variable'], in that manner, use $variable_name = $_POST["foo"]; to _get_ the variable ..if you don't have the value in php.ini set to automatically addslashes to your POSTed content, you'll have to addslashes() prior to building your query
<1> hm. yeh I was wrong.
<1> I don't use '$_POST['var']' . I would use double quotes for one of those, just to make it easier to eyeball grep
<1> actually, I would have referred to those vars as ${_POST['var']} maybe?
<1> ||cw: hrm, when I run php myphpscript.php 2&1> /path/to/log it sends the command to the backgrounad as php myphpscript.php 2
<2> ew!
<0> I know..I know, extract() by itself is _evil_ ..so don't use extract() unless you handle the values properly once extracted
<3> what is the easiest way to resize an image using php? i need to make sure its width is no biger than X pixels
<4> kndig: I have ity et to addslahes at the end
<5> daum: http://php.net/imagecopyresampled
<4> ack batteries
<0> daum : and: getimagesize()
<4> kndig: I have it set to addslahes at the end
<6> Dj_FlyBy: btw, the entire office loved your query. they're all standing around my monitor wondering what kind of drugs you're on to use column names like that.
<2> rofl
<4> caffinated: your welcome, always great to give a laugh on a friday
<0> Dj_FlyBy : if you're adding slashes at the end to $query, then you're query looks like this: $query = "...VALUES \'foo\', \'bar\'...
<7> how can i get the filename of the file that included the include thats running?
<6> Dj_FlyBy: as a side note, it might not be that bad if you camel-cased the column names. then at least you could turn it back in to something human readable to use in your forms.
<4> kyndig: would you like me to post teh entire mess?
<2> Ifsopleasetelluswhetheritismonthlyoronetimeandpleaseletusknowhowmuch <-- the hell...?!?
<0> Dj_FlyBy : *shake* I'm purdy shure I'm on the correct track. It's just the $query value you have there. You'll have to addslashes before you insert them into the query....sorry - looks like you have a wee bit of rewriting todo
<4> caffinated: what can I say... first attempt.... can we say .... N00B
<8> If so please tell us whether it is monthly or one time and please let us know how much...
<1> hint: use easier to read column names.
<6> Stormchaser: as weird as it sounds, it would be ok if it were camel-cased. i mean, think about it. say you have a column name like: WhatIsYourFavoriteColor - then you have some method to split the words, and could concievably then have a generic way to generate a form.
<2> xian_: No way! That'd require brains...
<1> caffinated: then pray you don't have to change the wording.
<2> caffinated: *shudder*
<6> xian_: yeah, but even that is solvable if you have a proper migration framework
<1> of all the crazy methods to simplify a project, I think that'd be the last one I'd follow
<6> xian_: of course not. there is no framework to manage it.
<8> just use lots of tylenol and you'll be fine
<0> Dj_FlyBy : OR ..(someone help me out here..) you can use ini_set() to addslashes to posted data
<1> haha
<2> lol
<6> xian_: not only could it work though, it could work very well.
<2> kyelewis[3]: *stab*
<2> er... kyndig
<4> kyndig: after looking over teh data to be entered, there are a few ' in the data provided
<1> you should probably addslashes, huh
<1> or otherwise html-ify
<0> Dj_FlyBy : *nod* the quickfix is to use ini_set() "I think (tm)" to automatically addslashes to those POST values. otherwise.. rewrite your query like: $first_name = addslashes( $_POST["FirstName"] ); $query = "INSERT...VALUES( '$first_name'..)";
<9> ini_set don't work with magic_quotes_gpc
<1> or foreach ($_POST as $post) { $_POST['post'] = addslashes($post); } or something
<9> and plain addslashes is bad solution )
<9> becauase magic_quotes_gpc can be enabled
<10> people with magic_quotes_gpc enabled deserve to die. :)
<5> Generally, the solution is to check if magic quotes is on, and reverse its effects with stripslashes.
<0> true..but he's newbieish..so better to give him it in a variable _now_ ..so when folks start leaving fields blank or entering bogus email addies..he already has it in a $variable to perform proper checks ;)
<9> =)
<5> Then do proper escaping when the time is right.
<9> i just use post/get wrappers , _post , _get -)
<9> _post("var") instead of $_POST["var"]
<10> kyndig: no, I won't put you out of your misery, it's okay. :)
<0> hmm, nod, good approach leonid_p_
<10> so, sort of a general question here
<10> I have a nice script, I'm considering redistributing this nice script... but I'm not quite sure what version of PHP it needs. I just wrote it, with version 5 or so...
<10> there's no tricksy special way to test out what it needs, is there?
<8> well you could always test it on older versions...
<8> start with version 1, and go up from there;)
<10> mmm. Maybe I'll set up a server on my laptop... haha
<0> Fennec : depends on how reliant it is on php functionality I imagine. I use some pretty snazzy php5-only functions ( I'm sure you know what they are if you're using them) - otherwise, it'd probably work perfectly fine with any 4.x version ( we won't get into 2.x or 3.x <--wasn't into web hacking during 1.x)
<11> Fennec: does it uses cl***es? does it use any functions that have special notes about different php versions?
<8> as soon as it starts working you have an issue
<10> I'm fairly sure it uses at least php4, but mmaybe php3 would do.
<5> Even if it did work in PHP3, I'd lie and say it doesn't.
<10> haha
<11> i wouldn't even consider supporting less than 4.2
<8> support 1.0!!!
<0> Fennec : If a server is using php3 these days - it's either there for backwards compatibility and php4.x+ is available, it is a personal server, or the server has _no_ new clients
<11> 4.1.2 bare minimum, that's when they added $_* superglobals
<10> Aha.
<10> localhost installation, here I come, anyway.
<0> gotta love this stuff
<10> well, I could use one anyway
<0> <--alibi: is a geek himself
<10> and I'll try out lighttpd
<10> but tell me.... can the average PHP installation download data from arbitrary URLs?
<5> Usually.
<0> like include("http....") ? *nod* not on many reseller servers though..., fopen() would work though
<10> what's the best way? file_get_contents?
<10> will that work often?
<5> Yep.
<10> okie.
<5> kyndig: Never, ever use include with a remote URL.
<0> since file_get_contents uses a file id..nodnod, that follows the fopen() rule of thumb
<0> mattmcc : *smirk* no kiddin
<9> better to use sockets to open remote file..
<5> Nah, file_get_contents is quite sufficient.
<9> allow_url_fopen is turned off on most servers..
<5> It is?
<5> Not in my experience.
<9> lucky %)
<10> leonid_p_: I want to download a specific file... how, via sockets?
<9> simly!
<9> *simply -)
<0> allow_url_fopen nodnod, that's it. You can thank bad distro software for that server-side security implement
<9> just send get request, parse response.. save file..
<10> leonid_p_: got any examples?
<9> one second , i will show what i use to open remove file
<9> m?
<9> =))
<12> hello all
<12> is there a date_format() for RFC-822 ?
<9> http://pastebin.com/714258
<9> works on all servers i seen so far %)
<12> (to convert from mysql's yyyy-mm-dd to RFC-822)
<13> Finish him :o
<2> gone
<2> :)
<13> Flawless Victory
<2> fatality! :)
<12> "fatality"
<12> heh
<0> thanks for the help once more folks
<9> heh
<9> ok
<9> will turn autoslap off -))
<2> leonid_p_: Or that, or you'll get slapped off...
<9> Stormchaser , i see -)
<9> ok, this script still use join("",file()) , bad way %)
<6> leonid_p_: all depends on what it is you want. using join() and file() together will work in versions of php that do not support file_get_contents()
<9> yes, but fopen/fread is much faster then file_get_contents()
<9> oops
<6> leonid_p_: it's not really about speed - more about memory conservation
<9> i mean when join(file()) -)
<9> when = then -)))
<10> For my purposes, memory consumption is all but utterly irrelevant.
<6> then the method you use won't matter
<9> join(file()) break file some time
<9> try to read binary file and you will see
<6> if you have a recent version of php, use file_get_contents(). if you're not sure which version it's going to be use join/file
<9> use fopen/fread -)
<14> Does dio_open work much differently than fopen in terms of how it is implimented/talks with the OS?
<9> join/file is bad practice.. fread(fopen($filename,"r"),filesize($filename)) is better -)
<15> leonid_p_: that is worse
<14> There seems nothing about the technical side of it in the manual yet someone's comment says dio_write is faster then fwrite.
Return to
#php
or
Go to some related
logs:
#ldap
#centos
#web
ttbsignup
#oe
#fluxbox
grub Hyperthreading disable
ubuntu valknut vnc
#css
#linux
|
|