| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
Comments:
<0> hrm. Warning: main(AIR.php): failed to open stream: No such file or directory in /home/outcast/public_html/index.php on line 359
<1> aidan: or simply: if ($this->validation->validateString($p***word) && $p***word == 'foobar') ... :)
<2> CarlH: That's usually an indication that you should be using type-safe comparison
<3> It's a safe bet. == is tempting fate.
<0> for my link i did this:
<2> I should say "type-strict"
<2> !tell spirit16 about includes
<0> index.php?content=content/reviews/AIR.php
<4> see, that's a better approach: === will save you work when comparing primitives
<2> spirit16: php-bot has sent you to a link that will teach you how to do safe, dynamic include statements.
<3> CarlH: you're being ridiculous now. You can come up with all your wanky functions to prevalidate the text to make sure it's a safe compare, OR JUST DO IT PROPERLY
<1> aidan: Either way I need to validate anyways though, I need to make sure there are no special characters, that it matches a certain regexp , etc
<0> this about security or just to fix the error?
<2> aidan: Be careful not to muddy the message. There may be OTHER types of validation that need to be done, as well as type-strictness
<1> aidan: MOST validation I would do like for a p***word is going to be regexp anyways
<1> i.e. must contain no ; no \ no / etc
<3> CarlH; no you don't ... if you're checking a p***word, you compare two strings... you don't need anything else
<2> spirit16: security, but it will fix your error as well, because you're going to rewrite your entire script
<3> you're talking about generating a p***word or something. .. again, off topic
<1> aidan: well validating any data submitted seems to be good security to me anyways :)
<2> CarlH: aidan is suggesting that $p***word in this case is not submitted, but generated by, e.g., a database query
<1> aidan: So you are saying there is *NEVER* any time, that someone should use == ? that people must *ALWAYS* use === ?
<2> CarlH: He's saying that, as a general rule, === is the right thing to use
<3> CarlH: not at all, TML gave an example (which I don't completely understand) where it's fine
<2> (If I may speak for aidan)
<1> aidan: Then I am lost, since earlier you challenged me to find *ONE* example where it was ok to use == instead of === lol
<3> CarlH: what I'm saying (thanks TML!) is that people should by default use === instead of ==
<1> am I correct that the ONLY difference between == and === is that == attempts to match both data types before the comparison, where as === requires both items being compared to already be the same data type?
<2> CarlH: It's a question of which do you use in the *general* case. aidan was making a generalization. We've already crossed that ground, and it doesn't invalidate the actual point.
<3> TML should use a better database abstraction layer, so his database types match his php types (and are not lost in the conversion or whatever?), then he too could use ===
<2> CarlH: No, you're NOT correct
<5> aidan: I agree with that. It avoids ALOT of migrain sized headaches with PHP :D
<1> TML: Well, enlighten me :)
<4> no, carl... it also has a totally different method of object comparison
<4> which is a huge difference
<2> CarlH: == *changes* the type of one of the arguments during the comparison
<3> khrome: does it? tell me more
<1> TML: thats what I meant --- change to match
<2> ok
<1> so then... am I right? :)
<2> CarlH: Yes. But it doesn't make your argument sound.
<4> too much to sum up, just look here: http://bugs.php.net/bug.php?id=35053
<2> aidan: I don't use ANY db abstraction layer at all.
<3> CarlH: comparing two strings ... you'd think they'd be compared normally right? letter by letter? wrong. If one of them starts with a number, they're both converted to floats and compared like that.
<1> TML: I am on other ground, just trying to ensure I understand all of this hehe
<4> it uses field comparison, rather than a resource ID
<3> TML: I know you don't :)
<2> aidan: =)
<3> TML: have you been following PDO?
<2> yeah
<6> hey?
<1> aidan: Oh really... so you are saying that '1test' is not treated as a string in an == comparison ?
<2> I'm unhappy with it
<3> I'm using it for a couple of things ... it's awesome
<6> anyone used the PHP_OPENGL php thing from sourceforge?
<3> CarlH: correct
<6> it looks interesting, although I cant think of any real practical use .. just wondering if anyone else uses it and what for?
<7> MySQL and pgsql compete fairly closely no?
<3> khrome: ahh, how interesting
<1> aidan: Still though, saying $string = '1test'; and saying if ($string == '1test') will p***, so what is wrong with that exactly?
<3> CarlH: could you possibly think a little outside the box?
<5> I've never had a challenge with comparing strings that start with a number with == ... it compares it as a string... in my experience
<7> i was thinking about only supporting MySQLI in my new project... but, I don't know if thats such a wise idea.
<1> aidan: I am still a bit lost on this, explain to me why the above example is 'bad'
<3> CarlH: what if $string = '1foo'; it'll still p***... Did you want it to p***? probably not.
<5> But as a rule I'd suggest using === and i enforce my team using === fairly strongly
<2> m-00kie: There are some people that find themselves so resistant to learning other languages that PHP becomes the "correct" language to do things like graphics layers.
<1> oh really... so *any* string beginning with that number will end up p***ing?
<3> lith: good man :)
<3> CarlH: no, it's more complicated than that
<4> aiden: but that *only* affects cl***es, it's still proper for all primitives
<1> aidan: I mean even if its being converted to a float (granted not good!) --- still 1test is not going to turn into the same float as lets say 1this am I correct?
<3> khrome: dericks answer annoys me :/
<6> TML - well im sure its got some practical use - I just cant think of one :)
<3> CarlH; no, you're not correct
<6> fancy 3d bargraphs?
<5> khrome: I wasnt aware that Zend treats cl***es any different then creating a function outside of a cl***. (everything pertaining to this conversation that is)
<1> aidan: it will turn into the same float ?
<2> m-00kie: I don't think it does, but that's just me. :)
<3> CarlH: go do some testing, google some of the mailing list threads ...
<6> yeah. allright well thanks
<4> lith: php5 includes all kinds of advanced OO features, including reflection
<3> I have to say I'm not very impressed with http://www.adobe.com/products/acrobat/access_onlinetools.html
<1> aidan: interesting, ok I will look over this a little bit more
<8> is there a global variable in php (like app.pathin visual basic.) to learn current directory?
<3> I've had a 10/10 fail rate
<3> nick|away: getcwd()
<3> nick|away: basename(__FILE__)
<4> AFAIK php5 has true encapsulation, if not it has a very effective way to fake varibale scope
<8> aidan : i found $_SERVER[PHP_SELF]. is it useful?
<3> nick|away: no
<3> __FILE__ is the same
<3> kinda.
<0> question. when do you use ' ' or " " in includes? cause i am seeing code with ' ' and some with " "
<3> spirit16: always use ' unless you need variable interpolation, in that case use "
<2> khrome: Please don't confuse encapsulation with visibility. PHP4 had the exact same "encapsulation" as PHP5.
<0> thanks
<4> err, I mean the function bodies being allocated with the variables in the cl***
<4> it's linked to visibility, though
<4> visibility follows structure on the stack
<4> or should :P
<9> Hello
<2> khrome: encapsulation didn't change from php4 to php5
<4> well, my use of php4 was limited
<4> I never explored enough to know if it was a hack or not
<6> hmm that online pdf conversion tool looks interesting
<9> Whats the $_SERVER name for the current URL with all of the $_GET values ?
<2> khrome: It's not.
<6> wonder how they'd feel about hacking it to use from personal websites as an on-the-fly document converter :)
<4> well, regardless... I'm very happy with 5
<2> khrome: That's wonderful. I'm just very protective of PHP4, so I jump on any disinformation. :)
<3> SunShineLady: print_r($_SERVER);
<5> sunshinelady: and for a whole list: http://us2.php.net/reserved.variables
<9> thanks
<5> i spose print_r will give a whole list too... but a whole list explained :D
<4> was considering migrating to ruby before 5 came out.. but I haven't even thought about it since
<6> ruby on rails?
<4> no, I hate rails
<4> just ruby the language
<0> Nice!! i got it!!
<10> Take it to #LanguageWars
<6> never used it
<6> :>
<0> thanks a lot everyone!
<0> well everyone who helped me
<8> aidan : can i learn the base url ? (http://www.example.com/folder1/ not /home/httpd/..)
<0> i did the switch thing TML. the last one on that page
<0> since i don't want to go into arrays
<4> nick|away: $_SERVER["SCRIPT_URI"]
<3> nick|away: print_r($_SERVER);
<6> lol i love adobe's faq for that conversion page..
<6> "By submitting content through these tools, you understand and agree that Adobe may occasionally access the content you submit for purposes of quality control and administration of the conversion service."
<3> m-00kie: lol
<3> it's a shame their conversion thing is so ****
<3> and the sf.net pdf2html is crap too
<10> aidan gawd.... are you still whining about that crap?
<0> he needs some good scotch to calm down
<3> yes
<10> aidan take it to #NAgBitchComplain
<3> I paid for the decryptor .. I'm trying to find a good converter now
<4> latex is a nicely parseable formatted text format...
<3> latex is nice ... I've swapped from latex to XML now
<3> which is good for the xml->html conversion, not so good for the xml->pdf conversion
<4> I harvest from JavaDoc combine it with text, merge it into latex and output it to pdf to generate out manual (I write a desktop app in my day job)
<4> allows me to pipe the source to other locations like HTML or the apps built-in help system
<4> anything that allows me to do less work :D
<7> does anyone know a better way to do this? http://hashphp.org/pastebin.php?pid=6115
<6> hmm i just re-read that phrase i pasted.. its not legally binding to ALLOW them to read our data - i wonder if they realize that? :)
<11> shouldn't this display "ip address= 1.1.1.1"?
<11> <?php
Return to
#php
or
Go to some related
logs:
#math
#mysql
#qemu
example of pear quickform class useage
#php
IO::Socket::INET bidirectional client server
ubuntu client rejected from localhost
#python
#oe
#gentoo
|
|