| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Comments:
<0> http://www.php.net/intval
<1> Um.
<1> Somehow, I get the feeling that is_int(intval($foo)) is always going to return TRUE.
<2> Zarel: Yup.
<0> haha -- true, let give me a few to look up a better way
<2> What is it you're trying to do, Zarel? I joined after you asked.
<0> zarel: use is_numeric instead?
<3> never use is_numeric
<3> use ctype_digit
<4> no, that catches hex and exponential
<4> damnit caffinated, I am two seconds behind you
<3> blame it on lag ;)
<4> :)
<1> Hmm. A shopping cart script that catches hex and exponential.
<3> is_numeric is a worthless function. they really should make it so it takes a parameter which defines which numeric types you need to check
<1> It'd be pretty funny if I could order 0x8FC4 of a product.
<0> caffinated: interesting, I've never seen ctype_digit. I ***ume it would be faster than a preg_match?
<3> Thrawn: unquestionably
<0> cool, thanks :) Learn something new everday.
<3> no trouble
<1> But, yeah. Any idea how to check a string to see if it's an integer?
<0> Zarel, take caffinated suggestion, check out ctype_digit
<1> So '4.6' would return FALSE, and 'a' would return FALSE, and '8' would return TRUE?
<1> ctype_digit?
<3> http://php.net/ctype_digit
<1> Oh, that works.
<1> But there goes my plans to let people buy 0x8FC4 of a product.
<2> how 'bout ctype_xdigit then?
<4> or +1.2fe10
<4> -f
<1> Or negative numbers.
<1> Which isn't necessarily a bad thing.
<4> lol, I added a negative number of items to my cart once.
<4> got a bunch of stuff for free
<1> Nice.
<3> just use abs() on the incoming value after you've validated it
<3> or just disallow negative values in the if() condition
<1> I usually just use die('Nice try, hacker') if I get a negative number.
<1> Or, in this case: The quantity you gave for cart item #1 (which was '8') was not a valid number.
<1> As you can see, ctype_digit is being evil right now.
<5> I need help making my upload php program limit certain file-types. =/
<5> For now, should I just go with the form-limited approach?
<2> Eleaf: Good luck. Mime types can be faked as can file extensions. Hope the file types you want have magic numbers.
<3> the way i see it, if you're getting a negative value someone is attempting to screw around, and if you make it a positive value, they deserve what they get ;)
<5> Ahroun, yuhhh... What should I do then? O_o
<3> so if that means they buy 500 widgets instead of -500 widgets, well, screw 'em ;)
<2> Eleaf: Not much you can do really. Even if the file types do have magic numbers, I'm sure there's prolly a way to mess with those too.
<5> Ahroun, what do you mean by magic numbers?
<6> I know how to use date_default_timezone_set (which isn't pretty), but would you say that this is an evil function?
<7> Hi all, what is the equivalent to !== in php5?
<2> Eleaf: Some file types have a specific header at the beginning of all files that identify them. That byte sequence can be used to establish with some measure of confidence that the file is of the appropriate type.
<2> Eleaf: But that's only a MEASURE of confidence. That's not 100%.
<5> mmhm
<2> Eleaf: And not all file types have magic numbers.
<2> Eleaf: What exactly are you trying to do?
<5> Well, I have an upload script which works fine, I just want to limit it to one filetype.
<7> strpos returns the first index (ie. 0) and it's equating to FALSE. In php4 !== FALSE can be used to check for this condition. what's the equivalent in php5?
<5> There is a program recursively scanning the uploads folder, and whenever it finds an uploaded file, it renders it(has to be that certain file type).
<2> Eleaf: As I understand PHP, someone jump in and correct me if I'm wrong, you cannot limit what they upload by type, only the processing you do on it... if that process includes verifying the type (which it always should!!!) then that's cool, but to the best of my knowledge you can't block the upload itself.
<8> BoarK : the same does not work in php5
<9> BoarK: um, !==
<8> ?
<9> KimmoA: doesn't look evil to me
<5> Ahroun, alright, how should I do this? (I had this perfected before with limiting file-types, but I lost that program in a server crash)
<6> ||cw: Well... it's so new and all.
<6> ||cw: I originally upgraded to PHP 5.1 (from 5.0) just for that function.
<9> KimmoA: new doens't make it evil, you have to either require that a certain min version of php is used or handle the case that the function doens't exist
<2> Eleaf: If you have, then you're doing better than the people in this channel that I consider gurus are doing -- this topic comes up about once a day and I'm effectively parroting right now what my understanding of their answers has been.
<5> ;)
<9> Eleaf: if you were able to prevent the upload in the first place it would have been via something client side, like javascript
<5> ok.
<9> and not reliable, really
<5> I'm fine with the other methods.
<2> Eleaf: In short -- you can't do it in PHP. You can limit upload size and you can take some steps to build confidence in the file type (extensions, mime-type, and magic numbers), but as far as guanteeing only certain types? Can't do it.
<5> extensions is fine ;)
<9> even limiting the size deons't prevent the upload, it just prevents php from getting the file
<2> Then when the upload is done, test for the right extension, if it's right, leave it, if not, delete it.
<5> This isn't necesarilly mission critical, I just need to allow only one type of file with a ".something"
<9> so you use the file functions and do so
<5> Ahroun, so I test the file in the temporary upload directory?
<9> Eleaf: well, via $_FILES, yeah
<9> you shouldn't ever directly access the uploads folder
<2> I'd create a regex that grabs everything after the final period in the file's name (however you get ahold of that, probably in $_FILES as ||cw mentions) and test that with a standard strcmp... or test for it directly in the regex.
<2> 'scuse me a moment, gotta handle some stuff here at work
<5> ok, thanks
<7> cyberdummytom: sorry, phone call. It says !== and === is php4 ONLY.
<7> Doesn't work.
<9> Ahroun: dear god why a regex?
<9> use pathinfo()
<7> Doesn't recognize it as a parse error either.
<5> $_Files['userfile']['type']
<5> should I put anything in type, I'm still confused
<10> not $_FILES ?
<9> what's in it?
<5> yes FILES
<5> what do you mean?
<10> who?
<5> ;lol
<10> i meant that it should be written in uppercase
<11> Eleaf: $_FILES['aFile']['type'] is determined by what the browser sends along the post
<5> ok, so from the form?
<11> Eleaf: in the form you just put an <input type="file">
<5> yes I did that
<11> Eleaf: the browser handles the rest
<5> what should I put for value though?
<11> Eleaf: nothing
<10> use the move_uploadfile to move the file to its position
<5> ohkay..
<9> Eleaf: YOU don't put ANYTHING in $_FILES. it's should already be there.
<10> .. move_uploaded_file i meant
<5> yes I have move_uploaded_file
<8> BoarK: its both
<5> Ok, input type is file.
<7> so it should work in php5 also?
<8> yup
<8> it only differs in php5 when you compare opjects
<5> err type*
<7> ok thanks
<5> StarkHalo, ok input type="file" in the $_FILES do I put ['type'] or ['file']
<12> hello
<12> i encountered a strange pear xml_serializer problem
<11> Eleaf: I think you are confused. <input type="file"> is the web form control where you choose a file via the broswer, and it's contents along the rest of the form data is transmitted
<12> once i uncomment line 36 in http://phpfi.com/110318. i receive: Fatal error: Cannot redeclare cl*** pear in /usr/share/php/PEAR.php on line 0
<5> yes I know StarkHalo
<5> In the form I have input type="file"
<12> strangely, it seems to work if intialize the data within the function
<11> Eleaf: On the server side PHP places all the uploaded files info in the array $_FILES
<5> In the form I have input type="type"*
<11> Eleaf: ok, now submit the form, and in your script you'll have the file info in the $_FILES array
<5> ok
<10> type="type" :D
<5> then what should I do?
<10> type="file"
<13> alex[]: #pear or #pear on efnet
<11> Eleaf : you can do whatever you want with it, you can read it, change it, copy, whatever...
<5> eeeerrrrr
<11> Eleaf: just a thing, in <input type="file" NAME="thisIsTheVarForFILESArray"> ^^
<12> stormchaser, thanks, however i am quite sure if it is really pear problem. i guess it is more likely my dullness
<14> Eleaf: You need to do something with it before that script ends, though, because it's deleted after that if it's still where PHP puts it.
<14> Eleaf: "that script" being the one in the form action.
<13> alex[]: Or you're reincluding the cl***.
<5> I checked and it uplaods it to the upload directory and isn't deleted
<12> stormchaser, well it looks like it. but how can this only happen when i uses the post-data?
<14> Hm... odd... should be following the end of the script receiving the POST request.
<5> do you want to look at it?
<5> Elazar, do you want to look at it?
<5> Anybody? lol
<15> anyone here use FreeBSD ..I am trying to find the port for php-imap ??
<16> i wasnt watching
<16> whats up Elazar
<16> porkpie cd /usr/ports; make search key=php-imap
Return to
#php
or
Go to some related
logs:
(root) RELOAD (tabs/root)
#bash
#math
Can't locate utils.pm + gentoo
#web
wesw02
#web
#oe
mplayer gentoo 0x33564D57
#mysql
|
|