logs archiveIRC Archive / Freenode / #php / 2006 / May / 13 / 1
kyndig
Dj_FlyBy : I imagine your $_POSTed data contains a ' somewhere in the entry. Rather than using inline $_POST['variable'], in that manner, use $variable_name = $_POST["foo"]; to _get_ the variable ..if you don't have the value in php.ini set to automatically addslashes to your POSTed content, you'll have to addslashes() prior to building your query
xian_
hm. yeh I was wrong.
I don't use '$_POST['var']' . I would use double quotes for one of those, just to make it easier to eyeball grep
actually, I would have referred to those vars as ${_POST['var']} maybe?
||cw: hrm, when I run php myphpscript.php 2&1> /path/to/log it sends the command to the backgrounad as php myphpscript.php 2
kyndig
(Action) cheats with: extract( $_POST )
Stormchaser
ew!
kyndig
I know..I know, extract() by itself is _evil_ ..so don't use extract() unless you handle the values properly once extracted
daum
what is the easiest way to resize an image using php? i need to make sure its width is no biger than X pixels
Dj_FlyBy
kndig: I have ity et to addslahes at the end
mattmcc
daum: http://php.net/imagecopyresampled
Dj_FlyBy
ack batteries
         

kyndig
daum : and: getimagesize()
Dj_FlyBy
kndig: I have it set to addslahes at the end
caffinated
Dj_FlyBy: btw, the entire office loved your query. they're all standing around my monitor wondering what kind of drugs you're on to use column names like that.
Stormchaser
rofl
Dj_FlyBy
caffinated: your welcome, always great to give a laugh on a friday
kyndig
Dj_FlyBy : if you're adding slashes at the end to $query, then you're query looks like this: $query = "...VALUES \'foo\', \'bar\'...
johnm1019
how can i get the filename of the file that included the include thats running?
caffinated
Dj_FlyBy: as a side note, it might not be that bad if you camel-cased the column names. then at least you could turn it back in to something human readable to use in your forms.
Dj_FlyBy
kyndig: would you like me to post teh entire mess?
Stormchaser
Ifsopleasetelluswhetheritismonthlyoronetimeandpleaseletusknowhowmuch <-- the hell...?!?
kyndig
Dj_FlyBy : *shake* I'm purdy shure I'm on the correct track. It's just the $query value you have there. You'll have to addslashes before you insert them into the query....sorry - looks like you have a wee bit of rewriting todo
Dj_FlyBy
caffinated: what can I say... first attempt.... can we say .... N00B
CoryK
If so please tell us whether it is monthly or one time and please let us know how much...
xian_
hint: use easier to read column names.
caffinated
Stormchaser: as weird as it sounds, it would be ok if it were camel-cased. i mean, think about it. say you have a column name like: WhatIsYourFavoriteColor - then you have some method to split the words, and could concievably then have a generic way to generate a form.
Stormchaser
xian_: No way! That'd require brains...
xian_
caffinated: then pray you don't have to change the wording.
Stormchaser
caffinated: *shudder*
caffinated
xian_: yeah, but even that is solvable if you have a proper migration framework
xian_
of all the crazy methods to simplify a project, I think that'd be the last one I'd follow
         

caffinated
xian_: of course not. there is no framework to manage it.
CoryK
just use lots of tylenol and you'll be fine
kyndig
Dj_FlyBy : OR ..(someone help me out here..) you can use ini_set() to addslashes to posted data
xian_
haha
Stormchaser
lol
caffinated
xian_: not only could it work though, it could work very well.
Stormchaser
kyelewis[3]: *stab*
er... kyndig
kyndig
(Action) goes ooOOoOo as he sees a Chatzilla user "Always liked that mod"
Dj_FlyBy
kyndig: after looking over teh data to be entered, there are a few ' in the data provided
xian_
you should probably addslashes, huh
or otherwise html-ify
kyndig
Dj_FlyBy : *nod* the quickfix is to use ini_set() "I think (tm)" to automatically addslashes to those POST values. otherwise.. rewrite your query like: $first_name = addslashes( $_POST["FirstName"] ); $query = "INSERT...VALUES( '$first_name'..)";
leonid_p_
ini_set don't work with magic_quotes_gpc
xian_
or foreach ($_POST as $post) { $_POST['post'] = addslashes($post); } or something
leonid_p_
and plain addslashes is bad solution )
becauase magic_quotes_gpc can be enabled
Fennec
people with magic_quotes_gpc enabled deserve to die. :)
mattmcc
Generally, the solution is to check if magic quotes is on, and reverse its effects with stripslashes.
kyndig
true..but he's newbieish..so better to give him it in a variable _now_ ..so when folks start leaving fields blank or entering bogus email addies..he already has it in a $variable to perform proper checks ;)
leonid_p_
=)
mattmcc
Then do proper escaping when the time is right.
leonid_p_
i just use post/get wrappers , _post , _get -)
kyndig
(Action) hides from Fennec with his enabled quotes
leonid_p_
_post("var") instead of $_POST["var"]
Fennec
kyndig: no, I won't put you out of your misery, it's okay. :)
kyndig
hmm, nod, good approach leonid_p_
Fennec
so, sort of a general question here
I have a nice script, I'm considering redistributing this nice script... but I'm not quite sure what version of PHP it needs. I just wrote it, with version 5 or so...
there's no tricksy special way to test out what it needs, is there?
CoryK
well you could always test it on older versions...
start with version 1, and go up from there;)
Fennec
mmm. Maybe I'll set up a server on my laptop... haha
kyndig
Fennec : depends on how reliant it is on php functionality I imagine. I use some pretty snazzy php5-only functions ( I'm sure you know what they are if you're using them) - otherwise, it'd probably work perfectly fine with any 4.x version ( we won't get into 2.x or 3.x <--wasn't into web hacking during 1.x)
||cw
Fennec: does it uses classes? does it use any functions that have special notes about different php versions?
CoryK
as soon as it starts working you have an issue
Fennec
I'm fairly sure it uses at least php4, but mmaybe php3 would do.
mattmcc
Even if it did work in PHP3, I'd lie and say it doesn't.
Fennec
haha
||cw
i wouldn't even consider supporting less than 4.2
CoryK
support 1.0!!!
kyndig
Fennec : If a server is using php3 these days - it's either there for backwards compatibility and php4.x+ is available, it is a personal server, or the server has _no_ new clients
Fennec
(Action) nods.
||cw
4.1.2 bare minimum, that's when they added $_* superglobals
Fennec
Aha.
localhost installation, here I come, anyway.
kyndig
(Action) chuckles and watches a true geek make work out of nothing
gotta love this stuff
Fennec
well, I could use one anyway
kyndig
<--alibi: is a geek himself
Fennec
and I'll try out lighttpd
but tell me.... can the average PHP installation download data from arbitrary URLs?
mattmcc
Usually.
kyndig
like include("http....") ? *nod* not on many reseller servers though..., fopen() would work though
Fennec
what's the best way? file_get_contents?
will that work often?
mattmcc
Yep.
Fennec
okie.
mattmcc
kyndig: Never, ever use include with a remote URL.
kyndig
since file_get_contents uses a file id..nodnod, that follows the fopen() rule of thumb
mattmcc : *smirk* no kiddin
leonid_p_
better to use sockets to open remote file..
mattmcc
Nah, file_get_contents is quite sufficient.
leonid_p_
allow_url_fopen is turned off on most servers..
kyndig
(Action) still remembers with a shudder that phpnuke nightmare as he races to plug all php.ini files with disallowing remote_url calls
mattmcc
It is?
Not in my experience.
Fennec
(Action) hmms.
leonid_p_
lucky %)
Fennec
leonid_p_: I want to download a specific file... how, via sockets?
leonid_p_
simly!
*simply -)
kyndig
allow_url_fopen nodnod, that's it. You can thank bad distro software for that server-side security implement
leonid_p_
just send get request, parse response.. save file..
Fennec
leonid_p_: got any examples?
leonid_p_
one second , i will show what i use to open remove file
kyndig
(Action) looks over leonid_p_'s shoulder ..."What else ya got in there huh?"
leonid_p_
(Action) looks over kyndig's shoulder ..."What else ya got in there huh?"
m?
=))
jasz
hello all
is there a date_format() for RFC-822 ?
leonid_p_
http://pastebin.com/714258
works on all servers i seen so far %)
Stormchaser
(Action) kicks leonid_p_
leonid_p_
(Action) kicks Stormchaser
jasz
(to convert from mysql's yyyy-mm-dd to RFC-822)
Alystair
Finish him :o
Stormchaser
gone
:)
Alystair
Flawless Victory
Stormchaser
fatality! :)
jasz
"fatality"
heh
kyndig
(Action) goes MmmmmmmMMM..lasagna
thanks for the help once more folks
leonid_p_
heh
ok
will turn autoslap off -))
Stormchaser
leonid_p_: Or that, or you'll get slapped off...
leonid_p_
Stormchaser , i see -)
ok, this script still use join("",file()) , bad way %)
caffinated
leonid_p_: all depends on what it is you want. using join() and file() together will work in versions of php that do not support file_get_contents()
leonid_p_
yes, but fopen/fread is much faster then file_get_contents()
oops
caffinated
leonid_p_: it's not really about speed - more about memory conservation
leonid_p_
i mean when join(file()) -)
when = then -)))
Fennec
For my purposes, memory consumption is all but utterly irrelevant.
caffinated
then the method you use won't matter
leonid_p_
join(file()) break file some time
try to read binary file and you will see
caffinated
if you have a recent version of php, use file_get_contents(). if you're not sure which version it's going to be use join/file
Fennec
(Action) is trying to be portable.
leonid_p_
use fopen/fread -)
Zule
Does dio_open work much differently than fopen in terms of how it is implimented/talks with the OS?
leonid_p_
join/file is bad practice.. fread(fopen($filename,"r"),filesize($filename)) is better -)
zircu
leonid_p_: that is worse
Zule
There seems nothing about the technical side of it in the manual yet someone's comment says dio_write is faster then fwrite.
« prev 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 next »