From elharo at metalab.unc.edu Thu Nov 1 06:37:09 2007 From: elharo at metalab.unc.edu (Elliotte Harold) Date: Thu, 01 Nov 2007 06:37:09 -0400 Subject: [nycphp-talk] Some comments on the XML Talk In-Reply-To: <3E6F267FA8AEC34B88F8E679637000630C86D3@S48286.vpproperty.com> References: <4725EB4B.7030302@secdat.com> <3E6F267FA8AEC34B88F8E679637000630C86D3@S48286.vpproperty.com> Message-ID: <4729AC55.1050509@metalab.unc.edu> ali mohammad wrote: > At the risk of slightly sounding off topic (but it does base on > Kenneth's question on specific examples), I would like anybody's views > on the applicability of XML database to clinical databases where the > information that needs to be stored comes from a domain that is largely > undefined or unpredictable in advance (maybe the more precise term is > unstructured data but I am not too sure as I am amateur programmer > myself). I did have in the past developed clinical databases (data > captured from clinical trials) using the EAV model out of relational > tables. The queries turned out to be terribly slow so I was forced to > used a combination of true relational tables and EAV tables out of > hacked up relational tables. Even then, the performance levels sucked. > If you're going to do EAV, you need an EAV database. While you can theoretically store anything in tables, if you insist on pounding EAV triangles into rectangular SQL holes, performance will be abysmal, as you noticed. The EAV model fits some medical applications very well, but you really do need a database designed for that use case. XML is seeing extensive uptake in the healthcare industry, though I'm not personally aware of any applications that use an XML database (yet). That may just be a matter of time. The key differences that might suggest using an XML database for medical data are: 1. No predefined schemas is required. You're always free to add new information as it comes to light. 2. Null data doesn't take up any space. You simply leave it out. These are also characteristics that EAV databases share relative to SQL databases. Whether XML databases may have other characteristics that make them inferior or superior to EVA databases for medical apps, I don't know. P.S. By "medical apps" I'm referring to ones that include diagnoses, treatments, and the practice of medicine. Medical billing, patient management, and so forth isn't all that different from other business applications. Those sorts of applications do perform reasonably well in a relational database. -- Elliotte Rusty Harold elharo at metalab.unc.edu Java I/O 2nd Edition Just Published! http://www.cafeaulait.org/books/javaio2/ http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/ From elharo at metalab.unc.edu Thu Nov 1 06:55:59 2007 From: elharo at metalab.unc.edu (Elliotte Harold) Date: Thu, 01 Nov 2007 06:55:59 -0400 Subject: [nycphp-talk] Some comments on the XML Talk In-Reply-To: <47277C34.6000504@tgaconnect.com> References: <4725EB4B.7030302@secdat.com> <47275ADF.1000505@tgaconnect.com> <47277C34.6000504@tgaconnect.com> Message-ID: <4729B0BF.3090306@metalab.unc.edu> Tim Gales wrote: > Valid XML documents must adhere to their DTD/Schema and to that > degree they have fields -- called 'elements'. > like Which is why we don't necessarily use valid XML documents. For many applications, well-formed is good enough. In practice, validation is usually one of the first things to be turned off in a production app because it just costs too much. However there are also good theoretical reasons not to insist on enforcing a schema. At design time, you usually don't know all the characteristics of the data you're modeling. It is common to uncover new attributes months and years after you've deployed, especially in rapidly changing fields like medicine. The less structure you impose up front, the more freedom you have to adapt and evolve your database and application to changing circumstances. As Scott Ambler has noticed, the data community has not yet graduated from the waterfall, big-design up-front school of application design. First they gather their requirements. Then they build their schemas. Then they build their application on top of that. Once an app is deployed, even a simple addition of a field can be a major operation. Lord help them if they need to remove a field or restructure a table. Relational databases do not lend themselves to agile development. By contrast, if you don't lock in any schema at all (as is possible with an XML DB) then you can adapt your data to meet changing and newly discovered requirements as they become apparent. You can also design and deploy your application in short iterations that progressively add functionality. You don't need to lock down your requirements before writing any code. This also enables and requires much greater integration between the database admins and the programming teams. Too many organizations today treat these as separate fiefdoms. The DBAs spend all their time optimizing the database and defending its purity from the demands of the programmers while the programmers spend their time trying to work around the strictures the DBAs have imposed. (I've usually been on the programmer side of this particular battle so my perspective here is a little biased.) A more flexible, less schema focused database will not require programmers to wait for weeks, months, or years for the DBAs to make changes applications require. -- Elliotte Rusty Harold elharo at metalab.unc.edu Java I/O 2nd Edition Just Published! http://www.cafeaulait.org/books/javaio2/ http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/ From elharo at metalab.unc.edu Thu Nov 1 06:58:21 2007 From: elharo at metalab.unc.edu (Elliotte Harold) Date: Thu, 01 Nov 2007 06:58:21 -0400 Subject: [nycphp-talk] Some comments on the XML Talk In-Reply-To: <4727996B.2090404@beezifies.com> References: <4725EB4B.7030302@secdat.com> <47275ADF.1000505@tgaconnect.com> <47277C34.6000504@tgaconnect.com> <4727996B.2090404@beezifies.com> Message-ID: <4729B14D.2040108@metalab.unc.edu> bz-gmort at beezifies.com wrote: > This statement prompted my reason for replying. Is there a standalone > set of tools for updating/editing an XML database? > > I'm thinking of something along the lines of Microsoft Access, where you > have 1 tool which has forms, program logic, and a database and all the > data ends up "together" from a user standpoint. So I can give someone a > couple of access files and they have a complete application they can run > locally? > Not yet, but it's still the early days. Something like FileMaker for XML would be very interesting. I wonder if anyone's working on that? -- Elliotte Rusty Harold elharo at metalab.unc.edu Java I/O 2nd Edition Just Published! http://www.cafeaulait.org/books/javaio2/ http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/ From elharo at metalab.unc.edu Thu Nov 1 07:21:05 2007 From: elharo at metalab.unc.edu (Elliotte Harold) Date: Thu, 01 Nov 2007 07:21:05 -0400 Subject: [nycphp-talk] Some comments on the XML Talk In-Reply-To: <4725EB4B.7030302@secdat.com> References: <4725EB4B.7030302@secdat.com> Message-ID: <4729B6A1.6030305@metalab.unc.edu> Kenneth Downs wrote: > Finally, I would have liked to hear more of Rusty's ideas about the > relationship between the file system, the web server, and the database. > Rusty, do you want to expand on that here? > Well in most applications, the database stores its data in the file system. However it's just one or a few files. The structure is inside the files, just as it is with MySQL. The file system is just a convenient interface to the hard drive. I suppose it's possible a big XML DB might talk to the hard drive directly and by pass the file system, just as Oracle does sometimes, but that's an implementation detail. The web server is the part I'm still thinking about. In practice today the web server is designed as an interface to the file system. URLs are converted into paths which are used to serve files. Sometimes those files are further processed by PHP or similar tools and what's served isn't quite what's in the file. Sometimes we use mod_rewrite or similar tools to remap some URLs to different file paths. However the basic design is that the URL structure mirrors one or more file system hierarchies, and everything's layered on top of that. However, I'm starting to uncover a lot of applications where this URL==filesystem design doesn't work very well. I want to map URLs to something other than filesystems; for instance to database queries and templates. I've been building one such system lately as an internal controller for another application. All URLs are served by invoking certain methods in a running program. It's a special purpose system, but it's one for which the file system doesn't make sense. I'm considering how one might genericize such a system. That is, what would a general purpose web server that doesn't necessarily serve files look like? How would one configure it, and tell it what to serve for each URL requested? How does one tell it that http://www.example.com/foo is a file but http://www.example.com/bar is a database query? Existing solutions like PHP, Java servlets, and mod_rewrite are too inflexible for what I envision. They're also too hard to use and too confusing. That may be partially a result of poor design, but I suspect it's mostly because they still implicitly assume that what we're doing is serving a file system with a few small tweaks. Perhaps we can do better if we get rid of the assumption that there must be a file system in place. I don't have an answer yet. I'm mostly just musing on some possibilities, and letting the ideas cook in my head for now. The tricky bit is figuring out how to design this so that there aren't a lot of confusing precedence rules for resolving conflicts between different mappings, while still allowing arbitrary mappings. For instance, one should be able to say that http://www.example.com/foo/bar/baz1 through http://www.example.com/foo/bar/baz100 are all database queries except for http://www.example.com/foo/bar/baz23 which is a static file, or that http://www.example.com/foo/baz1 through http://www.example.com/foo/baz100 are database queries unless there's a static 23.html file in directory /baz, in which case that should be used instead. It's possible I'm being too demanding. There may be a really clean 80/20 cut somewhere, but so far I don't see it. I may need to build a few more applications along these lines first, just to see which features are really needed and which are just paint in the lilies. In any case, I don't have the answer yet, just the question. This is orthogonal to the issue of whether the backend is an XML DB, a SQL DB, or something else. -- Elliotte Rusty Harold elharo at metalab.unc.edu Java I/O 2nd Edition Just Published! http://www.cafeaulait.org/books/javaio2/ http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/ From bz-gmort at beezifies.com Thu Nov 1 08:04:04 2007 From: bz-gmort at beezifies.com (bz-gmort at beezifies.com) Date: Thu, 01 Nov 2007 08:04:04 -0400 Subject: [nycphp-talk] Some comments on the XML Talk In-Reply-To: <4729B0BF.3090306@metalab.unc.edu> References: <4725EB4B.7030302@secdat.com> <47275ADF.1000505@tgaconnect.com> <47277C34.6000504@tgaconnect.com> <4729B0BF.3090306@metalab.unc.edu> Message-ID: <4729C0B4.2000309@beezifies.com> Elliotte Harold wrote: > By contrast, if you don't lock in any schema at all (as is possible with > an XML DB) then you can adapt your data to meet changing and newly > discovered requirements as they become apparent. You can also design and > deploy your application in short iterations that progressively add > functionality. You don't need to lock down your requirements before > writing any code. I don't see a particular benefit of XML in this regards over a traditional relational database. What I keep getting hung up on is a functional app. What you seem to be saying here is "I can add a record type whenever I need it and call it whatever I want". So in a hospital, a doctor decides for some reason he needs to track toe size of the patient over treatment. So he adds in a toe-size tag 3 And records that with every visit. Now 6 months later he wants to chart out the toe size over time...opps, application needs to be adjusted to search out all toe-size fields and chart the data. Put it in a traditional relational database model, and instead of adding a field, he uses the comments field: toe-size:3 At the end of 6 months he wants to chart out the toe size over time...same effort is involved in pulling the data. If you know up front the users will need to add extra record types periodically, you can design an inefficient means of doing so. For example: You have a patient record table with a record_id You have a keyword table and a data table: Your keyword table is just keyword_id, keyword_text, keyword_description, datatype(integer, text, etc) Your extra data table is simply record_id, keyword_id, text Your application lets a doctor add a new keyword(toe_Size) define it as an integer, and now he can add the data to the table. Or maybe you make a dynamic junk field table: extra_data Every time he creates a keyword, you add a column to the table Whatever keywords prove the test of time, they get incorporated into the database design model 6 months down the line. I see small benefits of XML to a relational database in that it seems "cleaner" not to have a bunch of records with null data in the table. But I don't see a functional difference. Performance in both cases is going to be awful since the data is unindexed and unoptimized. Where XML seems much better to me is in transferring data from one system to another(no placeholder positions) and in giving someone their data to go out and play with. Someone has to go to Japan for a meeting, here is all your data on your laptop. Make changes and sync later. Opps, you forgot something, no problem we can email you the files. Note: you can do the same thing with a relational database, but users think in files. It is easy to get them to follow instructions to manipulate files. Trying to get them to understand manipulating tables and running a local database server just doesn't fly. > This also enables and requires much greater integration between the > database admins and the programming teams. Too many organizations today > treat these as separate fiefdoms. The DBAs spend all their time > optimizing the database and defending its purity from the demands of the > programmers while the programmers spend their time trying to work around > the strictures the DBAs have imposed. (I've usually been on the > programmer side of this particular battle so my perspective here is a > little biased.) How does using XML for storing the data enable more integration? My experience is that the "enablement" tends to be a "we are all learning together" phase, where the admins are learning so they don't know their best practices yet - and haven't been burned with a programmer sticking confidential data in the database and not telling them so it got broadcast to the whole company and the manager rightly blamed the DBA for allowing it to happen. Once the new shine fades, you will be right back to the traditional struggle that comes about when one group is tasked with security and performance of data and another group is tasked with functionality and usability. From randalrust at gmail.com Thu Nov 1 08:26:30 2007 From: randalrust at gmail.com (Randal Rust) Date: Thu, 1 Nov 2007 08:26:30 -0400 Subject: [nycphp-talk] Mod Rewrite Issue Message-ID: I am working to integrate clean URLs for a couple I sites that we manage and I know exactly what I need to do. However, I am having trouble getting the rewrite rules to work on my local test server. If I upload the .htaccess file to the live server, it works perfectly. I have mod_rewrite enabled on the server (Apache 2). I'm running PHP 5.1.6 on the box. Here is my simple rule for testing. RewriteEngine On RewriteRule ^sue.php$ chip.php How can I debug this? I'm sure it's something simple, I just don't have enough experience with mod_rewrite to know what it is. TIA. -- Randal Rust R.Squared Communications www.r2communications.com From chsnyder at gmail.com Thu Nov 1 09:11:09 2007 From: chsnyder at gmail.com (csnyder) Date: Thu, 1 Nov 2007 09:11:09 -0400 Subject: [nycphp-talk] Mod Rewrite Issue In-Reply-To: References: Message-ID: On 11/1/07, Randal Rust wrote: > How can I debug this? I'm sure it's something simple, I just don't > have enough experience with mod_rewrite to know what it is. TIA. RewriteLog http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewritelog -- Chris Snyder http://chxo.com/ From randalrust at gmail.com Thu Nov 1 11:01:35 2007 From: randalrust at gmail.com (Randal Rust) Date: Thu, 1 Nov 2007 11:01:35 -0400 Subject: [nycphp-talk] Mod Rewrite Issue In-Reply-To: References: Message-ID: On 11/1/07, csnyder wrote: > RewriteLog http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewritelog Thanks, Chris. Don't know why I didn't think of that:) Anyway, it turns out the issue was with my Apache config file. I had to change the AllowOverride setting. # AllowOverride None AllowOverride All -- Randal Rust R.Squared Communications www.r2communications.com From tgales at tgaconnect.com Thu Nov 1 11:46:02 2007 From: tgales at tgaconnect.com (Tim Gales) Date: Thu, 01 Nov 2007 11:46:02 -0400 Subject: [nycphp-talk] Some comments on the XML Talk In-Reply-To: <4729B0BF.3090306@metalab.unc.edu> References: <4725EB4B.7030302@secdat.com> <47275ADF.1000505@tgaconnect.com> <47277C34.6000504@tgaconnect.com> <4729B0BF.3090306@metalab.unc.edu> Message-ID: <4729F4BA.2040200@tgaconnect.com> Elliotte Harold wrote: > Tim Gales wrote: > >> Valid XML documents must adhere to their DTD/Schema and to that >> degree they have fields -- called 'elements'. >> like > > > Which is why we don't necessarily use valid XML documents. For many > applications, well-formed is good enough. In practice, validation is > usually one of the first things to be turned off in a production app > because it just costs too much. However there are also good theoretical > reasons not to insist on enforcing a schema. > > At design time, you usually don't know all the characteristics of the > data you're modeling. It is common to uncover new attributes months and > years after you've deployed, especially in rapidly changing fields like > medicine. The less structure you impose up front, the more freedom you > have to adapt and evolve your database and application to changing > circumstances. True, at design time you may not have all you need to know about the data. But that's not all you may be missing during the early stages of building a system. Sometimes stake holders are too busy with day-to-day affairs to give you a full run-down of all the business rules. It can even happen that because of deadline pressure you have to start building before all the security policies have been reviewed by whatever department reviews security. But by implementation time you have what you need -- at least in most cases (if you if youThere are always some corner cases where this is not so -- but 99 percent of the time you have what you need) It is not only in "rapidly changing fields like medicine" where flexibility is a must. (By rapidly changing fields, I understand you to be speaking about cases where the underlying information shifts and evolves.) Financial institutions can be hit with new rules by federal regulators. For instance, banks can receive a new edict from the FBI which declares financial institutions must make their information systems compliant with the latest anti-money-laundering policy. This can cause banks and even those stodgy old insurance companies to have to 'make over' (sometimes large) subsystems. It turns out financial computer systems have to be pretty flexible to account for a whole host of things that can happen. That is banks had better be pretty 'agile' when it comes to developing systems -- or they won't be around for long. > > As Scott Ambler has noticed, the data community has not yet graduated > from the waterfall, big-design up-front school of application design. > First they gather their requirements. Then they build their schemas. > Then they build their application on top of that. Once an app is > deployed, even a simple addition of a field can be a major operation. > Lord help them if they need to remove a field or restructure a table. > Relational databases do not lend themselves to agile development. > To say "the data community has not yet graduated from the waterfall..." is a blanket statement. The data community is not some monolithic homogeneous group which moves together in lock-step. There are dozens, if not hundreds, of system building styles in the data community. The system development styles I have seen have all been hybrids of methodologies. This is, I think, because you not only have to migrate data when you build a new system, but you also have to migrate the developers' thinking and habits when you 'modernize'. Usually throwing out the old staff which has a lot of subject matter expertise garnered from years of experience and replacing them with fresh developers steeped in some methodology is not really a viable option -- if you want to stay out of court (or jail). That is to say, you want to avoid a too hastily adopted 'sashimi' model which can result in the building of a 'so-sue-me' system. > By contrast, if you don't lock in any schema at all (as is possible with > an XML DB) then you can adapt your data to meet changing and newly > discovered requirements as they become apparent. You can also design and > deploy your application in short iterations that progressively add > functionality. You don't need to lock down your requirements before > writing any code. > A relational schema is not somehow congenitally stiff and unchangeable -- it is as flexible as you make it. (plenty of XP-RAD-AGILE developers use them all the time) > This also enables and requires much greater integration between the > database admins and the programming teams. Too many organizations today > treat these as separate fiefdoms. The DBAs spend all their time > optimizing the database and defending its purity from the demands of the > programmers while the programmers spend their time trying to work around > the strictures the DBAs have imposed. (I've usually been on the > programmer side of this particular battle so my perspective here is a > little biased.) Okay, businesses need to prevent kingdom-building, in order to prevent departments from working at cross purposes. Enabling (and requiring) greater integration is 'good' thing as is locking down requirements in an (often unsuccessful) attempt to 'feature creep'. (But it always seems that some boss somewhere can't live without some snap-shot report, which he never mentioned until the system is in acceptance testing -- and after you build him one for his desktop laser printer, he wants all the headings re-done in to print in curlicue-times-roman lettering) (I am not suggesting that you mean using XML is good because it alleviates the difficulties of learning how to work with others as a team -- but reading what you wrote could be misconstrued along those lines.) > > A more flexible, less schema focused database will not require > programmers to wait for weeks, months, or years for the DBAs to make > changes applications require. > If an application requires a change, and a DBA impairs the business by refusing to make that change in a timely manner, he will most assuredly be removed (and in a timely manner) -- this may not apply in some civil service situations where the DBA has tenure -- but, as I said before, there are always some corner cases. -- T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From mancinic at gmail.com Thu Nov 1 16:04:10 2007 From: mancinic at gmail.com (Christopher M Mancini) Date: Thu, 1 Nov 2007 16:04:10 -0400 Subject: [nycphp-talk] PHP5 hosting? In-Reply-To: References: <494B3B2F-B57E-4107-9CF2-FC45B7FD00C3@jonbaer.com> Message-ID: <84caf2b90711011304w2dd0726cw8547086502968462@mail.gmail.com> I say bluehost hands down. I wrote a review at my blog . Chris On 10/31/07, Ajai Khattri wrote: > > On Wed, 31 Oct 2007, Jon Baer wrote: > > > Joyent > > http://www.joyent.com/connector/pricing/ > > For Rails or PHP? :-) > > > -- > Aj. > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- <------------------------- Sincerely, Christopher M Mancini mancinic at gmail.com http://www.linkedin.com/in/buffaloit http://blog.itrealm.net --------------------------> -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcampbell1 at gmail.com Thu Nov 1 16:42:21 2007 From: jcampbell1 at gmail.com (John Campbell) Date: Thu, 1 Nov 2007 16:42:21 -0400 Subject: [nycphp-talk] Some comments on the XML Talk In-Reply-To: <4729B6A1.6030305@metalab.unc.edu> References: <4725EB4B.7030302@secdat.com> <4729B6A1.6030305@metalab.unc.edu> Message-ID: <8f0676b40711011342n2a8c98d8m345609b07549bcbd@mail.gmail.com> > I don't have an answer yet. I'm mostly just musing on some > possibilities, and letting the ideas cook in my head for now. The tricky > bit is figuring out how to design this so that there aren't a lot of > confusing precedence rules for resolving conflicts between different > mappings, while still allowing arbitrary mappings. For instance, one > should be able to say that http://www.example.com/foo/bar/baz1 through > http://www.example.com/foo/bar/baz100 are all database queries except > for http://www.example.com/foo/bar/baz23 which is a static file, or that > http://www.example.com/foo/baz1 through > http://www.example.com/foo/baz100 are database queries unless there's a > static 23.html file in directory /baz, in which case that should be used > instead. > > It's possible I'm being too demanding. There may be a really clean 80/20 > cut somewhere, but so far I don't see it. I may need to build a few more > applications along these lines first, just to see which features are > really needed and which are just paint in the lilies. In any case, I > don't have the answer yet, just the question. Most frameworks these days do away with the direct mapping of the request url to the filesystem. Zend/Django/RoR/Cake/ etc. all use the notion of a "router" to parse the request and forward it to an object. Your foo/bar/baz example is trivial to implement, because these routers have all of the power of regexp. You have also described mod_rewrite as confusing / inflexible. I find that perplexing. Consider the following rewrite rules. RewriteEngine on RewriteRule !\.(js|ico|gif|jpg|png|css)$ index.php or even better: RewriteEngine on RewriteCond %{SCRIPT_FILENAME} !-f RewriteCond %{SCRIPT_FILENAME} !-d RewriteRule ^(.*)$ index.php/$1 Since most people can figure out what these do without even referring to the manual, I wouldn't consider it confusing. You should also notice that all requests are sent to index.php, and so I don't understand how it could possibly be any more flexible (there is plenty of rope). Below is a link to the docs for the Django router. IMO, it is the cleanest example of url dispatching / routing. Whether or not you like Python, it is worth reading because their solution is really elegant. http://www.djangoproject.com/documentation/url_dispatch/ Cheers, John Campbell From danielc at analysisandsolutions.com Thu Nov 1 21:11:18 2007 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Thu, 1 Nov 2007 21:11:18 -0400 Subject: [nycphp-talk] Php file owner, group and permissions In-Reply-To: References: Message-ID: <20071102011118.GA20066@panix.com> On Tue, Oct 16, 2007 at 01:26:39PM -0400, Cliff Hirsch wrote: > > What is the best permission level? 644, 640? Files should be owned and only writable by an administrative level user. The web server should be run as an unprivileged user/group, which has read only access to the files. If your application needs to write files on the web server, for things like error logging, there should be a special directory that has write access by the web server's user/group. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From danielc at analysisandsolutions.com Thu Nov 1 21:28:25 2007 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Thu, 1 Nov 2007 21:28:25 -0400 Subject: [nycphp-talk] Paging Strategies In-Reply-To: References: Message-ID: <20071102012825.GB20066@panix.com> On Thu, Oct 18, 2007 at 03:05:56PM -0400, Dell Sala wrote: > > 3) ONE QUERY, CACHE EVERYTHING This is the approach we use in the project I'm on. We store the results in an SQLite database. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From nelly at cgim.com Thu Nov 1 23:17:17 2007 From: nelly at cgim.com (Nelly Yusupova) Date: Thu, 1 Nov 2007 23:17:17 -0400 Subject: [nycphp-talk] Learning SQL - Resources & Recommendations Message-ID: <200711020317.lA23HSb4025052@ms-smtp-02.rdc-nyc.rr.com> Hello Everyone, A friend of mine is trying to learn SQL and asked me for some resources to point her in the right direction as far as understanding SQL, table-driven designs, logic, etc. Does anyone have any recommendations? Thank you in advance. Sincerely, Nelly Yusupova Webgrrls International nelly at cgim.com 917 603-9226 (phone) http://www.webgrrls.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From susan_shemin at yahoo.com Fri Nov 2 03:28:37 2007 From: susan_shemin at yahoo.com (Susan Shemin) Date: Fri, 2 Nov 2007 00:28:37 -0700 (PDT) Subject: [nycphp-talk] Learning SQL - Resources & Recommendations Message-ID: <828401.93554.qm@web50202.mail.re2.yahoo.com> I tell everyone who's new to programming to join Safari books at the Premier Club on devx.com. For $15/month you have totally access to 10 books at one time (there's also other plans). And there's many SQL/MySQL/MS SQL books so you can start with the basics and advance from there. Susan ----- Original Message ---- From: Nelly Yusupova To: talk at lists.nyphp.org Sent: Thursday, November 1, 2007 8:17:17 PM Subject: [nycphp-talk] Learning SQL - Resources & Recommendations Hello Everyone, A friend of mine is trying to learn SQL and asked me for some resources to point her in the right direction as far as understanding SQL, table-driven designs, logic, etc. Does anyone have any recommendations? Thank you in advance. Sincerely, Nelly Yusupova Webgrrls International nelly at cgim.com 917 603-9226 (phone) http://www.webgrrls.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From ramons at gmx.net Fri Nov 2 07:01:25 2007 From: ramons at gmx.net (David Krings) Date: Fri, 02 Nov 2007 07:01:25 -0400 Subject: [nycphp-talk] Learning SQL - Resources & Recommendations In-Reply-To: <200711020317.lA23HSb4025052@ms-smtp-02.rdc-nyc.rr.com> References: <200711020317.lA23HSb4025052@ms-smtp-02.rdc-nyc.rr.com> Message-ID: <472B0385.6020006@gmx.net> Nelly Yusupova wrote: > Hello Everyone, > > A friend of mine is trying to learn SQL and asked me for some resources > to point her in the right direction as far as understanding SQL, > table-driven designs, logic, etc. > > Does anyone have any recommendations? > > Thank you in advance. > > Sincerely, > Nelly Yusupova I did my first steps using the w3schools guide (http://www.w3schools.com/sql/default.asp) and then using the MySQL manual to expand my little bit of knowledge. I bought "The Guru's Guide to Transact-SQL" a few months ago, which I think is a really good book for getting to stage 2, but it isn't really a beginners book. Sure, I cannot do more than simple selects, inserts, updates, and deletes, but I am impressed on how far this takes one. I did hit my limits several times when it was about selecting and sorting across several tables, but I used temporary tables as a workaround. Not great, but works, and in one case I found it to be faster than the one go SQL statement, maybe due to missing indices, unoptimized tables, overly normalized tables, or UTS errors. David From paul at devonianfarm.com Fri Nov 2 08:50:03 2007 From: paul at devonianfarm.com (Paul Houle) Date: Fri, 02 Nov 2007 08:50:03 -0400 Subject: [nycphp-talk] Learning SQL - Resources & Recommendations In-Reply-To: <472B0385.6020006@gmx.net> References: <200711020317.lA23HSb4025052@ms-smtp-02.rdc-nyc.rr.com> <472B0385.6020006@gmx.net> Message-ID: <472B1CFB.3010609@devonianfarm.com> David Krings wrote: > Nelly Yusupova wrote: >> Hello Everyone, >> >> A friend of mine is trying to learn SQL and asked me for some >> resources to point her in the right direction as far as understanding >> SQL, table-driven designs, logic, etc. >> >> Does anyone have any recommendations? >> If you want to write mad queries, try Joe Celko's "SQL for Smarties": http://www.amazon.com/gp/product/0123693799?ie=UTF8&tag=honeymediasys-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=0123693799 From urb at e-government.com Fri Nov 2 08:37:56 2007 From: urb at e-government.com (Urb LeJeune) Date: Fri, 02 Nov 2007 08:37:56 -0400 Subject: [nycphp-talk] File create ownership In-Reply-To: <472B1CFB.3010609@devonianfarm.com> References: <200711020317.lA23HSb4025052@ms-smtp-02.rdc-nyc.rr.com> <472B0385.6020006@gmx.net> <472B1CFB.3010609@devonianfarm.com> Message-ID: <7.0.1.0.2.20071102083212.027e4ad0@e-government.com> I have a multipart form for uploading graphics and documents. It works fine. However, the ownership of the uploaded file - on a Linux box - is set to apache:apache. I need the ownership to be user-name:apache. An executing script, not running as root, cannot change the ownership. Is the ownership of a created file a configurable option? Thanks Urb Dr. Urban A. LeJeune, President E-Government.com 800-204-9545 From dcech at phpwerx.net Fri Nov 2 09:23:16 2007 From: dcech at phpwerx.net (Dan Cech) Date: Fri, 02 Nov 2007 09:23:16 -0400 Subject: [nycphp-talk] File create ownership In-Reply-To: <7.0.1.0.2.20071102083212.027e4ad0@e-government.com> References: <200711020317.lA23HSb4025052@ms-smtp-02.rdc-nyc.rr.com> <472B0385.6020006@gmx.net> <472B1CFB.3010609@devonianfarm.com> <7.0.1.0.2.20071102083212.027e4ad0@e-government.com> Message-ID: <472B24C4.4000309@phpwerx.net> Urb LeJeune wrote: > I have a multipart form for uploading graphics and documents. > It works fine. However, the ownership of the uploaded file - on a Linux > box - is set to apache:apache. I need the ownership to be > user-name:apache. An executing script, not running as root, cannot > change the ownership. > > Is the ownership of a created file a configurable option? I'm not aware of any .ini value to specify the ownership details for uploaded files. Is there a particular reason that you need this ownership setup? One potential solution would be to add a restricted sudoers entry for apache which would allow it to execute chown to a specific user only under a specified directory. Something like: apache ALL = (root) NOPASSWD: /bin/chown user-name /var/www/* might do the trick, allowing you to use: exec('/usr/bin/sudo /bin/chown user-name '. escapeshellarg($pathname),$output,$retval); Good luck! Dan From cliff at pinestream.com Fri Nov 2 13:28:05 2007 From: cliff at pinestream.com (Cliff Hirsch) Date: Fri, 02 Nov 2007 13:28:05 -0400 Subject: [nycphp-talk] Performance testing advice Message-ID: I have an interesting problem with my site. I?m using Firebug and yslow (awesome tool and book) to evaluate my page load times. Things are fairly reasonable, given that there has been little optimization so far. But there is one strange bug. My first access can take upwards of 30 seconds for anything to happen ? just a blank white browser while I wait...and wait... After that first hit, things are fine, regardless of whether I use different browsers, different PCs, flush caches, etc. Its almost like the server is sleeping (remember this is a new site and is locked down so its possible that hours may go by between hits). Or maybe there are caches, like APC, that need to be filled up. Or Apache is on a cigarette break. Or DNS is doing lookup using the yellow pages. I don?t even know where to begin to look or what log may hold the key. Any thoughts on how to debug this? Cliff P.S. My APC cache shows 2 day uptime, 125,000 hits, 500 misses, 99.6% hit rate. So this doesn?t look like the problem. -------------- next part -------------- An HTML attachment was scrubbed... URL: From max at neuropunks.org Fri Nov 2 13:42:09 2007 From: max at neuropunks.org (Max Gribov) Date: Fri, 2 Nov 2007 13:42:09 -0400 Subject: [nycphp-talk] Performance testing advice In-Reply-To: References: Message-ID: <20071102174209.GA85154@neuropunks.org> On Fri, Nov 02, 2007 at 01:28:05PM -0400, Cliff Hirsch wrote: > I have an interesting problem with my site. I?m using Firebug and yslow > (awesome tool and book) to evaluate my page load times. Things are fairly > reasonable, given that there has been little optimization so far. But there > is one strange bug. My first access can take upwards of 30 seconds for > anything to happen ? just a blank white browser while I wait...and wait... > After that first hit, things are fine, regardless of whether I use different > browsers, different PCs, flush caches, etc. > > Its almost like the server is sleeping (remember this is a new site and is > locked down so its possible that hours may go by between hits). Or maybe > there are caches, like APC, that need to be filled up. Or Apache is on a > cigarette break. Or DNS is doing lookup using the yellow pages. I don?t even > know where to begin to look or what log may hold the key. May be your code needs to initiate a DB connection? You could try using persistent connections. DNS lookups could be it too. > > Any thoughts on how to debug this? > > Cliff > > P.S. My APC cache shows 2 day uptime, 125,000 hits, 500 misses, 99.6% hit > rate. So this doesn?t look like the problem. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From cliff at pinestream.com Fri Nov 2 14:16:33 2007 From: cliff at pinestream.com (Cliff Hirsch) Date: Fri, 02 Nov 2007 14:16:33 -0400 Subject: [nycphp-talk] Performance testing advice In-Reply-To: <20071102174209.GA85154@neuropunks.org> Message-ID: >> Its almost like the server is sleeping (remember this is a new site and is >> locked down so its possible that hours may go by between hits). Or maybe >> there are caches, like APC, that need to be filled up. Or Apache is on a >> cigarette break. Or DNS is doing lookup using the yellow pages. I don?t even >> know where to begin to look or what log may hold the key. > > May be your code needs to initiate a DB connection? You could try using > persistent connections. > DNS lookups could be it too. It does initiate a DB connection. Bt thru a socket on the same server. Shouldn't take that long. No persistent DB connections. I've heard they can be troublesome. DNS lookups only took a17 to 300ms, although I just tested this -- not first hit of the day. From max at neuropunks.org Fri Nov 2 17:09:00 2007 From: max at neuropunks.org (Max Gribov) Date: Fri, 02 Nov 2007 17:09:00 -0400 Subject: [nycphp-talk] Performance testing advice In-Reply-To: References: Message-ID: <472B91EC.6090406@neuropunks.org> Cliff Hirsch wrote: >> >> May be your code needs to initiate a DB connection? You could try using >> persistent connections. >> DNS lookups could be it too. >> > > It does initiate a DB connection. Bt thru a socket on the same server. > Shouldn't take that long. No persistent DB connections. I've heard they can > be troublesome. > > DNS lookups only took a17 to 300ms, although I just tested this -- not first > hit of the day. > You can try to telnet to port 80 from some other network to the webserver using webserver's DNS name and issue "get /" request. It will spit out an error back since its not entirely correct syntax, but you can see how long that will take. This will bypass your code, and will indicate if a problem is on network/apache level. Are you using any caching engines like smarty? I dont really see how, but that may cause a problem like this. Do any other services lag in response, like SSH or SMTP or some other tcp service?.. You can also put in debug statements using microtime() into your code to see how long execution of certain components takes, and placing those calls strategically can point to some sort of bottleneck in your code. Since i've never seen the code, apologies if you've tried these things already or if they arent applicable. Check out this thread on microtime()/performance: http://www.webmasterworld.com/forum88/2567.htm As a side note on firefox plugins like firebug, i found liveheaders to be very useful in all sorts of troubleshooting, https://addons.mozilla.org/en-US/firefox/addon/3829 > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From cliff at pinestream.com Fri Nov 2 17:37:53 2007 From: cliff at pinestream.com (Cliff Hirsch) Date: Fri, 02 Nov 2007 17:37:53 -0400 Subject: [nycphp-talk] Performance testing advice In-Reply-To: <472B91EC.6090406@neuropunks.org> Message-ID: > Are you using any caching engines like smarty? I dont really see how, > but that may cause a problem like this. Caching all over the place: apc, Smarty, cache_lite.... > You can also put in debug statements using microtime() into your code to > see how long execution of certain components takes, and placing those > calls strategically can point to some sort of bottleneck in your code. Great idea. Because I think it probably is some sort of caching issue. This will let me log the performance. > As a side note on firefox plugins like firebug, i found liveheaders to > be very useful in all sorts of troubleshooting, > https://addons.mozilla.org/en-US/firefox/addon/3829 Great tool. Already see several response header issues to investigate. From ramons at gmx.net Fri Nov 2 19:36:54 2007 From: ramons at gmx.net (David Krings) Date: Fri, 02 Nov 2007 19:36:54 -0400 Subject: [nycphp-talk] Learning SQL - Resources & Recommendations In-Reply-To: <472B1CFB.3010609@devonianfarm.com> References: <200711020317.lA23HSb4025052@ms-smtp-02.rdc-nyc.rr.com> <472B0385.6020006@gmx.net> <472B1CFB.3010609@devonianfarm.com> Message-ID: <472BB496.3040500@gmx.net> Paul Houle wrote: > If you want to write mad queries, try Joe Celko's "SQL for Smarties": > > http://www.amazon.com/gp/product/0123693799?ie=UTF8&tag=honeymediasys-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=0123693799 > Just be warned, Mr. Celko thinks that those who aren't as skilled in SQL as he is are bloody idiots with no right to live, and those who are skilled like he is are just a bunch of a**holes who have no clue. Just alone based on his disrespect towards everyone else who stops short of calling him 'god' I can't really recommend his books. I got Celko's "SQL Programming Style", which was the worst buy ever. It is page after page a constant dissing and ranting about 'others' who based on his account are so stupid that they should be shot. That guy is for sure a genius, because he is quite a few cards short of a full deck. Oh, needless to say, I find that book totally useless. I got warned, but didn't listen.... David From anieshjoseph at gmail.com Fri Nov 2 19:50:42 2007 From: anieshjoseph at gmail.com (Aniesh joseph) Date: Sat, 3 Nov 2007 05:20:42 +0530 Subject: [nycphp-talk] PDF to HTML Message-ID: <1b3d2fde0711021650x2ac3b99cn23780cad6f4be71e@mail.gmail.com> Hello, I have PDF files which contains images and formatted text . Is there any PHP function or classes to convert PDF to HTML file? I need the exact form of PDF in HTML format. Could someone help me? Thanks & Regards PHP Developer India From 1j0lkq002 at sneakemail.com Fri Nov 2 23:21:29 2007 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Fri, 02 Nov 2007 20:21:29 -0700 Subject: [nycphp-talk] Learning SQL - Resources & Recommendations In-Reply-To: <472BB496.3040500@gmx.net> References: <200711020317.lA23HSb4025052@ms-smtp-02.rdc-nyc.rr.com> <472B0385.6020006@gmx.net> <472B1CFB.3010609@devonianfarm.com> <472BB496.3040500@gmx.net> Message-ID: <11489-99276@sneakemail.com> David Krings ramons-at-gmx.net |nyphp dev/internal group use| wrote: > Paul Houle wrote: > >> If you want to write mad queries, try Joe Celko's "SQL for Smarties": >> >> http://www.amazon.com/gp/product/0123693799?ie=UTF8&tag=honeymediasys-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=0123693799 >> > > > Just be warned, Mr. Celko thinks that those who aren't as skilled in > SQL as he is are bloody idiots with no right to live, and those who > are skilled like he is are just a bunch of a**holes who have no clue. > Just alone based on his disrespect towards everyone else who stops > short of calling him 'god' I can't really recommend his books. I got > Celko's "SQL Programming Style", which was the worst buy ever. It is > page after page a constant dissing and ranting about 'others' who > based on his account are so stupid that they should be shot. That guy > is for sure a genius, because he is quite a few cards short of a full > deck. Oh, needless to say, I find that book totally useless. > > I got warned, but didn't listen.... > > David Gee, David you just blew any chance you had of selling that book on the PHP list! -=john -- ------------------------------------------------------------- Your web server traffic log file is the most important source of web business information available. Do you know where your logs are right now? Do you know who else has access to your log files? When they were last archived? Where those archives are? --John Andrews Competitive Webmaster and SEO Blogging at http://www.johnon.com From ramons at gmx.net Sat Nov 3 09:09:05 2007 From: ramons at gmx.net (David Krings) Date: Sat, 03 Nov 2007 09:09:05 -0400 Subject: [nycphp-talk] Learning SQL - Resources & Recommendations In-Reply-To: <11489-99276@sneakemail.com> References: <200711020317.lA23HSb4025052@ms-smtp-02.rdc-nyc.rr.com> <472B0385.6020006@gmx.net> <472B1CFB.3010609@devonianfarm.com> <472BB496.3040500@gmx.net> <11489-99276@sneakemail.com> Message-ID: <472C72F1.8030107@gmx.net> inforequest wrote: > Gee, David you just blew any chance you had of selling that book on the > PHP list! > > -=john Nah, I need it, otherwise my desk is wobbly again. From elharo at metalab.unc.edu Sat Nov 3 17:33:39 2007 From: elharo at metalab.unc.edu (Elliotte Harold) Date: Sat, 03 Nov 2007 17:33:39 -0400 Subject: [nycphp-talk] Some comments on the XML Talk In-Reply-To: <4729C0B4.2000309@beezifies.com> References: <4725EB4B.7030302@secdat.com> <47275ADF.1000505@tgaconnect.com> <47277C34.6000504@tgaconnect.com> <4729B0BF.3090306@metalab.unc.edu> <4729C0B4.2000309@beezifies.com> Message-ID: <472CE933.8080208@metalab.unc.edu> bz-gmort at beezifies.com wrote: > What you seem to be saying here is "I can add a record type whenever I > need it and call it whatever I want". > > So in a hospital, a doctor decides for some reason he needs to track toe > size of the patient over treatment. So he adds in a toe-size tag > 3 > > And records that with every visit. > Doctors wouldn't do that. (Well noted XML guru Jonathan Borden, M.D. might but most doctors wouldn't.) Instead they'd fill out a form just like they do today. The difference is that when the form doesn't let them include the information they need, they can ask the devs to expand the form, and the devs can do that without breaking all their existing databases. if the devs are really good, they'll have figured out how to organize the forms to allow doctors to expand it without realizing that's what they're doing. Certainly SQL databases can be evolved, but it's really hard to do. Read Refactoring Databases by Scott Ambler one of these days to see exactly how hard it is; but it is possible. Scott proved that. However when working on the book he was told repeatedly by data professionals that what he was proposing was impossible. he wrote the book to prove that it wasn't impossible, merely difficult. In XML land, refactoring databases goes from merely possible to actively encouraged and expected. -- Elliotte Rusty Harold elharo at metalab.unc.edu Java I/O 2nd Edition Just Published! http://www.cafeaulait.org/books/javaio2/ http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/ From bz-gmort at beezifies.com Sat Nov 3 18:17:30 2007 From: bz-gmort at beezifies.com (bz-gmort at beezifies.com) Date: Sat, 03 Nov 2007 18:17:30 -0400 Subject: [nycphp-talk] Some comments on the XML Talk In-Reply-To: <472CE933.8080208@metalab.unc.edu> References: <4725EB4B.7030302@secdat.com> <47275ADF.1000505@tgaconnect.com> <47277C34.6000504@tgaconnect.com> <4729B0BF.3090306@metalab.unc.edu> <4729C0B4.2000309@beezifies.com> <472CE933.8080208@metalab.unc.edu> Message-ID: <472CF37A.5060905@beezifies.com> Elliotte Harold wrote: > Certainly SQL databases can be evolved, but it's really hard to do. I've never had a problem with it 10 years ago when we changed and evolved our business processes to constantly improve a part management and ordering system. It was always a simple matter - you either integrated with the existing environment, or you extended the environment, or both. If we had a complete database change for a new set of functions, you scheduled a day to export all the data and reimport in the new format. No big deal. Now, you might say "well, with XML you don't have to export and reimport data" - for which I would say I don't believe that is the case in a /practical/ sense. Sure, the application may be designed to not care about the data format, but when you have to start relating one set of records with another set of records, you will start using keys. And when you decide that you want to completely break up data in one field into 2 fields because of some oddity, your going to have to take all existing data and fix it. I just don't see the discussion as a relational database vs XML database debate. It seems to be an debate on how IT groups in business are structured. Give it 10 years and the "XML scheme administrators" will be just as inflexible to change and causing problems - and someone will be promoting some new method of storing data as an answer to a business process problem. I'm not saying don't use XML databases and files, I think they are good answers for a whole mess of applications. From tgales at tgaconnect.com Sat Nov 3 18:58:18 2007 From: tgales at tgaconnect.com (Tim Gales) Date: Sat, 03 Nov 2007 18:58:18 -0400 Subject: [nycphp-talk] Some comments on the XML Talk In-Reply-To: <472CE933.8080208@metalab.unc.edu> References: <4725EB4B.7030302@secdat.com> <47275ADF.1000505@tgaconnect.com> <47277C34.6000504@tgaconnect.com> <4729B0BF.3090306@metalab.unc.edu> <4729C0B4.2000309@beezifies.com> <472CE933.8080208@metalab.unc.edu> Message-ID: <472CFD0A.6040401@tgaconnect.com> Elliotte Harold wrote: > bz-gmort at beezifies.com wrote: > >> What you seem to be saying here is "I can add a record type whenever I >> need it and call it whatever I want". >> >> So in a hospital, a doctor decides for some reason he needs to track >> toe size of the patient over treatment. So he adds in a toe-size tag >> 3 >> >> And records that with every visit. >> > > Doctors wouldn't do that. (Well noted XML guru Jonathan Borden, M.D. > might but most doctors wouldn't.) Instead they'd fill out a form just > like they do today. > > The difference is that when the form doesn't let them include the > information they need, they can ask the devs to expand the form, and the > devs can do that without breaking all their existing databases. Adding a 'toe' attribute to a table is *not* refactoring read '2.3 What Database Refactorings Aren?t' at: http://www.agiledata.org/essays/databaseRefactoring.html#StepVerifyDatabaseRefactoringRequired > if the > devs are really good, they'll have figured out how to organize the forms > to allow doctors to expand it without realizing that's what they're doing. > > Certainly SQL databases can be evolved, but it's really hard to do. SQL databases are not characteristically hard to change. Things like sprinkling your business logic around in different places in your application make systems hard to change -- like when you have data validation in one form and date range checking in another process. If you manage to get all your business logic in one place (preferably in the database), your system will look more like Figure 1. in '3. Why Database Refactoring is Hard' than in Figure 2. Scott Ambler is saying that if your data is pathologically coupled to your source code, you will have a lot more difficulty refactoring. He is *not* saying relational models are hard to change. He mentions specifically: . Your application source code . Other application source code . Data load source code . Data extract source code (among others) Look at the two figures at the above link. [snip] -- T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From gatzby3jr at gmail.com Sat Nov 3 19:25:10 2007 From: gatzby3jr at gmail.com (Brian O'Connor) Date: Sat, 3 Nov 2007 19:25:10 -0400 Subject: [nycphp-talk] Learning SQL - Resources & Recommendations In-Reply-To: <472C72F1.8030107@gmx.net> References: <200711020317.lA23HSb4025052@ms-smtp-02.rdc-nyc.rr.com> <472B0385.6020006@gmx.net> <472B1CFB.3010609@devonianfarm.com> <472BB496.3040500@gmx.net> <11489-99276@sneakemail.com> <472C72F1.8030107@gmx.net> Message-ID: <29da5d150711031625q777aab4o632fd8e8dd7a6552@mail.gmail.com> Although it may sound cliche or whatever, I learned SQL from just reading the MySQL documentation. It gives a pretty good tutorial with basic queries and such. http://dev.mysql.com/doc/refman/4.1/en/tutorial.html I'm not sure how it is now but I'm assuming its of similar use these days. On 11/3/07, David Krings wrote: > > inforequest wrote: > > Gee, David you just blew any chance you had of selling that book on the > > PHP list! > > > > -=john > > Nah, I need it, otherwise my desk is wobbly again. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- Brian O'Connor -------------- next part -------------- An HTML attachment was scrubbed... URL: From aw at sap8.com Sat Nov 3 20:37:00 2007 From: aw at sap8.com (Anthony Wlodarski) Date: Sat, 03 Nov 2007 20:37:00 -0400 Subject: [nycphp-talk] Learning SQL - Resources & Recommendations In-Reply-To: <29da5d150711031625q777aab4o632fd8e8dd7a6552@mail.gmail.com> References: <200711020317.lA23HSb4025052@ms-smtp-02.rdc-nyc.rr.com> <472B0385.6020006@gmx.net> <472B1CFB.3010609@devonianfarm.com> <472BB496.3040500@gmx.net> <11489-99276@sneakemail.com> <472C72F1.8030107@gmx.net> <29da5d150711031625q777aab4o632fd8e8dd7a6552@mail.gmail.com> Message-ID: <472D142C.5030601@sap8.com> I have also learned a lot just by reading MySQL documentation (and it was bloody hell trying to learn how to combat SQL injection but I think I got a grasp on it). A good way I also learned the rights and wrong was playing in PHPMyAdmin and just testing queries on data that was just there to play with. -Anthony Brian O'Connor wrote: > Although it may sound cliche or whatever, I learned SQL from just > reading the MySQL documentation. It gives a pretty good tutorial with > basic queries and such. > > http://dev.mysql.com/doc/refman/4.1/en/tutorial.html > > I'm not sure how it is now but I'm assuming its of similar use these days. > > On 11/3/07, * David Krings* > > wrote: > > inforequest wrote: > > Gee, David you just blew any chance you had of selling that book > on the > > PHP list! > > > > -=john > > Nah, I need it, otherwise my desk is wobbly again. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > > > -- > Brian O'Connor > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From urb at e-government.com Sat Nov 3 21:01:41 2007 From: urb at e-government.com (Urb LeJeune) Date: Sat, 03 Nov 2007 21:01:41 -0400 Subject: [nycphp-talk] File create ownership Message-ID: <7.0.1.0.2.20071103210052.028b68e0@e-government.com> I apologize if this was already posted. I didn't see it come through the list and there were no answers which is unusual :-) I have a multipart form for uploading graphics and documents. It works fine. However, the ownership of the uploaded file - on a Linux box - is set to apache:apache. I need the ownership to be user-name:apache. An executing script, not running as root, cannot change the ownership. Is the ownership of a created file a configurable option? Thanks Urb Dr. Urban A. LeJeune, President E-Government.com 800-204-9545 From ioplex at gmail.com Sat Nov 3 23:18:02 2007 From: ioplex at gmail.com (Michael B Allen) Date: Sat, 3 Nov 2007 23:18:02 -0400 Subject: [nycphp-talk] Learning SQL - Resources & Recommendations In-Reply-To: <200711020317.lA23HSb4025052@ms-smtp-02.rdc-nyc.rr.com> References: <200711020317.lA23HSb4025052@ms-smtp-02.rdc-nyc.rr.com> Message-ID: <78c6bd860711032018q63516411y7da210f4fad4c3eb@mail.gmail.com> On 11/1/07, Nelly Yusupova wrote: > A friend of mine is trying to learn SQL and asked me for some resources to > point her in the right direction as far as understanding SQL, table-driven > designs, logic, etc. > > Does anyone have any recommendations? Hi Nelly, There is a book called "Oracle The Complete Reference" which is considered by many to be the best all-around database book. There are some Oracle specific bits in it but it's mostly applicable to just about any database. Mike -- Michael B Allen PHP Active Directory SPNEGO SSO http://www.ioplex.com/ From cmerlo at ncc.edu Sun Nov 4 15:08:20 2007 From: cmerlo at ncc.edu (Christopher R. Merlo) Date: Sun, 4 Nov 2007 15:08:20 -0500 Subject: [nycphp-talk] File create ownership In-Reply-To: <7.0.1.0.2.20071103210052.028b68e0@e-government.com> References: <7.0.1.0.2.20071103210052.028b68e0@e-government.com> Message-ID: <946586480711041208q6c97c52fya038f5106d9c5406@mail.gmail.com> On 11/3/07, Urb LeJeune wrote: Is the ownership of a created file a configurable option? I've never seen this option. What I do when I need my user to own the uploaded files, is I have all the files uploaded directly into my database, and then later (via cron, whatever) I run a CLI PHP script to pull them out and write them to the filesystem. Since the CLI script runs as me, I then own the files. HTH, -c -------------- next part -------------- An HTML attachment was scrubbed... URL: From ps at sun-code.com Sun Nov 4 19:37:49 2007 From: ps at sun-code.com (Peter Sawczynec) Date: Sun, 4 Nov 2007 19:37:49 -0500 Subject: [nycphp-talk] Learning SQL - Resources & Recommendations In-Reply-To: <78c6bd860711032018q63516411y7da210f4fad4c3eb@mail.gmail.com> References: <200711020317.lA23HSb4025052@ms-smtp-02.rdc-nyc.rr.com> <78c6bd860711032018q63516411y7da210f4fad4c3eb@mail.gmail.com> Message-ID: <000601c81f44$1db75350$5925f9f0$@com> Several of the big expert books mentioned are well worth reading, but after all those massive reading efforts the only generic SQL book I keep at the ready is: "Teach Yourself SQL in 10 Minutes" Publisher: SAMS. This tiny book moves real fast from simple to complex selects (including joins, subqueries and views) showing with crsip examples how to integrate things like wildcards, IN, NOT, OR, HAVING, and GROUP BY into a query and always stressing the logical order in which they should correctly appear. It is an excellent uncomplicated fast-read primer for the real beginner and like I said acts as instant refresher for a more advanced user too. Warmest regards, ? Peter Sawczynec Technology Dir. Sun-code Interactive Sun-code.com 646.316.3678 ps at sun-code.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Michael B Allen Sent: Saturday, November 03, 2007 11:18 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Learning SQL - Resources & Recommendations On 11/1/07, Nelly Yusupova wrote: > A friend of mine is trying to learn SQL and asked me for some resources to > point her in the right direction as far as understanding SQL, table-driven > designs, logic, etc. > > Does anyone have any recommendations? Hi Nelly, There is a book called "Oracle The Complete Reference" which is considered by many to be the best all-around database book. There are some Oracle specific bits in it but it's mostly applicable to just about any database. Mike -- Michael B Allen PHP Active Directory SPNEGO SSO http://www.ioplex.com/ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From michael.southwell at nyphp.com Mon Nov 5 17:16:37 2007 From: michael.southwell at nyphp.com (Michael Southwell) Date: Mon, 05 Nov 2007 17:16:37 -0500 Subject: [nycphp-talk] mysqli exception problem Message-ID: <472F9645.1020209@nyphp.com> I have a mysqli script which works perfectly except when I try to force an exception by using a test attacking parameter. I can't get an exception thrown even though I also don't get any output. The docs say the prepared statement must be a single statement, and of course this is not. But why don't I get an exception here? ... $param = "red;DELETE FROM wines"; try { if ( ! $query = $demo -> prepare( 'SELECT name FROM wines WHERE color = ?' ) ) throw new Exception ( "can't select from wines: " . $demo -> error ); if ( ! $query -> bind_param( 's', $param ) ) throw new Exception ( "can't bind parameter: " . $demo -> mysqli_error ); if ( ! $query -> execute() ) throw new Exception ( "can't execute query: " . $demo -> mysqli_error ); ... -- ================= Michael Southwell Vice President, Education NYPHP TRAINING: http://nyphp.com/Training/Indepth From nyphp at n0p.net Mon Nov 5 17:24:00 2007 From: nyphp at n0p.net (Flavio daCosta) Date: Mon, 05 Nov 2007 17:24:00 -0500 Subject: [nycphp-talk] mysqli exception problem In-Reply-To: <472F9645.1020209@nyphp.com> References: <472F9645.1020209@nyphp.com> Message-ID: <472F9800.4010304@n0p.net> On 11/05/2007 05:16 PM, Michael Southwell wrote: /snip > The docs say the prepared statement must be a > single statement, and of course > this is not. But why don't I get an exception here? Your /prepare/d statement is a single statement. You have bound 'red;DELETE FROM wines' to your parameter, there is no error, the bind_param() returns TRUE. There are no `names` where color = 'red;DELETE FROM wines' > > ... > $param = "red;DELETE FROM wines"; > try { > if ( ! $query = $demo -> prepare( 'SELECT name FROM wines WHERE color > = ?' ) ) throw new Exception ( "can't select from wines: " . $demo -> > error ); > if ( ! $query -> bind_param( 's', $param ) ) throw new Exception ( > "can't bind parameter: " . $demo -> mysqli_error ); > if ( ! $query -> execute() ) throw new Exception ( "can't execute > query: " . $demo -> mysqli_error ); > ... > From jonbaer at jonbaer.com Mon Nov 5 17:47:09 2007 From: jonbaer at jonbaer.com (Jon Baer) Date: Mon, 5 Nov 2007 17:47:09 -0500 Subject: [nycphp-talk] Phpspec (BDD) Message-ID: BDD is just too cool (and productive) to ignore :-) http://code.google.com/p/phpspec/ No downloads yet except w/ what is in trunk ... svn checkout http://phpspec.googlecode.com/svn/trunk/phpspec Hope it picks up some traction + someone can present sometime ... - Jon From michael.southwell at nyphp.com Mon Nov 5 18:14:07 2007 From: michael.southwell at nyphp.com (Michael Southwell) Date: Mon, 05 Nov 2007 18:14:07 -0500 Subject: [nycphp-talk] mysqli exception problem In-Reply-To: <472F9800.4010304@n0p.net> References: <472F9645.1020209@nyphp.com> <472F9800.4010304@n0p.net> Message-ID: <472FA3BF.30408@nyphp.com> Flavio daCosta wrote: > On 11/05/2007 05:16 PM, Michael Southwell wrote: > /snip >> The docs say the prepared statement must be a >> single statement, and of course >> this is not. But why don't I get an exception here? > > Your /prepare/d statement is a single statement. aha, so 'SELECT name FROM wines WHERE color = "red";DELETE FROM wines' is two statements in mysql (failing with msyql_query) but one in mysqli?!?! You have bound > 'red;DELETE FROM wines' to your parameter, there is no error, the > bind_param() returns TRUE. There are no `names` where color = > 'red;DELETE FROM wines' -- ================= Michael Southwell Vice President, Education NYPHP TRAINING: http://nyphp.com/Training/Indepth From nyphp at n0p.net Mon Nov 5 18:43:02 2007 From: nyphp at n0p.net (Flavio daCosta) Date: Mon, 05 Nov 2007 18:43:02 -0500 Subject: [nycphp-talk] mysqli exception problem In-Reply-To: <472FA3BF.30408@nyphp.com> References: <472F9645.1020209@nyphp.com> <472F9800.4010304@n0p.net> <472FA3BF.30408@nyphp.com> Message-ID: <472FAA86.3010606@n0p.net> On 11/05/2007 06:14 PM, Michael Southwell wrote: > aha, so 'SELECT name FROM wines WHERE color = "red";DELETE FROM wines' > is two statements in mysql (failing with msyql_query) but one in mysqli?!?! Correct, mysql_query() processes a string: 'SELECT name FROM wines WHERE color = "red";DELETE FROM wines' which is two statements. ->prepare () processes a string and returns a prepared statement object (it doesn't actually run the query) which in turn must optionally have parameters bound to placeholders and then ->executed (). What they are describing in their docs is preparing more than one statement: // Wont work $query = $demo -> prepare( 'SELECT name FROM wines WHERE color = ?;DELETE FROM wines WHERE color = ?;' ) This is a perfect example of why prepared statements are so much better for SQL injection avoidance than straight SQL calls. When you prepare a statement (with known code/static string,) you are explicitly telling the database where and how the parameters will be used. When you bind the parameters they do not need to be escaped because the database knows, what you are binding is what it should use for the previously identified parameter(s). Hopefully helpful and not confusing ;-) flav From michael.southwell at nyphp.com Mon Nov 5 20:34:57 2007 From: michael.southwell at nyphp.com (Michael Southwell) Date: Mon, 05 Nov 2007 20:34:57 -0500 Subject: [nycphp-talk] mysqli exception problem In-Reply-To: <472FAA86.3010606@n0p.net> References: <472F9645.1020209@nyphp.com> <472F9800.4010304@n0p.net> <472FA3BF.30408@nyphp.com> <472FAA86.3010606@n0p.net> Message-ID: <472FC4C1.6020307@nyphp.com> Flavio daCosta wrote: > This is a perfect example of why prepared statements are so much better > for SQL injection avoidance than straight SQL calls. Exactly why I'm working on understanding the mechanism behind it, so I can explain it rather than just demonstrating it. One last question: when affected_rows returns -1 (according to the docs) it "indicates that the query returned an error." My example demonstrates this by throwing an exception here: if ( $demo -> affected_rows == -1 ) throw new Exception ( "error trying to find wines with name “" . $param . '”' ); Where is the error that the query returned? It's not in $demo -> error. > Hopefully helpful and not confusing ;-) Very much so; many thanks. -- ================= Michael Southwell Vice President, Education NYPHP TRAINING: http://nyphp.com/Training/Indepth From enigma at nopersonal.info Mon Nov 5 21:09:52 2007 From: enigma at nopersonal.info (enigma at nopersonal.info) Date: Mon, 5 Nov 2007 21:09:52 -0500 Subject: [nycphp-talk] Lurker creeping out of the shadows Message-ID: <000601c8201a$1fae3c10$160fa8c0@mama> Hi everyone, I've been lurking since March and have decided that it's time to at least introduce myself. I've been coding HTML since 1997 (self-taught) and worked for a webdev company during the latter part of dotcom boom. I got interested in graphic design, so after everything went bust I switched over (never really stopped coding though). These days about 75% of my work involves web design, so about a year ago I decided it was high time I learned PHP/MySQL of get left behind. I had a terrible time wrapping my head around it at first, but finally found a couple of good books that got me over the hump. I'm now at what I suppose could best be termed an early intermediate level. I've successfully completed some back-end work for clients, but it was all more or less seat-of-the-pants trial by fire stuff. I survived and learned a lot, so I can't really complain. I'm a freelancer, BTW. At present I'm delving deeper into best practices where PHP security is concerned, and trying to learn more about the inner workings of Apache. Oh, and I literally sleep with my PHP books--I read about a few function before dozing off, hoping that even more will sink in via osmosis. About a year and a half ago I moved from New York to Jersey. I hope one of these days I can make it to one of your meetings. I guess that about covers it. I suppose I'll duck back into the shadows for now and keep reading until the (inevitable) day comes when I get totally flummoxed and reappear begging for help. Best Regards, Aminah ;-) -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 3050 bytes Desc: not available URL: From dcech at phpwerx.net Mon Nov 5 21:16:58 2007 From: dcech at phpwerx.net (Dan Cech) Date: Mon, 05 Nov 2007 21:16:58 -0500 Subject: [nycphp-talk] mysqli exception problem In-Reply-To: <472F9645.1020209@nyphp.com> References: <472F9645.1020209@nyphp.com> Message-ID: <472FCE9A.9070607@phpwerx.net> Michael Southwell wrote: > I have a mysqli script which works perfectly except when I try to force > an exception > by using a test attacking parameter. I can't get an exception thrown > even though I also > don't get any output. The docs say the prepared statement must be a > single statement, and of course > this is not. But why don't I get an exception here? > > ... > $param = "red;DELETE FROM wines"; > try { > if ( ! $query = $demo -> prepare( 'SELECT name FROM wines WHERE color > = ?' ) ) throw new Exception ( "can't select from wines: " . $demo -> > error ); > if ( ! $query -> bind_param( 's', $param ) ) throw new Exception ( > "can't bind parameter: " . $demo -> mysqli_error ); > if ( ! $query -> execute() ) throw new Exception ( "can't execute > query: " . $demo -> mysqli_error ); > ... > The reason you are not getting the error you think you will get is the power of prepared statements. SELECT name FROM wines WHERE color=? becomes: SELECT name FROM wines WHERE color='red;DELETE FROM wines' If you tried to trick it with $param = "red';DELETE FROM wines"; you would get: SELECT name FROM wines WHERE color='red\';DELETE FROM wines' The sql is perfectly valid, and simply returns an empty result set because you do not have a row in the database that matches the WHERE clause in your query. I have been saying this for years, but if you properly handle (quote & escape) data, the content of that data is only relevant to your business logic, and does not affect the program itself regardless of the content. The prepared query is doing this for you transparently, which is why they are a great way to secure your application against sql injection. You actually have to be trying in order to create a situation where the application is vulnerable. Dan From jcampbell1 at gmail.com Mon Nov 5 23:16:28 2007 From: jcampbell1 at gmail.com (John Campbell) Date: Mon, 5 Nov 2007 23:16:28 -0500 Subject: [nycphp-talk] mysqli exception problem In-Reply-To: <472FCE9A.9070607@phpwerx.net> References: <472F9645.1020209@nyphp.com> <472FCE9A.9070607@phpwerx.net> Message-ID: <8f0676b40711052016l65524b01v9842c07f5df67350@mail.gmail.com> I think the best example of how to make prepared statements fail is to try something like this: SELECT name FROM wines WHERE ?='red'; This will result in an error. If you think about what is going on behind the scenes, it should be clear why. Regards, John Campbell From nyphp at n0p.net Tue Nov 6 01:29:14 2007 From: nyphp at n0p.net (Flavio daCosta) Date: Tue, 06 Nov 2007 01:29:14 -0500 Subject: [nycphp-talk] mysqli exception problem In-Reply-To: <472FC4C1.6020307@nyphp.com> References: <472F9645.1020209@nyphp.com> <472F9800.4010304@n0p.net> <472FA3BF.30408@nyphp.com> <472FAA86.3010606@n0p.net> <472FC4C1.6020307@nyphp.com> Message-ID: <473009BA.40507@n0p.net> On 11/05/2007 08:34 PM, Michael Southwell wrote: > One last question: when affected_rows returns -1 (according to the docs) > it "indicates that the query returned an error." My example demonstrates > this by throwing an exception here: > if ( $demo -> affected_rows == -1 ) throw new Exception ( "error > trying to find wines with name “" . $param . '”' ); > > Where is the error that the query returned? It's not in $demo -> error. Ok so, afaik, the affected_rows are only going to report if it is an 'UPDATE, DELETE, or INSERT' query, otherwise if it is a SELECT query, it will show -1 for affected_rows and ->error will be empty. It may be difficult to make a properly prepared SELECT statement error with a /bad/ bound parameter, ymmv. If you want the row_count from a SELECT query you will want to look at ->store_result () disclaimer: I don't claim to be authoritative on mysqli (actually kinda have a favoritism to postgres :-P,) although I feel my advise is somewhat sound. As all advice, take it with a grain of salt and if I'm wrong, I'm sure someone will speak up... flav From brian at realm3.com Tue Nov 6 08:38:06 2007 From: brian at realm3.com (Brian D.) Date: Tue, 6 Nov 2007 08:38:06 -0500 Subject: [nycphp-talk] Lurker creeping out of the shadows In-Reply-To: <000601c8201a$1fae3c10$160fa8c0@mama> References: <000601c8201a$1fae3c10$160fa8c0@mama> Message-ID: Welcome to the list, Aminah, hope to see you at the NYPHP meetings soon. On Nov 5, 2007 9:09 PM, wrote: > Hi everyone, > > I've been lurking since March and have decided that it's time to at least > introduce myself. > > I've been coding HTML since 1997 (self-taught) and worked for a webdev > company during the latter part of dotcom boom. I got interested in graphic > design, so after everything went bust I switched over (never really stopped > coding though). > > These days about 75% of my work involves web design, so about a year ago I > decided it was high time I learned PHP/MySQL of get left behind. I had a > terrible time wrapping my head around it at first, but finally found a > couple of good books that got me over the hump. I'm now at what I suppose > could best be termed an early intermediate level. > > I've successfully completed some back-end work for clients, but it was all > more or less seat-of-the-pants trial by fire stuff. I survived and learned a > lot, so I can't really complain. I'm a freelancer, BTW. > > At present I'm delving deeper into best practices where PHP security is > concerned, and trying to learn more about the inner workings of Apache. Oh, > and I literally sleep with my PHP books--I read about a few function before > dozing off, hoping that even more will sink in via osmosis. > > About a year and a half ago I moved from New York to Jersey. I hope one of > these days I can make it to one of your meetings. > > I guess that about covers it. I suppose I'll duck back into the shadows for > now and keep reading until the (inevitable) day comes when I get totally > flummoxed and reappear begging for help. > > Best Regards, > Aminah ;-) > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- realm3 web applications [realm3.com] freelance consulting, application development (423) 506-0349 From michael.southwell at nyphp.com Tue Nov 6 18:16:03 2007 From: michael.southwell at nyphp.com (Michael Southwell) Date: Tue, 06 Nov 2007 18:16:03 -0500 Subject: [nycphp-talk] mysqli exception problem Message-ID: <4730F5B3.5080106@nyphp.com> Thanks, everybody. I knew preparing worked; I was trying to find out what PHP could tell me about how it worked. I think I have it now: We don't need to worry about injection with a prepared query because (thanks to the preparation) that query is not parsed as if it were an instruction. -- ================= Michael Southwell Vice President, Education NYPHP TRAINING: http://nyphp.com/Training/Indepth From mikesz at qualityadvantages.com Tue Nov 6 23:31:17 2007 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Wed, 7 Nov 2007 12:31:17 +0800 Subject: [nycphp-talk] Injection Attack, any ideas? Message-ID: <1283636582.20071107123117@qualityadvantages.com> Hello All, I have a client site that has a registration form with a captcha image that is suppose to prevent spammers from dumping their junk. The form has two text input windows and a fair amount of personal information is collected as well. I just noticed that this client has been getting regular injection attacks that have been failing because it is a comment spammer and the INSERT query is failing on a duplicate key error. For privacy and security reasons I can not post the error message but it cites the php file name and the injection looks like it is being added to one of the text boxes. The form has "Required" fields as well as a check function that is suppose to check for valid input. All of those fields are empty in the query that failed. The question is, actually multiple related questions: First how did that bad guy "execute" the query without hitting the submit button or entering the captcha code and how did it bypass the check function. It seems like the query was sent directly to the database though the registration.php program but I have no clue how that could have happened. I need to plug this hole but don't have any idea where to start looking for it. I have tried running the query like registration.php?query but that didn't work. Any ideas about how I can reproduce this problem would greatly appreciate and any suggestions about how to fix it would be even more greatly appreciated. 8-) Thanks for your attention. -- Best regards, mikesz mailto:mikesz at qualityadvantages.com From jmcgraw1 at gmail.com Tue Nov 6 23:52:11 2007 From: jmcgraw1 at gmail.com (Jake McGraw) Date: Tue, 6 Nov 2007 23:52:11 -0500 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: <1283636582.20071107123117@qualityadvantages.com> References: <1283636582.20071107123117@qualityadvantages.com> Message-ID: Without divulging who your client is, would it be possible to remove any references to their site/company from the offending code and post it here? Without access to your registration.php script I think we'll all just be wasting our time with wild guesses. - jake On Nov 6, 2007 11:31 PM, wrote: > Hello All, > > I have a client site that has a registration form with a captcha image > that is suppose to prevent spammers from dumping their junk. The form > has two text input windows and a fair amount of personal information > is collected as well. > > I just noticed that this client has been getting regular injection > attacks that have been failing because it is a comment spammer and the > INSERT query is failing on a duplicate key error. For privacy and > security reasons I can not post the error message but it cites the php > file name and the injection looks like it is being added to one of the > text boxes. > > The form has "Required" fields as well as a check function that is > suppose to check for valid input. All of those fields are empty in the > query that failed. > > The question is, actually multiple related questions: > > First how did that bad guy "execute" the query without hitting the > submit button or entering the captcha code and how did it bypass the > check function. It seems like the query was sent directly to the > database though the registration.php program but I have no clue how > that could have happened. I need to plug this hole but don't have any > idea where to start looking for it. > > I have tried running the query like registration.php?query but that > didn't work. > > Any ideas about how I can reproduce this problem would greatly > appreciate and any suggestions about how to fix it would be even more > greatly appreciated. 8-) > > Thanks for your attention. > > > -- > Best regards, > mikesz mailto:mikesz at qualityadvantages.com > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From mikesz at qualityadvantages.com Wed Nov 7 00:12:55 2007 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Wed, 7 Nov 2007 13:12:55 +0800 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: References: <1283636582.20071107123117@qualityadvantages.com> Message-ID: <1764055109.20071107131255@qualityadvantages.com> Hello Jake, Wednesday, November 7, 2007, 12:52:11 PM, you wrote: > Without divulging who your client is, would it be possible to remove > any references to their site/company from the offending code and post > it here? Without access to your registration.php script I think we'll > all just be wasting our time with wild guesses. > - jake > On Nov 6, 2007 11:31 PM, wrote: >> Hello All, >> >> I have a client site that has a registration form with a captcha image >> that is suppose to prevent spammers from dumping their junk. The form >> has two text input windows and a fair amount of personal information >> is collected as well. >> >> I just noticed that this client has been getting regular injection >> attacks that have been failing because it is a comment spammer and the >> INSERT query is failing on a duplicate key error. For privacy and >> security reasons I can not post the error message but it cites the php >> file name and the injection looks like it is being added to one of the >> text boxes. >> >> The form has "Required" fields as well as a check function that is >> suppose to check for valid input. All of those fields are empty in the >> query that failed. >> >> The question is, actually multiple related questions: >> >> First how did that bad guy "execute" the query without hitting the >> submit button or entering the captcha code and how did it bypass the >> check function. It seems like the query was sent directly to the >> database though the registration.php program but I have no clue how >> that could have happened. I need to plug this hole but don't have any >> idea where to start looking for it. >> >> I have tried running the query like registration.php?query but that >> didn't work. >> >> Any ideas about how I can reproduce this problem would greatly >> appreciate and any suggestions about how to fix it would be even more >> greatly appreciated. 8-) >> >> Thanks for your attention. >> >> >> -- >> Best regards, >> mikesz mailto:mikesz at qualityadvantages.com >> >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > __________ NOD32 2642 (20071106) Information __________ > This message was checked by NOD32 antivirus system. > http://www.eset.com Actually, the script code is not problem but its over 500 lines of code so I am not sure it is appropriate to post it here? -- Best regards, mikesz mailto:mikesz at qualityadvantages.com From jmcgraw1 at gmail.com Wed Nov 7 00:17:14 2007 From: jmcgraw1 at gmail.com (Jake McGraw) Date: Wed, 7 Nov 2007 00:17:14 -0500 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: <1764055109.20071107131255@qualityadvantages.com> References: <1283636582.20071107123117@qualityadvantages.com> <1764055109.20071107131255@qualityadvantages.com> Message-ID: Try: http://cl1p.net/ I'd be willing to take a look after you post it. - jake On Nov 7, 2007 12:12 AM, wrote: > Hello Jake, > > > Wednesday, November 7, 2007, 12:52:11 PM, you wrote: > > > Without divulging who your client is, would it be possible to remove > > any references to their site/company from the offending code and post > > it here? Without access to your registration.php script I think we'll > > all just be wasting our time with wild guesses. > > > - jake > > > On Nov 6, 2007 11:31 PM, wrote: > >> Hello All, > >> > >> I have a client site that has a registration form with a captcha image > >> that is suppose to prevent spammers from dumping their junk. The form > >> has two text input windows and a fair amount of personal information > >> is collected as well. > >> > >> I just noticed that this client has been getting regular injection > >> attacks that have been failing because it is a comment spammer and the > >> INSERT query is failing on a duplicate key error. For privacy and > >> security reasons I can not post the error message but it cites the php > >> file name and the injection looks like it is being added to one of the > >> text boxes. > >> > >> The form has "Required" fields as well as a check function that is > >> suppose to check for valid input. All of those fields are empty in the > >> query that failed. > >> > >> The question is, actually multiple related questions: > >> > >> First how did that bad guy "execute" the query without hitting the > >> submit button or entering the captcha code and how did it bypass the > >> check function. It seems like the query was sent directly to the > >> database though the registration.php program but I have no clue how > >> that could have happened. I need to plug this hole but don't have any > >> idea where to start looking for it. > >> > >> I have tried running the query like registration.php?query but that > >> didn't work. > >> > >> Any ideas about how I can reproduce this problem would greatly > >> appreciate and any suggestions about how to fix it would be even more > >> greatly appreciated. 8-) > >> > >> Thanks for your attention. > >> > >> > >> -- > >> Best regards, > >> mikesz mailto:mikesz at qualityadvantages.com > >> > >> _______________________________________________ > >> New York PHP Community Talk Mailing List > >> http://lists.nyphp.org/mailman/listinfo/talk > >> > >> NYPHPCon 2006 Presentations Online > >> http://www.nyphpcon.com > >> > >> Show Your Participation in New York PHP > >> http://www.nyphp.org/show_participation.php > >> > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > __________ NOD32 2642 (20071106) Information __________ > > > This message was checked by NOD32 antivirus system. > > http://www.eset.com > > Actually, the script code is not problem but its over 500 lines of > code so I am not sure it is appropriate to post it here? > > > -- > > Best regards, > mikesz mailto:mikesz at qualityadvantages.com > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From mikesz at qualityadvantages.com Wed Nov 7 00:40:28 2007 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Wed, 7 Nov 2007 13:40:28 +0800 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: References: <1283636582.20071107123117@qualityadvantages.com> <1764055109.20071107131255@qualityadvantages.com> Message-ID: <612027831.20071107134028@qualityadvantages.com> Hello Jake, Wednesday, November 7, 2007, 1:17:14 PM, you wrote: > Try: > http://cl1p.net/ > I'd be willing to take a look after you post it. > - jake > On Nov 7, 2007 12:12 AM, wrote: >> Hello Jake, >> >> >> Wednesday, November 7, 2007, 12:52:11 PM, you wrote: >> >> > Without divulging who your client is, would it be possible to remove >> > any references to their site/company from the offending code and post >> > it here? Without access to your registration.php script I think we'll >> > all just be wasting our time with wild guesses. >> >> > - jake >> >> > On Nov 6, 2007 11:31 PM, wrote: >> >> Hello All, >> >> >> >> I have a client site that has a registration form with a captcha image >> >> that is suppose to prevent spammers from dumping their junk. The form >> >> has two text input windows and a fair amount of personal information >> >> is collected as well. >> >> >> >> I just noticed that this client has been getting regular injection >> >> attacks that have been failing because it is a comment spammer and the >> >> INSERT query is failing on a duplicate key error. For privacy and >> >> security reasons I can not post the error message but it cites the php >> >> file name and the injection looks like it is being added to one of the >> >> text boxes. >> >> >> >> The form has "Required" fields as well as a check function that is >> >> suppose to check for valid input. All of those fields are empty in the >> >> query that failed. >> >> >> >> The question is, actually multiple related questions: >> >> >> >> First how did that bad guy "execute" the query without hitting the >> >> submit button or entering the captcha code and how did it bypass the >> >> check function. It seems like the query was sent directly to the >> >> database though the registration.php program but I have no clue how >> >> that could have happened. I need to plug this hole but don't have any >> >> idea where to start looking for it. >> >> >> >> I have tried running the query like registration.php?query but that >> >> didn't work. >> >> >> >> Any ideas about how I can reproduce this problem would greatly >> >> appreciate and any suggestions about how to fix it would be even more >> >> greatly appreciated. 8-) >> >> >> >> Thanks for your attention. >> >> >> >> >> >> -- >> >> Best regards, >> >> mikesz mailto:mikesz at qualityadvantages.com >> >> >> >> _______________________________________________ >> >> New York PHP Community Talk Mailing List >> >> http://lists.nyphp.org/mailman/listinfo/talk >> >> >> >> NYPHPCon 2006 Presentations Online >> >> http://www.nyphpcon.com >> >> >> >> Show Your Participation in New York PHP >> >> http://www.nyphp.org/show_participation.php >> >> >> > _______________________________________________ >> > New York PHP Community Talk Mailing List >> > http://lists.nyphp.org/mailman/listinfo/talk >> >> > NYPHPCon 2006 Presentations Online >> > http://www.nyphpcon.com >> >> > Show Your Participation in New York PHP >> > http://www.nyphp.org/show_participation.php >> >> > __________ NOD32 2642 (20071106) Information __________ >> >> > This message was checked by NOD32 antivirus system. >> > http://www.eset.com >> >> Actually, the script code is not problem but its over 500 lines of >> code so I am not sure it is appropriate to post it here? >> >> >> -- >> >> Best regards, >> mikesz mailto:mikesz at qualityadvantages.com >> >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > __________ NOD32 2642 (20071106) Information __________ > This message was checked by NOD32 antivirus system. > http://www.eset.com Here is the URL : http://cl1p.net/myexploitedcode/ thanks, mikesz -- Best regards, mikesz mailto:mikesz at qualityadvantages.com From bz-gmort at beezifies.com Wed Nov 7 06:49:04 2007 From: bz-gmort at beezifies.com (bz-gmort at beezifies.com) Date: Wed, 07 Nov 2007 06:49:04 -0500 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: <612027831.20071107134028@qualityadvantages.com> References: <1283636582.20071107123117@qualityadvantages.com> <1764055109.20071107131255@qualityadvantages.com> <612027831.20071107134028@qualityadvantages.com> Message-ID: <4731A630.6080306@beezifies.com> For future reference, can you please snip quoted text to only the relevant bits. From ramons at gmx.net Wed Nov 7 06:58:31 2007 From: ramons at gmx.net (David Krings) Date: Wed, 07 Nov 2007 06:58:31 -0500 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: <1283636582.20071107123117@qualityadvantages.com> References: <1283636582.20071107123117@qualityadvantages.com> Message-ID: <4731A867.5030308@gmx.net> mikesz at qualityadvantages.com wrote: > The question is, actually multiple related questions: > > First how did that bad guy "execute" the query without hitting the > submit button or entering the captcha code and how did it bypass the > check function. It seems like the query was sent directly to the > database though the registration.php program but I have no clue how > that could have happened. I need to plug this hole but don't have any > idea where to start looking for it. First, and easiest thing I'd do is rename registration.php. I assume it took about 3 1/2 guesses to find that out. Does the form include the action to be registration.php? If yes, you may want to pipe everything through a dummy file....or not so dummy file. You could check the input from the text field and see if there is - a semicolon (separates SQL commands) - if there are any of the common SQL key words used (SELECT, INSERT, UPDATE, DROP, DELETE) and based on that reject the entry - use the prepapre statement or equal mechanism as discussed on this list in the past days - write the input to text file outside of the file system accessible through the server, maybe even encrypt it, and use some naming scheme that contains a time string, session ID, or such - have your renamed registration script read only from that file from the local system and ignore anything that comes in via POST, GET (should not use that in this case anyway), or SESSION - before you start writing to the db, do the content checks again The only disadvantage that I see is that one isn't allowed to be called me';DROP TABLE 'Users'; or sth like that. > I have tried running the query like registration.php?query but that > didn't work. That is good. > > Any ideas about how I can reproduce this problem would greatly > appreciate and any suggestions about how to fix it would be even more > greatly appreciated. 8-) > > Thanks for your attention. I am sure there are other, better solutions to this. I think my approach would make it at least more difficult. David From ramons at gmx.net Wed Nov 7 07:08:27 2007 From: ramons at gmx.net (David Krings) Date: Wed, 07 Nov 2007 07:08:27 -0500 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: <612027831.20071107134028@qualityadvantages.com> References: <1283636582.20071107123117@qualityadvantages.com> <1764055109.20071107131255@qualityadvantages.com> <612027831.20071107134028@qualityadvantages.com> Message-ID: <4731AABB.8040206@gmx.net> mikesz at qualityadvantages.com wrote: > > Here is the URL : http://cl1p.net/myexploitedcode/ > > thanks, mikesz I am definitely not the code fashion police here, but I have quite some problems to figure out what the code does and from where it gets stuff. Some more comments other than a sequence of dashes makes ones life much easier, especially when coming back later to figure out why stuff went wrong. You didn't specify if it was your code, so blame the appropriate party. I make sure that I put some comment for at least every two lines. Even when I can't figure out what the code does I still know what it is supposed to do. I also wonder what the requires at the top do. Do they contain only static output or only functions? Or is there code executed before any of this script even comes into play. You may want to look in there as well. In regards to you problem....uhmmmm, I pass. You need to wait for some smarter people to respond. David From mikesz at qualityadvantages.com Wed Nov 7 07:17:28 2007 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Wed, 7 Nov 2007 20:17:28 +0800 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: <4731A867.5030308@gmx.net> References: <1283636582.20071107123117@qualityadvantages.com> <4731A867.5030308@gmx.net> Message-ID: <1149323733.20071107201728@qualityadvantages.com> Hello David, Thanks for the tips. I was able to correlate the timestamp of the error message and the bad guys IP address. The are using a POST to do the injection. -- Best regards, mikesz mailto:mikesz at qualityadvantages.com From mikesz at qualityadvantages.com Wed Nov 7 07:23:32 2007 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Wed, 7 Nov 2007 20:23:32 +0800 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: <4731AABB.8040206@gmx.net> References: <1283636582.20071107123117@qualityadvantages.com> <1764055109.20071107131255@qualityadvantages.com> <612027831.20071107134028@qualityadvantages.com> <4731AABB.8040206@gmx.net> Message-ID: <752628749.20071107202332@qualityadvantages.com> Hello David, Wednesday, November 7, 2007, 8:08:27 PM, you wrote: > mikesz at qualityadvantages.com wrote: >> >> Here is the URL : http://cl1p.net/myexploitedcode/ >> >> thanks, mikesz > I am definitely not the code fashion police here, but I have quite some > problems to figure out what the code does and from where it gets stuff. Some > more comments other than a sequence of dashes makes ones life much easier, > especially when coming back later to figure out why stuff went wrong. You > didn't specify if it was your code, so blame the appropriate party. I make > sure that I put some comment for at least every two lines. Even when I can't > figure out what the code does I still know what it is supposed to do. > I also wonder what the requires at the top do. Do they contain only static > output or only functions? Or is there code executed before any of this script > even comes into play. You may want to look in there as well. > In regards to you problem....uhmmmm, I pass. You need to wait for some smarter > people to respond. > David > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > __________ NOD32 2642 (20071106) Information __________ > This message was checked by NOD32 antivirus system. > http://www.eset.com HA! I know its pretty awful! Sloppy is much too good to label it. That is what I inherited. The hackers who did this stuff are on to bigger and better with a whole range of social networking stuff not much better than this ... -- Best regards, mikesz mailto:mikesz at qualityadvantages.com From bz-gmort at beezifies.com Wed Nov 7 07:29:49 2007 From: bz-gmort at beezifies.com (bz-gmort at beezifies.com) Date: Wed, 07 Nov 2007 07:29:49 -0500 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: <1283636582.20071107123117@qualityadvantages.com> References: <1283636582.20071107123117@qualityadvantages.com> Message-ID: <4731AFBD.50809@beezifies.com> mikesz at qualityadvantages.com wrote: > First how did that bad guy "execute" the query without hitting the > submit button or entering the captcha code and how did it bypass the > check function. Your running queries before you do your captcha check in your code. if (!isset($_POST['securityImageValue']) || !isset($_SESSION['strSec']) || md5($_POST['securityImageValue']) != $_SESSION['strSec']) { $page = $join_pages_num; $add_on .= report_err ( _t("_SIMG_ERR") ); } Is halfway down the page, and even after the code notices there is no security image, it STILL keeps running and performing queries. As for sending without hitting the submit, all forms have to post their data to something, the submit button is just for a human to use. > I have tried running the query like registration.php?query but that > didn't work. Try registration.php?page=1'INSERT but I would suppose that depends on your server how it would end up dealing with that. > Any ideas about how I can reproduce this problem would greatly > appreciate and any suggestions about how to fix it would be even more > greatly appreciated. 8-) I'm assuming you don't have the time/money to really rewrite your code properly and have it commented so you can understand it. As such, here are a couple lazy solutions: Follow the instructions to download and install it from the FAQ http://php-ids.org/faq/ Take their sample code and stick it at the top of the code you want to protect. Change these lines: if (!$result->isEmpty()) { // Take a look at the result object echo $result; } Into if (!$result->isEmpty()) { // Take a look at the result object if ($result->getImpact() > 5) { // Being lazy hear, abort abort potential attack // you really ought to be logging this stuff somewhere exit; } } Adjust the impact number(in my example 10) until you have a number that catches attackers but not legitimate traffic. Also modify the lazy solution and have it notify you in some manner, log, email, whatnot about what it did. Another lazy solution, if you have full control over your server and are running Apache2, is to use mod_security http://www.modsecurity.org/ Both these solutions do nothing to fix your code, so when someone finds a way to circumvent their detection algorithms your are still as vulnerable as ever. Their just quick fixes until you can have your code rewritten. From rolanyang at gmail.com Wed Nov 7 07:39:28 2007 From: rolanyang at gmail.com (Rolan Yang) Date: Wed, 7 Nov 2007 07:39:28 -0500 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: <1149323733.20071107201728@qualityadvantages.com> References: <1283636582.20071107123117@qualityadvantages.com> <4731A867.5030308@gmx.net> <1149323733.20071107201728@qualityadvantages.com> Message-ID: You might want to log all the submitted POST data for a few days in case the spam spider comes around again. Add something like this to the start of your script: $fp=fopen('/tmp/'.time().'-'.uniqid().'-'.$_SERVER['REMOTE_ADDR'],'w'); fputs($fp,print_r($_REQUEST,TRUE)); fclose($fp); ~Rolan On Nov 7, 2007 7:17 AM, wrote: > Hello David, > > Thanks for the tips. I was able to correlate the timestamp of the error > message and the bad guys IP address. The are using a POST to do the > injection. > > -- > Best regards, > mikesz mailto:mikesz at qualityadvantages.com > > _______________________________________________ > > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From lists at zaunere.com Wed Nov 7 07:50:49 2007 From: lists at zaunere.com (Hans Zaunere) Date: Wed, 7 Nov 2007 07:50:49 -0500 Subject: [nycphp-talk] Trimming Posts WAS: Injection Attack, any ideas? In-Reply-To: <612027831.20071107134028@qualityadvantages.com> References: <1283636582.20071107123117@qualityadvantages.com><1764055109.20071107131255@qualityadvantages.com> <612027831.20071107134028@qualityadvantages.com> Message-ID: <057701c8213c$d2c55040$671ba8c0@MobileZ> All, Please remember to trim your posts and subjects (and don't top-post like I just did :) Thanks, --- Hans Zaunere / President / New York PHP www.nyphp.org / www.nyphp.com mikesz at qualityadvantages.com wrote on Wednesday, November 07, 2007 12:40 AM: > Hello Jake, > > Wednesday, November 7, 2007, 1:17:14 PM, you wrote: > > > Try: > > > http://cl1p.net/ > > > I'd be willing to take a look after you post it. > > > - jake > > > On Nov 7, 2007 12:12 AM, wrote: > > > Hello Jake, > > > > > > > > > Wednesday, November 7, 2007, 12:52:11 PM, you wrote: > > > > > > > Without divulging who your client is, would it be possible to > > > > remove any references to their site/company from the offending > > > > code and post it here? Without access to your registration.php > > > > script I think we'll all just be wasting our time with wild > > > > guesses. > > > > > > > - jake > > > > > > > On Nov 6, 2007 11:31 PM, wrote: > > > > > Hello All, > > > > > > > > > > I have a client site that has a registration form with a > > > > > captcha image that is suppose to prevent spammers from > > > > > dumping their junk. The form has two text input windows and a > > > > > fair amount of personal information is collected as well. > > > > > > > > > > I just noticed that this client has been getting regular > > > > > injection attacks that have been failing because it is a > > > > > comment spammer and the INSERT query is failing on a > > > > > duplicate key error. For privacy and security reasons I can > > > > > not post the error message but it cites the php file name and > > > > > the injection looks like it is being added to one of the text > > > > > boxes. > > > > > > > > > > The form has "Required" fields as well as a check function > > > > > that is suppose to check for valid input. All of those fields > > > > > are empty in the query that failed. > > > > > > > > > > The question is, actually multiple related questions: > > > > > > > > > > First how did that bad guy "execute" the query without > > > > > hitting the submit button or entering the captcha code and > > > > > how did it bypass the check function. It seems like the query > > > > > was sent directly to the database though the registration.php > > > > > program but I have no clue how that could have happened. I > > > > > need to plug this hole but don't have any idea where to start > > > > > looking for it. > > > > > > > > > > I have tried running the query like registration.php?query > > > > > but that didn't work. > > > > > > > > > > Any ideas about how I can reproduce this problem would greatly > > > > > appreciate and any suggestions about how to fix it would be > > > > > even more greatly appreciated. 8-) > > > > > > > > > > Thanks for your attention. > > > > > > > > > > > > > > > -- > > > > > Best regards, > > > > > mikesz > > > > > mailto:mikesz at qualityadvantages.com > > > > > > > > > > _______________________________________________ > > > > > New York PHP Community Talk Mailing List > > > > > http://lists.nyphp.org/mailman/listinfo/talk > > > > > > > > > > NYPHPCon 2006 Presentations Online > > > > > http://www.nyphpcon.com > > > > > > > > > > Show Your Participation in New York PHP > > > > > http://www.nyphp.org/show_participation.php > > > > > > > > > _______________________________________________ > > > > New York PHP Community Talk Mailing List > > > > http://lists.nyphp.org/mailman/listinfo/talk > > > > > > > NYPHPCon 2006 Presentations Online > > > > http://www.nyphpcon.com > > > > > > > Show Your Participation in New York PHP > > > > http://www.nyphp.org/show_participation.php > > > > > > > __________ NOD32 2642 (20071106) Information __________ > > > > > > > This message was checked by NOD32 antivirus system. > > > > http://www.eset.com > > > > > > Actually, the script code is not problem but its over 500 lines of > > > code so I am not sure it is appropriate to post it here? > > > > > > > > > -- > > > > > > Best regards, > > > mikesz > > > mailto:mikesz at qualityadvantages.com > > > > > > _______________________________________________ > > > New York PHP Community Talk Mailing List > > > http://lists.nyphp.org/mailman/listinfo/talk > > > > > > NYPHPCon 2006 Presentations Online > > > http://www.nyphpcon.com > > > > > > Show Your Participation in New York PHP > > > http://www.nyphp.org/show_participation.php > > > > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > __________ NOD32 2642 (20071106) Information __________ > > > This message was checked by NOD32 antivirus system. > > http://www.eset.com > > > Here is the URL : http://cl1p.net/myexploitedcode/ > > thanks, mikesz > > -- > Best regards, > mikesz mailto:mikesz at qualityadvantages.com > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From jakob.buchgraber at googlemail.com Wed Nov 7 15:43:56 2007 From: jakob.buchgraber at googlemail.com (Jakob Buchgraber) Date: Wed, 07 Nov 2007 21:43:56 +0100 Subject: [nycphp-talk] Anybody knows how to compile Inclued 0.3? Message-ID: <4732238C.409@gmail.com> Hey! While searching for some special bugs in APC I found this nice tool: http://t3.dotgnu.info/blog/php/inclued-0.3.html. I then downloaded it, but had no success in compiling it. The INSTALL file actually contains this line: "(fill in details about compiling it)" :) So it would be nice if anybody knows which compiler options I need to pass to gcc so that I can compile this extension. I currently do not have much time to investigate in this issue, so reading the whole bunch of docs about writing and compiling PHP extensions is not an option for more currently. So it would be nice if anyone could help. PS: I would also have asked the author of this tool, however I could only find out his name, which is "Gopal Vijayaraghavan". So if anybody knows his email address, I would be grateful as well. thanks for any answers! Cheers, Jakob From cliff at pinestream.com Wed Nov 7 17:51:07 2007 From: cliff at pinestream.com (Cliff Hirsch) Date: Wed, 07 Nov 2007 17:51:07 -0500 Subject: [nycphp-talk] Is anyone using a web application security solution? In-Reply-To: Message-ID: In a recently sql injection thread, someone mentioned modsecurity and php-ids as quick Bandaids. Is anyone using a web application security front-end in production? The one?s I?m aware of: http://www.modsecurity.org/ http://php-ids.org/ http://www.binarysec.com/ http://www.applicure.com/ Thoughts? Recommendations? Suggestions? Cliff -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmarscher at beaffinitive.com Wed Nov 7 22:09:19 2007 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Wed, 7 Nov 2007 22:09:19 -0500 Subject: [nycphp-talk] Performance testing advice In-Reply-To: References: Message-ID: <52E91D79-810F-49EB-B81F-7AD2674296F1@beaffinitive.com> On Nov 2, 2007, at 1:28 PM, Cliff Hirsch wrote: > ...snip... one strange bug. My first access can take upwards of 30 > seconds for anything to happen ? just a blank white browser while I > wait...and wait... After that first hit, things are fine, regardless > of whether I use different browsers, different PCs, flush caches, etc. Did you figure this out, Cliff? I'm curious to know the answer. Are you using mod_php or cgi? I was thinking that perhaps if it's some type of cgi solution, it could be taking time to initialize php. Another idea is that you have some really slow db queries, but the results are pulled from the query cache on the subsequent page requests. -Rob -------------- next part -------------- An HTML attachment was scrubbed... URL: From aw at sap8.com Thu Nov 8 09:58:26 2007 From: aw at sap8.com (Anthony Wlodarski) Date: Thu, 8 Nov 2007 09:58:26 -0500 Subject: [nycphp-talk] PDO or sprintf for creating sql queries. Message-ID: <002501c82217$d0de9760$729bc620$@com> I usually created my SQL queries using sprint() and mysql_real_escape_string() but this morning through an associate I was informed of this thing called PDO shipping with PHP 5.1 and higher. I did a little research on what it does and was thrilled about the potential uses for it. My question is though what are its potential uses? I had a chance to preview bindParam for prepared statements and was like this is awesome! Also does PDO help escape strings or is something like mysql_real_escape_string() always a necessity? Anthony Wlodarski aw at sap8.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmarscher at beaffinitive.com Thu Nov 8 12:10:06 2007 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Thu, 8 Nov 2007 12:10:06 -0500 Subject: [nycphp-talk] PDO or sprintf for creating sql queries. In-Reply-To: <002501c82217$d0de9760$729bc620$@com> References: <002501c82217$d0de9760$729bc620$@com> Message-ID: <50A22561-1533-4BAF-B2E8-66A5D98EBA56@beaffinitive.com> On Nov 8, 2007, at 9:58 AM, Anthony Wlodarski wrote: > I usually created my SQL queries using sprint() and > mysql_real_escape_string() but this morning through an associate I > was informed of this thing called PDO shipping with PHP 5.1 and > higher. I did a little research on what it does and was thrilled > about the potential uses for it. My question is though what are its > potential uses? I had a chance to preview bindParam for prepared > statements and was like this is awesome! Also does PDO help escape > strings or is something like mysql_real_escape_string() always a > necessity? I believe PDO bindParam works the same as prepared statements in mysqli. So mysql_real_escape_string isn't necessary. It's done internally. The advantage of PDO over mysqli is that it's portable to other databases. You do get a little overhead vs. working with mysqli directly. But you know your code is portable. Was anyone else completely annoyed by the way most of the params were switched between mysql and mysqli where the db link was required and put as the first param in most functions? Some notes about why to use emulated instead of native prepared statements by Wez Furlong (Digg developer): http://netevil.org/blog/2006/apr/using-pdo-mysql PDO is faster than most libraries that provide database abstraction (like the PEAR libraries). ADOdb is comparable if you make use of ADOdb's c extension. http://joseph.randomnetworks.com/archives/2006/04/04/php-database-functions-vs-peardb-vs-adodb MySQL supposed to be developing a native php driver (instead of using c to interface with libmysql) for mysqli and eventually PDO which should be awesome: http://blogs.mysql.com/kaj/?p=71 -------------- next part -------------- An HTML attachment was scrubbed... URL: From chsnyder at gmail.com Thu Nov 8 14:05:56 2007 From: chsnyder at gmail.com (csnyder) Date: Thu, 8 Nov 2007 14:05:56 -0500 Subject: [nycphp-talk] Performance testing advice In-Reply-To: <52E91D79-810F-49EB-B81F-7AD2674296F1@beaffinitive.com> References: <52E91D79-810F-49EB-B81F-7AD2674296F1@beaffinitive.com> Message-ID: On 11/7/07, Rob Marscher wrote: > > On Nov 2, 2007, at 1:28 PM, Cliff Hirsch wrote: > ...snip... one strange bug. My first access can take upwards of 30 seconds > for anything to happen ? just a blank white browser while I wait...and > wait... After that first hit, things are fine, regardless of whether I use > different browsers, different PCs, flush caches, etc. > > Did you figure this out, Cliff? I'm curious to know the answer. Are you > using mod_php or cgi? I was thinking that perhaps if it's some type of cgi > solution, it could be taking time to initialize php. Another idea is that > you have some really slow db queries, but the results are pulled from the > query cache on the subsequent page requests. > Or maybe your scripts or Apache is gathering entropy from /dev/random rather than /dev/urandom? I've noticed long waits when restarting Apache if mod_auth_digest is in use. -- Chris Snyder http://chxo.com/ From cliff at pinestream.com Thu Nov 8 14:12:15 2007 From: cliff at pinestream.com (Cliff Hirsch) Date: Thu, 08 Nov 2007 14:12:15 -0500 Subject: [nycphp-talk] Performance testing advice In-Reply-To: <52E91D79-810F-49EB-B81F-7AD2674296F1@beaffinitive.com> Message-ID: On 11/7/07 10:09 PM, "Rob Marscher" wrote: > On Nov 2, 2007, at 1:28 PM, Cliff Hirsch wrote: >> ...snip... one strange bug. My first access can take upwards of 30 seconds >> for anything to happen ? just a blank white browser while I wait...and >> wait... After that first hit, things are fine, regardless of whether I use >> different browsers, different PCs, flush caches, etc. > > Did you figure this out, Cliff? I'm curious to know the answer. Are you > using mod_php or cgi? I was thinking that perhaps if it's some type of cgi > solution, it could be taking time to initialize php. Another idea is that you > have some really slow db queries, but the results are pulled from the query > cache on the subsequent page requests. > > -Rob > After driving my service provider nuts, naturally I determined that it was an application problem. Wasn?t an Apache problem at all. There was a curl request buried in my code that was timing out. The request response is cached, thus the slow home page every hour. Would have taken two seconds to debug if I had remote debugging on the production server. -------------- next part -------------- An HTML attachment was scrubbed... URL: From hafezadnan at gmail.com Fri Nov 9 03:18:20 2007 From: hafezadnan at gmail.com (hafez ahmad) Date: Fri, 9 Nov 2007 10:18:20 +0200 Subject: [nycphp-talk] Determine the text language Message-ID: Hi All, How can I use regular expression to determine the text language, is the selected text is English, Arabic, Hebrow, .....etc Thanks for help, -- Hafez -------------- next part -------------- An HTML attachment was scrubbed... URL: From ramons at gmx.net Fri Nov 9 06:44:47 2007 From: ramons at gmx.net (David Krings) Date: Fri, 09 Nov 2007 06:44:47 -0500 Subject: [nycphp-talk] Determine the text language In-Reply-To: References: Message-ID: <4734482F.6080602@gmx.net> hafez ahmad wrote: > Hi All, > > How can I use regular expression to determine the text language, is the > selected text is English, Arabic, Hebrow, .....etc > I wonder if that even could work. Language doesn't follow logic, which is what you'd test for with reg expressions. I'd see if there is a chance to hook into the Mozilla or OOo dictionaries. Send the selected text through all the dics and assume that the one with the least amount of errors is the one that matches the dic language. That process will take forever and fail when you have horrible spellers. Or do you want to check for the different type of character set used? If you could provide some more detail of what you try to accomplish I guess we could give you some more hints. David From cahoyos at us.ibm.com Fri Nov 9 09:36:36 2007 From: cahoyos at us.ibm.com (Carlos A Hoyos) Date: Fri, 9 Nov 2007 09:36:36 -0500 Subject: [nycphp-talk] Determine the text language In-Reply-To: Message-ID: > How can I use regular expression to determine the text language, is > the selected text is English, Arabic, Hebrow, .....etc You can't use a regular expression to determine language - or at least not a very simple one. Each language has certain particularities, such as letter combinations, and statistically you can test enough of these to get an accurate determination. I'm not aware of any php tools (but watch me be corrected in this list ;-) --- I suggest you look at the language guess tool here: http://languid.cantbedone.org/ It's not in php but you should be able to invoke it via the command line, or rewrite it in php. Carlos Hoyos From morgan at forsalebyowner.com Fri Nov 9 15:11:52 2007 From: morgan at forsalebyowner.com (Morgan Craft) Date: Fri, 09 Nov 2007 15:11:52 -0500 Subject: [nycphp-talk] self:: or $this ? Message-ID: <4734BF08.30808@forsalebyowner.com> Any reason why I should use $this->methodName() over self::methodName() Or is the self::methodName() reserved only for working within a static method? From brian at realm3.com Fri Nov 9 15:28:25 2007 From: brian at realm3.com (Brian D.) Date: Fri, 9 Nov 2007 15:28:25 -0500 Subject: [nycphp-talk] self:: or $this ? In-Reply-To: <4734BF08.30808@forsalebyowner.com> References: <4734BF08.30808@forsalebyowner.com> Message-ID: $this-> will not work when you are accessing a property in a static method. More information: http://php.net/manual/en/language.oop5.static.php I recommend the book "PHP5 Objects, Patterns & Practices" if you want to learn more about how to wield the OOP sword in PHP. b. On Nov 9, 2007 3:11 PM, Morgan Craft wrote: > Any reason why I should use $this->methodName() over self::methodName() > > Or is the self::methodName() reserved only for working within a static > method? > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- realm3 web applications [realm3.com] freelance consulting, application development (423) 506-0349 From cliff at pinestream.com Fri Nov 9 15:28:16 2007 From: cliff at pinestream.com (Cliff Hirsch) Date: Fri, 09 Nov 2007 15:28:16 -0500 Subject: [nycphp-talk] self:: or $this ? In-Reply-To: <4734BF08.30808@forsalebyowner.com> Message-ID: > Any reason why I should use $this->methodName() over self::methodName() > > Or is the self::methodName() reserved only for working within a static > method? Self is for static methods and properties. From dcech at phpwerx.net Fri Nov 9 15:34:07 2007 From: dcech at phpwerx.net (Dan Cech) Date: Fri, 09 Nov 2007 15:34:07 -0500 Subject: [nycphp-talk] self:: or $this ? In-Reply-To: <4734BF08.30808@forsalebyowner.com> References: <4734BF08.30808@forsalebyowner.com> Message-ID: <4734C43F.1010602@phpwerx.net> Morgan Craft wrote: > Any reason why I should use $this->methodName() over self::methodName() > Or is the self::methodName() reserved only for working within a static > method? The deciding factor is the nature of methodName() self::methodName() if methodName is static $this->methodName() if methodName is not static Dan From dcech at phpwerx.net Fri Nov 9 15:51:50 2007 From: dcech at phpwerx.net (Dan Cech) Date: Fri, 09 Nov 2007 15:51:50 -0500 Subject: [nycphp-talk] self:: or $this ? In-Reply-To: <4734C43F.1010602@phpwerx.net> References: <4734BF08.30808@forsalebyowner.com> <4734C43F.1010602@phpwerx.net> Message-ID: <4734C866.7080403@phpwerx.net> Dan Cech wrote: > Morgan Craft wrote: >> Any reason why I should use $this->methodName() over self::methodName() >> Or is the self::methodName() reserved only for working within a static >> method? > > The deciding factor is the nature of methodName() > > self::methodName() if methodName is static > $this->methodName() if methodName is not static One interesting twist, self::methodName is not inherited: http://us2.php.net/manual/en/language.oop5.static.php A simple demonstration: test(); } } class subclass extends parentclass { function test() { return 'subclass'; } function test_self_sub() { return self::test(); } } $test = new subclass(); echo 'self '. $test->test_self() ."\n"; echo 'this '. $test->test_this() ."\n"; echo 'self_sub '. $test->test_self_sub() ."\n"; Will produce: self parentclass this subclass self_sub subclass So, if you are calling methodName from a non-static function and wish to use inheritance, you should use $this->methodName(), otherwise you cannot override methodName in a sub-class. That said, calling a static method via $this-> or calling a non-static method via self:: will generate an E_STRICT notice, so sticking to calling according to the definition is definitely the best policy. Dan From jcampbell1 at gmail.com Fri Nov 9 20:48:36 2007 From: jcampbell1 at gmail.com (John Campbell) Date: Fri, 9 Nov 2007 20:48:36 -0500 Subject: [nycphp-talk] PDO or sprintf for creating sql queries. In-Reply-To: <50A22561-1533-4BAF-B2E8-66A5D98EBA56@beaffinitive.com> References: <002501c82217$d0de9760$729bc620$@com> <50A22561-1533-4BAF-B2E8-66A5D98EBA56@beaffinitive.com> Message-ID: <8f0676b40711091748p200bad81pc882d036c902d062@mail.gmail.com> > Was anyone else completely annoyed by the way most > of the params were switched between mysql and mysqli where the db link was > required and put as the first param in most functions? Nah... just use the object notation, and it actually makes more sense. *new way* $db_conn = new mysqli("localhost", "my_user", "my_password", "world"); $cursor = $db_conn->query("SELECT first_name FROM Users LIMIT 0,10"); while($row = $cursor->fetch_assoc()) { echo $row['first_name']; } $cursor->close(); *old way* $link = mysql_connect("localhost", "my_user", "my_password", "world"); $cursor = mysql_query("SELECT first_name FROM Users LIMIT 0,10"); while($row = mysql_fetch_assoc($cursor)) { echo $row['first_name']; } mysql_free_result($cursor); There is slightly less typing with the new way, and it will work with mutiple connections. :) Regards, John Campbell From suzerain at suzerain.com Sat Nov 10 07:39:27 2007 From: suzerain at suzerain.com (Marc Antony Vose) Date: Sat, 10 Nov 2007 20:39:27 +0800 Subject: [nycphp-talk] call command-line script asynchronously In-Reply-To: References: Message-ID: <8478A0CC-24C5-461D-BDA3-472ACE994375@suzerain.com> I'm confused. Which function for calling a command line script doesn't make your script stop and wait? I want to make a web interface which triggers a command-line PHP script that takes like 30 minutes to run, but I don't want the browser sitting there waiting for it. I thought I did it right, but now the first time I run it for real, it's hanging. Cheers, Marc From rolan at omnistep.com Sat Nov 10 09:02:56 2007 From: rolan at omnistep.com (Rolan Yang) Date: Sat, 10 Nov 2007 09:02:56 -0500 Subject: [nycphp-talk] call command-line script asynchronously In-Reply-To: <8478A0CC-24C5-461D-BDA3-472ACE994375@suzerain.com> References: <8478A0CC-24C5-461D-BDA3-472ACE994375@suzerain.com> Message-ID: <4735BA10.1060102@omnistep.com> If you're on a unix system, you can throw it into the background process like this: /dev/null &`; print "it's probably still running, but we're done here"; ?> ~Rolan Marc Antony Vose wrote: > I'm confused. > > Which function for calling a command line script doesn't make your > script stop and wait? > > I want to make a web interface which triggers a command-line PHP > script that takes like 30 minutes to run, but I don't want the browser > sitting there waiting for it. > > I thought I did it right, but now the first time I run it for real, > it's hanging. > > Cheers, > > Marc > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From lists at zaunere.com Sun Nov 11 12:22:27 2007 From: lists at zaunere.com (Hans Zaunere) Date: Sun, 11 Nov 2007 12:22:27 -0500 Subject: [nycphp-talk] MySQL Speaking Opportunity Message-ID: <02a501c82487$6e681940$671ba8c0@MobileZ> Hello all, I've been asked to host the MySQL Meetup on Tuesday (full details at http://mysql.meetup.com/7/). It's actually a great group, with free beer and food. The only problem, however, is that we're looking for a speaker to present something. It doesn't have to be very long, and the group is informal. For instance, if you'd just like to present a couple of slides on an interesting topic, then the rest of the group can begin Q&A. The topic doesn't even have to be only about MySQL itself, just as long as it's relavant to MySQL. I know that time is short so please contact me off list if you're interested. Thanks, --- Hans Zaunere / President / New York PHP www.nyphp.org / www.nyphp.com From jmcentire at zootoo.com Mon Nov 12 11:20:38 2007 From: jmcentire at zootoo.com (Jeremy Mcentire) Date: Mon, 12 Nov 2007 11:20:38 -0500 Subject: [nycphp-talk] self:: or $this ? In-Reply-To: <4734C866.7080403@phpwerx.net> References: <4734BF08.30808@forsalebyowner.com> <4734C43F.1010602@phpwerx.net> <4734C866.7080403@phpwerx.net> Message-ID: > Dan Cech wrote: >> Morgan Craft wrote: >>> Any reason why I should use $this->methodName() over >>> self::methodName() >>> Or is the self::methodName() reserved only for working within a >>> static >>> method? >> >> The deciding factor is the nature of methodName() >> >> self::methodName() if methodName is static >> $this->methodName() if methodName is not static > > One interesting twist, self::methodName is not inherited: > Of course, it is as expected. $this-> refers to the instantiated object -- in the previous example that object was of subclass. Whereas self:: refers to the class in which it occurs -- which, for the this_self() method in parentclass, was parentclass. Good point, though, Dan. It certainly tripped me up before I thought about it. Jeremy From tedd at sperling.com Mon Nov 12 12:23:46 2007 From: tedd at sperling.com (tedd) Date: Mon, 12 Nov 2007 12:23:46 -0500 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: References: <1283636582.20071107123117@qualityadvantages.com> Message-ID: > > Any ideas about how I can reproduce this problem would greatly >> appreciate and any suggestions about how to fix it would be even more >> greatly appreciated. 8-) >> >> Thanks for your attention. >> >> >> -- >> Best regards, > > mikesz mailto:mikesz at qualityadvantages.com >> Scrub and clean all user input. My understanding -- nothing can get in unless you allow it (barring server breaches). Here's an example of js injection: http://webbytedd.com/bb/insecure-form/ SQL injection (as I understand it) is simply allowing the user to prepare (in part) the SQL query. Scrub and clean user input and prepare the query yourself as per what you will allow. Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From dcech at phpwerx.net Mon Nov 12 13:25:44 2007 From: dcech at phpwerx.net (Dan Cech) Date: Mon, 12 Nov 2007 13:25:44 -0500 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: References: <1283636582.20071107123117@qualityadvantages.com> Message-ID: <47389AA8.9080107@phpwerx.net> tedd wrote: >> > Any ideas about how I can reproduce this problem would greatly >>> appreciate and any suggestions about how to fix it would be even more >>> greatly appreciated. 8-) >>> >>> Thanks for your attention. >>> >>> >>> -- >>> Best regards, >> > mikesz mailto:mikesz at qualityadvantages.com >>> > > Scrub and clean all user input. > > My understanding -- nothing can get in unless you allow it (barring > server breaches). > > Here's an example of js injection: > > http://webbytedd.com/bb/insecure-form/ > > SQL injection (as I understand it) is simply allowing the user to > prepare (in part) the SQL query. Scrub and clean user input and prepare > the query yourself as per what you will allow. With all due respect, this is bad advice. The decision to allow or disallow certain content is a business/application decision, not a security decision. If you display content properly *as content* then it does not matter what it is. The security problem here is NOT the data, it is the fact that the data is being displayed *as code*, in this case html code. The fact that your example demonstrates the proper approach (using html escaping to display the user data) rather than 'scrubbing and cleaning' the input makes this advice even more confusing. Dan From rmarscher at beaffinitive.com Mon Nov 12 15:55:55 2007 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Mon, 12 Nov 2007 15:55:55 -0500 Subject: [nycphp-talk] PDO or sprintf for creating sql queries. In-Reply-To: <8f0676b40711091748p200bad81pc882d036c902d062@mail.gmail.com> References: <002501c82217$d0de9760$729bc620$@com> <50A22561-1533-4BAF-B2E8-66A5D98EBA56@beaffinitive.com> <8f0676b40711091748p200bad81pc882d036c902d062@mail.gmail.com> Message-ID: <0DA99123-BF62-401A-9C14-F73117B41E3A@beaffinitive.com> On Nov 9, 2007, at 8:48 PM, John Campbell wrote: >> Was anyone else completely annoyed by the way most >> of the params were switched between mysql and mysqli where the db >> link was >> required and put as the first param in most functions? > Nah... just use the object notation, and it actually makes more sense. That's true... the new OO notation nice. I had a couple classes though that were written with the old mysql extension and wanted to quickly update it to use mysqli. I used a simple search and replace for mysql to mysqli, but then realized I need to write a script to swap arguments too. From rmarscher at beaffinitive.com Mon Nov 12 16:26:54 2007 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Mon, 12 Nov 2007 16:26:54 -0500 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: <47389AA8.9080107@phpwerx.net> References: <1283636582.20071107123117@qualityadvantages.com> <47389AA8.9080107@phpwerx.net> Message-ID: On Nov 12, 2007, at 1:25 PM, Dan Cech wrote: > The fact that your example demonstrates the proper approach (using > html > escaping to display the user data) rather than 'scrubbing and > cleaning' > the input makes this advice even more confusing. If you need to allow user input of html, HTMLPurifier is pretty nice to get rid of the possible XSS attack - http://htmlpurifier.org/ But it's expensive to escape it every time someone views the page. Therefore, it's recommended to filter it on input but store the filtered version in a separate column in the database from the input directly from the user (in case the filter causes unexpected data loss from malformed html). From mitch.pirtle at gmail.com Mon Nov 12 17:28:03 2007 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Mon, 12 Nov 2007 17:28:03 -0500 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: References: <1283636582.20071107123117@qualityadvantages.com> <47389AA8.9080107@phpwerx.net> Message-ID: <330532b60711121428m6f5ac634p9326a9751f38b910@mail.gmail.com> Is there a reason that using prepared statements are not being used? That would at least take care of ensuring properly escaped data. -- Mitch From mikesz at qualityadvantages.com Mon Nov 12 22:43:29 2007 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Tue, 13 Nov 2007 11:43:29 +0800 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: <330532b60711121428m6f5ac634p9326a9751f38b910@mail.gmail.com> References: <1283636582.20071107123117@qualityadvantages.com> <47389AA8.9080107@phpwerx.net> <330532b60711121428m6f5ac634p9326a9751f38b910@mail.gmail.com> Message-ID: <174581351.20071113114329@qualityadvantages.com> Hello Mitch, Tuesday, November 13, 2007, 6:28:03 AM, you wrote: > Is there a reason that using prepared statements are not being used? > That would at least take care of ensuring properly escaped data. Apparently, you missed the part of this thread that it's not my code. I inherited it. The code belongs to a bunch of hacks somewhere in the Former USSR who have long since abandoned ship to generate bigger and better hacks with similar, if not, the same code base for a lot more developers to pull their hair out trying to make it work and be secure too (security and quality never got any space on the project priority list obviously). Thanks for the suggestion though, I appreciate it. -- Best regards, mikesz mailto:mikesz at qualityadvantages.com From ramons at gmx.net Tue Nov 13 06:43:21 2007 From: ramons at gmx.net (David Krings) Date: Tue, 13 Nov 2007 06:43:21 -0500 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: <174581351.20071113114329@qualityadvantages.com> References: <1283636582.20071107123117@qualityadvantages.com> <47389AA8.9080107@phpwerx.net> <330532b60711121428m6f5ac634p9326a9751f38b910@mail.gmail.com> <174581351.20071113114329@qualityadvantages.com> Message-ID: <47398DD9.2060506@gmx.net> mikesz at qualityadvantages.com wrote: > too (security and quality never got any space on the project priority > list obviously). From my experience that is true for 90% of all software projects. Only documentation ranks lower. But using every spanking new unproven technology (especially in Microsoft only shops) ranks very high. And some things just don't want to go away. Yesterday my former employer asked me a question about a DCOM based client/server app that we made years ago. DCOM sucks! But back to the original issue, while radical, but how plausible would it be to ditch that code and write new? As long as you know what needs to go where in the database replacing that portion could be done. It may even be faster than to figure out what the old code does, why it is broken, and how to fix it. David From elharo at metalab.unc.edu Tue Nov 13 08:08:40 2007 From: elharo at metalab.unc.edu (Elliotte Harold) Date: Tue, 13 Nov 2007 08:08:40 -0500 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: <47398DD9.2060506@gmx.net> References: <1283636582.20071107123117@qualityadvantages.com> <47389AA8.9080107@phpwerx.net> <330532b60711121428m6f5ac634p9326a9751f38b910@mail.gmail.com> <174581351.20071113114329@qualityadvantages.com> <47398DD9.2060506@gmx.net> Message-ID: <4739A1D8.1050707@metalab.unc.edu> David Krings wrote: > mikesz at qualityadvantages.com wrote: >> too (security and quality never got any space on the project priority >> list obviously). > > From my experience that is true for 90% of all software projects. Only > documentation ranks lower. In my experience, quality arises from good development practices like test-first programming, pair programming, proper object oriented design, internalization of coding conventions, DRY, and a host of other small factors. It's not something you assign a time block to and put in later. Programmers who write quality code do not write code slower than programmers who don't. If anything they produce more lines of code per day, and their code does more. Possibly, if you have an inexperienced team just coming up to speed with good development practices, then there's some training time to learn and internalize good coding practices. Nonetheless, even if you have to spend two thirds of your project schedule sharpening a dull ax, you will cut the tree down faster than if you just start hacking away. The more complex a software project is, the more important quality becomes. It is a precondition for developing critical systems. You can no more leave it out than you would leave out the condition that the code compiles (or interprets, for PHP). You may not put it into the list of priorities, but if quality isn't there in sufficient quantity, the project will fail. Quality is not something you can accept less of to complete a task faster. If you omit quality from your code, the project will take more time to complete. Security is part of this. A team that knows and understands basic principles of security, like using prepared statements, will not take any longer to develop a system than one that doesn't. However if you first have a team that doesn't understand security build a system; then have a second team of security specialists fix all the mistakes the first team made, then yes; it will take you longer and you will need a place in your schedule to put in security. The key is to make sure that your team has sufficient experience and knowledge of the relevant quality factors such as security that they don't make a lot of mistakes in the first place. Sometimes this just means hiring the right team. Sometimes it means hiring one good person and letting them instill those values in the rest of the team members. At worst, it means sending the team away for training and giving them time to read the relevant books. That you may have to schedule for. But it's still more efficient to sharpen your ax before you cut down the tree. -- Elliotte Rusty Harold elharo at metalab.unc.edu Java I/O 2nd Edition Just Published! http://www.cafeaulait.org/books/javaio2/ http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/ From ben at projectskyline.com Tue Nov 13 08:35:45 2007 From: ben at projectskyline.com (Ben Sgro (ProjectSkyLine)) Date: Tue, 13 Nov 2007 08:35:45 -0500 Subject: [nycphp-talk] Injection Attack, any ideas? References: <1283636582.20071107123117@qualityadvantages.com> <47389AA8.9080107@phpwerx.net> Message-ID: <002d01c825fa$17e22f10$6b01a8c0@c500> ----- Original Message ----- From: "Rob Marscher" To: "NYPHP Talk" Sent: Monday, November 12, 2007 4:26 PM Subject: Re: [nycphp-talk] Injection Attack, any ideas? > On Nov 12, 2007, at 1:25 PM, Dan Cech wrote: >> The fact that your example demonstrates the proper approach (using >> html >> escaping to display the user data) rather than 'scrubbing and >> cleaning' >> the input makes this advice even more confusing. > > If you need to allow user input of html, HTMLPurifier is pretty nice > to get rid of the possible XSS attack - http://htmlpurifier.org/ > > But it's expensive to escape it every time someone views the page. > Therefore, it's recommended to filter it on input but store the > filtered version in a separate column in the database from the input > directly from the user (in case the filter causes unexpected data loss > from malformed html). > I do this before I store user form data in the database. I 1st htmlPurifier, then validate against a type and size, then store in the db. works great, not too much time wasted developing yet another class. - Ben > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From jcampbell1 at gmail.com Tue Nov 13 09:34:05 2007 From: jcampbell1 at gmail.com (John Campbell) Date: Tue, 13 Nov 2007 09:34:05 -0500 Subject: [nycphp-talk] Extracting an int from a query string. Message-ID: <8f0676b40711130634m4e3d5aa7pf50ee750269d5929@mail.gmail.com> I often need to extract an integer from the query string, and I have a bad tendency of doing it differently every time. Lately I have been using the following: $page_index = is_numeric($_GET['page']) ? (int)$_GET['page'] : null; which can also be used like: $page_index = is_numeric($_GET['page']) ? (int)$_GET['page'] : $default_page; Is there a better or more idiomatic way of doing it? I know most people hate seeing the ternary operator combined with assignment, and I was wondering if there is a more readable one-liner that I am missing. Regards, John Campbell From brian at realm3.com Tue Nov 13 09:59:48 2007 From: brian at realm3.com (Brian D.) Date: Tue, 13 Nov 2007 09:59:48 -0500 Subject: [nycphp-talk] Extracting an int from a query string. In-Reply-To: <8f0676b40711130634m4e3d5aa7pf50ee750269d5929@mail.gmail.com> References: <8f0676b40711130634m4e3d5aa7pf50ee750269d5929@mail.gmail.com> Message-ID: http://us.php.net/intval You can use: $page_index = intval($_GET['page']); Returns 0 if it's not a valid integer. - Brian Dailey -- realm3 web applications [realm3.com] freelance consulting, application development (423) 506-0349 From brian at realm3.com Tue Nov 13 10:33:40 2007 From: brian at realm3.com (Brian D.) Date: Tue, 13 Nov 2007 10:33:40 -0500 Subject: [nycphp-talk] Quality Code [was "Injection..."] Message-ID: > Programmers who write quality code do not write code slower than > programmers who don't. If anything they produce more lines of code per > day, and their code does more. You can certainly write an application, placing your SQL calls, HTML layout, and everything else all in the same files, ignoring security problems, and skipping documentation, much, *much* faster than you can create an application that considers security issues, best practices, well-documented code, etc. I know this from experience, when I first made the jump into web-dev around 200, I was guilty of this sort of thing myself. It's also something I've had to compete against as a freelancer. Of course, you're including "clean-up" time, and in that sense, you're correct. But a lot of businesses don't realize this until long *after* the fact. What they see is an application that got delivered quickly - not a hack-job that will cause them severe headaches down the road. Up-front, crappy code is much faster. (Slightly off topic but just last Friday I overheard a guy talking to a potential client [at a conference] and he was asked, "Do you know PHP?" and replied, "Sure, I do, but I'm waiting for the new version to come out... PHP 5." It irked me so much that I blogged about it here: < http://realm3.com/articles/marketing_for_geeks > ) - Brian Dailey -- realm3 web applications [realm3.com] freelance consulting, application development (423) 506-0349 From bz-gmort at beezifies.com Tue Nov 13 10:44:29 2007 From: bz-gmort at beezifies.com (Gary Mort) Date: Tue, 13 Nov 2007 10:44:29 -0500 Subject: [nycphp-talk] Quality Code [was "Injection..."] In-Reply-To: References: Message-ID: <4739C65D.6030008@beezifies.com> Brian D. wrote: >> Programmers who write quality code do not write code slower than >> programmers who don't. If anything they produce more lines of code per >> day, and their code does more. >> > > You can certainly write an application, placing your SQL calls, HTML > layout, and everything else all in the same files, ignoring security > problems, and skipping documentation, much, *much* faster than you can > create an application that considers security issues, best practices, > well-documented code, etc. > > Well, except for the documentation, I'd disagree with this. Maybe a little faster, but not a lot. If you always do XYZ to sanitize your data and make your SQL calls, than it really won't be any different than always doing something else. The biggest problem with that approach is the many cooks syndrome. One guy always uses one library to sanitize data, another guy uses a second library, than a third dev comes along and uses a third library. The code keeps bloating because each person has their preferred method(and this assumes they have sane libraries that don't conflict!) From jcampbell1 at gmail.com Tue Nov 13 10:57:50 2007 From: jcampbell1 at gmail.com (John Campbell) Date: Tue, 13 Nov 2007 10:57:50 -0500 Subject: [nycphp-talk] Extracting an int from a query string. In-Reply-To: References: <8f0676b40711130634m4e3d5aa7pf50ee750269d5929@mail.gmail.com> Message-ID: <8f0676b40711130757o1477fbc3w2082156fbc3b31e3@mail.gmail.com> On Nov 13, 2007 9:59 AM, Brian D. wrote: > http://us.php.net/intval > > You can use: > $page_index = intval($_GET['page']); > > Returns 0 if it's not a valid integer. > I used to do that, but it becomes impossible to distinguish between 0 and null. Which is okay until you inherit a database with zeros as keys. Maybe: $page_index = isset($_GET['page']) ? intval($_GET['page']) : null; This is will not produce any strict errors, but if page='hello' then $page_index is 0. I would rather it be null in that case. If php's '||' operator wasn't so stupid, we could use constructs like: $page_index = intval($_GET['page']) || null; Auto casting with || and && is on my top 10 list of things I hate about php. -john campbell From brian at realm3.com Tue Nov 13 11:05:24 2007 From: brian at realm3.com (Brian D.) Date: Tue, 13 Nov 2007 11:05:24 -0500 Subject: [nycphp-talk] Quality Code [was "Injection..."] In-Reply-To: <4739C65D.6030008@beezifies.com> References: <4739C65D.6030008@beezifies.com> Message-ID: I'll grant you that using prepared statements rather than mysql_query isn't *that* much of a time difference, but unit testing, for example, does tend to take a little more time. As Rusty pointed out, the biggest difference is "getting up-to-speed" with something that you're not familiar with, but when you're writing good code, in my experience at least, it's not as fast as throwing things together. As an illustration, if you find yourself copying and pasting code, it's usually a better idea to create something reusable. But if you're just banging out some code, copying and pasting may be a little faster. The key is that it's only faster in the *short* run. In the long wrong, good code is always faster. On Nov 13, 2007 10:44 AM, Gary Mort wrote: > Brian D. wrote: > >> Programmers who write quality code do not write code slower than > >> programmers who don't. If anything they produce more lines of code per > >> day, and their code does more. > >> > > > > You can certainly write an application, placing your SQL calls, HTML > > layout, and everything else all in the same files, ignoring security > > problems, and skipping documentation, much, *much* faster than you can > > create an application that considers security issues, best practices, > > well-documented code, etc. > > > > > > Well, except for the documentation, I'd disagree with this. > > Maybe a little faster, but not a lot. If you always do XYZ to sanitize > your data and make your SQL calls, than it really won't be any different > than always doing something else. > > The biggest problem with that approach is the many cooks syndrome. One > guy always uses one library to sanitize data, another guy uses a second > library, than a third dev comes along and uses a third library. > > The code keeps bloating because each person has their preferred > method(and this assumes they have sane libraries that don't conflict!) > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- realm3 web applications [realm3.com] freelance consulting, application development (423) 506-0349 From jcampbell1 at gmail.com Tue Nov 13 11:12:11 2007 From: jcampbell1 at gmail.com (John Campbell) Date: Tue, 13 Nov 2007 11:12:11 -0500 Subject: [nycphp-talk] Quality Code [was "Injection..."] In-Reply-To: <4739C65D.6030008@beezifies.com> References: <4739C65D.6030008@beezifies.com> Message-ID: <8f0676b40711130812p2ada46dfvfc4fe2e09548e755@mail.gmail.com> > Well, except for the documentation, I'd disagree with this. > Even documentation doesn't add much time with javadoc and an IDE like Zend. It fills in most of the stuff for you and adds it to the code completion hints automatically so you get the benefit of the documentation immediately. Once you type /**[enter], and have experienced the magic, you will never go back. Regards, John Campbell From jmcgraw1 at gmail.com Tue Nov 13 11:44:02 2007 From: jmcgraw1 at gmail.com (Jake McGraw) Date: Tue, 13 Nov 2007 11:44:02 -0500 Subject: [nycphp-talk] Extracting an int from a query string. In-Reply-To: <8f0676b40711130757o1477fbc3w2082156fbc3b31e3@mail.gmail.com> References: <8f0676b40711130634m4e3d5aa7pf50ee750269d5929@mail.gmail.com> <8f0676b40711130757o1477fbc3w2082156fbc3b31e3@mail.gmail.com> Message-ID: Perhaps something like: function ForceInt($input,$default=null) { if (is_null($input)||!is_numeric($input)) { return $default; } return intval($input); } would work for you? This way you can specify what the default should be for unexpected or missing input. If you keep changing how you process input you're eventually going to get bit by the "I did everything the same here, why doesn't it work?!" bug. Where ever you can, write a function. - jake On Nov 13, 2007 10:57 AM, John Campbell wrote: > On Nov 13, 2007 9:59 AM, Brian D. wrote: > > http://us.php.net/intval > > > > You can use: > > $page_index = intval($_GET['page']); > > > > Returns 0 if it's not a valid integer. > > > > I used to do that, but it becomes impossible to distinguish between 0 > and null. Which is okay until you inherit a database with zeros as > keys. > Maybe: > $page_index = isset($_GET['page']) ? intval($_GET['page']) : null; > > This is will not produce any strict errors, but if page='hello' then > $page_index is 0. I would rather it be null in that case. > > If php's '||' operator wasn't so stupid, we could use constructs like: > $page_index = intval($_GET['page']) || null; > > Auto casting with || and && is on my top 10 list of things I hate about php. > > -john campbell > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From jcampbell1 at gmail.com Tue Nov 13 12:23:46 2007 From: jcampbell1 at gmail.com (John Campbell) Date: Tue, 13 Nov 2007 12:23:46 -0500 Subject: [nycphp-talk] Extracting an int from a query string. In-Reply-To: References: <8f0676b40711130634m4e3d5aa7pf50ee750269d5929@mail.gmail.com> <8f0676b40711130757o1477fbc3w2082156fbc3b31e3@mail.gmail.com> Message-ID: <8f0676b40711130923h68461518naa7e606f5cc38e16@mail.gmail.com> > Where ever you can, write a function. I always debate about whether to use what I call "micro libraries". When I write them, I find them handy. When someone else writes them, I cannot stand them. I assume other people feel the same way, so I avoid using them beacuse I assume people will hate my micro libraries. I have also found that if you have n php developers, you will have n micro libraries. If the code is pure php, you can always just type php.net/function_name, and get the docs. If a script starts with a dozen includes, and you come across a function that is not in the manual and is not a class method, there is no immediate way to figure out what is does. What are other peoples' thoughts about 1-2 liners vs global functions? If you do use micro libraries, do you wrap them in an static class? Have you ever worked on an existing code base and thought, "wow these little helper functions are great"? -John Campbell From php at mrmuster.com Tue Nov 13 12:53:59 2007 From: php at mrmuster.com (dann) Date: Tue, 13 Nov 2007 12:53:59 -0500 Subject: [nycphp-talk] Extracting an int from a query string. In-Reply-To: <20071113170259.18FC9781A7@postalmail-mx1.g.dreamhost.com> References: <20071113170259.18FC9781A7@postalmail-mx1.g.dreamhost.com> Message-ID: <4CA17B7D-31F6-426B-BC8E-5B29475F27A0@mrmuster.com> This doesn't help get rid of your ternary operator, but I find for those times when you absolutely, positively have to have a valid non- negative integer ctype_digit() is the way to go. Both is_numeric and intval accept the plus sign, the minus sign, a decimal point, the letter 'e', and strings in hexidecimal form (intval will turn any string with leading digits into an integer, actually). There are some issues with casting to an integer, also -- this, for example, gives somewhat surprising results: php -r 'echo (int) 12e90;' Which is great, if that's what you're looking for, but sometimes you already know that the incoming item should be an actual non-negative integer and you just want to scrub it to avoid injection attacks or random db breakage. Something like this might provide a minor upgrade: $page_index = ctype_digit($_GET['page']) ? $_GET['page'] : $default_page; dann From ramons at gmx.net Tue Nov 13 12:59:09 2007 From: ramons at gmx.net (David Krings) Date: Tue, 13 Nov 2007 12:59:09 -0500 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: <4739A1D8.1050707@metalab.unc.edu> References: <1283636582.20071107123117@qualityadvantages.com> <47389AA8.9080107@phpwerx.net> <330532b60711121428m6f5ac634p9326a9751f38b910@mail.gmail.com> <174581351.20071113114329@qualityadvantages.com> <47398DD9.2060506@gmx.net> <4739A1D8.1050707@metalab.unc.edu> Message-ID: <4739E5ED.9010004@gmx.net> Elliotte Harold wrote: > David Krings wrote: >> mikesz at qualityadvantages.com wrote: >>> too (security and quality never got any space on the project priority >>> list obviously). >> >> From my experience that is true for 90% of all software projects. >> Only documentation ranks lower. > > In my experience, quality arises from good development practices like > test-first programming, pair programming, proper object oriented design, > internalization of coding conventions, DRY, and a host of other small > factors. It's not something you assign a time block to and put in later. > I didn't mean it in a way of how much time gets allocated. I think it is reasonable to allocate as much time for testing as there is allocated for writing code, better even more since the testers have to check more than just the code, but also end-user documentation, sales literature, process descriptions, specs, docs for support, auxilliary applications, installation, and and and > Programmers who write quality code do not write code slower than > programmers who don't. If anything they produce more lines of code per > day, and their code does more. Possibly, if you have an inexperienced > team just coming up to speed with good development practices, then > there's some training time to learn and internalize good coding > practices. Nonetheless, even if you have to spend two thirds of your > project schedule sharpening a dull ax, you will cut the tree down faster > than if you just start hacking away. Nicely put. Quality code is one of the biggest savings potentials for a software company. If you are a carpenter and only have crappy tools and crappy material the hut you build will collapse sooner than later. The same mechanism apply to software. Nevertheless, I wittnessed many times what I call "developer arrogance" where writing quality code was not seen as a necessity, since "support can deal with it". > Quality is not something you can accept less of to complete a task > faster. If you omit quality from your code, the project will take more > time to complete. I disagree, you can take shortcuts, such as not documenting code and omitting anything other than the "how it is supposed to be used" path. One might argue that this would not constitute project completion, but when time and money are scarce for a software project the QA and doc team get cut and 'cheaper' developrs get hired to do the job. Typical behaviour in companies where shareholder value (short term gain) is valued more than product quality (long term gain). Too bad that the coding team that crafted the broken code cannot read our discussion. I also think that at he origin of this thread the fact was well established that the code in question does not adhere to any higher quality standards. Which even makes my proposal more plausible: rip it out and do it the right way. Otherwise more fixing will be needed and the code won't get that much better. David From jcampbell1 at gmail.com Tue Nov 13 14:29:33 2007 From: jcampbell1 at gmail.com (John Campbell) Date: Tue, 13 Nov 2007 14:29:33 -0500 Subject: [nycphp-talk] Extracting an int from a query string. In-Reply-To: <4CA17B7D-31F6-426B-BC8E-5B29475F27A0@mrmuster.com> References: <20071113170259.18FC9781A7@postalmail-mx1.g.dreamhost.com> <4CA17B7D-31F6-426B-BC8E-5B29475F27A0@mrmuster.com> Message-ID: <8f0676b40711131129r56a50a5fwe86751541d79e9fe@mail.gmail.com> > $page_index = ctype_digit($_GET['page']) ? $_GET['page'] : > $default_page; Thanks Dann, I will start using that from now on. Easy to read, works with 0. From dann at bentobox.net Tue Nov 13 14:56:56 2007 From: dann at bentobox.net (dann) Date: Tue, 13 Nov 2007 14:56:56 -0500 Subject: [nycphp-talk] Extracting an int from a query string. In-Reply-To: <8f0676b40711131129r56a50a5fwe86751541d79e9fe@mail.gmail.com> References: <20071113170259.18FC9781A7@postalmail-mx1.g.dreamhost.com> <4CA17B7D-31F6-426B-BC8E-5B29475F27A0@mrmuster.com> <8f0676b40711131129r56a50a5fwe86751541d79e9fe@mail.gmail.com> Message-ID: <4310C9FE-C31A-4E7D-A0D8-18A20D7FF01A@bentobox.net> One small caveat I failed to mention earlier: while ctype_digit will work fine for parsing the superglobals, if you are instead parsing an unknown variable that might be an actual integer, a string containing an integer, or a non-integer string, you'll need to first cast it to a string before you apply ctype_digit, as that function returns false if you pass it an actual integer. It's an easy "feature" to forget, and as I did exactly that myself a few minutes ago I thought I'd mention it to potentially save you some time in the future. $string = '42'; $int = 42; var_dump(ctype_digit($string), ctype_digit((string) $int), ctype_digit ($int)); >> $page_index = ctype_digit($_GET['page']) ? $_GET['page'] : >> $default_page; > > Thanks Dann, > I will start using that from now on. Easy to read, works with 0. From jcampbell1 at gmail.com Tue Nov 13 15:14:47 2007 From: jcampbell1 at gmail.com (John Campbell) Date: Tue, 13 Nov 2007 15:14:47 -0500 Subject: [nycphp-talk] Extracting an int from a query string. In-Reply-To: <4310C9FE-C31A-4E7D-A0D8-18A20D7FF01A@bentobox.net> References: <20071113170259.18FC9781A7@postalmail-mx1.g.dreamhost.com> <4CA17B7D-31F6-426B-BC8E-5B29475F27A0@mrmuster.com> <8f0676b40711131129r56a50a5fwe86751541d79e9fe@mail.gmail.com> <4310C9FE-C31A-4E7D-A0D8-18A20D7FF01A@bentobox.net> Message-ID: <8f0676b40711131214s61b6350y84e45b90bb143d42@mail.gmail.com> On Nov 13, 2007 2:56 PM, dann wrote: > One small caveat I failed to mention earlier: while ctype_digit will > work fine for parsing the superglobals, if you are instead parsing an > unknown variable that might be an actual integer, a string containing > an integer, or a non-integer string, you'll need to first cast it to > a string before you apply ctype_digit, as that function returns false > if you pass it an actual integer. It's an easy "feature" to forget, > and as I did exactly that myself a few minutes ago I thought I'd > mention it to potentially save you some time in the future. > > $string = '42'; > $int = 42; > var_dump(ctype_digit($string), ctype_digit((string) $int), ctype_digit > ($int)); Easily fixed with: ctype_digit("$int"); With the added bonus, that another dev will come behind you, remove the quotes, and create a bug. :) From elharo at metalab.unc.edu Tue Nov 13 18:24:01 2007 From: elharo at metalab.unc.edu (Elliotte Harold) Date: Tue, 13 Nov 2007 18:24:01 -0500 Subject: [nycphp-talk] Quality Code [was "Injection..."] In-Reply-To: References: <4739C65D.6030008@beezifies.com> Message-ID: <473A3211.3040201@metalab.unc.edu> Brian D. wrote: > I'll grant you that using prepared statements rather than mysql_query > isn't *that* much of a time difference, but unit testing, for example, > does tend to take a little more time. > I respectfully disagree. I am faster when I'm writing unit tests than when I'm not. I am *much* faster if the measurement is made to bug free code that actually solves the problem, rather than simply to code that compiled, but even if we're just accepting any old hack that gets the job done once, I am still faster when I write unit tests. The more complicated and involved the problem the more true this is. I can't even begin to work on a sophisticated sorting algorithm or a fast interpolated search without writing tests. However even with a problem as simple as a basic linear search, I get to the end faster with test-driven development than without. > As Rusty pointed out, the biggest difference is "getting up-to-speed" > with something that you're not familiar with, but when you're writing > good code, in my experience at least, it's not as fast as throwing > things together. No, it's faster. :-) > As an illustration, if you find yourself copying and pasting code, > it's usually a better idea to create something reusable. But if you're > just banging out some code, copying and pasting may be a little > faster. The key is that it's only faster in the *short* run. In the > long wrong, good code is always faster. Well, as Fred Brooks said, "Plan to throw one away. You will anyway." -- Elliotte Rusty Harold elharo at metalab.unc.edu Java I/O 2nd Edition Just Published! http://www.cafeaulait.org/books/javaio2/ http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/ From elharo at metalab.unc.edu Tue Nov 13 18:27:25 2007 From: elharo at metalab.unc.edu (Elliotte Harold) Date: Tue, 13 Nov 2007 18:27:25 -0500 Subject: [nycphp-talk] Quality Code [was "Injection..."] In-Reply-To: <8f0676b40711130812p2ada46dfvfc4fe2e09548e755@mail.gmail.com> References: <4739C65D.6030008@beezifies.com> <8f0676b40711130812p2ada46dfvfc4fe2e09548e755@mail.gmail.com> Message-ID: <473A32DD.6000003@metalab.unc.edu> John Campbell wrote: > Even documentation doesn't add much time with javadoc and an IDE like > Zend. It fills in most of the stuff for you and adds it to the code > completion hints automatically so you get the benefit of the > documentation immediately. Once you type /**[enter], and have > experienced the magic, you will never go back. There's documentation and there's documentation/ JavaDoc (or PHP equivalent) is useful bbut it's no substitute for solid design documentation and tuorials (or vice versa) and these take time. Unit tests work and save time in part because they let programmers focus on what programmers like to do: write code. With occasional exceptions, most programmers don't like to write documentation and they aren't very good at it when they try. It's still important to have good documentation, but it does take some extra time. Unlike unit testing, I don't believe writing documentation saves you time up front, though it may pay back that time later. -- Elliotte Rusty Harold elharo at metalab.unc.edu Java I/O 2nd Edition Just Published! http://www.cafeaulait.org/books/javaio2/ http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/ From elharo at metalab.unc.edu Tue Nov 13 18:39:03 2007 From: elharo at metalab.unc.edu (Elliotte Harold) Date: Tue, 13 Nov 2007 18:39:03 -0500 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: <4739E5ED.9010004@gmx.net> References: <1283636582.20071107123117@qualityadvantages.com> <47389AA8.9080107@phpwerx.net> <330532b60711121428m6f5ac634p9326a9751f38b910@mail.gmail.com> <174581351.20071113114329@qualityadvantages.com> <47398DD9.2060506@gmx.net> <4739A1D8.1050707@metalab.unc.edu> <4739E5ED.9010004@gmx.net> Message-ID: <473A3597.1030909@metalab.unc.edu> David Krings wrote: > I disagree, you can take shortcuts, such as not documenting code and > omitting anything other than the "how it is supposed to be used" path. > One might argue that this would not constitute project completion, but > when time and money are scarce for a software project the QA and doc > team get cut and 'cheaper' developrs get hired to do the job. Typical > behaviour in companies where shareholder value (short term gain) is > valued more than product quality (long term gain). > I don't believe in shortcuts to quality. I believe short iteration cycles that accomplish a minimum of functionality well rather than a lot of things poorly. No one knows what they want till they see it anyway. Deliver the simplest thing that can possibly work; then add to it as time permits and desire dictates. YAGNI is a guiding principle. -- Elliotte Rusty Harold elharo at metalab.unc.edu Java I/O 2nd Edition Just Published! http://www.cafeaulait.org/books/javaio2/ http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/ From ramons at gmx.net Tue Nov 13 22:05:54 2007 From: ramons at gmx.net (David Krings) Date: Tue, 13 Nov 2007 22:05:54 -0500 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: <473A3597.1030909@metalab.unc.edu> References: <1283636582.20071107123117@qualityadvantages.com> <47389AA8.9080107@phpwerx.net> <330532b60711121428m6f5ac634p9326a9751f38b910@mail.gmail.com> <174581351.20071113114329@qualityadvantages.com> <47398DD9.2060506@gmx.net> <4739A1D8.1050707@metalab.unc.edu> <4739E5ED.9010004@gmx.net> <473A3597.1030909@metalab.unc.edu> Message-ID: <473A6612.2040103@gmx.net> Elliotte Harold wrote: > David Krings wrote: > >> I disagree, you can take shortcuts, such as not documenting code and >> omitting anything other than the "how it is supposed to be used" path. >> One might argue that this would not constitute project completion, but >> when time and money are scarce for a software project the QA and doc >> team get cut and 'cheaper' developrs get hired to do the job. Typical >> behaviour in companies where shareholder value (short term gain) is >> valued more than product quality (long term gain). >> > > I don't believe in shortcuts to quality. I believe short iteration > cycles that accomplish a minimum of functionality well rather than a lot > of things poorly. No one knows what they want till they see it anyway. > Deliver the simplest thing that can possibly work; then add to it as > time permits and desire dictates. YAGNI is a guiding principle. I did not say that was a shortcut to quality, I meant that this is a shortcut to claim project completion. As a professional tester I in no way approve of it, but I spent almost seven years in sw development and quality (assurance) and documentation are the first to go when the project is under distress....or not even in that case, but in general. I also do not believe in shortcuts to quality as there usually are none. David From dorgan at donaldorgan.com Wed Nov 14 11:25:45 2007 From: dorgan at donaldorgan.com (Donald J Organ IV) Date: Wed, 14 Nov 2007 11:25:45 -0500 Subject: [nycphp-talk] Test Please Ignore Message-ID: <473B2189.9090305@donaldorgan.com> test From ken at secdat.com Wed Nov 14 11:34:59 2007 From: ken at secdat.com (Kenneth Downs) Date: Wed, 14 Nov 2007 11:34:59 -0500 Subject: [nycphp-talk] Test Please Ignore In-Reply-To: <473B2189.9090305@donaldorgan.com> References: <473B2189.9090305@donaldorgan.com> Message-ID: <473B23B3.1030202@secdat.com> Test message received. Donald J Organ IV wrote: > test > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php -- Kenneth Downs Secure Data Software, Inc. www.secdat.com www.andromeda-project.org 631-689-7200 Fax: 631-689-0527 cell: 631-379-0010 From rmarscher at beaffinitive.com Wed Nov 14 13:04:50 2007 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Wed, 14 Nov 2007 13:04:50 -0500 Subject: [nycphp-talk] Extracting an int from a query string. In-Reply-To: <8f0676b40711131214s61b6350y84e45b90bb143d42@mail.gmail.com> References: <20071113170259.18FC9781A7@postalmail-mx1.g.dreamhost.com> <4CA17B7D-31F6-426B-BC8E-5B29475F27A0@mrmuster.com> <8f0676b40711131129r56a50a5fwe86751541d79e9fe@mail.gmail.com> <4310C9FE-C31A-4E7D-A0D8-18A20D7FF01A@bentobox.net> <8f0676b40711131214s61b6350y84e45b90bb143d42@mail.gmail.com> Message-ID: <954ECBFE-5592-452C-B5BC-7CC82BFE4C47@beaffinitive.com> On Nov 13, 2007, at 3:14 PM, John Campbell wrote: > On Nov 13, 2007 2:56 PM, dann wrote: >> One small caveat I failed to mention earlier: [...snip...] >> ctype_digit [...snip...] returns false >> if you pass it an actual integer. > Easily fixed with: > ctype_digit("$int"); > With the added bonus, that another dev will come behind you, remove > the quotes, and create a bug. :) Although, you originally said you were using this for request variables which are always strings. By the way, I've been seeing rumors on the web that the ternary operator will support this syntax in PHP6: $assigned = isset($somevar) ?: 'default'; Even less typing! From dcech at phpwerx.net Wed Nov 14 14:43:47 2007 From: dcech at phpwerx.net (Dan Cech) Date: Wed, 14 Nov 2007 14:43:47 -0500 Subject: [nycphp-talk] Extracting an int from a query string. In-Reply-To: <954ECBFE-5592-452C-B5BC-7CC82BFE4C47@beaffinitive.com> References: <20071113170259.18FC9781A7@postalmail-mx1.g.dreamhost.com> <4CA17B7D-31F6-426B-BC8E-5B29475F27A0@mrmuster.com> <8f0676b40711131129r56a50a5fwe86751541d79e9fe@mail.gmail.com> <4310C9FE-C31A-4E7D-A0D8-18A20D7FF01A@bentobox.net> <8f0676b40711131214s61b6350y84e45b90bb143d42@mail.gmail.com> <954ECBFE-5592-452C-B5BC-7CC82BFE4C47@beaffinitive.com> Message-ID: <473B4FF3.7040009@phpwerx.net> Rob Marscher wrote: > On Nov 13, 2007, at 3:14 PM, John Campbell wrote: >> On Nov 13, 2007 2:56 PM, dann wrote: >>> One small caveat I failed to mention earlier: [...snip...] >>> ctype_digit [...snip...] returns false >>> if you pass it an actual integer. >> Easily fixed with: >> ctype_digit("$int"); >> With the added bonus, that another dev will come behind you, remove >> the quotes, and create a bug. :) > > Although, you originally said you were using this for request variables > which are always strings. > > By the way, I've been seeing rumors on the web that the ternary operator > will support this syntax in PHP6: > > $assigned = isset($somevar) ?: 'default'; > > Even less typing! Still too much typing ;) , try this: $t = R('test',0,'int'); function R($k,$def = null,$type = null) { if (!isset($_REQUEST[$k])) { return $def; } if (isset($type)) { return checktype($type,$_REQUEST[$k],$def); } return $_REQUEST[$k]; } function checktype($type,$v,$def = null) { switch ($type) { case 'int': case 'integer': if ((string)intval($v) !== strval($v)) { return $def; } return intval($v); case 'string': if (!is_string($v)) { return $def; } break; } return $v; } Mix up some additional flavors for $_GET, $_POST, etc and have some real fun. Dan From smanes at magpie.com Wed Nov 14 19:16:25 2007 From: smanes at magpie.com (Steve Manes) Date: Wed, 14 Nov 2007 19:16:25 -0500 Subject: [nycphp-talk] GoogleMapAPI Message-ID: <473B8FD9.50502@magpie.com> Is anyone using this API? I'm testing this PHP class for possible use on a project. I've the basic functionality working but, for the life of me, I can't figure out how to get it to display driving directions or overlay a visual route. Any tips or pointers to sample code would be very helpful. Thanks. From rolan at omnistep.com Wed Nov 14 20:09:24 2007 From: rolan at omnistep.com (Rolan Yang) Date: Wed, 14 Nov 2007 20:09:24 -0500 Subject: [nycphp-talk] GoogleMapAPI In-Reply-To: <473B8FD9.50502@magpie.com> References: <473B8FD9.50502@magpie.com> Message-ID: <473B9C44.7070305@omnistep.com> http://code.google.com/apis/maps/documentation/services.html#Traffic_Overlays ~Rolan Steve Manes wrote: > Is anyone using this API? I'm testing this PHP class for possible use > on a project. I've the basic functionality working but, for the life > of me, I can't figure out how to get it to display driving directions > or overlay a visual route. > > Any tips or pointers to sample code would be very helpful. > > Thanks. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From jcampbell1 at gmail.com Wed Nov 14 20:08:52 2007 From: jcampbell1 at gmail.com (John Campbell) Date: Wed, 14 Nov 2007 20:08:52 -0500 Subject: [nycphp-talk] GoogleMapAPI In-Reply-To: <473B8FD9.50502@magpie.com> References: <473B8FD9.50502@magpie.com> Message-ID: <8f0676b40711141708j505532afi1bfc15e055159386@mail.gmail.com> > Is anyone using this API? I'm testing this PHP class for possible use > on a project. Yes, I wrote this site that uses it (including the advanced features). http://www.gypsymaps.com > I've the basic functionality working but, for the life of > me, I can't figure out how to get it to display driving directions or > overlay a visual route. > Any tips or pointers to sample code would be very helpful. The Google Maps API is the best documented code I have ever seen. For driving directions see: http://www.google.com/apis/maps/documentation/index.html click "Services" then scroll to the bottom for a "cut 'n paste" example. Check the "References" page if you want to get into the details. My only pointer, it to make sure you truely understand the js concepts, "a function is an object" and closure. If you are a PHP guy, it is likely a foreign concept. Regards, John Campbell From smanes at magpie.com Wed Nov 14 20:31:31 2007 From: smanes at magpie.com (Steve Manes) Date: Wed, 14 Nov 2007 20:31:31 -0500 Subject: [nycphp-talk] GoogleMapAPI In-Reply-To: <473B8FD9.50502@magpie.com> References: <473B8FD9.50502@magpie.com> Message-ID: <473BA173.9000401@magpie.com> Steve Manes wrote: > Is anyone using this API? I'm testing this PHP class for possible use > on a project. I've the basic functionality working but, for the life of > me, I can't figure out how to get it to display driving directions or > overlay a visual route. > > Any tips or pointers to sample code would be very helpful. Sorry, I should have been clearer. I meant the PHP GoogleMapAPI class (GoogleMapAPI.class.php) here: http://www.phpinsider.com/php/code/GoogleMapAPI/ I'm comfortable with JS and DOM but I need to give my client his options, including a PHP application interface. From jonbaer at jonbaer.com Wed Nov 14 20:32:52 2007 From: jonbaer at jonbaer.com (Jon Baer) Date: Wed, 14 Nov 2007 20:32:52 -0500 Subject: [nycphp-talk] Quercus Message-ID: <84FE82BC-7069-4837-88F1-65219F4FB2A2@jonbaer.com> http://quercus.caucho.com So im testing this out w/ CakePHP w/ JVM 1.5 and Terracotta (vm clustering) and have to say from what Ive seen (locally) it is pretty impressive. I am wondering if anyone is actually using (or testing) this combo in production? Or has any opinions otherwise of this project. - Jon From jcampbell1 at gmail.com Wed Nov 14 21:21:37 2007 From: jcampbell1 at gmail.com (John Campbell) Date: Wed, 14 Nov 2007 21:21:37 -0500 Subject: [nycphp-talk] GoogleMapAPI In-Reply-To: <473BA173.9000401@magpie.com> References: <473B8FD9.50502@magpie.com> <473BA173.9000401@magpie.com> Message-ID: <8f0676b40711141821r6b2099bay7f382e2b19ebd1ba@mail.gmail.com> > Sorry, I should have been clearer. I meant the PHP GoogleMapAPI class > (GoogleMapAPI.class.php) here: > > http://www.phpinsider.com/php/code/GoogleMapAPI/ The driving directions they have in their example is an external link to maps.google.com. I assume that is not what you want. You will need to modify the class if you want driving directions on your site. From smanes at magpie.com Wed Nov 14 21:39:11 2007 From: smanes at magpie.com (Steve Manes) Date: Wed, 14 Nov 2007 21:39:11 -0500 Subject: [nycphp-talk] GoogleMapAPI In-Reply-To: <8f0676b40711141821r6b2099bay7f382e2b19ebd1ba@mail.gmail.com> References: <473B8FD9.50502@magpie.com> <473BA173.9000401@magpie.com> <8f0676b40711141821r6b2099bay7f382e2b19ebd1ba@mail.gmail.com> Message-ID: <473BB14F.8000806@magpie.com> John Campbell wrote: >> Sorry, I should have been clearer. I meant the PHP GoogleMapAPI class >> (GoogleMapAPI.class.php) here: >> >> http://www.phpinsider.com/php/code/GoogleMapAPI/ > > The driving directions they have in their example is an external link > to maps.google.com. I assume that is not what you want. You will need > to modify the class if you want driving directions on your site. Yeah, I know. Even though it says it supports V2, it doesn't appear to support the GDirections class. I was hoping that someone who's used this PHP class might know if there was an extended class that did. No problem. Using Google's class is cleaner. From jcampbell1 at gmail.com Wed Nov 14 22:35:56 2007 From: jcampbell1 at gmail.com (John Campbell) Date: Wed, 14 Nov 2007 22:35:56 -0500 Subject: [nycphp-talk] GoogleMapAPI In-Reply-To: <473BB14F.8000806@magpie.com> References: <473B8FD9.50502@magpie.com> <473BA173.9000401@magpie.com> <8f0676b40711141821r6b2099bay7f382e2b19ebd1ba@mail.gmail.com> <473BB14F.8000806@magpie.com> Message-ID: <8f0676b40711141935t68fad7c3h11119a2a51ce3d94@mail.gmail.com> > Yeah, I know. Even though it says it supports V2, it doesn't appear to > support the GDirections class. I was hoping that someone who's used this > PHP class might know if there was an extended class that did. If all it is missing for your needs is directions, I'll fix it. Shouldn't take more than a few minutes. Let me know. From smanes at magpie.com Wed Nov 14 23:21:07 2007 From: smanes at magpie.com (Steve Manes) Date: Wed, 14 Nov 2007 23:21:07 -0500 Subject: [nycphp-talk] GoogleMapAPI In-Reply-To: <8f0676b40711141935t68fad7c3h11119a2a51ce3d94@mail.gmail.com> References: <473B8FD9.50502@magpie.com> <473BA173.9000401@magpie.com> <8f0676b40711141821r6b2099bay7f382e2b19ebd1ba@mail.gmail.com> <473BB14F.8000806@magpie.com> <8f0676b40711141935t68fad7c3h11119a2a51ce3d94@mail.gmail.com> Message-ID: <473BC933.7070905@magpie.com> John Campbell wrote: >> Yeah, I know. Even though it says it supports V2, it doesn't appear to >> support the GDirections class. I was hoping that someone who's used this >> PHP class might know if there was an extended class that did. > > If all it is missing for your needs is directions, I'll fix it. > Shouldn't take more than a few minutes. Let me know. I could as well but I don't like mucking with third-party libraries or APIs. Murphy's Law says that after I turn this software over to the client someone will download an updated API six months from now and lose the fixes. From rmarscher at beaffinitive.com Thu Nov 15 00:21:01 2007 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Thu, 15 Nov 2007 00:21:01 -0500 Subject: [nycphp-talk] Quercus In-Reply-To: <84FE82BC-7069-4837-88F1-65219F4FB2A2@jonbaer.com> References: <84FE82BC-7069-4837-88F1-65219F4FB2A2@jonbaer.com> Message-ID: <457C4614-AB4A-4B0F-8CAA-FE73A76E85EE@beaffinitive.com> On Nov 14, 2007, at 8:32 PM, Jon Baer wrote: > http://quercus.caucho.com > > So im testing this out w/ CakePHP w/ JVM 1.5 and Terracotta (vm > clustering) and have to say from what Ive seen (locally) it is > pretty impressive. I am wondering if anyone is actually using (or > testing) this combo in production? Or has any opinions otherwise of > this project. > > - Jon This is the first I've heard of it. The article about trying that with Drupal was interesting. Ever wanted to run PHP from C++? http://developers.facebook.com/phpembed/ php_array type in C++: http://developers.facebook.com/phpembed/docs/node10.html Here's the reason they developed it: http://blog.facebook.com/blog.php?post=6146092130 From lists at zaunere.com Thu Nov 15 08:25:00 2007 From: lists at zaunere.com (Hans Zaunere) Date: Thu, 15 Nov 2007 08:25:00 -0500 Subject: [nycphp-talk] Quercus In-Reply-To: <457C4614-AB4A-4B0F-8CAA-FE73A76E85EE@beaffinitive.com> References: <84FE82BC-7069-4837-88F1-65219F4FB2A2@jonbaer.com> <457C4614-AB4A-4B0F-8CAA-FE73A76E85EE@beaffinitive.com> Message-ID: <05a801c8278a$ec983fb0$671ba8c0@MobileZ> Rob Marscher wrote on Thursday, November 15, 2007 12:21 AM: > On Nov 14, 2007, at 8:32 PM, Jon Baer wrote: > > http://quercus.caucho.com > > > > So im testing this out w/ CakePHP w/ JVM 1.5 and Terracotta (vm > > clustering) and have to say from what Ive seen (locally) it is > > pretty impressive. I am wondering if anyone is actually using (or > > testing) this combo in production? Or has any opinions otherwise > > of this project. > > > > - Jon > > This is the first I've heard of it. The article about trying that > with Drupal was interesting. > > Ever wanted to run PHP from C++? > http://developers.facebook.com/phpembed/ > > php_array type in C++: > http://developers.facebook.com/phpembed/docs/node10.html > > Here's the reason they developed it: > http://blog.facebook.com/blog.php?post=6146092130 And we had a presentation about it in 2006: http://www.nyphpcon.com/Presentations H From brian at realm3.com Thu Nov 15 09:12:05 2007 From: brian at realm3.com (Brian D.) Date: Thu, 15 Nov 2007 09:12:05 -0500 Subject: [nycphp-talk] Quercus In-Reply-To: <05a801c8278a$ec983fb0$671ba8c0@MobileZ> References: <84FE82BC-7069-4837-88F1-65219F4FB2A2@jonbaer.com> <457C4614-AB4A-4B0F-8CAA-FE73A76E85EE@beaffinitive.com> <05a801c8278a$ec983fb0$671ba8c0@MobileZ> Message-ID: Quite interesting. The closest thing I've done is use the PHP-Java bridge ( http://php-java-bridge.sourceforge.net/ ) to run Java code in PHP files (running inside a Zend Framework, too). It worked very nicely for the use I intended it for. Thanks for posting the link. On Nov 15, 2007 8:25 AM, Hans Zaunere wrote: > > > Rob Marscher wrote on Thursday, November 15, 2007 12:21 AM: > > On Nov 14, 2007, at 8:32 PM, Jon Baer wrote: > > > http://quercus.caucho.com -- realm3 web applications [realm3.com] freelance consulting, application development (423) 506-0349 From brian at realm3.com Thu Nov 15 09:13:28 2007 From: brian at realm3.com (Brian D.) Date: Thu, 15 Nov 2007 09:13:28 -0500 Subject: [nycphp-talk] GoogleMapAPI In-Reply-To: <473BC933.7070905@magpie.com> References: <473B8FD9.50502@magpie.com> <473BA173.9000401@magpie.com> <8f0676b40711141821r6b2099bay7f382e2b19ebd1ba@mail.gmail.com> <473BB14F.8000806@magpie.com> <8f0676b40711141935t68fad7c3h11119a2a51ce3d94@mail.gmail.com> <473BC933.7070905@magpie.com> Message-ID: If you must use an API, I recommend Phoogle. http://www.systemsevendesigns.com/phoogle It definitely simplifies matters if you're not doing anything too complicated. On Nov 14, 2007 11:21 PM, Steve Manes wrote: > John Campbell wrote: > >> Yeah, I know. Even though it says it supports V2, it doesn't appear to > >> support the GDirections class. I was hoping that someone who's used this > >> PHP class might know if there was an extended class that did. > > > > If all it is missing for your needs is directions, I'll fix it. > > Shouldn't take more than a few minutes. Let me know. > > I could as well but I don't like mucking with third-party libraries or > APIs. Murphy's Law says that after I turn this software over to the > client someone will download an updated API six months from now and lose > the fixes. > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- realm3 web applications [realm3.com] freelance consulting, application development (423) 506-0349 From bz-gmort at beezifies.com Thu Nov 15 09:26:50 2007 From: bz-gmort at beezifies.com (Gary Mort) Date: Thu, 15 Nov 2007 09:26:50 -0500 Subject: [nycphp-talk] GoogleMapAPI In-Reply-To: <473BC933.7070905@magpie.com> References: <473B8FD9.50502@magpie.com> <473BA173.9000401@magpie.com> <8f0676b40711141821r6b2099bay7f382e2b19ebd1ba@mail.gmail.com> <473BB14F.8000806@magpie.com> <8f0676b40711141935t68fad7c3h11119a2a51ce3d94@mail.gmail.com> <473BC933.7070905@magpie.com> Message-ID: <473C572A.1050406@beezifies.com> Steve Manes wrote: > I could as well but I don't like mucking with third-party libraries or > APIs. Murphy's Law says that after I turn this software over to the > client someone will download an updated API six months from now and > lose the fixes. Why not extend it and submit the patches back. Than if their accepted and then the thing is downloaded again in 4 months, your changes are in the codebase. From jonbaer at jonbaer.com Thu Nov 15 09:43:52 2007 From: jonbaer at jonbaer.com (Jon Baer) Date: Thu, 15 Nov 2007 09:43:52 -0500 Subject: [nycphp-talk] Quercus In-Reply-To: References: <84FE82BC-7069-4837-88F1-65219F4FB2A2@jonbaer.com> <457C4614-AB4A-4B0F-8CAA-FE73A76E85EE@beaffinitive.com> <05a801c8278a$ec983fb0$671ba8c0@MobileZ> Message-ID: <16E64A95-0EE6-4470-B8BE-6735A6B4BF4B@jonbaer.com> It's only one part + it's probably also worth looking @ what the "bigger" picture here is ... http://www.terracotta.org So in a nutshell this will allow you to (easily) cluster JVMs into a 'network attached memory' situation. Like Rob said, the Drupal example is probably the best so far ... http://rifers.org/blogs/gbevin/2007/8/1/clustered_drupal_terracotta - Jon On Nov 15, 2007, at 9:12 AM, Brian D. wrote: > Quite interesting. The closest thing I've done is use the PHP-Java > bridge ( http://php-java-bridge.sourceforge.net/ ) to run Java code in > PHP files (running inside a Zend Framework, too). It worked very > nicely for the use I intended it for. > > Thanks for posting the link. > > On Nov 15, 2007 8:25 AM, Hans Zaunere wrote: >> >> >> Rob Marscher wrote on Thursday, November 15, 2007 12:21 AM: >>> On Nov 14, 2007, at 8:32 PM, Jon Baer wrote: >>>> http://quercus.caucho.com > > -- > realm3 web applications [realm3.com] > freelance consulting, application development > (423) 506-0349 > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From smanes at magpie.com Thu Nov 15 09:50:15 2007 From: smanes at magpie.com (Steve Manes) Date: Thu, 15 Nov 2007 09:50:15 -0500 Subject: [nycphp-talk] GoogleMapAPI In-Reply-To: <473C572A.1050406@beezifies.com> References: <473B8FD9.50502@magpie.com> <473BA173.9000401@magpie.com> <8f0676b40711141821r6b2099bay7f382e2b19ebd1ba@mail.gmail.com> <473BB14F.8000806@magpie.com> <8f0676b40711141935t68fad7c3h11119a2a51ce3d94@mail.gmail.com> <473BC933.7070905@magpie.com> <473C572A.1050406@beezifies.com> Message-ID: <473C5CA7.2050405@magpie.com> Gary Mort wrote: > Steve Manes wrote: >> I could as well but I don't like mucking with third-party libraries or >> APIs. Murphy's Law says that after I turn this software over to the >> client someone will download an updated API six months from now and >> lose the fixes. > > Why not extend it and submit the patches back. Than if their accepted > and then the thing is downloaded again in 4 months, your changes are in > the codebase. Maybe later. At the moment, I'm under the gun to get the transportation component built for a medical referral application. Using Google's native API is the quickest route (pun unintended) for that. I completed most of the maps stuff last night and I know that when they see it the client will probably request yet more functionality that's not in that PHP API. From rolan at omnistep.com Thu Nov 15 10:03:06 2007 From: rolan at omnistep.com (Rolan Yang) Date: Thu, 15 Nov 2007 10:03:06 -0500 Subject: [nycphp-talk] GoogleMapAPI In-Reply-To: <473C5CA7.2050405@magpie.com> References: <473B8FD9.50502@magpie.com> <473BA173.9000401@magpie.com> <8f0676b40711141821r6b2099bay7f382e2b19ebd1ba@mail.gmail.com> <473BB14F.8000806@magpie.com> <8f0676b40711141935t68fad7c3h11119a2a51ce3d94@mail.gmail.com> <473BC933.7070905@magpie.com> <473C572A.1050406@beezifies.com> <473C5CA7.2050405@magpie.com> Message-ID: <473C5FAA.2020006@omnistep.com> Steve Manes wrote: > Gary Mort wrote: >> Steve Manes wrote: >>> I could as well but I don't like mucking with third-party libraries >>> or APIs. Murphy's Law says that after I turn this software over to >>> the client someone will download an updated API six months from now >>> and lose the fixes. >> >> Why not extend it and submit the patches back. Than if their >> accepted and then the thing is downloaded again in 4 months, your >> changes are in the codebase. > > Maybe later. At the moment, I'm under the gun to get the > transportation component built for a medical referral application. > Using Google's native API is the quickest route (pun unintended) for > that. I completed most of the maps stuff last night and I know that > when they see it the client will probably request yet more > functionality that's not in that PHP API. > You might want to let your client know that there is a maximum limit to the number of google requests that can be made per developer key per time period. If the app is going to be hit hard and exceeds the limit, they may have to resort to buying a license* from Google. I believe the cost is $10,000. ~Rolan * or circumvent the limit by other means. From smanes at magpie.com Thu Nov 15 10:46:07 2007 From: smanes at magpie.com (Steve Manes) Date: Thu, 15 Nov 2007 10:46:07 -0500 Subject: [nycphp-talk] GoogleMapAPI In-Reply-To: <473C5FAA.2020006@omnistep.com> References: <473B8FD9.50502@magpie.com> <473BA173.9000401@magpie.com> <8f0676b40711141821r6b2099bay7f382e2b19ebd1ba@mail.gmail.com> <473BB14F.8000806@magpie.com> <8f0676b40711141935t68fad7c3h11119a2a51ce3d94@mail.gmail.com> <473BC933.7070905@magpie.com> <473C572A.1050406@beezifies.com> <473C5CA7.2050405@magpie.com> <473C5FAA.2020006@omnistep.com> Message-ID: <473C69BF.604@magpie.com> Rolan Yang wrote: > You might want to let your client know that there is a maximum limit to > the number of google requests that can be made per developer key per > time period. If the app is going to be hit hard and exceeds the limit, > they may have to resort to buying a license* from Google. I believe the > cost is $10,000. I know. But it's 50,000/day, which is about 49,800 more connections than any community health clinic is ever likely to make, and each clinic/program will have its own domain and Google API key. If it becomes a problem, the client is a large child health non-profit so they can deal with the license issues. From jcampbell1 at gmail.com Thu Nov 15 10:52:40 2007 From: jcampbell1 at gmail.com (John Campbell) Date: Thu, 15 Nov 2007 10:52:40 -0500 Subject: [nycphp-talk] GoogleMapAPI In-Reply-To: <473C69BF.604@magpie.com> References: <473B8FD9.50502@magpie.com> <473BA173.9000401@magpie.com> <8f0676b40711141821r6b2099bay7f382e2b19ebd1ba@mail.gmail.com> <473BB14F.8000806@magpie.com> <8f0676b40711141935t68fad7c3h11119a2a51ce3d94@mail.gmail.com> <473BC933.7070905@magpie.com> <473C572A.1050406@beezifies.com> <473C5CA7.2050405@magpie.com> <473C5FAA.2020006@omnistep.com> <473C69BF.604@magpie.com> Message-ID: <8f0676b40711150752m3a2532cegbf3409bd8ec087c5@mail.gmail.com> > I know. But it's 50,000/day, which is about 49,800 more connections > than any community health clinic is ever likely to make, and each > clinic/program will have its own domain and Google API key. If it > becomes a problem, the client is a large child health non-profit so they > can deal with the license issues. They changed it so the limits are now on the user, not the API key. It is 10,000 per IP. Which means, once person can't search for directions to your clinic more than 10,000 times per day. From orion at terracotta.org Thu Nov 15 16:56:25 2007 From: orion at terracotta.org (Orion Letizi) Date: Thu, 15 Nov 2007 13:56:25 -0800 (PST) Subject: [nycphp-talk] Quercus In-Reply-To: <16E64A95-0EE6-4470-B8BE-6735A6B4BF4B@jonbaer.com> References: <84FE82BC-7069-4837-88F1-65219F4FB2A2@jonbaer.com> <457C4614-AB4A-4B0F-8CAA-FE73A76E85EE@beaffinitive.com> <05a801c8278a$ec983fb0$671ba8c0@MobileZ> <16E64A95-0EE6-4470-B8BE-6735A6B4BF4B@jonbaer.com> Message-ID: <13782674.post@talk.nabble.com> Cool stuff. Let us know how your experiment goes. Also, if you need help, don't hesitate to ask. Cheers, Orion Letizi Terracotta Jon Baer-2 wrote: > > It's only one part + it's probably also worth looking @ what the > "bigger" picture here is ... > > http://www.terracotta.org > > So in a nutshell this will allow you to (easily) cluster JVMs into a > 'network attached memory' situation. > > Like Rob said, the Drupal example is probably the best so far ... > > http://rifers.org/blogs/gbevin/2007/8/1/clustered_drupal_terracotta > > - Jon > > On Nov 15, 2007, at 9:12 AM, Brian D. wrote: > >> Quite interesting. The closest thing I've done is use the PHP-Java >> bridge ( http://php-java-bridge.sourceforge.net/ ) to run Java code in >> PHP files (running inside a Zend Framework, too). It worked very >> nicely for the use I intended it for. >> >> Thanks for posting the link. >> >> On Nov 15, 2007 8:25 AM, Hans Zaunere wrote: >>> >>> >>> Rob Marscher wrote on Thursday, November 15, 2007 12:21 AM: >>>> On Nov 14, 2007, at 8:32 PM, Jon Baer wrote: >>>>> http://quercus.caucho.com >> >> -- >> realm3 web applications [realm3.com] >> freelance consulting, application development >> (423) 506-0349 >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > -- View this message in context: http://www.nabble.com/Quercus-tf4809132.html#a13782674 Sent from the NYPHP-Talk mailing list archive at Nabble.com. From urb at e-government.com Fri Nov 16 08:58:26 2007 From: urb at e-government.com (Urb LeJeune) Date: Fri, 16 Nov 2007 08:58:26 -0500 Subject: [nycphp-talk] detecting Java Script from within a PHP script. In-Reply-To: <47398DD9.2060506@gmx.net> References: <1283636582.20071107123117@qualityadvantages.com> <47389AA8.9080107@phpwerx.net> <330532b60711121428m6f5ac634p9326a9751f38b910@mail.gmail.com> <174581351.20071113114329@qualityadvantages.com> <47398DD9.2060506@gmx.net> Message-ID: <7.0.1.0.2.20071116085747.027e9650@e-government.com> At 06:43 AM 11/13/2007, you wrote: >mikesz at qualityadvantages.com wrote: >>too (security and quality never got any space on the project priority >>list obviously). > > From my experience that is true for 90% of all software projects. > Only documentation ranks lower. But using every spanking new > unproven technology (especially in Microsoft only shops) ranks very > high. And some things just don't want to go away. Yesterday my > former employer asked me a question about a DCOM based > client/server app that we made years ago. DCOM sucks! > >But back to the original issue, while radical, but how plausible >would it be to ditch that code and write new? As long as you know >what needs to go where in the database replacing that portion could >be done. It may even be faster than to figure out what the old code >does, why it is broken, and how to fix it. > >David >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk > >NYPHPCon 2006 Presentations Online >http://www.nyphpcon.com > >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php Urb Dr. Urban A. LeJeune, President E-Government.com 800-204-9545 From urb at e-government.com Fri Nov 16 09:00:16 2007 From: urb at e-government.com (Urb LeJeune) Date: Fri, 16 Nov 2007 09:00:16 -0500 Subject: [nycphp-talk] detecting Java Script from within a PHP script. Message-ID: <7.0.1.0.2.20071116085900.02a3ac68@e-government.com> Sorry about the last message, I accidently hit the send button. It there a way to detect if a user's browser has Java Script enabled from within a PHP script? Urb Dr. Urban A. LeJeune, President E-Government.com 800-204-9545 From chsnyder at gmail.com Fri Nov 16 09:20:53 2007 From: chsnyder at gmail.com (csnyder) Date: Fri, 16 Nov 2007 09:20:53 -0500 Subject: [nycphp-talk] detecting Java Script from within a PHP script. In-Reply-To: <7.0.1.0.2.20071116085900.02a3ac68@e-government.com> References: <7.0.1.0.2.20071116085900.02a3ac68@e-government.com> Message-ID: On 11/16/07, Urb LeJeune wrote: > It there a way to detect if a user's browser has Java Script enabled > from within a PHP script? This might work: Look for $_GET['js'] in your script. Note the conditional, which won't check for js if there are any get vars. Not tested in an actual browser, so ymmv. I bet setting a cookie value would be more reliable... From jonbaer at jonbaer.com Fri Nov 16 09:54:22 2007 From: jonbaer at jonbaer.com (Jon Baer) Date: Fri, 16 Nov 2007 09:54:22 -0500 Subject: [nycphp-talk] detecting Java Script from within a PHP script. In-Reply-To: <7.0.1.0.2.20071116085900.02a3ac68@e-government.com> References: <7.0.1.0.2.20071116085900.02a3ac68@e-government.com> Message-ID: <228AE2B5-898B-49C7-A557-246C480861B5@jonbaer.com> Browscap ... http://garetjax.info/projects/browscap/ - Jon On Nov 16, 2007, at 9:00 AM, Urb LeJeune wrote: > Sorry about the last message, I accidently hit the send button. > > It there a way to detect if a user's browser has Java Script enabled > from within a PHP script? > > Urb > > Dr. Urban A. LeJeune, President > E-Government.com > 800-204-9545 > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From smanes at magpie.com Fri Nov 16 10:44:06 2007 From: smanes at magpie.com (Steve Manes) Date: Fri, 16 Nov 2007 10:44:06 -0500 Subject: [nycphp-talk] Er, Dutch? Message-ID: <473DBAC6.2030105@magpie.com> Is www.php.net defaulting to Dutch for anybody else this morning? When I search on functions I get redirected to us2.php.net and get the text in Dutch. Did Drupal buy out php.net? dirname (PHP 4, PHP 5) dirname ? Geeft de foldernaam van het pad terug Beschrijving string dirname ( string $path ) Als een string gegeven is met een pad naar een bestand, dan geeft deze functie de naam van de folder terug. Op Windows, worden zowel slashes (/) als backslashes (\) gebruikt als pad split tekens. In andere omgevingen, alleen de voorwaardse slash (/). From chsnyder at gmail.com Fri Nov 16 10:46:15 2007 From: chsnyder at gmail.com (csnyder) Date: Fri, 16 Nov 2007 10:46:15 -0500 Subject: [nycphp-talk] detecting Java Script from within a PHP script. In-Reply-To: <228AE2B5-898B-49C7-A557-246C480861B5@jonbaer.com> References: <7.0.1.0.2.20071116085900.02a3ac68@e-government.com> <228AE2B5-898B-49C7-A557-246C480861B5@jonbaer.com> Message-ID: On Nov 16, 2007 9:54 AM, Jon Baer wrote: > Browscap ... > > http://garetjax.info/projects/browscap/ > > - Jon I don't think that will tell you whether js is enabled, just whether the browser is capable of it according to the browsecap.ini database. -- Chris Snyder http://chxo.com/ From bz-gmort at beezifies.com Fri Nov 16 10:50:27 2007 From: bz-gmort at beezifies.com (Gary Mort) Date: Fri, 16 Nov 2007 10:50:27 -0500 Subject: [nycphp-talk] Er, Dutch? In-Reply-To: <473DBAC6.2030105@magpie.com> References: <473DBAC6.2030105@magpie.com> Message-ID: <473DBC43.9050203@beezifies.com> Steve Manes wrote: > Is www.php.net defaulting to Dutch for anybody else this morning? Working fine for me. From selyah1 at yahoo.com Fri Nov 16 11:07:16 2007 From: selyah1 at yahoo.com (selyah) Date: Fri, 16 Nov 2007 08:07:16 -0800 (PST) Subject: [nycphp-talk] Er, Dutch? Message-ID: <30588.92720.qm@web30810.mail.mud.yahoo.com> works fine for me ----- Original Message ---- From: Steve Manes To: NYPHP Talk Sent: Friday, November 16, 2007 10:44:06 AM Subject: [nycphp-talk] Er, Dutch? Is www.php.net defaulting to Dutch for anybody else this morning? When I search on functions I get redirected to us2.php.net and get the text in Dutch. Did Drupal buy out php.net? dirname (PHP 4, PHP 5) dirname ? Geeft de foldernaam van het pad terug Beschrijving string dirname ( string $path ) Als een string gegeven is met een pad naar een bestand, dan geeft deze functie de naam van de folder terug. Op Windows, worden zowel slashes (/) als backslashes (\) gebruikt als pad split tekens. In andere omgevingen, alleen de voorwaardse slash (/). _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From patrick.fee at baesystems.com Fri Nov 16 11:08:36 2007 From: patrick.fee at baesystems.com (Fee, Patrick J (US SSA)) Date: Fri, 16 Nov 2007 11:08:36 -0500 Subject: [nycphp-talk] Er, Dutch?.... Er, No! In-Reply-To: <473DBAC6.2030105@magpie.com> References: <473DBAC6.2030105@magpie.com> Message-ID: It did not redirect for me. Patrick J. Fee Systems Engineering Services Technology Solutions & Services Tel: (301) 231-1418 Cel: (240) 401-6820 Fax: (301) 231-2635 Patrick.Fee at BAESystems.com ------------------------------------------------------------------------ "Instead of being concerned that you have no office, be concerned to think how you may fit yourself for office. Instead of being concerned that you are not known, see to the (be?) worthy of being known." --- Confucius -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Steve Manes Sent: Friday, November 16, 2007 10:44 AM To: NYPHP Talk Subject: [nycphp-talk] Er, Dutch? Is www.php.net defaulting to Dutch for anybody else this morning? When I search on functions I get redirected to us2.php.net and get the text in Dutch. Did Drupal buy out php.net? dirname (PHP 4, PHP 5) dirname - Geeft de foldernaam van het pad terug Beschrijving string dirname ( string $path ) Als een string gegeven is met een pad naar een bestand, dan geeft deze functie de naam van de folder terug. Op Windows, worden zowel slashes (/) als backslashes (\) gebruikt als pad split tekens. In andere omgevingen, alleen de voorwaardse slash (/). _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From jonbaer at jonbaer.com Fri Nov 16 11:44:20 2007 From: jonbaer at jonbaer.com (Jon Baer) Date: Fri, 16 Nov 2007 11:44:20 -0500 Subject: [nycphp-talk] detecting Java Script from within a PHP script. In-Reply-To: References: <7.0.1.0.2.20071116085900.02a3ac68@e-government.com> <228AE2B5-898B-49C7-A557-246C480861B5@jonbaer.com> Message-ID: <8E130A62-1DD8-4743-9098-3F65FB14E0B0@jonbaer.com> Hmm, was under the impression latest Browscap libraries already did a similar technique but does not look like it is the case @ all. Good call. - Jon On Nov 16, 2007, at 10:46 AM, csnyder wrote: > On Nov 16, 2007 9:54 AM, Jon Baer wrote: >> Browscap ... >> >> http://garetjax.info/projects/browscap/ >> >> - Jon > > I don't think that will tell you whether js is enabled, just whether > the browser is capable of it according to the browsecap.ini database. > > > -- > Chris Snyder > http://chxo.com/ > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From smanes at magpie.com Fri Nov 16 13:02:10 2007 From: smanes at magpie.com (Steve Manes) Date: Fri, 16 Nov 2007 13:02:10 -0500 Subject: [nycphp-talk] Er, Dutch? In-Reply-To: <30588.92720.qm@web30810.mail.mud.yahoo.com> References: <30588.92720.qm@web30810.mail.mud.yahoo.com> Message-ID: <473DDB22.7010808@magpie.com> selyah wrote: > > > *//* > works fine for me I can get English but only if I select "Brazilian Portuguese". "English" doesn't even appear in the pulldown. Weird. Maybe my browser is sending a funky language request header. From ramons at gmx.net Fri Nov 16 14:43:26 2007 From: ramons at gmx.net (David Krings) Date: Fri, 16 Nov 2007 14:43:26 -0500 Subject: [nycphp-talk] Er, Dutch? In-Reply-To: <473DDB22.7010808@magpie.com> References: <30588.92720.qm@web30810.mail.mud.yahoo.com> <473DDB22.7010808@magpie.com> Message-ID: <473DF2DE.8040001@gmx.net> Steve Manes wrote: > selyah wrote: >> *//* >> works fine for me > > I can get English but only if I select "Brazilian Portuguese". "English" > doesn't even appear in the pulldown. > > Weird. Maybe my browser is sending a funky language request header. > Nah, that must be the continental drift... ;) From urb at e-government.com Fri Nov 16 16:24:29 2007 From: urb at e-government.com (Urb LeJeune) Date: Fri, 16 Nov 2007 16:24:29 -0500 Subject: [nycphp-talk] Er, Dutch? In-Reply-To: <473DF2DE.8040001@gmx.net> References: <30588.92720.qm@web30810.mail.mud.yahoo.com> <473DDB22.7010808@magpie.com> <473DF2DE.8040001@gmx.net> Message-ID: <7.0.1.0.2.20071116162404.02b1ddc0@e-government.com> I'm been getting Dutch for several weeks. Urb Dr. Urban A. LeJeune, President E-Government.com 800-204-9545 From danielc at analysisandsolutions.com Sat Nov 17 00:39:42 2007 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sat, 17 Nov 2007 00:39:42 -0500 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: <1283636582.20071107123117@qualityadvantages.com> References: <1283636582.20071107123117@qualityadvantages.com> Message-ID: <20071117053942.GA19506@panix.com> Mike: On Wed, Nov 07, 2007 at 12:31:17PM +0800, mikesz at qualityadvantages.com wrote: > > I just noticed that this client has been getting regular injection > attacks that have been failing because it is a comment spammer and the > INSERT query is failing on a duplicate key error. A delayed FYI: The term "injection attack" generally means "SQL injection attack", hence so many people here talking about properly escaping data heading to your database. Sometimes it means "HTML injection attack", leading to others talking about how to escape HTML when generating pages. Sounds like your issue turned out to be a plain old bug / programming logic flaw. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From danielc at analysisandsolutions.com Sat Nov 17 00:42:57 2007 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sat, 17 Nov 2007 00:42:57 -0500 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: References: <1283636582.20071107123117@qualityadvantages.com> <47389AA8.9080107@phpwerx.net> Message-ID: <20071117054257.GB19506@panix.com> Hi Rob: On Mon, Nov 12, 2007 at 04:26:54PM -0500, Rob Marscher wrote: > > But it's expensive to escape it every time someone views the page. > Therefore, it's recommended to filter it on input but store the > filtered version This approach is flawed because disgruntled people who have server side access to the database can insert HTML. Escaping HTML upon page generation is the safest way to go. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From danielc at analysisandsolutions.com Sat Nov 17 00:48:17 2007 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sat, 17 Nov 2007 00:48:17 -0500 Subject: [nycphp-talk] call command-line script asynchronously In-Reply-To: <8478A0CC-24C5-461D-BDA3-472ACE994375@suzerain.com> References: <8478A0CC-24C5-461D-BDA3-472ACE994375@suzerain.com> Message-ID: <20071117054817.GC19506@panix.com> Hi Marc: On Sat, Nov 10, 2007 at 08:39:27PM +0800, Marc Antony Vose wrote: > > Which function for calling a command line script doesn't make your > script stop and wait? I use exec(). http://php.net/exec. Make sure to use the escape functions as needed. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From mikesz at qualityadvantages.com Sat Nov 17 01:08:11 2007 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Sat, 17 Nov 2007 14:08:11 +0800 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: <20071117053942.GA19506@panix.com> References: <1283636582.20071107123117@qualityadvantages.com> <20071117053942.GA19506@panix.com> Message-ID: <153675306.20071117140811@qualityadvantages.com> Hello Daniel, > A delayed FYI: > The term "injection attack" generally means "SQL injection attack", hence > so many people here talking about properly escaping data heading to your > database. Sometimes it means "HTML injection attack", leading to others > talking about how to escape HTML when generating pages. > Sounds like your issue turned out to be a plain old bug / programming > logic flaw. > --Dan Thanks for the reply. You are correct. The real problem is just a form spammer. I thought it was an injection because I was seeing a MySQL error message and assumed that they are actually getting to the database. The client told me that "mysterious" profiles were showing up in the application. The mystery was his, they were spammers who were generating the profiles manually. I have been trapping the traffic to that form and he's getting about 10 spammers bad guys a day who generate about a hundred bogus forms that die because they can never be submitted for lack of required data. The one's that succeed are being generated by hand, at least that is what it looks like and those are the "mysterious" profiles. thanks again for the update. -- Best regards, mikesz mailto:mikesz at qualityadvantages.com From ps at sun-code.com Sat Nov 17 07:17:41 2007 From: ps at sun-code.com (Peter Sawczynec) Date: Sat, 17 Nov 2007 07:17:41 -0500 Subject: [nycphp-talk] [OT} Beowulf 3D IMAX Message-ID: <003001c82913$e3fa0570$abee1050$@com> Beowulf shouts: "You know why you can't kill me?! Because I already died long ago when I was young like you." From ramons at gmx.net Sat Nov 17 07:58:13 2007 From: ramons at gmx.net (David Krings) Date: Sat, 17 Nov 2007 07:58:13 -0500 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: <20071117054257.GB19506@panix.com> References: <1283636582.20071107123117@qualityadvantages.com> <47389AA8.9080107@phpwerx.net> <20071117054257.GB19506@panix.com> Message-ID: <473EE565.6080708@gmx.net> Daniel Convissor wrote: > Hi Rob: > > On Mon, Nov 12, 2007 at 04:26:54PM -0500, Rob Marscher wrote: >> But it's expensive to escape it every time someone views the page. >> Therefore, it's recommended to filter it on input but store the >> filtered version > > This approach is flawed because disgruntled people who have server side > access to the database can insert HTML. Escaping HTML upon page > generation is the safest way to go. > > --Dan Exactly! All input is evil, even when it comes from your database and your script. There is no good reason not to check input each and every time, there are only bad excuses for not doing it. David From bz-gmort at beezifies.com Sat Nov 17 08:29:46 2007 From: bz-gmort at beezifies.com (Gary Mort) Date: Sat, 17 Nov 2007 08:29:46 -0500 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: <473EE565.6080708@gmx.net> References: <1283636582.20071107123117@qualityadvantages.com> <47389AA8.9080107@phpwerx.net> <20071117054257.GB19506@panix.com> <473EE565.6080708@gmx.net> Message-ID: <473EECCA.1090405@beezifies.com> David Krings wrote: > Exactly! All input is evil, even when it comes from your database and > your script. There is no good reason not to check input each and every > time, there are only bad excuses for not doing it. > Well, by that token you should maintain a digital signature of every script that runs, and PHP should check those signatures before running the program. Than of course every program should be checking the digital signature of php itself on the server to make sure no one tampered with that. Oh, and you might as well be checking digitial signatures of any other php file you plan on including before you allow it to be included. Of course, eventually all this checking is going to drag your performance down to an unacceptable level. But that's a bad excuse for not doing it. :-) -Gary From ramons at gmx.net Sat Nov 17 10:19:29 2007 From: ramons at gmx.net (David Krings) Date: Sat, 17 Nov 2007 10:19:29 -0500 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: <473EECCA.1090405@beezifies.com> References: <1283636582.20071107123117@qualityadvantages.com> <47389AA8.9080107@phpwerx.net> <20071117054257.GB19506@panix.com> <473EE565.6080708@gmx.net> <473EECCA.1090405@beezifies.com> Message-ID: <473F0681.1040203@gmx.net> Gary Mort wrote: > David Krings wrote: >> Exactly! All input is evil, even when it comes from your database and >> your script. There is no good reason not to check input each and every >> time, there are only bad excuses for not doing it. >> > > Well, by that token you should maintain a digital signature of every > script that runs, and PHP should check those signatures before running > the program. Than of course every program should be checking the > digital signature of php itself on the server to make sure no one > tampered with that. Oh, and you might as well be checking digitial > signatures of any other php file you plan on including before you allow > it to be included. > > Of course, eventually all this checking is going to drag your > performance down to an unacceptable level. But that's a bad excuse for > not doing it. > :-) > > -Gary > But since when are scripts considered input? From bz-gmort at beezifies.com Sat Nov 17 10:50:35 2007 From: bz-gmort at beezifies.com (bz-gmort at beezifies.com) Date: Sat, 17 Nov 2007 10:50:35 -0500 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: <473F0681.1040203@gmx.net> References: <1283636582.20071107123117@qualityadvantages.com> <47389AA8.9080107@phpwerx.net> <20071117054257.GB19506@panix.com> <473EE565.6080708@gmx.net> <473EECCA.1090405@beezifies.com> <473F0681.1040203@gmx.net> Message-ID: <473F0DCB.4010300@beezifies.com> David Krings wrote: > Gary Mort wrote: >> David Krings wrote: >>> Exactly! All input is evil, even when it comes from your database >>> and your script. There is no good reason not to check input each and >>> every time, there are only bad excuses for not doing it. >>> >> >> Well, by that token you should maintain a digital signature of every >> script that runs, and PHP should check those signatures before >> running the program. > > But since when are scripts considered input? If someone can access your database and feed bad data to it, than someone can access the filesystem and change php programs, data files, or executables. At a certain point you have to decide what aspects to trust and what ones to verify. Making an informed decision to store a pre-sanitized bit of data in the database vs sanitizing it everytime is just that, an informed decision. Not a bad excuse. If you adopt a strict security first model(and for many companies they should do this, whether or not they do....) than to not take every step possible to secure the system is a bad excuse. We also have to make real world decisions, sanitizing all input from all sources is the best solution. But if there are performance problems doing that, than looking into ways to cut down on the processing is one solution, based on budget for upgrading the server, load balancing, etc. -Gary From tedd at sperling.com Sun Nov 18 11:41:26 2007 From: tedd at sperling.com (tedd) Date: Sun, 18 Nov 2007 11:41:26 -0500 Subject: [nycphp-talk] MySQL Speaking Opportunity In-Reply-To: <02a501c82487$6e681940$671ba8c0@MobileZ> References: <02a501c82487$6e681940$671ba8c0@MobileZ> Message-ID: At 12:22 PM -0500 11/11/07, Hans Zaunere wrote: >Hello all, > >I've been asked to host the MySQL Meetup on Tuesday (full details at >http://mysql.meetup.com/7/). It's actually a great group, with free beer >and food. > >The only problem, however, is that we're looking for a speaker to present >something. It doesn't have to be very long, and the group is informal. For >instance, if you'd just like to present a couple of slides on an interesting >topic, then the rest of the group can begin Q&A. The topic doesn't even >have to be only about MySQL itself, just as long as it's relavant to MySQL. > >I know that time is short so please contact me off list if you're >interested. > >Thanks, I gave a talk once about the use of a Rollidex. How it was so much nicer to have the data in-hand than somewhere in some stupid computer -- would that work? :-) Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From paulcheung at tiscali.co.uk Sun Nov 18 14:43:48 2007 From: paulcheung at tiscali.co.uk (PaulCheung) Date: Sun, 18 Nov 2007 19:43:48 -0000 Subject: [nycphp-talk] Passing info entered into HTML FORMS into SESSION variables. Message-ID: <001601c82a1b$5699c220$0300a8c0@X9183> HELP !! What is doing wrong?? I want to take the values entered into HTML FORMS fields ("DATA" "RESULT" and "NOTE") and put them into $_SESSION variables, which is not happening. Has anybody any ideas why not ? ACTUAL OUTPUT: ACTUAL RESULT: TEST NOTE : "); ?> Paul From ramons at gmx.net Sun Nov 18 15:58:17 2007 From: ramons at gmx.net (David Krings) Date: Sun, 18 Nov 2007 15:58:17 -0500 Subject: [nycphp-talk] Passing info entered into HTML FORMS into SESSION variables. In-Reply-To: <001601c82a1b$5699c220$0300a8c0@X9183> References: <001601c82a1b$5699c220$0300a8c0@X9183> Message-ID: <4740A769.8090200@gmx.net> > $t = $row['data']; $u = $row['result']; $v = $row['note']; > > $_SESSION['data'] = $t; $_SESSION['result'] = $u; > $_SESSION['note'] = $v; > > echo(' data = ' .$t. ' result = ' .$u. ' note = ' .$v. "
"); ?> > > Did you anywhere start a session? You need a session_start() in order to work with sessions. I recommend starting the session before you do anything else. David From michael.southwell at nyphp.com Sun Nov 18 16:02:44 2007 From: michael.southwell at nyphp.com (Michael Southwell) Date: Sun, 18 Nov 2007 16:02:44 -0500 Subject: [nycphp-talk] Passing info entered into HTML FORMS into SESSION variables. In-Reply-To: <001601c82a1b$5699c220$0300a8c0@X9183> References: <001601c82a1b$5699c220$0300a8c0@X9183> Message-ID: <4740A874.9060402@nyphp.com> PaulCheung wrote: > $t = $row['data']; $u = $row['result']; $v = $row['note']; How are you populating the $row array? I would have expected this to be: $t = $_POST['data']; Doing it this way you should have no problem. And by the way, you don't need the $t etc variables unless you are using them elsewhere. That would make it this: $_SESSION['data'] = $_POST['data']; -- ================= Michael Southwell Vice President, Education NYPHP TRAINING: http://nyphp.com/Training/Indepth From elharo at metalab.unc.edu Sun Nov 18 20:59:34 2007 From: elharo at metalab.unc.edu (Elliotte Harold) Date: Sun, 18 Nov 2007 20:59:34 -0500 Subject: [nycphp-talk] Quality Code [was "Injection..."] In-Reply-To: References: Message-ID: <4740EE06.8050705@metalab.unc.edu> Brian D. wrote: >> Programmers who write quality code do not write code slower than >> programmers who don't. If anything they produce more lines of code per >> day, and their code does more. > > You can certainly write an application, placing your SQL calls, HTML > layout, and everything else all in the same files, ignoring security > problems, and skipping documentation, much, *much* faster than you can > create an application that considers security issues, best practices, > well-documented code, etc. > It depends on the application. Small apps maybe. Big apps no. There is a scale at which the hack job never gets close to working, and a smaller scale at which the hack job takes too long. Hack jobs only work if the app is so small that a dev can finish it fast and keep it more or less all in their head. Apps that are so large they require teams of programmers working over months can only succeed if they follow sound development practices. This is something I struggle with all the time in my classes. It's hard to convince students of the necessity of basic things like proper indentation and naming conventions when most of them have never worked on a project large enough for that to matter. I suspect the necessary turnaround point is anything more than one developer and/or more than one week. However in the so-called real world *most* projects are that large. -- Elliotte Rusty Harold elharo at metalab.unc.edu Java I/O 2nd Edition Just Published! http://www.cafeaulait.org/books/javaio2/ http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/ From rmarscher at beaffinitive.com Sun Nov 18 22:02:06 2007 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Sun, 18 Nov 2007 22:02:06 -0500 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: <20071117054257.GB19506@panix.com> References: <1283636582.20071107123117@qualityadvantages.com> <47389AA8.9080107@phpwerx.net> <20071117054257.GB19506@panix.com> Message-ID: On Nov 17, 2007, at 12:42 AM, Daniel Convissor wrote: > On Mon, Nov 12, 2007 at 04:26:54PM -0500, Rob Marscher wrote: >> >> But it's expensive to escape it every time someone views the page. >> Therefore, it's recommended to filter it on input but store the >> filtered version > This approach is flawed because disgruntled people who have server > side > access to the database can insert HTML. Escaping HTML upon page > generation is the safest way to go. Hmm... that's a good point. I guess my suggestion is more just on caching the filtering if it's an expensive operation. And as you point out, that needs to be done in a trusted way. Here's the specific HTMLPurifier documentation that discusses it: http://htmlpurifier.org/docs/enduser-slow.html From danielc at analysisandsolutions.com Sun Nov 18 22:31:11 2007 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sun, 18 Nov 2007 22:31:11 -0500 Subject: [nycphp-talk] Extracting an int from a query string. In-Reply-To: <4CA17B7D-31F6-426B-BC8E-5B29475F27A0@mrmuster.com> References: <20071113170259.18FC9781A7@postalmail-mx1.g.dreamhost.com> <4CA17B7D-31F6-426B-BC8E-5B29475F27A0@mrmuster.com> Message-ID: <20071119033111.GA1116@panix.com> On Tue, Nov 13, 2007 at 12:53:59PM -0500, dann wrote: > > $page_index = ctype_digit($_GET['page']) ? $_GET['page'] : $default_page; That produces a notice if the variable isn't set. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From danielc at analysisandsolutions.com Sun Nov 18 22:34:47 2007 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sun, 18 Nov 2007 22:34:47 -0500 Subject: [nycphp-talk] Extracting an int from a query string. In-Reply-To: <8f0676b40711130923h68461518naa7e606f5cc38e16@mail.gmail.com> References: <8f0676b40711130634m4e3d5aa7pf50ee750269d5929@mail.gmail.com> <8f0676b40711130757o1477fbc3w2082156fbc3b31e3@mail.gmail.com> <8f0676b40711130923h68461518naa7e606f5cc38e16@mail.gmail.com> Message-ID: <20071119033447.GB1116@panix.com> Hola: On Tue, Nov 13, 2007 at 12:23:46PM -0500, John Campbell wrote: > > What are other peoples' thoughts about 1-2 liners vs global functions? If it's one or two lines, a function can be more distracting than it's worth. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From paulcheung at tiscali.co.uk Mon Nov 19 04:22:12 2007 From: paulcheung at tiscali.co.uk (PaulCheung) Date: Mon, 19 Nov 2007 09:22:12 -0000 Subject: [nycphp-talk] Passing info entered into HTML FORMS into SESSIONvariables. References: <001601c82a1b$5699c220$0300a8c0@X9183> <4740A874.9060402@nyphp.com> Message-ID: <001901c82a8d$ab48f620$0300a8c0@X9183> Hi Micheal, Using a search criteria, a MySQL call is made and the required MySQL record is returned. The HTML FORM is made up of three forms. the first two forms are used to display (read-only) infomation to the enduser The third and last FORM is used by the enduser to update the MySQL record. All of the above works as required. Here it falls over before passing the info to the next script to do the actual update I try to ECHO the user entered data and it is empty. Just for this test and to show what is happening I passed the entered info to the next script and this is what was received by the next script as you see NULL values were passed. whereas the ACCESS and TESTNO from the MySQL search are passed and picked up by the next script using $_SESSION. $query = UPDATE test_record SET data = '' record = '' note = '' WHERE access = '73226318' AND testno = '002' Paul ----- Original Message ----- From: "Michael Southwell" To: "NYPHP Talk" Sent: Sunday, November 18, 2007 9:02 PM Subject: Re: [nycphp-talk] Passing info entered into HTML FORMS into SESSIONvariables. > PaulCheung wrote: >> $t = $row['data']; $u = $row['result']; $v = $row['note']; > > How are you populating the $row array? I would have expected this to be: > $t = $_POST['data']; > Doing it this way you should have no problem. And by the way, you don't > need the $t etc variables unless you are using them elsewhere. That would > make it this: > $_SESSION['data'] = $_POST['data']; > > -- > ================= > Michael Southwell > Vice President, Education > NYPHP TRAINING: http://nyphp.com/Training/Indepth > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From urb at e-government.com Mon Nov 19 08:41:06 2007 From: urb at e-government.com (Urb LeJeune) Date: Mon, 19 Nov 2007 08:41:06 -0500 Subject: [nycphp-talk] Programming Standards In-Reply-To: <20071119033447.GB1116@panix.com> References: <8f0676b40711130634m4e3d5aa7pf50ee750269d5929@mail.gmail.com> <8f0676b40711130757o1477fbc3w2082156fbc3b31e3@mail.gmail.com> <8f0676b40711130923h68461518naa7e606f5cc38e16@mail.gmail.com> <20071119033447.GB1116@panix.com> Message-ID: <7.0.1.0.2.20071119083448.02814140@e-government.com> >If it's one or two lines, a function can be more distracting than it's >worth. Until you find an error in those lines, or you need to add an extra line. It all depends upon you philosophy of programming. To most people a good program is one that works. To me a good program has three important characteristics: 1. It does what the specifications require under all circumstances. 2. It is efficient in the use of resources, both computer and human. 3. It is easily maintained by someone other than the original programmer. Keep in mind that the creation cost of a production program (it's actually being used) is a small fraction of the original cost. >--Dan > >-- > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > data intensive web and database programming > http://www.AnalysisAndSolutions.com/ > 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk > >NYPHPCon 2006 Presentations Online >http://www.nyphpcon.com > >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php Urb Dr. Urban A. LeJeune, President E-Government.com 800-204-9545 From ramons at gmx.net Mon Nov 19 10:05:37 2007 From: ramons at gmx.net (David Krings) Date: Mon, 19 Nov 2007 10:05:37 -0500 Subject: [nycphp-talk] Programming Standards In-Reply-To: <7.0.1.0.2.20071119083448.02814140@e-government.com> References: <8f0676b40711130634m4e3d5aa7pf50ee750269d5929@mail.gmail.com> <8f0676b40711130757o1477fbc3w2082156fbc3b31e3@mail.gmail.com> <8f0676b40711130923h68461518naa7e606f5cc38e16@mail.gmail.com> <20071119033447.GB1116@panix.com> <7.0.1.0.2.20071119083448.02814140@e-government.com> Message-ID: <4741A641.8020907@gmx.net> Urb LeJeune wrote: > It all depends upon you philosophy of programming. To most > people a good program is one that works. To me a good program > has three important characteristics: > > 1. It does what the specifications require under all circumstances. > 2. It is efficient in the use of resources, both computer and human. > 3. It is easily maintained by someone other than the original programmer. > > Keep in mind that the creation cost of a production program (it's > actually being used) is a small fraction of the original cost. Number 1 is a tricky one. You are saying that your program is a "good program" even when it does exactly what the crappy and misguided specs demand? The simple requirement of "program that works" may be closer to the anticipated goal than one that follows the specs to the t. Good specs are hard to come by and writing good specs ina pain the behind. I've done it and failed blatantly. David From tom at supertom.com Mon Nov 19 11:30:22 2007 From: tom at supertom.com (Tom Melendez) Date: Mon, 19 Nov 2007 08:30:22 -0800 Subject: [nycphp-talk] Programming Standards In-Reply-To: <4741A641.8020907@gmx.net> References: <8f0676b40711130634m4e3d5aa7pf50ee750269d5929@mail.gmail.com> <8f0676b40711130757o1477fbc3w2082156fbc3b31e3@mail.gmail.com> <8f0676b40711130923h68461518naa7e606f5cc38e16@mail.gmail.com> <20071119033447.GB1116@panix.com> <7.0.1.0.2.20071119083448.02814140@e-government.com> <4741A641.8020907@gmx.net> Message-ID: <117286890711190830n2e610ccx5bea138782354734@mail.gmail.com> On Nov 19, 2007 7:05 AM, David Krings wrote: > Urb LeJeune wrote: > > It all depends upon you philosophy of programming. To most > > people a good program is one that works. To me a good program > > has three important characteristics: > > > > 1. It does what the specifications require under all circumstances. > > Number 1 is a tricky one. You are saying that your program is a "good program" > even when it does exactly what the crappy and misguided specs demand? Yes. Absolutely. The program must do what the spec defines. The two must match. This encourages re-usability later on and prevents scope/feature creep up front. Plus, your docs for the code will come from the spec and can be completed in parallel. > The > simple requirement of "program that works" may be closer to the anticipated > goal than one that follows the specs to the t. Good specs are hard to come by > and writing good specs ina pain the behind. True, but I believe this problem to be due to not having the right people not involved in the spec. In my experience, especially on small teams, the engineer is writing the spec, with limited feedback from the stakeholders. The engineer would rather be doing something creative or writing code, not hashing out the details of this document. So, new features and "hey, look, this would be better..." gets added and the project grows. Then, the spec is never updated and the next folks to pick up the project don't have a reliable spec. Plus, deadlines do eventually set in and cool-feature-Y that wasn't in the spec is now hacked in to meet it, so it isn't re-usable as everyone had expected. If you're working in a small client/consultant relationship, there probably isn't a PM or a Product Mgr, so the engineer will probably end up writing the spec by themselves. In which case, you need to have the client sign off so everyone agrees what should be there up front. No one says you can't change the spec mid-course, but you have to actually update the spec and documentation to reflect this change. Tom LIPHP From cliff at pinestream.com Mon Nov 19 13:11:29 2007 From: cliff at pinestream.com (Cliff Hirsch) Date: Mon, 19 Nov 2007 13:11:29 -0500 Subject: [nycphp-talk] Why is pass-by-reference deprecated? Message-ID: The php manual says: ?In recent versions of PHP you will get a warning saying that "Call-time pass-by-reference" is deprecated when you use a & in foo(&$a);? Why is this? Besides being ugly, difficult to understand and not very elegant, is there any reason technical reason why this is deprecated? Cliff -------------- next part -------------- An HTML attachment was scrubbed... URL: From bz-gmort at beezifies.com Mon Nov 19 13:27:04 2007 From: bz-gmort at beezifies.com (Gary Mort) Date: Mon, 19 Nov 2007 13:27:04 -0500 Subject: [nycphp-talk] Why is pass-by-reference deprecated? In-Reply-To: References: Message-ID: <4741D578.9070307@beezifies.com> Cliff Hirsch wrote: > The php manual says: > > ?In recent versions of PHP you will get a warning saying that > "Call-time pass-by-reference" is deprecated when you use a & in foo(&$a);? > > Why is this? Besides being ugly, difficult to understand and not very > elegant, is there any reason technical reason why this is deprecated? > Because if you declare it in the function: function foo(&$mya) { } Than you have told PHP that whenever this function is used, variables should be passed by reference and not copied. So the thinking is, you should know ahead of time whether or not you want to pass by reference or pass a copy, and not decide to do it at the time you call your code. IE, don't do: foo(&$a); echo $a; foo($b); echo $b; Where $a is changed by foo and $b is not. If you must have function that does one thing or the other, create 2 function: function foo(&$a) { } function foosafe($a) { foo($a); } From jmcgraw1 at gmail.com Mon Nov 19 13:28:56 2007 From: jmcgraw1 at gmail.com (Jake McGraw) Date: Mon, 19 Nov 2007 13:28:56 -0500 Subject: [nycphp-talk] Why is pass-by-reference deprecated? In-Reply-To: References: Message-ID: I believe pass-by-reference is now noted in function definitions ala: function myFunc(&$myvar) {/* Function */} whereas in PHP4, you could force pass-by-reference at runtime using: myFunc(&$myvar); This was depreciated because parameter definitions should be maintained in the function definition, not in the function call. Whether a parameter is pass-by-reference or value should be the same across all calls to maintain consistency and reduce code (one ampersand instead of many). - jake On Nov 19, 2007 1:11 PM, Cliff Hirsch wrote: > The php manual says: > > "In recent versions of PHP you will get a warning saying that "Call-time > pass-by-reference" is deprecated when you use a & in foo(&$a);" > > Why is this? Besides being ugly, difficult to understand and not very > elegant, is there any reason technical reason why this is deprecated? > > Cliff > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ashaw at polymerdb.org Mon Nov 19 13:32:22 2007 From: ashaw at polymerdb.org (Allen Shaw) Date: Mon, 19 Nov 2007 12:32:22 -0600 Subject: [nycphp-talk] Why is pass-by-reference deprecated? In-Reply-To: <4741D578.9070307@beezifies.com> References: <4741D578.9070307@beezifies.com> Message-ID: <4741D6B6.8020905@polymerdb.org> Gary Mort wrote: > Cliff Hirsch wrote: >> Besides being ugly, difficult to understand and not very elegant... > Because ... you should know ahead of time whether or not you want to > pass by reference or pass a copy, and not decide to do it at the time > you call your code. > [snip] That's a good explanation from Gary, but to give Cliff credit, I think this is probably what he meant by "ugly, difficult to understand and not very elegant." - A. -- Allen Shaw slidePresenter (http://slides.sourceforge.net) From cliff at pinestream.com Mon Nov 19 15:01:30 2007 From: cliff at pinestream.com (Cliff Hirsch) Date: Mon, 19 Nov 2007 15:01:30 -0500 Subject: [nycphp-talk] Why is pass-by-reference deprecated? In-Reply-To: <4741D578.9070307@beezifies.com> Message-ID: On 11/19/07 1:27 PM, "Gary Mort" wrote: > Cliff Hirsch wrote: >> The php manual says: >> ?In recent versions of PHP you will get a warning saying that >> "Call-time pass-by-reference" is deprecated when you use a & in foo(&$a);? >> Why is this? Besides being ugly, difficult to understand and not very >> elegant, is there any reason technical reason why this is deprecated? >> > Because if you declare it in the function: > function foo(&$mya) { > } > > Than you have told PHP that whenever this function is used, variables > should be passed by reference and not copied. > > So the thinking is, you should know ahead of time whether or not you > want to pass by reference or pass a copy, and not decide to do it at the > time you call your code. > > IE, don't do: > foo(&$a); Ah, I got it. Pass-by-reference in the function call is what's depricated. As in foo(&$a); (as you noted above). Pass-by-reference in the function definition is not depricated. As in public function Thefunction(&$varref) { } Still ugly and error prone compared to clean oop, but passing objects around is sort of the same thing and infinitely more confusing. From ben at projectskyline.com Mon Nov 19 16:17:38 2007 From: ben at projectskyline.com (Ben Sgro (ProjectSkyLine)) Date: Mon, 19 Nov 2007 16:17:38 -0500 Subject: [nycphp-talk] Why is pass-by-reference deprecated? References: Message-ID: <00dc01c82af1$9ce6b770$a66411ac@c500> Hello, Sorry to hijack, but I started thinking about something I read for optimization of php. They stated, if you know your not going to make changes to a variable, to send it to a function as reference, as to NOT make a copy of it... Is this really worthwhile? func($a) { echo $a; } VS func(& $a) { echo $a; } - Ben ----- Original Message ----- From: "Cliff Hirsch" To: "NYPHP Talk" Sent: Monday, November 19, 2007 3:01 PM Subject: Re: [nycphp-talk] Why is pass-by-reference deprecated? On 11/19/07 1:27 PM, "Gary Mort" wrote: > Cliff Hirsch wrote: >> The php manual says: >> ?In recent versions of PHP you will get a warning saying that >> "Call-time pass-by-reference" is deprecated when you use a & in >> foo(&$a);? >> Why is this? Besides being ugly, difficult to understand and not very >> elegant, is there any reason technical reason why this is deprecated? >> > Because if you declare it in the function: > function foo(&$mya) { > } > > Than you have told PHP that whenever this function is used, variables > should be passed by reference and not copied. > > So the thinking is, you should know ahead of time whether or not you > want to pass by reference or pass a copy, and not decide to do it at the > time you call your code. > > IE, don't do: > foo(&$a); Ah, I got it. Pass-by-reference in the function call is what's depricated. As in foo(&$a); (as you noted above). Pass-by-reference in the function definition is not depricated. As in public function Thefunction(&$varref) { } Still ugly and error prone compared to clean oop, but passing objects around is sort of the same thing and infinitely more confusing. _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From cliff at pinestream.com Mon Nov 19 16:21:21 2007 From: cliff at pinestream.com (Cliff Hirsch) Date: Mon, 19 Nov 2007 16:21:21 -0500 Subject: [nycphp-talk] Why is pass-by-reference deprecated? In-Reply-To: <00dc01c82af1$9ce6b770$a66411ac@c500> Message-ID: > Hello, > > Sorry to hijack, but I started thinking about something I read > for optimization of php. > > They stated, if you know your not going to make changes > to a variable, to send it to a function as reference, as to NOT > make a copy of it... > Going back to some very, very old threads on here, I though that copies were only made if the variable was changed. If the variable is not changed, I believe php is smart enough to reference, not copy, the variable. Clif From tedd at sperling.com Mon Nov 19 16:26:25 2007 From: tedd at sperling.com (tedd) Date: Mon, 19 Nov 2007 16:26:25 -0500 Subject: [nycphp-talk] detecting Java Script from within a PHP script. In-Reply-To: <7.0.1.0.2.20071116085900.02a3ac68@e-government.com> References: <7.0.1.0.2.20071116085900.02a3ac68@e-government.com> Message-ID: At 9:00 AM -0500 11/16/07, Urb LeJeune wrote: > Sorry about the last message, I accidently hit the send button. > > It there a way to detect if a user's browser has Java Script enabled >from within a PHP script? > >Urb > No. PHP runs before the browser/javascript does. Having php determine if the browser has js enabled means communication from the browser back to the script. You could do this communication via ajax. Namely, have php prepare a web page, have the web page determine if js in enabled and then communicate back to a php script to continue your second script. However, if js is not enabled, then your second script will never hear back from the browser. Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From ben at projectskyline.com Mon Nov 19 16:29:42 2007 From: ben at projectskyline.com (Ben Sgro (ProjectSkyLine)) Date: Mon, 19 Nov 2007 16:29:42 -0500 Subject: [nycphp-talk] Why is pass-by-reference deprecated? References: Message-ID: <00f401c82af3$4c79f660$a66411ac@c500> Hello Cliff, Alright, makes sense. Thanks. ----- Original Message ----- From: "Cliff Hirsch" To: "NYPHP Talk" Sent: Monday, November 19, 2007 4:21 PM Subject: Re: [nycphp-talk] Why is pass-by-reference deprecated? >> Hello, >> >> Sorry to hijack, but I started thinking about something I read >> for optimization of php. >> >> They stated, if you know your not going to make changes >> to a variable, to send it to a function as reference, as to NOT >> make a copy of it... >> > Going back to some very, very old threads on here, I though that copies > were > only made if the variable was changed. If the variable is not changed, I > believe php is smart enough to reference, not copy, the variable. > > Clif > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From tedd at sperling.com Mon Nov 19 16:51:14 2007 From: tedd at sperling.com (tedd) Date: Mon, 19 Nov 2007 16:51:14 -0500 Subject: [nycphp-talk] Injection Attack, any ideas? In-Reply-To: <47389AA8.9080107@phpwerx.net> References: <1283636582.20071107123117@qualityadvantages.com> <47389AA8.9080107@phpwerx.net> Message-ID: At 1:25 PM -0500 11/12/07, Dan Cech wrote: >tedd wrote: > > Scrub and clean all user input. >> >> My understanding -- nothing can get in unless you allow it (barring >> server breaches). >> >> Here's an example of js injection: >> >> http://webbytedd.com/bb/insecure-form/ >> >> SQL injection (as I understand it) is simply allowing the user to >> prepare (in part) the SQL query. Scrub and clean user input and prepare >> the query yourself as per what you will allow. > >With all due respect, this is bad advice. The decision to allow or >disallow certain content is a business/application decision, not a >security decision. Above I said "Scrub and clean all user input" <-- that's not a business/application decision but rather one of security. I don't care what the client says with regard to his business needs, I will not knowingly introduce any security breaches. Instead, I will try to produce what the client wants rather than what he says he wants -- surely he doesn't want a security breach. >If you display content properly *as content* then it does not matter >what it is. The security problem here is NOT the data, it is the fact >that the data is being displayed *as code*, in this case html code. Negative. It's not "displaying the content" that's at issue but rather allowing foreign code to be injected into a MySQL query. You simply clean all user input. You never trust the user to do what's right with regard to any aspect of security. You control it all or you have no control. >The fact that your example demonstrates the proper approach (using html >escaping to display the user data) rather than 'scrubbing and cleaning' >the input makes this advice even more confusing. Well, I guess that we are both confusing, because I don't get what you said. I am simply, but apparently not effectively, saying that you never trust outside data regardless. You never allow the user to have access to any portion of your code for injection -- period. My example shows that a user could inject a piece of code and produce something that was not in my code. But, perhaps my demo is less than optimal in showing that -- sorry. Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From rmarscher at beaffinitive.com Mon Nov 19 17:07:29 2007 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Mon, 19 Nov 2007 17:07:29 -0500 Subject: [nycphp-talk] Why is pass-by-reference deprecated? In-Reply-To: <00f401c82af3$4c79f660$a66411ac@c500> References: <00f401c82af3$4c79f660$a66411ac@c500> Message-ID: <4D9D011D-9C89-4F0D-B5F0-CCFD6B716FFB@beaffinitive.com> On Nov 19, 2007, at 4:29 PM, Ben Sgro (ProjectSkyLine) wrote: >>> Hello, >>> >>> Sorry to hijack, but I started thinking about something I read >>> for optimization of php. >>> >>> They stated, if you know your not going to make changes >>> to a variable, to send it to a function as reference, as to NOT >>> make a copy of it... >>> >> Going back to some very, very old threads on here, I though that >> copies were >> only made if the variable was changed. If the variable is not >> changed, I >> believe php is smart enough to reference, not copy, the variable. >> >> Cliff Yeah... you should reread this: http://www.php.net/references -- They updated it sometime in the last year or two. It's much more clear about how references work. Here are the highlights: "They are not like C pointers; instead, they are symbol table aliases." "Do not use return-by-reference to increase performance, the engine is smart enough to optimize this on its own. Only return references when you have a valid technical reason to do it!" Also, in php5 - when you assign an object: $a = new SomeClass(); $b = $a; $b is actually assigned by reference. Regular assignment of objects is always done by reference. If you want to make an actual copy, you have to use clone(): http://us2.php.net/manual/en/language.oop5.cloning.php From ajai at bitblit.net Mon Nov 19 18:05:35 2007 From: ajai at bitblit.net (Ajai Khattri) Date: Mon, 19 Nov 2007 18:05:35 -0500 (EST) Subject: [nycphp-talk] DOM XML questions Message-ID: Anyone here familiar with the DOM XML functions in PHP? Im running an XPath query on an XML document and I get back a list of DOM Elements which I can iterate through. Great. But want I really want to do it convert all of those tags into strings, concatenate them together and save them in a database. Looking at the DOM API, it looks like I can create a new a DomDocument, and then append child nodes to it before calling saveXML(). But how do I "cast" the DOM Element to DOM Nodes that appendChild() needs? -- Aj. From paul at devonianfarm.com Tue Nov 20 07:42:40 2007 From: paul at devonianfarm.com (Paul Houle) Date: Tue, 20 Nov 2007 07:42:40 -0500 Subject: [nycphp-talk] My first symfony site Message-ID: <4742D640.10707@devonianfarm.com> I just finished a small project with symfony at http://spoonriveranthology.net/ There are a lot of cool things about the site, such as a drag and drop editor for relationships between people, that are in an administrative interface that you can't see. Overall I like the symfony approach to things: I've got slightly different opinions about how to configure multiple site instances, but it's easy to reconcile my ideas with symfony's. I don't care for Propel ORM much -- in particular, Propel doesn't have good mechanisms for managing schema changes... Everything works OK if you never change your schema, but adding a plug-in after you've got data in your database may trash your database if you follow the instructions. I do like the idea, however, of putting my own methods on the ORM-generated classes. It can be a nice way to organize code. Doctrine ORM , however, looks like a dream. My next symfony project will use Doctrine, even though that means fewer plugins and builders will be available. Symfony's documentation is better than other PHP frameworks, but it's still in a place where I needed to look at the source code often to understand how things ~really~ work. That's unfortunate, because many of the people who need frameworks the most are people who'd be intimidated by the work to make them work. From jonbaer at jonbaer.com Tue Nov 20 10:52:05 2007 From: jonbaer at jonbaer.com (Jon Baer) Date: Tue, 20 Nov 2007 10:52:05 -0500 Subject: [nycphp-talk] My first symfony site In-Reply-To: <4742D640.10707@devonianfarm.com> References: <4742D640.10707@devonianfarm.com> Message-ID: Thanks for sharing your experience. The migrations technique looks extremely promising (and familiar :-) ... http://doctrine.pengus.net/index.php/documentation/manual?chapter=migration - Jon On Nov 20, 2007, at 7:42 AM, Paul Houle wrote: > I just finished a small project with symfony at > > http://spoonriveranthology.net/ > > There are a lot of cool things about the site, such as a drag and > drop editor for relationships between people, that are in an > administrative interface that you can't see. > > Overall I like the symfony approach to things: I've got slightly > different opinions about how to configure multiple site instances, > but it's easy to reconcile my ideas with symfony's. > > I don't care for Propel ORM much -- in particular, Propel doesn't > have good mechanisms for managing schema changes... Everything > works OK if you never change your schema, but adding a plug-in > after you've got data in your database may trash your database if > you follow the instructions. I do like the idea, however, of > putting my own methods on the ORM-generated classes. It can be a > nice way to organize code. > > Doctrine ORM , however, looks like a dream. My next symfony > project will use Doctrine, even though that means fewer plugins and > builders will be available. > > Symfony's documentation is better than other PHP frameworks, but > it's still in a place where I needed to look at the source code > often to understand how things ~really~ work. That's unfortunate, > because many of the people who need frameworks the most are people > who'd be intimidated by the work to make them work. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From ajai at bitblit.net Tue Nov 20 11:03:33 2007 From: ajai at bitblit.net (Ajai Khattri) Date: Tue, 20 Nov 2007 11:03:33 -0500 (EST) Subject: [nycphp-talk] My first symfony site In-Reply-To: <4742D640.10707@devonianfarm.com> Message-ID: On Tue, 20 Nov 2007, Paul Houle wrote: > Doctrine ORM , however, looks like a dream. My next symfony > project will use Doctrine, even though that means fewer plugins and > builders will be available. Yeah, migrations rock. > Symfony's documentation is better than other PHP frameworks, but > it's still in a place where I needed to look at the source code often to > understand how things ~really~ work. We've built two large sites with Symfony and I'd have to say my experience is the opposite. Between the docs, the wiki, the book, the mailing list, cookbook, forge and forums, symfony has a LOT of resources available. The book is especially good. -- Aj. From david at davidmintz.org Tue Nov 20 15:30:18 2007 From: david at davidmintz.org (David Mintz) Date: Tue, 20 Nov 2007 15:30:18 -0500 Subject: [nycphp-talk] can connect to MySQL from command line, but not from script Message-ID: <721f1cc50711201230j270b47fbs90e9b18507365fc7@mail.gmail.com> I just installed CentOS 5 and I need to connect to a MySQL server on another box. I can do it from the command line but not from PHP. These old scripts use PEAR DB. Thus: mysql -utestuser -psecret -hinterps2 test Your MySQL connection id is 20491 to server version: 5.0.17-standard-log mysql> But: getDebugInfo(); } else { echo "alleluyah\n" ; } Output: [nativecode=Can't connect to MySQL server on 'interps2' (13)] ** mysqli://testuser:secret at interps2/test I wish to hell it would tell me why not. Anyone have any ideas where to look for more information? Thanks, -- David Mintz http://davidmintz.org/ The subtle source is clear and bright The tributary streams flow through the darkness From david at davidmintz.org Tue Nov 20 15:34:07 2007 From: david at davidmintz.org (David Mintz) Date: Tue, 20 Nov 2007 15:34:07 -0500 Subject: [nycphp-talk] Re: can connect to MySQL from command line, but not from script In-Reply-To: <721f1cc50711201230j270b47fbs90e9b18507365fc7@mail.gmail.com> References: <721f1cc50711201230j270b47fbs90e9b18507365fc7@mail.gmail.com> Message-ID: <721f1cc50711201234g1c8b17e8h430da410724c5c21@mail.gmail.com> Wait a second. When invoked from the command line, PHP can do it: [root at interps1 test]# php test.php alleluyah But not when Apache runs same code -- ah, we have one of those SELinux issues, don't we? On Nov 20, 2007 3:30 PM, David Mintz wrote: > I just installed CentOS 5 and I need to connect to a MySQL server on > another box. I can do it from the command line but not from PHP. These > old scripts use PEAR DB. Thus: > > mysql -utestuser -psecret -hinterps2 test > > Your MySQL connection id is 20491 to server version: 5.0.17-standard-log > mysql> > > But: > require 'DB.php'; > $DSN = "mysqli://testuser:secret at interps2/test" ; > $db = DB::connect($DSN); > > if (PEAR::isError($db)) { > echo $db->getDebugInfo(); > } else { > echo "alleluyah\n" ; > } > > Output: > > [nativecode=Can't connect to MySQL server on 'interps2' (13)] ** > mysqli://testuser:secret at interps2/test > > I wish to hell it would tell me why not. Anyone have any ideas where > to look for more information? > > Thanks, > > -- > David Mintz > http://davidmintz.org/ > > The subtle source is clear and bright > The tributary streams flow through the darkness > -- David Mintz http://davidmintz.org/ The subtle source is clear and bright The tributary streams flow through the darkness From david at davidmintz.org Tue Nov 20 15:44:58 2007 From: david at davidmintz.org (David Mintz) Date: Tue, 20 Nov 2007 15:44:58 -0500 Subject: [nycphp-talk] Re: can connect to MySQL from command line, but not from script In-Reply-To: <721f1cc50711201234g1c8b17e8h430da410724c5c21@mail.gmail.com> References: <721f1cc50711201230j270b47fbs90e9b18507365fc7@mail.gmail.com> <721f1cc50711201234g1c8b17e8h430da410724c5c21@mail.gmail.com> Message-ID: <721f1cc50711201244x32c7772et86dff17b3197f485@mail.gmail.com> 'tail /var/log/messages' outputs the hot tip to run sealert which tells you flat out: '/usr/sbin/setsebool -P httpd_can_network_connect=1' Solved. You guys are the greatest!! (-: On Nov 20, 2007 3:34 PM, David Mintz wrote: > Wait a second. When invoked from the command line, PHP can do it: > > [root at interps1 test]# php test.php > alleluyah > > But not when Apache runs same code -- ah, we have one of those SELinux > issues, don't we? > > > On Nov 20, 2007 3:30 PM, David Mintz wrote: > > I just installed CentOS 5 and I need to connect to a MySQL server on > > another box. I can do it from the command line but not from PHP. These > > old scripts use PEAR DB. Thus: > > > > mysql -utestuser -psecret -hinterps2 test > > > > Your MySQL connection id is 20491 to server version: 5.0.17-standard-log > > mysql> > > > > But: > > > require 'DB.php'; > > $DSN = "mysqli://testuser:secret at interps2/test" ; > > $db = DB::connect($DSN); > > > > if (PEAR::isError($db)) { > > echo $db->getDebugInfo(); > > } else { > > echo "alleluyah\n" ; > > } > > > > Output: > > > > [nativecode=Can't connect to MySQL server on 'interps2' (13)] ** > > mysqli://testuser:secret at interps2/test > > > > I wish to hell it would tell me why not. Anyone have any ideas where > > to look for more information? > > > > Thanks, > > > > -- > > David Mintz > > http://davidmintz.org/ > > > > The subtle source is clear and bright > > The tributary streams flow through the darkness > > > > > > -- > David Mintz > http://davidmintz.org/ > > The subtle source is clear and bright > The tributary streams flow through the darkness > -- David Mintz http://davidmintz.org/ The subtle source is clear and bright The tributary streams flow through the darkness From ashaw at polymerdb.org Tue Nov 20 15:52:06 2007 From: ashaw at polymerdb.org (Allen Shaw) Date: Tue, 20 Nov 2007 14:52:06 -0600 Subject: [nycphp-talk] Re: can connect to MySQL from command line, but not from script In-Reply-To: <721f1cc50711201244x32c7772et86dff17b3197f485@mail.gmail.com> References: <721f1cc50711201230j270b47fbs90e9b18507365fc7@mail.gmail.com> <721f1cc50711201234g1c8b17e8h430da410724c5c21@mail.gmail.com> <721f1cc50711201244x32c7772et86dff17b3197f485@mail.gmail.com> Message-ID: <474348F6.2070706@polymerdb.org> David Mintz wrote: > Solved. You guys are the greatest!! (-: > Always happy to help, David. - A. -- Allen Shaw slidePresenter (http://slides.sourceforge.net) From rmarscher at beaffinitive.com Tue Nov 20 21:48:53 2007 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Tue, 20 Nov 2007 21:48:53 -0500 Subject: [nycphp-talk] DOM XML questions In-Reply-To: References: Message-ID: <741811D2-8098-4511-BBD3-621177662F8B@beaffinitive.com> On Nov 19, 2007, at 6:05 PM, Ajai Khattri wrote: > Anyone here familiar with the DOM XML functions in PHP? ...snip... > But how do I "cast" the DOM Element to DOM Nodes that appendChild() > needs? Not sure you'd want to consider this... but I've found the SimpleXML library *much* easier to work with than the DOM XML. Can you use php5? http://php.net/simplexml For DOM XML though... from looking at the documentation, it looks like DOM Element extends from DOM Node, so I think passing a DOM Element to appendChild() should work. Do you get an error when you try to do that? -Rob From birgunjp0071 at yahoo.com Wed Nov 21 00:43:42 2007 From: birgunjp0071 at yahoo.com (birgunj birgunj) Date: Tue, 20 Nov 2007 21:43:42 -0800 (PST) Subject: [nycphp-talk] Need About creating search In-Reply-To: <741811D2-8098-4511-BBD3-621177662F8B@beaffinitive.com> Message-ID: <651620.64882.qm@web59301.mail.re1.yahoo.com> Dear All, i am making website using php and mysql.i want to add search option in mysite so that when user search ,it search my entire site and display the result with respective page? i have no exprience about creating search.if anybody has any idea or article or material ,please share with me.please send me every step because i have no exprince about creating search. thanks to all in advance. --------------------------------- Never miss a thing. Make Yahoo your homepage. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ramons at gmx.net Wed Nov 21 06:43:24 2007 From: ramons at gmx.net (David Krings) Date: Wed, 21 Nov 2007 06:43:24 -0500 Subject: [nycphp-talk] Need About creating search In-Reply-To: <651620.64882.qm@web59301.mail.re1.yahoo.com> References: <651620.64882.qm@web59301.mail.re1.yahoo.com> Message-ID: <474419DC.7060907@gmx.net> birgunj birgunj wrote: > Dear All, > > i am making website using php and mysql.i want to add search option in > mysite so that when user search ,it search my entire site and display > the result with respective page? > > i have no exprience about creating search.if anybody has any idea or > article or material ,please share with me.please send me every step > because i have no exprince about creating search. You want to use something else and not make it from scratch (unless you insist). I made great experience with swish-e, see http://swish-e.org/ I let the indexer run on a cron job and wrapped the search display option in PHP scripts. You can get quite a bit of info and make the results look like those shown from web search sites. The nice thing is that swish-e even indexes PDFs and other text document files as long as it has a chance of reading them. David From urb at e-government.com Wed Nov 21 08:41:05 2007 From: urb at e-government.com (Urb LeJeune) Date: Wed, 21 Nov 2007 08:41:05 -0500 Subject: [nycphp-talk] Need About creating search In-Reply-To: <474419DC.7060907@gmx.net> References: <651620.64882.qm@web59301.mail.re1.yahoo.com> <474419DC.7060907@gmx.net> Message-ID: <7.0.1.0.2.20071121083836.029bee30@e-government.com> >>i have no exprience about creating search.if anybody has any idea >>or article or material ,please share with me.please send me every >>step because i have no exprince about creating search. Look into Atomz.com. It free for non-commercial applications. There are sponsored links but they can be eliminated and also used for commercial sites for $80/year. Nice reporting and a weekly activity report is emailed to the administrator. Speaking of Atomz, has anyone had experience with customizing the search results? Urb Dr. Urban A. LeJeune, President E-Government.com 800-204-9545 From urb at e-government.com Wed Nov 21 09:33:14 2007 From: urb at e-government.com (Urb LeJeune) Date: Wed, 21 Nov 2007 09:33:14 -0500 Subject: [nycphp-talk] Why is pass-by-reference deprecated? In-Reply-To: <00dc01c82af1$9ce6b770$a66411ac@c500> References: <00dc01c82af1$9ce6b770$a66411ac@c500> Message-ID: <7.0.1.0.2.20071121092720.031b3ac8@e-government.com> >They stated, if you know your not going to make changes >to a variable, to send it to a function as reference, as to NOT >make a copy of it... There are two types of calls. 1. Call by value 2. Call by reference Unless PHP does things differently than any other language that I have ever used, when a function is call with call by value reference a local copy is made for every variable. You can change the value of the local variable and the value of the variable in the calling portion of the program does not change. On the other hand, with a call by reference the address of the variable is passed, not the value(s) of that variable or array. Using call by reference there is no local copy of the value(s) in the function. If you're passing a large array there is slight increase in efficiency when passing by reference because the function does not have to make a second copy of the array and clean up and reallocate the memory at the end of the function. By convention I always pass array function arguments using a call be reference. >Is this really worthwhile? > >func($a) >{ > echo $a; >} > >VS > >func(& $a) >{ > echo $a; >} > >- Ben > >----- Original Message ----- From: "Cliff Hirsch" >To: "NYPHP Talk" >Sent: Monday, November 19, 2007 3:01 PM >Subject: Re: [nycphp-talk] Why is pass-by-reference deprecated? > > >On 11/19/07 1:27 PM, "Gary Mort" wrote: >>Cliff Hirsch wrote: >>>The php manual says: >>>?In recent versions of PHP you will get a warning saying that >>>"Call-time pass-by-reference" is deprecated when you use a & in foo(&$a);? >>>Why is this? Besides being ugly, difficult to understand and not very >>>elegant, is there any reason technical reason why this is deprecated? >>Because if you declare it in the function: >>function foo(&$mya) { >>} >> >>Than you have told PHP that whenever this function is used, variables >>should be passed by reference and not copied. >> >>So the thinking is, you should know ahead of time whether or not you >>want to pass by reference or pass a copy, and not decide to do it at the >>time you call your code. >> >>IE, don't do: >>foo(&$a); > >Ah, I got it. Pass-by-reference in the function call is what's depricated. >As in foo(&$a); (as you noted above). > >Pass-by-reference in the function definition is not depricated. As in >public function Thefunction(&$varref) { >} > >Still ugly and error prone compared to clean oop, but passing objects around >is sort of the same thing and infinitely more confusing. > > >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk > >NYPHPCon 2006 Presentations Online >http://www.nyphpcon.com > >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk > >NYPHPCon 2006 Presentations Online >http://www.nyphpcon.com > >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php Urb Dr. Urban A. LeJeune, President E-Government.com 800-204-9545 From tedd at sperling.com Wed Nov 21 12:16:39 2007 From: tedd at sperling.com (tedd) Date: Wed, 21 Nov 2007 12:16:39 -0500 Subject: [nycphp-talk] Need About creating search In-Reply-To: <651620.64882.qm@web59301.mail.re1.yahoo.com> References: <651620.64882.qm@web59301.mail.re1.yahoo.com> Message-ID: At 9:43 PM -0800 11/20/07, birgunj birgunj wrote: >Dear All, > >i am making website using php and mysql.i want to add search option >in mysite so that when user search ,it search my entire site and >display the result with respective page? > >i have no exprience about creating search.if anybody has any idea or >article or material ,please share with me.please send me every step >because i have no exprince about creating search. With that said, try this: http://sperling.com/examples/search/ It's FAR easier and you don't need to do much but add a little bit of html in your code. Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From chsnyder at gmail.com Wed Nov 21 12:44:05 2007 From: chsnyder at gmail.com (csnyder) Date: Wed, 21 Nov 2007 12:44:05 -0500 Subject: [nycphp-talk] Need About creating search In-Reply-To: <474419DC.7060907@gmx.net> References: <651620.64882.qm@web59301.mail.re1.yahoo.com> <474419DC.7060907@gmx.net> Message-ID: On Nov 21, 2007 6:43 AM, David Krings wrote: > > You want to use something else and not make it from scratch (unless you > insist). > If you _do_ insist, or you have some reason why third-party solutions won't work, the simplest search accepts a single term and looks it up using wildcards and the LIKE comparator: $safe_q = mysql_real_escape_string( $_GET['q'] ); $query = "SELECT * FROM pages WHERE title LIKE '%{$safe_q}%' OR content LIKE '%{$safe_q}%' "; In many applications this pattern is sufficient for users to find what they need. It breaks down when searching hundreds of thousands of rows, or if you need boolean searches (search for foo or bar) or some other sort of advanced search functionality like stemming. -- Chris Snyder http://chxo.com/ From chuck at horde.org Wed Nov 21 13:03:31 2007 From: chuck at horde.org (Chuck Hagenbuch) Date: Wed, 21 Nov 2007 13:03:31 -0500 Subject: [nycphp-talk] Why is pass-by-reference deprecated? In-Reply-To: <7.0.1.0.2.20071121092720.031b3ac8@e-government.com> References: <00dc01c82af1$9ce6b770$a66411ac@c500> <7.0.1.0.2.20071121092720.031b3ac8@e-government.com> Message-ID: <20071121130331.194433r03rrc5usk@technest.org> Quoting Urb LeJeune : > There are two types of calls. > > 1. Call by value > 2. Call by reference > > Unless PHP does things differently than any other language that > I have ever used Apparently it does. You should read up on reference counting, which is what PHP does in most situations (for example, objects in PHP 5 are pass-by-reference always) for pass-by-value. Nothing is copied unless you actually change the value. This makes pass-by-reference actually slightly _slower_ in some cases when you are passing an array into a function where you will not change the array. -chuck From 1j0lkq002 at sneakemail.com Wed Nov 21 13:42:33 2007 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Wed, 21 Nov 2007 10:42:33 -0800 Subject: [nycphp-talk] Need About creating search In-Reply-To: References: <651620.64882.qm@web59301.mail.re1.yahoo.com> <474419DC.7060907@gmx.net> Message-ID: <32655-99257@sneakemail.com> csnyder chsnyder-at-gmail.com |nyphp dev/internal group use| wrote: >On Nov 21, 2007 6:43 AM, David Krings wrote: > > >>You want to use something else and not make it from scratch (unless you >>insist). >> >> >> > >If you _do_ insist, or you have some reason why third-party solutions >won't work, the simplest search accepts a single term and looks it up >using wildcards and the LIKE comparator: > >$safe_q = mysql_real_escape_string( $_GET['q'] ); >$query = "SELECT * FROM pages WHERE title LIKE '%{$safe_q}%' OR >content LIKE '%{$safe_q}%' "; > >In many applications this pattern is sufficient for users to find what >they need. > >It breaks down when searching hundreds of thousands of rows, or if you >need boolean searches (search for foo or bar) or some other sort of >advanced search functionality like stemming. > > > and if this is for your own project where you care more about satisfying the user than meeting the specifications ;-) run a commercial app like Atomz (very easy to set up) for a period of time to learn your customer search behavior. Of course it depends on your site, but for many sites there is a core set of search terms that repeat over and over and over. Those represent a core search need, of course, but also opportunity -- people are looking for those things consistently. Use that information to improve the internal navigation of your site, as appropriate. Also create a set of core "info about this" pages for those terms, linked through from the sitemap or table of contents or help page, to guide those searchers exactly where you want them. Expose those "search term index" pages to search engines as well, because they will be highly relevant for their target terms and can bring you even more targeted visitors for those terms. Note that Google specifically excluses "search results pages" via their guidelines, but hand-crafted indexed pages as I describe are perfectly "legal". I remind myself at this point that "guide them where you want them" is not always the same as "give them a direct path to where those words appear on the site". Search sends them where the words appear. I send them where the message of the web site is communicated most effectively to those users searching for those terms. Like a good search engine would ;-) Atomz provides a customization feature that allows you to accomplish this goal within their system 9and so does Google's site search product). I have found the third-party dependence unnecessary for most projects. For forums and highly-dynamic sites that need to be searched, Atromz is great but gets pricey quickly as page views increase (everybody needs to make a living). I have used Atomz since they launched almost ten years ago... and I now know someone involved with the project. Always quality, but as I said it is a busienss and there is always a thrid-party dependency as businesses adapt to met their revenue needs. Hope that helps . -=john ------------------------------------------------------------- Your web server traffic log file is the most important source of web business information available. Do you know where your logs are right now? Do you know who else has access to your log files? When they were last archived? Where those archives are? --John Andrews Competitive Webmaster and SEO Blogging at http://www.johnon.com From ramons at gmx.net Wed Nov 21 15:21:37 2007 From: ramons at gmx.net (David Krings) Date: Wed, 21 Nov 2007 15:21:37 -0500 Subject: [nycphp-talk] Need About creating search In-Reply-To: References: <651620.64882.qm@web59301.mail.re1.yahoo.com> <474419DC.7060907@gmx.net> Message-ID: <47449351.8090404@gmx.net> csnyder wrote: > On Nov 21, 2007 6:43 AM, David Krings wrote: >> You want to use something else and not make it from scratch (unless you >> insist). >> > > If you _do_ insist, or you have some reason why third-party solutions > won't work, the simplest search accepts a single term and looks it up > using wildcards and the LIKE comparator: > > $safe_q = mysql_real_escape_string( $_GET['q'] ); > $query = "SELECT * FROM pages WHERE title LIKE '%{$safe_q}%' OR > content LIKE '%{$safe_q}%' "; > > In many applications this pattern is sufficient for users to find what > they need. > > It breaks down when searching hundreds of thousands of rows, or if you > need boolean searches (search for foo or bar) or some other sort of > advanced search functionality like stemming. > But isn't the original request about searching pages on a site? That would mean adding all page content into a db table, unless some keyword tagging for individual pages is employed. For a search function like this I'd use the database maybe to store some statistics about the entered search terms, but not for searching the pages themselves. David From adlermedrado at gmail.com Wed Nov 21 17:06:32 2007 From: adlermedrado at gmail.com (Adler Medrado) Date: Wed, 21 Nov 2007 20:06:32 -0200 Subject: [nycphp-talk] XML Security Message-ID: Does anyone know something like Apache Xml Security for PHP? Thanks. -- adler medrado Consultor http://www.neshertech.net/adler -------------- next part -------------- An HTML attachment was scrubbed... URL: From paulcheung at tiscali.co.uk Wed Nov 21 17:13:02 2007 From: paulcheung at tiscali.co.uk (PaulCheung) Date: Wed, 21 Nov 2007 22:13:02 -0000 Subject: [nycphp-talk] Passing info entered into HTML FORMS into SESSIONvariables. References: <001601c82a1b$5699c220$0300a8c0@X9183> <4740A874.9060402@nyphp.com> Message-ID: <000d01c82c8b$aeeeeff0$0300a8c0@X9183> Thanks Micheal, I did try everything you have mentioned and have isolated and proved the problem to be something to do with the HTML form. For some odd reason, as an enduser, it allows me to enter the info. however when I hit "submit" it never passes any information. It is a though nothing was ever entered. In order to establish where the problem lay I hardcoded some dummy values and without any problems was able to pass the information across as SESSION information. ----- Original Message ----- From: "Michael Southwell" To: "NYPHP Talk" Sent: Sunday, November 18, 2007 9:02 PM Subject: Re: [nycphp-talk] Passing info entered into HTML FORMS into SESSIONvariables. > PaulCheung wrote: >> $t = $row['data']; $u = $row['result']; $v = $row['note']; > > How are you populating the $row array? I would have expected this to be: > $t = $_POST['data']; > Doing it this way you should have no problem. And by the way, you don't > need the $t etc variables unless you are using them elsewhere. That would > make it this: > $_SESSION['data'] = $_POST['data']; > > -- > ================= > Michael Southwell > Vice President, Education > NYPHP TRAINING: http://nyphp.com/Training/Indepth > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From ben at projectskyline.com Wed Nov 21 18:33:30 2007 From: ben at projectskyline.com (Ben Sgro (ProjectSkyLine)) Date: Wed, 21 Nov 2007 18:33:30 -0500 Subject: [nycphp-talk] [OT] Happy Holidays Message-ID: <000801c82c96$ed1545d0$6401a8c0@gamebox> As the subject states, "Happy Holidays" to all! - Ben Ben Sgro, President ProjectSkyLine - Defining New Horizons +1 718.487.9368 (N.Y. Office) Our company: www.projectskyline.com Our products: www.project-contact.com This e-mail is confidential information intended only for the use of the individual to whom it is addressed. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jonbaer at jonbaer.com Wed Nov 21 20:42:27 2007 From: jonbaer at jonbaer.com (Jon Baer) Date: Wed, 21 Nov 2007 20:42:27 -0500 Subject: [nycphp-talk] XML Security In-Reply-To: References: Message-ID: There was suppose to be a full wrapper for XMLSec (C lib) that was presented 2 years ago @ PHP|works ... http://www.aleksey.com/xmlsec/ http://www.cdatazone.org/files/xmlseclibs.phps This is all explained in Pro PHP XML and Web Services (Apress) - Jon On Nov 21, 2007, at 5:06 PM, Adler Medrado wrote: > Does anyone know something like Apache Xml Security for PHP? > > Thanks. > > -- > adler medrado > > Consultor > http://www.neshertech.net/adler > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From jonbaer at jonbaer.com Wed Nov 21 20:52:11 2007 From: jonbaer at jonbaer.com (Jon Baer) Date: Wed, 21 Nov 2007 20:52:11 -0500 Subject: [nycphp-talk] Need About creating search In-Reply-To: <47449351.8090404@gmx.net> References: <651620.64882.qm@web59301.mail.re1.yahoo.com> <474419DC.7060907@gmx.net> <47449351.8090404@gmx.net> Message-ID: Build an index with Zend_Search_Lucene http://framework.zend.com/manual/en/zend.search.lucene.html It would be *really* nice to see Zend build a direct DB full-text relation to index scheme that makes indexing easier so you don't have to add your documents manually. @ MySQL camp the consensus was that if you need fine tuning on your full text search, "use Lucene" ... - Jon On Nov 21, 2007, at 3:21 PM, David Krings wrote: > csnyder wrote: >> On Nov 21, 2007 6:43 AM, David Krings wrote: >>> You want to use something else and not make it from scratch >>> (unless you >>> insist). >>> >> If you _do_ insist, or you have some reason why third-party solutions >> won't work, the simplest search accepts a single term and looks it up >> using wildcards and the LIKE comparator: >> $safe_q = mysql_real_escape_string( $_GET['q'] ); >> $query = "SELECT * FROM pages WHERE title LIKE '%{$safe_q}%' OR >> content LIKE '%{$safe_q}%' "; >> In many applications this pattern is sufficient for users to find >> what >> they need. >> It breaks down when searching hundreds of thousands of rows, or if >> you >> need boolean searches (search for foo or bar) or some other sort of >> advanced search functionality like stemming. > > But isn't the original request about searching pages on a site? That > would mean adding all page content into a db table, unless some > keyword tagging for individual pages is employed. For a search > function like this I'd use the database maybe to store some > statistics about the entered search terms, but not for searching the > pages themselves. > > David > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From birgunjp0071 at yahoo.com Thu Nov 22 00:41:43 2007 From: birgunjp0071 at yahoo.com (birgunj birgunj) Date: Wed, 21 Nov 2007 21:41:43 -0800 (PST) Subject: [nycphp-talk] Need Help About creating search In-Reply-To: Message-ID: <700066.64360.qm@web59303.mail.re1.yahoo.com> Dear All, i did not understand how to use this ? please if anybody has any simple example about search,please give me link or share with us.i am beginer so please send me material for beginer.i want to use the search in my local site? how do i use this in my local site? Jon Baer wrote: Build an index with Zend_Search_Lucene http://framework.zend.com/manual/en/zend.search.lucene.html It would be *really* nice to see Zend build a direct DB full-text relation to index scheme that makes indexing easier so you don't have to add your documents manually. @ MySQL camp the consensus was that if you need fine tuning on your full text search, "use Lucene" ... - Jon On Nov 21, 2007, at 3:21 PM, David Krings wrote: > csnyder wrote: >> On Nov 21, 2007 6:43 AM, David Krings wrote: >>> You want to use something else and not make it from scratch >>> (unless you >>> insist). >>> >> If you _do_ insist, or you have some reason why third-party solutions >> won't work, the simplest search accepts a single term and looks it up >> using wildcards and the LIKE comparator: >> $safe_q = mysql_real_escape_string( $_GET['q'] ); >> $query = "SELECT * FROM pages WHERE title LIKE '%{$safe_q}%' OR >> content LIKE '%{$safe_q}%' "; >> In many applications this pattern is sufficient for users to find >> what >> they need. >> It breaks down when searching hundreds of thousands of rows, or if >> you >> need boolean searches (search for foo or bar) or some other sort of >> advanced search functionality like stemming. > > But isn't the original request about searching pages on a site? That > would mean adding all page content into a db table, unless some > keyword tagging for individual pages is employed. For a search > function like this I'd use the database maybe to store some > statistics about the entered search terms, but not for searching the > pages themselves. > > David > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php --------------------------------- Be a better pen pal. Text or chat with friends inside Yahoo! Mail. See how. -------------- next part -------------- An HTML attachment was scrubbed... URL: From davidalanroth at gmail.com Thu Nov 22 02:51:34 2007 From: davidalanroth at gmail.com (David A. Roth) Date: Thu, 22 Nov 2007 02:51:34 -0500 Subject: [nycphp-talk] Off: Using VPN, but how to still connect to your LAN printer on Windows XP. Message-ID: <19C43BB9-5B53-408B-B2BF-E7B27D9D736F@gmail.com> When using VPN on a Windows XP to work remotely to a corporate intranet, it won't acknowledge the printer on the LAN which has an IP address such as 192.168.1.xxx. Once it is connected through VPN to the corporate intranet, it can only see the printers in the remote office. Is there a way to configure Windows XP when its in this VPN remote state so that it can print to a printer on the local area network? Thanks in advance, and Happy Thanksgiving! David Roth davidalanroth at gmail.com From bz-gmort at beezifies.com Thu Nov 22 08:29:11 2007 From: bz-gmort at beezifies.com (Gary Mort) Date: Thu, 22 Nov 2007 08:29:11 -0500 Subject: [nycphp-talk] Off: Using VPN, but how to still connect to your LAN printer on Windows XP. In-Reply-To: <19C43BB9-5B53-408B-B2BF-E7B27D9D736F@gmail.com> References: <19C43BB9-5B53-408B-B2BF-E7B27D9D736F@gmail.com> Message-ID: <47458427.5040706@beezifies.com> David A. Roth wrote: > When using VPN on a Windows XP to work remotely to a corporate > intranet, it won't acknowledge the printer on the LAN which has an IP > address such as 192.168.1.xxx. Once it is connected through VPN to the > corporate intranet, it can only see the printers in the remote office. > Is there a way to configure Windows XP when its in this VPN remote > state so that it can print to a printer on the local area network? > My guess would be that your corporate WAN is using the same 192.168.1.xxx numbering scheme. Or worse, 192.168.xxx.xxx Try switching your local lan to 192.168.129.x instead. If that doesn't work, try either 172.16.x.x From bz-gmort at beezifies.com Thu Nov 22 08:34:02 2007 From: bz-gmort at beezifies.com (Gary Mort) Date: Thu, 22 Nov 2007 08:34:02 -0500 Subject: [nycphp-talk] Pass-by-value and lazy copy In-Reply-To: <7.0.1.0.2.20071121092720.031b3ac8@e-government.com> References: <00dc01c82af1$9ce6b770$a66411ac@c500> <7.0.1.0.2.20071121092720.031b3ac8@e-government.com> Message-ID: <4745854A.9000407@beezifies.com> So, in the pass by reference talk, it was pointed out that if you do: $a = 100; $b = 100; // At this point in time, $a and $b are still using the same memory to store their data $b=50; // Now b is assigned it's own memory area since it changed the data How does this work with objects? For example: $a->foo = "Foo"; $a->foobar = "Foobar"; $b = $a; // at this point in time, their using the same memory location for their variables $b->foobar="New Foobar"; // Is the entire object for $b copied to a new memory location, or is just $b->foobar given it's own memory? From tedd at sperling.com Thu Nov 22 09:49:56 2007 From: tedd at sperling.com (tedd) Date: Thu, 22 Nov 2007 09:49:56 -0500 Subject: [nycphp-talk] Need Help About creating search In-Reply-To: <700066.64360.qm@web59303.mail.re1.yahoo.com> References: <700066.64360.qm@web59303.mail.re1.yahoo.com> Message-ID: At 9:41 PM -0800 11/21/07, birgunj birgunj wrote: >Dear All, > >i did not understand how to use this ? please if anybody has any >simple example about search,please give me link or share with us.i >am beginer so please send me material for beginer.i want to use the >search in my local site? how do i use this in my local site? Again: http://sperling.com/examples/search/ tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From tedd at sperling.com Thu Nov 22 09:54:11 2007 From: tedd at sperling.com (tedd) Date: Thu, 22 Nov 2007 09:54:11 -0500 Subject: [nycphp-talk] Passing info entered into HTML FORMS into SESSIONvariables. In-Reply-To: <000d01c82c8b$aeeeeff0$0300a8c0@X9183> References: <001601c82a1b$5699c220$0300a8c0@X9183> <4740A874.9060402@nyphp.com> <000d01c82c8b$aeeeeff0$0300a8c0@X9183> Message-ID: At 10:13 PM +0000 11/21/07, PaulCheung wrote: >Thanks Micheal, > >I did try everything you have mentioned and have isolated and proved >the problem to be something to do with the HTML form. For some odd >reason, as an enduser, it allows me to enter the info. however when >I hit "submit" it never passes any information. It is a though >nothing was ever entered. In order to establish where the problem >lay I hardcoded some dummy values and without any problems was able >to pass the information across as SESSION information. Show your code. Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From jonbaer at jonbaer.com Thu Nov 22 10:17:32 2007 From: jonbaer at jonbaer.com (Jon Baer) Date: Thu, 22 Nov 2007 10:17:32 -0500 Subject: [nycphp-talk] Need Help About creating search In-Reply-To: References: <700066.64360.qm@web59303.mail.re1.yahoo.com> Message-ID: <8F890F30-639D-49A5-B534-7F70F6E16A4D@jonbaer.com> Or let our friend Google handle it all ... http://www.google.com/coop/cse/ - Jon On Nov 22, 2007, at 9:49 AM, tedd wrote: > At 9:41 PM -0800 11/21/07, birgunj birgunj wrote: >> Dear All, >> >> i did not understand how to use this ? please if anybody has any >> simple example about search,please give me link or share with us.i >> am beginer so please send me material for beginer.i want to use the >> search in my local site? how do i use this in my local site? > > Again: > > http://sperling.com/examples/search/ > > tedd > -- > ------- > http://sperling.com http://ancientstones.com http://earthstones.com > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From ramons at gmx.net Thu Nov 22 10:41:24 2007 From: ramons at gmx.net (David Krings) Date: Thu, 22 Nov 2007 10:41:24 -0500 Subject: [nycphp-talk] Off: Using VPN, but how to still connect to your LAN printer on Windows XP. In-Reply-To: <19C43BB9-5B53-408B-B2BF-E7B27D9D736F@gmail.com> References: <19C43BB9-5B53-408B-B2BF-E7B27D9D736F@gmail.com> Message-ID: <4745A324.3040609@gmx.net> David A. Roth wrote: > When using VPN on a Windows XP to work remotely to a corporate intranet, > it won't acknowledge the printer on the LAN which has an IP address such > as 192.168.1.xxx. Once it is connected through VPN to the corporate > intranet, it can only see the printers in the remote office. Is there a > way to configure Windows XP when its in this VPN remote state so that it > can print to a printer on the local area network? > > Thanks in advance, and Happy Thanksgiving! My guess is that this is by design. You hook remotely into a different network. That network has no idea what you got at home (which is a good thing!). So, if you need to print something, I'd transfer the file over to your local machine and print from there. The local system should still know about your printer. If you need to print from an application, you may want to look at the documentation for the VPN client if there is a way to redirect the print output to a local printer. David From paul at devonianfarm.com Thu Nov 22 16:56:21 2007 From: paul at devonianfarm.com (Paul Houle) Date: Thu, 22 Nov 2007 16:56:21 -0500 Subject: [nycphp-talk] Pass-by-value and lazy copy In-Reply-To: <4745854A.9000407@beezifies.com> References: <00dc01c82af1$9ce6b770$a66411ac@c500> <7.0.1.0.2.20071121092720.031b3ac8@e-government.com> <4745854A.9000407@beezifies.com> Message-ID: <4745FB05.6060107@devonianfarm.com> Gary Mort wrote: > How does this work with objects? For example: > > $a->foo = "Foo"; > $a->foobar = "Foobar"; > > $b = $a; > // at this point in time, their using the same memory location for > their variables > > $b->foobar="New Foobar"; > // Is the entire object for $b copied to a new memory location, or is > just $b->foobar given it's own memory? Good question. This is different in PHP 4 and PHP 5 -- in fact, I think this is the most important difference between the versions. The "=" operator copies objects in PHP 4 (they behave like numbers, strings, etc.), but it copies references to objects in PHP 5. Modern OO languages such as Java, Python and Ruby work like PHP 5. The PHP 5 behavior works much better for building big object oriented systems -- it's much better when you put objects together to build bigger systems, particularly when you end up with circular relationships between them. To take an example, imagine we have some code that looks like $a=new ClassA(); $b=new ClassB($a); Now, the definition of classB looks like: class ClassB { function ClassB($a) { $this->a= $a }; function zapA() { $this->a->zapA(); } } In PHP 5, the $a that's inside $b and the $a in the other scope are the same object. So if I write $b->zapA(); if ($a->wasZapped()) { print "A got zapped"; } else { print "A was not zapped"; } It's going to print "A got zapped". That is, I can do something to $a inside $b, and everbody else sees the change. In PHP4, the $a inside ClassB is $b's private copy, $b->$a gets zapped, but the original $a does not get zapped, so it prints "A was not zapped." PHP4 really breaks down when your objects start to have circular relationships -- something that happens when your code reaches a certain level of complexity... For instance, when you're working with frameworks. Circular relationships aren't really circular if $a points to $b, but $b has a different copy of $a, say $a1. PHP 4 is treacherous, because things will work the way you want much of time, but not always... You'll end up with real head-scratcher bugs. By using the '&' operator in function calls and in assigments, you can get PHP 4 to behave a lot like PHP 5, but weird things will happen if you miss using '&' even once. From adlermedrado at gmail.com Fri Nov 23 11:59:10 2007 From: adlermedrado at gmail.com (Adler Medrado) Date: Fri, 23 Nov 2007 14:59:10 -0200 Subject: [nycphp-talk] XML Security In-Reply-To: References: Message-ID: Thank you Jon. 2007/11/21, Jon Baer : > > There was suppose to be a full wrapper for XMLSec (C lib) that was > presented 2 years ago @ PHP|works ... > > http://www.aleksey.com/xmlsec/ > http://www.cdatazone.org/files/xmlseclibs.phps > > This is all explained in Pro PHP XML and Web Services (Apress) > > - Jon > > On Nov 21, 2007, at 5:06 PM, Adler Medrado wrote: > > > Does anyone know something like Apache Xml Security for PHP? > > > > Thanks. > > > > -- > > adler medrado > > > > Consultor > > http://www.neshertech.net/adler > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- adler medrado Consultor http://www.neshertech.net/adler -------------- next part -------------- An HTML attachment was scrubbed... URL: From max at neuropunks.org Fri Nov 23 17:06:02 2007 From: max at neuropunks.org (Max Gribov) Date: Fri, 23 Nov 2007 17:06:02 -0500 Subject: [nycphp-talk] Off: Using VPN, but how to still connect to your LAN printer on Windows XP. In-Reply-To: <19C43BB9-5B53-408B-B2BF-E7B27D9D736F@gmail.com> References: <19C43BB9-5B53-408B-B2BF-E7B27D9D736F@gmail.com> Message-ID: <47474ECA.3020000@neuropunks.org> David A. Roth wrote: > When using VPN on a Windows XP to work remotely to a corporate > intranet, it won't acknowledge the printer on the LAN which has an IP > address such as 192.168.1.xxx. Once it is connected through VPN to the > corporate intranet, it can only see the printers in the remote office. > Is there a way to configure Windows XP when its in this VPN remote > state so that it can print to a printer on the local area network? > Hey David, It may be that your VPN changes your dns servers. Can you ping the printer on your local net by ip address when you're on vpn?.. Other than that, no idea.. Windows sucks : P > Thanks in advance, and Happy Thanksgiving! > > David Roth > davidalanroth at gmail.com > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From danielc at analysisandsolutions.com Sat Nov 24 19:15:11 2007 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sat, 24 Nov 2007 19:15:11 -0500 Subject: [nycphp-talk] Pass-by-value and lazy copy In-Reply-To: <4745854A.9000407@beezifies.com> References: <00dc01c82af1$9ce6b770$a66411ac@c500> <7.0.1.0.2.20071121092720.031b3ac8@e-government.com> <4745854A.9000407@beezifies.com> Message-ID: <20071125001511.GA14806@panix.com> Hi Gary: On Thu, Nov 22, 2007 at 08:34:02AM -0500, Gary Mort wrote: > So, in the pass by reference talk, it was pointed out that if you do: > > $a = 100; > $b = 100; > // At this point in time, $a and $b are still using the same memory to > store their data Nope. They have two separate memory assignments. But they'll be the same if you do the following: $a = 100; $b = $a; --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From tsinagra at gmail.com Sat Nov 24 20:42:30 2007 From: tsinagra at gmail.com (Todd Sinagra) Date: Sat, 24 Nov 2007 20:42:30 -0500 Subject: [nycphp-talk] Consuming a .NET Web Service with PHP Message-ID: <8c3fe96a0711241742ie66b343w734bf4d2cc655cbb@mail.gmail.com> I am trying to consume a .NET Web Service for M/S Dynamics GP (which used to be Great Plains) and I just can't seem to get it working. I have contacted M/S Dynamics support about my problem and they tell me PHP is not supported use C#. So if anyone could please help it would be greatly appreciated. Every time I run this bit of code, trying to use the GetCustomerByKey method: 'loginid', 'password' => 'pwd', 'trace' => TRUE, 'exceptions' => TRUE); $wsdl = 'http://nabacct01/DynamicsGPWebServices/DynamicsGPService.asmx?WSDL'; $client = new SoapClient ($wsdl, $options); try { $key = array('key' => array('Id' => 'ACETRAVEL')); $company_key = array('Id' => -1); $context = array('Context' => array('CurrencyType' => 'Local', 'OrganizationKey' => $company_key, 'CultureName' => 'en-US')); $param = array_merge($key, $context); //echo "
";print_r($param);echo "

";//exit; echo "
";print_r($key);echo "

";//exit; echo "
";print_r($context);echo "

";//exit; echo "
";print_r($param);echo "

";//exit; $res = $client->GetCustomerByKey($param); } catch(SoapFault $soapFault) { echo htmlentities($soapFault); } echo '
'; echo "
";
echo "Request :
".htmlspecialchars($client->__getLastRequest()) ."
"; echo "
"; echo "
";
echo "Response:
".htmlspecialchars($client->__getLastResponse())."
"; echo "
"; ?> I get this SoapFault exception: SoapFault exception: [soap:Client] Server was unable to read request. ---> There is an error in XML document (2, 294). ---> The specified type is abstract: name='OrganizationKey', namespace='http://schemas.microsoft.com/dynamics/2006/01', at . in /home/enc/www/bancard/gp/simple.php:27 Stack trace: #0 [internal function]: SoapClient->__call('GetCustomerByKe...', Array) #1 /home/enc/www/bancard/gp/simple.php(27): SoapClient->GetCustomerByKey(Array) #2 {main} Here are the SOAP request and response that I get when calling the Web Server by outputting the __getLastRequest and __getLastResponse. Request: ACETRAVEL en-USLocal Response: soap:ClientServer was unable to read request. ---> There is an error in XML document (2, 294). ---> The specified type is abstract: name='OrganizationKey', namespace='http://schemas.microsoft.com/dynamics/2006/01', at <OrganizationKey xmlns='http://schemas.microsoft.com/dynamics/2006/01'>. Due to the size of the WSDL and other docs, information I have included links to them below. -- Dynamics GP WSDL http://sinagra.org/gp/DynamicsGPService.WSDL -- Dynamics Soap Response and Request http://sinagra.org/gp/GetCustomerByKey.asmx.html -- SoapClient->__getFunctions() http://sinagra.org/gp/get_functions.php.html -- SoapClient->__getTypes() http://sinagra.org/gp/get_types.php.html Thanks. - Todd From danielc at analysisandsolutions.com Sat Nov 24 23:46:26 2007 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sat, 24 Nov 2007 23:46:26 -0500 Subject: [nycphp-talk] Consuming a .NET Web Service with PHP In-Reply-To: <8c3fe96a0711241742ie66b343w734bf4d2cc655cbb@mail.gmail.com> References: <8c3fe96a0711241742ie66b343w734bf4d2cc655cbb@mail.gmail.com> Message-ID: <20071125044626.GA1910@panix.com> Todd: On Sat, Nov 24, 2007 at 08:42:30PM -0500, Todd Sinagra wrote: Here's their error message: > The specified type is abstract: name='OrganizationKey', And what you sent for that element. > Did you Google for that phrase? It came up confirming my guess: what you passed in for that element is not valid according to the schema. If you don't have any data for it, don't pass it at all. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From bz-gmort at beezifies.com Sun Nov 25 15:20:46 2007 From: bz-gmort at beezifies.com (Gary Mort) Date: Sun, 25 Nov 2007 15:20:46 -0500 Subject: [nycphp-talk] Pass-by-value and lazy copy In-Reply-To: <20071125001511.GA14806@panix.com> References: <00dc01c82af1$9ce6b770$a66411ac@c500> <7.0.1.0.2.20071121092720.031b3ac8@e-government.com> <4745854A.9000407@beezifies.com> <20071125001511.GA14806@panix.com> Message-ID: <4749D91E.1050701@beezifies.com> Daniel Convissor wrote: > Hi Gary: > > On Thu, Nov 22, 2007 at 08:34:02AM -0500, Gary Mort wrote: > >> So, in the pass by reference talk, it was pointed out that if you do: >> >> $a = 100; >> $b = 100; >> // At this point in time, $a and $b are still using the same memory to >> store their data >> > > Nope. They have two separate memory assignments. But they'll be the > same if you do the following: > > $a = 100; > $b = $a; > > Opps, right, sorry about the typo. Not relevant to my main question, but it does add confusion to have put a bad example up front. Thanks. -Gary From bz-gmort at beezifies.com Sun Nov 25 15:23:16 2007 From: bz-gmort at beezifies.com (Gary Mort) Date: Sun, 25 Nov 2007 15:23:16 -0500 Subject: [nycphp-talk] WSDL conversion to PHP classes Message-ID: <4749D9B4.7010201@beezifies.com> I've been looking around and I see a number of frameworks and standalone apps where you can give it the WSDL(sp?) definition file for an XML/RPC type application and it will generate a bunch of stub classes for you to send/receive requests and automatically parse the xml responses into objects or arrays. Anyone used any of them, and if so what's your favorite time saver? From ramons at gmx.net Mon Nov 26 13:01:18 2007 From: ramons at gmx.net (David Krings) Date: Mon, 26 Nov 2007 13:01:18 -0500 Subject: [nycphp-talk] ini_set problems Message-ID: <474B09EE.6040901@gmx.net> Hi! I want to temporarily set much larger post, upload, and execution time limits for a form that is intended to upload large files (locally). I use the following commands: ini_set('upload_max_filesize', '52428800'); ini_set('post_max_size', '53477376'); ini_set('max_execution_time', '600'); When I follow this by a phpinfo(); I see that only the max_execution_time setting was updated correctly. Also, when I echo the retun values for each ini_set I get nothing for the first two and a 300 for the max_execution_time (which is the correct old value). I first thought it was because I used shorthand for the 50M/51M limits, but even changing it to what is shown above doesn't make any difference. Any advice is greatly appreciated. David From dcech at phpwerx.net Mon Nov 26 13:13:06 2007 From: dcech at phpwerx.net (Dan Cech) Date: Mon, 26 Nov 2007 13:13:06 -0500 Subject: [nycphp-talk] ini_set problems In-Reply-To: <474B09EE.6040901@gmx.net> References: <474B09EE.6040901@gmx.net> Message-ID: <474B0CB2.5060801@phpwerx.net> David Krings wrote: > I want to temporarily set much larger post, upload, and execution time > limits for a form that is intended to upload large files (locally). I > use the following commands: > ini_set('upload_max_filesize', '52428800'); > ini_set('post_max_size', '53477376'); > ini_set('max_execution_time', '600'); > > When I follow this by a phpinfo(); I see that only the > max_execution_time setting was updated correctly. Also, when I echo the > retun values for each ini_set I get nothing for the first two and a 300 > for the max_execution_time (which is the correct old value). I first > thought it was because I used shorthand for the 50M/51M limits, but even > changing it to what is shown above doesn't make any difference. The upload_max_filesize and post_max_size ini settings cannot be set from within a script, because by the time your script has started any larger uploads would have already been discarded. You'll need to set them in .htaccess or virtual host in order for them to have any effect. In .htaccess, you would want something like: # tell php to allow large uploads php_value upload_max_filesize "16M" php_value post_max_size "50M" php_value max_execution_time 60 php_value max_input_time 600 # tell apache to allow large uploads LimitRequestBody 53000000 If you want to restrict the settings to a particular script, you could use a block. Dan From rmarscher at beaffinitive.com Mon Nov 26 13:32:50 2007 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Mon, 26 Nov 2007 13:32:50 -0500 Subject: [nycphp-talk] WSDL conversion to PHP classes In-Reply-To: <4749D9B4.7010201@beezifies.com> References: <4749D9B4.7010201@beezifies.com> Message-ID: <8625B036-7B56-43F7-B6F6-AA38342A0397@beaffinitive.com> On Nov 25, 2007, at 3:23 PM, Gary Mort wrote: > I've been looking around and I see a number of frameworks and > standalone apps where you can give it the WSDL(sp?) definition file > for an XML/RPC type application and it will generate a bunch of stub > classes for you to send/receive requests and automatically parse the > xml responses into objects or arrays. > > Anyone used any of them, and if so what's your favorite time saver? I recently used php's built-in SoapClient class. You need to configure with --enable-soap. It was great. I couldn't believe how easy it was: $client = new SoapClient("http://www.weather.gov/forecasts/xml/DWMLgen/wsdl/ndfdXML.wsdl "); var_dump($client->__getFunctions()); var_dump($client->__getTypes()); SimpleXML can be used to parse XML responses from the Soap service. You asked for XML/RPC though... so then use Zend Framework's Zend_XmlRpc_Client class. You can use the getProxy() method to get an object that lets you make the XML/RPC calls like their methods of that object. It seems that if the server support introspection, you can use the getIntrospector() method as well. PHP5 is the bomb for working with these remote services. All the heavy lifting is already done. -Rob -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmarscher at beaffinitive.com Mon Nov 26 13:33:13 2007 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Mon, 26 Nov 2007 13:33:13 -0500 Subject: [nycphp-talk] Pass-by-value and lazy copy In-Reply-To: <4745FB05.6060107@devonianfarm.com> References: <00dc01c82af1$9ce6b770$a66411ac@c500> <7.0.1.0.2.20071121092720.031b3ac8@e-government.com> <4745854A.9000407@beezifies.com> <4745FB05.6060107@devonianfarm.com> Message-ID: <72B65716-9998-4EED-8F43-FAB7545281DA@beaffinitive.com> On Nov 22, 2007, at 4:56 PM, Paul Houle wrote: > By using the '&' operator in function calls and in assigments, you > can get PHP 4 to behave a lot like PHP 5, but weird things will > happen if you miss using '&' even once. And then when you have to port everything to PHP5, you get other weird things happening because of the workarounds you did for PHP4. :-) I would recommend if you're still using PHP4 (hopefully you're not for much longer ;), you should try to avoid using references to prevent unnecessary variable copying because it makes the PHP5 migration more difficult. I'm not sure I should exactly blame the following on the PHP4->5 changes... the code is somewhat questionable to begin with... but it followed from us attempting to use references in PHP4 to prevent unnecessary copying. Check this out: We had code that essentially boiled down to the following in PHP4: class SomeClass { } $someLoop = array(0 => 'a', 1 => 'b', 2 => 'c'); $arr = array(); foreach ($someLoop as $key => $value) { $someObj = & new SomeClass(); $someObj->val = $value; $arr[$key] = & $someObj; } print_r($arr); Here's the output: Array ( [0] => SomeClass Object ( [val] => a ) [1] => SomeClass Object ( [val] => b ) [2] => SomeClass Object ( [val] => c ) ) Now "& new" is deprecated in PHP5 because objects are always passed by reference anyway. So we wrote a script the replaced "& new" with just "new." However... now our loop looks like this: foreach ($someLoop as $key => $value) { $someObj = new SomeClass(); $someObj->val = $value; $arr[$key] = & $someObj; } And here's what happens (this is actually the same in PHP4 and PHP5): Array ( [0] => SomeClass Object ( [val] => c ) [1] => SomeClass Object ( [val] => c ) [2] => SomeClass Object ( [val] => c ) ) Whoops... so we had to go through and find these cases and fix it to not use references for assignment since it doesn't need them either in PHP5: foreach ($someLoop as $key => $value) { $someObj = new SomeClass($value); $someObj->val = $value; $arr[$key] = $someObj; } Hehe... or write it like this in the first place: foreach ($someLoop as $key => $value) { $arr[$key] = new SomeClass($value); $arr[$key]->val = $value; } The actual code was more complicated and the original way it was written made more sense than it seems from the super simplified example. -Rob From ramons at gmx.net Mon Nov 26 13:46:32 2007 From: ramons at gmx.net (David Krings) Date: Mon, 26 Nov 2007 13:46:32 -0500 Subject: [nycphp-talk] ini_set problems In-Reply-To: <474B0CB2.5060801@phpwerx.net> References: <474B09EE.6040901@gmx.net> <474B0CB2.5060801@phpwerx.net> Message-ID: <474B1488.8020109@gmx.net> Dan Cech wrote: > The upload_max_filesize and post_max_size ini settings cannot be set >>from within a script, because by the time your script has started any > larger uploads would have already been discarded. Thanks for the info...which somehow sucks (the outcome, not your message). I set the limits before the upload starts, so it isn't that I tried toto do this retroactively, but when these limits cannot be set at all then it doesn't matter when and where I do this. I guess I need to put this in the docs at a very prominent spot. Well, at least I can now focus my hand on desk banging on other issues. Thanks for the quick reply. David From jcampbell1 at gmail.com Mon Nov 26 14:03:02 2007 From: jcampbell1 at gmail.com (John Campbell) Date: Mon, 26 Nov 2007 14:03:02 -0500 Subject: [nycphp-talk] ini_set problems In-Reply-To: <474B1488.8020109@gmx.net> References: <474B09EE.6040901@gmx.net> <474B0CB2.5060801@phpwerx.net> <474B1488.8020109@gmx.net> Message-ID: <8f0676b40711261103i48bc798fv629b64027fd5769c@mail.gmail.com> > I guess I need to put this in the docs at a > very prominent spot. It is in the php docs at: http://us3.php.net/manual/en/ini.php The third column lets you know where the directive is allowed. You will also want to make sure that memory_limit is higher than the post_max_size. -Regards John Campbell From jmcgraw1 at gmail.com Mon Nov 26 15:03:52 2007 From: jmcgraw1 at gmail.com (Jake McGraw) Date: Mon, 26 Nov 2007 15:03:52 -0500 Subject: [nycphp-talk] WSDL conversion to PHP classes In-Reply-To: <8625B036-7B56-43F7-B6F6-AA38342A0397@beaffinitive.com> References: <4749D9B4.7010201@beezifies.com> <8625B036-7B56-43F7-B6F6-AA38342A0397@beaffinitive.com> Message-ID: If you'd like some general information on Web Service development, check out the site for a class I took 2 years ago: http://www.cs.binghamton.edu/~mgovinda/courses/cs547/index.html - jake On Nov 26, 2007 1:32 PM, Rob Marscher wrote: > On Nov 25, 2007, at 3:23 PM, Gary Mort wrote: > > I've been looking around and I see a number of frameworks and standalone > apps where you can give it the WSDL(sp?) definition file for an XML/RPC type > application and it will generate a bunch of stub classes for you to > send/receive requests and automatically parse the xml responses into objects > or arrays. > > Anyone used any of them, and if so what's your favorite time saver? > > > I recently used php's built-in SoapClient class. You need to configure > with --enable-soap. It was great. I couldn't believe how easy it was: > $client = new SoapClient(" > http://www.weather.gov/forecasts/xml/DWMLgen/wsdl/ndfdXML.wsdl"); > var_dump($client->__getFunctions()); > var_dump($client->__getTypes()); > > SimpleXML can be used to parse XML responses from the Soap service. > > You asked for XML/RPC though... so then use Zend > Framework's Zend_XmlRpc_Client class. You can use the getProxy() method to > get an object that lets you make the XML/RPC calls like their methods of > that object. It seems that if the server support introspection, you can use > the getIntrospector() method as well. > > PHP5 is the bomb for working with these remote services. All the heavy > lifting is already done. > > -Rob > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bz-gmort at beezifies.com Mon Nov 26 15:15:38 2007 From: bz-gmort at beezifies.com (Gary Mort) Date: Mon, 26 Nov 2007 15:15:38 -0500 Subject: [nycphp-talk] WSDL conversion to PHP classes In-Reply-To: <8625B036-7B56-43F7-B6F6-AA38342A0397@beaffinitive.com> References: <4749D9B4.7010201@beezifies.com> <8625B036-7B56-43F7-B6F6-AA38342A0397@beaffinitive.com> Message-ID: <474B296A.5020309@beezifies.com> Rob Marscher wrote: > On Nov 25, 2007, at 3:23 PM, Gary Mort wrote: >> I've been looking around and I see a number of frameworks and >> standalone apps where you can give it the WSDL(sp?) definition file >> for an XML/RPC type application and it will generate a bunch of stub >> classes for you to send/receive requests and automatically parse the >> xml responses into objects or arrays. >> >> Anyone used any of them, and if so what's your favorite time saver? > > I recently used php's built-in SoapClient class. You need to > configure with --enable-soap. It was great. I couldn't believe how > easy it was: > > $client = new > SoapClient("http://www.weather.gov/forecasts/xml/DWMLgen/wsdl/ndfdXML.wsdl"); > var_dump($client->__getFunctions()); > var_dump($client->__getTypes()); > > SimpleXML can be used to parse XML responses from the Soap service. > > You asked for XML/RPC though... so then use Zend > Framework's Zend_XmlRpc_Client class. My mistake, all the services are bubbling together in my head and I'm trying to figure out what's what. It seems to be a fairly trivial exercise, given an WSDL file to create a bunch of classes for accessing the interface without coding it yourself. The only real catch is to get myself to /think/ in those terms. If I can figure out the mental landscape, I think it all becomes fairly simple. From mitch.pirtle at gmail.com Tue Nov 27 11:21:02 2007 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Tue, 27 Nov 2007 11:21:02 -0500 Subject: [nycphp-talk] Need About creating search In-Reply-To: References: <651620.64882.qm@web59301.mail.re1.yahoo.com> <474419DC.7060907@gmx.net> <47449351.8090404@gmx.net> Message-ID: <330532b60711270821x730ab004j78b968bc46fb7ee7@mail.gmail.com> On Nov 21, 2007 8:52 PM, Jon Baer wrote: > Build an index with Zend_Search_Lucene That's one great option, and another that I'd like to pimp is sphinx: http://www.sphinxsearch.com/ Basically it is the fastest search tool I have found anywhere on any platform. Wicked fast, and pretty decent interfaces for a variety of languages as well. Using it on some major projects now with millions of content entries submitted by users - this is a great environment for huge social sites. -- Mitch From chsnyder at gmail.com Tue Nov 27 12:41:16 2007 From: chsnyder at gmail.com (csnyder) Date: Tue, 27 Nov 2007 12:41:16 -0500 Subject: [nycphp-talk] Need About creating search In-Reply-To: <330532b60711270821x730ab004j78b968bc46fb7ee7@mail.gmail.com> References: <651620.64882.qm@web59301.mail.re1.yahoo.com> <474419DC.7060907@gmx.net> <47449351.8090404@gmx.net> <330532b60711270821x730ab004j78b968bc46fb7ee7@mail.gmail.com> Message-ID: On Nov 27, 2007 11:21 AM, Mitch Pirtle wrote: > another that I'd like to pimp is sphinx: > > http://www.sphinxsearch.com/ Could you pimp code example along with that? Urp, never mind, see http://www.ibm.com/developerworks/library/os-php-sphinxsearch/ Complex, but not overly complicated. It's a little troubling that there's no search box on the spinxsearch.com site, but that happens to be true of Lucene as well, so go figure. -- Chris Snyder http://chxo.com/ From ben at projectskyline.com Tue Nov 27 13:18:52 2007 From: ben at projectskyline.com (Ben Sgro (ProjectSkyLine)) Date: Tue, 27 Nov 2007 13:18:52 -0500 Subject: [nycphp-talk] Need About creating search References: <651620.64882.qm@web59301.mail.re1.yahoo.com><474419DC.7060907@gmx.net><47449351.8090404@gmx.net><330532b60711270821x730ab004j78b968bc46fb7ee7@mail.gmail.com> Message-ID: <00d901c83121$f70179d0$a66411ac@c500> It's a little troubling that there's no search box on the spinxsearch.com site, but that happens to be true of Lucene as well, so go figure. ^^ odd ----- Original Message ----- From: "csnyder" To: "NYPHP Talk" Sent: Tuesday, November 27, 2007 12:41 PM Subject: Re: [nycphp-talk] Need About creating search > On Nov 27, 2007 11:21 AM, Mitch Pirtle wrote: > >> another that I'd like to pimp is sphinx: >> >> http://www.sphinxsearch.com/ > > Could you pimp code example along with that? > Urp, never mind, see > http://www.ibm.com/developerworks/library/os-php-sphinxsearch/ > > Complex, but not overly complicated. > > It's a little troubling that there's no search box on the > spinxsearch.com site, but that happens to be true of Lucene as well, > so go figure. > > -- > Chris Snyder > http://chxo.com/ > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From urb at e-government.com Tue Nov 27 13:22:39 2007 From: urb at e-government.com (Urb LeJeune) Date: Tue, 27 Nov 2007 13:22:39 -0500 Subject: [nycphp-talk] Need About creating search In-Reply-To: <00d901c83121$f70179d0$a66411ac@c500> References: <651620.64882.qm@web59301.mail.re1.yahoo.com> <474419DC.7060907@gmx.net> <47449351.8090404@gmx.net> <330532b60711270821x730ab004j78b968bc46fb7ee7@mail.gmail.com> <00d901c83121$f70179d0$a66411ac@c500> Message-ID: <7.0.1.0.2.20071127132144.02a9f860@e-government.com> Why not just use Atomz.com? It's free (with sponsored links), is customizable, and have good reports. Urb Urb Dr. Urban A. LeJeune, President E-Government.com 800-204-9545 E-Government,com lowers you costs while increasing your expectations. From rmarscher at beaffinitive.com Tue Nov 27 16:37:39 2007 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Tue, 27 Nov 2007 16:37:39 -0500 Subject: [nycphp-talk] Need About creating search In-Reply-To: <330532b60711270821x730ab004j78b968bc46fb7ee7@mail.gmail.com> References: <651620.64882.qm@web59301.mail.re1.yahoo.com> <474419DC.7060907@gmx.net> <47449351.8090404@gmx.net> <330532b60711270821x730ab004j78b968bc46fb7ee7@mail.gmail.com> Message-ID: <1CC7D4BE-A7A5-4006-95CD-0E250BC79E48@beaffinitive.com> On Nov 27, 2007, at 11:21 AM, Mitch Pirtle wrote: > http://www.sphinxsearch.com/ > > Basically it is the fastest search tool I have found anywhere on any > platform. Wicked fast, and pretty decent interfaces for a variety of > languages as well. Using it on some major projects now with millions > of content entries submitted by users - this is a great environment > for huge social sites. +1. We're using it here: http://www.heynielsen.com/search/ (sorry for the promo... but it seemed that people wanted to see it in action) What I love about it is the way it uses mysql as the source for the index. All you need to do is setup the sphinx.conf file and set a cron to periodically rebuild the indexes. No other programming required to create the indexes. They already have a php api class which is including the server download... so searching it from php is simple too. Documentation on the api could use some help though... have to get the details by reading the source... maybe I should contribute. You can search multiple indexes in one Query by separating the indexes by a space. That's not documented as far as I know. I discovered it in the sphinx forums. You can also just search every index you have available in one query. Here's some code that I use. I have a main index - "mainIndex" - that I reindex once an hour (it indexes over 100,000 records in a couple seconds and then sends a sighup so that the search server reloads the index). I also have a "delta" index that contains only the new entries since the last time the main index was reindexed. I do this every couple minutes and the operation takes under a second. They talk about how to do this in the documentation. I also created stemmed and soundex indexes... so if no results were found in the regular index, it tries those other indexes next: $spx = new SphinxClient(); $spx->SetServer($host, $port); $spx->SetWeights(array(100, 1)); $spx->SetLimits(0, 250); $spx->SetMatchMode(SPH_MATCH_ALL); $spx->SetFilter('category', array($category)); $spx->SetSortMode(SPH_SORT_RELEVANCE); $_rs = $spx->Query($search, 'mainIndex mainIndexDelta'); if (count($_rs['matches']) == 0) { // give another try with the soundex index <- love this!! :) $_rs = $spx->Query($search, 'mainIndexSoundex mainIndexSoundexDelta'); } if (count($_rs['matches']) == 0) { // still no results? how about stemming $_rs = $spx->Query($search, 'mainIndexStemmed mainIndexStemmedDelta'); } if (count($_rs['matches']) == 0) { // still no results? how about a different match mode $spx->SetMatchMode(SPH_MATCH_ANY); $spx->SetLimits(0, 20); $_rs = $spx->Query($search, 'mainIndex mainIndexDelta'); } The search only returns the primary keys for the matched records. You then have to do a separate mysql query to get any extra details... but you'd be surprised how fast searching mysql via those primary keys is. You don't need any where clause because your search has already been narrowed. -Rob From dell at sala.ca Tue Nov 27 16:56:19 2007 From: dell at sala.ca (Dell Sala) Date: Tue, 27 Nov 2007 16:56:19 -0500 Subject: [nycphp-talk] Need About creating search In-Reply-To: <1CC7D4BE-A7A5-4006-95CD-0E250BC79E48@beaffinitive.com> References: <651620.64882.qm@web59301.mail.re1.yahoo.com> <474419DC.7060907@gmx.net> <47449351.8090404@gmx.net> <330532b60711270821x730ab004j78b968bc46fb7ee7@mail.gmail.com> <1CC7D4BE-A7A5-4006-95CD-0E250BC79E48@beaffinitive.com> Message-ID: <253B04C0-6D0F-472B-9A08-77EFED09B5CD@sala.ca> >> http://www.sphinxsearch.com/ On Nov 27, 2007, at 4:37 PM, Rob Marscher wrote: > The search only returns the primary keys for the matched records. > You then have to do a separate mysql query to get any extra > details... but you'd be surprised how fast searching mysql via > those primary keys is. You don't need any where clause because > your search has already been narrowed. Cool. But doesn't this require 1 SQL query for each result item? (50 results per page == 50 queries per page)? I suppose they ARE fast queries. I've run into this situation a few times in other contexts. Is there a clean way to retrieve records by filtering against a list of primary key values, all in one SQL query? Just curious... -- Dell From dcech at phpwerx.net Tue Nov 27 17:12:41 2007 From: dcech at phpwerx.net (Dan Cech) Date: Tue, 27 Nov 2007 17:12:41 -0500 Subject: [nycphp-talk] Need About creating search In-Reply-To: <253B04C0-6D0F-472B-9A08-77EFED09B5CD@sala.ca> References: <651620.64882.qm@web59301.mail.re1.yahoo.com> <474419DC.7060907@gmx.net> <47449351.8090404@gmx.net> <330532b60711270821x730ab004j78b968bc46fb7ee7@mail.gmail.com> <1CC7D4BE-A7A5-4006-95CD-0E250BC79E48@beaffinitive.com> <253B04C0-6D0F-472B-9A08-77EFED09B5CD@sala.ca> Message-ID: <474C9659.2030709@phpwerx.net> Dell Sala wrote: >>> http://www.sphinxsearch.com/ > > On Nov 27, 2007, at 4:37 PM, Rob Marscher wrote: > >> The search only returns the primary keys for the matched records. You >> then have to do a separate mysql query to get any extra details... but >> you'd be surprised how fast searching mysql via those primary keys >> is. You don't need any where clause because your search has already >> been narrowed. > > Cool. But doesn't this require 1 SQL query for each result item? (50 > results per page == 50 queries per page)? I suppose they ARE fast > queries. I've run into this situation a few times in other contexts. Is > there a clean way to retrieve records by filtering against a list of > primary key values, all in one SQL query? Just curious... SELECT * FROM mytable WHERE myid IN (1,2,3,4) Dan From chsnyder at gmail.com Wed Nov 28 09:26:13 2007 From: chsnyder at gmail.com (csnyder) Date: Wed, 28 Nov 2007 09:26:13 -0500 Subject: [nycphp-talk] PHP on Nokia Message-ID: Apparently you can install a Personal Apache-MySQL-PHP stack on your Nokia smart phone. http://devphone.com/pamp-stack-on-s60-brings-you-php "there will be PHP extension modules that provide access to the core functionality of the phone" Mmm, phone glue. -- Chris Snyder http://chxo.com/ From aw at sap8.com Wed Nov 28 09:32:25 2007 From: aw at sap8.com (Anthony Wlodarski) Date: Wed, 28 Nov 2007 09:32:25 -0500 Subject: [nycphp-talk] PHP on Nokia In-Reply-To: References: Message-ID: <011301c831cb$7ea93680$7bfba380$@com> Speaking of mobile devices I Just picked up an HTC Mogul, quite an interesting phone (besides that it only has a JVM to do development in as I wouldn't touch native C++ for it). Would you know of any supporting PHP environments for Windows Mobile 6 devices? Anthony Wlodarski aw at sap8.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of csnyder Sent: Wednesday, November 28, 2007 9:26 AM To: NYPHP Talk Subject: [nycphp-talk] PHP on Nokia Apparently you can install a Personal Apache-MySQL-PHP stack on your Nokia smart phone. http://devphone.com/pamp-stack-on-s60-brings-you-php "there will be PHP extension modules that provide access to the core functionality of the phone" Mmm, phone glue. -- Chris Snyder http://chxo.com/ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From ajai at bitblit.net Wed Nov 28 10:51:42 2007 From: ajai at bitblit.net (Ajai Khattri) Date: Wed, 28 Nov 2007 10:51:42 -0500 (EST) Subject: [nycphp-talk] PHP on Nokia In-Reply-To: Message-ID: On Wed, 28 Nov 2007, csnyder wrote: > Apparently you can install a Personal Apache-MySQL-PHP stack on your > Nokia smart phone. > http://devphone.com/pamp-stack-on-s60-brings-you-php > > "there will be PHP extension modules that provide access to the core > functionality of the phone" Nice! I was looking for something similar for the Nokia N8xx tablets... -- Aj. From ben at projectskyline.com Wed Nov 28 10:58:02 2007 From: ben at projectskyline.com (Ben Sgro (ProjectSkyLine)) Date: Wed, 28 Nov 2007 10:58:02 -0500 Subject: [nycphp-talk] If/else vs Try/catch Message-ID: <00f901c831d7$74f74170$a66411ac@c500> Hello, I've inherited some legacy code in CF that I'll be porting to PHP. I see ample use of try/catch. Why? Why is it better/different than if/else? I've never really used it in procedural coding and I'm still somewhat new to OOP overall. - Ben I googled and found a couple discussions. Maybe someone has some sample code that shows why one is better than the other. http://www.thescripts.com/forum/thread349361.html -------------- next part -------------- An HTML attachment was scrubbed... URL: From scott at crisscott.com Wed Nov 28 11:11:33 2007 From: scott at crisscott.com (Scott Mattocks) Date: Wed, 28 Nov 2007 11:11:33 -0500 Subject: [nycphp-talk] If/else vs Try/catch In-Reply-To: <00f901c831d7$74f74170$a66411ac@c500> References: <00f901c831d7$74f74170$a66411ac@c500> Message-ID: <474D9335.2070400@crisscott.com> Ben Sgro (ProjectSkyLine) wrote: > I see ample use of try/catch. Why? Why is it better/different than if/else? You are talking about two completely different things here. If/else is for testing a condition. Try/catch is for handling exceptions. If an exception is thrown within a try/catch block the code in the catch section will be executed. The two are not interchangeable. You should read up on exception handling if you think you may need to use try/catch. http://us2.php.net/manual/en/language.exceptions.php -- Scott Mattocks Author: Pro PHP-GTK http://www.crisscott.com From ben at projectskyline.com Wed Nov 28 11:25:12 2007 From: ben at projectskyline.com (Ben Sgro (ProjectSkyLine)) Date: Wed, 28 Nov 2007 11:25:12 -0500 Subject: [nycphp-talk] If/else vs Try/catch References: <00f901c831d7$74f74170$a66411ac@c500> <474D9335.2070400@crisscott.com> Message-ID: <012b01c831db$408f2160$a66411ac@c500> Hello Scott, Thanks. I'll read up on it now...and post my thoughts. Before I read I'll ask this question. What's the difference between this example below and what you just explained? bens at arc90-dev-02:~/webdev$ php test.php Gotcha! bens at arc90-dev-02:~/webdev$ cat test.php = 0 ) return TRUE; } if ( a(-1) ) { printf("Not here\n"); } else { printf("Gotcha!\n"); } - Ben ----- Original Message ----- From: "Scott Mattocks" To: "NYPHP Talk" Sent: Wednesday, November 28, 2007 11:11 AM Subject: Re: [nycphp-talk] If/else vs Try/catch > Ben Sgro (ProjectSkyLine) wrote: >> I see ample use of try/catch. Why? Why is it better/different than >> if/else? > > You are talking about two completely different things here. If/else is for > testing a condition. Try/catch is for handling exceptions. If an exception > is thrown within a try/catch block the code in the catch section will be > executed. The two are not interchangeable. You should read up on exception > handling if you think you may need to use try/catch. > > http://us2.php.net/manual/en/language.exceptions.php > > -- > Scott Mattocks > Author: Pro PHP-GTK > http://www.crisscott.com > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From chsnyder at gmail.com Wed Nov 28 11:26:14 2007 From: chsnyder at gmail.com (csnyder) Date: Wed, 28 Nov 2007 11:26:14 -0500 Subject: [nycphp-talk] PHP on Nokia In-Reply-To: References: Message-ID: On Nov 28, 2007 10:51 AM, Ajai Khattri wrote: > > I was looking for something similar for the Nokia N8xx tablets... Those run S60, right? I've been trying to get up to speed on these devices after ignoring mobile for the last few years, because the inclusion of "real" web browsers and wifi access is starting to make them first-class clients. The ability to glue stuff together using php on-device is really exciting. -- Chris Snyder http://chxo.com/ From chsnyder at gmail.com Wed Nov 28 11:38:18 2007 From: chsnyder at gmail.com (csnyder) Date: Wed, 28 Nov 2007 11:38:18 -0500 Subject: [nycphp-talk] If/else vs Try/catch In-Reply-To: <012b01c831db$408f2160$a66411ac@c500> References: <00f901c831d7$74f74170$a66411ac@c500> <474D9335.2070400@crisscott.com> <012b01c831db$408f2160$a66411ac@c500> Message-ID: On Nov 28, 2007 11:25 AM, Ben Sgro (ProjectSkyLine) wrote: > Thanks. I'll read up on it now...and post my thoughts. Trying to explain the benefits of try/catch is like trying to explain the benefits of OO code: you don't need it to get the job done, but it really helps if you want to get the job done elegantly. If you find yourself writing code like: $success = $obj->process1(); if ( $success ) { $success = $obj->process2(); if ( $success ) { $success = $obj->process3(); } } if ( !$success ) { exit( "An error ocurred in either process 1, 2, or 3." ); } ... then try/catch is the way out of your nightmare. try { $obj->process1(); $obj->process2(); $obj->process3(); } catch Exception( e ) { exit( "An error occurred: ".$e->message() ); } Error handling doesn't need to be part of your program logic anymore. -- Chris Snyder http://chxo.com/ From ajai at bitblit.net Wed Nov 28 11:39:43 2007 From: ajai at bitblit.net (Ajai Khattri) Date: Wed, 28 Nov 2007 11:39:43 -0500 (EST) Subject: [nycphp-talk] PHP on Nokia In-Reply-To: Message-ID: On Wed, 28 Nov 2007, csnyder wrote: > On Nov 28, 2007 10:51 AM, Ajai Khattri wrote: > > > > I was looking for something similar for the Nokia N8xx tablets... > > Those run S60, right? Naa.. Linux... (funny, you would think LAMP would be readily available as a package to install right? But I dont see it in any package repository...) > I've been trying to get up to speed on these devices after ignoring > mobile for the last few years, because the inclusion of "real" web > browsers and wifi access is starting to make them first-class clients. The N810 (i.e. the new one) has a browser based on Gecko so its a pretty decent browser. (The previous models used Opera). Actually Im working on an app for my N800. -- Aj. From ben at projectskyline.com Wed Nov 28 12:44:35 2007 From: ben at projectskyline.com (Ben Sgro (ProjectSkyLine)) Date: Wed, 28 Nov 2007 12:44:35 -0500 Subject: [nycphp-talk] If/else vs Try/catch References: <00f901c831d7$74f74170$a66411ac@c500><474D9335.2070400@crisscott.com> <012b01c831db$408f2160$a66411ac@c500> Message-ID: <016401c831e6$576a9120$a66411ac@c500> Hello Chris, Good points again. I've been doing some reading to get a better grasp on it. http://www.w3schools.com/php/php_exception.asp Seems to be a good explanation. Thanks. - Ben ----- Original Message ----- From: "csnyder" To: "NYPHP Talk" Sent: Wednesday, November 28, 2007 11:38 AM Subject: Re: [nycphp-talk] If/else vs Try/catch > On Nov 28, 2007 11:25 AM, Ben Sgro (ProjectSkyLine) > wrote: >> Thanks. I'll read up on it now...and post my thoughts. > > Trying to explain the benefits of try/catch is like trying to explain > the benefits of OO code: you don't need it to get the job done, but it > really helps if you want to get the job done elegantly. > > If you find yourself writing code like: > > $success = $obj->process1(); > if ( $success ) { > $success = $obj->process2(); > if ( $success ) { > $success = $obj->process3(); > } > } > if ( !$success ) { > exit( "An error ocurred in either process 1, 2, or 3." ); > } > > ... then try/catch is the way out of your nightmare. > > try { > $obj->process1(); > $obj->process2(); > $obj->process3(); > } catch Exception( e ) { > exit( "An error occurred: ".$e->message() ); > } > > Error handling doesn't need to be part of your program logic anymore. > > -- > Chris Snyder > http://chxo.com/ > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From ken at secdat.com Wed Nov 28 12:53:21 2007 From: ken at secdat.com (Kenneth Downs) Date: Wed, 28 Nov 2007 12:53:21 -0500 Subject: [nycphp-talk] If/else vs Try/catch In-Reply-To: <016401c831e6$576a9120$a66411ac@c500> References: <00f901c831d7$74f74170$a66411ac@c500><474D9335.2070400@crisscott.com> <012b01c831db$408f2160$a66411ac@c500> <016401c831e6$576a9120$a66411ac@c500> Message-ID: <474DAB11.8020007@secdat.com> Picture this example also: function try_include($filename) { try { include($filename); } catch Exception(e) { echo "Problem trying to include file!"; return false; } return true; } Ben Sgro (ProjectSkyLine) wrote: > Hello Chris, > Good points again. I've been doing some reading > to get a better grasp on it. > > http://www.w3schools.com/php/php_exception.asp > > Seems to be a good explanation. > > Thanks. > > - Ben > > ----- Original Message ----- From: "csnyder" > To: "NYPHP Talk" > Sent: Wednesday, November 28, 2007 11:38 AM > Subject: Re: [nycphp-talk] If/else vs Try/catch > > >> On Nov 28, 2007 11:25 AM, Ben Sgro (ProjectSkyLine) >> wrote: >>> Thanks. I'll read up on it now...and post my thoughts. >> >> Trying to explain the benefits of try/catch is like trying to explain >> the benefits of OO code: you don't need it to get the job done, but it >> really helps if you want to get the job done elegantly. >> >> If you find yourself writing code like: >> >> $success = $obj->process1(); >> if ( $success ) { >> $success = $obj->process2(); >> if ( $success ) { >> $success = $obj->process3(); >> } >> } >> if ( !$success ) { >> exit( "An error ocurred in either process 1, 2, or 3." ); >> } >> >> ... then try/catch is the way out of your nightmare. >> >> try { >> $obj->process1(); >> $obj->process2(); >> $obj->process3(); >> } catch Exception( e ) { >> exit( "An error occurred: ".$e->message() ); >> } >> >> Error handling doesn't need to be part of your program logic anymore. >> >> -- >> Chris Snyder >> http://chxo.com/ >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php -- Kenneth Downs Secure Data Software, Inc. www.secdat.com www.andromeda-project.org 631-689-7200 Fax: 631-689-0527 cell: 631-379-0010 From ben at projectskyline.com Wed Nov 28 13:04:10 2007 From: ben at projectskyline.com (Ben Sgro (ProjectSkyLine)) Date: Wed, 28 Nov 2007 13:04:10 -0500 Subject: [nycphp-talk] If/else vs Try/catch References: <00f901c831d7$74f74170$a66411ac@c500><474D9335.2070400@crisscott.com> <012b01c831db$408f2160$a66411ac@c500> <016401c831e6$576a9120$a66411ac@c500> <474DAB11.8020007@secdat.com> Message-ID: <017b01c831e9$13ad88e0$a66411ac@c500> Hello Kenneth, I saw an example similiar to this on PHP.net. I don't really see why try/catch is better ... Not trying to start a war here. -= ] function try_include( $filename ) { if( include($filename) != 1 ) { echo "Problem trying to include file!"; return false; } return true; } ----- Original Message ----- From: "Kenneth Downs" To: "NYPHP Talk" Sent: Wednesday, November 28, 2007 12:53 PM Subject: Re: [nycphp-talk] If/else vs Try/catch > Picture this example also: > > function try_include($filename) { > try { > include($filename); > } > catch Exception(e) { > echo "Problem trying to include file!"; > return false; > } > return true; > } > > Ben Sgro (ProjectSkyLine) wrote: >> Hello Chris, >> Good points again. I've been doing some reading >> to get a better grasp on it. >> >> http://www.w3schools.com/php/php_exception.asp >> >> Seems to be a good explanation. >> >> Thanks. >> >> - Ben >> >> ----- Original Message ----- From: "csnyder" >> To: "NYPHP Talk" >> Sent: Wednesday, November 28, 2007 11:38 AM >> Subject: Re: [nycphp-talk] If/else vs Try/catch >> >> >>> On Nov 28, 2007 11:25 AM, Ben Sgro (ProjectSkyLine) >>> wrote: >>>> Thanks. I'll read up on it now...and post my thoughts. >>> >>> Trying to explain the benefits of try/catch is like trying to explain >>> the benefits of OO code: you don't need it to get the job done, but it >>> really helps if you want to get the job done elegantly. >>> >>> If you find yourself writing code like: >>> >>> $success = $obj->process1(); >>> if ( $success ) { >>> $success = $obj->process2(); >>> if ( $success ) { >>> $success = $obj->process3(); >>> } >>> } >>> if ( !$success ) { >>> exit( "An error ocurred in either process 1, 2, or 3." ); >>> } >>> >>> ... then try/catch is the way out of your nightmare. >>> >>> try { >>> $obj->process1(); >>> $obj->process2(); >>> $obj->process3(); >>> } catch Exception( e ) { >>> exit( "An error occurred: ".$e->message() ); >>> } >>> >>> Error handling doesn't need to be part of your program logic anymore. >>> >>> -- >>> Chris Snyder >>> http://chxo.com/ >>> _______________________________________________ >>> New York PHP Community Talk Mailing List >>> http://lists.nyphp.org/mailman/listinfo/talk >>> >>> NYPHPCon 2006 Presentations Online >>> http://www.nyphpcon.com >>> >>> Show Your Participation in New York PHP >>> http://www.nyphp.org/show_participation.php >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php > > > -- > Kenneth Downs > Secure Data Software, Inc. > www.secdat.com www.andromeda-project.org > 631-689-7200 Fax: 631-689-0527 > cell: 631-379-0010 > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From brian at realm3.com Wed Nov 28 13:22:15 2007 From: brian at realm3.com (Brian D.) Date: Wed, 28 Nov 2007 13:22:15 -0500 Subject: [nycphp-talk] If/else vs Try/catch In-Reply-To: <017b01c831e9$13ad88e0$a66411ac@c500> References: <00f901c831d7$74f74170$a66411ac@c500> <474D9335.2070400@crisscott.com> <012b01c831db$408f2160$a66411ac@c500> <016401c831e6$576a9120$a66411ac@c500> <474DAB11.8020007@secdat.com> <017b01c831e9$13ad88e0$a66411ac@c500> Message-ID: Ben, Chris Snyder gave a good example of why you want to use error handling, but one other thing you may want to look at is the built-in PHP Exception class. This article had some code samples: http://www.phpbuilder.com/manual/en/language.exceptions.php The example you gave with try_include() doesn't tell the user/developer: - why it failed - where it failed - how important is the failure (is it fatal?) All you know is that you got false back, now you have to figure out if that's going to break something or not. Exceptions allow you to pass back different types of failures, details about the failure, the level of severity, and much more that you wouldn't get back from a true/false return. One of the most important things to consider, in my opinion, is that exceptions are a *standardized* way to handle errors. This means that when Joe returns a string that says "FAILURE" but Fred returned "false", you don't always know what to expect. If an exception is thrown, then you know for sure that something has failed and you need to handle it. - Brian On Nov 28, 2007 1:04 PM, Ben Sgro (ProjectSkyLine) wrote: > Hello Kenneth, > > I saw an example similiar to this on PHP.net. I don't really > see why try/catch is better ... Not trying to start a war here. -= ] > > function try_include( $filename ) > { > if( include($filename) != 1 ) > { > echo "Problem trying to include file!"; > return false; > } > return true; > } > ----- Original Message ----- > From: "Kenneth Downs" > To: "NYPHP Talk" > > Sent: Wednesday, November 28, 2007 12:53 PM > Subject: Re: [nycphp-talk] If/else vs Try/catch > > > > Picture this example also: > > > > function try_include($filename) { > > try { > > include($filename); > > } > > catch Exception(e) { > > echo "Problem trying to include file!"; > > return false; > > } > > return true; > > } > > > > Ben Sgro (ProjectSkyLine) wrote: > >> Hello Chris, > >> Good points again. I've been doing some reading > >> to get a better grasp on it. > >> > >> http://www.w3schools.com/php/php_exception.asp > >> > >> Seems to be a good explanation. > >> > >> Thanks. > >> > >> - Ben > >> > >> ----- Original Message ----- From: "csnyder" > >> To: "NYPHP Talk" > >> Sent: Wednesday, November 28, 2007 11:38 AM > >> Subject: Re: [nycphp-talk] If/else vs Try/catch > >> > >> > >>> On Nov 28, 2007 11:25 AM, Ben Sgro (ProjectSkyLine) > >>> wrote: > >>>> Thanks. I'll read up on it now...and post my thoughts. > >>> > >>> Trying to explain the benefits of try/catch is like trying to explain > >>> the benefits of OO code: you don't need it to get the job done, but it > >>> really helps if you want to get the job done elegantly. > >>> > >>> If you find yourself writing code like: > >>> > >>> $success = $obj->process1(); > >>> if ( $success ) { > >>> $success = $obj->process2(); > >>> if ( $success ) { > >>> $success = $obj->process3(); > >>> } > >>> } > >>> if ( !$success ) { > >>> exit( "An error ocurred in either process 1, 2, or 3." ); > >>> } > >>> > >>> ... then try/catch is the way out of your nightmare. > >>> > >>> try { > >>> $obj->process1(); > >>> $obj->process2(); > >>> $obj->process3(); > >>> } catch Exception( e ) { > >>> exit( "An error occurred: ".$e->message() ); > >>> } > >>> > >>> Error handling doesn't need to be part of your program logic anymore. > >>> > >>> -- > >>> Chris Snyder > >>> http://chxo.com/ > >>> _______________________________________________ > >>> New York PHP Community Talk Mailing List > >>> http://lists.nyphp.org/mailman/listinfo/talk > >>> > >>> NYPHPCon 2006 Presentations Online > >>> http://www.nyphpcon.com > >>> > >>> Show Your Participation in New York PHP > >>> http://www.nyphp.org/show_participation.php > >> _______________________________________________ > >> New York PHP Community Talk Mailing List > >> http://lists.nyphp.org/mailman/listinfo/talk > >> > >> NYPHPCon 2006 Presentations Online > >> http://www.nyphpcon.com > >> > >> Show Your Participation in New York PHP > >> http://www.nyphp.org/show_participation.php > > > > > > -- > > Kenneth Downs > > Secure Data Software, Inc. > > www.secdat.com www.andromeda-project.org > > 631-689-7200 Fax: 631-689-0527 > > cell: 631-379-0010 > > > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- realm3 web applications [realm3.com] freelance consulting, application development (423) 506-0349 From michael.southwell at nyphp.com Wed Nov 28 13:26:20 2007 From: michael.southwell at nyphp.com (Michael Southwell) Date: Wed, 28 Nov 2007 13:26:20 -0500 Subject: [nycphp-talk] If/else vs Try/catch In-Reply-To: References: <00f901c831d7$74f74170$a66411ac@c500> <474D9335.2070400@crisscott.com> <012b01c831db$408f2160$a66411ac@c500> Message-ID: <474DB2CC.5090401@nyphp.com> csnyder wrote: > ... then try/catch is the way out of your nightmare. > > try { > $obj->process1(); > $obj->process2(); > $obj->process3(); > } catch Exception( e ) { > exit( "An error occurred: ".$e->message() ); > } > > Error handling doesn't need to be part of your program logic anymore. Note that process1 etc must throw an exception internally in order for the catch to work, as explained once again at http://us2.php.net/manual/en/language.exceptions.php -- ================= Michael Southwell Vice President, Education NYPHP TRAINING: http://nyphp.com/Training/Indepth From ben at projectskyline.com Wed Nov 28 13:33:42 2007 From: ben at projectskyline.com (Ben Sgro (ProjectSkyLine)) Date: Wed, 28 Nov 2007 13:33:42 -0500 Subject: [nycphp-talk] If/else vs Try/catch References: <00f901c831d7$74f74170$a66411ac@c500><474D9335.2070400@crisscott.com> <012b01c831db$408f2160$a66411ac@c500><016401c831e6$576a9120$a66411ac@c500> <474DAB11.8020007@secdat.com><017b01c831e9$13ad88e0$a66411ac@c500> Message-ID: <01a501c831ed$33a60e70$a66411ac@c500> Hello Brian, Great points. I've been playing with some code examples to get a feel for it. One thing I've stumbled upon that might be nice is the following: Which allows to me handle Exceptions two ways, one for internal logging and one for display to the user. I'll read the link you posted as well. Thanks, - Ben class LogException extends Exception { public function errorMessage( ) { file_put_contents('exception_log.txt', "\n" . $this->getMessage( ) . "\n"); } } class UserException extends Exception { public function errorMessage( ) { return "An error has occured with " . $this->getMessage( ) . "\n"; } } $email = "ben at example.com"; try { try { if (strpos($email, "example") !== FALSE) { throw new LogException($email); } } catch(LogException $e) { $e->errorMessage( ); /* throw exception again. */ throw new UserException($email); } } catch (UserException $e) { echo $e->errorMessage( ); } ----- Original Message ----- From: "Brian D." To: "NYPHP Talk" Sent: Wednesday, November 28, 2007 1:22 PM Subject: Re: [nycphp-talk] If/else vs Try/catch > Ben, > > Chris Snyder gave a good example of why you want to use error > handling, but one other thing you may want to look at is the built-in > PHP Exception class. This article had some code samples: > http://www.phpbuilder.com/manual/en/language.exceptions.php > > The example you gave with try_include() doesn't tell the user/developer: > - why it failed > - where it failed > - how important is the failure (is it fatal?) > > All you know is that you got false back, now you have to figure out if > that's going to break something or not. Exceptions allow you to pass > back different types of failures, details about the failure, the level > of severity, and much more that you wouldn't get back from a > true/false return. > > One of the most important things to consider, in my opinion, is that > exceptions are a *standardized* way to handle errors. This means that > when Joe returns a string that says "FAILURE" but Fred returned > "false", you don't always know what to expect. If an exception is > thrown, then you know for sure that something has failed and you need > to handle it. > > - Brian > > > > > On Nov 28, 2007 1:04 PM, Ben Sgro (ProjectSkyLine) > wrote: >> Hello Kenneth, >> >> I saw an example similiar to this on PHP.net. I don't really >> see why try/catch is better ... Not trying to start a war here. -= ] >> >> function try_include( $filename ) >> { >> if( include($filename) != 1 ) >> { >> echo "Problem trying to include file!"; >> return false; >> } >> return true; >> } >> ----- Original Message ----- >> From: "Kenneth Downs" >> To: "NYPHP Talk" >> >> Sent: Wednesday, November 28, 2007 12:53 PM >> Subject: Re: [nycphp-talk] If/else vs Try/catch >> >> >> > Picture this example also: >> > >> > function try_include($filename) { >> > try { >> > include($filename); >> > } >> > catch Exception(e) { >> > echo "Problem trying to include file!"; >> > return false; >> > } >> > return true; >> > } >> > >> > Ben Sgro (ProjectSkyLine) wrote: >> >> Hello Chris, >> >> Good points again. I've been doing some reading >> >> to get a better grasp on it. >> >> >> >> http://www.w3schools.com/php/php_exception.asp >> >> >> >> Seems to be a good explanation. >> >> >> >> Thanks. >> >> >> >> - Ben >> >> >> >> ----- Original Message ----- From: "csnyder" >> >> To: "NYPHP Talk" >> >> Sent: Wednesday, November 28, 2007 11:38 AM >> >> Subject: Re: [nycphp-talk] If/else vs Try/catch >> >> >> >> >> >>> On Nov 28, 2007 11:25 AM, Ben Sgro (ProjectSkyLine) >> >>> wrote: >> >>>> Thanks. I'll read up on it now...and post my thoughts. >> >>> >> >>> Trying to explain the benefits of try/catch is like trying to explain >> >>> the benefits of OO code: you don't need it to get the job done, but >> >>> it >> >>> really helps if you want to get the job done elegantly. >> >>> >> >>> If you find yourself writing code like: >> >>> >> >>> $success = $obj->process1(); >> >>> if ( $success ) { >> >>> $success = $obj->process2(); >> >>> if ( $success ) { >> >>> $success = $obj->process3(); >> >>> } >> >>> } >> >>> if ( !$success ) { >> >>> exit( "An error ocurred in either process 1, 2, or 3." ); >> >>> } >> >>> >> >>> ... then try/catch is the way out of your nightmare. >> >>> >> >>> try { >> >>> $obj->process1(); >> >>> $obj->process2(); >> >>> $obj->process3(); >> >>> } catch Exception( e ) { >> >>> exit( "An error occurred: ".$e->message() ); >> >>> } >> >>> >> >>> Error handling doesn't need to be part of your program logic anymore. >> >>> >> >>> -- >> >>> Chris Snyder >> >>> http://chxo.com/ >> >>> _______________________________________________ >> >>> New York PHP Community Talk Mailing List >> >>> http://lists.nyphp.org/mailman/listinfo/talk >> >>> >> >>> NYPHPCon 2006 Presentations Online >> >>> http://www.nyphpcon.com >> >>> >> >>> Show Your Participation in New York PHP >> >>> http://www.nyphp.org/show_participation.php >> >> _______________________________________________ >> >> New York PHP Community Talk Mailing List >> >> http://lists.nyphp.org/mailman/listinfo/talk >> >> >> >> NYPHPCon 2006 Presentations Online >> >> http://www.nyphpcon.com >> >> >> >> Show Your Participation in New York PHP >> >> http://www.nyphp.org/show_participation.php >> > >> > >> > -- >> > Kenneth Downs >> > Secure Data Software, Inc. >> > www.secdat.com www.andromeda-project.org >> > 631-689-7200 Fax: 631-689-0527 >> > cell: 631-379-0010 >> > >> > _______________________________________________ >> > New York PHP Community Talk Mailing List >> > http://lists.nyphp.org/mailman/listinfo/talk >> > >> > NYPHPCon 2006 Presentations Online >> > http://www.nyphpcon.com >> > >> > Show Your Participation in New York PHP >> > http://www.nyphp.org/show_participation.php >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> > > > > -- > realm3 web applications [realm3.com] > freelance consulting, application development > (423) 506-0349 > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From sailer at bnl.gov Wed Nov 28 15:21:40 2007 From: sailer at bnl.gov (Tim Sailer) Date: Wed, 28 Nov 2007 15:21:40 -0500 Subject: [nycphp-talk] PHP on Nokia In-Reply-To: References: Message-ID: <20071128202140.GA12797@bnl.gov> On Wed, Nov 28, 2007 at 11:39:43AM -0500, Ajai Khattri wrote: > On Wed, 28 Nov 2007, csnyder wrote: > > > On Nov 28, 2007 10:51 AM, Ajai Khattri wrote: > > > > > > I was looking for something similar for the Nokia N8xx tablets... > > > > Those run S60, right? > > Naa.. Linux... (funny, you would think LAMP would be readily available as > a package to install right? But I dont see it in any package > repository...) http://maemo.org/downloads/product/OS2007/apache/ There's the PHP module too, but I don't have either one of my N800s in front of me. Tim From johnzabroski at yahoo.com Wed Nov 28 15:56:39 2007 From: johnzabroski at yahoo.com (John Zabroski) Date: Wed, 28 Nov 2007 12:56:39 -0800 (PST) Subject: [nycphp-talk] If/else vs Try/catch In-Reply-To: Message-ID: <829342.26199.qm@web60215.mail.yahoo.com> --- csnyder wrote: > > Error handling doesn't need to be part of your > program logic anymore. > > -- > Chris Snyder > http://chxo.com/ Be careful saying that, especially to a newbie. While experienced programmers presumably understand statements other experienced programmers like you make, a newbie might not understand an overly general statement like the one you just made. I understand what you are saying, but it is a gross simplification for someone needing deep, penetrating understanding of a new concept. Error handling does not just magically disappear from program logic, even if you use try/catch. In fact, it is quite easy for code to fall prey to a Split Cleaner bug pattern when using exception handling. Ken Downs posted a "gotcha" with exception handling already. Try/catch does not eliminate error handling from program logic. Instead, it does only what it was originally designed to do: let the caller of the function determine how to respond to a failure condition. Explicitly, the caller has greater responsibility in the call chain, because the calling function has more contextual knowledge and should be more able to recover from failure gracefully. ____________________________________________________________________________________ Be a better sports nut! Let your teams follow you with Yahoo Mobile. Try it now. http://mobile.yahoo.com/sports;_ylt=At9_qDKvtAbMuh1G1SQtBI7ntAcJ From ben at projectskyline.com Wed Nov 28 16:18:06 2007 From: ben at projectskyline.com (Ben Sgro (ProjectSkyLine)) Date: Wed, 28 Nov 2007 16:18:06 -0500 Subject: [nycphp-talk] If/else vs Try/catch References: <829342.26199.qm@web60215.mail.yahoo.com> Message-ID: <023501c83204$2b9e6d00$a66411ac@c500> Hello John, Good point. I started realize that this method pushes the responsilibty for error handling up the chain, which is something I sometimes struggle with with if/else. Once I really start writing some code, I'll be able to see the benefits, as I'm sure I'll be happy with these technique as well. - Ben ----- Original Message ----- From: "John Zabroski" To: "NYPHP Talk" Sent: Wednesday, November 28, 2007 3:56 PM Subject: Re: [nycphp-talk] If/else vs Try/catch > > --- csnyder wrote: >> >> Error handling doesn't need to be part of your >> program logic anymore. >> >> -- >> Chris Snyder >> http://chxo.com/ > > Be careful saying that, especially to a newbie. While > experienced programmers presumably understand > statements other experienced programmers like you > make, a newbie might not understand an overly general > statement like the one you just made. I understand > what you are saying, but it is a gross simplification > for someone needing deep, penetrating understanding of > a new concept. > > Error handling does not just magically disappear from > program logic, even if you use try/catch. In fact, it > is quite easy for code to fall prey to a Split Cleaner > bug pattern when using exception handling. Ken Downs > posted a "gotcha" with exception handling already. > > Try/catch does not eliminate error handling from > program logic. Instead, it does only what it was > originally designed to do: let the caller of the > function determine how to respond to a failure > condition. Explicitly, the caller has greater > responsibility in the call chain, because the calling > function has more contextual knowledge and should be > more able to recover from failure gracefully. > > > > ____________________________________________________________________________________ > Be a better sports nut! Let your teams follow you > with Yahoo Mobile. Try it now. > http://mobile.yahoo.com/sports;_ylt=At9_qDKvtAbMuh1G1SQtBI7ntAcJ > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From ajai at bitblit.net Wed Nov 28 16:23:39 2007 From: ajai at bitblit.net (Ajai Khattri) Date: Wed, 28 Nov 2007 16:23:39 -0500 (EST) Subject: [nycphp-talk] PHP on Nokia In-Reply-To: <20071128202140.GA12797@bnl.gov> Message-ID: On Wed, 28 Nov 2007, Tim Sailer wrote: > http://maemo.org/downloads/product/OS2007/apache/ Cool! A casual search for PHP didn't find anything but maybe its on a different catalog? -- Aj. From ben at projectskyline.com Wed Nov 28 16:32:11 2007 From: ben at projectskyline.com (Ben Sgro (ProjectSkyLine)) Date: Wed, 28 Nov 2007 16:32:11 -0500 Subject: [nycphp-talk] RESTful PHP Frameworks/Libs Message-ID: <024701c83206$22d4c0a0$a66411ac@c500> Hello, I'm going to be building a RESTful php application and wanted to know if anyone has done so and what frameworks or library's they have used. This is purely a web service, no UI at all, so I don't think a full blown framework w/views is necessary. A nice REST library for handling HTTP request's and responses is what I'm looking for. The first link on google is this: http://wiki.jonnay.net/bunny/meditation/meditation which seems cool, but doesn't have much traffic/chatter. Thanks, - Ben -------------- next part -------------- An HTML attachment was scrubbed... URL: From sailer at bnl.gov Wed Nov 28 16:48:31 2007 From: sailer at bnl.gov (Tim Sailer) Date: Wed, 28 Nov 2007 16:48:31 -0500 Subject: [nycphp-talk] PHP on Nokia In-Reply-To: References: <20071128202140.GA12797@bnl.gov> Message-ID: <20071128214831.GC12797@bnl.gov> On Wed, Nov 28, 2007 at 04:23:39PM -0500, Ajai Khattri wrote: > On Wed, 28 Nov 2007, Tim Sailer wrote: > > > http://maemo.org/downloads/product/OS2007/apache/ > > Cool! > > A casual search for PHP didn't find anything but maybe its on a different > catalog? When I get home, I'll look up what repository it's from. I know I saw it... Tim From rmarscher at beaffinitive.com Wed Nov 28 16:54:50 2007 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Wed, 28 Nov 2007 16:54:50 -0500 Subject: [nycphp-talk] RESTful PHP Frameworks/Libs In-Reply-To: <024701c83206$22d4c0a0$a66411ac@c500> References: <024701c83206$22d4c0a0$a66411ac@c500> Message-ID: On Nov 28, 2007, at 4:32 PM, Ben Sgro (ProjectSkyLine) wrote: > I'm going to be building a RESTful php application and wanted to > know if anyone > has done so and what frameworks or library's they have used. This is > purely a web > service, no UI at all, so I don't think a full blown framework w/ > views is necessary. > > A nice REST library for handling HTTP request's and responses is > what I'm looking > for. The webserver handles implementing most of what's required for a RESTful interface. So... you don't exactly need a framework. Just do the appropriate thing on GET/POST/PUT/DELETE requests (which you can determine from php's $_SERVER array). However, you could check out Zend/Rest/Server.php in the Zend_Framework. I haven't used it... but I just glanced through the doc and it looks pretty nice: http://framework.zend.com/manual/en/zend.rest.server.html It doesn't provide a framework for authentication or data persistence via a token or anything (like the way the Amazon API works, for example). Not sure if you need that. It's kind of questionable whether or not it's still a RESTful service in that case (as Rusty would be sure to point out, I'm sure given that previous discussion about sessions). -Rob -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at nopersonal.info Wed Nov 28 16:56:34 2007 From: lists at nopersonal.info (A.) Date: Wed, 28 Nov 2007 16:56:34 -0500 Subject: [nycphp-talk] If/else vs Try/catch In-Reply-To: <829342.26199.qm@web60215.mail.yahoo.com> References: <829342.26199.qm@web60215.mail.yahoo.com> Message-ID: <474DE412.5050906@nopersonal.info> John Zabroski wrote: > --- csnyder wrote: >> Error handling doesn't need to be part of your >> program logic anymore. >> >> -- >> Chris Snyder >> http://chxo.com/ > > Be careful saying that, especially to a newbie. While > experienced programmers presumably understand > statements other experienced programmers like you > make, a newbie might not understand an overly general > statement like the one you just made. I understand > what you are saying, but it is a gross simplification > for someone needing deep, penetrating understanding of > a new concept. Thanks for pointing that out, John. As a lurker & relative newbie who's still struggling to wrap her head around several concepts (esp. security), I understood that error handling couldn't completely go away, but I wasn't real clear on where it moved to with try/catch. I'm still not all that clear on it (I'm a long way away from understanding most of the stuff you guys talk about), but every little revelation helps. Aminah From paulcheung at tiscali.co.uk Wed Nov 28 16:58:30 2007 From: paulcheung at tiscali.co.uk (PaulCheung) Date: Wed, 28 Nov 2007 21:58:30 -0000 Subject: [nycphp-talk] Passing info entered into HTML FORMS into SESSIONvariables. References: <001601c82a1b$5699c220$0300a8c0@X9183> <4740A874.9060402@nyphp.com> Message-ID: <002201c83209$d19e3500$0300a8c0@X9183> I am have a real problem with HTML FORMS and I cannot see where I am going wrong. I make a MySQL call and bring back the required data and populate a HTML page (all working OK) At the bottom of the page I open an HTML FORM the idea being the user may enter what they want and when they hit "SUBMIT" the info is POSTED to an UPDATE_DB subroutine. The HTML FORMS just does not work and I cannot see why not. HTML & PHP CODING HTML & PHP CODING HTML & PHP CODING HTML & PHP CODING EVERYTHING WORKING AS EXPECTED AND REQUIRED UPTO THIS POINT At this point I want the users to enter data and click "SUBMIT" which all happens as expected. AT this point here is the FORMS coding
DESCRIPTION
MAXIMUM FIELD LENGTHS APPLY
ACTUAL OUTPUT:
ACTUAL RESULT:
TEST NOTE :
$prv"); if ($cps == $nr0) { echo " | Next - 135"; } else { if ($nr0 > 1) { echo(" | "); } } echo(" - (Record $x of $y)"); $_SESSION['testno'] = $h; $actualdata = $_POST['actualdata']; $actualresult = $_POST['actualresult']; $testnote = $_POST['testnote']; $_SESSION['actualdata'] = $actualdata; $_SESSION['actualresult'] = $actualresult; $_SESSION['testnote'] = $testnote; if ($v != null) { echo("
PREVIOUS TESTNOTE: " . $v . "
");} ?>
----- Original Message ----- From: "Michael Southwell" To: "NYPHP Talk" Sent: Sunday, November 18, 2007 9:02 PM Subject: Re: [nycphp-talk] Passing info entered into HTML FORMS into SESSIONvariables. > PaulCheung wrote: >> $t = $row['data']; $u = $row['result']; $v = $row['note']; > > How are you populating the $row array? I would have expected this to be: > $t = $_POST['data']; > Doing it this way you should have no problem. And by the way, you don't > need the $t etc variables unless you are using them elsewhere. That would > make it this: > $_SESSION['data'] = $_POST['data']; > > -- > ================= > Michael Southwell > Vice President, Education > NYPHP TRAINING: http://nyphp.com/Training/Indepth > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From chsnyder at gmail.com Wed Nov 28 17:23:07 2007 From: chsnyder at gmail.com (csnyder) Date: Wed, 28 Nov 2007 17:23:07 -0500 Subject: [nycphp-talk] RESTful PHP Frameworks/Libs In-Reply-To: References: <024701c83206$22d4c0a0$a66411ac@c500> Message-ID: On Nov 28, 2007 4:54 PM, Rob Marscher wrote: > The webserver handles implementing most of what's required for a RESTful > interface. So... you don't exactly need a framework. Just do the > appropriate thing on GET/POST/PUT/DELETE requests (which you can determine > from php's $_SERVER array). Heh, Apache+PHP _is_ a REST framework. Okay, I've gotten in enough trouble today. But seriously, you may not need a library unless you're doing something fancy. Getting the data out of PUT requests is a bit tricky... here's some code: switch ($_SERVER['REQUEST_METHOD']) { case 'PUT': /* PUT data comes in on the stdin stream */ $putdata = file_get_contents("php://input"); That worked in php 5.1 on unix, not sure about other versions or platforms. -- Chris Snyder http://chxo.com/ From michael.southwell at nyphp.com Wed Nov 28 18:12:34 2007 From: michael.southwell at nyphp.com (Michael Southwell) Date: Wed, 28 Nov 2007 18:12:34 -0500 Subject: [nycphp-talk] Passing info entered into HTML FORMS into SESSIONvariables. In-Reply-To: <002201c83209$d19e3500$0300a8c0@X9183> References: <001601c82a1b$5699c220$0300a8c0@X9183> <4740A874.9060402@nyphp.com> <002201c83209$d19e3500$0300a8c0@X9183> Message-ID: <474DF5E2.9000202@nyphp.com> PaulCheung wrote: > I am have a real problem with HTML FORMS and I cannot see where I am > going wrong. I make a MySQL call and bring back the required data and > populate a HTML page (all working OK) At the bottom of the page I open > an HTML FORM the idea being the user may enter what they want and when > they hit "SUBMIT" the info is POSTED to an UPDATE_DB subroutine. Right here is where you are going wrong, unless what you have posted below is not an accurate representation of what you are doing. The action in your form is tp_update_tr.php and that is the *only* script where the $_POST variables are available. You are (or appear to be from the code below) attempting to use them in the same script as the form. You need two scripts, a form script and a form-processor script. [yes, I know you can do this in one script, but this is a good example of the issue raised earlier this afternoon about the occasional necessity for the simple version of an explanation.] The > HTML FORMS just does not work and I cannot see why not. > > > > > > > HTML & PHP CODING > HTML & PHP CODING > HTML & PHP CODING > HTML & PHP CODING > > EVERYTHING WORKING AS EXPECTED AND REQUIRED UPTO THIS POINT > At this point I want the users to enter data and click "SUBMIT" which > all happens as expected. AT this point here is the FORMS coding > >
> > > > > > > > > > > > > > > >
DESCRIPTION
MAXIMUM FIELD LENGTHS > APPLY
ACTUAL OUTPUT: value="128">
ACTUAL RESULT: value="255">
TEST NOTE : value="255">
> echo("$prv"); > if ($cps == $nr0) > { echo " | Next - 135"; } > else > { if ($nr0 > 1) > { echo(" | href='help_tp_update.php?cps=$cps&lps=$lps'>"); } > } > echo(" - (Record $x of $y)"); > $_SESSION['testno'] = $h; > $actualdata = $_POST['actualdata']; > $actualresult = $_POST['actualresult']; > $testnote = $_POST['testnote']; > $_SESSION['actualdata'] = $actualdata; > $_SESSION['actualresult'] = $actualresult; > $_SESSION['testnote'] = $testnote; > if ($v != null) > { echo("
PREVIOUS TESTNOTE: " . $v . "
");} > ?> > > > > > > > > > > >
> > | '); PHP?> type="submit">
>
> > > ----- Original Message ----- From: "Michael Southwell" > > To: "NYPHP Talk" > Sent: Sunday, November 18, 2007 9:02 PM > Subject: Re: [nycphp-talk] Passing info entered into HTML FORMS into > SESSIONvariables. > > >> PaulCheung wrote: >>> $t = $row['data']; $u = $row['result']; $v = $row['note']; >> >> How are you populating the $row array? I would have expected this to be: >> $t = $_POST['data']; >> Doing it this way you should have no problem. And by the way, you >> don't need the $t etc variables unless you are using them elsewhere. >> That would make it this: >> $_SESSION['data'] = $_POST['data']; >> >> -- >> ================= >> Michael Southwell >> Vice President, Education >> NYPHP TRAINING: http://nyphp.com/Training/Indepth >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- ================= Michael Southwell Vice President, Education NYPHP TRAINING: http://nyphp.com/Training/Indepth From ramons at gmx.net Wed Nov 28 19:45:58 2007 From: ramons at gmx.net (David Krings) Date: Wed, 28 Nov 2007 19:45:58 -0500 Subject: [nycphp-talk] If/else vs Try/catch In-Reply-To: References: <00f901c831d7$74f74170$a66411ac@c500> <474D9335.2070400@crisscott.com> <012b01c831db$408f2160$a66411ac@c500> Message-ID: <474E0BC6.3030802@gmx.net> csnyder wrote: > Error handling doesn't need to be part of your program logic anymore. I agree, it must be an integral part of the entire design and not just some logic. I suffer every day from crappy error messages, especially from .NET applications. But also browser based apps come along with error messages such as "Error!", "Something went wrong!" or "Try again!". Not even a "please" in there or at least some basic information as to what went wrong. Error handling has to produce the following information: - an error description - information where the error ocurred - information what was expected - information what was provided - information on what to do to overcome the error - and if it helps an ID to reference the error Just puking up some interpreter message just doesn't do it. And before any confusion comes up, I know that doing this type of error handling is utterly annoying and I don't adhere to my mandates either. Error handling doesn't add any functionality to the application, error handlings is neither the meat or the gravy, it is more the napkin and what does that come in handy when something got spilled. David From ramons at gmx.net Wed Nov 28 20:03:04 2007 From: ramons at gmx.net (David Krings) Date: Wed, 28 Nov 2007 20:03:04 -0500 Subject: [nycphp-talk] Passing info entered into HTML FORMS into SESSIONvariables. In-Reply-To: <002201c83209$d19e3500$0300a8c0@X9183> References: <001601c82a1b$5699c220$0300a8c0@X9183> <4740A874.9060402@nyphp.com> <002201c83209$d19e3500$0300a8c0@X9183> Message-ID: <474E0FC8.5060804@gmx.net> PaulCheung wrote: > I am have a real problem with HTML FORMS and I cannot see where I am > going wrong. I make a MySQL call and bring back the required data and > echo("$prv"); > if ($cps == $nr0) > { echo " | Next - 135"; } > else > { if ($nr0 > 1) > { echo(" | href='help_tp_update.php?cps=$cps&lps=$lps'>"); } > } > echo(" - (Record $x of $y)"); > $_SESSION['testno'] = $h; > $actualdata = $_POST['actualdata']; > $actualresult = $_POST['actualresult']; > $testnote = $_POST['testnote']; > $_SESSION['actualdata'] = $actualdata; > $_SESSION['actualresult'] = $actualresult; > $_SESSION['testnote'] = $testnote; > if ($v != null) > { echo("
PREVIOUS TESTNOTE: " . $v . "
");} > ?> I assume the above is the script that receives the data via $_SESSION, correct? Is that all in one file or is that PHP code quoted above in a new file? I recommend splitting things either into separate files or into individual functions that get called from a switch statement. If you do the latter get an IDE with code folding so that you can get a handle on the mammouth file. The reason for this is either separating logic from the display portion or creating functional blocks that can be easily tested. My guess is that you cannot access $_SESSION because you did not pick up the session with session_start() the second time around. Any time you have a script that wants to get something from or write something to $_SESSION you need to start or continue a session. You do not need to specify the session ID upon restart, PHP figures that out for you. I recommend replacing your db update script with this cheesy test code: ".$_SESSION.""; ?> That prints out the contents of $_SESSION. If there is nothing or not the expected in there then setting the values in $_SESSION failed. Also, > > has an "A" to many in "BOARDER", but that shouldn't be the cause for the failure with the session. Further, I do not see any of the variables getting initialized. I also cannot see what the content of $v is supposed to be. I recommend that you use descriptive variable names and add commentary to your source code. There is nothing commented and that is one reason why you probably have a tough time with finding the problem. Lastly, one nice way to track values is making use of a debugger. I even spent money on an IDE with a decent debugger implementation although I am a cheap bastard when it comes to software. David From ben at projectskyline.com Wed Nov 28 20:25:57 2007 From: ben at projectskyline.com (Ben Sgro (ProjectSkyLine)) Date: Wed, 28 Nov 2007 20:25:57 -0500 Subject: [nycphp-talk] RESTful PHP Frameworks/Libs References: <024701c83206$22d4c0a0$a66411ac@c500> Message-ID: <002601c83226$cb493de0$6b01a8c0@c500> All, Let me be more vague. I'm looking for php code for routing, request handling, response generation that I can use to see how others have done REST in php. Something, somewhere in the app I'm working on has to route incomming requests to the appropriate place. I've seen sample code in ruby and java. Its not complicated, but I want to see how others have done it in PHP and also the verbage and directory structures they are using. And just overal architecural guidelines to construcing RESTful applications. I just finished the ORLY REST book and I've read a bunch of other REST papers. I just started fieldings' disseration as well. I will checkout Zend's REST. Thanks. Side note: I'm pretty sure that sessions break RESTfulness. - Ben ----- Original Message ----- From: Rob Marscher To: NYPHP Talk Sent: Wednesday, November 28, 2007 4:54 PM Subject: Re: [nycphp-talk] RESTful PHP Frameworks/Libs On Nov 28, 2007, at 4:32 PM, Ben Sgro (ProjectSkyLine) wrote: I'm going to be building a RESTful php application and wanted to know if anyone has done so and what frameworks or library's they have used. This is purely a web service, no UI at all, so I don't think a full blown framework w/views is necessary. A nice REST library for handling HTTP request's and responses is what I'm looking for. The webserver handles implementing most of what's required for a RESTful interface. So... you don't exactly need a framework. Just do the appropriate thing on GET/POST/PUT/DELETE requests (which you can determine from php's $_SERVER array). However, you could check out Zend/Rest/Server.php in the Zend_Framework. I haven't used it... but I just glanced through the doc and it looks pretty nice: http://framework.zend.com/manual/en/zend.rest.server.html It doesn't provide a framework for authentication or data persistence via a token or anything (like the way the Amazon API works, for example). Not sure if you need that. It's kind of questionable whether or not it's still a RESTful service in that case (as Rusty would be sure to point out, I'm sure given that previous discussion about sessions). -Rob ------------------------------------------------------------------------------ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From danielc at analysisandsolutions.com Wed Nov 28 20:48:02 2007 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Wed, 28 Nov 2007 20:48:02 -0500 Subject: [nycphp-talk] If/else vs Try/catch In-Reply-To: <474DAB11.8020007@secdat.com> References: <012b01c831db$408f2160$a66411ac@c500> <016401c831e6$576a9120$a66411ac@c500> <474DAB11.8020007@secdat.com> Message-ID: <20071129014802.GA12243@panix.com> On Wed, Nov 28, 2007 at 12:53:21PM -0500, Kenneth Downs wrote: > > function try_include($filename) { > try { > include($filename); > } > catch Exception(e) { > echo "Problem trying to include file!"; > return false; > } > return true; > } Huh? include(), and most of PHP's native procedural functions, does not throw an exception. So the try/catch in your example does nothing. You _could_ do something along these lines, though... function try_include($file) { ini_set('track_errors', 1); $php_errormsg = ''; $result = @include($file); if ($php_errormsg != '') { throw new Exception('Problem including ' . $file); } return $result; } try { try_include('exists.inc'); try_include('does_not_exist.inc'); } catch (Exception $e) { echo $e->getMessage(); exit; } --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From danielc at analysisandsolutions.com Wed Nov 28 20:53:10 2007 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Wed, 28 Nov 2007 20:53:10 -0500 Subject: [nycphp-talk] If/else vs Try/catch In-Reply-To: <01a501c831ed$33a60e70$a66411ac@c500> References: <01a501c831ed$33a60e70$a66411ac@c500> Message-ID: <20071129015310.GB12243@panix.com> Hi Ben: On Wed, Nov 28, 2007 at 01:33:42PM -0500, Ben Sgro (ProjectSkyLine) wrote: > > Which allows to me handle Exceptions two ways, one for internal logging > and one for display to the user. I'll read the link you posted as well. Or you can do what we do on my job. We use one exception class. What it does upon exception depends on settings. It can log, email, or print. Another setting is used to indicate whether or not the backtrace should be included in the debug output. --Dan ... snip ... -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From greg.rundlett at gmail.com Wed Nov 28 21:33:17 2007 From: greg.rundlett at gmail.com (Greg Rundlett) Date: Wed, 28 Nov 2007 21:33:17 -0500 Subject: [nycphp-talk] If/else vs Try/catch In-Reply-To: <20071129015310.GB12243@panix.com> References: <01a501c831ed$33a60e70$a66411ac@c500> <20071129015310.GB12243@panix.com> Message-ID: <5e2aaca40711281833g79c9d7ackf5b9a7c8cb84058@mail.gmail.com> On Nov 28, 2007 8:53 PM, Daniel Convissor wrote: > Hi Ben: > > On Wed, Nov 28, 2007 at 01:33:42PM -0500, Ben Sgro (ProjectSkyLine) wrote: > > > > Which allows to me handle Exceptions two ways, one for internal logging > > and one for display to the user. I'll read the link you posted as well. > > Or you can do what we do on my job. We use one exception class. What it > does upon exception depends on settings. It can log, email, or print. > Another setting is used to indicate whether or not the backtrace should > be included in the debug output. > > --Dan > For a good look at reusable code for exception handling in PHP, look at PEAR. The exception-handling class is a feature of the base 'PEAR' package http://pear.php.net/package/PEAR http://cvs.php.net/viewvc.cgi/pear-core/PEAR/Exception.php?view=markup http://pear.php.net/package/PEAR/docs/latest/PEAR/PEAR_Exception.html (note to newbies/all in the early days, it used to be called the PEAR 'Error' class, so don't be confused if you find some older tutorials etc. describing that. With the release of PHP5 three years ago, we got exceptions, and so now the PEAR Exception class supercedes the former.) > ... snip ... > > -- > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > data intensive web and database programming > http://www.AnalysisAndSolutions.com/ > 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 > _______________________________________________ > > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email? From paulcheung at tiscali.co.uk Thu Nov 29 02:00:13 2007 From: paulcheung at tiscali.co.uk (PaulCheung) Date: Thu, 29 Nov 2007 07:00:13 -0000 Subject: [nycphp-talk] Passing info entered into HTML FORMS into SESSIONvariables. References: <001601c82a1b$5699c220$0300a8c0@X9183> <4740A769.8090200@gmx.net> Message-ID: <000501c83255$7dd37c40$0300a8c0@X9183> Hi David, Please re-email me your last email to me as the last one went straight into my junk folder and was deleted without being read Ta! Paul From avidenie at gmail.com Thu Nov 29 04:41:57 2007 From: avidenie at gmail.com (Adrian Videnie) Date: Thu, 29 Nov 2007 11:41:57 +0200 Subject: [nycphp-talk] RESTful PHP Frameworks/Libs In-Reply-To: <002601c83226$cb493de0$6b01a8c0@c500> References: <024701c83206$22d4c0a0$a66411ac@c500> <002601c83226$cb493de0$6b01a8c0@c500> Message-ID: <474E8965.3090506@gmail.com> Ben Sgro (ProjectSkyLine) wrote: > Let me be more vague. I'm looking for php code for routing, request > handling, > response generation that I can use to see how others have done REST in > php. You might want to try http://www.konstrukt.dk/. Also, take a look here: http://semwebdev.keithalexander.co.uk/blog/posts/rest-frameworks-php. Good luck! Adrian From urb at e-government.com Thu Nov 29 08:19:02 2007 From: urb at e-government.com (Urb LeJeune) Date: Thu, 29 Nov 2007 08:19:02 -0500 Subject: [nycphp-talk] Include vs Include_once In-Reply-To: <024701c83206$22d4c0a0$a66411ac@c500> References: <024701c83206$22d4c0a0$a66411ac@c500> Message-ID: <7.0.1.0.2.20071129081400.02a68440@e-government.com> My php.ini configuration is set to look for an include in the currently accessed directory and then in /usr/local/include. A contractor just delivered a program that works just fine if the include_once() files are in the same directory as the application but blows up if they files are not in the same directory but are in /usr/local/include. The only think I can see that is different is that he is using include_once() where I use include(). Also, one instance of include_once() is nested. Does any know if either the include_once() or a nested include_once affect how the php.ini include path is affected? Thanks Urb Dr. Urban A. LeJeune, President E-Government.com 800-204-9545 E-Government,com lowers you costs while increasing your expectations. From dcech at phpwerx.net Thu Nov 29 08:27:28 2007 From: dcech at phpwerx.net (Dan Cech) Date: Thu, 29 Nov 2007 08:27:28 -0500 Subject: [nycphp-talk] Include vs Include_once In-Reply-To: <7.0.1.0.2.20071129081400.02a68440@e-government.com> References: <024701c83206$22d4c0a0$a66411ac@c500> <7.0.1.0.2.20071129081400.02a68440@e-government.com> Message-ID: <474EBE40.9090101@phpwerx.net> Urb LeJeune wrote: > My php.ini configuration is set to look for an include in the > currently accessed directory and then in /usr/local/include. A > contractor just delivered a program that works just fine if the > include_once() files are in the same directory as the application > but blows up if they files are not in the same directory but are > in /usr/local/include. > > The only think I can see that is different is that he is using > include_once() where I use include(). Also, one instance of > include_once() is nested. > > Does any know if either the include_once() or a nested > include_once affect how the php.ini include path is affected? Urb, 1. It sounds like you may have a naming conflict, are any of the new files include()ing files with names that already exist in /usr/local/include? Posting the exact content of your include_path setting may also help, and I would check to make sure that it isn't being overridden in the vhost, .htaccess or via ini_set. 2. Please don't start a new topic by replying to an existing thread and changing the subject line, this breaks threading in most modern email clients. Dan From ben at projectskyline.com Thu Nov 29 08:41:51 2007 From: ben at projectskyline.com (Ben Sgro (ProjectSkyLine)) Date: Thu, 29 Nov 2007 08:41:51 -0500 Subject: [nycphp-talk] RESTful PHP Frameworks/Libs References: <024701c83206$22d4c0a0$a66411ac@c500> <002601c83226$cb493de0$6b01a8c0@c500> <474E8965.3090506@gmail.com> Message-ID: <002501c8328d$98b140f0$a66411ac@c500> Hello Adrian, Thanks, I'll check the links out today! - Ben ----- Original Message ----- From: "Adrian Videnie" To: "NYPHP Talk" Sent: Thursday, November 29, 2007 4:41 AM Subject: Re: [nycphp-talk] RESTful PHP Frameworks/Libs > Ben Sgro (ProjectSkyLine) wrote: >> Let me be more vague. I'm looking for php code for routing, request >> handling, >> response generation that I can use to see how others have done REST in >> php. > You might want to try http://www.konstrukt.dk/. > Also, take a look here: > http://semwebdev.keithalexander.co.uk/blog/posts/rest-frameworks-php. > > Good luck! > > Adrian > > > > > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From chsnyder at gmail.com Thu Nov 29 11:24:15 2007 From: chsnyder at gmail.com (csnyder) Date: Thu, 29 Nov 2007 11:24:15 -0500 Subject: [nycphp-talk] Konstrukt thoughts Message-ID: On Nov 29, 2007 4:41 AM, Adrian Videnie wrote: > > You might want to try http://www.konstrukt.dk/. > Konstrukt looks interesting. Have you used it? It claims to be lightweight and un-framework-y but I think it is just "different", rather than conceptually simpler. -- Chris Snyder http://chxo.com/ From ben at projectskyline.com Thu Nov 29 11:32:15 2007 From: ben at projectskyline.com (Ben Sgro (ProjectSkyLine)) Date: Thu, 29 Nov 2007 11:32:15 -0500 Subject: [nycphp-talk] Konstrukt thoughts References: Message-ID: <00d601c832a5$66bc7ac0$a66411ac@c500> Funny you mention that, I was just browing the SVN repo, checking out the code. I am really most interested in the classes for redirect, request, & response, here: http://konstrukt.svn.sourceforge.net/viewvc/konstrukt/trunk/lib/k/http/ The source for Tonic looks really good too: http://tonic.svn.sourceforge.net/viewvc/tonic/trunk/lib/ I'm leaning toward Tonic. I'd like to here experiances w/these Frameworks as well. - Ben ----- Original Message ----- From: "csnyder" To: "NYPHP Talk" Sent: Thursday, November 29, 2007 11:24 AM Subject: [nycphp-talk] Konstrukt thoughts > On Nov 29, 2007 4:41 AM, Adrian Videnie wrote: >> >> You might want to try http://www.konstrukt.dk/. >> > > Konstrukt looks interesting. Have you used it? > > It claims to be lightweight and un-framework-y but I think it is just > "different", rather than conceptually simpler. > > -- > Chris Snyder > http://chxo.com/ > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From cliff at pinestream.com Thu Nov 29 14:43:58 2007 From: cliff at pinestream.com (Cliff Hirsch) Date: Thu, 29 Nov 2007 14:43:58 -0500 Subject: [nycphp-talk] Is $_Cookie['original_url'] == $_Server['request_uri'] ? Message-ID: Is $_Cookie['original_url'] == $_Server['request_uri'], less the http://domain.com stuff? Is one more reliable for getting the URI of a request? Cliff -------------- next part -------------- An HTML attachment was scrubbed... URL: From paulcheung at tiscali.co.uk Thu Nov 29 16:37:09 2007 From: paulcheung at tiscali.co.uk (PaulCheung) Date: Thu, 29 Nov 2007 21:37:09 -0000 Subject: [nycphp-talk] Passing info entered into HTML FORMS intoSESSIONvariables. References: <001601c82a1b$5699c220$0300a8c0@X9183> <4740A874.9060402@nyphp.com><002201c83209$d19e3500$0300a8c0@X9183> <474DF5E2.9000202@nyphp.com> Message-ID: <000901c832d0$001ac580$0300a8c0@X9183> Thanks Micheal, Thanks to you it appears to be working now, the coding is true, the information is being passed Here is the coding for "tp_update_tr.php" which is being used to verify info passing (messy and not elegant but useful for testing) "); echo('================' . "
"); echo('$self = ' . $self . "
"); echo('$referer = ' . $referer . "
"); echo('$access = ' . $access . "
"); echo('$nr0 = ' . $nr0 . "
"); echo('$testno = ' . $testno . "
"); echo('$actualdata = ' . $actualdata . "
"); echo('$actualresult = ' . $actualresult . "
"); echo('$testnote = ' . $testnote . "
"); PHP?> ----- Original Message ----- From: "Michael Southwell" To: "NYPHP Talk" Sent: Wednesday, November 28, 2007 11:12 PM Subject: Re: [nycphp-talk] Passing info entered into HTML FORMS intoSESSIONvariables. > PaulCheung wrote: >> I am have a real problem with HTML FORMS and I cannot see where I am >> going wrong. I make a MySQL call and bring back the required data and >> populate a HTML page (all working OK) At the bottom of the page I open an >> HTML FORM the idea being the user may enter what they want and when they >> hit "SUBMIT" the info is POSTED to an UPDATE_DB subroutine. > > Right here is where you are going wrong, unless what you have posted below > is not an accurate representation of what you are doing. The action in > your form is tp_update_tr.php and that is the *only* script where the > $_POST variables are available. You are (or appear to be from the code > below) attempting to use them in the same script as the form. You need two > scripts, a form script and a form-processor script. > > [yes, I know you can do this in one script, but this is a good example of > the issue raised earlier this afternoon about the occasional necessity for > the simple version of an explanation.] > > > The >> HTML FORMS just does not work and I cannot see why not. >> >> >> >> >> >> >> HTML & PHP CODING >> HTML & PHP CODING >> HTML & PHP CODING >> HTML & PHP CODING >> >> EVERYTHING WORKING AS EXPECTED AND REQUIRED UPTO THIS POINT >> At this point I want the users to enter data and click "SUBMIT" which all >> happens as expected. AT this point here is the FORMS coding >> >>
>>
>> >> >> >> >> >> >> >> >> >> >> >> >> >> >>
DESCRIPTION
MAXIMUM FIELD LENGTHS >> APPLY
ACTUAL OUTPUT:> value="128">
ACTUAL RESULT:> value="255">
TEST NOTE :> value="255">
>> > echo("$prv"); >> if ($cps == $nr0) >> { echo " | Next - 135"; } >> else >> { if ($nr0 > 1) >> { echo(" | "); } >> } >> echo(" - (Record $x of $y)"); >> $_SESSION['testno'] = $h; >> $actualdata = $_POST['actualdata']; >> $actualresult = $_POST['actualresult']; >> $testnote = $_POST['testnote']; >> $_SESSION['actualdata'] = $actualdata; >> $_SESSION['actualresult'] = $actualresult; >> $_SESSION['testnote'] = $testnote; >> if ($v != null) >> { echo("
PREVIOUS TESTNOTE: " . $v . "
");} >> ?> >> >> >> >> >> >> >> >> >> >> >>
> > >> > | '); PHP?>> type="submit">
>> >> >> >> ----- Original Message ----- From: "Michael Southwell" >> >> To: "NYPHP Talk" >> Sent: Sunday, November 18, 2007 9:02 PM >> Subject: Re: [nycphp-talk] Passing info entered into HTML FORMS into >> SESSIONvariables. >> >> >>> PaulCheung wrote: >>>> $t = $row['data']; $u = $row['result']; $v = $row['note']; >>> >>> How are you populating the $row array? I would have expected this to >>> be: >>> $t = $_POST['data']; >>> Doing it this way you should have no problem. And by the way, you don't >>> need the $t etc variables unless you are using them elsewhere. That >>> would make it this: >>> $_SESSION['data'] = $_POST['data']; >>> >>> -- >>> ================= >>> Michael Southwell >>> Vice President, Education >>> NYPHP TRAINING: http://nyphp.com/Training/Indepth >>> _______________________________________________ >>> New York PHP Community Talk Mailing List >>> http://lists.nyphp.org/mailman/listinfo/talk >>> >>> NYPHPCon 2006 Presentations Online >>> http://www.nyphpcon.com >>> >>> Show Your Participation in New York PHP >>> http://www.nyphp.org/show_participation.php >> >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> > > > -- > ================= > Michael Southwell > Vice President, Education > NYPHP TRAINING: http://nyphp.com/Training/Indepth > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From chsnyder at gmail.com Thu Nov 29 19:58:51 2007 From: chsnyder at gmail.com (csnyder) Date: Thu, 29 Nov 2007 19:58:51 -0500 Subject: [nycphp-talk] Is $_Cookie['original_url'] == $_Server['request_uri'] ? In-Reply-To: References: Message-ID: On Nov 29, 2007 2:43 PM, Cliff Hirsch wrote: > > Is $_Cookie['original_url'] == $_Server['request_uri'], less the > http://domain.com stuff? > > Is one more reliable for getting the URI of a request? I'm pretty sure PHP doesn't auto-populate values in the $_COOKIE superglobal... something else (php, other application at your domain, or javascript) set the 'original_url' value in the cookie. -- Chris Snyder http://chxo.com/ From nelly at cgim.com Thu Nov 29 22:41:17 2007 From: nelly at cgim.com (Nelly Yusupova) Date: Thu, 29 Nov 2007 22:41:17 -0500 Subject: [nycphp-talk] Error from PHP system function Message-ID: <200711300341.lAU3fMn8011121@ms-smtp-01.rdc-nyc.rr.com> Hello Everyone, I am using a system function to execute a command via php. We have recently changed servers and after the change, the system function started to fail with an error return value of 126. I can execute the command that I'm passing to the function at the server command line and everything runs successfully. Does anyone know what the return number 126 means? Thank you in advance. Sincerely, Nelly Yusupova Webgrrls International nelly at cgim.com 917 603-9226 (phone) http://www.webgrrls.com *************************************************************** JOIN WEBGRRLS AT THE NYC WEBGRRLS HOLIDAY CELEBRATION ON DECEMBER 6TH! For more details and to RSVP, go to: http://www.webgrrls.com/newyork-ny/ *************************************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: From danielc at analysisandsolutions.com Thu Nov 29 23:11:09 2007 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Thu, 29 Nov 2007 23:11:09 -0500 Subject: [nycphp-talk] Include vs Include_once In-Reply-To: <7.0.1.0.2.20071129081400.02a68440@e-government.com> References: <024701c83206$22d4c0a0$a66411ac@c500> <7.0.1.0.2.20071129081400.02a68440@e-government.com> Message-ID: <20071130041108.GA19524@panix.com> Urb: On Thu, Nov 29, 2007 at 08:19:02AM -0500, Urb LeJeune wrote: > include_once() files are in the same directory as the application > but blows up if they files are not in the same directory but are > in /usr/local/include. What exactly happens when it "blows up?" Are your includes silenced by @'s? If so, remove the @'s in order to get the PHP errors to show up. include_once is a real performance drag. You should use better program logic to make it possible to use a regular include call. Also, provide a full path to the file name. This avoids looking at the include_path all together, making things clearer and faster. Mr Chech may be onto something: you may have two scripts with the same name. You think you're including one but you're actually getting the other. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From jcampbell1 at gmail.com Fri Nov 30 00:13:14 2007 From: jcampbell1 at gmail.com (John Campbell) Date: Fri, 30 Nov 2007 00:13:14 -0500 Subject: [nycphp-talk] Include vs Include_once In-Reply-To: <20071130041108.GA19524@panix.com> References: <024701c83206$22d4c0a0$a66411ac@c500> <7.0.1.0.2.20071129081400.02a68440@e-government.com> <20071130041108.GA19524@panix.com> Message-ID: <8f0676b40711292113j7191a7d9x979b3e9cc4a3c2ee@mail.gmail.com> > include_once is a real performance drag. You should use better program > logic to make it possible to use a regular include call. That is news to me. Why is include_once a performance drag? What is the better programming logic, that doesn't just duplicate the behavior? I have always just used include_once because it is more similar to the import statement from other languages. My assumption is that calling include_once hundreds of times on the same file, is not as bad as accidentally importing twice, but I don't have any data to back that up. Regards, John Campbell From tom at supertom.com Fri Nov 30 00:57:31 2007 From: tom at supertom.com (Tom Melendez) Date: Thu, 29 Nov 2007 21:57:31 -0800 Subject: [nycphp-talk] Error from PHP system function In-Reply-To: <200711300341.lAU3fMn8011121@ms-smtp-01.rdc-nyc.rr.com> References: <200711300341.lAU3fMn8011121@ms-smtp-01.rdc-nyc.rr.com> Message-ID: <117286890711292157l7b0097fq75e26c2f905405de@mail.gmail.com> > > I can execute the command that I'm passing to the function at the server > command line and everything runs successfully. Don't know what 126 is off-hand, but when you say run at the command line, are you running it as the same user as the web server? Tom http://www.liphp.org From jcampbell1 at gmail.com Fri Nov 30 01:51:43 2007 From: jcampbell1 at gmail.com (John Campbell) Date: Fri, 30 Nov 2007 01:51:43 -0500 Subject: [nycphp-talk] Error from PHP system function In-Reply-To: <200711300341.lAU3fMn8011121@ms-smtp-01.rdc-nyc.rr.com> References: <200711300341.lAU3fMn8011121@ms-smtp-01.rdc-nyc.rr.com> Message-ID: <8f0676b40711292251w1b995685wae00da1d06022451@mail.gmail.com> > I am using a system function to execute a command via php. We have recently > changed servers and after the change, the system function started to fail > with an error return value of 126. > > I can execute the command that I'm passing to the function at the server > command line and everything runs successfully. > > Does anyone know what the return number 126 means? I think it means command not found. I suspect the problem is because the php environment is different than the command line environment. Check the PATH. Regards, John Campbell From rmarscher at beaffinitive.com Fri Nov 30 02:04:30 2007 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Fri, 30 Nov 2007 02:04:30 -0500 Subject: [nycphp-talk] Include vs Include_once In-Reply-To: <8f0676b40711292113j7191a7d9x979b3e9cc4a3c2ee@mail.gmail.com> References: <024701c83206$22d4c0a0$a66411ac@c500> <7.0.1.0.2.20071129081400.02a68440@e-government.com> <20071130041108.GA19524@panix.com> <8f0676b40711292113j7191a7d9x979b3e9cc4a3c2ee@mail.gmail.com> Message-ID: On Nov 30, 2007, at 12:13 AM, John Campbell wrote: >> include_once is a real performance drag. You should use better >> program >> logic to make it possible to use a regular include call. > > That is news to me. Why is include_once a performance drag? This is a pretty controversial topic. The theory about include_once being a performance drag is because it has to do file system checks to get the real path of the file to make sure it hasn't already included it. There were major issues with this in early versions of PHP5, but has since been resolved. > What is the better programming logic, that doesn't just duplicate > the behavior? I find it difficult to not use include_once/require_once in a large application. You can use __autoload or something like this: if (!class_exists('SomeClass') { require 'SomeClass.php'; } or if (!function_exists('SomeFunction') { require 'SomeLibrary.php'; } That requires some good naming conventions and file system mapping to create efficiently. Otherwise you end up with some crazy switch statement. In addition to that, it puts conditional logic around the includes. From what I understand, opcode caches like APC scan the code for includes to cache, but won't use the cache very well if the include is inside any kind of conditional logic. Therefore, I've stuck with my include_once/require_once statements which are almost all outside of any conditional logic. But this whole thing has been hazy to me and I have a feeling the php internal developers might have conflicting feelings on it. I just did a little web searching and found this guys blog. Pretty cool stuff... he obviously knows what's going on here. I recommend reading all the posts from bottom to top. Almost half of them apply to this include problem. He wrote a tool that analyzes your code to determine how the Zend engine and APC are handling your includes. It's called Inclued: http://t3.dotgnu.info/blog/php/ From cliff at pinestream.com Fri Nov 30 09:54:14 2007 From: cliff at pinestream.com (Cliff Hirsch) Date: Fri, 30 Nov 2007 09:54:14 -0500 Subject: [nycphp-talk] Form action submission trickery Message-ID: I like to use
From brian at realm3.com Fri Nov 30 12:08:29 2007 From: brian at realm3.com (Brian D.) Date: Fri, 30 Nov 2007 12:08:29 -0500 Subject: [nycphp-talk] Form action submission trickery In-Reply-To: References: Message-ID: I don't know the answer of whether or not it's reliable, but could you use $_SERVER['PHP_SELF']? (Which leads to the question, is PHP_SELF safe to use, or should you escape it?) - B. On Nov 30, 2007 9:54 AM, Cliff Hirsch wrote: > > I like to use "self" and capture the current URI, including query string. It's nice to > have this info for later processing for idempotent stuff, redirects, etc. > > But, my question ? can I count on it? > > The W3C says: > > action = uri [CT] > This attribute specifies a form processing agent. User agent behavior > for a value other than an HTTP URI is undefined. > > I translate this to mean action = "" is not recommended, although I have > never experienced a problem in IE or FireFox. From what I have seen, if the > form method is 'get', a duplicate value in the query string will be > overridden by the form input element. And for posts, php nicely fills both > the post and get superglobals. > > So can I count of this behavior? > > Cliff > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- realm3 web applications [realm3.com] freelance consulting, application development (423) 506-0349 From dcech at phpwerx.net Fri Nov 30 12:25:36 2007 From: dcech at phpwerx.net (Dan Cech) Date: Fri, 30 Nov 2007 12:25:36 -0500 Subject: [nycphp-talk] Form action submission trickery In-Reply-To: References: Message-ID: <47504790.2050606@phpwerx.net> Cliff Hirsch wrote: > I like to use and capture the current URI, including query string. It?s nice to have this > info for later processing for idempotent stuff, redirects, etc. > > But, my question ? can I count on it? > > The W3C says: > > action = uri [CT] > This attribute specifies a form processing agent. User agent behavior > for a value other than an HTTP URI is undefined. > > I translate this to mean action = ?? is not recommended, although I have > never experienced a problem in IE or FireFox. From what I have seen, if the > form method is ?get?, a duplicate value in the query string will be > overridden by the form input element. And for posts, php nicely fills both > the post and get superglobals. > > So can I count of this behavior? Technically using an empty string for the form action isn't correct, however you could probably achieve the same effect using: print ' For the record, using PHP_SELF or other URI-related entries in $_SERVER should be approached with extreme caution, as you never know what you're likely to find there. HTH, Dan From jcampbell1 at gmail.com Fri Nov 30 12:46:40 2007 From: jcampbell1 at gmail.com (John Campbell) Date: Fri, 30 Nov 2007 12:46:40 -0500 Subject: [nycphp-talk] Form action submission trickery In-Reply-To: References: Message-ID: <8f0676b40711300946r1b37749eg7f7e88bd088ca85d@mail.gmail.com> An empty URI, is a valid URI that just means the current URI. It is perfectly safe. I use it on most every method="post" form, it doesn't make sense if method="get" see: http://www.ietf.org/rfc/rfc2396.txt section 4.2 > (Which leads to the question, is PHP_SELF safe to use, or should you escape it?) Of course you have to escape it. Type the following into Google and notice how many times it appears in the html - url, input box, pagination etc. Cheers, John Campbell From cliff at pinestream.com Fri Nov 30 13:28:30 2007 From: cliff at pinestream.com (Cliff Hirsch) Date: Fri, 30 Nov 2007 13:28:30 -0500 Subject: [nycphp-talk] Form action submission trickery In-Reply-To: <8f0676b40711300946r1b37749eg7f7e88bd088ca85d@mail.gmail.com> Message-ID: On 11/30/07 12:46 PM, "John Campbell" wrote: > An empty URI, is a valid URI that just means the current URI. > see: http://www.ietf.org/rfc/rfc2396.txt section 4.2 Really?! Perfect. That's the answer I was hoping for. This section states is clearly. > it doesn't make sense if method="get" True, but I have found that get input variables will override anything that happens to be in the url query. I find few instances where a get form makes much sense anyway, other than filtering/searching. >> (Which leads to the question, is PHP_SELF safe to use, or should you escape >> it?) > > Of course you have to escape it. Which begs the question htmlspecialcharacters or htmlentities. I err on the side of caution, using a single escaping function, to be consistent, that calls htmlentities with the appropriate character set and ENT_QUOTES. From ramons at gmx.net Fri Nov 30 15:13:16 2007 From: ramons at gmx.net (David Krings) Date: Fri, 30 Nov 2007 15:13:16 -0500 Subject: [nycphp-talk] Form action submission trickery In-Reply-To: References: Message-ID: <47506EDC.1000903@gmx.net> Cliff Hirsch wrote: > True, but I have found that get input variables will override anything that > happens to be in the url query. I find few instances where a get form makes > much sense anyway, other than filtering/searching. I found get to be quite handy when there is a need to embed functionality into post forms. Example: I once created an MP3 admin and listening systems. It has a search function that allows for selecting MP3s to be added to a playlist. What I wanted as well is to have the ability to listen quickly to one MP3 from the list. That required using a get that passes on the ID of the db record to a script that comes up in a pop-up window that includes the flash based MP3 player that plays this one MP3. Using a post would have submitted the whole form to the action script, but not to the pop-up. OK, that is not really a get form as there are no form elements, but it changed my perception of get quite a bit. Before then I found it to be utterly useless. David From jcampbell1 at gmail.com Fri Nov 30 16:01:41 2007 From: jcampbell1 at gmail.com (John Campbell) Date: Fri, 30 Nov 2007 16:01:41 -0500 Subject: [nycphp-talk] Form action submission trickery In-Reply-To: References: <8f0676b40711300946r1b37749eg7f7e88bd088ca85d@mail.gmail.com> Message-ID: <8f0676b40711301301r61f58a9ah371b77438a8ba144@mail.gmail.com> > Which begs the question htmlspecialcharacters or htmlentities. I err on the > side of caution, using a single escaping function, to be consistent, that > calls htmlentities with the appropriate character set and ENT_QUOTES. I have always just used htmlspecialchars. htmlentities feels like a bad idea if your content is primarily non-roman characters. The html would be unreadable, and I suspect there would be a noticeable performance hit. The goal is to prevent content from being treated as code, which is exactly what htmlspecialchars does. I don't bother to specify the character set, because it only really matters for htmlspecialchars if you are using something bizarre like BIG5 or UTF-16/32. UTF-8 and ISO-8859-* are the same for all relevant characters. If you specify UTF-8, php will check to see if the string is valid UTF-8 which is unnecessary. -john c. From nelly at cgim.com Fri Nov 30 16:04:04 2007 From: nelly at cgim.com (Nelly Yusupova) Date: Fri, 30 Nov 2007 16:04:04 -0500 Subject: [nycphp-talk] Error from PHP system function In-Reply-To: <8f0676b40711292251w1b995685wae00da1d06022451@mail.gmail.com> Message-ID: <200711302104.lAUL48t8022068@ms-smtp-03.rdc-nyc.rr.com> I am using the full path to the function so I don't think a PATH is relevant. Am I wrong?? Nelly. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of John Campbell Sent: Friday, November 30, 2007 1:52 AM To: NYPHP Talk Subject: Re: [nycphp-talk] Error from PHP system function > I am using a system function to execute a command via php. We have > recently changed servers and after the change, the system function > started to fail with an error return value of 126. > > I can execute the command that I'm passing to the function at the > server command line and everything runs successfully. > > Does anyone know what the return number 126 means? I think it means command not found. I suspect the problem is because the php environment is different than the command line environment. Check the PATH. Regards, John Campbell _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From jcampbell1 at gmail.com Fri Nov 30 16:12:34 2007 From: jcampbell1 at gmail.com (John Campbell) Date: Fri, 30 Nov 2007 16:12:34 -0500 Subject: [nycphp-talk] Error from PHP system function In-Reply-To: <200711302104.lAUL48t8022068@ms-smtp-03.rdc-nyc.rr.com> References: <8f0676b40711292251w1b995685wae00da1d06022451@mail.gmail.com> <200711302104.lAUL48t8022068@ms-smtp-03.rdc-nyc.rr.com> Message-ID: <8f0676b40711301312j1c5f4cf8k5ad6225d10c6f1a@mail.gmail.com> > I am using the full path to the function so I don't think a PATH is > relevant. Am I wrong?? Actually, I am not quite sure what you mean by "function", I thought you meant you are calling an external command line script. Can you post the line of code that is causing the problem? From nelly at cgim.com Fri Nov 30 16:29:03 2007 From: nelly at cgim.com (Nelly Yusupova) Date: Fri, 30 Nov 2007 16:29:03 -0500 Subject: [nycphp-talk] Error from PHP system function In-Reply-To: <8f0676b40711301312j1c5f4cf8k5ad6225d10c6f1a@mail.gmail.com> Message-ID: <200711302129.lAULT7TU017462@ms-smtp-04.rdc-nyc.rr.com> Here is the command that I'm trying to execute..... system ("/usr/bin/wget -P/tmp --post-data 'subscribees=$email&adminpw=$password&send_welcome_msg_to_this_batch=0&send_ notifications_to_list_owner=0' http://www.emdrhap.org/mailman/admin/$list/members/add", $returnval); Nelly. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of John Campbell Sent: Friday, November 30, 2007 4:13 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Error from PHP system function > I am using the full path to the function so I don't think a PATH is > relevant. Am I wrong?? Actually, I am not quite sure what you mean by "function", I thought you meant you are calling an external command line script. Can you post the line of code that is causing the problem? _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From johnzabroski at yahoo.com Fri Nov 30 16:30:48 2007 From: johnzabroski at yahoo.com (John Zabroski) Date: Fri, 30 Nov 2007 13:30:48 -0800 (PST) Subject: [nycphp-talk] Form action submission trickery In-Reply-To: Message-ID: <610987.62211.qm@web60216.mail.yahoo.com> Someone already posted RFC 2396. Yet, RFC 2396 is NOT the only RFC that defines URIs! In fact, it is an *OLD* RFC! Please refer to RFC 3986, as it is the RFC currently referenced Uniform Resource Iidentifier: Generic Syntax by the Namespaces in XML 1.0 Standard. http://www.w3.org/TR/REC-xml-names/ If you want your work to be upward-compatible with XML technologies like XForms, then read the Namespaces in XML 1.0 Standard and RFC 3986. This is important, because in 2000, there was a W3C plenary ballot that voted in favor of removing Standard support for relative URIs. See Section 4.4 of RFC 3986 for the current information. Here is the relevant information copied and pasted, in case you are unfamiliar with reading RFCs and are not sure what to look for: When a same-document reference is dereferenced for a retrieval action, the target of that reference is defined to be within the same entity (representation, document, or message) as the reference; therefore, a dereference should not result in a new retrieval action. Moral of the story: Always be up to date on Standards, check the date of the Standard you are using, and make sure it is the most recent Standard! --- Cliff Hirsch wrote: > I like to use way to submit to ?self? > and capture the current URI, including query string. > It?s nice to have this > info for later processing for idempotent stuff, > redirects, etc. > > But, my question ? can I count on it? > > > > So can I count of this behavior? > > Cliff ____________________________________________________________________________________ Get easy, one-click access to your favorites. Make Yahoo! your homepage. http://www.yahoo.com/r/hs From tom at supertom.com Fri Nov 30 16:56:52 2007 From: tom at supertom.com (Tom Melendez) Date: Fri, 30 Nov 2007 13:56:52 -0800 Subject: [nycphp-talk] Error from PHP system function In-Reply-To: <200711302129.lAULT7TU017462@ms-smtp-04.rdc-nyc.rr.com> References: <8f0676b40711301312j1c5f4cf8k5ad6225d10c6f1a@mail.gmail.com> <200711302129.lAULT7TU017462@ms-smtp-04.rdc-nyc.rr.com> Message-ID: <117286890711301356nda319ebjca57b44527602283@mail.gmail.com> On Nov 30, 2007 1:29 PM, Nelly Yusupova wrote: > Here is the command that I'm trying to execute..... > > system ("/usr/bin/wget -P/tmp --post-data > 'subscribees=$email&adminpw=$password&send_welcome_msg_to_this_batch=0&send_ > notifications_to_list_owner=0' > http://www.emdrhap.org/mailman/admin/$list/members/add", $returnval); > At the command line, what does: whereis wget produce? It could be installed in /usr/local/bin/ on your new system. Tom http://www.liphp.org From nelly at cgim.com Fri Nov 30 17:04:07 2007 From: nelly at cgim.com (Nelly Yusupova) Date: Fri, 30 Nov 2007 17:04:07 -0500 Subject: [nycphp-talk] Error from PHP system function In-Reply-To: <117286890711301356nda319ebjca57b44527602283@mail.gmail.com> Message-ID: <200711302204.lAUM4BB1005499@ms-smtp-03.rdc-nyc.rr.com> >>At the command line, what does: >>whereis wget >>produce? It could be installed in /usr/local/bin/ on your new system. >>Tom >>http://www.liphp.org Here is what the where is command produce: [root at dedicated70 src]# whereis wget wget: /usr/bin/wget /usr/share/man/man1/wget.1.gz FYI...I can run the whole wget command at the server command line successfully. Thanks, Nelly. From bz-gmort at beezifies.com Fri Nov 30 17:35:20 2007 From: bz-gmort at beezifies.com (Gary Mort) Date: Fri, 30 Nov 2007 17:35:20 -0500 Subject: [nycphp-talk] Error from PHP system function In-Reply-To: <200711302129.lAULT7TU017462@ms-smtp-04.rdc-nyc.rr.com> References: <200711302129.lAULT7TU017462@ms-smtp-04.rdc-nyc.rr.com> Message-ID: <47509028.1080303@beezifies.com> Nelly Yusupova wrote: > Here is the command that I'm trying to execute..... > > system ("/usr/bin/wget -P/tmp --post-data > 'subscribees=$email&adminpw=$password&send_welcome_msg_to_this_batch=0&send_ > notifications_to_list_owner=0' > http://www.emdrhap.org/mailman/admin/$list/members/add", $returnval); > Try the following:, courtesy of php.net | | Yeah yeah, any process should be able to write to files in the tmp folder, but I've had systems where that is not the case(running *bsd by any chance?) From danielc at analysisandsolutions.com Fri Nov 30 23:11:43 2007 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Fri, 30 Nov 2007 23:11:43 -0500 Subject: [nycphp-talk] Include vs Include_once In-Reply-To: <8f0676b40711292113j7191a7d9x979b3e9cc4a3c2ee@mail.gmail.com> References: <024701c83206$22d4c0a0$a66411ac@c500> <7.0.1.0.2.20071129081400.02a68440@e-government.com> <20071130041108.GA19524@panix.com> <8f0676b40711292113j7191a7d9x979b3e9cc4a3c2ee@mail.gmail.com> Message-ID: <20071201041142.GA270@panix.com> Hi John: On Fri, Nov 30, 2007 at 12:13:14AM -0500, John Campbell wrote: > > That is news to me. Why is include_once a performance drag? As Rob mentioned, include_once makes the PHP perform stat calls on the file system to make sure the file you want to include has not been done already. Rasmus went over this at the NYPHP conference last year in a talk entield "Getting Rich with PHP." http://talks.php.net/show/nyphp06/8 PHP may have been optimized since then, but regardless of how optimized it has gotten, the file system checks cost more than not having to do them. > What is > the better programming logic, that doesn't just duplicate the > behavior? Take the time to strucutre the logic to only include a given file one time. For example, including critical files up front. While clean logic can't eliminate all uses of include_once, it can get rid of most. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From johnzabroski at yahoo.com Fri Nov 30 23:51:57 2007 From: johnzabroski at yahoo.com (John Zabroski) Date: Fri, 30 Nov 2007 20:51:57 -0800 (PST) Subject: [nycphp-talk] Include vs Include_once In-Reply-To: <20071201041142.GA270@panix.com> Message-ID: <6299.33361.qm@web60217.mail.yahoo.com> --- Daniel Convissor wrote: > Hi John: > > On Fri, Nov 30, 2007 at 12:13:14AM -0500, John > Campbell wrote: > > > > What is > > the better programming logic, that doesn't just > duplicate the > > behavior? I want code that is correct, explicit, fast, and in that order. > Take the time to strucutre the logic to only include > a given file one > time. For example, including critical files up > front. While clean logic > can't eliminate all uses of include_once, it can get > rid of most. > > --Dan Just curious... How do you address the fact __autoload magic method is part of the global namespace and that when two blocks of code with the same signature are loaded on demand, the function closest to the top of the stack is selected? Do you even use __autoload directly? If so, do you think your comments above contradict using __autoload as a best practice for structuring code? Do you use spl_autoload_register, and if so, how? In my humble opinion, it is these questions that truly complicate inclusion semantics in PHP. I've never seen a deep, penetrating, and acceptable reply to this, and usually I'm told to take the time to structure things properly. However, such a suggestion ignores the fact maintenance programming can create *gaps* and *overlaps* in logic that cause two functions to exist in the same namespace, introducing *defects* into the code, causing an *infection* when the loader is called, and infecting program state when the defect is executed. [I hope this doesn't come across as criticism of PHP. Of course, other languages like Python can be just as painful managing namespaces. I'm fishing for flexible solution I'm unable to come up with myself.] ____________________________________________________________________________________ Get easy, one-click access to your favorites. Make Yahoo! your homepage. http://www.yahoo.com/r/hs