From tedd at sperling.com Tue Apr 1 09:22:20 2008 From: tedd at sperling.com (tedd) Date: Tue, 1 Apr 2008 09:22:20 -0400 Subject: [nycphp-talk] Passing JAVASCRIPT variables to PHP In-Reply-To: <688499.15038.qm@web50211.mail.re2.yahoo.com> References: <688499.15038.qm@web50211.mail.re2.yahoo.com> Message-ID: At 3:51 PM -0700 3/31/08, Susan Shemin wrote: >Just as this question came up here, I was again researching it on >the internet, and very clearly saw that the crux of the problem is >that Javascript is client side and PHP server side, meaning the 2 >don't mix unless in Ajax. They mix Okay, but don't communicate well without effort. The reason for this is simple -- just before a web page is delivered to a users browser all of php's work is done and as the web page loads in the browser, then javascript's work starts. Communication between the two languages is a question of timing. Ajax is simply javascript sending data (via POST or GET) to a slave php script, which in turn provides data back to the web page without the need for a refresh. The communication is exactly the same as if you were using a form minus the refresh. The problem, of course, is that javascript has security issues and some users would rather have a refresh than risk security. Javascript and php can play well together as this demonstrates: http://webbytedd.com/b/timed-php/ But, it's not simple. :-) Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From sol2ray at gmail.com Tue Apr 1 09:53:58 2008 From: sol2ray at gmail.com (Sol Toure) Date: Tue, 1 Apr 2008 09:53:58 -0400 Subject: [nycphp-talk] Did you know that each integer in a PHP array takes 68 bytes of storage? Message-ID: <4a67dc390804010653i7a4f3b40vdb2c0eae56855fd4@mail.gmail.com> Good to know: http://pankaj-k.net/weblog/2008/03/did_you_know_that_each_integer.html -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcampbell1 at gmail.com Tue Apr 1 10:18:59 2008 From: jcampbell1 at gmail.com (John Campbell) Date: Tue, 1 Apr 2008 10:18:59 -0400 Subject: [nycphp-talk] Passing JAVASCRIPT variables to PHP In-Reply-To: References: <688499.15038.qm@web50211.mail.re2.yahoo.com> Message-ID: <8f0676b40804010718l14e87c0dudf9788a5d5a06abc@mail.gmail.com> I can think of a half a dozen solutions for sending data from javascript back to the server, below are three. 1) Have javscript set a cookie: 2) Have javascript send the data as a get variable (you could also auto submit a form if you want POST) 3) Ajax assuming jQuery The cookie method will make the data available to the Server on the next page view. The second method will auto redirect and be really sloppy, but it is the easiest to understand conceptually. The Ajax method is the best, but will be a real pain in the ass to implement without a javascript library. Even though the second method is the worst from a UI perspective, I'd recommend you implement it first so you better understand the problem. -John Campbell From tedd at sperling.com Tue Apr 1 10:37:11 2008 From: tedd at sperling.com (tedd) Date: Tue, 1 Apr 2008 10:37:11 -0400 Subject: [nycphp-talk] Passing JAVASCRIPT variables to PHP In-Reply-To: <8f0676b40804010718l14e87c0dudf9788a5d5a06abc@mail.gmail.com> References: <688499.15038.qm@web50211.mail.re2.yahoo.com> <8f0676b40804010718l14e87c0dudf9788a5d5a06abc@mail.gmail.com> Message-ID: At 10:18 AM -0400 4/1/08, John Campbell wrote: > >The Ajax method is the best, but will be a real pain in the ass to >implement without a javascript library. Why so? I do Ajax all the time with a simple 50 line javascript routine. No large libraries. Check this: http://www.webbytedd.com/b/ajax/ It has one 50 line javascript routine, one 75 line slave php script, and a very simple html. Ajax can be very simple. Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From david at davidmintz.org Tue Apr 1 10:53:02 2008 From: david at davidmintz.org (David Mintz) Date: Tue, 1 Apr 2008 10:53:02 -0400 Subject: [nycphp-talk] Passing JAVASCRIPT variables to PHP In-Reply-To: References: <688499.15038.qm@web50211.mail.re2.yahoo.com> <8f0676b40804010718l14e87c0dudf9788a5d5a06abc@mail.gmail.com> Message-ID: <721f1cc50804010753w4ad152aeq8a3e0855ff330875@mail.gmail.com> On Tue, Apr 1, 2008 at 10:37 AM, tedd wrote: > Ajax can be very simple. > > No doubt but that PHP can be a prolific author of Javascript without things becoming overly complicated. Lately I have been using a home-grown PHP/Javscript helper for Ajax contexts. It emits a content-type: application/javascript header upon instantiation and has some convenience methods that echo javascript snippets for the browser to execute. I can say $js->message('Foo!") and the element whose id is 'message' is updated to say Foo! -- David Mintz http://davidmintz.org/ The subtle source is clear and bright The tributary streams flow through the darkness -------------- next part -------------- An HTML attachment was scrubbed... URL: From ioplex at gmail.com Tue Apr 1 11:17:16 2008 From: ioplex at gmail.com (Michael B Allen) Date: Tue, 1 Apr 2008 11:17:16 -0400 Subject: [nycphp-talk] Did you know that each integer in a PHP array takes 68 bytes of storage? In-Reply-To: <4a67dc390804010653i7a4f3b40vdb2c0eae56855fd4@mail.gmail.com> References: <4a67dc390804010653i7a4f3b40vdb2c0eae56855fd4@mail.gmail.com> Message-ID: <78c6bd860804010817s380394e8saff8d24c0bc3835e@mail.gmail.com> On 4/1/08, Sol Toure wrote: > Good to know: > http://pankaj-k.net/weblog/2008/03/did_you_know_that_each_integer.html I don't understand. Is this supposed to indicate that PHP is somehow inefficient at storing array elements? "a single integer value stored within an PHP array uses 68 bytes: 16 bytes for value structure (zval), 36 bytes for hash bucket, and 2*8 = 16 bytes for memory allocation headers." That sounds fairly reasonable to me. Note that each element does not incur a hash bucket. The bucket holds a list. The blogger just wasn't smart enough to insert enough elements to see elements hash to the same bucket. Mike -- Michael B Allen PHP Active Directory SPNEGO SSO http://www.ioplex.com/ From consult at covenantedesign.com Tue Apr 1 11:26:46 2008 From: consult at covenantedesign.com (Webmaster) Date: Tue, 01 Apr 2008 11:26:46 -0400 Subject: [nycphp-talk] Did you know that each integer in a PHP array takes 68 bytes of storage? In-Reply-To: <78c6bd860804010817s380394e8saff8d24c0bc3835e@mail.gmail.com> References: <4a67dc390804010653i7a4f3b40vdb2c0eae56855fd4@mail.gmail.com> <78c6bd860804010817s380394e8saff8d24c0bc3835e@mail.gmail.com> Message-ID: <47F25436.8030607@covenantedesign.com> You're not the only one that isn't following the inference/point here. What would be an example of a real-life application of array usage that would be rendered faulty/unstable due to this limitation? Michael B Allen wrote: > On 4/1/08, Sol Toure wrote: > >> Good to know: >> http://pankaj-k.net/weblog/2008/03/did_you_know_that_each_integer.html >> > > I don't understand. Is this supposed to indicate that PHP is somehow > inefficient at storing array elements? > > "a single integer value stored within an PHP array uses 68 bytes: 16 > bytes for value structure (zval), 36 bytes for hash bucket, and 2*8 = > 16 bytes for memory allocation headers." > > That sounds fairly reasonable to me. > > Note that each element does not incur a hash bucket. The bucket holds > a list. The blogger just wasn't smart enough to insert enough elements > to see elements hash to the same bucket. > > Mike > > From jcampbell1 at gmail.com Tue Apr 1 11:48:45 2008 From: jcampbell1 at gmail.com (John Campbell) Date: Tue, 1 Apr 2008 11:48:45 -0400 Subject: [nycphp-talk] Passing JAVASCRIPT variables to PHP In-Reply-To: References: <688499.15038.qm@web50211.mail.re2.yahoo.com> <8f0676b40804010718l14e87c0dudf9788a5d5a06abc@mail.gmail.com> Message-ID: <8f0676b40804010848k7fabe3c3qb942afc9cc028ab@mail.gmail.com> On Tue, Apr 1, 2008 at 10:37 AM, tedd wrote: > At 10:18 AM -0400 4/1/08, John Campbell wrote: > > > >The Ajax method is the best, but will be a real pain in the ass to > >implement without a javascript library. > > Why so? Wasn't it you who suggested an image hack to avoid the complexity of XML-HTTP? > I do Ajax all the time with a simple 50 line javascript routine. No > large libraries. > Check this: > > http://www.webbytedd.com/b/ajax/ > > It has one 50 line javascript routine, one 75 line slave php script, > and a very simple html. > Your code is fine for trivial example pages, but would be a disaster for a production application. 1) The use of the global 'http' is sloppy and limiting. 2) You need to highlight the selected menu after the callback completes. Your coding style will quickly become a mess of document.getElementByIds(). 3) You use browser detection... you should use object detection. A try/catch block is a good idea in your case. 4) Your implementation breaks the back button. 5) Clicking the currently selected navigation element causes unnecessary requests. With a library, I can fix all of these issues and cut the amount of code down from 50 lines to 10 lines. If you were to fix these issues yourself, your code would grow to more than 250 lines. -John C. From ben at projectskyline.com Tue Apr 1 12:37:53 2008 From: ben at projectskyline.com (Ben Sgro) Date: Tue, 01 Apr 2008 12:37:53 -0400 Subject: [nycphp-talk] Did you know that each integer in a PHP array takes 68 bytes of storage? In-Reply-To: <47F25436.8030607@covenantedesign.com> References: <4a67dc390804010653i7a4f3b40vdb2c0eae56855fd4@mail.gmail.com> <78c6bd860804010817s380394e8saff8d24c0bc3835e@mail.gmail.com> <47F25436.8030607@covenantedesign.com> Message-ID: <47F264E1.5020108@projectskyline.com> Hello, If anyone is truly interested in the internals of php (the c code and data structures) take a look at the book "Extending and Embedding PHP". Its got lots of source. If you don't know c, its not that helpful and will be a challenging read. - Ben Webmaster wrote: > You're not the only one that isn't following the inference/point here. > > What would be an example of a real-life application of array usage > that would be rendered faulty/unstable due to this limitation? > > Michael B Allen wrote: >> On 4/1/08, Sol Toure wrote: >> >>> Good to know: >>> http://pankaj-k.net/weblog/2008/03/did_you_know_that_each_integer.html >>> >> >> I don't understand. Is this supposed to indicate that PHP is somehow >> inefficient at storing array elements? >> >> "a single integer value stored within an PHP array uses 68 bytes: 16 >> bytes for value structure (zval), 36 bytes for hash bucket, and 2*8 = >> 16 bytes for memory allocation headers." >> >> That sounds fairly reasonable to me. >> >> Note that each element does not incur a hash bucket. The bucket holds >> a list. The blogger just wasn't smart enough to insert enough elements >> to see elements hash to the same bucket. >> >> Mike >> >> > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From paulcheung at tiscali.co.uk Tue Apr 1 15:33:56 2008 From: paulcheung at tiscali.co.uk (PaulCheung) Date: Tue, 1 Apr 2008 20:33:56 +0100 Subject: [nycphp-talk] Passing JAVASCRIPT variables to PHP References: <688499.15038.qm@web50211.mail.re2.yahoo.com> Message-ID: <007501c8942f$543e6c50$0300a8c0@X9183> Hi All I am trying to do is transfer the data and time from the client machine upto the server. The goal is to create a MySQL record by customer number and store both the client time/date and server time/date for each new record created . Paul ----- Original Message ----- From: "Brian D." To: "NYPHP Talk" Sent: Tuesday, April 01, 2008 12:25 AM Subject: Re: [nycphp-talk] Passing JAVASCRIPT variables to PHP > Susan hit the nail on the head. She's pointing out why I said it was a > "hack" - if you're not understanding the problem correctly (the > difference between client-side and server-side) then the proposed > solution might be "simple and workable" but it's still wrong. > > More to the point, what exactly are your goals with this code, Paul? > Are you just trying to get the exact time on the client's computer? > Are you just trying to create a timestamp in their timezone? > > On Mon, Mar 31, 2008 at 6:51 PM, Susan Shemin > wrote: >> >> >> >> I'm watching this discussion with interest since I asked a similar >> question >> last month (about sending PHP stats from a JS onclick event). The answer >> that came up was to put a redirect to the link page, run the PHP script >> on a >> redirect.php page and then send it on to the destination. >> >> >> >> I've set it up this way and it's working fantastically, but I have tons >> of >> links and I'm beginning to feel hesitant about sending users to a >> redirect >> when there's so many harmful redirects out there. (Of course, not >> mine...) >> >> >> >> Just as this question came up here, I was again researching it on the >> internet, and very clearly saw that the crux of the problem is that >> Javascript is client side and PHP server side, meaning the 2 don't mix >> unless in Ajax. >> >> >> >> So I'm off to brush up on my Ajax and get it working, because except for >> the >> redirect, I can only see that Ajax will work. >> >> >> >> Susan >> >> >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> > > > > -- > realm3 web applications [realm3.com] > freelance consulting, application development > (917) 512-3594 > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From dorgan at donaldorgan.com Tue Apr 1 15:54:09 2008 From: dorgan at donaldorgan.com (Donald J Organ IV) Date: Tue, 01 Apr 2008 15:54:09 -0400 Subject: [nycphp-talk] Passing JAVASCRIPT variables to PHP In-Reply-To: <007501c8942f$543e6c50$0300a8c0@X9183> References: <688499.15038.qm@web50211.mail.re2.yahoo.com> <007501c8942f$543e6c50$0300a8c0@X9183> Message-ID: <47F292E1.3000100@donaldorgan.com> Why not just store the client time zone and store server data/time?? PaulCheung wrote: > Hi > > All I am trying to do is transfer the data and time from the client > machine upto the server. The goal is to create a MySQL record by > customer number and store both the client time/date and server > time/date for each new record created . > > Paul > > ----- Original Message ----- From: "Brian D." > To: "NYPHP Talk" > Sent: Tuesday, April 01, 2008 12:25 AM > Subject: Re: [nycphp-talk] Passing JAVASCRIPT variables to PHP > > >> Susan hit the nail on the head. She's pointing out why I said it was a >> "hack" - if you're not understanding the problem correctly (the >> difference between client-side and server-side) then the proposed >> solution might be "simple and workable" but it's still wrong. >> >> More to the point, what exactly are your goals with this code, Paul? >> Are you just trying to get the exact time on the client's computer? >> Are you just trying to create a timestamp in their timezone? >> >> On Mon, Mar 31, 2008 at 6:51 PM, Susan Shemin >> wrote: >>> >>> >>> >>> I'm watching this discussion with interest since I asked a similar >>> question >>> last month (about sending PHP stats from a JS onclick event). The >>> answer >>> that came up was to put a redirect to the link page, run the PHP >>> script on a >>> redirect.php page and then send it on to the destination. >>> >>> >>> >>> I've set it up this way and it's working fantastically, but I have >>> tons of >>> links and I'm beginning to feel hesitant about sending users to a >>> redirect >>> when there's so many harmful redirects out there. (Of course, not >>> mine...) >>> >>> >>> >>> Just as this question came up here, I was again researching it on the >>> internet, and very clearly saw that the crux of the problem is that >>> Javascript is client side and PHP server side, meaning the 2 don't mix >>> unless in Ajax. >>> >>> >>> >>> So I'm off to brush up on my Ajax and get it working, because except >>> for the >>> redirect, I can only see that Ajax will work. >>> >>> >>> >>> Susan >>> >>> >>> _______________________________________________ >>> New York PHP Community Talk Mailing List >>> http://lists.nyphp.org/mailman/listinfo/talk >>> >>> NYPHPCon 2006 Presentations Online >>> http://www.nyphpcon.com >>> >>> Show Your Participation in New York PHP >>> http://www.nyphp.org/show_participation.php >>> >> >> >> >> -- >> realm3 web applications [realm3.com] >> freelance consulting, application development >> (917) 512-3594 >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From tedd at sperling.com Tue Apr 1 18:28:10 2008 From: tedd at sperling.com (tedd) Date: Tue, 1 Apr 2008 18:28:10 -0400 Subject: [nycphp-talk] Passing JAVASCRIPT variables to PHP In-Reply-To: <8f0676b40804010848k7fabe3c3qb942afc9cc028ab@mail.gmail.com> References: <688499.15038.qm@web50211.mail.re2.yahoo.com> <8f0676b40804010718l14e87c0dudf9788a5d5a06abc@mail.gmail.com> <8f0676b40804010848k7fabe3c3qb942afc9cc028ab@mail.gmail.com> Message-ID: At 11:48 AM -0400 4/1/08, John Campbell wrote: > > http://www.webbytedd.com/b/ajax/ >> >Your code is fine for trivial example pages, but would be a disaster >for a production application. >1) The use of the global 'http' is sloppy and limiting. >2) You need to highlight the selected menu after the callback >completes. Your coding style will quickly become a mess of >document.getElementByIds(). >3) You use browser detection... you should use object detection. A >try/catch block is a good idea in your case. >4) Your implementation breaks the back button. >5) Clicking the currently selected navigation element causes >unnecessary requests. > >With a library, I can fix all of these issues and cut the amount of >code down from 50 lines to 10 lines. If you were to fix these issues >yourself, your code would grow to more than 250 lines. > >-John C. -John C.: I didn't say I just the sharpest crayon in the box. :-) You said: >1) The use of the global 'http' is sloppy and limiting. Please explain. You said: >2) You need to highlight the selected menu after the callback >completes. Your coding style will quickly become a mess of >document.getElementByIds(). That was just a simple example, here's a bit more complicated template: http://webbytedd.com/a/ajax-site/ But, to add another page is trivial -- so, I think production for a typical site would hold up. You said: >3) You use browser detection... you should use object detection. A >try/catch block is a good idea in your case. Open to be shown. :-) You said: >4) Your implementation breaks the back button. Only because there's no history. If you access it via here: http://webbytedd.com/a.php (last item on the right) You'll have back history. You said: >5) Clicking the currently selected navigation element causes >unnecessary requests. Yeah, that's one of my pet peeves too. I just didn't fix it. It's easy enough via: http://sperling.com/examples/smart-menu/ Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From ka at kacomputerconsulting.com Tue Apr 1 19:22:32 2008 From: ka at kacomputerconsulting.com (Kristina Anderson) Date: Tue, 1 Apr 2008 16:22:32 -0700 Subject: [nycphp-talk] Passing JAVASCRIPT variables to PHP Message-ID: <1207092152.2241@coral.he.net> One of the projects I inherited recently contains the following code which is used basically to store the record ID and editstate in the URL's querystring. When I first saw it, I was scratching my head saying, why would anyone think they needed to do it this way? (My preferred way to store data such as this would be in hidden fields which are submitted with the form, but I do realize that everyone has different coding styles. And mind you, they do have hidden fields which do contain IDs for other purposes...) The script in the document head is and then throughout the page this script is called by echoing the following: echo "\n"; Would love to hear any and all comments on the above vis a vis this discussion. --Kristina > Susan hit the nail on the head. She's pointing out why I said it was a > "hack" - if you're not understanding the problem correctly (the > difference between client-side and server-side) then the proposed > solution might be "simple and workable" but it's still wrong. > > More to the point, what exactly are your goals with this code, Paul? > Are you just trying to get the exact time on the client's computer? > Are you just trying to create a timestamp in their timezone? > > On Mon, Mar 31, 2008 at 6:51 PM, Susan Shemin wrote: > > > > > > > > I'm watching this discussion with interest since I asked a similar question > > last month (about sending PHP stats from a JS onclick event). The answer > > that came up was to put a redirect to the link page, run the PHP script on a > > redirect.php page and then send it on to the destination. > > > > > > > > I've set it up this way and it's working fantastically, but I have tons of > > links and I'm beginning to feel hesitant about sending users to a redirect > > when there's so many harmful redirects out there. (Of course, not mine...) > > > > > > > > Just as this question came up here, I was again researching it on the > > internet, and very clearly saw that the crux of the problem is that > > Javascript is client side and PHP server side, meaning the 2 don't mix > > unless in Ajax. > > > > > > > > So I'm off to brush up on my Ajax and get it working, because except for the > > redirect, I can only see that Ajax will work. > > > > > > > > Susan > > > > > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > > > > -- > realm3 web applications [realm3.com] > freelance consulting, application development > (917) 512-3594 > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > From ka at kacomputerconsulting.com Tue Apr 1 22:57:48 2008 From: ka at kacomputerconsulting.com (Kristina Anderson) Date: Tue, 1 Apr 2008 19:57:48 -0700 Subject: [nycphp-talk] Bizarro Bug trying to insert after using mysql_insert_row Message-ID: <1207105068.2075@coral.he.net> I'm pulling out the ID of the previously inserted row and then inserting that as a lookup value in a duplicate row (two rows one for edit mode one for published mode). Various other places in the app this works fine and there really isn't any reason this should be happening. The query runs fine if I do it from within phpMyAdmin -- but from the PHP page the query does not error out but the value in the lookup field remains the default value (I've tried both an integer field with default value of 0 and a varchar field with default NULL, and in both cases the lookup id value will not save to the database). Anyone ever heard of this happenning before? I've examined the working code in other parts of this app and the related db tables and cannot see why this is occurring. Thanks in advance for any help! ------------------- Kristina Anderson From ka at kacomputerconsulting.com Tue Apr 1 23:00:33 2008 From: ka at kacomputerconsulting.com (Kristina Anderson) Date: Tue, 1 Apr 2008 20:00:33 -0700 Subject: [nycphp-talk] Correction: Bizarro Bug trying to insert after using mysql_insert_id Message-ID: <1207105233.3215@coral.he.net> I'm pulling out the ID of the previously inserted row and then inserting that as a lookup value in a duplicate row (two rows one for edit mode one for published mode). Various other places in the app this works fine and there really isn't any reason this should be happening. The query runs fine if I do it from within phpMyAdmin -- but from the PHP page the query does not error out but the value in the lookup field remains the default value (I've tried both an integer field with default value of 0 and a varchar field with default NULL, and in both cases the lookup id value will not save to the database). Anyone ever heard of this happenning before? I've examined the working code in other parts of this app and the related db tables and cannot see why this is occurring. Thanks in advance for any help! ------------------- Kristina Anderson From jcampbell1 at gmail.com Tue Apr 1 23:33:41 2008 From: jcampbell1 at gmail.com (John Campbell) Date: Tue, 1 Apr 2008 23:33:41 -0400 Subject: [nycphp-talk] Passing JAVASCRIPT variables to PHP In-Reply-To: <1207092152.2241@coral.he.net> References: <1207092152.2241@coral.he.net> Message-ID: <8f0676b40804012033l29c9f7d0h83601429ebd734f5@mail.gmail.com> On Tue, Apr 1, 2008 at 7:22 PM, Kristina Anderson wrote: > One of the projects I inherited recently contains the following code > which is used basically to store the record ID and editstate in the > URL's querystring. When I first saw it, I was scratching my head > saying, why would anyone think they needed to do it this way? > > > > > and then throughout the page this script is called by echoing the > following: > > echo "\n"; > > Would love to hear any and all comments on the above vis a vis this > discussion. > My guess is the programmer didn't understand the concept of a 302 header. -John C. From paulcheung at tiscali.co.uk Wed Apr 2 00:37:35 2008 From: paulcheung at tiscali.co.uk (PaulCheung) Date: Wed, 2 Apr 2008 05:37:35 +0100 Subject: [nycphp-talk] Passing JAVASCRIPT variables to PHP References: <688499.15038.qm@web50211.mail.re2.yahoo.com> <007501c8942f$543e6c50$0300a8c0@X9183> <47F292E1.3000100@donaldorgan.com> Message-ID: <000901c8947b$45e67ac0$0300a8c0@X9183> Excellent suggestion - However, for legal reasons it is important to capture the client time/date as it is always possible the date/time on the client machine has been altered and/or out of sync with the server time/date. Paul ----- Original Message ----- From: "Donald J Organ IV" To: "NYPHP Talk" Sent: Tuesday, April 01, 2008 8:54 PM Subject: Re: [nycphp-talk] Passing JAVASCRIPT variables to PHP > Why not just store the client time zone and store server data/time?? > > > PaulCheung wrote: >> Hi >> >> All I am trying to do is transfer the data and time from the client >> machine upto the server. The goal is to create a MySQL record by customer >> number and store both the client time/date and server time/date for each >> new record created . >> >> Paul >> >> ----- Original Message ----- From: "Brian D." >> To: "NYPHP Talk" >> Sent: Tuesday, April 01, 2008 12:25 AM >> Subject: Re: [nycphp-talk] Passing JAVASCRIPT variables to PHP >> >> >>> Susan hit the nail on the head. She's pointing out why I said it was a >>> "hack" - if you're not understanding the problem correctly (the >>> difference between client-side and server-side) then the proposed >>> solution might be "simple and workable" but it's still wrong. >>> >>> More to the point, what exactly are your goals with this code, Paul? >>> Are you just trying to get the exact time on the client's computer? >>> Are you just trying to create a timestamp in their timezone? >>> >>> On Mon, Mar 31, 2008 at 6:51 PM, Susan Shemin >>> wrote: >>>> >>>> >>>> >>>> I'm watching this discussion with interest since I asked a similar >>>> question >>>> last month (about sending PHP stats from a JS onclick event). The >>>> answer >>>> that came up was to put a redirect to the link page, run the PHP script >>>> on a >>>> redirect.php page and then send it on to the destination. >>>> >>>> >>>> >>>> I've set it up this way and it's working fantastically, but I have tons >>>> of >>>> links and I'm beginning to feel hesitant about sending users to a >>>> redirect >>>> when there's so many harmful redirects out there. (Of course, not >>>> mine...) >>>> >>>> >>>> >>>> Just as this question came up here, I was again researching it on the >>>> internet, and very clearly saw that the crux of the problem is that >>>> Javascript is client side and PHP server side, meaning the 2 don't mix >>>> unless in Ajax. >>>> >>>> >>>> >>>> So I'm off to brush up on my Ajax and get it working, because except >>>> for the >>>> redirect, I can only see that Ajax will work. >>>> >>>> >>>> >>>> Susan >>>> >>>> >>>> _______________________________________________ >>>> New York PHP Community Talk Mailing List >>>> http://lists.nyphp.org/mailman/listinfo/talk >>>> >>>> NYPHPCon 2006 Presentations Online >>>> http://www.nyphpcon.com >>>> >>>> Show Your Participation in New York PHP >>>> http://www.nyphp.org/show_participation.php >>>> >>> >>> >>> >>> -- >>> realm3 web applications [realm3.com] >>> freelance consulting, application development >>> (917) 512-3594 >>> _______________________________________________ >>> New York PHP Community Talk Mailing List >>> http://lists.nyphp.org/mailman/listinfo/talk >>> >>> NYPHPCon 2006 Presentations Online >>> http://www.nyphpcon.com >>> >>> Show Your Participation in New York PHP >>> http://www.nyphp.org/show_participation.php >> >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From david at davidmintz.org Wed Apr 2 09:53:11 2008 From: david at davidmintz.org (David Mintz) Date: Wed, 2 Apr 2008 09:53:11 -0400 Subject: [nycphp-talk] ajax and un-breaking the ol' back button Message-ID: <721f1cc50804020653x637ef226s6c292bc80b76fbc3@mail.gmail.com> So I had what I thought was a pretty cool ajaxified page where you could browse data -- in this case, lists of events scheduled on a given date -- by choosing a date with a popup calendar or clicking arrows to navigate forward and back. The javascript callback sends an ajax request to update the relevant part of the doc. Oh, but then you navigate to another page, then click your back button and guess what, this page reverts to its defaults instead of staying in the state you left it. Is this not an example of breaking the back button? Before I start trying to un-break it please tell me if this logic is sound: when they do an ajax request, store the query params in the session. Whenever they GET the page itself, look first for these session vars and use them if they exist, else use the defaults. Thanks! -- David Mintz http://davidmintz.org/ The subtle source is clear and bright The tributary streams flow through the darkness -------------- next part -------------- An HTML attachment was scrubbed... URL: From danielc at analysisandsolutions.com Wed Apr 2 11:07:54 2008 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Wed, 2 Apr 2008 11:07:54 -0400 Subject: [nycphp-talk] Bizarro Bug trying to insert after using mysql_insert_row In-Reply-To: <1207105068.2075@coral.he.net> References: <1207105068.2075@coral.he.net> Message-ID: <20080402150754.GA15483@panix.com> Hi Kristina: On Tue, Apr 01, 2008 at 07:57:48PM -0700, Kristina Anderson wrote: > I'm pulling out the ID of the previously inserted row and then > inserting that as a lookup value in a duplicate row (two rows one for > edit mode one for published mode). > > Various other places in the app this works fine and there really isn't > any reason this should be happening. > > The query runs fine if I do it from within phpMyAdmin -- but from the > PHP page the query does not error out but the value in the lookup field > remains the default value You say you're using "mysql_insert_row." I assume you mean PHP's mysql_insert_id() function. If so, there are two possible bugs that come to mind. 1) The table in question does not have auto_increment set for the primary key on that table. If that's not it... 2) The PHP code has a bug... You say this same logic works on other parts of the site. So, do the various parts of the site use the _same_ _exact_ files/lines/functions or do you have separate function/include/whatever for each section of the application? If you're using separate code for different sections, obviously the PHP code you're using for the problematic insert is where the bug is. Perhaps the variable you assign the id to is different than the variable you're using as the lookup value in the second query. Again, if you're using separate code, you should refactor the system to allow you to use the same code for the same purpose throughout the system. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From ka at kacomputerconsulting.com Wed Apr 2 11:14:06 2008 From: ka at kacomputerconsulting.com (Kristina Anderson) Date: Wed, 2 Apr 2008 08:14:06 -0700 Subject: [nycphp-talk] Bizarro Bug trying to insert after using mysql_insert_row Message-ID: <1207149246.23678@coral.he.net> Yes, sorry, I meant to say mysql_insert_id and corrected myself (it was late and I was working on this nonstop). The ID value is correctly returned and the INSERT string builds correctly, so those are not the problems. For whatever reason, after the INSERT is processed, the field that should contain the ID of the last record is not updating but remains the default value. I inherited the system from others to debug, and because this is the last functionality that needs to be delivered before completion. My best guess is that it might be something in the table structure that I'm missing, I've set up two fields one varchar and one int(11) to try to capture the returned ID value. Both remain blank at this point. > Hi Kristina: > > On Tue, Apr 01, 2008 at 07:57:48PM -0700, Kristina Anderson wrote: > > I'm pulling out the ID of the previously inserted row and then > > inserting that as a lookup value in a duplicate row (two rows one for > > edit mode one for published mode). > > > > Various other places in the app this works fine and there really isn't > > any reason this should be happening. > > > > The query runs fine if I do it from within phpMyAdmin -- but from the > > PHP page the query does not error out but the value in the lookup field > > remains the default value > > You say you're using "mysql_insert_row." I assume you mean PHP's > mysql_insert_id() function. If so, there are two possible bugs that come > to mind. > > 1) The table in question does not have auto_increment set for the primary > key on that table. If that's not it... > > 2) The PHP code has a bug... > > You say this same logic works on other parts of the site. So, do the > various parts of the site use the _same_ _exact_ files/lines/functions or > do you have separate function/include/whatever for each section of the > application? > > If you're using separate code for different sections, obviously the PHP > code you're using for the problematic insert is where the bug is. > Perhaps the variable you assign the id to is different than the variable > you're using as the lookup value in the second query. > > Again, if you're using separate code, you should refactor the system to > allow you to use the same code for the same purpose throughout the > system. > > --Dan > > -- > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > data intensive web and database programming > http://www.AnalysisAndSolutions.com/ > 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From ka at kacomputerconsulting.com Wed Apr 2 11:18:10 2008 From: ka at kacomputerconsulting.com (Kristina Anderson) Date: Wed, 2 Apr 2008 08:18:10 -0700 Subject: [nycphp-talk] Bizarro Bug trying to insert after using mysql_insert_row Message-ID: <1207149490.25509@coral.he.net> 114 jkljlk tyuti ttyut tyutu 0 NULL 0 [0 NULL ] 113 jkljlk tyuti ttyut tyutu 0 NULL 0 0 NULL Last two fields in row 114 s/b "113"....but. Query as follows looks OK to me... INSERT INTO who_we_are SET eid=113,eid2='113', empname ='jkljlk', title='tyuti', bodytext='ttyut tyutu', picture='' > Hi Kristina: > > On Tue, Apr 01, 2008 at 07:57:48PM -0700, Kristina Anderson wrote: > > I'm pulling out the ID of the previously inserted row and then > > inserting that as a lookup value in a duplicate row (two rows one for > > edit mode one for published mode). > > > > Various other places in the app this works fine and there really isn't > > any reason this should be happening. > > > > The query runs fine if I do it from within phpMyAdmin -- but from the > > PHP page the query does not error out but the value in the lookup field > > remains the default value > > You say you're using "mysql_insert_row." I assume you mean PHP's > mysql_insert_id() function. If so, there are two possible bugs that come > to mind. > > 1) The table in question does not have auto_increment set for the primary > key on that table. If that's not it... > > 2) The PHP code has a bug... > > You say this same logic works on other parts of the site. So, do the > various parts of the site use the _same_ _exact_ files/lines/functions or > do you have separate function/include/whatever for each section of the > application? > > If you're using separate code for different sections, obviously the PHP > code you're using for the problematic insert is where the bug is. > Perhaps the variable you assign the id to is different than the variable > you're using as the lookup value in the second query. > > Again, if you're using separate code, you should refactor the system to > allow you to use the same code for the same purpose throughout the > system. > > --Dan > > -- > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > data intensive web and database programming > http://www.AnalysisAndSolutions.com/ > 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > From danielc at analysisandsolutions.com Wed Apr 2 11:31:40 2008 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Wed, 2 Apr 2008 11:31:40 -0400 Subject: [nycphp-talk] Bizarro Bug trying to insert after using mysql_insert_row In-Reply-To: <1207149246.23678@coral.he.net> References: <1207149246.23678@coral.he.net> Message-ID: <20080402153140.GA26551@panix.com> Hi Kristina: On Wed, Apr 02, 2008 at 08:14:06AM -0700, Kristina Anderson wrote: > > The ID value is correctly returned and the INSERT string builds > correctly, so those are not the problems. ... snip ... > My > best guess is that it might be something in the table structure that > I'm missing, I highly doubt that. It's a bug in the code. Perhaps the you're mistakenly running the initial SQL insert string again as the second mysql_query() call? Perhpas the column names and values defined in the second SQL string are misaligned? I'd delete all records from the table. Do a save from the web form (or whatever). Then look at what shows up in the database VERY carefully. If that doesn't do it, if you haven't done so already, use your own function for running the SQL rather than calling mysql_query() directly throughout the code. Then your central function can have a logging/debugging option. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From ka at kacomputerconsulting.com Wed Apr 2 11:35:52 2008 From: ka at kacomputerconsulting.com (Kristina Anderson) Date: Wed, 2 Apr 2008 08:35:52 -0700 Subject: [nycphp-talk] Bizarro Bug -- AHA!!!!!!! Message-ID: <1207150552.1995@coral.he.net> What were we saying about how sometimes when we post to the list, we see what the problem is?????? In this case the problem is that I'm a MORON!!! I was calling $query1 twice instead of calling $query2 in the second case....!!! $result2 = mysql_query($query1) {this is not the first time it took me hours to figure out that I was doing this....!!! Hopefully the last time.) > > 114 jkljlk tyuti ttyut tyutu 0 NULL 0 [0 NULL ] > 113 jkljlk tyuti ttyut tyutu 0 NULL 0 0 NULL > > Last two fields in row 114 s/b "113"....but. > > Query as follows looks OK to me... > > INSERT INTO who_we_are SET eid=113,eid2='113', empname ='jkljlk', > title='tyuti', bodytext='ttyut tyutu', picture='' > > > Hi Kristina: > > > > On Tue, Apr 01, 2008 at 07:57:48PM -0700, Kristina Anderson wrote: > > > I'm pulling out the ID of the previously inserted row and then > > > inserting that as a lookup value in a duplicate row (two rows one > for > > > edit mode one for published mode). > > > > > > Various other places in the app this works fine and there really > isn't > > > any reason this should be happening. > > > > > > The query runs fine if I do it from within phpMyAdmin -- but from > the > > > PHP page the query does not error out but the value in the lookup > field > > > remains the default value > > > > You say you're using "mysql_insert_row." I assume you mean PHP's > > mysql_insert_id() function. If so, there are two possible bugs that > come > > to mind. > > > > 1) The table in question does not have auto_increment set for the > primary > > key on that table. If that's not it... > > > > 2) The PHP code has a bug... > > > > You say this same logic works on other parts of the site. So, do the > > various parts of the site use the _same_ _exact_ > files/lines/functions or > > do you have separate function/include/whatever for each section of > the > > application? > > > > If you're using separate code for different sections, obviously the > PHP > > code you're using for the problematic insert is where the bug is. > > Perhaps the variable you assign the id to is different than the > variable > > you're using as the lookup value in the second query. > > > > Again, if you're using separate code, you should refactor the system > to > > allow you to use the same code for the same purpose throughout the > > system. > > > > --Dan > > > > -- > > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > > data intensive web and database programming > > http://www.AnalysisAndSolutions.com/ > > 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > From ka at kacomputerconsulting.com Wed Apr 2 11:36:55 2008 From: ka at kacomputerconsulting.com (Kristina Anderson) Date: Wed, 2 Apr 2008 08:36:55 -0700 Subject: [nycphp-talk] Bizarro Bug trying to insert after using mysql_insert_row Message-ID: <1207150615.2525@coral.he.net> YEP!!! That was exactly what it is. God I feel dumb!!! :) Oh well. > Hi Kristina: > > On Wed, Apr 02, 2008 at 08:14:06AM -0700, Kristina Anderson wrote: > > > > The ID value is correctly returned and the INSERT string builds > > correctly, so those are not the problems. > ... snip ... > > My > > best guess is that it might be something in the table structure that > > I'm missing, > > I highly doubt that. It's a bug in the code. > > Perhaps the you're mistakenly running the initial SQL insert string again > as the second mysql_query() call? > > Perhpas the column names and values defined in the second SQL string are > misaligned? > > I'd delete all records from the table. Do a save from the web form (or > whatever). Then look at what shows up in the database VERY carefully. > > If that doesn't do it, if you haven't done so already, use your own > function for running the SQL rather than calling mysql_query() directly > throughout the code. Then your central function can have a > logging/debugging option. > > --Dan > > -- > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > data intensive web and database programming > http://www.AnalysisAndSolutions.com/ > 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > From danielc at analysisandsolutions.com Wed Apr 2 11:41:54 2008 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Wed, 2 Apr 2008 11:41:54 -0400 Subject: [nycphp-talk] Bizarro Bug -- AHA!!!!!!! In-Reply-To: <1207150552.1995@coral.he.net> References: <1207150552.1995@coral.he.net> Message-ID: <20080402154154.GA8186@panix.com> On Wed, Apr 02, 2008 at 08:35:52AM -0700, Kristina Anderson wrote: > What were we saying about how sometimes when we post to the list, we > see what the problem is?????? > > In this case the problem is that I'm a MORON!!! I was calling $query1 > twice instead of calling $query2 in the second case....!!! > > $result2 = mysql_query($query1) Glad you figured it out. Let me emphasize what was said in my prior email: You need to use your own function for running the SQL rather than calling mysql_query() directly throughout the code. Then your central function can have a logging/debugging option. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From ka at kacomputerconsulting.com Wed Apr 2 11:49:08 2008 From: ka at kacomputerconsulting.com (Kristina Anderson) Date: Wed, 2 Apr 2008 08:49:08 -0700 Subject: [nycphp-talk] best practice for calling multiple queries? Message-ID: <1207151348.8408@coral.he.net> One thing that I've taken away from this (aside from feeling like an idiot!) is that one reason for my introduction of these bugs is a holdover from my "ASP" coding style where I name each query $query1, query2, etc rather than what I see in a lot of PHP code I've inherited, where each query is simply named $query, even if there are 6 or 7 of them on the page. What is the accepted best practice here? I find it very confusing to try to read code with 16 items each named $query or $result, but my "ASP" style code is clearly introducing other editing issues. ------------------- Kristina Anderson From ramons at gmx.net Wed Apr 2 11:54:04 2008 From: ramons at gmx.net (David Krings) Date: Wed, 02 Apr 2008 11:54:04 -0400 Subject: [nycphp-talk] Bizarro Bug -- AHA!!!!!!! In-Reply-To: <1207150552.1995@coral.he.net> References: <1207150552.1995@coral.he.net> Message-ID: <47F3AC1C.90008@gmx.net> Kristina Anderson wrote: > What were we saying about how sometimes when we post to the list, we > see what the problem is?????? > > In this case the problem is that I'm a MORON!!! I was calling $query1 > twice instead of calling $query2 in the second case....!!! > > $result2 = mysql_query($query1) > > {this is not the first time it took me hours to figure out that I was > doing this....!!! Hopefully the last time.) > Shows that using more descriptive variable names is a good idea, but since you inherited that code that advice goes to the other guy I guess. I'm often overly verbose in my variable naming, but thankfully there is autocompleted in PHPEd. :) David From ka at kacomputerconsulting.com Wed Apr 2 11:54:41 2008 From: ka at kacomputerconsulting.com (Kristina Anderson) Date: Wed, 2 Apr 2008 08:54:41 -0700 Subject: [nycphp-talk] Bizarro Bug -- AHA!!!!!!! Message-ID: <1207151681.10978@coral.he.net> Dan, I will definitely take your advice on this! Thanks! Clearly the standard "or die" error handling isn't effective in cases where the syntax is correct, but the wrong query is being called in the code...especially in these cases where the queries are identical except for one variable value! -- logging which query is being called could save me hours of fun trying to overcome my own boneheadedness. > On Wed, Apr 02, 2008 at 08:35:52AM -0700, Kristina Anderson wrote: > > What were we saying about how sometimes when we post to the list, we > > see what the problem is?????? > > > > In this case the problem is that I'm a MORON!!! I was calling $query1 > > twice instead of calling $query2 in the second case....!!! > > > > $result2 = mysql_query($query1) > > Glad you figured it out. > > Let me emphasize what was said in my prior email: > > You need to use your own function for running the SQL rather than calling > mysql_query() directly throughout the code. Then your central function > can have a logging/debugging option. > > --Dan > > -- > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > data intensive web and database programming > http://www.AnalysisAndSolutions.com/ > 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From smanes at magpie.com Wed Apr 2 12:14:08 2008 From: smanes at magpie.com (Steve Manes) Date: Wed, 02 Apr 2008 12:14:08 -0400 Subject: [nycphp-talk] Bizarro Bug -- AHA!!!!!!! In-Reply-To: <20080402154154.GA8186@panix.com> References: <1207150552.1995@coral.he.net> <20080402154154.GA8186@panix.com> Message-ID: <47F3B0D0.6030706@magpie.com> Daniel Convissor wrote: > Glad you figured it out. > > Let me emphasize what was said in my prior email: > > You need to use your own function for running the SQL rather than calling > mysql_query() directly throughout the code. Then your central function > can have a logging/debugging option. I generally wrap all database calls in API functions specific to the task being performed, i.e. get_patient_referrals_list(), put_private_transport_segment(), update_clinic_demographic(). That way the logging is specific to the task and any specialized processing that needs to be done to the data can be done in one place. From chsnyder at gmail.com Wed Apr 2 12:28:51 2008 From: chsnyder at gmail.com (csnyder) Date: Wed, 2 Apr 2008 12:28:51 -0400 Subject: [nycphp-talk] ajax and un-breaking the ol' back button In-Reply-To: <721f1cc50804020653x637ef226s6c292bc80b76fbc3@mail.gmail.com> References: <721f1cc50804020653x637ef226s6c292bc80b76fbc3@mail.gmail.com> Message-ID: On Wed, Apr 2, 2008 at 9:53 AM, David Mintz wrote: > Before I start trying to un-break it please tell me if this logic is sound: > when they do an ajax request, store the query params in the session. > Whenever they GET the page itself, look first for these session vars and use > them if they exist, else use the defaults. > That's probably the easiest way to do it, if you're already using sessions. You could also use js to write the current params directly to cookie. -- Chris Snyder http://chxo.com/ From jcampbell1 at gmail.com Wed Apr 2 12:33:48 2008 From: jcampbell1 at gmail.com (John Campbell) Date: Wed, 2 Apr 2008 12:33:48 -0400 Subject: [nycphp-talk] best practice for calling multiple queries? In-Reply-To: <1207151348.8408@coral.he.net> References: <1207151348.8408@coral.he.net> Message-ID: <8f0676b40804020933v778fe3ebm2ecb4d594bdb171b@mail.gmail.com> On Wed, Apr 2, 2008 at 11:49 AM, Kristina Anderson wrote: > One thing that I've taken away from this (aside from feeling like an > idiot!) is that one reason for my introduction of these bugs is a > holdover from my "ASP" coding style where I name each query $query1, > query2, etc rather than what I see in a lot of PHP code I've inherited, > where each query is simply named $query, even if there are 6 or 7 of > them on the page. > > What is the accepted best practice here? I find it very confusing to > try to read code with 16 items each named $query or $result, but > my "ASP" style code is clearly introducing other editing issues. I don't see how query1, query2 would be any more clear than just using the same variable name. Using the same variable name indicates that the previous statement will not be used again and frees the memory. I prefer using names like $sql and $cursor over $query and $result, because they are more accurate names. It is clear that "sql" is a string, and a "cursor" is a pointer to a result set, not actual data. -John C. From danielc at analysisandsolutions.com Wed Apr 2 12:49:50 2008 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Wed, 2 Apr 2008 12:49:50 -0400 Subject: [nycphp-talk] best practice for calling multiple queries? In-Reply-To: <1207151348.8408@coral.he.net> References: <1207151348.8408@coral.he.net> Message-ID: <20080402164950.GA25234@panix.com> Hi Kristina: On Wed, Apr 02, 2008 at 08:49:08AM -0700, Kristina Anderson wrote: > I name each query $query1, > query2, etc rather than what I see in a lot of PHP code I've inherited, > where each query is simply named $query, even if there are 6 or 7 of > them on the page. I use $sql for all queries. It's short and to the point. Plus it ensures you're running the most recenlty defined $sql and are not adding overhead with extra variables. It also allows you to copy and paste the actual query execution line over and over and over without having to worry (which is probably how your bug got introduced). Even if you want to give each query string a unique variable name, don't name them 1, 2, 3. Give them real names that descirbe what they are. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From danielc at analysisandsolutions.com Wed Apr 2 12:53:10 2008 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Wed, 2 Apr 2008 12:53:10 -0400 Subject: [nycphp-talk] Bizarro Bug -- AHA!!!!!!! In-Reply-To: <47F3B0D0.6030706@magpie.com> References: <1207150552.1995@coral.he.net> <20080402154154.GA8186@panix.com> <47F3B0D0.6030706@magpie.com> Message-ID: <20080402165310.GB25234@panix.com> Howdy Steve: On Wed, Apr 02, 2008 at 12:14:08PM -0400, Steve Manes wrote: > > I generally wrap all database calls in API functions specific to the > task being performed, i.e. get_patient_referrals_list(), > put_private_transport_segment(), update_clinic_demographic(). That way > the logging is specific to the task and any specialized processing that > needs to be done to the data can be done in one place. That's good. That still doens't obviate the need to have those functions then call one central function that actually runs the query. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From ramons at gmx.net Wed Apr 2 12:55:26 2008 From: ramons at gmx.net (David Krings) Date: Wed, 02 Apr 2008 12:55:26 -0400 Subject: [nycphp-talk] best practice for calling multiple queries? In-Reply-To: <1207151348.8408@coral.he.net> References: <1207151348.8408@coral.he.net> Message-ID: <47F3BA7E.6080504@gmx.net> Kristina Anderson wrote: > One thing that I've taken away from this (aside from feeling like an > idiot!) is that one reason for my introduction of these bugs is a > holdover from my "ASP" coding style where I name each query $query1, > query2, etc rather than what I see in a lot of PHP code I've inherited, > where each query is simply named $query, even if there are 6 or 7 of > them on the page. > > What is the accepted best practice here? I find it very confusing to > try to read code with 16 items each named $query or $result, but > my "ASP" style code is clearly introducing other editing issues. I don't know if it is "best practice", but I give the query string variables descriptive names. Typically I use three variables for a SELECT query named such as - $getcategoriesquery => that is the variable that holds the SQL query string - $getcategoriesqueryrun => that is the variable that holds the return value from mysql_query() - $getcategoriesqueryresult => this is typically an array that holds the currently read out row from which I would get the value to be added to the $categories array I suspect this to be wasteful as PHP holds on to the variables even when I no longer use them within the script, but I found it to be really helpful when using the ....queryrun as a flag to decide if some query worked or generated a result when using it in an If block or such 50 lines further down. This verbose naming helps me a lot to figure out if the current value stored in a variable is plausible in regards to the variable name and the expected value. I don't know if this is the best approach, but I am sure it is better than to name all queries $query or just to number them. Half a year from now nobody knows what the difference between $query5 and $query3 is unless the line where the SQL string is assigned is quickly found. David From jcampbell1 at gmail.com Wed Apr 2 13:07:29 2008 From: jcampbell1 at gmail.com (John Campbell) Date: Wed, 2 Apr 2008 13:07:29 -0400 Subject: [nycphp-talk] ajax and un-breaking the ol' back button In-Reply-To: References: <721f1cc50804020653x637ef226s6c292bc80b76fbc3@mail.gmail.com> Message-ID: <8f0676b40804021007n63271797k2574c082beea2988@mail.gmail.com> On Wed, Apr 2, 2008 at 12:28 PM, csnyder wrote: > On Wed, Apr 2, 2008 at 9:53 AM, David Mintz wrote: > > > Before I start trying to un-break it please tell me if this logic is sound: > > when they do an ajax request, store the query params in the session. > > Whenever they GET the page itself, look first for these session vars and use > > them if they exist, else use the defaults. > > > > That's probably the easiest way to do it, if you're already using sessions. > > You could also use js to write the current params directly to cookie. Back button navigation is specific to the window... cookies/sessions are 1 per browser instance. You will have a mismatch, but it may be one you can live with. The best way to do it is to save the query parameters in the address bar. In gmail, the page view information is saved after the '#' sign. Take a look at the jquery history plugin. From david at davidmintz.org Wed Apr 2 13:17:07 2008 From: david at davidmintz.org (David Mintz) Date: Wed, 2 Apr 2008 13:17:07 -0400 Subject: [nycphp-talk] ajax and un-breaking the ol' back button In-Reply-To: References: <721f1cc50804020653x637ef226s6c292bc80b76fbc3@mail.gmail.com> Message-ID: <721f1cc50804021017t35a4d430t75b998a75b0c257a@mail.gmail.com> On Wed, Apr 2, 2008 at 12:28 PM, csnyder wrote: > On Wed, Apr 2, 2008 at 9:53 AM, David Mintz wrote: > > > Before I start trying to un-break it please tell me if this logic is > sound: > > when they do an ajax request, store the query params in the session. > > Whenever they GET the page itself, look first for these session vars and > use > > them if they exist, else use the defaults. > > > > That's probably the easiest way to do it, if you're already using > sessions. > > You could also use js to write the current params directly to cookie. This works. It's kind of baroque, if not to say warped, but within a controller method in a Zend Framework app, we go: $session = new Zend_Session_Namespace('Schedule'); $params = (object) $this->getRequest()->getParams(); $defaultParams = array( 'language'=>'all', 'date' => date('Y-m-d') ); foreach ($defaultParams as $name => $default) { if (!empty($params->$name)) { ${$name} = $session->$name = $params->$name ; } elseif ($session->$name) { ${$name} = $session->$name; } else { ${$name} = $default; } } // then $date and $language get passed to data-fetching methods in my model -- David Mintz http://davidmintz.org/ The subtle source is clear and bright The tributary streams flow through the darkness -------------- next part -------------- An HTML attachment was scrubbed... URL: From david at davidmintz.org Wed Apr 2 13:21:11 2008 From: david at davidmintz.org (David Mintz) Date: Wed, 2 Apr 2008 13:21:11 -0400 Subject: [nycphp-talk] ajax and un-breaking the ol' back button In-Reply-To: <8f0676b40804021007n63271797k2574c082beea2988@mail.gmail.com> References: <721f1cc50804020653x637ef226s6c292bc80b76fbc3@mail.gmail.com> <8f0676b40804021007n63271797k2574c082beea2988@mail.gmail.com> Message-ID: <721f1cc50804021021u77c6d657n5d208dab233f6844@mail.gmail.com> On Wed, Apr 2, 2008 at 1:07 PM, John Campbell wrote: > > Back button navigation is specific to the window... cookies/sessions > are 1 per browser instance. You will have a mismatch, but it may be > one you can live with. The best way to do it is to save the query > parameters in the address bar. In gmail, the page view information is > saved after the '#' sign. Take a look at the jquery history plugin. > Ooops. I think I will live with it for now but thanks for the lesson. I was wondering what mail.google.com/mail/#label/nyphp/1190f69a2f1bd0da meant (-: Those clever google dudes. -- David Mintz http://davidmintz.org/ The subtle source is clear and bright The tributary streams flow through the darkness -------------- next part -------------- An HTML attachment was scrubbed... URL: From ken at secdat.com Wed Apr 2 14:58:49 2008 From: ken at secdat.com (Kenneth Downs) Date: Wed, 02 Apr 2008 14:58:49 -0400 Subject: [nycphp-talk] best practice for calling multiple queries? In-Reply-To: <20080402164950.GA25234@panix.com> References: <1207151348.8408@coral.he.net> <20080402164950.GA25234@panix.com> Message-ID: <47F3D769.5000003@secdat.com> Daniel Convissor wrote: > Hi Kristina: > > On Wed, Apr 02, 2008 at 08:49:08AM -0700, Kristina Anderson wrote: > >> I name each query $query1, >> query2, etc rather than what I see in a lot of PHP code I've inherited, >> where each query is simply named $query, even if there are 6 or 7 of >> them on the page. >> > > I use $sql for all queries. It's short and to the point. Plus it > ensures you're running the most recenlty defined $sql and are not adding > overhead with extra variables. It also allows you to copy and paste the > actual query execution line over and over and over without having to > worry (which is probably how your bug got introduced). > > Even if you want to give each query string a unique variable name, don't > name them 1, 2, 3. Give them real names that descirbe what they are. > Normally I wouldn't waste bandwidth with a "me too" response, but Dan's reply here is very clear and to the point. Simplicity can be a very powerful productivity tool. -- Kenneth Downs Secure Data Software, Inc. www.secdat.com www.andromeda-project.org 631-689-7200 Fax: 631-689-0527 cell: 631-379-0010 -------------- next part -------------- An HTML attachment was scrubbed... URL: From ka at kacomputerconsulting.com Wed Apr 2 16:33:53 2008 From: ka at kacomputerconsulting.com (Kristina Anderson) Date: Wed, 2 Apr 2008 13:33:53 -0700 Subject: [nycphp-talk] Passing JAVASCRIPT variables to PHP Message-ID: <1207168433.17503@coral.he.net> Paul, Basically (at least IMHO), the best way for you to start thinking about solving problems of how to pass variables from let's say a document object back to the server to a PHP script (for instance the user system date & time as recorded by the document object as in your example) is for you to think in terms of using forms -- you can store your user's system date & time in the hidden field(s) and then when they submit the form, record it in the database, and it will be accessible to your server-side script after form submit. The good part of hidden fields is it's easy to view the source and make sure your variables are where they should be. The bad part is, obviously, you don't want to use them to store anything sensitive, confidential or that otherwise you would not want some savvy user who knows how to view document source to read, because they will be in there. This is exactly the type of thing that I recall years ago trying to wrap my head around when I first started out. (Now, I'm reduced to missing stupid bugs when I mistype a query name!!). Kristina > I am really sorry for being so utterly thick; but I still just do not get > it. I would be so grateful if you have any coded examples that I could look > at and follow. while I really value what everybody has said most of it was > just beyond my understanding. > > Paul > > ----- Original Message ----- > From: "Kristina Anderson" > To: "NYPHP Talk" > Sent: Wednesday, April 02, 2008 12:22 AM > Subject: Re: [nycphp-talk] Passing JAVASCRIPT variables to PHP > > > > One of the projects I inherited recently contains the following code > > which is used basically to store the record ID and editstate in the > > URL's querystring. When I first saw it, I was scratching my head > > saying, why would anyone think they needed to do it this way? > > > > (My preferred way to store data such as this would be in hidden fields > > which are submitted with the form, but I do realize that everyone has > > different coding styles. And mind you, they do have hidden fields > > which do contain IDs for other purposes...) > > > > The script in the document head is > > > > > > > > and then throughout the page this script is called by echoing the > > following: > > > > echo "\n"; > > > > Would love to hear any and all comments on the above vis a vis this > > discussion. > > > > --Kristina > > > > > >> Susan hit the nail on the head. She's pointing out why I said it was a > >> "hack" - if you're not understanding the problem correctly (the > >> difference between client-side and server-side) then the proposed > >> solution might be "simple and workable" but it's still wrong. > >> > >> More to the point, what exactly are your goals with this code, Paul? > >> Are you just trying to get the exact time on the client's computer? > >> Are you just trying to create a timestamp in their timezone? > >> > >> On Mon, Mar 31, 2008 at 6:51 PM, Susan Shemin > > wrote: > >> > > >> > > >> > > >> > I'm watching this discussion with interest since I asked a similar > > question > >> > last month (about sending PHP stats from a JS onclick event). The > > answer > >> > that came up was to put a redirect to the link page, run the PHP > > script on a > >> > redirect.php page and then send it on to the destination. > >> > > >> > > >> > > >> > I've set it up this way and it's working fantastically, but I have > > tons of > >> > links and I'm beginning to feel hesitant about sending users to a > > redirect > >> > when there's so many harmful redirects out there. (Of course, not > > mine...) > >> > > >> > > >> > > >> > Just as this question came up here, I was again researching it on > > the > >> > internet, and very clearly saw that the crux of the problem is that > >> > Javascript is client side and PHP server side, meaning the 2 don't > > mix > >> > unless in Ajax. > >> > > >> > > >> > > >> > So I'm off to brush up on my Ajax and get it working, because > > except for the > >> > redirect, I can only see that Ajax will work. > >> > > >> > > >> > > >> > Susan > >> > > >> > > >> > _______________________________________________ > >> > New York PHP Community Talk Mailing List > >> > http://lists.nyphp.org/mailman/listinfo/talk > >> > > >> > NYPHPCon 2006 Presentations Online > >> > http://www.nyphpcon.com > >> > > >> > Show Your Participation in New York PHP > >> > http://www.nyphp.org/show_participation.php > >> > > >> > >> > >> > >> -- > >> realm3 web applications [realm3.com] > >> freelance consulting, application development > >> (917) 512-3594 > >> _______________________________________________ > >> New York PHP Community Talk Mailing List > >> http://lists.nyphp.org/mailman/listinfo/talk > >> > >> NYPHPCon 2006 Presentations Online > >> http://www.nyphpcon.com > >> > >> Show Your Participation in New York PHP > >> http://www.nyphp.org/show_participation.php > >> > >> > > > > > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > From ka at kacomputerconsulting.com Wed Apr 2 16:36:34 2008 From: ka at kacomputerconsulting.com (Kristina Anderson) Date: Wed, 2 Apr 2008 13:36:34 -0700 Subject: [nycphp-talk] Bizarro Bug -- AHA!!!!!!! Message-ID: <1207168594.18880@coral.he.net> If you guys could point me in the direction of some online examples of how people modularize this type of code, I would be very grateful. I'm ready to take this to the next level (I just wish I could get back those 5 hours I wasted not seeing that I was calling the wrong query). > Howdy Steve: > > On Wed, Apr 02, 2008 at 12:14:08PM -0400, Steve Manes wrote: > > > > I generally wrap all database calls in API functions specific to the > > task being performed, i.e. get_patient_referrals_list(), > > put_private_transport_segment(), update_clinic_demographic(). That way > > the logging is specific to the task and any specialized processing that > > needs to be done to the data can be done in one place. > > That's good. That still doens't obviate the need to have those functions > then call one central function that actually runs the query. > > --Dan > > -- > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > data intensive web and database programming > http://www.AnalysisAndSolutions.com/ > 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > From ka at kacomputerconsulting.com Wed Apr 2 16:49:40 2008 From: ka at kacomputerconsulting.com (Kristina Anderson) Date: Wed, 2 Apr 2008 13:49:40 -0700 Subject: [nycphp-talk] best practice for calling multiple queries? Message-ID: <1207169380.24584@coral.he.net> Dan, That's how it got introduced for sure...I copy the $result line and then just increment the numbers [but forgot to increment the number of the query I was executing]...NOT going to do that any more... ! > Hi Kristina: > > On Wed, Apr 02, 2008 at 08:49:08AM -0700, Kristina Anderson wrote: > > I name each query $query1, > > query2, etc rather than what I see in a lot of PHP code I've inherited, > > where each query is simply named $query, even if there are 6 or 7 of > > them on the page. > > I use $sql for all queries. It's short and to the point. Plus it > ensures you're running the most recenlty defined $sql and are not adding > overhead with extra variables. It also allows you to copy and paste the > actual query execution line over and over and over without having to > worry (which is probably how your bug got introduced). > > Even if you want to give each query string a unique variable name, don't > name them 1, 2, 3. Give them real names that descirbe what they are. > > --Dan > > -- > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > data intensive web and database programming > http://www.AnalysisAndSolutions.com/ > 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > From ka at kacomputerconsulting.com Wed Apr 2 17:10:11 2008 From: ka at kacomputerconsulting.com (Kristina Anderson) Date: Wed, 2 Apr 2008 14:10:11 -0700 Subject: [nycphp-talk] best practice for calling multiple queries? Message-ID: <1207170611.32038@coral.he.net> if the memory is freed when you reuse the variable names, then probably from a performance standpoint that is the best way to do it? Hmm. > On Wed, Apr 2, 2008 at 11:49 AM, Kristina Anderson > wrote: > > One thing that I've taken away from this (aside from feeling like an > > idiot!) is that one reason for my introduction of these bugs is a > > holdover from my "ASP" coding style where I name each query $query1, > > query2, etc rather than what I see in a lot of PHP code I've inherited, > > where each query is simply named $query, even if there are 6 or 7 of > > them on the page. > > > > What is the accepted best practice here? I find it very confusing to > > try to read code with 16 items each named $query or $result, but > > my "ASP" style code is clearly introducing other editing issues. > > I don't see how query1, query2 would be any more clear than just using > the same variable name. Using the same variable name indicates that > the previous statement will not be used again and frees the memory. I > prefer using names like $sql and $cursor over $query and $result, > because they are more accurate names. It is clear that "sql" is a > string, and a "cursor" is a pointer to a result set, not actual data. > > -John C. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > From smanes at magpie.com Wed Apr 2 17:13:49 2008 From: smanes at magpie.com (Steve Manes) Date: Wed, 02 Apr 2008 17:13:49 -0400 Subject: [nycphp-talk] Bizarro Bug -- AHA!!!!!!! In-Reply-To: <20080402165310.GB25234@panix.com> References: <1207150552.1995@coral.he.net> <20080402154154.GA8186@panix.com> <47F3B0D0.6030706@magpie.com> <20080402165310.GB25234@panix.com> Message-ID: <47F3F70D.40909@magpie.com> Daniel Convissor wrote: > On Wed, Apr 02, 2008 at 12:14:08PM -0400, Steve Manes wrote: >> I generally wrap all database calls in API functions specific to the >> task being performed, i.e. get_patient_referrals_list(), >> put_private_transport_segment(), update_clinic_demographic(). That way >> the logging is specific to the task and any specialized processing that >> needs to be done to the data can be done in one place. > > That's good. That still doens't obviate the need to have those functions > then call one central function that actually runs the query. I've never had much need to generalize the database API functions more than that if I'm already wrapping them inside dedicated application API functions. I always parameterize the queries so the only potentially reusable components would be: $result = pg_query_params($db, $sql, $array); if (!$result) { return array(false, pg_last_error($db)); } $rows = array(); while ($row = pg_fetch_assoc($result)) { $rows[] = $row; } return array(true, $rows); But that's limiting as well because some queries are expected to return only one row, some return many rows, some result sets are enumerated, some are hashes, some need to return the exit code of a stored procedure, not the database function. Also, I like the function to return database errors branded with the __FUNCTION__ or __CLASS__ name where the error occurred. From danielc at analysisandsolutions.com Wed Apr 2 20:25:10 2008 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Wed, 2 Apr 2008 20:25:10 -0400 Subject: [nycphp-talk] Bizarro Bug -- AHA!!!!!!! In-Reply-To: <1207168594.18880@coral.he.net> References: <1207168594.18880@coral.he.net> Message-ID: <20080403002510.GA29831@panix.com> Hi Kristina: On Wed, Apr 02, 2008 at 01:36:34PM -0700, Kristina Anderson wrote: > If you guys could point me in the direction of some online examples of > how people modularize this type of code, I would be very grateful. Attached is a radically stripped down version of the database class we used on a recent project. It uses PHP's mysqli extension in object-oriented mode. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 -------------- next part -------------- host = $host; $this->user = $user; $this->pass = $pass; $this->db = $db; $this->port = $port; $return = parent::__construct($host, $user, $pass, $db, $port); if ($return === false) { log_it(LOG_NAME_DB, 'Could not connect to database: ('. mysqli_connect_errno().') '.mysqli_connect_error()); throw new Exception('Could not connect to database', 5002); } return $return; } public function __toString() { return get_class($this).' instance -> DB: '.$this->db. ' HOST: '.$this->host.' PORT: '.$this->port; } public function esc($str) { return $this->real_escape_string($str); } public function log_error($sql, $code, $message, $trace) { $body = 'SQL ERROR: ('.$code.') '.$message."\n". '[Connection: '.$this->__toString()."]\n". $sql; log_it(LOG_NAME_DB, $body); } public function log_query($sql, $trace) { $body = '[Connection: '.$this->__toString()."]\n". $sql; log_it(LOG_NAME_DB, $body); } /** * Checks for warnings and handles them as instructed * * @param string $sql the SQL string * @param bool $log_warnings if FALSE, warnings get put into the * $warnings property instead of being logged */ public function log_warnings($sql, $log_warnings) { $this->warnings = array(); if ($this->warning_count == 0) { return; } $info_tmp = $this->query_info; $warnings = $this->run_manipulate('SHOW WARNINGS'); $error = ''; foreach ($warnings as $warning) { $error .= $warning['Message']."\n"; if (!$log_warnings) { $this->warnings[] = $warning['Message']; } } if ($log_warnings) { $body = 'SQL WARNING: '.$error."\n". '[Connection: '.$this->__toString()."]\n". $sql; log_it(LOG_NAME_DB, $body); } $this->query_info = $info_tmp; } public function matched_rows() { if (ereg('^Rows matched: ([0-9]+)', $this->query_info, $regs)) { return $regs[1]; } else { return -100; } } /** * The method for executing data manipulation queries (INSERT, UPDATE, etc) * * @param string $sql the SQL string to execute * @param bool $log_warnings (TRUE) if FALSE, warnings get put into the * $warnings property instead of being logged * @return void * @uses db::log_warnings() */ public function run_manipulate($sql, $log_warnings=true) { if (LOG_QUERIES) { $this->log_query($sql, debug_backtrace()); } if (!(parent::query($sql))) { $this->log_error($sql, $this->errno, $this->error, debug_backtrace()); throw new Exception('Query Error in run_manipulate()', 500); } $this->query_info = $this->info; $this->log_warnings($sql, $log_warnings); } /** * The method for executing SELECT queries, it returns the results in * the format specified by $output_type * * @param string $sql the SQL string to execute * @param string $output_type how the output should be formatted * [...truncated for public consumption...] * @param string $key column name to use as key for array * output types * @return void */ public function run_select($sql, $output_type='array', $key='') { if (LOG_QUERIES) { $this->log_query($sql, debug_backtrace()); } if (!($result = parent::query($sql))) { $this->log_error($sql, $this->errno, $this->error, debug_backtrace()); throw new Exception('Query Error in run_select()', 500); } /* * This is a very simplified version of BUT ONE of the $output_type's. * Others are left to your imagination. */ $output = array(); while ($row = $result->fetch_array(MYSQLI_ASSOC)) { if ($key != '') { $output[$row[$key]] = $row; } else { $output[] = $row; } } $result->free(); return $output; } } From guilhermeblanco at gmail.com Wed Apr 2 21:36:51 2008 From: guilhermeblanco at gmail.com (Guilherme Blanco) Date: Wed, 2 Apr 2008 22:36:51 -0300 Subject: [nycphp-talk] Bizarro Bug -- AHA!!!!!!! In-Reply-To: <20080403002510.GA29831@panix.com> References: <1207168594.18880@coral.he.net> <20080403002510.GA29831@panix.com> Message-ID: If you are opened for suggestions, you should give a try to Doctrine project. http://www.phpdoctrine.org Doctrine is a ORM tool for PHP. IMHO, the only ORM tool that exists for PHP (I do not want to open this thread for discussions, even Propel devs say their project IS NOT an ORM tool). Also, I do not want to listen to small two-month only projects. Regards, On Wed, Apr 2, 2008 at 9:25 PM, Daniel Convissor wrote: > Hi Kristina: > > > On Wed, Apr 02, 2008 at 01:36:34PM -0700, Kristina Anderson wrote: > > If you guys could point me in the direction of some online examples of > > how people modularize this type of code, I would be very grateful. > > Attached is a radically stripped down version of the database class we > used on a recent project. It uses PHP's mysqli extension in > object-oriented mode. > > > > --Dan > > -- > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > data intensive web and database programming > http://www.AnalysisAndSolutions.com/ > 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- Guilherme Blanco - Web Developer CBC - Certified Bindows Consultant Cell Phone: +55 (16) 9166-6902 MSN: guilhermeblanco at hotmail.com URL: http://blog.bisna.com S?o Carlos - SP/Brazil From preinheimer at gmail.com Wed Apr 2 23:05:41 2008 From: preinheimer at gmail.com (Paul Reinheimer) Date: Wed, 2 Apr 2008 23:05:41 -0400 Subject: [nycphp-talk] Distance PHP training? In-Reply-To: <1206059986.2909.0.camel@leam> References: <1205975393.2853.4.camel@leam> <1206059986.2909.0.camel@leam> Message-ID: <6ec19ec70804022005i475976bcw626d8bb0eba57dc5@mail.gmail.com> I don't think we're within your budget, but we do online training (and actually deliver several of the courses Zend offers :)) http://phparch.com/c/phpa/training paul -------------- next part -------------- An HTML attachment was scrubbed... URL: From jmcgraw1 at gmail.com Thu Apr 3 09:03:40 2008 From: jmcgraw1 at gmail.com (Jake McGraw) Date: Thu, 3 Apr 2008 09:03:40 -0400 Subject: [nycphp-talk] CMS - Estimating Hours In-Reply-To: <47EDEBB2.9090408@nopersonal.info> References: <1206738614.27142@coral.he.net> <47EDEBB2.9090408@nopersonal.info> Message-ID: Just read a recent review of some open source CMS software, may help in your search: http://www.adobe.com/newsletters/edge/april2008/articles/article4/index.html?trackingid=CAFWA - jake On Sat, Mar 29, 2008 at 3:11 AM, BAS wrote: > Kristina Anderson wrote: > > > Also, if you have any programming questions, put them out there now rather > than later so that you can educate yourself and be able to back up your > employer's request to justify why it will take the amount of time it will > take. > > > > Good advice. As a matter fact, I installed both Drupal & Joomla Thursday in > the hopes that I can take a good long peek under the hood this weekend to > see what I'm up against before I submit my estimate to her. > > > > > Good luck! You will learn a lot doing this and have fun too :) > > > > Thanks--I'll probably need all the luck, caffeine, and nicotine I can get > my hands on! > > Bev ;-) > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From david at davidmintz.org Thu Apr 3 09:41:42 2008 From: david at davidmintz.org (David Mintz) Date: Thu, 3 Apr 2008 09:41:42 -0400 Subject: [nycphp-talk] Bizarro Bug trying to insert after using mysql_insert_row In-Reply-To: <1207150615.2525@coral.he.net> References: <1207150615.2525@coral.he.net> Message-ID: <721f1cc50804030641w506bd14ci53c34f3151b4304e@mail.gmail.com> Sort of OT, but... isn't the old mysql_xxx API on its way to deprecation? On Wed, Apr 2, 2008 at 11:36 AM, Kristina Anderson < ka at kacomputerconsulting.com> wrote: > YEP!!! That was exactly what it is. God I feel dumb!!! :) > > Oh well. > > > Hi Kristina: > > > > On Wed, Apr 02, 2008 at 08:14:06AM -0700, Kristina Anderson wrote: > > > > > > The ID value is correctly returned and the INSERT string builds > > > correctly, so those are not the problems. > > ... snip ... > > > My > > > best guess is that it might be something in the table structure > that > > > I'm missing, > > > > I highly doubt that. It's a bug in the code. > > > [...] -- David Mintz http://davidmintz.org/ The subtle source is clear and bright The tributary streams flow through the darkness -------------- next part -------------- An HTML attachment was scrubbed... URL: From danielc at analysisandsolutions.com Thu Apr 3 10:01:07 2008 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Thu, 3 Apr 2008 10:01:07 -0400 Subject: [nycphp-talk] Bizarro Bug trying to insert after using mysql_insert_row In-Reply-To: <721f1cc50804030641w506bd14ci53c34f3151b4304e@mail.gmail.com> References: <1207150615.2525@coral.he.net> <721f1cc50804030641w506bd14ci53c34f3151b4304e@mail.gmail.com> Message-ID: <20080403140107.GA28861@panix.com> On Thu, Apr 03, 2008 at 09:41:42AM -0400, David Mintz wrote: > Sort of OT, but... isn't the old mysql_xxx API on its way to deprecation? Yep. Which is another reason to use a database library rather than calling the database extension functions directly all over the place. When the DBMS changes, you (generally) only need to change your library, not every database function call throughout your entire application. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From edwardpotter at gmail.com Thu Apr 3 14:35:06 2008 From: edwardpotter at gmail.com (Edward Potter) Date: Thu, 3 Apr 2008 14:35:06 -0400 Subject: [nycphp-talk] CMS - Estimating Hours In-Reply-To: References: <1206738614.27142@coral.he.net> <47EDEBB2.9090408@nopersonal.info> Message-ID: Forget everything about building your own store, STOP! Go to amazon, use their new software for store building. DOES EVERYTHING 10X over. Sigh, I'm out of business now. 14 years of building ecommerce sites, they finally caught up with me, I can't compete with them. I guess that's a good thing. :-) ed PS, hmmmmm, magento looks pretty cool however. http://www.magentocommerce.com/ On Thu, Apr 3, 2008 at 9:03 AM, Jake McGraw wrote: > Just read a recent review of some open source CMS software, may help > in your search: > > http://www.adobe.com/newsletters/edge/april2008/articles/article4/index.html?trackingid=CAFWA > > - jake > > > > On Sat, Mar 29, 2008 at 3:11 AM, BAS wrote: > > Kristina Anderson wrote: > > > > > Also, if you have any programming questions, put them out there now rather > > than later so that you can educate yourself and be able to back up your > > employer's request to justify why it will take the amount of time it will > > take. > > > > > > > Good advice. As a matter fact, I installed both Drupal & Joomla Thursday in > > the hopes that I can take a good long peek under the hood this weekend to > > see what I'm up against before I submit my estimate to her. > > > > > > > > > Good luck! You will learn a lot doing this and have fun too :) > > > > > > > Thanks--I'll probably need all the luck, caffeine, and nicotine I can get > > my hands on! > > > > Bev ;-) > > > > > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- IM/iChat: ejpusa Links: http://del.icio.us/ejpusa Blog: http://www.utopiaparkway.com Follow me: http://www.twitter.com/ejpusa Karma: http://www.coderswithconscience.com Projects: http://flickr.com/photos/86842405 at N00/ Store: http://astore.amazon.com/httpwwwutopic-20 From randalrust at gmail.com Thu Apr 3 14:38:43 2008 From: randalrust at gmail.com (Randal Rust) Date: Thu, 3 Apr 2008 14:38:43 -0400 Subject: [nycphp-talk] CMS - Estimating Hours In-Reply-To: References: <1206738614.27142@coral.he.net> <47EDEBB2.9090408@nopersonal.info> Message-ID: On Thu, Apr 3, 2008 at 2:35 PM, Edward Potter wrote: > Go to amazon, use their new software for store building. Are you referring to this: http://webstore.amazon.com/ I can think of plenty of clients that would balk at a 7% commission. -- Randal Rust R.Squared Communications www.r2communications.com From edwardpotter at gmail.com Thu Apr 3 17:56:08 2008 From: edwardpotter at gmail.com (Edward Potter) Date: Thu, 3 Apr 2008 17:56:08 -0400 Subject: [nycphp-talk] CMS - Estimating Hours In-Reply-To: References: <1206738614.27142@coral.he.net> <47EDEBB2.9090408@nopersonal.info> Message-ID: You make that up in the shipping, the tools are just toooooo compelling to ignore. We're launching 100 stores this month - so will report back. :-) ed On Thu, Apr 3, 2008 at 2:38 PM, Randal Rust wrote: > On Thu, Apr 3, 2008 at 2:35 PM, Edward Potter wrote: > > > Go to amazon, use their new software for store building. > > Are you referring to this: http://webstore.amazon.com/ > > I can think of plenty of clients that would balk at a 7% commission. > > -- > Randal Rust > R.Squared Communications > www.r2communications.com > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- IM/iChat: ejpusa Links: http://del.icio.us/ejpusa Blog: http://www.utopiaparkway.com Follow me: http://www.twitter.com/ejpusa Karma: http://www.coderswithconscience.com Projects: http://flickr.com/photos/86842405 at N00/ Store: http://astore.amazon.com/httpwwwutopic-20 From ereyes at totalcreations.com Thu Apr 3 18:05:26 2008 From: ereyes at totalcreations.com (Edgar Reyes) Date: Thu, 03 Apr 2008 18:05:26 -0400 Subject: [nycphp-talk] CMS - Estimating Hours In-Reply-To: References: <1206738614.27142@coral.he.net> <47EDEBB2.9090408@nopersonal.info> Message-ID: <014001c895d6$d28487e0$f5063181@ERTop> Not to say the $59.99 per month plus the 7% commission. I would say charge the 7% but no monthly fees that would be great. But monthly fees and commissions that's a bit much. ER -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Randal Rust Sent: Thursday, April 03, 2008 2:39 PM To: NYPHP Talk Subject: Re: [nycphp-talk] CMS - Estimating Hours On Thu, Apr 3, 2008 at 2:35 PM, Edward Potter wrote: > Go to amazon, use their new software for store building. Are you referring to this: http://webstore.amazon.com/ I can think of plenty of clients that would balk at a 7% commission. -- Randal Rust R.Squared Communications www.r2communications.com _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From ereyes at totalcreations.com Thu Apr 3 18:30:40 2008 From: ereyes at totalcreations.com (Edgar Reyes) Date: Thu, 03 Apr 2008 18:30:40 -0400 Subject: [nycphp-talk] CMS - Estimating Hours In-Reply-To: References: <1206738614.27142@coral.he.net> <47EDEBB2.9090408@nopersonal.info> Message-ID: <015101c895da$5914be80$f5063181@ERTop> I don't know about that, just because personally I don't shop at stores that I think over charge for shipping and I don't think I'm alone on that one. ER -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Edward Potter Sent: Thursday, April 03, 2008 5:56 PM To: NYPHP Talk Subject: Re: [nycphp-talk] CMS - Estimating Hours You make that up in the shipping, the tools are just toooooo compelling to ignore. We're launching 100 stores this month - so will report back. :-) ed On Thu, Apr 3, 2008 at 2:38 PM, Randal Rust wrote: > On Thu, Apr 3, 2008 at 2:35 PM, Edward Potter wrote: > > > Go to amazon, use their new software for store building. > > Are you referring to this: http://webstore.amazon.com/ > > I can think of plenty of clients that would balk at a 7% commission. > > -- > Randal Rust > R.Squared Communications > www.r2communications.com > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- IM/iChat: ejpusa Links: http://del.icio.us/ejpusa Blog: http://www.utopiaparkway.com Follow me: http://www.twitter.com/ejpusa Karma: http://www.coderswithconscience.com Projects: http://flickr.com/photos/86842405 at N00/ Store: http://astore.amazon.com/httpwwwutopic-20 _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From edwardpotter at gmail.com Thu Apr 3 20:04:34 2008 From: edwardpotter at gmail.com (Edward Potter) Date: Thu, 3 Apr 2008 20:04:34 -0400 Subject: [nycphp-talk] CMS - Estimating Hours In-Reply-To: <015101c895da$5914be80$f5063181@ERTop> References: <1206738614.27142@coral.he.net> <47EDEBB2.9090408@nopersonal.info> <015101c895da$5914be80$f5063181@ERTop> Message-ID: I think there was an interesting study for ebay: 2 items, exactly the same: 1 is $100 with $10 shipping 1 is $90 with $25 shipping The cheaper item with expensive shipping will consistently outsell the higher priced item with less shipping costs - even though the cheaper priced item will end up costing you more. Just something hard-wired in the brain. That's why the 1 penny sellers on ebay make a killing. On 4/3/08, Edgar Reyes wrote: > I don't know about that, just because personally I don't shop at stores that > I think over charge for shipping and I don't think I'm alone on that one. > > > ER > > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On > > Behalf Of Edward Potter > Sent: Thursday, April 03, 2008 5:56 PM > To: NYPHP Talk > Subject: Re: [nycphp-talk] CMS - Estimating Hours > > > You make that up in the shipping, the tools are just toooooo > compelling to ignore. > > We're launching 100 stores this month - so will report back. :-) ed > > > On Thu, Apr 3, 2008 at 2:38 PM, Randal Rust wrote: > > On Thu, Apr 3, 2008 at 2:35 PM, Edward Potter > wrote: > > > > > Go to amazon, use their new software for store building. > > > > Are you referring to this: http://webstore.amazon.com/ > > > > I can think of plenty of clients that would balk at a 7% commission. > > > > -- > > Randal Rust > > R.Squared Communications > > www.r2communications.com > > > > > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > > > > -- > IM/iChat: ejpusa > Links: http://del.icio.us/ejpusa > Blog: http://www.utopiaparkway.com > Follow me: http://www.twitter.com/ejpusa > Karma: http://www.coderswithconscience.com > Projects: http://flickr.com/photos/86842405 at N00/ > Store: http://astore.amazon.com/httpwwwutopic-20 > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- IM/iChat: ejpusa Links: http://del.icio.us/ejpusa Blog: http://www.utopiaparkway.com Follow me: http://www.twitter.com/ejpusa Karma: http://www.coderswithconscience.com Projects: http://flickr.com/photos/86842405 at N00/ Store: http://astore.amazon.com/httpwwwutopic-20 From lists at silmail.com Thu Apr 3 21:32:02 2008 From: lists at silmail.com (Jiju Thomas Mathew) Date: Fri, 4 Apr 2008 07:02:02 +0530 Subject: [nycphp-talk] Passing JAVASCRIPT variables to PHP In-Reply-To: <688499.15038.qm@web50211.mail.re2.yahoo.com> References: <688499.15038.qm@web50211.mail.re2.yahoo.com> Message-ID: <6431a0f40804031832l257bb6d9i5e7b73befa1ac0fd@mail.gmail.com> On Tue, Apr 1, 2008 at 4:21 AM, Susan Shemin wrote: > > > So I'm off to brush up on my Ajax and get it working, because except for > the redirect, I can only see that Ajax will work. > Though it is a bit off topic, I suggest that you use one of the available libraries out there, which will make things easier for you and make your code more cleaner. Starting from cba.js, to prototype.js there are a whole bunch -- Jiju Thomas Mathew Technology Officer, Saturn Systemwares Pvt Ltd Gayathri, Technopark, Trivandrum, Kerala, India Mob: 91 94470 47989 Tel : +91 471 3255001 http://www.saturn.in Personal Technical Blog http://www.php-trivandrum.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From susan_shemin at yahoo.com Thu Apr 3 21:37:39 2008 From: susan_shemin at yahoo.com (Susan Shemin) Date: Thu, 3 Apr 2008 18:37:39 -0700 (PDT) Subject: [nycphp-talk] Passing JAVASCRIPT variables to PHP Message-ID: <331023.80076.qm@web50209.mail.re2.yahoo.com> funny you say that -- I just was reading an article this afternoon on devx.com about prototype and script-i-licious and I'm going to check it out ----- Original Message ---- From: Jiju Thomas Mathew To: NYPHP Talk Sent: Thursday, April 3, 2008 6:32:02 PM Subject: Re: [nycphp-talk] Passing JAVASCRIPT variables to PHP On Tue, Apr 1, 2008 at 4:21 AM, Susan Shemin wrote: So I'm off to brush up on my Ajax and get it working, because except for the redirect, I can only see that Ajax will work. Though it is a bit off topic, I suggest that you use one of the available libraries out there, which will make things easier for you and make your code more cleaner. Starting from cba.js, to prototype.js there are a whole bunch -- Jiju Thomas Mathew Technology Officer, Saturn Systemwares Pvt Ltd Gayathri, Technopark, Trivandrum, Kerala, India Mob: 91 94470 47989 Tel : +91 471 3255001 http://www.saturn.in Personal Technical Blog http://www.php-trivandrum.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From susan_shemin at yahoo.com Thu Apr 3 23:24:31 2008 From: susan_shemin at yahoo.com (Susan Shemin) Date: Thu, 3 Apr 2008 20:24:31 -0700 (PDT) Subject: [nycphp-talk] Passing JAVASCRIPT variables to PHP Message-ID: <473887.57017.qm@web50209.mail.re2.yahoo.com> sorry, it's script.aculo.us and prototype here's the article: http://www.devx.com/webdev/Article/37574 ----- Original Message ---- From: Susan Shemin To: NYPHP Talk Sent: Thursday, April 3, 2008 6:37:39 PM Subject: Re: [nycphp-talk] Passing JAVASCRIPT variables to PHP funny you say that -- I just was reading an article this afternoon on devx.com about prototype and script-i-licious and I'm going to check it out ----- Original Message ---- From: Jiju Thomas Mathew To: NYPHP Talk Sent: Thursday, April 3, 2008 6:32:02 PM Subject: Re: [nycphp-talk] Passing JAVASCRIPT variables to PHP On Tue, Apr 1, 2008 at 4:21 AM, Susan Shemin wrote: So I'm off to brush up on my Ajax and get it working, because except for the redirect, I can only see that Ajax will work. Though it is a bit off topic, I suggest that you use one of the available libraries out there, which will make things easier for you and make your code more cleaner. Starting from cba.js, to prototype.js there are a whole bunch -- Jiju Thomas Mathew Technology Officer, Saturn Systemwares Pvt Ltd Gayathri, Technopark, Trivandrum, Kerala, India Mob: 91 94470 47989 Tel : +91 471 3255001 http://www.saturn.in Personal Technical Blog http://www.php-trivandrum.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From brian at realm3.com Fri Apr 4 10:01:14 2008 From: brian at realm3.com (Brian D.) Date: Fri, 4 Apr 2008 10:01:14 -0400 Subject: [nycphp-talk] Passing JAVASCRIPT variables to PHP In-Reply-To: <473887.57017.qm@web50209.mail.re2.yahoo.com> References: <473887.57017.qm@web50209.mail.re2.yahoo.com> Message-ID: I highly recommend jQuery. I've used prototype/scriptaculous for a while now but about three months ago I started working on a client's project that was already using jQuery. I was sold on it and I definitely plan on using it in the future. http://docs.jquery.com/Ajax - Brian D. On Thu, Apr 3, 2008 at 11:24 PM, Susan Shemin wrote: > > sorry, it's script.aculo.us and prototype > > > > here's the article: http://www.devx.com/webdev/Article/37574 > > > > ----- Original Message ---- > From: Susan Shemin > To: NYPHP Talk > Sent: Thursday, April 3, 2008 6:37:39 PM > Subject: Re: [nycphp-talk] Passing JAVASCRIPT variables to PHP > > > funny you say that -- I just was reading an article this afternoon on > devx.com about prototype and script-i-licious and I'm going to check it out > > > > ----- Original Message ---- > From: Jiju Thomas Mathew > To: NYPHP Talk > Sent: Thursday, April 3, 2008 6:32:02 PM > Subject: Re: [nycphp-talk] Passing JAVASCRIPT variables to PHP > > > > > On Tue, Apr 1, 2008 at 4:21 AM, Susan Shemin wrote: > > > > > > > > > > > > > > > So I'm off to brush up on my Ajax and get it working, because except for > the redirect, I can only see that Ajax will work. > Though it is a bit off topic, I suggest that you use one of the available > libraries out there, which will make things easier for you and make your > code more cleaner. Starting from cba.js, to prototype.js there are a whole > bunch > > -- > Jiju Thomas Mathew > Technology Officer, Saturn Systemwares Pvt Ltd > Gayathri, Technopark, Trivandrum, Kerala, India > Mob: 91 94470 47989 Tel : +91 471 3255001 > http://www.saturn.in > > Personal Technical Blog > http://www.php-trivandrum.org > > > > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- realm3 web applications [realm3.com] freelance consulting, application development (917) 512-3594 From codebowl at gmail.com Fri Apr 4 10:06:43 2008 From: codebowl at gmail.com (Joseph Crawford) Date: Fri, 4 Apr 2008 10:06:43 -0400 Subject: [nycphp-talk] Passing JAVASCRIPT variables to PHP In-Reply-To: References: <473887.57017.qm@web50209.mail.re2.yahoo.com> Message-ID: <1D2A414E-2883-4EB7-AC76-A2691C41086B@gmail.com> XAJAX is also something worth looking into. On Apr 4, 2008, at 10:01 AM, Brian D. wrote: > I highly recommend jQuery. I've used prototype/scriptaculous for a > while now but about three months ago I started working on a client's > project that was already using jQuery. I was sold on it and I > definitely plan on using it in the future. > > http://docs.jquery.com/Ajax > > - Brian D. > > On Thu, Apr 3, 2008 at 11:24 PM, Susan Shemin > wrote: >> >> sorry, it's script.aculo.us and prototype >> >> >> >> here's the article: http://www.devx.com/webdev/Article/37574 >> >> >> >> ----- Original Message ---- >> From: Susan Shemin >> To: NYPHP Talk >> Sent: Thursday, April 3, 2008 6:37:39 PM >> Subject: Re: [nycphp-talk] Passing JAVASCRIPT variables to PHP >> >> >> funny you say that -- I just was reading an article this afternoon on >> devx.com about prototype and script-i-licious and I'm going to >> check it out >> >> >> >> ----- Original Message ---- >> From: Jiju Thomas Mathew >> To: NYPHP Talk >> Sent: Thursday, April 3, 2008 6:32:02 PM >> Subject: Re: [nycphp-talk] Passing JAVASCRIPT variables to PHP >> >> >> >> >> On Tue, Apr 1, 2008 at 4:21 AM, Susan Shemin >> wrote: >> >>> >>> >>> >>> >>> >>> >>> So I'm off to brush up on my Ajax and get it working, because >>> except for >> the redirect, I can only see that Ajax will work. >> Though it is a bit off topic, I suggest that you use one of the >> available >> libraries out there, which will make things easier for you and make >> your >> code more cleaner. Starting from cba.js, to prototype.js there are >> a whole >> bunch >> >> -- >> Jiju Thomas Mathew >> Technology Officer, Saturn Systemwares Pvt Ltd >> Gayathri, Technopark, Trivandrum, Kerala, India >> Mob: 91 94470 47989 Tel : +91 471 3255001 >> http://www.saturn.in >> >> Personal Technical Blog >> http://www.php-trivandrum.org >> >> >> >> >> >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> > > > > -- > realm3 web applications [realm3.com] > freelance consulting, application development > (917) 512-3594 > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From smanes at magpie.com Fri Apr 4 10:14:32 2008 From: smanes at magpie.com (Steve Manes) Date: Fri, 04 Apr 2008 10:14:32 -0400 Subject: [nycphp-talk] Passing JAVASCRIPT variables to PHP In-Reply-To: <1D2A414E-2883-4EB7-AC76-A2691C41086B@gmail.com> References: <473887.57017.qm@web50209.mail.re2.yahoo.com> <1D2A414E-2883-4EB7-AC76-A2691C41086B@gmail.com> Message-ID: <47F637C8.4060702@magpie.com> Joseph Crawford wrote: > XAJAX is also something worth looking into. "Me Too" for Xajax. From davehauenstein at gmail.com Fri Apr 4 10:43:14 2008 From: davehauenstein at gmail.com (David Hauenstein) Date: Fri, 4 Apr 2008 10:43:14 -0400 Subject: [nycphp-talk] Passing JAVASCRIPT variables to PHP In-Reply-To: <47F637C8.4060702@magpie.com> References: <473887.57017.qm@web50209.mail.re2.yahoo.com> <1D2A414E-2883-4EB7-AC76-A2691C41086B@gmail.com> <47F637C8.4060702@magpie.com> Message-ID: <5A3E6C48-6B03-49D2-819E-B93B88B2068A@gmail.com> jQuery (http://jquery.com/) is the way to go with JS frameworks. I've used it extensively and even wrote a plugin (http://davehauenstein.com/blog/archives/28 ). But if you want to explore, i provided list of some of the most popular JS frameworks. Have fun. Some other good ones: http://www.prototypejs.org/ along with http://script.aculo.us/ http://developer.yahoo.com/yui/ http://extjs.com/ http://mootools.net/ -Dave Hauenstein On Apr 4, 2008, at 10:14 AM, Steve Manes wrote: > Joseph Crawford wrote: >> XAJAX is also something worth looking into. > > "Me Too" for Xajax. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From paulcheung at tiscali.co.uk Sat Apr 5 14:47:21 2008 From: paulcheung at tiscali.co.uk (PaulCheung) Date: Sat, 5 Apr 2008 19:47:21 +0100 Subject: [nycphp-talk] Passing JAVASCRIPT variables to PHP References: <000f01c892a3$2db28d60$0300a8c0@X9183><20080330220758.GA27670@panix.com> Message-ID: <000901c8974d$7b99eba0$0300a8c0@X9183> Sorry Mate, I lost it. I just cannot see what I'm doing wrong. All the coding before Datum is just working out the date. the following snippet is where I am trying to upload the Javascript data to the server. Paul Datum = ( +Year+ '/' +Month+ '/' +Day+ ' - ' +Hours+ ':' +Minutes+ ':' +Seconds); var $datum = Datum; new Image()).src = 'http://www.localhost/showdatum.php?$datum='+"$datum";

showdatum.php =========== "); ?> ----- Original Message ----- From: "tedd" To: "NYPHP Talk" Sent: Monday, March 31, 2008 2:27 PM Subject: Re: [nycphp-talk] Passing JAVASCRIPT variables to PHP > At 6:07 PM -0400 3/30/08, Daniel Convissor wrote: >>Hi Paul: >> >>On Sun, Mar 30, 2008 at 09:18:10PM +0100, PaulCheung wrote: >> >>> The problem is I cannot transfer the Javascript variable needed in to >>> PHP. >> >>JavaScript is client side. PHP is server side. This has been discussed >>on this list a couple times, and on the web too many times to count. >> >>You either need to submit the JS data to the server as part of a form or >>via an AJAX request. >> >>--Dan > > > --Dan: > > And don't forget this way: :-) > > var a = 1; > (new Image()).src = '/myscript.php?a='+ a; > > Cheers, > > tedd > > -- > ------- > http://sperling.com http://ancientstones.com http://earthstones.com > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From ka at kacomputerconsulting.com Sat Apr 5 15:21:41 2008 From: ka at kacomputerconsulting.com (Kristina Anderson) Date: Sat, 5 Apr 2008 12:21:41 -0700 Subject: [nycphp-talk] Passing JAVASCRIPT variables to PHP Message-ID: <1207423301.23279@coral.he.net> You are passing your date variable into a querystring instead of into the form. Therefore when you POST your form, the value is not there for the server side to read. Also I don't believe you should use $ characters in your form field names, which in any event won't pass in the date value. try something like this: Change the input type to "hidden" after you are seeing the date is populating in the form. -- Kristina > Sorry Mate, > > I lost it. I just cannot see what I'm doing wrong. All the coding before > Datum is just working out the date. the following snippet is where I am > trying to upload the Javascript data to the server. > > Paul > > Datum = ( +Year+ '/' +Month+ '/' +Day+ ' - ' +Hours+ ':' +Minutes+ ':' > +Seconds); > > var $datum = Datum; > new Image()).src = 'http://www.localhost/showdatum.php? $datum='+"$datum"; > > >
>
>
> > > > showdatum.php > =========== > echo('$datum = ' . $datum . "
"); ?> > > > ----- Original Message ----- > From: "tedd" > To: "NYPHP Talk" > Sent: Monday, March 31, 2008 2:27 PM > Subject: Re: [nycphp-talk] Passing JAVASCRIPT variables to PHP > > > > At 6:07 PM -0400 3/30/08, Daniel Convissor wrote: > >>Hi Paul: > >> > >>On Sun, Mar 30, 2008 at 09:18:10PM +0100, PaulCheung wrote: > >> > >>> The problem is I cannot transfer the Javascript variable needed in to > >>> PHP. > >> > >>JavaScript is client side. PHP is server side. This has been discussed > >>on this list a couple times, and on the web too many times to count. > >> > >>You either need to submit the JS data to the server as part of a form or > >>via an AJAX request. > >> > >>--Dan > > > > > > --Dan: > > > > And don't forget this way: :-) > > > > var a = 1; > > (new Image()).src = '/myscript.php?a='+ a; > > > > Cheers, > > > > tedd > > > > -- > > ------- > > http://sperling.com http://ancientstones.com http://earthstones.com > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > \ From rolan at omnistep.com Sat Apr 5 17:14:01 2008 From: rolan at omnistep.com (Rolan Yang) Date: Sat, 05 Apr 2008 16:14:01 -0500 Subject: [nycphp-talk] Passing JAVASCRIPT variables to PHP In-Reply-To: <1207423301.23279@coral.he.net> References: <1207423301.23279@coral.he.net> Message-ID: <47F7EB99.4090400@omnistep.com> I'm see a lot of odd code in the past few posts. $'s mixed in with javascript and attempts to blend client side javascript variables with server side php variables. Misleading code that simply wont work. Here's a working example for ya: test clientdate=
The example sends the client date back to the server in 2 different ways. The first is the img src method, which sends the data immediately after the page loads the second is via the form in the hidden field. ~Rolan From lists at nopersonal.info Sat Apr 5 17:06:57 2008 From: lists at nopersonal.info (BAS) Date: Sat, 05 Apr 2008 17:06:57 -0400 Subject: [nycphp-talk] CMS - Estimating Hours In-Reply-To: References: <1206738614.27142@coral.he.net> <47EDEBB2.9090408@nopersonal.info> Message-ID: <47F7E9F1.60101@nopersonal.info> Jake McGraw wrote: > Just read a recent review of some open source CMS software, may help > in your search: > > http://www.adobe.com/newsletters/edge/april2008/articles/article4/index.html?trackingid=CAFWA Thanks, Jake--every review helps. The client accepted our estimate, so now I have to make a CMS choice. I installed Drupal & Joomla and am leaning heavily toward Drupal, but I have to do some more code exploring lest I end up in over my head. Bev From lists at nopersonal.info Sat Apr 5 17:09:04 2008 From: lists at nopersonal.info (BAS) Date: Sat, 05 Apr 2008 17:09:04 -0400 Subject: [nycphp-talk] CMS - Estimating Hours In-Reply-To: References: <1206738614.27142@coral.he.net> <47EDEBB2.9090408@nopersonal.info> Message-ID: <47F7EA70.10000@nopersonal.info> Edward Potter wrote: > Forget everything about building your own store, STOP! > > Go to amazon, use their new software for store building. DOES > EVERYTHING 10X over. Sigh, I'm out of business now. 14 years of > building ecommerce sites, they finally caught up with me, I can't > compete with them. I guess that's a good thing. > > :-) ed > > PS, hmmmmm, magento looks pretty cool however. > > http://www.magentocommerce.com/ Hi Ed, Thanks for the recommendations; I'll keep them in mind. Regards. Bev From ka at kacomputerconsulting.com Sat Apr 5 17:29:26 2008 From: ka at kacomputerconsulting.com (Kristina Anderson) Date: Sat, 5 Apr 2008 14:29:26 -0700 Subject: [nycphp-talk] Passing JAVASCRIPT variables to PHP Message-ID: <1207430966.10545@coral.he.net> Yes, that is exactly what I thought I meant to explain about the hidden form... you can't pass the date directly into a PHP variable! So you'd have to use document.form.value... In my defense I have a horrible hangover...? :) > I'm see a lot of odd code in the past few posts. $'s mixed in with > javascript and attempts to blend client side javascript variables with > server side php variables. Misleading code that simply wont work. > Here's a working example for ya: > > test > > > > clientdate=
>
> > > >
> > > > The example sends the client date back to the server in 2 different ways. > The first is the img src method, which sends the data immediately after > the page loads > the second is via the form in the hidden field. > > ~Rolan > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From joshmccormack at travelersdiary.com Sat Apr 5 17:48:46 2008 From: joshmccormack at travelersdiary.com (Josh McCormack) Date: Sat, 5 Apr 2008 17:48:46 -0400 Subject: [nycphp-talk] CMS - Estimating Hours In-Reply-To: <47F7E9F1.60101@nopersonal.info> References: <1206738614.27142@coral.he.net> <47EDEBB2.9090408@nopersonal.info> <47F7E9F1.60101@nopersonal.info> Message-ID: I'd recommend finding some experienced person/agency to review your plans and work as you go along, answering questions and keeping you from making big mistakes. Maybe 5 hours a week. My company does Drupal dev and would do this, but I'm just trying to help, not pitch. So ask around, go to the local group meetings, etc and try to find someone to help you have a easier time. Josh On 4/5/08, BAS wrote: > Jake McGraw wrote: > > Just read a recent review of some open source CMS software, may help > > in your search: > > > > > http://www.adobe.com/newsletters/edge/april2008/articles/article4/index.html?trackingid=CAFWA > > Thanks, Jake--every review helps. The client accepted our estimate, so > now I have to make a CMS choice. I installed Drupal & Joomla and am > leaning heavily toward Drupal, but I have to do some more code exploring > lest I end up in over my head. > > Bev > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- Josh McCormack Owner, InteractiveQA Social Network Development & QA testing http://www.interactiveqa.com 917.620.4902 From lists at nopersonal.info Sat Apr 5 21:44:23 2008 From: lists at nopersonal.info (BAS) Date: Sat, 05 Apr 2008 21:44:23 -0400 Subject: [nycphp-talk] CMS - Estimating Hours In-Reply-To: References: <1206738614.27142@coral.he.net> <47EDEBB2.9090408@nopersonal.info> <47F7E9F1.60101@nopersonal.info> Message-ID: <47F82AF7.9020405@nopersonal.info> Josh McCormack wrote: > I'd recommend finding some experienced person/agency to review your > plans and work as you go along, answering questions and keeping you > from making big mistakes. Maybe 5 hours a week. > > My company does Drupal dev and would do this, but I'm just trying to > help, not pitch. So ask around, go to the local group meetings, etc > and try to find someone to help you have a easier time. Hi Josh, That's certainly something I'll keep in mind, but I think I'll be okay in the long run. It's inevitable that I'll make some mistakes, but I've always learned the most when doing so (and I hope the folks here will be kind enough to help me if I get completely stuck). I padded my estimated hours by about 20% to account for unforeseen issues, so (hopefully) that should give me sufficient wiggle room. I have no problem working additional non-billable hours on my own time for the sake of learning. I'm hoping to be able to make it to the upcoming April 21st presentation and meet up with some of the locals. Regards, Bev From joeleo724 at gmail.com Sun Apr 6 10:15:34 2008 From: joeleo724 at gmail.com (Joe Leo) Date: Sun, 6 Apr 2008 10:15:34 -0400 Subject: [nycphp-talk] Website Data Encryption tools Message-ID: <799abcd40804060715i2b622785obcde7d94321b9c16@mail.gmail.com> Hi All, I am trying to research about using website/data encryption methods or approaches out there. Any tools that allows the web site data & db to be encrypted. I've read about HTML protector (www.html-protector.com) - Anyone use this type of tool? What are the open source tools that can do this - if any? What are the performance considerations? And, how would this type of encrytion affect search engine rankings? Would appreciate any comments/suggestions! -joe -------------- next part -------------- An HTML attachment was scrubbed... URL: From dcech at phpwerx.net Sun Apr 6 10:43:51 2008 From: dcech at phpwerx.net (Dan Cech) Date: Sun, 06 Apr 2008 10:43:51 -0400 Subject: [nycphp-talk] Website Data Encryption tools In-Reply-To: <799abcd40804060715i2b622785obcde7d94321b9c16@mail.gmail.com> References: <799abcd40804060715i2b622785obcde7d94321b9c16@mail.gmail.com> Message-ID: <47F8E1A7.9010605@phpwerx.net> Joe Leo wrote: > I am trying to research about using website/data encryption methods or > approaches out there. Any tools that allows the web site data & db to be > encrypted. I've read about HTML protector (www.html-protector.com) - Anyone > use this type of tool? > What are the open source tools that can do this - if any? What are the > performance considerations? And, how would this type > of encrytion affect search engine rankings? Joe, This is a fools errand, in order for a web browser to display your page it must be able to download the html and assets (images, css, etc). I took a quick look at 'html-protector' and was less than impressed. The 'protection' consists of using javascript to write the page from an obfuscated string. The 'password prompt' is javascript also, and the password is present in the source. The cost of all this 'security'? The page is invisible to search engines and won't work at all for people with javascript disabled. If you want to obfuscate your html you can certainly make it (slightly) more difficult for people to 'Save Page As...', but the html is always going to be out there. Dan From joeleo724 at gmail.com Sun Apr 6 11:17:20 2008 From: joeleo724 at gmail.com (Joe Leo) Date: Sun, 6 Apr 2008 11:17:20 -0400 Subject: [nycphp-talk] Website Data Encryption tools In-Reply-To: <47F8E1A7.9010605@phpwerx.net> References: <799abcd40804060715i2b622785obcde7d94321b9c16@mail.gmail.com> <47F8E1A7.9010605@phpwerx.net> Message-ID: <799abcd40804060817i763c2b3dq21442ea84a8e5fe0@mail.gmail.com> Hi Dan, Thanks for your reply and comments.... I am not so much looking to have data encrypted from the user. But, encryption on the "server side".... For example, I want to be able to encrypt a web site folder and DB and upload to my hosting provider and know the data is safe but will continue to serve users as normal. I just read about TrueCrypt (http://www.truecrypt.org/) which is Open Source. This could be what I am looking for. Anyone use TrueCrypt? Joe On Sun, Apr 6, 2008 at 10:43 AM, Dan Cech wrote: > Joe Leo wrote: > > > I am trying to research about using website/data encryption methods or > > approaches out there. Any tools that allows the web site data & db to be > > encrypted. I've read about HTML protector (www.html-protector.com) - > > Anyone > > use this type of tool? > > What are the open source tools that can do this - if any? What are the > > performance considerations? And, how would this type > > of encrytion affect search engine rankings? > > > > Joe, > > This is a fools errand, in order for a web browser to display your page it > must be able to download the html and assets (images, css, etc). > > I took a quick look at 'html-protector' and was less than impressed. The > 'protection' consists of using javascript to write the page from an > obfuscated string. The 'password prompt' is javascript also, and the > password is present in the source. > > The cost of all this 'security'? The page is invisible to search engines > and won't work at all for people with javascript disabled. > > If you want to obfuscate your html you can certainly make it (slightly) > more difficult for people to 'Save Page As...', but the html is always going > to be out there. > > Dan > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ben at projectskyline.com Sun Apr 6 11:28:32 2008 From: ben at projectskyline.com (Ben Sgro) Date: Sun, 06 Apr 2008 11:28:32 -0400 Subject: [nycphp-talk] Website Data Encryption tools In-Reply-To: <799abcd40804060817i763c2b3dq21442ea84a8e5fe0@mail.gmail.com> References: <799abcd40804060715i2b622785obcde7d94321b9c16@mail.gmail.com> <47F8E1A7.9010605@phpwerx.net> <799abcd40804060817i763c2b3dq21442ea84a8e5fe0@mail.gmail.com> Message-ID: <47F8EC20.2030800@projectskyline.com> Hello Joe, Take a look at ionCube encoder. I use this and it works great. - Ben Joe Leo wrote: > Hi Dan, > > Thanks for your reply and comments.... I am not so much looking to > have data encrypted from the user. But, encryption on the "server > side".... For example, I want to be able to > encrypt a web site folder and DB and upload to my hosting provider and > know the data is > safe but will continue to serve users as normal. > > I just read about TrueCrypt (http://www.truecrypt.org/) which is Open > Source. This could be what I am looking for. Anyone use TrueCrypt? > > Joe > > On Sun, Apr 6, 2008 at 10:43 AM, Dan Cech > wrote: > > Joe Leo wrote: > > I am trying to research about using website/data encryption > methods or > approaches out there. Any tools that allows the web site data > & db to be > encrypted. I've read about HTML protector > (www.html-protector.com ) - Anyone > use this type of tool? > What are the open source tools that can do this - if any? What > are the > performance considerations? And, how would this type > of encrytion affect search engine rankings? > > > Joe, > > This is a fools errand, in order for a web browser to display your > page it must be able to download the html and assets (images, css, > etc). > > I took a quick look at 'html-protector' and was less than > impressed. The 'protection' consists of using javascript to write > the page from an obfuscated string. The 'password prompt' is > javascript also, and the password is present in the source. > > The cost of all this 'security'? The page is invisible to search > engines and won't work at all for people with javascript disabled. > > If you want to obfuscate your html you can certainly make it > (slightly) more difficult for people to 'Save Page As...', but the > html is always going to be out there. > > Dan > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From ramons at gmx.net Sun Apr 6 11:31:18 2008 From: ramons at gmx.net (David Krings) Date: Sun, 06 Apr 2008 11:31:18 -0400 Subject: [nycphp-talk] Website Data Encryption tools In-Reply-To: <799abcd40804060817i763c2b3dq21442ea84a8e5fe0@mail.gmail.com> References: <799abcd40804060715i2b622785obcde7d94321b9c16@mail.gmail.com> <47F8E1A7.9010605@phpwerx.net> <799abcd40804060817i763c2b3dq21442ea84a8e5fe0@mail.gmail.com> Message-ID: <47F8ECC6.3080004@gmx.net> Joe Leo wrote: > Hi Dan, > > Thanks for your reply and comments.... I am not so much looking to have > data encrypted from the user. But, encryption on the "server side".... > For example, I want to be able to > encrypt a web site folder and DB and upload to my hosting provider and > know the data is > safe but will continue to serve users as normal. > > I just read about TrueCrypt (http://www.truecrypt.org/) which is Open > Source. This could be what I am looking for. Anyone use TrueCrypt? Well, you could wrap everything into PHP and use one of these PHP obfuscators. I haven't heard about encrypting the entire database, but you can for sure put some encryption on some fields (I wouldn't bother with an autoinc field). Still, I wonder why you want to do that? Do you distrust your hosting company that much? In that case I'd look for a different provider. David From danielc at analysisandsolutions.com Sun Apr 6 11:46:51 2008 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sun, 6 Apr 2008 11:46:51 -0400 Subject: [nycphp-talk] Website Data Encryption tools In-Reply-To: <799abcd40804060715i2b622785obcde7d94321b9c16@mail.gmail.com> References: <799abcd40804060715i2b622785obcde7d94321b9c16@mail.gmail.com> Message-ID: <20080406154651.GA24184@panix.com> Joe: On Sun, Apr 06, 2008 at 10:15:34AM -0400, Joe Leo wrote: > > I am trying to research about using website/data encryption methods What are you trying to protect and who are you protecting it against? --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From ereyes at totalcreations.com Sun Apr 6 12:05:50 2008 From: ereyes at totalcreations.com (Edgar Reyes) Date: Sun, 06 Apr 2008 12:05:50 -0400 Subject: [nycphp-talk] CMS - Estimating Hours In-Reply-To: <47F82AF7.9020405@nopersonal.info> References: <1206738614.27142@coral.he.net> <47EDEBB2.9090408@nopersonal.info> <47F7E9F1.60101@nopersonal.info> <47F82AF7.9020405@nopersonal.info> Message-ID: <010501c89800$158f8b90$ae00a8c0@ERTop> Have you seen this CMS http://www.modxcms.com/ I've used it a few times, I like it. ER -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of BAS Sent: Saturday, April 05, 2008 9:44 PM To: NYPHP Talk Subject: Re: [nycphp-talk] CMS - Estimating Hours Josh McCormack wrote: > I'd recommend finding some experienced person/agency to review your > plans and work as you go along, answering questions and keeping you > from making big mistakes. Maybe 5 hours a week. > > My company does Drupal dev and would do this, but I'm just trying to > help, not pitch. So ask around, go to the local group meetings, etc > and try to find someone to help you have a easier time. Hi Josh, That's certainly something I'll keep in mind, but I think I'll be okay in the long run. It's inevitable that I'll make some mistakes, but I've always learned the most when doing so (and I hope the folks here will be kind enough to help me if I get completely stuck). I padded my estimated hours by about 20% to account for unforeseen issues, so (hopefully) that should give me sufficient wiggle room. I have no problem working additional non-billable hours on my own time for the sake of learning. I'm hoping to be able to make it to the upcoming April 21st presentation and meet up with some of the locals. Regards, Bev _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From joeleo724 at gmail.com Sun Apr 6 12:29:54 2008 From: joeleo724 at gmail.com (Joe Leo) Date: Sun, 6 Apr 2008 12:29:54 -0400 Subject: [nycphp-talk] Website Data Encryption tools In-Reply-To: <20080406154651.GA24184@panix.com> References: <799abcd40804060715i2b622785obcde7d94321b9c16@mail.gmail.com> <20080406154651.GA24184@panix.com> Message-ID: <799abcd40804060929s121b05nca60c863c4d9541@mail.gmail.com> > > Well, you could wrap everything into PHP and use one of these PHP > obfuscators. Well, I am not much of a php/programmer and don't know how and what it means to "wrap everything into php". Still, I wonder why you want to do that? Do you distrust your hosting > company that much? In that case I'd look for a different provider. Well, I am just looking into a solutions to encrypt data. The question as to why I would want to do that is not the question - But, thanks for asking. What are you trying to protect and who are you protecting it against? I'm looking to protect data/information that could be the software code and/or customer's client info.. Protection should be from anyone who does not need to have access to the website data or the DB... Of course, data will be shown to users (web client) who has been given access to view this data from the application. What I am interested in is to find the most effective and most secure way to upload my website & db to remote host and the data is fully protected by encryption. I will look into the ionCube suggested earlier - Though this seems to be a PHP only base solution. From what I gather, a product like TrueCrypt could be better as I can encrypt an entire volume or folder and it's done - Regardless of type of code or application that exist or being encrypted. I know many software type companies package there software where either partially or fully the code is encrypted and protected. This is the similar type of solution I guess I am looking for. joe On Sun, Apr 6, 2008 at 11:46 AM, Daniel Convissor < danielc at analysisandsolutions.com> wrote: > Joe: > > On Sun, Apr 06, 2008 at 10:15:34AM -0400, Joe Leo wrote: > > > > I am trying to research about using website/data encryption methods > > What are you trying to protect and who are you protecting it against? > > --Dan > > -- > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > data intensive web and database programming > http://www.AnalysisAndSolutions.com/ > 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rolan at omnistep.com Sun Apr 6 14:28:14 2008 From: rolan at omnistep.com (Rolan Yang) Date: Sun, 06 Apr 2008 14:28:14 -0400 Subject: [nycphp-talk] Website Data Encryption tools In-Reply-To: <799abcd40804060929s121b05nca60c863c4d9541@mail.gmail.com> References: <799abcd40804060715i2b622785obcde7d94321b9c16@mail.gmail.com> <20080406154651.GA24184@panix.com> <799abcd40804060929s121b05nca60c863c4d9541@mail.gmail.com> Message-ID: <47F9163E.2080301@omnistep.com> Joe Leo wrote: > > > Still, I wonder why you want to do that? Do you distrust your > hosting company that much? In that case I'd look for a different > provider. > > > Well, I am just looking into a solutions to encrypt data. The question > as to why I would want to do that is not the question - But, thanks > for asking. > > What are you trying to protect and who are you protecting it against? > > > I'm looking to protect data/information that could be the software > code and/or customer's client info.. Protection should be from anyone > who does not need to have access to the website data or the DB... Of > course, data will be shown to users (web client) who has been given > access to view this data from the application. > > What I am interested in is to find the most effective and most secure > way to upload my website & db to remote host and the data is fully > protected by encryption. > > I will look into the ionCube suggested earlier - Though this seems to > be a PHP only base solution. From what I gather, a product like > TrueCrypt could be better as I can encrypt an entire volume or folder > and it's done - Regardless of type of code or application that exist > or being encrypted. > I think there's a little bit of shortsightedness going on here. If any reasonable security is to be expected, the entire system from start to finish must be evaluated. How much security do you expect? Who and what do you trust to be secure? Is your development PC secure? Could it be loaded with spyware that is sending your keystrokes off to the bad guys? Do you trust the guy/girl standing behind you looking over your shoulder? Do you trust the web host that manages your website's server? How about the server monkey managing the nightly backups? Or the hacker on your shared web host running the sniffer? Or the 13 year old from Hungary secretly running irc proxies on your dedicated host? Or the NSA's tap at AT&T's networks? Could your client/customer's PC be infected with spyware? Could their neighbor be running a man-in-the-middle attack on the wireless network? How about the guy physically standing behind him, or perhaps the nosy wife digging through her husbands Gmail account? My point here is that there are so many points at which the security of data could be compromised. Dan's question is extremely relevant and should be examined thoroughly if the true objective is to implement data security. Unfortunately, for most people (including our government), the perception of security takes priority over actual security. Slapping an official looking "seal of security" gif on to the bottom of the web order form and maybe prepending "https" to the URL (regardless of what's running under the hood!) is often sufficient for the general population. ~Rolan From danielc at analysisandsolutions.com Sun Apr 6 13:38:35 2008 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sun, 6 Apr 2008 13:38:35 -0400 Subject: [nycphp-talk] Website Data Encryption tools In-Reply-To: <799abcd40804060929s121b05nca60c863c4d9541@mail.gmail.com> References: <799abcd40804060715i2b622785obcde7d94321b9c16@mail.gmail.com> <20080406154651.GA24184@panix.com> <799abcd40804060929s121b05nca60c863c4d9541@mail.gmail.com> Message-ID: <20080406173835.GA8424@panix.com> Hi Joe: > I'm looking to protect data/information that could be the software code > and/or customer's client info.. Protection should be from anyone who does > not need to have access to the website data or the DB. This is done by protecting access to the servers. Encrypting the information is pointless because the data needs to be decrypted in order to be served to the viewers. So, for example, you're talking about using TrueCrypt. While that's a great tool, it doesn't accomplish anything for your purposes, because the volume will have to be mounted (decrypted) in order to serve it. Once the volume is mounted, anyone with access to the server can read it. If you're thinking of dynamically decrypting scripts, data, etc, on the fly, you'll need to have the keys and passwords stored on the server. Therefore anyone can use those to decrypt the stuff too. It all comes down to server security. This includes things like using encrypted means to access the machine and move files to/from it (SSH, SFTP, etc), keeping the software up to date, running firewalls, etc. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From ramons at gmx.net Sun Apr 6 17:09:28 2008 From: ramons at gmx.net (David Krings) Date: Sun, 06 Apr 2008 17:09:28 -0400 Subject: [nycphp-talk] Website Data Encryption tools In-Reply-To: <799abcd40804060929s121b05nca60c863c4d9541@mail.gmail.com> References: <799abcd40804060715i2b622785obcde7d94321b9c16@mail.gmail.com> <20080406154651.GA24184@panix.com> <799abcd40804060929s121b05nca60c863c4d9541@mail.gmail.com> Message-ID: <47F93C08.3090405@gmx.net> Joe Leo wrote: > Well, you could wrap everything into PHP and use one of these PHP > obfuscators. > > Well, I am not much of a php/programmer and don't know how and what it > means to "wrap everything into php". I mean that you need to use PHP to output static page content if you want to encode / obfuscate everything. > Still, I wonder why you want to do that? Do you distrust your > hosting company that much? In that case I'd look for a different > provider. > > > Well, I am just looking into a solutions to encrypt data. The question > as to why I would want to do that is not the question - But, thanks for > asking. Well, the reason for me asking is that there may be a better approach than taking the big hammer. I speak from experience as I often use(d) the big hammer and everything was a nail. > What are you trying to protect and who are you protecting it against? > > I'm looking to protect data/information that could be the software code > and/or customer's client info.. Protection should be from anyone who > does not need to have access to the website data or the DB... Of course, > data will be shown to users (web client) who has been given access to > view this data from the application. So who is your hoster? Every thought about self-hosting or having the customer run the server? Any chance that this might work via intranet rather than internet, because then you probably want to add SSL to the pages. I do not know if that is difficult to do. But keep in mind, anything that is accessible via internet is not what I'd consider entirely secure. I don't see why you need to protect the software code. PHP is server side only and the client doesn't see anything from your PHP code. And yes, it is assumed that legitimate users are allowed to see information, otherwise the whole setup would be quite pointless. > What I am interested in is to find the most effective and most secure > way to upload my website & db to remote host and the data is fully > protected by encryption. As mentioned above, hosting something offsite and have it be available through the internet is IMHO not secure. Taking stuff can be made more difficult, but most secure....well, I leave that up to the experts, but I have my doubts - see Hannaford, TJX, etc. > I will look into the ionCube suggested earlier - Though this seems to be > a PHP only base solution. From what I gather, a product like TrueCrypt > could be better as I can encrypt an entire volume or folder and it's > done - Regardless of type of code or application that exist or being > encrypted. Again, comes down to the hosting service that you have. Do you have that much access and rights to the server that you can just go ahead and run services that encrypt and decrypt entire folders? > > I know many software type companies package there software where either > partially or fully the code is encrypted and protected. This is the > similar type of solution I guess I am looking for. Nah, most companies distribute binaries that make it difficult enough for people like me to re-engineer the code. But look at the open source security applications. Their code is freely available. Security through obscurity is one of the worst approaches. I don't want to rain on your parade, but taking into account that you are "not much of a php/programmer" you may want to take a step back and think this over if that application is indeed that critical and demands such secrecy that code and database have to be encrypted. I play around with PHP for about five years now and I don't think that I'd be capable of writing a secure application. I'm not saying that you are not capable of that, but I have the impression that you think slapping some encryption onto something makes it secure. I am also wondering a bit about your statement that you want "to find the most effective and most secure way to upload my website & db to remote host". So are you worried about encryption during uploading or about encryption while executing the scripts on the server and serving up content - or both? What other security measures did you include? Kaptchas? Multiple time-limited passwords? Multiple access levels? Effective session management to kick people out of the system after a few minutes of inactivity? Or even other means such as biometrics as identification? Your own certificate? Also, does it have to be a web client? I'd guess there are way more and way better means to encrypt data when working with fat clients. Also, which database engine do you plan to use? Does that database engine have means to encrypt entire tables or data sets? And what do you do for client security? There is not much gained when your server is like Fort Knox, but the users can access the application from any client on any network and then do so from theit favourite internet cafe, leaving the PC unattended while getting another beer. So you want to at least restrict the IP address (ranges) that are allowed to get even to the login page. Sorry for asking that many questions, but I think those and many more questions need to be asked and sufficiently answered. David From joeleo724 at gmail.com Sun Apr 6 19:12:25 2008 From: joeleo724 at gmail.com (Joe Leo) Date: Sun, 6 Apr 2008 19:12:25 -0400 Subject: [nycphp-talk] Website Data Encryption tools In-Reply-To: <47F93C08.3090405@gmx.net> References: <799abcd40804060715i2b622785obcde7d94321b9c16@mail.gmail.com> <20080406154651.GA24184@panix.com> <799abcd40804060929s121b05nca60c863c4d9541@mail.gmail.com> <47F93C08.3090405@gmx.net> Message-ID: <799abcd40804061612u5d5193ffo45a01e417d0dcf12@mail.gmail.com> Wow, I really appreciate the feedback and some of the many comments i am getting to my original question. I ask my original question not so much I have some secrecy of any kind of application. As I mentioned, I'm not much of a programmer in practice. I'm just getting interest in the encryption technology as a whole and since I have not really used any of them I wanted to get an idea how effective they are. Now the feedback with the questions and comments I am getting are good, in that, they make me think why would I use it and to achieve what purpose. What I've been hoping to gain from asking my question is then why & when to use such encryption tool - especially, when hosting your data remotely by a hosting provider. My thought is if encryption techniques like TrueCrypt works - Why not use it regardless who is your hosting provider. Or, having to consider questions like who you trying to protect data from. I mean, when you buy a nice bran new expensive car you have a key to lock the doors and some go further to put in a car alarm or car tracking device. Who you're trying to prevent from stealing your car is no brainer question to consider - IMO. One knows that locking the door and/or having a car alarm is a deterrent - Though not 100% guaranteed. Maybe my example is not the best but just trying to raise a point. In my question to deploy some encryption on my data would (help) minimize people stealing private data - Why not use it, especially if there's not much performance penalty. David, regarding you comments below: > So are you worried about encryption during uploading or about encryption > while executing the scripts on the server and serving up content - or both? > What other security measures did you include? You've hit the right questions I am looking to understand. The answer is both. From what I understand about a tool like TrueCrypt I can encrypt say my webfolder (web site) and upload it to my hosting provider. And, what I am trying to understand is can the encrypted data remain encrypted and still serve content. Or, once I upload the encrypted data must I need to decrypt it to serve the content? I am not concern about data being encrypted out to the users browser. SSL takes care of that - right? So, if it is that I can encrypt and it remains encrypt while serving content then this is not a bad solution. And, of course one can take other measures like ssh to the server to actually keep access to it secure. joe On Sun, Apr 6, 2008 at 5:09 PM, David Krings wrote: > Joe Leo wrote: > > > Well, you could wrap everything into PHP and use one of these PHP > > obfuscators. > > > > Well, I am not much of a php/programmer and don't know how and what it > > means to "wrap everything into php". > > > > I mean that you need to use PHP to output static page content if you want > to encode / obfuscate everything. > > Still, I wonder why you want to do that? Do you distrust your > > hosting company that much? In that case I'd look for a different > > provider. > > > > > > Well, I am just looking into a solutions to encrypt data. The question > > as to why I would want to do that is not the question - But, thanks for > > asking. > > > > Well, the reason for me asking is that there may be a better approach than > taking the big hammer. I speak from experience as I often use(d) the big > hammer and everything was a nail. > > > What are you trying to protect and who are you protecting it against? > > > > I'm looking to protect data/information that could be the software code > > and/or customer's client info.. Protection should be from anyone who does > > not need to have access to the website data or the DB... Of course, data > > will be shown to users (web client) who has been given access to view this > > data from the application. > > > > So who is your hoster? Every thought about self-hosting or having the > customer run the server? Any chance that this might work via intranet rather > than internet, because then you probably want to add SSL to the pages. I do > not know if that is difficult to do. But keep in mind, anything that is > accessible via internet is not what I'd consider entirely secure. > I don't see why you need to protect the software code. PHP is server side > only and the client doesn't see anything from your PHP code. > And yes, it is assumed that legitimate users are allowed to see > information, otherwise the whole setup would be quite pointless. > > What I am interested in is to find the most effective and most secure way > > to upload my website & db to remote host and the data is fully protected by > > encryption. > > > > As mentioned above, hosting something offsite and have it be available > through the internet is IMHO not secure. Taking stuff can be made more > difficult, but most secure....well, I leave that up to the experts, but I > have my doubts - see Hannaford, TJX, etc. > > I will look into the ionCube suggested earlier - Though this seems to be > > a PHP only base solution. From what I gather, a product like TrueCrypt could > > be better as I can encrypt an entire volume or folder and it's done - > > Regardless of type of code or application that exist or being encrypted. > > > > Again, comes down to the hosting service that you have. Do you have that > much access and rights to the server that you can just go ahead and run > services that encrypt and decrypt entire folders? > > > > I know many software type companies package there software where either > > partially or fully the code is encrypted and protected. This is the similar > > type of solution I guess I am looking for. > > > > Nah, most companies distribute binaries that make it difficult enough for > people like me to re-engineer the code. But look at the open source security > applications. Their code is freely available. Security through obscurity is > one of the worst approaches. > > I don't want to rain on your parade, but taking into account that you are > "not much of a php/programmer" you may want to take a step back and think > this over if that application is indeed that critical and demands such > secrecy that code and database have to be encrypted. I play around with PHP > for about five years now and I don't think that I'd be capable of writing a > secure application. I'm not saying that you are not capable of that, but I > have the impression that you think slapping some encryption onto something > makes it secure. > I am also wondering a bit about your statement that you want "to find the > most effective and most secure way to upload my website & db to remote > host". So are you worried about encryption during uploading or about > encryption while executing the scripts on the server and serving up content > - or both? What other security measures did you include? Kaptchas? Multiple > time-limited passwords? Multiple access levels? Effective session management > to kick people out of the system after a few minutes of inactivity? Or even > other means such as biometrics as identification? Your own certificate? > Also, does it have to be a web client? I'd guess there are way more and > way better means to encrypt data when working with fat clients. Also, which > database engine do you plan to use? Does that database engine have means to > encrypt entire tables or data sets? > And what do you do for client security? There is not much gained when your > server is like Fort Knox, but the users can access the application from any > client on any network and then do so from theit favourite internet cafe, > leaving the PC unattended while getting another beer. So you want to at > least restrict the IP address (ranges) that are allowed to get even to the > login page. > > Sorry for asking that many questions, but I think those and many more > questions need to be asked and sufficiently answered. > > David > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at nopersonal.info Sun Apr 6 20:00:31 2008 From: lists at nopersonal.info (BAS) Date: Sun, 06 Apr 2008 20:00:31 -0400 Subject: [nycphp-talk] CMS - Estimating Hours In-Reply-To: <010501c89800$158f8b90$ae00a8c0@ERTop> References: <1206738614.27142@coral.he.net> <47EDEBB2.9090408@nopersonal.info> <47F7E9F1.60101@nopersonal.info> <47F82AF7.9020405@nopersonal.info> <010501c89800$158f8b90$ae00a8c0@ERTop> Message-ID: <47F9641F.2010404@nopersonal.info> Edgar Reyes wrote: > Have you seen this CMS http://www.modxcms.com/ I've used it a few times, I > like it. No, I haven't seen it, but I'll check it out. Thanks, Edgar. From joeleo724 at gmail.com Sun Apr 6 20:14:34 2008 From: joeleo724 at gmail.com (Joe Leo) Date: Sun, 6 Apr 2008 20:14:34 -0400 Subject: [nycphp-talk] Website Data Encryption tools In-Reply-To: <799abcd40804061612u5d5193ffo45a01e417d0dcf12@mail.gmail.com> References: <799abcd40804060715i2b622785obcde7d94321b9c16@mail.gmail.com> <20080406154651.GA24184@panix.com> <799abcd40804060929s121b05nca60c863c4d9541@mail.gmail.com> <47F93C08.3090405@gmx.net> <799abcd40804061612u5d5193ffo45a01e417d0dcf12@mail.gmail.com> Message-ID: <799abcd40804061714qc717d52jfe5693bcd0f3092e@mail.gmail.com> Here's another thought I wonder about encryption technology. Could one day encryption technology replace the need for firewalls - either partially or all together. Forget about those security policies, is my firewall configured right, applying security patches & hardening the OS, etc... If one can just encrypt there entire drive or the data needed to be protected by encryption - Why need a fw if the data is garbled and useless to those who can't decrypt it. Of course fw plays other roles but from a pure "protect my data from the unwanted" to me encryption may solve that. Just a thought! Joe On Sun, Apr 6, 2008 at 7:12 PM, Joe Leo wrote: > Wow, I really appreciate the feedback and some of the many comments i am > getting to my original question. I ask my original question not so much I > have some secrecy of any kind of application. As I mentioned, I'm not much > of a programmer in practice. I'm just getting interest in the encryption > technology as a whole and since I have not really used any of them I wanted > to get an idea how effective they are. > > Now the feedback with the questions and comments I am getting are good, in > that, they make me think why would I use it and to achieve what purpose. > What I've been hoping to gain from asking my question is then why & when to > use such encryption tool - especially, when hosting your data remotely by a > hosting provider. > > My thought is if encryption techniques like TrueCrypt works - Why not use > it regardless who is your hosting provider. Or, having to consider questions > like who you trying to protect data from. I mean, when you buy a nice bran > new expensive car you have a key to lock the doors and some go further to > put in a car alarm or car tracking device. Who you're trying to prevent from > stealing your car is no brainer question to consider - IMO. One knows that > locking the door and/or having a car alarm is a deterrent - Though not 100% > guaranteed. Maybe my example is not the best but just trying to raise a > point. > > In my question to deploy some encryption on my data would (help) minimize > people stealing private data - Why not use it, especially if there's not > much performance penalty. > > David, regarding you comments below: > > > So are you worried about encryption during uploading or about encryption > > while executing the scripts on the server and serving up content - or both? > > What other security measures did you include? > > > You've hit the right questions I am looking to understand. The answer is > both. From what I understand about a tool like TrueCrypt I can encrypt say > my webfolder (web site) and upload it to my hosting provider. And, what I am > trying to understand is can the encrypted data remain encrypted and still > serve content. Or, once I upload the encrypted data must I need to decrypt > it to serve the content? I am not concern about data being encrypted out to > the users browser. SSL takes care of that - right? So, if it is that I can > encrypt and it remains encrypt while serving content then this is not a bad > solution. And, of course one can take other measures like ssh to the server > to actually keep access to it secure. > > joe > > > > > > > > > > > > On Sun, Apr 6, 2008 at 5:09 PM, David Krings wrote: > > > Joe Leo wrote: > > > > > Well, you could wrap everything into PHP and use one of these PHP > > > obfuscators. > > > > > > Well, I am not much of a php/programmer and don't know how and what it > > > means to "wrap everything into php". > > > > > > > I mean that you need to use PHP to output static page content if you > > want to encode / obfuscate everything. > > > > Still, I wonder why you want to do that? Do you distrust your > > > hosting company that much? In that case I'd look for a different > > > provider. > > > > > > > > > Well, I am just looking into a solutions to encrypt data. The question > > > as to why I would want to do that is not the question - But, thanks for > > > asking. > > > > > > > Well, the reason for me asking is that there may be a better approach > > than taking the big hammer. I speak from experience as I often use(d) the > > big hammer and everything was a nail. > > > > > > What are you trying to protect and who are you protecting it > > > against? > > > > > > I'm looking to protect data/information that could be the software > > > code and/or customer's client info.. Protection should be from anyone who > > > does not need to have access to the website data or the DB... Of course, > > > data will be shown to users (web client) who has been given access to view > > > this data from the application. > > > > > > > So who is your hoster? Every thought about self-hosting or having the > > customer run the server? Any chance that this might work via intranet rather > > than internet, because then you probably want to add SSL to the pages. I do > > not know if that is difficult to do. But keep in mind, anything that is > > accessible via internet is not what I'd consider entirely secure. > > I don't see why you need to protect the software code. PHP is server > > side only and the client doesn't see anything from your PHP code. > > And yes, it is assumed that legitimate users are allowed to see > > information, otherwise the whole setup would be quite pointless. > > > > What I am interested in is to find the most effective and most secure > > > way to upload my website & db to remote host and the data is fully protected > > > by encryption. > > > > > > > As mentioned above, hosting something offsite and have it be available > > through the internet is IMHO not secure. Taking stuff can be made more > > difficult, but most secure....well, I leave that up to the experts, but I > > have my doubts - see Hannaford, TJX, etc. > > > > I will look into the ionCube suggested earlier - Though this seems to > > > be a PHP only base solution. From what I gather, a product like TrueCrypt > > > could be better as I can encrypt an entire volume or folder and it's done - > > > Regardless of type of code or application that exist or being encrypted. > > > > > > > Again, comes down to the hosting service that you have. Do you have that > > much access and rights to the server that you can just go ahead and run > > services that encrypt and decrypt entire folders? > > > > > > > I know many software type companies package there software where > > > either partially or fully the code is encrypted and protected. This is the > > > similar type of solution I guess I am looking for. > > > > > > > Nah, most companies distribute binaries that make it difficult enough > > for people like me to re-engineer the code. But look at the open source > > security applications. Their code is freely available. Security through > > obscurity is one of the worst approaches. > > > > I don't want to rain on your parade, but taking into account that you > > are "not much of a php/programmer" you may want to take a step back and > > think this over if that application is indeed that critical and demands such > > secrecy that code and database have to be encrypted. I play around with PHP > > for about five years now and I don't think that I'd be capable of writing a > > secure application. I'm not saying that you are not capable of that, but I > > have the impression that you think slapping some encryption onto something > > makes it secure. > > I am also wondering a bit about your statement that you want "to find > > the most effective and most secure way to upload my website & db to remote > > host". So are you worried about encryption during uploading or about > > encryption while executing the scripts on the server and serving up content > > - or both? What other security measures did you include? Kaptchas? Multiple > > time-limited passwords? Multiple access levels? Effective session management > > to kick people out of the system after a few minutes of inactivity? Or even > > other means such as biometrics as identification? Your own certificate? > > Also, does it have to be a web client? I'd guess there are way more and > > way better means to encrypt data when working with fat clients. Also, which > > database engine do you plan to use? Does that database engine have means to > > encrypt entire tables or data sets? > > And what do you do for client security? There is not much gained when > > your server is like Fort Knox, but the users can access the application from > > any client on any network and then do so from theit favourite internet cafe, > > leaving the PC unattended while getting another beer. So you want to at > > least restrict the IP address (ranges) that are allowed to get even to the > > login page. > > > > Sorry for asking that many questions, but I think those and many more > > questions need to be asked and sufficiently answered. > > > > David > > > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tim_lists at o2group.com Sun Apr 6 20:33:08 2008 From: tim_lists at o2group.com (Tim Lieberman) Date: Sun, 06 Apr 2008 18:33:08 -0600 Subject: [nycphp-talk] Website Data Encryption tools In-Reply-To: <799abcd40804061612u5d5193ffo45a01e417d0dcf12@mail.gmail.com> References: <799abcd40804060715i2b622785obcde7d94321b9c16@mail.gmail.com> <20080406154651.GA24184@panix.com> <799abcd40804060929s121b05nca60c863c4d9541@mail.gmail.com> <47F93C08.3090405@gmx.net> <799abcd40804061612u5d5193ffo45a01e417d0dcf12@mail.gmail.com> Message-ID: <47F96BC4.1090409@o2group.com> Joe Leo wrote: > You've hit the right questions I am looking to understand. The answer > is both. From what I understand about a tool like TrueCrypt I can > encrypt say my webfolder (web site) and upload it to my hosting > provider. And, what I am trying to understand is can the encrypted > data remain encrypted and still serve content. Or, once I upload the > encrypted data must I need to decrypt it to serve the content? I am > not concern about data being encrypted out to the users browser. SSL > takes care of that - right? So, if it is that I can encrypt and it > remains encrypt while serving content then this is not a bad solution. > And, of course one can take other measures like ssh to the server to > actually keep access to it secure. In 99% of cases, there's no real argument for storing data on the server in an encrypted state. This is because if your host security is compromised, the cracker will have your encryption keys as well as your encryption data. Communicating with server (Administration, Uploading files, etc): SSH/SFTP. Data On The Server: Usually there is no good argument for encrypting it. If you're going to be serving it to anyone, you'll need to decrypt it on the way out, so they can read it. If the server can decrypt it, anyone who compromises the server can decrypt it, so it's useless and a waste of resources. Server Communicating with Clients: use SSL. The exception case: You have a small group of users, to whom you want to make available some very secret data. You don't want to do any processing of the data on the server. You just want to upload an encrypted file, and have them download it (still encrypted). This of course implies that you've somehow securely distributed the decryption key to your users. This case almost never happens. You'd be better off having your users generate GPG key pairs, send you the public key. You encrypt for each user and send via email or any other method. By leveraging public-key cryptography, you avoid the need to securely communicate any keys. As others have implied, it would be a lot easier to answer your queries if we knew more specifics about what kind of data (and what kind of operations on that data) you're talking about. But in almost every case, encrypting things on the server just chews up server resources while providing exactly zero protection. -Tim From tim_lists at o2group.com Sun Apr 6 20:41:31 2008 From: tim_lists at o2group.com (Tim Lieberman) Date: Sun, 06 Apr 2008 18:41:31 -0600 Subject: [nycphp-talk] Website Data Encryption tools In-Reply-To: <799abcd40804061714qc717d52jfe5693bcd0f3092e@mail.gmail.com> References: <799abcd40804060715i2b622785obcde7d94321b9c16@mail.gmail.com> <20080406154651.GA24184@panix.com> <799abcd40804060929s121b05nca60c863c4d9541@mail.gmail.com> <47F93C08.3090405@gmx.net> <799abcd40804061612u5d5193ffo45a01e417d0dcf12@mail.gmail.com> <799abcd40804061714qc717d52jfe5693bcd0f3092e@mail.gmail.com> Message-ID: <47F96DBB.8020202@o2group.com> Sure, as I mentioned in part of my last email, in some (few) cases this is fine. That case is this: - I Have a bunch of secret data, in a file called "secrets.zip". - I encrypt that data with some strong encryption mechanism. - I post that file on http://www.example.com/secrets.zip.gpg -- it is world readable. - I meet you in a dark alley, we exchange a secret handshake and password. I hand you a thumb drive with the encryption key for the data. (repeat for each person i want to give the key to) - You go download the data and decrypt it. This is only marginally better than me giving you the data itself on the thumb drive, as it saves me future trips to the scary alley. If we use public-key cryptography, we can do away with the meeting in the alley, though then I'd have to make a version of the encrypted file for each recipient. Firewalls are always going to be a fact of life, though they aren't really necessary in any way relevant to the above scenario. Well, at least for the server that's serving the files.. Of course, if your machine where you're doing the decrypting is compromised, then the hacker gets your key. Then they can go download the data from anywhere and decrypt at will. At the end of the day, encrypted data is useless unless at some point it gets decrypted. Any machine that will do the decryption (and therefore, even momentarily, hold a copy of the key and/or the unencrypted data) needs to be suitably secured. A machine that's *only* purpose is to hold the data in encrypted form you could probably care less about. Unless it's the ONLY place where the data is stored, in which case a malicious individual could destroy your data, even if they can't steal it. -Tim Joe Leo wrote: > Here's another thought I wonder about encryption technology. Could one > day encryption technology replace the need for firewalls - either > partially or all together. Forget about those security policies, is my > firewall configured right, applying security patches & hardening the > OS, etc... If one can just encrypt there entire drive or the data > needed to be protected by encryption - Why need a fw if the data is > garbled and useless to those who can't decrypt it. Of course fw plays > other roles but from a pure "protect my data from the unwanted" to me > encryption may solve that. Just a thought! > > Joe > > On Sun, Apr 6, 2008 at 7:12 PM, Joe Leo > wrote: > > Wow, I really appreciate the feedback and some of the many > comments i am getting to my original question. I ask my original > question not so much I have some secrecy of any kind of > application. As I mentioned, I'm not much of a programmer in > practice. I'm just getting interest in the encryption technology > as a whole and since I have not really used any of them I wanted > to get an idea how effective they are. > > Now the feedback with the questions and comments I am getting are > good, in that, they make me think why would I use it and to > achieve what purpose. What I've been hoping to gain from asking my > question is then why & when to use such encryption tool - > especially, when hosting your data remotely by a hosting provider. > > My thought is if encryption techniques like TrueCrypt works - Why > not use it regardless who is your hosting provider. Or, having to > consider questions like who you trying to protect data from. I > mean, when you buy a nice bran new expensive car you have a key to > lock the doors and some go further to put in a car alarm or car > tracking device. Who you're trying to prevent from stealing your > car is no brainer question to consider - IMO. One knows that > locking the door and/or having a car alarm is a deterrent - Though > not 100% guaranteed. Maybe my example is not the best but just > trying to raise a point. > > In my question to deploy some encryption on my data would (help) > minimize people stealing private data - Why not use it, especially > if there's not much performance penalty. > > David, regarding you comments below: > > So are you worried about encryption during uploading or about > encryption while executing the scripts on the server and > serving up content - or both? What other security measures did > you include? > > > You've hit the right questions I am looking to understand. The > answer is both. From what I understand about a tool like TrueCrypt > I can encrypt say my webfolder (web site) and upload it to my > hosting provider. And, what I am trying to understand is can the > encrypted data remain encrypted and still serve content. Or, once > I upload the encrypted data must I need to decrypt it to serve the > content? I am not concern about data being encrypted out to the > users browser. SSL takes care of that - right? So, if it is that I > can encrypt and it remains encrypt while serving content then this > is not a bad solution. And, of course one can take other measures > like ssh to the server to actually keep access to it secure. > > joe > > > > > > > > > > > > On Sun, Apr 6, 2008 at 5:09 PM, David Krings > wrote: > > Joe Leo wrote: > > Well, you could wrap everything into PHP and use one of > these PHP > obfuscators. > > Well, I am not much of a php/programmer and don't know how > and what it means to "wrap everything into php". > > > I mean that you need to use PHP to output static page content > if you want to encode / obfuscate everything. > > > Still, I wonder why you want to do that? Do you > distrust your > hosting company that much? In that case I'd look for a > different > provider. > > > Well, I am just looking into a solutions to encrypt data. > The question as to why I would want to do that is not the > question - But, thanks for asking. > > > Well, the reason for me asking is that there may be a better > approach than taking the big hammer. I speak from experience > as I often use(d) the big hammer and everything was a nail. > > > > What are you trying to protect and who are you > protecting it against? > > I'm looking to protect data/information that could be the > software code and/or customer's client info.. Protection > should be from anyone who does not need to have access to > the website data or the DB... Of course, data will be > shown to users (web client) who has been given access to > view this data from the application. > > > So who is your hoster? Every thought about self-hosting or > having the customer run the server? Any chance that this might > work via intranet rather than internet, because then you > probably want to add SSL to the pages. I do not know if that > is difficult to do. But keep in mind, anything that is > accessible via internet is not what I'd consider entirely secure. > I don't see why you need to protect the software code. PHP is > server side only and the client doesn't see anything from your > PHP code. > And yes, it is assumed that legitimate users are allowed to > see information, otherwise the whole setup would be quite > pointless. > > > What I am interested in is to find the most effective and > most secure way to upload my website & db to remote host > and the data is fully protected by encryption. > > > As mentioned above, hosting something offsite and have it be > available through the internet is IMHO not secure. Taking > stuff can be made more difficult, but most secure....well, I > leave that up to the experts, but I have my doubts - see > Hannaford, TJX, etc. > > > I will look into the ionCube suggested earlier - Though > this seems to be a PHP only base solution. From what I > gather, a product like TrueCrypt could be better as I can > encrypt an entire volume or folder and it's done - > Regardless of type of code or application that exist or > being encrypted. > > > Again, comes down to the hosting service that you have. Do you > have that much access and rights to the server that you can > just go ahead and run services that encrypt and decrypt entire > folders? > > > > I know many software type companies package there software > where either partially or fully the code is encrypted and > protected. This is the similar type of solution I guess I > am looking for. > > > Nah, most companies distribute binaries that make it difficult > enough for people like me to re-engineer the code. But look at > the open source security applications. Their code is freely > available. Security through obscurity is one of the worst > approaches. > > I don't want to rain on your parade, but taking into account > that you are "not much of a php/programmer" you may want to > take a step back and think this over if that application is > indeed that critical and demands such secrecy that code and > database have to be encrypted. I play around with PHP for > about five years now and I don't think that I'd be capable of > writing a secure application. I'm not saying that you are not > capable of that, but I have the impression that you think > slapping some encryption onto something makes it secure. > I am also wondering a bit about your statement that you want > "to find the most effective and most secure way to upload my > website & db to remote host". So are you worried about > encryption during uploading or about encryption while > executing the scripts on the server and serving up content - > or both? What other security measures did you include? > Kaptchas? Multiple time-limited passwords? Multiple access > levels? Effective session management to kick people out of the > system after a few minutes of inactivity? Or even other means > such as biometrics as identification? Your own certificate? > Also, does it have to be a web client? I'd guess there are way > more and way better means to encrypt data when working with > fat clients. Also, which database engine do you plan to use? > Does that database engine have means to encrypt entire tables > or data sets? > And what do you do for client security? There is not much > gained when your server is like Fort Knox, but the users can > access the application from any client on any network and then > do so from theit favourite internet cafe, leaving the PC > unattended while getting another beer. So you want to at least > restrict the IP address (ranges) that are allowed to get even > to the login page. > > Sorry for asking that many questions, but I think those and > many more questions need to be asked and sufficiently answered. > > David > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From ramons at gmx.net Sun Apr 6 20:49:58 2008 From: ramons at gmx.net (David Krings) Date: Sun, 06 Apr 2008 20:49:58 -0400 Subject: [nycphp-talk] Website Data Encryption tools In-Reply-To: <799abcd40804061612u5d5193ffo45a01e417d0dcf12@mail.gmail.com> References: <799abcd40804060715i2b622785obcde7d94321b9c16@mail.gmail.com> <20080406154651.GA24184@panix.com> <799abcd40804060929s121b05nca60c863c4d9541@mail.gmail.com> <47F93C08.3090405@gmx.net> <799abcd40804061612u5d5193ffo45a01e417d0dcf12@mail.gmail.com> Message-ID: <47F96FB6.8040205@gmx.net> Joe Leo wrote: > Wow, I really appreciate the feedback and some of the many comments i am > getting to my original question. I ask my original question not so much > I have some secrecy of any kind of application. As I mentioned, I'm not > much of a programmer in practice. I'm just getting interest in the > encryption technology as a whole and since I have not really used any of > them I wanted to get an idea how effective they are. Ah, so you are not really creating a PHP application, but only want to inquire about encryption technologies? While that is a valid question to ask, you seemed to be asking more for an entire protection package, which encyption is only a small part from. I used to work for a company that makes electronic locks. A simple battery powered mortise lock starts at 1,000$. I once was asked by an IT services manager at a university which lock I recommend they put on the server room. I told him that it doesn't matter as long as the walls are made from sheet rock and one can just crawl in through the plenum anyway. The way I see it, the lock is the encryption piece you are looking for, but you don't ask about the fact that physical access to the server is easy and that someone even left a cart right next to it. If you want to learn about encryption technology I'd recommend a walk to the local library and take a look at what they got. After that a good question to ask is who on this list made use of encryption technologies. You may also want to contact the various encryption tool vendors, but be warned that they will mail you constantly their marketing garbage. I did that once because I wanted to get a free 512MB USB drive. VeriSign still owes me the drive, but they make sure that my recycling bin is full. > Now the feedback with the questions and comments I am getting are good, > in that, they make me think why would I use it and to achieve what > purpose. What I've been hoping to gain from asking my question is then > why & when to use such encryption tool - especially, when hosting your > data remotely by a hosting provider. Ah, ok, but repeating myself here, only looking at encryption when using 3rd party hosting is really not the right approach in my opinion. You also need to see that the database and the web server are not necessarily on the same system. And you look only at file encryption as it seems, you need to look at data transfer encryption as well, which is a different animal and depends on what the server and client is. When the client is a browser you likely will have less choice of what kind of encryption you can use. Also, I mentioned obfuscation earlier, which is not the same as encryption. And you need to ask if encryption is really necessary and if you can secure the systems by other means as effectively. > > My thought is if encryption techniques like TrueCrypt works - Why not > use it regardless who is your hosting provider. Or, having to consider > questions like who you trying to protect data from. I mean, when you buy > a nice bran new expensive car you have a key to lock the doors and some > go further to put in a car alarm or car tracking device. Who you're > trying to prevent from stealing your car is no brainer question to > consider - IMO. One knows that locking the door and/or having a car > alarm is a deterrent - Though not 100% guaranteed. Maybe my example is > not the best but just trying to raise a point. Well, encryption comes at a cost, the performance of the entire system will go down and that may require that you create parallel system(s) to handle the load. Things get really complicated then. Besides that, I always leave my car unlocked. Want to steal my crappy 29.99$ radio? Go right ahead. Gives me a reason to buy a better one. But please don't smash a window, which is way more expensive to replace. Or take the entire car and please don't have police find it. I have a cheap car that brings me from A to B. I just don't see the point in expensive cars who have big engines, are heavy and use excessive amounts of gas - but I guess that is not the point of this discussion. > In my question to deploy some encryption on my data would (help) > minimize people stealing private data - Why not use it, especially if > there's not much performance penalty. Why would encryption help when I can take the entire server and take my time decrypting the data? Or if I can use some off the shelf equipment from RadioShack and software off the web to capture and decipher the EMF from the client's mouse, keyboard and monitor? Tests have shown that one can read input and output this way from an office across the street. > > David, regarding you comments below: > > So are you worried about encryption during uploading or about > encryption while executing the scripts on the server and serving up > content - or both? What other security measures did you include? > > > You've hit the right questions I am looking to understand. The answer is > both. From what I understand about a tool like TrueCrypt I can encrypt > say my webfolder (web site) and upload it to my hosting provider. And, The way I understand it is that you can encrypt it once it is at your provider and need to decrypt it once you want to use it. At least that is what I got from the articles I read in the past, but I haven't read any more technical info about it. But uploading an encrypted folder requires that the hosting provider has servers that can decrypt the folder. Again, I don't think that file encryption is really the thing to look first at. > what I am trying to understand is can the encrypted data remain > encrypted and still serve content. Or, once I upload the encrypted data > must I need to decrypt it to serve the content? I am not concern about You need to decrypt it at some point, the latest is at the client, unless you find persons that can decrypt digital data on the fly. I don't think these persons exist. > data being encrypted out to the users browser. SSL takes care of that - > right? So, if it is that I can encrypt and it remains encrypt while > serving content then this is not a bad solution. And, of course one can > take other measures like ssh to the server to actually keep access to it > secure. i don't know what SSL takes care of, but I don't think that SSL is what is used for file encryption. As mentioned before data transfer encryption and file encryption are two different things. Say, you aren't writing some paper for the school that is due tomorrow, do you? David From joeleo724 at gmail.com Sun Apr 6 20:57:05 2008 From: joeleo724 at gmail.com (Joe Leo) Date: Sun, 6 Apr 2008 20:57:05 -0400 Subject: [nycphp-talk] Website Data Encryption tools In-Reply-To: <47F96BC4.1090409@o2group.com> References: <799abcd40804060715i2b622785obcde7d94321b9c16@mail.gmail.com> <20080406154651.GA24184@panix.com> <799abcd40804060929s121b05nca60c863c4d9541@mail.gmail.com> <47F93C08.3090405@gmx.net> <799abcd40804061612u5d5193ffo45a01e417d0dcf12@mail.gmail.com> <47F96BC4.1090409@o2group.com> Message-ID: <799abcd40804061757m2b1eaa84sd402a6493e4f928e@mail.gmail.com> Hi Tim, Thanks for your reply and comments. The comments so far from the list has enlightened me a lot on this topic. And, I thank all for there comments! The missing piece of info I guess I did not realize is that if I encrypt some drive or part of it like folders or some system volume that I had to have the decryption keys as part of it. I thought the keys was encrypted as well. And, the only time it could be decrypted is by me. So, If I wanted to modify and update the encrypted data I would then download it back to my machine and decrypt it and make whatever changes and upload it back to the server. While uploading and downloading the data it is already in encrypted form. And, my understanding was that new data that is saved/updated by users would be encrypted on the fly. Encrypted data that leaves the server would be decrypted BUT then with SSL only the user would see the requested data. This was my understanding of what tools like TrueCrypt does. So, I think I'm totally missing the point of the product. For questions/comments about what kind of data I need to protect is hard to answer as I don't have any specific data in mind. I'm more interested in understanding the technology - regardless of data. But, to try and answer that I would say any kind of typical web based application - but nothing specific. Joe On Sun, Apr 6, 2008 at 8:33 PM, Tim Lieberman wrote: > Joe Leo wrote: > > > You've hit the right questions I am looking to understand. The answer is > > both. From what I understand about a tool like TrueCrypt I can encrypt say > > my webfolder (web site) and upload it to my hosting provider. And, what I am > > trying to understand is can the encrypted data remain encrypted and still > > serve content. Or, once I upload the encrypted data must I need to decrypt > > it to serve the content? I am not concern about data being encrypted out to > > the users browser. SSL takes care of that - right? So, if it is that I can > > encrypt and it remains encrypt while serving content then this is not a bad > > solution. And, of course one can take other measures like ssh to the server > > to actually keep access to it secure. > > > In 99% of cases, there's no real argument for storing data on the server > in an encrypted state. This is because if your host security is > compromised, the cracker will have your encryption keys as well as your > encryption data. > > Communicating with server (Administration, Uploading files, etc): > SSH/SFTP. > Data On The Server: Usually there is no good argument for encrypting it. > If you're going to be serving it to anyone, you'll need to decrypt it on > the way out, so they can read it. If the server can decrypt it, anyone who > compromises the server can decrypt it, so it's useless and a waste of > resources. > > Server Communicating with Clients: use SSL. > > > The exception case: You have a small group of users, to whom you want to > make available some very secret data. You don't want to do any processing > of the data on the server. You just want to upload an encrypted file, and > have them download it (still encrypted). This of course implies that you've > somehow securely distributed the decryption key to your users. This case > almost never happens. You'd be better off having your users generate GPG > key pairs, send you the public key. You encrypt for each user and send via > email or any other method. By leveraging public-key cryptography, you avoid > the need to securely communicate any keys. > > As others have implied, it would be a lot easier to answer your queries if > we knew more specifics about what kind of data (and what kind of operations > on that data) you're talking about. > > But in almost every case, encrypting things on the server just chews up > server resources while providing exactly zero protection. > > -Tim > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tim_lists at o2group.com Sun Apr 6 21:23:38 2008 From: tim_lists at o2group.com (Tim Lieberman) Date: Sun, 06 Apr 2008 19:23:38 -0600 Subject: [nycphp-talk] Website Data Encryption tools In-Reply-To: <799abcd40804061757m2b1eaa84sd402a6493e4f928e@mail.gmail.com> References: <799abcd40804060715i2b622785obcde7d94321b9c16@mail.gmail.com> <20080406154651.GA24184@panix.com> <799abcd40804060929s121b05nca60c863c4d9541@mail.gmail.com> <47F93C08.3090405@gmx.net> <799abcd40804061612u5d5193ffo45a01e417d0dcf12@mail.gmail.com> <47F96BC4.1090409@o2group.com> <799abcd40804061757m2b1eaa84sd402a6493e4f928e@mail.gmail.com> Message-ID: <47F9779A.4000604@o2group.com> Joe Leo wrote: > The missing piece of info I guess I did not realize is that if I > encrypt some drive or part of it like folders or some system volume > that I had to have the decryption keys as part of it. I thought the > keys was encrypted as well. And, the only time it could be decrypted > is by me. > So, If I wanted to modify and update the encrypted data I would then > download it back to my machine and decrypt it and make whatever > changes and upload it back to the server. While uploading and > downloading the data it is already in encrypted form. That sounds correct. In this scenario, you're just using the server as a file server. Since your data are encrypted before leaving your machine, you don't need to worry about encrypting it (again) in transit. > > And, my understanding was that new data that is saved/updated by users > would be encrypted on the fly. Encrypted data that leaves the server > would be decrypted BUT then with SSL only the user would see the > requested data. This was my understanding of what tools like TrueCrypt > does. So, I think I'm totally missing the point of the product. This is where things get tricky. If your users are submitting data (over SSL), and the server is encrypting it for storage, you can use a symmetric key pair, with only the encryption key on the server (you keep the decryption key secure at your location). Things break down, however, when you want to give other users access to the data. Now, the server needs to decrypt the data before sending it (which involves encrypting it via SSL, but you need unencrypted data to feed to the SSL mechanism). Now, even with symmetric keys, you need both keys on the server. Once you have encrypted data + the decryption key on the server, the encryption is meaningless, since if anyone compromises the server, they have all the information they need to decrypt the original data. Generally, if you're trying to communicate sensitive information via a web based application, you want to look at the following areas: - The host security of the server. Is the box hardened? Are you running old, vulnerable versions of server software? Do you have a strong password policy, or are you using SSH keys for authentication? Do you trust the people who have physical possession of the server? - The security of whatever web-based application is managing the data. If I can break your web-app, then I can steal your data (even if it's encrypteded on disk!) - The protocol security of the protocols used to communicate with the server. You should be using SSL (for web) and SSH (for shell access and file transfer services) -- otherwise you run the risk of a man-in-the-middle stealing your passwords, and subsequently your data. If those three areas are properly addressed, you should be fine. If the data is encrypted on disk, that's fine -- but as soon as one of the above three is broken, your on-disk encryption is essentially worthless. Which of course means that before any of those are broken, it's probably meaninglessly redundant. Note, there's a forth concern: The security of the people who are allowed access. Are you sure that user X isn't actually a spy. This gets into the Authorization problem, which is probably going to get handled in your web app. If you can limit people to accessing only the data they need, you limit your exposure. This is a non-trivial problem, but there's a lot of good reading you can do about it. -Tim From joeleo724 at gmail.com Sun Apr 6 21:52:43 2008 From: joeleo724 at gmail.com (Joe Leo) Date: Sun, 6 Apr 2008 21:52:43 -0400 Subject: [nycphp-talk] Website Data Encryption tools In-Reply-To: <47F9779A.4000604@o2group.com> References: <799abcd40804060715i2b622785obcde7d94321b9c16@mail.gmail.com> <20080406154651.GA24184@panix.com> <799abcd40804060929s121b05nca60c863c4d9541@mail.gmail.com> <47F93C08.3090405@gmx.net> <799abcd40804061612u5d5193ffo45a01e417d0dcf12@mail.gmail.com> <47F96BC4.1090409@o2group.com> <799abcd40804061757m2b1eaa84sd402a6493e4f928e@mail.gmail.com> <47F9779A.4000604@o2group.com> Message-ID: <799abcd40804061852i1692297dv6b63cd8c41602712@mail.gmail.com> Thanks to all who have replied and commented to my questions. To Tim and Dave, thanks for the input - your comments have all helped me to understand quite a few things about the encryption. I think I've just graduated encryption 101:) with much more to learn. Again, thanks for everyones feedback! Joe On Sun, Apr 6, 2008 at 9:23 PM, Tim Lieberman wrote: > Joe Leo wrote: > > > The missing piece of info I guess I did not realize is that if I encrypt > > some drive or part of it like folders or some system volume that I had to > > have the decryption keys as part of it. I thought the keys was encrypted as > > well. And, the only time it could be decrypted is by me. > > So, If I wanted to modify and update the encrypted data I would then > > download it back to my machine and decrypt it and make whatever changes and > > upload it back to the server. While uploading and downloading the data it is > > already in encrypted form. > > > That sounds correct. In this scenario, you're just using the server as a > file server. Since your data are encrypted before leaving your machine, you > don't need to worry about encrypting it (again) in transit. > > > > > And, my understanding was that new data that is saved/updated by users > > would be encrypted on the fly. Encrypted data that leaves the server would > > be decrypted BUT then with SSL only the user would see the requested data. > > This was my understanding of what tools like TrueCrypt does. So, I think I'm > > totally missing the point of the product. > > > This is where things get tricky. If your users are submitting data (over > SSL), and the server is encrypting it for storage, you can use a symmetric > key pair, with only the encryption key on the server (you keep the > decryption key secure at your location). > > Things break down, however, when you want to give other users access to > the data. Now, the server needs to decrypt the data before sending it > (which involves encrypting it via SSL, but you need unencrypted data to feed > to the SSL mechanism). Now, even with symmetric keys, you need both keys on > the server. Once you have encrypted data + the decryption key on the > server, the encryption is meaningless, since if anyone compromises the > server, they have all the information they need to decrypt the original > data. > > Generally, if you're trying to communicate sensitive information via a web > based application, you want to look at the following areas: > - The host security of the server. Is the box hardened? Are you > running old, vulnerable versions of server software? Do you have a strong > password policy, or are you using SSH keys for authentication? Do you trust > the people who have physical possession of the server? > - The security of whatever web-based application is managing the data. > If I can break your web-app, then I can steal your data (even if it's > encrypteded on disk!) > - The protocol security of the protocols used to communicate with the > server. You should be using SSL (for web) and SSH (for shell access and > file transfer services) -- otherwise you run the risk of a man-in-the-middle > stealing your passwords, and subsequently your data. > > If those three areas are properly addressed, you should be fine. > If the data is encrypted on disk, that's fine -- but as soon as one of the > above three is broken, your on-disk encryption is essentially worthless. > Which of course means that before any of those are broken, it's probably > meaninglessly redundant. > > Note, there's a forth concern: The security of the people who are allowed > access. Are you sure that user X isn't actually a spy. This gets into the > Authorization problem, which is probably going to get handled in your web > app. If you can limit people to accessing only the data they need, you > limit your exposure. This is a non-trivial problem, but there's a lot of > good reading you can do about it. > > > -Tim > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ps at sun-code.com Thu Apr 10 07:40:21 2008 From: ps at sun-code.com (Peter Sawczynec) Date: Thu, 10 Apr 2008 07:40:21 -0400 Subject: [nycphp-talk] =?iso-8859-1?q?=5BOT=5D_Food_=26_Wine_Pairs_Ideas_A?= =?iso-8859-1?q?pr=E8s_Programming?= Message-ID: <004101c89aff$a9274440$fb75ccc0$@com> Oysters: Massachusetts pemaquid. Chablis: Fran?ois Raveneau Chablis Grand Cru Les Clos 1991. Chef: David Kinch, Manresa, Los Gatos, Calif. Ribs: Short ribs, saucy. Shiraz: Lengs and Cooter Sparkling Shiraz, Australia. Chef: Jody Adams, Rialto Restaurant and Bar, Boston, Mass. Cod: Pan seared w/ pigs' tails, Caraquet oysters, celeriac & P?rigord truffle. Red: Marcillac Red Wine from France's southwest. Chef: Josh Emett, Gordon Ramsay at the London, New York, N.Y. Salmon: Prepared "sous-vide" topped w/ smoked brook trout roe. White Burgundy: 2001 Francois Jobard Bourgogne Blanc. Chef: Michael Cimarusti, Providence, Los Angeles, Calif. Squid: Salad w/ rice noodles, cucumber, basil & mint, lime & sweet chile sauce. Reisling: 1990 Bert Simon Auslese Riesling Chef: Nobu Fakuda, Sea Saw, Scottsdale, Ariz. Sweetbreads: Browned in butter, lemon & parsley, topped w/ a runny poached egg. Chardonnay: 2005 Rosemary's Vineyard Chardonnay. Chef: Tony Esnault, Adour, New York, N.Y. Bass: Tartare w/ a tangy olive tapenade. Ros?: Wolffer Estate Vineyards (East Hampton) 2007 Ros?. Chef: Eric Ripert, Le Bernardin, New York, N.Y. Pork: Pan-fried w/ Cajun spice, green onion & rice. Red: Muga's Tempranillo from Rioja, Spain. Chef: Donald Link, Cochon, New Orleans, La. Sea Urchin: Prepared in a lobster gel?e, topped w/ a cauliflower cream. Ros?: Billecart-Salmon Ros? Champagne. Chef: Michelle Bernstein, Michy's, Miami, Fla. Warmest regards, Peter Sawczynec Technology Dir. Sun-code Interactive Sun-code.com 646.316.3678 ps at sun-code.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From suzerain at suzerain.com Thu Apr 10 10:13:23 2008 From: suzerain at suzerain.com (Marc Antony Vose) Date: Thu, 10 Apr 2008 22:13:23 +0800 Subject: [nycphp-talk] export to access or excel Message-ID: <85EF36E3-9A55-4563-A331-732659877E97@suzerain.com> Hi there: This just feels like one of those questions that would have been asked a million times, but looking at the web site, it appears that the archives of this list are not searchable? Anyway, it can still be worthwhile to ask the same question again, I suppose, because new projects come along, and others get improved or die. So, the question is: can anyone recommend a good library for exporting MDB or XLS files from PHP? I'm in a situation where I'd prefer an access dump, but an excel dump could possibly work. I'm googling away, as well, but hoping for some bona fide firsthand recommendation from someone who maybe does this a lot (I don't). Cheers. Marc Vose http://www.suzerain.com From dirn at dirnonline.com Thu Apr 10 10:22:45 2008 From: dirn at dirnonline.com (dirn at dirnonline.com) Date: Thu, 10 Apr 2008 07:22:45 -0700 Subject: [nycphp-talk] export to access or excel Message-ID: <20080410072245.9562cbc3556ac68f081dfda387a9f4ab.85c565a906.wbe@email.secureserver.net> An HTML attachment was scrubbed... URL: From ramons at gmx.net Thu Apr 10 10:39:02 2008 From: ramons at gmx.net (David Krings) Date: Thu, 10 Apr 2008 10:39:02 -0400 Subject: [nycphp-talk] export to access or excel In-Reply-To: <85EF36E3-9A55-4563-A331-732659877E97@suzerain.com> References: <85EF36E3-9A55-4563-A331-732659877E97@suzerain.com> Message-ID: <47FE2686.1060509@gmx.net> Marc Antony Vose wrote: > So, the question is: can anyone recommend a good library for exporting > MDB or XLS files from PHP? I'm in a situation where I'd prefer an > access dump, but an excel dump could possibly work. > PHP has ODBC support and may even have support to talk to Access directly, but that may require working on a Windows box. Or you could write everything to a CSV and pull that in. David From consult at covenantedesign.com Thu Apr 10 11:00:02 2008 From: consult at covenantedesign.com (Webmaster) Date: Thu, 10 Apr 2008 11:00:02 -0400 Subject: [nycphp-talk] export to access or excel In-Reply-To: <85EF36E3-9A55-4563-A331-732659877E97@suzerain.com> References: <85EF36E3-9A55-4563-A331-732659877E97@suzerain.com> Message-ID: <47FE2B72.8070108@covenantedesign.com> You can search ANY site with google: You can use Google to search only within one specific website by entering the search terms you're looking for, followed by the word "site" and a colon followed by the domain name. export XLS files PHP site:list.nyphp.org -Ed Marc Antony Vose wrote: > Hi there: > > This just feels like one of those questions that would have been asked > a million times, but looking at the web site, it appears that the > archives of this list are not searchable? > > Anyway, it can still be worthwhile to ask the same question again, I > suppose, because new projects come along, and others get improved or die. > > So, the question is: can anyone recommend a good library for exporting > MDB or XLS files from PHP? I'm in a situation where I'd prefer an > access dump, but an excel dump could possibly work. > > I'm googling away, as well, but hoping for some bona fide firsthand > recommendation from someone who maybe does this a lot (I don't). > > Cheers. > > Marc Vose > http://www.suzerain.com > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > From randalrust at gmail.com Fri Apr 11 06:51:34 2008 From: randalrust at gmail.com (Randal Rust) Date: Fri, 11 Apr 2008 06:51:34 -0400 Subject: [nycphp-talk] PHP and MySQL Connections Message-ID: We have been having some performance issues on one of our larger sites, and I'm trying to figure out the best way to go about fixing them. We use the adoDB abstraction library. Since day one, we've used persistent connections, and I think that might be at least part of the problem. So if I switch from the persistent connection, PConnect() to the non-persistent, Connect(), I want to make sure of one particular thing: My understanding is that PHP automatically cleans up a database connection after it has executed the query. Therefore, I don't need to use the close() function. Is that correct? On a related note, our main issue is that the site keeps slowing down and we are getting a 'Too Many Connections' error from MySQL. I had the number of connections increased from 100 to 150 on both Apache and MySQL two weeks ago, but we are still having the problem, although less frequently. One thing I'd like to be able to do is check how many connections have physically been made to the database. I did this a couple of weeks ago, but now I can't find the MySQL query returns that information. If anyone could throw that out to me, I'd greatly appreciate it. -- Randal Rust R.Squared Communications www.r2communications.com From rolan at omnistep.com Fri Apr 11 11:24:22 2008 From: rolan at omnistep.com (Rolan Yang) Date: Fri, 11 Apr 2008 10:24:22 -0500 Subject: [nycphp-talk] PHP and MySQL Connections In-Reply-To: References: Message-ID: <47FF82A6.1000406@omnistep.com> Randal Rust wrote: > We have been having some performance issues on one of our larger > sites, and I'm trying to figure out the best way to go about fixing > them. ..... > On a related note, our main issue is that the site keeps slowing down > and we are getting a 'Too Many Connections' error from MySQL. I had > the number of connections increased from 100 to 150 on both Apache and > MySQL two weeks ago, but we are still having the problem, although > less frequently. One thing I'd like to be able to do is check how many > connections have physically been made to the database. I did this a > couple of weeks ago, but now I can't find the MySQL query returns that > information. If anyone could throw that out to me, I'd greatly > appreciate it. > > Most common problem I see is a database that is not optimized or a sql server that is just underpowered (not enough cpu, ram, or disk i/o bandwidth .. usually it's the latter 2). If the database can be optimized, you will likely not need to upgrade the hardware. First, examine your queries to see what is slow: When your website begins to die, check the mysql process list mysqladmin -p processlist You'll probably see a list of queries that are taking a long time. These will eventually build up until you reach "Too Many Connections". You can also enable "--log-slow-queries" in mysql to log the slow queries to a file. Track down the queries, prune your tables, add indexes, or rewrite the sql properly to speed things up. You can tweak the my.conf mysql config file settings to get a little better performance but the underlying problem is usually something more serious. If it all looks good, next blame the hardware. Good tools to monitor ram and disk i/o usage using vmstat and iostat. Leave "vmstat 5" running to see if your machine has run out of memory and is swapping pages to disk. This is often the tipping point leading to meltdown. The "cpu wa" column will show amount of time in wait state. if this is high, you've likely run out of disk bandwidth Time to buy more or faster hard drives or break the app apart into a cluster of machines. ~Rolan From andre at pitanga.org Mon Apr 14 10:07:18 2008 From: andre at pitanga.org (=?UTF-8?B?QW5kcsOpIFBpdGFuZ2E=?=) Date: Mon, 14 Apr 2008 10:07:18 -0400 Subject: [nycphp-talk] OT: webmaster test In-Reply-To: <47FF82A6.1000406@omnistep.com> References: <47FF82A6.1000406@omnistep.com> Message-ID: <48036516.4080605@pitanga.org> So, we're hiring a new webmaster here at work and I was tasked with producing a simple technical test. The person is supposed to have two years experience as a web dev. There's three parts: html, css, and webmaster questions. What do you think? (bonus: I'll tell you what my manager thought) HTML 1) Which HTML attribute is used to define inline styles? a) font b) styles c) css d) text e) style 2) What is the correct HTML for referring to an external style sheet? a) b)