IRC Logs

Network: freenode Channel: #php

	Enter your search terms Submit search form
	Web www.irclog.org

[06:14]<fumygnzm>I'm a moron
[06:14]<fumygnzm>Thanks for the help
[06:14]<mjgcnd_2>i have two images, a thumbnail, and a canvas... is it possible to merge the thumbnail in the middle of the canvas, as such: http://www.mydevsite.net/canvas.jpg
[06:14]<fumygnzm>:P I forgot a simple semicolon
[06:14]<zufn>Happens to us all now and again :)
[06:16]<fumygnzm>Hey one more q, if I change this absolute to a relative will it cause problems? header("Location: http://www.thefinancialmentor.com/thanks.htm");
[06:17]<2r2j>deadroot: hmmm .... I don't think I'd ever store html in a database ...
[06:20]<zypvmgsyrg>what are some of the search engines you all have installed for use on your site?
[06:20]<mzzg_pyz0w>Monkey_b: I've not used GD much myself, but possibly imagecopymerge, www.php.net/imagecopymerge
[06:20]<annlnz`> if(!isset($cols[$tabledepth])) $cols[$tabledepth] = 0; $cols[$tabledepth]++;
[06:20]<2r2j>I can't use use an object in an array map to check my variables ... ? $_POST=array_map("$checky->input_check",$_POST);
[06:21]<annlnz`>is that not the correct format for a counter? echo "DEBUG".$cols[$tabledepth]."DEBUG"; i print that right after
[06:21]<annlnz`>but the variable is never set!
[06:21]<2r2j>$_POST=array_map("$checky->input_check",$_POST);
[06:21]<annlnz`>it always prints DEBUGDEBUG
[06:21]<zufn>Don't use quotes on it?
[06:21]<annlnz`>me?
[06:22]<zufn>babo, sorry
[06:22]<annlnz`>do you know whats wrong in my case?
[06:22]<annlnz`>i mean it should work shouldnt it
[06:22]<2r2j>np
[06:23]<mnzmzjjv>babo: okay. but still your usage of htmlentities would make it difficult to extend the application for raw HTML data. whereas the idea of minimising the manipulation of input data would provide for the most flexibility.
[06:24]<annlnz`>anyone know why my counter is meessed up like that?
[06:24]<mnzmzjjv>the lowest common denominator here is to not touch the input data, unless necessary
[06:24]<2r2j>deadroot: agreed, in a perfect world, data should be stored as is. But there are significant advantages to using this method, once you know what you are doing ... :-)
[06:25]<yvzn2rf>babo: i think *you* don't know what your doing, you should *always* filter your output when its going *out* not in
[06:25]<mnzmzjjv>i don't really see any advantage to using htmlentities on data
[06:25]<mnzmzjjv>s/on data/on input data/
[06:26]<2r2j>itrebal: when does your output ... go in ?
[06:26]<2r2j>itrebal: you filter input coming in and output going out ...
[06:26]<pdznpfdq99q>how can I limit a number to the "tens" position? i.e. one decimal place?
[06:27]<yvzn2rf>babo: input that will become output is not filtered
[06:27]<yvzn2rf>simply by good practice, just in case you need to do something with it
[06:27]<zufn>firefly2442: Try number_format: http://uk2.php.net/number_format
[06:27]<2r2j>itrebal: err .. what about input that goes to an sql statement ... ?
[06:27]<pdznpfdq99q>Zule, thanks
[06:28]<yvzn2rf>babo: same thing
[06:28]<svjzdzxzsnz>firefly2442: You can also use round()
[06:28]<zufn>Goddamn it
[06:28]<svjzdzxzsnz>http://storm.homeunix.org/misc/bts/page7.jpg <-- *GRIN* :)
[06:28]<zufn>Why do I always have to suck :D
[06:28]<mjgcnd_2>I figured it out
[06:28]<mjgcnd_2>finally
[06:28]<zufn>Round would be better :)
[06:28]<mjgcnd_2>woohoo
[06:28]<yvzn2rf>Zule: you always pick the dominant guys?
[06:29]<zufn>I like being dominated? Silly question! :D
[06:29]<annlnz`>wow
[06:29]<yvzn2rf>babo: i don't filter it, i escape it, escape != filter
[06:30]<zufn>Stormchaser: Looking good \o/
[06:30]<svjzdzxzsnz>Zule: :)
[06:31]<zufn>I'm all for the silver hair :)
[06:31]<zufn>Well... silver/gray, depending what you like to call that colour :)
[06:31]<svjzdzxzsnz>lol
[06:31]<svjzdzxzsnz>It's supposed to be silver
[06:32]<zufn>Then I was right to begin with :D
[06:32]<svjzdzxzsnz>*snickers*
[06:32]<zufn>I'm weird enough tha wanted to dye my hair silve but that's another story...
[06:32]<svjzdzxzsnz>rofl
[06:32]<zufn>that I wanted*
[06:32]<zufn>Sorry, wireless is losing keypresses :/
[06:32]<yvzn2rf>Zule: i want to go Silver, but i don't know how :) i'm kinda off-green now
[06:33]<zufn>Does silver hair dye even exist? It seems impossible to find her at least :(
[06:33]<2r2j>itrebal: you need to filter all user input full stop ...
[06:33]<yvzn2rf>babo: why?
[06:33]<mnzmzjjv>babo: why?
[06:33]<rjrunjnmy>babo: why?
[06:33]<zufn>babo: why?
[06:34]<rjrunjnmy>babo: Not talking about escaping here
[06:34]<zufn>Stormchaser: I'm liking it so far, it has a plot that appeals :)
[06:34]<nrvyvnphp>I think what babo means is that you can never trust user input, and you need to validate all incoming parameters until a point you can trust that it won't pose a security risk
[06:34]<svjzdzxzsnz>Zule: you've seen nothing yet :)
[06:35]<yvzn2rf>NativePHP: yes, absolutely, to make sure that its something you can work with
[06:35]<zufn>Do you have a full scale elaborate story planned out? :D
[06:35]<yvzn2rf>NativePHP: but to *filter* the input? nah
[06:35]<rjrunjnmy>NativePHP: Depending on the input, that's not many very things though.
[06:35]<2r2j>just to be sure that your input doesn't get executed in some manner ... at least that's what I took to mean from Schlossangles book on php security ... better safe than sorry unless you specifically don't want filtered data, then you can escape ...
[06:35]<yvzn2rf>babo: you should *always* escape anyway
[06:35]<2r2j>fitlering is safer ...
[06:36]<svjzdzxzsnz>Zule: Yep... But in many corners there are things, that are always changing...
[06:36]<2r2j>s/fitlering/filtering/
[06:36]<rjrunjnmy>babo: I can see maybe searching for javascript calls (if need be) or anythign with <script> in it, but that's about it
[06:36]<rjrunjnmy>babo: I usually deal with that on the output though
[06:36]<nrvyvnphp>I don't know what filtering means in that context, if you mean you want to setup a filter system that will apply global validation on parameters, that is one thing
[06:36]<zufn>Stormchaser: Change is good, but I'm glad I've seen nothing yet ;)
[06:36]<yvzn2rf>sure, but i do that when i output it, that way if needbe i can pull up the database entry for any legal reasons
[06:37]<svjzdzxzsnz>okay, kids... Nap time for me... It's 5:30 am :)
[06:37]<nrvyvnphp>RogueJedi: if you allow the end user to enter HTML, you need to strip out bad stuff when it is entered and on display
[06:37]<rjrunjnmy>NativePHP: Why on entered?
[06:37]<yvzn2rf>NativePHP: escape on input, filter on output - thats my moto (i gues....)
[06:37]<rjrunjnmy>NativePHP: Define "bad stuff"
[06:38]<nrvyvnphp>RogueJedi: javascript, some tags/attributes that will break your app
[06:38]<rjrunjnmy>NativePHP: Why on input AND output?
[06:38]<mnzmzjjv>babo: escaping the data allows for more flexibility and saves on the number of bytes used than filtering it
[06:39]<nrvyvnphp>RogueJedi: first you need to validate that it can be stored in a database so you don't have SQL injection attacks, and then if you ever view your DB in something like phpMyAdmin, having JavaScript in there would also open you to security attacks if phpMyAdmin doesn't strip out the unwanted tags
[06:39]<mnzmzjjv>there is little to be gained from filtering it
[06:39]<rjrunjnmy>NativePHP: We're not talking about SQLI here, we're all in agreement you need to escape the string.
[06:39]<2r2j>deadroot: yes, but escaping won't catch someone entering binary exectuable data/ shell code etc...
[06:39]<rjrunjnmy>NativePHP: Hmm, that's a good point

Back to #php
Or go to some related logs:
#blender
#gentoo
#gentoo
#debian
#blender