IRC Logs

Network: freenode Channel: #php

	Enter your search terms Submit search form
	Web www.irclog.org

[00:12]<cmrmyr>Dj_FlyBy : *nod* the quickfix is to use ini_set() "I think (tm)" to automatically addslashes to those POST values. otherwise.. rewrite your query like: $first_name = addslashes( $_POST["FirstName"] ); $query = "INSERT...VALUES( '$first_name'..)";
[00:13]<fgjgym_l_>ini_set don't work with magic_quotes_gpc
[00:14]<wyrg_>or foreach ($_POST as $post) { $_POST['post'] = addslashes($post); } or something
[00:14]<fgjgym_l_>and plain addslashes is bad solution )
[00:14]<fgjgym_l_>becauase magic_quotes_gpc can be enabled
[00:14]<fgggga>people with magic_quotes_gpc enabled deserve to die. :)
[00:14]<drvvdaa>Generally, the solution is to check if magic quotes is on, and reverse its effects with stripslashes.
[00:14]<fgjgym_l_>=)
[00:14]<cmrmyr>true..but he's newbieish..so better to give him it in a variable _now_ ..so when folks start leaving fields blank or entering bogus email addies..he already has it in a $variable to perform proper checks ;)
[00:15]<drvvdaa>Then do proper escaping when the time is right.
[00:15]<fgjgym_l_>i just use post/get wrappers , _post , _get -)
[00:15]<fgjgym_l_>_post("var") instead of $_POST["var"]
[00:16]<fgggga>kyndig: no, I won't put you out of your misery, it's okay. :)
[00:16]<cmrmyr>hmm, nod, good approach leonid_p_
[00:16]<fgggga>so, sort of a general question here
[00:17]<fgggga>I have a nice script, I'm considering redistributing this nice script... but I'm not quite sure what version of PHP it needs. I just wrote it, with version 5 or so...
[00:18]<fgggga>there's no tricksy special way to test out what it needs, is there?
[00:18]<cjzdk>well you could always test it on older versions...
[00:18]<cjzdk>start with version 1, and go up from there;)
[00:18]<fgggga>mmm. Maybe I'll set up a server on my laptop... haha
[00:18]<cmrmyr>Fennec : depends on how reliant it is on php functionality I imagine. I use some pretty snazzy php5-only functions ( I'm sure you know what they are if you're using them) - otherwise, it'd probably work perfectly fine with any 4.x version ( we won't get into 2.x or 3.x <--wasn't into web hacking during 1.x)
[00:18]<||aw>Fennec: does it uses classes? does it use any functions that have special notes about different php versions?
[00:18]<cjzdk>as soon as it starts working you have an issue
[00:19]<fgggga>I'm fairly sure it uses at least php4, but mmaybe php3 would do.
[00:19]<drvvdaa>Even if it did work in PHP3, I'd lie and say it doesn't.
[00:19]<fgggga>haha
[00:19]<||aw>i wouldn't even consider supporting less than 4.2
[00:20]<cjzdk>support 1.0!!!
[00:20]<cmrmyr>Fennec : If a server is using php3 these days - it's either there for backwards compatibility and php4.x+ is available, it is a personal server, or the server has _no_ new clients
[00:20]<||aw>4.1.2 bare minimum, that's when they added $_* superglobals
[00:20]<fgggga>Aha.
[00:20]<fgggga>localhost installation, here I come, anyway.
[00:21]<cmrmyr>gotta love this stuff
[00:21]<fgggga>well, I could use one anyway
[00:21]<cmrmyr><--alibi: is a geek himself
[00:21]<fgggga>and I'll try out lighttpd
[00:22]<fgggga>but tell me.... can the average PHP installation download data from arbitrary URLs?
[00:22]<drvvdaa>Usually.
[00:23]<cmrmyr>like include("http....") ? *nod* not on many reseller servers though..., fopen() would work though
[00:23]<fgggga>what's the best way? file_get_contents?
[00:23]<fgggga>will that work often?
[00:23]<drvvdaa>Yep.
[00:23]<fgggga>okie.
[00:23]<drvvdaa>kyndig: Never, ever use include with a remote URL.
[00:23]<cmrmyr>since file_get_contents uses a file id..nodnod, that follows the fopen() rule of thumb
[00:24]<cmrmyr>mattmcc : *smirk* no kiddin
[00:24]<fgjgym_l_>better to use sockets to open remote file..
[00:24]<drvvdaa>Nah, file_get_contents is quite sufficient.
[00:24]<fgjgym_l_>allow_url_fopen is turned off on most servers..
[00:24]<drvvdaa>It is?
[00:24]<drvvdaa>Not in my experience.
[00:25]<fgjgym_l_>lucky %)
[00:25]<fgggga>leonid_p_: I want to download a specific file... how, via sockets?
[00:25]<fgjgym_l_>simly!
[00:25]<fgjgym_l_>*simply -)
[00:25]<fgjgym_l_>just send get request, parse response.. save file..
[00:25]<cmrmyr>allow_url_fopen nodnod, that's it. You can thank bad distro software for that server-side security implement
[00:26]<fgggga>leonid_p_: got any examples?
[00:26]<fgjgym_l_>one second , i will show what i use to open remove file
[00:26]<fgjgym_l_>m?
[00:27]<fgjgym_l_>=))
[00:27]<rrse>hello all
[00:27]<rrse>is there a date_format() for RFC-822 ?
[00:27]<fgjgym_l_>http://pastebin.com/714258
[00:27]<fgjgym_l_>works on all servers i seen so far %)
[00:27]<rrse>(to convert from mysql's yyyy-mm-dd to RFC-822)
[00:27]<zfdsvzyz>Finish him :o
[00:28]<svjzdzxzsnz>gone
[00:28]<svjzdzxzsnz>:)
[00:28]<zfdsvzyz>Flawless Victory
[00:28]<svjzdzxzsnz>fatality! :)
[00:28]<rrse>"fatality"
[00:28]<rrse>heh
[00:29]<cmrmyr>thanks for the help once more folks
[00:29]<fgjgym_l_>heh
[00:29]<fgjgym_l_>ok
[00:29]<fgjgym_l_>will turn autoslap off -))
[00:30]<svjzdzxzsnz>leonid_p_: Or that, or you'll get slapped off...
[00:30]<fgjgym_l_>Stormchaser , i see -)
[00:30]<fgjgym_l_>ok, this script still use join("",file()) , bad way %)
[00:32]<rrppygrvnm>leonid_p_: all depends on what it is you want. using join() and file() together will work in versions of php that do not support file_get_contents()
[00:32]<fgjgym_l_>yes, but fopen/fread is much faster then file_get_contents()
[00:32]<fgjgym_l_>oops
[00:32]<rrppygrvnm>leonid_p_: it's not really about speed - more about memory conservation
[00:32]<fgjgym_l_>i mean when join(file()) -)
[00:33]<fgjgym_l_>when = then -)))
[00:33]<fgggga>For my purposes, memory consumption is all but utterly irrelevant.
[00:33]<rrppygrvnm>then the method you use won't matter
[00:33]<fgjgym_l_>join(file()) break file some time
[00:34]<fgjgym_l_>try to read binary file and you will see
[00:34]<rrppygrvnm>if you have a recent version of php, use file_get_contents(). if you're not sure which version it's going to be use join/file
[00:34]<fgjgym_l_>use fopen/fread -)
[00:34]<zufn>Does dio_open work much differently than fopen in terms of how it is implimented/talks with the OS?
[00:34]<fgjgym_l_>join/file is bad practice.. fread(fopen($filename,"r"),filesize($filename)) is better -)
[00:35]<eyzau>leonid_p_: that is worse
[00:35]<zufn>There seems nothing about the technical side of it in the manual yet someone's comment says dio_write is faster then fwrite.
[00:35]<rrppygrvnm>leonid_p_: well, sure, if you do it that way it's going to break. the way you should be doing it is: $str = join("\n", file('myfile.txt')); because file() breaks the lines on \n
[00:35]<aaymrgyrg>hey caffinated, where in BC are you?
[00:35]<rrppygrvnm>AcidReign: vancouver island

Back to #php
Or go to some related logs:
#netbsd
#gentoo
#gentoo
#netbsd
#netbsd