|
Does %AD mean anything in PHP or ASCI or something ? For a webapp I'm working on, people can create a newsletter to send out and I have a list of "champs de fusion" which I don't quite know the english word for, but is basically a dynamic word that will be replaced by the database. An example : Hello %NAME%, you live in %CITY%... If I send that out, the words between % are swapped out for the corresponding word in the database, for each person. It works great. Only one doesn't work, and that's %ADRESSE% (this is in french), the mail comes with the word RESSE% instead of it's value. Almost like it chokes on converts the %AD part. Anyone have an idea why ? All the other words go through fine.
|
# ? Oct 13, 2009 14:04 |
|
|
# ? May 16, 2024 18:19 |
|
quote:Anyone have an idea why ? All the other words go through fine.
|
# ? Oct 13, 2009 14:09 |
|
That must be it, with all the AJAX and passing through POST and saving into the database the body of the mail goes through a bunch of encoding / decoding functions. I'll look into it. Edit: Thanks, I seem to have fixed it using Escape() in javascript Yossarko fucked around with this message at 14:56 on Oct 13, 2009 |
# ? Oct 13, 2009 14:14 |
|
I've been working on a simple intranet-based PHP/MySQL utility for myself, but I'm years out of practice and a bit stuck. I have a lookup table in my database that I want to pull into memory because the data is referenced quite a bit on a given page. It has around a dozen records and consists of: int RankID (primary key, auto-increment) varchar(20) RankName int RankMin int RankMax I feel a bit stupid asking, but what's the best way to store this in memory? I thought I could just make a class with the appropriate properties, and then make an array of objects of this class type... but I guess I can't do that? Or I'm doing it wrong. Or something. Any help would be much appreciated.
|
# ? Oct 14, 2009 15:09 |
|
An array of arrays?php:<?php $values = array( 'value1' => array ( 'rankid' => $rankid, 'rankname' => $rankname, 'rankmin' => $rankmin, 'rankmax' => $rankmax ), 'value2' => array ( 'rankid' => $rankid, 'rankname' => $rankname, 'rankmin' => $rankmin, 'rankmax' => $rankmax ), 'value3' => array ( 'rankid' => $rankid, 'rankname' => $rankname, 'rankmin' => $rankmin, 'rankmax' => $rankmax ), 'value4' => array ( 'rankid' => $rankid, 'rankname' => $rankname, 'rankmin' => $rankmin, 'rankmax' => $rankmax ) ); ?>
|
# ? Oct 14, 2009 15:25 |
|
WhiteHowler posted:I thought I could just make a class with the appropriate properties, and then make an array of objects of this class type... but I guess I can't do that? That sounds like a good idea. Why don't you post your code attempting to do that and we'll fix it.
|
# ? Oct 14, 2009 16:24 |
|
I tried making an array of objects, but I obviously did something very wrong...php:<? class playerrankclass { public $rankname; public $rankmin; public $rankmax; } $playerrank = array(); function getplayerranks() { $query = "select * from tblPlayerRank"; $rankresult = mysql_query($query); $ranknumrows = mysql_num_rows($rankresult); for ($i=0; $i<$ranknumrows; $i++) { $thisrank = mysql_fetch_array($rankresult); $playerrank[] = new playerrankclass($thisrank[PlayerRankName], $thisrank[PlayerRankMin], $thisrank[PlayerRankMax]); } } getplayerranks(); ?> However, I don't get anything back when I attempt to access an element of playerrank[]: php:<? $i = 0; // or whatever echo $playerrank[$i]->rankname; ?> I'll admit I'm kind of in over my head here. I haven't used PHP in two or three years now, and I've obviously forgotten a lot of stuff that used to be second nature.
|
# ? Oct 14, 2009 18:41 |
|
You need to have an explicit constructor for class playerrankclass as follows:php:<? class playerrankclass { public $rankname; public $rankmin; public $rankmax; function playerrankclass($newRankname, $newRankmin, $newRankmax) { $rankname = $newRankname; $rankmin = $newRankmin; $rankmax = $newRankmax; } } ?>
|
# ? Oct 14, 2009 18:51 |
|
WhiteHowler posted:I tried making an array of objects, but I obviously did something very wrong... You need to explicitly set the class variables, unless something has changed and there's magic assignment of arguments to class member vars based or order defined or something... which might be the case, because my PHP is rusty. Think of it this way: How does new playerrankclass('poop',1,3) know what do to with the string 'poop' and the numbers 1 and 3? You either need to make a constructor function in your class that takes arguments, or set them then add to your array: php:<? $tmp = new playerrankclass(); $tmp->rankname = 'poop'; $tmp->rankmin = 1; $tmp->rankmax = 3; $plyerrank[]= $tmp; ?>
|
# ? Oct 14, 2009 18:56 |
|
Standish posted:You need to have an explicit constructor for class playerrankclass as follows: I swear I used to know all of this. Thanks for the help; I have a feeling this will make it work just fine. Edit: It's still not working quite right. I added the constructor to the class. However, trying: php:<? foreach ($playerrank as $rankvalue) { echo "Array value: ".$rankvalue->rankname."<br>"; } ?> code:
Edit #2: count($playerrank) is also showing 13 elements. Am I just attempting to access the values incorrectly? WhiteHowler fucked around with this message at 19:45 on Oct 14, 2009 |
# ? Oct 14, 2009 19:08 |
|
WhiteHowler posted:Oh, that makes sense. what does print_r($playerrank); output?
|
# ? Oct 14, 2009 22:12 |
|
I have a page login.php (for users to log in) that up until now accepted a form sent using POST. I was asked by a user if I could set it up to also accept GET data because, I dunno, he wants to set up a hyperlink from his Google thingymabob to visit my site or something like that. I didn't see any reason why not so I added it. So now my users can log in by submitting the form using POST or by visiting a URL like https://www.mysite.com/login.php?Name=Hammerite&Password=fishfingers Just wanted to check that there aren't any security issues with doing this. User has been given to understand that any security concerns associated with using this facility are his problem, not mine, but I'd like to know.
|
# ? Oct 15, 2009 01:01 |
|
Hammerite posted:Just wanted to check that there aren't any security issues with doing this. User has been given to understand that any security concerns associated with using this facility are his problem, not mine, but I'd like to know. Don't send passwords using GET.
|
# ? Oct 15, 2009 01:40 |
|
How is it any different than a POST if neither are encrypted?
|
# ? Oct 15, 2009 03:18 |
|
POST will never appear in a URL string. It takes a lot amount more detective work to grab a password from POST compared to GET. If it is just one customer then put that functionality in but restrict it to the single login. POST isn't encrypted, but it at least tries to hide things.
|
# ? Oct 15, 2009 03:29 |
|
Ned posted:POST will never appear in a URL string. It takes a lot amount more detective work to grab a password from POST compared to GET. If it is just one customer then put that functionality in but restrict it to the single login. POST isn't encrypted, but it at least tries to hide things. No, POST does not try to hide things. POST is not any harder whatsoever for a determined attacker to snoop; it's not even realistically harder for an opportunistic attacker. There are exactly two situations in which GET will reveal a password, but POST wouldn't:
Both of these are solved by a very simple and standard practice: After the user logs in, issue a HTTP redirect that sends them to some other page. That will very quickly change the URL visible in the browser, minimizing the time it is available for someone to read, and will ensure that any links off-site will have a referer that does not include the login information.
|
# ? Oct 15, 2009 04:27 |
Why not pass in some sort of session id in the url?
|
|
# ? Oct 15, 2009 05:11 |
|
I'm not worried about the determined hacker. I'm worried about the unwilling hacker. Having a password in GET opens you up to people who don't know anything. POST at least requires a tiny bit of knowledge about how things work and is less likely to persist. Just warn the guy and do what you can to convince him to take a few steps for security. GET is a bad idea.
|
# ? Oct 15, 2009 05:34 |
|
Ned posted:I'm not worried about the determined hacker. I'm worried about the unwilling hacker. Having a password in GET opens you up to people who don't know anything. POST at least requires a tiny bit of knowledge about how things work and is less likely to persist. It's like you didn't even read ShoulderDaemon's post. GET won't make your system any more insecure than POST if you aren't encrypting your data in anyway. He even mentioned that part about the redirect so you don't even have see the URL.
|
# ? Oct 15, 2009 06:01 |
|
Thanks for the suggestion about the redirect, I've now implemented that as well. (The login page now just redirects to itself, with the GET variables removed obviously, after carrying out the tasks associated with logging the user in.) Although, it only does this if the user was successful logging in. It doesn't redirect if the user sends a misspelled user name or something like that, and fails to log in. I guess I need to tackle that at some point.fletcher posted:Why not pass in some sort of session id in the url? I only use PHP sessions for users. I don't even use cookies at all (well, apart from PHP session cookies obviously). In the long term I would like to implement a better system, to include "remember me" cookies, but I know there are all kinds of security considerations to be aware of when doing that kind of thing and I haven't gotten around to doing it yet (there are always so many things to do). In any case, this user wants to just create a static hyperlink from his Google page that will send him to my site and log him in. Yeah, it's stupidly insecure, but that's his bag, why do I care.
|
# ? Oct 15, 2009 14:13 |
|
Edit: I'm retarded. Forgot to use $this-> in my constructor.
WhiteHowler fucked around with this message at 14:50 on Oct 15, 2009 |
# ? Oct 15, 2009 14:34 |
|
True story: I was trying to apply for a government job one time (U.S. Federal government - don't remember where specifically) and the sign up page required a social security number. I figure it's no big deal since it's a SSL secure form and stuff so I go ahead and fill everything in - all the information one would need to get a credit card in my name, really, and hit submit. Lo and behold, the next form comes up and the first get parameter in the URL is social=123456789. The old laptop I was using that day probably even still has it somewhere on the hard drive since I don't use it too often Note that I'm not trying to piss on Hammerite's decision - users can shoot all their own toes off if they want, fine - I just thought it was apropos.
|
# ? Oct 15, 2009 15:34 |
|
Can anyone recommend a good JSON/Array To XML script? I found a couple, but one was horribly written and the other doesn't work. I'd rather not waste time writing my own as I have much more difficult problems to solve.
|
# ? Oct 16, 2009 16:16 |
|
I have been using this for something simple.code:
|
# ? Oct 16, 2009 16:44 |
|
Is there a way other than a set of IF statements that can perform a set of commands depending on what a variable is? Like if $color is "red" do <command set 1> but if $color is "blue" then do <command set 2> but if $color is "green" do <command set 3>. I found it. it's the Switch structure. Agrikk fucked around with this message at 04:48 on Oct 18, 2009 |
# ? Oct 18, 2009 04:46 |
|
If you wanna be clever and make something horrible, you could define functions called red(), green(), and blue() and then call them as $color().
|
# ? Oct 18, 2009 16:38 |
|
rt4 posted:If you wanna be clever and make something horrible, you could define functions called red(), green(), and blue() and then call them as $color().
|
# ? Oct 19, 2009 09:28 |
|
supster posted:jesus did you really just suggest that? When I saw that post my immediate reaction was "What? Can you do that?" (You can't, unless my hosting has set some ini setting to disable it)
|
# ? Oct 19, 2009 11:21 |
|
Unless I'm missing something, you can do that, if you wrap it in Eval() No ?
|
# ? Oct 19, 2009 13:39 |
|
You can do it. You probably have the syntax wrong (it's also not the best method, but it would work). No need for eval()php:<? function red() { echo 'RED!'; } $color='red'; $color();?>
|
# ? Oct 19, 2009 14:03 |
|
Hammerite posted:When I saw that post my immediate reaction was "What? Can you do that?" (You can't, unless my hosting has set some ini setting to disable it) but if you do and I end up having to maintain your code I will track you down and kill you.
|
# ? Oct 19, 2009 14:31 |
|
supster posted:jesus did you really just suggest that? I noted that it's horrible. The bullshit I maintain at work has this all over the place. It makes the code nearly impossible to trace!
|
# ? Oct 19, 2009 16:11 |
|
Why did they even add that functionality ? It's like register_globals. Just screaming for bad code.
|
# ? Oct 19, 2009 19:27 |
|
I've come across a problem with 'mktime()'. I keep getting this error message 'Warning: mktime() expects parameter 4 to be long, string given in Path/to/file/name.php' I use this function to strip out leading zeros and cast the result into an integer but I still get problems. code:
Edit, I think I solved it. I should stop enclosing integers in quotes thingys. Cad_Monkey2 fucked around with this message at 20:11 on Oct 19, 2009 |
# ? Oct 19, 2009 20:02 |
|
Yossarko posted:Why did they even add that functionality ?
|
# ? Oct 19, 2009 20:08 |
|
Cad_Monkey2 posted:Edit, I think I solved it. I should stop enclosing integers in quotes thingys. Yeah, you were passing it the string "$month", not the integer stored in $month.
|
# ? Oct 19, 2009 20:20 |
|
thedaian posted:Yeah, you were passing it the string "$month", not the integer stored in $month. I tested that function, tested for integers, entered dummy info and stared at it for 3 hours. I posted it and 8 minutes later while reading my own post, spotted it. What a waste of time! Although, I won't make that mistake again.
|
# ? Oct 19, 2009 20:33 |
|
Yossarko posted:Why did they even add that functionality ? Probably because Perl had it first. A few other languages have a similar mechanism. It's a great trick if you ever need to make your code as fragile and unfixable as possible in a big loving hurry.
|
# ? Oct 19, 2009 21:17 |
|
Yossarko posted:Why did they even add that functionality ? At least 5.3 was a huge step forward and eventually 6 will be a decent language. Now only if hosts would upgrade to 5.3. :\
|
# ? Oct 19, 2009 22:57 |
|
|
# ? May 16, 2024 18:19 |
|
thedaian posted:You can do it. You probably have the syntax wrong (it's also not the best method, but it would work). No need for eval() I see you and raise you: php:<? function red() { echo 'RED!'; } function green() { echo 'GREEN!'; } $red = 'green'; $color='red'; $$color();?>
|
# ? Oct 19, 2009 23:24 |