|
You also can't do php:<? $bla = new Something()->method(); ?>
|
# ¿ Mar 19, 2008 23:51 |
|
|
# ¿ Apr 29, 2024 10:09 |
|
duck monster posted:or are you after an initialised object?
|
# ¿ Mar 20, 2008 00:45 |
|
Don't you mean /<mytag>([^<]*)</mytag>/
|
# ¿ Mar 28, 2008 14:10 |
|
I'm of the opinion that it's generally best to sanitize data as late as possible. So if you're sanitizing it for output, sanitize it right before outputting or when you know that you won't be doing anything with it other than outputting.
|
# ¿ Apr 5, 2008 10:04 |
|
Zorilla posted:So would there be anything wrong with sanitizing as late as the MySQL query string? Right now, I'm getting away with processing form inputs with their original $_POST superglobals, then using htmlspecialchars() at the query function argument to keep form inputs from doing anything too powerful, though I don't know if that would leave you wide open on older, less secure versions of PHP. But ideally I think the sanitizing for the database should be coupled with the layer that does the actual insertion. A good example of that is either ADOdb or mysqli where you do stuff like this: php:<? $conn->Execute("SELECT * FROM TABLE WHERE COND=?", array($val)); ?> php:<? $stmt->prepare("SELECT District FROM City WHERE Name=?")) { $stmt->bind_param("s", $city); $stmt->execute(); $stmt->bind_result($district); $stmt->fetch(); ?> And you probably shouldn't sanitize the input in any other way (i.e. htmlspecialchars) before inserting it into the database. You should always have pure data in your database and then sanitize it for output after fetching it from the database. hey mom its 420 fucked around with this message at 00:15 on Apr 7, 2008 |
# ¿ Apr 7, 2008 00:12 |
|
Incidentally, does anyone else think that the interface for mysqli is loving terrible? Especially the bind_param method. First you have to prepare the statement, then you have to bind parameters to it by giving it variables and strings like "sssd", then execute, bind results to variable, then fetch the data and then loop and output the variables that have the results binded to them repeatedly. Sure, binding results to variables and then the current row being assigned to those variables saves memory by not storing all results in an array but it's not like you're going to be outputting 1 million records on a single page. ADOdb does it way better.
|
# ¿ Apr 7, 2008 00:26 |
|
What's a good PHP library for sending out emails? Just one at a time from a form, so no need for mass mailing.
|
# ¿ May 8, 2008 10:38 |
|
nbv4 posted:mail()? doesnt get much simpler than that Zorilla: Thanks, I'll try that out!
|
# ¿ May 8, 2008 11:24 |
|
Dominoes posted:I just learned PHP, and set up a simple script to email me submitted form data. I have a small problem that I"m hoping someone can help me with. I just asked about PHP mailing libraries one page ago and at the end I found the Swift library, which filters the data for you. I recommend it, works nicely and I got it set up and working in a matter of minutes.
|
# ¿ May 11, 2008 12:04 |
|
what the hell I'm trying to have a user upload an image and then I resize it with gd and save it. I'm using a mix of functions that I got from php.net and some other place. Thing is, it works for very small images, but if I try a bigger image (like 250k), I get this error message code:
I could post the functions I use to convert the images but they're pretty long, basically it's just finding out what the type of the image is with a lot of case structures, then it calculates the new width and height and then it calls imagecopyresampled and then it saves it. hey mom its 420 fucked around with this message at 17:32 on May 11, 2008 |
# ¿ May 11, 2008 17:28 |
|
Thanks guys, I managed to solve it by adding around more calls to free up resources and such. Also, here's something that drove me up the wall today. IE uploads jpg files as image/pjpeg while other browsers do it as image/jpg. I spent at least an hour and then some running around trying to find out why images uploaded with IE don't work, because I was turning the second part of the MIME type directly into the extension. Ugh!
|
# ¿ May 12, 2008 00:42 |
|
It's easy to convert from a MySQL DATETIME field to a timestamp by using the UNIX_TIMESTAMP MySQL function or to convert from a timestamp to a DATETIME field by using the FROM_UNIXTIME MySQL function, so in the end it largely depends on preference.
|
# ¿ May 12, 2008 23:26 |
|
I use ADOdb, it's pretty cool, especially parametrization, where you do $db->execute("SELECT * FROM foo WHERE foo.bar = ?", array("baz"))
|
# ¿ May 13, 2008 18:47 |
|
That depends on the conditions, really. What's the second condition? If it doesn't evaluate to true, whose fault is that? Why would you want your script to just die instead of sending a useful error header and/or message to the user?
|
# ¿ Jun 26, 2008 00:51 |
|
Yeah, foreach is basically the control flow construct for templates. It needs minimal logic and produces the desired behaviour. If you wanted to put foreach loops out of your templates, you'd probably have to generate all the HTML that requires looping in the controllers and then pass that off to the views ...
|
# ¿ Jul 10, 2008 01:01 |
|
Yeah.
|
# ¿ Jul 10, 2008 17:10 |
|
My PHP is really rusty and I ran into this problem when building a site for something I'm making. I have an associative array with strings as the keys and they point to arrays:php:<? $contents = array ( 'introduction' => array( ... , 'starting-out' => array( ... , 'types-and-typeclasses' => array( ... , 'syntax-in-functions' => array( ... , 'higher-order-functions' => array ( ... , ... ) ?>
|
# ¿ Aug 30, 2008 12:25 |
|
|
# ¿ Apr 29, 2024 10:09 |
|
Ah, awesome! Yeah, that looks much more elegant! My PHP's real rusty, I totally forgot about array_keys and array_search. Thanks!
|
# ¿ Aug 30, 2008 15:42 |