|
Ok so it's been quite some time since I've messed around with PHP so apologies if this is a stupid question: what is the easiest way to grab all of the values from an indexed array and output them as a comma-separated string. For example:pre:Array ( [0] => test1 [1] => test2 [2] => test3 ) becomes: string(17) "test1,test2,test3" PHP code:
|
# ¿ Aug 31, 2012 10:24 |
|
|
# ¿ May 15, 2024 13:09 |
|
Ah I thought it would be something simple. I should have taken a closer look at string functions instead of just array functions. Thanks mate!
|
# ¿ Aug 31, 2012 10:47 |
|
bobthecheese posted:4a) PDO is vastly better than MySQLi. That's my own experience, anyway. I currently rent a small VPS with Linode where I run a LAMP instance which I purely use to muck around with PHP. I was previously using mysqli however from your post I decided to look into PDO and god drat it beats the crap out of mysqli. I spent some time yesterday redoing code that I'd done to use PDO instead of mysqli and it is so much easier to work with (Prepared statements rock).
|
# ¿ Sep 25, 2012 06:03 |
|
Good Will Hrunting posted:So I'm having trouble fixing up a function I wrote for a homework assignment. Here's what I have so far: The problem is that is_dir() and is_file() need the full path to the directory/file you want to test whereas readdir() only returns the name of the directory/file. Therefore line 6 of the function should probably be: code:
code:
Pile Of Garbage fucked around with this message at 20:24 on Oct 25, 2012 |
# ¿ Oct 25, 2012 19:32 |
|
Glory of Arioch posted:You don't. You have no control over what input the user submits. What you can do, however, is perform validation on the server side to reject any input that is not what you want. For example, if a user should only have the ability to edit his or her posts, double check in the server's form handler that the post they are trying to edit actually belongs to the user in question. A while ago I came up with a method of validating the authenticity of HTML form data submitted via HTTP POST by including a token with the form as a hidden input element. The token would be generated on request by combining a plain text string and a cipher text string which would be created by encrypting the plain text string using a symmetric-key block cipher. The cipher key would be pre-defined and only known by the server. When HTML form data is submitted to the server via HTTP POST it will look for the submitted token, split it into its plain and cipher text portions, encrypt the plain text portion using the same cipher key and then compare the resulting cipher text with the cipher text provided in the token. If they match then the form data is authentic. Sorry if that doesn't make sense. Here is a rough implementation of what I'm talking about (Note I just knocked this up in a few minutes and haven't actually tested it): (Oops, sorry about any table breakage. I've uploaded the code to Pastebin here: http://pastebin.com/1Z8yEVvF.) So yeah ideally submission of the token to the server would be made mandatory which means that the server should only accept HTML form data which is submitted from pages you control. The only weakness with this system is if the cipher key used to generate the tokens is compromised (Also I guess key derivation might be an issue depending on the strength of the cipher key and the block cipher used). Edit: I am a gigantic moron, please ignore this post and read ShoulderDaemon's response below. Pile Of Garbage fucked around with this message at 06:07 on Oct 31, 2012 |
# ¿ Oct 31, 2012 04:35 |
|
You are right about malicious third-parties simply being able to fetch the token from the form and reuse it. I didn't consider that which is pretty darn idiotic of me and basically renders my script useless. Quite frankly I'm pretty embarrased about that post now however I'll leave it there as-is for posterity and as an example of what not to do.
|
# ¿ Oct 31, 2012 06:06 |
|
ManiacClown posted:See, this is what I love about SA. Since I registered it's had intelligent discussion framed in a manner that fits my personality, but after getting out of college (so long, long ago now) I've found that it's got an insanely broad knowledge base that can help me with drat near anything. Thank you all for your help so far. Haven't really been following all of this very closely but the query on line 50 does not SELECT from a column named oem_name so the associative array returned by mysql_fetch_array() on line 55 will not have an index called oem_name. Edit: beaten.
|
# ¿ Jul 19, 2013 17:02 |
|
Probably not a good idea to have the MySQL instance listening on anything other than localhost, assuming your web-server is on the same server.
|
# ¿ Aug 17, 2015 10:56 |
|
All the same I'd recommend configuring iptables or something similar to block inbound connections to all ports other than the specific ones you require (e.g. 22, 80, 443, etc.). If your web-server and MySQL server are on different servers then just configure rules on the MySQL server to only allow connections to tcp/3306 from your web-servers public IP. Edit: if your only clients will be behind a single NATed public IP address then configure your server-side firewall thusly. If the application is meant to be accessible from anywhere then you will probably need to setup an authenticated API of sorts to handle requests (Can't really provide recommendations on this myself but others in this thread can). Pile Of Garbage fucked around with this message at 18:00 on Aug 17, 2015 |
# ¿ Aug 17, 2015 17:55 |
|
The big takeaway from that is that "Direct database connections do not support secured (SSL) connections." You do not want to do this (Here's a great reason why: http://forums.somethingawful.com/showthread.php?noseen=0&threadid=2803713&pagenumber=258#post398884189). Setup an authenticated API which the application can connect to instead. Edit: vvv yah that's the same post I linked idgi vvv Pile Of Garbage fucked around with this message at 18:13 on Aug 17, 2015 |
# ¿ Aug 17, 2015 18:05 |
|
McGlockenshire posted:implicit octal conversion
|
# ¿ Dec 14, 2015 15:24 |
|
Return value is entirely dependent on the host, make sure your server is configured to sync time via NTP against a good server (See: http://www.pool.ntp.org/). E:f;b!
|
# ¿ Dec 14, 2016 18:09 |
|
Speaking of installing PHP, is the PPA from Ondřej Surư considered reputable: https://launchpad.net/~ondrej/+archive/ubuntu/php? I added it quite some time ago to get the latest PHP back when Ubuntu and Debian repos were lagging behind the times and its been pretty good I guess. Also if it's your first time working with a server that's exposed to the internet then I'd recommend reading this tutorial from Linode which gives some good basic tips for hardening: https://linode.com/docs/security/securing-your-server/
|
# ¿ Mar 13, 2018 14:20 |
|
Someone add that to the op it's great. Btw Masked Pumpkin you don't have to quote posts in their entirety, that's why exists, a fun placeholder.
|
# ¿ Mar 26, 2018 07:36 |
|
Agrikk posted:These are AWS EC2 instances, and upon launch they pull AZ information from http://169.254.169.254/latest/meta-data/placement/availability-zone and shoves it into a system variable called EC2-InstanceAZ. I agree about IIS running as a system service, and fast CGI running in a different environment, but System variables should be available to all sessions (as opposed to user variables that are specific to specific sessions). A few things:
itskage posted:But why?? Also this, especially the multi-AZ DFS
|
# ¿ Dec 10, 2019 14:43 |
|
Good Sphere posted:What should I be using as a VPS just to get started? If your employer is paying the bill then just go with AWS.
|
# ¿ Apr 11, 2020 13:42 |
|
Good Sphere posted:Thanks for the suggestions. They got Kamatera Ubuntu server with nginx. I logged into Kamatera's dashboard for the account, and ssh'd in Mac OS's Terminal. I don't know where to even start. I'm so used to using an ftp client and the like, and I don't even know how with this yet, or if I should. A new frontier for me. If you can SSH you can usually SFTP. Just connect with your FTP client of choice on port 22.
|
# ¿ Apr 14, 2020 19:10 |
|
Agrikk posted:I am bashing my head in over this one. File permissions maybe?
|
# ¿ Jan 27, 2021 07:37 |
|
Just throwing things out there, did you change anything else about the deployment when you upgraded PHP?
|
# ¿ Feb 4, 2021 13:34 |
|
fletcher posted:I ran into this issue while migrating old chef scripts to docker containers so there are quite a few changes overall with the setup, but the PHP version was really the only significant one I could point to for this one. Wait so you moved PHP to Docker (FPM or otherwise)? If so is the TTF file/the folder with the TTF mounted in the container?
|
# ¿ Feb 10, 2021 14:04 |
|
SpaceAceJase posted:EDIT: forgot to mention the best part. It's nearly impossible to build a local dev environment because it's all linked up to dozens of undocumented shell scripts that send data over serial cables on premises to old hardware in a factory. In unpredictable ways it will just fail if it can't receive data from them. Correct me if I'm wrong but it sounds like the website you're uplifting is able to send commands directly to SCADA/PLC/OT devices in a way that may not be properly secured. Depending on what those devices are and the industry you're in this could present a massive security risk and subsequently large liability. If that's the case then you need to make sure that it is fully understood and agreed to in-writing by management that whatever you are doing to the website will not address those issues. Alternatively you could scrap the entire thing altogether and make them re-do it from the ground up.
|
# ¿ Nov 4, 2022 11:47 |
|
|
# ¿ May 15, 2024 13:09 |
|
SpaceAceJase posted:I haven't slept for a couple of days dealing with this whole company and operation I've reluctantly inherited. I.e. I'm management and not spending any money on tech debt. Just the will to live You need a break buddy, don't let work destroy you.
|
# ¿ Nov 4, 2022 12:28 |