Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > <?PHP questions that don\\'t need their own thread ?>
 
  • Post
  • Reply
Ned
May 23, 2002

by Hand Knit
We should probably put the major CMSs in here as well.

* # ¿ Mar 19, 2008 22:48
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 29, 2024 12:55
  • Quote
Ned
May 23, 2002

by Hand Knit

Zorilla posted:

Is there a good way to gracefully reject file uploads that are too large? Limits are usually controlled through php.ini or other files that compliment it such as .htaccess, which means PHP is the one throwing a fit when something is too big.

I want to display a user-friendly error if somebody tries to upload gargantuan, unresized images from their 14 MP camera to a website. My guess is that there is some sort of error you could check for on postback, but Google comes back absolutely dry when I look up information on this. Any ideas?

I think you should set it with html.
<input type="hidden" name="MAX_FILE_SIZE" value="500" />

Aturaten posted:

Is there any way to get a DIVs size using PHP? I really need to find this out soon, this image gallery is killing me.

PHP has no idea of knowing what the page actually looks like in the browser or DOM. jQuery is your friend here.

* # ¿ Oct 3, 2008 00:11
  • Quote
Ned
May 23, 2002

by Hand Knit

Hammerite posted:

Just wanted to check that there aren't any security issues with doing this. User has been given to understand that any security concerns associated with using this facility are his problem, not mine, but I'd like to know.

Don't send passwords using GET.

* # ¿ Oct 15, 2009 01:40
  • Quote
Ned
May 23, 2002

by Hand Knit
POST will never appear in a URL string. It takes a lot amount more detective work to grab a password from POST compared to GET. If it is just one customer then put that functionality in but restrict it to the single login. POST isn't encrypted, but it at least tries to hide things.

* # ¿ Oct 15, 2009 03:29
  • Quote
Ned
May 23, 2002

by Hand Knit
I'm not worried about the determined hacker. I'm worried about the unwilling hacker. Having a password in GET opens you up to people who don't know anything. POST at least requires a tiny bit of knowledge about how things work and is less likely to persist.

Just warn the guy and do what you can to convince him to take a few steps for security. GET is a bad idea.

* # ¿ Oct 15, 2009 05:34
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 29, 2024 12:55
  • Quote
Ned
May 23, 2002

by Hand Knit
I have been using this for something simple.

code:
function generate_xml_from_array($array, $node_name) 
{
	$xml = '';

	if (is_array($array) || is_object($array)) {
		foreach ($array as $key=>$value) {
			if (is_numeric($key)) {
				$key = $node_name;
			}

			$xml .= '<' . $key . '>' . "\n" . generate_xml_from_array($value, $node_name) . '</' . $key . '>' . "\n";
		}
	} else {
		$xml = htmlspecialchars($array, ENT_QUOTES) . "\n";
	}

	return $xml;
}

* # ¿ Oct 16, 2009 16:44
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > <?PHP questions that don\\'t need their own thread ?>