|
clockworkjoe posted:I tried it both ways but it still happens I think I inappropriately put colons into single-line "if" statements while trying to add consistency to the code. It's my guess that the statement will go on until it reaches the next endif;. Get rid of the colons on those and try again. Zorilla fucked around with this message at 06:29 on Jun 2, 2008 |
#
¿
Jun 2, 2008 06:27
|
|
|
|
| # ¿ May 21, 2024 00:08 |
|
|
Also take note that you'll likely need to raise all the following settings if you want a user to upload a really huge file: memory_limit post_max_size upload_max_filesize max_execution_time Of course, the memory limit will have to be slightly higher than the post size, which must be slightly higher than the max filesize.
|
|
#
¿
Jun 11, 2008 22:59
|
|
|
drcru posted:How do you do the authentication system like they have on AwfulYearbook. Probably include an activation token in the table of users. A random MD5 ought to do the job. Once you have that, compare it to member.php for that particular user by using the DOMDocument object (or some other method for gathering information from HTML/XML) to scour each element's child text for that value. Zorilla fucked around with this message at 06:32 on Jun 13, 2008 |
|
#
¿
Jun 13, 2008 06:28
|
|
|
drcru posted:I was wondering more on how they did the actual checking of the website. Just realized that after I posted. Check the first reply again. DOMDocument is great if you're already familiar with manipulating web pages with DOM in Javascript.
|
|
#
¿
Jun 13, 2008 06:33
|
|
|
Munky_Magic posted:Basically I am working on a CMS, and was wondering what the best way to store things like website parameters is? If you don't mind the settings being lost if the user clears their browser cache, use cookies. Otherwise, use the MySQL database. I would use cookies for petty things like which menus get shown on each page.
|
|
#
¿
Jun 14, 2008 02:10
|
|
|
Little Brittle posted:Is there any way to pass curl an urldecoded URL? urldecode() Is this what you're looking for or does PHP's curl function crap out when you use URIs with spaces? Either way, URIs with spaces breaks standards. You should be requesting the document with an encoded URI, then have the target site decode it at that end. Zorilla fucked around with this message at 10:40 on Jul 5, 2008 |
|
#
¿
Jul 5, 2008 10:34
|
|
|
Is that URL going to an actual path, such as photos/my cool album/100.html, or is it rewriting to something like index.php?get1=photos&get2=my cool album&get3=100 If it's the latter, it makes sense that it's redirecting on you since it can't find any entries literally named "my%20cool%20album" in the database and is probably doing something like taking you back to the front page because of it. If this is what it's doing, you could probably substitute spaces with + since that's what web browsers and PHP expect (and does automatically for things like multiple search keywords in forms). Zorilla fucked around with this message at 22:20 on Jul 5, 2008 |
|
#
¿
Jul 5, 2008 22:16
|
|
|
Yeah, this is starting to sound like a fundamental server problem to me. Even with absolutely no dynamic code, %20 should be interpreted as a space by the web server for any case in which directories have spaces in them, not redirecting. I have to wonder how you're even able to access the page through an ordinary web browser (as opposed to curl) since they encode illegal characters on the fly once you hit "Go" on the URL bar. If you're comfortable with it, would you like to paste your .htaccess file to see if it sheds any light on this problem? Zorilla fucked around with this message at 00:27 on Jul 6, 2008 |
|
#
¿
Jul 6, 2008 00:19
|
|
|
dagard posted:Is there any good reason why implode() has to take an array? IE, why this: Take a look at its syntax here. It expects exactly two parameters as input. Parameter one is the glue string (such as a comma) and parameter two is a set of strings you wish to implode. I think it's a good way of doing things because it allows future versions of PHP to expand functionality by possibly allowing extra parameters after the second one. Zorilla fucked around with this message at 12:25 on Jul 16, 2008 |
|
#
¿
Jul 16, 2008 12:19
|
|
|
WHORENDOUS posted:Am I missing something? Is there something else I need to have running to parse php? In my experience, The CGI version of PHP 5 has always had a problem installing for me in IIS 6 that I tracked down to long paths with spaces in them. What happens when you try to install PHP to C:\PHP ?
|
|
#
¿
Jul 29, 2008 02:36
|
|
|
Jam2 posted:Problem solved. the gd.dll was not in the extension folder. Copied it across and it worked. This is a bit fuzzy in my head, but I think extensions only end up in c:\windows\system32 if no other path is specified in php.ini. By default, isn't it usually set to C:\PHP\ext or something? Maybe that's only if you use the MSI installer.
|
|
#
¿
Jul 30, 2008 01:41
|
|
|
arkiteKt posted:1) Is htmlspecialchars the best way to prevent against script/link injections? 1) It seems ok. Also, if you have any queries that involve user input, make sure they're properly escaped. Somebody else recommended to me before that you should probably store inputs into the database as purely as possible and then encode them upon reading them. (With XML, use CDATA blocks to store things like < and > in a way that doesn't conflict with the XML structure) 2) This is AJAX, right? I'm assuming you're retreiving the XML with jQuery. According to this, you can use the html() method to encode special characters. Javascript or jQuery might be responsible for decoding your data on read. The data is encoded in the XML file, right? Zorilla fucked around with this message at 04:43 on Jul 30, 2008 |
|
#
¿
Jul 30, 2008 04:26
|
|
|
drcru posted:I was thinking textfield in the database separated by commas. But that doesn't sound so efficient. How big is this project? If you think you can fit what you need inside VARCHAR fields instead of using LONGTEXT, go for it, but unless this project is huge, you probably won't see any performance difference. According to this, it looks like you'd only save 3 bytes of space for data 232 - 1 characters or less if you went with VARCHAR instead of LONGTEXT. If you're just talking about storing multiple pieces of data in a single field, JSON is probably the way to go since you can make your lists multidimensional if need be and PHP already provides functions for converting these strings to and from arrays. For instance, one person's data could look like this: php:<? $data = array( "name"=>"Joe Blow", "locations"=>array( "Brockway", "Augdenville", "North Haberbrook" ), "didthetripsuck"=>true ); ?> code:Zorilla fucked around with this message at 12:42 on Aug 2, 2008 |
|
#
¿
Aug 2, 2008 05:19
|
|
|
Safety Shaun posted:Either way I'll have to recode index.php to and call cookies and/or initiate the session at the top. I'll play around with buffer. Yeah, really do try to separate your code from your templating as much as possible by getting most of your code out of the way before output happens. I know it's not totally possible short of using something like Smarty because of stuff like database result loops which end up in the middle of the page, but it does make it much easier to manage things that need to be done before the header gets sent out.
|
|
#
¿
Aug 4, 2008 08:43
|
|
|
Grigori Rasputin posted:Uh, dumb question but: what is the syntax to do PHP IF blocks with HTML? I've seen it before but have rarely used it, and can't think of a place where to find it and my searches have failed. Nuts to what others have said so far. If your project is a really small one, it doesn't make sense to include major frameworks like Smarty. I usually just do this: php:<?php $crap = "poo"; if ($state === true) { // comment to demonstratoe PHP tabbing inside "if" statement ?> <div> blah_true....<br /> The value of $crap is "<?php echo $crap; ?>" </div> <?php // another comment } else { ?> <div> blah_false,,, </div> <?php } ?> I strongly recommend using PHP's templating system instead of straight-up using echo statements since it context highlights properly in code editors and is tabbed out the way it appears in your browser's "View Source" window. Zorilla fucked around with this message at 01:41 on Aug 8, 2008 |
|
#
¿
Aug 8, 2008 01:34
|
|
|
cannibustacap posted:Oh no, the entire thing is within the "<?php .... ?>" brackets. Then shouldn't it be like this? php:<?php ?> <a href="/<?php echo $header; ?>">The Header!</a> <?php ?>
|
|
#
¿
Aug 10, 2008 01:26
|
|
|
weekoldsushi posted:
<p> tags are block-level elements, by the way, not an equivalent of a double <br />. They go around paragraphs (or otherwise grouped text). Also, add \n after each line or it displays as one long line in HTML source. Zorilla fucked around with this message at 22:48 on Aug 14, 2008 |
|
#
¿
Aug 14, 2008 22:45
|
|
|
WHORENDOUS posted:What can I do? Is there any way to troubleshoot this? None of the guides that I've looked at have helped at all. I'm ready to shoot myself in the face. Do you have PHP error reporting turned off?
|
|
#
¿
Aug 16, 2008 21:17
|
|
|
Alex007 posted:How do you do you do it ? People have been arguing this for ages, but I've never seen any of those three used exactly as presented. The official documentation for PHP shows examples in this format: php:<?
if ($variable == "value") {
some_function(); // yeah, PHP names things this way instead of with camel casing for some reason
} else {
some_other_function();
}
?>php:<?
if ($variable == "value")
{
some_function();
}
else
{
some_other_function();
}
?>
|
|
#
¿
Aug 17, 2008 00:34
|
|
|
It may be even cleaner to put all input variables into an array for organization's sake:php:<?
foreach ($_SESSION as $key => $value) {
$input[$key] = $value;
}
echo $input["name"]."<br />\n";
echo $input["address"]."<br />\n"; // and so on...
?>Zorilla fucked around with this message at 22:07 on Aug 18, 2008 |
|
#
¿
Aug 18, 2008 21:53
|
|
|
drcru posted:How should I store passwords in MySQL? The only way I know of is to MD5 it with a salt. How would a security conscious goon do it? That's pretty much it, I think. You could make the login process done through SSL or use Javascript to MD5 the password on the client side so it isn't sent out cleartext, but you're on the right track so far.
|
|
#
¿
Aug 21, 2008 12:39
|
|
|
The March Hare posted:I've been working with forms so I know how to make a form and how to change the value in the sql but is there any way for me to make just a single button that executes the php code with no user input beyond the action of clicking the button? Probably with hidden fields: code:
|
|
#
¿
Aug 26, 2008 05:15
|
|
|
Mine GO BOOM posted:The submit button is its own field. Can look for $_POST['submit'] == 'Report' and skip the hidden variables. Yeah, I only wrote it the way I did because I prefer to explicitly check to see if $_POST["submit"] has been sent before checking the rest of the form. Whatever works, though.
|
|
#
¿
Aug 26, 2008 06:35
|
|
|
Stephen posted:I've done this before using cURL by checking the response sent back from the server for errors. It worked, but there's probably a lot better ways to do it. Probably not. If HTTP is the only means of communicating with that server, then your way is ideal.
|
|
#
¿
Sep 9, 2008 19:34
|
|
|
Is there a good way to gracefully reject file uploads that are too large? Limits are usually controlled through php.ini or other files that compliment it such as .htaccess, which means PHP is the one throwing a fit when something is too big. I want to display a user-friendly error if somebody tries to upload gargantuan, unresized images from their 14 MP camera to a website. My guess is that there is some sort of error you could check for on postback, but Google comes back absolutely dry when I look up information on this. Any ideas? edit: I hate it when I find the answer 2 seconds after I give up. $_FILES["some_field"]["error"] == UPLOAD_ERR_INI_SIZE (or similar errors) does the trick. edit2: This only returns errors if individual files go over the collective limit, so it's no good for multiple file uploads. For now, I'm just using a function that adds up all the $_FILES["some_field"]["size"] fields and compares the result to max_upload_size (in integer form). If anybody knows a simpler way, tell me about it. Zorilla fucked around with this message at 21:22 on Sep 26, 2008 |
|
#
¿
Sep 26, 2008 01:18
|
|
|
Ned posted:I think you should set it with html. Yeah, that's one approach. I didn't want the user to be able to lift the limit by tampering with post data, so I set the PHP-wide limit instead. I have things mostly working at this point, but uploading is still giving me some bizarre behavior every now and then that I need to sort out. MrEnigma posted:PHP actually has an object for manipulating the DOM (http://us.php.net/dom). The catch is that you need to use output buffering, and you have to operate on it before you dump it out to the user. The first is mainly for parsing HTML/XML and phpQuery is just an easier way of messing with objects than the first method. Really, because a div's computed width is entirely up to the whim of the web browser used, his only option is to determine the width beforehand, then set it stlye="width: somevalue;", making sure the page's design allows the set width to reliably match the actual computed width. I went back to Aturaten's post about this, and I guess he's doing an image gallery. Keep in mind that even Google's image search uses Javascript to line up the images based on your browser's size, not some server-side method. I would advise you to just use tables for this since it's one of the few totally appropriate uses for it in modern web design. Zorilla fucked around with this message at 01:26 on Oct 4, 2008 |
|
#
¿
Oct 4, 2008 01:17
|
|
|
Munkeymon posted:Use single quotes to delimit the strings? Or the more context highlighting-friendly way: php:<?php ob_start(); ?> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head profile="http://www.w3.org/2005/10/profile"> <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> <meta name="DESCRIPTION" content="stupid description goes here." /> <meta name="KEYWORDS" content="keywordz" /> <?php $meta_header = ob_get_contents(); ob_end_clean(); ?>
|
|
#
¿
Oct 10, 2008 03:32
|
|
|
jasonbar posted:Relating to only the secureness of the file inclusion, you should be fairly safe. You should really keep commonthings.php outside of the webroot so that there is no chance of anyone actually getting it through their browser. If this isn't an option, you could also put something at the top of the script to check to see if basename($_SERVER["SCRIPT_FILENAME"]) is equal to "commonthings.php" and stop the script right there if it is (though having other files with the same name breaks this). Or you could define a constant in each child page like ALLOWACCESS and check it in commonthings.php. Most CMSes do one of these two things. This doesn't protect against server admins being idiots, but you've got other problems if your PHP keeps showing. Zorilla fucked around with this message at 21:08 on Oct 11, 2008 |
|
#
¿
Oct 11, 2008 20:57
|
|
|
sonic bed head posted:I have a question about this. How does that really happen? I thought that if a php server is asked to serve a .php file, it would always interpret it before it sends the response to the client. If that's the case, as long as the config stuff isn't being echoed, how could the browser show the plaintext? If PHP isn't configured, the web server interprets it as text/plain and just sends off the script without processing it. (beaten)
|
|
#
¿
Oct 11, 2008 21:08
|
|
|
Lumpy posted:The only "problem" with that is when you move your including page to a new level in the directory hierarchy. Then "../../" points somewhere else, and everything breaks. Try to use absolute paths as much as possible. But if it works for now, then you done good, and keeping passwords / usernames, etc. outside of web root is always a good thing, no matter how you go about doing it. It seems cheesy to hardcode the absolute path to files for one particular server. Is there a way to acquire the web server's DocumentRoot path so things can be easily moved from server to server?
|
|
#
¿
Oct 14, 2008 04:27
|
|
|
sonic bed head posted:I have an image that was created from imagecreatefromjpeg() in a php script. I have PHPMailer up and running but I can't figure out how to send the image as an attachment without first writing the file to disk. Is it possible to send it without it being a file? I can't seem to find any real good documentation for phpmailer and I also don't really know how encoding attachments works so any help would be greatly appreciated. Thanks. I believe imagecreatefromjpeg() loads a JPEG into memory, uncompressed and likely taking up seveal MB because of it. That's not something you want to attach to an email. Unless PHPMailer has a method for accepting GD image objects as file attachments where it compresses it back down for you, you'll probably have to save the image to a temporary location using imagejpeg(). Unless PHP provides a graceful way to store files temporarily in 1-2 lines of code, I would just save the file with a random name like md5(session_id()).".jpg", destroy the copy in memory, email it, then delete it. Zorilla fucked around with this message at 06:54 on Oct 15, 2008 |
|
#
¿
Oct 15, 2008 06:47
|
|
|
drcru posted:I have a div with a set width and height and a background image. If the desired result is a slightly jumbled appearance, you might try setting float: left on each image and giving each a random amount of margin within 10-50px.
|
|
#
¿
Oct 15, 2008 12:47
|
|
|
Lumpy posted:-> is the equivalent of the "." in most languages. An English translation would be " method or property of " an object. One thing I've never found documentation on is what the &= assignment operator is supposed to be. Or why I sometimes see functions as ___somename(). Can somebody tell me what the purpose of these are?
|
|
#
¿
Oct 18, 2008 00:18
|
|
|
Atom posted:&= is "bitwise AND" assignment. I should have asked about =& specifically since I saw it here. I still can't quite figure out what it's supposed to do differently than = does.
|
|
#
¿
Oct 18, 2008 00:45
|
|
|
Oops, why didn't I see that link
|
|
#
¿
Oct 18, 2008 00:54
|
|
|
drcru posted:Would it be very memory/cpu intesive if I looped through this and checked for conditions? PHP has quite a few functions for searching for things in arrays or running callbacks for things in arrays, etc. Would in_array() work for what you need?
|
|
#
¿
Oct 27, 2008 01:22
|
|
|
Strong Sauce posted:If the mail server is setup then you could just put mail() doesn't work consistently across servers and you have to set up headers, attachements, etc. totally by hand, so I would recommend using the PHPMailer class to make setting up and sending emails a lot easier. You'll need it anyway if you want to use SSL/TLS since PHP doesn't handle any of that on its own. You can also take a look at SwiftMailer, but I don't prefer it because it's way too huge and suffers from class-itis. Zorilla fucked around with this message at 00:43 on Oct 29, 2008 |
|
#
¿
Oct 29, 2008 00:36
|
|
|
LastCaress posted:<?php mail('YOUR... worked great, I'll look into phpmailer as well but it seems a bit more complex You mean like passing it on in the message body? It should just be $_SERVER["HTTP_USER_AGENT"]. Also, PHPMailer is loads more simple with anything more complex than a small text-only message: php:<? [sub] <?php require("class.phpmailer.php"); $mail = new PHPMailer(); $mail->IsSMTP(); // telling the class to use SMTP $mail->Host = "smtp.example.com"; // SMTP server $mail->From = "from@example.com"; $mail->AddAddress("myfriend@example.net"); $mail->Subject = "First PHPMailer Message"; $mail->Body = "Hi! \n\n This is my first e-mail sent through PHPMailer."; $mail->WordWrap = 50; if(!$mail->Send()) { echo 'Message was not sent.'; echo 'Mailer error: ' . $mail->ErrorInfo; } else { echo 'Message has been sent.'; } ?> [/sub]?>
|
|
#
¿
Oct 29, 2008 12:49
|
|
Any idea how to insert functions like $HTTP_USER_AGENT in the mail I get?
|
Stephen posted:Is there some kind of timeout or restriction that I may be hitting in PHP or perhaps even on the FTP server? Maybe you'd get better performance by logging in once, uploading all the files, then disconnecting instead of connecting/disconnecting for each file.
|
|
#
¿
Oct 31, 2008 00:31
|
|
|
|
| # ¿ May 21, 2024 00:08 |
|
|
microwave casserole posted:I'm thinking about writing a very simple content-management system that reads articles from an RSS file instead of a database. It would basically be a site-specific RSS reader, with manual editing of the RSS file instead of something where you log into the site to make new entries. PHP has support for DOM, so reading items from XML files should be pretty easy. Reading from a WordPress feed would look something like this (yeah, the filename is totally wrong, I know): php:<?php $xml = new DOMDocument(); $xml->load("rss.xml"); $items = $xml->getElementsByTagName("item"); foreach ($items as $item) { ?> <p>Article Name: <?php echo $item->getElementsByTagName("title")->item(0)->nodeValue; ?><br /> Link: <?php echo $item->getElementsByTagName("link")->item(0)->nodeValue; ?><br /> Published: <?php echo $item->getElementsByTagName("pubDate")->item(0)->nodeValue; ?></p> <?php } ?> Zorilla fucked around with this message at 23:31 on Nov 1, 2008 |
|
#
¿
Nov 1, 2008 21:12
|
|