From enunez at tiaa-cref.org Fri Sep 1 16:44:12 2006 From: enunez at tiaa-cref.org (Nunez, Eddy) Date: Fri, 1 Sep 2006 16:44:12 -0400 Subject: [nycphp-talk] Building php 5.x.x wierdness Message-ID: <15781715614BCB43AB7083C37880D19C01CB7520@NYCPDMSXMB06.ad.tiaa-cref.org> I don't understand why this happens ... Fatal error: Call to undefined function phpinfo() in /home/php/php-5.1.6/sapi/cli/test.php on line 4 System type: SuSE linux 7.0 All versions of 4 compile fine so does 5.0.5 comes out fine...but... All versions higher produce a library/binary with missing functions, functions like phpinfo, print_r, date, even var_dump I used the "nm" tool to see if the symbol(s) are present. For phpinfo, it finds ... 08392de0 B phpinfo_logo_hash 081ab9f0 T register_phpinfo_constants 081abb70 T zif_phpinfo Which is the same data dumped from a "healthy" version of PHP binary. Have a great weekend! -Ed ************************************************************** This message, including any attachments, contains 'confidential' information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, please contact sender immediately by reply e-mail and destroy all copies. You are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. TIAA-CREF ************************************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: From rolson at aeso.org Fri Sep 1 18:20:04 2006 From: rolson at aeso.org (Rick Olson) Date: Fri, 01 Sep 2006 15:20:04 -0700 Subject: [nycphp-talk] Building php 5.x.x wierdness In-Reply-To: <15781715614BCB43AB7083C37880D19C01CB7520@NYCPDMSXMB06.ad.tiaa-cref.org> References: <15781715614BCB43AB7083C37880D19C01CB7520@NYCPDMSXMB06.ad.tiaa-cref.org> Message-ID: <44F8B214.7050303@aeso.org> What configure options are you passing? Also, those functions are all in the phpsrc/ext/standard/ extension, perhaps for some strange reason that's not making it into your build process. Rick Nunez, Eddy wrote: > > I don?t understand why this happens ... > > Fatal error: Call to undefined function phpinfo() in > /home/php/php-5.1.6/sapi/cli/test.php on line 4 > > System type: SuSE linux 7.0 > > All versions of 4 compile fine so does 5.0.5 comes out fine?but? > > All versions higher produce a library/binary with missing functions, > functions like phpinfo, print_r, date, even var_dump > > I used the ?nm? tool to see if the symbol(s) are present. > > For phpinfo, it finds ? > > 08392de0 B phpinfo_logo_hash > > 081ab9f0 T register_phpinfo_constants > > 081abb70 T zif_phpinfo > > Which is the same data dumped from a ?healthy? version of PHP binary. > > Have a great weekend! > > -Ed > > | > > ************************************************************** > This message, including any attachments, contains 'confidential' > information intended for a specific individual and purpose, and is > protected by law. If you are not the intended recipient, please > contact sender immediately by reply e-mail and destroy all copies. You > are hereby notified that any disclosure, copying, or distribution of > this message, or the taking of any action based on it, is strictly > prohibited. > TIAA-CREF > ************************************************************** > | > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From pyurt at yahoo.com Fri Sep 1 19:46:23 2006 From: pyurt at yahoo.com (P Yurt) Date: Fri, 1 Sep 2006 16:46:23 -0700 (PDT) Subject: [nycphp-talk] Building php 5.x.x wierdness Message-ID: <20060901234623.6510.qmail@web52202.mail.yahoo.com> I've noticed differences in "paths" with PHP5. With files that were found in PHP4 I am required to be more exact in locating them with PHP5. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Rick Olson Sent: Friday, September 01, 2006 3:20 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Building php 5.x.x wierdness What configure options are you passing? Also, those functions are all in the phpsrc/ext/standard/ extension, perhaps for some strange reason that's not making it into your build process. Rick Nunez, Eddy wrote: > > I don't understand why this happens ... > > Fatal error: Call to undefined function phpinfo() in > /home/php/php-5.1.6/sapi/cli/test.php on line 4 > > System type: SuSE linux 7.0 > > All versions of 4 compile fine so does 5.0.5 comes out fine.but. > > All versions higher produce a library/binary with missing functions, > functions like phpinfo, print_r, date, even var_dump > > I used the "nm" tool to see if the symbol(s) are present. > > For phpinfo, it finds . > > 08392de0 B phpinfo_logo_hash > > 081ab9f0 T register_phpinfo_constants > > 081abb70 T zif_phpinfo > > Which is the same data dumped from a "healthy" version of PHP binary. > > Have a great weekend! > > -Ed > > | > > ************************************************************** > This message, including any attachments, contains 'confidential' > information intended for a specific individual and purpose, and is > protected by law. If you are not the intended recipient, please > contact sender immediately by reply e-mail and destroy all copies. You > are hereby notified that any disclosure, copying, or distribution of > this message, or the taking of any action based on it, is strictly > prohibited. > TIAA-CREF > ************************************************************** > | > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From jeff.loiselle at gmail.com Mon Sep 4 09:46:10 2006 From: jeff.loiselle at gmail.com (Jeff Loiselle) Date: Mon, 4 Sep 2006 09:46:10 -0400 Subject: [nycphp-talk] Converting hex? Message-ID: <4b1887110609040646y2ced2ccah8e405caa2d5a3647@mail.gmail.com> Anyone know of a nice efficient function to convert this? $name = 'Tony D\x27Antonio'; I realize that putting it in double quote will do it, but I am unable to do that. As I am doing something like this: $data - file_get_contents($some_remote_https_url); $pieces = explode(',', data); print $pieces[0]; Output: Tony D\x27Antonio This doesn't seem to help: print "$pieces[0]"; I'm looking for the most efficient way, as this is being used in a REST response parser. Thanks! --- Jeff Loiselle Web Developer The NewNewMedia Group http://www.newnewmedia.com From evdo.hsdpa at gmail.com Mon Sep 4 17:02:08 2006 From: evdo.hsdpa at gmail.com (Robert Kim Wireless Internet Advisor) Date: Mon, 4 Sep 2006 14:02:08 -0700 Subject: [nycphp-talk] forums and google friendliness Message-ID: <1ec620e90609041402l22f1ed65o274dd4e71ec41a58@mail.gmail.com> anybody know how to modify PHPbb so that the title field of every post IS THE URL?? kinda like the way blogger works? OH... AND is spiderable by google??? so that there is no issue with user/session id's etc...?? -- Robert Q Kim, Wireless Internet Advisor http://evdo-coverage.com/satellite-wireless-internet.html http://wimax-coverage.com 2611 S. Pacific Coast Highway 101 Suite 203 Cardiff by the Sea, CA 92007 206 984 0880 From jonbaer at jonbaer.com Mon Sep 4 18:17:33 2006 From: jonbaer at jonbaer.com (Jon Baer) Date: Mon, 4 Sep 2006 18:17:33 -0400 Subject: [nycphp-talk] forums and google friendliness In-Reply-To: <1ec620e90609041402l22f1ed65o274dd4e71ec41a58@mail.gmail.com> References: <1ec620e90609041402l22f1ed65o274dd4e71ec41a58@mail.gmail.com> Message-ID: <939DF994-F724-4F4E-8CF1-5A685E8CC1B8@jonbaer.com> You need to toy around w/ your Apache .htaccess file + mod_rewrite ... here is an example ... https://blog.iansview.com/archives/34-phpBB-how-to-make-phpBB-2.0.x- urls-google-friendly.html - Jon On Sep 4, 2006, at 5:02 PM, Robert Kim Wireless Internet Advisor wrote: > anybody know how to modify PHPbb so that the title field of every post > IS THE URL?? > > kinda like the way blogger works? > > OH... AND is spiderable by google??? so that there is no issue with > user/session id's etc...?? > > -- > Robert Q Kim, Wireless Internet Advisor > http://evdo-coverage.com/satellite-wireless-internet.html > http://wimax-coverage.com > 2611 S. Pacific Coast Highway 101 > Suite 203 > Cardiff by the Sea, CA 92007 > 206 984 0880 > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From LeeEyerman at aol.com Mon Sep 4 20:04:57 2006 From: LeeEyerman at aol.com (LeeEyerman at aol.com) Date: Mon, 4 Sep 2006 20:04:57 EDT Subject: [nycphp-talk] To Smarty Or Not to Smarty: That Is The Question Message-ID: <455.563a2a9.322e1929@aol.com> TO SMARTY OR NOT TO SMARTY: THAT IS THE QUESTION A client of mine is debating, rather furiously, the merits of using Smarty in their upcoming web-applications. Up to this point, I have not used Smarty - and I will admit it - I am an old school programmer who hates OOP, and to me, Smarty looks like another ill-conceived paradigm developed in OOP that creates a lot more hassle than it solves. We are a small organization. We do not have more than two PHP developers working on a project at a time. Our designer works closely with us to integrate CSS, Javascript, etc. The web sites we create are for government agencies and do not change often, and if they do change, they do not change very much. I understand the concept behind smarty - separate logic and display. However, I do not think Smarty is an end-all solution to all web sites - as many people are trying to sell it. This article, Smarty for Dummies, shares many of the thoughts and opinions I have about Smarty: _http://www.fudnik.com/main/tiki-read_article.php?articleId=7_ (http://www.fudnik.com/main/tiki-read_article.php?articleId=7) - it is a good read. Can anyone give any guidance about when to and when not to use Smarty? Does anyone agree/disagree that Smarty may just be a giant abstraction of logic and design, wrapped in a horrible OOP mess? Does anyone agree/disagree that using Smarty in small applications, that do not change much, and do not have separate (or large) development teams may be more burdensome than it is worth? Is anyone concerned that using Smarty as part of your systems make them less portable? Am I missing something, or is Smarty just not meant to be used in small development environments? I do not like the idea of developing web apps using Smarty because of the additional requirements of installing smarty. I am also concerned that Smarty may be built upon technologies that may be part of a current patent or part of a patent that is pending. Smarty is not that old, and it could potentially infringe a patent by another company like MS. I also do not know if Smarty is supported in the open-source community as well as PHP and MySQL. I also cannot stand the editing of multiple documents, both containing bits and pieces of logic - I know, one is application logic, the other is display logic.... is this really logical? Bouncing between documents does not seem efficient, and it also seems quite possible that a web designer could still screw up the display logic.... hmmm... Whether you would still call Smarty a new paradigm is up for question. However, I am having a hard time understanding any benefit for small sites/organization who need to deliver SOLID solutions fast, on-time, and within budget. Can anyone tell me how Smarty can increase productivity? Can it save time? Can it save money? Does it make your web-app any more secure? Doesn't it actually make your applications slower - all that code to process - and I know, it does the pre-processing - but still, OOP requires more code that procedural any day - and looking at Smarty code, it looks like a OOP mess. Like OOP, I can do everything Smarty does, faster and easier in procedural PHP on one page. Why in the world would I change to Smarty? It is also interesting to note that very few open-source applications use Smarty. PHPBB does not use it, OSCommerce does not use it, PHPMyAdmin does not use it, etc. If Smarty were so good, why haven't more open-source projects adopted it? Any information that could assist my reasoning, one way or the other, would be greatly appreciated! Thank you in advance! Lee -------------- next part -------------- An HTML attachment was scrubbed... URL: From rharding at mitechie.com Mon Sep 4 20:13:42 2006 From: rharding at mitechie.com (Richard Harding) Date: Mon, 04 Sep 2006 20:13:42 -0400 Subject: [nycphp-talk] To Smarty Or Not to Smarty: That Is The Question In-Reply-To: <455.563a2a9.322e1929@aol.com> References: <455.563a2a9.322e1929@aol.com> Message-ID: <44FCC136.1060908@mitechie.com> LeeEyerman at aol.com wrote: > TO SMARTY OR NOT TO SMARTY: THAT IS THE QUESTION > > A client of mine is debating, rather furiously, the merits of using > Smarty in their upcoming web-applications. Up to this point, I have not > used Smarty - and I will admit it - I am an old school programmer who > hates OOP, and to me, Smarty looks like another ill-conceived > paradigm developed in OOP that creates a lot more hassle than it solves. > > ...snip > > Can anyone give any guidance about when to and when not to use Smarty? > ...snip > Any information that could assist my reasoning, one way or the other, > would be greatly appreciated! > > Thank you in advance! > Lee > I've worked a little bit with smarty and I've had some discussions online. The one thing that it all comes back to is this: If your template designers are not php developers then using smarty as an interface that the designers can use might make some sense. If the guys doing the php are also doing the designing then I would suggest you take a peek at something like Savant or other php based solution. Rick From jface at mercenarylabs.com Tue Sep 5 00:33:36 2006 From: jface at mercenarylabs.com (jface at mercenarylabs.com) Date: Tue, 5 Sep 2006 0:33:36 -0400 Subject: [nycphp-talk] forums and google friendliness In-Reply-To: <1ec620e90609041402l22f1ed65o274dd4e71ec41a58@mail.gmail.com> References: <1ec620e90609041402l22f1ed65o274dd4e71ec41a58@mail.gmail.com> Message-ID: <9f913529dbac31c1378822a01e0e00a7@localhost> I'm not sure how to modify PHPBB to do what you want it to, but you might try installing a "site map" plugin to make your forum easily crawlable. I use one here: http://www.nychat.net/forums/sitemap.php On Mon, 4 Sep 2006 14:02:08 -0700, "Robert Kim Wireless Internet Advisor" wrote: > anybody know how to modify PHPbb so that the title field of every post > IS THE URL?? > > kinda like the way blogger works? > > OH... AND is spiderable by google??? so that there is no issue with > user/session id's etc...?? > > From mikko.rantalainen at peda.net Tue Sep 5 05:54:23 2006 From: mikko.rantalainen at peda.net (Mikko Rantalainen) Date: Tue, 05 Sep 2006 12:54:23 +0300 Subject: [nycphp-talk] To Smarty Or Not to Smarty: That Is The Question In-Reply-To: <44FCC136.1060908@mitechie.com> References: <455.563a2a9.322e1929@aol.com> <44FCC136.1060908@mitechie.com> Message-ID: <44FD494F.90800@peda.net> Richard Harding wrote: > LeeEyerman at aol.com wrote: >> >> Can anyone give any guidance about when to and when not to use Smarty? > > ...snip >> Any information that could assist my reasoning, one way or the other, >> would be greatly appreciated! > > If your template designers are not php developers then using smarty as > an interface that the designers can use might make some sense. If the > guys doing the php are also doing the designing then I would suggest you > take a peek at something like Savant or other php based solution. I'm a bit OOP guy and I still think that I don't need Smarty or any other template system for developing applications with (X)HTML front end. I haven't yet seen a template system that has the power to turn the application to some non-HTTP/HTML based frontend easily. And if such template system needs JavaScript for the "HTML" front end, I'm not interested. The reason I think that one shouldn't need a template system is that (X)HTML is supposed to be only about the structure and semantics. If you don't whip up a element for layout the UI guys don't need to modify the (X)HTML source. They just touch the CSS file. Granted, you may have to give up some designs if you want to stay compatible with MSIE 6.0 but in the long run, I believe that using (X)HTML for what it's supposed to be is the correct way. (X)HTML is a HyperText Markup Language. It's not a Page Layout Description Language and Styling Language. If you want the layout the designer drew you should be using formats suchs as PostScript, PDF or SVG. As a side effect, the applications that I've been writing do work with mobile phones with 120x120 pixel displays. Show me a page with table layout for such a display without writing any custom markup for the mobile device. -- Mikko From rharding at mitechie.com Tue Sep 5 06:43:40 2006 From: rharding at mitechie.com (Richard Harding) Date: Tue, 05 Sep 2006 06:43:40 -0400 Subject: [nycphp-talk] To Smarty Or Not to Smarty: That Is The Question In-Reply-To: <44FD494F.90800@peda.net> References: <455.563a2a9.322e1929@aol.com> <44FCC136.1060908@mitechie.com> <44FD494F.90800@peda.net> Message-ID: <44FD54DC.1050901@mitechie.com> Mikko Rantalainen wrote: > Richard Harding wrote: >> LeeEyerman at aol.com wrote: >>> >>> Can anyone give any guidance about when to and when not to use Smarty? >> > ...snip >>> Any information that could assist my reasoning, one way or the other, >>> would be greatly appreciated! >> If your template designers are not php developers then using smarty as >> an interface that the designers can use might make some sense. If the >> guys doing the php are also doing the designing then I would suggest you >> take a peek at something like Savant or other php based solution. > > I'm a bit OOP guy and I still think that I don't need Smarty or any > other template system for developing applications with (X)HTML front > end. I haven't yet seen a template system that has the power to turn > the application to some non-HTTP/HTML based frontend easily. And if > such template system needs JavaScript for the "HTML" front end, I'm > not interested. > > The reason I think that one shouldn't need a template system is that > (X)HTML is supposed to be only about the structure and semantics. If > you don't whip up a
element for layout the UI guys don't > need to modify the (X)HTML source. They just touch the CSS file. I have to say that there are other advantages of using a template system. I mean do you really want to hand type every
element for layout the UI guys don't >> need to modify the (X)HTML source. They just touch the CSS file. > > Personally, I like the template system approach. I have builders that > perform my logic. They use my objects to fetch the list of user accounts > from the database, for instance. Then I assign that list to the template > system. The data is now available for output. I can then create numerous > templates that use that same data for various types of output. One > builder might power 5 different template views and I only have to update > that one builder if some logic changes and all 5 templates are up to I see. I guess that works well, if it's okay to fetch all the data from database and display only some of it. I'd be a little afraid that in large scale that puts quite some unnecessary extra work for the both database server and the PHP engine. > date. I don't so how you go about that type of flexibility without a > template system of some sort. Care to share some info on how you use > straight style sheets to get your output going? If you have user account info and you just want to display it, you should first think what kind of semantic structure does this data have? If you have a list of users each of which have multiple fields, then it sounds to me that your logical structure is a table. So logically it's like this: UID Name Foobar 1 John "apple" 12 Mary 7 Semantic markup for this would look like
UIDNameFoobar
1John"apple"
12Mary7
The only thing you need to change for different rendering of the above data is to set $class variable to another value. I don't understand how many different ways there could be to encode that same information in XHTML. Therefore, I don't understand the need for templating engine to generate/modify that part of the source. To me, the only question is what solution has the best performance? A template engine is seldom the correct answer. Then you just write CSS file that specifies the rendering. It could be pretty much anything, except that with MSIE6/win32 you cannot say, for example, stuff like table.special { display: block; } because MSIE6/win32 will always behave as if an element called "table" had hardcoded CSS property "display: table". That's where the problems start. That's the reason you might want to use a template engine. If you're not happy with the hardcoded rendering the MSIE6/win32 has for your markup you have to *change your semantic markup* to match the intended rendering instead of intended meaning! Another reason could be that your layout guys don't understand CSS and use HTML for layout instead. I believe that to change the semantics of your data (the HTML markup) you *have* to modify the code/logic also. I don't see the advantage of separating those. -- Mikko From ps at pswebcode.com Tue Sep 5 09:59:06 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Tue, 5 Sep 2006 09:59:06 -0400 Subject: [nycphp-talk] To Smarty Or Not to Smarty: That Is The Question In-Reply-To: <455.563a2a9.322e1929@aol.com> Message-ID: <001601c6d0f3$73fbf400$6401a8c0@Rubicon> I've never used Smarty for a project, but I've examined many opensource projects that are structured to one degree or another on the separation of design and business logic principles of a template system like Smarty. I have found that every new project/system (new to you the developer(s)) has a learning curve. Minimum one-day as much as 5 days to understand the configuration techniques and the custom functions/tools/techniques that are in place. I believe that the very high degree of abstraction provided by a template system like Smarty can be invaluable in any known development environment that truly separates the non-programmer designer(s) from the non-designing programmer(s) But, maybe I've led a sheltered life, but every time I've worked in the web unit of a corporate environment, large and small, everyone even the 'designers' was pretty much a programmer in the code language(s) and OS in use in the company. Typically, also the company has long ago found that no matter what original system/tools were developed/purchased that there is constant need for advanced customization/features and they are knee deep in proprietary systems and in-house techniques that give the company competitively unique advantages on the web. I thought also the job demands of the IT industry today pretty much demand that you be a programmer/designer and there really are no jobs for strictly non-programming designers. I rather like that direction, as I believe that the skill set and the diversity that multifaceted designer/programmers bring to the table is far more valuable to a fast-moving tech company than multiple teams of highly segregated niche designers and programmers that only pow wow once per week in a two-hour antsy session. So, therefore, roughly on principle I would tend to lead clients towards free or low-cost, high-powered specialized opensource projects intended for their business category (projects like PHProjekt, osCommerce, Gallery, Coppermine, Open-Realty, Joomla) that bring so many great features to the table. And then you as the versatile, sophisticated developer team can dive in and customize the front end rather handily and create/designate your own custom only as-needed design option injection points. So you don't sell future design flexibility to the client but instead sell them the far more sensible and satisfying infinitely expandable feature set(s) and advise them they shouldn't be changing their web site look any sooner than every five years anyway, so changeable design in templates is not the big issue. I believe you will find very few places where you can fit a Smarty system into a complex highly-competitive business/web development environment that is itself setting new standards on the web everyday. But, Smarty is a great project and great idea and the convenience to complexity ratio may need some tweaking. Warmest regards, Peter Sawczynec, Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management ps at pswebcode.com 646.316.3678 www.pswebcode.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of LeeEyerman at aol.com Sent: Monday, September 04, 2006 8:05 PM To: talk at lists.nyphp.org Cc: smurakami at vesc-education.com; mbleich at vesc-education.com Subject: [nycphp-talk] To Smarty Or Not to Smarty: That Is The Question TO SMARTY OR NOT TO SMARTY: THAT IS THE QUESTION A client of mine is debating, rather furiously, the merits of using Smarty in their upcoming web-applications. Up to this point, I have not used Smarty - and I will admit it - I am an old school programmer who hates OOP, and to me, Smarty looks like another ill-conceived paradigm developed in OOP that creates a lot more hassle than it solves. We are a small organization. We do not have more than two PHP developers working on a project at a time. Our designer works closely with us to integrate CSS, Javascript, etc. The web sites we create are for government agencies and do not change often, and if they do change, they do not change very much. I understand the concept behind smarty - separate logic and display. However, I do not think Smarty is an end-all solution to all web sites - as many people are trying to sell it. This article, Smarty for Dummies, shares many of the thoughts and opinions I have about Smarty: http://www.fudnik.com/main/tiki-read_article.php?articleId=7 - it is a good read. Can anyone give any guidance about when to and when not to use Smarty? Does anyone agree/disagree that Smarty may just be a giant abstraction of logic and design, wrapped in a horrible OOP mess? Does anyone agree/disagree that using Smarty in small applications, that do not change much, and do not have separate (or large) development teams may be more burdensome than it is worth? Is anyone concerned that using Smarty as part of your systems make them less portable? Am I missing something, or is Smarty just not meant to be used in small development environments? I do not like the idea of developing web apps using Smarty because of the additional requirements of installing smarty. I am also concerned that Smarty may be built upon technologies that may be part of a current patent or part of a patent that is pending. Smarty is not that old, and it could potentially infringe a patent by another company like MS. I also do not know if Smarty is supported in the open-source community as well as PHP and MySQL. I also cannot stand the editing of multiple documents, both containing bits and pieces of logic - I know, one is application logic, the other is display logic.... is this really logical? Bouncing between documents does not seem efficient, and it also seems quite possible that a web designer could still screw up the display logic.... hmmm... Whether you would still call Smarty a new paradigm is up for question. However, I am having a hard time understanding any benefit for small sites/organization who need to deliver SOLID solutions fast, on-time, and within budget. Can anyone tell me how Smarty can increase productivity? Can it save time? Can it save money? Does it make your web-app any more secure? Doesn't it actually make your applications slower - all that code to process - and I know, it does the pre-processing - but still, OOP requires more code that procedural any day - and looking at Smarty code, it looks like a OOP mess. Like OOP, I can do everything Smarty does, faster and easier in procedural PHP on one page. Why in the world would I change to Smarty? It is also interesting to note that very few open-source applications use Smarty. PHPBB does not use it, OSCommerce does not use it, PHPMyAdmin does not use it, etc. If Smarty were so good, why haven't more open-source projects adopted it? Any information that could assist my reasoning, one way or the other, would be greatly appreciated! Thank you in advance! Lee -------------- next part -------------- An HTML attachment was scrubbed... URL: From suzerain at suzerain.com Tue Sep 5 10:24:45 2006 From: suzerain at suzerain.com (Marc Antony Vose) Date: Tue, 5 Sep 2006 10:24:45 -0400 Subject: [nycphp-talk] To Smarty Or Not to Smarty: That Is The Question In-Reply-To: <8d9a42800609050536j38145103yfa42934311498263@mail.gmail.com> References: <455.563a2a9.322e1929@aol.com> <44FCC136.1060908@mitechie.com> <44FD494F.90800@peda.net> <44FD54DC.1050901@mitechie.com> <8d9a42800609050536j38145103yfa42934311498263@mail.gmail.com> Message-ID: At 8:36 AM -0400 9/5/06, Joseph Crawford wrote: >I have used smarty and the real questions are > >1.) will the site layout change at all? >2.) will the designer also be a php developer? > >I have noticed that when you go with a site which is all PHP and not >using a template engine, if you want to change the layout you are >going to be there forever. >If you had a template system it would be as easy as swapping out the html. > Joseph seems to be implying that you can't separate logic from display unless you use a templating system. In my opinion, all it takes is discipline to separate your display code from your logic. Put another way: PHP already is a glorified templating language, basically, with a bunch of other stuff added in. Using smarty or constructing your own equivalent system just seems redundant and inefficient to me. I fail to see how {%var_name%} is any simpler for a non-coder to learn than They are both arcane, silly statements that one must commit to memory. The only real advantage I can see to something like smarty is one of security...then your front end coder is essentially blocked from using functions you might not want them using, since they can only do the things which the templating system allows. Then again, if you have the coders just learn simple PHP statements, rather than silly arcane codes, you are actually teaching them something useful in the process, and I find that most coders I am paying money to don't seem to want to maliciously undermine my projects by doing stuff I don't want them doing. So, I say: absolutely take advantage of the idea that something like smarty gives you, because separating all your data access / massaging from your data display is really smart. But using smarty itself? I dunno...it's really up to your personal preference. I think it's a waste of time. Cheers, -- Marc Antony Vose http://www.suzerain.com/ Never underestimate the power of human stupidity. -- Lazarus Long From rmarscher at beaffinitive.com Tue Sep 5 11:43:27 2006 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Tue, 05 Sep 2006 11:43:27 -0400 Subject: [nycphp-talk] Converting hex? In-Reply-To: <4b1887110609040646y2ced2ccah8e405caa2d5a3647@mail.gmail.com> References: <4b1887110609040646y2ced2ccah8e405caa2d5a3647@mail.gmail.com> Message-ID: <44FD9B1F.2020609@beaffinitive.com> Did you figure this one out? Try $data - file_get_contents($some_remote_https_url); $pieces = explode(',', data); print preg_replace("/(\\\x[0-9A-Fa-f]{1,2})/e", "chr(hexdec('\\1'))", $pieces[0]); Seems to do the trick. -Rob Jeff Loiselle wrote: > Anyone know of a nice efficient function to convert this? > $name = 'Tony D\x27Antonio'; > > I realize that putting it in double quote will do it, but I am unable > to do that. As I am doing something like this: > > $data - file_get_contents($some_remote_https_url); > $pieces = explode(',', data); > print $pieces[0]; > > Output: > Tony D\x27Antonio > > This doesn't seem to help: > print "$pieces[0]"; > > I'm looking for the most efficient way, as this is being used in a > REST response parser. Thanks! > > --- > Jeff Loiselle > Web Developer > The NewNewMedia Group > http://www.newnewmedia.com > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > From edwardpotter at gmail.com Tue Sep 5 22:27:54 2006 From: edwardpotter at gmail.com (edward potter) Date: Tue, 5 Sep 2006 22:27:54 -0400 Subject: [nycphp-talk] To Smarty Or Not to Smarty: That Is The Question In-Reply-To: <455.563a2a9.322e1929@aol.com> References: <455.563a2a9.322e1929@aol.com> Message-ID: By going OO you DRAMATICALLY improve the understanding of the underlying logic that defines the outputs from your source code. Give OO a second look, it will greatly improve the intellectual content of your end product. IMHO. No, I don't use Smarty, I have a pretty big library of class's that I just hook together as needed, seems to do it all for me. :-) ed On 9/4/06, LeeEyerman at aol.com wrote: > > > TO SMARTY OR NOT TO SMARTY: THAT IS THE QUESTION > > A client of mine is debating, rather furiously, the merits of using Smarty > in their upcoming web-applications. Up to this point, I have not used > Smarty - and I will admit it - I am an old school programmer who hates OOP, > and to me, Smarty looks like another ill-conceived paradigm developed in OOP > that creates a lot more hassle than it solves. > > We are a small organization. We do not have more than two PHP developers > working on a project at a time. Our designer works closely with us to > integrate CSS, Javascript, etc. The web sites we create are for government > agencies and do not change often, and if they do change, they do not change > very much. > > I understand the concept behind smarty - separate logic and display. > However, I do not think Smarty is an end-all solution to all web sites - as > many people are trying to sell it. This article, Smarty for Dummies, shares > many of the thoughts and opinions I have about Smarty: > http://www.fudnik.com/main/tiki-read_article.php?articleId=7 > - it is a good read. > > Can anyone give any guidance about when to and when not to use Smarty? Does > anyone agree/disagree that Smarty may just be a giant abstraction of logic > and design, wrapped in a horrible OOP mess? Does anyone agree/disagree that > using Smarty in small applications, that do not change much, and do not have > separate (or large) development teams may be more burdensome than it is > worth? Is anyone concerned that using Smarty as part of your systems make > them less portable? Am I missing something, or is Smarty just not meant to > be used in small development environments? > > I do not like the idea of developing web apps using Smarty because of the > additional requirements of installing smarty. I am also concerned that > Smarty may be built upon technologies that may be part of a current patent > or part of a patent that is pending. Smarty is not that old, and it could > potentially infringe a patent by another company like MS. I also do not > know if Smarty is supported in the open-source community as well as PHP and > MySQL. > > I also cannot stand the editing of multiple documents, both containing bits > and pieces of logic - I know, one is application logic, the other is display > logic.... is this really logical? Bouncing between documents does not seem > efficient, and it also seems quite possible that a web designer could still > screw up the display logic.... hmmm... > > Whether you would still call Smarty a new paradigm is up for question. > However, I am having a hard time understanding any benefit for small > sites/organization who need to deliver SOLID solutions fast, on-time, and > within budget. Can anyone tell me how Smarty can increase productivity? > Can it save time? Can it save money? Does it make your web-app any more > secure? Doesn't it actually make your applications slower - all that code to > process - and I know, it does the pre-processing - but still, OOP requires > more code that procedural any day - and looking at Smarty code, it looks > like a OOP mess. > > Like OOP, I can do everything Smarty does, faster and easier in procedural > PHP on one page. Why in the world would I change to Smarty? > > It is also interesting to note that very few open-source applications use > Smarty. PHPBB does not use it, OSCommerce does not use it, PHPMyAdmin does > not use it, etc. If Smarty were so good, why haven't more open-source > projects adopted it? > > Any information that could assist my reasoning, one way or the other, would > be greatly appreciated! > > Thank you in advance! > Lee > > > > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > -- My Blog: http://www.utopiaparkway.com My Web Projects: http://flickr.com/photos/86842405 at N00/ My Store: The Hipsters guide to the good life. http://astore.amazon.com/httpwwwutopic-20 From tim_lists at o2group.com Wed Sep 6 03:03:40 2006 From: tim_lists at o2group.com (Tim Lieberman) Date: Wed, 06 Sep 2006 01:03:40 -0600 Subject: [nycphp-talk] To Smarty Or Not to Smarty: That Is The Question In-Reply-To: <44FD78A1.2090301@peda.net> References: <455.563a2a9.322e1929@aol.com> <44FCC136.1060908@mitechie.com> <44FD494F.90800@peda.net> <44FD54DC.1050901@mitechie.com> <44FD78A1.2090301@peda.net> Message-ID: <44FE72CC.2030108@o2group.com> Mikko Rantalainen wrote: >The only thing you need to change for different rendering of the >above data is to set $class variable to another value. I don't >understand how many different ways there could be to encode that >same information in XHTML. Therefore, I don't understand the need >for templating engine to generate/modify that part of the source. To >me, the only question is what solution has the best performance? A >template engine is seldom the correct answer. > > I use Smarty extensively, but mostly as part of my ad-hoc framwork for rapid development, along with DB_DataObject. I wrote a little subclass of PEAR's DB_DataObject that I call DB_DataObject_renderable The subclass provides two new methods to DataObject: render($tpl,$extra=array) and renderlist($tpl,$extra=array). render() (sometimes) pulls in related table via getLink() or getLinks(), assigns object variables, plus the contents of the $extra hash, into smarty, and then returns the result of Smarty->fetch($tpl). renderlist() iterates over $this->fetch() (where this is essentially a DB_DataObject), concatinating the result of $this->render($tpl."_listitem.tpl") into a string, then passes that as $extra['listContent'] into $this->render($tpl.".tpl"). Keeping with DB_DataObject's convention of an object being both a "current record" and a "record set", and with all the handy getLinks stuff, which is nice for pulling in lookup-table stuff, you have a nice way of rendering either a record or set of them. For clarity's sake, if I want to show a form, I might have a template called "form.tpl". If I want a table of records, I might have a template called 'adminlist.tpl', and one called 'adminlist_listitem.tpl'. 'adminlist_listitem.tpl' might look like: {$id}{$name}edit 'adminlist.tpl' might look like: {$listContent}
IDName*
While this example is trivial, the pattern scales well to various things. And if you need even more "extra" data, it's easy to override the render() function in the class files autogenerated by DB_DataObject to pull in the ... weird ... stuff. -Tim From jeff.loiselle at gmail.com Wed Sep 6 10:34:53 2006 From: jeff.loiselle at gmail.com (Jeff Loiselle) Date: Wed, 6 Sep 2006 10:34:53 -0400 Subject: [nycphp-talk] Converting hex? In-Reply-To: <44FD9B1F.2020609@beaffinitive.com> References: <4b1887110609040646y2ced2ccah8e405caa2d5a3647@mail.gmail.com> <44FD9B1F.2020609@beaffinitive.com> Message-ID: <4b1887110609060734j671d3375jce6a4992775f2aa2@mail.gmail.com> Rob, I ended up doing this: $response = str_replace('\x', '%', $response); $response = urldecode($response); That did the trick. :-) /jeff On 9/5/06, Rob Marscher wrote: > Did you figure this one out? > > Try > > $data - file_get_contents($some_remote_https_url); > $pieces = explode(',', data); > print preg_replace("/(\\\x[0-9A-Fa-f]{1,2})/e", "chr(hexdec('\\1'))", $pieces[0]); > > Seems to do the trick. > -Rob > > Jeff Loiselle wrote: > > Anyone know of a nice efficient function to convert this? > > $name = 'Tony D\x27Antonio'; > > > > I realize that putting it in double quote will do it, but I am unable > > to do that. As I am doing something like this: > > > > $data - file_get_contents($some_remote_https_url); > > $pieces = explode(',', data); > > print $pieces[0]; > > > > Output: > > Tony D\x27Antonio > > > > This doesn't seem to help: > > print "$pieces[0]"; > > > > I'm looking for the most efficient way, as this is being used in a > > REST response parser. Thanks! > > > > --- > > Jeff Loiselle > > Web Developer > > The NewNewMedia Group > > http://www.newnewmedia.com > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- --- Jeff Loiselle Web Developer The NewNewMedia Group http://www.newnewmedia.com From dmintz at davidmintz.org Wed Sep 6 10:52:21 2006 From: dmintz at davidmintz.org (David Mintz) Date: Wed, 6 Sep 2006 10:52:21 -0400 (EDT) Subject: [nycphp-talk] To Smarty Or Not to Smarty: That Is The Question In-Reply-To: <44FE72CC.2030108@o2group.com> References: <455.563a2a9.322e1929@aol.com> <44FCC136.1060908@mitechie.com> <44FD494F.90800@peda.net> <44FD54DC.1050901@mitechie.com> <44FD78A1.2090301@peda.net> <44FE72CC.2030108@o2group.com> Message-ID: The curious thing is that Smarty syntax, IMHO, is not any easier than PHP. The way you loop over arrays -- e.g., with "section", which come to think of it is a weird name for it -- is unintuitive enough to make me have to check the docs again every time. et cetera seems simpler. I used to be a big Smarty fan but coming under the spell of CakePHP and seeing the intelligent way it uses/wants you to use good old PHP for building views, my love of Smarty has cooled off. --- David Mintz http://davidmintz.org/ Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. From rmarscher at beaffinitive.com Wed Sep 6 11:00:09 2006 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Wed, 06 Sep 2006 11:00:09 -0400 Subject: [nycphp-talk] To Smarty Or Not to Smarty: That Is The Question In-Reply-To: <44FE72CC.2030108@o2group.com> References: <455.563a2a9.322e1929@aol.com> <44FCC136.1060908@mitechie.com> <44FD494F.90800@peda.net> <44FD54DC.1050901@mitechie.com> <44FD78A1.2090301@peda.net> <44FE72CC.2030108@o2group.com> Message-ID: <44FEE279.6000509@beaffinitive.com> I currently use Smarty on a couple projects. I didn't make the decision... but I certainly don't mind using it. We created a theme system so that there's a folder with a default set of Smarty templates... but for each different site we run off the same backend install, we can specify a different theme folder and our view will look there first to get the template and then go to the default folder if it doesn't find it. This allows us to run sites that can have extra copy in the templates or pieces removed or whatever we want and none of the main set of code needs to change. Smarty has an easy to use caching system and I like using the variable modifiers to do things like truncate text, capitalize strings, and format dates. Also the custom plugins can be pretty handy... we have one that iterates through a adodb record set. We had an html production guy come in to do some work and he had no problem using the Smarty templates. Obviously there are tons of templating systems out there and I see the point about a compiled template system vs. one that's already in php. Personally, I don't find all the 's to be asthetically pleasing... but that's a sorry excuse =) On the note of OO vs. procedural, after switching to OO-style php two or three years ago, it's hard to imagine now not having at least the encapsulation and reuse that comes with it. I agree that for small sites, procedural code can be written faster... but if it's something you'll reuse on other projects or if you're on a team of developers, there are major benefits of using OO code. It might seem to be a big pain to be switching files all the time, but a good editor will make that easy for you. The whole idea is to reduce the amount of code you have to write and make it easier to incorporate other people's code into your project. The term that keeps popping in my head is "Set it and forget it." Anyway... this subject has been beaten to death. -Rob Tim Lieberman wrote: > Mikko Rantalainen wrote: > > >> The only thing you need to change for different rendering of the >> above data is to set $class variable to another value. I don't >> understand how many different ways there could be to encode that >> same information in XHTML. Therefore, I don't understand the need >> for templating engine to generate/modify that part of the source. To >> me, the only question is what solution has the best performance? A >> template engine is seldom the correct answer. >> >> >> > I use Smarty extensively, but mostly as part of my ad-hoc framwork for > rapid development, along with DB_DataObject. > > I wrote a little subclass of PEAR's DB_DataObject that I call > DB_DataObject_renderable > > The subclass provides two new methods to DataObject: > render($tpl,$extra=array) and renderlist($tpl,$extra=array). > > render() (sometimes) pulls in related table via getLink() or getLinks(), > assigns object variables, plus the contents of the $extra hash, into > smarty, and then returns the result of Smarty->fetch($tpl). > > renderlist() iterates over $this->fetch() (where this is essentially a > DB_DataObject), concatinating the result of > $this->render($tpl."_listitem.tpl") into a string, then passes that as > $extra['listContent'] into $this->render($tpl.".tpl"). > > Keeping with DB_DataObject's convention of an object being both a > "current record" and a "record set", and with all the handy getLinks > stuff, which is nice for pulling in lookup-table stuff, you have a nice > way of rendering either a record or set of them. > > For clarity's sake, if I want to show a form, I might have a template > called "form.tpl". If I want a table of records, I might have a > template called 'adminlist.tpl', and one called 'adminlist_listitem.tpl'. > > 'adminlist_listitem.tpl' might look like: > > {$id}{$name} href="edit.php?id={$id}">edit > > 'adminlist.tpl' might look like: > > > > {$listContent} >
IDName*
> > While this example is trivial, the pattern scales well to various > things. And if you need even more "extra" data, it's easy to override > the render() function in the class files autogenerated by DB_DataObject > to pull in the ... weird ... stuff. > > -Tim > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > From nyphp at n0p.net Wed Sep 6 11:00:01 2006 From: nyphp at n0p.net (Flavio daCosta) Date: Wed, 06 Sep 2006 11:00:01 -0400 Subject: [nycphp-talk] Converting hex? In-Reply-To: <4b1887110609060734j671d3375jce6a4992775f2aa2@mail.gmail.com> References: <4b1887110609040646y2ced2ccah8e405caa2d5a3647@mail.gmail.com> <44FD9B1F.2020609@beaffinitive.com> <4b1887110609060734j671d3375jce6a4992775f2aa2@mail.gmail.com> Message-ID: <44FEE271.3030603@n0p.net> On 09/06/2006 10:34 AM, Jeff Loiselle wrote: > $response = str_replace('\x', '%', $response); > $response = urldecode($response); Note: If one relies on (icky) "magic_quotes_gpc = On" (who does this anymore, right?) you could get '\x27' in your request that, after the above two lines, would be an unescaped ' flav From rmarscher at beaffinitive.com Wed Sep 6 11:02:56 2006 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Wed, 06 Sep 2006 11:02:56 -0400 Subject: [nycphp-talk] Converting hex? In-Reply-To: <4b1887110609060734j671d3375jce6a4992775f2aa2@mail.gmail.com> References: <4b1887110609040646y2ced2ccah8e405caa2d5a3647@mail.gmail.com> <44FD9B1F.2020609@beaffinitive.com> <4b1887110609060734j671d3375jce6a4992775f2aa2@mail.gmail.com> Message-ID: <44FEE320.1080002@beaffinitive.com> That's pretty slick! However, if you have any plus signs (+) in your string, they'll get converted to a space. Not sure if there are any other unintended side effects. Not exactly sure if it performs better or not to do it your way... But anyway, thanks for sharing. That's a clever solution. -Rob Jeff Loiselle wrote: > Rob, > > I ended up doing this: > > $response = str_replace('\x', '%', $response); > $response = urldecode($response); > > That did the trick. :-) > /jeff > > On 9/5/06, Rob Marscher wrote: > >> Did you figure this one out? >> >> Try >> >> $data - file_get_contents($some_remote_https_url); >> $pieces = explode(',', data); >> print preg_replace("/(\\\x[0-9A-Fa-f]{1,2})/e", "chr(hexdec('\\1'))", $pieces[0]); >> >> Seems to do the trick. >> -Rob >> >> Jeff Loiselle wrote: >> >>> Anyone know of a nice efficient function to convert this? >>> $name = 'Tony D\x27Antonio'; >>> >>> I realize that putting it in double quote will do it, but I am unable >>> to do that. As I am doing something like this: >>> >>> $data - file_get_contents($some_remote_https_url); >>> $pieces = explode(',', data); >>> print $pieces[0]; >>> >>> Output: >>> Tony D\x27Antonio >>> >>> This doesn't seem to help: >>> print "$pieces[0]"; >>> >>> I'm looking for the most efficient way, as this is being used in a >>> REST response parser. Thanks! >>> >>> --- >>> Jeff Loiselle >>> Web Developer >>> The NewNewMedia Group >>> http://www.newnewmedia.com >>> _______________________________________________ >>> New York PHP Community Talk Mailing List >>> http://lists.nyphp.org/mailman/listinfo/talk >>> >>> NYPHPCon 2006 Presentations Online >>> http://www.nyphpcon.com >>> >>> Show Your Participation in New York PHP >>> http://www.nyphp.org/show_participation.php >>> >>> >>> >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> >> > > > -- Rob Marscher Software Engineer rmarscher at beaffinitive.com 212.684.9100x17 From nyphp at n0p.net Wed Sep 6 11:11:41 2006 From: nyphp at n0p.net (Flavio daCosta) Date: Wed, 06 Sep 2006 11:11:41 -0400 Subject: [nycphp-talk] Converting hex? In-Reply-To: <44FEE271.3030603@n0p.net> References: <4b1887110609040646y2ced2ccah8e405caa2d5a3647@mail.gmail.com> <44FD9B1F.2020609@beaffinitive.com> <4b1887110609060734j671d3375jce6a4992775f2aa2@mail.gmail.com> <44FEE271.3030603@n0p.net> Message-ID: <44FEE52D.3090807@n0p.net> On 09/06/2006 11:00 AM, Flavio daCosta wrote: > On 09/06/2006 10:34 AM, Jeff Loiselle wrote: >> $response = str_replace('\x', '%', $response); >> $response = urldecode($response); > > Note: If one relies on (icky) "magic_quotes_gpc = On" (who does this > anymore, right?) you could get '\x27' in your request that, after the > above two lines, would be an unescaped ' Ha, If I would have _read_ the whole thread, I would have seen that '\x27' is exactly what you were trying to work with. Sorry, it's just that 'urldecode' is one of the _dangerous_ functions that I watch for when auditing code and it jumped out at me in your earlier post. From rahmin at insite-out.com Wed Sep 6 11:40:47 2006 From: rahmin at insite-out.com (Rahmin Pavlovic) Date: Wed, 6 Sep 2006 11:40:47 -0400 Subject: [nycphp-talk] postal code db Message-ID: <200609061540.k86Felsi024346@webmail3.megamailservers.com> An embedded and charset-unspecified text was scrubbed... Name: not available URL: From ps at pswebcode.com Wed Sep 6 12:25:30 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Wed, 6 Sep 2006 12:25:30 -0400 Subject: [nycphp-talk] To Smarty Or Not to Smarty: That Is The Question In-Reply-To: <44FEE279.6000509@beaffinitive.com> Message-ID: <004101c6d1d1$11f162c0$6401a8c0@Rubicon> Rob: I believe that your comments revealed compelling reasons to go a Smarty-type template route. Using a Smarty-type support template support structure to create: i) several different looking sites all driven efficiently by the same data, and ii) gain performance by caching page(s) and/or data ...seems more like true genuine good reasons to use a Smarty than to solely go a Smarty-type route just so that designers can tweak the colors of tables as the months go by. Additionally, I wanted to clarify here in the context of my previous Smarty remarks. I advocate OO techniques for small or large projects, in the long run OO techniques will return coding organizational and maintenance ease and accuracy that every organization will benefit from. Though, yes, this OO issue has been beaten to death, I think in the scope of this list that promoting OO again is quite alright. Much like how by necessity the don't drink and drive message is never curtailed. Warmest regards, Peter Sawczynec, Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management ps at pswebcode.com 646.316.3678 www.pswebcode.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Rob Marscher Sent: Wednesday, September 06, 2006 11:00 AM To: NYPHP Talk Subject: Re: [nycphp-talk] To Smarty Or Not to Smarty: That Is The Question I currently use Smarty on a couple projects. I didn't make the decision... but I certainly don't mind using it. We created a theme system so that there's a folder with a default set of Smarty templates... but for each different site we run off the same backend install, we can specify a different theme folder and our view will look there first to get the template and then go to the default folder if it doesn't find it. This allows us to run sites that can have extra copy in the templates or pieces removed or whatever we want and none of the main set of code needs to change. Smarty has an easy to use caching system and I like using the variable modifiers to do things like truncate text, capitalize strings, and format dates. Also the custom plugins can be pretty handy... we have one that iterates through a adodb record set. We had an html production guy come in to do some work and he had no problem using the Smarty templates. Obviously there are tons of templating systems out there and I see the point about a compiled template system vs. one that's already in php. Personally, I don't find all the 's to be asthetically pleasing... but that's a sorry excuse =) On the note of OO vs. procedural, after switching to OO-style php two or three years ago, it's hard to imagine now not having at least the encapsulation and reuse that comes with it. I agree that for small sites, procedural code can be written faster... but if it's something you'll reuse on other projects or if you're on a team of developers, there are major benefits of using OO code. It might seem to be a big pain to be switching files all the time, but a good editor will make that easy for you. The whole idea is to reduce the amount of code you have to write and make it easier to incorporate other people's code into your project. The term that keeps popping in my head is "Set it and forget it." Anyway... this subject has been beaten to death. -Rob Tim Lieberman wrote: > Mikko Rantalainen wrote: > > >> The only thing you need to change for different rendering of the >> above data is to set $class variable to another value. I don't >> understand how many different ways there could be to encode that >> same information in XHTML. Therefore, I don't understand the need >> for templating engine to generate/modify that part of the source. To >> me, the only question is what solution has the best performance? A >> template engine is seldom the correct answer. >> >> >> > I use Smarty extensively, but mostly as part of my ad-hoc framwork for > rapid development, along with DB_DataObject. > > I wrote a little subclass of PEAR's DB_DataObject that I call > DB_DataObject_renderable > > The subclass provides two new methods to DataObject: > render($tpl,$extra=array) and renderlist($tpl,$extra=array). > > render() (sometimes) pulls in related table via getLink() or > getLinks(), assigns object variables, plus the contents of the $extra > hash, into smarty, and then returns the result of Smarty->fetch($tpl). > > renderlist() iterates over $this->fetch() (where this is essentially a > DB_DataObject), concatinating the result of > $this->render($tpl."_listitem.tpl") into a string, then passes that as > $extra['listContent'] into $this->render($tpl.".tpl"). > > Keeping with DB_DataObject's convention of an object being both a > "current record" and a "record set", and with all the handy getLinks > stuff, which is nice for pulling in lookup-table stuff, you have a > nice way of rendering either a record or set of them. > > For clarity's sake, if I want to show a form, I might have a template > called "form.tpl". If I want a table of records, I might have a > template called 'adminlist.tpl', and one called > 'adminlist_listitem.tpl'. > > 'adminlist_listitem.tpl' might look like: > > {$id}{$name} href="edit.php?id={$id}">edit > > 'adminlist.tpl' might look like: > > > {$listContent} >
IDName*
> > While this example is trivial, the pattern scales well to various > things. And if you need even more "extra" data, it's easy to override > the render() function in the class files autogenerated by > DB_DataObject to pull in the ... weird ... stuff. > > -Tim > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From pmjones88 at gmail.com Wed Sep 6 13:21:36 2006 From: pmjones88 at gmail.com (Paul M Jones) Date: Wed, 6 Sep 2006 12:21:36 -0500 Subject: [nycphp-talk] To Smarty Or Not to Smarty: That Is The Question In-Reply-To: <004101c6d1d1$11f162c0$6401a8c0@Rubicon> References: <004101c6d1d1$11f162c0$6401a8c0@Rubicon> Message-ID: <189C2090-3DA0-4BC9-847C-3397E97BCC31@gmail.com> On Sep 6, 2006, at 11:25 AM, Peter Sawczynec wrote: > Rob: > > I believe that your comments revealed compelling reasons to go a > Smarty-type > template route. Smarty *type*, perhaps, but not Smarty. ;-) > Using a Smarty-type support template support structure to create: > i) several different looking sites all driven efficiently by the > same data, > and Easily do-able with something like Savant, Zend_View, or Solar_View, all using PHP as the "template" markup, and which provide directory fallbacks and on-demand helpers. (Fully object-oriented helpers, BTW, not functions.) > ii) gain performance by caching page(s) and/or data Also easily do-able with PEAR Cache_Lite, Zend_Cache, or Solar_Cache. > ...seems more like true genuine good reasons to use a Smarty than > to solely > go a Smarty-type route just so that designers can tweak the colors > of tables as the months go by. Agreed. -- Paul M. Jones Solar: Simple Object Library and Application Repository for PHP5. Savant: The simple, elegant, and powerful solution for templates in PHP. From pmjones88 at gmail.com Wed Sep 6 13:23:40 2006 From: pmjones88 at gmail.com (Paul M Jones) Date: Wed, 6 Sep 2006 12:23:40 -0500 Subject: [nycphp-talk] To Smarty Or Not to Smarty: That Is The Question In-Reply-To: <189C2090-3DA0-4BC9-847C-3397E97BCC31@gmail.com> References: <004101c6d1d1$11f162c0$6401a8c0@Rubicon> <189C2090-3DA0-4BC9-847C-3397E97BCC31@gmail.com> Message-ID: <0C7E52B3-DEA0-448D-9A5A-B10A36198D03@gmail.com> On Sep 6, 2006, at 12:21 PM, Paul M Jones wrote: >> ...seems more like true genuine good reasons to use a Smarty than >> to solely >> go a Smarty-type route just so that designers can tweak the colors >> of tables as the months go by. > > Agreed. Er, agreed that just tweaking colors isn't a good-enough reason to use a template system. ;-) -- Paul M. Jones Solar: Simple Object Library and Application Repository for PHP5. Savant: The simple, elegant, and powerful solution for templates in PHP. From 1j0lkq002 at sneakemail.com Wed Sep 6 14:42:14 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Wed, 06 Sep 2006 11:42:14 -0700 Subject: [nycphp-talk] To Smarty Or Not to Smarty: That Is The Question In-Reply-To: References: <455.563a2a9.322e1929@aol.com> <44FCC136.1060908@mitechie.com> <44FD494F.90800@peda.net> <44FD54DC.1050901@mitechie.com> <44FD78A1.2090301@peda.net> <44FE72CC.2030108@o2group.com> Message-ID: <13107-81172@sneakemail.com> David Mintz dmintz-at-davidmintz.org |nyphp dev/internal group use| wrote: >I used to be a big Smarty fan but coming under the spell of CakePHP and >seeing the intelligent way it uses/wants you to use good old PHP for >building views, my love of Smarty has cooled off. > > If David Mintz switching from Smarty to Cake is not a call for a Symfony presentation at NYPHP, I'm a duck. I can't do it. Maybe somebody can? From ken at secdat.com Wed Sep 6 15:43:16 2006 From: ken at secdat.com (Kenneth Downs) Date: Wed, 06 Sep 2006 15:43:16 -0400 Subject: [nycphp-talk] To Smarty Or Not to Smarty: That Is The Question In-Reply-To: <13107-81172@sneakemail.com> References: <455.563a2a9.322e1929@aol.com> <44FCC136.1060908@mitechie.com> <44FD494F.90800@peda.net> <44FD54DC.1050901@mitechie.com> <44FD78A1.2090301@peda.net> <44FE72CC.2030108@o2group.com> <13107-81172@sneakemail.com> Message-ID: <44FF24D4.2040009@secdat.com> inforequest wrote: > David Mintz dmintz-at-davidmintz.org |nyphp dev/internal group use| wrote: > > >> I used to be a big Smarty fan but coming under the spell of CakePHP and >> seeing the intelligent way it uses/wants you to use good old PHP for >> building views, my love of Smarty has cooled off. >> >> >> > If David Mintz switching from Smarty to Cake is not a call for a Symfony > presentation at NYPHP, I'm a duck. I can't do it. Maybe somebody can? > I'm just hoping everybody won't be too burned out on frameworks by the time we show off our Andromeda system in October. Delving into deeply shameless self-promotion, I'll mention that I've done frameworks in older architectures and can show some really mature features. Now back to our regularly scheduled discussion.... > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ken.vcf Type: text/x-vcard Size: 261 bytes Desc: not available URL: From evdo.hsdpa at gmail.com Thu Sep 7 11:26:36 2006 From: evdo.hsdpa at gmail.com (Robert Kim Wireless Internet Advisor) Date: Thu, 7 Sep 2006 08:26:36 -0700 Subject: [nycphp-talk] forums and google friendliness In-Reply-To: <9f913529dbac31c1378822a01e0e00a7@localhost> References: <1ec620e90609041402l22f1ed65o274dd4e71ec41a58@mail.gmail.com> <9f913529dbac31c1378822a01e0e00a7@localhost> Message-ID: <1ec620e90609070826m1c050998l34f5c99e806f006b@mail.gmail.com> wow! this is great! anybody wanna do this for my company? im sure they can pay out immediately on delivery... the 2 things we need 1. google friendly 2. if possible - title of forum post goes into page url anybody who can help? On 9/4/06, jface at mercenarylabs.com wrote: > > I'm not sure how to modify PHPBB to do what you want it to, but you might try installing a "site map" plugin to make your forum easily crawlable. > > I use one here: > http://www.nychat.net/forums/sitemap.php > > On Mon, 4 Sep 2006 14:02:08 -0700, "Robert Kim Wireless Internet Advisor" wrote: > > anybody know how to modify PHPbb so that the title field of every post > > IS THE URL?? > > > > kinda like the way blogger works? > > > > OH... AND is spiderable by google??? so that there is no issue with > > user/session id's etc...?? > > > > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- Robert Q Kim, Wireless Internet Advisor http://evdo-coverage.com/satellite-wireless-internet.html http://wimax-coverage.com 2611 S. Pacific Coast Highway 101 Suite 203 Cardiff by the Sea, CA 92007 206 984 0880 From dmintz at davidmintz.org Thu Sep 7 13:50:49 2006 From: dmintz at davidmintz.org (David Mintz) Date: Thu, 7 Sep 2006 13:50:49 -0400 (EDT) Subject: [nycphp-talk] Cake v. Symfony (was: To Smarty Or Not to Smarty) In-Reply-To: <13107-81172@sneakemail.com> References: <455.563a2a9.322e1929@aol.com> <44FCC136.1060908@mitechie.com> <44FD494F.90800@peda.net> <44FD54DC.1050901@mitechie.com> <44FD78A1.2090301@peda.net> <44FE72CC.2030108@o2group.com> <13107-81172@sneakemail.com> Message-ID: On Wed, 6 Sep 2006, inforequest wrote: > David Mintz dmintz-at-davidmintz.org |nyphp dev/internal group use| wrote: > > >I used to be a big Smarty fan but coming under the spell of CakePHP and > >seeing the intelligent way it uses/wants you to use good old PHP for > >building views, my love of Smarty has cooled off. > > > > > If David Mintz switching from Smarty to Cake is not a call for a Symfony > presentation at NYPHP, I'm a duck. I can't do it. Maybe somebody can? Oh no! You seem to be saying Symfony is better, so off I go to http://www.symfony-project.com/ and start sniffing at it... just what I need, another crisis of faith. To continue learning to bake, or try to become a composer instead? Seriously, they both look like they have their strengths and weaknesses. Cake seems a little rough-edged and the documentation is uneven, but it doesn't make you write a lot of YAML. --- David Mintz http://davidmintz.org/ Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. From 1j0lkq002 at sneakemail.com Thu Sep 7 14:01:49 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Thu, 07 Sep 2006 11:01:49 -0700 Subject: [nycphp-talk] Cake v. Symfony In-Reply-To: References: <455.563a2a9.322e1929@aol.com> <44FCC136.1060908@mitechie.com> <44FD494F.90800@peda.net> <44FD54DC.1050901@mitechie.com> <44FD78A1.2090301@peda.net> <44FE72CC.2030108@o2group.com> <13107-81172@sneakemail.com> Message-ID: <30769-44016@sneakemail.com> David Mintz dmintz-at-davidmintz.org |nyphp dev/internal group use| wrote: >On Wed, 6 Sep 2006, inforequest wrote: > > > >>David Mintz dmintz-at-davidmintz.org |nyphp dev/internal group use| wrote: >> >> >> >>>I used to be a big Smarty fan but coming under the spell of CakePHP and >>>seeing the intelligent way it uses/wants you to use good old PHP for >>>building views, my love of Smarty has cooled off. >>> >>> >>> >>> >>If David Mintz switching from Smarty to Cake is not a call for a Symfony >>presentation at NYPHP, I'm a duck. I can't do it. Maybe somebody can? >> >> > >Oh no! You seem to be saying Symfony is better, so off I go to >http://www.symfony-project.com/ and start sniffing at it... just what I >need, another crisis of faith. To continue learning to bake, or try to >become a composer instead? > >Seriously, they both look like they have their strengths and weaknesses. >Cake seems a little rough-edged and the documentation is uneven, but it >doesn't make you write a lot of YAML. > > Yes, David, maybe Symfony is better (nudge nudge) and maybe cleaner (nudge), or easier to follow without docs (nudge nudge) or perhaps the docs are more complete. I can't *tell* you these things with mere words; you need to *experence* them (nudge nudge) in order to fully appreciate the symfony/cake comparisons (nudge nudge). Oh, and be sure to report back to the talk list, ok? ;-) -=john andrews http://www.johnon.com From pmjones88 at gmail.com Thu Sep 7 14:49:47 2006 From: pmjones88 at gmail.com (Paul M Jones) Date: Thu, 7 Sep 2006 13:49:47 -0500 Subject: [nycphp-talk] Cake v. Symfony In-Reply-To: <30769-44016@sneakemail.com> References: <455.563a2a9.322e1929@aol.com> <44FCC136.1060908@mitechie.com> <44FD494F.90800@peda.net> <44FD54DC.1050901@mitechie.com> <44FD78A1.2090301@peda.net> <44FE72CC.2030108@o2group.com> <13107-81172@sneakemail.com> <30769-44016@sneakemail.com> Message-ID: On Sep 7, 2006, at 1:01 PM, inforequest wrote: >>>> I used to be a big Smarty fan but coming under the spell of >>>> CakePHP and >>>> seeing the intelligent way it uses/wants you to use good old PHP >>>> for >>>> building views, my love of Smarty has cooled off. >>>> >>> If David Mintz switching from Smarty to Cake is not a call for a >>> Symfony >>> presentation at NYPHP, I'm a duck. I can't do it. Maybe somebody >>> can? >>> >> >> Oh no! You seem to be saying Symfony is better, so off I go to >> http://www.symfony-project.com/ and start sniffing at it... just >> what I >> need, another crisis of faith. To continue learning to bake, or >> try to >> become a composer instead? >> >> Seriously, they both look like they have their strengths and >> weaknesses. >> Cake seems a little rough-edged and the documentation is uneven, >> but it >> doesn't make you write a lot of YAML. > > Yes, David, maybe Symfony is better (nudge nudge) and maybe cleaner > (nudge), or easier to follow without docs (nudge nudge) or perhaps the > docs are more complete. I can't *tell* you these things with mere > words; > you need to *experence* them (nudge nudge) in order to fully > appreciate > the symfony/cake comparisons (nudge nudge). Oh, and be sure to report > back to the talk list, ok? ;-) [self-promotion] As long as we're examining frameworks, Solar may bear scrutiny as well. [/self-promotion] -- Paul M. Jones Solar: Simple Object Library and Application Repository for PHP5. Savant: The simple, elegant, and powerful solution for templates in PHP. From dmintz at davidmintz.org Thu Sep 7 15:17:31 2006 From: dmintz at davidmintz.org (David Mintz) Date: Thu, 7 Sep 2006 15:17:31 -0400 (EDT) Subject: [nycphp-talk] Cake v. Symfony In-Reply-To: References: <455.563a2a9.322e1929@aol.com> <44FCC136.1060908@mitechie.com> <44FD494F.90800@peda.net> <44FD54DC.1050901@mitechie.com> <44FD78A1.2090301@peda.net> <44FE72CC.2030108@o2group.com> <13107-81172@sneakemail.com> <30769-44016@sneakemail.com> Message-ID: Well, it *looks* (emphasis because I haven't actually tried) as though it's a PITA if not impossible to install Symfony in a subdir of a shared hosting account. And that's a potential deal breaker for the project I have to do. inforequest: I thought you were a big Rails fan and Rails is so big on convention over configuration, and Cake is very much in that -- tradition? whatever -- whereas Symfony, it appears, makes you write or at least edit reams of YAML. I know, I gotta experience it (nudge nudge). Anyway, now I am persuing Solar, just to placate the shameless self-promoters around here (-: On Thu, 7 Sep 2006, Paul M Jones wrote: > On Sep 7, 2006, at 1:01 PM, inforequest wrote: > [snip] > > > > Yes, David, maybe Symfony is better (nudge nudge) and maybe cleaner > > (nudge), or easier to follow without docs (nudge nudge) or perhaps the > > docs are more complete. I can't *tell* you these things with mere > > words; > > you need to *experence* them (nudge nudge) in order to fully > > appreciate > > the symfony/cake comparisons (nudge nudge). Oh, and be sure to report > > back to the talk list, ok? ;-) > > [self-promotion] As long as we're examining frameworks, Solar solarphp.com> may bear scrutiny as well. [/self-promotion] --- David Mintz http://davidmintz.org/ Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. From alex at pilgrimstudio.com Thu Sep 7 16:52:08 2006 From: alex at pilgrimstudio.com (Alexander) Date: Thu, 07 Sep 2006 16:52:08 -0400 Subject: [nycphp-talk] Cake v. Symfony (was: To Smarty Or Not to Smarty) In-Reply-To: References: <455.563a2a9.322e1929@aol.com> <44FCC136.1060908@mitechie.com> <44FD494F.90800@peda.net> <44FD54DC.1050901@mitechie.com> <44FD78A1.2090301@peda.net> <44FE72CC.2030108@o2group.com> <13107-81172@sneakemail.com> Message-ID: <62636.160.79.66.98.1157662327.squirrel@pilgrimstudio.com> another framework which is quite power is PRADO. www.pradosoft.com I've been using it for couple of moths, and I gotta tell you that's something :) You might want to check it out as well :)) > On Wed, 6 Sep 2006, inforequest wrote: > >> David Mintz dmintz-at-davidmintz.org |nyphp dev/internal group use| >> wrote: >> >> >I used to be a big Smarty fan but coming under the spell of CakePHP and >> >seeing the intelligent way it uses/wants you to use good old PHP for >> >building views, my love of Smarty has cooled off. >> > >> > >> If David Mintz switching from Smarty to Cake is not a call for a Symfony >> presentation at NYPHP, I'm a duck. I can't do it. Maybe somebody can? > > Oh no! You seem to be saying Symfony is better, so off I go to > http://www.symfony-project.com/ and start sniffing at it... just what I > need, another crisis of faith. To continue learning to bake, or try to > become a composer instead? > > Seriously, they both look like they have their strengths and weaknesses. > Cake seems a little rough-edged and the documentation is uneven, but it > doesn't make you write a lot of YAML. > > --- > David Mintz > http://davidmintz.org/ > > Amendment IV > > The right of the people to be secure in their > persons, houses, papers, and effects, against > unreasonable searches and seizures, shall not be > violated, and no Warrants shall issue, but upon > probable cause, supported by Oath or affirmation, > and particularly describing the place to be > searched, and the persons or things to be seized. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- Best regards, Alexander From 1j0lkq002 at sneakemail.com Thu Sep 7 17:19:35 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Thu, 07 Sep 2006 14:19:35 -0700 Subject: [nycphp-talk] Cake v. Symfony In-Reply-To: References: <455.563a2a9.322e1929@aol.com> <44FCC136.1060908@mitechie.com> <44FD494F.90800@peda.net> <44FD54DC.1050901@mitechie.com> <44FD78A1.2090301@peda.net> <44FE72CC.2030108@o2group.com> <13107-81172@sneakemail.com> <30769-44016@sneakemail.com> Message-ID: <4221-39176@sneakemail.com> David Mintz dmintz-at-davidmintz.org |nyphp dev/internal group use| wrote: >Well, it *looks* (emphasis because I haven't actually tried) as though >it's a PITA if not impossible to install Symfony in a subdir of a shared >hosting account. And that's a potential deal breaker for the project I >have to do. > >inforequest: I thought you were a big Rails fan and Rails is so big on >convention over configuration, and Cake is very much in that -- tradition? >whatever -- whereas Symfony, it appears, makes you write or at least >edit reams of YAML. I know, I gotta experience it (nudge nudge). > >Anyway, now I am persuing Solar, just to placate the shameless >self-promoters around here (-: > > Me? A Rails fan? Far from it. Are you one of those racist New Yorkers, calling me a Rails fan just because I'm in Seattle? Geesh. -=john -- ------------------------------------------------------------- "If you think this stuff is confusing, you should try optimizing websites for search engine exposure." john andrews SEO http://www.johnon.com From ajai at bitblit.net Thu Sep 7 17:43:44 2006 From: ajai at bitblit.net (Ajai Khattri) Date: Thu, 07 Sep 2006 17:43:44 -0400 Subject: [nycphp-talk] Cake v. Symfony In-Reply-To: <62636.160.79.66.98.1157662327.squirrel@pilgrimstudio.com> References: <455.563a2a9.322e1929@aol.com> <44FCC136.1060908@mitechie.com> <44FD494F.90800@peda.net> <44FD54DC.1050901@mitechie.com> <44FD78A1.2090301@peda.net> <44FE72CC.2030108@o2group.com> <13107-81172@sneakemail.com> <62636.160.79.66.98.1157662327.squirrel@pilgrimstudio.com> Message-ID: <45009290.7070009@bitblit.net> Having spent ages looking at all these several months ago, to save bandwidth, I have a list: Symfony CakePHP Seagull (seagullproject.org) Prado SolarPHP Cerebral Cortex (crtx.org) Savant (phpsavant.com) (My list is bigger but I left out Perl/Python/Ruby frameworks ;-) -- A From cliff at pinestream.com Thu Sep 7 18:09:11 2006 From: cliff at pinestream.com (Cliff Hirsch) Date: Thu, 7 Sep 2006 18:09:11 -0400 Subject: [nycphp-talk] Multipage forms -- sessions or hidden variables Message-ID: <000401c6d2ca$430e1160$8101a8c0@HirschLaptop> I'm working on a simple multi-page shopping cart. Any thoughts on the merits of hidden variables versus session variables for moving between pages. I don't want to use a hidden variable for a CC #, unless ever page is secure. Even than, it seems like a poor idea. And I am interested in minimizing the session load, which translates to extra DB load. Thoughts? Cliff _______________________________ Pinestream Communications, Inc. Publisher of Semiconductor Times & Telecom Trends 52 Pine Street, Weston, MA 02493 USA Tel: 781.647.8800, Fax: 781.647.8825 http://www.pinestream.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From pmjones88 at gmail.com Thu Sep 7 18:36:00 2006 From: pmjones88 at gmail.com (Paul M Jones) Date: Thu, 7 Sep 2006 17:36:00 -0500 Subject: [nycphp-talk] Cake v. Symfony In-Reply-To: <45009290.7070009@bitblit.net> References: <455.563a2a9.322e1929@aol.com> <44FCC136.1060908@mitechie.com> <44FD494F.90800@peda.net> <44FD54DC.1050901@mitechie.com> <44FD78A1.2090301@peda.net> <44FE72CC.2030108@o2group.com> <13107-81172@sneakemail.com> <62636.160.79.66.98.1157662327.squirrel@pilgrimstudio.com> <45009290.7070009@bitblit.net> Message-ID: <8F794CE1-13E4-4735-A6C8-7A32BC2B23B0@gmail.com> On Sep 7, 2006, at 4:43 PM, Ajai Khattri wrote: > Having spent ages looking at all these several months ago, to save > bandwidth, I have a list: > > Symfony > CakePHP > Seagull (seagullproject.org) > Prado > SolarPHP > Cerebral Cortex (crtx.org) > Savant (phpsavant.com) Much as I appreciate the plug, Savant is more a template/presentation- logic system than a framework. And IIRC, Cortex is officially defunct; Davey gave it up in favor of Zend Framework. Via Google Cache: -- pmj From rolan at omnistep.com Thu Sep 7 20:25:40 2006 From: rolan at omnistep.com (Rolan Yang) Date: Thu, 07 Sep 2006 20:25:40 -0400 Subject: [nycphp-talk] Multipage forms -- sessions or hidden variables In-Reply-To: <000401c6d2ca$430e1160$8101a8c0@HirschLaptop> References: <000401c6d2ca$430e1160$8101a8c0@HirschLaptop> Message-ID: <4500B884.5090300@omnistep.com> In my experience, storing/passing all variables via server-side sessions with a mysql based session handler simplifies many things. ~Rolan Cliff Hirsch wrote: > > I?m working on a simple multi-page shopping cart. Any thoughts on the > merits of hidden variables versus session variables for moving between > pages. I don?t want to use a hidden variable for a CC #, unless ever > page is secure. Even than, it seems like a poor idea. And I am > interested in minimizing the session load, which translates to extra > DB load. Thoughts? > > Cliff > > _______________________________ > *Pinestream Communications, Inc.* > Publisher of /Semiconductor Times/ & /Telecom Trends/ > 52 Pine Street, Weston, MA 02493 USA > Tel: 781.647.8800, Fax: 781.647.8825 > http://www.pinestream.com > > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From jface at mercenarylabs.com Thu Sep 7 20:43:56 2006 From: jface at mercenarylabs.com (jface at mercenarylabs.com) Date: Thu, 7 Sep 2006 20:43:56 -0400 Subject: [nycphp-talk] Multipage forms -- sessions or hidden variables In-Reply-To: <4500B884.5090300@omnistep.com> References: <4500B884.5090300@omnistep.com> Message-ID: <0f85908b28c019d486510b862c0f8689@localhost> I'm admittedly not so well-versed on security issues, but why not hash the CC# (with crypt() or something similar) and store it in sql temporarily? You could store the corresponding sql key id in the session. On Thu, 07 Sep 2006 20:25:40 -0400, Rolan Yang wrote: > In my experience, storing/passing all variables via server-side sessions > with a mysql based session handler simplifies many things. > > ~Rolan > > Cliff Hirsch wrote: >> >> I?m working on a simple multi-page shopping cart. Any thoughts on the >> merits of hidden variables versus session variables for moving between >> pages. I don?t want to use a hidden variable for a CC #, unless ever >> page is secure. Even than, it seems like a poor idea. And I am >> interested in minimizing the session load, which translates to extra >> DB load. Thoughts? >> >> Cliff >> >> _______________________________ >> *Pinestream Communications, Inc.* >> Publisher of /Semiconductor Times/ & /Telecom Trends/ >> 52 Pine Street, Weston, MA 02493 USA >> Tel: 781.647.8800, Fax: 781.647.8825 >> http://www.pinestream.com >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From edwardpotter at gmail.com Thu Sep 7 20:47:39 2006 From: edwardpotter at gmail.com (edward potter) Date: Thu, 7 Sep 2006 20:47:39 -0400 Subject: [nycphp-talk] Multipage forms -- sessions or hidden variables In-Reply-To: <4500B884.5090300@omnistep.com> References: <000401c6d2ca$430e1160$8101a8c0@HirschLaptop> <4500B884.5090300@omnistep.com> Message-ID: Sessions are very easy to work with. I think your best bet. :-) ed On 9/7/06, Rolan Yang wrote: > In my experience, storing/passing all variables via server-side sessions > with a mysql based session handler simplifies many things. > > ~Rolan > > Cliff Hirsch wrote: > > > > I'm working on a simple multi-page shopping cart. Any thoughts on the > > merits of hidden variables versus session variables for moving between > > pages. I don't want to use a hidden variable for a CC #, unless ever > > page is secure. Even than, it seems like a poor idea. And I am > > interested in minimizing the session load, which translates to extra > > DB load. Thoughts? > > > > Cliff > > > > _______________________________ > > *Pinestream Communications, Inc.* > > Publisher of /Semiconductor Times/ & /Telecom Trends/ > > 52 Pine Street, Weston, MA 02493 USA > > Tel: 781.647.8800, Fax: 781.647.8825 > > http://www.pinestream.com > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- My Blog: http://www.utopiaparkway.com My Web Projects: http://flickr.com/photos/86842405 at N00/ My Store: The Hipsters guide to the good life. http://astore.amazon.com/httpwwwutopic-20 From ps at pswebcode.com Thu Sep 7 21:48:38 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Thu, 7 Sep 2006 21:48:38 -0400 Subject: [nycphp-talk] Cake v. Symfony In-Reply-To: <8F794CE1-13E4-4735-A6C8-7A32BC2B23B0@gmail.com> Message-ID: <002c01c6d2e8$e7f77e00$6401a8c0@Rubicon> Whether one examines fairly generic concepts like Joomla, phpNuke, dotProject or TYPO3. Or one looks at the generic frameworks. Or one looks at the sourceforge.net collection of tools and projects. It might be proper to observe that there is quite sufficient baseline "generic" PHP product out there. And that these worldwide, many years long collective collaborations were likely originally engendered predominantly to propel PHP development from 0 - 60, causing PHP to rapidly appear as a competitive, diverse, solutions-oriented code framework when compared to JAVA and ASP. Maybe these PHP projects have achieved what was originally needed to basically propel PHP to an IT takes note status. Now it may be time for new talents to focus on the next evolutionary competitive step and that would be to tie together, maximize, enhance and compound all these "generic" projects and spin them into very rich, full package commercial enterprise-wide solutions with a bit more out of the box readiness to meet the expectations of known market segments that need and buy full scale (verily even expensive and satisfyingly profitable) web application solutions. Might there not be a business case that shows the there is sufficient competitive cause now -- that PHP developers need -- more access to free or low-cost well done projects that really answer contemporary commercial business needs. No collective of developers needs to hold back anymore and think: "Well, if we want to create a successful project that is going to get used a lot, we need to make this non-specific grey box set of features and functions for a hypothetical vast generic market of scientifically precise programmers to use." To the contrary, the collective of developers should now be thinking: "What are some of the present day ripe business categories that have exploded onto the internet and PHP developers could use targeted, base code projects that meet the needs of an ever expanding, feature hungry mass of potential PHP customers who are right now paying way too much to other programmer/code languages." New PHP projects really need to cohesively, convincingly and accurately do modern expected things that most customers are now desiring as a matter of course, such as: streaming media, perform bulk emails, collect and create RSS, encrypt cookies/session, registration/login/preferences, meeting calendar, customer inquiries center, FAQ, online chat/IM, help desk/trouble ticket, mapping, weather, and even interface with bar codes. PHP could use to take and grow market share in all the following business segments: Chamber of Commerce Convention Center Visitor's Bureau Supermarkets Television Station Automobile Dealership Yacht Dealership Cruise Line Venture Capital Firm Museum Resort / Resort Chain Hotel / Hotel Chain Movie Theatre Chain Performing Arts Center Dance Troupe Theatre Ensemble Circus National Park Day School Site Grade School / High School Site Real Estate Agency Real Estate Residential Developer Real Estate Commercial Developer Accounting Firm Law Firm Politician Political Group Fundraiser Trucking Firm Tanker Firm Police Department Fire Department Art Gallery Chain Even bigger and more ambitious: News Site with multimedia Weather Service Traffic Site Media Download Site Software Download Site Photo Sharing Site Train Scheduler Web Cam Viewer Site Expedition Chronicler Digital Movie Download Site If I am off base and you know a full featured opensource project that fills the gap in the above business segments, just list them and everyone will be helped by what might otherwise be interpreted as shameless PHP project publicity. Warmest regards, Peter Sawczynec, Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management ps at pswebcode.com 646.316.3678 www.pswebcode.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Paul M Jones Sent: Thursday, September 07, 2006 6:36 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Cake v. Symfony On Sep 7, 2006, at 4:43 PM, Ajai Khattri wrote: > Having spent ages looking at all these several months ago, to save > bandwidth, I have a list: > > Symfony > CakePHP > Seagull (seagullproject.org) > Prado > SolarPHP > Cerebral Cortex (crtx.org) > Savant (phpsavant.com) Much as I appreciate the plug, Savant is more a template/presentation- logic system than a framework. And IIRC, Cortex is officially defunct; Davey gave it up in favor of Zend Framework. Via Google Cache: -- pmj _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From neil.argent at gmail.com Fri Sep 8 10:04:08 2006 From: neil.argent at gmail.com (Neil Argent) Date: Fri, 08 Sep 2006 15:04:08 +0100 Subject: [nycphp-talk] PHP and MySQL projects to include in a portfolio. Message-ID: <45017858.6090106@gmail.com> Following an absence from work due a long term illness, I have just completed the CIW Master Designer qualification to assist me in my to return to work. To facilitate my return, it is apparent that I need to learn PHP and demonstrate its use with and without MySQL. Could you suggest examples that I should write and use as part of my portfolio. I am not looking for detailed descriptions, just brief outlines of projects that will demonstrate the skills being considered for PHP employment at this time. I have some experience of using PHP5 and PHP4 with MySQL, and a lot more experience in C++, so I am not coming at it as a complete programming novice. Thanks. From lk613m at yahoo.com Fri Sep 8 10:35:22 2006 From: lk613m at yahoo.com (LK) Date: Fri, 8 Sep 2006 07:35:22 -0700 (PDT) Subject: [nycphp-talk] PHP and MySQL projects to include in a portfolio. In-Reply-To: <45017858.6090106@gmail.com> Message-ID: <20060908143522.76464.qmail@web53305.mail.yahoo.com> Neil, I happen to be struggling now with a database issue that might interest you and I'd welcome and appreciate suggestions from the group. My issue is: With a relational database how do you represent and navigate a tree with unlimited number of levels and branches ? Example: categorization hierarchy. Let's say you have a table of Employees. Now you want to categorize them by Job_Type: clerk, secretary, manager, etc. But each one of these can be further sub-categorized, e.g. Manager: production, purchasing, accounting etc. Each one of those can also be sub-categorized in an unlimited recursive fashion. One could try constructing a table with columns: level_0 level_1 level_2 etc. where level_0 holds the 0-th level categories, level_1 - first level subcategories, etc. But what if the number of category levels is potentially unlimited - what do you do then? Seems like this must have been dealt with before somewhere, and any suggestions and pointers would be greatly appreciated. Leo Kokin --- Neil Argent wrote: > Following an absence from work due a long term illness, I have just > completed the CIW Master Designer qualification to assist me in my to > return to work. > > To facilitate my return, it is apparent that I need to learn PHP and > demonstrate its use with and without MySQL. > > Could you suggest examples that I should write and use as part of my > portfolio. > > I am not looking for detailed descriptions, just brief outlines of > projects that will demonstrate the skills being considered for PHP > employment at this time. > > I have some experience of using PHP5 and PHP4 with MySQL, and a lot more > experience in C++, so I am not coming at it as a complete programming > novice. > > Thanks. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From dmintz at davidmintz.org Fri Sep 8 11:00:01 2006 From: dmintz at davidmintz.org (David Mintz) Date: Fri, 8 Sep 2006 11:00:01 -0400 (EDT) Subject: [nycphp-talk] Cake v. Symfony In-Reply-To: <4221-39176@sneakemail.com> References: <455.563a2a9.322e1929@aol.com> <44FCC136.1060908@mitechie.com> <44FD494F.90800@peda.net> <44FD54DC.1050901@mitechie.com> <44FD78A1.2090301@peda.net> <44FE72CC.2030108@o2group.com> <13107-81172@sneakemail.com> <30769-44016@sneakemail.com> <4221-39176@sneakemail.com> Message-ID: On Thu, 7 Sep 2006, inforequest wrote: > David Mintz dmintz-at-davidmintz.org |nyphp dev/internal group use| wrote: > >inforequest: I thought you were a big Rails fan and Rails is so big on > >convention over configuration, and Cake is very much in that -- tradition? > >whatever -- whereas Symfony, it appears, makes you write or at least > >edit reams of YAML. I know, I gotta experience it (nudge nudge). > > > > > Me? A Rails fan? Far from it. Are you one of those racist New Yorkers, > calling me a Rails fan just because I'm in Seattle? Geesh. Oops, my bad. My memory must have confused you with one of the other gurus who was praising RoR on this list a while back. --- David Mintz http://davidmintz.org/ Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. From ps at pswebcode.com Fri Sep 8 11:20:36 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Fri, 8 Sep 2006 11:20:36 -0400 Subject: [nycphp-talk] PHP and MySQL projects to include in a portfolio. In-Reply-To: <20060908143522.76464.qmail@web53305.mail.yahoo.com> Message-ID: <002f01c6d35a$55dad540$6401a8c0@Rubicon> You should further study the topic: 'database normalization' to get more grasp of how to handle table relationships as the industry has generally settled on. The following type of three table structure should offer solution to your issue. Roughly creating as follows should get you started. "Employee" table fields: ID Employee_ID First_Name Last_Name Address "Employee_Attrributes" table fields: ID Employee_ID Category_ID "Available_Categories" table fields: ID Category_Name "Employee" table and "Employee_Attributes" tables have an infinitely expandable, one to many, primary key to foreign key relationship. Save a new row entry into "Employee_Attributes" table every time an Employee is added to a new category. Then perform multi-table SELECT queries using JOIN, LEFT JOIN, or RIGHT JOIN when you need to get the Employee category info. That should tide you over. Warmest regards, Peter Sawczynec, Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management ps at pswebcode.com 646.316.3678 www.pswebcode.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of LK Sent: Friday, September 08, 2006 10:35 AM To: talk at lists.nyphp.org Subject: Re: [nycphp-talk] PHP and MySQL projects to include in a portfolio. Neil, I happen to be struggling now with a database issue that might interest you and I'd welcome and appreciate suggestions from the group. My issue is: With a relational database how do you represent and navigate a tree with unlimited number of levels and branches ? Example: categorization hierarchy. Let's say you have a table of Employees. Now you want to categorize them by Job_Type: clerk, secretary, manager, etc. But each one of these can be further sub-categorized, e.g. Manager: production, purchasing, accounting etc. Each one of those can also be sub-categorized in an unlimited recursive fashion. One could try constructing a table with columns: level_0 level_1 level_2 etc. where level_0 holds the 0-th level categories, level_1 - first level subcategories, etc. But what if the number of category levels is potentially unlimited - what do you do then? Seems like this must have been dealt with before somewhere, and any suggestions and pointers would be greatly appreciated. Leo Kokin --- Neil Argent wrote: > Following an absence from work due a long term illness, I have just > completed the CIW Master Designer qualification to assist me in my to > return to work. > > To facilitate my return, it is apparent that I need to learn PHP and > demonstrate its use with and without MySQL. > > Could you suggest examples that I should write and use as part of my > portfolio. > > I am not looking for detailed descriptions, just brief outlines of > projects that will demonstrate the skills being considered for PHP > employment at this time. > > I have some experience of using PHP5 and PHP4 with MySQL, and a lot > more > experience in C++, so I am not coming at it as a complete programming > novice. > > Thanks. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From rmarscher at beaffinitive.com Fri Sep 8 11:54:23 2006 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Fri, 08 Sep 2006 11:54:23 -0400 Subject: [nycphp-talk] PHP and MySQL projects to include in a portfolio. In-Reply-To: <002f01c6d35a$55dad540$6401a8c0@Rubicon> References: <002f01c6d35a$55dad540$6401a8c0@Rubicon> Message-ID: <4501922F.7080903@beaffinitive.com> I think you'll need a few extra fields in the "Available_Categories" table to get the type of heirarchy you're talking about. There's a few different types of commonly used tree structures... so you have to figure out which one best fits what you need. I know we had a discussion about some tree implementation in the last month or two... I forget if it was on this list or the MySQL SIG list. Also, you can get away without having the ID field in the "Employee" table by using Employee_ID and Category_ID together as the primary key. -Rob Peter Sawczynec wrote: > You should further study the topic: 'database normalization' to get more > grasp of > how to handle table relationships as the industry has generally settled on. > > The following type of three table structure should offer solution to your > issue. > Roughly creating as follows should get you started. > > "Employee" table fields: > ID > Employee_ID > First_Name > Last_Name > Address > > "Employee_Attrributes" table fields: > ID > Employee_ID > Category_ID > > "Available_Categories" table fields: > ID > Category_Name > > > "Employee" table and "Employee_Attributes" tables have an infinitely > expandable, one to many, primary key to foreign key relationship. > > Save a new row entry into "Employee_Attributes" table every time an Employee > is added to a new category. > Then perform multi-table SELECT queries using JOIN, LEFT JOIN, or RIGHT JOIN > when you need to get the Employee category info. > > That should tide you over. > > Warmest regards, > > Peter Sawczynec, > Technology Director > PSWebcode > _Design & Interface > _Ecommerce > _Database Management > ps at pswebcode.com > 646.316.3678 > www.pswebcode.com > > > > > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On > Behalf Of LK > Sent: Friday, September 08, 2006 10:35 AM > To: talk at lists.nyphp.org > Subject: Re: [nycphp-talk] PHP and MySQL projects to include in a portfolio. > > > Neil, > > I happen to be struggling now with a database issue that might interest you > and I'd welcome and appreciate suggestions from the group. > > My issue is: With a relational database how do you represent and navigate a > tree with unlimited number of levels and branches ? Example: categorization > hierarchy. Let's say you have a table of Employees. Now you want to > categorize them by Job_Type: clerk, secretary, manager, etc. But each one of > these can be further sub-categorized, e.g. Manager: production, purchasing, > accounting etc. Each one of those can also be sub-categorized in an > unlimited recursive fashion. > > One could try constructing a table with columns: level_0 level_1 level_2 > etc. where level_0 holds the 0-th level categories, level_1 - first level > subcategories, etc. But what if the number of category levels is potentially > unlimited - what do you do then? > > Seems like this must have been dealt with before somewhere, and any > suggestions and pointers would be greatly appreciated. > > Leo Kokin > > > > --- Neil Argent wrote: > > >> Following an absence from work due a long term illness, I have just >> completed the CIW Master Designer qualification to assist me in my to >> return to work. >> >> To facilitate my return, it is apparent that I need to learn PHP and >> demonstrate its use with and without MySQL. >> >> Could you suggest examples that I should write and use as part of my >> portfolio. >> >> I am not looking for detailed descriptions, just brief outlines of >> projects that will demonstrate the skills being considered for PHP >> employment at this time. >> >> I have some experience of using PHP5 and PHP4 with MySQL, and a lot >> more >> experience in C++, so I am not coming at it as a complete programming >> novice. >> >> Thanks. >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> >> > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > From david.ngo at benefitscheckup.org Fri Sep 8 12:00:54 2006 From: david.ngo at benefitscheckup.org (david.ngo) Date: Fri, 8 Sep 2006 12:00:54 -0400 Subject: [nycphp-talk] PHP and MySQL projects to include in a portfolio In-Reply-To: Message-ID: <000301c6d35f$f87726f0$b500a8c0@bcu.org> I have dealt with this issue before of having infinite levels and branches within a hierarchy. To extend Peter's note, follow his table structure, however for the Available_Categories table you need to store a parent_id to know where in the hierarchy your item fits. So you would have: "Available_Categories" table fields: ID Parent_id Category_Name For example you have (1)IT->(7)Software->(20)Programming->(40)PHP programmer with the corresponding id next to them in parenthesis. Your table available categories would contain id parent_id category_name 1 NULL IT 7 1 Software 20 7 Programming 40 20 PHP programmer This is one alternative to this solution, but if you need to display the entire branch of all the parents of PHP programmer you would have to do 3 sql queries to get them all. You can see how processing for this quickly gets out of control if you go many levels deep. My recommendation is to follow the Modified Preorder Tree Traversal solution. Read up on it here, http://www.sitepoint.com/article/hierarchical-data-database/2. Notice that the parent_id field has been replaced with the left_id and right_id fields. This will allow you go get all the parents of a node with just 1 sql query. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of talk-request at lists.nyphp.org Sent: Friday, September 08, 2006 11:21 AM To: talk at lists.nyphp.org Subject: talk Digest, Vol 40, Issue 10 Send talk mailing list submissions to talk at lists.nyphp.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.nyphp.org/mailman/listinfo/talk or, via email, send a message with subject or body 'help' to talk-request at lists.nyphp.org You can reach the person managing the list at talk-owner at lists.nyphp.org When replying, please edit your Subject line so it is more specific than "Re: Contents of talk digest..." Today's Topics: 1. Re: Cake v. Symfony (Paul M Jones) 2. Re: Multipage forms -- sessions or hidden variables (Rolan Yang) 3. Re: Multipage forms -- sessions or hidden variables (jface at mercenarylabs.com) 4. Re: Multipage forms -- sessions or hidden variables (edward potter) 5. Re: Cake v. Symfony (Peter Sawczynec) 6. PHP and MySQL projects to include in a portfolio. (Neil Argent) 7. Re: PHP and MySQL projects to include in a portfolio. (LK) 8. Re: Cake v. Symfony (David Mintz) 9. Re: PHP and MySQL projects to include in a portfolio. (Peter Sawczynec) ---------------------------------------------------------------------- Message: 1 Date: Thu, 7 Sep 2006 17:36:00 -0500 From: Paul M Jones Subject: Re: [nycphp-talk] Cake v. Symfony To: NYPHP Talk Message-ID: <8F794CE1-13E4-4735-A6C8-7A32BC2B23B0 at gmail.com> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed On Sep 7, 2006, at 4:43 PM, Ajai Khattri wrote: > Having spent ages looking at all these several months ago, to save > bandwidth, I have a list: > > Symfony > CakePHP > Seagull (seagullproject.org) > Prado > SolarPHP > Cerebral Cortex (crtx.org) > Savant (phpsavant.com) Much as I appreciate the plug, Savant is more a template/presentation- logic system than a framework. And IIRC, Cortex is officially defunct; Davey gave it up in favor of Zend Framework. Via Google Cache: -- pmj ------------------------------ Message: 2 Date: Thu, 07 Sep 2006 20:25:40 -0400 From: Rolan Yang Subject: Re: [nycphp-talk] Multipage forms -- sessions or hidden variables To: NYPHP Talk Message-ID: <4500B884.5090300 at omnistep.com> Content-Type: text/plain; charset=windows-1252; format=flowed In my experience, storing/passing all variables via server-side sessions with a mysql based session handler simplifies many things. ~Rolan Cliff Hirsch wrote: > > I?m working on a simple multi-page shopping cart. Any thoughts on the > merits of hidden variables versus session variables for moving between > pages. I don?t want to use a hidden variable for a CC #, unless ever > page is secure. Even than, it seems like a poor idea. And I am > interested in minimizing the session load, which translates to extra > DB load. Thoughts? > > Cliff > > _______________________________ > *Pinestream Communications, Inc.* > Publisher of /Semiconductor Times/ & /Telecom Trends/ > 52 Pine Street, Weston, MA 02493 USA > Tel: 781.647.8800, Fax: 781.647.8825 > http://www.pinestream.com > > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > ------------------------------ Message: 3 Date: Thu, 7 Sep 2006 20:43:56 -0400 From: Subject: Re: [nycphp-talk] Multipage forms -- sessions or hidden variables To: NYPHP Talk Message-ID: <0f85908b28c019d486510b862c0f8689 at localhost> Content-Type: text/plain; charset="UTF-8" I'm admittedly not so well-versed on security issues, but why not hash the CC# (with crypt() or something similar) and store it in sql temporarily? You could store the corresponding sql key id in the session. On Thu, 07 Sep 2006 20:25:40 -0400, Rolan Yang wrote: > In my experience, storing/passing all variables via server-side sessions > with a mysql based session handler simplifies many things. > > ~Rolan > > Cliff Hirsch wrote: >> >> I?m working on a simple multi-page shopping cart. Any thoughts on the >> merits of hidden variables versus session variables for moving between >> pages. I don?t want to use a hidden variable for a CC #, unless ever >> page is secure. Even than, it seems like a poor idea. And I am >> interested in minimizing the session load, which translates to extra >> DB load. Thoughts? >> >> Cliff >> >> _______________________________ >> *Pinestream Communications, Inc.* >> Publisher of /Semiconductor Times/ & /Telecom Trends/ >> 52 Pine Street, Weston, MA 02493 USA >> Tel: 781.647.8800, Fax: 781.647.8825 >> http://www.pinestream.com >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php ------------------------------ Message: 4 Date: Thu, 7 Sep 2006 20:47:39 -0400 From: "edward potter" Subject: Re: [nycphp-talk] Multipage forms -- sessions or hidden variables To: "NYPHP Talk" Message-ID: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Sessions are very easy to work with. I think your best bet. :-) ed On 9/7/06, Rolan Yang wrote: > In my experience, storing/passing all variables via server-side sessions > with a mysql based session handler simplifies many things. > > ~Rolan > > Cliff Hirsch wrote: > > > > I'm working on a simple multi-page shopping cart. Any thoughts on the > > merits of hidden variables versus session variables for moving between > > pages. I don't want to use a hidden variable for a CC #, unless ever > > page is secure. Even than, it seems like a poor idea. And I am > > interested in minimizing the session load, which translates to extra > > DB load. Thoughts? > > > > Cliff > > > > _______________________________ > > *Pinestream Communications, Inc.* > > Publisher of /Semiconductor Times/ & /Telecom Trends/ > > 52 Pine Street, Weston, MA 02493 USA > > Tel: 781.647.8800, Fax: 781.647.8825 > > http://www.pinestream.com > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- My Blog: http://www.utopiaparkway.com My Web Projects: http://flickr.com/photos/86842405 at N00/ My Store: The Hipsters guide to the good life. http://astore.amazon.com/httpwwwutopic-20 ------------------------------ Message: 5 Date: Thu, 7 Sep 2006 21:48:38 -0400 From: "Peter Sawczynec" Subject: Re: [nycphp-talk] Cake v. Symfony To: "'NYPHP Talk'" Message-ID: <002c01c6d2e8$e7f77e00$6401a8c0 at Rubicon> Content-Type: text/plain; charset="us-ascii" Whether one examines fairly generic concepts like Joomla, phpNuke, dotProject or TYPO3. Or one looks at the generic frameworks. Or one looks at the sourceforge.net collection of tools and projects. It might be proper to observe that there is quite sufficient baseline "generic" PHP product out there. And that these worldwide, many years long collective collaborations were likely originally engendered predominantly to propel PHP development from 0 - 60, causing PHP to rapidly appear as a competitive, diverse, solutions-oriented code framework when compared to JAVA and ASP. Maybe these PHP projects have achieved what was originally needed to basically propel PHP to an IT takes note status. Now it may be time for new talents to focus on the next evolutionary competitive step and that would be to tie together, maximize, enhance and compound all these "generic" projects and spin them into very rich, full package commercial enterprise-wide solutions with a bit more out of the box readiness to meet the expectations of known market segments that need and buy full scale (verily even expensive and satisfyingly profitable) web application solutions. Might there not be a business case that shows the there is sufficient competitive cause now -- that PHP developers need -- more access to free or low-cost well done projects that really answer contemporary commercial business needs. No collective of developers needs to hold back anymore and think: "Well, if we want to create a successful project that is going to get used a lot, we need to make this non-specific grey box set of features and functions for a hypothetical vast generic market of scientifically precise programmers to use." To the contrary, the collective of developers should now be thinking: "What are some of the present day ripe business categories that have exploded onto the internet and PHP developers could use targeted, base code projects that meet the needs of an ever expanding, feature hungry mass of potential PHP customers who are right now paying way too much to other programmer/code languages." New PHP projects really need to cohesively, convincingly and accurately do modern expected things that most customers are now desiring as a matter of course, such as: streaming media, perform bulk emails, collect and create RSS, encrypt cookies/session, registration/login/preferences, meeting calendar, customer inquiries center, FAQ, online chat/IM, help desk/trouble ticket, mapping, weather, and even interface with bar codes. PHP could use to take and grow market share in all the following business segments: Chamber of Commerce Convention Center Visitor's Bureau Supermarkets Television Station Automobile Dealership Yacht Dealership Cruise Line Venture Capital Firm Museum Resort / Resort Chain Hotel / Hotel Chain Movie Theatre Chain Performing Arts Center Dance Troupe Theatre Ensemble Circus National Park Day School Site Grade School / High School Site Real Estate Agency Real Estate Residential Developer Real Estate Commercial Developer Accounting Firm Law Firm Politician Political Group Fundraiser Trucking Firm Tanker Firm Police Department Fire Department Art Gallery Chain Even bigger and more ambitious: News Site with multimedia Weather Service Traffic Site Media Download Site Software Download Site Photo Sharing Site Train Scheduler Web Cam Viewer Site Expedition Chronicler Digital Movie Download Site If I am off base and you know a full featured opensource project that fills the gap in the above business segments, just list them and everyone will be helped by what might otherwise be interpreted as shameless PHP project publicity. Warmest regards, Peter Sawczynec, Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management ps at pswebcode.com 646.316.3678 www.pswebcode.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Paul M Jones Sent: Thursday, September 07, 2006 6:36 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Cake v. Symfony On Sep 7, 2006, at 4:43 PM, Ajai Khattri wrote: > Having spent ages looking at all these several months ago, to save > bandwidth, I have a list: > > Symfony > CakePHP > Seagull (seagullproject.org) > Prado > SolarPHP > Cerebral Cortex (crtx.org) > Savant (phpsavant.com) Much as I appreciate the plug, Savant is more a template/presentation- logic system than a framework. And IIRC, Cortex is officially defunct; Davey gave it up in favor of Zend Framework. Via Google Cache: -- pmj _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php ------------------------------ Message: 6 Date: Fri, 08 Sep 2006 15:04:08 +0100 From: Neil Argent Subject: [nycphp-talk] PHP and MySQL projects to include in a portfolio. To: talk at lists.nyphp.org Message-ID: <45017858.6090106 at gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Following an absence from work due a long term illness, I have just completed the CIW Master Designer qualification to assist me in my to return to work. To facilitate my return, it is apparent that I need to learn PHP and demonstrate its use with and without MySQL. Could you suggest examples that I should write and use as part of my portfolio. I am not looking for detailed descriptions, just brief outlines of projects that will demonstrate the skills being considered for PHP employment at this time. I have some experience of using PHP5 and PHP4 with MySQL, and a lot more experience in C++, so I am not coming at it as a complete programming novice. Thanks. ------------------------------ Message: 7 Date: Fri, 8 Sep 2006 07:35:22 -0700 (PDT) From: LK Subject: Re: [nycphp-talk] PHP and MySQL projects to include in a portfolio. To: talk at lists.nyphp.org Message-ID: <20060908143522.76464.qmail at web53305.mail.yahoo.com> Content-Type: text/plain; charset=iso-8859-1 Neil, I happen to be struggling now with a database issue that might interest you and I'd welcome and appreciate suggestions from the group. My issue is: With a relational database how do you represent and navigate a tree with unlimited number of levels and branches ? Example: categorization hierarchy. Let's say you have a table of Employees. Now you want to categorize them by Job_Type: clerk, secretary, manager, etc. But each one of these can be further sub-categorized, e.g. Manager: production, purchasing, accounting etc. Each one of those can also be sub-categorized in an unlimited recursive fashion. One could try constructing a table with columns: level_0 level_1 level_2 etc. where level_0 holds the 0-th level categories, level_1 - first level subcategories, etc. But what if the number of category levels is potentially unlimited - what do you do then? Seems like this must have been dealt with before somewhere, and any suggestions and pointers would be greatly appreciated. Leo Kokin --- Neil Argent wrote: > Following an absence from work due a long term illness, I have just > completed the CIW Master Designer qualification to assist me in my to > return to work. > > To facilitate my return, it is apparent that I need to learn PHP and > demonstrate its use with and without MySQL. > > Could you suggest examples that I should write and use as part of my > portfolio. > > I am not looking for detailed descriptions, just brief outlines of > projects that will demonstrate the skills being considered for PHP > employment at this time. > > I have some experience of using PHP5 and PHP4 with MySQL, and a lot more > experience in C++, so I am not coming at it as a complete programming > novice. > > Thanks. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------ Message: 8 Date: Fri, 8 Sep 2006 11:00:01 -0400 (EDT) From: David Mintz Subject: Re: [nycphp-talk] Cake v. Symfony To: NYPHP Talk Message-ID: Content-Type: TEXT/PLAIN; charset=US-ASCII On Thu, 7 Sep 2006, inforequest wrote: > David Mintz dmintz-at-davidmintz.org |nyphp dev/internal group use| wrote: > >inforequest: I thought you were a big Rails fan and Rails is so big on > >convention over configuration, and Cake is very much in that -- tradition? > >whatever -- whereas Symfony, it appears, makes you write or at least > >edit reams of YAML. I know, I gotta experience it (nudge nudge). > > > > > Me? A Rails fan? Far from it. Are you one of those racist New Yorkers, > calling me a Rails fan just because I'm in Seattle? Geesh. Oops, my bad. My memory must have confused you with one of the other gurus who was praising RoR on this list a while back. --- David Mintz http://davidmintz.org/ Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. ------------------------------ Message: 9 Date: Fri, 8 Sep 2006 11:20:36 -0400 From: "Peter Sawczynec" Subject: Re: [nycphp-talk] PHP and MySQL projects to include in a portfolio. To: "'NYPHP Talk'" Message-ID: <002f01c6d35a$55dad540$6401a8c0 at Rubicon> Content-Type: text/plain; charset="us-ascii" You should further study the topic: 'database normalization' to get more grasp of how to handle table relationships as the industry has generally settled on. The following type of three table structure should offer solution to your issue. Roughly creating as follows should get you started. "Employee" table fields: ID Employee_ID First_Name Last_Name Address "Employee_Attrributes" table fields: ID Employee_ID Category_ID "Available_Categories" table fields: ID Category_Name "Employee" table and "Employee_Attributes" tables have an infinitely expandable, one to many, primary key to foreign key relationship. Save a new row entry into "Employee_Attributes" table every time an Employee is added to a new category. Then perform multi-table SELECT queries using JOIN, LEFT JOIN, or RIGHT JOIN when you need to get the Employee category info. That should tide you over. Warmest regards, Peter Sawczynec, Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management ps at pswebcode.com 646.316.3678 www.pswebcode.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of LK Sent: Friday, September 08, 2006 10:35 AM To: talk at lists.nyphp.org Subject: Re: [nycphp-talk] PHP and MySQL projects to include in a portfolio. Neil, I happen to be struggling now with a database issue that might interest you and I'd welcome and appreciate suggestions from the group. My issue is: With a relational database how do you represent and navigate a tree with unlimited number of levels and branches ? Example: categorization hierarchy. Let's say you have a table of Employees. Now you want to categorize them by Job_Type: clerk, secretary, manager, etc. But each one of these can be further sub-categorized, e.g. Manager: production, purchasing, accounting etc. Each one of those can also be sub-categorized in an unlimited recursive fashion. One could try constructing a table with columns: level_0 level_1 level_2 etc. where level_0 holds the 0-th level categories, level_1 - first level subcategories, etc. But what if the number of category levels is potentially unlimited - what do you do then? Seems like this must have been dealt with before somewhere, and any suggestions and pointers would be greatly appreciated. Leo Kokin --- Neil Argent wrote: > Following an absence from work due a long term illness, I have just > completed the CIW Master Designer qualification to assist me in my to > return to work. > > To facilitate my return, it is apparent that I need to learn PHP and > demonstrate its use with and without MySQL. > > Could you suggest examples that I should write and use as part of my > portfolio. > > I am not looking for detailed descriptions, just brief outlines of > projects that will demonstrate the skills being considered for PHP > employment at this time. > > I have some experience of using PHP5 and PHP4 with MySQL, and a lot > more > experience in C++, so I am not coming at it as a complete programming > novice. > > Thanks. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php ------------------------------ _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk End of talk Digest, Vol 40, Issue 10 ************************************ From rolson at aeso.org Fri Sep 8 12:43:40 2006 From: rolson at aeso.org (Rick Olson) Date: Fri, 08 Sep 2006 09:43:40 -0700 Subject: [nycphp-talk] Multipage forms -- sessions or hidden variables In-Reply-To: References: <000401c6d2ca$430e1160$8101a8c0@HirschLaptop> <4500B884.5090300@omnistep.com> Message-ID: <45019DBC.7060009@aeso.org> Main issue with the builtin session handling is that those sessions expire... so you'd run into problems where someone was putting stuff into their cart, then got up, went into the kitchen, ate some Ramen and drank a couple cups of coffee with their significant other while talking about various political issues plaguing our system these days, came back to finish shopping and check out, and she'd have to start all over again. :( Rolan Yang mentioned overriding the default session handlers with MySQL. That is also an option, but you need to configure it right and make sure none of that information expires to the point of the client not being able to access their cart anymore. Hidden form variables aren't a very good idea, it's quite difficult to work with, especially if they don't follow the flow you _think_ they will follow. People don't necessarily add something to their cart, then check out immediately. They are likely to click other links, browse around, or even to go another site and come back to yours later. All of those things would be very hard to maintain with hidden form variables. In the past I've handled it in a number of ways. One way is to set a cookie on their end with a unique "Shopping Cart ID", and have it expire in say a day or two or thirty (and store their current cart in the database). You also need a way to validate that that shopping cart belongs to the user that claims it belongs to, so you don't end up with some dork hijacking someone elses cart and screwing with it. Another is to force them to register on your site before they can check out. There are plenty of other ways as well, depends on how complex you want to make it and how popular it's going to be. ~ Rick Olson edward potter wrote: > Sessions are very easy to work with. I think your best bet. > > :-) ed > > On 9/7/06, Rolan Yang wrote: > >> In my experience, storing/passing all variables via server-side sessions >> with a mysql based session handler simplifies many things. >> >> ~Rolan >> >> Cliff Hirsch wrote: >> >>> I'm working on a simple multi-page shopping cart. Any thoughts on the >>> merits of hidden variables versus session variables for moving between >>> pages. I don't want to use a hidden variable for a CC #, unless ever >>> page is secure. Even than, it seems like a poor idea. And I am >>> interested in minimizing the session load, which translates to extra >>> DB load. Thoughts? >>> >>> Cliff >>> >>> _______________________________ >>> *Pinestream Communications, Inc.* >>> Publisher of /Semiconductor Times/ & /Telecom Trends/ >>> 52 Pine Street, Weston, MA 02493 USA >>> Tel: 781.647.8800, Fax: 781.647.8825 >>> http://www.pinestream.com >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> New York PHP Community Talk Mailing List >>> http://lists.nyphp.org/mailman/listinfo/talk >>> >>> NYPHPCon 2006 Presentations Online >>> http://www.nyphpcon.com >>> >>> Show Your Participation in New York PHP >>> http://www.nyphp.org/show_participation.php >>> >>> >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> >> > > > From krook at us.ibm.com Fri Sep 8 13:09:03 2006 From: krook at us.ibm.com (Daniel Krook) Date: Fri, 8 Sep 2006 13:09:03 -0400 Subject: [nycphp-talk] Cake v. Symfony [CodeIgniter?] In-Reply-To: <45009290.7070009@bitblit.net> Message-ID: Hello, > Having spent ages looking at all these several months ago, to save > bandwidth, I have a list: > > Symfony > CakePHP > Seagull (seagullproject.org) > Prado > SolarPHP > Cerebral Cortex (crtx.org) > Savant (phpsavant.com) > > (My list is bigger but I left out Perl/Python/Ruby frameworks ;-) > > > > -- > A I'm evaluating CodeIgniter for a brand new project. It seems to be a fairly new MVC framework and came recommended by some coworkers. It seems to position itself directly against CakePHP and model itself on Rails. Can anyone give a thumbs up or down? http://www.codeigniter.com/user_guide/ http://www.codeigniter.com/forums/viewthread/750/ Daniel Krook, Content Tools Developer Global Production Services - Tools, ibm.com From ajai at bitblit.net Fri Sep 8 14:03:34 2006 From: ajai at bitblit.net (Ajai Khattri) Date: Fri, 08 Sep 2006 14:03:34 -0400 Subject: [nycphp-talk] Cake v. Symfony [CodeIgniter?] In-Reply-To: References: Message-ID: <4501B076.9000800@bitblit.net> Daniel Krook wrote: > > It > seems to position itself directly against CakePHP and model itself on > Rails. Yeah, even the demo is a complete rip-off of the RoR demo ;-) -- A From lk613m at yahoo.com Fri Sep 8 14:06:20 2006 From: lk613m at yahoo.com (LK) Date: Fri, 8 Sep 2006 11:06:20 -0700 (PDT) Subject: [nycphp-talk] PHP and MySQL projects to include in a portfolio In-Reply-To: <000301c6d35f$f87726f0$b500a8c0@bcu.org> Message-ID: <20060908180620.26257.qmail@web53308.mail.yahoo.com> Thanks, David & Peter, That looks like the solution. Leo --- "david.ngo" wrote: > I have dealt with this issue before of having infinite levels and branches > within a hierarchy. To extend Peter's note, follow his table structure, > however for the Available_Categories table you need to store a parent_id to > know where in the hierarchy your item fits. So you would have: > > "Available_Categories" table fields: > ID > Parent_id > Category_Name > > For example you have (1)IT->(7)Software->(20)Programming->(40)PHP programmer > with the corresponding id next to them in parenthesis. > > Your table available categories would contain > > id parent_id category_name > 1 NULL IT > 7 1 Software > 20 7 Programming > 40 20 PHP programmer > > This is one alternative to this solution, but if you need to display the > entire branch of all the parents of PHP programmer you would have to do 3 > sql queries to get them all. You can see how processing for this quickly > gets out of control if you go many levels deep. > > My recommendation is to follow the Modified Preorder Tree Traversal > solution. Read up on it here, > http://www.sitepoint.com/article/hierarchical-data-database/2. Notice that > the parent_id field has been replaced with the left_id and right_id fields. > This will allow you go get all the parents of a node with just 1 sql query. > > > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On > Behalf Of talk-request at lists.nyphp.org > Sent: Friday, September 08, 2006 11:21 AM > To: talk at lists.nyphp.org > Subject: talk Digest, Vol 40, Issue 10 > > Send talk mailing list submissions to > talk at lists.nyphp.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.nyphp.org/mailman/listinfo/talk > or, via email, send a message with subject or body 'help' to > talk-request at lists.nyphp.org > > You can reach the person managing the list at > talk-owner at lists.nyphp.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of talk digest..." > > > Today's Topics: > > 1. Re: Cake v. Symfony (Paul M Jones) > 2. Re: Multipage forms -- sessions or hidden variables (Rolan Yang) > 3. Re: Multipage forms -- sessions or hidden variables > (jface at mercenarylabs.com) > 4. Re: Multipage forms -- sessions or hidden variables > (edward potter) > 5. Re: Cake v. Symfony (Peter Sawczynec) > 6. PHP and MySQL projects to include in a portfolio. (Neil Argent) > 7. Re: PHP and MySQL projects to include in a portfolio. (LK) > 8. Re: Cake v. Symfony (David Mintz) > 9. Re: PHP and MySQL projects to include in a portfolio. > (Peter Sawczynec) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 7 Sep 2006 17:36:00 -0500 > From: Paul M Jones > Subject: Re: [nycphp-talk] Cake v. Symfony > To: NYPHP Talk > Message-ID: <8F794CE1-13E4-4735-A6C8-7A32BC2B23B0 at gmail.com> > Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed > > On Sep 7, 2006, at 4:43 PM, Ajai Khattri wrote: > > > Having spent ages looking at all these several months ago, to save > > bandwidth, I have a list: > > > > Symfony > > CakePHP > > Seagull (seagullproject.org) > > Prado > > SolarPHP > > Cerebral Cortex (crtx.org) > > Savant (phpsavant.com) > > Much as I appreciate the plug, Savant is more a template/presentation- > logic system than a framework. > > And IIRC, Cortex is officially defunct; Davey gave it up in favor of > Zend Framework. Via Google Cache: > > dreams.com/archives/206-All-for-naught....html+pixelated+dreams > +cerebral+cortex> > > > > -- pmj > > > ------------------------------ > > Message: 2 > Date: Thu, 07 Sep 2006 20:25:40 -0400 > From: Rolan Yang > Subject: Re: [nycphp-talk] Multipage forms -- sessions or hidden > variables > To: NYPHP Talk > Message-ID: <4500B884.5090300 at omnistep.com> > Content-Type: text/plain; charset=windows-1252; format=flowed > > In my experience, storing/passing all variables via server-side sessions > with a mysql based session handler simplifies many things. > > ~Rolan > > Cliff Hirsch wrote: > > > > I?m working on a simple multi-page shopping cart. Any thoughts on the > > merits of hidden variables versus session variables for moving between > > pages. I don?t want to use a hidden variable for a CC #, unless ever > > page is secure. Even than, it seems like a poor idea. And I am > > interested in minimizing the session load, which translates to extra > > DB load. Thoughts? > > > > Cliff > > > > _______________________________ > > *Pinestream Communications, Inc.* > > Publisher of /Semiconductor Times/ & /Telecom Trends/ > > 52 Pine Street, Weston, MA 02493 USA > > Tel: 781.647.8800, Fax: 781.647.8825 > > http://www.pinestream.com > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > > > ------------------------------ > > Message: 3 > Date: Thu, 7 Sep 2006 20:43:56 -0400 > From: > Subject: Re: [nycphp-talk] Multipage forms -- sessions or hidden > variables > To: NYPHP Talk > Message-ID: <0f85908b28c019d486510b862c0f8689 at localhost> > Content-Type: text/plain; charset="UTF-8" > > > I'm admittedly not so well-versed on security issues, but why not hash the > CC# (with crypt() or something similar) and store it in sql temporarily? You > could store the corresponding sql key id in the session. > > On Thu, 07 Sep 2006 20:25:40 -0400, Rolan Yang wrote: > > In my experience, storing/passing all variables via server-side sessions > > with a mysql based session handler simplifies many things. > > > > ~Rolan > > > > Cliff Hirsch wrote: > >> > >> I?m working on a simple multi-page shopping cart. Any thoughts on the > >> merits of hidden variables versus session variables for moving between > >> pages. I don?t want to use a hidden variable for a CC #, unless ever > >> page is secure. Even than, it seems like a poor idea. And I am > >> interested in minimizing the session load, which translates to extra > >> DB load. Thoughts? > >> > >> Cliff > >> > >> _______________________________ > >> *Pinestream Communications, Inc.* > >> Publisher of /Semiconductor Times/ & /Telecom Trends/ > >> 52 Pine Street, Weston, MA 02493 USA > >> Tel: 781.647.8800, Fax: 781.647.8825 > >> http://www.pinestream.com > >> > >> ------------------------------------------------------------------------ > >> > >> _______________________________________________ > >> New York PHP Community Talk Mailing List > >> http://lists.nyphp.org/mailman/listinfo/talk > >> > >> NYPHPCon 2006 Presentations Online > >> http://www.nyphpcon.com > >> > >> Show Your Participation in New York PHP > >> http://www.nyphp.org/show_participation.php > >> > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > > ------------------------------ > > Message: 4 > Date: Thu, 7 Sep 2006 20:47:39 -0400 > From: "edward potter" > Subject: Re: [nycphp-talk] Multipage forms -- sessions or hidden > variables > To: "NYPHP Talk" > Message-ID: > > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Sessions are very easy to work with. I think your best bet. > > :-) ed > > On 9/7/06, Rolan Yang wrote: > > In my experience, storing/passing all variables via server-side sessions > > with a mysql based session handler simplifies many things. > > > > ~Rolan > > > > Cliff Hirsch wrote: > > > > > > I'm working on a simple multi-page shopping cart. Any thoughts on the > > > merits of hidden variables versus session variables for moving between > > > pages. I don't want to use a hidden variable for a CC #, unless ever > > > page is secure. Even than, it seems like a poor idea. And I am > > > interested in minimizing the session load, which translates to extra > > > DB load. Thoughts? > > > > > > Cliff > > > > > > _______________________________ > > > *Pinestream Communications, Inc.* > > > Publisher of /Semiconductor Times/ & /Telecom Trends/ > > > 52 Pine Street, Weston, MA 02493 USA > > > Tel: 781.647.8800, Fax: 781.647.8825 > > > http://www.pinestream.com > > > > > > ------------------------------------------------------------------------ > > > > > > _______________________________________________ > > > New York PHP Community Talk Mailing List > > > http://lists.nyphp.org/mailman/listinfo/talk > > > > > > NYPHPCon 2006 Presentations Online > > > http://www.nyphpcon.com > > > > > > Show Your Participation in New York PHP > > > http://www.nyphp.org/show_participation.php > > > > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > > > -- > My Blog: http://www.utopiaparkway.com > My Web Projects: http://flickr.com/photos/86842405 at N00/ > My Store: The Hipsters guide to the good life. > http://astore.amazon.com/httpwwwutopic-20 > > > ------------------------------ > > Message: 5 > Date: Thu, 7 Sep 2006 21:48:38 -0400 > From: "Peter Sawczynec" > Subject: Re: [nycphp-talk] Cake v. Symfony > To: "'NYPHP Talk'" > Message-ID: <002c01c6d2e8$e7f77e00$6401a8c0 at Rubicon> > Content-Type: text/plain; charset="us-ascii" > > Whether one examines fairly generic concepts like Joomla, phpNuke, > dotProject or TYPO3. Or one looks at the generic frameworks. > Or one looks at the sourceforge.net collection of tools and projects. It > might be proper to observe that there is > quite sufficient baseline "generic" PHP product out there. > > And that these worldwide, many years long collective collaborations were > likely originally engendered predominantly to propel > PHP development from 0 - 60, causing PHP to rapidly appear as a competitive, > diverse, solutions-oriented code framework when > compared to JAVA and ASP. > > Maybe these PHP projects have achieved what was originally needed to > basically propel PHP to an IT takes note status. > > Now it may be time for new talents to focus on the next evolutionary > competitive step and that would be to tie together, maximize, enhance and > compound all these "generic" projects and spin them into very rich, full > package commercial enterprise-wide solutions with a bit more out of the box > readiness to meet the expectations of known market segments that need and > buy full scale (verily even expensive and satisfyingly profitable) web > application solutions. > > Might there not be a business case that shows the there is sufficient > competitive cause now -- that PHP developers need -- more access to free or > low-cost well done projects that really answer contemporary commercial > business needs. > > No collective of developers needs to hold back anymore and think: "Well, if > we want to create a successful project that is going to get used a lot, we > need to make this non-specific grey box set of features and functions for a > hypothetical vast generic market of scientifically precise programmers to > use." To the contrary, the collective of developers should now be thinking: > "What are some of the present day ripe business categories that have > exploded onto the internet and PHP developers could use targeted, base code > projects that meet the needs of an ever expanding, feature hungry mass of > potential PHP customers who are right now paying way too much to other > programmer/code languages." > > New PHP projects really need to cohesively, convincingly and accurately do > modern expected things that most customers are now desiring as a matter of > course, such as: streaming media, perform bulk emails, collect and create > RSS, encrypt cookies/session, registration/login/preferences, meeting > calendar, customer inquiries center, FAQ, online chat/IM, help desk/trouble > ticket, mapping, weather, and even interface with bar codes. > > PHP could use to take and grow market share in all the following business > segments: > > Chamber of Commerce > Convention Center > Visitor's Bureau > Supermarkets > Television Station > Automobile Dealership > Yacht Dealership > Cruise Line > Venture Capital Firm > Museum > Resort / Resort Chain > Hotel / Hotel Chain > Movie Theatre Chain > Performing Arts Center > Dance Troupe > Theatre Ensemble > Circus > National Park > Day School Site > Grade School / High School Site > Real Estate Agency > Real Estate Residential Developer > Real Estate Commercial Developer > Accounting Firm > Law Firm > Politician > Political Group > Fundraiser > Trucking Firm > Tanker Firm > Police Department > Fire Department > Art Gallery Chain > > Even bigger and more ambitious: > News Site with multimedia > Weather Service > Traffic Site > Media Download Site > Software Download Site > Photo Sharing Site > Train Scheduler > Web Cam Viewer Site > Expedition Chronicler > Digital Movie Download Site > > If I am off base and you know a full featured opensource project that fills > the gap in the above business segments, just list them and everyone will be > helped by what might otherwise be interpreted as shameless PHP project > publicity. > > Warmest regards, > > Peter Sawczynec, > Technology Director > PSWebcode > _Design & Interface > _Ecommerce > _Database Management > ps at pswebcode.com > 646.316.3678 > www.pswebcode.com > > > > > > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On > Behalf Of Paul M Jones > Sent: Thursday, September 07, 2006 6:36 PM > To: NYPHP Talk > Subject: Re: [nycphp-talk] Cake v. Symfony > > > On Sep 7, 2006, at 4:43 PM, Ajai Khattri wrote: > > > Having spent ages looking at all these several months ago, to save > > bandwidth, I have a list: > > > > Symfony > > CakePHP > > Seagull (seagullproject.org) > > Prado > > SolarPHP > > Cerebral Cortex (crtx.org) > > Savant (phpsavant.com) > > Much as I appreciate the plug, Savant is more a template/presentation- > logic system than a framework. > > And IIRC, Cortex is officially defunct; Davey gave it up in favor of > Zend Framework. Via Google Cache: > > dreams.com/archives/206-All-for-naught....html+pixelated+dreams > +cerebral+cortex> > > > > -- pmj > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > > ------------------------------ > > Message: 6 > Date: Fri, 08 Sep 2006 15:04:08 +0100 > From: Neil Argent > Subject: [nycphp-talk] PHP and MySQL projects to include in a > portfolio. > To: talk at lists.nyphp.org > Message-ID: <45017858.6090106 at gmail.com> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Following an absence from work due a long term illness, I have just > completed the CIW Master Designer qualification to assist me in my to > return to work. > > To facilitate my return, it is apparent that I need to learn PHP and > demonstrate its use with and without MySQL. > > Could you suggest examples that I should write and use as part of my > portfolio. > > I am not looking for detailed descriptions, just brief outlines of > projects that will demonstrate the skills being considered for PHP > employment at this time. > > I have some experience of using PHP5 and PHP4 with MySQL, and a lot more > experience in C++, so I am not coming at it as a complete programming > novice. > > Thanks. > > > ------------------------------ > > Message: 7 > Date: Fri, 8 Sep 2006 07:35:22 -0700 (PDT) > From: LK > Subject: Re: [nycphp-talk] PHP and MySQL projects to include in a > portfolio. > To: talk at lists.nyphp.org > Message-ID: <20060908143522.76464.qmail at web53305.mail.yahoo.com> > Content-Type: text/plain; charset=iso-8859-1 > > Neil, > > I happen to be struggling now with a database issue that might interest you > and > I'd welcome and appreciate suggestions from the group. > > My issue is: With a relational database how do you represent and navigate a > tree with unlimited number of levels and branches ? Example: categorization > hierarchy. Let's say you have a table of Employees. Now you want to > categorize > them by Job_Type: clerk, secretary, manager, etc. But each one of these can > be > further sub-categorized, e.g. Manager: production, purchasing, accounting > etc. > Each one of those can also be sub-categorized in an unlimited recursive > fashion. > > One could try constructing a table with columns: level_0 level_1 level_2 > etc. > where level_0 holds the 0-th level categories, level_1 - first level > subcategories, etc. But what if the number of category levels is potentially > unlimited - what do you do then? > > Seems like this must have been dealt with before somewhere, and any > suggestions > and pointers would be greatly appreciated. > > Leo Kokin > > > > --- Neil Argent wrote: > > > Following an absence from work due a long term illness, I have just > > completed the CIW Master Designer qualification to assist me in my to > > return to work. > > > > To facilitate my return, it is apparent that I need to learn PHP and > > demonstrate its use with and without MySQL. > > > > Could you suggest examples that I should write and use as part of my > > portfolio. > > > > I am not looking for detailed descriptions, just brief outlines of > > projects that will demonstrate the skills being considered for PHP > > employment at this time. > > > > I have some experience of using PHP5 and PHP4 with MySQL, and a lot more > > experience in C++, so I am not coming at it as a complete programming > > novice. > > > > Thanks. > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > > ------------------------------ > > Message: 8 > Date: Fri, 8 Sep 2006 11:00:01 -0400 (EDT) > From: David Mintz > Subject: Re: [nycphp-talk] Cake v. Symfony > To: NYPHP Talk > Message-ID: > Content-Type: TEXT/PLAIN; charset=US-ASCII > > On Thu, 7 Sep 2006, inforequest wrote: > > > David Mintz dmintz-at-davidmintz.org |nyphp dev/internal group use| wrote: > > > >inforequest: I thought you were a big Rails fan and Rails is so big on > > >convention over configuration, and Cake is very much in that -- > tradition? > > >whatever -- whereas Symfony, it appears, makes you write or at least > > >edit reams of YAML. I know, I gotta experience it (nudge nudge). > > > > > > > > Me? A Rails fan? Far from it. Are you one of those racist New Yorkers, > > calling me a Rails fan just because I'm in Seattle? Geesh. > > Oops, my bad. My memory must have confused you with one of the other gurus > who was praising RoR on this list a while back. > > --- > David Mintz > http://davidmintz.org/ > > Amendment IV > > The right of the people to be secure in their > persons, houses, papers, and effects, against > unreasonable searches and seizures, shall not be > violated, and no Warrants shall issue, but upon > probable cause, supported by Oath or affirmation, > and particularly describing the place to be > searched, and the persons or things to be seized. > > > ------------------------------ > > Message: 9 > Date: Fri, 8 Sep 2006 11:20:36 -0400 > From: "Peter Sawczynec" > Subject: Re: [nycphp-talk] PHP and MySQL projects to include in a > portfolio. > To: "'NYPHP Talk'" > Message-ID: <002f01c6d35a$55dad540$6401a8c0 at Rubicon> > Content-Type: text/plain; charset="us-ascii" > > You should further study the topic: 'database normalization' to get more > grasp of > how to handle table relationships as the industry has generally settled on. > > The following type of three table structure should offer solution to your > issue. > Roughly creating as follows should get you started. > > "Employee" table fields: > ID > Employee_ID > First_Name > Last_Name > Address > > "Employee_Attrributes" table fields: > ID > Employee_ID > Category_ID > > "Available_Categories" table fields: > ID > Category_Name > > > "Employee" table and "Employee_Attributes" tables have an infinitely > expandable, one to many, primary key to foreign key relationship. > > Save a new row entry into "Employee_Attributes" table every time an Employee > is added to a new category. > Then perform multi-table SELECT queries using JOIN, LEFT JOIN, or RIGHT JOIN > when you need to get the Employee category info. > > That should tide you over. > > Warmest regards, > > Peter Sawczynec, > Technology Director > PSWebcode > _Design & Interface > _Ecommerce > _Database Management > ps at pswebcode.com > 646.316.3678 > www.pswebcode.com > > > > > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On > Behalf Of LK > Sent: Friday, September 08, 2006 10:35 AM > To: talk at lists.nyphp.org > Subject: Re: [nycphp-talk] PHP and MySQL projects to include in a portfolio. > > > Neil, > > I happen to be struggling now with a database issue that might interest you > and I'd welcome and appreciate suggestions from the group. > > My issue is: With a relational database how do you represent and navigate a > tree with unlimited number of levels and branches ? Example: categorization > hierarchy. Let's say you have a table of Employees. Now you want to > categorize them by Job_Type: clerk, secretary, manager, etc. But each one of > these can be further sub-categorized, e.g. Manager: production, purchasing, > accounting etc. Each one of those can also be sub-categorized in an > unlimited recursive fashion. > > One could try constructing a table with columns: level_0 level_1 level_2 > etc. where level_0 holds the 0-th level categories, level_1 - first level > subcategories, etc. But what if the number of category levels is potentially > unlimited - what do you do then? > > Seems like this must have been dealt with before somewhere, and any > suggestions and pointers would be greatly appreciated. > > Leo Kokin > > > > --- Neil Argent wrote: > > > Following an absence from work due a long term illness, I have just > > completed the CIW Master Designer qualification to assist me in my to > > return to work. > > > > To facilitate my return, it is apparent that I need to learn PHP and > > demonstrate its use with and without MySQL. > > > > Could you suggest examples that I should write and use as part of my > > portfolio. > > > > I am not looking for detailed descriptions, just brief outlines of > > projects that will demonstrate the skills being considered for PHP > > employment at this time. > > > > I have some experience of using PHP5 and PHP4 with MySQL, and a lot > > more > > experience in C++, so I am not coming at it as a complete programming > > novice. > > > > Thanks. > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > > ------------------------------ > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > > End of talk Digest, Vol 40, Issue 10 > ************************************ > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From thomashungnguyen at yahoo.com Fri Sep 8 15:52:56 2006 From: thomashungnguyen at yahoo.com (Thomas Nguyen) Date: Fri, 8 Sep 2006 12:52:56 -0700 (PDT) Subject: [nycphp-talk] fsockopen Problem Message-ID: <20060908195256.89369.qmail@web30707.mail.mud.yahoo.com> Hi everyone, I have just migrated from PHP 4.3 to PHP 5.1. The code that I have written under PHP 4.3 is: . . fsockopen($this->host, $this->port, $errno, $errstr, $this->timeout); socket_set_timeout($fp,$this->timeout); $request = $this->buildRequest(); . . The code above works under PHP 4.3. When running the code under PHP 5, I'm getting the following error:"Connection failed (10060) A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond." I used the windows installer to installed PHP 4.3, and I don't know how it set up my settings, but since an installer didn't come with PHP 5, I had to set up everything on my own. I know that for some reason, fsockopen can't open up a connection in PHP 5. I don't know what I am doing wrong. Any help or suggestions will be greatly appreciated. Sincerely, Thomas __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From tgales at tgaconnect.com Fri Sep 8 21:08:37 2006 From: tgales at tgaconnect.com (Tim Gales) Date: Fri, 08 Sep 2006 21:08:37 -0400 Subject: [nycphp-talk] PHP and MySQL projects to include in a portfolio. In-Reply-To: <20060908143522.76464.qmail@web53305.mail.yahoo.com> References: <20060908143522.76464.qmail@web53305.mail.yahoo.com> Message-ID: <45021415.3030106@tgaconnect.com> LK wrote: > Neil, > > I happen to be struggling now with a database issue that might interest you and > I'd welcome and appreciate suggestions from the group. > > My issue is: With a relational database how do you represent and navigate a > tree with unlimited number of levels and branches ? Example: categorization > hierarchy. Let's say you have a table of Employees. Now you want to categorize > them by Job_Type: clerk, secretary, manager, etc. But each one of these can be > further sub-categorized, e.g. Manager: production, purchasing, accounting etc. > Each one of those can also be sub-categorized in an unlimited recursive > fashion. > > One could try constructing a table with columns: level_0 level_1 level_2 etc. > where level_0 holds the 0-th level categories, level_1 - first level > subcategories, etc. But what if the number of category levels is potentially > unlimited - what do you do then? > > Seems like this must have been dealt with before somewhere, and any suggestions > and pointers would be greatly appreciated. > > Leo Kokin > you might find this interesting http://www.tdan.com/special031.htm -- T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From onurphp at gmail.com Sat Sep 9 01:22:55 2006 From: onurphp at gmail.com (Onur) Date: Sat, 9 Sep 2006 08:22:55 +0300 Subject: [nycphp-talk] fsockopen Problem In-Reply-To: <20060908195256.89369.qmail@web30707.mail.mud.yahoo.com> References: <20060908195256.89369.qmail@web30707.mail.mud.yahoo.com> Message-ID: <200609090822.56712.onurphp@gmail.com> > Hi everyone, > Hi > I have just migrated from PHP 4.3 to PHP 5.1. The code > that I have written under PHP 4.3 is: > > . > > . > fsockopen($this->host, $this->port, $errno, $errstr, > $this->timeout); > socket_set_timeout($fp,$this->timeout); > $request = $this->buildRequest(); > . > > . > > > The code above works under PHP 4.3. When running the > code under PHP 5, I'm getting the following > error:"Connection failed (10060) A connection attempt > failed because the connected party did not properly > respond after a period of time, or established > connection failed because connected host has failed to > respond." > > I used the windows installer to installed PHP 4.3, and > I don't know how it set up my settings, but since an > installer didn't come with PHP 5, I had to set up > everything on my own. I know that for some reason, > fsockopen can't open up a connection in PHP 5. I don't > know what I am doing wrong. Any help or suggestions > will be greatly appreciated. > > Sincerely, > Thomas You can look it for google : http://www.google.com.tr/search?hl=tr&q=fsockopen+Connection+failed+%2810060%29+A+connection+attempt++failed+because+the+connected+party+did+not+properly++respond+after+a+period+of+time%2C+or+established++connection+failed+because+connected+host+has+failed+to++respond.&btnG=Ara&meta= @Php manual http://tr.php.net/fsockopen Regards, Onur Yerlikaya From rharding at mitechie.com Sat Sep 9 08:33:59 2006 From: rharding at mitechie.com (Richard Harding) Date: Sat, 09 Sep 2006 08:33:59 -0400 Subject: [nycphp-talk] PHP and MySQL projects to include in a portfolio. In-Reply-To: <45021415.3030106@tgaconnect.com> References: <20060908143522.76464.qmail@web53305.mail.yahoo.com> <45021415.3030106@tgaconnect.com> Message-ID: <4502B4B7.3040409@mitechie.com> Tim Gales wrote: > LK wrote: >> Neil, >> >> I happen to be struggling now with a database issue that might interest you and >> I'd welcome and appreciate suggestions from the group. >> >> My issue is: With a relational database how do you represent and navigate a >> tree with unlimited number of levels and branches ? Example: categorization >> hierarchy. Let's say you have a table of Employees. Now you want to categorize >> them by Job_Type: clerk, secretary, manager, etc. But each one of these can be >> further sub-categorized, e.g. Manager: production, purchasing, accounting etc. >> Each one of those can also be sub-categorized in an unlimited recursive >> fashion. >> >> One could try constructing a table with columns: level_0 level_1 level_2 etc. >> where level_0 holds the 0-th level categories, level_1 - first level >> subcategories, etc. But what if the number of category levels is potentially >> unlimited - what do you do then? >> >> Seems like this must have been dealt with before somewhere, and any suggestions >> and pointers would be greatly appreciated. >> >> Leo Kokin http://www.sitepoint.com/article/hierarchical-data-database I bookmarked that a while back and I think it will discuss what you're looking for. Rick From ken at secdat.com Sat Sep 9 11:05:43 2006 From: ken at secdat.com (Kenneth Downs) Date: Sat, 09 Sep 2006 11:05:43 -0400 Subject: [nycphp-talk] Cake v. Symfony In-Reply-To: <002c01c6d2e8$e7f77e00$6401a8c0@Rubicon> References: <002c01c6d2e8$e7f77e00$6401a8c0@Rubicon> Message-ID: <4502D847.2030901@secdat.com> Peter Sawczynec wrote: > Maybe these PHP projects have achieved what was originally needed to > basically propel PHP to an IT takes note status. > Hmm, was it the projects, or was it PHP itself: simple, powerful, elegant. > Now it may be time for new talents to focus on the next evolutionary > competitive step and that would be to tie together, maximize, enhance and > compound all these "generic" projects and spin them into very rich, full > package commercial enterprise-wide solutions with a bit more out of the box > readiness to meet the expectations of known market segments that need and > buy full scale (verily even expensive and satisfyingly profitable) web > application solutions. > Let me challenge this that perhaps it will be the old talents, those with solid histories of delivering the goods, who may pick up PHP because it will help them with their business goals of delivering quality goods. If so, they will already have established contacts and books of businesses in the markets you mention below. They won't be interested in MVC, ORM, or the finer points of package distribution. They will be interested in delivering goods at a profit, as they always have been and always will. How do frameworks fit into that picture? Or, how does the framework fit into the picture of the larger realities of software development such as incomplete specs, contradictory specs, impossible timelines, cash-flow problems from slow-to-pay customers, arbitrary change requests, the need for things that there never seems to be time for like testing, documentation and training, and many others. Any framework that begins by expecting the customer to adapt to the programming model will fail. Any framework that is not solidly grounded in real-life projects will likely fade eventually. And, perhaps biggest of all, any framework that does not learn from the systems that have come before, from COBOL to Foxpro and VB and Java, will be overtaken by those that are built with a sober knowledge of what has come before. -------------- next part -------------- A non-text attachment was scrubbed... Name: ken.vcf Type: text/x-vcard Size: 261 bytes Desc: not available URL: From 1j0lkq002 at sneakemail.com Sat Sep 9 15:07:20 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Sat, 09 Sep 2006 12:07:20 -0700 Subject: [nycphp-talk] Cake v. Symfony In-Reply-To: <4502D847.2030901@secdat.com> References: <002c01c6d2e8$e7f77e00$6401a8c0@Rubicon> <4502D847.2030901@secdat.com> Message-ID: <10556-11951@sneakemail.com> Kenneth Downs ken-at-secdat.com |nyphp dev/internal group use| wrote: > Peter Sawczynec wrote: > >> Now it may be time for new talents to focus on the next evolutionary >> competitive step and that would be to tie together, maximize, enhance >> and >> compound all these "generic" projects and spin them into very rich, full >> package commercial enterprise-wide solutions with a bit more out of >> the box >> readiness to meet the expectations of known market segments that need >> and >> buy full scale (verily even expensive and satisfyingly profitable) web >> application solutions. >> > > Let me challenge this that perhaps it will be the old talents, those > with solid histories of delivering the goods, who may pick up PHP > because it will help them with their business goals of delivering > quality goods. > > If so, they will already have established contacts and books of > businesses in the markets you mention below. They won't be interested > in MVC, ORM, or the finer points of package distribution. They will be > interested in delivering goods at a profit, as they always have been and > always will. > > How do frameworks fit into that picture? Or, how does the framework fit > into the picture of the larger realities of software development such as > incomplete specs, contradictory specs, impossible timelines, cash-flow > problems from slow-to-pay customers, arbitrary change requests, the need > for things that there never seems to be time for like testing, > documentation and training, and many others. > > Any framework that begins by expecting the customer to adapt to the > programming model will fail. Any framework that is not solidly grounded > in real-life projects will likely fade eventually. And, perhaps biggest > of all, any framework that does not learn from the systems that have > come before, from COBOL to Foxpro and VB and Java, will be overtaken by > those that are built with a sober knowledge of what has come before. > Yes this may be very true, but there are an awful lot of Joomla! sites out there, aren't there? Somebody is using it. Oh, and Wordpress has become the tool of choice for many "news" sites. Go figure. People DO pick frameworks and commit to them. Of course these are not traditional 'software projects' but web projects. Now, tomorrow when the VIEW of DATA has succeeded , and someone recognizes there is additonal value in the community, the archives, and the efficiencies that can be captured through customization, I agree they will either be told (by good consultants) or will discover themselves that a framework is only as good as it's ability to be utlized in a customized configuration. At that point they will also hopefully have the cash and willingness to spend it on development. It may just be that a frameworks with Parts A-Z is "good enough" to get started without having to (re)define all those specs in the first go. -=john andrews -- ------------------------------------------------------------- "If you think this stuff is confusing, you should try optimizing websites for search engine exposure." john andrews SEO http://www.johnon.com From dlmerryweather at gmail.com Sat Sep 9 18:53:11 2006 From: dlmerryweather at gmail.com (David Merryweather) Date: Sat, 9 Sep 2006 17:53:11 -0500 Subject: [nycphp-talk] Cake v. Symfony [CodeIgniter?] In-Reply-To: References: <45009290.7070009@bitblit.net> Message-ID: <793b2bec0609091553k4c9ca585tf6b111cf95a5da88@mail.gmail.com> Don't forget The Akelos Framework too. http://trac.akelos.org/wiki D. On 9/8/06, Daniel Krook wrote: > Hello, > > > Having spent ages looking at all these several months ago, to save > > bandwidth, I have a list: > > > > Symfony > > CakePHP > > Seagull (seagullproject.org) > > Prado > > SolarPHP > > Cerebral Cortex (crtx.org) > > Savant (phpsavant.com) > > > > (My list is bigger but I left out Perl/Python/Ruby frameworks ;-) > > > > > > > > -- > > A > > > I'm evaluating CodeIgniter for a brand new project. It seems to be a > fairly new MVC framework and came recommended by some coworkers. It > seems to position itself directly against CakePHP and model itself on > Rails. Can anyone give a thumbs up or down? > > http://www.codeigniter.com/user_guide/ > http://www.codeigniter.com/forums/viewthread/750/ > > > > Daniel Krook, Content Tools Developer > Global Production Services - Tools, ibm.com > > > > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From ramons at gmx.net Sun Sep 10 20:27:01 2006 From: ramons at gmx.net (David Krings) Date: Sun, 10 Sep 2006 20:27:01 -0400 Subject: [nycphp-talk] New to group and array question Message-ID: <6.1.2.0.2.20060910200330.02c4c988@pop.snet.yahoo.com> Hello, my name is David and I am new in this group. I do some PHP for fun for my private web site and well, not to bore you with more details about me, here is my question. I always stumble across an odd thing with arrays. I read in many documentations and books that one should use the single quotes when referencing to an array element, such as $array['element']. Generally, this works fine and I use it that way, but it always fails when using it in echo or header statements (and probably a few others). The error I receive is parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING. I know how to get around this parse error by omitting the single quotes ($array[element] instead of $array['element']), but I somehow am under the impression as if this isn't really the way to do it. I could assign it to a variable each time, but that is quite annoying (but maybe the right thing to do?). What is the significance of the single quotes? What is the expert advice on using or not using them? How would I package the single quote in an echo or header statement? Any enlightenment is greatly appreciated. David From tim_lists at o2group.com Sun Sep 10 20:57:45 2006 From: tim_lists at o2group.com (Tim Lieberman) Date: Sun, 10 Sep 2006 18:57:45 -0600 Subject: [nycphp-talk] New to group and array question In-Reply-To: <6.1.2.0.2.20060910200330.02c4c988@pop.snet.yahoo.com> References: <6.1.2.0.2.20060910200330.02c4c988@pop.snet.yahoo.com> Message-ID: <4504B489.9090805@o2group.com> David, In general, yes, use single quotes. Using double-quotes will cause PHP to interpret the string, and is necessary if the key has a variable in it, for example: $myarray["something_$var"], with $var=='foo', will get you the value of $myarray['something_foo']. While I'm not entirely sure about how you're echoing stuff, try just not putting the array reference inside the string. Instead, use the concatenation operator ".": echo 'You are ' . $user['username'] . '. Last login: ' . $user['last_login']'; David Krings wrote: >Hello, > > my name is David and I am new in this group. I do some PHP for fun for my >private web site and well, not to bore you with more details about me, here >is my question. I always stumble across an odd thing with arrays. I read in >many documentations and books that one should use the single quotes when >referencing to an array element, such as $array['element']. Generally, this >works fine and I use it that way, but it always fails when using it in echo >or header statements (and probably a few others). The error I receive is >parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or >T_VARIABLE or T_NUM_STRING. > >I know how to get around this parse error by omitting the single quotes >($array[element] instead of $array['element']), but I somehow am under the >impression as if this isn't really the way to do it. I could assign it to a >variable each time, but that is quite annoying (but maybe the right thing >to do?). > >What is the significance of the single quotes? What is the expert advice on >using or not using them? How would I package the single quote in an echo or >header statement? > > > Any enlightenment is greatly appreciated. > > > David > >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk > >NYPHPCon 2006 Presentations Online >http://www.nyphpcon.com > >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php > > > From shiflett at php.net Sun Sep 10 20:58:37 2006 From: shiflett at php.net (Chris Shiflett) Date: Sun, 10 Sep 2006 20:58:37 -0400 Subject: [nycphp-talk] New to group and array question In-Reply-To: <6.1.2.0.2.20060910200330.02c4c988@pop.snet.yahoo.com> References: <6.1.2.0.2.20060910200330.02c4c988@pop.snet.yahoo.com> Message-ID: <4504B4BD.20701@php.net> David Krings wrote: > I am new in this group. Welcome. :-) > I always stumble across an odd thing with arrays. I read in > many documentations and books that one should use the single > quotes when referencing to an array element, such as > $array['element']. I'm happy to see that you're questioning, but not discarding, PHP dogma. > Generally, this works fine and I use it that way, but it > always fails when using it in echo or header statements (and > probably a few others). Two things: 1. Quoting an array element inside a quoted string can be done with curly braces: "Once upon a {$myarray['time']}, ..." 2. If the arrays you're talking about are superglobals like $_GET and $_POST, both of your examples probably demonstrate security vulnerabilities. Using raw input in an echo creates a cross-site scripting (XSS) vulnerability. Using raw input in a call to header() creates an HTTP response splitting vulnerability. > What is the significance of the single quotes? What is the > expert advice on using or not using them? When you don't use them, your syntax indicates that the array key is a constant. If that constant doesn't exist, PHP will try treating the name of the constant as a string, in case that's what you really meant. The result is that it will "work" most of the time, but it's not completely reliable (what if there happens to be a constant by that name?), and it's very ugly regardless. Hope that helps. Chris -- Chris Shiflett Principal, OmniTI http://omniti.com/ From michael.southwell at nyphp.org Sun Sep 10 21:50:23 2006 From: michael.southwell at nyphp.org (Michael Southwell) Date: Sun, 10 Sep 2006 21:50:23 -0400 Subject: [nycphp-talk] New to group and array question In-Reply-To: <6.1.2.0.2.20060910200330.02c4c988@pop.snet.yahoo.com> References: <6.1.2.0.2.20060910200330.02c4c988@pop.snet.yahoo.com> Message-ID: <6.2.3.4.2.20060910211216.02801450@pop.nyphp.com> At 08:27 PM 9/10/2006, you wrote: >Hello, Just to provide a little background on the answers others have provided: PHP (for whatever reason; presumably a feature and surely not a bug ;-) doesn't allow you to use the normally expected single quotation marks around an array element when the array variable appears within something which has double quotation marks around it, typically an echo statement containing both text and variables, but also possibly a header statement or something else. So something like this is no good, and will throw the error you are getting: echo "The $variable is $array['elementName']"; There are three ways to accomplish what you are trying to do: 1. concatenate: echo "The $variable is " . $array['elementName']; 2. use curly brackets: echo "The $variable is {$array['elementName']}"; 3. NOT RECOMMENDED BUT USUALLY WORKS: don't use the single quotation marks: echo "The $variable is $array[elementName]"; It is a matter of personal preference whether you choose 1 or 2; both work and are fine. #3 causes extra work for PHP and can fail if elementName happens to be a constant; so it should not be used. Chris Shiflett's point about the dangers of using raw superglobal variables in output is a very good one; the point is that if the arrays you are working with contain user-submitted information, you must take special care to sanitize them. Any of the books on security that are around can tell you how to do this. If you are not working with these kinds of arrays, but rather with ones that you have created yourself, you may not need to worry about security issues in using them. > my name is David and I am new in this group. I do some PHP > for fun for my >private web site and well, not to bore you with more details about me, here >is my question. I always stumble across an odd thing with arrays. I read in >many documentations and books that one should use the single quotes when >referencing to an array element, such as $array['element']. Generally, this >works fine and I use it that way, but it always fails when using it in echo >or header statements (and probably a few others). The error I receive is >parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or >T_VARIABLE or T_NUM_STRING. > >I know how to get around this parse error by omitting the single quotes >($array[element] instead of $array['element']), but I somehow am under the >impression as if this isn't really the way to do it. I could assign it to a >variable each time, but that is quite annoying (but maybe the right thing >to do?). > >What is the significance of the single quotes? What is the expert advice on >using or not using them? How would I package the single quote in an echo or >header statement? > > > Any enlightenment is greatly appreciated. > > > David > >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk > >NYPHPCon 2006 Presentations Online >http://www.nyphpcon.com > >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php Michael Southwell, Vice President for Education New York PHP http://www.nyphp.com/training - In-depth PHP Training Courses From 1j0lkq002 at sneakemail.com Mon Sep 11 00:37:28 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Sun, 10 Sep 2006 21:37:28 -0700 Subject: [nycphp-talk] New to group and array question In-Reply-To: <4504B489.9090805@o2group.com> References: <6.1.2.0.2.20060910200330.02c4c988@pop.snet.yahoo.com> <4504B489.9090805@o2group.com> Message-ID: <23246-47120@sneakemail.com> Tim Lieberman tim_lists-at-o2group.com |nyphp dev/internal group use| wrote: > While I'm not entirely sure about how you're echoing stuff, try just >not putting the array reference inside the string. Instead, use the >concatenation operator ".": > > echo 'You are ' . $user['username'] . '. Last login: ' . >$user['last_login']'; > > > Disclaimer: I am no where near the level of the prior responders when it comes to PHP skillz I think this is very good advice, David. If there is one thing I learned about PHP, it is that PHP either makes rational sense or does not ;-) In other words, there is not much actual need to follow "dogma" if you understand how it works, except in those cases where PHP is kinda broke. The hard part is knowing when it is broke, and this list is a *great* resource for that. (please note I do suggest you follow best practices, because you can't recognize what is and isn't "dogma" unless you already know where all the real problems are). To demonstrate, look at your responses here. Chris shows you how to embed the array element value into a string using curly braces (the actual way to do that, if that is what you really want to do). He also shows you (as do others) that concatenation is likely the key to your string building desires. Coming from other languages, you may not "think like that" but in PHP, that is a very good way to think. The concat operator (.) is your friend and works rationally. Also note how Chris defines precisely the use of single and double quotes... they, too are rational and do what they are supposed to do. Finally, back to the first comment from Tim above. Tim wisely immediately alluded to the idea that the way you are "echoing" your stuff may need attention. BINGO. "echo" in some ways is "broken", and is at least partly responsible for the confusion surrounding single and double quotes in strings built from hard coded characters and data values, especially when the data is embedded into arrays, and especially when the coder attempts to extract those values directly into strings "built" to be displayed to the browser. We have come full circle... you could go to curly braces, work out the rational details of the proper single quoted array "keys", and/or recognize that the encompassing "echo" command is imposing some restrictions on the way your content can be described and look at alternative ways to get your built data out to the browser. I hope that's more helpful than it looks. You have all you need to advance in those early responses. -=john andrews -- ------------------------------------------------------------- "If you think this stuff is confusing, you should try optimizing websites for search engine exposure." john andrews SEO http://www.johnon.com From arzala at gmail.com Mon Sep 11 01:17:16 2006 From: arzala at gmail.com (Anirudh Zala) Date: Mon, 11 Sep 2006 10:47:16 +0530 Subject: [nycphp-talk] New to group and array question In-Reply-To: <6.1.2.0.2.20060910200330.02c4c988@pop.snet.yahoo.com> References: <6.1.2.0.2.20060910200330.02c4c988@pop.snet.yahoo.com> Message-ID: On Mon, 11 Sep 2006 05:57:01 +0530, David Krings wrote: > Hello, > > my name is David and I am new in this group. I do some PHP for fun for > my > private web site and well, not to bore you with more details about me, > here > is my question. I always stumble across an odd thing with arrays. I read > in > many documentations and books that one should use the single quotes when > referencing to an array element, such as $array['element']. Generally, > this > works fine and I use it that way, but it always fails when using it in > echo > or header statements (and probably a few others). The error I receive is > parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or > T_VARIABLE or T_NUM_STRING. This could be because you are not properly using them or you do not have clear idea of how to properly quote expressions. > > I know how to get around this parse error by omitting the single quotes > ($array[element] instead of $array['element']), but I somehow am under > the > impression as if this isn't really the way to do it. I could assign it > to a > variable each time, but that is quite annoying (but maybe the right thing > to do?). > > What is the significance of the single quotes? What is the expert advice > on > using or not using them? How would I package the single quote in an echo > or > header statement? Do not just think in terms of 'echo', 'header' or any other construct or function. In much broader sense, just remember simple and golden rule that WHEREVER and WHENEVER variable is to be EXPANDED, CONCAT it with rest of the expression and use 'SINGLE quote' if certain part of the expression is STATIC (i.e. to be used just as it is). In short just using 'single quote' and concatenation you can write 99% code in PHP. This is true everywhere in PHP whether you assign value to variables, print something, define array with elements, pass arguments to function/class methods or evaluate any expression. This is good practice throughout PHP and probably for all other languages. Let me demonstrate few examples. #1 $as__name['first']='David'; (Key of array has been quoted using 'single' quotes because key itself is static, same for value for that array i.e. 'David'; #2 if('David' == $as__name['first']) echo 'Name is '.$as__name['first']; In above logical expression key of array, value to be compared with that array element and conditional echo statement all have been expressed using 'single quotes' only. You can see that left portion of echo expression 'Name is' is not to be expanded that is why used in 'single quotes' but to display real name variable "$as__name['first']" has to be expanded hence it has been concated with first part of the expression. However if you have 'single quote' itself as a part of your expression then escape it with '\' characters like "echo 'My dad\'s name is '.$as__name['first'];") Bottom line: There is not any MANDATORY use of "Double quotes" in PHP except in 1 case when: #a Special sequence like "\n", "\t", "\s" are to be expanded into New line, Tab and Space respectively. In short "double quotes" tries to expand each and every part of the expression, which is not required mot of the time. Hope this will help you clear some basic level of evaluation of expressions. ----------------------------------------------- Anirudh Zala (Project Manager) ASPL, http://www.aspl.in arzala at gmail.com ----------------------------------------------- > > > Any enlightenment is greatly appreciated. > > > David > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From cliff at pinestream.com Mon Sep 11 10:46:32 2006 From: cliff at pinestream.com (cliff) Date: Mon, 11 Sep 2006 09:46:32 -0500 Subject: [nycphp-talk] Javascript IDE for PHP developers Message-ID: <20060911144632.M83924@pinestream.com> Unfortunately, the world is not all PHP. And for those of us that don't have the luxury of a client-side development team, we must occasionally program in Javascript. I don't know about you, but since I don't do it that often, I find it painful to say the least. Was it getElementbyID or GetelementByid? Any thoughs on a good JS IDE equivalent to Zend Studio. I just discovered http://www.aptana.com/ and am learning the Mozilla Venkman debugger. Other ideas? Cliff From chsnyder at gmail.com Mon Sep 11 11:17:23 2006 From: chsnyder at gmail.com (csnyder) Date: Mon, 11 Sep 2006 11:17:23 -0400 Subject: [nycphp-talk] Javascript IDE for PHP developers In-Reply-To: <20060911144632.M83924@pinestream.com> References: <20060911144632.M83924@pinestream.com> Message-ID: On 9/11/06, cliff wrote: > Unfortunately, the world is not all PHP. And for those of us that don't have > the luxury of a client-side development team, we must occasionally program in > Javascript. I don't know about you, but since I don't do it that often, I find > it painful to say the least. Was it getElementbyID or GetelementByid? > > Any thoughs on a good JS IDE equivalent to Zend Studio. > > I just discovered http://www.aptana.com/ and am learning the Mozilla Venkman > debugger. Other ideas? > > Cliff Aptana is a good way to go, since the (several months old) rumor is that the next generation of Zend Studio is going to be built on Eclipse. Since Aptana can be installed as either standalone or Eclipse extensions (or is it modules?) you'll get two IDEs for the memory footprint of one. Right now, running Aptana side by side with the Zend IDE is a little painful. Also, not an IDE but since you mention Venkman... I can't say enough good things about the Firebug extension for Firefox. -- Chris Snyder http://chxo.com/ From tacofighter at gmail.com Mon Sep 11 11:53:23 2006 From: tacofighter at gmail.com (Aaron Deutsch) Date: Mon, 11 Sep 2006 11:53:23 -0400 Subject: [nycphp-talk] LiveUser Message-ID: Has anyone used the pear LiveUser auth classes? Are they worth the hassle of setting up and trying (also still in beta) or is there a better/easier user login management tool available. thanks, aaron d. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rolson at aeso.org Mon Sep 11 12:19:40 2006 From: rolson at aeso.org (Rick Olson) Date: Mon, 11 Sep 2006 09:19:40 -0700 Subject: [nycphp-talk] Javascript IDE for PHP developers In-Reply-To: <20060911144632.M83924@pinestream.com> References: <20060911144632.M83924@pinestream.com> Message-ID: <45058C9C.7090907@aeso.org> It's actually choice c) getElementById() ~ Rick cliff wrote: > Unfortunately, the world is not all PHP. And for those of us that don't have > the luxury of a client-side development team, we must occasionally program in > Javascript. I don't know about you, but since I don't do it that often, I find > it painful to say the least. Was it getElementbyID or GetelementByid? > > Any thoughs on a good JS IDE equivalent to Zend Studio. > > I just discovered http://www.aptana.com/ and am learning the Mozilla Venkman > debugger. Other ideas? > > Cliff > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > From ken at secdat.com Mon Sep 11 12:26:09 2006 From: ken at secdat.com (Kenneth Downs) Date: Mon, 11 Sep 2006 12:26:09 -0400 Subject: [nycphp-talk] Javascript IDE for PHP developers In-Reply-To: <45058C9C.7090907@aeso.org> References: <20060911144632.M83924@pinestream.com> <45058C9C.7090907@aeso.org> Message-ID: <45058E21.8010007@secdat.com> Rick Olson wrote: > It's actually choice c) getElementById() > game set and match to Cliff :) > ~ > Rick > > cliff wrote: > >> Unfortunately, the world is not all PHP. And for those of us that don't have >> the luxury of a client-side development team, we must occasionally program in >> Javascript. I don't know about you, but since I don't do it that often, I find >> it painful to say the least. Was it getElementbyID or GetelementByid? >> >> Any thoughs on a good JS IDE equivalent to Zend Studio. >> >> I just discovered http://www.aptana.com/ and am learning the Mozilla Venkman >> debugger. Other ideas? >> >> Cliff >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> >> >> >> > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ken.vcf Type: text/x-vcard Size: 261 bytes Desc: not available URL: From dmintz at davidmintz.org Mon Sep 11 12:34:06 2006 From: dmintz at davidmintz.org (David Mintz) Date: Mon, 11 Sep 2006 12:34:06 -0400 (EDT) Subject: [nycphp-talk] New to group and array question In-Reply-To: <6.2.3.4.2.20060910211216.02801450@pop.nyphp.com> References: <6.1.2.0.2.20060910200330.02c4c988@pop.snet.yahoo.com> <6.2.3.4.2.20060910211216.02801450@pop.nyphp.com> Message-ID: On Sun, 10 Sep 2006, Michael Southwell wrote: > > There are three ways to accomplish what you are trying to do: > 1. concatenate: echo "The $variable is " . $array['elementName']; > 2. use curly brackets: echo "The $variable is {$array['elementName']}"; > 3. NOT RECOMMENDED BUT USUALLY WORKS: don't use the single quotation > marks: echo "The $variable is $array[elementName]"; > > It is a matter of personal preference whether you choose 1 or 2; both > work and are fine. #3 causes extra work for PHP and can fail if > elementName happens to be a constant; so it should not be used. Are you sure? I thought PHP does not try to evaluate constants within double-quoted strings. Therefore it is a little weird-looking (because it look inconsistent with our good quoting practices) but nevertheless perfectly kosher to do #3. Or am I wrong about that? --- David Mintz http://davidmintz.org/ Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. From shiflett at php.net Mon Sep 11 13:50:54 2006 From: shiflett at php.net (Chris Shiflett) Date: Mon, 11 Sep 2006 13:50:54 -0400 Subject: [nycphp-talk] New to group and array question In-Reply-To: References: <6.1.2.0.2.20060910200330.02c4c988@pop.snet.yahoo.com> <6.2.3.4.2.20060910211216.02801450@pop.nyphp.com> Message-ID: <4505A1FE.9070609@php.net> David Mintz wrote: > I thought PHP does not try to evaluate constants within > double-quoted strings. I've never tried it, but you're right: constant

'; $myarray['index'] = '

string

'; echo "$myarray[index]"; echo "{$myarray[index]}"; echo $myarray[index]; ?> I still thinks it's a stretch to call this "kosher." Weird is what I would call it. :-) Chris -- Chris Shiflett Principal, OmniTI http://omniti.com/ From chsnyder at gmail.com Mon Sep 11 14:11:35 2006 From: chsnyder at gmail.com (csnyder) Date: Mon, 11 Sep 2006 14:11:35 -0400 Subject: [nycphp-talk] New to group and array question In-Reply-To: <4504B489.9090805@o2group.com> References: <6.1.2.0.2.20060910200330.02c4c988@pop.snet.yahoo.com> <4504B489.9090805@o2group.com> Message-ID: On 9/10/06, Tim Lieberman wrote: > David, > > In general, yes, use single quotes. Using double-quotes will cause > PHP to interpret the string, and is necessary if the key has a variable > in it, for example: $myarray["something_$var"], with $var=='foo', will > get you the value of $myarray['something_foo']. > > While I'm not entirely sure about how you're echoing stuff, try just > not putting the array reference inside the string. Instead, use the > concatenation operator ".": > > echo 'You are ' . $user['username'] . '. Last login: ' . > $user['last_login']'; > For what its worth, you need to use a similar strategy when referencing object properties that are more than one "level" deep. "Hello $user->name." will work, but "Hello $auth->user->name." will not. -- Chris Snyder http://chxo.com/ From jbaer at VillageVoice.com Mon Sep 11 14:42:41 2006 From: jbaer at VillageVoice.com (Baer, Jon) Date: Mon, 11 Sep 2006 14:42:41 -0400 Subject: [nycphp-talk] Javascript IDE for PHP developers In-Reply-To: <20060911144632.M83924@pinestream.com> Message-ID: <4D2FAD9B00577645932AD7ED5FECA245033A03D5@mail> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I find it much easier to get attached to one of the 2.x frameworks (prototype/scriptac, jquery/interface) and write out tidbits of code into the templates of Zend Studio .. Ie: For example this whole tidbit would be script[tab]ajaxreq[tab] + then tab across and fill in what's needed. Pretty handy. Also ... $('#Some_people_do_not_need_to_remember_if_it_was_getElementbyID_or_Gete lementByid_because_they_have_this_amazing_dollar_function_now').hide(); :-) - - Jon - -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of cliff Sent: Monday, September 11, 2006 10:47 AM To: talk at lists.nyphp.org Subject: [nycphp-talk] Javascript IDE for PHP developers Unfortunately, the world is not all PHP. And for those of us that don't have the luxury of a client-side development team, we must occasionally program in Javascript. I don't know about you, but since I don't do it that often, I find it painful to say the least. Was it getElementbyID or GetelementByid? Any thoughs on a good JS IDE equivalent to Zend Studio. I just discovered http://www.aptana.com/ and am learning the Mozilla Venkman debugger. Other ideas? Cliff _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) iD8DBQFFBa4h99e5DI8C/rsRAkcQAKCfxCUNxflAFEaB0GjRLqotVGEpoACguaqF 6r3DuIC3WgB4Is47uAXPy/M= =fqaP -----END PGP SIGNATURE----- From chsnyder at gmail.com Mon Sep 11 18:18:47 2006 From: chsnyder at gmail.com (csnyder) Date: Mon, 11 Sep 2006 18:18:47 -0400 Subject: [nycphp-talk] Javascript IDE for PHP developers In-Reply-To: <4D2FAD9B00577645932AD7ED5FECA245033A03D5@mail> References: <20060911144632.M83924@pinestream.com> <4D2FAD9B00577645932AD7ED5FECA245033A03D5@mail> Message-ID: On 9/11/06, Baer, Jon wrote: > > Also ... > > $('#Some_people_do_not_need_to_remember_if_it_was_getElementbyID_or_Gete > lementByid_because_they_have_this_amazing_dollar_function_now').hide(); > Yeah, $() should just be added to the DOM standard... Except that it's really window.$(), which means it should be added to ECMAscript. But it deals with DOM. Dang, I guess that's never gonna happen. From tim_lists at o2group.com Mon Sep 11 18:26:55 2006 From: tim_lists at o2group.com (Tim Lieberman) Date: Mon, 11 Sep 2006 16:26:55 -0600 Subject: [nycphp-talk] Javascript IDE for PHP developers In-Reply-To: <45058C9C.7090907@aeso.org> References: <20060911144632.M83924@pinestream.com> <45058C9C.7090907@aeso.org> Message-ID: <4505E2AF.5020309@o2group.com> One of the nice things about javascript is that it's consistent in naming internal functions. You shouldn't have to look up getElementById(), because built-in methods all follow thisKindOfConvention (is that camel-case?). One of the things people complain about in php is that it's hard to remember what built-ins have underscores, etc. -Tim Rick Olson wrote: >It's actually choice c) getElementById() > >~ >Rick > >cliff wrote: > > >>Unfortunately, the world is not all PHP. And for those of us that don't have >>the luxury of a client-side development team, we must occasionally program in >>Javascript. I don't know about you, but since I don't do it that often, I find >>it painful to say the least. Was it getElementbyID or GetelementByid? >> >>Any thoughs on a good JS IDE equivalent to Zend Studio. >> >>I just discovered http://www.aptana.com/ and am learning the Mozilla Venkman >>debugger. Other ideas? >> >>Cliff >>_______________________________________________ >>New York PHP Community Talk Mailing List >>http://lists.nyphp.org/mailman/listinfo/talk >> >>NYPHPCon 2006 Presentations Online >>http://www.nyphpcon.com >> >>Show Your Participation in New York PHP >>http://www.nyphp.org/show_participation.php >> >> >> >> >> > >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk > >NYPHPCon 2006 Presentations Online >http://www.nyphpcon.com > >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php > > > From ramons at gmx.net Mon Sep 11 19:51:51 2006 From: ramons at gmx.net (David Krings) Date: Mon, 11 Sep 2006 19:51:51 -0400 Subject: [nycphp-talk] New to group and array question In-Reply-To: References: Message-ID: <6.1.2.0.2.20060911184401.02cb7d50@pop.gmx.net> Hi! First of all, thank you for the great responses that pretty much cleared up my initial questions, but generated a few new ones. I will cut this digest down to some useful length (apologies to those who are hooked on thread IDs). At 11:53 AM 9/11/2006, you wrote: > In general, yes, use single quotes. Using double-quotes will cause >PHP to interpret the string, and is necessary if the key has a variable >in it, for example: $myarray["something_$var"], with $var=='foo', will >get you the value of $myarray['something_foo']. Single quotes it is. > While I'm not entirely sure about how you're echoing stuff, try just >not putting the array reference inside the string. Instead, use the >concatenation operator ".": > > echo 'You are ' . $user['username'] . '. Last login: ' . >$user['last_login']'; I echoed stuff this way: echo "This is for $lovedones['wife']!"; That throws this parse error parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING. So, the correct(er) way is echo "This is for ".$lovedones['wife']."!"; Duh! That apparently was just too easy to figure it out myself. > > I always stumble across an odd thing with arrays. I read in > > many documentations and books that one should use the single > > quotes when referencing to an array element, such as > > $array['element']. > >I'm happy to see that you're questioning, but not discarding, PHP dogma. I always assume that there are good reasons for designing something that blatantly inconsitent. It is just that I don't know about it, which doesn't mean that it is wrong. >1. Quoting an array element inside a quoted string can be done with >curly braces: > >"Once upon a {$myarray['time']}, ..." Ui! Curly braces. I haven't seen that one before, but a quick test shows that it indeed works (one of these I need to see it to believe it things). Will probably not become my most favourite way of doing this. I already know the concatenation stuff and understand what it does. >2. If the arrays you're talking about are superglobals like $_GET and >$_POST, both of your examples probably demonstrate security >vulnerabilities. Using raw input in an echo creates a cross-site >scripting (XSS) vulnerability. Using raw input in a call to header() >creates an HTTP response splitting vulnerability. Aha, no idea what that is. I do not want to design breakage into my script, so here quickly what I want to do. I use the header() mainly for redirects (and for turning off cache using code that I copied from the php.net site comments). In order to properly redirect I need to know what the root folder of my set of scripts is. As long as the directory hierarchy, the directory names, and the name of the start script stay intact it will not matter where on a server this block of files is located. On the first script I generate the redirect path section that I can use in all other scripts like this: // Make path for redirects $path = "http://"; $path = $path.$_SERVER['HTTP_HOST']; $script = $_SERVER['PHP_SELF']; $script = str_replace("/login.php", "", $script); $path = $path.$script; I then register $path with the session that I started earlier using $_SESSION['sessionredirectpath'] = $path; and use it later in scripts for redirects like this: header("location:$_SESSION[sessionredirectpath]/administration/adminwelcome.php"); which really should be this: header("location:".$_SESSION['sessionredirectpath']."/administration/adminwelcome.php"); [...] I read that stuff about the constants issue somewhere after I posted. >3. NOT RECOMMENDED BUT USUALLY WORKS: don't use the single quotation >marks: echo "The $variable is $array[elementName]"; Yes, it works and in the worst case I can pick german variable names. Chances are the PHP folks will not introduce german keywords or constants. Besides the constants issue, is there anything else that makes not using the single quotes a bad idea? I ask because I use some scripts that I hacked together some time ago and for the time being they do their jobs. In case of some security issue I might want to pull them sooner than later. >security that are around can tell you how to do this. If you are not >working with these kinds of arrays, but rather with ones that you >have created yourself, you may not need to worry about security >issues in using them. So you are saying that the way I described it above might be OK since I set the session variable myself, correct? >I think this is very good advice, David. If there is one thing I learned >about PHP, it is that PHP either makes rational sense or does not ;-) In >other words, there is not much actual need to follow "dogma" if you >understand how it works, except in those cases where PHP is kinda broke. >The hard part is knowing when it is broke, and this list is a *great* >resource for that. (please note I do suggest you follow best practices, >because you can't recognize what is and isn't "dogma" unless you already >know where all the real problems are). Using the period as concatenation character is most likely one of those cases where PHP is broken, at least in my opinion. PHP is the only language that uses the period as far as I have seen. I have to admit that I haven't seen much in regards to programming. Actually, I hate programming, it is just that with PHP it is by far not so painful. And it is a good excercise for me as software tester to be not totally at the mercy of the developers. >STATIC (i.e. to be used just as it is). In short just using 'single quote' >and concatenation you can write 99% code in PHP. This is true everywhere >in PHP whether you assign value to variables, print something, define >array with elements, pass arguments to function/class methods or evaluate >any expression. This is good practice throughout PHP and probably for all >other languages. Let me demonstrate few examples. >#1 > >$as__name['first']='David'; > >(Key of array has been quoted using 'single' quotes because key itself is >static, same for value for that array i.e. 'David'; > >#2 > >if('David' == $as__name['first']) > echo 'Name is '.$as__name['first']; The examples really helped understanding your point. I am sure that the vast majority of casual and even semi-professional PHP users always uses the double quote because this is how the official PHP documentation tells one to do. I just checked again and in the document topic about echo and only a single example shows it used with the single quotes. That though in combination with the note "Using single quotes will print the variable name, not the value", which for the newvbie sounds bad. The PHP documentors should use your example and explanation, it makes it easier somehow. >Bottom line: There is not any MANDATORY use of "Double quotes" in PHP >except in 1 case when: > >#a Special sequence like "\n", "\t", "\s" are to be expanded into New >line, Tab and Space respectively. Now, that really sucks, doesn't it? I can't come up with a better proposal without violation the "anything in single quotes is static" rule. >In short "double quotes" tries to expand each and every part of the >expression, which is not required mot of the time. Hope this will help you >clear some basic level of evaluation of expressions. Yes, indeed it does and all your superb responses cleared up quite a bit of other things as well. Wow! I haven't learned that much about PHP in such a short time for quite a while. Thank you very very much and I hope I don't get beaten up over this quite lengthy response. Best regards, David From arzala at gmail.com Tue Sep 12 00:22:14 2006 From: arzala at gmail.com (Anirudh Zala) Date: Tue, 12 Sep 2006 09:52:14 +0530 Subject: [nycphp-talk] Javascript IDE for PHP developers In-Reply-To: <20060911144632.M83924@pinestream.com> References: <20060911144632.M83924@pinestream.com> Message-ID: Here I would like to answer your question in different way. If your problem area is only of highlighting syntax then instead of finding new or better IDE, you can try to "tweak" existing IDE so that it will start highlighting required missing keywords, functions, properties. If you are on Linux machine then most of IDEs are smart enough that they can be configured the way we want. For example we use "Quanta editor" (sometimes known as "kdewebdev") on Fedora 4 in which you can add your custom entities to be highlighted if existing database of entities is not highlighting everything. In case of Java-Script there resides a file called "/usr/share/apps/katepart/syntax/javascript.xml" which you can easily edit and add custom entities (even user-defined ones :) ) to highlight them. Not just JavaScript but you can configure highlighting entities of almost all supported types of that IDE. Just browse directory "/usr/share/apps/katepart/syntax/". This answer might not be useful to you, but can be for others if they can't easily switch to different IDEs. Thanks Zala ----------------------------------------------- Anirudh Zala (Project Manager) ASPL, http://www.aspl.in arzala at gmail.com ----------------------------------------------- On Mon, 11 Sep 2006 20:16:32 +0530, cliff wrote: > Unfortunately, the world is not all PHP. And for those of us that don't > have > the luxury of a client-side development team, we must occasionally > program in > Javascript. I don't know about you, but since I don't do it that often, > I find > it painful to say the least. Was it getElementbyID or GetelementByid? > > Any thoughs on a good JS IDE equivalent to Zend Studio. > > I just discovered http://www.aptana.com/ and am learning the Mozilla > Venkman > debugger. Other ideas? > > Cliff > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From m2 at mutemuse.com Tue Sep 12 14:29:06 2006 From: m2 at mutemuse.com (Nathan Lavertue) Date: Tue, 12 Sep 2006 14:29:06 -0400 Subject: [nycphp-talk] Force download In-Reply-To: References: Message-ID: <5EF8C112-0C6B-48D5-A5FE-AB38181E19C5@mutemuse.com> Any reason why the following script wouldn't force download the file in question with the appropiate name in all situations? Works in a few browsers, but, not while using the Internet Browser on the PSP. Tries to save the file 'download.php' instead of the actual video file. Thanks Nathan Lavertue Lead Designer & Developer - New Formats Sony Music Studios - X Media Group On Sep 11, 2006, at 11:53 AM, Aaron Deutsch wrote: > Has anyone used the pear LiveUser auth classes? Are they worth the > hassle of setting up and trying (also still in beta) or is there a > better/easier user login management tool available. > > thanks, > aaron d. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From ps at pswebcode.com Tue Sep 12 14:48:30 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Tue, 12 Sep 2006 14:48:30 -0400 Subject: [nycphp-talk] Force download In-Reply-To: <5EF8C112-0C6B-48D5-A5FE-AB38181E19C5@mutemuse.com> Message-ID: <003301c6d69c$0ab5b2c0$6401a8c0@Rubicon> Try to box it in a bit more. For example, will other file types download successfully. [Typically, .zip files will always download properly.] Try appropriately filled out inclusion of additional headers as suggested in below sample: $filename = "MAQ09718.MP4"; header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: private",false); header("Content-Type: application/force-download"); header("Content-Disposition: attachment; filename=\"".basename($filename)."\";" ); header("Content-Transfer-Encoding: binary"); header("Content-Length: ".filesize($filename)); Google "force file download issues php" to find more headers you may need. Call directly to and/or surf manufacturer's site for known issues / browser version issues. Warmest regards, Peter Sawczynec, Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management ps at pswebcode.com 646.316.3678 www.pswebcode.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Nathan Lavertue Sent: Tuesday, September 12, 2006 2:29 PM To: NYPHP Talk Subject: [nycphp-talk] Force download Any reason why the following script wouldn't force download the file in question with the appropiate name in all situations? Works in a few browsers, but, not while using the Internet Browser on the PSP. Tries to save the file 'download.php' instead of the actual video file. Thanks Nathan Lavertue Lead Designer & Developer - New Formats Sony Music Studios - X Media Group On Sep 11, 2006, at 11:53 AM, Aaron Deutsch wrote: Has anyone used the pear LiveUser auth classes? Are they worth the hassle of setting up and trying (also still in beta) or is there a better/easier user login management tool available. thanks, aaron d. _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From jellicle at gmail.com Tue Sep 12 15:02:30 2006 From: jellicle at gmail.com (Michael Sims) Date: Tue, 12 Sep 2006 15:02:30 -0400 Subject: [nycphp-talk] Force download In-Reply-To: <5EF8C112-0C6B-48D5-A5FE-AB38181E19C5@mutemuse.com> References: <5EF8C112-0C6B-48D5-A5FE-AB38181E19C5@mutemuse.com> Message-ID: <200609121502.30652.jellicle@gmail.com> On Tuesday 12 September 2006 2:29 pm, Nathan Lavertue wrote: > Any reason why the following script wouldn't force download the file > in question with the appropiate name in all situations? Works in a > few browsers, but, not while using the Internet Browser on the PSP. > Tries to save the file 'download.php' instead of the actual video file. Some browsers continue, in 2006, to ignore all hints about what the appropriate filename of a downloaded file should be. Try hitting the download URL like this: http://yoururl.com/download.php?foo=MAQ09718.MP4 The browser may well be stupid enough to just grab the last part of the URL and use that as the filename of the downloaded file. Michael Sims From lists at danhorning.com Tue Sep 12 21:53:42 2006 From: lists at danhorning.com (Dan Horning) Date: Tue, 12 Sep 2006 21:53:42 -0400 Subject: [nycphp-talk] Force download In-Reply-To: <200609121502.30652.jellicle@gmail.com> References: <5EF8C112-0C6B-48D5-A5FE-AB38181E19C5@mutemuse.com> <200609121502.30652.jellicle@gmail.com> Message-ID: <450764A6.4090006@danhorning.com> it may not be ideal but using MOD_rewrite to solve this issue just might be the way to solve it. i've got notes that i'll add when i get home - currently i'm sitting in the starbucks next to penn station. Michael Sims wrote: > On Tuesday 12 September 2006 2:29 pm, Nathan Lavertue wrote: > > >> Any reason why the following script wouldn't force download the file >> in question with the appropiate name in all situations? Works in a >> few browsers, but, not while using the Internet Browser on the PSP. >> Tries to save the file 'download.php' instead of the actual video file. >> > > Some browsers continue, in 2006, to ignore all hints about what the > appropriate filename of a downloaded file should be. Try hitting the > download URL like this: > > http://yoururl.com/download.php?foo=MAQ09718.MP4 > > The browser may well be stupid enough to just grab the last part of the URL > and use that as the filename of the downloaded file. > > Michael Sims > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- Dan Horning - danhorning.com American Digital Services - americandigitalservices.com Where you are only limited by imagination. 1-866-493-4218 (direct) / 1-800-863-3854 (main number) From prusak at gmail.com Wed Sep 13 10:00:02 2006 From: prusak at gmail.com (Ophir Prusak) Date: Wed, 13 Sep 2006 10:00:02 -0400 Subject: [nycphp-talk] Calling Hans Zaunere Message-ID: Hi Hans, I tried sending you email but all of the addresses I have bounced. Please send me your email :) Thanks Ophir -- Ophir Prusak http://www.prusak.com From lists at genoverly.net Thu Sep 14 08:37:20 2006 From: lists at genoverly.net (michael) Date: Thu, 14 Sep 2006 08:37:20 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." Message-ID: <20060914083720.543b9371@wit.genoverly.com> http://www.internetnews.com/dev-news/article.php/3631831 " Those are the words that Rasmus Lerdorf, the creator of PHP, said to kick off his keynote at the php|works conference under way here. ... "The Web is pretty much broken, we can all go home now," Lerdorf said somewhat sarcastically to the capacity crowd. "Luckily most people don't realize that it's broken." Part of the reason Lerdorf considers the Web "broken" is that it is inherently insecure for a variety of reasons. One of those reasons sits at the feet of developers. "You don't know that you have to filter user input," Lerdorf exclaimed. " Everybody is preaching security (gurus on this list included). So, why hasn't it caught fire? Here's my quick-list.. 1. it is easy to ignore it and the app still works in your test environment.. and you didn't waste valuable time auditting! (tongue in cheek) "Despite your Herculean timetable, Mr. Client, the app is ready. Now I'm going to have to bill you extra hours to do a security audit and documentation." "umm.. no thanks, Mr. Developer. I don't have the budget for your bill padding". 2. php is easy to use and popular; low adoption barriers. a. newbies haven't been burned yet or don't know best practices b. popularity brings the dark side for low hanging fruit c. terms like 'x-site scripting' and 'db injection' are confusing buzzwords to the newly introduced and (despite efforts) are not defined well enough; besides, buzzwords get ignored anyway. d. "eewww.. that can/will not happen to me" 3. it isn't preached enough -- Michael From mailinglists at caseysoftware.com Thu Sep 14 09:00:36 2006 From: mailinglists at caseysoftware.com (Keith Casey) Date: Thu, 14 Sep 2006 09:00:36 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: <20060914083720.543b9371@wit.genoverly.com> References: <20060914083720.543b9371@wit.genoverly.com> Message-ID: On 9/14/06, michael wrote: > a. newbies haven't been burned yet or don't know best practices > b. popularity brings the dark side for low hanging fruit I think there's another problem related to these two. There are a number of open source apps out there setting horrible examples for the rest of us. I - like many around here most likely - picked up php coming from other languages. Therefore, since I knew the concepts and wanted to focus on syntax, my tendancy was to look at how other people were doing things and learn from there. > c. terms like 'x-site scripting' and 'db injection' are > confusing buzzwords to the newly introduced and (despite > efforts) are not defined well enough; besides, > buzzwords get ignored anyway. Last night at DCPHP, I was speaking with a couple people who hadn't heard of either concept. After a quick walkthrough, it started to make sense to them, but I was surprised at their ignorance (in the strictest definition of the word). > 3. it isn't preached enough And it needs to be hammered into people... some on this list have been responsible for driving this area but I think it needs to go a step farther. Any idea what that step should be? kc -- D. Keith Casey Jr. CEO, CaseySoftware, LLC http://CaseySoftware.com From tedd at sperling.com Thu Sep 14 09:22:52 2006 From: tedd at sperling.com (tedd) Date: Thu, 14 Sep 2006 09:22:52 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: <20060914083720.543b9371@wit.genoverly.com> References: <20060914083720.543b9371@wit.genoverly.com> Message-ID: At 8:37 AM -0400 9/14/06, michael wrote: >http://www.internetnews.com/dev-news/article.php/3631831 >" > Those are the words that Rasmus Lerdorf, the creator of PHP, > said to kick off his keynote at the php|works conference under > way here. > ... > "The Web is pretty much broken, we can all go home now," > Lerdorf said somewhat sarcastically to the capacity crowd. > "Luckily most people don't realize that it's broken." > > Part of the reason Lerdorf considers the Web "broken" is that > it is inherently insecure for a variety of reasons. One of those > reasons sits at the feet of developers. > > "You don't know that you have to filter user input," Lerdorf > exclaimed. >" > >Everybody is preaching security (gurus on this list included). So, why >hasn't it caught fire? Here's my quick-list.. > >1. it is easy to ignore it and the app still works in your test > environment.. and you didn't waste valuable time auditting! > (tongue in cheek) "Despite your Herculean timetable, Mr. > Client, the app is ready. Now I'm going to have to bill you > extra hours to do a security audit and documentation." > "umm.. no thanks, Mr. Developer. I don't have the budget for > your bill padding". > >2. php is easy to use and popular; low adoption barriers. > a. newbies haven't been burned yet or don't know best practices > b. popularity brings the dark side for low hanging fruit > c. terms like 'x-site scripting' and 'db injection' are > confusing buzzwords to the newly introduced and (despite > efforts) are not defined well enough; besides, > buzzwords get ignored anyway. > d. "eewww.. that can/will not happen to me" > >3. it isn't preached enough Not that my comments solve anything, but wasn't the web was designed by newbies? No disrespect meant, but every step forward in web development was new and obviously done without full consideration for what was being developed and the hazards that might accompany each step. So what we have now, as I see it, is dealing with a gamut of problems that weren't properly addressed in the beginning, such as spam, security, and legacy ASCII issues. The history of "why", might help in the "how" to solve the problem. Just my $0.02. tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From dcech at phpwerx.net Thu Sep 14 09:40:11 2006 From: dcech at phpwerx.net (Dan Cech) Date: Thu, 14 Sep 2006 09:40:11 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: <20060914083720.543b9371@wit.genoverly.com> References: <20060914083720.543b9371@wit.genoverly.com> Message-ID: <45095BBB.9080803@phpwerx.net> michael wrote: > http://www.internetnews.com/dev-news/article.php/3631831 > " > Those are the words that Rasmus Lerdorf, the creator of PHP, > said to kick off his keynote at the php|works conference under > way here. > ... > "The Web is pretty much broken, we can all go home now," > Lerdorf said somewhat sarcastically to the capacity crowd. > "Luckily most people don't realize that it's broken." > > Part of the reason Lerdorf considers the Web "broken" is that > it is inherently insecure for a variety of reasons. One of those > reasons sits at the feet of developers. > > "You don't know that you have to filter user input," Lerdorf > exclaimed. > " Personally, I'm of the opinion that right now people tend to focus too much on input filtering, and not enough on safe storage and display practices. If you are correctly handling incoming data, it makes little difference what that data may be. For example, if you construct a query like: $query = "SELECT * FROM mytable WHERE myid='$someid'"; You are obviously vulnerable to assorted SQL injection attacks. However, construct the query like: $query = 'SELECT * FROM mytable WHERE myid='. mysql_real_escape_string($someid); or: $query = 'SELECT * FROM mytable WHERE myid=?'; $args = array( $someid, ); And you have prevented the attack, regardless of the contents of $someid. This is because you are correctly formatting the data in context, in this case as an SQL string. The same goes for displaying data on a webpage, pass it through htmlspecialchars and you'll be guaranteed that it is correctly formatted as a block of HTML CDATA. The security breach comes from treating the data incorrectly, not from its contents. That said, if you need to display html received from the client as html, you need input filtering to separate the bad from the good. However, these cases are not the norm, and in many situations input filtering is merely restricting the data you're allowing clients to input, without any real security gains. If you need to enforce certain restrictions on user input, according to the 'rules' of the system then input filtering is a great idea, but don't get caught up in thinking that filtering input is the answer to all security problems. Dan From ps at pswebcode.com Thu Sep 14 10:21:42 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Thu, 14 Sep 2006 10:21:42 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: <45095BBB.9080803@phpwerx.net> Message-ID: <001101c6d809$19e5e580$6401a8c0@Rubicon> It would seem that it would be more optimally secure to both: i) correctly handle the data, but also to ii) check for what the data is. That would include checking length and data type. Wrong data types and too long strings can break SQL queries. But, hypothetically, if one is stuffing all their data into type VARCHAR fields all kinds of things will get handled. But, later data summary reports from the database can produce inaccurate results. I was just reviewing Adobe best practices on Flash ActionScript 2.0 and they suggested that all variables be declared and be strongly typed to force your application to throw errors immediately when wrong data types get sent to a function. The ActionScript strong data typing is of the form: var cust_first_name : string var this_date : Date It appears that almost every other language competitively positioned to PHP forces discipline a bit more, starting with making one know the expected data type(s) at all junctures. Warmest regards, Peter Sawczynec, Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management ps at pswebcode.com 646.316.3678 www.pswebcode.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Dan Cech Sent: Thursday, September 14, 2006 9:40 AM To: NYPHP Talk Subject: Re: [nycphp-talk] "The Web is broken and it's all your fault." michael wrote: > http://www.internetnews.com/dev-news/article.php/3631831 > " > Those are the words that Rasmus Lerdorf, the creator of PHP, > said to kick off his keynote at the php|works conference under > way here. > ... > "The Web is pretty much broken, we can all go home now," > Lerdorf said somewhat sarcastically to the capacity crowd. > "Luckily most people don't realize that it's broken." > > Part of the reason Lerdorf considers the Web "broken" is that > it is inherently insecure for a variety of reasons. One of those > reasons sits at the feet of developers. > > "You don't know that you have to filter user input," Lerdorf > exclaimed. > " Personally, I'm of the opinion that right now people tend to focus too much on input filtering, and not enough on safe storage and display practices. If you are correctly handling incoming data, it makes little difference what that data may be. For example, if you construct a query like: $query = "SELECT * FROM mytable WHERE myid='$someid'"; You are obviously vulnerable to assorted SQL injection attacks. However, construct the query like: $query = 'SELECT * FROM mytable WHERE myid='. mysql_real_escape_string($someid); or: $query = 'SELECT * FROM mytable WHERE myid=?'; $args = array( $someid, ); And you have prevented the attack, regardless of the contents of $someid. This is because you are correctly formatting the data in context, in this case as an SQL string. The same goes for displaying data on a webpage, pass it through htmlspecialchars and you'll be guaranteed that it is correctly formatted as a block of HTML CDATA. The security breach comes from treating the data incorrectly, not from its contents. That said, if you need to display html received from the client as html, you need input filtering to separate the bad from the good. However, these cases are not the norm, and in many situations input filtering is merely restricting the data you're allowing clients to input, without any real security gains. If you need to enforce certain restrictions on user input, according to the 'rules' of the system then input filtering is a great idea, but don't get caught up in thinking that filtering input is the answer to all security problems. Dan _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From prusak at gmail.com Thu Sep 14 10:28:33 2006 From: prusak at gmail.com (Ophir Prusak) Date: Thu, 14 Sep 2006 10:28:33 -0400 Subject: [nycphp-talk] To Smarty Or Not to Smarty: That Is The Question In-Reply-To: <455.563a2a9.322e1929@aol.com> References: <455.563a2a9.322e1929@aol.com> Message-ID: I used to teach smarty for zend.com. Based on your comments and the comments from other people, I'd like to split your post into three questions: 1 - Should I be separating my "business logic" from my presentation layer / presentation logic. 2 - Should I use Smarty (or some other solution) in order to separate my business logic and presentation. 3 - Should I be using an OOP solution. Question 3 is beyond the scope of this answer, so lets just look at questions 1 and 2. 1. Should I be separating my "business logic" from my presentation layer / presentation logic. For the most part, the answer YES. Your comment of: > I also cannot stand the editing of multiple documents, both containing bits > and pieces of logic - I know, one is application logic, the other is display > logic.... is this really logical? Bouncing between documents does not seem > efficient, and it also seems quite possible that a web designer could still > screw up the display logic.... hmmm... leads me to believe that you're not so sure about this :) See http://en.wikipedia.org/wiki/Business_logic for further discussion on the matter. Or just search google for terms like MVC or multi-tier-architecture. Regarding using Smarty as your implementation, personally, I think it's great. I know there are other great solutions out there so it really depends on your requirements. Keep in mind that Smarty actually does more than just separate business from presentation. For example, It has some very nice caching features. See http://smarty.php.net/rightforme.php and http://smarty.php.net/whyuse.php for more info. When considering what software package / solution to use for any given task, I like to use the analogy of buying a car. There is no single car that's "best" or right for everyone. There are plenty factors you need to take into account when deciding what to get, but at the end of the day, there will be many solutions that will meet your needs. Hope that helped - Ophir On 9/4/06, LeeEyerman at aol.com wrote: > > TO SMARTY OR NOT TO SMARTY: THAT IS THE QUESTION > > A client of mine is debating, rather furiously, the merits of using Smarty > in their upcoming web-applications. Up to this point, I have not used > Smarty - and I will admit it - I am an old school programmer who hates OOP, > and to me, Smarty looks like another ill-conceived paradigm developed in OOP > that creates a lot more hassle than it solves. > > We are a small organization. We do not have more than two PHP developers > working on a project at a time. Our designer works closely with us to > integrate CSS, Javascript, etc. The web sites we create are for government > agencies and do not change often, and if they do change, they do not change > very much. > > I understand the concept behind smarty - separate logic and display. > However, I do not think Smarty is an end-all solution to all web sites - as > many people are trying to sell it. This article, Smarty for Dummies, shares > many of the thoughts and opinions I have about Smarty: > http://www.fudnik.com/main/tiki-read_article.php?articleId=7 > - it is a good read. > > Can anyone give any guidance about when to and when not to use Smarty? Does > anyone agree/disagree that Smarty may just be a giant abstraction of logic > and design, wrapped in a horrible OOP mess? Does anyone agree/disagree that > using Smarty in small applications, that do not change much, and do not have > separate (or large) development teams may be more burdensome than it is > worth? Is anyone concerned that using Smarty as part of your systems make > them less portable? Am I missing something, or is Smarty just not meant to > be used in small development environments? > > I do not like the idea of developing web apps using Smarty because of the > additional requirements of installing smarty. I am also concerned that > Smarty may be built upon technologies that may be part of a current patent > or part of a patent that is pending. Smarty is not that old, and it could > potentially infringe a patent by another company like MS. I also do not > know if Smarty is supported in the open-source community as well as PHP and > MySQL. > > I also cannot stand the editing of multiple documents, both containing bits > and pieces of logic - I know, one is application logic, the other is display > logic.... is this really logical? Bouncing between documents does not seem > efficient, and it also seems quite possible that a web designer could still > screw up the display logic.... hmmm... > > Whether you would still call Smarty a new paradigm is up for question. > However, I am having a hard time understanding any benefit for small > sites/organization who need to deliver SOLID solutions fast, on-time, and > within budget. Can anyone tell me how Smarty can increase productivity? > Can it save time? Can it save money? Does it make your web-app any more > secure? Doesn't it actually make your applications slower - all that code to > process - and I know, it does the pre-processing - but still, OOP requires > more code that procedural any day - and looking at Smarty code, it looks > like a OOP mess. > > Like OOP, I can do everything Smarty does, faster and easier in procedural > PHP on one page. Why in the world would I change to Smarty? > > It is also interesting to note that very few open-source applications use > Smarty. PHPBB does not use it, OSCommerce does not use it, PHPMyAdmin does > not use it, etc. If Smarty were so good, why haven't more open-source > projects adopted it? > > Any information that could assist my reasoning, one way or the other, would > be greatly appreciated! > > Thank you in advance! > Lee > > > > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > -- Ophir Prusak http://www.prusak.com From skyline at publicmine.com Thu Sep 14 10:38:24 2006 From: skyline at publicmine.com (Ben Sgro (sk)) Date: Thu, 14 Sep 2006 10:38:24 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." References: <001101c6d809$19e5e580$6401a8c0@Rubicon> Message-ID: <000d01c6d80b$718158e0$6401a8c0@sickbox> Nice topic, I agree with much of what has been said. I'd also like to say that most people using php are into writing code. 'Most people'; not just those setting up a one time phpBB or something, I mean software engineers. And when I say 'writing code', I mean those that write tight procedures, check return values, etc... Now, those same engineers that are into writing code, may not be into security with the same intensity and attention to detail that they give to code. I think security and programming while closely related, are two disciplines. Just because your a great programmer, doesn't mean your great at tightening apps. I think all developers should take some time to read a few phrack white papers, 2600 articles, or jon erikson books. Even better, write some dummy programs to exploit in c (stack and heap stuff, plenty examples online), php for some xss and sqlinjection. You may learn something new that you can apply to development and application security. - Ben ----- Original Message ----- From: "Peter Sawczynec" To: "'NYPHP Talk'" Sent: Thursday, September 14, 2006 10:21 AM Subject: Re: [nycphp-talk] "The Web is broken and it's all your fault." It would seem that it would be more optimally secure to both: i) correctly handle the data, but also to ii) check for what the data is. That would include checking length and data type. Wrong data types and too long strings can break SQL queries. But, hypothetically, if one is stuffing all their data into type VARCHAR fields all kinds of things will get handled. But, later data summary reports from the database can produce inaccurate results. I was just reviewing Adobe best practices on Flash ActionScript 2.0 and they suggested that all variables be declared and be strongly typed to force your application to throw errors immediately when wrong data types get sent to a function. The ActionScript strong data typing is of the form: var cust_first_name : string var this_date : Date It appears that almost every other language competitively positioned to PHP forces discipline a bit more, starting with making one know the expected data type(s) at all junctures. Warmest regards, Peter Sawczynec, Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management ps at pswebcode.com 646.316.3678 www.pswebcode.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Dan Cech Sent: Thursday, September 14, 2006 9:40 AM To: NYPHP Talk Subject: Re: [nycphp-talk] "The Web is broken and it's all your fault." michael wrote: > http://www.internetnews.com/dev-news/article.php/3631831 > " > Those are the words that Rasmus Lerdorf, the creator of PHP, > said to kick off his keynote at the php|works conference under > way here. > ... > "The Web is pretty much broken, we can all go home now," > Lerdorf said somewhat sarcastically to the capacity crowd. > "Luckily most people don't realize that it's broken." > > Part of the reason Lerdorf considers the Web "broken" is that > it is inherently insecure for a variety of reasons. One of those > reasons sits at the feet of developers. > > "You don't know that you have to filter user input," Lerdorf > exclaimed. > " Personally, I'm of the opinion that right now people tend to focus too much on input filtering, and not enough on safe storage and display practices. If you are correctly handling incoming data, it makes little difference what that data may be. For example, if you construct a query like: $query = "SELECT * FROM mytable WHERE myid='$someid'"; You are obviously vulnerable to assorted SQL injection attacks. However, construct the query like: $query = 'SELECT * FROM mytable WHERE myid='. mysql_real_escape_string($someid); or: $query = 'SELECT * FROM mytable WHERE myid=?'; $args = array( $someid, ); And you have prevented the attack, regardless of the contents of $someid. This is because you are correctly formatting the data in context, in this case as an SQL string. The same goes for displaying data on a webpage, pass it through htmlspecialchars and you'll be guaranteed that it is correctly formatted as a block of HTML CDATA. The security breach comes from treating the data incorrectly, not from its contents. That said, if you need to display html received from the client as html, you need input filtering to separate the bad from the good. However, these cases are not the norm, and in many situations input filtering is merely restricting the data you're allowing clients to input, without any real security gains. If you need to enforce certain restrictions on user input, according to the 'rules' of the system then input filtering is a great idea, but don't get caught up in thinking that filtering input is the answer to all security problems. Dan _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From chsnyder at gmail.com Thu Sep 14 10:40:07 2006 From: chsnyder at gmail.com (csnyder) Date: Thu, 14 Sep 2006 10:40:07 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: References: <20060914083720.543b9371@wit.genoverly.com> Message-ID: On 9/14/06, Keith Casey wrote: > I think there's another problem related to these two. There are a > number of open source apps out there setting horrible examples for the > rest of us. I - like many around here most likely - picked up php > coming from other languages. Therefore, since I knew the concepts and > wanted to focus on syntax, my tendancy was to look at how other people > were doing things and learn from there. > This is a really interesting point. I get depressed every time I encounter another shared webhost that only offers php4, and packs the server full of sprawling procedural gack that shouldn't be emulated by anybody. And yet, this is the environment that the casual php developer is going to be working in. Could we point to, or even make, an example application that would be simple enough to grok in an afternoon of study, but which would incorporate the main security concepts that we need to keep drilling into newbies? -- Chris Snyder http://chxo.com/ From agfische at email.smith.edu Thu Sep 14 11:17:35 2006 From: agfische at email.smith.edu (Aaron Fischer) Date: Thu, 14 Sep 2006 11:17:35 -0400 Subject: [nycphp-talk] Mac OS X users - Widgets for PHP Message-ID: <4509728F.1010407@email.smith.edu> I've been enjoying these widgets and thought others might as well: PHP Search: http://www.apple.com/downloads/dashboard/developer/phpsearch.html PHP Cheat Sheet: http://www.apple.com/downloads/dashboard/developer/phpcheatsheet.html PHPQuickReference: http://www.apple.com/downloads/dashboard/developer/phpquickreferencewidget.html There are a few others at the widgets home page under Developer -> scroll list to names starting with PHP. http://www.apple.com/downloads/dashboard/ Cheers, -Aaron From ramons at gmx.net Thu Sep 14 15:47:14 2006 From: ramons at gmx.net (David Krings) Date: Thu, 14 Sep 2006 15:47:14 -0400 Subject: [nycphp-talk] talk Digest, Vol 40, Issue 20 In-Reply-To: References: Message-ID: <6.1.2.0.2.20060914153648.02b7d320@pop.gmx.net> Hi! You really forgot one thing on the list: developer laziness. I work with quite a few developers who are all smart people and who know how to secure input correctly. The problem is that adding the code takes extra time and is annoying as it doesn't really do much. And besides that, in a professional setting support is the one to pick up the pieces afterwards (that would be me). Since I got burned once by unscreened input that was piped straight into an SQL query I make extra effort to test for this (I do software QA as well). The private coder who wants to spice up the self hosted webpages with some scripts is unexperienced and maybe negligent. What freaks me outis when I can simply dismantle a page for a for profit business by entering "O'Neill" into some text box. Since my first few steps with SQL I am aware of the injection problem. I'm still awfully uneducated on this crossite scripting problem. I know that it exists, but I have no idea what to do about it....again, developer laziness. David At 10:38 AM 9/14/2006, you wrote: >1. it is easy to ignore it and the app still works in your test > environment.. and you didn't waste valuable time auditting! > (tongue in cheek) "Despite your Herculean timetable, Mr. > Client, the app is ready. Now I'm going to have to bill you > extra hours to do a security audit and documentation." > "umm.. no thanks, Mr. Developer. I don't have the budget for > your bill padding". > >2. php is easy to use and popular; low adoption barriers. > a. newbies haven't been burned yet or don't know best practices > b. popularity brings the dark side for low hanging fruit > c. terms like 'x-site scripting' and 'db injection' are > confusing buzzwords to the newly introduced and (despite > efforts) are not defined well enough; besides, > buzzwords get ignored anyway. > d. "eewww.. that can/will not happen to me" > >3. it isn't preached enough From ramons at gmx.net Thu Sep 14 15:58:16 2006 From: ramons at gmx.net (David Krings) Date: Thu, 14 Sep 2006 15:58:16 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: References: Message-ID: <6.1.2.0.2.20060914155056.02bb9388@pop.gmx.net> At 10:38 AM 9/14/2006, you wrote: >It appears that almost every other language competitively positioned to PHP >forces discipline a bit more, starting with making one know the expected >data type(s) at all junctures. Yes, and for my part that is what drove me nuts in every other language in the beginning. When I started with PHP it reminded me of the good 'ol days with BASIC on the Commodore 64. 10 A = 1 20 A = "TEXT" is perfectly legal (not good!) code in C64 Basic. Strip the line numbers and add some $ and you have the same for PHP. I started learning C and Java and before you can do anything you have to declare half the world. That is really annoying for starters. Once I got to the point when I had no clue in my scripts what $pointer really is I quikcly realized that setting proper initial values saves a lot of trouble and in some cases even code. There isn't anything in PHP that stops one from setting data types, but it for sure would be nice if PHP could be configured to throw an error for mismatches. Some things such as discipline come not from force, but from understanding why it is a good thing. David Krings From ramons at gmx.net Thu Sep 14 16:04:49 2006 From: ramons at gmx.net (David Krings) Date: Thu, 14 Sep 2006 16:04:49 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: References: Message-ID: <6.1.2.0.2.20060914160252.02c1a008@pop.gmx.net> At 12:00 PM 9/14/2006, you wrote: >Could we point to, or even make, an example application that would be >simple enough to grok in an afternoon of study, but which would >incorporate the main security concepts that we need to keep drilling >into newbies? > >-- >Chris Snyder >http://chxo.com/ That would be awesome. I am one of these newbies in regards to security (less the SQL injection, I figured that out the hard way) and volunteer to let you know if this example works for a newbie. The problem with security is that those who break it tend to be smarter than the ones who made it. From 1j0lkq002 at sneakemail.com Thu Sep 14 16:56:23 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Thu, 14 Sep 2006 13:56:23 -0700 Subject: [nycphp-talk] talk Digest, Vol 40, Issue 20 In-Reply-To: <6.1.2.0.2.20060914153648.02b7d320@pop.gmx.net> References: <6.1.2.0.2.20060914153648.02b7d320@pop.gmx.net> Message-ID: <21219-70116@sneakemail.com> David Krings ramons-at-gmx.net |nyphp dev/internal group use| wrote: >What freaks me outis when I can simply dismantle a page for a for profit business by entering "O'Neill" >into some text box. > Haha great example (for me anyway). That's not a developer problem in many cases, though. It's a management problem (or, if the budget and time frame are from Mars, a specificatons problem). Somebody has to be watching the code for functionality, especially when inexperienced coders are used or coders who are inexperienced at the niche area. That can be a QA team or a manager or a test group... but it needs a codified process. Hoping the programmer is smart enough to handle most situations is a mistake IMHO. How could you ever put pressure on that coder to increase production? Whatever is in the shadows will get skipped due to 9unsupervised) prioritization. As for this bigger issue (thanks Michael for bringing it to the list) has anybody considered how competition enforces the rules of play? Not too many people... yet in sectors where it matters, these issues are addressed. In other sectors where it is ignored, the issue of security is addressed when it appears to be a problem. It's fine to address professional PHP coders about a broken web (they have an interest in building a system of professional development and integrity for PHP in the world... a commercial interest ;-) but don't bother preaching it to businesses until their is a financial incentive or reward. And that financial reward has to be not only big enough to cover the added costs, but to earn a profit on it as well. Plenty of people point a finger at "stupid clients" for not accommodating the security issues. I disagree. This one is squarely in PHP developer land. If you want PHP to survive and deliver, you need (as a community) to find a way to get it secure without the client paying a line-item premium for it. -=john andrews -- ------------------------------------------------------------- "If you think this stuff is confusing, you should try optimizing websites for search engine exposure." john andrews SEO http://www.johnon.com From danielc at analysisandsolutions.com Thu Sep 14 17:33:01 2006 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Thu, 14 Sep 2006 17:33:01 -0400 Subject: [nycphp-talk] upcoming e-waste disposal/recycling events Message-ID: <20060914213300.GA6386@panix.com> Saturday, September 16th Brooklyn - JJ Byrne Park (5th Ave @ 4th Street) 10am-3pm Hosted by Recycle This! and PerScholas Sunday, September 17th Staten Island - Staten Island Mall, Parking Lot F (near main entrance, 2655 Richmond Ave.) 8am-2pm Hosted by the Department of Sanitation (DoS) Sunday, September 17th Battery Park City, Manhattan - 2 locations: River Terrace at Murray Street & South End Ave at Rector Street 11am-3pm Hosted by Per Scholas Tuesday, September 19th Manhattan - Church of the Heavenly Rest (5th Avenue btw 89th and 90th) 4pm-7pm Hosted by Lower East Side Ecology Center (LESEC) Sunday, September 24th Manhattan - Union Square North Plaza 8am-2pm Hosted by DoS and LESEC Saturday, September 30th Brooklyn - Prospect Park @ Bartel Pritchard Square 8am-2pm Hosted by DoS and LESEC Saturday, September 30th Bronx - 98 Van Cortlandt Park South 10am-3pm Hosted by Per Scholas Sunday, October 1st Bronx - Mall at Bay Plaza (290 Baychester Ave, Barnes & Noble Parking Lot) 8am-2pm Hosted by DoS Saturday, October 7th Queens - Queens College, Parking Lot N (61st Rd between 153rd St. & Reeves Ave.) 8am-2pm Hosted by DoS Saturday, October 14th Manhattan - Waterside Plaza (FDR DRive @ 25th Street) 10am-3pm Hosted by Per Scholas http://perscholas.org/recycling/residential.html http://www.nyc.gov/html/nycwasteless/html/recycling/fall2006events.shtml#when-where http://lesecologycenter.org/calendar.html -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From ajai at bitblit.net Thu Sep 14 17:50:19 2006 From: ajai at bitblit.net (Ajai Khattri) Date: Thu, 14 Sep 2006 17:50:19 -0400 Subject: [nycphp-talk] Cake v. Symfony [CodeIgniter?] In-Reply-To: References: Message-ID: <4509CE9B.9070202@bitblit.net> Daniel Krook wrote: > I'm evaluating CodeIgniter for a brand new project. It seems to be a > fairly new MVC framework and came recommended by some coworkers. It > seems to position itself directly against CakePHP and model itself on > Rails. Can anyone give a thumbs up or down? I have a colleague who also chose to check out CodeIgniter - what are your impressions of it? I would also like to know if anyone is using any of these frameworks in a large-scale and/or high-traffic web site? Was your framework of choice easy to scale? Any used more than one framework and make a few comparisons? I may have an opportunity to work on a major web site (porting their existing application from Perl to PHP) and Im told they are very much into "frameworks" so now Im wondering if anyone has some empirical analysis of the strengths and weaknesses when applied to large web sites? Funny: back in the 90s I was porting C applications to perl... ;-) -- A From rolson at aeso.org Thu Sep 14 21:03:20 2006 From: rolson at aeso.org (Rick Olson) Date: Thu, 14 Sep 2006 18:03:20 -0700 Subject: [nycphp-talk] Cake v. Symfony [CodeIgniter?] In-Reply-To: <4509CE9B.9070202@bitblit.net> References: <4509CE9B.9070202@bitblit.net> Message-ID: <4509FBD8.1070206@aeso.org> Sorry for this incredibly short answer, but I'm a tad rushed... ( so no reasoning either =( ) We use Symfony at my company. Large scale, high traffic. It's a bit buggy, a lot bloated, and the slowest thing I've seen in some time. I don't recommend porting over to it. Sorry :\ One really big reason for this is their use of ORMs. If you just avoided Propel or their soon to be Doctrine (maybe?) implementation, Symfony would probably go quite a bit faster. Also note that they are still not at 1.0, and their API changes and they aren't even expected to maintain much backward compat. at this point. Adopting it in a critical environment is probably not a good idea, at least not until they hit 1.0 and start making promises about maintaining as much BC as possible, etc.. On a positive note, their code is incredibly clean, documented, and elegant. HTH, Rick Ajai Khattri wrote: > Daniel Krook wrote: > >> I'm evaluating CodeIgniter for a brand new project. It seems to be a >> fairly new MVC framework and came recommended by some coworkers. It >> seems to position itself directly against CakePHP and model itself on >> Rails. Can anyone give a thumbs up or down? >> > > I have a colleague who also chose to check out CodeIgniter - what are > your impressions of it? > > I would also like to know if anyone is using any of these frameworks in > a large-scale and/or high-traffic web site? Was your framework of choice > easy to scale? Any used more than one framework and make a few comparisons? > > I may have an opportunity to work on a major web site (porting their > existing application from Perl to PHP) and Im told they are very much > into "frameworks" so now Im wondering if anyone has some empirical > analysis of the strengths and weaknesses when applied to large web sites? > > > Funny: back in the 90s I was porting C applications to perl... ;-) > > > From 1j0lkq002 at sneakemail.com Thu Sep 14 22:41:17 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Thu, 14 Sep 2006 19:41:17 -0700 Subject: [nycphp-talk] Cake v. Symfony [CodeIgniter?] In-Reply-To: <4509FBD8.1070206@aeso.org> References: <4509CE9B.9070202@bitblit.net> <4509FBD8.1070206@aeso.org> Message-ID: <24510-18011@sneakemail.com> Rick Olson rolson-at-aeso.org |nyphp dev/internal group use| wrote: >Sorry for this incredibly short answer, but I'm a tad rushed... ( so no >reasoning either =( ) > >We use Symfony at my company. Large scale, high traffic. It's a bit >buggy, a lot bloated, and the slowest thing I've seen in some time. I >don't recommend porting over to it. Sorry :\ One really big reason for >this is their use of ORMs. If you just avoided Propel or their soon to >be Doctrine (maybe?) implementation, Symfony would probably go quite a >bit faster. > >Also note that they are still not at 1.0, and their API changes and they >aren't even expected to maintain much backward compat. at this point. >Adopting it in a critical environment is probably not a good idea, at >least not until they hit 1.0 and start making promises about maintaining >as much BC as possible, etc.. > >On a positive note, their code is incredibly clean, documented, and elegant. > >HTH, > Excellent update. Thanks a ton. -=john andrews -- ------------------------------------------------------------- "If you think this stuff is confusing, you should try optimizing websites for search engine exposure." john andrews SEO http://www.johnon.com From arzala at gmail.com Fri Sep 15 01:01:12 2006 From: arzala at gmail.com (Anirudh Zala) Date: Fri, 15 Sep 2006 10:31:12 +0530 Subject: [nycphp-talk] talk Digest, Vol 40, Issue 20 In-Reply-To: <21219-70116@sneakemail.com> References: <6.1.2.0.2.20060914153648.02b7d320@pop.gmx.net> <21219-70116@sneakemail.com> Message-ID: On Fri, 15 Sep 2006 02:26:23 +0530, inforequest <1j0lkq002 at sneakemail.com> wrote: > David Krings ramons-at-gmx.net |nyphp dev/internal group use| wrote: > >> What freaks me outis when I can simply dismantle a page for a for >> profit business by entering "O'Neill" >> into some text box. >> > Haha great example (for me anyway). > > That's not a developer problem in many cases, though. It's a management > problem (or, if the budget and time frame are from Mars, a specificatons > problem). Somebody has to be watching the code for functionality, > especially when inexperienced coders are used or coders who are > inexperienced at the niche area. That can be a QA team or a manager or a > test group... but it needs a codified process. Hoping the programmer is > smart enough to handle most situations is a mistake IMHO. How could you > ever put pressure on that coder to increase production? Whatever is in > the shadows will get skipped due to 9unsupervised) prioritization. Yes. team made of experienced developers can solve most of problems related to security that other developers could not solve or were didn't paid attention towards (might be because of their level of knowledge). > > As for this bigger issue (thanks Michael for bringing it to the list) > has anybody considered how competition enforces the rules of play? Not > too many people... yet in sectors where it matters, these issues are > addressed. In other sectors where it is ignored, the issue of security > is addressed when it appears to be a problem. It's fine to address > professional PHP coders about a broken web (they have an interest in > building a system of professional development and integrity for PHP in > the world... a commercial interest ;-) but don't bother preaching it to > businesses until their is a financial incentive or reward. And that > financial reward has to be not only big enough to cover the added costs, > but to earn a profit on it as well. > > Plenty of people point a finger at "stupid clients" for not > accommodating the security issues. I disagree. This one is squarely in > PHP developer land. If you want PHP to survive and deliver, you need (as > a community) to find a way to get it secure without the client paying a > line-item premium for it. Yes, true. It is also a sign of good developer. > > -=john andrews > -- ----------------------------------------------- Anirudh Zala (Project Manager) ASPL, http://www.aspl.in arzala@@gmail.com ----------------------------------------------- From arzala at gmail.com Fri Sep 15 03:30:38 2006 From: arzala at gmail.com (Anirudh Zala) Date: Fri, 15 Sep 2006 13:00:38 +0530 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: <001101c6d809$19e5e580$6401a8c0@Rubicon> References: <001101c6d809$19e5e580$6401a8c0@Rubicon> Message-ID: Proper programming practices solves 90% of security related problem that can occur at application level. However this "practice" is entirely dependent on experience of developer. But below mentioned steps would surely solve most of your problems. 1) The biggest area of this problem is browser. Not because that it is being exploited in many ways but why can't browser itself provide basic level of validation and input filtering like validations of name, email address, phone, fax, mobile etc. according to country or region. This is not big task or too much difficult for browser's and it's extension's developers. If we have characters set encoding, to display text in various languages, available in browser then why can't we have support of validation of above items. Now it is not that big that which validation format is to be used for each country or region. We can tell browser from our HTML in similar way about which character set encoding to be used. Our browsers are in still baby or old styled which doesn't help much as far as security and input filtering related to forms are concerned. They have evolved in terms of designs and layout (we all know how fast support of various CSS format has grown) has but not in terms of programming. Since this is not problem at an application area, it can not be solved at that level. 2) We need to start think and use Web in terms of "Human" and not just as machine. I am pointing towards Smart usage of our data rather than just using as it is. For example while mentioning email address at public place, user can write it in such a way that it can not be figured out from sources of data. By this way 70% of spamming can be stopped because spammer programs can not figure that out. See below examples: a) ----------------------------------------------- Anirudh Zala (Project Manager) ASPL, http://www.aspl.in arzala@@gmail.com ----------------------------------------------- I have used 2 @s while mentioning my email address. (This is vulnerable but not easy.) b) ----------------------------------------------- Anirudh Zala (Project Manager) ASPL, http://www.aspl.in FIRSTNAME at gmail.com ----------------------------------------------- This would be interpreted as "Anirudh at gmail.com" instead of "FIRSTNAME at gmail.com" Following these kind of practices can fool most of automatic spamming programs (because they search single "@" sign or " at " to grab email addresses from sources) but not the person who is viewing it because he/she knows that what it means. Even if they copy and paste above email address to send email, email client will not allow to send email and they will soon find problem area. One possible drawback of this approach at application level could be handling of such email addresses while storage and retrieval. But as far as just displaying is concerned, it is really magical. 3) Security and filtering must follow certain order rather than concentrating at 1 area only. Filtering divided at various levels effectively reduce burden on developers and at the end on application. One can follow below order to filter and store input data. a) While designing database, if values of certain field is not going to exceed than certain limit, let's say maximum 3 types then use "enum" as field type rather than "varchar" or "*int" etc. By this way data that falls outside the range of "enum" values will not be stored. b) Most of application has 2 areas viz. Administrative and Client. Administrative area needs almost full control over application's data while Client area might not need. So such application should be run as 2 database users where 1st user will have higher privileges and more control over data than 2nd. 2nd user can mostly have "select, update, insert and delete" privileges on required tables only. So no other privileges should be given to that user for rest of the tables which are used for administrative purpose only. c) Handle your errors properly. Instead of showing (knowingly or unknowingly) them into browser log them in file and report developers via email. d) In most of applications (specially built using PHP), there is not any file which requires "execution" permission, so discard that permission fully for such files. e) Keep files and folders outside web-root which are to be used internally like includable files, raw templates etc. f) While validation data in your application, do not just concentrate in any 1 area like at SQL level etc., Instead filter/validate it at various stages. 1st stage is JS which is most close to client so you can do most of validation with that and can prompt client instantly to correct required data. Do not mind if JS is off. 2nd stage could be validating same things using PHP. You can build powerful regular expressions for that. At this level most of data can be validated and filtered. Care taken at this level will make your application safe against most of attacks. Most of time we know range and type of data which is being inserted. So we can easily check them using regular expressions. Order of filtering data should be GET, POST and COOKIE because exploitation level of these 3 types are 3, 2, 1 (1 means lowest, 3 means highest). Now if you are not satisfied with these, finally validate rest of data at SQL level (using mysql_real_escape_string etc. and perhaps converting SQL breaker characters, like ', ", ; etc., into HTML entities) before storing into database. I don't think that implementing these points is heavy or difficult task for developers so that it needs extra time and money from client. In fact security should be free with any application :) Bottom-line: We all know that no application can be made 100% secure. But we can surely try hard not let exploiters and attackers figure out that where is the remaining % of area which is insecure. ----------------------------------------------- Anirudh Zala (Project Manager) ASPL, http://www.aspl.in arzala@@gmail.com ----------------------------------------------- On Thu, 14 Sep 2006 19:51:42 +0530, Peter Sawczynec wrote: > It would seem that it would be more optimally secure to both: > i) correctly handle the data, but also to > ii) check for what the data is. > > That would include checking length and data type. Wrong data types > and too long strings can break SQL queries. > > But, hypothetically, if one is stuffing all their data into type VARCHAR > fields > all kinds of things will get handled. But, later data summary reports > from > the database can produce inaccurate results. > > I was just reviewing Adobe best practices on Flash ActionScript 2.0 > and they suggested that all variables be declared and be > strongly typed to force your application to throw errors immediately > when wrong data types get sent to a function. > > The ActionScript strong data typing is of the form: > var cust_first_name : string > var this_date : Date > > It appears that almost every other language competitively positioned to > PHP > forces discipline a bit more, starting with making one know the expected > data type(s) at all junctures. > > Warmest regards, > Peter Sawczynec, > Technology Director > PSWebcode > _Design & Interface > _Ecommerce > _Database Management > ps at pswebcode.com > 646.316.3678 > www.pswebcode.com > > > > > > > > > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] > On > Behalf Of Dan Cech > Sent: Thursday, September 14, 2006 9:40 AM > To: NYPHP Talk > Subject: Re: [nycphp-talk] "The Web is broken and it's all your fault." > > > michael wrote: >> http://www.internetnews.com/dev-news/article.php/3631831 >> " >> Those are the words that Rasmus Lerdorf, the creator of PHP, >> said to kick off his keynote at the php|works conference under >> way here. >> ... >> "The Web is pretty much broken, we can all go home now," >> Lerdorf said somewhat sarcastically to the capacity crowd. >> "Luckily most people don't realize that it's broken." >> >> Part of the reason Lerdorf considers the Web "broken" is that >> it is inherently insecure for a variety of reasons. One of those >> reasons sits at the feet of developers. >> >> "You don't know that you have to filter user input," Lerdorf >> exclaimed. >> " > > Personally, I'm of the opinion that right now people tend to focus too > much > on input filtering, and not enough on safe storage and display practices. > > If you are correctly handling incoming data, it makes little difference > what > that data may be. For example, if you construct a query like: > > $query = "SELECT * FROM mytable WHERE myid='$someid'"; > > You are obviously vulnerable to assorted SQL injection attacks. > > However, construct the query like: > > $query = 'SELECT * FROM mytable WHERE myid='. > mysql_real_escape_string($someid); > > or: > > $query = 'SELECT * FROM mytable WHERE myid=?'; > $args = array( > $someid, > ); > > And you have prevented the attack, regardless of the contents of $someid. > This is because you are correctly formatting the data in context, in this > case as an SQL string. > > The same goes for displaying data on a webpage, pass it through > htmlspecialchars and you'll be guaranteed that it is correctly formatted > as > a block of HTML CDATA. > > The security breach comes from treating the data incorrectly, not from > its > contents. > > That said, if you need to display html received from the client as html, > you > need input filtering to separate the bad from the good. However, these > cases are not the norm, and in many situations input filtering is merely > restricting the data you're allowing clients to input, without any real > security gains. > > If you need to enforce certain restrictions on user input, according to > the > 'rules' of the system then input filtering is a great idea, but don't get > caught up in thinking that filtering input is the answer to all security > problems. > > Dan > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From lists at zaunere.com Fri Sep 15 09:04:06 2006 From: lists at zaunere.com (Hans Zaunere) Date: Fri, 15 Sep 2006 09:04:06 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: <20060914083720.543b9371@wit.genoverly.com> Message-ID: <000c01c6d8c7$6ce3ae70$6c0aa8c0@MobileZ> > Part of the reason Lerdorf considers the Web "broken" is that > it is inherently insecure for a variety of reasons. One of those > reasons sits at the feet of developers. Pardon my bluntness, but if we follow that reasoning then the entire internet is hopelessly broken and insecure. If email wasn't broken and insecure, we wouldn't have spam. While I agree with Rasmus that it's the responsibility of developers to ensure they write good code - one facet of which is being security concsious - this isn't an epiphany by any means. Everything in the history of computers have been plaguaed by these issues. PHP is no different. > Everybody is preaching security (gurus on this list included). So, > why hasn't it caught fire? Here's my quick-list.. I think it has. Public perception is different from what's going on in large deployments, which too is changing. Judging the quality of a language and it's developers on certain popular pieces of PHP software, isn't viewing the whole picture. > 1. it is easy to ignore it and the app still works in your test > environment.. and you didn't waste valuable time auditting! > (tongue in cheek) "Despite your Herculean timetable, Mr. > Client, the app is ready. Now I'm going to have to bill you > extra hours to do a security audit and documentation." > "umm.. no thanks, Mr. Developer. I don't have the budget for > your bill padding". > > 2. php is easy to use and popular; low adoption barriers. > a. newbies haven't been burned yet or don't know best practices > b. popularity brings the dark side for low hanging fruit > c. terms like 'x-site scripting' and 'db injection' are > confusing buzzwords to the newly introduced and (despite > efforts) are not defined well enough; besides, > buzzwords get ignored anyway. > d. "eewww.. that can/will not happen to me" Number 2 is the real issue in my opinion. The biggest problem is the low adoption barriers. When I've seen PHP code from developers that know another language, it's generally good - just like code in any other language from a good developer - it's good. PHP also unfortunately suffers from the Microsoft effect - writing an exploit that would affect millions of web sites/applications makes you a much better script kiddie than writing one that only affects a dozen. > 3. it isn't preached enough I don't think that's the problem :) --- Hans Zaunere / President / New York PHP www.nyphp.org / www.nyphp.com From jonbaer at jonbaer.com Fri Sep 15 09:40:05 2006 From: jonbaer at jonbaer.com (Jon Baer) Date: Fri, 15 Sep 2006 09:40:05 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: <000c01c6d8c7$6ce3ae70$6c0aa8c0@MobileZ> References: <000c01c6d8c7$6ce3ae70$6c0aa8c0@MobileZ> Message-ID: <5106C7C9-52D4-405D-B5A8-082A77A97500@jonbaer.com> I partly blame the language ... I know of alot of people who complain about Java's strict typing/sandboxing + find it cumbersome and have to explain its there for a good reason. First, get rid of this stuff ... $_GET['badstuff'] and all incoming defined variables period. As long as it exists in the language people will complain about security ... Im suprised there is no fork of PHP to form a SecurePHP variant that takes this out or has strong wrappers for it (see 3). Second, there needs to be a way to keep your shared libs and extensions up to date programatically w/ some type of scanner or method. PHP is way too flexible and dependent on the system it sits on ... first you have PEAR libs, PECL C libs, --and-whatever-else-you- compiled-in. Third, all the current PHP books (ok a few exceptions) on the shelf should be tossed out or redone, sanitize() methods should be *built* in to PHP (or $_SANITIZE['badstuff'])... ala http://www.owasp.org/ index.php/OWASP_PHP_Filters, then republish all the books. After you build/compile/install PHP or as soon as you create a .php file on your PC/Mac, a window with this URL pops up ... http:// www.owasp.org/index.php/PHP_Top_5 ... in Ajax Web 2.0 style of course. - Jon > Number 2 is the real issue in my opinion. The biggest problem is > the low > adoption barriers. When I've seen PHP code from developers that know > another language, it's generally good - just like code in any other > language > from a good developer - it's good. > From ahmed613 at sbcglobal.net Fri Sep 15 09:42:52 2006 From: ahmed613 at sbcglobal.net (Ahmed Aly) Date: Fri, 15 Sep 2006 06:42:52 -0700 (PDT) Subject: [nycphp-talk] Pay Low Books! Certifications training at low prices... In-Reply-To: Message-ID: <20060915134252.33924.qmail@web81214.mail.mud.yahoo.com> Great discounts! Buy more... Pay less! We have just launched our website, and offer you great discounts! You will save 25% on any course you purchase, and you will get a free course valued at $50 value when you buy 2 courses! New Releases! Linux LPIC 1 Linux Professional Institute Level 1 Exam Packs 101 & 102 Contains 19 videos. Running time: 9 hours. Your price: $79.00 course information 2005 Network+ 2005 Network+ training. Contains 30 videos. Running time: 15 hours. Your price: $89.00 course information CWNA (Certified Wireless Network Administrator) Contains 21 videos. Running time: 9 hours. Your price: $79.00 course information More new courses Microsoft ISA Server Contains 15 videos. Running time: 8 hours. Your price: $74.00 course information Coming soon! Perl on Linux Your price: $59.00 Perl on Linux course Now Shipping! Learn more Python on Linux Your price: $59.00 Python on Linux course Now Shipping! Learn more Bash on Linux Your price: $59.00 Bash on Linux course will be available at 09/06/2006. Learn more PHP & MySQL on Linux Your price: $59.00 PHP & MySQL on Linux course will be available at 09/08/2006. Learn more More courses coming soon Why buying CBT courses? When you buy CBT courses, you will gain these benifits: Learn at your own pace: You will learn at your own pace, You can take a course in 5 days, or a month. Save money and time!: Some people attend siminars that cost more than $1000, and gain little or no information from the siminar. By using our CBT courses at low prices, you will have the courses saved on your computer, and you can repeat the course as many times as needed. Home Contact us Products Help Give us feedback Copyright ? 2006, Pay Low Network! All logos and trademarks are property of their respective owners. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jonbaer at jonbaer.com Fri Sep 15 09:45:24 2006 From: jonbaer at jonbaer.com (Jon Baer) Date: Fri, 15 Sep 2006 09:45:24 -0400 Subject: [nycphp-talk] Advanced Data Generator (Mac?) Message-ID: <16CF95BD-50C8-4672-B80C-32C5276DEAA3@jonbaer.com> I came across a nice little tool ... http://www.upscene.com/index.htm?./products/adg/index.htm It basically lets you junk a database (or create static SQL) pretty easily. Only thing is that Darwine wouldn't run it + trying to find a nice alternative on the Mac (I was thinking I could do this myself w/ DESC [table] or w/ Cake ORM methods) but maybe someone knows of existing tools? - Jon From chsnyder at gmail.com Fri Sep 15 10:37:37 2006 From: chsnyder at gmail.com (csnyder) Date: Fri, 15 Sep 2006 10:37:37 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: References: <001101c6d809$19e5e580$6401a8c0@Rubicon> Message-ID: On 9/15/06, Anirudh Zala wrote: > 1) The biggest area of this problem is browser. Not because that it is > being exploited in many ways but why can't browser itself provide basic > level of validation and input filtering like validations of name, email > address, phone, fax, mobile etc. according to country or region. This is > not big task or too much difficult for browser's and it's extension's > developers. If we have characters set encoding, to display text in various > languages, available in browser then why can't we have support of > validation of above items. Now it is not that big that which validation > format is to be used for each country or region. We can tell browser from > our HTML in similar way about which character set encoding to be used. I see where this appears to make a developer's job easier, but it doesn't do _anything_ to make web applications more secure, and could have a negative impact on security as beginning devs will assume that "the browser is checking all that, so I don't have to". The problem isn't average humans using browsers. The problem is crackers using their own tools and scripts, especially automated scripts, to attack your sites directly. Forget about the client and focus your efforts on protecting the server from _anything_ that could concievably be thrown at it. > For example while mentioning email address at public > place, user can write it in such a way that it can not be figured out from > sources of data. By this way 70% of spamming can be stopped because > spammer programs can not figure that out. Wanna bet? The spammers are just as smart as you are, and probably have more time to think about the problem than you do. As long as you're the only person doing this, it will work, but as soon as obfuscation reaches a critical mass, the screen-scrapers will get a lot smarter overnight. ---- Chris Snyder http://chxo.com/ From mailinglists at caseysoftware.com Fri Sep 15 11:25:34 2006 From: mailinglists at caseysoftware.com (Keith Casey) Date: Fri, 15 Sep 2006 11:25:34 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: References: <001101c6d809$19e5e580$6401a8c0@Rubicon> Message-ID: On 9/15/06, Anirudh Zala wrote: > 1) The biggest area of this problem is browser. Not because that it is > being exploited in many ways but why can't browser itself provide basic > level of validation and input filtering like validations of name, email > address, phone, fax, mobile etc. according to country or region. With all due respect, this is a terrible idea. While this validation *might* work for an incredibly small segment of information - like address as you rightly note - it pushes a huge burden onto the browser and then the webapp still needs to do it anyway. *Nothing* that comes from a user (or anything they have access to edit) can be trusted. Period. End of story. In terms of "stopping 70% of the spam", I think your solution - while it works for you for now - doesn't address the real problem. Although most of us on this list are likely getting dozens, hundreds or potentially thousands of spam today, our filtering (automated or mental) bring this down to a managable level. We're suffering from spam, but not like my grandparents who have had the same AOL address for 7+ years. They don't have the tools, time, patience, or creativity to do what you propose. Now I don't have a solution that'd work for them either... so I'm no better off. My 0.02, kc -- D. Keith Casey Jr. CEO, CaseySoftware, LLC http://CaseySoftware.com From ramons at gmx.net Fri Sep 15 12:04:01 2006 From: ramons at gmx.net (David Krings) Date: Fri, 15 Sep 2006 12:04:01 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: <5106C7C9-52D4-405D-B5A8-082A77A97500@jonbaer.com> References: <000c01c6d8c7$6ce3ae70$6c0aa8c0@MobileZ> <5106C7C9-52D4-405D-B5A8-082A77A97500@jonbaer.com> Message-ID: <6.1.2.0.2.20060915120056.02b95978@pop.gmx.net> At 09:40 AM 9/15/2006, you wrote: >First, get rid of this stuff ... $_GET['badstuff'] and all incoming >defined variables period. As long as it exists in the language >people will complain about security ... Im suprised there is no fork >of PHP to form a SecurePHP variant that takes this out or has strong >wrappers for it (see 3). > >- Jon I am not entirely clear what you criticise. Is it the GET or that fact that subitted values from an HTML form get piped into an array that carries always the same name ($_GET or $_POST) or the fact that it gets stuffed into an array altogether? I think one can create code to secure PHP scripts, so it is not that it is impossible (maybe it is), it is just that it is hard work and doesn't show anything pretty in the browser window. David From lists at genoverly.net Fri Sep 15 12:44:52 2006 From: lists at genoverly.net (michael) Date: Fri, 15 Sep 2006 12:44:52 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: References: <001101c6d809$19e5e580$6401a8c0@Rubicon> Message-ID: <20060915124452.5fb949af@wit.genoverly.com> On Fri, 15 Sep 2006 10:37:37 -0400 csnyder wrote: > I see where this appears to make a developer's job easier, but it > doesn't do _anything_ to make web applications more secure, and could > have a negative impact on security as beginning devs will assume that > "the browser is checking all that, so I don't have to". spot on. > Wanna bet? The spammers are just as smart as you are, and probably > have more time to think about the problem than you do. As long as > you're the only person doing this, it will work, but as soon as > obfuscation reaches a critical mass, the screen-scrapers will get a > lot smarter overnight. and again. -- Michael From lists at zaunere.com Fri Sep 15 17:44:28 2006 From: lists at zaunere.com (Hans Zaunere) Date: Fri, 15 Sep 2006 17:44:28 -0400 Subject: [nycphp-talk] Pay Low Books! Certifications training at low prices... In-Reply-To: <20060915134252.33924.qmail@web81214.mail.mud.yahoo.com> Message-ID: <00d301c6d910$1ef318b0$6c0aa8c0@MobileZ> Ahmed Aly wrote on Friday, September 15, 2006 9:43 AM: > Pay Low Books! Courses at low prices! Ahmed Aly, ahmed613 at sbcglobal.net this is an inappropriate post. You'll be removed from the mailing lists. --- Hans Zaunere / President / New York PHP www.nyphp.org / www.nyphp.com From rob2005 at ozemail.com.au Fri Sep 15 17:59:57 2006 From: rob2005 at ozemail.com.au (Rob D) Date: Sat, 16 Sep 2006 07:29:57 +0930 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: <20060915124452.5fb949af@wit.genoverly.com> References: <001101c6d809$19e5e580$6401a8c0@Rubicon> <20060915124452.5fb949af@wit.genoverly.com> Message-ID: <450B225D.7090408@ozemail.com.au> Greetings from South Australia, Firstly, I just want to say I have been a reader of this list for a few years now and I would like to say thank you to everyone at NYPHP and other contributors to this list for the informative discussions, ideas and techniques that take place here. Regarding the current topic, I enjoy reading and as such have read many articles and tutorials over the years both on private sites and at the popular developer haunts. One thing that I have noticed repeatedly is that anytime someone actually comments or gives advise about security concerns with the code presented in an article, the concerns are: 1. Totally ignored. 2. The author of the code responds with "I am only trying to present the basics here". 3. The author ends up making nasty or obscene posts about the person who provided the constructive criticism, not only on their own site but on other popular sites. More often than not the article remains unchanged, and sometimes you even see the code end up in a project for download elsewhere by someone other than the author. With regards point 2, surely these days including proper security is part of the basics! As Chris points out in his excellent book, there is not that much extra coding involved to provide or fix these issues. And whats more Chris and a couple of others have even provided downloadable sample chapters that cover these basics for free, without even buying their books. So why do these basic issues continually happen with all the excellent resources available to help prevent them in the first place? I really don't know! Anyway thanks for reading. These are just my observations of which I am sure many of you have noticed too. Kind regards Rob From ken at secdat.com Fri Sep 15 21:34:30 2006 From: ken at secdat.com (Kenneth Downs) Date: Fri, 15 Sep 2006 21:34:30 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: <5106C7C9-52D4-405D-B5A8-082A77A97500@jonbaer.com> References: <000c01c6d8c7$6ce3ae70$6c0aa8c0@MobileZ> <5106C7C9-52D4-405D-B5A8-082A77A97500@jonbaer.com> Message-ID: <450B54A6.20805@secdat.com> Jon Baer wrote: > I partly blame the language ... I know of alot of people who complain > about Java's strict typing/sandboxing + find it cumbersome and have > to explain its there for a good reason. > Good programming is in the programmer, not the language. If you want a lot of rules, go for Java, you get twice the code, slower execution, and just as many blunders, bad interfaces, clumsy db strategies, etc. etc. But good programming can be done in any language. PHP gives flexibility, which in the hands of a master craftsman becomes power. In the hands of a bad programmer you get bugs -- which he would give you anyway no matter what language he was using. > First, get rid of this stuff ... $_GET['badstuff'] and all incoming > defined variables period. Hard to imagine if there is a meaningful statement here. A web request is defined by its parameters. > Second, there needs to be a way to keep your shared libs and > extensions up to date programatically w/ some type of scanner or > method. PHP is way too flexible and dependent on the system it sits > on ... first you have PEAR libs, PECL C libs, --and-whatever-else-you- > compiled-in. > Again, attacking flexibility as a liability. Very odd. Live and let live. > in to PHP (or $_SANITIZE['badstuff'])... > Won't work. Sanitizing for return to the browser is different from sanitizing for database commands, not to mention other exports you may need to execute with their accompanying sanitation. Some sanitation can be reversed, but it is bad form to unconditionally perform an operation that you do not always need and may sometimes reverse. The wise programmer prefers to hold in his hands the raw data as delivered by the user, so that it can be handled as such for whatever reasons may come, and then sanitizes it for a particular destination when sending it there. -------------- next part -------------- A non-text attachment was scrubbed... Name: ken.vcf Type: text/x-vcard Size: 261 bytes Desc: not available URL: From rolson at aeso.org Fri Sep 15 22:41:42 2006 From: rolson at aeso.org (Rick Olson) Date: Fri, 15 Sep 2006 19:41:42 -0700 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: <5106C7C9-52D4-405D-B5A8-082A77A97500@jonbaer.com> References: <000c01c6d8c7$6ce3ae70$6c0aa8c0@MobileZ> <5106C7C9-52D4-405D-B5A8-082A77A97500@jonbaer.com> Message-ID: <450B6466.3090301@aeso.org> Jon Baer wrote: > I partly blame the language ... I know of alot of people who complain > about Java's strict typing/sandboxing + find it cumbersome and have > to explain its there for a good reason. > > First, get rid of this stuff ... $_GET['badstuff'] and all incoming > defined variables period. As long as it exists in the language > people will complain about security ... Im suprised there is no fork > of PHP to form a SecurePHP variant that takes this out or has strong > wrappers for it (see 3). > huh? Are you suggesting we remove user input from the language? > Second, there needs to be a way to keep your shared libs and > extensions up to date programatically w/ some type of scanner or > method. PHP is way too flexible and dependent on the system it sits > on ... first you have PEAR libs, PECL C libs, --and-whatever-else-you- > compiled-in. > If you're referring to PHP internals: There are package managers that can do this to some extent, but the only ones I'm familiar with were developed by people that don't understand module API changes, different host platforms, etc.. (What I'm saying is they don't actually work, they just surprise you with a broken system one morning). Actually now that I read your comment again, what are you suggesting? Removing PEAR, PECL, and extensions in general? > Third, all the current PHP books (ok a few exceptions) on the shelf > should be tossed out or redone, sanitize() methods should be *built* > in to PHP (or $_SANITIZE['badstuff'])... ala http://www.owasp.org/ > index.php/OWASP_PHP_Filters, then republish all the books. > In the event that you weren't suggesting the removal of PECL extensions earlier... http://pecl.php.net/package/filter That will eventually become a part of the base system I imagine, once it's stable. They were threatening to change the function names though a couple of days ago, but I don't think that'll happen before the 5.2 release. > After you build/compile/install PHP or as soon as you create a .php > file on your PC/Mac, a window with this URL pops up ... http:// > www.owasp.org/index.php/PHP_Top_5 ... in Ajax Web 2.0 style of course. > That's going to suck for those poor souls developing in vim through a console to a remote machine... > - Jon > > >> Number 2 is the real issue in my opinion. The biggest problem is >> the low >> adoption barriers. When I've seen PHP code from developers that know >> another language, it's generally good - just like code in any other >> language >> from a good developer - it's good. >> >> > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > From jonbaer at jonbaer.com Sat Sep 16 01:31:26 2006 From: jonbaer at jonbaer.com (Jon Baer) Date: Sat, 16 Sep 2006 01:31:26 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: <450B6466.3090301@aeso.org> References: <000c01c6d8c7$6ce3ae70$6c0aa8c0@MobileZ> <5106C7C9-52D4-405D-B5A8-082A77A97500@jonbaer.com> <450B6466.3090301@aeso.org> Message-ID: <1AA54C82-4655-4894-9711-AD4D433B0EBF@jonbaer.com> On Sep 15, 2006, at 10:41 PM, Rick Olson wrote: > Jon Baer wrote: >> I partly blame the language ... I know of alot of people who complain >> about Java's strict typing/sandboxing + find it cumbersome and have >> to explain its there for a good reason. >> >> First, get rid of this stuff ... $_GET['badstuff'] and all incoming >> defined variables period. As long as it exists in the language >> people will complain about security ... Im suprised there is no fork >> of PHP to form a SecurePHP variant that takes this out or has strong >> wrappers for it (see 3). >> > > huh? Are you suggesting we remove user input from the language? >>> Im suggesting maybe a little DRY applied to PHP when it comes to security. People seem to be complaining about the same security problems over and over again and neither the language itself is becoming smarter to handle the junk sent in nor the output going out. > earlier... http://pecl.php.net/package/filter > That will eventually become a part of the base system I imagine, once > it's stable. They were threatening to change the function names > though > a couple of days ago, but I don't think that'll happen before the 5.2 > release. >>> Is that package/extension the same as this? http://cvs.php.net/viewcvs.cgi/php-src/README.input_filter? revision=1.7.4.1 That was my original point ... to get rid of $_GET/POST[] and replace it with this package once + for all ... - Jon From ramons at gmx.net Sat Sep 16 08:52:54 2006 From: ramons at gmx.net (David Krings) Date: Sat, 16 Sep 2006 08:52:54 -0400 Subject: [nycphp-talk] File upload form Message-ID: <6.1.2.0.2.20060916083801.02b47468@pop.snet.yahoo.com> Hi, this one is not squarely on topic with PHP, but I will use it with a PHP script, so hopefully this counts. I like to get some more control over file uploads. I am currently working on a small project for managing picture and videos for display on the web (yes, I know there are bazillions out there, but mine is better ;) ). One adds a picture by uploading the file to server. I want to filter the upload by file extension on the client side. The HTML input "file" is implemented quite crappy and leaves the interface at the mercy of the browser. Is there any way to get some more smarts into the browse box for file uploads? There isn't much merit in having someone upload a huge file that is clearly not an image just to throw it away. I tried some of the JavaScripts that I could find on the web, but I have no clue what they are doing and from my empirical evidence they don't do a thing, at least not with FiFo. Any advice is greatly appreciated. David From ramons at gmx.net Sat Sep 16 09:02:12 2006 From: ramons at gmx.net (David Krings) Date: Sat, 16 Sep 2006 09:02:12 -0400 Subject: [nycphp-talk] PHP IDE for Linux Message-ID: <6.1.2.0.2.20060916090207.02babb10@pop.snet.yahoo.com> Hi, does anyone have a good recommendation for a PHP IDE for Linux? On Windope I use EnginSite PHP Editor, which is an awesome deal for the price although it could use a better implementation of the debugger. I want some PHP geared IDE that has some basic project handling and is easily linked to the Apachefriends XAMPP or comes with its own built-in server (like the EnginSite editor). The debugger capabilities should allow for running an entire set of scripts in debug mode and offer the capabilities of break points and watches. I looked at xored's Eclipse based system and since I can't figure anything out it strikes me as not very intuitive, maybe it requires more studies than the basic manual. Also, it doesn't have to be for free, but also should not be as expensive as Zend. Any pointers are greatly appreciated, David From jonbaer at jonbaer.com Sat Sep 16 10:40:51 2006 From: jonbaer at jonbaer.com (Jon Baer) Date: Sat, 16 Sep 2006 10:40:51 -0400 Subject: [nycphp-talk] PHP IDE for Linux In-Reply-To: <6.1.2.0.2.20060916090207.02babb10@pop.snet.yahoo.com> References: <6.1.2.0.2.20060916090207.02babb10@pop.snet.yahoo.com> Message-ID: Try Komodo .... ftp://ftp.activestate.com/Komodo/Linux/4.0 On Sep 16, 2006, at 9:02 AM, David Krings wrote: > Hi, > > does anyone have a good recommendation for a PHP IDE for Linux? On > Windope > I use EnginSite PHP Editor, which is an awesome deal for the price > although > it could use a better implementation of the debugger. I want some PHP > geared IDE that has some basic project handling and is easily > linked to the > Apachefriends XAMPP or comes with its own built-in server (like the > EnginSite editor). The debugger capabilities should allow for > running an > entire set of scripts in debug mode and offer the capabilities of > break > points and watches. > I looked at xored's Eclipse based system and since I can't figure > anything > out it strikes me as not very intuitive, maybe it requires more > studies > than the basic manual. Also, it doesn't have to be for free, but also > should not be as expensive as Zend. > > Any pointers are greatly appreciated, > > David > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From benny at hornedo.com Sat Sep 16 13:32:48 2006 From: benny at hornedo.com (Ben Hornedo) Date: Sat, 16 Sep 2006 19:32:48 +0200 Subject: [nycphp-talk] PHP IDE for Linux In-Reply-To: <6.1.2.0.2.20060916090207.02babb10@pop.snet.yahoo.com> Message-ID: <001b01c6d9b6$237938a0$6423a8c0@monsterxp> Hi Listers! I've been using PHPEd from NuSphere and in my opinion it's great. It gives you access to all the things you need while developing (including terminal client, database, PHP help) all from within the IDE. You should take it for a test drive, I was sold after the first hour with it. Ben -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of David Krings Sent: Saturday, September 16, 2006 3:02 PM To: talk at lists.nyphp.org Subject: [nycphp-talk] PHP IDE for Linux Hi, does anyone have a good recommendation for a PHP IDE for Linux? On Windope I use EnginSite PHP Editor, which is an awesome deal for the price although it could use a better implementation of the debugger. I want some PHP geared IDE that has some basic project handling and is easily linked to the Apachefriends XAMPP or comes with its own built-in server (like the EnginSite editor). The debugger capabilities should allow for running an entire set of scripts in debug mode and offer the capabilities of break points and watches. I looked at xored's Eclipse based system and since I can't figure anything out it strikes me as not very intuitive, maybe it requires more studies than the basic manual. Also, it doesn't have to be for free, but also should not be as expensive as Zend. Any pointers are greatly appreciated, David _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From codebowl at gmail.com Sat Sep 16 13:43:20 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Sat, 16 Sep 2006 13:43:20 -0400 Subject: [nycphp-talk] PHP IDE for Linux In-Reply-To: <001b01c6d9b6$237938a0$6423a8c0@monsterxp> References: <6.1.2.0.2.20060916090207.02babb10@pop.snet.yahoo.com> <001b01c6d9b6$237938a0$6423a8c0@monsterxp> Message-ID: <8d9a42800609161043r6bf0b688r1aa706878288ece0@mail.gmail.com> Ben, Isnt PHPEd windows only? -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From ramons at gmx.net Sat Sep 16 14:48:50 2006 From: ramons at gmx.net (David Krings) Date: Sat, 16 Sep 2006 14:48:50 -0400 Subject: [nycphp-talk] PHP IDE for Linux In-Reply-To: <8d9a42800609161043r6bf0b688r1aa706878288ece0@mail.gmail.co m> References: <6.1.2.0.2.20060916090207.02babb10@pop.snet.yahoo.com> <001b01c6d9b6$237938a0$6423a8c0@monsterxp> <8d9a42800609161043r6bf0b688r1aa706878288ece0@mail.gmail.com> Message-ID: <6.1.2.0.2.20060916144822.02bfa2d0@pop.gmx.net> No, they also have a Linux version. See http://www.nusphere.com/download.php.ide.htm David At 01:43 PM 9/16/2006, you wrote: >Ben, > >Isnt PHPEd windows only? > >-- From codebowl at gmail.com Sat Sep 16 15:18:39 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Sat, 16 Sep 2006 15:18:39 -0400 Subject: [nycphp-talk] PHP IDE for Linux In-Reply-To: <6.1.2.0.2.20060916144822.02bfa2d0@pop.gmx.net> References: <6.1.2.0.2.20060916090207.02babb10@pop.snet.yahoo.com> <001b01c6d9b6$237938a0$6423a8c0@monsterxp> <8d9a42800609161043r6bf0b688r1aa706878288ece0@mail.gmail.com> <6.1.2.0.2.20060916144822.02bfa2d0@pop.gmx.net> Message-ID: <8d9a42800609161218x1f180bc9q71163ac32cecd431@mail.gmail.com> Ah bot no Mac OS X :( -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From benny at hornedo.com Sat Sep 16 16:19:28 2006 From: benny at hornedo.com (Ben Hornedo) Date: Sat, 16 Sep 2006 22:19:28 +0200 Subject: [nycphp-talk] PHP IDE for Linux In-Reply-To: <8d9a42800609161043r6bf0b688r1aa706878288ece0@mail.gmail.com> Message-ID: <000001c6d9cd$6c249e20$b3394605@monsterxp> Sorry, I missed the last half of the question. PHPEd is for Windows only. I have also used Zend Studio (which I use on Linux) and it?s also good. Ben -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Joseph Crawford Sent: Saturday, September 16, 2006 7:43 PM To: NYPHP Talk Subject: Re: [nycphp-talk] PHP IDE for Linux Ben, Isnt PHPEd windows only? -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From jface at mercenarylabs.com Sat Sep 16 18:08:02 2006 From: jface at mercenarylabs.com (jface at mercenarylabs.com) Date: Sat, 16 Sep 2006 18:08:02 -0400 Subject: [nycphp-talk] =?iso-8859-1?q?=28no_subject=29?= In-Reply-To: <6.1.2.0.2.20060916083801.02b47468@pop.snet.yahoo.com> References: <6.1.2.0.2.20060916083801.02b47468@pop.snet.yahoo.com> Message-ID: <021136b714f149d8479b60a1021eb216@localhost> My jscript is a bit rusty, but at the very least you could have your form submit button fire off a javascript function before submitting the form, via an onSubmit event: [CODE] function checkExtension(){ var input = document.formName.fileUploadName.value; if (input.indexOf(".jpg") == -1){ // file isn't a jpg alert("This isn't a jpg!"); } else{ document.formName.submit(); } } [/CODE] Obviously people could still upload fake files by adding a fake extension, so I think ultimately you'd want php to do real filetype checking after submission, just to be safe. I didn't test that script out, so it may require tweaking to work. Hope it helps. Jonathan Face www.mercenarylabs.com On Sat, 16 Sep 2006 08:52:54 -0400, David Krings wrote: > Hi, > > this one is not squarely on topic with PHP, but I will use it with a PHP > script, so hopefully this counts. I like to get some more control over > file > uploads. I am currently working on a small project for managing picture > and > videos for display on the web (yes, I know there are bazillions out there, > > but mine is better ;) ). One adds a picture by uploading the file to > server. I want to filter the upload by file extension on the client side. > The HTML input "file" is implemented quite crappy and leaves the interface > > at the mercy of the browser. Is there any way to get some more smarts into > > the browse box for file uploads? There isn't much merit in having someone > upload a huge file that is clearly not an image just to throw it away. I > tried some of the JavaScripts that I could find on the web, but I have no > clue what they are doing and from my empirical evidence they don't do a > thing, at least not with FiFo. > > Any advice is greatly appreciated. > > David > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From Consult at CovenantEDesign.com Sat Sep 16 19:48:56 2006 From: Consult at CovenantEDesign.com (CED) Date: Sat, 16 Sep 2006 19:48:56 -0400 Subject: [nycphp-talk] (no subject) References: <6.1.2.0.2.20060916083801.02b47468@pop.snet.yahoo.com> <021136b714f149d8479b60a1021eb216@localhost> Message-ID: <001301c6d9ea$ace39b10$07d6f4a7@ced> Your best bet is to alter your PHP.ini for specific files to only allow them to be uploaded, and or to change that ini setting on the page that is performing the upload and then default it back. HTH, Edward JS Prevost II Me at EdwardPrevost.info www.EdwardPrevost.info ----- Original Message ----- From: To: "NYPHP Talk" Sent: Saturday, September 16, 2006 6:08 PM Subject: [nycphp-talk] (no subject) My jscript is a bit rusty, but at the very least you could have your form submit button fire off a javascript function before submitting the form, via an onSubmit event: [CODE] function checkExtension(){ var input = document.formName.fileUploadName.value; if (input.indexOf(".jpg") == -1){ // file isn't a jpg alert("This isn't a jpg!"); } else{ document.formName.submit(); } } [/CODE] Obviously people could still upload fake files by adding a fake extension, so I think ultimately you'd want php to do real filetype checking after submission, just to be safe. I didn't test that script out, so it may require tweaking to work. Hope it helps. Jonathan Face www.mercenarylabs.com On Sat, 16 Sep 2006 08:52:54 -0400, David Krings wrote: > Hi, > > this one is not squarely on topic with PHP, but I will use it with a PHP > script, so hopefully this counts. I like to get some more control over > file > uploads. I am currently working on a small project for managing picture > and > videos for display on the web (yes, I know there are bazillions out there, > > but mine is better ;) ). One adds a picture by uploading the file to > server. I want to filter the upload by file extension on the client side. > The HTML input "file" is implemented quite crappy and leaves the interface > > at the mercy of the browser. Is there any way to get some more smarts into > > the browse box for file uploads? There isn't much merit in having someone > upload a huge file that is clearly not an image just to throw it away. I > tried some of the JavaScripts that I could find on the web, but I have no > clue what they are doing and from my empirical evidence they don't do a > thing, at least not with FiFo. > > Any advice is greatly appreciated. > > David > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From ramons at gmx.net Sat Sep 16 21:43:47 2006 From: ramons at gmx.net (David Krings) Date: Sat, 16 Sep 2006 21:43:47 -0400 Subject: [nycphp-talk] File upload form (was: Re: (no subject)) In-Reply-To: <001301c6d9ea$ace39b10$07d6f4a7@ced> References: <6.1.2.0.2.20060916083801.02b47468@pop.snet.yahoo.com> <021136b714f149d8479b60a1021eb216@localhost> <001301c6d9ea$ace39b10$07d6f4a7@ced> Message-ID: <6.1.2.0.2.20060916201957.02bd1620@pop.gmx.net> That can be done? I guess it can since you mention it as a possible solution. This way I can also set the upload limit on the fly and make it even configurable. I assume I'd use ini_set() for this? I found the setting for the max file uploads and upload limits and execution limits, but which setting would restrict the file types allowed for upload. Would such a change be reflected in the browse box? My guess it not as that browse box is generated by the browser. So what happens when one picks a file with an illegal file extension? Nevertheless, this is awesome! Thank you! At 07:48 PM 9/16/2006, you wrote: >Your best bet is to alter your PHP.ini for specific files to only allow them >to be uploaded, and or to change that ini setting on the page that is >performing the upload and then default it back. > >HTH, From Consult at CovenantEDesign.com Sat Sep 16 22:48:40 2006 From: Consult at CovenantEDesign.com (CED) Date: Sat, 16 Sep 2006 22:48:40 -0400 Subject: [nycphp-talk] File upload form (was: Re: (no subject)) References: <6.1.2.0.2.20060916083801.02b47468@pop.snet.yahoo.com><021136b714f149d8479b60a1021eb216@localhost><001301c6d9ea$ace39b10$07d6f4a7@ced> <6.1.2.0.2.20060916201957.02bd1620@pop.gmx.net> Message-ID: <004501c6da03$c88d2c50$07d6f4a7@ced> I may have been thinking of the Apache Directive... but I'm almost certain a few months ago I dealt with this in the PHP ini file.. 'jpg', 'image/jpeg' => 'jpg', 'image/bmp' => 'bmp', ); if (!array_key_exists($filetype, $file_types)) { echo "Oops, filey typey no worky"; exit; } else { $file_dir = "/path/to/upload/directory/place/"; foreach($_files as $file_name => $file_array) { print "path: ".$file_array['tmp_name']."
\n"; print "name: ".$file_array['name']."
\n"; print "type: ".$file_array['type']."
\n"; print "size: ".$file_array['size']."
\n"; if (is_uploaded_file($file_array['tmp_name'])) { move_uploaded_file($file_array['tmp_name'], "$file_dir/$file_array[name]") or die ("Upload Failed"); echo 'Uploaded!! Woo Hoo!' ; } } } ?> HTH, Edward JS Prevost II Me at EdwardPrevost.info www.EdwardPrevost.info ----- Original Message ----- From: "David Krings" To: "NYPHP Talk" Sent: Saturday, September 16, 2006 9:43 PM Subject: Re: [nycphp-talk] File upload form (was: Re: (no subject)) That can be done? I guess it can since you mention it as a possible solution. This way I can also set the upload limit on the fly and make it even configurable. I assume I'd use ini_set() for this? I found the setting for the max file uploads and upload limits and execution limits, but which setting would restrict the file types allowed for upload. Would such a change be reflected in the browse box? My guess it not as that browse box is generated by the browser. So what happens when one picks a file with an illegal file extension? Nevertheless, this is awesome! Thank you! At 07:48 PM 9/16/2006, you wrote: >Your best bet is to alter your PHP.ini for specific files to only allow them >to be uploaded, and or to change that ini setting on the page that is >performing the upload and then default it back. > >HTH, _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From ramons at gmx.net Sun Sep 17 11:38:12 2006 From: ramons at gmx.net (David Krings) Date: Sun, 17 Sep 2006 11:38:12 -0400 Subject: [nycphp-talk] File upload form (was: Re: (no subject)) In-Reply-To: <004501c6da03$c88d2c50$07d6f4a7@ced> References: <6.1.2.0.2.20060916083801.02b47468@pop.snet.yahoo.com> <021136b714f149d8479b60a1021eb216@localhost> <001301c6d9ea$ace39b10$07d6f4a7@ced> <6.1.2.0.2.20060916201957.02bd1620@pop.gmx.net> <004501c6da03$c88d2c50$07d6f4a7@ced> Message-ID: <6.1.2.0.2.20060917113510.02d5a528@pop.gmx.net> Hi, ah yes, but that check is done after the file is already in temporary storage on the server, means after the HTML form submitted it. That isn't that difficult and I implemented that for now (although I have to admit that your code is half of mine and does the same thing). I want to screen the soon to be uploads before anything gets submitted, which means I need something that works on the client side. Would be nice to have client side PHP scripting... :/ Thanks for the short version. David At 10:48 PM 9/16/2006, you wrote: >I may have been thinking of the Apache Directive... but I'm >almost certain a few months ago I dealt with this in the PHP ini file.. > > >$file_types = array( >'image/pjpeg' => 'jpg', >'image/jpeg' => 'jpg', >'image/bmp' => 'bmp', >); >if (!array_key_exists($filetype, $file_types)) { >echo "Oops, filey typey no worky"; >exit; >} >else >{ >$file_dir = "/path/to/upload/directory/place/"; >foreach($_files as $file_name => $file_array) { >print "path: ".$file_array['tmp_name']."
\n"; >print "name: ".$file_array['name']."
\n"; >print "type: ".$file_array['type']."
\n"; >print "size: ".$file_array['size']."
\n"; >if (is_uploaded_file($file_array['tmp_name'])) { >move_uploaded_file($file_array['tmp_name'], "$file_dir/$file_array[name]") >or die ("Upload Failed"); >echo 'Uploaded!! Woo Hoo!' ; >} >} >} >?> > >HTH, >Edward JS Prevost II >Me at EdwardPrevost.info >www.EdwardPrevost.info > >----- Original Message ----- >From: "David Krings" >To: "NYPHP Talk" >Sent: Saturday, September 16, 2006 9:43 PM >Subject: Re: [nycphp-talk] File upload form (was: Re: (no subject)) > > >That can be done? I guess it can since you mention it as a possible >solution. This way I can also set the upload limit on the fly and make it >even configurable. I assume I'd use ini_set() for this? I found the setting >for the max file uploads and upload limits and execution limits, but which >setting would restrict the file types allowed for upload. Would such a >change be reflected in the browse box? My guess it not as that browse box >is generated by the browser. So what happens when one picks a file with an >illegal file extension? > >Nevertheless, this is awesome! > >Thank you! > > >At 07:48 PM 9/16/2006, you wrote: > >Your best bet is to alter your PHP.ini for specific files to only allow >them > >to be uploaded, and or to change that ini setting on the page that is > >performing the upload and then default it back. > > > >HTH, > >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk > >NYPHPCon 2006 Presentations Online >http://www.nyphpcon.com > >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php > > > >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk > >NYPHPCon 2006 Presentations Online >http://www.nyphpcon.com > >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php From mailinglists at caseysoftware.com Sun Sep 17 12:51:41 2006 From: mailinglists at caseysoftware.com (Keith Casey) Date: Sun, 17 Sep 2006 12:51:41 -0400 Subject: [nycphp-talk] PHP IDE for Linux In-Reply-To: <000001c6d9cd$6c249e20$b3394605@monsterxp> References: <8d9a42800609161043r6bf0b688r1aa706878288ece0@mail.gmail.com> <000001c6d9cd$6c249e20$b3394605@monsterxp> Message-ID: On 9/16/06, Ben Hornedo wrote: > PHPEd is for Windows only. I have also used Zend Studio (which I use on > Linux) and it's also good. I tried using Zend Studio without much success. I have a number of ongoing projects and importing a "project" didn't go smoothly. It just didn't want to pull in all of my files despite telling it to pull a directory recursively or even dragging and dropping. It was disappointing because it was actually useful editing files, etc. I tried out Komodo for a weekend and liked it but my eval ran out before I got back to it. So in the meantime, I'm back to Eclipse with a bit of Dreamweaver on occassion. -- D. Keith Casey Jr. CEO, CaseySoftware, LLC http://CaseySoftware.com From ps at pswebcode.com Sun Sep 17 14:10:40 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Sun, 17 Sep 2006 14:10:40 -0400 Subject: [nycphp-talk] Apache 2.2.3 and PHP 5.1.6 Install Failures on Windows XP Message-ID: <000001c6da84$961ed8a0$6701a8c0@SUNCODE1> Can anyone tell me what combination of PHP 5.x and Apache 2.x they have been able to successfully install on Windows XP, without going through the issues noted below: Got a new laptop. I'm doing a latest Apache/MySQL/PHP install on Windows XP. On starting Apache without the PHP 5 LoadModule directives, all systems are go and I am serving non-PHP web pages live from localhost. On starting Apache with the PHP 5 LoadModule, Apache fails to start, throwing an error like: "httpd.exe: Syntax error on line 116 of C:/Program Files/Apache Software Foundati on/Apache2.2/conf/httpd.conf: Cannot load C:/PHP/php5apache2.dll into server:" Is this a known issue to you? Has anyone bested this installation error state? Has anyone had to look at and follow the php.net User Contributed Notes here: http://us3.php.net/manual/en/install.windows.apache2.php Has anyone had to download this set of files and follow the suggested directions at: http://www.apachelounge.com/download/php5apache2.dll-php5.1.x.zip ...where one overwrites the original "php5apache2.dll" with a new one among other steps? ____________________________ My personal Apache 2.2.3 and PHP 5.1.6 installation effort details include: Using Apache 2.2.3 and loading PHP 5 as a module with these directives in http.conf: LoadModule php5_module "C:/PHP/php5apache2.dll" AddType application/x-httpd-php .php PHPIniDir "C:/PHP" Installed PHP 5.1.6 to C:\PHP. Added the C:\PHP path to the System environment variables. Added new environmant variable PHPRC = "C:\PHP" Warmest regards, Peter Sawczynec Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management 646.316.3678 ps at pswebcode.com www.pswebcode.com From tgales at tgaconnect.com Sun Sep 17 14:39:33 2006 From: tgales at tgaconnect.com (Tim Gales) Date: Sun, 17 Sep 2006 14:39:33 -0400 Subject: [nycphp-talk] Apache 2.2.3 and PHP 5.1.6 Install Failures on Windows XP In-Reply-To: <000001c6da84$961ed8a0$6701a8c0@SUNCODE1> References: <000001c6da84$961ed8a0$6701a8c0@SUNCODE1> Message-ID: <450D9665.6060403@tgaconnect.com> Peter Sawczynec wrote: > Can anyone tell me what combination of PHP 5.x and Apache 2.x they have been > able to > successfully install on Windows XP [snip] PHP Version 5.1.6 (PHP API 20041225) (PHP Extension 20050922) (Zend Extension 220051025) (Build Date Aug 23 2006 16:31:18) Apache/2.0.55 (Win32) PHP/5.1.6 (Apache API Version 20020903) > > On starting Apache with the PHP 5 LoadModule, Apache fails to start, > throwing an error like: > "httpd.exe: Syntax error on line 116 of C:/Program Files/Apache Software > Foundati > on/Apache2.2/conf/httpd.conf: Cannot load C:/PHP/php5apache2.dll into > server:" You checked whether the php5apache2.dll file exists in C:\PHP, right? This seems to be the most likely cause of your problem. -- T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From ps at pswebcode.com Sun Sep 17 14:52:35 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Sun, 17 Sep 2006 14:52:35 -0400 Subject: [nycphp-talk] Apache 2.2.3 and PHP 5.1.6 Install Failures on Windows XP In-Reply-To: <450D9665.6060403@tgaconnect.com> Message-ID: <000001c6da8a$70e5d3d0$6701a8c0@SUNCODE1> As it turns out, the latest combination of PHP and Apache that works is: Apache 2.2.3 and PHP 5.2 If one wants to use any Apache version higher than Apache 2.0.x (like I was using Apache 2.2.3) then one must download the most recent snapshot of PHP, that is PHP 5.2 available at this php.net sanpshots downloads page: http://snaps.php.net/ I've done the above, updated my Apache .conf to point to the newer, correct PHP 5.2 .dll called: php5apache2_2.dll Already up and running. Thank you all. Peter -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Tim Gales Sent: Sunday, September 17, 2006 2:40 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Apache 2.2.3 and PHP 5.1.6 Install Failures on Windows XP Peter Sawczynec wrote: > Can anyone tell me what combination of PHP 5.x and Apache 2.x they have been > able to > successfully install on Windows XP [snip] PHP Version 5.1.6 (PHP API 20041225) (PHP Extension 20050922) (Zend Extension 220051025) (Build Date Aug 23 2006 16:31:18) Apache/2.0.55 (Win32) PHP/5.1.6 (Apache API Version 20020903) > > On starting Apache with the PHP 5 LoadModule, Apache fails to start, > throwing an error like: > "httpd.exe: Syntax error on line 116 of C:/Program Files/Apache Software > Foundati > on/Apache2.2/conf/httpd.conf: Cannot load C:/PHP/php5apache2.dll into > server:" You checked whether the php5apache2.dll file exists in C:\PHP, right? This seems to be the most likely cause of your problem. -- T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From jonbaer at jonbaer.com Sun Sep 17 15:08:28 2006 From: jonbaer at jonbaer.com (Jon Baer) Date: Sun, 17 Sep 2006 15:08:28 -0400 Subject: [nycphp-talk] Apache 2.2.3 and PHP 5.1.6 Install Failures on Windows XP In-Reply-To: <000001c6da8a$70e5d3d0$6701a8c0@SUNCODE1> References: <000001c6da8a$70e5d3d0$6701a8c0@SUNCODE1> Message-ID: <2AC51BD6-C1BA-45AA-9E91-AABD41699D57@jonbaer.com> Interesting ... I wonder how XAMPP gets around it ... http://www.apachefriends.org/en/xampp-windows.html Have you tried that package before? - Jon On Sep 17, 2006, at 2:52 PM, Peter Sawczynec wrote: > As it turns out, the latest combination of PHP and Apache that > works is: > > Apache 2.2.3 and PHP 5.2 > > > If one wants to use any Apache version higher than Apache 2.0.x > (like I was using Apache 2.2.3) then one must download the most recent > snapshot of PHP, that is PHP 5.2 available at this php.net sanpshots > downloads page: > > http://snaps.php.net/ > > I've done the above, updated my Apache .conf to point to the newer, > correct PHP 5.2 .dll called: php5apache2_2.dll > > Already up and running. Thank you all. > > Peter > > > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk- > bounces at lists.nyphp.org] On > Behalf Of Tim Gales > Sent: Sunday, September 17, 2006 2:40 PM > To: NYPHP Talk > Subject: Re: [nycphp-talk] Apache 2.2.3 and PHP 5.1.6 Install > Failures on > Windows XP > > > Peter Sawczynec wrote: >> Can anyone tell me what combination of PHP 5.x and Apache 2.x they >> have > been >> able to >> successfully install on Windows XP > [snip] > PHP Version 5.1.6 > (PHP API 20041225) > (PHP Extension 20050922) > (Zend Extension 220051025) > (Build Date Aug 23 2006 16:31:18) > > Apache/2.0.55 (Win32) PHP/5.1.6 > (Apache API Version 20020903) > >> >> On starting Apache with the PHP 5 LoadModule, Apache fails to start, >> throwing an error like: >> "httpd.exe: Syntax error on line 116 of C:/Program Files/Apache >> Software >> Foundati >> on/Apache2.2/conf/httpd.conf: Cannot load C:/PHP/php5apache2.dll into >> server:" > > You checked whether the php5apache2.dll file exists in C:\PHP, > right? > This seems to be the most likely cause of your problem. > > -- > > T. Gales & Associates > 'Helping People Connect with Technology' > > http://www.tgaconnect.com > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From ps at pswebcode.com Sun Sep 17 15:17:53 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Sun, 17 Sep 2006 15:17:53 -0400 Subject: [nycphp-talk] Apache 2.2.3 and PHP 5.1.6 Install Failures onWindows XP In-Reply-To: <2AC51BD6-C1BA-45AA-9E91-AABD41699D57@jonbaer.com> Message-ID: <000101c6da8d$f990d420$6701a8c0@SUNCODE1> I've looked at and installed XAMPP and a few others but I always fall back to the more streamlined ala carte installs because it is usually very enlightening. I do installs for clients and any previous experience always proves invaluable. Peter -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Jon Baer Sent: Sunday, September 17, 2006 3:08 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Apache 2.2.3 and PHP 5.1.6 Install Failures onWindows XP Interesting ... I wonder how XAMPP gets around it ... http://www.apachefriends.org/en/xampp-windows.html Have you tried that package before? - Jon On Sep 17, 2006, at 2:52 PM, Peter Sawczynec wrote: > As it turns out, the latest combination of PHP and Apache that > works is: > > Apache 2.2.3 and PHP 5.2 > > > If one wants to use any Apache version higher than Apache 2.0.x > (like I was using Apache 2.2.3) then one must download the most recent > snapshot of PHP, that is PHP 5.2 available at this php.net sanpshots > downloads page: > > http://snaps.php.net/ > > I've done the above, updated my Apache .conf to point to the newer, > correct PHP 5.2 .dll called: php5apache2_2.dll > > Already up and running. Thank you all. > > Peter > > > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk- > bounces at lists.nyphp.org] On > Behalf Of Tim Gales > Sent: Sunday, September 17, 2006 2:40 PM > To: NYPHP Talk > Subject: Re: [nycphp-talk] Apache 2.2.3 and PHP 5.1.6 Install > Failures on > Windows XP > > > Peter Sawczynec wrote: >> Can anyone tell me what combination of PHP 5.x and Apache 2.x they >> have > been >> able to >> successfully install on Windows XP > [snip] > PHP Version 5.1.6 > (PHP API 20041225) > (PHP Extension 20050922) > (Zend Extension 220051025) > (Build Date Aug 23 2006 16:31:18) > > Apache/2.0.55 (Win32) PHP/5.1.6 > (Apache API Version 20020903) > >> >> On starting Apache with the PHP 5 LoadModule, Apache fails to start, >> throwing an error like: >> "httpd.exe: Syntax error on line 116 of C:/Program Files/Apache >> Software >> Foundati >> on/Apache2.2/conf/httpd.conf: Cannot load C:/PHP/php5apache2.dll into >> server:" > > You checked whether the php5apache2.dll file exists in C:\PHP, > right? > This seems to be the most likely cause of your problem. > > -- > > T. Gales & Associates > 'Helping People Connect with Technology' > > http://www.tgaconnect.com > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From ramons at gmx.net Sun Sep 17 15:51:17 2006 From: ramons at gmx.net (David Krings) Date: Sun, 17 Sep 2006 15:51:17 -0400 Subject: [nycphp-talk] Apache 2.2.3 and PHP 5.1.6 Install Failures on Windows XP In-Reply-To: <000001c6da84$961ed8a0$6701a8c0@SUNCODE1> References: <000001c6da84$961ed8a0$6701a8c0@SUNCODE1> Message-ID: <6.1.2.0.2.20060917154650.02c4db48@pop.gmx.net> At 02:10 PM 9/17/2006, you wrote: >Can anyone tell me what combination of PHP 5.x and Apache 2.x they have been >able to >successfully install on Windows XP, without going through the issues noted >below: I use the route of least resistance and make use of apachefriends.org XAMPP. Just installed it today on a box without a problem. It wasn't XP. I don't use XP since it breaks quite some stuff, takes double the space and lets you do half the stuff compared to W2k. Especially SP2 malicously broke Flash, which caused me a lot of trouble at work and many complaining customers. XP sucks and from what I've seen in Vista RC1 it gets even worse. IMHO W2k is the only usable Windope version. Microsoft must have bought it from someone. www.apachefriends.org will for sure get you closer to where you want to go. David Krings From lists at genoverly.net Mon Sep 18 07:16:30 2006 From: lists at genoverly.net (michael) Date: Mon, 18 Sep 2006 07:16:30 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: <20060914083720.543b9371@wit.genoverly.com> References: <20060914083720.543b9371@wit.genoverly.com> Message-ID: <20060918071630.7d126425@wit.genoverly.com> Everybody is getting in the act. The Common Vulnerabilities and Exposures (CVE) project sites PHP as the root of problems. They must have read this thread...[grin] A draft report on the latest numbers from the vulnerability database found that 4,375 security issues had so far been cataloged in the first nine months of 2006, just shy of the 4,538 issues documented last year. The data shows that web flaws have continued their meteoric rise since 2005, capturing the top-three spots on the list of most common vulnerabilities. http://www.theregister.com/2006/09/18/web_vulnerabilties/ -- Michael From rotsen at gmail.com Mon Sep 18 10:45:30 2006 From: rotsen at gmail.com (=?ISO-8859-1?Q?N=E9stor?=) Date: Mon, 18 Sep 2006 07:45:30 -0700 Subject: [nycphp-talk] Apache 2.2.3 and PHP 5.1.6 Install Failures on Windows XP In-Reply-To: <6.1.2.0.2.20060917154650.02c4db48@pop.gmx.net> References: <000001c6da84$961ed8a0$6701a8c0@SUNCODE1> <6.1.2.0.2.20060917154650.02c4db48@pop.gmx.net> Message-ID: I just install over the weekend the latest apache 2.0.? and the latest PHP and Mysql and had no problems. Well the only problems I had is that I had to install the mysql.dll and mysqli.dll from mysql.com After that everything work. N?stor :-) On 9/17/06, David Krings wrote: > > At 02:10 PM 9/17/2006, you wrote: > >Can anyone tell me what combination of PHP 5.x and Apache 2.x they have > been > >able to > >successfully install on Windows XP, without going through the issues > noted > >below: > > > I use the route of least resistance and make use of apachefriends.org > XAMPP. Just installed it today on a box without a problem. It wasn't XP. > I don't use XP since it breaks quite some stuff, takes double the > space and lets you do half the stuff compared to W2k. Especially SP2 > malicously broke Flash, which caused me a lot of trouble at work and many > complaining customers. XP sucks and from what I've seen in Vista RC1 it > gets even worse. IMHO W2k is the only usable Windope version. Microsoft > must have bought it from someone. > > www.apachefriends.org will for sure get you closer to where you want to > go. > > > David Krings > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From chsnyder at gmail.com Mon Sep 18 10:58:06 2006 From: chsnyder at gmail.com (csnyder) Date: Mon, 18 Sep 2006 10:58:06 -0400 Subject: [nycphp-talk] PHP IDE for Linux In-Reply-To: References: <8d9a42800609161043r6bf0b688r1aa706878288ece0@mail.gmail.com> <000001c6d9cd$6c249e20$b3394605@monsterxp> Message-ID: On 9/17/06, Keith Casey wrote: > I tried using Zend Studio without much success. I have a number of > ongoing projects and importing a "project" didn't go smoothly. It > just didn't want to pull in all of my files despite telling it to pull > a directory recursively or even dragging and dropping. That's odd. I've been using ZDE on Linux for the last year or so, and haven't had trouble importing files. Random non-responsiveness, which I chalk up to using it over a remote X-windows session, but not file problems. -- Chris Snyder http://chxo.com/ From dlmerryweather at gmail.com Mon Sep 18 11:03:49 2006 From: dlmerryweather at gmail.com (David Merryweather) Date: Mon, 18 Sep 2006 10:03:49 -0500 Subject: [nycphp-talk] PHP IDE for Linux In-Reply-To: References: <8d9a42800609161043r6bf0b688r1aa706878288ece0@mail.gmail.com> <000001c6d9cd$6c249e20$b3394605@monsterxp> Message-ID: <793b2bec0609180803x4b883bcas994dd039a1f2e0f2@mail.gmail.com> I use KDevelop with good luck. Some don't like its simplicity, but hey, I revel in this fact :-) D. On 9/18/06, csnyder wrote: > On 9/17/06, Keith Casey wrote: > > > I tried using Zend Studio without much success. I have a number of > > ongoing projects and importing a "project" didn't go smoothly. It > > just didn't want to pull in all of my files despite telling it to pull > > a directory recursively or even dragging and dropping. > > That's odd. I've been using ZDE on Linux for the last year or so, and > haven't had trouble importing files. Random non-responsiveness, which > I chalk up to using it over a remote X-windows session, but not file > problems. > > > -- > Chris Snyder > http://chxo.com/ > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From jbaer at VillageVoice.com Mon Sep 18 11:55:10 2006 From: jbaer at VillageVoice.com (Baer, Jon) Date: Mon, 18 Sep 2006 11:55:10 -0400 Subject: [nycphp-talk] Frameworks under Subversion control ... In-Reply-To: <4509FBD8.1070206@aeso.org> Message-ID: <4D2FAD9B00577645932AD7ED5FECA24503548956@mail> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have a question on how others are handling their 3rd party frameworks ... Specifically the ones under some type of version control (and when your code itself is under version control). There was a recent security fix for CakePHP and an ~svn up~ provided the quickest way to get to the fix*. The problem w/ this is that there are potentials for breakage under your unit tests (or just your code if you don't do test cases). If you have a lot of code between the revisions of your last framework update it can be cumbersome to check everything. Would tagging your code based on major framework updates (1.x.x.x) be the best solution in case something goes awry? Im also thinking of symlinking across the framework versions as another alternative ... Just wondering how others might be handling it ... - - Jon *On a side note Ive heard of mixed effects of using svn:externals (albeit an svn upgrade, etc) and still not sure if it is the best option. - -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Rick Olson Sent: Thursday, September 14, 2006 9:03 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Cake v. Symfony [CodeIgniter?] Sorry for this incredibly short answer, but I'm a tad rushed... ( so no reasoning either =( ) We use Symfony at my company. Large scale, high traffic. It's a bit buggy, a lot bloated, and the slowest thing I've seen in some time. I don't recommend porting over to it. Sorry :\ One really big reason for this is their use of ORMs. If you just avoided Propel or their soon to be Doctrine (maybe?) implementation, Symfony would probably go quite a bit faster. Also note that they are still not at 1.0, and their API changes and they aren't even expected to maintain much backward compat. at this point. Adopting it in a critical environment is probably not a good idea, at least not until they hit 1.0 and start making promises about maintaining as much BC as possible, etc.. On a positive note, their code is incredibly clean, documented, and elegant. HTH, Rick Ajai Khattri wrote: > Daniel Krook wrote: > >> I'm evaluating CodeIgniter for a brand new project. It seems to be a >> fairly new MVC framework and came recommended by some coworkers. It >> seems to position itself directly against CakePHP and model itself on >> Rails. Can anyone give a thumbs up or down? >> > > I have a colleague who also chose to check out CodeIgniter - what are > your impressions of it? > > I would also like to know if anyone is using any of these frameworks > in a large-scale and/or high-traffic web site? Was your framework of > choice easy to scale? Any used more than one framework and make a few comparisons? > > I may have an opportunity to work on a major web site (porting their > existing application from Perl to PHP) and Im told they are very much > into "frameworks" so now Im wondering if anyone has some empirical > analysis of the strengths and weaknesses when applied to large web sites? > > > Funny: back in the 90s I was porting C applications to perl... ;-) > > > _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) iD8DBQFFDsFe99e5DI8C/rsRAuEPAKC0vEgTQoYC1J4DwSJyk0fKJwkEcACg2B5n LFkaSuy977jn0E9w54Emgbs= =zsam -----END PGP SIGNATURE----- From rmarscher at beaffinitive.com Mon Sep 18 11:57:26 2006 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Mon, 18 Sep 2006 11:57:26 -0400 Subject: [nycphp-talk] PHP IDE for Linux In-Reply-To: <6.1.2.0.2.20060916090207.02babb10@pop.snet.yahoo.com> References: <6.1.2.0.2.20060916090207.02babb10@pop.snet.yahoo.com> Message-ID: <450EC1E6.4010703@beaffinitive.com> I don't think anyone mentioned Zend's free PHP IDE for Eclipse. I haven't tried xored's Eclipse system... so not sure how it compares. PHP IDE hasn't gotten to 1.0 yet... I think 0.2.3 is the latest... pretty good for a free IDE I think. Hogs memory though... It will work on 512MB but having a gig or more will let you have some extra memory for other apps. David Krings wrote: > Hi, > > does anyone have a good recommendation for a PHP IDE for Linux? On Windope > I use EnginSite PHP Editor, which is an awesome deal for the price although > it could use a better implementation of the debugger. I want some PHP > geared IDE that has some basic project handling and is easily linked to the > Apachefriends XAMPP or comes with its own built-in server (like the > EnginSite editor). The debugger capabilities should allow for running an > entire set of scripts in debug mode and offer the capabilities of break > points and watches. > I looked at xored's Eclipse based system and since I can't figure anything > out it strikes me as not very intuitive, maybe it requires more studies > than the basic manual. Also, it doesn't have to be for free, but also > should not be as expensive as Zend. > > Any pointers are greatly appreciated, > > David > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > -- Rob Marscher Software Engineer rmarscher at beaffinitive.com 212.684.9100x17 From ajai at bitblit.net Mon Sep 18 12:40:21 2006 From: ajai at bitblit.net (Ajai Khattri) Date: Mon, 18 Sep 2006 12:40:21 -0400 Subject: [nycphp-talk] Cake v. Symfony [CodeIgniter?] In-Reply-To: <4509FBD8.1070206@aeso.org> References: <4509CE9B.9070202@bitblit.net> <4509FBD8.1070206@aeso.org> Message-ID: <450ECBF5.5040405@bitblit.net> Rick Olson wrote: > We use Symfony at my company. Large scale, high traffic. It's a bit > buggy, a lot bloated, and the slowest thing I've seen in some time. Is this something you inherited or did someone higher up decide that Symfony was the best way to go? -- A From codebowl at gmail.com Mon Sep 18 13:17:24 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Mon, 18 Sep 2006 13:17:24 -0400 Subject: [nycphp-talk] SSL Socket Connections with OpenSSL Message-ID: <8d9a42800609181017k21fd39c9o3d45a8920af2d9b1@mail.gmail.com> Hello Everyone, I am looking to make a connection to an SSL server via PHP sockets. I have been looking and found that openssl_ has to be compiled into php. What i am looking to do is create a connection with an SSL IRCD server. I am quite unsure how to use OpenSSL with PHP and would like to know if anyone here can recommend a good book/tutorial which would get me up to speed. -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael.southwell at nyphp.org Mon Sep 18 13:44:27 2006 From: michael.southwell at nyphp.org (Michael Southwell) Date: Mon, 18 Sep 2006 13:44:27 -0400 Subject: [nycphp-talk] SSL Socket Connections with OpenSSL In-Reply-To: <8d9a42800609181017k21fd39c9o3d45a8920af2d9b1@mail.gmail.co m> References: <8d9a42800609181017k21fd39c9o3d45a8920af2d9b1@mail.gmail.com> Message-ID: <6.2.3.4.2.20060918134334.0281be60@pop.nyphp.com> At 01:17 PM 9/18/2006, you wrote: >Hello Everyone, > >I am looking to make a connection to an SSL server via PHP >sockets. I have been looking and found that openssl_ has to be >compiled into php. What i am looking to do is create a connection >with an SSL IRCD server. >I am quite unsure how to use OpenSSL with PHP and would like to know >if anyone here can recommend a good book/tutorial which would get me >up to speed. Chapter 7 of Pro PHP Security (Apress) deals with this issue but may not be focused on your precise needs. Michael Southwell, Vice President for Education New York PHP http://www.nyphp.com/training - In-depth PHP Training Courses From adlermedrado at gmail.com Mon Sep 18 14:12:30 2006 From: adlermedrado at gmail.com (Adler Medrado) Date: Mon, 18 Sep 2006 15:12:30 -0300 Subject: [nycphp-talk] PHP IDE for Linux In-Reply-To: <450EC1E6.4010703@beaffinitive.com> References: <6.1.2.0.2.20060916090207.02babb10@pop.snet.yahoo.com> <450EC1E6.4010703@beaffinitive.com> Message-ID: I like the JEdit with the PHPParser Plugin. It's not a IDE but it is good for me. Zend's PHP IDE is good but it have a lot of bugs (of course, it is only a preview yet). adler medrado -- Nesher Technologies Bras?lia, DF, Brasil. http://www.neshertech.net http://adler.neshertech.net On 9/18/06, Rob Marscher wrote: > > I don't think anyone mentioned Zend's free PHP IDE for Eclipse. I > haven't tried xored's Eclipse system... so not sure how it compares. > PHP IDE hasn't gotten to 1.0 yet... I think 0.2.3 is the latest... > pretty good for a free IDE I think. Hogs memory though... It will work > on 512MB but having a gig or more will let you have some extra memory > for other apps. > > David Krings wrote: > > Hi, > > > > does anyone have a good recommendation for a PHP IDE for Linux? On > Windope > > I use EnginSite PHP Editor, which is an awesome deal for the price > although > > it could use a better implementation of the debugger. I want some PHP > > geared IDE that has some basic project handling and is easily linked to > the > > Apachefriends XAMPP or comes with its own built-in server (like the > > EnginSite editor). The debugger capabilities should allow for running an > > entire set of scripts in debug mode and offer the capabilities of break > > points and watches. > > I looked at xored's Eclipse based system and since I can't figure > anything > > out it strikes me as not very intuitive, maybe it requires more studies > > than the basic manual. Also, it doesn't have to be for free, but also > > should not be as expensive as Zend. > > > > Any pointers are greatly appreciated, > > > > David > > > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > > > > -- > Rob Marscher > Software Engineer > rmarscher at beaffinitive.com > 212.684.9100x17 > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From max.goldberg at gmail.com Mon Sep 18 15:02:26 2006 From: max.goldberg at gmail.com (max goldberg) Date: Mon, 18 Sep 2006 15:02:26 -0400 Subject: [nycphp-talk] PHP IDE for Linux In-Reply-To: <6.1.2.0.2.20060916090207.02babb10@pop.snet.yahoo.com> References: <6.1.2.0.2.20060916090207.02babb10@pop.snet.yahoo.com> Message-ID: <87e6ded30609181202x46a4baf1pcca2a39835a69bca@mail.gmail.com> Emacs in c++ mode ;) On 9/16/06, David Krings wrote: > Hi, > > does anyone have a good recommendation for a PHP IDE for Linux? On Windope > I use EnginSite PHP Editor, which is an awesome deal for the price although > it could use a better implementation of the debugger. I want some PHP > geared IDE that has some basic project handling and is easily linked to the > Apachefriends XAMPP or comes with its own built-in server (like the > EnginSite editor). The debugger capabilities should allow for running an > entire set of scripts in debug mode and offer the capabilities of break > points and watches. > I looked at xored's Eclipse based system and since I can't figure anything > out it strikes me as not very intuitive, maybe it requires more studies > than the basic manual. Also, it doesn't have to be for free, but also > should not be as expensive as Zend. > > Any pointers are greatly appreciated, > > David > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From KLOPP.GEO at YAHOO.COM Mon Sep 18 18:23:52 2006 From: KLOPP.GEO at YAHOO.COM (Stefan Klopp) Date: Mon, 18 Sep 2006 15:23:52 -0700 (PDT) Subject: [nycphp-talk] SSL Connection causes data errors. Message-ID: <20060918222352.75514.qmail@web37910.mail.mud.yahoo.com> Hi, I was wondering if anyone has experienced this before. I am connecting to an IIS server over HTTPS using pfsockopen and am getting xml data returned. Now when I open the URL in a browser the XML is returned fine without a problem. However when using PHP part of the XML is all messed up, data is moved around it appears and it messes up the XML. I am getting an error at the end of my request to the server: PHP Warning: fread(): SSL: fatal protocol error in ... However from what I read that error deals with the closing of the connection. Any help would be very appreciated. Stefan __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From dcech at phpwerx.net Mon Sep 18 19:00:04 2006 From: dcech at phpwerx.net (Dan Cech) Date: Mon, 18 Sep 2006 19:00:04 -0400 Subject: [nycphp-talk] Frameworks under Subversion control ... In-Reply-To: <4D2FAD9B00577645932AD7ED5FECA24503548956@mail> References: <4D2FAD9B00577645932AD7ED5FECA24503548956@mail> Message-ID: <450F24F4.60501@phpwerx.net> Baer, Jon wrote: > I have a question on how others are handling their 3rd party frameworks > ... Specifically the ones under some type of version control (and when > your code itself is under version control). There was a recent security > fix for CakePHP and an ~svn up~ provided the quickest way to get to the > fix*. I've had pretty good results using vendor branches to manage customised versions of upstream software. http://svnbook.red-bean.com/en/1.2/svn.advanced.vendorbr.html Once you get the hang of things it makes management pretty simple, essentially all you're doing is maintaining a local mirror of the upstream source, then merging it into your repository whenever you want to update to the latest versions from upstream. Dan > The problem w/ this is that there are potentials for breakage under your > unit tests (or just your code if you don't do test cases). If you have > a lot of code between the revisions of your last framework update it can > be cumbersome to check everything. > > Would tagging your code based on major framework updates (1.x.x.x) be > the best solution in case something goes awry? > > Im also thinking of symlinking across the framework versions as another > alternative ... Just wondering how others might be handling it ... > > - Jon > > *On a side note Ive heard of mixed effects of using svn:externals > (albeit an svn upgrade, etc) and still not sure if it is the best > option. From chsnyder at gmail.com Mon Sep 18 20:53:58 2006 From: chsnyder at gmail.com (csnyder) Date: Mon, 18 Sep 2006 20:53:58 -0400 Subject: [nycphp-talk] SSL Connection causes data errors. In-Reply-To: <20060918222352.75514.qmail@web37910.mail.mud.yahoo.com> References: <20060918222352.75514.qmail@web37910.mail.mud.yahoo.com> Message-ID: On 9/18/06, Stefan Klopp wrote: > Hi, > > I was wondering if anyone has experienced this before. > I am connecting to an IIS server over HTTPS using > pfsockopen and am getting xml data returned. Now when > I open the URL in a browser the XML is returned fine > without a problem. However when using PHP part of the > XML is all messed up, data is moved around it appears > and it messes up the XML. Could this be a chunked encoding problem? If IIS is returning the response with Transfer-Encoding: chunked, you'll need to decode it. See the discussion at http://php.net/fsockopen -- Chris Snyder http://chxo.com/ From greg.rundlett at gmail.com Mon Sep 18 22:05:44 2006 From: greg.rundlett at gmail.com (Greg Rundlett) Date: Mon, 18 Sep 2006 22:05:44 -0400 Subject: [nycphp-talk] Frameworks under Subversion control ... In-Reply-To: <450F24F4.60501@phpwerx.net> References: <4D2FAD9B00577645932AD7ED5FECA24503548956@mail> <450F24F4.60501@phpwerx.net> Message-ID: <5e2aaca40609181905v2fa81f98i5cfff7811863897a@mail.gmail.com> On 9/18/06, Dan Cech wrote: > Baer, Jon wrote: > > I have a question on how others are handling their 3rd party frameworks > > ... Specifically the ones under some type of version control (and when > > your code itself is under version control). There was a recent security > > fix for CakePHP and an ~svn up~ provided the quickest way to get to the > > fix*. > > I've had pretty good results using vendor branches to manage customised > versions of upstream software. > > http://svnbook.red-bean.com/en/1.2/svn.advanced.vendorbr.html > > Once you get the hang of things it makes management pretty simple, > essentially all you're doing is maintaining a local mirror of the > upstream source, then merging it into your repository whenever you want > to update to the latest versions from upstream. > > Dan And here is another writeup i just found recently while pondering this question. It is based on the Subversion book so it is not different or unique; provided only because it might offer some clarification on the technique. http://www.cleversafe.org/wiki/Third-Party_Sources > > > The problem w/ this is that there are potentials for breakage under your > > unit tests (or just your code if you don't do test cases). If you have > > a lot of code between the revisions of your last framework update it can > > be cumbersome to check everything. > > > > Would tagging your code based on major framework updates (1.x.x.x) be > > the best solution in case something goes awry? > > > > Im also thinking of symlinking across the framework versions as another > > alternative ... Just wondering how others might be handling it ... > > > > - Jon > > > > *On a side note Ive heard of mixed effects of using svn:externals > > (albeit an svn upgrade, etc) and still not sure if it is the best > > option. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From greg.rundlett at gmail.com Mon Sep 18 22:11:03 2006 From: greg.rundlett at gmail.com (Greg Rundlett) Date: Mon, 18 Sep 2006 22:11:03 -0400 Subject: [nycphp-talk] PHP IDE for Linux In-Reply-To: <87e6ded30609181202x46a4baf1pcca2a39835a69bca@mail.gmail.com> References: <6.1.2.0.2.20060916090207.02babb10@pop.snet.yahoo.com> <87e6ded30609181202x46a4baf1pcca2a39835a69bca@mail.gmail.com> Message-ID: <5e2aaca40609181911g77cf2eat37486deb00fe273b@mail.gmail.com> quanta+ has always been my FOSS software favorite PHP editor http://kdewebdev.org/ http://quanta.kdewebdev.org/ From jbaer at VillageVoice.com Tue Sep 19 09:26:40 2006 From: jbaer at VillageVoice.com (Baer, Jon) Date: Tue, 19 Sep 2006 09:26:40 -0400 Subject: [nycphp-talk] Frameworks under Subversion control ... References: <4D2FAD9B00577645932AD7ED5FECA24503548956@mail><450F24F4.60501@phpwerx.net> <5e2aaca40609181905v2fa81f98i5cfff7811863897a@mail.gmail.com> Message-ID: <4D2FAD9B00577645932AD7ED5FECA245029395F0@mail> Good stuff .. thanks guys .. - Jon -----Original Message----- From: talk-bounces at lists.nyphp.org on behalf of Greg Rundlett Sent: Mon 9/18/2006 10:05 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Frameworks under Subversion control ... On 9/18/06, Dan Cech wrote: > Baer, Jon wrote: > > I have a question on how others are handling their 3rd party frameworks > > ... Specifically the ones under some type of version control (and when > > your code itself is under version control). There was a recent security > > fix for CakePHP and an ~svn up~ provided the quickest way to get to the > > fix*. > > I've had pretty good results using vendor branches to manage customised > versions of upstream software. > > http://svnbook.red-bean.com/en/1.2/svn.advanced.vendorbr.html > > Once you get the hang of things it makes management pretty simple, > essentially all you're doing is maintaining a local mirror of the > upstream source, then merging it into your repository whenever you want > to update to the latest versions from upstream. > > Dan And here is another writeup i just found recently while pondering this question. It is based on the Subversion book so it is not different or unique; provided only because it might offer some clarification on the technique. http://www.cleversafe.org/wiki/Third-Party_Sources > > > The problem w/ this is that there are potentials for breakage under your > > unit tests (or just your code if you don't do test cases). If you have > > a lot of code between the revisions of your last framework update it can > > be cumbersome to check everything. > > > > Would tagging your code based on major framework updates (1.x.x.x) be > > the best solution in case something goes awry? > > > > Im also thinking of symlinking across the framework versions as another > > alternative ... Just wondering how others might be handling it ... > > > > - Jon > > > > *On a side note Ive heard of mixed effects of using svn:externals > > (albeit an svn upgrade, etc) and still not sure if it is the best > > option. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 4033 bytes Desc: not available URL: From KLOPP.GEO at YAHOO.COM Tue Sep 19 12:35:25 2006 From: KLOPP.GEO at YAHOO.COM (Stefan) Date: Tue, 19 Sep 2006 09:35:25 -0700 (PDT) Subject: [nycphp-talk] SSL Connection causes data errors. In-Reply-To: Message-ID: <20060919163526.57699.qmail@web37905.mail.mud.yahoo.com> OK I checked the response and it is not chunked. Most of the XML being returned is actually fine, it is just in certain spots data in in the wrong place. Here is the header information from the IIS server if that helps at all: HTTP/1.1 200 OK Connection: close Date: Tue, 19 Sep 2006 16:36:59 GMT Server: Microsoft-IIS/6.0 Content-Type:text/html Content-Length: 5609 --- csnyder wrote: > On 9/18/06, Stefan Klopp > wrote: > > Hi, > > > > I was wondering if anyone has experienced this > before. > > I am connecting to an IIS server over HTTPS using > > pfsockopen and am getting xml data returned. Now > when > > I open the URL in a browser the XML is returned > fine > > without a problem. However when using PHP part of > the > > XML is all messed up, data is moved around it > appears > > and it messes up the XML. > > Could this be a chunked encoding problem? If IIS is > returning the > response with Transfer-Encoding: chunked, you'll > need to decode it. > > See the discussion at http://php.net/fsockopen > > -- > Chris Snyder > http://chxo.com/ > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From cliff at pinestream.com Tue Sep 19 16:17:01 2006 From: cliff at pinestream.com (Cliff Hirsch) Date: Tue, 19 Sep 2006 16:17:01 -0400 Subject: [nycphp-talk] Multi-part Email Template System Message-ID: <001f01c6dc28$915c84c0$12a8a8c0@HirschLaptop> As some of you may recall in prior threads, I have been struggling to develop an email template methodology that achieves the following: 1. Supports multi-part emails (both text and html in the same message). 2. Separates email content from the code as much as possible without being a total pig 3. Is simple and easy to modify in the future (shifting templates to a DB, making the text part a template too, hardcoding for speed, reducing the # of include files, etc.) I'm doing this because my system generates numerous custom email messages, each with a unique format and lots of embedded variables, and modifying "embedded" emails is gruesome. Here's what I came up with: An email directory contains a "master" Smarty html template for the main html email look. Each email message than has two files that use the same base name. Example 'order_receipt' would have the following Smarty html template: order_receipt_html.tpl Text function file: order_receipt_text.php -- this has a function named order_receipt that returns the text body and subject line. (This was done to accommodate order_receipt_text.tpl if warranted in the future, but I couldn't see how to get a line break in a text template using Smarty. Also seems like overkill to use Smarty to render a text template.) Here's the "master function": static public function SendEmailTemplate($email, $template, $params) { $subject = ''; $textbody = ''; $htmlbody = ''; // fetch the email text body and subject line if (file_exists(EMAIL_TEMPLATE_DIR.$template.'_text.php')) { include(EMAIL_TEMPLATE_DIR.$template.'_text.php'); if (function_exists($template)) list($subject, $textbody) = call_user_func($template, $params); } // fetch the email html body if (file_exists(EMAIL_TEMPLATE_DIR.$template.'_html.tpl')) { $page = $GLOBALS['page']; // reference to a global Smarty object $page->assign('params', $params); $page->assign('emailPageContent', EMAIL_TEMPLATE_DIR.$template.'_html.tpl'); $htmlbody = $page->fetch(EMAIL_TEMPLATE_DIR.$template.'_html.tpl'); } // Send the email if (self::MailMime($email, $subject, $textbody, $htmlbody)) return true; else return false; } My question is simply thoughts, comments? It seems like a reasonable strategy, but I'm getting a little worried about performance. Plus the # of includes in my system seems to be multiplying like rabbits -- the problem of maintainability by the organic processor versus performance for the inorganic processor. Cliff _______________________________ Pinestream Communications, Inc. Publisher of Semiconductor Times & Telecom Trends 52 Pine Street, Weston, MA 02493 USA Tel: 781.647.8800, Fax: 781.647.8825 http://www.pinestream.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From ramons at gmx.net Tue Sep 19 18:41:06 2006 From: ramons at gmx.net (David Krings) Date: Tue, 19 Sep 2006 18:41:06 -0400 Subject: [nycphp-talk] Multi-part Email Template System In-Reply-To: <001f01c6dc28$915c84c0$12a8a8c0@HirschLaptop> References: <001f01c6dc28$915c84c0$12a8a8c0@HirschLaptop> Message-ID: <6.1.2.0.2.20060919180519.02dc9928@pop.gmx.net> At 04:17 PM 9/19/2006, you wrote: > Supports multi-part emails (both text and html in the same message). I know I'm not much help here, but HTML is for websites. Emails ought to be plain text! I don't see anything conceptually wrong with what you do. Performance is something that you will need to test out and then decide if it is OK for what you need to do. The number of includes can be reduced by consolidating similar includes into one and by evaluating how likely an included file will need to be changed. If it is pretty much static and appears in only one or two locations, there isn't much gained with including the code through an external file. If you plan on using a database anyway, it might be a good time to implement this now. I used to shy away from databases as I didn't know anything about SQL (sounded scary). I found that I can do much more things using database tables and thus change my approach on how to get things going. Especially when it comes to sorting stuff by more than one field. A temporary table is so easy to make and gives you all the SQL power. The only other comment I have is this one: add more comments. In three months nobody including yourself has a clue why things are the way they are and why they work only 3 times out of 5. Been there, done that, and it isn't really funny...unless you do it professionally, then you can tell your boss how complicated this all is and that you need so much extra time. If he puts someone else on the job they will really need a lot of time to figure it out. ;) David K. From cliff at pinestream.com Tue Sep 19 18:52:01 2006 From: cliff at pinestream.com (Cliff Hirsch) Date: Tue, 19 Sep 2006 18:52:01 -0400 Subject: [nycphp-talk] Multi-part Email Template System In-Reply-To: <6.1.2.0.2.20060919180519.02dc9928@pop.gmx.net> Message-ID: <001001c6dc3e$3831f900$12a8a8c0@HirschLaptop> David: Great comments -- including the one about commenting. Documentation...can that be outsourced?! Interesting comment regarding emails. So where does Craigslist fit in? As I see it, HTML emails are a real pain and can be a real bandwidth hog, but I think the world expects them. Geez, my kids probably expect the email to have music and video. Cliff -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of David Krings Sent: Tuesday, September 19, 2006 5:41 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Multi-part Email Template System At 04:17 PM 9/19/2006, you wrote: > Supports multi-part emails (both text and html in the same message). I know I'm not much help here, but HTML is for websites. Emails ought to be plain text! I don't see anything conceptually wrong with what you do. Performance is something that you will need to test out and then decide if it is OK for what you need to do. The number of includes can be reduced by consolidating similar includes into one and by evaluating how likely an included file will need to be changed. If it is pretty much static and appears in only one or two locations, there isn't much gained with including the code through an external file. If you plan on using a database anyway, it might be a good time to implement this now. I used to shy away from databases as I didn't know anything about SQL (sounded scary). I found that I can do much more things using database tables and thus change my approach on how to get things going. Especially when it comes to sorting stuff by more than one field. A temporary table is so easy to make and gives you all the SQL power. The only other comment I have is this one: add more comments. In three months nobody including yourself has a clue why things are the way they are and why they work only 3 times out of 5. Been there, done that, and it isn't really funny...unless you do it professionally, then you can tell your boss how complicated this all is and that you need so much extra time. If he puts someone else on the job they will really need a lot of time to figure it out. ;) David K. From rolson at aeso.org Tue Sep 19 20:00:02 2006 From: rolson at aeso.org (Rick Olson) Date: Tue, 19 Sep 2006 17:00:02 -0700 Subject: [nycphp-talk] Multi-part Email Template System In-Reply-To: <001001c6dc3e$3831f900$12a8a8c0@HirschLaptop> References: <001001c6dc3e$3831f900$12a8a8c0@HirschLaptop> Message-ID: <45108482.1040908@aeso.org> Hi Cliff, What you have there seems like a simple, logical approach to handle what you're doing. As far as speed issues are concerned though, can you semi-quantify "numerous" emails? If you're talking in the range of tens-of-thousands / day average, then there are other strategies for sending mail (such as injecting the email straight into the mail queue). Other than that though, what you have seems straight forward enough in my opinion. =) -- Rick Cliff Hirsch wrote: > David: > > Great comments -- including the one about commenting. > Documentation...can that be outsourced?! > > Interesting comment regarding emails. So where does Craigslist fit in? > As I see it, HTML emails are a real pain and can be a real bandwidth > hog, but I think the world expects them. Geez, my kids probably expect > the email to have music and video. > > Cliff > > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] > On Behalf Of David Krings > Sent: Tuesday, September 19, 2006 5:41 PM > To: NYPHP Talk > Subject: Re: [nycphp-talk] Multi-part Email Template System > > At 04:17 PM 9/19/2006, you wrote: > > Supports multi-part emails (both text and html in the same message). > > I know I'm not much help here, but HTML is for websites. Emails ought to > be > plain text! > I don't see anything conceptually wrong with what you do. Performance is > > something that you will need to test out and then decide if it is OK for > > what you need to do. The number of includes can be reduced by > consolidating > similar includes into one and by evaluating how likely an included file > will need to be changed. If it is pretty much static and appears in only > > one or two locations, there isn't much gained with including the code > through an external file. > > If you plan on using a database anyway, it might be a good time to > implement this now. I used to shy away from databases as I didn't know > anything about SQL (sounded scary). I found that I can do much more > things > using database tables and thus change my approach on how to get things > going. Especially when it comes to sorting stuff by more than one field. > A > temporary table is so easy to make and gives you all the SQL power. > > The only other comment I have is this one: add more comments. In three > months nobody including yourself has a clue why things are the way they > are > and why they work only 3 times out of 5. Been there, done that, and it > isn't really funny...unless you do it professionally, then you can tell > your boss how complicated this all is and that you need so much extra > time. > If he puts someone else on the job they will really need a lot of time > to > figure it out. ;) > > David K. > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > From ramons at gmx.net Tue Sep 19 20:00:51 2006 From: ramons at gmx.net (David Krings) Date: Tue, 19 Sep 2006 20:00:51 -0400 Subject: [nycphp-talk] Multi-part Email Template System In-Reply-To: <001001c6dc3e$3831f900$12a8a8c0@HirschLaptop> References: <6.1.2.0.2.20060919180519.02dc9928@pop.gmx.net> <001001c6dc3e$3831f900$12a8a8c0@HirschLaptop> Message-ID: <6.1.2.0.2.20060919193354.02d6e150@pop.gmx.net> At 06:52 PM 9/19/2006, you wrote: >David: > >Great comments -- including the one about commenting. >Documentation...can that be outsourced?! Yes, I do stuff like that professionally among other things and I don't really care for it. The documenting of what others did part. I'm working on my "own" design spec right now and that is tricky, but fun. Documentation is a pain in the rear, especially when you want it to be both detailed and accurate. I find it easier to discuss specs with someone and write them down, when I am not the one who codes the project (not that I am great at coding to begin with). At least write some outline beforehand, add plenty comments in the code, and then make a description afterwards about which script calls which function, include files, and what it passes on to others and expects itself. Also, write down what you shove into $_session. I found that I use(d) it often as the garbage can of my system and just brainlessly jammed it with variables (was so much fun once I figured out how easy it is with PHP). Also think hard if you really need this or that, you will be amazed with how few variables you may get by without abusing the same one for different stuff. I guess the people on this list can give a list that wraps around the world of dos and don'ts. Those are just a few that I found to be lifesavers for me as a rookie....uhh, and how could I forget, always initialize all your variables and assign them some reasonable start values that either are proper defaults or when there are no defaults will crash your script if you don't assign something useful before first use. >Interesting comment regarding emails. So where does Craigslist fit in? Tja, I never looked at that page up until now, but I heard a lot about it. Shows that simplicty can be useful and gets to the point. That page is HTML, but I guess if flat ASCII supported links they'd just used that. >As I see it, HTML emails are a real pain and can be a real bandwidth >hog, but I think the world expects them. Geez, my kids probably expect >the email to have music and video. > >Cliff Those who expect it don't have a clue about what efficiency and compatibility means. I use my old Eudora which does a horrible job at the HTML emails, which saved me many times from nasty stuff. Give your kids a text only mail reader. ;) Best regards, David K. From arzala at gmail.com Wed Sep 20 01:38:37 2006 From: arzala at gmail.com (Anirudh Zala) Date: Wed, 20 Sep 2006 11:08:37 +0530 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: References: <001101c6d809$19e5e580$6401a8c0@Rubicon> Message-ID: On Fri, 15 Sep 2006 20:55:34 +0530, Keith Casey wrote: > On 9/15/06, Anirudh Zala wrote: >> 1) The biggest area of this problem is browser. Not because that it is >> being exploited in many ways but why can't browser itself provide basic >> level of validation and input filtering like validations of name, email >> address, phone, fax, mobile etc. according to country or region. > > With all due respect, this is a terrible idea. > > While this validation *might* work for an incredibly small segment of > information - like address as you rightly note - it pushes a huge > burden onto the browser and then the webapp still needs to do it > anyway. *Nothing* that comes from a user (or anything they have > access to edit) can be trusted. Period. End of story. This is good point "Nothing can be trusted." This is similar like validating client data using JS. But from client point of view, can't browser help bit to filter input directly from there and ask client to make necessary corrections? I am not just thinking in terms of Security only. But overall view says that such implementations can benefit clients as well and then at application level we can at least be relieved about format of data (which is 1st level of security checks). Security, Spamming are matter of possibility and probability. Whenever there is rise of security threats, we have to invent new ways to increase level of protection to avoid such threats. There is not 100% solution of such problems, hence if there arise "Probability" of more threats we can increase "Possibility" of being unaffected from that by improving our current ways or inventing new ways. > > In terms of "stopping 70% of the spam", I think your solution - while > it works for you for now - doesn't address the real problem. Although > most of us on this list are likely getting dozens, hundreds or > potentially thousands of spam today, our filtering (automated or > mental) bring this down to a managable level. We're suffering from > spam, but not like my grandparents who have had the same AOL address > for 7+ years. They don't have the tools, time, patience, or > creativity to do what you propose. Now I don't have a solution that'd > work for them either... so I'm no better off. I understand what you mean, but if it doesn't address the real problem then what is the real domain? I think there is not any single domain area of this problem. There are 2 kinds of spammers: 1: Which collects REAL email addresses from various places like blogs, company websites, mailing lists etc and send spam mails and 2: Which use certain kind of algorithm by which they can generate email addresses automatically (for example by using letters, one easily generate that "foo at bar.com" email address will surely exists on most of popular email services like Yahoo, Hotmail, AOL etc.) and sends spam mails with probability (which 90% out of 100%) of having such email address. We can not do much to stop spamming arising out of 2nd problem. But for 1st, we can surely try and test various ways which can be beneficial to everyone. Now it is up to that person whether to use that technique or not (depending upon importance of emails address or having time to invent or apply new or already existing techniques.) But point is that; just to remain disappointed by accepting that "this problem doesn't have any bullet proof solution", we are increasing possibility of receiving more spams. Instead why not to invent new ways to stop it at certain level (again matter of possibility and probability.) Good conversations so far :) Thanks all. Anirudh Zala ----------------------------------------------- Anirudh Zala (Project Manager) ASPL, http://www.aspl.in arzala@@gmail.com ----------------------------------------------- > > My 0.02, > > kc -- ----------------------------------------------- Anirudh Zala (Project Manager) ASPL, http://www.aspl.in arzala@@gmail.com ----------------------------------------------- From shiflett at php.net Wed Sep 20 02:55:02 2006 From: shiflett at php.net (Chris Shiflett) Date: Wed, 20 Sep 2006 02:55:02 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: References: <001101c6d809$19e5e580$6401a8c0@Rubicon> Message-ID: <4510E5C6.3000809@php.net> Anirudh Zala wrote: > This is good point "Nothing can be trusted." This is similar > like validating client data using JS. But from client point > of view, can't browser help bit to filter input directly > from there and ask client to make necessary corrections? No, client-side filtering has zero security value. Imagine this. You're hosting an invite-only costume party somewhere in New York. Everyone is encouraged to wear a mask. In order to make sure only invited people attend, you post the following notice at the entrance: "So that you can enjoy the anonymity of your costume, we are not checking invitations or names, but please do not enter if you were not invited." Does this notice seem sufficient, or should you check invitations at the door? Chris -- Chris Shiflett Principal, OmniTI http://omniti.com/ From shiflett at php.net Wed Sep 20 03:15:03 2006 From: shiflett at php.net (Chris Shiflett) Date: Wed, 20 Sep 2006 03:15:03 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: <45095BBB.9080803@phpwerx.net> References: <20060914083720.543b9371@wit.genoverly.com> <45095BBB.9080803@phpwerx.net> Message-ID: <4510EA77.4020109@php.net> Dan Cech wrote: > Personally, I'm of the opinion that right now people > tend to focus too much on input filtering, and not > enough on safe storage and display practices. I agree. This is why I've been trying to promote the idea of FIEO (filter input; escape output) for a more complete picture of properly handling data, but even this doesn't address all security concerns. Some exploits (CSRF, session fixation, etc.) play by the rules. A similar problem is that there's too much focus on filtering user input, as if the user is the only source of input. Chris -- Chris Shiflett Principal, OmniTI http://omniti.com/ From shiflett at php.net Wed Sep 20 03:21:45 2006 From: shiflett at php.net (Chris Shiflett) Date: Wed, 20 Sep 2006 03:21:45 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: <000d01c6d80b$718158e0$6401a8c0@sickbox> References: <001101c6d809$19e5e580$6401a8c0@Rubicon> <000d01c6d80b$718158e0$6401a8c0@sickbox> Message-ID: <4510EC09.4000208@php.net> Ben Sgro wrote: > Even better, write some dummy programs to exploit in c (stack > and heap stuff, plenty examples online), php for some xss and > sqlinjection. I don't see much value in the C-specific exploits, but for those wanting to experiment with some web application security exploits, the HackMe site is a good place to start: http://hackme.mightyseek.com/ Unfortunately, it looks like a hardware failure took the site down, and it's not back up yet. Worth bookmarking. Chris -- Chris Shiflett Principal, OmniTI http://omniti.com/ From shiflett at php.net Wed Sep 20 03:32:35 2006 From: shiflett at php.net (Chris Shiflett) Date: Wed, 20 Sep 2006 03:32:35 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: <000c01c6d8c7$6ce3ae70$6c0aa8c0@MobileZ> References: <000c01c6d8c7$6ce3ae70$6c0aa8c0@MobileZ> Message-ID: <4510EE93.4010906@php.net> Hans Zaunere wrote: > Pardon my bluntness, but if we follow that reasoning then > the entire internet is hopelessly broken and insecure. In Rasmus's defense, that article takes many of his comments out of context, as he notes here: http://paul-m-jones.com/blog/?p=232 "Note that the internetnews story is a rather vague summary of my actual talk. Taking very short soundbytes like it does can cause important context to be lost." Chris -- Chris Shiflett Principal, OmniTI http://omniti.com/ From arzala at gmail.com Wed Sep 20 04:09:42 2006 From: arzala at gmail.com (Anirudh Zala) Date: Wed, 20 Sep 2006 13:39:42 +0530 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: References: <001101c6d809$19e5e580$6401a8c0@Rubicon> Message-ID: On Fri, 15 Sep 2006 20:07:37 +0530, csnyder wrote: > On 9/15/06, Anirudh Zala wrote: >> 1) The biggest area of this problem is browser. Not because that it is >> being exploited in many ways but why can't browser itself provide basic >> level of validation and input filtering like validations of name, email >> address, phone, fax, mobile etc. according to country or region. This is >> not big task or too much difficult for browser's and it's extension's >> developers. If we have characters set encoding, to display text in >> various >> languages, available in browser then why can't we have support of >> validation of above items. Now it is not that big that which validation >> format is to be used for each country or region. We can tell browser >> from >> our HTML in similar way about which character set encoding to be used. > > I see where this appears to make a developer's job easier, but it > doesn't do _anything_ to make web applications more secure, and could > have a negative impact on security as beginning devs will assume that > "the browser is checking all that, so I don't have to". > Your point is valid. But if you fully read my first reply to this thread, You could figure out that my suggestions about minimizing security threats are to take precautions from all possible areas. Taking necessary steps at one area doesn't mean that you are safe from there. No. instead that step might be helpful to other steps so at next step you will have less overhead. In that context, taking browser related validation and filter can be an add-on advantage to developers as well as clients itself. This layer is just a part of many more layers of security practice. Browser is to be 1st layer where you can check at least format of input, doesn't matter you will do it again at your application layer. Point is that, it is helpful to clients as well that they get instant notification about all possible incorrectness while filling in data. At first glance it may seem that it will have negative effect on security for beginners, but it might not be true because we already have JS level checks and still we do it at application level. So it is similar like that. Do double check. > The problem isn't average humans using browsers. The problem is > crackers using their own tools and scripts, especially automated > scripts, to attack your sites directly. Forget about the client and > focus your efforts on protecting the server from _anything_ that could > concievably be thrown at it. > >> For example while mentioning email address at public >> place, user can write it in such a way that it can not be figured out >> from >> sources of data. By this way 70% of spamming can be stopped because >> spammer programs can not figure that out. > > Wanna bet? The spammers are just as smart as you are, and probably > have more time to think about the problem than you do. As long as > you're the only person doing this, it will work, but as soon as > obfuscation reaches a critical mass, the screen-scrapers will get a > lot smarter overnight. We all are smarter. This is like a battle that will not end ever. However probability of winning and loosing that battle will get changed constantly. So if spammers finds new ways to send more and more spams, we can find new ways to protect ourselves from them to minimize probability of their win. Struggle is everywhere. But probability of survival is important. > > ---- > Chris Snyder > http://chxo.com/ > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php ----------------------------------------------- Anirudh Zala (Project Manager) ASPL, http://www.aspl.in arzala@@gmail.com ----------------------------------------------- From shiflett at php.net Wed Sep 20 04:11:25 2006 From: shiflett at php.net (Chris Shiflett) Date: Wed, 20 Sep 2006 04:11:25 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: References: <001101c6d809$19e5e580$6401a8c0@Rubicon> Message-ID: <4510F7AD.1000501@php.net> Anirudh Zala wrote: > Your point is valid. But if you fully read my first reply to > this thread, You could figure out that my suggestions about > minimizing security threats are to take precautions from all > possible areas. You're describing defense in depth, the use of redundant safeguards. This is a valuable practice, but I want to stress that client-side filtering has zero security value. Zero. It cannot be considered a defense in depth mechanism and has no place in a discussion about security. Chris -- Chris Shiflett Principal, OmniTI http://omniti.com/ From ken at secdat.com Wed Sep 20 07:00:25 2006 From: ken at secdat.com (Kenneth Downs) Date: Wed, 20 Sep 2006 07:00:25 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: References: <001101c6d809$19e5e580$6401a8c0@Rubicon> Message-ID: <45111F49.9030708@secdat.com> Anirudh Zala wrote: > On Fri, 15 Sep 2006 20:55:34 +0530, Keith Casey > wrote: > > >> On 9/15/06, Anirudh Zala wrote: >> >>> 1) The biggest area of this problem is browser. Not because that it is >>> being exploited in many ways but why can't browser itself provide basic >>> level of validation and input filtering like validations of name, email >>> address, phone, fax, mobile etc. according to country or region. >>> >> With all due respect, this is a terrible idea. >> >> While this validation *might* work for an incredibly small segment of >> information - like address as you rightly note - it pushes a huge >> burden onto the browser and then the webapp still needs to do it >> anyway. *Nothing* that comes from a user (or anything they have >> access to edit) can be trusted. Period. End of story. >> > > This is good point "Nothing can be trusted." This is similar like > validating client data using JS. But from client point of view, can't > browser help bit to filter input directly from there and ask client to > make necessary corrections? I am not just thinking in terms of Security > only. But overall view says that such implementations can benefit clients > as well and then at application level we can at least be relieved about > format of data (which is 1st level of security checks). > > This is good design. The browser can be used to improve the user experience by rejecting things that it knows the server will reject. This gives the honest users a better experience. The server still must do the final validation, however, because of the dishonest users, or because of mistakes in js code. ...and of course when I say server I mean database server. There are also some validations the browser cannot easily do. Lookup validations are particularly bad, but format validations like checking for an "@" in an email are much easier. If I were king, I would decree that browsers should allow pages to cache state information from page-to-page. This information could take the form of complete lookup tables out of a database, complete with expiration times and so forth. Of course the browser is in control of how much space it will allocate (unless MS writes it), and the app must be able to run w/o the local cache if the browser refuses to allocate space, but it would be really cool. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ken.vcf Type: text/x-vcard Size: 261 bytes Desc: not available URL: From lists at zaunere.com Wed Sep 20 09:00:39 2006 From: lists at zaunere.com (Hans Zaunere) Date: Wed, 20 Sep 2006 09:00:39 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: <4510EE93.4010906@php.net> Message-ID: <00ca01c6dcb4$c5bb5390$650aa8c0@MobileZ> Chris Shiflett wrote on Wednesday, September 20, 2006 3:33 AM: > Hans Zaunere wrote: > > Pardon my bluntness, but if we follow that reasoning then > > the entire internet is hopelessly broken and insecure. > > In Rasmus's defense, that article takes many of his comments out of > context, as he notes here: > > http://paul-m-jones.com/blog/?p=232 > > "Note that the internetnews story is a rather vague summary of my > actual talk. Taking very short soundbytes like it does can cause > important context to be lost." I hear that. Oddly enough, my post has also been taken out of context. I was refering to the article's reasoning Chris: > > > Part of the reason Lerdorf considers the Web "broken" is that > > > it is inherently insecure for a variety of reasons. One of those > > > reasons sits at the feet of developers. > > > > Pardon my bluntness, but if we follow that reasoning then the entire > > internet is hopelessly broken and insecure. If email wasn't broken and > > insecure, we wouldn't have spam. > > > > While I agree with Rasmus that it's the responsibility of developers to > > ensure they write good code - one facet of which is being security concsious > > - this isn't an epiphany by any means. Everything in the history of > > computers have been plaguaed by these issues. PHP is no different. That article has created quite a stir, from Web 2.0 fanatics to PostgreSQL, all thanks to context. H From mailinglists at caseysoftware.com Wed Sep 20 09:00:41 2006 From: mailinglists at caseysoftware.com (Keith Casey) Date: Wed, 20 Sep 2006 09:00:41 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: <45111F49.9030708@secdat.com> References: <001101c6d809$19e5e580$6401a8c0@Rubicon> <45111F49.9030708@secdat.com> Message-ID: On 9/20/06, Kenneth Downs wrote: > There are also some validations the browser cannot easily do. Lookup > validations are particularly bad, but format validations like checking for > an "@" in an email are much easier. Ah... but *this* is my concern. Let's say all the browser devs get together and agree to do this. Great, everyone wins, right? No. * An error or implementation variation in *any* of them once again makes our life more difficult... anyone want to go back to the days of IE 5? * There are a multitude of browsers besides the ones you see in your server logs. Many phones have custom proprietary browsers, so we have Motorola, Microsoft, Mozilla, Verizon, and Samsung all agree to something which will increase their workloads. * Since a browser can be completely bypassed (wget, fsockopen, etc), we still have to do it on the backend so it saves us zero work. But here's the danger... how long would it take for a PHB, newbie, or lazy developer to say "why are we validating data on the server? My browser does it just fine." And in one fell swoop, we're back to where we are now... or maybe in an even worse place. Having a validation layer on the browser (js, whatever) is useful, but it's not something to depend on for anything... -- D. Keith Casey Jr. CEO, CaseySoftware, LLC http://CaseySoftware.com From wkamm at rvyriptide.org Wed Sep 20 09:06:11 2006 From: wkamm at rvyriptide.org (Bill Kamm) Date: Wed, 20 Sep 2006 09:06:11 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: References: <001101c6d809$19e5e580$6401a8c0@Rubicon> <45111F49.9030708@secdat.com> Message-ID: <45113CC3.7000602@rvyriptide.org> And not everybody jumps on a new version of a browser when it comes out. There are still millions of people using obsolete browsers. Keith Casey wrote: >On 9/20/06, Kenneth Downs wrote: > > >> There are also some validations the browser cannot easily do. Lookup >>validations are particularly bad, but format validations like checking for >>an "@" in an email are much easier. >> >> > >Ah... but *this* is my concern. Let's say all the browser devs get >together and agree to do this. Great, everyone wins, right? No. > >* An error or implementation variation in *any* of them once again >makes our life more difficult... anyone want to go back to the days >of IE 5? > >* There are a multitude of browsers besides the ones you see in your >server logs. Many phones have custom proprietary browsers, so we have >Motorola, Microsoft, Mozilla, Verizon, and Samsung all agree to >something which will increase their workloads. > >* Since a browser can be completely bypassed (wget, fsockopen, etc), >we still have to do it on the backend so it saves us zero work. > >But here's the danger... how long would it take for a PHB, newbie, or >lazy developer to say "why are we validating data on the server? My >browser does it just fine." And in one fell swoop, we're back to >where we are now... or maybe in an even worse place. > >Having a validation layer on the browser (js, whatever) is useful, but >it's not something to depend on for anything... > > > From cliff at pinestream.com Wed Sep 20 09:15:04 2006 From: cliff at pinestream.com (Cliff Hirsch) Date: Wed, 20 Sep 2006 09:15:04 -0400 Subject: [nycphp-talk] Multi-part Email Template System In-Reply-To: <45108482.1040908@aeso.org> Message-ID: <001c01c6dcb6$c9e0f680$12a8a8c0@HirschLaptop> Estimating volume is challenging. The best I can say is that initially it will be close to zero of course. However, in my highest bullish hopes, it could easily escalate to 10K or even 100K per day. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Rick Olson Sent: Tuesday, September 19, 2006 7:00 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Multi-part Email Template System Hi Cliff, What you have there seems like a simple, logical approach to handle what you're doing. As far as speed issues are concerned though, can you semi-quantify "numerous" emails? If you're talking in the range of tens-of-thousands / day average, then there are other strategies for sending mail (such as injecting the email straight into the mail queue). Other than that though, what you have seems straight forward enough in my opinion. =) -- Rick From dmintz at davidmintz.org Wed Sep 20 09:54:44 2006 From: dmintz at davidmintz.org (David Mintz) Date: Wed, 20 Sep 2006 09:54:44 -0400 (EDT) Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: <4510EE93.4010906@php.net> References: <000c01c6d8c7$6ce3ae70$6c0aa8c0@MobileZ> <4510EE93.4010906@php.net> Message-ID: On Wed, 20 Sep 2006, Chris Shiflett wrote: > Hans Zaunere wrote: > > Pardon my bluntness, but if we follow that reasoning then > > the entire internet is hopelessly broken and insecure. > > In Rasmus's defense, that article takes many of his comments out of > context, as he notes here: > > http://paul-m-jones.com/blog/?p=232 > > "Note that the internetnews story is a rather vague summary of my actual > talk. Taking very short soundbytes like it does can cause important > context to be lost." Tell the Pope about it (-: --- David Mintz http://davidmintz.org/ Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. From ramons at gmx.net Wed Sep 20 09:56:47 2006 From: ramons at gmx.net (David Krings) Date: Wed, 20 Sep 2006 09:56:47 -0400 Subject: [nycphp-talk] Multi-part Email Template System In-Reply-To: <001c01c6dcb6$c9e0f680$12a8a8c0@HirschLaptop> References: <45108482.1040908@aeso.org> <001c01c6dcb6$c9e0f680$12a8a8c0@HirschLaptop> Message-ID: <6.1.2.0.2.20060920094334.02e4d558@pop.gmx.net> In that case I'd wonder if the mail server can handle this, which it probably could/should. My guess is that the PHP code will most likely not exceed execution time of a second if that. I bet sending the messages takes longer than for PHP to staple them together. My experience with mail servers is limited. I once set one up just to find after a few days that it turned into a relay for spammers. I figured that it is better to shut it down as I apparently did not know what I was doing. Mercury mail failng to save the config files upon clicking save was the main culprit I found out later. It also depends on how fast your box is. I have an old dual P2-333 as my server and for that thing not being a speed king and PHP being an interpreted language and having everything with MySQL on one box, it is still plenty fast for most things...except for running things like a full dump into an HTML table of 30,000 records, that takes about 10 seconds and is probably due to my inefficient PHP programming. I'd test it by sending myself 10k messages unless your ISP thinks that is abusive (I'm sure they do). If you run your own mail server you are all set. Nothing is more fun load tests of this scale. David K. At 09:15 AM 9/20/2006, you wrote: >Estimating volume is challenging. The best I can say is that initially >it will be close to zero of course. However, in my highest bullish >hopes, it could easily escalate to 10K or even 100K per day. > >-----Original Message----- >From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] >On Behalf Of Rick Olson >Sent: Tuesday, September 19, 2006 7:00 PM >To: NYPHP Talk >Subject: Re: [nycphp-talk] Multi-part Email Template System > >Hi Cliff, > >What you have there seems like a simple, logical approach to handle what > >you're doing. As far as speed issues are concerned though, can you >semi-quantify "numerous" emails? If you're talking in the range of >tens-of-thousands / day average, then there are other strategies for >sending mail (such as injecting the email straight into the mail >queue). Other than that though, what you have seems straight forward >enough in my opinion. =) >-- >Rick > >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk > >NYPHPCon 2006 Presentations Online >http://www.nyphpcon.com > >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php From tedd at sperling.com Wed Sep 20 10:57:58 2006 From: tedd at sperling.com (tedd) Date: Wed, 20 Sep 2006 10:57:58 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: <45111F49.9030708@secdat.com> References: <001101c6d809$19e5e580$6401a8c0@Rubicon> <45111F49.9030708@secdat.com> Message-ID: At 7:00 AM -0400 9/20/06, Kenneth Downs wrote: >If I were king, If I were king, I would take a vacation. tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From codebowl at gmail.com Wed Sep 20 11:55:10 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Wed, 20 Sep 2006 11:55:10 -0400 Subject: [nycphp-talk] pcntl_fork() assistance Message-ID: <8d9a42800609200855u6e564b6eiab872e5fd7b27da5@mail.gmail.com> Hey guys, I am trying to use pcntl_fork() on the mac, hoever when i do $pid = pcntl_fork(); echo $pid; // nothing returns I am guessing that it is returning a blank string but not sure how to debug that, i tried var_dump($pid) but i get nothing (not sure if this is due to being a command line util or not. The question is does pcntl_fork work on the mac ?? -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From chris at theyellowbox.com Wed Sep 20 13:50:53 2006 From: chris at theyellowbox.com (Chris Merlo) Date: Wed, 20 Sep 2006 13:50:53 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <8d9a42800609200855u6e564b6eiab872e5fd7b27da5@mail.gmail.com> References: <8d9a42800609200855u6e564b6eiab872e5fd7b27da5@mail.gmail.com> Message-ID: <946586480609201050l3e905d18jcafebb0f01e639b6@mail.gmail.com> On 9/20/06, Joseph Crawford wrote: > > Hey guys, > > I am trying to use pcntl_fork() on the mac, hoever when i do > > $pid = pcntl_fork(); > echo $pid; // nothing returns > I am guessing that it is returning a blank string but not sure how to > debug that, i tried var_dump($pid) but i get nothing (not sure if this is > due to being a command line util or not. > This is not specific to the pcntl_fork question (which I can't answer), but if you're ever testing whether a string is empty, try something like this: print "Here's the string: --" . $the_string . "--"; If you get "----" as output, the string is empty. -c -------------- next part -------------- An HTML attachment was scrubbed... URL: From skyline at publicmine.com Wed Sep 20 14:01:12 2006 From: skyline at publicmine.com (Ben Sgro (sk)) Date: Wed, 20 Sep 2006 14:01:12 -0400 Subject: [nycphp-talk] pcntl_fork() assistance References: <8d9a42800609200855u6e564b6eiab872e5fd7b27da5@mail.gmail.com> <946586480609201050l3e905d18jcafebb0f01e639b6@mail.gmail.com> Message-ID: <002001c6dcde$c3e9d5d0$6401a8c0@sickbox> Hey Chris, (Offtopic of fork( ), but in response to Chris) Since you have double quotes, can't you just say print "Here's the string: --$the_string--"; Also, I find it easy to do print "string($string)"; - Ben ----- Original Message ----- From: Chris Merlo To: NYPHP Talk Sent: Wednesday, September 20, 2006 1:50 PM Subject: Re: [nycphp-talk] pcntl_fork() assistance On 9/20/06, Joseph Crawford wrote: Hey guys, I am trying to use pcntl_fork() on the mac, hoever when i do $pid = pcntl_fork(); echo $pid; // nothing returns I am guessing that it is returning a blank string but not sure how to debug that, i tried var_dump($pid) but i get nothing (not sure if this is due to being a command line util or not. This is not specific to the pcntl_fork question (which I can't answer), but if you're ever testing whether a string is empty, try something like this: print "Here's the string: --" . $the_string . "--"; If you get "----" as output, the string is empty. -c ------------------------------------------------------------------------------ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From dcech at phpwerx.net Wed Sep 20 14:02:51 2006 From: dcech at phpwerx.net (Dan Cech) Date: Wed, 20 Sep 2006 14:02:51 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <002001c6dcde$c3e9d5d0$6401a8c0@sickbox> References: <8d9a42800609200855u6e564b6eiab872e5fd7b27da5@mail.gmail.com> <946586480609201050l3e905d18jcafebb0f01e639b6@mail.gmail.com> <002001c6dcde$c3e9d5d0$6401a8c0@sickbox> Message-ID: <4511824B.4010908@phpwerx.net> Ben Sgro (sk) wrote: > Hey Chris, > > (Offtopic of fork( ), but in response to Chris) > > Since you have double quotes, can't you just say > print "Here's the string: --$the_string--"; > > Also, I find it easy to do > print "string($string)"; What's wrong with good old var_dump($myvar), which will tell you exactly what's in the variable regardless of whether it is a string or not. Dan From ken at secdat.com Wed Sep 20 14:08:16 2006 From: ken at secdat.com (Ken Downs) Date: Wed, 20 Sep 2006 14:08:16 -0400 Subject: [nycphp-talk] "The Web is broken and it's all your fault." In-Reply-To: References: <001101c6d809$19e5e580$6401a8c0@Rubicon> <45111F49.9030708@secdat.com> Message-ID: "Keith Casey" <mailinglists at caseysoftware.com> wrote:> > Having a validation layer on the browser (js, whatever) is useful, but> it's not something to depend on for anything...hmm, thought that's what I said in my post... _________________________________________________________ This mail sent using V-webmail - http://www.v-webmail.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From cmerlo at ncc.edu Wed Sep 20 15:22:46 2006 From: cmerlo at ncc.edu (Christopher R. Merlo) Date: Wed, 20 Sep 2006 15:22:46 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <002001c6dcde$c3e9d5d0$6401a8c0@sickbox> References: <8d9a42800609200855u6e564b6eiab872e5fd7b27da5@mail.gmail.com> <946586480609201050l3e905d18jcafebb0f01e639b6@mail.gmail.com> <002001c6dcde$c3e9d5d0$6401a8c0@sickbox> Message-ID: <946586480609201222v55b74bc3ld52fc8fd723261bf@mail.gmail.com> On 9/20/06, Ben Sgro (sk) wrote: > > Hey Chris, > > (Offtopic of fork( ), but in response to Chris) > > Since you have double quotes, can't you just say > print "Here's the string: --$the_string--"; > Yes, you absolutely can. Just sometimes I randomly decide to use different delimeters -- say, 'x' -- where doing everything inline will break things: print "Here's the string: xx$the_stringxx"; won't work. :) Also, I find it easy to do > print "string($string)"; > Same idea. -c -------------- next part -------------- An HTML attachment was scrubbed... URL: From cmerlo at ncc.edu Wed Sep 20 15:25:35 2006 From: cmerlo at ncc.edu (Christopher R. Merlo) Date: Wed, 20 Sep 2006 15:25:35 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <4511824B.4010908@phpwerx.net> References: <8d9a42800609200855u6e564b6eiab872e5fd7b27da5@mail.gmail.com> <946586480609201050l3e905d18jcafebb0f01e639b6@mail.gmail.com> <002001c6dcde$c3e9d5d0$6401a8c0@sickbox> <4511824B.4010908@phpwerx.net> Message-ID: <946586480609201225j5e771665l4379eb8226082965@mail.gmail.com> On 9/20/06, Dan Cech wrote: > What's wrong with good old var_dump($myvar), which will tell you exactly > what's in the variable regardless of whether it is a string or not. Probably nothing. But when I was an undergrad, the debugger for Turbo Pascal sucked out loud, so I very quickly became accustomed to debugging through output, and it's something I still do, in C++, Java, PHP, whatever. -------------- next part -------------- An HTML attachment was scrubbed... URL: From enunez at tiaa-cref.org Wed Sep 20 15:47:02 2006 From: enunez at tiaa-cref.org (Nunez, Eddy) Date: Wed, 20 Sep 2006 15:47:02 -0400 Subject: [nycphp-talk] pcntl_fork() assistance Message-ID: <15781715614BCB43AB7083C37880D19C01CB7545@NYCPDMSXMB06.ad.tiaa-cref.org> Technically, var_dump is output. You used Turbo Pascal too? What a small industry it was back then. Actually, I liked it's debugger ... the color highlighted code-stepping was cool. Was fun to see the variables change before your eyes while stepping through code. ________________________________ From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Christopher R. Merlo Sent: Wednesday, September 20, 2006 3:26 PM To: NYPHP Talk Subject: Re: [nycphp-talk] pcntl_fork() assistance On 9/20/06, Dan Cech wrote: What's wrong with good old var_dump($myvar), which will tell you exactly what's in the variable regardless of whether it is a string or not. Probably nothing. But when I was an undergrad, the debugger for Turbo Pascal sucked out loud, so I very quickly became accustomed to debugging through output, and it's something I still do, in C++, Java, PHP, whatever. ************************************************************** This message, including any attachments, contains 'confidential' information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, please contact sender immediately by reply e-mail and destroy all copies. You are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. TIAA-CREF ************************************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: From ramons at gmx.net Wed Sep 20 15:49:48 2006 From: ramons at gmx.net (David Krings) Date: Wed, 20 Sep 2006 15:49:48 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <946586480609201050l3e905d18jcafebb0f01e639b6@mail.gmail.co m> References: <8d9a42800609200855u6e564b6eiab872e5fd7b27da5@mail.gmail.com> <946586480609201050l3e905d18jcafebb0f01e639b6@mail.gmail.com> Message-ID: <6.1.2.0.2.20060920154632.02e59658@pop.gmx.net> At 01:50 PM 9/20/2006, you wrote: >This is not specific to the pcntl_fork question (which I can't answer), >but if you're ever testing whether a string is empty, try something like this: > >print "Here's the string: --" . $the_string . "--"; > >If you get "----" as output, the string is empty. >-c You can also use a real comparison such as if ($the_string == '' or $the_string == NULL) echo 'String is empty!'; That is what I always use and sometimes minus the '' check when I accept an empty string, but not nothing. Also, doesn't print require the string portion to be encloded in ()? David K. From ramons at gmx.net Wed Sep 20 15:51:44 2006 From: ramons at gmx.net (David Krings) Date: Wed, 20 Sep 2006 15:51:44 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <002001c6dcde$c3e9d5d0$6401a8c0@sickbox> References: <8d9a42800609200855u6e564b6eiab872e5fd7b27da5@mail.gmail.com> <946586480609201050l3e905d18jcafebb0f01e639b6@mail.gmail.com> <002001c6dcde$c3e9d5d0$6401a8c0@sickbox> Message-ID: <6.1.2.0.2.20060920155036.02dcbb48@pop.gmx.net> At 02:01 PM 9/20/2006, you wrote: >(Offtopic of fork( ), but in response to Chris) > >Since you have double quotes, can't you just say >print "Here's the string: --$the_string--"; > This is how I did it for the longest time, but some days ago wise people on this list explained to me that this is bad practice. Concatenation is the king...and single quotes. :) David K. From david.ngo at benefitscheckup.org Wed Sep 20 16:02:01 2006 From: david.ngo at benefitscheckup.org (david.ngo) Date: Wed, 20 Sep 2006 16:02:01 -0400 Subject: [nycphp-talk] Looking for a good accountant for 1099/business accounts In-Reply-To: Message-ID: <001101c6dcef$a2f75350$b500a8c0@bcu.org> Hello, Not exactly on topic, but I am looking for a good accountant to manage my 1099 contract taxes. Do you many of you guys have s-corps to handle all your contracting jobs? Any recommendations? -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of talk-request at lists.nyphp.org Sent: Wednesday, September 20, 2006 3:47 PM To: talk at lists.nyphp.org Subject: talk Digest, Vol 40, Issue 35 Send talk mailing list submissions to talk at lists.nyphp.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.nyphp.org/mailman/listinfo/talk or, via email, send a message with subject or body 'help' to talk-request at lists.nyphp.org You can reach the person managing the list at talk-owner at lists.nyphp.org When replying, please edit your Subject line so it is more specific than "Re: Contents of talk digest..." Today's Topics: 1. Re: pcntl_fork() assistance (Chris Merlo) 2. Re: pcntl_fork() assistance (Ben Sgro (sk)) 3. Re: pcntl_fork() assistance (Dan Cech) 4. Re: "The Web is broken and it's all your fault." (Ken Downs) 5. Re: pcntl_fork() assistance (Christopher R. Merlo) 6. Re: pcntl_fork() assistance (Christopher R. Merlo) 7. Re: pcntl_fork() assistance (Nunez, Eddy) ---------------------------------------------------------------------- Message: 1 Date: Wed, 20 Sep 2006 13:50:53 -0400 From: "Chris Merlo" Subject: Re: [nycphp-talk] pcntl_fork() assistance To: "NYPHP Talk" Message-ID: <946586480609201050l3e905d18jcafebb0f01e639b6 at mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" On 9/20/06, Joseph Crawford wrote: > > Hey guys, > > I am trying to use pcntl_fork() on the mac, hoever when i do > > $pid = pcntl_fork(); > echo $pid; // nothing returns > I am guessing that it is returning a blank string but not sure how to > debug that, i tried var_dump($pid) but i get nothing (not sure if this is > due to being a command line util or not. > This is not specific to the pcntl_fork question (which I can't answer), but if you're ever testing whether a string is empty, try something like this: print "Here's the string: --" . $the_string . "--"; If you get "----" as output, the string is empty. -c -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.nyphp.org/pipermail/talk/attachments/20060920/4575b75b/attachme nt-0001.html ------------------------------ Message: 2 Date: Wed, 20 Sep 2006 14:01:12 -0400 From: "Ben Sgro (sk)" Subject: Re: [nycphp-talk] pcntl_fork() assistance To: "NYPHP Talk" Message-ID: <002001c6dcde$c3e9d5d0$6401a8c0 at sickbox> Content-Type: text/plain; charset="iso-8859-1" Hey Chris, (Offtopic of fork( ), but in response to Chris) Since you have double quotes, can't you just say print "Here's the string: --$the_string--"; Also, I find it easy to do print "string($string)"; - Ben ----- Original Message ----- From: Chris Merlo To: NYPHP Talk Sent: Wednesday, September 20, 2006 1:50 PM Subject: Re: [nycphp-talk] pcntl_fork() assistance On 9/20/06, Joseph Crawford wrote: Hey guys, I am trying to use pcntl_fork() on the mac, hoever when i do $pid = pcntl_fork(); echo $pid; // nothing returns I am guessing that it is returning a blank string but not sure how to debug that, i tried var_dump($pid) but i get nothing (not sure if this is due to being a command line util or not. This is not specific to the pcntl_fork question (which I can't answer), but if you're ever testing whether a string is empty, try something like this: print "Here's the string: --" . $the_string . "--"; If you get "----" as output, the string is empty. -c ---------------------------------------------------------------------------- -- _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.nyphp.org/pipermail/talk/attachments/20060920/3c73c992/attachme nt-0001.html ------------------------------ Message: 3 Date: Wed, 20 Sep 2006 14:02:51 -0400 From: Dan Cech Subject: Re: [nycphp-talk] pcntl_fork() assistance To: NYPHP Talk Message-ID: <4511824B.4010908 at phpwerx.net> Content-Type: text/plain; charset=UTF-8 Ben Sgro (sk) wrote: > Hey Chris, > > (Offtopic of fork( ), but in response to Chris) > > Since you have double quotes, can't you just say > print "Here's the string: --$the_string--"; > > Also, I find it easy to do > print "string($string)"; What's wrong with good old var_dump($myvar), which will tell you exactly what's in the variable regardless of whether it is a string or not. Dan ------------------------------ Message: 4 Date: Wed, 20 Sep 2006 14:08:16 -0400 From: "Ken Downs" Subject: Re: [nycphp-talk] "The Web is broken and it's all your fault." To: talk at lists.nyphp.org Message-ID: Content-Type: text/plain; charset="iso-8859-1" "Keith Casey" <mailinglists at caseysoftware.com> wrote:> > Having a validation layer on the browser (js, whatever) is useful, but> it's not something to depend on for anything...hmm, thought that's what I said in my post... _________________________________________________________ This mail sent using V-webmail - http://www.v-webmail.org -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.nyphp.org/pipermail/talk/attachments/20060920/3acb0f6f/attachme nt-0001.html ------------------------------ Message: 5 Date: Wed, 20 Sep 2006 15:22:46 -0400 From: "Christopher R. Merlo" Subject: Re: [nycphp-talk] pcntl_fork() assistance To: "NYPHP Talk" Message-ID: <946586480609201222v55b74bc3ld52fc8fd723261bf at mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" On 9/20/06, Ben Sgro (sk) wrote: > > Hey Chris, > > (Offtopic of fork( ), but in response to Chris) > > Since you have double quotes, can't you just say > print "Here's the string: --$the_string--"; > Yes, you absolutely can. Just sometimes I randomly decide to use different delimeters -- say, 'x' -- where doing everything inline will break things: print "Here's the string: xx$the_stringxx"; won't work. :) Also, I find it easy to do > print "string($string)"; > Same idea. -c -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.nyphp.org/pipermail/talk/attachments/20060920/3451320c/attachme nt-0001.html ------------------------------ Message: 6 Date: Wed, 20 Sep 2006 15:25:35 -0400 From: "Christopher R. Merlo" Subject: Re: [nycphp-talk] pcntl_fork() assistance To: "NYPHP Talk" Message-ID: <946586480609201225j5e771665l4379eb8226082965 at mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" On 9/20/06, Dan Cech wrote: > What's wrong with good old var_dump($myvar), which will tell you exactly > what's in the variable regardless of whether it is a string or not. Probably nothing. But when I was an undergrad, the debugger for Turbo Pascal sucked out loud, so I very quickly became accustomed to debugging through output, and it's something I still do, in C++, Java, PHP, whatever. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.nyphp.org/pipermail/talk/attachments/20060920/bb26c6c8/attachme nt-0001.html ------------------------------ Message: 7 Date: Wed, 20 Sep 2006 15:47:02 -0400 From: "Nunez, Eddy" Subject: Re: [nycphp-talk] pcntl_fork() assistance To: "NYPHP Talk" Message-ID: <15781715614BCB43AB7083C37880D19C01CB7545 at NYCPDMSXMB06.ad.tiaa-cref.org> Content-Type: text/plain; charset="iso-8859-1" Technically, var_dump is output. You used Turbo Pascal too? What a small industry it was back then. Actually, I liked it's debugger ... the color highlighted code-stepping was cool. Was fun to see the variables change before your eyes while stepping through code. ________________________________ From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Christopher R. Merlo Sent: Wednesday, September 20, 2006 3:26 PM To: NYPHP Talk Subject: Re: [nycphp-talk] pcntl_fork() assistance On 9/20/06, Dan Cech wrote: What's wrong with good old var_dump($myvar), which will tell you exactly what's in the variable regardless of whether it is a string or not. Probably nothing. But when I was an undergrad, the debugger for Turbo Pascal sucked out loud, so I very quickly became accustomed to debugging through output, and it's something I still do, in C++, Java, PHP, whatever. ************************************************************** This message, including any attachments, contains 'confidential' information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, please contact sender immediately by reply e-mail and destroy all copies. You are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. TIAA-CREF ************************************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.nyphp.org/pipermail/talk/attachments/20060920/2036f068/attachme nt.html ------------------------------ _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk End of talk Digest, Vol 40, Issue 35 ************************************ From ps at pswebcode.com Wed Sep 20 16:28:28 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Wed, 20 Sep 2006 16:28:28 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <4511824B.4010908@phpwerx.net> Message-ID: <006d01c6dcf3$54fa6ee0$6701a8c0@SUNCODE1> /* Somewhat tangentially related here, I've found this snippet handy. Kept around as a utility include, placed at the top of a page for a bird's eye view of the vars in play as the page loads. */ display($ar, $name){ $varcount=count($ar); echo "

$name. Quantity: $varcount

"; while(list($key,$val)=each($ar)){ echo "
    "; echo "$key = $val \n\n"; if (is_array($val)){ display($val, "A nested array"); } echo "
"; } echo "



"; } display($_SERVER, "All Server Variables"); display($_COOKIE, "All Cookie Variables"); display($_POST, "All Post Variables"); display($_GET, "All Get Variables"); display($_SESSION, "All Session Variables"); Warmest regards, Peter Sawczynec Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management 646.316.3678 ps at pswebcode.com www.pswebcode.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Dan Cech Sent: Wednesday, September 20, 2006 2:03 PM To: NYPHP Talk Subject: Re: [nycphp-talk] pcntl_fork() assistance Ben Sgro (sk) wrote: > Hey Chris, > > (Offtopic of fork( ), but in response to Chris) > > Since you have double quotes, can't you just say > print "Here's the string: --$the_string--"; > > Also, I find it easy to do > print "string($string)"; What's wrong with good old var_dump($myvar), which will tell you exactly what's in the variable regardless of whether it is a string or not. Dan _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From ps at pswebcode.com Wed Sep 20 16:31:00 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Wed, 20 Sep 2006 16:31:00 -0400 Subject: [nycphp-talk] Looking for a good accountant for 1099/businessaccounts In-Reply-To: <001101c6dcef$a2f75350$b500a8c0@bcu.org> Message-ID: <007001c6dcf3$af771b20$6701a8c0@SUNCODE1> In NYC: Sarah Brandston, Sarah Brandston Group, 321 West 12th Street, New York, NY 10014 (212) 229-9591 tax at brandstongroup.com You may certainly mention my name if you'd like. Warmest regards, Peter Sawczynec Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management 646.316.3678 ps at pswebcode.com www.pswebcode.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of david.ngo Sent: Wednesday, September 20, 2006 4:02 PM To: talk at lists.nyphp.org Subject: [nycphp-talk] Looking for a good accountant for 1099/businessaccounts Hello, Not exactly on topic, but I am looking for a good accountant to manage my 1099 contract taxes. Do you many of you guys have s-corps to handle all your contracting jobs? Any recommendations? -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of talk-request at lists.nyphp.org Sent: Wednesday, September 20, 2006 3:47 PM To: talk at lists.nyphp.org Subject: talk Digest, Vol 40, Issue 35 Send talk mailing list submissions to talk at lists.nyphp.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.nyphp.org/mailman/listinfo/talk or, via email, send a message with subject or body 'help' to talk-request at lists.nyphp.org You can reach the person managing the list at talk-owner at lists.nyphp.org When replying, please edit your Subject line so it is more specific than "Re: Contents of talk digest..." Today's Topics: 1. Re: pcntl_fork() assistance (Chris Merlo) 2. Re: pcntl_fork() assistance (Ben Sgro (sk)) 3. Re: pcntl_fork() assistance (Dan Cech) 4. Re: "The Web is broken and it's all your fault." (Ken Downs) 5. Re: pcntl_fork() assistance (Christopher R. Merlo) 6. Re: pcntl_fork() assistance (Christopher R. Merlo) 7. Re: pcntl_fork() assistance (Nunez, Eddy) ---------------------------------------------------------------------- Message: 1 Date: Wed, 20 Sep 2006 13:50:53 -0400 From: "Chris Merlo" Subject: Re: [nycphp-talk] pcntl_fork() assistance To: "NYPHP Talk" Message-ID: <946586480609201050l3e905d18jcafebb0f01e639b6 at mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" On 9/20/06, Joseph Crawford wrote: > > Hey guys, > > I am trying to use pcntl_fork() on the mac, hoever when i do > > $pid = pcntl_fork(); > echo $pid; // nothing returns > I am guessing that it is returning a blank string but not sure how to > debug that, i tried var_dump($pid) but i get nothing (not sure if this is > due to being a command line util or not. > This is not specific to the pcntl_fork question (which I can't answer), but if you're ever testing whether a string is empty, try something like this: print "Here's the string: --" . $the_string . "--"; If you get "----" as output, the string is empty. -c -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.nyphp.org/pipermail/talk/attachments/20060920/4575b75b/attachme nt-0001.html ------------------------------ Message: 2 Date: Wed, 20 Sep 2006 14:01:12 -0400 From: "Ben Sgro (sk)" Subject: Re: [nycphp-talk] pcntl_fork() assistance To: "NYPHP Talk" Message-ID: <002001c6dcde$c3e9d5d0$6401a8c0 at sickbox> Content-Type: text/plain; charset="iso-8859-1" Hey Chris, (Offtopic of fork( ), but in response to Chris) Since you have double quotes, can't you just say print "Here's the string: --$the_string--"; Also, I find it easy to do print "string($string)"; - Ben ----- Original Message ----- From: Chris Merlo To: NYPHP Talk Sent: Wednesday, September 20, 2006 1:50 PM Subject: Re: [nycphp-talk] pcntl_fork() assistance On 9/20/06, Joseph Crawford wrote: Hey guys, I am trying to use pcntl_fork() on the mac, hoever when i do $pid = pcntl_fork(); echo $pid; // nothing returns I am guessing that it is returning a blank string but not sure how to debug that, i tried var_dump($pid) but i get nothing (not sure if this is due to being a command line util or not. This is not specific to the pcntl_fork question (which I can't answer), but if you're ever testing whether a string is empty, try something like this: print "Here's the string: --" . $the_string . "--"; If you get "----" as output, the string is empty. -c ---------------------------------------------------------------------------- -- _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.nyphp.org/pipermail/talk/attachments/20060920/3c73c992/attachme nt-0001.html ------------------------------ Message: 3 Date: Wed, 20 Sep 2006 14:02:51 -0400 From: Dan Cech Subject: Re: [nycphp-talk] pcntl_fork() assistance To: NYPHP Talk Message-ID: <4511824B.4010908 at phpwerx.net> Content-Type: text/plain; charset=UTF-8 Ben Sgro (sk) wrote: > Hey Chris, > > (Offtopic of fork( ), but in response to Chris) > > Since you have double quotes, can't you just say > print "Here's the string: --$the_string--"; > > Also, I find it easy to do > print "string($string)"; What's wrong with good old var_dump($myvar), which will tell you exactly what's in the variable regardless of whether it is a string or not. Dan ------------------------------ Message: 4 Date: Wed, 20 Sep 2006 14:08:16 -0400 From: "Ken Downs" Subject: Re: [nycphp-talk] "The Web is broken and it's all your fault." To: talk at lists.nyphp.org Message-ID: Content-Type: text/plain; charset="iso-8859-1" "Keith Casey" <mailinglists at caseysoftware.com> wrote:> > Having a validation layer on the browser (js, whatever) is useful, but> it's not something to depend on for anything...hmm, thought that's what I said in my post... _________________________________________________________ This mail sent using V-webmail - http://www.v-webmail.org -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.nyphp.org/pipermail/talk/attachments/20060920/3acb0f6f/attachme nt-0001.html ------------------------------ Message: 5 Date: Wed, 20 Sep 2006 15:22:46 -0400 From: "Christopher R. Merlo" Subject: Re: [nycphp-talk] pcntl_fork() assistance To: "NYPHP Talk" Message-ID: <946586480609201222v55b74bc3ld52fc8fd723261bf at mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" On 9/20/06, Ben Sgro (sk) wrote: > > Hey Chris, > > (Offtopic of fork( ), but in response to Chris) > > Since you have double quotes, can't you just say > print "Here's the string: --$the_string--"; > Yes, you absolutely can. Just sometimes I randomly decide to use different delimeters -- say, 'x' -- where doing everything inline will break things: print "Here's the string: xx$the_stringxx"; won't work. :) Also, I find it easy to do > print "string($string)"; > Same idea. -c -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.nyphp.org/pipermail/talk/attachments/20060920/3451320c/attachme nt-0001.html ------------------------------ Message: 6 Date: Wed, 20 Sep 2006 15:25:35 -0400 From: "Christopher R. Merlo" Subject: Re: [nycphp-talk] pcntl_fork() assistance To: "NYPHP Talk" Message-ID: <946586480609201225j5e771665l4379eb8226082965 at mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" On 9/20/06, Dan Cech wrote: > What's wrong with good old var_dump($myvar), which will tell you exactly > what's in the variable regardless of whether it is a string or not. Probably nothing. But when I was an undergrad, the debugger for Turbo Pascal sucked out loud, so I very quickly became accustomed to debugging through output, and it's something I still do, in C++, Java, PHP, whatever. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.nyphp.org/pipermail/talk/attachments/20060920/bb26c6c8/attachme nt-0001.html ------------------------------ Message: 7 Date: Wed, 20 Sep 2006 15:47:02 -0400 From: "Nunez, Eddy" Subject: Re: [nycphp-talk] pcntl_fork() assistance To: "NYPHP Talk" Message-ID: <15781715614BCB43AB7083C37880D19C01CB7545 at NYCPDMSXMB06.ad.tiaa-cref.org> Content-Type: text/plain; charset="iso-8859-1" Technically, var_dump is output. You used Turbo Pascal too? What a small industry it was back then. Actually, I liked it's debugger ... the color highlighted code-stepping was cool. Was fun to see the variables change before your eyes while stepping through code. ________________________________ From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Christopher R. Merlo Sent: Wednesday, September 20, 2006 3:26 PM To: NYPHP Talk Subject: Re: [nycphp-talk] pcntl_fork() assistance On 9/20/06, Dan Cech wrote: What's wrong with good old var_dump($myvar), which will tell you exactly what's in the variable regardless of whether it is a string or not. Probably nothing. But when I was an undergrad, the debugger for Turbo Pascal sucked out loud, so I very quickly became accustomed to debugging through output, and it's something I still do, in C++, Java, PHP, whatever. ************************************************************** This message, including any attachments, contains 'confidential' information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, please contact sender immediately by reply e-mail and destroy all copies. You are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. TIAA-CREF ************************************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.nyphp.org/pipermail/talk/attachments/20060920/2036f068/attachme nt.html ------------------------------ _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk End of talk Digest, Vol 40, Issue 35 ************************************ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From chris at theyellowbox.com Wed Sep 20 16:45:14 2006 From: chris at theyellowbox.com (Chris Merlo) Date: Wed, 20 Sep 2006 16:45:14 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <6.1.2.0.2.20060920154632.02e59658@pop.gmx.net> References: <8d9a42800609200855u6e564b6eiab872e5fd7b27da5@mail.gmail.com> <946586480609201050l3e905d18jcafebb0f01e639b6@mail.gmail.com> <6.1.2.0.2.20060920154632.02e59658@pop.gmx.net> Message-ID: <946586480609201345o6eff462fn6827f3171143d3e1@mail.gmail.com> On 9/20/06, David Krings wrote: > That is what I always use and sometimes minus the '' check when I accept > an > empty string, but not nothing. Also, doesn't print require the string > portion to be encloded in ()? Not required, and I prefer the way the code looks without them. I'm sure there are those who prefer the look with them. -c -------------- next part -------------- An HTML attachment was scrubbed... URL: From chsnyder at gmail.com Wed Sep 20 17:32:40 2006 From: chsnyder at gmail.com (csnyder) Date: Wed, 20 Sep 2006 17:32:40 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <8d9a42800609200855u6e564b6eiab872e5fd7b27da5@mail.gmail.com> References: <8d9a42800609200855u6e564b6eiab872e5fd7b27da5@mail.gmail.com> Message-ID: On 9/20/06, Joseph Crawford wrote: > Hey guys, > > I am trying to use pcntl_fork() on the mac, hoever when i do > > $pid = pcntl_fork(); > echo $pid; // nothing returns > I am guessing that it is returning a blank string but not sure how to debug > that, i tried var_dump($pid) but i get nothing (not sure if this is due to > being a command line util or not. > > The question is does pcntl_fork work on the mac ?? Yes. It should work on Mac, it's a unix environment. I assume you've seen this: " Process Control support in PHP is not enabled by default. You have to compile the CGI or CLI version of PHP with --enable-pcntl configuration option when compiling PHP to enable Process Control support." Also, remember that in the child process, $pid will be empty. -- Chris Snyder http://chxo.com/ From codebowl at gmail.com Wed Sep 20 18:15:03 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Wed, 20 Sep 2006 18:15:03 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: References: <8d9a42800609200855u6e564b6eiab872e5fd7b27da5@mail.gmail.com> Message-ID: <8d9a42800609201515i331e38e1i2b1070a5089a0304@mail.gmail.com> csnyder, yea i noticed that but thought MAMP would have had that enabled but i guess not. I have been fighting trying to get php to compile on the mac from source. I am not using the built in apache so the php.net docs are no help. It keeps tripping up when ,/configure is looking for zlib. I am not that familiar with compiling php from source but it seens straight forward until it trips up like this :D I am not sure what zlib file it is looking for and i could not find a binary zlib on my system. /usr/include/bzlib.h /usr/include/zlib.h /usr/lib/ruby/1.8/powerpc-darwin8.0/zlib.bundle /usr/lib/zlibtclConfig.sh /usr/share/man/man3/zlib.3 /usr/share/man/mann/crc-zlib.n /usr/share/ri/1.8/system/Zlib/zlib_version-i.yaml /usr/X11R6/include/X11/extensions/lbxzlib.h is what locate comes up with, aside from stuff bundled with other apps. If ANYONE has any resources i could read about compiling LAMP on the mac i would appreciate it. Everyone is telling me to just go with a precompiled package and would if any of them enabled pcntl :) Thanks, -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From ramons at gmx.net Wed Sep 20 18:17:07 2006 From: ramons at gmx.net (David Krings) Date: Wed, 20 Sep 2006 18:17:07 -0400 Subject: [nycphp-talk] How to pass on variables with POST without using a form Message-ID: <6.1.2.0.2.20060920181116.02e54f38@pop.snet.yahoo.com> Hi, how can I pass a value via POST without using an HTML form? Some time ago I came across the same problem and I think I found a simple solution, but I can neither find my cognitions nor the code nor the source I got the information from. Maybe I am just dreaming, but I guess if there is a way then you know about it. Thanks in advance, David K. From ps at pswebcode.com Wed Sep 20 18:41:36 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Wed, 20 Sep 2006 18:41:36 -0400 Subject: [nycphp-talk] How to pass on variables with POST without using a form In-Reply-To: <6.1.2.0.2.20060920181116.02e54f38@pop.snet.yahoo.com> Message-ID: <007f01c6dd05$ee7ecc20$6701a8c0@SUNCODE1> cURL lib, no? Peter -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of David Krings Sent: Wednesday, September 20, 2006 6:17 PM To: talk at lists.nyphp.org Subject: [nycphp-talk] How to pass on variables with POST without using a form Hi, how can I pass a value via POST without using an HTML form? Some time ago I came across the same problem and I think I found a simple solution, but I can neither find my cognitions nor the code nor the source I got the information from. Maybe I am just dreaming, but I guess if there is a way then you know about it. Thanks in advance, David K. _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From rmarscher at beaffinitive.com Wed Sep 20 18:45:31 2006 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Wed, 20 Sep 2006 18:45:31 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <8d9a42800609201515i331e38e1i2b1070a5089a0304@mail.gmail.com> References: <8d9a42800609200855u6e564b6eiab872e5fd7b27da5@mail.gmail.com> <8d9a42800609201515i331e38e1i2b1070a5089a0304@mail.gmail.com> Message-ID: <4511C48B.8080001@beaffinitive.com> I've got a mac at home that I've compiled php on. I'm on my linux machine here at work, so I can't quickly look it up. However, I remember having to get XCode from Apple to do any compiling... I assume you must have that. I just found these instructions... seem very similar to what I remember doing: http://developer.apple.com/internet/opensource/php.html FYI, Fink Commander is a gui frontend for the Fink package manager mentioned in the article. I recommend grabbing that if you want to browse what else is available. Good luck! -Rob Joseph Crawford wrote: > csnyder, > > yea i noticed that but thought MAMP would have had that enabled but i > guess not. I have been fighting trying to get php to compile on the > mac from source. I am not using the built in apache so the php.net > docs are no help. It keeps tripping up when > ,/configure is looking for zlib. > > I am not that familiar with compiling php from source but it seens > straight forward until it trips up like this :D > > I am not sure what zlib file it is looking for and i could not find a > binary zlib on my system. > > /usr/include/bzlib.h > /usr/include/zlib.h > /usr/lib/ruby/1.8/powerpc-darwin8.0/zlib.bundle > /usr/lib/zlibtclConfig.sh > /usr/share/man/man3/zlib.3 > /usr/share/man/mann/crc-zlib.n > /usr/share/ri/1.8/system/Zlib/zlib_version- i.yaml > /usr/X11R6/include/X11/extensions/lbxzlib.h > > is what locate comes up with, aside from stuff bundled with other apps. > > If ANYONE has any resources i could read about compiling LAMP on the > mac i would appreciate it. Everyone is telling me to just go with a > precompiled package and would if any of them enabled pcntl :) > > Thanks, > > > -- > Joseph Crawford Jr. > Zend Certified Engineer > Codebowl Solutions, Inc. > http://www.codebowl.com/ > Blog: http://www.josephcrawford.com/ > 1-802-671-2021 > codebowl at gmail.com > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From ramons at gmx.net Wed Sep 20 19:46:56 2006 From: ramons at gmx.net (David Krings) Date: Wed, 20 Sep 2006 19:46:56 -0400 Subject: [nycphp-talk] How to pass on variables with POST without using a form In-Reply-To: <007f01c6dd05$ee7ecc20$6701a8c0@SUNCODE1> References: <6.1.2.0.2.20060920181116.02e54f38@pop.snet.yahoo.com> <007f01c6dd05$ee7ecc20$6701a8c0@SUNCODE1> Message-ID: <6.1.2.0.2.20060920190640.02e55810@pop.gmx.net> Hi, indeed cURL it is, but that wasn't what I recall using. I also found the deal with sockets, but that looks awfully scary. Now, cURL triggers another question. Can I send multiple curl_setopt($ch, CURLOPT_POSTFIELDS, "$curlpost"); with $curlpost something like data1=value1, or do I need to jam that all into one string and tie it together with the &? If yes, then I need to add more code to screen for & on all variables as it is very likely that the & may be included. I also saw on php.net this: "Just a reminder: When setting your CURLOPT_POSTFIELDS remember to replace the spaces in your values with %20 " Ah, bummer! It basically expects the name=data sets to be formatted as if one wants to send a get via URL. I guess I go against my own advice, pack the two dozen variables into the session and then unset them after savely retrieving them........unless someone has a better idea that is not as painful as manipulating headers or massaging strings for cURL to use. Bah! This rapidly inhales! :( Thanks for the tip anyway, I can see some other good uses for cURL. David K. At 06:41 PM 9/20/2006, you wrote: >cURL lib, no? Peter > >-----Original Message----- >From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On >Behalf Of David Krings >Sent: Wednesday, September 20, 2006 6:17 PM >To: talk at lists.nyphp.org >Subject: [nycphp-talk] How to pass on variables with POST without using a >form > > >Hi, > >how can I pass a value via POST without using an HTML form? Some time ago I >came across the same problem and I think I found a simple solution, but I >can neither find my cognitions nor the code nor the source I got the >information from. Maybe I am just dreaming, but I guess if there is a way >then you know about it. > >Thanks in advance, > > >David K. From Consult at CovenantEDesign.com Wed Sep 20 19:54:46 2006 From: Consult at CovenantEDesign.com (CED) Date: Wed, 20 Sep 2006 19:54:46 -0400 Subject: [nycphp-talk] How to pass on variables with POST without using a form References: <6.1.2.0.2.20060920181116.02e54f38@pop.snet.yahoo.com><007f01c6dd05$ee7ecc20$6701a8c0@SUNCODE1> <6.1.2.0.2.20060920190640.02e55810@pop.gmx.net> Message-ID: <013d01c6dd10$271c7730$07d6f4a7@ced> Good thing for HTMLentities eh? =D Edward JS Prevost II Me at EdwardPrevost.info www.EdwardPrevost.info ----- Original Message ----- From: "David Krings" To: "NYPHP Talk" Sent: Wednesday, September 20, 2006 7:46 PM Subject: Re: [nycphp-talk] How to pass on variables with POST without using a form Hi, indeed cURL it is, but that wasn't what I recall using. I also found the deal with sockets, but that looks awfully scary. Now, cURL triggers another question. Can I send multiple curl_setopt($ch, CURLOPT_POSTFIELDS, "$curlpost"); with $curlpost something like data1=value1, or do I need to jam that all into one string and tie it together with the &? If yes, then I need to add more code to screen for & on all variables as it is very likely that the & may be included. I also saw on php.net this: "Just a reminder: When setting your CURLOPT_POSTFIELDS remember to replace the spaces in your values with %20 " Ah, bummer! It basically expects the name=data sets to be formatted as if one wants to send a get via URL. I guess I go against my own advice, pack the two dozen variables into the session and then unset them after savely retrieving them........unless someone has a better idea that is not as painful as manipulating headers or massaging strings for cURL to use. Bah! This rapidly inhales! :( Thanks for the tip anyway, I can see some other good uses for cURL. David K. At 06:41 PM 9/20/2006, you wrote: >cURL lib, no? Peter > >-----Original Message----- >From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On >Behalf Of David Krings >Sent: Wednesday, September 20, 2006 6:17 PM >To: talk at lists.nyphp.org >Subject: [nycphp-talk] How to pass on variables with POST without using a >form > > >Hi, > >how can I pass a value via POST without using an HTML form? Some time ago I >came across the same problem and I think I found a simple solution, but I >can neither find my cognitions nor the code nor the source I got the >information from. Maybe I am just dreaming, but I guess if there is a way >then you know about it. > >Thanks in advance, > > >David K. _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From chsnyder at gmail.com Wed Sep 20 19:55:25 2006 From: chsnyder at gmail.com (csnyder) Date: Wed, 20 Sep 2006 19:55:25 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <8d9a42800609201515i331e38e1i2b1070a5089a0304@mail.gmail.com> References: <8d9a42800609200855u6e564b6eiab872e5fd7b27da5@mail.gmail.com> <8d9a42800609201515i331e38e1i2b1070a5089a0304@mail.gmail.com> Message-ID: On 9/20/06, Joseph Crawford wrote: > If ANYONE has any resources i could read about compiling LAMP on the mac i > would appreciate it. Everyone is telling me to just go with a precompiled > package and would if any of them enabled pcntl :) This should get you php5 on osx 10.4. It doesn't have pcntl enabled, it's just supposed to mirror the default php4 binary, but with php5 goodness. Sorry it's rough, these are just my notes so I can do it again. Step By Step 0. Install the latest Developer Tools http://developer.apple.com/tools/xcode/update.html 1. Install Fink http://fink.sourceforge.net/ 2. Update fink (follow all instructions) and install necessary packages fink selfupdate ... fink install svn-client screen freetype2-hinting-dev libpng3 t1lib5 tidy-dev libjpeg wget uw-imap-c-client-ssl 3. Install MySQL, MySQL Startup Item, and PrefPane (double-click to install) 4. Download PHP source -- use the latest, this is just an example PHP 5.1.4 (tar.bz2) [5,852Kb] - 04 May 2006 md5: b55e633bdc80ab30da7c92f760fc4b58 5. Unpack php into /usr/local/src cd /usr/local/src md5sum ~/Desktop/php-5.1.4.tar.bz2 #does md5 hash match? tar xjvf ~/Desktop/php-5.1.4.tar.bz2 cd php-5.1.4/ 6. Configure php: './configure' '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-config-file-path=/etc' '--sysconfdir=/private/etc' '--disable-dependency-tracking' '--with-apxs' '--enable-dbx' '--enable-exif' '--enable-ftp' '--enable-mbregex' '--enable-mbstring' '--enable-sockets' '--with-curl=/usr' '--with-freetype-dir=/sw/lib/freetype2' '--with-gd' '--with-gettext=/sw' '--with-iodbc=/usr' '--with-kerberos=/usr' '--with-ldap=/usr' '--with-mysql=/usr/local/mysql' '--with-mysql-sock=/private/tmp/mysql.sock' '--with-mysqli=/usr/local/mysql/bin/mysql_config' '--with-openssl' '--with-png-dir=/sw' '--with-jpeg-dir=/sw' '--with-readline' '--with-t1lib=/sw' '--with-tidy=/sw' '--with-xml' '--with-xmlrpc' '--with-zlib-dir=/usr' '--without-xpm' '--with-expat-dir=/sw' '--with-iconv=/usr' '--with-imap=/sw/share/c-client' 7. Build and install php: make sudo make install 8. You should check the Apache configuration at /etc/httpd/httpd.conf. It should have the following configuration directives (make sure any directives pertaining to php4 are commented out): nano -w /etc/httpd/httpd.conf # php5 support (Apache 1.3 version) LoadModule php5_module libexec/httpd/libphp5.so AddModule mod_php5.c AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps DirectoryIndex index.html index.php 9. Restart apache (sudo apachectl restart) and test for php. sudo apachectl restart open /Applications/Safari.app http://localhost/path/to/info.php Should take about four hours given the size of the downloads involved and the configuration time. -- Chris Snyder http://chxo.com/ From dcech at phpwerx.net Wed Sep 20 20:04:30 2006 From: dcech at phpwerx.net (Dan Cech) Date: Wed, 20 Sep 2006 20:04:30 -0400 Subject: [nycphp-talk] How to pass on variables with POST without using a form In-Reply-To: <013d01c6dd10$271c7730$07d6f4a7@ced> References: <6.1.2.0.2.20060920181116.02e54f38@pop.snet.yahoo.com><007f01c6dd05$ee7ecc20$6701a8c0@SUNCODE1> <6.1.2.0.2.20060920190640.02e55810@pop.gmx.net> <013d01c6dd10$271c7730$07d6f4a7@ced> Message-ID: <4511D70E.9090608@phpwerx.net> CED wrote: > Good thing for HTMLentities eh? Not really, you don't want to use htmlentities in this situation. You are escaping your values into POST data so you should use urlencode, as in the example below. > ----- Original Message ----- > From: "David Krings" > To: "NYPHP Talk" > Sent: Wednesday, September 20, 2006 7:46 PM > Subject: Re: [nycphp-talk] How to pass on variables with POST without using a > form > > > Hi, > > indeed cURL it is, but that wasn't what I recall using. I also found the > deal with sockets, but that looks awfully scary. > > Now, cURL triggers another question. Can I send multiple > > curl_setopt($ch, CURLOPT_POSTFIELDS, "$curlpost"); > > with $curlpost something like data1=value1, or do I need to jam that all > into one string and tie it together with the &? If yes, then I need to add > more code to screen for & on all variables as it is very likely that the & > may be included. I also saw on php.net this: > "Just a reminder: When setting your CURLOPT_POSTFIELDS remember to > replace the spaces in your values with %20 " > > Ah, bummer! It basically expects the name=data sets to be formatted as if > one wants to send a get via URL. The easiest way I've found to do this is as follows: $myvars = array( 'item1' => 'value1', 'item2' => 'value2', ); $postdata = array(); foreach ($myvars as $k => $v) { $postdata[] = urlencode($k) .'=' . urlencode($v); } $postdata = implode('&',$postdata); curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata); By running both your keys and values through urlencode, you'll be sure that you won't end up with mangled post data, no matter what the values' contents are. If you want to be really ahead of the curve you can use ini_get('arg_separator.output') in place of '&' in the implode. Dan > > I guess I go against my own advice, pack the two dozen variables into the > session and then unset them after savely retrieving them........unless > someone has a better idea that is not as painful as manipulating headers or > massaging strings for cURL to use. > > Bah! This rapidly inhales! :( > > Thanks for the tip anyway, I can see some other good uses > for cURL. > > > David K. From ramons at gmx.net Wed Sep 20 20:45:59 2006 From: ramons at gmx.net (David Krings) Date: Wed, 20 Sep 2006 20:45:59 -0400 Subject: [nycphp-talk] How to pass on variables with POST without using a form In-Reply-To: <4511D70E.9090608@phpwerx.net> References: <6.1.2.0.2.20060920181116.02e54f38@pop.snet.yahoo.com> <007f01c6dd05$ee7ecc20$6701a8c0@SUNCODE1> <6.1.2.0.2.20060920190640.02e55810@pop.gmx.net> <013d01c6dd10$271c7730$07d6f4a7@ced> <4511D70E.9090608@phpwerx.net> Message-ID: <6.1.2.0.2.20060920204008.02e59800@pop.gmx.net> At 08:04 PM 9/20/2006, you wrote: >CED wrote: > > Good thing for HTMLentities eh? > >Not really, you don't want to use htmlentities in this situation. You >are escaping your values into POST data so you should use urlencode, as >in the example below. > >The easiest way I've found to do this is as follows: > >$myvars = array( > 'item1' => 'value1', > 'item2' => 'value2', >); > >$postdata = array(); >foreach ($myvars as $k => $v) { > $postdata[] = urlencode($k) .'=' . urlencode($v); >} >$postdata = implode('&',$postdata); > >curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata); > >By running both your keys and values through urlencode, you'll be sure >that you won't end up with mangled post data, no matter what the values' >contents are. > >If you want to be really ahead of the curve you can use >ini_get('arg_separator.output') in place of '&' in the implode. > >Dan That's it? WOW! That's just a few lines of code! Thank you! Now, I need to see how I build the rest of the script around this, which shouldn't be that tricky. This is awesome! Shows how much more I still have to learn. :/ David K. From cliff at pinestream.com Wed Sep 20 23:31:24 2006 From: cliff at pinestream.com (Cliff Hirsch) Date: Wed, 20 Sep 2006 23:31:24 -0400 Subject: [nycphp-talk] How to pass on variables with POST without using a form In-Reply-To: <4511D70E.9090608@phpwerx.net> Message-ID: <001401c6dd2e$6a352620$12a8a8c0@HirschLaptop> Why not just use the built-in function http_build_query? ------- The easiest way I've found to do this is as follows: $myvars = array( 'item1' => 'value1', 'item2' => 'value2', ); $postdata = array(); foreach ($myvars as $k => $v) { $postdata[] = urlencode($k) .'=' . urlencode($v); } $postdata = implode('&',$postdata); From dcech at phpwerx.net Thu Sep 21 07:28:12 2006 From: dcech at phpwerx.net (Dan Cech) Date: Thu, 21 Sep 2006 07:28:12 -0400 Subject: [nycphp-talk] How to pass on variables with POST without using a form In-Reply-To: <001401c6dd2e$6a352620$12a8a8c0@HirschLaptop> References: <001401c6dd2e$6a352620$12a8a8c0@HirschLaptop> Message-ID: <4512774C.1020000@phpwerx.net> Cliff Hirsch wrote: > Why not just use the built-in function http_build_query? Maybe because it's php5-only? If you want a php4 version, try this function I just cooked up which duplicates all the documented functionality of the php5 function. function http_build_query($formdata,$numeric_prefix = '',$arg_separator = null,$_parent = null) { if (empty($arg_separator)) { $arg_separator = ini_get('arg_separator.output'); } $postdata = array(); foreach ($formdata as $k => $v) { if (!empty($_parent)) { $k = $_parent .'['. urlencode($k) .']'; } else { if (is_numeric($k)) { $k = $numeric_prefix . $k; } $k = urlencode($k); } if (is_array($v)) { $postdata[] = http_build_query($v,$numeric_prefix,$arg_separator,$k); } else { $postdata[] = $k .'=' . urlencode($v); } } return implode($arg_separator,$postdata); } Dan > ------- > The easiest way I've found to do this is as follows: > > $myvars = array( > 'item1' => 'value1', > 'item2' => 'value2', > ); > > $postdata = array(); > foreach ($myvars as $k => $v) { > $postdata[] = urlencode($k) .'=' . urlencode($v); > } > $postdata = implode('&',$postdata); From codebowl at gmail.com Thu Sep 21 09:09:37 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Thu, 21 Sep 2006 09:09:37 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: References: <8d9a42800609200855u6e564b6eiab872e5fd7b27da5@mail.gmail.com> <8d9a42800609201515i331e38e1i2b1070a5089a0304@mail.gmail.com> Message-ID: <8d9a42800609210609j109005eetcbd30e4c68be0596@mail.gmail.com> thanks for the info guys, i am going to attempt to install apache/php/mysql from scratch rather than use a precompiled version. -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From jonbaer at jonbaer.com Thu Sep 21 09:19:22 2006 From: jonbaer at jonbaer.com (Jon Baer) Date: Thu, 21 Sep 2006 09:19:22 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <8d9a42800609201515i331e38e1i2b1070a5089a0304@mail.gmail.com> References: <8d9a42800609200855u6e564b6eiab872e5fd7b27da5@mail.gmail.com> <8d9a42800609201515i331e38e1i2b1070a5089a0304@mail.gmail.com> Message-ID: It has tripped me up before when compiling but just make sure --with- zlib appears first in your compile command, not sure why ... Also based on below you can try --with-zlib-dir=/usr/include And make sure its up to date (requires zlib >= 1.0.9) (http://prdownloads.sourceforge.net/libpng/zlib-1.2.3.tar.gz?download) - Jon On Sep 20, 2006, at 6:15 PM, Joseph Crawford wrote: > csnyder, > > yea i noticed that but thought MAMP would have had that enabled but > i guess not. I have been fighting trying to get php to compile on > the mac from source. I am not using the built in apache so the > php.net docs are no help. It keeps tripping up when ,/configure is > looking for zlib. > > I am not that familiar with compiling php from source but it seens > straight forward until it trips up like this :D > > I am not sure what zlib file it is looking for and i could not find > a binary zlib on my system. > > /usr/include/bzlib.h > /usr/include/zlib.h > /usr/lib/ruby/1.8/powerpc-darwin8.0/zlib.bundle > /usr/lib/zlibtclConfig.sh > /usr/share/man/man3/zlib.3 > /usr/share/man/mann/crc-zlib.n > /usr/share/ri/1.8/system/Zlib/zlib_version- i.yaml > /usr/X11R6/include/X11/extensions/lbxzlib.h > > is what locate comes up with, aside from stuff bundled with other > apps. > > If ANYONE has any resources i could read about compiling LAMP on > the mac i would appreciate it. Everyone is telling me to just go > with a precompiled package and would if any of them enabled pcntl :) > > Thanks, > > > -- > Joseph Crawford Jr. > Zend Certified Engineer > Codebowl Solutions, Inc. > http://www.codebowl.com/ > Blog: http://www.josephcrawford.com/ > 1-802-671-2021 > codebowl at gmail.com > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From codebowl at gmail.com Thu Sep 21 10:06:01 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Thu, 21 Sep 2006 10:06:01 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: References: <8d9a42800609200855u6e564b6eiab872e5fd7b27da5@mail.gmail.com> <8d9a42800609201515i331e38e1i2b1070a5089a0304@mail.gmail.com> Message-ID: <8d9a42800609210706t1a16f597g289982fcc72907ff@mail.gmail.com> Now i am not sure why it cannot find mysql, i installed it with the mac dmg that mysql offers configure: error: mysql configure failed. Please check config.log for more information. This is the command i am using ./configure --prefix=/usr/local/php5 --enable-mbstring --enable-pcntl --with-apxs2=/usr/local/apache/bin/apxs --enable-cli --enable-exif --with-mysql=/usr/local/mysql --with-mbstring --with-zlib-dir=/usr/include --with-curl i am not sure because in /usr/local i have an mysql dir and an mysql-standard-5.0.24a-osx10.4-powerpc-64bit I am not sure why there are 2 Can anyone tell me what i might be doing wrong here? -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From jbaer at VillageVoice.com Thu Sep 21 11:25:33 2006 From: jbaer at VillageVoice.com (Baer, Jon) Date: Thu, 21 Sep 2006 11:25:33 -0400 Subject: [nycphp-talk] How to pass on variables with POST without using a form In-Reply-To: <4512774C.1020000@phpwerx.net> Message-ID: <4D2FAD9B00577645932AD7ED5FECA24503548DDC@mail> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It's also available as a PEAR PHP-Compact function ... http://pear.php.net/manual/en/package.php.php-compat.components.php - - Jon - -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Dan Cech Sent: Thursday, September 21, 2006 7:28 AM To: NYPHP Talk Subject: Re: [nycphp-talk] How to pass on variables with POST without using a form Cliff Hirsch wrote: > Why not just use the built-in function http_build_query? Maybe because it's php5-only? If you want a php4 version, try this function I just cooked up which duplicates all the documented functionality of the php5 function. function http_build_query($formdata,$numeric_prefix = '',$arg_separator = null,$_parent = null) { if (empty($arg_separator)) { $arg_separator = ini_get('arg_separator.output'); } $postdata = array(); foreach ($formdata as $k => $v) { if (!empty($_parent)) { $k = $_parent .'['. urlencode($k) .']'; } else { if (is_numeric($k)) { $k = $numeric_prefix . $k; } $k = urlencode($k); } if (is_array($v)) { $postdata[] = http_build_query($v,$numeric_prefix,$arg_separator,$k); } else { $postdata[] = $k .'=' . urlencode($v); } } return implode($arg_separator,$postdata); } Dan > ------- > The easiest way I've found to do this is as follows: > > $myvars = array( > 'item1' => 'value1', > 'item2' => 'value2', > ); > > $postdata = array(); > foreach ($myvars as $k => $v) { > $postdata[] = urlencode($k) .'=' . urlencode($v); } $postdata = > implode('&',$postdata); _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) iD8DBQFFEq7t99e5DI8C/rsRAo2fAKCaiDT1kSjlkKxxOSGmjlcSJtnH9gCfTliS qJ8UAW2Z41RStskr6ZOKjVY= =yJjE -----END PGP SIGNATURE----- From jbaer at VillageVoice.com Thu Sep 21 11:28:28 2006 From: jbaer at VillageVoice.com (Baer, Jon) Date: Thu, 21 Sep 2006 11:28:28 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <8d9a42800609210706t1a16f597g289982fcc72907ff@mail.gmail.com> Message-ID: <4D2FAD9B00577645932AD7ED5FECA24503548DDE@mail> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Try this instead ... - --with-mysqli=/usr/local/mysql/bin/mysql_config - - Jon - -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Joseph Crawford Sent: Thursday, September 21, 2006 10:06 AM To: NYPHP Talk Subject: Re: [nycphp-talk] pcntl_fork() assistance Now i am not sure why it cannot find mysql, i installed it with the mac dmg that mysql offers configure: error: mysql configure failed. Please check config.log for more information. This is the command i am using ./configure --prefix=/usr/local/php5 --enable-mbstring --enable-pcntl --with-apxs2=/usr/local/apache/bin/apxs --enable-cli --enable-exif --with-mysql=/usr/local/mysql --with-mbstring --with-zlib-dir=/usr/include --with-curl i am not sure because in /usr/local i have an mysql dir and an mysql-standard-5.0.24a-osx10.4-powerpc-64bit I am not sure why there are 2 Can anyone tell me what i might be doing wrong here? - -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) iD8DBQFFEq+c99e5DI8C/rsRAk/IAKDn6I1lZBeFrzMzqFpvepMnWZgofACfWCla CMLlTHPlFpbmjeJPBH1m668= =XMGM -----END PGP SIGNATURE----- From dcech at phpwerx.net Thu Sep 21 11:44:09 2006 From: dcech at phpwerx.net (Dan Cech) Date: Thu, 21 Sep 2006 11:44:09 -0400 Subject: [nycphp-talk] How to pass on variables with POST without using a form In-Reply-To: <4D2FAD9B00577645932AD7ED5FECA24503548DDC@mail> References: <4D2FAD9B00577645932AD7ED5FECA24503548DDC@mail> Message-ID: <4512B349.7080700@phpwerx.net> Baer, Jon wrote: > It's also available as a PEAR PHP-Compact function ... > > http://pear.php.net/manual/en/package.php.php-compat.components.php > > - Jon Yeah, I was going to mention that, but in general I've been underwhelmed by PHP_Compat. In this case, it seems to be unnecessarily complicated and doesn't accept the third $arg_separator argument. Dan > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] > On Behalf Of Dan Cech > Sent: Thursday, September 21, 2006 7:28 AM > To: NYPHP Talk > Subject: Re: [nycphp-talk] How to pass on variables with POST without > using a form > > Cliff Hirsch wrote: >>> Why not just use the built-in function http_build_query? > > Maybe because it's php5-only? > > If you want a php4 version, try this function I just cooked up which > duplicates all the documented functionality of the php5 function. > > function http_build_query($formdata,$numeric_prefix = '',$arg_separator > = null,$_parent = null) { > if (empty($arg_separator)) { > $arg_separator = ini_get('arg_separator.output'); > } > > $postdata = array(); > foreach ($formdata as $k => $v) { > if (!empty($_parent)) { > $k = $_parent .'['. urlencode($k) .']'; > } else { > if (is_numeric($k)) { > $k = $numeric_prefix . $k; > } > $k = urlencode($k); > } > if (is_array($v)) { > $postdata[] = > http_build_query($v,$numeric_prefix,$arg_separator,$k); > } else { > $postdata[] = $k .'=' . urlencode($v); > } > } > > return implode($arg_separator,$postdata); > } > > Dan > >>> ------- >>> The easiest way I've found to do this is as follows: >>> >>> $myvars = array( >>> 'item1' => 'value1', >>> 'item2' => 'value2', >>> ); >>> >>> $postdata = array(); >>> foreach ($myvars as $k => $v) { >>> $postdata[] = urlencode($k) .'=' . urlencode($v); } $postdata = >>> implode('&',$postdata); From codebowl at gmail.com Thu Sep 21 12:10:41 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Thu, 21 Sep 2006 12:10:41 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <4D2FAD9B00577645932AD7ED5FECA24503548DDE@mail> References: <8d9a42800609210706t1a16f597g289982fcc72907ff@mail.gmail.com> <4D2FAD9B00577645932AD7ED5FECA24503548DDE@mail> Message-ID: <8d9a42800609210910s22b261ddne76a4bb7df4eadfe@mail.gmail.com> ok so i tried this with both /mysql/ and the other folder however i get the same results checking for MySQL support... no checking for specified location of the MySQL UNIX socket... no checking for MySQLi support... yes checking whether to enable embedded MySQLi support... no mysql_config not found configure: error: Please reinstall the mysql distribution -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From codebowl at gmail.com Thu Sep 21 13:30:53 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Thu, 21 Sep 2006 13:30:53 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <8d9a42800609210910s22b261ddne76a4bb7df4eadfe@mail.gmail.com> References: <8d9a42800609210706t1a16f597g289982fcc72907ff@mail.gmail.com> <4D2FAD9B00577645932AD7ED5FECA24503548DDE@mail> <8d9a42800609210910s22b261ddne76a4bb7df4eadfe@mail.gmail.com> Message-ID: <8d9a42800609211030g3955422fwa327265722211189@mail.gmail.com> Ok it looks like it cannot find the header files for mysql, i am not sure why anyone know where these would be on OS X? I removed the mysql support and it compiles just fine. However i need the MySQL support ;( Thanks, -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From chsnyder at gmail.com Thu Sep 21 15:40:37 2006 From: chsnyder at gmail.com (csnyder) Date: Thu, 21 Sep 2006 15:40:37 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <8d9a42800609210706t1a16f597g289982fcc72907ff@mail.gmail.com> References: <8d9a42800609200855u6e564b6eiab872e5fd7b27da5@mail.gmail.com> <8d9a42800609201515i331e38e1i2b1070a5089a0304@mail.gmail.com> <8d9a42800609210706t1a16f597g289982fcc72907ff@mail.gmail.com> Message-ID: On 9/21/06, Joseph Crawford wrote: > i am not sure because in /usr/local i have an mysql dir and an > mysql-standard-5.0.24a-osx10.4-powerpc-64bit I am not sure > why there are 2 Use ls -l ... the one named mysql is a symbolic link to the one name mysql-standard-xxx. > checking for MySQL support... no > checking for specified location of the MySQL UNIX socket... no > checking for MySQLi support... yes > checking whether to enable embedded MySQLi support... no > mysql_config not found > configure: error: Please reinstall the mysql distribution So is there a file at /usr/local/mysql/bin/mysql_config ? Cause that's what php seems to be having trouble finding. Based on my experience (and this has worked on at least three Macs), you need all three of: '--with-mysql=/usr/local/mysql' '--with-mysql-sock=/private/tmp/mysql.sock' '--with-mysqli=/usr/local/mysql/bin/mysql_config' -- Chris Snyder http://chxo.com/ From ps at pswebcode.com Thu Sep 21 17:34:17 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Thu, 21 Sep 2006 17:34:17 -0400 Subject: [nycphp-talk] Security Springboard Message-ID: <00e501c6ddc5$b172e2b0$6701a8c0@SUNCODE1> Nice inspiring rollup on basic security strategies a bit beyond the programming. Originally here: http://www.infoworld.com/article/06/09/15/38OPsecadvise_1.html or without the (blah, blah) clutter here: http://www.pswebcode.com/security_article.htm Warmest regards, Peter Sawczynec Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management 646.316.3678 ps at pswebcode.com www.pswebcode.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From lk613m at yahoo.com Thu Sep 21 17:37:27 2006 From: lk613m at yahoo.com (LK) Date: Thu, 21 Sep 2006 14:37:27 -0700 (PDT) Subject: [nycphp-talk] Client vs. Server programming Message-ID: <20060921213727.3299.qmail@web53305.mail.yahoo.com> Hello, I've spent some time developing proficiency in JavaScript and AJAX. Every time I try to go to the server PHP programming, I end up scratching my head asking why would anybody program on the server? Take form validation, for example. A user registers to a service for the first time and fills out a registration form. I need to check if the Username is already taken by someone else. In the JavaScript/AJAX framework the form and the entire page is available thru the DOM, and I just have a simple query.php script running on the server to execute queries and send back the result. I construct the query and AJAX it over to the query.php. If a record with the same username is found, I alert("...") the user to try it again. The original form remains on the screen without change. The deal is done. Not so with the server side programming. The form is submitted to a process_form.php. Then, if the username already exists in the database, the script has to rebuild the original form with the previous values filled in by copying user inputs from the $_POST array back into the HTML for *each* input field with , not to mention session state and other housekeeping. That seems like a lot of work to implement something so simple. So what are the advantages of server programming? What what am I missing? Thanks Leo Kokin __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From prusak at gmail.com Thu Sep 21 17:46:03 2006 From: prusak at gmail.com (Ophir Prusak) Date: Thu, 21 Sep 2006 17:46:03 -0400 Subject: [nycphp-talk] Video Game Site Partner Needed Message-ID: Hi all, I've been running www.StationPlay.com since mid 1999 and I've coming to the point where I need a partner. Over the years I've had a few people help me out here and there on site administration, but I've always done all of the back end work. Unfortunately, I really haven't had the time to do anything on the site for the past year or so it's been coasting. At it's peak StationPlay was getting over a million visitors a month, but now it's down to about 100,000 a month. So ... I'm looking for someone to help me bring StationPlay back to it's full glory and the path of rapid growth. What I have to offer: - Knowledge and Experience: If you're looking to advance your knowledge of web development - I have plenty to offer. I've been building sites professionally since 1994. Heck - I even taught PHP for Zend :) - Fame: Well, I do get a decent amount of traffic. - Money: I'd like to be able to say that StationPlay is a major money making machine, but it's not. It _is_ profitable (advertising revenue minus hosting fees) but it's more like lunch money. Lets just say I'm not gonna quite my daytime job anytime soon. I'm more than happy to share any profit that StationPlay makes with a partner, but if you're in this purely for the money - please don't waste my time. What I want from you as a partner: First and foremost, time to work on the site. If you're uber busy and don't have any free time - don't bother. As far as skills go - I'm assuming you know some PHP (or else why are you on this list?) and have some programming experience. Anyone with good graphic skills would be a big plus. You should also be somewhat familiar with video games in general, but die hard knowledge is not necessary (though a big plus). I'm pretty open to anyone who feels they have a lot to offer, so I don't want to limit myself in advance with a big requirements list. If this sounds like something you'd be interested in, send me an email and we'll chat. Thanks, Ophir -- Ophir Prusak http://www.prusak.com From dcech at phpwerx.net Thu Sep 21 17:48:16 2006 From: dcech at phpwerx.net (Dan Cech) Date: Thu, 21 Sep 2006 17:48:16 -0400 Subject: [nycphp-talk] Client vs. Server programming In-Reply-To: <20060921213727.3299.qmail@web53305.mail.yahoo.com> References: <20060921213727.3299.qmail@web53305.mail.yahoo.com> Message-ID: <451308A0.50703@phpwerx.net> LK wrote: > Hello, > > I've spent some time developing proficiency in JavaScript and AJAX. Every time > I try to go to the server PHP programming, I end up scratching my head asking > why would anybody program on the server? > > Take form validation, for example. A user registers to a service for the first > time and fills out a registration form. I need to check if the Username is > already taken by someone else. In the JavaScript/AJAX framework the form and > the entire page is available thru the DOM, and I just have a simple query.php > script running on the server to execute queries and send back the result. I > construct the query and AJAX it over to the query.php. If a record with the > same username is found, I alert("...") the user to try it again. The original > form remains on the screen without change. The deal is done. Anyone viewing the page can easily reverse-engineer your code and post whatever they like to the server. You can certainly help the user to enter correct data using client-side code, but because your code is running in their browser, they are the ones in control. The only way you can enforce any kind of validation rules is on the server side, where you are in control. Dan > Not so with the server side programming. The form is submitted to a > process_form.php. Then, if the username already exists in the database, the > script has to rebuild the original form with the previous values filled in by > copying user inputs from the $_POST array back into the HTML for *each* input > field with , not to mention session state and other > housekeeping. That seems like a lot of work to implement something so simple. > > So what are the advantages of server programming? What what am I missing? > > Thanks > > Leo Kokin From chsnyder at gmail.com Thu Sep 21 17:58:35 2006 From: chsnyder at gmail.com (csnyder) Date: Thu, 21 Sep 2006 17:58:35 -0400 Subject: [nycphp-talk] Client vs. Server programming In-Reply-To: <20060921213727.3299.qmail@web53305.mail.yahoo.com> References: <20060921213727.3299.qmail@web53305.mail.yahoo.com> Message-ID: On 9/21/06, LK wrote: > I've spent some time developing proficiency in JavaScript and AJAX. Every time > I try to go to the server PHP programming, I end up scratching my head asking > why would anybody program on the server? Well, you're assuming that you have some degree of control over what implementation of Javascript is running in the browser, and that it will work the way you expect. These days it seems pretty stable (disregarding Safari for a moment) but you don't have to go too far back in the day to find when it wasn't. Ajax is great, go for it. But as we hashed out on a recent thread here, don't trust the browser to validate stuff for you, because there are plenty of ways to submit data to your server that don't involve a browser or javascript at all. So some programming HAS to be server side, or you leave yourself wide open to attack. -- Chris Snyder http://chxo.com/ From rahmin at insite-out.com Thu Sep 21 17:59:17 2006 From: rahmin at insite-out.com (Rahmin Pavlovic) Date: Thu, 21 Sep 2006 17:59:17 -0400 Subject: [nycphp-talk] Client vs. Server programming In-Reply-To: <20060921213727.3299.qmail@web53305.mail.yahoo.com> References: <20060921213727.3299.qmail@web53305.mail.yahoo.com> Message-ID: <20060921175917.m3v7jmegrluscogc@webmail.vmsol.com> Quoting LK : > So what are the advantages of server programming? What what am I missing? > Users can disable JavaScript. More crafty individuals can hit your server-side documents using their own client-side forms. It's a good idea to minimize file requests but validating using basic JS or AJAX requests, but it's foolish to soley rely on it. From ajai at bitblit.net Thu Sep 21 18:02:25 2006 From: ajai at bitblit.net (Ajai Khattri) Date: Thu, 21 Sep 2006 18:02:25 -0400 Subject: [nycphp-talk] Client vs. Server programming In-Reply-To: <20060921213727.3299.qmail@web53305.mail.yahoo.com> References: <20060921213727.3299.qmail@web53305.mail.yahoo.com> Message-ID: <45130BF1.1050503@bitblit.net> LK wrote: > In the JavaScript/AJAX framework the form and > the entire page is available thru the DOM, and I just have a simple query.php > script running on the server to execute queries and send back the result. I > construct the query and AJAX it over to the query.php. If a record with the > same username is found, I alert("...") the user to try it again. The original > form remains on the screen without change. The deal is done. And so if javaScript is switched off there is no validation then? You will *always* need server-side validation to fall back on... > Not so with the server side programming. The form is submitted to a > process_form.php. Then, if the username already exists in the database, the > script has to rebuild the original form with the previous values filled in by > copying user inputs from the $_POST array back into the HTML for *each* input > field with , not to mention session state and other > housekeeping. That seems like a lot of work to implement something so simple. Yes it involves work (and we make it look so easy ;-) > So what are the advantages of server programming? What what am I missing? Its not an either-or kind of question - ideally you would want to do both (especially where validation is concerned). Its all very well using AJAX but you have to remember that an AJAX call may still end up calling a server-side resource at some point. Also, how would you handle session data? Yeah, you could do it on the client but that's not efficient in terms of bandwidth and also not good for scalability. -- A From mailinglists at caseysoftware.com Thu Sep 21 18:12:41 2006 From: mailinglists at caseysoftware.com (Keith Casey) Date: Thu, 21 Sep 2006 18:12:41 -0400 Subject: [nycphp-talk] Client vs. Server programming In-Reply-To: <20060921213727.3299.qmail@web53305.mail.yahoo.com> References: <20060921213727.3299.qmail@web53305.mail.yahoo.com> Message-ID: On 9/21/06, LK wrote: > copying user inputs from the $_POST array back into the HTML for *each* input > field with , not to mention session state and other And regardless of the validation others have noted, if you're simply taking user input and dumping it to the screen you're in for a world of hurt. Here's a quick sample of some of the trouble you could cause: http://seoblackhat.com/2006/09/18/best-xss-ever/ And that's just simple html not causing any problems... kc -- D. Keith Casey Jr. CEO, CaseySoftware, LLC http://CaseySoftware.com From tedd at sperling.com Thu Sep 21 18:36:21 2006 From: tedd at sperling.com (tedd) Date: Thu, 21 Sep 2006 18:36:21 -0400 Subject: [nycphp-talk] Client vs. Server programming In-Reply-To: <20060921213727.3299.qmail@web53305.mail.yahoo.com> References: <20060921213727.3299.qmail@web53305.mail.yahoo.com> Message-ID: At 2:37 PM -0700 9/21/06, LK wrote: >Hello, > >I've spent some time developing proficiency in JavaScript and AJAX. Every time >I try to go to the server PHP programming, I end up scratching my head asking >why would anybody program on the server? > >Take form validation, for example. A user registers to a service for the first >time and fills out a registration form. I need to check if the Username is >already taken by someone else. In the JavaScript/AJAX framework the form and >the entire page is available thru the DOM, and I just have a simple query.php >script running on the server to execute queries and send back the result. I >construct the query and AJAX it over to the query.php. If a record with the >same username is found, I alert("...") the user to try it again. The original >form remains on the screen without change. The deal is done. > >Not so with the server side programming. The form is submitted to a >process_form.php. Then, if the username already exists in the database, the >script has to rebuild the original form with the previous values filled in by >copying user inputs from the $_POST array back into the HTML for *each* input >field with , not to mention session state and other >housekeeping. That seems like a lot of work to implement something so simple. > >So what are the advantages of server programming? What what am I missing? > >Thanks > >Leo Kokin Leo: 1. Security -- javascript provides *no* security; 2. Keeping your code private -- I can see your javascript code, can you see my php code? 3. Not worrying about what happens when javascript is turned off. 4. Speed -- servers usually process things faster than client side machines. 5. If I want javascript, I can use php to write it -- the reverse isn't true. 6. Resources -- I believe there are more resources for php than for js. 7. Functions -- I believe that there are more functions and thus more functionality for php. 8. While 6 & 7 may be arguable, that has been my experience. 9. It has also been my experience that not all javascript is the same nor handled the same on all browsers -- however, I may be in error -- I just remember reading something to that affect. 10. The only advantage I can see, which is a major one, that that javascript can provide more interaction with the user and that coupled with ajax (which IS js) becomes a very desirable feature. But, when all is said and done, it's not a question of php vs javascript or css vs html, it's a question of using what language "best" fits the problem at hand. And, it's your users and clients who make that decision for you. tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From ramons at gmx.net Thu Sep 21 19:05:50 2006 From: ramons at gmx.net (David Krings) Date: Thu, 21 Sep 2006 19:05:50 -0400 Subject: [nycphp-talk] Client vs. Server programming In-Reply-To: <20060921213727.3299.qmail@web53305.mail.yahoo.com> References: <20060921213727.3299.qmail@web53305.mail.yahoo.com> Message-ID: <6.1.2.0.2.20060921190012.02f2ab00@pop.gmx.net> At 05:37 PM 9/21/2006, you wrote: >I've spent some time developing proficiency in JavaScript and AJAX. Every time >I try to go to the server PHP programming, I end up scratching my head asking >why would anybody program on the server? > >So what are the advantages of server programming? What what am I missing? > >Thanks > >Leo Kokin From my point of view, PHP is darn easy and very popular. I hate programming and I attended classes for C64 Basic (yep!), Logo, ANSI C, Assembler, VB6, VB.NET, and Java. C64 BASIC was about what I could wrap my brain around, all other languages are just plain awful, especially Java. And then came PHP across my way and it just works for me. I think of the english verb for the task I want to do and usually that is the keyword to use. I did spend some time on learning the basics of HTML, which wasn't fun, but necessary. Of course, I could use some client side scripting, but JavaScript and such as just so, well, ununderstandable for someone like me who is more proficient in talking to people than abstract programming objects. Even with all the drawbacks, I think PHP is awesome and server side programming just asks for a little bit more thinking sometimes....to find out that it won't work, sometimes. Besides that, you can do AJAX using PHP. David K. From chsnyder at gmail.com Thu Sep 21 19:44:29 2006 From: chsnyder at gmail.com (csnyder) Date: Thu, 21 Sep 2006 19:44:29 -0400 Subject: [nycphp-talk] Client vs. Server programming In-Reply-To: References: <20060921213727.3299.qmail@web53305.mail.yahoo.com> Message-ID: On 9/21/06, Keith Casey wrote: > Here's a quick sample of some of the trouble you could > cause: http://seoblackhat.com/2006/09/18/best-xss-ever/ Great example! And bonus points because that page mentions John Andrews. :-) From ramons at gmx.net Thu Sep 21 19:45:58 2006 From: ramons at gmx.net (David Krings) Date: Thu, 21 Sep 2006 19:45:58 -0400 Subject: [nycphp-talk] Client vs. Server programming In-Reply-To: References: <20060921213727.3299.qmail@web53305.mail.yahoo.com> Message-ID: <6.1.2.0.2.20060921194500.02f86758@pop.gmx.net> At 05:58 PM 9/21/2006, you wrote: >Well, you're assuming that you have some degree of control over what >implementation of Javascript is running in the browser, and that it Or if it is running at all. The client can switch off JavaScript (ECMA Script to be correct) execution at any given time. Switching off PHP on your server is a little bit more difficult. David K. From rotsen at gmail.com Thu Sep 21 23:59:50 2006 From: rotsen at gmail.com (=?ISO-8859-1?Q?N=E9stor?=) Date: Thu, 21 Sep 2006 20:59:50 -0700 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: References: <8d9a42800609200855u6e564b6eiab872e5fd7b27da5@mail.gmail.com> <8d9a42800609201515i331e38e1i2b1070a5089a0304@mail.gmail.com> <8d9a42800609210706t1a16f597g289982fcc72907ff@mail.gmail.com> Message-ID: Joseph, I was having simmilar problem installing php/apache/mysql last week. My installation would not work until I went and downloaded mysql.dll and mysqli.dll from mysql.com. After that the installation worked. N?stor :-) On 9/21/06, csnyder wrote: > > On 9/21/06, Joseph Crawford wrote: > > > i am not sure because in /usr/local i have an mysql dir and an > > mysql-standard-5.0.24a-osx10.4-powerpc-64bit I am not sure > > why there are 2 > > Use ls -l ... the one named mysql is a symbolic link to the one name > mysql-standard-xxx. > > > checking for MySQL support... no > > checking for specified location of the MySQL UNIX socket... no > > checking for MySQLi support... yes > > checking whether to enable embedded MySQLi support... no > > mysql_config not found > > configure: error: Please reinstall the mysql distribution > > So is there a file at /usr/local/mysql/bin/mysql_config ? Cause that's > what php seems to be having trouble finding. > > Based on my experience (and this has worked on at least three Macs), > you need all three of: > > '--with-mysql=/usr/local/mysql' > '--with-mysql-sock=/private/tmp/mysql.sock' > '--with-mysqli=/usr/local/mysql/bin/mysql_config' > > > > -- > Chris Snyder > http://chxo.com/ > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From codebowl at gmail.com Fri Sep 22 00:01:06 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Fri, 22 Sep 2006 00:01:06 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: References: <8d9a42800609200855u6e564b6eiab872e5fd7b27da5@mail.gmail.com> <8d9a42800609201515i331e38e1i2b1070a5089a0304@mail.gmail.com> <8d9a42800609210706t1a16f597g289982fcc72907ff@mail.gmail.com> Message-ID: <8d9a42800609212101l3c467fcfl81d30f7612649b8d@mail.gmail.com> dll is for windows i am on mac which is closer to the unix ;( -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From shiflett at php.net Fri Sep 22 01:05:16 2006 From: shiflett at php.net (Chris Shiflett) Date: Fri, 22 Sep 2006 01:05:16 -0400 Subject: [nycphp-talk] Client vs. Server programming In-Reply-To: <20060921213727.3299.qmail@web53305.mail.yahoo.com> References: <20060921213727.3299.qmail@web53305.mail.yahoo.com> Message-ID: <45136F0C.4020409@php.net> Leo Kokin wrote: > I've spent some time developing proficiency in JavaScript and AJAX. > Every time I try to go to the server PHP programming, I end up > scratching my head asking why would anybody program on the server? Sounds to me like you don't understand the distinction between client-side and server-side, or you're just trolling. To answer your question directly, if your application was entirely client-side, then it's pointless to make it a web application, and you miss out on all of the benefits of this cool thing called the Internet. Chris From ken at secdat.com Fri Sep 22 06:56:34 2006 From: ken at secdat.com (Kenneth Downs) Date: Fri, 22 Sep 2006 06:56:34 -0400 Subject: [nycphp-talk] Client vs. Server programming In-Reply-To: <20060921213727.3299.qmail@web53305.mail.yahoo.com> References: <20060921213727.3299.qmail@web53305.mail.yahoo.com> Message-ID: <4513C162.4030205@secdat.com> LK wrote: > Hello, > > > Take form validation, for example. A user registers to a service for the first > time and fills out a registration form. I need to check if the Username is > already taken by someone else. > Validation is an all-or-nothing thing. It must be 100% correct all of the time or it is wrong. Your approach allows several ways to send invalid data, therefore you cannot guarantee the data is correct. The only way to maintain a unique list of users is to store them in a database with a unique constraint. If the database allows the user to be saved, then you know it is unique. In any other approach, duplicates can get in through accident or intent. Validating in PHP code is no better. It is one step closer to the database, but two identical users can still register. This may be unlikely for the case at hand, but if you want to get into any real money games you've got to be able to provide data integrity guarantees. The good news is that modifying your code is very simple. The AJAX call sends an insert request to NEWUSER.PHP, which does an insert to the database. If the database returns an error because of a unique violation, NEWUSER.PHP passes the error back through AJAX. If no error, you say "Welcome to our site newuser at monkeycheese.com" > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- A non-text attachment was scrubbed... Name: ken.vcf Type: text/x-vcard Size: 261 bytes Desc: not available URL: From rolan at omnistep.com Fri Sep 22 08:11:00 2006 From: rolan at omnistep.com (Rolan Yang) Date: Fri, 22 Sep 2006 08:11:00 -0400 Subject: [nycphp-talk] Looking for a good accountant for 1099/business accounts In-Reply-To: <001101c6dcef$a2f75350$b500a8c0@bcu.org> References: <001101c6dcef$a2f75350$b500a8c0@bcu.org> Message-ID: <4513D2D4.7060405@omnistep.com> If you are incorporated and paying yourself as an employee, you might want to look into those online payroll services. They automatically deduct taxes for your your own "payroll" and also 1099's. I use powerpayroll.com which used to be called PayMaxx. Costs $26/mo. Prior to that, I tried some of the bigger name payroll services like PayChex, but was unsatisfied with their service. ~Rolan david.ngo wrote: > Hello, > Not exactly on topic, but I am looking for a good accountant to > manage my 1099 contract taxes. Do you many of you guys have s-corps to > handle all your contracting jobs? > > Any recommendations? > > From jonbaer at jonbaer.com Fri Sep 22 09:52:01 2006 From: jonbaer at jonbaer.com (Jon Baer) Date: Fri, 22 Sep 2006 09:52:01 -0400 Subject: [nycphp-talk] Client vs. Server programming In-Reply-To: <45136F0C.4020409@php.net> References: <20060921213727.3299.qmail@web53305.mail.yahoo.com> <45136F0C.4020409@php.net> Message-ID: <149F4276-FABE-4CEE-BD17-EF7F6CEB1551@jonbaer.com> There is also a case of where your client will not always be the loaded browser you expect (FF, IE, OP) w/ XHR built in ... there are many smaller devices w/ non multithread requirements ... of course this won't always be the case ... its good to look @ things like how the frameworks handle the issue, ie Cake (RequestHandler) or something similar which give you options on how to process it. Im just waiting to see what scheme the open RDBMS come up w/ to handle XHR requests on there own (ala no application layer @ all). Exists already Im sure. - Jon On Sep 22, 2006, at 1:05 AM, Chris Shiflett wrote: > Leo Kokin wrote: >> I've spent some time developing proficiency in JavaScript and AJAX. >> Every time I try to go to the server PHP programming, I end up >> scratching my head asking why would anybody program on the server? > > Sounds to me like you don't understand the distinction between > client-side and server-side, or you're just trolling. > > To answer your question directly, if your application was entirely > client-side, then it's pointless to make it a web application, and you > miss out on all of the benefits of this cool thing called the > Internet. > > Chris > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From codebowl at gmail.com Fri Sep 22 11:04:39 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Fri, 22 Sep 2006 11:04:39 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <8d9a42800609212101l3c467fcfl81d30f7612649b8d@mail.gmail.com> References: <8d9a42800609200855u6e564b6eiab872e5fd7b27da5@mail.gmail.com> <8d9a42800609201515i331e38e1i2b1070a5089a0304@mail.gmail.com> <8d9a42800609210706t1a16f597g289982fcc72907ff@mail.gmail.com> <8d9a42800609212101l3c467fcfl81d30f7612649b8d@mail.gmail.com> Message-ID: <8d9a42800609220804v70d6f3e6n2b4df595f355e84f@mail.gmail.com> I apologize if this is a bit off topic but i finally got apache, php and mysql to install however when i run phpMyAdmin i get this error Error *MySQL said: *[image: Documentation] #2002 - The server is not responding (or the local MySQL server's socket is not correctly configured) Any help is appreciated. -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From pyurt at yahoo.com Fri Sep 22 11:25:50 2006 From: pyurt at yahoo.com (P Yurt) Date: Fri, 22 Sep 2006 08:25:50 -0700 (PDT) Subject: [nycphp-talk] pcntl_fork() assistance Message-ID: <20060922152550.67836.qmail@web52211.mail.yahoo.com> v\:* {behavior:url(#default#VML);}o\:* {behavior:url(#default#VML);}w\:* {behavior:url(#default#VML);}..shape {behavior:url(#default#VML);}st1\:*{behavior:url(#default#ieooui) } How do you know you mysql and apache areinstalled? Explore the Evolving Web www.2.0websites.com Paul Yurt, Publisher paul(@)2.0websites.com 480-585-0007 --------------------------------- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Joseph Crawford Sent: Friday, September 22, 2006 8:05 AM To: NYPHP Talk Subject: Re: [nycphp-talk]pcntl_fork() assistance I apologize if this is abit off topic but i finally got apache, php and mysql to install however when irun phpMyAdmin i get this error Error MySQL said: #2002 - The server is not responding (or the localMySQL server's socket is not correctly configured) Any help is appreciated. -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From ps at pswebcode.com Fri Sep 22 12:03:43 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Fri, 22 Sep 2006 12:03:43 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <8d9a42800609220804v70d6f3e6n2b4df595f355e84f@mail.gmail.com> Message-ID: <004c01c6de60$ad85c690$6701a8c0@SUNCODE1> See this page for some helpful info: http://dev.mysql.com/doc/refman/5.0/en/multiple-unix-servers.html Like Port 80 is generally accepted to be the http/www port, Port 3306 is usually the expected MySQL port. And the unix socket path is also usually standardized by default too. But maybe your install(s) specified port and socket different from default. This is considered a security enhancement. In the phpMyAdmin config file(s) for the server connections there are many options to fill in so that phpMyAdmin knows exactly how to talk to your MySQL server; the port, socket, user name, pwd, database name, host all have to be accurate. Peter -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Joseph Crawford Sent: Friday, September 22, 2006 11:05 AM To: NYPHP Talk Subject: Re: [nycphp-talk] pcntl_fork() assistance I apologize if this is a bit off topic but i finally got apache, php and mysql to install however when i run phpMyAdmin i get this error Error MySQL said: Documentation #2002 - The server is not responding (or the local MySQL server's socket is not correctly configured) Any help is appreciated. -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From codebowl at gmail.com Fri Sep 22 13:12:22 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Fri, 22 Sep 2006 13:12:22 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <20060922152550.67836.qmail@web52211.mail.yahoo.com> References: <20060922152550.67836.qmail@web52211.mail.yahoo.com> Message-ID: <8d9a42800609221012w61f6f093oe4e796c35a4029af@mail.gmail.com> because the web server is working and i can connect to mysql on the command line :D On 9/22/06, P Yurt wrote: > > How do you know you mysql and apache are installed? > > > > Explore the Evolving Web > > www.2.0websites.com > > Paul Yurt, Publisher > > paul(@)2.0websites.com > > 480-585-0007 > > > ------------------------------ > > *From:* talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] > *On Behalf Of *Joseph Crawford > *Sent:* Friday, September 22, 2006 8:05 AM > *To:* NYPHP Talk > *Subject:* Re: [nycphp-talk] pcntl_fork() assistance > > > > I apologize if this is a bit off topic but i finally got apache, php and > mysql to install however when i run phpMyAdmin i get this error > > Error > > *MySQL said: *[image: Documentation] > > #2002 - The server is not responding (or the local MySQL server's socket > is not correctly configured) > > Any help is appreciated. > > -- > Joseph Crawford Jr. > Zend Certified Engineer > Codebowl Solutions, Inc. > http://www.codebowl.com/ > Blog: http://www.josephcrawford.com/ > 1-802-671-2021 > codebowl at gmail.com > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From codebowl at gmail.com Fri Sep 22 13:13:18 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Fri, 22 Sep 2006 13:13:18 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <004c01c6de60$ad85c690$6701a8c0@SUNCODE1> References: <8d9a42800609220804v70d6f3e6n2b4df595f355e84f@mail.gmail.com> <004c01c6de60$ad85c690$6701a8c0@SUNCODE1> Message-ID: <8d9a42800609221013i189a73a4u53997f8b42a3fa2@mail.gmail.com> i have the sock set to /tmp/mysql.sock and i have specified that in the phpMyAdmin config file. the port i did not change on configure -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From rolson at aeso.org Fri Sep 22 13:16:45 2006 From: rolson at aeso.org (Rick Olson) Date: Fri, 22 Sep 2006 10:16:45 -0700 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <8d9a42800609221013i189a73a4u53997f8b42a3fa2@mail.gmail.com> References: <8d9a42800609220804v70d6f3e6n2b4df595f355e84f@mail.gmail.com> <004c01c6de60$ad85c690$6701a8c0@SUNCODE1> <8d9a42800609221013i189a73a4u53997f8b42a3fa2@mail.gmail.com> Message-ID: <45141A7D.80102@aeso.org> I vaguely remember you mentioning this before, but I don't have enough time to look back in the thread history... are you trying to use the mysql extension or mysqli or both? Also, could you paste me your exact configure line? Thanks, Rick Joseph Crawford wrote: > i have the sock set to /tmp/mysql.sock and i have specified that in > the phpMyAdmin config file. the port i did not change on configure > > -- > Joseph Crawford Jr. > Zend Certified Engineer > Codebowl Solutions, Inc. > http://www.codebowl.com/ > Blog: http://www.josephcrawford.com/ > 1-802-671-2021 > codebowl at gmail.com > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From codebowl at gmail.com Fri Sep 22 13:26:59 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Fri, 22 Sep 2006 13:26:59 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <45141A7D.80102@aeso.org> References: <8d9a42800609220804v70d6f3e6n2b4df595f355e84f@mail.gmail.com> <004c01c6de60$ad85c690$6701a8c0@SUNCODE1> <8d9a42800609221013i189a73a4u53997f8b42a3fa2@mail.gmail.com> <45141A7D.80102@aeso.org> Message-ID: <8d9a42800609221026k14a08f88l9e88cae138bd35c4@mail.gmail.com> MYSQL CONFIG LINE ./configure --prefix=/usr/local/mysql --with-unix-socket-path=/usr/local/mysql/run/mysql_socket --with-mysqld-user=mysql --with-comment --with-debug PHP CONFIG LINE ./configure --prefix=/usr/local/php5 --with-apxs2=/usr/local/apache/bin/apxs --with-mysql=/usr/local/mysql --enable-pcntl --enable-dbx --enable-mbstring --enable-sockets --enable-exif --enable-ftp --enable-mbregex --with-curl --with-mysqli=/usr/local/mysql/bin/mysql_config --with-zlib-dir=/usr I am trying to compile in both mysql and mysqli, the php configure line works without any errors, i was having problems with it not finding mysql but i fixed that (had to install the binary package for osx and then compile from source and combine the 2 directories. The source would have worked but not with the system prefs panel as some scripts were missing for the startup stuff. Now MySQL is running just fine i can login via the command line but phpMyAdmin says it cannot find the sock. Thanks, -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From rolson at aeso.org Fri Sep 22 13:45:30 2006 From: rolson at aeso.org (Rick Olson) Date: Fri, 22 Sep 2006 10:45:30 -0700 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <8d9a42800609221026k14a08f88l9e88cae138bd35c4@mail.gmail.com> References: <8d9a42800609220804v70d6f3e6n2b4df595f355e84f@mail.gmail.com> <004c01c6de60$ad85c690$6701a8c0@SUNCODE1> <8d9a42800609221013i189a73a4u53997f8b42a3fa2@mail.gmail.com> <45141A7D.80102@aeso.org> <8d9a42800609221026k14a08f88l9e88cae138bd35c4@mail.gmail.com> Message-ID: <4514213A.7060504@aeso.org> Joseph Crawford wrote: > MYSQL CONFIG LINE > ./configure --prefix=/usr/local/mysql > --with-unix-socket-path=/usr/local/mysql/run/mysql_socket > --with-mysqld-user=mysql --with-comment --with-debug --with-unix-socket-path=/usr/local/mysql/run/mysql_socket ;; Try setting mysql.default_socket=/usr/local/mysql/run/mysql_socket in php.ini Hopefully that works. -- Rick From cmerlo at ncc.edu Fri Sep 22 14:49:04 2006 From: cmerlo at ncc.edu (Christopher R. Merlo) Date: Fri, 22 Sep 2006 14:49:04 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <8d9a42800609220804v70d6f3e6n2b4df595f355e84f@mail.gmail.com> References: <8d9a42800609200855u6e564b6eiab872e5fd7b27da5@mail.gmail.com> <8d9a42800609201515i331e38e1i2b1070a5089a0304@mail.gmail.com> <8d9a42800609210706t1a16f597g289982fcc72907ff@mail.gmail.com> <8d9a42800609212101l3c467fcfl81d30f7612649b8d@mail.gmail.com> <8d9a42800609220804v70d6f3e6n2b4df595f355e84f@mail.gmail.com> Message-ID: <946586480609221149me90de97l35d9d0954e36e043@mail.gmail.com> On 9/22/06, Joseph Crawford wrote: > > I apologize if this is a bit off topic but i finally got apache, php and > mysql to install however when i run phpMyAdmin i get this error > > Error > > *MySQL said: *[image: Documentation] > > #2002 - The server is not responding (or the local MySQL server's socket > is not correctly configured) > > Any help is appreciated. You may have to expose the port to the outside. In System Preferences, click on Sharing, then Firewall. You may have to add a port there (like 3306) and/or allow "Personal Web Sharing" on Port 80. -c -------------- next part -------------- An HTML attachment was scrubbed... URL: From 1j0lkq002 at sneakemail.com Fri Sep 22 15:14:35 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Fri, 22 Sep 2006 12:14:35 -0700 Subject: [nycphp-talk] Looking for a good accountant for 1099/business accounts In-Reply-To: <4513D2D4.7060405@omnistep.com> References: <001101c6dcef$a2f75350$b500a8c0@bcu.org> <4513D2D4.7060405@omnistep.com> Message-ID: <15313-23190@sneakemail.com> Rolan Yang rolan-at-omnistep.com |nyphp dev/internal group use| wrote: >If you are incorporated and paying yourself as an employee, you might >want to look into those online payroll services. They automatically >deduct taxes for your your own "payroll" and also 1099's. I use >powerpayroll.com which used to be called PayMaxx. Costs $26/mo. Prior to >that, I tried some of the bigger name payroll services like PayChex, but >was unsatisfied with their service. > >~Rolan > >david.ngo wrote: > > >>Hello, >> Not exactly on topic, but I am looking for a good accountant to >>manage my 1099 contract taxes. Do you many of you guys have s-corps to >>handle all your contracting jobs? >> >> Any recommendations? >> >> I second Rolan's comments on PayChex. I was paying nearly $76/month per and dissatisfied frequently with the service levels. I have also had ADP process a $90k/month salary level without thinking and not handle the subsequent "problem resolution" attempts very well. Yeah, sure I pay $90k/month to an employee. Duh. By the way, that showed up as a $46k tax witholding... pulled right from the checking account. If you ever wondered what it would be like to make $1.09 mill per year, I can tell you it's gonna suck at tax time :-) One thing to watch when you go to any payroll service is the state add-on fees. They correctly show you how they will auto file for you various required state forms for HR, EOE and such, and they are correct it is a hassle. However, an accountant in your field knows about that stuff and files it for you for a lower overall fee in my experience. I found it to be a FUD factor used to keep you on a higher cost plan. -=john -- ------------------------------------------------------------- "If you think this stuff is confusing, you should try optimizing websites for search engine exposure." john andrews SEO http://www.johnon.com From codebowl at gmail.com Fri Sep 22 15:49:50 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Fri, 22 Sep 2006 15:49:50 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <946586480609221149me90de97l35d9d0954e36e043@mail.gmail.com> References: <8d9a42800609200855u6e564b6eiab872e5fd7b27da5@mail.gmail.com> <8d9a42800609201515i331e38e1i2b1070a5089a0304@mail.gmail.com> <8d9a42800609210706t1a16f597g289982fcc72907ff@mail.gmail.com> <8d9a42800609212101l3c467fcfl81d30f7612649b8d@mail.gmail.com> <8d9a42800609220804v70d6f3e6n2b4df595f355e84f@mail.gmail.com> <946586480609221149me90de97l35d9d0954e36e043@mail.gmail.com> Message-ID: <8d9a42800609221249j293e5c6bj6d29871f9c3552b0@mail.gmail.com> i have apache set to port 3001 and i am not trying to access the mysql from a remote box, it is all being done locally here using http://localhost:8001/phpMyAdmin/ -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From codebowl at gmail.com Fri Sep 22 15:58:05 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Fri, 22 Sep 2006 15:58:05 -0400 Subject: [nycphp-talk] Looking for a good accountant for 1099/business accounts In-Reply-To: <15313-23190@sneakemail.com> References: <001101c6dcef$a2f75350$b500a8c0@bcu.org> <4513D2D4.7060405@omnistep.com> <15313-23190@sneakemail.com> Message-ID: <8d9a42800609221258i4ba2a55aw85141c6bdfaadecd@mail.gmail.com> john i want that job who do i have to kill :D 90k/mo it's amazing that people make that much money i wouldnt know what to do with that. -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From pyurt at yahoo.com Fri Sep 22 15:58:41 2006 From: pyurt at yahoo.com (P Yurt) Date: Fri, 22 Sep 2006 12:58:41 -0700 (PDT) Subject: [nycphp-talk] pcntl_fork() assistance Message-ID: <20060922195841.26627.qmail@web52206.mail.yahoo.com> v\:* {behavior:url(#default#VML);}o\:* {behavior:url(#default#VML);}w\:* {behavior:url(#default#VML);}..shape {behavior:url(#default#VML);}st1\:*{behavior:url(#default#ieooui) } Is that 8001 or 3001 Explore the Evolving Web www.2.0websites.com Paul Yurt, Publisher paul(@)2.0websites.com --------------------------------- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Joseph Crawford Sent: Friday, September 22, 2006 12:50 PM To: NYPHP Talk Subject: Re: [nycphp-talk]pcntl_fork() assistance i have apache set to port 3001 and i am not trying to access the mysqlfrom a remote box, it is all being done locally here using http://localhost:8001/phpMyAdmin/ -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From codebowl at gmail.com Fri Sep 22 16:24:15 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Fri, 22 Sep 2006 16:24:15 -0400 Subject: [nycphp-talk] pcntl_fork() assistance In-Reply-To: <20060922195841.26627.qmail@web52206.mail.yahoo.com> References: <20060922195841.26627.qmail@web52206.mail.yahoo.com> Message-ID: <8d9a42800609221324m7bf45aeld5a437d98d686a0@mail.gmail.com> 8001 sorry :) On 9/22/06, P Yurt wrote: > > Is that 8001 or 3001 > > > > Explore the Evolving Web > > www.2.0websites.com > > Paul Yurt, Publisher > > paul(@)2.0websites.com > > > ------------------------------ > > *From:* talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] > *On Behalf Of *Joseph Crawford > *Sent:* Friday, September 22, 2006 12:50 PM > *To:* NYPHP Talk > *Subject:* Re: [nycphp-talk] pcntl_fork() assistance > > > > i have apache set to port 3001 and i am not trying to access the mysql > from a remote box, it is all being done locally here using > http://localhost:8001/phpMyAdmin/ > > > > -- > Joseph Crawford Jr. > Zend Certified Engineer > Codebowl Solutions, Inc. > http://www.codebowl.com/ > Blog: http://www.josephcrawford.com/ > 1-802-671-2021 > codebowl at gmail.com > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From 1j0lkq002 at sneakemail.com Sat Sep 23 11:12:58 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Sat, 23 Sep 2006 08:12:58 -0700 Subject: [nycphp-talk] Looking for a good accountant for 1099/business accounts In-Reply-To: <8d9a42800609221258i4ba2a55aw85141c6bdfaadecd@mail.gmail.com> References: <001101c6dcef$a2f75350$b500a8c0@bcu.org> <4513D2D4.7060405@omnistep.com> <15313-23190@sneakemail.com> <8d9a42800609221258i4ba2a55aw85141c6bdfaadecd@mail.gmail.com> Message-ID: <30517-28540@sneakemail.com> Joseph Crawford codebowl-at-gmail.com |nyphp dev/internal group use| wrote: > john i want that job who do i have to kill :D 90k/mo it's amazing > that people make that much money i wouldnt know what to do with that. > -- > Joseph Crawford Jr. > Zend Certified Engineer > Codebowl Solutions, Inc. > http://www.codebowl.com/ > Blog: http://www.josephcrawford.com/ > 1-802-671-2021 > codebowl at gmail.com Silly Joe. It was supposed to be $9k but the ADP person keyed in $90. Nobody makes $90k/month ;-) and that should have been obvious to them, considering they are after all a payroll company. -=john -- ------------------------------------------------------------- "If you think this stuff is confusing, you should try optimizing websites for search engine exposure." john andrews SEO http://www.johnon.com From codebowl at gmail.com Sat Sep 23 11:16:03 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Sat, 23 Sep 2006 11:16:03 -0400 Subject: [nycphp-talk] Looking for a good accountant for 1099/business accounts In-Reply-To: <30517-28540@sneakemail.com> References: <001101c6dcef$a2f75350$b500a8c0@bcu.org> <4513D2D4.7060405@omnistep.com> <15313-23190@sneakemail.com> <8d9a42800609221258i4ba2a55aw85141c6bdfaadecd@mail.gmail.com> <30517-28540@sneakemail.com> Message-ID: <8d9a42800609230816ndf1ce31t1e1f8e24282d7994@mail.gmail.com> yea that's a big Woopsie lol i would be so mad if that happened to me because yes you get the money back but you have to wait a few days to a week for it to hit your account again... -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From ramons at gmx.net Sat Sep 23 13:22:45 2006 From: ramons at gmx.net (David Krings) Date: Sat, 23 Sep 2006 13:22:45 -0400 Subject: [nycphp-talk] Moving a file Message-ID: <6.1.2.0.2.20060923131358.02f2a7e0@pop.snet.yahoo.com> Hi, after looking around for a while it appears as that there is no single command to move a file from A to B. I know that I can first copy the file and then delete the source. In order to do so I'd need to check if the copy was successful and then check if the delete was successful. Is that so or am I just too dense to read the docs right? Answering my own question but assuming that this may be interesting for some, I am not to dense. OK, that wasn't too interesting, I admit. What is interesting is that there is indeed no move function per s?, but I saw at http://webxadmin.free.fr/article/php-move-file-211.php that you can abuse the rename function to move a file...and potentially rename it at the same time. Rarely found a case where a workaround is better than the desired solution. David K. From jonbaer at jonbaer.com Sat Sep 23 13:49:37 2006 From: jonbaer at jonbaer.com (Jon Baer) Date: Sat, 23 Sep 2006 13:49:37 -0400 Subject: [nycphp-talk] Moving a file In-Reply-To: <6.1.2.0.2.20060923131358.02f2a7e0@pop.snet.yahoo.com> References: <6.1.2.0.2.20060923131358.02f2a7e0@pop.snet.yahoo.com> Message-ID: <8FD1424E-22A1-4626-ADE0-35523D430659@jonbaer.com> Yeah all they would have to do is patch this function: http://us2.php.net/manual/en/function.move-uploaded-file.php To move_file without the _POST/_FILE checks and you would be good to go, but I would think its a major security concern to have the www user moving files around. - Jon On Sep 23, 2006, at 1:22 PM, David Krings wrote: > Hi, > > after looking around for a while it appears as that there is no single > command to move a file from A to B. I know that I can first copy > the file > and then delete the source. In order to do so I'd need to check if > the copy > was successful and then check if the delete was successful. Is that > so or > am I just too dense to read the docs right? > > Answering my own question but assuming that this may be interesting > for > some, I am not to dense. OK, that wasn't too interesting, I admit. > What is > interesting is that there is indeed no move function per s?, but I > saw at > http://webxadmin.free.fr/article/php-move-file-211.php that you can > abuse > the rename function to move a file...and potentially rename it at > the same > time. > > Rarely found a case where a workaround is better than the desired > solution. > > > David K. > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From shiflett at php.net Sat Sep 23 14:03:00 2006 From: shiflett at php.net (Chris Shiflett) Date: Sat, 23 Sep 2006 14:03:00 -0400 Subject: [nycphp-talk] Moving a file In-Reply-To: <6.1.2.0.2.20060923131358.02f2a7e0@pop.snet.yahoo.com> References: <6.1.2.0.2.20060923131358.02f2a7e0@pop.snet.yahoo.com> Message-ID: <451576D4.2090402@php.net> David Krings wrote: > you can abuse the rename function to move a file Sounds like the move/rename confusion in a different context. The mv command has been the target of the same criticism for decades, but the other way around. What leads you to believe this is an abuse of rename()? Chris From craig at juxtadigital.com Sat Sep 23 14:24:38 2006 From: craig at juxtadigital.com (Craig Thomas) Date: Sat, 23 Sep 2006 14:24:38 -0400 Subject: [nycphp-talk] Moving a file In-Reply-To: <6.1.2.0.2.20060923131358.02f2a7e0@pop.snet.yahoo.com> References: <6.1.2.0.2.20060923131358.02f2a7e0@pop.snet.yahoo.com> Message-ID: <45157BE6.4030200@juxtadigital.com> David Krings wrote: > Hi, > > after looking around for a while it appears as that there is no single > command to move a file from A to B. I know that I can first copy the file > and then delete the source. In order to do so I'd need to check if the copy > was successful and then check if the delete was successful. Is that so or > am I just too dense to read the docs right? > > Answering my own question but assuming that this may be interesting for > some, I am not to dense. OK, that wasn't too interesting, I admit. What is > interesting is that there is indeed no move function per s?, but I saw at > http://webxadmin.free.fr/article/php-move-file-211.php that you can abuse > the rename function to move a file...and potentially rename it at the same > time. if you are using *nix you can mv files: exec("mv /path/to/oldfile /path/to/newFile"); From ramons at gmx.net Sat Sep 23 15:26:08 2006 From: ramons at gmx.net (David Krings) Date: Sat, 23 Sep 2006 15:26:08 -0400 Subject: [nycphp-talk] Moving a file In-Reply-To: <451576D4.2090402@php.net> References: <6.1.2.0.2.20060923131358.02f2a7e0@pop.snet.yahoo.com> <451576D4.2090402@php.net> Message-ID: <6.1.2.0.2.20060923152402.02fe0d68@pop.gmx.net> At 02:03 PM 9/23/2006, you wrote: >What leads you to believe this is an abuse of rename()? > >Chris Well, the command says rename, not move_and_rename or sth like that. I should have called it "unintended use" or such rather than abuse. I didn't think it is evil or bad, but for the not so clever making a command move or move_file to be an alias of rename would clear some confusion. David K. From ramons at gmx.net Sat Sep 23 15:26:50 2006 From: ramons at gmx.net (David Krings) Date: Sat, 23 Sep 2006 15:26:50 -0400 Subject: [nycphp-talk] Moving a file In-Reply-To: <45157BE6.4030200@juxtadigital.com> References: <6.1.2.0.2.20060923131358.02f2a7e0@pop.snet.yahoo.com> <45157BE6.4030200@juxtadigital.com> Message-ID: <6.1.2.0.2.20060923152628.03064290@pop.gmx.net> At 02:24 PM 9/23/2006, you wrote: >if you are using *nix you can mv files: Mhh, I'm using *dows. David K. From tacofighter at gmail.com Sat Sep 23 16:53:07 2006 From: tacofighter at gmail.com (Aaron Deutsch) Date: Sat, 23 Sep 2006 16:53:07 -0400 Subject: [nycphp-talk] web boards Message-ID: Can anyone recommend a third party web board that the client could pay for on their own? I'd just setup the account and template. thanks, aaron d. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ramons at gmx.net Sat Sep 23 16:59:03 2006 From: ramons at gmx.net (David Krings) Date: Sat, 23 Sep 2006 16:59:03 -0400 Subject: [nycphp-talk] web boards In-Reply-To: References: Message-ID: <6.1.2.0.2.20060923165608.02d663b8@pop.gmx.net> Hi, I am not entirely sure what you mean with web board, but if it is about some fourm framework, I'd take a look at phpBB. It looks really fancy, has many features, works with several databases, and is a freebie. Many for profit companies use that as the platform for their support forum. I tried it myself and is darn easy to set up. David K. At 04:53 PM 9/23/2006, you wrote: >Can anyone recommend a third party web board that the client could pay for >on their own? I'd just setup the account and template. > >thanks, >aaron d. >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk > >NYPHPCon 2006 Presentations Online >http://www.nyphpcon.com > >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php From shiflett at php.net Sat Sep 23 18:12:39 2006 From: shiflett at php.net (Chris Shiflett) Date: Sat, 23 Sep 2006 18:12:39 -0400 Subject: [nycphp-talk] Moving a file In-Reply-To: <6.1.2.0.2.20060923152402.02fe0d68@pop.gmx.net> References: <6.1.2.0.2.20060923131358.02f2a7e0@pop.snet.yahoo.com> <451576D4.2090402@php.net> <6.1.2.0.2.20060923152402.02fe0d68@pop.gmx.net> Message-ID: <4515B157.8020301@php.net> David Krings wrote: > Well, the command says rename, not move_and_rename Yeah, and the mv command is called mv, not mv_and_rn. :-) Chris From ramons at gmx.net Sat Sep 23 19:37:52 2006 From: ramons at gmx.net (David Krings) Date: Sat, 23 Sep 2006 19:37:52 -0400 Subject: [nycphp-talk] Moving a file In-Reply-To: <4515B157.8020301@php.net> References: <6.1.2.0.2.20060923131358.02f2a7e0@pop.snet.yahoo.com> <451576D4.2090402@php.net> <6.1.2.0.2.20060923152402.02fe0d68@pop.gmx.net> <4515B157.8020301@php.net> Message-ID: <6.1.2.0.2.20060923192530.02c7ec08@pop.gmx.net> At 06:12 PM 9/23/2006, you wrote: >David Krings wrote: > > Well, the command says rename, not move_and_rename > >Yeah, and the mv command is called mv, not mv_and_rn. :-) > >Chris Yes, but using exec to do mv works on the *nix platform. How do I know on which OS my script will end up one day. The PHP commands are more likely to behave the same and be present. I use the XAMPP on Windoze and may change over to a Linux server sometime soon. So, in order to make it work using mv I needed to write code to detect the OS and if it is not anything ending in nix I need to come up with an alternative. Besides that, my point is that rename indicates that one can change the name of a file, but it doesn't make it even slightly obvious as that it can also be used to move a file as well as move and rename it at the same time. Many PHP commands are quite descriptive and several have one or more aliases. Just thought making "move()" to be an alias of "rename()" woudl be nice. David K. From pyurt at yahoo.com Sat Sep 23 20:43:28 2006 From: pyurt at yahoo.com (P Yurt) Date: Sat, 23 Sep 2006 17:43:28 -0700 (PDT) Subject: [nycphp-talk] web boards Message-ID: <20060924004328.22904.qmail@web52207.mail.yahoo.com> You may also look at FUDforum. It's said to more secure and less difficult to keep safe and secure than most other forums. http://fudforum.org http://fudforum.org/features.php Explore the Evolving Web www.2.0websites.com Paul Yurt, Publisher paul(@)2.0websites.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of David Krings Sent: Saturday, September 23, 2006 1:59 PM To: NYPHP Talk Subject: Re: [nycphp-talk] web boards Hi, I am not entirely sure what you mean with web board, but if it is about some fourm framework, I'd take a look at phpBB. It looks really fancy, has many features, works with several databases, and is a freebie. Many for profit companies use that as the platform for their support forum. I tried it myself and is darn easy to set up. David K. At 04:53 PM 9/23/2006, you wrote: >Can anyone recommend a third party web board that the client could pay for >on their own? I'd just setup the account and template. > >thanks, >aaron d. >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk > >NYPHPCon 2006 Presentations Online >http://www.nyphpcon.com > >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From shiflett at php.net Sat Sep 23 20:56:27 2006 From: shiflett at php.net (Chris Shiflett) Date: Sat, 23 Sep 2006 20:56:27 -0400 Subject: [nycphp-talk] Moving a file In-Reply-To: <6.1.2.0.2.20060923192530.02c7ec08@pop.gmx.net> References: <6.1.2.0.2.20060923131358.02f2a7e0@pop.snet.yahoo.com> <451576D4.2090402@php.net> <6.1.2.0.2.20060923152402.02fe0d68@pop.gmx.net> <4515B157.8020301@php.net> <6.1.2.0.2.20060923192530.02c7ec08@pop.gmx.net> Message-ID: <4515D7BB.8070208@php.net> David Krings wrote: > Yes, but using exec to do mv works on the *nix platform. > How do I know on which OS my script will end up one day. I think you might have missed my point. Twice. I'm not trying to suggest using the mv command (although that should suffice). Rather, I'm pointing out that it can also be used to rename things. These operations are the same. In other words, you seem to be equating a violation of your semantic preferences to abuse. Chris From ramons at gmx.net Sat Sep 23 22:28:47 2006 From: ramons at gmx.net (David Krings) Date: Sat, 23 Sep 2006 22:28:47 -0400 Subject: [nycphp-talk] Moving a file In-Reply-To: <4515D7BB.8070208@php.net> References: <6.1.2.0.2.20060923131358.02f2a7e0@pop.snet.yahoo.com> <451576D4.2090402@php.net> <6.1.2.0.2.20060923152402.02fe0d68@pop.gmx.net> <4515B157.8020301@php.net> <6.1.2.0.2.20060923192530.02c7ec08@pop.gmx.net> <4515D7BB.8070208@php.net> Message-ID: <6.1.2.0.2.20060923222646.02bc3018@pop.gmx.net> At 08:56 PM 9/23/2006, you wrote: >David Krings wrote: > > Yes, but using exec to do mv works on the *nix platform. > > How do I know on which OS my script will end up one day. > >I think you might have missed my point. Twice. > >I'm not trying to suggest using the mv command (although that should >suffice). Rather, I'm pointing out that it can also be used to rename >things. These operations are the same. > >In other words, you seem to be equating a violation of your semantic >preferences to abuse. > >Chris That is well possible. And apparently I still don't get it. I guess we better leave it at that. Thanks for trying to explain it to me. David K. From dcech at phpwerx.net Sun Sep 24 08:15:27 2006 From: dcech at phpwerx.net (Dan Cech) Date: Sun, 24 Sep 2006 08:15:27 -0400 Subject: [nycphp-talk] Moving a file In-Reply-To: <6.1.2.0.2.20060923222646.02bc3018@pop.gmx.net> References: <6.1.2.0.2.20060923131358.02f2a7e0@pop.snet.yahoo.com> <451576D4.2090402@php.net> <6.1.2.0.2.20060923152402.02fe0d68@pop.gmx.net> <4515B157.8020301@php.net> <6.1.2.0.2.20060923192530.02c7ec08@pop.gmx.net> <4515D7BB.8070208@php.net> <6.1.2.0.2.20060923222646.02bc3018@pop.gmx.net> Message-ID: <451676DF.70109@phpwerx.net> David Krings wrote: > At 08:56 PM 9/23/2006, you wrote: >> David Krings wrote: >>> Yes, but using exec to do mv works on the *nix platform. >>> How do I know on which OS my script will end up one day. >> I think you might have missed my point. Twice. >> >> I'm not trying to suggest using the mv command (although that should >> suffice). Rather, I'm pointing out that it can also be used to rename >> things. These operations are the same. >> >> In other words, you seem to be equating a violation of your semantic >> preferences to abuse. >> >> Chris > > > That is well possible. And apparently I still don't get it. I guess we > better leave it at that. Thanks for trying to explain it to me. > > David K. David, I think the point Chris is trying to make is that 'moving' a file is really just changing the name, in general the operations are the same. Saying that a.txt is now named b.txt is really the same thing as saying that /mydir1/a.txt is now named /mydir2/a.txt. When you 'move' a file it is not actually moved unless you move it from one drive (whether physical or logical) to another, you're just changing the name that it is known by. This is why 'moving' a file is more or less instantaneous. On a side note, if you are moving a file from one drive to another the operation is not really a 'move', it is first copied to the destination drive then deleted from the source drive. Dan From ajai at bitblit.net Sun Sep 24 10:24:40 2006 From: ajai at bitblit.net (Ajai Khattri) Date: Sun, 24 Sep 2006 10:24:40 -0400 Subject: [nycphp-talk] web boards In-Reply-To: <6.1.2.0.2.20060923165608.02d663b8@pop.gmx.net> References: <6.1.2.0.2.20060923165608.02d663b8@pop.gmx.net> Message-ID: <45169528.8030906@bitblit.net> David Krings wrote: > I am not entirely sure what you mean with web board, but if it is > about some fourm framework, I'd take a look at phpBB. It looks really > fancy, has many features, works with several databases, and is a freebie. > Many for profit companies use that as the platform for their support forum. > I tried it myself and is darn easy to set up. Also check out Vanilla: http://getvanilla.com/ -- A From ramons at gmx.net Sun Sep 24 10:57:36 2006 From: ramons at gmx.net (David Krings) Date: Sun, 24 Sep 2006 10:57:36 -0400 Subject: [nycphp-talk] Moving a file In-Reply-To: <451676DF.70109@phpwerx.net> References: <6.1.2.0.2.20060923131358.02f2a7e0@pop.snet.yahoo.com> <451576D4.2090402@php.net> <6.1.2.0.2.20060923152402.02fe0d68@pop.gmx.net> <4515B157.8020301@php.net> <6.1.2.0.2.20060923192530.02c7ec08@pop.gmx.net> <4515D7BB.8070208@php.net> <6.1.2.0.2.20060923222646.02bc3018@pop.gmx.net> <451676DF.70109@phpwerx.net> Message-ID: <6.1.2.0.2.20060924105433.02bc2748@pop.gmx.net> At 08:15 AM 9/24/2006, you wrote: >David Krings wrote: > > At 08:56 PM 9/23/2006, you wrote: > >> David Krings wrote: > >>> Yes, but using exec to do mv works on the *nix platform. > >>> How do I know on which OS my script will end up one day. > >> I think you might have missed my point. Twice. > >> > >> I'm not trying to suggest using the mv command (although that should > >> suffice). Rather, I'm pointing out that it can also be used to rename > >> things. These operations are the same. > >> > >> In other words, you seem to be equating a violation of your semantic > >> preferences to abuse. > >> > >> Chris > > > > > > That is well possible. And apparently I still don't get it. I guess we > > better leave it at that. Thanks for trying to explain it to me. > > > > David K. > >David, > >I think the point Chris is trying to make is that 'moving' a file is >really just changing the name, in general the operations are the same. > >Saying that a.txt is now named b.txt is really the same thing as saying >that /mydir1/a.txt is now named /mydir2/a.txt. > >When you 'move' a file it is not actually moved unless you move it from >one drive (whether physical or logical) to another, you're just changing >the name that it is known by. This is why 'moving' a file is more or >less instantaneous. > >On a side note, if you are moving a file from one drive to another the >operation is not really a 'move', it is first copied to the destination >drive then deleted from the source drive. > >Dan Ach so!! Why didn't he just say so? I guess he did, I just didn't get it. It makes sense and after some refreshing in file system fundamentals it is pretty obvious. You just have to use simple words and type slowly so that I can understand it. ;) This shows that you can teach an old dog new tricks. David K. From danielc at analysisandsolutions.com Sun Sep 24 05:54:27 2006 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sun, 24 Sep 2006 11:54:27 +0200 Subject: [nycphp-talk] PHP in SecurityFocus #362 Message-ID: <20060924155220.40C9DBF75E2@mailspool2.panix.com> These summaries are available online RSS: http://phpsec.org/projects/vulnerabilities/securityfocus.xml HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html Alerts from SecurityFocus Newsletter #362 PHP --- PHP SSCANF() Safe_Mode Restriction-Bypass Vulnerability http://www.securityfocus.com/bid/19415 This is fixed in 5.1.5 and 4.4.4. APPLICATIONS USING PHP ---------------------- Netious CMS Authorization Bypass Vulnerability http://www.securityfocus.com/bid/19421 MyBloggie Trackback.PHP Multiple SQL Injection Vulnerabilities http://www.securityfocus.com/bid/19362 PHPCodeCabinet Core.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19359 VBulletin Multiple Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/19358 Tinyportal Guestbook Multiple HTML Injection Vulnerabilities http://www.securityfocus.com/bid/19357 O2PHP Oxygen Post.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/17324 PHPPrintAnalyzer Index.php Remote File Include Vulnerability http://www.securityfocus.com/bid/19397 Visual Events Calendar Calendar.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19395 Blur6ex Title HTML Injection Vulnerability http://www.securityfocus.com/bid/19392 Simple CMS Auth.PHP Remote Authentication Bypass Vulnerability http://www.securityfocus.com/bid/19386 DeluxeBB Newpost.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/19390 Torbstoff News News.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19385 PHPCC Base_Dir Parameter Remote File Include Vulnerability http://www.securityfocus.com/bid/19376 TurnkeyWebTools PHP Simple Shop Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/19382 NewSolved ABS_Path Parameter Remote File Include Vulnerability http://www.securityfocus.com/bid/19379 XennoBB Profile.PHP Multiple SQL Injection Vulnerabilities http://www.securityfocus.com/bid/19374 CakePHP Error.PHP Multiple Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/19372 JD Wiki For Joomla Main.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19373 phNNTP File_newsportal Remote File Include Vulnerability http://www.securityfocus.com/bid/19423 Netious CMS Username Parameter SQL Injection Vulnerability http://www.securityfocus.com/bid/19419 Simplog Archive.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/19411 The Address Book Login Page Multiple SQL Injection Vulnerabilities http://www.securityfocus.com/bid/19378 The Address Book Reloaded Unspecified Multiple SQL Injection Vulnerabilities http://www.securityfocus.com/bid/19380 Multiple SAPID Products Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/19383 RELATED STUFF ------------- MySQL MERGE Priviledge Revoke Bypass Vulnerability http://www.securityfocus.com/bid/19279 The issue allows continued access to MERGE tables if privileges on the original table subsequently got revoked. Upgrade to 5.0.24 or 4.1.21 for the fix. Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability in LDAP scheme handling http://www.securityfocus.com/bid/19204 This is fixed in 1.3.37, 2.0.59, 2.2.3. From danielc at analysisandsolutions.com Sun Sep 24 05:54:28 2006 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sun, 24 Sep 2006 11:54:28 +0200 Subject: [nycphp-talk] PHP in SecurityFocus #365 Message-ID: <20060924155225.C8DD758AC0@mailspool3.panix.com> These summaries are available online RSS: http://phpsec.org/projects/vulnerabilities/securityfocus.xml HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html Alerts from SecurityFocus Newsletter #365 APPLICATIONS USING PHP ---------------------- MiniBill Config[Plugin_Dir] Parameter Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/19568 Joomla Z00m Media Gallery Component mosConfig_absolute_path Remote File Include Vulnerability http://www.securityfocus.com/bid/19601 Sonium Enterprise Addressbook Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/19597 Coppermine Gallery Component for Mambo cpg.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19589 MamboWiki Component MamboLogin.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19594 Joomla Poll Component Multiple User Session Validation Vulnerability http://www.securityfocus.com/bid/19592 Joomla Kochsuite Component mosConfig_absolute_path Remote File Include Vulnerability http://www.securityfocus.com/bid/19590 Mambo A6MamboCredits Component Remote File Include Vulnerability http://www.securityfocus.com/bid/19581 Blog:CMS Dir_Plugins Parameter Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/19577 Mambo Jim Component Install.Jim.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19575 MambelFish Mambo Component Mambelfish.Class.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19574 Powergap Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/19565 CliServ Web Community Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/19737 Invisionix Roaming System Remote Pageheaderdefault.Inc.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19567 ModuleBased CMS Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/19754 PHPECard Functions.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19752 PhpGroupWare Calendar Class.Holidaycalc.Inc.PHP Local File Include Vulnerability http://www.securityfocus.com/bid/19751 Mod_PHPAlbum Sommaire_Admin.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19750 CJ Tag Board User-Agent PHP Code Injection Vulnerability http://www.securityfocus.com/bid/19748 PMWiki Table Markups HTML Injection Vulnerability http://www.securityfocus.com/bid/19747 HLstats Hlstats.PHP Cross Site Scripting Vulnerability http://www.securityfocus.com/bid/19745 Jetbox CMS Search_function.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19722 This issue is undergoing further investigation to determine the validity of the vulnerability. ExBB Italia UserStop.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19753 WTCom Web Torrent SQL Injection Vulnerability http://www.securityfocus.com/bid/19569 RELATED STUFF ------------- ImageMagick XCF Image File Remote Unspecified Buffer Overflow Vulnerability http://www.securityfocus.com/bid/19697 ImageMagick Sun Bitmap Image File Remote Unspecified Buffer Overflow Vulnerability http://www.securityfocus.com/bid/19699 From danielc at analysisandsolutions.com Sun Sep 24 05:54:28 2006 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sun, 24 Sep 2006 11:54:28 +0200 Subject: [nycphp-talk] PHP in SecurityFocus #364 Message-ID: <20060924155225.50B0B58AC0@mailspool3.panix.com> These summaries are available online RSS: http://phpsec.org/projects/vulnerabilities/securityfocus.xml HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html Alerts from SecurityFocus Newsletter #364 APPLICATIONS USING PHP ---------------------- OScommerce Shopping_cart.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/19644 Mambo EstateAgent Component mosConfig_absolute_path Remote File Include Vulnerability http://www.securityfocus.com/bid/19625 Mambo Display MOSBot Manager Component mosConfig_absolute_path Remote File Include Vulnerability http://www.securityfocus.com/bid/19621 Mambo BigAPE-Backup Component Remote File Include Vulnerability http://www.securityfocus.com/bid/19616 Mambo CatalogShop Component mosConfig_absolute_path Remote File Include Vulnerability http://www.securityfocus.com/bid/19604 Mambo AkoComment Module mosConfig_absolute_path Remote File Include Vulnerability http://www.securityfocus.com/bid/19602 Mambo CropImage Component mosConfig_absolute_path Remote File Include Vulnerability http://www.securityfocus.com/bid/19605 Fantastic Scripts Fantastic News Remote File Include Vulnerability http://www.securityfocus.com/bid/19613 Modernbill Config.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19335 DieselScripts Diesel Paid Mail Getad.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/19646 DieselScripts DieselPay Index.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/19623 DieselScript Smart Traffic Index.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19630 DieselScripts Job Site Forgot.PHP Multiple Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/19622 Plume CMS Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/19629 ToendaCMS TCMS_Administer Parameter Remote File Include Vulnerability http://www.securityfocus.com/bid/19626 PHPCodeGenie Core.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19618 NES Game and NES System Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/19611 Tutti Nova Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/19612 Shadows Rising RPG Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/19608 XennoBB Icon_Topic SQL Injection Vulnerability http://www.securityfocus.com/bid/19606 RedBlog Index.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19658 Doika Guestbook GBook.PHP HTML Injection Vulnerability http://www.securityfocus.com/bid/19656 Empire CMS Checklevel.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19655 Business Management Systems Dolphin Remote File Include Vulnerability http://www.securityfocus.com/bid/19648 PHProjekt Content Management Module Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/19628 Multiple Docebo Products Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/18109 SquirrelMail Compose.PHP Multiple Information Disclosure and Data Modification Vulnerabilities http://www.securityfocus.com/bid/19486 Headline Portal Engine HPEInc Parameter Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/19663 TikiWiki Highlight Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/19654 CityForFree Indexcity List.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/19653 CityForFree Indexcity Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/19652 Woltlab Burning Board Attachment.php HTML Injection Vulnerability http://www.securityfocus.com/bid/19639 CloudNine Internet Solutions Links Manager Multiple Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/19650 CloudNine Internet Solutions Links Manager SQL Injection Vulnerability http://www.securityfocus.com/bid/19649 Eichhorn Portal Multiple Input Validation Vulnerabilities http://www.securityfocus.com/bid/19627 SportsPHool Remote File Include Vulnerability http://www.securityfocus.com/bid/19610 From danielc at analysisandsolutions.com Sun Sep 24 05:54:27 2006 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sun, 24 Sep 2006 11:54:27 +0200 Subject: [nycphp-talk] PHP in SecurityFocus #363 Message-ID: <20060924155224.E203558AC0@mailspool3.panix.com> These summaries are available online RSS: http://phpsec.org/projects/vulnerabilities/securityfocus.xml HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html Alerts from SecurityFocus Newsletter #363 APPLICATIONS USING PHP ---------------------- Joomla Webring Component Admin.Webring.Docs.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/19511 PHP-Nuke AutoHTML Module Local File Include Vulnerability http://www.securityfocus.com/bid/19525 Horde Products Search.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/19544 Mambo Email Publisher Help.MMP.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19502 Mensajeitor HTTP CLIENT IP HTML Injection Vulnerability http://www.securityfocus.com/bid/19539 WP-DB Backup For Wordpress Edit.PHP Directory Traversal Vulnerability http://www.securityfocus.com/bid/19504 Mambo Peoplebook Component Param.PeopleBook.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19505 Zen Cart Multiple SQL Injection Vulnerabilities http://www.securityfocus.com/bid/19542 ProjectButler RootDIR Parameter Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/19503 Extreme Media Board MemCP.PHP Local File Include Vulnerability http://www.securityfocus.com/bid/19501 YaBBSE Index.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/19460 WikiWebWeaver Index.PHP Arbitrary File Upload Vulnerability http://www.securityfocus.com/bid/19537 Lizge Index.PHP Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/19533 PHProjekt Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/19541 WEBInsta Mailing List Manager InitDB.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19526 phPay Nu_mail.inc.PHP Open Email Relay Vulnerability http://www.securityfocus.com/bid/19517 VWar Multiple Input Validation Vulnerabilities http://www.securityfocus.com/bid/19327 Discloser Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/19532 RELATED STUFF ------------- MIT Kerberos 5 Multiple Local Privilege Escalation Vulnerabilities http://www.securityfocus.com/bid/19427 Upgrade to version 1.5.1 or 1.4.4. Complete coverage is in MIT's Security Advisory MITKRB5-SA-2006-001. Mozilla Firefox XML Handler Race Condition Memory Corruption Vulnerability http://www.securityfocus.com/bid/19534 Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability http://www.securityfocus.com/bid/19488 ImageMagick SGI Image File Remote Heap Buffer Overflow Vulnerability http://www.securityfocus.com/bid/19507 From danielc at analysisandsolutions.com Sun Sep 24 05:54:29 2006 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sun, 24 Sep 2006 11:54:29 +0200 Subject: [nycphp-talk] PHP in SecurityFocus #366 Message-ID: <20060924155226.4CF2D58AC0@mailspool3.panix.com> These summaries are available online RSS: http://phpsec.org/projects/vulnerabilities/securityfocus.xml HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html Alerts from SecurityFocus Newsletter #366 The RSA signature forgery issue sounds problematic... APPLICATIONS USING PHP ---------------------- Joomla! Multiple Security Vulnerabilities http://www.securityfocus.com/bid/19749 PhpGroupWare Calendar Class.Holidaycalc.Inc.PHP Local File Include Vulnerability http://www.securityfocus.com/bid/19751 Gallery Stats Module Information Disclosure Vulnerability http://www.securityfocus.com/bid/19453 IntegraMOD PHPbb_Root_Path Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/19809 Membrepass Multiple Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/19789 Membrepass Recherchemembre.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/19791 Membrepass Variable.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19790 E-vision CMS Path Parameter Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/19788 ExBB Home_Path Parameter Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/19787 PortailPHP Mod_PHPAlbum Sommaire_Admin.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19750 CubeCart Multiple Security Vulnerabilities http://www.securityfocus.com/bid/19782 Graphiks GrapAgenda Index.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19857 AnnoncesV Annonce.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19854 MySpeach JScript.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19851 ToendaCMS Remote File Include Vulnerability http://www.securityfocus.com/bid/19806 Papoo CMS IBrowser Remote File Include Vulnerability http://www.securityfocus.com/bid/19807 VBZoom Profile.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/19803 YACS Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/19799 Xoops Edituser.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/19720 RELATED STUFF ------------- OpenSSL PKCS Padding RSA Signature Forgery Vulnerability http://www.securityfocus.com/bid/19849 Attackers may be able to forge a PKCS #1 v1.5 signature when an RSA key with exponent 3 is used. This is fixed in OpenSSL 0.9.7k and 0.9.8c. MySQL Multiupdate and Subselects Denial Of Service Vulnerability http://www.securityfocus.com/bid/19794 For some reason this is the first time this very old issue made it into the SF newsletters. From danielc at analysisandsolutions.com Sun Sep 24 05:54:29 2006 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sun, 24 Sep 2006 11:54:29 +0200 Subject: [nycphp-talk] PHP in SecurityFocus #367 Message-ID: <20060924155226.D1525BF75E2@mailspool2.panix.com> These summaries are available online RSS: http://phpsec.org/projects/vulnerabilities/securityfocus.xml HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html Alerts from SecurityFocus Newsletter #367 RSA key forgeries and Flash vulnerabilities are in the news this week. APPLICATIONS USING PHP ---------------------- Drupal Userreview Module Unspecified Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/20015 Mambo Serverstat Component Install.Serverstat.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/20018 Quicksilver Forums Activeutil.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19991 ForumJBC Haut.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/19992 WM-News Multiple Input Validation Vulnerabilities http://www.securityfocus.com/bid/19988 Vitrax Premodded Functions_Portal.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19979 CCHost Index.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/19978 WebSPELL Database.PHP Authentication Bypass Vulnerability http://www.securityfocus.com/bid/19975 Ractive Popper Childwindow.Inc.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19972 TeamCal Pro Footer.HTML.Inc.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/20030 DCP-Portal Multiple Input Validation Vulnerabilities http://www.securityfocus.com/bid/20024 Tagger LE Multiple PHP Code Injection Vulnerabilities http://www.securityfocus.com/bid/20023 PHPATM Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/19765 PHPQuiz Index.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/20019 ActiveCampaign KnowledgeBuilder Remote File Include Vulnerability http://www.securityfocus.com/bid/20020 Reamday Enterprises Magic News Pro News_page.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/20014 EmuCMS Index.PHP Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/20013 NX5Linkx Multiple SQL Injection Vulnerabilities http://www.securityfocus.com/bid/20010 NX5Linkx Links.PHP HTTP Response Splitting Vulnerability http://www.securityfocus.com/bid/20011 NX5Linkx Link.PHP Directory Traversal Vulnerability http://www.securityfocus.com/bid/20008 Vmist Downstat Remote File Include Vulnerabilities http://www.securityfocus.com/bid/20007 Shadowed Portal Bottom.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/20006 DokuWiki Multiple Input Validation Vulnerabilities http://www.securityfocus.com/bid/19911 e107 CMS Multiple Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/19997 CJ Tag Board Tag.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/20000 Telekorn Signkorn Guestbook Dir_Path Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/19977 PHP Event Calendar Index.PHP Multiple Cross Site Scripting Vulnerabilities http://www.securityfocus.com/bid/20001 Moodle Multiple Input Validation and Information Disclosure Vulnerabilities http://www.securityfocus.com/bid/19995 K2News Management Ratings.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/19994 PhotoPost Pro Zipndownload.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/20028 PHPUnity.Postcard PHPUnity-Postcard.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/19993 RELATED STUFF ------------- Adobe Flash Player Multiple Remote Code Execution Vulnerabilities http://www.securityfocus.com/bid/19980 Versions 8.0.24.0 and 9.0.16.0 fix this problem. GNUTLS PKCS RSA Signature Forgery Vulnerability http://www.securityfocus.com/bid/20027 Attackers may be able to forge a PKCS #1 v1.5 signature when an RSA key with exponent 3 is used. GnuTLS 1.4.3 takes care of this issue. From danielc at analysisandsolutions.com Sun Sep 24 05:54:30 2006 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sun, 24 Sep 2006 11:54:30 +0200 Subject: [nycphp-talk] PHP in SecurityFocus #368 Message-ID: <20060924155227.6E58DBF75E2@mailspool2.panix.com> These summaries are available online RSS: http://phpsec.org/projects/vulnerabilities/securityfocus.xml HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html Alerts from SecurityFocus Newsletter #368 gzip has several holes in it plus Mozilla has come out with new editions. APPLICATIONS USING PHP ---------------------- Mambo Hotornot Component Uploadfile.PHP Arbitrary File Upload Vulnerability http://www.securityfocus.com/bid/20077 Mambo Extended Registration Component mosConfig_absolute_path Remote File Include Vulnerability http://www.securityfocus.com/bid/20072 Vikingboard Topic.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/19919 Vikingboard Multiple Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/19916 PHPQuiz Multiple Input Validation Vulnerabilities http://www.securityfocus.com/bid/20065 Artmedic Links Index.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/20064 Aceboard Recherche.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/20063 PHP-Post Multiple Input Validation Vulnerabilities http://www.securityfocus.com/bid/20061 Nuked-Klan Query Parameter Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/20032 Claroline Claro_Init_Local.Inc.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/20056 Site at School Multiple Input Validation Vulnerabilities http://www.securityfocus.com/bid/20053 AlstraSoft Efriends GetStartOptions.PHP Local File Include Vulnerability http://www.securityfocus.com/bid/20088 EShoppingPro Search_Run.ASP SQL Injection Vulnerability http://www.securityfocus.com/bid/20089 PhotoPost Pro Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/20028 NixieAffiliate Delete.PHP Authentication Bypass Vulnerability http://www.securityfocus.com/bid/20086 Moodle Edit.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/20085 NixieAffiliate Lostpassword.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/20084 PHP DocWriter Index.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/20041 IDevSpot BizDirectory Multiple Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/20081 MyBulletinBoard Generic_Error.PHP Multiple Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/20079 MobilePublisherPHP Header.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/20078 GuanxiCRM Business Solution PHPXD.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/20071 UNAK-CMS Dirroot Parameter Remote File Include Vulnerability http://www.securityfocus.com/bid/20070 GNUTurk T_ID Parameter SQL Injection Vulnerability http://www.securityfocus.com/bid/20069 AEDating Dir[INC] Parameter Remote File Include Vulnerability http://www.securityfocus.com/bid/20068 Exponent CMS Index.PHP Local File Include Vulnerability http://www.securityfocus.com/bid/20111 Qualiteam X-Cart CMPI.PHP Arbitrary Variable Overwrite Vulnerability http://www.securityfocus.com/bid/20108 ESyndiCat Search.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/20106 MyReview Functions.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/20105 Innovate Portal Index.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/20104 Simple Discussion Board Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/20103 Tekman Portal Uye_Profil.ASP SQL Injection Vulnerability http://www.securityfocus.com/bid/20102 More.groupware Week.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/20100 RELATED STUFF ------------- GNU GZip Archive Handling Multiple Remote Vulnerabilities http://www.securityfocus.com/bid/20101 The GNU folks (http://www.gzip.org/) haven't released a patch as of yet, but RedHat has put out updated RPM's (http://rhn.redhat.com/errata/RHSA-2006-0667.html). Mozilla Firefox/Thunderbird/Seamonkey Multiple Remote Vulnerabilities http://www.securityfocus.com/bid/20042 Upgrade your installs to the following versions: Firefox 1.5.0.7 Thunderbird 1.5.0.7 SeaMonkey 1.0.5 Camino 1.0.3 From ramons at gmx.net Sun Sep 24 17:13:56 2006 From: ramons at gmx.net (David Krings) Date: Sun, 24 Sep 2006 17:13:56 -0400 Subject: [nycphp-talk] relative paths in Windope Message-ID: <6.1.2.0.2.20060924171352.02c59ec0@pop.snet.yahoo.com> Hi, although I managed to find a workaround I still wonder how one can make use of relative paths on Windows when using commands such as mkdir, rmdir, unlink, etc. For example: unlink(.\oh11je9qfrh9ns3evmee794qh3\PDRM0660.JPG) fails with this error No such file or directory in E:\piviviewer\administration\pics\addpictosystem.php on line 276 but the file in the directory in which the script file is located has the folder oh11je9qfrh9ns3evmee794qh3 and in that is the file PDRM0660.JPG. For now I created a function that figures out what the path is to the current location by taking the [SCRIPT_FILENAME] of $_SERVER and cutting the filename of the current script file off at the end (I vaguely remember that there is a better way to do this with some command that just returns the path portion) and then combine this with the path and file to be deleted. That is quite annoying, but using relative paths on Windope doesn't work as it seems. Anyone has a better solution (besides dumping Windoof) than to massage strings until it fits? Thank you very much in advance. David K. From dirn at dirnonline.com Sun Sep 24 17:27:44 2006 From: dirn at dirnonline.com (Andy Dirnberger) Date: Sun, 24 Sep 2006 17:27:44 -0400 Subject: [nycphp-talk] relative paths in Windope In-Reply-To: <6.1.2.0.2.20060924171352.02c59ec0@pop.snet.yahoo.com> Message-ID: <000001c6e020$4972e680$a460a8c0@andyabs> Is http://us3.php.net/getcwd what you're looking for? mkdir (getcwd () . "\\directoryname"); DiRN -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of David Krings Sent: Sunday, September 24, 2006 5:14 PM To: talk at lists.nyphp.org Subject: [nycphp-talk] relative paths in Windope Hi, although I managed to find a workaround I still wonder how one can make use of relative paths on Windows when using commands such as mkdir, rmdir, unlink, etc. For example: unlink(.\oh11je9qfrh9ns3evmee794qh3\PDRM0660.JPG) fails with this error No such file or directory in E:\piviviewer\administration\pics\addpictosystem.php on line 276 but the file in the directory in which the script file is located has the folder oh11je9qfrh9ns3evmee794qh3 and in that is the file PDRM0660.JPG. For now I created a function that figures out what the path is to the current location by taking the [SCRIPT_FILENAME] of $_SERVER and cutting the filename of the current script file off at the end (I vaguely remember that there is a better way to do this with some command that just returns the path portion) and then combine this with the path and file to be deleted. That is quite annoying, but using relative paths on Windope doesn't work as it seems. Anyone has a better solution (besides dumping Windoof) than to massage strings until it fits? Thank you very much in advance. David K. _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From ramons at gmx.net Sun Sep 24 19:17:43 2006 From: ramons at gmx.net (David Krings) Date: Sun, 24 Sep 2006 19:17:43 -0400 Subject: [nycphp-talk] relative paths in Windope In-Reply-To: <000001c6e020$4972e680$a460a8c0@andyabs> References: <6.1.2.0.2.20060924171352.02c59ec0@pop.snet.yahoo.com> <000001c6e020$4972e680$a460a8c0@andyabs> Message-ID: <6.1.2.0.2.20060924191317.02a6b720@pop.gmx.net> At 05:27 PM 9/24/2006, you wrote: >Is http://us3.php.net/getcwd what you're looking for? > >mkdir (getcwd () . "\\directoryname"); > >DiRN That would work as well. What I did is use this dirname($_SERVER['SCRIPT_FILENAME']) in the start file and assigned the output to a session variable. It basically gives me the "root" of my entire folder set. This way I can always extend the path if needed. Using getcwd will work fine when I deal only with things that are in my current directory. In the described case, that is so, but I know for sure that I will need the path to point to some place that is down a different tree from the root. Thanks for the tip. David K. From syntux at gmail.com Mon Sep 25 09:23:35 2006 From: syntux at gmail.com (Jad madi) Date: Mon, 25 Sep 2006 16:23:35 +0300 Subject: [nycphp-talk] How would you do this ? In-Reply-To: <6.1.2.0.2.20060919180519.02dc9928@pop.gmx.net> References: <001f01c6dc28$915c84c0$12a8a8c0@HirschLaptop> <6.1.2.0.2.20060919180519.02dc9928@pop.gmx.net> Message-ID: <1159190616.21856.0.camel@localhost> I'm building an RSS aggregator so I'm trying to find out the best way to parse users account feeds equally so Lets say we have 20.000 user with average of 10 feeds in account so we have about 200.000 feed How would you schedule the parsing process to keep all accounts always updated without killing the server? NOTE: that some of the 200.000 feeds might be shared between more than one user Now, what I was thinking of is to split users into 1-) Idle users (check their account once a week, no traffic on their RSS feeds) 2-) Idle++ (check their account once a week, but got traffic on their RSS feeds) 2-) Active users (Check their accounts regularly and they got traffic on their RSS feeds) NOTE: The week is just an example but at the end it?s going to be dynamic ratio so with this classification I can split the parsing power and time to 1-) 10% idle users 2-) 20% idle++ users 3-) 70% active users. NOTE: There is another factors that should be included but I don?t want to get the idea messy now (CPU usage, Memory usage, connectivity issues (if feed site is down) in general the MAX execution time for the continues parsing loop shouldn?t be more than 30 minutes 60 minutes) Actually I?m thinking of writing a daemon to do it ?just keep checking CPU/memory? and excute whenever a reasonable amount of resource available without killing the server. Please elaborate. From tacofighter at gmail.com Mon Sep 25 10:13:21 2006 From: tacofighter at gmail.com (Aaron Deutsch) Date: Mon, 25 Sep 2006 10:13:21 -0400 Subject: [nycphp-talk] data sync Message-ID: I finally setup my localhost to do all dev work with php/mysql. Now I have my office work pc and home pc (both windows) and a 1gig flash drive to bring the files back and forth. Does anyone use some kind of data sync software to make sure you are using the most updated files? Sometimes I'll forget to copy an include file to my flash drive then have to wait till the next day to continue working. thanks, aaron d. -------------- next part -------------- An HTML attachment was scrubbed... URL: From sequethin at gmail.com Mon Sep 25 10:19:43 2006 From: sequethin at gmail.com (Michael Hernandez) Date: Mon, 25 Sep 2006 10:19:43 -0400 Subject: [nycphp-talk] data sync In-Reply-To: References: Message-ID: <6F318354-5CD4-49E1-A58F-F997896A4221@gmail.com> On Sep 25, 2006, at 10:13 AM, Aaron Deutsch wrote: > I finally setup my localhost to do all dev work with php/mysql. Now > I have my office work pc and home pc (both windows) and a 1gig > flash drive to bring the files back and forth. Does anyone use some > kind of data sync software to make sure you are using the most > updated files? Sometimes I'll forget to copy an include file to my > flash drive then have to wait till the next day to continue working. > > thanks, > aaron d. subversion is nice :) -Mike From dcech at phpwerx.net Mon Sep 25 10:32:18 2006 From: dcech at phpwerx.net (Dan Cech) Date: Mon, 25 Sep 2006 10:32:18 -0400 Subject: [nycphp-talk] data sync In-Reply-To: <6F318354-5CD4-49E1-A58F-F997896A4221@gmail.com> References: <6F318354-5CD4-49E1-A58F-F997896A4221@gmail.com> Message-ID: <4517E872.6060605@phpwerx.net> Michael Hernandez wrote: > On Sep 25, 2006, at 10:13 AM, Aaron Deutsch wrote: > >> I finally setup my localhost to do all dev work with php/mysql. Now >> I have my office work pc and home pc (both windows) and a 1gig >> flash drive to bring the files back and forth. Does anyone use some >> kind of data sync software to make sure you are using the most >> updated files? Sometimes I'll forget to copy an include file to my >> flash drive then have to wait till the next day to continue working. >> >> thanks, >> aaron d. > > subversion is nice :) > > -Mike Yup, Set yourself up a subversion repository, then you can not only keep your machines in sync but keep track of everything you do. Dan From wkamm at rvyriptide.org Mon Sep 25 10:33:22 2006 From: wkamm at rvyriptide.org (wkamm at rvyriptide.org) Date: Mon, 25 Sep 2006 10:33:22 -0400 (EDT) Subject: [nycphp-talk] data sync In-Reply-To: References: Message-ID: <40789.192.128.167.68.1159194802.squirrel@rvyriptide.org> I am very happy with SyncBackSE. They have a free version and a $25 version with a few more features. http://www.2brightsparks.com/ Bill > I finally setup my localhost to do all dev work with php/mysql. Now I have > my office work pc and home pc (both windows) and a 1gig flash drive to > bring > the files back and forth. Does anyone use some kind of data sync software > to > make sure you are using the most updated files? Sometimes I'll forget to > copy an include file to my flash drive then have to wait till the next day > to continue working. > > thanks, > aaron d. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From tacofighter at gmail.com Mon Sep 25 10:47:44 2006 From: tacofighter at gmail.com (Aaron Deutsch) Date: Mon, 25 Sep 2006 10:47:44 -0400 Subject: [nycphp-talk] data sync In-Reply-To: <40789.192.128.167.68.1159194802.squirrel@rvyriptide.org> References: <40789.192.128.167.68.1159194802.squirrel@rvyriptide.org> Message-ID: I'm just starting to figure out SVN for my office projects but for my side projects I just wanted to sync my files in a few set folders. I think this may work but I wanted to see what others more experienced had to say http://allwaysync.com/index.html thanks! aaron d. On 9/25/06, wkamm at rvyriptide.org wrote: > > I am very happy with SyncBackSE. They have a free version and a $25 > version with a few more features. > > http://www.2brightsparks.com/ > > Bill > > > I finally setup my localhost to do all dev work with php/mysql. Now I > have > > my office work pc and home pc (both windows) and a 1gig flash drive to > > bring > > the files back and forth. Does anyone use some kind of data sync > software > > to > > make sure you are using the most updated files? Sometimes I'll forget > to > > copy an include file to my flash drive then have to wait till the next > day > > to continue working. > > > > thanks, > > aaron d. > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at zaunere.com Mon Sep 25 10:48:07 2006 From: lists at zaunere.com (Hans Zaunere) Date: Mon, 25 Sep 2006 10:48:07 -0400 Subject: [nycphp-talk] data sync In-Reply-To: <40789.192.128.167.68.1159194802.squirrel@rvyriptide.org> Message-ID: <001001c6e0b1$9d4a6710$710aa8c0@MobileZ> wkamm at rvyriptide.org wrote on Monday, September 25, 2006 10:33 AM: > I am very happy with SyncBackSE. They have a free version and a $25 > version with a few more features. > > http://www.2brightsparks.com/ I use SyncBack too - it pushes incrementally changes to a Samba share automatically. I have it set to do a fast backup after 5 minutes of idle time, and a full backup at 4pm everyday. Quite nice. --- Hans Zaunere / President / New York PHP www.nyphp.org / www.nyphp.com From rmarscher at beaffinitive.com Mon Sep 25 10:49:13 2006 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Mon, 25 Sep 2006 10:49:13 -0400 Subject: [nycphp-talk] relative paths in Windope In-Reply-To: <6.1.2.0.2.20060924191317.02a6b720@pop.gmx.net> References: <6.1.2.0.2.20060924171352.02c59ec0@pop.snet.yahoo.com> <000001c6e020$4972e680$a460a8c0@andyabs> <6.1.2.0.2.20060924191317.02a6b720@pop.gmx.net> Message-ID: <4517EC69.5010108@beaffinitive.com> realpath() is a handy function too when dealing with relative paths: http://us2.php.net/manual/en/function.realpath.php Also, if you like to type less, there's the "magic" constant __FILE__ that will give you the full path to the current file: http://us2.php.net/manual/en/language.constants.predefined.php I often do this: realpath(dirname(__FILE__) . '/../../somefile') -Rob David Krings wrote: > At 05:27 PM 9/24/2006, you wrote: > >> Is http://us3.php.net/getcwd what you're looking for? >> >> mkdir (getcwd () . "\\directoryname"); >> >> DiRN >> > > That would work as well. What I did is use this > dirname($_SERVER['SCRIPT_FILENAME']) > in the start file and assigned the output to a session variable. It > basically gives me the "root" of my entire folder set. This way I can > always extend the path if needed. Using getcwd will work fine when I deal > only with things that are in my current directory. In the described case, > that is so, but I know for sure that I will need the path to point to some > place that is down a different tree from the root. > > Thanks for the tip. > > > David K. > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From skyline at publicmine.com Mon Sep 25 11:22:03 2006 From: skyline at publicmine.com (Ben Sgro (sk)) Date: Mon, 25 Sep 2006 11:22:03 -0400 Subject: [nycphp-talk] data sync References: <40789.192.128.167.68.1159194802.squirrel@rvyriptide.org> Message-ID: <001701c6e0b6$5fb3dad0$6401a8c0@sickbox> I also use this tool for my local network files, I use CVS for my projects. I have the free version. - Ben ----- Original Message ----- From: To: "NYPHP Talk" Cc: Sent: Monday, September 25, 2006 10:33 AM Subject: Re: [nycphp-talk] data sync I am very happy with SyncBackSE. They have a free version and a $25 version with a few more features. http://www.2brightsparks.com/ Bill > I finally setup my localhost to do all dev work with php/mysql. Now I have > my office work pc and home pc (both windows) and a 1gig flash drive to > bring > the files back and forth. Does anyone use some kind of data sync software > to > make sure you are using the most updated files? Sometimes I'll forget to > copy an include file to my flash drive then have to wait till the next day > to continue working. > > thanks, > aaron d. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From jbaer at VillageVoice.com Mon Sep 25 11:28:15 2006 From: jbaer at VillageVoice.com (Baer, Jon) Date: Mon, 25 Sep 2006 11:28:15 -0400 Subject: [nycphp-talk] data sync In-Reply-To: <001701c6e0b6$5fb3dad0$6401a8c0@sickbox> Message-ID: <4D2FAD9B00577645932AD7ED5FECA24503549042@mail> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Subversion for work (since its available anywhere via svn+ssh://) Rsync for incremental backups However, Ive learn to *NOT* put too much faith into backup drives (kinda ironic) after having 3 Lacie drives and a thumbdrive fail after a while of use. YMMV. It may after a while prove pretty useful for online storage to be a better alternative (gDrive, Amazon S3, etc). Just need to wait a bit longer for more sync-like features + better UI. - - Jon - -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Ben Sgro (sk) Sent: Monday, September 25, 2006 11:22 AM To: NYPHP Talk Subject: Re: [nycphp-talk] data sync I also use this tool for my local network files, I use CVS for my projects. I have the free version. - - Ben - ----- Original Message ----- From: To: "NYPHP Talk" Cc: Sent: Monday, September 25, 2006 10:33 AM Subject: Re: [nycphp-talk] data sync I am very happy with SyncBackSE. They have a free version and a $25 version with a few more features. http://www.2brightsparks.com/ Bill > I finally setup my localhost to do all dev work with php/mysql. Now I have > my office work pc and home pc (both windows) and a 1gig flash drive to > bring > the files back and forth. Does anyone use some kind of data sync software > to > make sure you are using the most updated files? Sometimes I'll forget to > copy an include file to my flash drive then have to wait till the next day > to continue working. > > thanks, > aaron d. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) iD8DBQFFF/WP99e5DI8C/rsRAh78AJ9h83yiupDjYIXGsthdT2n0MP2TkACggImp 14DC6/F7Zvz0mI4udCh4mkI= =xZ/6 -----END PGP SIGNATURE----- From jbaer at VillageVoice.com Mon Sep 25 11:34:48 2006 From: jbaer at VillageVoice.com (Baer, Jon) Date: Mon, 25 Sep 2006 11:34:48 -0400 Subject: [nycphp-talk] PHP in SecurityFocus #367 In-Reply-To: <20060924155226.D1525BF75E2@mailspool2.panix.com> Message-ID: <4D2FAD9B00577645932AD7ED5FECA2450354904E@mail> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This might have been asked before but ... Would there be any way you know of to "filter" these feeds by application? My current Mac client (NetNewsWire) can't but maybe there is any client that can actually filter (regex?) over a feed .. Thanks. - - Jon - -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Daniel Convissor Sent: Sunday, September 24, 2006 5:54 AM To: talk at lists.nyphp.org Subject: [nycphp-talk] PHP in SecurityFocus #367 These summaries are available online RSS: http://phpsec.org/projects/vulnerabilities/securityfocus.xml HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html Alerts from SecurityFocus Newsletter #367 RSA key forgeries and Flash vulnerabilities are in the news this week. APPLICATIONS USING PHP - ---------------------- Drupal Userreview Module Unspecified Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/20015 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) iD8DBQFFF/cY99e5DI8C/rsRAiEpAKDq5oAJkxKNhDEy9GWIkpeH7FGzygCdEjxc 7EqXxiYLSkwTL1oKkv97DgU= =B/Ws -----END PGP SIGNATURE----- From rmarscher at beaffinitive.com Mon Sep 25 11:37:06 2006 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Mon, 25 Sep 2006 11:37:06 -0400 Subject: [nycphp-talk] How would you do this ? In-Reply-To: <1159190616.21856.0.camel@localhost> References: <001f01c6dc28$915c84c0$12a8a8c0@HirschLaptop> <6.1.2.0.2.20060919180519.02dc9928@pop.gmx.net> <1159190616.21856.0.camel@localhost> Message-ID: <4517F7A2.6010200@beaffinitive.com> Definitely only parse each feed once across the server (not once for each user). I'm sure that would cut down your number a lot from 200,000. You should figure out how much processing time it takes to parse a feed. I wouldn't think it would be all that much. If it doesn't take too long for your code to parse a feed, you should just do it on demand. i.e. - when the user checks their account, loop through their feeds, determine if the last time you parsed the feed was longer than xx amount of time (like a half hour or hour or something like that) and then determine if any of those feeds have changed (maybe by comparing the file size of the live version with a cached local copy). For the ones that have changed, pull down the new content, and mark the current time as the last updated time for the feed. I would model feed entries into a database table for easy sorting, searching and other stuff like that. In terms of the user interface to deal with this possible wait time in updating the feeds, you could show the user the latest cached version of the feed and then do an ajax call to do the update. This way of doing it would avoid parsing feeds that no one accesses and also avoid having to predict your user's activity. -Rob Jad madi wrote: > I'm building an RSS aggregator so I'm trying to find out the best way to > parse users account feeds equally so Lets say we have 20.000 user with > average of 10 feeds in account so we have about > 200.000 feed > > How would you schedule the parsing process to keep all accounts always > updated without killing the server? NOTE: that some of the 200.000 feeds > might be shared between more than one user > > Now, what I was thinking of is to split users into > 1-) Idle users (check their account once a week, no traffic on their RSS > feeds) > 2-) Idle++ (check their account once a week, but got traffic on their > RSS feeds) > 2-) Active users (Check their accounts regularly and they got traffic on > their RSS feeds) > > NOTE: The week is just an example but at the end it?s going to be > dynamic ratio > > so with this classification I can split the parsing power and time to > 1-) 10% idle users > 2-) 20% idle++ users > 3-) 70% active users. > > NOTE: There is another factors that should be included but I don?t want > to get the idea messy now (CPU usage, Memory usage, connectivity issues > (if feed site is down) in general the MAX execution time for the > continues parsing loop shouldn?t be more than 30 minutes 60 minutes) > Actually I?m thinking of writing a daemon to do it ?just keep checking > CPU/memory? and excute whenever a reasonable amount of resource > available without killing the server. > > > Please elaborate. > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From sequethin at gmail.com Mon Sep 25 11:52:45 2006 From: sequethin at gmail.com (Michael Hernandez) Date: Mon, 25 Sep 2006 11:52:45 -0400 Subject: [nycphp-talk] data sync In-Reply-To: <4D2FAD9B00577645932AD7ED5FECA24503549042@mail> References: <4D2FAD9B00577645932AD7ED5FECA24503549042@mail> Message-ID: <87D17AC0-36B0-4482-8777-599E4B7D26B5@gmail.com> Not to be a subversion zealot but I've been using it to back up my home directory for a while now and it's great. I have a web hosting account with dreamhost (that's not a plug nor a recommendation) and they have subversion available. I have a directory in my /home called mikesfiles and I put things I need backed up in there. All I have to do is check the stuff in and out. It works out for me because I never know what state my home pc or my laptop will be in, so it's a remote backup solution in a sense. I'm sure other syncing software can do the job but it really is worth it if you know subversion already, because it's F/OSS, and it does offer many other options, especially in a case where you have a secure remote machine holding your files. It's actually saved my butt a few times where I forgot my laptop and needed some files that I had in my repo. -Mike From dmintz at davidmintz.org Mon Sep 25 11:53:57 2006 From: dmintz at davidmintz.org (David Mintz) Date: Mon, 25 Sep 2006 11:53:57 -0400 (EDT) Subject: [nycphp-talk] Tomorrow ... - Bring Your Laptops In-Reply-To: <00c301c6e0ad$4ee25e60$710aa8c0@MobileZ> References: <00c301c6e0ad$4ee25e60$710aa8c0@MobileZ> Message-ID: Hans Z or Nate or somebody: Can you elaborate on "bring your laptops?" That is, laptops already AMPed up and with the latest Cake on board, or what? Or is there gonna be wireless for all so we can download whatever on the spot? (I'd have to borrow a machine, so I ask before going to the trouble of doing that and setting up a dev environment on it.) Thanks, --- David Mintz http://davidmintz.org/ Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. From jbaer at VillageVoice.com Mon Sep 25 11:54:13 2006 From: jbaer at VillageVoice.com (Baer, Jon) Date: Mon, 25 Sep 2006 11:54:13 -0400 Subject: [nycphp-talk] data sync In-Reply-To: <87D17AC0-36B0-4482-8777-599E4B7D26B5@gmail.com> Message-ID: <4D2FAD9B00577645932AD7ED5FECA2450354906D@mail> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On a sidenote 1.4 was released + included svnsync ... Here is a great post w/ some details on the tool .. http://journal.paul.querna.org/articles/2006/09/14/using-svnsync - - Jon - -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Michael Hernandez Sent: Monday, September 25, 2006 11:53 AM To: NYPHP Talk Subject: Re: [nycphp-talk] data sync Not to be a subversion zealot but I've been using it to back up my home directory for a while now and it's great. I have a web hosting account with dreamhost (that's not a plug nor a recommendation) and they have subversion available. I have a directory in my /home called mikesfiles and I put things I need backed up in there. All I have to do is check the stuff in and out. It works out for me because I never know what state my home pc or my laptop will be in, so it's a remote backup solution in a sense. I'm sure other syncing software can do the job but it really is worth it if you know subversion already, because it's F/OSS, and it does offer many other options, especially in a case where you have a secure remote machine holding your files. It's actually saved my butt a few times where I forgot my laptop and needed some files that I had in my repo. - -Mike _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) iD8DBQFFF/ul99e5DI8C/rsRAgPDAKDjq6cOuj8kw4XJLXqnim8gq+hNLACgtyqf zaRYuy0wpPj2xwr5/4OYGP4= =Roge -----END PGP SIGNATURE----- From nate at cakephp.org Mon Sep 25 12:13:10 2006 From: nate at cakephp.org (Nate Abele) Date: Mon, 25 Sep 2006 12:13:10 -0400 Subject: [nycphp-talk] Tomorrow ... - Bring Your Laptops Message-ID: Just bring a wifi-enabled laptop. Everything needed to participate (i.e. downloads) will be provided. We're going to try a few little experiments. ; ) From sharonpenn at gmail.com Mon Sep 25 14:42:20 2006 From: sharonpenn at gmail.com (Sharon Penn) Date: Mon, 25 Sep 2006 14:42:20 -0400 Subject: [nycphp-talk] Tomorrow ... - Bring Your Laptops In-Reply-To: References: Message-ID: <58e7bb0b0609251142r5e43904dxd344c7be07f22973@mail.gmail.com> Tomorrow is my first time to attend meeting, I know the address is 590 Madison Avenue. Can anyone tell exactly between which street and is it enough to show driver license to enter the building? Thanks On 9/25/06, Nate Abele wrote: > > Just bring a wifi-enabled laptop. Everything needed to participate > (i.e. downloads) will be provided. We're going to try a few little > experiments. ; ) > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kenrbnsn at rbnsn.com Mon Sep 25 14:51:52 2006 From: kenrbnsn at rbnsn.com (Ken Robinson) Date: Mon, 25 Sep 2006 14:51:52 -0400 Subject: [nycphp-talk] Tomorrow ... - Bring Your Laptops In-Reply-To: <58e7bb0b0609251142r5e43904dxd344c7be07f22973@mail.gmail.co m> References: <58e7bb0b0609251142r5e43904dxd344c7be07f22973@mail.gmail.com> Message-ID: <7.0.1.0.2.20060925145000.097bae10@rbnsn.com> At 02:42 PM 9/25/2006, Sharon Penn wrote: >Tomorrow is my first time to attend meeting, I know the address is >590 Madison Avenue. Can anyone tell exactly between which street and >is it enough to show driver license to enter the building? It's on the SW corner of 59th and Madison. You need a photo ID (if you have one). The guards will accept a non-picture NJ Drivers License if that's all you have. Ken From michael.southwell at nyphp.org Mon Sep 25 14:53:49 2006 From: michael.southwell at nyphp.org (Michael Southwell) Date: Mon, 25 Sep 2006 14:53:49 -0400 Subject: [nycphp-talk] Tomorrow ... - Bring Your Laptops In-Reply-To: <58e7bb0b0609251142r5e43904dxd344c7be07f22973@mail.gmail.co m> References: <58e7bb0b0609251142r5e43904dxd344c7be07f22973@mail.gmail.com> Message-ID: <6.2.3.4.2.20060925145207.0280d190@pop.nyphp.com> At 02:42 PM 9/25/2006, you wrote: >Tomorrow is my first time to attend meeting, I know the address is >590 Madison Avenue. Can anyone tell exactly between which street and >is it enough to show driver license to enter the building? The IBM building is on the southwest corner of 57th street. You should rsvp at http://www.nyphp.org/rsvp.php and then bring a photo ID. Michael Southwell, Vice President for Education New York PHP http://www.nyphp.com/training - In-depth PHP Training Courses From ramons at gmx.net Mon Sep 25 20:15:57 2006 From: ramons at gmx.net (David Krings) Date: Mon, 25 Sep 2006 20:15:57 -0400 Subject: [nycphp-talk] data sync In-Reply-To: References: Message-ID: <6.1.2.0.2.20060925201338.02c8e630@pop.gmx.net> Hi, you could set the server root to your USB drive and have MySQL live on that drive as well, although based on my development work (which may be quite different of yours), the database tends not to change that often and if it does, you will notice it quickly by all the failing queries. David K. At 10:13 AM 9/25/2006, you wrote: >I finally setup my localhost to do all dev work with php/mysql. Now I have >my office work pc and home pc (both windows) and a 1gig flash drive to >bring the files back and forth. Does anyone use some kind of data sync >software to make sure you are using the most updated files? Sometimes >I'll forget to copy an include file to my flash drive then have to wait >till the next day to continue working. > >thanks, >aaron d. >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk > >NYPHPCon 2006 Presentations Online >http://www.nyphpcon.com > >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php From ps at pswebcode.com Tue Sep 26 07:29:41 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Tue, 26 Sep 2006 07:29:41 -0400 Subject: [nycphp-talk] [OT] grep assistance Message-ID: <000d01c6e15f$0f0dc060$6701a8c0@SUNCODE1> Four grep regular expressions I could use help with... 1) match all id numbers between 100 and 199 2) match all id numbers less than 550 3) match all id numbers greater than 550 4) match all id numbers from 0-550, but not 400-480 thanks if these are right at your fingertips. For extra special, extra credit what is the following regexp expected to match. ([1-9]|[1-9][0-9]|[1-3][0-9][0-9]|4[0-6][0-4])$ I see it as match any id in several ranges: 1-9, 10-99, 100-399, 400-464. But there must be a more effective say to say this? Warmest regards, Peter Sawczynec Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management 646.316.3678 ps at pswebcode.com www.pswebcode.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul at devonianfarm.com Tue Sep 26 07:57:27 2006 From: paul at devonianfarm.com (Paul Houle) Date: Tue, 26 Sep 2006 07:57:27 -0400 Subject: [nycphp-talk] [OT] grep assistance In-Reply-To: <000d01c6e15f$0f0dc060$6701a8c0@SUNCODE1> References: <000d01c6e15f$0f0dc060$6701a8c0@SUNCODE1> Message-ID: <451915A7.103@devonianfarm.com> Peter Sawczynec wrote: > Four grep regular expressions I could use help with... This is fun. But it's certainly not a "best practice" way of doing things. (Ask somebody to explain what the #4 regex does...) I'll take a crack at it with PCRE's, but it's very likely that some of them have mistakes on boundary cases. If you're working on the UNIX command line, the easy way to do this is with awk. If you're handling space separated data, say 775 some data 776 other data you can write something like awk '{if ($1<550} print}' awk defaults to space as a separator, but you can change this with the -F option, say -F: or -F,. Somebody can look at that command and have a pretty clear idea of what it does and a decent chance of doing the right thing if 550 changes to 549. Note there is a bit of a cheat below in that I'm not considering proper fielding... If you want to match any numbers embedded anywhere in the document, I think you can change ^ -> (^|[^0-9]) and $ -> ([^0-9]|$). If you know numbers won't be at the beginning or end of a line and will be delimited by spaces, you can replace ^ and $ with spaces. > > 1) match all id numbers between 100 and 199 /^1[0-9]{2}$/ > 2) match all id numbers less than 550 /^4[0-9]{2}|5[0-4][0-9]$/ > 3) match all id numbers greater than 550 /^[0-9]{4,}|[6-9][0-9]{2}|55[1-9]$/ > 4) match all id numbers from 0-550, but not 400-480 > /^[0-3][0-9]{2}|48[1-9]|49[0-9]|5[0-4][0-9]$/ From ps at pswebcode.com Tue Sep 26 08:06:37 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Tue, 26 Sep 2006 08:06:37 -0400 Subject: [nycphp-talk] [OT] grep assistance In-Reply-To: <451915A7.103@devonianfarm.com> Message-ID: <001701c6e164$38202dd0$6701a8c0@SUNCODE1> 62[8-9]|6[3-9][0-9]|7[0-8][0-1] Using your clues, above will match 628 through 781 only, correct? Peter -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Paul Houle Sent: Tuesday, September 26, 2006 7:57 AM To: NYPHP Talk Subject: Re: [nycphp-talk] [OT] grep assistance Peter Sawczynec wrote: > Four grep regular expressions I could use help with... This is fun. But it's certainly not a "best practice" way of doing things. (Ask somebody to explain what the #4 regex does...) I'll take a crack at it with PCRE's, but it's very likely that some of them have mistakes on boundary cases. If you're working on the UNIX command line, the easy way to do this is with awk. If you're handling space separated data, say 775 some data 776 other data you can write something like awk '{if ($1<550} print}' awk defaults to space as a separator, but you can change this with the -F option, say -F: or -F,. Somebody can look at that command and have a pretty clear idea of what it does and a decent chance of doing the right thing if 550 changes to 549. Note there is a bit of a cheat below in that I'm not considering proper fielding... If you want to match any numbers embedded anywhere in the document, I think you can change ^ -> (^|[^0-9]) and $ -> ([^0-9]|$). If you know numbers won't be at the beginning or end of a line and will be delimited by spaces, you can replace ^ and $ with spaces. > > 1) match all id numbers between 100 and 199 /^1[0-9]{2}$/ > 2) match all id numbers less than 550 /^4[0-9]{2}|5[0-4][0-9]$/ > 3) match all id numbers greater than 550 /^[0-9]{4,}|[6-9][0-9]{2}|55[1-9]$/ > 4) match all id numbers from 0-550, but not 400-480 > /^[0-3][0-9]{2}|48[1-9]|49[0-9]|5[0-4][0-9]$/ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From ps at pswebcode.com Tue Sep 26 08:11:27 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Tue, 26 Sep 2006 08:11:27 -0400 Subject: [nycphp-talk] [OT] grep assistance In-Reply-To: <001701c6e164$38202dd0$6701a8c0@SUNCODE1> Message-ID: <001801c6e164$e4c3bc50$6701a8c0@SUNCODE1> Sorry, this should match 628 - 781 only: 62[8-9]|6[3-9][0-9]|7[0-7][0-9]|78[0-1] Peter -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Peter Sawczynec Sent: Tuesday, September 26, 2006 8:07 AM To: 'NYPHP Talk' Subject: Re: [nycphp-talk] [OT] grep assistance 62[8-9]|6[3-9][0-9]|7[0-8][0-1] Using your clues, above will match 628 through 781 only, correct? Peter -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Paul Houle Sent: Tuesday, September 26, 2006 7:57 AM To: NYPHP Talk Subject: Re: [nycphp-talk] [OT] grep assistance Peter Sawczynec wrote: > Four grep regular expressions I could use help with... This is fun. But it's certainly not a "best practice" way of doing things. (Ask somebody to explain what the #4 regex does...) I'll take a crack at it with PCRE's, but it's very likely that some of them have mistakes on boundary cases. If you're working on the UNIX command line, the easy way to do this is with awk. If you're handling space separated data, say 775 some data 776 other data you can write something like awk '{if ($1<550} print}' awk defaults to space as a separator, but you can change this with the -F option, say -F: or -F,. Somebody can look at that command and have a pretty clear idea of what it does and a decent chance of doing the right thing if 550 changes to 549. Note there is a bit of a cheat below in that I'm not considering proper fielding... If you want to match any numbers embedded anywhere in the document, I think you can change ^ -> (^|[^0-9]) and $ -> ([^0-9]|$). If you know numbers won't be at the beginning or end of a line and will be delimited by spaces, you can replace ^ and $ with spaces. > > 1) match all id numbers between 100 and 199 /^1[0-9]{2}$/ > 2) match all id numbers less than 550 /^4[0-9]{2}|5[0-4][0-9]$/ > 3) match all id numbers greater than 550 /^[0-9]{4,}|[6-9][0-9]{2}|55[1-9]$/ > 4) match all id numbers from 0-550, but not 400-480 > /^[0-3][0-9]{2}|48[1-9]|49[0-9]|5[0-4][0-9]$/ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From harris.nyc at verizon.net Tue Sep 26 08:14:13 2006 From: harris.nyc at verizon.net (Harris Paltrowitz) Date: Tue, 26 Sep 2006 08:14:13 -0400 Subject: [nycphp-talk] Late Registration... Message-ID: <0J6700M8D8NU9JD5@vms040.mailsrvcs.net> Hi all, I'd love to be at tonight's meeting, but does anyone know if I should even bother showing up since I just registered this morning? The RSVP page did seem pretty strict about having to register before 3pm yesterday.... :( Thanks. Harris From morgan at forsalebyowner.com Tue Sep 26 13:16:29 2006 From: morgan at forsalebyowner.com (Morgan Craft) Date: Tue, 26 Sep 2006 13:16:29 -0400 Subject: [nycphp-talk] Tomorrow ... - Bring Your Laptops In-Reply-To: <6.2.3.4.2.20060925145207.0280d190@pop.nyphp.com> References: <58e7bb0b0609251142r5e43904dxd344c7be07f22973@mail.gmail.com> <6.2.3.4.2.20060925145207.0280d190@pop.nyphp.com> Message-ID: <4519606D.80505@forsalebyowner.com> Nate, Will the majority of the meeting be hands on? For those without a laptop will we be able to follow what is going on? My new mac is crap and apple is the devil - http://www.macbookrandomshutdown.com/ -Morgan Michael Southwell wrote: > At 02:42 PM 9/25/2006, you wrote: > >> Tomorrow is my first time to attend meeting, I know the address is >> 590 Madison Avenue. Can anyone tell exactly between which street and >> is it enough to show driver license to enter the building? >> > > The IBM building is on the southwest corner of 57th street. You > should rsvp at http://www.nyphp.org/rsvp.php and then bring a photo ID. > > > Michael Southwell, Vice President for Education > New York PHP > http://www.nyphp.com/training - In-depth PHP Training Courses > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > From cliff at pinestream.com Tue Sep 26 18:01:40 2006 From: cliff at pinestream.com (Cliff Hirsch) Date: Tue, 26 Sep 2006 18:01:40 -0400 Subject: [nycphp-talk] Help -- header redirection problem Message-ID: <000001c6e1b7$5c23e980$7c03a8c0@HirschLaptop> I have a short script that redirects pages to http or https as required, but am having problems. The function works fine, but hiccups once output buffering is turned on. Unfortunately, some redirection can't occur until after output buffering is on - legacy code. I though redirection should work fine though because I clean the output buffer as follows: ob_end_clean(); header("Location: https://$path"); exit; Firefox gives me the following error message: The page isn't redirecting properly Firefox has detected that the server is redirecting the request for this address in a way that will never complete. This problem can sometimes be caused by disabling or refusing to accept cookies. Any ideas? I'm pulling my hair out. Cliff _______________________________ Pinestream Communications, Inc. Publisher of Semiconductor Times & Telecom Trends 52 Pine Street, Weston, MA 02493 USA Tel: 781.647.8800, Fax: 781.647.8825 http://www.pinestream.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From rolson at aeso.org Tue Sep 26 20:29:53 2006 From: rolson at aeso.org (Rick Olson) Date: Tue, 26 Sep 2006 17:29:53 -0700 Subject: [nycphp-talk] Help -- header redirection problem In-Reply-To: <000001c6e1b7$5c23e980$7c03a8c0@HirschLaptop> References: <000001c6e1b7$5c23e980$7c03a8c0@HirschLaptop> Message-ID: <4519C601.3050708@aeso.org> I tried the following code just now using multiple URLs, both HTTPS & HTTP, with nested output buffering even, and variations thereof, and have not managed to trigger that error :( ob_start(); print 'before'; print 'do stuff...'; print 'xxxxxx'; ob_end_clean(); header("Location: https://www.paypal.com"); exit; Anything else in there that might be causing the problem? -- Rick Cliff Hirsch wrote: > > I have a short script that redirects pages to http or https as > required, but am having problems. > > The function works fine, but hiccups once output buffering is turned > on. Unfortunately, some redirection can?t occur until after output > buffering is on ? legacy code? > > I though redirection should work fine though because I clean the > output buffer as follows: > > ob_end_clean(); > > header("Location: https://$path"); > > exit; > > Firefox gives me the following error message: > > The page isn't redirecting properly > > Firefox has detected that the server is redirecting the request for > this address in a way that will never complete. > > This problem can sometimes be caused by disabling or refusing to > accept cookies. > > Any ideas? I?m pulling my hair out. > > Cliff > > _______________________________ > *Pinestream Communications, Inc.* > Publisher of /Semiconductor Times/ & /Telecom Trends/ > 52 Pine Street, Weston, MA 02493 USA > Tel: 781.647.8800, Fax: 781.647.8825 > http://www.pinestream.com > > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From rolson at aeso.org Tue Sep 26 20:32:02 2006 From: rolson at aeso.org (Rick Olson) Date: Tue, 26 Sep 2006 17:32:02 -0700 Subject: [nycphp-talk] Help -- header redirection problem In-Reply-To: <4519C601.3050708@aeso.org> References: <000001c6e1b7$5c23e980$7c03a8c0@HirschLaptop> <4519C601.3050708@aeso.org> Message-ID: <4519C682.2050206@aeso.org> One thing that might be causing the issue is a borked/neverending mod_rewrite rule...\ Rick Olson wrote: > I tried the following code just now using multiple URLs, both HTTPS & > HTTP, with nested output buffering even, and variations thereof, and > have not managed to trigger that error :( > > ob_start(); > print 'before'; > print 'do stuff...'; > print 'xxxxxx'; > ob_end_clean(); > header("Location: https://www.paypal.com"); > exit; > > > Anything else in there that might be causing the problem? > > -- > Rick > > > Cliff Hirsch wrote: > >> I have a short script that redirects pages to http or https as >> required, but am having problems. >> >> The function works fine, but hiccups once output buffering is turned >> on. Unfortunately, some redirection can?t occur until after output >> buffering is on ? legacy code? >> >> I though redirection should work fine though because I clean the >> output buffer as follows: >> >> ob_end_clean(); >> >> header("Location: https://$path"); >> >> exit; >> >> Firefox gives me the following error message: >> >> The page isn't redirecting properly >> >> Firefox has detected that the server is redirecting the request for >> this address in a way that will never complete. >> >> This problem can sometimes be caused by disabling or refusing to >> accept cookies. >> >> Any ideas? I?m pulling my hair out. >> >> Cliff >> >> _______________________________ >> *Pinestream Communications, Inc.* >> Publisher of /Semiconductor Times/ & /Telecom Trends/ >> 52 Pine Street, Weston, MA 02493 USA >> Tel: 781.647.8800, Fax: 781.647.8825 >> http://www.pinestream.com >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> >> > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > From cliff at pinestream.com Tue Sep 26 21:41:21 2006 From: cliff at pinestream.com (Cliff Hirsch) Date: Tue, 26 Sep 2006 21:41:21 -0400 Subject: [nycphp-talk] Help -- header redirection problem In-Reply-To: <4519C682.2050206@aeso.org> Message-ID: <000d01c6e1d6$095d05a0$12a8a8c0@HirschLaptop> Bork? Is that in the dictionary?! I just completely isolated the script down to this: This fails, but comment out the last header and exit in the else and it work. Perhaps I have been borked. Where do I check for borking/mod_rewrite? Next step is to download PHP 5.1.6 to see if that solves the problem. Cliff -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Rick Olson Sent: Tuesday, September 26, 2006 7:32 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Help -- header redirection problem One thing that might be causing the issue is a borked/neverending mod_rewrite rule...\ Rick Olson wrote: > I tried the following code just now using multiple URLs, both HTTPS & > HTTP, with nested output buffering even, and variations thereof, and > have not managed to trigger that error :( > > ob_start(); > print 'before'; > print 'do stuff...'; > print 'xxxxxx'; > ob_end_clean(); > header("Location: https://www.paypal.com"); > exit; > > Anything else in there that might be causing the problem? > > -- > Rick From billy.reisinger at gmail.com Tue Sep 26 23:09:03 2006 From: billy.reisinger at gmail.com (Billy Reisinger) Date: Tue, 26 Sep 2006 22:09:03 -0500 Subject: [nycphp-talk] Help -- header redirection problem In-Reply-To: <000d01c6e1d6$095d05a0$12a8a8c0@HirschLaptop> References: <000d01c6e1d6$095d05a0$12a8a8c0@HirschLaptop> Message-ID: http://en.wikipedia.org/wiki/Bork On Sep 26, 2006, at 8:41 PM, Cliff Hirsch wrote: > Bork? Is that in the dictionary?! > > I just completely isolated the script down to this: > > $sslmode = 'https'; > $domain = $_SERVER['HTTP_HOST']; > $uri = $_SERVER['REQUEST_URI']; > $path = $domain.$uri; > $sslon = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? > true > : false; > if ($sslmode == 'http' && $sslon) { > header("Location: http://$path"); > exit; > } > elseif ($sslmode == 'https' && !$sslon) { > header("Location: https://$path"); > exit; > } > else { > header("Location: https://$path"); > exit; > } > ?> > > This fails, but comment out the last header and exit in the else > and it > work. Perhaps I have been borked. Where do I check for > borking/mod_rewrite? Next step is to download PHP 5.1.6 to see if that > solves the problem. > > Cliff > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk- > bounces at lists.nyphp.org] > On Behalf Of Rick Olson > Sent: Tuesday, September 26, 2006 7:32 PM > To: NYPHP Talk > Subject: Re: [nycphp-talk] Help -- header redirection problem > > One thing that might be causing the issue is a borked/neverending > mod_rewrite rule...\ > > Rick Olson wrote: >> I tried the following code just now using multiple URLs, both HTTPS & >> HTTP, with nested output buffering even, and variations thereof, and >> have not managed to trigger that error :( >> >> ob_start(); >> print 'before'; >> print 'do stuff...'; >> print 'xxxxxx'; >> ob_end_clean(); >> header("Location: https://www.paypal.com"); >> exit; >> >> Anything else in there that might be causing the problem? >> >> -- >> Rick > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From ps at pswebcode.com Wed Sep 27 06:34:27 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Wed, 27 Sep 2006 06:34:27 -0400 Subject: [nycphp-talk] About Human Readable Variable Names Moving Among PHP, HTML and MySQL Message-ID: <000901c6e220$827786a0$6701a8c0@SUNCODE1> I'm always attempting a tight level of coordinated, human readable consistent naming for my data, i.e. I try to: a) use the same name such as "First Name" on my HTML form, b) use that variable name in my PHP script (i.e. $First_Name), and c) get the field name in tables in MySQL to match (again i.e. FirstName). When I work on projects that have HTML forms, email confirmations, MySQL storage, and Admin tools that view and sort the data, it is very handy when all the data variable names are uniform and human readable at the same time. This way the onscreen HTML display name for data variables can be the actual data name itself, and then I can do less custom work when presenting data to all the users, in any permutation. My issues are about the spaces in data names. (To me, spaces is what makes data names human readable.) In MySQL: I forget, you can use spaces, but should surround in tics, right. Like so: 'First Name'. In PHP: Can't have spaces. In HTML forms: Can have spaces, but might cause problems. So I'm just asking for an opinion, do you deal with spaces in variables? Never use spaces? Is the problem of spaces just an old legacy, cross platform Windows/Mac/Unix bad memory I have? Warmest regards, Peter Sawczynec Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management 646.316.3678 ps at pswebcode.com www.pswebcode.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From arzala at gmail.com Wed Sep 27 06:57:28 2006 From: arzala at gmail.com (Anirudh Zala) Date: Wed, 27 Sep 2006 16:27:28 +0530 Subject: [nycphp-talk] About Human Readable Variable Names Moving Among PHP, HTML and MySQL In-Reply-To: <000901c6e220$827786a0$6701a8c0@SUNCODE1> References: <000901c6e220$827786a0$6701a8c0@SUNCODE1> Message-ID: On Wed, 27 Sep 2006 16:04:27 +0530, Peter Sawczynec wrote: > I'm always attempting a tight level of coordinated, human readable > consistent naming for my data, i.e. I try to: > a) use the same name such as "First Name" on my HTML form, > b) use that variable name in my PHP script (i.e. $First_Name), and > c) get the field name in tables in MySQL to match (again i.e. FirstName). > When I work on projects that have HTML forms, email confirmations, MySQL > storage, > and Admin tools that view and sort the data, it is very handy when all > the > data variable names > are uniform and human readable at the same time. This way the onscreen > HTML > display name for data variables can be the actual data name itself, and > then > I can > do less custom work when presenting data to all the users, in any > permutation. > My issues are about the spaces in data names. (To me, spaces is what > makes > data names > human readable.) > In MySQL: > I forget, you can use spaces, but should surround in tics, right. Like > so: > 'First Name'. Not recommended. using "_" instead of " " is as readable as " ". > In PHP: > Can't have spaces. > In HTML forms: > Can have spaces, but might cause problems. Yeah, so "_" is better solution even here. > So I'm just asking for an opinion, do you deal with spaces in variables? > Never use spaces? Nope, we never use spaces. Instead we use "_". Since PHP doesn't allow declaration of variables having space in it, It would be difficult to handle data (coming from Forms or stored into Database). I think "_" more or less denotes treating it as space. > Is the problem of spaces just an old legacy, cross platform > Windows/Mac/Unix > bad memory I have? > Warmest regards, > Peter Sawczynec > Technology Director > PSWebcode > _Design & Interface > _Ecommerce > _Database Management > 646.316.3678 > ps at pswebcode.com > www.pswebcode.com > ----------------------------------------------- Anirudh Zala (Project Manager) ASPL, http://www.aspl.in arzala@@gmail.com ----------------------------------------------- From ramons at gmx.net Wed Sep 27 07:25:58 2006 From: ramons at gmx.net (David Krings) Date: Wed, 27 Sep 2006 07:25:58 -0400 Subject: [nycphp-talk] About Human Readable Variable Names Moving Among PHP, HTML and MySQL In-Reply-To: <000901c6e220$827786a0$6701a8c0@SUNCODE1> References: <000901c6e220$827786a0$6701a8c0@SUNCODE1> Message-ID: <6.1.2.0.2.20060927071113.02ccc0f8@pop.gmx.net> Hi, just for the reasons that you mentioned, I never use spaces in variable names. I typically ue the "_" as space replacement. I also tend to use telling names. For example: - I do not use $i, but $counter as counter variable - I always craft SQL queries as a string first before using it in mysql_query. All my query string variables always end in "query". Similar for the result of mysql_query which I assign to a variable that has the same first portion of the name as the query, but ends in "queryrun". Any results if available are assigned to a variable that has the same first portion of the name as the query, but ends in "queryresult". - All variables used in functions are prefixed by "fct_" - All variables that I get from and / or write back to session are prefixed with "session" - As you indicated, I try to name the form element, the variable that gets the value from $_POST, and the table column in the database the same I think what is more necessary than spaces is to have the variable names mean something and consistency in nomenclature. And on top of that, document everything in an external document. Of course, comment liberally, especially when initializing variables (I initialize all of them at the start of a script) add a comment what that variable is for. Add a general note where the script gets values from (script name, and if from POST and/or SESSION). My approach isn't perfect, but it keeps myself out of trouble. My variable names are David Krings-reable, I have no idea if they are humanly readable as so far only one other person ever used any of my scripts (MP3 script using the Flash MP3 player from Jeroen Wijering). IMHO, there are better things to worry about than spaces or no spaces. David K. At 06:34 AM 9/27/2006, you wrote [truncated]: >I'm always attempting a tight level of coordinated, human readable >consistent naming for my data, i.e. I try to: >a) use the same name such as "First Name" on my HTML form, >b) use that variable name in my PHP script (i.e. $First_Name), and >c) get the field name in tables in MySQL to match (again i.e. FirstName). > >My issues are about the spaces in data names. (To me, spaces is what makes >data names >human readable.) > >In MySQL: >I forget, you can use spaces, but should surround in tics, right. Like so: >'First Name'. > >In PHP: >Can't have spaces. > >In HTML forms: >Can have spaces, but might cause problems. > >So I'm just asking for an opinion, do you deal with spaces in variables? >Never use spaces? > >Is the problem of spaces just an old legacy, cross platform >Windows/Mac/Unix bad memory I have? > From tedd at sperling.com Wed Sep 27 09:51:55 2006 From: tedd at sperling.com (tedd) Date: Wed, 27 Sep 2006 09:51:55 -0400 Subject: [nycphp-talk] About Human Readable Variable Names Moving Among PHP, HTML and MySQL In-Reply-To: <000901c6e220$827786a0$6701a8c0@SUNCODE1> References: <000901c6e220$827786a0$6701a8c0@SUNCODE1> Message-ID: At 6:34 AM -0400 9/27/06, Peter Sawczynec wrote: >So I'm just asking for an opinion, do you deal with spaces in variables? >Never use spaces? Peter: Opinions? It depends upon what _you_ want to see in _your_ code, unless you're working with a team. I've seldom worked with a team, so I'll leave that to others to comment. I use mixed case (i.e, pageNum). I try to keep my variable names short and to the point. I never use spaces -- besides, spaces aren't consistently allowed anyway. I try to keep the variable name the same across different languages (i.e., $pageNum - php, pageNum - MySQL). With counters and other temporary/short-scope variables I use i, j, k, l (left over from my FORTRAN) days, which is one of the reason I use lowercase. Likewise, I never use i, j, k, l for anything but short-scope variables. You say: "To me, spaces is what makes data names human readable." Not for me, spaces mean to me that these data names aren't variables. Just give me a variable that looks like a variable; and a name has some relationship to the data they hold; and I'm happy. If you want to see a problem with names, trying reviewing some of the constants that Apple has for it's development (I'm sure they are not alone) -- they are approaching the limits for name length. Another consideration, while I've never had to do it for php, I've worked with variable names that were further identified by their prefix, such as gPageNum -- meaning that it was a global variable. If you have a very large project, you might want to consider using a prefix for naming, such that you would know where the variable originates. Chris Shifett (in his book Essential PHP Security -- in my mind, required reading) used "$clean" for variables that were sanitized -- not a bad idea. I would consider expanding that idea by adding a "c" to the front of a sanitized variable, such as $cPageNum. In any event, whatever scheme you adapt, you're the one who will have to live with it. The more consistent and easy for you to identify and work with, the better. A long time ago, a mentor once told me "Be careful picking your religion, because you're the one who has to live with it." Wouldn't it be interesting if what we believe is what it is? tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From cahoyos at us.ibm.com Wed Sep 27 09:59:36 2006 From: cahoyos at us.ibm.com (Carlos A Hoyos) Date: Wed, 27 Sep 2006 09:59:36 -0400 Subject: [nycphp-talk] Help -- header redirection problem In-Reply-To: <000d01c6e1d6$095d05a0$12a8a8c0@HirschLaptop> Message-ID: Without running it, I'd say this script makes an infinite loop. When the redirect is sent, isn't the else being executed again? > Bork? Is that in the dictionary?! > > I just completely isolated the script down to this: > > $sslmode = 'https'; > $domain = $_SERVER['HTTP_HOST']; > $uri = $_SERVER['REQUEST_URI']; > $path = $domain.$uri; > $sslon = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? true > : false; > if ($sslmode == 'http' && $sslon) { > header("Location: http://$path"); > exit; > } > elseif ($sslmode == 'https' && !$sslon) { > header("Location: https://$path"); > exit; > } > else { > header("Location: https://$path"); > exit; > } > ?> > > This fails, but comment out the last header and exit in the else and it > work. Perhaps I have been borked. Where do I check for > borking/mod_rewrite? Next step is to download PHP 5.1.6 to see if that > solves the problem. > > Cliff Carlos From edwardpotter at gmail.com Wed Sep 27 10:03:37 2006 From: edwardpotter at gmail.com (edward potter) Date: Wed, 27 Sep 2006 10:03:37 -0400 Subject: [nycphp-talk] About Human Readable Variable Names Moving Among PHP, HTML and MySQL In-Reply-To: References: <000901c6e220$827786a0$6701a8c0@SUNCODE1> Message-ID: so simple, so sweet! :-) ed $firstname $lastname $address $city $state $zip $phone $fax $email spaces? ugly dashes? ugly underscores? ugly camel? weird! :-) :-) On 9/27/06, tedd wrote: > At 6:34 AM -0400 9/27/06, Peter Sawczynec wrote: > >So I'm just asking for an opinion, do you deal with spaces in variables? > >Never use spaces? > > Peter: > > Opinions? > > It depends upon what _you_ want to see in _your_ code, unless you're > working with a team. I've seldom worked with a team, so I'll leave > that to others to comment. > > I use mixed case (i.e, pageNum). I try to keep my variable names > short and to the point. I never use spaces -- besides, spaces aren't > consistently allowed anyway. > > I try to keep the variable name the same across different languages > (i.e., $pageNum - php, pageNum - MySQL). > > With counters and other temporary/short-scope variables I use i, j, > k, l (left over from my FORTRAN) days, which is one of the reason I > use lowercase. Likewise, I never use i, j, k, l for anything but > short-scope variables. > > You say: "To me, spaces is what makes data names human readable." > > Not for me, spaces mean to me that these data names aren't variables. > Just give me a variable that looks like a variable; and a name has > some relationship to the data they hold; and I'm happy. > > If you want to see a problem with names, trying reviewing some of the > constants that Apple has for it's development (I'm sure they are not > alone) -- they are approaching the limits for name length. > > Another consideration, while I've never had to do it for php, I've > worked with variable names that were further identified by their > prefix, such as gPageNum -- meaning that it was a global variable. If > you have a very large project, you might want to consider using a > prefix for naming, such that you would know where the variable > originates. > > Chris Shifett (in his book Essential PHP Security -- in my mind, > required reading) used "$clean" for variables that were sanitized -- > not a bad idea. I would consider expanding that idea by adding a "c" > to the front of a sanitized variable, such as $cPageNum. > > In any event, whatever scheme you adapt, you're the one who will have > to live with it. The more consistent and easy for you to identify and > work with, the better. > > A long time ago, a mentor once told me "Be careful picking your > religion, because you're the one who has to live with it." Wouldn't > it be interesting if what we believe is what it is? > > tedd > > -- > ------- > http://sperling.com http://ancientstones.com http://earthstones.com > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- the Blog: http://www.utopiaparkway.com the Karma: http://www.coderswithconscience.com the Projects: http://flickr.com/photos/86842405 at N00/ the Store: http://astore.amazon.com/httpwwwutopic-20 From ps at pswebcode.com Wed Sep 27 10:29:12 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Wed, 27 Sep 2006 10:29:12 -0400 Subject: [nycphp-talk] About Human Readable Variable Names Moving AmongPHP, HTML and MySQL In-Reply-To: Message-ID: <003501c6e241$4de961d0$6701a8c0@SUNCODE1> Well, I won't pursue it any further but as has been returned here, I use: $camelCase, $no_spaces, and a styles of Hungarian notation such as: $strVariable I try to avoid $firstname because that leads to: $weatherwithwindspeeds But, I guess patiently, precisely tracking vars is one of the hearts of the job. $final_close_complete=""; $strHheader='Thanks'; $connective_interruptor_symbol_as_verbal_glue=","; $closerText='ps at pswebcode.com'; $thanks_all=''; $thanks_all.=$strHeader; $thanks_all.=$connective_interruptor_symbol_as_verbal_glue."\n\r"; $final_close_complete=$thanks_all; $final_close_complete.=$closerText; ($final_close_complete!='')? $signOff=$final_close_complete : $signOff=""; echo $display_it=customEchoFunc($signOff); -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of edward potter Sent: Wednesday, September 27, 2006 10:04 AM To: NYPHP Talk Subject: Re: [nycphp-talk] About Human Readable Variable Names Moving AmongPHP, HTML and MySQL so simple, so sweet! :-) ed $firstname $lastname $address $city $state $zip $phone $fax $email spaces? ugly dashes? ugly underscores? ugly camel? weird! :-) :-) On 9/27/06, tedd wrote: > At 6:34 AM -0400 9/27/06, Peter Sawczynec wrote: > >So I'm just asking for an opinion, do you deal with spaces in variables? > >Never use spaces? > > Peter: > > Opinions? > > It depends upon what _you_ want to see in _your_ code, unless you're > working with a team. I've seldom worked with a team, so I'll leave > that to others to comment. > > I use mixed case (i.e, pageNum). I try to keep my variable names > short and to the point. I never use spaces -- besides, spaces aren't > consistently allowed anyway. > > I try to keep the variable name the same across different languages > (i.e., $pageNum - php, pageNum - MySQL). > > With counters and other temporary/short-scope variables I use i, j, > k, l (left over from my FORTRAN) days, which is one of the reason I > use lowercase. Likewise, I never use i, j, k, l for anything but > short-scope variables. > > You say: "To me, spaces is what makes data names human readable." > > Not for me, spaces mean to me that these data names aren't variables. > Just give me a variable that looks like a variable; and a name has > some relationship to the data they hold; and I'm happy. > > If you want to see a problem with names, trying reviewing some of the > constants that Apple has for it's development (I'm sure they are not > alone) -- they are approaching the limits for name length. > > Another consideration, while I've never had to do it for php, I've > worked with variable names that were further identified by their > prefix, such as gPageNum -- meaning that it was a global variable. If > you have a very large project, you might want to consider using a > prefix for naming, such that you would know where the variable > originates. > > Chris Shifett (in his book Essential PHP Security -- in my mind, > required reading) used "$clean" for variables that were sanitized -- > not a bad idea. I would consider expanding that idea by adding a "c" > to the front of a sanitized variable, such as $cPageNum. > > In any event, whatever scheme you adapt, you're the one who will have > to live with it. The more consistent and easy for you to identify and > work with, the better. > > A long time ago, a mentor once told me "Be careful picking your > religion, because you're the one who has to live with it." Wouldn't > it be interesting if what we believe is what it is? > > tedd > > -- > ------- > http://sperling.com http://ancientstones.com http://earthstones.com > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- the Blog: http://www.utopiaparkway.com the Karma: http://www.coderswithconscience.com the Projects: http://flickr.com/photos/86842405 at N00/ the Store: http://astore.amazon.com/httpwwwutopic-20 _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From cliff at pinestream.com Wed Sep 27 10:39:54 2006 From: cliff at pinestream.com (Cliff Hirsch) Date: Wed, 27 Sep 2006 10:39:54 -0400 Subject: [nycphp-talk] Help -- header redirection problem In-Reply-To: Message-ID: <000001c6e242$cc0f9510$12a8a8c0@HirschLaptop> Carlos: Yep -- you the man. I finally figured this out, but you're the first person that saw it too. Was hard to see when it was deeply buried in my application. Lesson learned -- Cliff, don't call an http/https redirect function twice with varying conditions you really know what your doing! Translation -- be careful with that BASIC-style goto code. Thanks, Cliff P.S. But all is not lost. I picked up a new word. I'll try it tonight -- "Hun, you borked the lasagna again." -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Carlos A Hoyos Sent: Wednesday, September 27, 2006 9:00 AM To: NYPHP Talk Subject: Re: [nycphp-talk] Help -- header redirection problem Without running it, I'd say this script makes an infinite loop. When the redirect is sent, isn't the else being executed again? > Bork? Is that in the dictionary?! > > I just completely isolated the script down to this: > > $sslmode = 'https'; > $domain = $_SERVER['HTTP_HOST']; > $uri = $_SERVER['REQUEST_URI']; > $path = $domain.$uri; > $sslon = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? true > : false; > if ($sslmode == 'http' && $sslon) { > header("Location: http://$path"); > exit; > } > elseif ($sslmode == 'https' && !$sslon) { > header("Location: https://$path"); > exit; > } > else { > header("Location: https://$path"); > exit; > } > ?> > > This fails, but comment out the last header and exit in the else and it > work. Perhaps I have been borked. Where do I check for > borking/mod_rewrite? Next step is to download PHP 5.1.6 to see if that > solves the problem. > > Cliff Carlos From tedd at sperling.com Wed Sep 27 10:42:34 2006 From: tedd at sperling.com (tedd) Date: Wed, 27 Sep 2006 10:42:34 -0400 Subject: [nycphp-talk] About Human Readable Variable Names Moving Among PHP, HTML and MySQL In-Reply-To: References: <000901c6e220$827786a0$6701a8c0@SUNCODE1> Message-ID: At 10:03 AM -0400 9/27/06, edward potter wrote: >so simple, so sweet! :-) ed > >$firstname >$lastname >$address >$city >$state >$zip >$phone >$fax >$email > >spaces? ugly >dashes? ugly >underscores? ugly >camel? weird! :-) > >:-) Camel? Well... which of the following is the easiest to read? gestaltfinderusesspecialopenfoldersfile gestaltFinderUsesSpecialOpenFoldersFile Just an example of Apple's constants -- and, there are longer ones. tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From hendler at simmons.edu Wed Sep 27 11:22:16 2006 From: hendler at simmons.edu (Jonathan Hendler) Date: Wed, 27 Sep 2006 11:22:16 -0400 Subject: [nycphp-talk] Bogus or not? Message-ID: <451A9728.8030502@simmons.edu> I filed this "bug"/feature request. Arrays don't properly overwrite strings in multi-dimensional arrays. PHP folks feel that everything works as it should. Any thoughts? http://bugs.php.net/bug.php?id=38974 From ekozek at rightmedia.com Wed Sep 27 11:35:13 2006 From: ekozek at rightmedia.com (Ed Kozek) Date: Wed, 27 Sep 2006 11:35:13 -0400 Subject: [nycphp-talk] About Human Readable Variable Names Moving Among PHP, HTML and MySQL In-Reply-To: Message-ID: Isn't this even easier? gestalt_finder_uses_special_open_folders_file ? /Ed On 9/27/06 10:42 AM, "tedd" wrote: > At 10:03 AM -0400 9/27/06, edward potter wrote: >> so simple, so sweet! :-) ed >> >> $firstname >> $lastname >> $address >> $city >> $state >> $zip >> $phone >> $fax >> $email >> >> spaces? ugly >> dashes? ugly >> underscores? ugly >> camel? weird! :-) >> >> :-) > > Camel? > > Well... which of the following is the easiest to read? > > gestaltfinderusesspecialopenfoldersfile > > gestaltFinderUsesSpecialOpenFoldersFile > > Just an example of Apple's constants -- and, there are longer ones. > > tedd From tim at tmcode.com Wed Sep 27 11:37:54 2006 From: tim at tmcode.com (Tim McEwen) Date: Wed, 27 Sep 2006 11:37:54 -0400 Subject: [nycphp-talk] Bogus or not? In-Reply-To: <451A9728.8030502@simmons.edu> References: <451A9728.8030502@simmons.edu> Message-ID: <0261D2FB-C2F7-4D86-84AD-193451A2F7C9@tmcode.com> The reply to the bug is correct, PHP is doing what its supposed to. When you are executing the line: $test_array['name'] = 'value'; You are declaring $test_array['name'] as a string. Then when you access that string using brackets you are telling PHP that you want a character from that string. For example: $test_array['name'][1] should and would give you 'a'. The confusing part is that you are using a text key. Since $test_array['name'] is a string, PHP is expecting the value in brackets to be an integer. Consequently php does a type conversion on your 'count' key turning it into 0. 0 in this case corresponds to the 'v' in value. Your statement is actually the equivalent of $test_array['name'][0] = '2'; To "correct" your code, you have to force php to change the type of $test_array['name']. This would be done by reassigning the value to array(): $test_array['name'] = array(); $test_array['name']['count'] = '2'; That all being said, I would agree that PHP could be slightly more intelligent and see the fact that you passed a text key. Seeing that you passed a text key, that would imply you want to type convert that element from string to an array. My guess is that you are going to have a tough time convincing anyone to make the modification tho. -Tim On Sep 27, 2006, at 11:22 AM, Jonathan Hendler wrote: > I filed this "bug"/feature request. > > Arrays don't properly overwrite strings in multi-dimensional arrays. > PHP folks feel that everything works as it should. > > Any thoughts? > > http://bugs.php.net/bug.php?id=38974 > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From scott at crisscott.com Wed Sep 27 11:40:37 2006 From: scott at crisscott.com (Scott Mattocks) Date: Wed, 27 Sep 2006 11:40:37 -0400 Subject: [nycphp-talk] Bogus or not? In-Reply-To: <451A9728.8030502@simmons.edu> References: <451A9728.8030502@simmons.edu> Message-ID: <451A9B75.3000802@crisscott.com> Jonathan Hendler wrote: > I filed this "bug"/feature request. > > Arrays don't properly overwrite strings in multi-dimensional arrays. > PHP folks feel that everything works as it should. > > Any thoughts? > > http://bugs.php.net/bug.php?id=38974 You are not turning the string into an array. You are overwriting the character at position 0. "Array" syntax is how you access an individual character in a string (a string is basically an array of characters). If you want to ensure that you overwrite the string with an array, then force the string to be an array first. php -r '$s = "string"; settype($s, "array"); $s[0] = 3; var_dump($s);' Summary: I agree, it is not a bug. -- Scott Mattocks Author of: Pro PHP-GTK http://www.crisscott.com From craig at juxtadigital.com Wed Sep 27 11:48:52 2006 From: craig at juxtadigital.com (Craig Thomas) Date: Wed, 27 Sep 2006 11:48:52 -0400 Subject: [nycphp-talk] About Human Readable Variable Names Moving Among PHP, HTML and MySQL In-Reply-To: References: Message-ID: <451A9D64.5070601@juxtadigital.com> Ed Kozek wrote: > Isn't this even easier? > > gestalt_finder_uses_special_open_folders_file nope...they just get in the way for my eyes. $willGoBakUnderMySteamyPileNow = true; ahh, now there's a variable name! From dmintz at davidmintz.org Wed Sep 27 11:57:07 2006 From: dmintz at davidmintz.org (David Mintz) Date: Wed, 27 Sep 2006 11:57:07 -0400 (EDT) Subject: [nycphp-talk] CakePHP 1.2 wanted, svn help w/ SSL needed Message-ID: svn co https://svn.cakephp.org/repo/trunk/cake/1.2.x.x/ svn: SSL is not supported According to some google research, I should compile Subversion against a version of neon that has SSL enabled. (I think that's the first time I even heard of neon -- but then I'm a lightweight, what can i say...) I'm on Fedora 4 and running the svn that came with the distro (i think -- don't remember compiling my own). So... do I really have to do all this wget whatever.tar.gz/tar -xzf whatever /cd whatever-x.x.x/configure --with-whatever/make/sudo make install or is there any easier way? Should I first erase my current svn package via yum? The goal is simply to get CakePHP 1.2 so this seems like a lot of hoop-jumping. Thanks much! --- David Mintz http://davidmintz.org/ Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. From jbaer at VillageVoice.com Wed Sep 27 12:03:49 2006 From: jbaer at VillageVoice.com (Baer, Jon) Date: Wed, 27 Sep 2006 12:03:49 -0400 Subject: [nycphp-talk] CakePHP 1.2 wanted, svn help w/ SSL needed In-Reply-To: Message-ID: <4D2FAD9B00577645932AD7ED5FECA24503549456@mail> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is OpenSSL installed? Try yum update openssl then yum update svn ... If not a simple compile (./configure --with-ssl) will do. - - Jon - -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of David Mintz Sent: Wednesday, September 27, 2006 11:57 AM To: talk at lists.nyphp.org Subject: [nycphp-talk] CakePHP 1.2 wanted, svn help w/ SSL needed svn co https://svn.cakephp.org/repo/trunk/cake/1.2.x.x/ svn: SSL is not supported According to some google research, I should compile Subversion against a version of neon that has SSL enabled. (I think that's the first time I even heard of neon -- but then I'm a lightweight, what can i say...) I'm on Fedora 4 and running the svn that came with the distro (i think -- don't remember compiling my own). So... do I really have to do all this wget whatever.tar.gz/tar -xzf whatever /cd whatever-x.x.x/configure --with-whatever/make/sudo make install or is there any easier way? Should I first erase my current svn package via yum? The goal is simply to get CakePHP 1.2 so this seems like a lot of hoop-jumping. Thanks much! - --- David Mintz http://davidmintz.org/ Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) iD8DBQFFGqDl99e5DI8C/rsRAvklAJ9uVpGFyx+f9fKyRedVoE537Zxw4wCgx7P8 gCcp3ETIMT1OA3LDfCWHoxU= =Wm7Y -----END PGP SIGNATURE----- From tedd at sperling.com Wed Sep 27 12:14:05 2006 From: tedd at sperling.com (tedd) Date: Wed, 27 Sep 2006 12:14:05 -0400 Subject: [nycphp-talk] About Human Readable Variable Names Moving Among PHP, HTML and MySQL In-Reply-To: References: Message-ID: At 11:35 AM -0400 9/27/06, Ed Kozek wrote: >Isn't this even easier? > >gestalt_finder_uses_special_open_folders_file > >? Nothing wrong with it -- you just have to set a standard and live with it. tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From dmintz at davidmintz.org Wed Sep 27 12:16:23 2006 From: dmintz at davidmintz.org (David Mintz) Date: Wed, 27 Sep 2006 12:16:23 -0400 (EDT) Subject: [nycphp-talk] CakePHP 1.2 wanted, svn help w/ SSL needed In-Reply-To: <4D2FAD9B00577645932AD7ED5FECA24503549456@mail> References: <4D2FAD9B00577645932AD7ED5FECA24503549456@mail> Message-ID: On Wed, 27 Sep 2006, Baer, Jon wrote: > -----pgpenvelope processed message > > Is OpenSSL installed? It is. > Try yum update openssl then yum update svn ... [david at mintz downloads]$ sudo yum update openssl Setting up Update Process Setting up repositories Reading repository metadata in from local files Could not find update match for openssl No Packages marked for Update/Obsoletion [david at mintz downloads]$ sudo yum update svn Setting up Update Process Setting up repositories Reading repository metadata in from local files Could not find update match for svn No Packages marked for Update/Obsoletion > > If not a simple compile (./configure --with-ssl) will do. > I guess that's next. (Or else wait for the 1.2 release.) Thanks, --- David Mintz http://davidmintz.org/ Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. From jbaer at VillageVoice.com Wed Sep 27 12:21:01 2006 From: jbaer at VillageVoice.com (Baer, Jon) Date: Wed, 27 Sep 2006 12:21:01 -0400 Subject: [nycphp-talk] CakePHP 1.2 wanted, svn help w/ SSL needed In-Reply-To: Message-ID: <4D2FAD9B00577645932AD7ED5FECA24503549464@mail> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > If not a simple compile (./configure --with-ssl) will do. > If you want to be on the safe side just unpack it and do something like ./configure --prefix=/usr/local/svn --with-ssl /usr/local/svn/svn co https://svn.cakephp.org/repo/branches/1.2.x.x/ cake1.2 (It's only available currently in the ~branches~ dir @ the moment) You should be fine compiling svn on your own to get the binary going if you already don't have a subversion repository on that box. - - Jon -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) iD8DBQFFGqTt99e5DI8C/rsRAt2zAKDgudEaeUQknR30iwovlHmAyI0JGQCgrhiv 4ZD5svgCD8NT7O2FmgiJhjg= =F5cf -----END PGP SIGNATURE----- From craig at juxtadigital.com Wed Sep 27 12:43:00 2006 From: craig at juxtadigital.com (Craig Thomas) Date: Wed, 27 Sep 2006 12:43:00 -0400 Subject: [nycphp-talk] CakePHP 1.2 wanted, svn help w/ SSL needed In-Reply-To: References: <4D2FAD9B00577645932AD7ED5FECA24503549456@mail> Message-ID: <451AAA14.9060806@juxtadigital.com> David Mintz wrote: > On Wed, 27 Sep 2006, Baer, Jon wrote: > >> -----pgpenvelope processed message >> >> Is OpenSSL installed? > > It is. > > >> Try yum update openssl then yum update svn ... > > [david at mintz downloads]$ sudo yum update openssl > Setting up Update Process > Setting up repositories > Reading repository metadata in from local files > Could not find update match for openssl > No Packages marked for Update/Obsoletion If installed it's already updated to the latest version. $rpm -qa | grep ssl should list it's rpm /version info. > [david at mintz downloads]$ sudo yum update svn try: subversion [not svn] (go figure) FWIW: I'm using FC5+ and don't have any problem with svn client and https urls. Also, a centos4.3 (clone of FC3) box also works without incident. HTH, From rmarscher at beaffinitive.com Wed Sep 27 13:07:27 2006 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Wed, 27 Sep 2006 13:07:27 -0400 Subject: [nycphp-talk] CakePHP 1.2 wanted, svn help w/ SSL needed In-Reply-To: <451AAA14.9060806@juxtadigital.com> References: <4D2FAD9B00577645932AD7ED5FECA24503549456@mail> <451AAA14.9060806@juxtadigital.com> Message-ID: <451AAFCF.8000502@beaffinitive.com> I don't know if it's possible that svn is showing an incorrect error message... when I run the command you posted I get this: svn co https://svn.cakephp.org/repo/trunk/cake/1.2.x.x/ svn: URL 'https://svn.cakephp.org/repo/trunk/cake/1.2.x.x' doesn't exist -Rob Craig Thomas wrote: > David Mintz wrote: > >> On Wed, 27 Sep 2006, Baer, Jon wrote: >> >> >>> -----pgpenvelope processed message >>> >>> Is OpenSSL installed? >>> >> It is. >> >> >> >>> Try yum update openssl then yum update svn ... >>> >> [david at mintz downloads]$ sudo yum update openssl >> Setting up Update Process >> Setting up repositories >> Reading repository metadata in from local files >> Could not find update match for openssl >> No Packages marked for Update/Obsoletion >> > > If installed it's already updated to the latest version. > > $rpm -qa | grep ssl > > should list it's rpm /version info. > > > >> [david at mintz downloads]$ sudo yum update svn >> > > try: > > subversion [not svn] > > (go figure) > > FWIW: > I'm using FC5+ and don't have any problem with svn client and https urls. > > Also, a centos4.3 (clone of FC3) box also works without incident. > > HTH, > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > From morgan at forsalebyowner.com Wed Sep 27 14:03:54 2006 From: morgan at forsalebyowner.com (Morgan Craft) Date: Wed, 27 Sep 2006 14:03:54 -0400 Subject: [nycphp-talk] About Human Readable Variable Names Moving Among PHP, HTML and MySQL In-Reply-To: References: <000901c6e220$827786a0$6701a8c0@SUNCODE1> Message-ID: <451ABD0A.8080203@forsalebyowner.com> go with camelCase. very easy to read once you start working with it consistently. And if you use Trac for your ticketing system the built-in wiki functionality allows for camelCasing (might be a plugin) and you can help integrate documentation of projects with your code repository. now if we could just get rid of that Hungarian notation..... edward potter wrote: > so simple, so sweet! :-) ed > > $firstname > $lastname > $address > $city > $state > $zip > $phone > $fax > $email > > spaces? ugly > dashes? ugly > underscores? ugly > camel? weird! :-) > > :-) > > > On 9/27/06, tedd wrote: > >> At 6:34 AM -0400 9/27/06, Peter Sawczynec wrote: >> >>> So I'm just asking for an opinion, do you deal with spaces in variables? >>> Never use spaces? >>> >> Peter: >> >> Opinions? >> >> It depends upon what _you_ want to see in _your_ code, unless you're >> working with a team. I've seldom worked with a team, so I'll leave >> that to others to comment. >> >> I use mixed case (i.e, pageNum). I try to keep my variable names >> short and to the point. I never use spaces -- besides, spaces aren't >> consistently allowed anyway. >> >> I try to keep the variable name the same across different languages >> (i.e., $pageNum - php, pageNum - MySQL). >> >> With counters and other temporary/short-scope variables I use i, j, >> k, l (left over from my FORTRAN) days, which is one of the reason I >> use lowercase. Likewise, I never use i, j, k, l for anything but >> short-scope variables. >> >> You say: "To me, spaces is what makes data names human readable." >> >> Not for me, spaces mean to me that these data names aren't variables. >> Just give me a variable that looks like a variable; and a name has >> some relationship to the data they hold; and I'm happy. >> >> If you want to see a problem with names, trying reviewing some of the >> constants that Apple has for it's development (I'm sure they are not >> alone) -- they are approaching the limits for name length. >> >> Another consideration, while I've never had to do it for php, I've >> worked with variable names that were further identified by their >> prefix, such as gPageNum -- meaning that it was a global variable. If >> you have a very large project, you might want to consider using a >> prefix for naming, such that you would know where the variable >> originates. >> >> Chris Shifett (in his book Essential PHP Security -- in my mind, >> required reading) used "$clean" for variables that were sanitized -- >> not a bad idea. I would consider expanding that idea by adding a "c" >> to the front of a sanitized variable, such as $cPageNum. >> >> In any event, whatever scheme you adapt, you're the one who will have >> to live with it. The more consistent and easy for you to identify and >> work with, the better. >> >> A long time ago, a mentor once told me "Be careful picking your >> religion, because you're the one who has to live with it." Wouldn't >> it be interesting if what we believe is what it is? >> >> tedd >> >> -- >> ------- >> http://sperling.com http://ancientstones.com http://earthstones.com >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> >> > > > From ken at secdat.com Wed Sep 27 14:40:38 2006 From: ken at secdat.com (Kenneth Downs) Date: Wed, 27 Sep 2006 14:40:38 -0400 Subject: [nycphp-talk] About Human Readable Variable Names Moving Among PHP, HTML and MySQL In-Reply-To: <000901c6e220$827786a0$6701a8c0@SUNCODE1> References: <000901c6e220$827786a0$6701a8c0@SUNCODE1> Message-ID: <451AC5A6.9000805@secdat.com> Peter Sawczynec wrote: > I'm always attempting a tight level of coordinated, human readable > consistent naming for my data, i.e. I try to: > a) use the same name such as "First Name" on my HTML form, > b) use that variable name in my PHP script (i.e. $First_Name), and > c) get the field name in tables in MySQL to match (again i.e. FirstName). Name consistency is of course a great idea. > My issues are about the spaces in data names. (To me, spaces is what > makes data names > human readable.) > > In MySQL: > I forget, you can use spaces, but should surround in tics, right. Like > so: 'First Name'. Strike 1, requires special handling. > > In PHP: > Can't have spaces. Strike 2, can't do it at all > > In HTML forms: > Can have spaces, but might cause problems. Strike 3, unpredictable results = phone call on day off > > So I'm just asking for an opinion, do you deal with spaces in variables? > Never use spaces? > I think we've answered the question :) -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ken.vcf Type: text/x-vcard Size: 261 bytes Desc: not available URL: From ramons at gmx.net Wed Sep 27 14:53:14 2006 From: ramons at gmx.net (David Krings) Date: Wed, 27 Sep 2006 14:53:14 -0400 Subject: [nycphp-talk] About Human Readable Variable Names Moving Among PHP, HTML and MySQL In-Reply-To: <451A9D64.5070601@juxtadigital.com> References: <451A9D64.5070601@juxtadigital.com> Message-ID: <6.1.2.0.2.20060927145036.02ba64d8@pop.gmx.net> At 11:48 AM 9/27/2006, you wrote: >$willGoBakUnderMySteamyPileNow = true; > >ahh, now there's a variable name! Why not be consistent and make the"w" be upper case as well $WillGoBackUnderMySteamyPileNow = true; ...and spelling variable names correctly is a plus as well. I wouldn?t count on mistyping it every time. ;) I can?t tell you how often I borked my script by just leaving out an e or an s in a variable name. David K. From dmintz at davidmintz.org Wed Sep 27 14:56:14 2006 From: dmintz at davidmintz.org (David Mintz) Date: Wed, 27 Sep 2006 14:56:14 -0400 (EDT) Subject: [nycphp-talk] CakePHP 1.2 wanted, svn help w/ SSL needed In-Reply-To: <4D2FAD9B00577645932AD7ED5FECA24503549464@mail> References: <4D2FAD9B00577645932AD7ED5FECA24503549464@mail> Message-ID: On Wed, 27 Sep 2006, Baer, Jon wrote: > > > > If not a simple compile (./configure --with-ssl) will do. > > > > If you want to be on the safe side just unpack it and do something like > > ./configure --prefix=/usr/local/svn --with-ssl I downloaded the svn 1.4.0 tarball and the deps, unpacked them into the same dir, and ./configure --with-ssl threw an error "... configure failed for apr" so I said, f[a-z]{3} this, it's too much of a side show, I bet the svn client on my dreamhost account groks SSL, then I'll just rsync it... [taffy]$ svn co https://svn.cakephp.org/repo/branches/1.2.x.x/cake1.2 svn: URL 'https://svn.cakephp.org/repo/branches/1.2.x.x/cake1.2' doesn't exist You sure those are the magic words? Ain't working for me. Thanks again, --- David Mintz http://davidmintz.org/ Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. From dcech at phpwerx.net Wed Sep 27 15:01:33 2006 From: dcech at phpwerx.net (Dan Cech) Date: Wed, 27 Sep 2006 15:01:33 -0400 Subject: [nycphp-talk] CakePHP 1.2 wanted, svn help w/ SSL needed In-Reply-To: References: <4D2FAD9B00577645932AD7ED5FECA24503549464@mail> Message-ID: <451ACA8D.9040708@phpwerx.net> David Mintz wrote: > On Wed, 27 Sep 2006, Baer, Jon wrote: > >>> If not a simple compile (./configure --with-ssl) will do. >>> >> If you want to be on the safe side just unpack it and do something like >> >> ./configure --prefix=/usr/local/svn --with-ssl > > > I downloaded the svn 1.4.0 tarball and the deps, unpacked them into the > same dir, and ./configure --with-ssl threw an error "... configure failed > for apr" so I said, f[a-z]{3} this, it's too much of a side show, I bet > the svn client on my dreamhost account groks SSL, then I'll just rsync > it... > > [taffy]$ svn co https://svn.cakephp.org/repo/branches/1.2.x.x/cake1.2 > svn: URL 'https://svn.cakephp.org/repo/branches/1.2.x.x/cake1.2' doesn't > exist > > You sure those are the magic words? Ain't working for me. Maybe the problem is that https://svn.cakephp.org/repo/branches/1.2.x.x/cake1.2 actually doesn't exist. If you open it in a web browser and poke around a little, you'll see that the correct url is: https://svn.cakephp.org/repo/branches/1.2.x.x/cake/ Dan > Thanks again, > > --- > David Mintz > http://davidmintz.org/ From dmintz at davidmintz.org Wed Sep 27 15:01:48 2006 From: dmintz at davidmintz.org (David Mintz) Date: Wed, 27 Sep 2006 15:01:48 -0400 (EDT) Subject: [nycphp-talk] About Human Readable Variable Names Moving Among PHP, HTML and MySQL In-Reply-To: <6.1.2.0.2.20060927145036.02ba64d8@pop.gmx.net> References: <451A9D64.5070601@juxtadigital.com> <6.1.2.0.2.20060927145036.02ba64d8@pop.gmx.net> Message-ID: On Wed, 27 Sep 2006, David Krings wrote: > ...and spelling variable names correctly is a plus as well. I wouldn?t > count on mistyping it every time. ;) I can?t tell you how often I borked my > script by just leaving out an e or an s in a variable name. Long live code completion (a la Zend)! Long live E_ALL ! --- David Mintz http://davidmintz.org/ Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. From jbaer at VillageVoice.com Wed Sep 27 15:02:28 2006 From: jbaer at VillageVoice.com (Baer, Jon) Date: Wed, 27 Sep 2006 15:02:28 -0400 Subject: [nycphp-talk] CakePHP 1.2 wanted, svn help w/ SSL needed In-Reply-To: Message-ID: <4D2FAD9B00577645932AD7ED5FECA245035494D7@mail> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There is a space you are missing after the repository URL ... svn co https://svn.cakephp.org/repo/branches/1.2.x.x/ cake1.2 I forgot about the apr. Im sure there is some wget/curl hackery to pull the thing down as well (since that's all you are really doing). wget -R If you are still having problems I'll zip it up + send it over. - - Jon - -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of David Mintz Sent: Wednesday, September 27, 2006 2:56 PM To: NYPHP Talk Subject: Re: [nycphp-talk] CakePHP 1.2 wanted, svn help w/ SSL needed On Wed, 27 Sep 2006, Baer, Jon wrote: > > > > If not a simple compile (./configure --with-ssl) will do. > > > > If you want to be on the safe side just unpack it and do something > like > > ./configure --prefix=/usr/local/svn --with-ssl I downloaded the svn 1.4.0 tarball and the deps, unpacked them into the same dir, and ./configure --with-ssl threw an error "... configure failed for apr" so I said, f[a-z]{3} this, it's too much of a side show, I bet the svn client on my dreamhost account groks SSL, then I'll just rsync it... [taffy]$ svn co https://svn.cakephp.org/repo/branches/1.2.x.x/cake1.2 svn: URL 'https://svn.cakephp.org/repo/branches/1.2.x.x/cake1.2' doesn't exist You sure those are the magic words? Ain't working for me. Thanks again, - --- David Mintz http://davidmintz.org/ Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) iD8DBQFFGsrE99e5DI8C/rsRAiKFAJwJ4ON9LI6fvmums8MEoT9WVKtbmgCeJphG Gkpl5beE9u5Ygl9/rqPL0UI= =LmH4 -----END PGP SIGNATURE----- From dmintz at davidmintz.org Wed Sep 27 15:05:19 2006 From: dmintz at davidmintz.org (David Mintz) Date: Wed, 27 Sep 2006 15:05:19 -0400 (EDT) Subject: [nycphp-talk] STOP THE PRESSES! (Re: CakePHP 1.2 wanted, svn help w/ SSL needed) In-Reply-To: References: <4D2FAD9B00577645932AD7ED5FECA24503549464@mail> Message-ID: This works: svn co https://svn.cakephp.org/repo/branches/1.2.x.x/ I think Jon B. said svn co https://svn.cakephp.org/repo/branches/1.2.x.x/cake1.2 and there is a 'cake' subdir, turally, but not cake1.2 --- David Mintz http://davidmintz.org/ Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. From dmintz at davidmintz.org Wed Sep 27 15:10:20 2006 From: dmintz at davidmintz.org (David Mintz) Date: Wed, 27 Sep 2006 15:10:20 -0400 (EDT) Subject: [nycphp-talk] CakePHP 1.2 wanted, svn help w/ SSL needed In-Reply-To: <4D2FAD9B00577645932AD7ED5FECA245035494D7@mail> References: <4D2FAD9B00577645932AD7ED5FECA245035494D7@mail> Message-ID: Yeah, I see the light now. Many thanks to all. On Wed, 27 Sep 2006, Baer, Jon wrote: > -----pgpenvelope processed message > > There is a space you are missing after the repository URL ... > > svn co https://svn.cakephp.org/repo/branches/1.2.x.x/ cake1.2 > > I forgot about the apr. Im sure there is some wget/curl hackery to pull > the thing down as well (since that's all you are really doing). wget -R > > > If you are still having problems I'll zip it up + send it over. --- David Mintz http://davidmintz.org/ Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. From mitch.pirtle at gmail.com Wed Sep 27 15:57:16 2006 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Wed, 27 Sep 2006 15:57:16 -0400 Subject: [nycphp-talk] Mac OS X users - Widgets for PHP In-Reply-To: <4509728F.1010407@email.smith.edu> References: <4509728F.1010407@email.smith.edu> Message-ID: <330532b60609271257x440d8ce9xc8df4702b45a3e1a@mail.gmail.com> On 9/14/06, Aaron Fischer wrote: > I've been enjoying these widgets and thought others might as well: Wow thanks, other than PHPEclipse and Zend's IDE, I haven't really found any other tools for OS X. Ok, that really means that I just haven't spent that much time or effort searching for them *blush* -- Mitch From tedd at sperling.com Wed Sep 27 17:25:02 2006 From: tedd at sperling.com (tedd) Date: Wed, 27 Sep 2006 17:25:02 -0400 Subject: [nycphp-talk] About Human Readable Variable Names Moving Among PHP, HTML and MySQL In-Reply-To: <6.1.2.0.2.20060927145036.02ba64d8@pop.gmx.net> References: <451A9D64.5070601@juxtadigital.com> <6.1.2.0.2.20060927145036.02ba64d8@pop.gmx.net> Message-ID: At 2:53 PM -0400 9/27/06, David Krings wrote: >At 11:48 AM 9/27/2006, you wrote: >>$willGoBakUnderMySteamyPileNow = true; >> >>ahh, now there's a variable name! > >Why not be consistent and make the"w" be upper case as well >$WillGoBackUnderMySteamyPileNow = true; Ahhh, now you touched on another subject, which is how do you name functions? I've seen code (not that I practice it) where functions names begin with uppercase whereas variables do not. Again, it's what makes sense to you, or your team. It's similar to formatting, which only leads to "Where do you put the brace?" discussions -- no right, no wrong, just what works for you. tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From ramons at gmx.net Wed Sep 27 17:47:36 2006 From: ramons at gmx.net (David Krings) Date: Wed, 27 Sep 2006 17:47:36 -0400 Subject: [nycphp-talk] Client vs. Server programming In-Reply-To: <20060921213727.3299.qmail@web53305.mail.yahoo.com> References: <20060921213727.3299.qmail@web53305.mail.yahoo.com> Message-ID: <6.1.2.0.2.20060927174638.02b968a0@pop.gmx.net> At 05:37 PM 9/21/2006, you wrote: >So what are the advantages of server programming? What what am I missing? Can think of another reason, record blocking in a database. Try to do this from the client! David K. From jbaer at VillageVoice.com Wed Sep 27 18:30:00 2006 From: jbaer at VillageVoice.com (Baer, Jon) Date: Wed, 27 Sep 2006 18:30:00 -0400 Subject: [nycphp-talk] Mac OS X users - Widgets for PHP In-Reply-To: <330532b60609271257x440d8ce9xc8df4702b45a3e1a@mail.gmail.com> Message-ID: <4D2FAD9B00577645932AD7ED5FECA24503549546@mail> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I frequent this site a lot + find some great gems (like Teleport!) ... http://osx.iusethis.com http://osx.iusethis.com/app/teleport PHP apps .. http://osx.iusethis.com/search?q=php - - Jon - -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Mitch Pirtle Sent: Wednesday, September 27, 2006 3:57 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Mac OS X users - Widgets for PHP On 9/14/06, Aaron Fischer wrote: > I've been enjoying these widgets and thought others might as well: Wow thanks, other than PHPEclipse and Zend's IDE, I haven't really found any other tools for OS X. Ok, that really means that I just haven't spent that much time or effort searching for them *blush* - -- Mitch _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) iD8DBQFFGvto99e5DI8C/rsRAnYUAJwNp/4D5p5OQJdA+TWretqUwfZakgCgt3Eg AMA3oYoh9YiUYpuMOJHq2RI= =sisX -----END PGP SIGNATURE----- From ajai at bitblit.net Wed Sep 27 18:34:55 2006 From: ajai at bitblit.net (Ajai Khattri) Date: Wed, 27 Sep 2006 18:34:55 -0400 Subject: [nycphp-talk] Mac OS X users - Widgets for PHP In-Reply-To: <330532b60609271257x440d8ce9xc8df4702b45a3e1a@mail.gmail.com> References: <4509728F.1010407@email.smith.edu> <330532b60609271257x440d8ce9xc8df4702b45a3e1a@mail.gmail.com> Message-ID: <451AFC8F.9070105@bitblit.net> Mitch Pirtle wrote: > On 9/14/06, Aaron Fischer wrote: >> I've been enjoying these widgets and thought others might as well: > > Wow thanks, other than PHPEclipse and Zend's IDE, I haven't really > found any other tools for OS X. Those widgets (and more) are listed in the PHP docs: http://www.php.net/tips.php -- A -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajai at bitblit.net Wed Sep 27 18:40:08 2006 From: ajai at bitblit.net (Ajai Khattri) Date: Wed, 27 Sep 2006 18:40:08 -0400 Subject: [nycphp-talk] Mac OS X users - Widgets for PHP In-Reply-To: <4D2FAD9B00577645932AD7ED5FECA24503549546@mail> References: <4D2FAD9B00577645932AD7ED5FECA24503549546@mail> Message-ID: <451AFDC8.8090208@bitblit.net> Baer, Jon wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I frequent this site a lot + find some great gems (like Teleport!) ... Synergy kicks Teleport's butt - Im sharing mouse,keyboard and clipboard across ALL my machines (that would be my Mac, my Linux box and my Windoze box ;-) -- A From codebowl at gmail.com Wed Sep 27 19:20:25 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Wed, 27 Sep 2006 19:20:25 -0400 Subject: [nycphp-talk] Mac OS X users - Widgets for PHP In-Reply-To: <451AFDC8.8090208@bitblit.net> References: <4D2FAD9B00577645932AD7ED5FECA24503549546@mail> <451AFDC8.8090208@bitblit.net> Message-ID: <8d9a42800609271620q7624abe2kb849b0fdd5e4167b@mail.gmail.com> i am a bit confused how you can share the mouse and keyboard between machines without special hardware, do you split the cable 2-3 ways with splitters and connect to each machine? Obviously if the mouse or keyboard is not connected to the machine you cannot use it on that machine. I thought the only way to do this was with a KVM switch Thanks, -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From stefan at carrentalexpress.com Wed Sep 27 19:38:05 2006 From: stefan at carrentalexpress.com (Stefan Klopp) Date: Wed, 27 Sep 2006 16:38:05 -0700 Subject: [nycphp-talk] Mac OS X users - Widgets for PHP In-Reply-To: <8d9a42800609271620q7624abe2kb849b0fdd5e4167b@mail.gmail.com> References: <4D2FAD9B00577645932AD7ED5FECA24503549546@mail> <451AFDC8.8090208@bitblit.net> <8d9a42800609271620q7624abe2kb849b0fdd5e4167b@mail.gmail.com> Message-ID: <451B0B5D.6090300@carrentalexpress.com> Synergy works via your network. Basically you have a client/server setup. So on the machine you have your keyboard and mouse plugged into you run the Synergy server, on the machine you want to use that mouse and keyboard you connect to that server. It is quite fantastic. I have a setup with a KVM as well, letting me develop on my linux box on dual monitors, however have the ability to switch to my windows box at any moment and still move my mouse from screen to screen sharing the clipboard at will. Synergy is absolutely fantastic. Stefan Joseph Crawford wrote: > i am a bit confused how you can share the mouse and keyboard between > machines without special hardware, do you split the cable 2-3 ways > with splitters and connect to each machine? Obviously if the mouse or > keyboard is not connected to the machine you cannot use it on that > machine. > > I thought the only way to do this was with a KVM switch > > Thanks, > > -- > Joseph Crawford Jr. > Zend Certified Engineer > Codebowl Solutions, Inc. > http://www.codebowl.com/ > Blog: http://www.josephcrawford.com/ > 1-802-671-2021 > codebowl at gmail.com > >------------------------------------------------------------------------ > >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk > >NYPHPCon 2006 Presentations Online >http://www.nyphpcon.com > >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php > > -- Stefan Klopp Software Developer and Systems Administrator Car Rental Express.Com Inc. 604-714-5911 (local) 604-608-4965 (fax) 888-557-8188 (toll free) stefan at carrentalexpress.com http://www.carrentalexpress.com This e-mail, including any attachments, may contain confidential material and its transmission is not a waiver of that confidentiality. It is intended for the sole use of the person to whom it is addressed. Any copying, disclosure, distribution or reliance on this material by anyone other than the intended recipient is strictly prohibited. We assume no responsibility to persons other than the intended recipient. If you have received this transmission in error, please notify the sender immediately by reply e-mail and destroy any hard copies you may have printed and remove all electronic copies from your hard drive, network or any other location where electronic information is stored. Thank you. From chsnyder at gmail.com Wed Sep 27 23:08:22 2006 From: chsnyder at gmail.com (csnyder) Date: Wed, 27 Sep 2006 23:08:22 -0400 Subject: [nycphp-talk] CakePHP 1.2 wanted, svn help w/ SSL needed In-Reply-To: References: <4D2FAD9B00577645932AD7ED5FECA24503549464@mail> Message-ID: On 9/27/06, David Mintz wrote: > I downloaded the svn 1.4.0 tarball and the deps Out of curiousity, did you try 'yum install subversion'? Svn, apr, neon, etc seem to be updated on a regular basis, and having the packages installed would free you from having to recompile with each new release... 'yum update' and you're done. yum is the best thing to happen to red hat, ever. -- Chris Snyder http://chxo.com/ From billy.reisinger at gmail.com Thu Sep 28 09:03:38 2006 From: billy.reisinger at gmail.com (Billy Reisinger) Date: Thu, 28 Sep 2006 08:03:38 -0500 Subject: [nycphp-talk] About Human Readable Variable Names Moving Among PHP, HTML and MySQL In-Reply-To: <6.1.2.0.2.20060927145036.02ba64d8@pop.gmx.net> References: <451A9D64.5070601@juxtadigital.com> <6.1.2.0.2.20060927145036.02ba64d8@pop.gmx.net> Message-ID: <6EC37FF7-09CE-4A58-B020-1D69D6383810@gmail.com> > Why not be consistent and make the"w" be upper case as well > $WillGoBackUnderMySteamyPileNow = true; > Some people reserve capitalized variables for class names only, so that function names and variable names will always start with a small letter: class NutJob { var $crazyPerson = "billy"; function whackCrazyPersonOverTheHead(person) { ... } } Seems like a good practice to me. > I can?t tell you how often I borked my > script by just leaving out an e or an s in a variable name. I have this same problem. One thing I have found to help is using an auto-complete feature in my text editor. Not only has it saved me typing time, but also I don't spend as much time debugging, only to find I misspelled some huge variable name. I know jEdit has auto- complete, probably Eclipse, too... From volcimaster at gmail.com Thu Sep 28 09:08:38 2006 From: volcimaster at gmail.com (Warren Myers) Date: Thu, 28 Sep 2006 09:08:38 -0400 Subject: [nycphp-talk] About Human Readable Variable Names Moving Among PHP, HTML and MySQL In-Reply-To: <6EC37FF7-09CE-4A58-B020-1D69D6383810@gmail.com> References: <451A9D64.5070601@juxtadigital.com> <6.1.2.0.2.20060927145036.02ba64d8@pop.gmx.net> <6EC37FF7-09CE-4A58-B020-1D69D6383810@gmail.com> Message-ID: I personally like to use compact variable names, and keep them as tightly scoped as possible. In fact, I don't recall the last time I used a variable whose length was more than 10 characters - it's just not necessary in my opinion. I also come from a C/C++ background, so I tend to think of everything in lowercase - only capitalizing when using external libraries that someone else wrote. WMM On 9/28/06, Billy Reisinger wrote: > > > Why not be consistent and make the"w" be upper case as well > > $WillGoBackUnderMySteamyPileNow = true; > > > > Some people reserve capitalized variables for class names only, so > that function names and variable names will always start with a small > letter: > > class NutJob { > var $crazyPerson = "billy"; > function whackCrazyPersonOverTheHead(person) { ... } > } > > Seems like a good practice to me. > > > I can?t tell you how often I borked my > > script by just leaving out an e or an s in a variable name. > > I have this same problem. One thing I have found to help is using an > auto-complete feature in my text editor. Not only has it saved me > typing time, but also I don't spend as much time debugging, only to > find I misspelled some huge variable name. I know jEdit has auto- > complete, probably Eclipse, too... > > > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- http://warrenmyers.com "God may not play dice with the universe, but something strange is going on with the prime numbers." --Paul Erd?s "It's not possible. We are the type of people who have everything in our favor going against us." --Ben Jarhvi, Short Circuit 2 -------------- next part -------------- An HTML attachment was scrubbed... URL: From dmintz at davidmintz.org Thu Sep 28 09:45:10 2006 From: dmintz at davidmintz.org (David Mintz) Date: Thu, 28 Sep 2006 09:45:10 -0400 (EDT) Subject: [nycphp-talk] yum (was: CakePHP 1.2 wanted...) In-Reply-To: References: <4D2FAD9B00577645932AD7ED5FECA24503549464@mail> Message-ID: On Wed, 27 Sep 2006, csnyder wrote: > On 9/27/06, David Mintz wrote: > > I downloaded the svn 1.4.0 tarball and the deps > > Out of curiousity, did you try 'yum install subversion'? [david at mintz cake]$ sudo yum install subversion Setting up Install Process Setting up repositories core 100% |=========================| 1.1 kB 00:00 dries 100% |=========================| 951 B 00:00 freshrpms 100% |=========================| 951 B 00:00 rpmforge 100% |=========================| 951 B 00:00 extras 100% |=========================| 1.1 kB 00:00 newrpms.sunsite.dk 100% |=========================| 951 B 00:00 updates 100% |=========================| 951 B 00:00 updates-released 100% |=========================| 951 B 00:00 base 100% |=========================| 1.1 kB 00:00 Reading repository metadata in from local files Parsing package install arguments Nothing to do [david at mintz cake]$ sudo yum update subversion [bla bla bla] No Packages marked for Update/Obsoletion > Svn, apr, neon, etc seem to be updated on a regular basis, and having > the packages installed would free you from having to recompile with > each new release... 'yum update' and you're done. You would think. That's the whole point, ain't it. > yum is the best thing to happen to red hat, ever. Historically it's been good to me, but lately I get disappointed a lot. Might it have to do with the phasing-out of FC 4? Maybe the entries in my /etc/yum.repos.d are wanting. --- David Mintz http://davidmintz.org/ Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. From ramons at gmx.net Thu Sep 28 11:11:26 2006 From: ramons at gmx.net (David Krings) Date: Thu, 28 Sep 2006 11:11:26 -0400 Subject: [nycphp-talk] About Human Readable Variable Names Moving Among PHP, HTML and MySQL In-Reply-To: <6EC37FF7-09CE-4A58-B020-1D69D6383810@gmail.com> References: <451A9D64.5070601@juxtadigital.com> <6.1.2.0.2.20060927145036.02ba64d8@pop.gmx.net> <6EC37FF7-09CE-4A58-B020-1D69D6383810@gmail.com> Message-ID: <6.1.2.0.2.20060928110754.02c200d8@pop.gmx.net> At 09:03 AM 9/28/2006, you wrote: > > I can?t tell you how often I borked my > > script by just leaving out an e or an s in a variable name. > >I have this same problem. One thing I have found to help is using an >auto-complete feature in my text editor. Not only has it saved me >typing time, but also I don't spend as much time debugging, only to >find I misspelled some huge variable name. I know jEdit has auto- >complete, probably Eclipse, too... I use Enginsite PHP Editor, which has a hint function upon pressing Control + Space. A real autocomplete would be much nicer, but that is asking a bit too much for a PHP IDE under 100$. I tried the Eclipse based PHP IDEs and I somehow don't like it. It is really obvious that Eclipse wasn't designed with PHP in mind. I like Zend, but that is by far too expensive for hobby use...at least for me. From chsnyder at gmail.com Thu Sep 28 11:38:59 2006 From: chsnyder at gmail.com (csnyder) Date: Thu, 28 Sep 2006 11:38:59 -0400 Subject: [nycphp-talk] yum (was: CakePHP 1.2 wanted...) In-Reply-To: References: <4D2FAD9B00577645932AD7ED5FECA24503549464@mail> Message-ID: On 9/28/06, David Mintz wrote: > Historically it's been good to me, but lately I get disappointed a lot. > Might it have to do with the phasing-out of FC 4? Maybe the entries in my > /etc/yum.repos.d are wanting. Looks like support has been moved to Fedora Legacy Project: http://www.fedoralegacy.org/ Fedora Legacy is another very good thing. I still have an (inherited) RH8 server in production. Ok, sorry for all the OT, folks. From ereyes at totalcreations.com Thu Sep 28 15:30:13 2006 From: ereyes at totalcreations.com (Edgar Reyes) Date: Thu, 28 Sep 2006 15:30:13 -0400 Subject: [nycphp-talk] Cart In-Reply-To: <20060924004328.22904.qmail@web52207.mail.yahoo.com> Message-ID: <00c301c6e334$85102470$6500a8c0@ERTop> Hello, I have a quick question, I have a client that needs a shopping cart, that's not a big deal, the thing is that he wants the customers to be able to pick a sign size from a list, the font color, color of sign which is no big it can just be pull downs as they are specific size colors etc, after they are done customizing the products hit a preview button and have an image generated of the sign they wanted. And have the image saved as an EPS file. Any suggestion would be greatly appreciated, I think I saw a site using OSCommerce doing something like this, is this a plug in for OSCommerce? Thanks. ER From codebowl at gmail.com Thu Sep 28 17:39:42 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Thu, 28 Sep 2006 17:39:42 -0400 Subject: [nycphp-talk] Cart In-Reply-To: <00c301c6e334$85102470$6500a8c0@ERTop> References: <20060924004328.22904.qmail@web52207.mail.yahoo.com> <00c301c6e334$85102470$6500a8c0@ERTop> Message-ID: <8d9a42800609281439h1ddc9fc1scb975eee5ad59abe@mail.gmail.com> Hello, I am not sure if php can generate EPS files if so it probably uses a 3rd party library like the GD Library, i am not even sure if GD can do EPS files. However you would have to custom code something (if an osCommerce extension does not exist) If you could use a PNG or JPG file then i would look into using the GD Library but a quick google search did not turn up anything for EPS Files with PHP. Thanks, -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From ereyes at totalcreations.com Thu Sep 28 17:56:05 2006 From: ereyes at totalcreations.com (Edgar Reyes) Date: Thu, 28 Sep 2006 17:56:05 -0400 Subject: [nycphp-talk] Cart In-Reply-To: <8d9a42800609281439h1ddc9fc1scb975eee5ad59abe@mail.gmail.com> Message-ID: <013c01c6e348$e5e023e0$6500a8c0@ERTop> Thank you for the reply Joseph, I think ImageMagic can generate EPS files, I remember reading something about it, will have to go back and look into that. Again thank you. ER _____ From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Joseph Crawford Sent: Thursday, September 28, 2006 4:40 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Cart Hello, I am not sure if php can generate EPS files if so it probably uses a 3rd party library like the GD Library, i am not even sure if GD can do EPS files. However you would have to custom code something (if an osCommerce extension does not exist) If you could use a PNG or JPG file then i would look into using the GD Library but a quick google search did not turn up anything for EPS Files with PHP. Thanks, -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajai at bitblit.net Thu Sep 28 19:16:02 2006 From: ajai at bitblit.net (Ajai Khattri) Date: Thu, 28 Sep 2006 19:16:02 -0400 Subject: [nycphp-talk] Mac OS X users - Widgets for PHP In-Reply-To: <8d9a42800609271620q7624abe2kb849b0fdd5e4167b@mail.gmail.com> References: <4D2FAD9B00577645932AD7ED5FECA24503549546@mail> <451AFDC8.8090208@bitblit.net> <8d9a42800609271620q7624abe2kb849b0fdd5e4167b@mail.gmail.com> Message-ID: <451C57B2.60703@bitblit.net> Joseph Crawford wrote: > i am a bit confused how you can share the mouse and keyboard between > machines without special hardware, do you split the cable 2-3 ways > with splitters and connect to each machine? Obviously if the mouse or > keyboard is not connected to the machine you cannot use it on that > machine. > > I thought the only way to do this was with a KVM switch Synergy is basically a "software KVM" - as long as the machines can talk TCP/IP to each other, they can use it. -- A From ajai at bitblit.net Thu Sep 28 19:16:52 2006 From: ajai at bitblit.net (Ajai Khattri) Date: Thu, 28 Sep 2006 19:16:52 -0400 Subject: [nycphp-talk] Mac OS X users - Widgets for PHP In-Reply-To: <451B0B5D.6090300@carrentalexpress.com> References: <4D2FAD9B00577645932AD7ED5FECA24503549546@mail> <451AFDC8.8090208@bitblit.net> <8d9a42800609271620q7624abe2kb849b0fdd5e4167b@mail.gmail.com> <451B0B5D.6090300@carrentalexpress.com> Message-ID: <451C57E4.7030707@bitblit.net> Stefan Klopp wrote: > Synergy works via your network. Basically you have a client/server > setup. So on the machine you have your keyboard and mouse plugged into > you run the Synergy server, on the machine you want to use that mouse > and keyboard you connect to that server. It is quite fantastic. I have a > setup with a KVM as well, letting me develop on my linux box on dual > monitors, however have the ability to switch to my windows box at any > moment and still move my mouse from screen to screen sharing the > clipboard at will. Synergy is absolutely fantastic. Also, if your "master" machine is a Mac, there is a nice GUI for it. -- A From chris at theyellowbox.com Thu Sep 28 20:22:15 2006 From: chris at theyellowbox.com (Chris Merlo) Date: Thu, 28 Sep 2006 20:22:15 -0400 Subject: [nycphp-talk] Cart In-Reply-To: <013c01c6e348$e5e023e0$6500a8c0@ERTop> References: <8d9a42800609281439h1ddc9fc1scb975eee5ad59abe@mail.gmail.com> <013c01c6e348$e5e023e0$6500a8c0@ERTop> Message-ID: <946586480609281722h6846655w2a5dba990b5d1cd3@mail.gmail.com> On 9/28/06, Edgar Reyes wrote: > > Thank you for the reply Joseph, > > I think ImageMagic can generate EPS files, I remember reading something > about it, will have to go back and look into that. > Check this out: http://freshmeat.net/projects/a2ping/ A Perl script (oh, the horrors!) that can turn just about anything into just about anything else. I've used it before for .eps files. HTH, -c -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul at devonianfarm.com Thu Sep 28 22:14:00 2006 From: paul at devonianfarm.com (Paul Houle) Date: Thu, 28 Sep 2006 22:14:00 -0400 Subject: [nycphp-talk] Cake PHP and "Active Records" Message-ID: <451C8168.7030409@devonianfarm.com> I greatly enjoyed the talk about Cake. I've been thinking a lot about "Active Records" as a part of web frameworks. There are quite a few ways to implement them and they all have some strengths and weaknesses. I'm convinced that we need active records to simplify the writing of secure and maintainable code, but there's still an impedance mismatch between SQL and objects. Cake's model has a lot of vertical integration with the rest of the framework, which helps in the rapid development department. As I understand it, developers build out a number of classes that extend AppModel. They can add methods to define actions on the model, override methods to change behaviors, and define a few variables to set metadata. One of the interesting questions is early loading versus lazy loading. The Active Record from Ruby on Rails, for instance, lazy loads everything and caches nothing. When you ask for 'User.name', Ruby immediately does something like SELECT name from user where id=66; This is elegant. It may even be efficient when we can avoid SELECTing big values (say the text of a blog post.) Unfortunately, it takes six SELECT statements to get the value of six columns for a single row, and 60 SELECT statements to get those values for ten columns (say to see the last ten blog posts.) I've been playing around with something I call a "passive record"; like RoR, passive records get their behaviors determined by run-time introspection of the database. You don't subclass passive_record to represent classes: this is one less thing for you to maintain, but you do lose a good extension point. The code looks something like // may be something like $user_table=$factory->table in the future $user_table=new locust_passive_table($conn,"user","); $user=$user_table->fetch_record($user_id); echo $user->first_name; $conn, by the way, is an instance of an OO database access library I've written. It's got some nice features: you can say $conn->select_scalar("SELECT COUNT(*) FROM .."); $conn->select_scalars("SELECT measurement FROM measurements"); Column values are held in a protected array, access to variables like first_name goes through "magic" __get and __set methods. (This enables a ~sweet~ syntax.) If you want to make changes to the record, you can do something like $user->first_name="Bozo"; $user->last_name="Clown"; $user->update(); Now there are interesting questions: the easy way to implement update() is to do something like UPDATE user SET first_name='Bozo',... WHERE user_id=$user_id iterating over ALL the columns in the row to generate the SET clause. This sets you up for "lost update" problems, however. Let's imagine that Bozo is updating his user record, and that user.suspended="n" in the database before the above code gets called. in the process that's doing the above. Imagine that a sysadmin uses a PHP script to suspend Bozo's access... $user->suspended="y"; $user->update(); after the first process does fetch_record() and before the first process does update(). As a result of this race condition, "Bozo" unsuspends himself, a bad outcome. One answer to this problem is to keep track of which variables have been "touched", and flush out only the ones that have been "touched". This isn't very hard to do. It doesn't eliminate every possible "lost update" situation, but it eliminates many of them. Since RoR does SELECTs and UPDATEs as you get and set variables, it avoids much of this trouble, but opens up another can of worms. If you're not using transactions (or if you're running the READ COMMITTED isolation levels), other processes can see intermediate states. Another process might see a new first name and an old last name: once again, a source of strange, hard to understand and fix bugs. If you are using transactions, you're forcing the database to hold the "transaction window" open for longer, which slows the database down and increases the risk of failed transactions and deadlocks. It looks like Cake uses early loading quite consistently... Looking at http://manual.cakephp.org/chapter/models if I do $user = $this->User->read(null, '25') for a user who is linked to a comment table, I'd get back an array of comments, so I can do something like echo $user["comments"]["5"]["body"]; If I wanted to display a list of (selected) users, I might want to display the number of comments that they've made, and I could do that by doing echo count($user["comments"]); This is quite intuitive. It's even reasonably efficient if a user has, say, 3 comments, but it would be quite slow for a user who has 800 comments. Efficiency demands that the database do the counting work in this case... I don't really care if it's done by: (1) A COUNT(*) generated for every user row, (2) A JOIN/GROUP BY/COUNT(*) over the user and comment rows, or (3) A sub-select over comment inside the select on user, but it's essential that a framework lets me do this. It would be nice if the framework did 1, 2 or 3 automatically, but I could live with it if I had to do (1) manually, either in SQL or via the framework. It's straightforward to implement lazy loading if you're using __get and __set... In that case, you don't even need to look at related tables until a user asks a question about them, say,... $user->count("comments"); or asks for $user->comments[3]->body. In the latter case, there are two places where we can lazy load: (i) when the user asks for the comments[] array, and (ii) when the user asks for the "body" property of $user->comments[3]. As always, we've got a choices... We can (A) populate the comments array with fully-formed passive_records when we create it (one SELECT), or (B) create a number of "empty" passive_records that contain a comment id and lazy-load the rest of the variables when needed. Which one is best depends on your case... If you want them all, (A) makes a lot of sense. If you want to look at the first 10 comments, (B) works better, but this is still going to be slower than the old-fashioned way with SELECT * FROM comments WHERE user_id LIMIT 10... Although I suppose you could add some special method to do $comments=$user->fetch_related("comments",10); My feeling about this is that I can't accept an "Active Record" implementation that (sometimes) uses the database in an outrageously inefficient way. I might trade a factor of 2 for convenience, but you can certainly get into situations where the RoR way and the PHPCake way could cost you a factor of 10 or more. I have to admit that I really don't know the answer. Something I really admire from the Java Spring Framework is a JDBC wrapper which throws named exceptions for database errors: see http://www.springframework.org/docs/api/org/springframework/dao/DataAccessException.html My current $conn object lets me do try { $conn->query("INSERT ..." } catch(DuplicateKeySQLException e) and that's really nice. It would be nice to have a fleshed-out hiearchy of exceptions for database errors to make error handling a snap. From paul at devonianfarm.com Thu Sep 28 22:19:44 2006 From: paul at devonianfarm.com (Paul Houle) Date: Thu, 28 Sep 2006 22:19:44 -0400 Subject: [nycphp-talk] [OT] grep assistance In-Reply-To: <001701c6e164$38202dd0$6701a8c0@SUNCODE1> References: <001701c6e164$38202dd0$6701a8c0@SUNCODE1> Message-ID: <451C82C0.9060708@devonianfarm.com> Peter Sawczynec wrote: > 62[8-9]|6[3-9][0-9]|7[0-8][0-1] > > Using your clues, above will match 628 through 781 only, correct? > > Peter > No, it doesn't match 779. This is why awk is a better way to do this than grep... It's too hard to understand what these regexes do and too easy to make a mistake writing them. From jonbaer at jonbaer.com Thu Sep 28 23:25:21 2006 From: jonbaer at jonbaer.com (Jon Baer) Date: Thu, 28 Sep 2006 23:25:21 -0400 Subject: [nycphp-talk] Cake PHP and "Active Records" In-Reply-To: <451C8168.7030409@devonianfarm.com> References: <451C8168.7030409@devonianfarm.com> Message-ID: <721D6F1D-D519-49AB-B39F-7D791BA5C8B2@jonbaer.com> I think the one slick point that gets missed w/ Cake is the fact that you can effectively bind and unbind your associations @ any time and in any way you wish (paying attention to the default association sql query it uses) ... this is a bit more advanced topic but basically your right + RoR can do it because the entire language is dynamic @ runtime ... Im still learning about this more but there is definitely a step @ the end of your application Id call "Tweaking and Optimizing your Models" which is pretty absent right now. Out of the box its a very basic structure but much like you would have a DBA tune a Stored Proc, you would/could do the same to Cake models. From what Nate said is that it will be made an easier process in 1.2 ... The 'passive record' idea sounds pretty interesting + I think you would be able to do something like this w/ a behavior + beforeFind() hooks. Also the Set::map($model) stuff should help w/ doing the same __get() __set() magic on your own models. Im pretty sure it will be a useful item all around. - Jon On Sep 28, 2006, at 10:14 PM, Paul Houle wrote: > My feeling about this is that I can't accept an "Active Record" > implementation that (sometimes) uses the database in an outrageously > inefficient way. I might trade a factor of 2 for convenience, but > you > can certainly get into situations where the RoR way and the PHPCake > way > could cost you a factor of 10 or more. I have to admit that I really > don't know the answer. From codebowl at gmail.com Fri Sep 29 00:17:24 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Fri, 29 Sep 2006 00:17:24 -0400 Subject: [nycphp-talk] Mac OS X users - Widgets for PHP In-Reply-To: <451C57E4.7030707@bitblit.net> References: <4D2FAD9B00577645932AD7ED5FECA24503549546@mail> <451AFDC8.8090208@bitblit.net> <8d9a42800609271620q7624abe2kb849b0fdd5e4167b@mail.gmail.com> <451B0B5D.6090300@carrentalexpress.com> <451C57E4.7030707@bitblit.net> Message-ID: <8d9a42800609282117v39d7e5c1g526592cdc537ae85@mail.gmail.com> will this work with a bluetooth mouse such as the mighty mouse? -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From jonbaer at jonbaer.com Fri Sep 29 00:23:11 2006 From: jonbaer at jonbaer.com (Jon Baer) Date: Fri, 29 Sep 2006 00:23:11 -0400 Subject: [nycphp-talk] [OT] grep assistance In-Reply-To: <451C82C0.9060708@devonianfarm.com> References: <001701c6e164$38202dd0$6701a8c0@SUNCODE1> <451C82C0.9060708@devonianfarm.com> Message-ID: <222C1DD2-F143-4E11-950D-8BDCEC59C5E8@jonbaer.com> He is right, awk for a number range works wonders ... echo "123" | awk '//{n=$1;if(n>100 && n<200)print}' - Jon On Sep 28, 2006, at 10:19 PM, Paul Houle wrote: > Peter Sawczynec wrote: >> 62[8-9]|6[3-9][0-9]|7[0-8][0-1] >> >> Using your clues, above will match 628 through 781 only, correct? >> >> Peter >> > No, it doesn't match 779. This is why awk is a better way to do > this than grep... It's too hard to understand what these regexes > do and > too easy to make a mistake writing them. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From msams992000 at yahoo.com.au Fri Sep 29 09:48:52 2006 From: msams992000 at yahoo.com.au (Mark Sams) Date: Fri, 29 Sep 2006 23:48:52 +1000 (EST) Subject: [nycphp-talk] Cake PHP and "Active Records" In-Reply-To: <222C1DD2-F143-4E11-950D-8BDCEC59C5E8@jonbaer.com> Message-ID: <20060929134852.69048.qmail@web36104.mail.mud.yahoo.com> On Sep 28, 2006, at 10:14 PM, Paul Houle wrote: > My feeling about this is that I can't accept > an "Active Record" implementation that (sometimes) > uses the database in an outrageously inefficient way. There is a good discussion on the qcodo site of "Active Record" implementations. Specifically comparing the RoR (and Cake) metaprogramming vs direct code generation. http://www.qcodo.com/documentation/article.php/6 ____________________________________________________ On Yahoo!7 Messenger - IM with Windows Live? Messenger friends. http://au.messenger.yahoo.com From phil at bearingasset.com Fri Sep 29 10:24:36 2006 From: phil at bearingasset.com (Phil Duffy) Date: Fri, 29 Sep 2006 10:24:36 -0400 Subject: [nycphp-talk] Significance of the '::' Notation/Convention in Functions Message-ID: <20060929142433.ECB3BA85E9@virtu.nyphp.org> What is the significance of the '::' notation in functions? It seems to appear in PEAR, as in PEAR::isError() , but I have also seen it in Seagull, which is based upon PEAR. I assume it is not a part of pure PHP since it doesn't appear in any of the indices in the PHP books I have read. I have not found an explanation of this notation in the PEAR Manual. Phil Duffy -------------- next part -------------- An HTML attachment was scrubbed... URL: From scott at crisscott.com Fri Sep 29 10:28:43 2006 From: scott at crisscott.com (Scott Mattocks) Date: Fri, 29 Sep 2006 10:28:43 -0400 Subject: [nycphp-talk] Significance of the '::' Notation/Convention in Functions In-Reply-To: <20060929142433.ECB3BA85E9@virtu.nyphp.org> References: <20060929142433.ECB3BA85E9@virtu.nyphp.org> Message-ID: <451D2D9B.1060901@crisscott.com> It is used to call methods statically and it is part of "pure" PHP. http://us2.php.net/manual/en/keyword.paamayim-nekudotayim.php Phil Duffy wrote: > What is the significance of the '::' notation in functions? It seems to > appear in PEAR, as in PEAR::isError() > , but I have also > seen it in Seagull, which is based upon PEAR. I assume it is not a part of > pure PHP since it doesn't appear in any of the indices in the PHP books I > have read. I have not found an explanation of this notation in the PEAR > Manual. > > Phil Duffy > > > > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php -- Scott Mattocks Author of: Pro PHP-GTK http://www.crisscott.com From chsnyder at gmail.com Fri Sep 29 10:59:09 2006 From: chsnyder at gmail.com (csnyder) Date: Fri, 29 Sep 2006 10:59:09 -0400 Subject: [nycphp-talk] Cart In-Reply-To: <946586480609281722h6846655w2a5dba990b5d1cd3@mail.gmail.com> References: <8d9a42800609281439h1ddc9fc1scb975eee5ad59abe@mail.gmail.com> <013c01c6e348$e5e023e0$6500a8c0@ERTop> <946586480609281722h6846655w2a5dba990b5d1cd3@mail.gmail.com> Message-ID: On 9/28/06, Chris Merlo wrote: > On 9/28/06, Edgar Reyes wrote: > > I think ImageMagic can generate EPS files, I remember reading something > about it, will have to go back and look into that. > Check this out: > http://freshmeat.net/projects/a2ping/ > A Perl script (oh, the horrors!) that can turn just about anything into just > about anything else. I've used it before for .eps files. I assume the point of converting to EPS is so the text is in vector format and can therefore be enlarged indefinitely without loss of quality. Whatever you use to generate the image, be sure that the text isn't rasterized (converted to bitmap) before you export. It seems like the pslib functions (http://us2.php.net/ps) or any of the PDF-generating tools that have been mentioned here before might be a better way to go than either GD or ImageMagick. -- Chris Snyder http://chxo.com/ From phil at bearingasset.com Fri Sep 29 11:16:48 2006 From: phil at bearingasset.com (Phil Duffy) Date: Fri, 29 Sep 2006 11:16:48 -0400 Subject: [nycphp-talk] Significance of the '::' Notation/Convention in Functions In-Reply-To: <451D2D9B.1060901@crisscott.com> Message-ID: <20060929151631.2E46EA85E9@virtu.nyphp.org> Thanks, Scott. That was what I needed. Phil > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] > On Behalf Of Scott Mattocks > Sent: Friday, September 29, 2006 9:29 AM > To: NYPHP Talk > Subject: Re: [nycphp-talk] Significance of the '::' Notation/Convention in > Functions > > It is used to call methods statically and it is part of "pure" PHP. > > http://us2.php.net/manual/en/keyword.paamayim-nekudotayim.php > > Phil Duffy wrote: > > What is the significance of the '::' notation in functions? It seems to > > appear in PEAR, as in PEAR::isError() > > , but I have > also > > seen it in Seagull, which is based upon PEAR. I assume it is not a part > of > > pure PHP since it doesn't appear in any of the indices in the PHP books > I > > have read. I have not found an explanation of this notation in the PEAR > > Manual. > > > > Phil Duffy > > > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > -- > Scott Mattocks > Author of: Pro PHP-GTK > http://www.crisscott.com > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From devrieda at gmail.com Fri Sep 29 12:30:39 2006 From: devrieda at gmail.com (Derek DeVries) Date: Fri, 29 Sep 2006 09:30:39 -0700 Subject: [nycphp-talk] Cake PHP and "Active Records" In-Reply-To: <20060929134852.69048.qmail@web36104.mail.mud.yahoo.com> References: <222C1DD2-F143-4E11-950D-8BDCEC59C5E8@jonbaer.com> <20060929134852.69048.qmail@web36104.mail.mud.yahoo.com> Message-ID: <7bdec5870609290930i2d01a0bbw83469e8c5bfefe9f@mail.gmail.com> One of the interesting questions is early loading versus lazy loading. The Active Record from Ruby on Rails, for instance, lazy loads everything and caches nothing. When you ask for 'User.name', Ruby immediately does something like SELECT name from user where id=66; Actually, in Rails the following occurs: >> User.name NoMethodError: undefined method `name' for User:Class from /usr/local/lib/ruby/gems/1.8/gems/activerecord-1.14.4/lib/active_record/base.rb:1129:in `method_missing' from (irb):1 FYI, you can't do this. User is a class, so you need to first find an user object whose attributes you want to get the records for. >> user = User.find(1) This will execute the SQL query: SELECT * FROM users WHERE (users.id = 1) LIMIT 1 >> puts user.name => derek This will execute the SQL query: SHOW FIELDS FROM users BUT... Only in development mode. On production it caches this info and no sql is executed >> puts user.email => devrieda at gmail.com now, no SQL query is executed. We've already introspected the db. As far as eager loading sql queries, Rails has a method of doing this. The sql for finding all comments could be written as >> user = User.find(1, :include => :comments) This would generate a single sql query to retrieve the user and all associated comments so that you can now do: >> for comment in user.comments >> puts comment.body >> end This can also cascade as much as you want and continues to only perform one db query. >> user = User.find(1, :include=>{:posts=>[:comments, :categorizations]}) a better explanation of how it works can be found here: http://blog.caboo.se/articles/2006/02/21/eager-loading-with-cascaded-associations This is very possible in php, and I've written an implementation of ActiveRecord in PHP that uses the following syntax: >> $user = User::find(1, array('include' => array('posts' => array('comments', 'categorizations')))); which can do something like this with the resulting data: >> foreach ($user->posts as $post) { >> print $post->title; >> >> foreach ($post->comments as $comment) { >> print $comment->body; >> } >> foreach ($post->categorizations as $comment) { >> print $categorizations->name; >> } >> } not terribly pretty with all the array(array(array())), but it's what we have to work with in PHP. this can get slow when there are many associations for the active record objects, and many records are being loaded from the db. Our own application however doesn't seem to have any problems because we tend to use paging on any items that tend to appear in sets greater than 250 records in the interface. From jbaer at VillageVoice.com Fri Sep 29 14:21:16 2006 From: jbaer at VillageVoice.com (Baer, Jon) Date: Fri, 29 Sep 2006 14:21:16 -0400 Subject: [nycphp-talk] Cake PHP and "Active Records" In-Reply-To: <7bdec5870609290930i2d01a0bbw83469e8c5bfefe9f@mail.gmail.com> Message-ID: <4D2FAD9B00577645932AD7ED5FECA24503738DF1@mail> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This already works in CakePHP ... The DESCRIBE TABLE is performed and cached under /tmp/models (describing the table structure only once) You can also optimize your cascades by specifically telling the model what you want from the join, ie: $this->Model->findAll(null, array("Model.col1","OtherModel.col3")); On your view use pr($this->_viewVars) and you will see the object layout. So in a nutshell, its pretty identical to RoR. - - Jon - -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Derek DeVries Sent: Friday, September 29, 2006 12:31 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Cake PHP and "Active Records" One of the interesting questions is early loading versus lazy loading. The Active Record from Ruby on Rails, for instance, lazy loads everything and caches nothing. When you ask for 'User.name', Ruby immediately does something like SELECT name from user where id=66; Actually, in Rails the following occurs: >> User.name NoMethodError: undefined method `name' for User:Class from /usr/local/lib/ruby/gems/1.8/gems/activerecord-1.14.4/lib/active_record/ base.rb:1129:in `method_missing' from (irb):1 FYI, you can't do this. User is a class, so you need to first find an user object whose attributes you want to get the records for. >> user = User.find(1) This will execute the SQL query: SELECT * FROM users WHERE (users.id = 1) LIMIT 1 >> puts user.name => derek This will execute the SQL query: SHOW FIELDS FROM users BUT... Only in development mode. On production it caches this info and no sql is executed >> puts user.email => devrieda at gmail.com now, no SQL query is executed. We've already introspected the db. As far as eager loading sql queries, Rails has a method of doing this. The sql for finding all comments could be written as >> user = User.find(1, :include => :comments) This would generate a single sql query to retrieve the user and all associated comments so that you can now do: >> for comment in user.comments >> puts comment.body >> end This can also cascade as much as you want and continues to only perform one db query. >> user = User.find(1, :include=>{:posts=>[:comments, >> :categorizations]}) a better explanation of how it works can be found here: http://blog.caboo.se/articles/2006/02/21/eager-loading-with-cascaded-ass ociations This is very possible in php, and I've written an implementation of ActiveRecord in PHP that uses the following syntax: >> $user = User::find(1, array('include' => array('posts' => array('comments', 'categorizations')))); which can do something like this with the resulting data: >> foreach ($user->posts as $post) { >> print $post->title; >> >> foreach ($post->comments as $comment) { >> print $comment->body; >> } >> foreach ($post->categorizations as $comment) { >> print $categorizations->name; >> } >> } not terribly pretty with all the array(array(array())), but it's what we have to work with in PHP. this can get slow when there are many associations for the active record objects, and many records are being loaded from the db. Our own application however doesn't seem to have any problems because we tend to use paging on any items that tend to appear in sets greater than 250 records in the interface. _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) iD8DBQFFHWQc99e5DI8C/rsRArC6AJ0S4Fo5MXHljCuQC8tFmrlTj6KNtQCeKzIL xGCn13LnBzsYX8XI/PmK0jA= =mRn2 -----END PGP SIGNATURE----- From ereyes at totalcreations.com Fri Sep 29 16:05:19 2006 From: ereyes at totalcreations.com (Edgar Reyes) Date: Fri, 29 Sep 2006 16:05:19 -0400 Subject: [nycphp-talk] Cart In-Reply-To: Message-ID: <005201c6e402$9686c500$6500a8c0@ERTop> Thanks for the tip.. ER -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of csnyder Sent: Friday, September 29, 2006 9:59 AM To: NYPHP Talk Subject: Re: [nycphp-talk] Cart On 9/28/06, Chris Merlo wrote: > On 9/28/06, Edgar Reyes wrote: > > I think ImageMagic can generate EPS files, I remember reading something > about it, will have to go back and look into that. > Check this out: > http://freshmeat.net/projects/a2ping/ > A Perl script (oh, the horrors!) that can turn just about anything into just > about anything else. I've used it before for .eps files. I assume the point of converting to EPS is so the text is in vector format and can therefore be enlarged indefinitely without loss of quality. Whatever you use to generate the image, be sure that the text isn't rasterized (converted to bitmap) before you export. It seems like the pslib functions (http://us2.php.net/ps) or any of the PDF-generating tools that have been mentioned here before might be a better way to go than either GD or ImageMagick. -- Chris Snyder http://chxo.com/ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From ajai at bitblit.net Fri Sep 29 23:32:27 2006 From: ajai at bitblit.net (Ajai Khattri) Date: Fri, 29 Sep 2006 23:32:27 -0400 Subject: [nycphp-talk] Mac OS X users - Widgets for PHP In-Reply-To: <8d9a42800609282117v39d7e5c1g526592cdc537ae85@mail.gmail.com> References: <4D2FAD9B00577645932AD7ED5FECA24503549546@mail> <451AFDC8.8090208@bitblit.net> <8d9a42800609271620q7624abe2kb849b0fdd5e4167b@mail.gmail.com> <451B0B5D.6090300@carrentalexpress.com> <451C57E4.7030707@bitblit.net> <8d9a42800609282117v39d7e5c1g526592cdc537ae85@mail.gmail.com> Message-ID: <451DE54B.8000007@bitblit.net> Joseph Crawford wrote: > will this work with a bluetooth mouse such as the mighty mouse? Sure - this is a software solution so you can use whatever hardware you want. (I use a MacAlly bluetooth mouse on my Mac - no problems). -- A From codebowl at gmail.com Sat Sep 30 10:01:15 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Sat, 30 Sep 2006 10:01:15 -0400 Subject: [nycphp-talk] RSS and Images Message-ID: <8d9a42800609300701s300621eax6e053260576f7e95@mail.gmail.com> Hey Guys, I am running wordpress 2.0 on my site josephcrawford.com and i notice that when i post images in the entries they are not showing in the rss. http://www.josephcrawford.com/rss/ however sites like TUAW do http://www.tuaw.com/rss.xml are they writing custom code or is there a way to do this with wordpress 2.0 ? -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at jobsforge.com Sat Sep 30 10:23:44 2006 From: matt at jobsforge.com (Matthew Terenzio) Date: Sat, 30 Sep 2006 10:23:44 -0400 Subject: [nycphp-talk] RSS and Images In-Reply-To: <8d9a42800609300701s300621eax6e053260576f7e95@mail.gmail.com> References: <8d9a42800609300701s300621eax6e053260576f7e95@mail.gmail.com> Message-ID: <44fdd8e8af571b577e3fffc411a76918@jobsforge.com> Joseph, If by "showing in the RSS" you mean the enclosure element, I think you need to make the image or mp3 or whatever an link with an absolute url to the file. Check out my test post: http://blog.classyfeeds.com/rss2/ I just added a link in the body of the post to the absolute url of the file and Wordpress created the enclosure. This is WP 2.0 Matt Terenzio On Sep 30, 2006, at 10:01 AM, Joseph Crawford wrote: > Hey Guys, > > I am running wordpress 2.0 on my site josephcrawford.com and i notice > that when i post images in the entries they are not showing in the > rss. > > http://www.josephcrawford.com/rss/ > > however sites like TUAW do > > http://www.tuaw.com/rss.xml > > are they writing custom code or is there a way to do this with > wordpress 2.0? > > > -- > Joseph Crawford Jr. > Zend Certified Engineer > Codebowl Solutions, Inc. > http://www.codebowl.com/ > Blog: http://www.josephcrawford.com/ > 1-802-671-2021 > codebowl at gmail.com_______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From chuck at horde.org Sat Sep 30 14:34:46 2006 From: chuck at horde.org (Chuck Hagenbuch) Date: Sat, 30 Sep 2006 14:34:46 -0400 Subject: [nycphp-talk] Feedback/requests for Horde talk Message-ID: <20060930143446.6mqexk4uscggss04@technest.org> Hi folks! I'm happy to be coming down to NYPHP in January: http://www.nyphp.org/content/calendar/view_entry.php?id=98 I'd love to get some feedback on what people would like me to focus on for the talk. The blurb posted is a shorter, updated version of the tutorial I did at NYPHPCon. Requests, comments, etc. would all be very helpful. Thanks, -chuck -- "we are plastered to the windshield of the bus that is time." - Chris From codebowl at gmail.com Sat Sep 30 21:30:17 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Sat, 30 Sep 2006 21:30:17 -0400 Subject: [nycphp-talk] RSS and Images In-Reply-To: <44fdd8e8af571b577e3fffc411a76918@jobsforge.com> References: <8d9a42800609300701s300621eax6e053260576f7e95@mail.gmail.com> <44fdd8e8af571b577e3fffc411a76918@jobsforge.com> Message-ID: <8d9a42800609301830q7612000bi4f2f82d018cc0a74@mail.gmail.com> Matt, All of my images are linked with http://www.josephcrawford.com/wp-content/uploads/ etc... However they do not show in the rss, you can see the site at http://www.josephcrawford.com and then check the rss in http://www.josephcrawford.com/rss/ Thanks, -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: