From ashaw at polymerdb.org Fri Jan 2 12:05:39 2009 From: ashaw at polymerdb.org (Allen Shaw) Date: Fri, 02 Jan 2009 11:05:39 -0600 Subject: [nycphp-talk] escapeshellcmd stupidity? Message-ID: <495E4963.7050204@polymerdb.org> Hi All, I have a shell script that manages my todo list, and I'd like to access it through the Web as well, for convenience when I'm traveling. ssh is not ideal here, since Web gives me access from any machine without downloading PuTTY, for example. Basic auth seems enough to protect my todo list from abuse, but the stakes get higher when we consider that I'm accepting shell script arguments over the web -- poor security could easily lead to arbitrary code being passed to the shell. Can anyone here comment on the wisdom of relying on escapeshellcmd() in a situation like this? For example: It looks right to me, and I've confirmed that it "works," but I can't test to confirm it's "safe." I'd appreciate it if someone more experienced could tell me if this is just a Bad Idea. Thanks, Allen -- Allen Shaw slidePresenter (http://slides.sourceforge.net) From edwardpotter at gmail.com Fri Jan 2 12:23:46 2009 From: edwardpotter at gmail.com (Edward Potter) Date: Fri, 2 Jan 2009 12:23:46 -0500 Subject: [nycphp-talk] escapeshellcmd stupidity? In-Reply-To: <495E4963.7050204@polymerdb.org> References: <495E4963.7050204@polymerdb.org> Message-ID: Plan B. THINGS an AMAZING GTD application that sync's up with your iPhone. They seem to have FINALLY got it right. :-) ed http://culturedcode.com/things/ On Fri, Jan 2, 2009 at 12:05 PM, Allen Shaw wrote: > Hi All, > > I have a shell script that manages my todo list, and I'd like to access it > through the Web as well, for convenience when I'm traveling. ssh is not > ideal here, since Web gives me access from any machine without downloading > PuTTY, for example. Basic auth seems enough to protect my todo list from > abuse, but the stakes get higher when we consider that I'm accepting shell > script arguments over the web -- poor security could easily lead to > arbitrary code being passed to the shell. > > Can anyone here comment on the wisdom of relying on escapeshellcmd() in a > situation like this? For example: > $script_path = '/path/to/shell/script'; > shell_exec(escapeshellcmd("$script_path {$_POST['user_input']}")); > ?> > > It looks right to me, and I've confirmed that it "works," but I can't test > to confirm it's "safe." I'd appreciate it if someone more experienced could > tell me if this is just a Bad Idea. > > Thanks, > Allen > > -- > Allen Shaw > slidePresenter (http://slides.sourceforge.net) > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > -- IM/iChat: ejpusa Links: http://del.icio.us/ejpusa Blog: http://www.preceptress.com/blog Follow me: http://www.twitter.com/ejpusa Karma: http://www.coderswithconscience.com Projects: http://flickr.com/photos/86842405 at N00/ Store: http://astore.amazon.com/httpwwwutopic-20 From chsnyder at gmail.com Fri Jan 2 13:24:23 2009 From: chsnyder at gmail.com (csnyder) Date: Fri, 2 Jan 2009 13:24:23 -0500 Subject: [nycphp-talk] escapeshellcmd stupidity? In-Reply-To: <495E4963.7050204@polymerdb.org> References: <495E4963.7050204@polymerdb.org> Message-ID: On Fri, Jan 2, 2009 at 12:05 PM, Allen Shaw wrote: > Can anyone here comment on the wisdom of relying on escapeshellcmd() in a > situation like this? For example: > $script_path = '/path/to/shell/script'; > shell_exec(escapeshellcmd("$script_path {$_POST['user_input']}")); > ?> > > It looks right to me, and I've confirmed that it "works," but I can't test > to confirm it's "safe." I'd appreciate it if someone more experienced could > tell me if this is just a Bad Idea. > First, escapeshellarg() is more specific, and therefore *possibly* safer. Rather than escaping the whole thing, just escape the user input. Second, it would be MUCH safer to determine an acceptable range of possibilities for the user input, or a pattern (regex or otherwise) that it should match before being passed to the shell. In other words, validate the input first, and then filter it when you pass it to the shell. In your case you want to pass arbitrary strings, so validation becomes more difficult. You could still validate the input so that it only contains printable ascii and simple punctuation, no unprintable characters or newlines or any of that. From ashaw at polymerdb.org Fri Jan 2 15:37:43 2009 From: ashaw at polymerdb.org (Allen Shaw) Date: Fri, 02 Jan 2009 14:37:43 -0600 Subject: [nycphp-talk] escapeshellcmd stupidity? In-Reply-To: References: <495E4963.7050204@polymerdb.org> Message-ID: <495E7B17.9020908@polymerdb.org> Hi Chris, Thanks for your helpful input. Some follow-up from me: csnyder wrote: > Allen Shaw wrote: > > Can anyone here comment on the wisdom of relying on > > escapeshellcmd() in a situation like this? ... > > First, escapeshellarg() is more specific, and therefore *possibly* > safer. Rather than escaping the whole thing, just escape the user > input. In my case, I'm passing multiple arguments, but I'm now regexing them apart into separate arguments, so escapeshellarg() does work. For forward compat with the wrapped shell script, I'm hoping to avoid checking for valid arguments and instead just escaping each argument and letting the shell script do its own checking. > Second, it would be MUCH safer to determine an acceptable range of > possibilities for the user input... In your case you want to pass > arbitrary strings, so validation becomes more difficult. You could > still validate the input so that it only contains printable ascii and > simple punctuation, no unprintable characters or newlines or any of > that. Okay, good thought. For this I'll remove the first 32 non-printing ASCII chars, and DEL: If I'm thinking straight, the above will strip most obviously useless chars but still allow lots of chars (e.g. i18n stuff) that I'll never be able to whitelist. Thanks again for your input. - Allen -- Allen Shaw, UPF Data Services ashaw at upf.org | 914.826.4622 | http://www.upf.org -- Allen Shaw slidePresenter (http://slides.sourceforge.net) From danielc at analysisandsolutions.com Fri Jan 2 16:26:21 2009 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Fri, 2 Jan 2009 16:26:21 -0500 Subject: [nycphp-talk] escapeshellcmd stupidity? In-Reply-To: <495E7B17.9020908@polymerdb.org> References: <495E4963.7050204@polymerdb.org> <495E7B17.9020908@polymerdb.org> Message-ID: <20090102212620.GA17978@panix.com> On Fri, Jan 02, 2009 at 02:37:43PM -0600, Allen Shaw wrote: > > In my case, I'm passing multiple arguments, but I'm now regexing them > apart into separate arguments, so escapeshellarg() does work. I would submit each argument as a separate POST or GET parameter. Each argument would have a key (the name of the shell script flag) and a value (uh, the value). I'd put an array of allowed flags at the top of the script. Upon submission, I'd loop over the allowed flags and look in GET/POST to see if the value is set and if it is pass it along into the argument list to the shell command. > forward compat with the wrapped shell script, I'm hoping to avoid > checking for valid arguments and instead just escaping each argument and > letting the shell script do its own checking. Oh, quit whining. Suck it up and do the right thing. :) If you want to be really slick, have your shell script provide output of usage or a list of allowed arguments in a format that will be easy for your PHP script to parse into an array. Then have the PHP script call the shell script using "/script --help" (or similar) and parse the output into an array, then use that array to validate GET/POST. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From ashaw at polymerdb.org Fri Jan 2 16:51:02 2009 From: ashaw at polymerdb.org (Allen Shaw) Date: Fri, 02 Jan 2009 15:51:02 -0600 Subject: [nycphp-talk] escapeshellcmd stupidity? In-Reply-To: <20090102212620.GA17978@panix.com> References: <495E4963.7050204@polymerdb.org> <495E7B17.9020908@polymerdb.org> <20090102212620.GA17978@panix.com> Message-ID: <495E8C46.2050106@polymerdb.org> An HTML attachment was scrubbed... URL: From ajai at bitblit.net Sat Jan 3 01:15:58 2009 From: ajai at bitblit.net (Ajai Khattri) Date: Sat, 3 Jan 2009 01:15:58 -0500 (EST) Subject: [nycphp-talk] escapeshellcmd stupidity? In-Reply-To: <495E4963.7050204@polymerdb.org> Message-ID: On Fri, 2 Jan 2009, Allen Shaw wrote: > I have a shell script that manages my todo list, and I'd like to access > it through the Web as well, for convenience when I'm traveling. ssh is > not ideal here, since Web gives me access from any machine without > downloading PuTTY, for example. Basic auth seems enough to protect my > todo list from abuse Unless you're using HTTPS, that security is not sufficient since your password will be sent as clear text across an open network... -- Aj. From ashaw at polymerdb.org Sat Jan 3 08:09:02 2009 From: ashaw at polymerdb.org (Allen Shaw) Date: Sat, 03 Jan 2009 07:09:02 -0600 Subject: [nycphp-talk] escapeshellcmd stupidity? In-Reply-To: References: Message-ID: <495F636E.6020306@polymerdb.org> Ajai Khattri wrote: > On Fri, 2 Jan 2009, Allen Shaw wrote: > >> Basic auth seems enough to protect my todo list from abuse >> > Unless you're using HTTPS, that security is not sufficient since your > password will be sent as clear text across an open network... > Agreed. I should have worded it more clearly: Basic auth over http seems "secure enough" to protect my todo list from abuse, considering its relative value to me. However, given the inherent limitations of basic auth over a non-encrypted connection, the stakes get considerably higher when we consider that I'm accepting shell script arguments over the web -- poor security could easily lead to arbitrary code being passed to the shell by anyone who cares enough to sniff out the basic auth credentials. Basic auth will prevent the casual drifter from writing graffiti on my todo list. To prevent real damage to the server itself, I'm relying on the script to police the input. Bad idea? - A. -- Allen Shaw slidePresenter (http://slides.sourceforge.net) From ken at secdat.com Mon Jan 5 14:10:57 2009 From: ken at secdat.com (Kenneth Downs) Date: Mon, 05 Jan 2009 14:10:57 -0500 Subject: [nycphp-talk] [ANNOUNCE] Second Andromeda hack-a-thon Message-ID: <49625B41.4020809@secdat.com> We will be having our second hack-a-thon on Jan 17th here on Long Island. The focus will be taking our "free" admin screens that work in Firefox and tweaking them up to work in IE 6 and 7. We will also start work on a windows installer. Location is in East Setauket, Long Island, though we welcome remote participation as well (except you don't get any free food). Anybody interested in participating should contact me off-list for more information. -- Kenneth Downs Secure Data Software, Inc. www.secdat.com www.andromeda-project.org 631-689-7200 Fax: 631-689-0527 cell: 631-379-0010 From mmwaldman at nyc.rr.com Thu Jan 8 15:23:40 2009 From: mmwaldman at nyc.rr.com (Michele Waldman) Date: Thu, 8 Jan 2009 15:23:40 -0500 Subject: [nycphp-talk] File Uploads Message-ID: <20090108202335.ELTX18002.hrndva-omta05.mail.rr.com@DeJaVu> form action="test.php" method="post" enctype="multipart/form-data">

Pictures:

$error) { if ($error == UPLOAD_ERR_OK) { $tmp_name = $_FILES["pictures"]["tmp_name"][$key]; $name = $_FILES["pictures"]["name"][$key]; move_uploaded_file($tmp_name, "data/$name"); } } ?> When test.php is called $_FILES is defined. But, if I call another php module right after $_FILES is no longer defined. Is there a way to capture the value of $_FILES or make it persist? What I was trying was something like this: form action="afunction();" method="post" enctype="multipart/form-data">

Pictures:

function a_function() { rlxmlHttp=getXmlHttpObject(); if (rlxmlHttp == null) { document.getElementById("fnErrMsg").innerHTML = '*Browser does not support HTTP Request'; } else { rlxmlHttp.onreadystatechange=finishContact; rlxmlHttp.open("POST","ascript.php",true); /* ascript.php using $_FILES */ rlxmlHttp.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); /* rlxmlHttp.setRequestHeader('Content-Type', 'multipart/form-data'); */ rlxmlHttp.send(null); } } The $_FILES variable no longer exist. But, $_FILES is no longer defined. Does anyone have any creative ideas? Michele -------------- next part -------------- An HTML attachment was scrubbed... URL: From tmpvar at gmail.com Thu Jan 8 15:29:48 2009 From: tmpvar at gmail.com (Elijah Insua) Date: Thu, 8 Jan 2009 15:29:48 -0500 Subject: [nycphp-talk] File Uploads In-Reply-To: <20090108202335.ELTX18002.hrndva-omta05.mail.rr.com@DeJaVu> References: <20090108202335.ELTX18002.hrndva-omta05.mail.rr.com@DeJaVu> Message-ID: <2b4feca10901081229v7143c731v31fbbd33f3540d49@mail.gmail.com> On Thu, Jan 8, 2009 at 3:23 PM, Michele Waldman wrote: > form action="test.php" method="post" enctype="multipart/form-data"> > >

Pictures: > > > > > > > > > >

> > > > foreach ($_FILES["pictures"]["error"] as $key => $error) { > if ($error == UPLOAD_ERR_OK) { > $tmp_name = $_FILES["pictures"]["tmp_name"][$key]; > $name = $_FILES["pictures"]["name"][$key]; > move_uploaded_file($tmp_name, "data/$name"); > } > } > ?> > > When test.php is called $_FILES is defined. But, if I call another php > module right after $_FILES is no longer defined. Is there a way to capture > the value of $_FILES or make it persist? > > $_FILES should be available through out a request as it is a super global > > What I was trying was something like this: > > form action="afunction();" method="post" enctype="multipart/form-data"> > >

Pictures: > > > > > > > > > >

> > > > function a_function() > > { > > > > rlxmlHttp=getXmlHttpObject(); > > if (rlxmlHttp == null) > > { > > document.getElementById("fnErrMsg").innerHTML = '*Browser does > not support HTTP Request'; > > } > > else > > { > > rlxmlHttp.onreadystatechange=finishContact; > > rlxmlHttp.open("POST","ascript.php",true); /* ascript.php using > $_FILES */ > > rlxmlHttp.setRequestHeader('Content-Type', > 'application/x-www-form-urlencoded'); > > /* rlxmlHttp.setRequestHeader('Content-Type', > 'multipart/form-data'); */ > > rlxmlHttp.send(null); > > } > > } > > The $_FILES variable no longer exist. But, $_FILES is no longer defined. > Does anyone have any creative ideas? > > Michele > You may want to make sure, but I'm quite positive that you cannot upload files using 'AJAX', look to flash or an iframe if this is really important. -- Elijah -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmwaldman at nyc.rr.com Thu Jan 8 15:41:47 2009 From: mmwaldman at nyc.rr.com (Michele Waldman) Date: Thu, 8 Jan 2009 15:41:47 -0500 Subject: [nycphp-talk] File Uploads In-Reply-To: <2b4feca10901081229v7143c731v31fbbd33f3540d49@mail.gmail.com> Message-ID: <20090108204143.TBBT4747.hrndva-omta02.mail.rr.com@DeJaVu> Funky. I'm thinking not visible iframe with a copy of the data that gets submitted to a php script that slams the $_FILES into the $_SESSION. Yuck! Michele _____ From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Elijah Insua Sent: Thursday, January 08, 2009 3:30 PM To: NYPHP Talk Subject: Re: [nycphp-talk] File Uploads On Thu, Jan 8, 2009 at 3:23 PM, Michele Waldman wrote: form action="test.php" method="post" enctype="multipart/form-data">

Pictures:

$error) { if ($error == UPLOAD_ERR_OK) { $tmp_name = $_FILES["pictures"]["tmp_name"][$key]; $name = $_FILES["pictures"]["name"][$key]; move_uploaded_file($tmp_name, "data/$name"); } } ?> When test.php is called $_FILES is defined. But, if I call another php module right after $_FILES is no longer defined. Is there a way to capture the value of $_FILES or make it persist? $_FILES should be available through out a request as it is a super global What I was trying was something like this: form action="afunction();" method="post" enctype="multipart/form-data">

Pictures:

function a_function() { rlxmlHttp=getXmlHttpObject(); if (rlxmlHttp == null) { document.getElementById("fnErrMsg").innerHTML = '*Browser does not support HTTP Request'; } else { rlxmlHttp.onreadystatechange=finishContact; rlxmlHttp.open("POST","ascript.php",true); /* ascript.php using $_FILES */ rlxmlHttp.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); /* rlxmlHttp.setRequestHeader('Content-Type', 'multipart/form-data'); */ rlxmlHttp.send(null); } } The $_FILES variable no longer exist. But, $_FILES is no longer defined. Does anyone have any creative ideas? Michele You may want to make sure, but I'm quite positive that you cannot upload files using 'AJAX', look to flash or an iframe if this is really important. -- Elijah -------------- next part -------------- An HTML attachment was scrubbed... URL: From tedd at sperling.com Fri Jan 9 09:35:16 2009 From: tedd at sperling.com (tedd) Date: Fri, 9 Jan 2009 09:35:16 -0500 Subject: [nycphp-talk] File Uploads In-Reply-To: <2b4feca10901081229v7143c731v31fbbd33f3540d49@mail.gmail.com> References: <20090108202335.ELTX18002.hrndva-omta05.mail.rr.com@DeJaVu> <2b4feca10901081229v7143c731v31fbbd33f3540d49@mail.gmail.com> Message-ID: At 3:29 PM -0500 1/8/09, Elijah Insua wrote: >You may want to make sure, but I'm quite positive that you cannot >upload files using 'AJAX', look to flash or an iframe if this is >really important. > > -- Elijah Just using AJAX no -- but AJAX simply sends data (via a post/get) to the server which in turn can run a script to upload files. I've done it. Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From bonsaime at gmail.com Sat Jan 10 14:45:49 2009 From: bonsaime at gmail.com (Jesse Callaway) Date: Sat, 10 Jan 2009 14:45:49 -0500 Subject: [nycphp-talk] function references Message-ID: Is it possible to take a reference to a function and then stick it in an array? I'd like to have an array with function names as the keys and the values would be references to the actual function. This way I could do do[$that_function]; Basically being lazy and don't want to have a big ugly switch block when I could just declare the array, the functions, and then call it all in one line. Not even sure what the calling syntax would be, so I'm not sticking to this example but it shows the idea I hope. Is this more commonly done with some sort of eval() function? -jesse -------------- next part -------------- An HTML attachment was scrubbed... URL: From gatzby3jr at gmail.com Sat Jan 10 17:40:26 2009 From: gatzby3jr at gmail.com (Brian O'Connor) Date: Sat, 10 Jan 2009 17:40:26 -0500 Subject: [nycphp-talk] function references In-Reply-To: References: Message-ID: <29da5d150901101440g9302dd1ne0d5e9b69c3941dd@mail.gmail.com> I believe this is what you're looking for. I've done similar things in the past, but I don't have the code handy. http://www.php.net/manual/en/language.variables.variable.php On Sat, Jan 10, 2009 at 2:45 PM, Jesse Callaway wrote: > Is it possible to take a reference to a function and then stick it in an > array? > > I'd like to have an array with function names as the keys and the values > would be references to the actual function. This way I could do > > > do[$that_function]; > > Basically being lazy and don't want to have a big ugly switch block when I > could just declare the array, the functions, and then call it all in one > line. > > Not even sure what the calling syntax would be, so I'm not sticking to this > example but it shows the idea I hope. > > > Is this more commonly done with some sort of eval() function? > > -jesse > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > -- Brian O'Connor -------------- next part -------------- An HTML attachment was scrubbed... URL: From gatzby3jr at gmail.com Sat Jan 10 17:43:19 2009 From: gatzby3jr at gmail.com (Brian O'Connor) Date: Sat, 10 Jan 2009 17:43:19 -0500 Subject: [nycphp-talk] function references In-Reply-To: <29da5d150901101440g9302dd1ne0d5e9b69c3941dd@mail.gmail.com> References: <29da5d150901101440g9302dd1ne0d5e9b69c3941dd@mail.gmail.com> Message-ID: <29da5d150901101443x776c8569p3401a2ed712e4cc2@mail.gmail.com> Oh sorry, forgot to add this too, which I think better fits your question: prints: hello On Sat, Jan 10, 2009 at 5:40 PM, Brian O'Connor wrote: > I believe this is what you're looking for. > > I've done similar things in the past, but I don't have the code handy. > > http://www.php.net/manual/en/language.variables.variable.php > > On Sat, Jan 10, 2009 at 2:45 PM, Jesse Callaway wrote: > >> Is it possible to take a reference to a function and then stick it in an >> array? >> >> I'd like to have an array with function names as the keys and the values >> would be references to the actual function. This way I could do >> >> >> do[$that_function]; >> >> Basically being lazy and don't want to have a big ugly switch block when I >> could just declare the array, the functions, and then call it all in one >> line. >> >> Not even sure what the calling syntax would be, so I'm not sticking to >> this example but it shows the idea I hope. >> >> >> Is this more commonly done with some sort of eval() function? >> >> -jesse >> >> _______________________________________________ >> New York PHP User Group Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> http://www.nyphp.org/show_participation.php >> > > > > -- > Brian O'Connor > -- Brian O'Connor -------------- next part -------------- An HTML attachment was scrubbed... URL: From tmpvar at gmail.com Sat Jan 10 17:58:50 2009 From: tmpvar at gmail.com (Elijah Insua) Date: Sat, 10 Jan 2009 17:58:50 -0500 Subject: [nycphp-talk] function references In-Reply-To: <29da5d150901101443x776c8569p3401a2ed712e4cc2@mail.gmail.com> References: <29da5d150901101440g9302dd1ne0d5e9b69c3941dd@mail.gmail.com> <29da5d150901101443x776c8569p3401a2ed712e4cc2@mail.gmail.com> Message-ID: <2b4feca10901101458l532c5ac5xc3fdc23aafa71d1a@mail.gmail.com> umm... with objects this gets sexy. class Add { public function execute($a, $b) { return $a + $b; } } class Subtract { public function execute($a, $b) { return $a - $b; } } $executors = array(array('object'=>new Add(), 'params' => array(1,1))); foreach ($executors as $execute) { echo "Result: " . call_user_funct_array(array($execute['object'], 'execute'), $execute['params'])); } On Sat, Jan 10, 2009 at 5:43 PM, Brian O'Connor wrote: > Oh sorry, forgot to add this too, which I think better fits your question: > > > function my_func($a) { > print $a; > } > > $a = 'my_func'; > > $a('hello'); > > ?> > > prints: > > hello > > > On Sat, Jan 10, 2009 at 5:40 PM, Brian O'Connor wrote: > >> I believe this is what you're looking for. >> >> I've done similar things in the past, but I don't have the code handy. >> >> http://www.php.net/manual/en/language.variables.variable.php >> >> On Sat, Jan 10, 2009 at 2:45 PM, Jesse Callaway wrote: >> >>> Is it possible to take a reference to a function and then stick it in an >>> array? >>> >>> I'd like to have an array with function names as the keys and the values >>> would be references to the actual function. This way I could do >>> >>> >>> do[$that_function]; >>> >>> Basically being lazy and don't want to have a big ugly switch block when >>> I could just declare the array, the functions, and then call it all in one >>> line. >>> >>> Not even sure what the calling syntax would be, so I'm not sticking to >>> this example but it shows the idea I hope. >>> >>> >>> Is this more commonly done with some sort of eval() function? >>> >>> -jesse >>> >>> _______________________________________________ >>> New York PHP User Group Community Talk Mailing List >>> http://lists.nyphp.org/mailman/listinfo/talk >>> >>> http://www.nyphp.org/show_participation.php >>> >> >> >> >> -- >> Brian O'Connor >> > > > > -- > Brian O'Connor > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmwaldman at nyc.rr.com Sat Jan 10 18:52:32 2009 From: mmwaldman at nyc.rr.com (Michele Waldman) Date: Sat, 10 Jan 2009 18:52:32 -0500 Subject: [nycphp-talk] Sessions and cross domains Message-ID: <20090110235223.PDCJ14459.hrndva-omta06.mail.rr.com@DeJaVu> I using http and https in an iframe. I have session variables for both. Http does not need to know about https and vice versa. In IE, if I load http the session variable are fine. If I load https, the session variables are fine. However, when I have a page with http and https, it's not fine. The http loads, then the https loads. After the https loads, http does not know about it's session variables. If I reload http section then the variables are there. It's like either http or https session variables can be accessed, but the separate pages aren't able to access their separate sessions at the same time. I saw something when I was researching this problem about using session.cookie_domain, but I couldn't get that to work for me. Does anyone how you can have 2 different domains loaded and maintain session variables for both domains in IE? In firefox, I'm not having this problem. Michele -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmwaldman at nyc.rr.com Sat Jan 10 19:37:20 2009 From: mmwaldman at nyc.rr.com (Michele Waldman) Date: Sat, 10 Jan 2009 19:37:20 -0500 Subject: [nycphp-talk] Sessions and cross domains In-Reply-To: <20090110235223.PDCJ14459.hrndva-omta06.mail.rr.com@DeJaVu> Message-ID: <20090111003711.ISKX15540.hrndva-omta03.mail.rr.com@DeJaVu> Doh! I think my call to clearauthenticationcache is killing the session. Sorry guys. _____ From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Michele Waldman Sent: Saturday, January 10, 2009 6:53 PM To: 'NYPHP Talk' Subject: [nycphp-talk] Sessions and cross domains I using http and https in an iframe. I have session variables for both. Http does not need to know about https and vice versa. In IE, if I load http the session variable are fine. If I load https, the session variables are fine. However, when I have a page with http and https, it's not fine. The http loads, then the https loads. After the https loads, http does not know about it's session variables. If I reload http section then the variables are there. It's like either http or https session variables can be accessed, but the separate pages aren't able to access their separate sessions at the same time. I saw something when I was researching this problem about using session.cookie_domain, but I couldn't get that to work for me. Does anyone how you can have 2 different domains loaded and maintain session variables for both domains in IE? In firefox, I'm not having this problem. Michele -------------- next part -------------- An HTML attachment was scrubbed... URL: From bonsaime at gmail.com Sun Jan 11 01:47:48 2009 From: bonsaime at gmail.com (Jesse Callaway) Date: Sun, 11 Jan 2009 01:47:48 -0500 Subject: [nycphp-talk] function references In-Reply-To: <2b4feca10901101458l532c5ac5xc3fdc23aafa71d1a@mail.gmail.com> References: <29da5d150901101440g9302dd1ne0d5e9b69c3941dd@mail.gmail.com> <29da5d150901101443x776c8569p3401a2ed712e4cc2@mail.gmail.com> <2b4feca10901101458l532c5ac5xc3fdc23aafa71d1a@mail.gmail.com> Message-ID: Sweet so, I think $a = 'my_func'; does it for me. I'd love to understand the following code, but I'll have to read it a couple more times. Haven't quite gotten into classy stuff like this yet. Looks like actionscript to me with this execute function. Thanks so much. I didn't expect to get this good an answer. -jesse On Sat, Jan 10, 2009 at 5:58 PM, Elijah Insua wrote: > umm... with objects this gets sexy. > > > class Add { > public function execute($a, $b) { return $a + $b; } > } > > class Subtract { > public function execute($a, $b) { return $a - $b; } > } > > $executors = array(array('object'=>new Add(), 'params' => array(1,1))); > > foreach ($executors as $execute) > { > echo "Result: " . call_user_funct_array(array($execute['object'], > 'execute'), $execute['params'])); > > } > > > > On Sat, Jan 10, 2009 at 5:43 PM, Brian O'Connor wrote: > >> Oh sorry, forgot to add this too, which I think better fits your question: >> >> > >> function my_func($a) { >> print $a; >> } >> >> $a = 'my_func'; >> >> $a('hello'); >> >> ?> >> >> prints: >> >> hello >> >> >> On Sat, Jan 10, 2009 at 5:40 PM, Brian O'Connor wrote: >> >>> I believe this is what you're looking for. >>> >>> I've done similar things in the past, but I don't have the code handy. >>> >>> http://www.php.net/manual/en/language.variables.variable.php >>> >>> On Sat, Jan 10, 2009 at 2:45 PM, Jesse Callaway wrote: >>> >>>> Is it possible to take a reference to a function and then stick it in an >>>> array? >>>> >>>> I'd like to have an array with function names as the keys and the values >>>> would be references to the actual function. This way I could do >>>> >>>> >>>> do[$that_function]; >>>> >>>> Basically being lazy and don't want to have a big ugly switch block when >>>> I could just declare the array, the functions, and then call it all in one >>>> line. >>>> >>>> Not even sure what the calling syntax would be, so I'm not sticking to >>>> this example but it shows the idea I hope. >>>> >>>> >>>> Is this more commonly done with some sort of eval() function? >>>> >>>> -jesse >>>> >>>> _______________________________________________ >>>> New York PHP User Group Community Talk Mailing List >>>> http://lists.nyphp.org/mailman/listinfo/talk >>>> >>>> http://www.nyphp.org/show_participation.php >>>> >>> >>> >>> >>> -- >>> Brian O'Connor >>> >> >> >> >> -- >> Brian O'Connor >> >> _______________________________________________ >> New York PHP User Group Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> http://www.nyphp.org/show_participation.php >> > > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From chsnyder at gmail.com Sun Jan 11 10:42:55 2009 From: chsnyder at gmail.com (csnyder) Date: Sun, 11 Jan 2009 10:42:55 -0500 Subject: [nycphp-talk] function references In-Reply-To: References: <29da5d150901101440g9302dd1ne0d5e9b69c3941dd@mail.gmail.com> <29da5d150901101443x776c8569p3401a2ed712e4cc2@mail.gmail.com> <2b4feca10901101458l532c5ac5xc3fdc23aafa71d1a@mail.gmail.com> Message-ID: On Sun, Jan 11, 2009 at 1:47 AM, Jesse Callaway wrote: > Sweet so, I think > > $a = 'my_func'; > > does it for me. Also works with properties and methods of objects: $foo = new Bar(); $a = 'my_method'; $result = $foo->{$a}(); Very useful sometimes. From lists at zaunere.com Sun Jan 11 13:34:36 2009 From: lists at zaunere.com (Hans Zaunere) Date: Sun, 11 Jan 2009 13:34:36 -0500 Subject: [nycphp-talk] function references In-Reply-To: References: <29da5d150901101440g9302dd1ne0d5e9b69c3941dd@mail.gmail.com> <29da5d150901101443x776c8569p3401a2ed712e4cc2@mail.gmail.com> <2b4feca10901101458l532c5ac5xc3fdc23aafa71d1a@mail.gmail.com> Message-ID: <0c7701c9741b$41568ce0$c403a6a0$@com> > > Sweet so, I think > > > > $a = 'my_func'; > > > > does it for me. > > Also works with properties and methods of objects: > > $foo = new Bar(); > $a = 'my_method'; > $result = $foo->{$a}(); > > Very useful sometimes. Yes, but indirection can easily be overused. Please don't overuse as it makes reading other's code that much harder. H From chsnyder at gmail.com Sun Jan 11 14:11:43 2009 From: chsnyder at gmail.com (csnyder) Date: Sun, 11 Jan 2009 14:11:43 -0500 Subject: [nycphp-talk] function references In-Reply-To: <0c7701c9741b$41568ce0$c403a6a0$@com> References: <29da5d150901101440g9302dd1ne0d5e9b69c3941dd@mail.gmail.com> <29da5d150901101443x776c8569p3401a2ed712e4cc2@mail.gmail.com> <2b4feca10901101458l532c5ac5xc3fdc23aafa71d1a@mail.gmail.com> <0c7701c9741b$41568ce0$c403a6a0$@com> Message-ID: On Sun, Jan 11, 2009 at 1:34 PM, Hans Zaunere wrote: >> $foo = new Bar(); >> $a = 'my_method'; >> $result = $foo->{$a}(); >> >> Very useful sometimes. > > Yes, but indirection can easily be overused. Please don't overuse as it > makes reading other's code that much harder. > Hah, just imagining a project from hell that would define() all of the method names in an include and then make calls like the following: $result = $foo->{ MY_METHOD_1 }(); ... because then if the foo interface ever changes, all you have to do is update the include file. :-D From lists at zaunere.com Sun Jan 11 14:21:01 2009 From: lists at zaunere.com (Hans Zaunere) Date: Sun, 11 Jan 2009 14:21:01 -0500 Subject: [nycphp-talk] function references In-Reply-To: References: <29da5d150901101440g9302dd1ne0d5e9b69c3941dd@mail.gmail.com> <29da5d150901101443x776c8569p3401a2ed712e4cc2@mail.gmail.com> <2b4feca10901101458l532c5ac5xc3fdc23aafa71d1a@mail.gmail.com> <0c7701c9741b$41568ce0$c403a6a0$@com> Message-ID: <0c8401c97421$bd6140e0$3823c2a0$@com> > >> $foo = new Bar(); > >> $a = 'my_method'; > >> $result = $foo->{$a}(); > >> > >> Very useful sometimes. > > > > Yes, but indirection can easily be overused. Please don't overuse as it > > makes reading other's code that much harder. > > > > Hah, just imagining a project from hell that would define() all of the > method names in an include and then make calls like the following: > > $result = $foo->{ MY_METHOD_1 }(); > > ... because then if the foo interface ever changes, all you have to do > is update the include file. :-D That's crazy talk. -- defining/reading constants is expensive - performance -- when an interface to an object changes, it's likely going to be more than just syntactic sugar and the names of the methods -- looks weird -- it's just strange -- indirection is never implemented in an organized way There, I said it :) H From paul at devonianfarm.com Mon Jan 12 11:13:35 2009 From: paul at devonianfarm.com (Paul A Houle) Date: Mon, 12 Jan 2009 11:13:35 -0500 Subject: [nycphp-talk] php autoloading In-Reply-To: References: <29da5d150901101440g9302dd1ne0d5e9b69c3941dd@mail.gmail.com> <29da5d150901101443x776c8569p3401a2ed712e4cc2@mail.gmail.com> <2b4feca10901101458l532c5ac5xc3fdc23aafa71d1a@mail.gmail.com> Message-ID: <496B6C2F.7040103@devonianfarm.com> I've recently written a "framework" that's part of a planned software product line. One of the consequences is that I've written command-line PHP scripts that need to deal with objects that didn't exist when the script was written, so I needed an autoloader. I did some research and I was really impressed with A.J. Brown's dynamic autoloader: http://ajbrown.org/blog/2008/12/02/an-auto-loader-using-php-tokenizer.html Rather than assuming a certain convention for how file names relate to class names, it scans directory trees, parses files and creates a mapping. This adds some overhead, but that can be reduced by using serialize() to cache the result. I've written some thought about this up: http://gen5.info/q/2009/01/09/an-awesome-autoloader-for-php/ Any thoughts? From artur at marnik.net Mon Jan 12 11:44:46 2009 From: artur at marnik.net (Artur Marnik) Date: Mon, 12 Jan 2009 11:44:46 -0500 Subject: [nycphp-talk] File Uploads In-Reply-To: <20090108202335.ELTX18002.hrndva-omta05.mail.rr.com@DeJaVu> References: <20090108202335.ELTX18002.hrndva-omta05.mail.rr.com@DeJaVu> Message-ID: <496B737E.3040705@marnik.net> put $_FILES into the session before you do the ajax request $_SESSION['uploaded_files'] = $_FILES; and use $_SESSION['uploaded_files'] in your ascript.php Artur Michele Waldman wrote: > form action="test.php" method="post" enctype="multipart/form-data"> > >

Pictures: > > > > > > > > > >

> > > > | |foreach (||$_FILES||[||"pictures"||][||"error"||] as ||$key ||=> ||$error||) {| > | if (||$error ||== ||UPLOAD_ERR_OK||) {| > | ||$tmp_name ||= ||$_FILES||[||"pictures"||][||"tmp_name"||][||$key||];| > | ||$name ||= ||$_FILES||[||"pictures"||][||"name"||][||$key||];| > | ||move_uploaded_file||(||$tmp_name||, ||"data/||$name||"||);| > | }| > |}| > |?>|| | > > When test.php is called $_FILES is defined. But, if I call another php > module right after $_FILES is no longer defined. Is there a way to > capture the value of $_FILES or make it persist? > > > > What I was trying was something like this: > > form action="afunction();" method="post" enctype="multipart/form-data"> > >

Pictures: > > > > > > > > > >

> > > > function a_function() > > { > > > > rlxmlHttp=getXmlHttpObject(); > > if (rlxmlHttp == null) > > { > > document.getElementById("fnErrMsg").innerHTML = '*Browser > does not support HTTP Request'; > > } > > else > > { > > rlxmlHttp.onreadystatechange=finishContact; > > rlxmlHttp.open("POST","ascript.php",true); /* ascript.php > using $_FILES */ > > rlxmlHttp.setRequestHeader('Content-Type', > 'application/x-www-form-urlencoded'); > > /* rlxmlHttp.setRequestHeader('Content-Type', > 'multipart/form-data'); */ > > rlxmlHttp.send(null); > > } > > } > > The $_FILES variable no longer exist. But, $_FILES is no longer > defined. Does anyone have any creative ideas? > > Michele > > > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php From artur at marnik.net Mon Jan 12 11:59:47 2009 From: artur at marnik.net (Artur Marnik) Date: Mon, 12 Jan 2009 11:59:47 -0500 Subject: [nycphp-talk] Sessions and cross domains In-Reply-To: <20090111003711.ISKX15540.hrndva-omta03.mail.rr.com@DeJaVu> References: <20090111003711.ISKX15540.hrndva-omta03.mail.rr.com@DeJaVu> Message-ID: <496B7703.6080906@marnik.net> I had the same problem users complained that after logging off from my admin panel they were loosing sessions in other browser tabs as well (like gmail) it looks like IE bug Artur Michele Waldman wrote: > Doh! I think my call to clearauthenticationcache is killing the > session. Sorry guys. > > > > ------------------------------------------------------------------------ > > *From:* talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org] *On Behalf Of *Michele Waldman > *Sent:* Saturday, January 10, 2009 6:53 PM > *To:* 'NYPHP Talk' > *Subject:* [nycphp-talk] Sessions and cross domains > > > > I using http and https in an iframe. I have session variables for > both. Http does not need to know about https and vice versa. > > In IE, if I load http the session variable are fine. If I load https, > the session variables are fine. > > However, when I have a page with http and https, it?s not fine. > > The http loads, then the https loads. After the https loads, http does > not know about it?s session variables. If I reload http section then > the variables are there. > > It?s like either http or https session variables can be accessed, but > the separate pages aren?t able to access their separate sessions at the > same time. > > I saw something when I was researching this problem about using > session.cookie_domain, but I couldn?t get that to work for me. > > Does anyone how you can have 2 different domains loaded and maintain > session variables for both domains in IE? > > In firefox, I?m not having this problem. > > Michele > > > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php From danielc at analysisandsolutions.com Mon Jan 12 18:27:43 2009 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Mon, 12 Jan 2009 18:27:43 -0500 Subject: [nycphp-talk] Sessions and cross domains In-Reply-To: <20090110235223.PDCJ14459.hrndva-omta06.mail.rr.com@DeJaVu> References: <20090110235223.PDCJ14459.hrndva-omta06.mail.rr.com@DeJaVu> Message-ID: <20090112232742.GA785@panix.com> On Sat, Jan 10, 2009 at 06:52:32PM -0500, Michele Waldman wrote: > > In IE, if I load http the session variable are fine. If I load https, the > session variables are fine. > > However, when I have a page with http and https, it's not fine. You may want to read up on session_write_close(). From what you're describing in various places, this may not be your issue, but it's a good thing to know about. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From support at buddytv.com Tue Jan 13 02:06:02 2009 From: support at buddytv.com (bhaskar lavhat) Date: 12 Jan 2009 23:06:02 -0800 Subject: [nycphp-talk] Invitation and gift from Bhaskar (wdwtest@gmail.com) Message-ID: <20090113070610.D54531CB0F82@lists.nyphp.org> An HTML attachment was scrubbed... URL: From lists at zaunere.com Tue Jan 13 14:24:19 2009 From: lists at zaunere.com (Hans Zaunere) Date: Tue, 13 Jan 2009 14:24:19 -0500 Subject: [nycphp-talk] Invitation and gift from Bhaskar (wdwtest@gmail.com) In-Reply-To: <20090113070610.D54531CB0F82@lists.nyphp.org> References: <20090113070610.D54531CB0F82@lists.nyphp.org> Message-ID: <026901c975b4$8869d4d0$993d7e70$@com> While I'm sure the gift is fabulous, these types of posts are not appropriate for this list. Please do not make a post like this again. --- Hans Zaunere / Managing Member / New York PHP www.nyphp.org / ?www.nyphp.com > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk- > bounces at lists.nyphp.org] On Behalf Of bhaskar lavhat > Sent: Tuesday, January 13, 2009 2:06 AM > To: NYPHP > Subject: [nycphp-talk] Invitation and gift from Bhaskar > (wdwtest at gmail.com) > > bhaskar lavhat sent you an invitation and personal gift. > NYPHP, > I'd like to add you to my friends on BuddyTV. > -Bhaskar .... From jeff987654 at yahoo.com Tue Jan 13 15:30:14 2009 From: jeff987654 at yahoo.com (Jeff Siegel) Date: Tue, 13 Jan 2009 12:30:14 -0800 (PST) Subject: [nycphp-talk] Invitation and gift from Bhaskar (wdwtest@gmail.com) References: <20090113070610.D54531CB0F82@lists.nyphp.org> <026901c975b4$8869d4d0$993d7e70$@com> Message-ID: <543299.10650.qm@web110013.mail.gq1.yahoo.com> Uh oh...I shouldn't have replied to his message. ;) Jeff ----- Original Message ---- From: Hans Zaunere To: NYPHP Talk Sent: Tuesday, January 13, 2009 2:24:19 PM Subject: Re: [nycphp-talk] Invitation and gift from Bhaskar (wdwtest at gmail.com) While I'm sure the gift is fabulous, these types of posts are not appropriate for this list.? Please do not make a post like this again. --- Hans Zaunere / Managing Member / New York PHP ? ? ? www.nyphp.org? / ?www.nyphp.com From greg at freephile.com Tue Jan 13 17:21:57 2009 From: greg at freephile.com (Greg Rundlett) Date: Tue, 13 Jan 2009 17:21:57 -0500 Subject: [nycphp-talk] Invitation and gift from Bhaskar (wdwtest@gmail.com) In-Reply-To: <026901c975b4$8869d4d0$993d7e70$@com> References: <20090113070610.D54531CB0F82@lists.nyphp.org> <026901c975b4$8869d4d0$993d7e70$@com> Message-ID: <5e2aaca40901131421t4fa8dd5p339682b3946e709d@mail.gmail.com> On Tue, Jan 13, 2009 at 2:24 PM, Hans Zaunere wrote: > While I'm sure the gift is fabulous, these types of posts are not > appropriate for this list. Please do not make a post like this again. > > --- > Hans Zaunere / Managing Member / New York PHP > www.nyphp.org / www.nyphp.com I know nothing about this particular service, or this individual, but what I've noticed is that many new 'social' apps gratuitously send (SPAM) email to your entire email address book, or networks from other sites WITHOUT warning. Makes me unhappy. -- Greg Rundlett Web Developer - Initiative in Innovative Computing http://iic.harvard.edu m. 978-764-4424 o. 978-225-8302 skype/aim/irc/twitter freephile http://profiles.aim.com/freephile -------------- next part -------------- An HTML attachment was scrubbed... URL: From brian at realm3.com Tue Jan 13 17:42:26 2009 From: brian at realm3.com (Brian Dailey) Date: Tue, 13 Jan 2009 17:42:26 -0500 Subject: [nycphp-talk] State Of The PHP Economy 2009 Message-ID: <496D18D2.3080104@realm3.com> How has the economic apocalypse left the PHP world? So far I've heard some rumors of job layoffs, but most of them have been relegated to the financial sector. Every freelancer/consultant I know of that has been in business for more than a year is doing great, but recent starters are having a harder time of it. Venture capital money is starting to tighten up (but not as much as I thought it would), which more or less affects the PHP world since PHP tends to see more use in startups. What are you guys hearing out there? What's the job market like in NYC? - Brian Dailey -- realm3 web applications [realm3.com] Information architecture, application development. phone: (917) 512-3594 fax: (440) 744-3559 From chsnyder at gmail.com Tue Jan 13 17:52:12 2009 From: chsnyder at gmail.com (csnyder) Date: Tue, 13 Jan 2009 17:52:12 -0500 Subject: [nycphp-talk] Invitation and gift from Bhaskar (wdwtest@gmail.com) In-Reply-To: <5e2aaca40901131421t4fa8dd5p339682b3946e709d@mail.gmail.com> References: <20090113070610.D54531CB0F82@lists.nyphp.org> <026901c975b4$8869d4d0$993d7e70$@com> <5e2aaca40901131421t4fa8dd5p339682b3946e709d@mail.gmail.com> Message-ID: On Tue, Jan 13, 2009 at 5:21 PM, Greg Rundlett wrote: > > I know nothing about this particular service, or this individual, but what > I've noticed is that many new 'social' apps gratuitously send (SPAM) email > to your entire email address book, or networks from other sites WITHOUT > warning. > > Makes me unhappy. What's even worse: people are giving fly-by-night social networks their email passwords. So not only do they spam your address book, they now have access to your mailbox and any password resets that get sent to it. Any site that asks users for their login credentials at some other site should be shut down on principle. (I'm looking at you, Facebook. (O_o) ) Chris Snyder http://chxor.chxo.com/ From jmcgraw1 at gmail.com Tue Jan 13 17:53:33 2009 From: jmcgraw1 at gmail.com (Jake McGraw) Date: Tue, 13 Jan 2009 17:53:33 -0500 Subject: [nycphp-talk] State Of The PHP Economy 2009 In-Reply-To: <496D18D2.3080104@realm3.com> References: <496D18D2.3080104@realm3.com> Message-ID: See: http://www.odesk.com/blog/2008/12/stay-employed-jobs-with-the-least-competition-and-greatest-opportunity/ and: http://www.odesk.com/blog/2008/12/stay-employed-web-developer-skills-in-most-demand-php-ajax-mysql/ Summary: LAMP still in high demand, maybe when all those finance majors decide to go back to CS and CoE competition will pick up again. Until then, there are more opportunities than developers, so supply and demand dictates that getting a job isn't that tough. - jake On Tue, Jan 13, 2009 at 5:42 PM, Brian Dailey wrote: > > How has the economic apocalypse left the PHP world? > > So far I've heard some rumors of job layoffs, but most of them have been > relegated to the financial sector. Every freelancer/consultant I know of > that has been in business for more than a year is doing great, but recent > starters are having a harder time of it. > > Venture capital money is starting to tighten up (but not as much as I > thought it would), which more or less affects the PHP world since PHP tends > to see more use in startups. > > What are you guys hearing out there? What's the job market like in NYC? > > - Brian Dailey > > -- > realm3 web applications [realm3.com] > Information architecture, application development. > phone: (917) 512-3594 > fax: (440) 744-3559 > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > From michael.southwell at nyphp.com Tue Jan 13 18:19:01 2009 From: michael.southwell at nyphp.com (Michael Southwell) Date: Tue, 13 Jan 2009 18:19:01 -0500 Subject: [nycphp-talk] State Of The PHP Economy 2009 In-Reply-To: <496D18D2.3080104@realm3.com> References: <496D18D2.3080104@realm3.com> Message-ID: <496D2165.4000108@nyphp.com> Brian Dailey wrote: > > How has the economic apocalypse left the PHP world? > > So far I've heard some rumors of job layoffs, but most of them have been > relegated to the financial sector. Every freelancer/consultant I know of > that has been in business for more than a year is doing great, but > recent starters are having a harder time of it. > > Venture capital money is starting to tighten up (but not as much as I > thought it would), which more or less affects the PHP world since PHP > tends to see more use in startups. For what if anything it's worth, there is considerable interest in the current round of PHP training that NYPHP is offering, more than has been typical over the past couple of years. This suggests (to me at least) that there is plenty of demand out there. -- ================= Michael Southwell Vice President, Education NYPHP TRAINING: http://nyphp.com/Training/Indepth From brian at realm3.com Tue Jan 13 18:28:48 2009 From: brian at realm3.com (Brian Dailey) Date: Tue, 13 Jan 2009 18:28:48 -0500 Subject: [nycphp-talk] State Of The PHP Economy 2009 In-Reply-To: References: <496D18D2.3080104@realm3.com> Message-ID: <496D23B0.2070702@realm3.com> oDesk is, as far as I know, more often used for one-off gigs that are typically filled by freelancers. More often than not, they're outsourced outside the United States. Small projects of that sort are going to gravitate towards PHP and away from the things normally used for larger projects (Java, etc). It probably gives PHP a boost that can't be applied to the job industry. Speaking of which, the first page of "Web Programming" providers doesn't include one American. I don't know a single US consultant who uses a service like this, especially in the NYC area. (Otherwise, I agree with what you said, I just don't think that oDesk's stats can be useful for anyone other than oDesk users.) - Brian D. Jake McGraw wrote: > See: > > http://www.odesk.com/blog/2008/12/stay-employed-jobs-with-the-least-competition-and-greatest-opportunity/ > > and: > > http://www.odesk.com/blog/2008/12/stay-employed-web-developer-skills-in-most-demand-php-ajax-mysql/ > > Summary: > > LAMP still in high demand, maybe when all those finance majors decide > to go back to CS and CoE competition will pick up again. Until then, > there are more opportunities than developers, so supply and demand > dictates that getting a job isn't that tough. > > - jake > > > On Tue, Jan 13, 2009 at 5:42 PM, Brian Dailey wrote: >> How has the economic apocalypse left the PHP world? >> >> So far I've heard some rumors of job layoffs, but most of them have been >> relegated to the financial sector. Every freelancer/consultant I know of >> that has been in business for more than a year is doing great, but recent >> starters are having a harder time of it. >> >> Venture capital money is starting to tighten up (but not as much as I >> thought it would), which more or less affects the PHP world since PHP tends >> to see more use in startups. >> >> What are you guys hearing out there? What's the job market like in NYC? >> >> - Brian Dailey >> >> -- >> realm3 web applications [realm3.com] >> Information architecture, application development. >> phone: (917) 512-3594 >> fax: (440) 744-3559 >> _______________________________________________ >> New York PHP User Group Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> http://www.nyphp.org/show_participation.php >> > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php -- From ramons at gmx.net Tue Jan 13 18:41:37 2009 From: ramons at gmx.net (David Krings) Date: Tue, 13 Jan 2009 18:41:37 -0500 Subject: [nycphp-talk] Invitation and gift from Bhaskar (wdwtest@gmail.com) In-Reply-To: References: <20090113070610.D54531CB0F82@lists.nyphp.org> <026901c975b4$8869d4d0$993d7e70$@com> <5e2aaca40901131421t4fa8dd5p339682b3946e709d@mail.gmail.com> Message-ID: <496D26B1.80405@gmx.net> csnyder wrote: > Any site that asks users for their login credentials at some other > site should be shut down on principle. (I'm looking at you, Facebook. > (O_o) ) What is Facebook? I guess it pays to be not hip at all costs. But I confess, I did break down a year ago and bought a cell phone, just to find out that I used a whopping 80 minutes in the past twelve months. At that rate it will take a while to use up the 1000 minutes that I bought. I did overhear some rumors about some gizmo called MySpace as well..... David From corey at gelform.com Tue Jan 13 20:16:12 2009 From: corey at gelform.com (Corey H Maass - gelform.com) Date: Tue, 13 Jan 2009 20:16:12 -0500 Subject: [nycphp-talk] State Of The PHP Economy 2009 In-Reply-To: <496D18D2.3080104@realm3.com> References: <496D18D2.3080104@realm3.com> Message-ID: <1231895772.32121.1294641685@webmail.messagingengine.com> Laid off. On Tue, 13 Jan 2009 17:42:26 -0500, "Brian Dailey" said: > > How has the economic apocalypse left the PHP world? > > So far I've heard some rumors of job layoffs, but most of them have been > relegated to the financial sector. Every freelancer/consultant I know of > that has been in business for more than a year is doing great, but > recent starters are having a harder time of it. > > Venture capital money is starting to tighten up (but not as much as I > thought it would), which more or less affects the PHP world since PHP > tends to see more use in startups. > > What are you guys hearing out there? What's the job market like in NYC? > > - Brian Dailey > > -- > realm3 web applications [realm3.com] > Information architecture, application development. > phone: (917) 512-3594 > fax: (440) 744-3559 > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php // Corey H Maass Gelform Design Brooklyn, NY Print and web design for art and business em corey at gelform.com ww http://www.gelform.com ph 646/228.5048 fx 866/502.4861 IM gelform From ajai at bitblit.net Tue Jan 13 20:28:54 2009 From: ajai at bitblit.net (Ajai Khattri) Date: Tue, 13 Jan 2009 20:28:54 -0500 (EST) Subject: [nycphp-talk] State Of The PHP Economy 2009 In-Reply-To: <496D18D2.3080104@realm3.com> Message-ID: On Tue, 13 Jan 2009, Brian Dailey wrote: > Venture capital money is starting to tighten up (but not as much as I > thought it would), which more or less affects the PHP world since PHP > tends to see more use in startups. If you're not in a well-funded startup and not fired yet then you should be careful. Now is a good time to be in a full-time gig with an established firm. -- Aj. From zippy1981 at gmail.com Tue Jan 13 21:23:43 2009 From: zippy1981 at gmail.com (Justin Dearing) Date: Tue, 13 Jan 2009 21:23:43 -0500 Subject: [nycphp-talk] State Of The PHP Economy 2009 In-Reply-To: <496D2165.4000108@nyphp.com> References: <496D18D2.3080104@realm3.com> <496D2165.4000108@nyphp.com> Message-ID: <5458db3c0901131823t2c46fd1ft2311e61ed464fbd5@mail.gmail.com> > > For what if anything it's worth, there is considerable interest in the >> current round of PHP training that NYPHP is offering, more than has been >> typical over the past couple of years. This suggests (to me at least) that >> there is plenty of demand out there. >> > > My friend teaches Microsoft office training for a career skills type company. He said initially they got a large amount of business when people got laid off. Now the same people are still laid off so no one is coming in for training. I think the curve will be more subtle for PHP programmers and there are external factors. For example, recent college graduates will probably engage in a lot of self directed learning. I think overall PHP, and other technology fields will see a less pronounced bump in training, followed by a sharp decline. Just smoother than the workforce in general. -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at zaunere.com Tue Jan 13 21:36:10 2009 From: lists at zaunere.com (Hans Zaunere) Date: Tue, 13 Jan 2009 21:36:10 -0500 Subject: [nycphp-talk] State Of The PHP Economy 2009 In-Reply-To: <5458db3c0901131823t2c46fd1ft2311e61ed464fbd5@mail.gmail.com> References: <496D18D2.3080104@realm3.com> <496D2165.4000108@nyphp.com> <5458db3c0901131823t2c46fd1ft2311e61ed464fbd5@mail.gmail.com> Message-ID: <008801c975f0$dc44b160$94ce1420$@com> > For what if anything it's worth, there is considerable > interest in the current round of PHP training that NYPHP is offering, > more than has been typical over the past couple of years. This suggests > (to me at least) that there is plenty of demand out there. Regardless of the NYPHP training, there is certainly a lot of demand. Take a look at the NYPHP-Jobs list - there's tons of potential work out there. Of course, in times like this, there's good and bad work to be had so be careful. That said, times like this can produce rare opportunities. H From brian at realm3.com Tue Jan 13 22:06:35 2009 From: brian at realm3.com (Brian D.) Date: Tue, 13 Jan 2009 22:06:35 -0500 Subject: [nycphp-talk] State Of The PHP Economy 2009 In-Reply-To: References: <496D18D2.3080104@realm3.com> Message-ID: On Tue, Jan 13, 2009 at 8:28 PM, Ajai Khattri wrote: > If you're not in a well-funded startup and not fired yet then you should > be careful. Now is a good time to be in a full-time gig with an > established firm. I find that diversification is a good thing. If you're a consultant with a half-dozen clients and one of them tanks, you've still got others to rely on until you track down some more work. It's a lot easier to survive that than it is to suddenly find yourself jobless. Of course, if the market is suddenly flooded with new "freelancers" who are willing to work for chicken scratch then suddenly you might find yourself high and dry, but I still think that's easier to deal with than being laid off. The good news, as Hans pointed out, is that there still seem to be a lot of PHP-related jobs out there for qualified candidates. So far I haven't seen anything to convince me that a good programmer would be without work for very long. -Brian realm3 web applications [realm3.com] Information architecture, application development. phone: (917) 512-3594 fax: (440) 744-3559 From ioplex at gmail.com Tue Jan 13 23:44:06 2009 From: ioplex at gmail.com (Michael B Allen) Date: Tue, 13 Jan 2009 23:44:06 -0500 Subject: [nycphp-talk] State Of The PHP Economy 2009 In-Reply-To: <008801c975f0$dc44b160$94ce1420$@com> References: <496D18D2.3080104@realm3.com> <496D2165.4000108@nyphp.com> <5458db3c0901131823t2c46fd1ft2311e61ed464fbd5@mail.gmail.com> <008801c975f0$dc44b160$94ce1420$@com> Message-ID: <78c6bd860901132044k128adf43xdedae82595bd845f@mail.gmail.com> On Tue, Jan 13, 2009 at 9:36 PM, Hans Zaunere wrote: > That said, times like this can produce rare opportunities. Actually when times are good people become complacent. It's when people are moping around with nothing to do that interesting things start to happen. This is particularly true in the arts. Look at TV and music - it's been the same contrived drivel for years. If a lot of people are without work for a year or two, eventually you'll start to see interesting things happen. That will capture imaginations and reignite compulsive spending habits. You don't need to buy test-tubes, lease office space or go door-to-door to write software. If you're a programmer and find yourself out of work, get a comfortable chair and code up something useful. But pick something specific and practical. If you're recognised as being really good at one thing, then you can just sit back and people will come to you. Mike -- Michael B Allen PHP Active Directory SPNEGO SSO http://www.ioplex.com/ From JoeyD473 at nyc.rr.com Tue Jan 13 23:45:34 2009 From: JoeyD473 at nyc.rr.com (Joey Derrico) Date: Tue, 13 Jan 2009 23:45:34 -0500 Subject: [nycphp-talk] Invitation and gift from Bhaskar (wdwtest@gmail.com) In-Reply-To: <496D26B1.80405@gmx.net> References: <20090113070610.D54531CB0F82@lists.nyphp.org> <026901c975b4$8869d4d0$993d7e70$@com> <5e2aaca40901131421t4fa8dd5p339682b3946e709d@mail.gmail.com> <496D26B1.80405@gmx.net> Message-ID: <496D6DEE.6060205@nyc.rr.com> If it makes you feel any better, I just got yelled at and told to use my cell phone because of the rollover minutes only carry for so many months we lose 700 minutes a month because I try not to use my cell phone Joey David Krings wrote: > csnyder wrote: > > Any site that asks users for their login credentials at some other >> site should be shut down on principle. (I'm looking at you, Facebook. >> (O_o) ) > > What is Facebook? I guess it pays to be not hip at all costs. But I > confess, I did break down a year ago and bought a cell phone, just to > find out that I used a whopping 80 minutes in the past twelve months. > At that rate it will take a while to use up the 1000 minutes that I > bought. I did overhear some rumors about some gizmo called MySpace as > well..... > > David > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > From leam at reuel.net Wed Jan 14 06:24:34 2009 From: leam at reuel.net (Leam Hall) Date: Wed, 14 Jan 2009 06:24:34 -0500 Subject: [nycphp-talk] State Of The PHP Economy 2009 In-Reply-To: <496D18D2.3080104@realm3.com> References: <496D18D2.3080104@realm3.com> Message-ID: <496DCB72.90308@reuel.net> Brian Dailey wrote: > > How has the economic apocalypse left the PHP world? Funny you should ask, I've been struggling through something personal and related for a while now. Would appreciate any wisdom you folks can offer. I see a great need for PHP skilled people as small businesses realize COTS costs them, locks them in, and they still need skilled people to implement. What I've seen down here is that someone who knows enough PHP to savvy things like Joomla and make web pages more useful are needed. That may be a case of situational perceptions as I'm not a real PHP programmer but more of a systems guy that understands PHP at the Apprentice level. For the next 3-5 market years my bet is that contract/freelance work will provide the stability, if you have a good reputation and diverse client set. This is not just PHP but in the server market as well. As a systems engineer the clients seem to not have funds for a full timer unless there's a big multi-year project well funded. More that there's a short term business case that has 2 months of budget for a finite task. For that it's "get in, get the job done, and leave your business card and a good reputation". Of course, this is my theory as I sit here still looking for work. Charlotte is a financial town and we're hit heavy by the BoA and Wachovia problems. My personal struggle is in re-defining work skills to meet the needs. Dreams of being "a top coder" or "Linux guru" are nice but my character is the "helps other people do well" and "knows enough to make things work". I could live in the juncture between the business case, the technical specs, and the executive summary; shuttling and translating details to meet each need. Just need to find folks who need that done enough to pay for it. PHP is a great tool for enabling communications because the web has become so integral to our concept of communication. There are probably better languages for other software projects but PHP rules for presenting global data in a few useful pages. I would strongly recommend a few reads. Here they are in some semblance of order: The 7 habits of Highly Effective People -- Covey What color is your parachute? -- Bolles Tribes -- Godin Web 2.0 -- Shuen Entrepreneurship is heavily on my mind and there are some reads for that. Some are providing a mix of advice and encouragement; handy to have! For my personal suggestions to the group; look to your self for an employer. You will only work for yourself anyway, no matter who pays the bills. Chart your career for the next 3-5 years, list the things you'd love to do and the skills you need to have. Pursue both. look to your character as marketing tool. There are lots of people able to do any job! To get hired by more than dumb luck you need to deal with the fact that humans make hiring decisions and your humanity is your resume in motion. look to serve. Even if you can't monetize everything directly, contribute in ways that communicate your skills, personality, and goals. Help others and know you made the world a better place. Leam From ken at secdat.com Wed Jan 14 08:02:59 2009 From: ken at secdat.com (Kenneth Downs) Date: Wed, 14 Jan 2009 08:02:59 -0500 Subject: [nycphp-talk] State Of The PHP Economy 2009 In-Reply-To: <496D18D2.3080104@realm3.com> References: <496D18D2.3080104@realm3.com> Message-ID: <496DE283.9040106@secdat.com> Brian Dailey wrote: > > How has the economic apocalypse left the PHP world? I'm not sure about PHP in particular, but in general we can expect IT departments to be trying to do more with less. Same story as usual but with a serious edge to it now. This has created opportunities for me and my company. Since our core product reduces staff requirements, we are getting interest that was harder to get before. In good times it is harder to break in as a newcomer and start-up, or so we found. In bad times people are much more willing to spend some time examining alternatives. Oddly enough, we are seeing people become less risk-adverse in the hopes of finding new ways to do things. I'm seeing the entire thing as a huge opportunity. > > So far I've heard some rumors of job layoffs, but most of them have > been relegated to the financial sector. Every freelancer/consultant I > know of that has been in business for more than a year is doing great, > but recent starters are having a harder time of it. > > Venture capital money is starting to tighten up (but not as much as I > thought it would), which more or less affects the PHP world since PHP > tends to see more use in startups. > > What are you guys hearing out there? What's the job market like in NYC? > > - Brian Dailey > -- Kenneth Downs Secure Data Software, Inc. www.secdat.com www.andromeda-project.org 631-689-7200 Fax: 631-689-0527 cell: 631-379-0010 From jbaltz at altzman.com Wed Jan 14 10:38:45 2009 From: jbaltz at altzman.com (Jerry B. Altzman) Date: Wed, 14 Jan 2009 10:38:45 -0500 Subject: [nycphp-talk] State Of The PHP Economy 2009 In-Reply-To: <496D18D2.3080104@realm3.com> References: <496D18D2.3080104@realm3.com> Message-ID: <496E0705.2080205@altzman.com> on 1/13/2009 5:42 PM Brian Dailey said the following: > How has the economic apocalypse left the PHP world? > So far I've heard some rumors of job layoffs, but most of them have been > relegated to the financial sector. Every freelancer/consultant I know of > that has been in business for more than a year is doing great, but > recent starters are having a harder time of it. Strangely, and thankfully, business "on the outskirts" is still pretty brisk. > Venture capital money is starting to tighten up (but not as much as I > thought it would), which more or less affects the PHP world since PHP > tends to see more use in startups. Not as strange as you'd think: now is the time that venture money is chasing after "something new", since everything "old" is tanking mightily. > What are you guys hearing out there? What's the job market like in NYC? I don't want to cast any evil eyes, so I'll just say that NYC has not sunk into the Atlantic Ocean, rumors to the contrary notwithstanding. > - Brian Dailey //jbaltz -- jerry b. altzman jbaltz at altzman.com www.jbaltz.com thank you for contributing to the heat death of the universe. From pmjones88 at gmail.com Fri Jan 16 12:06:16 2009 From: pmjones88 at gmail.com (Paul M Jones) Date: Fri, 16 Jan 2009 12:06:16 -0500 Subject: [nycphp-talk] php autoloading In-Reply-To: <496B6C2F.7040103@devonianfarm.com> References: <29da5d150901101440g9302dd1ne0d5e9b69c3941dd@mail.gmail.com> <29da5d150901101443x776c8569p3401a2ed712e4cc2@mail.gmail.com> <2b4feca10901101458l532c5ac5xc3fdc23aafa71d1a@mail.gmail.com> <496B6C2F.7040103@devonianfarm.com> Message-ID: On Jan 12, 2009, at 11:13 , Paul A Houle wrote: > I've recently written a "framework" that's part of a planned > software product line. One of the consequences is that I've written > command-line PHP scripts that need to deal with objects that didn't > exist when the script was written, so I needed an autoloader. > > I did some research and I was really impressed with A.J. Brown's > dynamic autoloader: > > http://ajbrown.org/blog/2008/12/02/an-auto-loader-using-php-tokenizer.html > > Rather than assuming a certain convention for how file names > relate to class names, it scans directory trees, parses files and > creates a mapping. This adds some overhead, but that can be > reduced by using serialize() to cache the result. I've written some > thought about this up: > > http://gen5.info/q/2009/01/09/an-awesome-autoloader-for-php/ > > Any thoughts? At the risk of sounding flippant, you could "[assume] a certain convention for how file names relate to class names" and use six lines of code for autoloading. The PEAR naming convention is perfect for this. Underscores in class names map to subdirectories, so the transformation of class name to file path is trivial. spl_autoload_register('houle_autoload'); function houle_autoload($class) { $file = str_replace('_', '/', $class) . '.php'; return $file; } As a bonus, you then have a standard organizational structure for classes that works for everything everywhere the same way every time. -- Paul M. Jones http://paul-m-jones.com/ From paul at devonianfarm.com Fri Jan 16 14:44:51 2009 From: paul at devonianfarm.com (Paul A Houle) Date: Fri, 16 Jan 2009 14:44:51 -0500 Subject: [nycphp-talk] php autoloading In-Reply-To: References: <29da5d150901101440g9302dd1ne0d5e9b69c3941dd@mail.gmail.com> <29da5d150901101443x776c8569p3401a2ed712e4cc2@mail.gmail.com> <2b4feca10901101458l532c5ac5xc3fdc23aafa71d1a@mail.gmail.com> <496B6C2F.7040103@devonianfarm.com> Message-ID: <4970E3B3.5030900@devonianfarm.com> Paul M Jones wrote: > At the risk of sounding flippant, you could "[assume] a certain > convention for how file names relate to class names" and use six lines > of code for autoloading. The PEAR naming convention is perfect for > this. Underscores in class names map to subdirectories, so the > transformation of class name to file path is trivial. > I think the PEAR naming convention is wack, I may be fighting a losing battle against the CamelCaseSelfishMeme, but I'm on this side: http://dontcuddleyourbraces.blogspot.com/2007/10/against-camelcase.html It's particularly disasterous that PHP has embraced the convention from Java (maybe we think it makes us look sophisticated and cool) because dynamic generation of filenames, class names and method names is much more common in PHP than it is in Java. PHPers who want to write reliable programs need 100% reliable and crisp ways to transform to and from phrases and language identifiers. I mean, is it UseCamelCaseInPHP, or UseCamelCaseInPhp? As cute as Ruby on Rails pluralizer is, it's also a source of defects. The CamelCaseSelfishMeme has blinded people to the TrueSemanticsOfCapitalization and the_simplicity_of $token=str_replace(" ","_",$phrase); ----------------- At the moment, for instance, I'm designing an object model where several PHP objects define various behaviors of a metaobject that lives in a relational database. If "X" is the name of the metaobject, these could be type_of_X, instance_of_X, X_controller Now, I suppose I could call them all X_controller X_instance X_type maybe that's good, but I don't want that decision coupled to the way I want the class files organized in the project tree. Personally I find CPAN projects hard to read and navigate because the naming convention enforces a sub-optimal code organization. (Not to mention the ususally useless javadoc documentation in CPAN projects that means the number of non-comment lines per average editor screen is about 1 or 2.) Mind you, I could change my mind entirely if there was toolset support that (i) wiped away the difficulties, and (ii) reaped benefits from a fixed code organization, the way that Eclipse/Java does. From lists at zaunere.com Mon Jan 19 13:28:25 2009 From: lists at zaunere.com (Hans Zaunere) Date: Mon, 19 Jan 2009 13:28:25 -0500 Subject: [nycphp-talk] FW: [PHP] First official release of the PHP WhitePaper Message-ID: <016701c97a63$b76a0760$263e1620$@com> Hi all, Wanted to pass this along for those who might have missed it. Perhaps now PHP is "enterprise" ? H > Well well well, finally after many months of work, discussions, > typing, editing and arguing, the Irish PHP User Group is happy to make > the first official release of the PHP WhitePaper. > > I'd love to make a sales pitch about this but I think you can simply > download it and see for yourselves :) > > http://short.ie/php-whitepaper (This is a pdf) > > Download it, pass it around, complain about it, enjoy it, and first > and foremost, read it :) > > The Irish PHP Users' Group thanks the French PHP Users' Group AFUP for > their help and the work in making the French version of this document. > Cheers to Blacknight Solutions for sponsoring us. Thanks also to Derick > Rethans and collegues for proofreading and validation. > > > -- > Slan, > David From lists at zaunere.com Mon Jan 19 13:34:14 2009 From: lists at zaunere.com (Hans Zaunere) Date: Mon, 19 Jan 2009 13:34:14 -0500 Subject: [nycphp-talk] FW: [ruby-nyc] NY Times Open (Feb. 20th) Message-ID: <016801c97a64$8750fd80$95f2f880$@com> Another FYI - what the NYTimes is doing is always interesting, but it'll be good to have a strong PHP representation instead of just Ruby people :) H > Just wanted to let you know my employer is hosting a free hack day > event on Feb. 20th and registration is now open. Please attend to see > me stumble at introductory comments and so we can outnumber the Python > and PHP people... > http://www.nytimes.com/marketing/timesopen/index.html > > (yes, I know it says marketing in the URL. Forgive me...) From chsnyder at gmail.com Mon Jan 19 20:44:06 2009 From: chsnyder at gmail.com (csnyder) Date: Mon, 19 Jan 2009 20:44:06 -0500 Subject: [nycphp-talk] FW: [PHP] First official release of the PHP WhitePaper In-Reply-To: <016701c97a63$b76a0760$263e1620$@com> References: <016701c97a63$b76a0760$263e1620$@com> Message-ID: On Mon, Jan 19, 2009 at 1:28 PM, Hans Zaunere wrote: > > Perhaps now PHP is "enterprise" ? > >> http://short.ie/php-whitepaper (This is a pdf) Ubiquity achieved. Nice work, everyone. From nynj.tech at hotmail.com Mon Jan 19 23:05:26 2009 From: nynj.tech at hotmail.com (chad qian) Date: Mon, 19 Jan 2009 23:05:26 -0500 Subject: [nycphp-talk] call javascript function from php Message-ID: I want to call javascript function from php.But I fail. Here is the source code,any help?Thanks! chad Untitled Document " ;?> _________________________________________________________________ Windows Live?: Keep your life in sync. http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t1_allup_explore_012009 -------------- next part -------------- An HTML attachment was scrubbed... URL: From dsteplight at gmail.com Mon Jan 19 23:16:40 2009 From: dsteplight at gmail.com (Darryle Steplight) Date: Mon, 19 Jan 2009 23:16:40 -0500 Subject: [nycphp-talk] call javascript function from php In-Reply-To: References: Message-ID: <47f4c4570901192016t7f2bef08u7d3fad739a16d6d6@mail.gmail.com> Chad, It doesn't look like you need PHP at all here. Try the following, Replace: " ;?> With: On Mon, Jan 19, 2009 at 11:05 PM, chad qian wrote: > I want to call javascript function from php.But I fail. > Here is the source code,any help?Thanks! > > chad > > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> > > > > > Untitled Document > > > src=\"images/bullet_green.png\" name=\"img\">" ;?> > > > > ________________________________ > Windows Live?: Keep your life in sync. Check it out. > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > From zakir_tariverdiev at yahoo.com Tue Jan 20 04:23:55 2009 From: zakir_tariverdiev at yahoo.com (Zakir Tariverdiev) Date: Tue, 20 Jan 2009 01:23:55 -0800 (PST) Subject: [nycphp-talk] call javascript function from php In-Reply-To: Message-ID: <5117.82912.qm@web52404.mail.re2.yahoo.com> I don't see the 'img' variable declared anywhere. Is it a JavaScript or PHP ($img) variable? In the former case, PHP is not needed. Assuming the latter case, try this: (plain HTML here) --- On Mon, 1/19/09, chad qian wrote: From: chad qian Subject: [nycphp-talk] call javascript function from php To: talk at lists.nyphp.org Date: Monday, January 19, 2009, 11:05 PM #yiv1794954754 .hmmessage P { margin:0px;padding:0px;} #yiv1794954754 { font-size:10pt;font-family:Verdana;} I want to call javascript function from php.But I fail. Here is the source code,any help?Thanks! ? chad ? ?? Untitled Document " ;?> Windows Live?: Keep your life in sync. Check it out. _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmwaldman at nyc.rr.com Tue Jan 20 08:28:31 2009 From: mmwaldman at nyc.rr.com (Michele Waldman) Date: Tue, 20 Jan 2009 08:28:31 -0500 Subject: [nycphp-talk] call javascript function from php In-Reply-To: <5117.82912.qm@web52404.mail.re2.yahoo.com> Message-ID: <20090120132831.LTSC7266.hrndva-omta05.mail.rr.com@DeJaVu> The source is all javascript. It's got nothing to do with php. Should be on a javascript forum if (document[c_img].src.indexOf(img1)!= -1) document[c_img].src = img2; else document[c_img].src = img1; should be if (document.getElementById(c_img).src.indexOf(img1)!= -1) document.getElementById(c_img).src = img2; else document.getElementById(c_img).src = img1; looks like you were trying if (document.all[c_img].src.indexOf(img1)!= -1) document.all[c_img].src = img2; else document.all[c_img].src = img1; document[c_img] dne. Michele _____ From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Zakir Tariverdiev Sent: Tuesday, January 20, 2009 4:24 AM To: NYPHP Talk Subject: Re: [nycphp-talk] call javascript function from php I don't see the 'img' variable declared anywhere. Is it a JavaScript or PHP ($img) variable? In the former case, PHP is not needed. Assuming the latter case, try this: (plain HTML here) --- On Mon, 1/19/09, chad qian wrote: From: chad qian Subject: [nycphp-talk] call javascript function from php To: talk at lists.nyphp.org Date: Monday, January 19, 2009, 11:05 PM I want to call javascript function from php.But I fail. Here is the source code,any help?Thanks! chad Untitled Document " ;?> _____ Windows LiveT: Keep your life in sync. Check it out. _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmwaldman at nyc.rr.com Tue Jan 20 08:30:50 2009 From: mmwaldman at nyc.rr.com (Michele Waldman) Date: Tue, 20 Jan 2009 08:30:50 -0500 Subject: [nycphp-talk] call javascript function from php In-Reply-To: Message-ID: <20090120133049.CNWQ6188.hrndva-omta01.mail.rr.com@DeJaVu> On other thing: Don't forget the id. " Michele _____ From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of chad qian Sent: Monday, January 19, 2009 11:05 PM To: talk at lists.nyphp.org Subject: [nycphp-talk] call javascript function from php I want to call javascript function from php.But I fail. Here is the source code,any help?Thanks! chad Untitled Document " ;?> _____ Windows LiveT: Keep your life in sync. Check it out. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmwaldman at nyc.rr.com Tue Jan 20 08:35:49 2009 From: mmwaldman at nyc.rr.com (Michele Waldman) Date: Tue, 20 Jan 2009 08:35:49 -0500 Subject: [nycphp-talk] call javascript function from php In-Reply-To: Message-ID: <20090120133549.QKKI28152.hrndva-omta04.mail.rr.com@DeJaVu> One final thing. Is it calling the function and just not working or not calling the function? Quick test. Put and alert statement at the top of the function to see if it's actually called. Cause that function doesn't look like it works to me. Michele _____ From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of chad qian Sent: Monday, January 19, 2009 11:05 PM To: talk at lists.nyphp.org Subject: [nycphp-talk] call javascript function from php I want to call javascript function from php.But I fail. Here is the source code,any help?Thanks! chad Untitled Document " ;?> _____ Windows LiveT: Keep your life in sync. Check it out. -------------- next part -------------- An HTML attachment was scrubbed... URL: From artur at marnik.net Tue Jan 20 12:02:41 2009 From: artur at marnik.net (Artur Marnik) Date: Tue, 20 Jan 2009 12:02:41 -0500 Subject: [nycphp-talk] call javascript function from php In-Reply-To: <20090120133549.QKKI28152.hrndva-omta04.mail.rr.com@DeJaVu> References: <20090120133549.QKKI28152.hrndva-omta04.mail.rr.com@DeJaVu> Message-ID: <497603B1.7020200@marnik.net> In addition use Web Developer Toolbar for firefox it shows all javascript errors on page Artur Michele Waldman wrote: > One final thing. Is it calling the function and just not working or not > calling the function? > > Quick test. Put and alert statement at the top of the function to see if > it?s actually called. > > Cause that function doesn?t look like it works to me. > > Michele > > - From danielc at analysisandsolutions.com Tue Jan 20 13:43:03 2009 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Tue, 20 Jan 2009 13:43:03 -0500 Subject: [nycphp-talk] FW: [PHP] First official release of the PHP WhitePaper In-Reply-To: <016701c97a63$b76a0760$263e1620$@com> References: <016701c97a63$b76a0760$263e1620$@com> Message-ID: <20090120184302.GA14770@panix.com> > > http://short.ie/php-whitepaper (This is a pdf) What the heck is Masque? It's mentioned in the key for the graph on page 5. Is it some word made up by the French Academy to replace "Java"? --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From chehodgins at gmail.com Tue Jan 20 15:42:36 2009 From: chehodgins at gmail.com (Che Hodgins) Date: Tue, 20 Jan 2009 15:42:36 -0500 Subject: [nycphp-talk] FW: [PHP] First official release of the PHP WhitePaper In-Reply-To: <20090120184302.GA14770@panix.com> References: <016701c97a63$b76a0760$263e1620$@com> <20090120184302.GA14770@panix.com> Message-ID: On Tue, Jan 20, 2009 at 1:43 PM, Daniel Convissor wrote: > > > > http://short.ie/php-whitepaper (This is a pdf) > > What the heck is Masque? It's mentioned in the key for the graph on page > 5. Is it some word made up by the French Academy to replace "Java"? Its "masqu?", which means "hidden" in English. Che > > --Dan > > -- > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > data intensive web and database programming > http://www.AnalysisAndSolutions.com/ > 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php From fgabrieli at gmail.com Tue Jan 20 20:52:49 2009 From: fgabrieli at gmail.com (Fernando Gabrieli) Date: Tue, 20 Jan 2009 22:52:49 -0300 Subject: [nycphp-talk] FW: [PHP] First official release of the PHP WhitePaper In-Reply-To: References: <016701c97a63$b76a0760$263e1620$@com> <20090120184302.GA14770@panix.com> Message-ID: very useful to convince someone working in sales/marketing to move to PHP On Tue, Jan 20, 2009 at 5:42 PM, Che Hodgins wrote: > On Tue, Jan 20, 2009 at 1:43 PM, Daniel Convissor > wrote: > > > > > > http://short.ie/php-whitepaper (This is a pdf) > > > > What the heck is Masque? It's mentioned in the key for the graph on page > > 5. Is it some word made up by the French Academy to replace "Java"? > > Its "masqu?", which means "hidden" in English. > > Che > > > > > --Dan > > > > -- > > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > > data intensive web and database programming > > http://www.AnalysisAndSolutions.com/ > > 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 > > _______________________________________________ > > New York PHP User Group Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > http://www.nyphp.org/show_participation.php > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rick at click-rick.net Wed Jan 21 20:24:19 2009 From: rick at click-rick.net (Rick Retzko) Date: Wed, 21 Jan 2009 20:24:19 -0500 Subject: [nycphp-talk] array in object Message-ID: <11D0198BB4A444E3BF350ED74BCBCEE0@adam> Hi Folks - This should be simple, but I haven't been able to debug it on my own, so I'm asking for help. I'm walking through a user's webform submission that I've put into an object and comparing each of that object's properties with the current properties ($cur) stored on mySQL database. The example below is input for a phone number (phone1). This example stores the 10-digit phone number into variable $c: $c=$cur->phone1['descr']; If I use $key to capture the property to be checked ('phone1'), the following stores null: $b=$cur->$key['descr']; Any help on understanding why $cur->$key['descr'] is not synonymous with $cur->phone1['descr'] when $key='phone1' would be a help! Best Regards - Rick ============ rick at click-rick.net 201.755.4083 -------------- next part -------------- An HTML attachment was scrubbed... URL: From tmpvar at gmail.com Wed Jan 21 20:32:23 2009 From: tmpvar at gmail.com (Elijah Insua) Date: Wed, 21 Jan 2009 20:32:23 -0500 Subject: [nycphp-talk] array in object In-Reply-To: <11D0198BB4A444E3BF350ED74BCBCEE0@adam> References: <11D0198BB4A444E3BF350ED74BCBCEE0@adam> Message-ID: <2b4feca10901211732w1a7a1fd4u94daad7ba6f776bc@mail.gmail.com> $key is not phone1 ? On Wed, Jan 21, 2009 at 8:24 PM, Rick Retzko wrote: > Hi Folks - > > This should be simple, but I haven't been able to debug it on my own, so > I'm asking for help. > > I'm walking through a user's webform submission that I've put into an > object and comparing each of that object's properties with the current > properties ($cur) stored on mySQL database. > The example below is input for a phone number (phone1). > > This example stores the 10-digit phone number into variable $c: > $c=$cur->phone1['descr']; > > If I use $key to capture the property to be checked ('phone1'), the > following stores null: > $b=$cur->$key['descr']; > > Any help on understanding why $cur->$key['descr'] is not synonymous with > $cur->phone1['descr'] when $key='phone1' would be a help! > > Best Regards - > > Rick > ============ > rick at click-rick.net > 201.755.4083 > > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dirn at dirnonline.com Wed Jan 21 20:38:11 2009 From: dirn at dirnonline.com (Andy Dirnberger) Date: Wed, 21 Jan 2009 20:38:11 -0500 Subject: [nycphp-talk] array in object In-Reply-To: <11D0198BB4A444E3BF350ED74BCBCEE0@adam> References: <11D0198BB4A444E3BF350ED74BCBCEE0@adam> Message-ID: <001201c97c32$16a52320$43ef6960$@com> I would guess that $key['descr'] is happening before $cur->$key. From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Rick Retzko Sent: Wednesday, January 21, 2009 8:24 PM To: talk at lists.nyphp.org Subject: [nycphp-talk] array in object Hi Folks - This should be simple, but I haven't been able to debug it on my own, so I'm asking for help. I'm walking through a user's webform submission that I've put into an object and comparing each of that object's properties with the current properties ($cur) stored on mySQL database. The example below is input for a phone number (phone1). This example stores the 10-digit phone number into variable $c: $c=$cur->phone1['descr']; If I use $key to capture the property to be checked ('phone1'), the following stores null: $b=$cur->$key['descr']; Any help on understanding why $cur->$key['descr'] is not synonymous with $cur->phone1['descr'] when $key='phone1' would be a help! Best Regards - Rick ============ rick at click-rick.net 201.755.4083 -------------- next part -------------- An HTML attachment was scrubbed... URL: From kenneth at ylayali.net Wed Jan 21 20:46:19 2009 From: kenneth at ylayali.net (Kenneth Dombrowski) Date: Wed, 21 Jan 2009 20:46:19 -0500 Subject: [nycphp-talk] array in object In-Reply-To: <11D0198BB4A444E3BF350ED74BCBCEE0@adam> References: <11D0198BB4A444E3BF350ED74BCBCEE0@adam> Message-ID: <20090122014619.GA21761@ylayali.net> kenneth at gilgamesh:~$ php -a Interactive mode enabled phone1 = array("descr" => "Home Phone"); } } $c = new C(); print $c->phone1["descr"] . "\n"; Home Phone $key = "phone1"; print $c->{$key}["descr"] . "\n"; Home Phone print $c->$key["descr"] . "\n"; # looking for a property named $key["descr"] On 09-01-21 20:24 -0500, Rick Retzko wrote: > Hi Folks - > > This should be simple, but I haven't been able to debug it on my own, so I'm > asking for help. > > I'm walking through a user's webform submission that I've put into an object > and comparing each of that object's properties with the current properties > ($cur) stored on mySQL database. > The example below is input for a phone number (phone1). > > This example stores the 10-digit phone number into variable $c: > $c=$cur->phone1['descr']; > > If I use $key to capture the property to be checked ('phone1'), the > following stores null: > $b=$cur->$key['descr']; > > Any help on understanding why $cur->$key['descr'] is not synonymous with > $cur->phone1['descr'] when $key='phone1' would be a help! > > Best Regards - > > Rick > ============ > rick at click-rick.net > 201.755.4083 > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php From rick at click-rick.net Wed Jan 21 21:03:47 2009 From: rick at click-rick.net (Rick Retzko) Date: Wed, 21 Jan 2009 21:03:47 -0500 Subject: [nycphp-talk] array in object In-Reply-To: <20090122014619.GA21761@ylayali.net> References: <11D0198BB4A444E3BF350ED74BCBCEE0@adam> <20090122014619.GA21761@ylayali.net> Message-ID: <5FD5CF15E3CA49ABA220F078AF795AB2@adam> Kenneth - THANKS! I need to go back over my code, but the curly-brackets solved the problem: $b=$cur->{$key}['descr']; resolves to the 10-digit phone number I was looking for. Best Regards - Rick ============ rick at click-rick.net 201.755.4083 -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Kenneth Dombrowski Sent: Wednesday, January 21, 2009 8:46 PM To: NYPHP Talk Subject: Re: [nycphp-talk] array in object kenneth at gilgamesh:~$ php -a Interactive mode enabled phone1 = array("descr" => "Home Phone"); } } $c = new C(); print $c->phone1["descr"] . "\n"; Home Phone $key = "phone1"; print $c->{$key}["descr"] . "\n"; Home Phone print $c->$key["descr"] . "\n"; # looking for a property named $key["descr"] On 09-01-21 20:24 -0500, Rick Retzko wrote: > Hi Folks - > > This should be simple, but I haven't been able to debug it on my own, > so I'm asking for help. > > I'm walking through a user's webform submission that I've put into an > object and comparing each of that object's properties with the current > properties > ($cur) stored on mySQL database. > The example below is input for a phone number (phone1). > > This example stores the 10-digit phone number into variable $c: > $c=$cur->phone1['descr']; > > If I use $key to capture the property to be checked ('phone1'), the > following stores null: > $b=$cur->$key['descr']; > > Any help on understanding why $cur->$key['descr'] is not synonymous > with $cur->phone1['descr'] when $key='phone1' would be a help! > > Best Regards - > > Rick > ============ > rick at click-rick.net > 201.755.4083 > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php From corey at gelform.com Fri Jan 23 11:31:08 2009 From: corey at gelform.com (Corey H Maass - gelform.com) Date: Fri, 23 Jan 2009 11:31:08 -0500 Subject: [nycphp-talk] Looking for a Zend/PHP dev for a free to-do site Message-ID: <1232728268.25764.1296389567@webmail.messagingengine.com> I have an interesting idea for a to-do list/reminder site. I want to release it completely free to help people (and to get our names out there for other work). I've got the domain, I've got the web space, and I've got the gen'l ideas worked out. I am a front-end developer with a lot of background experience. I want to concentrate on just designing and implementing this. I'm looking for a Zend/PHP person to help think this thru and then do the back-end. It will be a fun, not-too-intense evening and weekend project (shouldn't take more than a couple weeks) that I think will get us some good attention. Let me know if yre interested. Thanks! Corey // Corey H Maass Gelform Design Brooklyn, NY Print and web design for art and business em corey at gelform.com ww http://www.gelform.com ph 646/228.5048 fx 866/502.4861 IM gelform From adlermedrado at gmail.com Sat Jan 24 05:05:39 2009 From: adlermedrado at gmail.com (Adler Medrado) Date: Sat, 24 Jan 2009 10:05:39 +0000 Subject: [nycphp-talk] Invitation from NYPHP Talk Message-ID: <20090124100542.C4F4C1CB246C@lists.nyphp.org> You will like it. Click to find out why http://www.bebo.com/in/8518698201a99036038b135 ...................................................................... This email was sent to you at the direct request of Adler Medrado . You have not been added to a mailing list. If you would prefer not to receive invitations from ANY Bebo members please click here - http://www.bebo.com/unsub/8518698201a99036038 Bebo, Inc., 795 Folsom St, 6th Floor, San Francisco, CA 94107, USA. From lists at zaunere.com Sat Jan 24 13:35:01 2009 From: lists at zaunere.com (Hans Zaunere) Date: Sat, 24 Jan 2009 13:35:01 -0500 Subject: [nycphp-talk] Invitation from NYPHP Talk In-Reply-To: <20090124100542.C4F4C1CB246C@lists.nyphp.org> References: <20090124100542.C4F4C1CB246C@lists.nyphp.org> Message-ID: <00d001c97e52$77ca1440$675e3cc0$@com> These types of messages aren't tolerated. You will be removed, Adler. H > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk- > bounces at lists.nyphp.org] On Behalf Of Adler Medrado > Sent: Saturday, January 24, 2009 5:06 AM > To: talk at lists.nyphp.org > Subject: [nycphp-talk] Invitation from NYPHP Talk > > > You will like it. > > Click to find out why > > http://www.bebo.com/in/8518698201a99036038b135 > > ...................................................................... > > > This email was sent to you at the direct request of Adler Medrado > . You have not been added to a mailing list. > > If you would prefer not to receive invitations from ANY Bebo members > please click here - http://www.bebo.com/unsub/8518698201a99036038 > > Bebo, Inc., 795 Folsom St, 6th Floor, San Francisco, CA 94107, USA. > > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php From ps at blu-studio.com Sat Jan 24 21:27:22 2009 From: ps at blu-studio.com (Peter Sawczynec) Date: Sat, 24 Jan 2009 21:27:22 -0500 Subject: [nycphp-talk] Looking for a PHP Script Message-ID: <000501c97e94$74b469d0$5e1d3d70$@com> PHP Ecards Script I am looking for a recommendation on a free or very reasonably priced Ecard application that sends out the actual created postcard as a jpg or HTML email. Not looking for an app that sends a link and the user has to go pick up. Any such PHP project names or web addresses appreciated. Thanks. Warmest regards, Peter Sawczynec Technology Dir. bl?studio 941.893.0396 ps at blu-studio.com www.blu-studio.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmwaldman at nyc.rr.com Sun Jan 25 14:43:30 2009 From: mmwaldman at nyc.rr.com (Michele Waldman) Date: Sun, 25 Jan 2009 14:43:30 -0500 Subject: [nycphp-talk] mcrypt_encrypt Message-ID: <20090125194331.MBGV26080.hrndva-omta04.mail.rr.com@DeJaVu> I got an undefined function error on mcrypt_encrypt. It looks to be an extension. I downloaded the source code. I'm guessing my hosting provider didn't include it. So what's new? I see a lot on line about using use_entension=php_mcrypt.dll, but that's in a windows environment. Does anyone know? If I have to do anything in the php.ini file to use mcrypt on linux/apache/redhat? Or if it's installed it just works? I hate to think I'm going to have to recompile php on my machine, just to get that function. I'm looking in the php.conf file, I see loadmodule for libphp5.so. Do I just compile the php with the extension? I'm guessing it doesn't matter what version I have now if I'm recompiling. Does anyone know the name of the .so file that contains mcrypt is just in case it's there and if I have to modify the php.conf file or do the extensions have to be compiled in libphp5.so?? Michele -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajai at bitblit.net Sun Jan 25 14:46:13 2009 From: ajai at bitblit.net (Ajai Khattri) Date: Sun, 25 Jan 2009 14:46:13 -0500 (EST) Subject: [nycphp-talk] mcrypt_encrypt In-Reply-To: <20090125194331.MBGV26080.hrndva-omta04.mail.rr.com@DeJaVu> Message-ID: On Sun, 25 Jan 2009, Michele Waldman wrote: > I'm guessing my hosting provider didn't include it. So what's new? > > I see a lot on line about using use_entension=php_mcrypt.dll, but that's in > a windows environment. > > Does anyone know? If I have to do anything in the php.ini file to use > mcrypt on linux/apache/redhat? Or if it's installed it just works? What does phpinfo() show? > I hate to think I'm going to have to recompile php on my machine, just > to get that function. Maybe you will have to. But more importantly, your hosting provider will have to be told/convinced. -- Aj. From mmwaldman at nyc.rr.com Sun Jan 25 15:11:20 2009 From: mmwaldman at nyc.rr.com (Michele Waldman) Date: Sun, 25 Jan 2009 15:11:20 -0500 Subject: [nycphp-talk] mcrypt_encrypt In-Reply-To: Message-ID: <20090125201120.MPEW26080.hrndva-omta04.mail.rr.com@DeJaVu> What am I looking for? I've never seen phpinfo() where mcrypt was installed. --disable-posix-threads in the configuration command or something in additional .ini files parsed? Would it list mcrypt explicitly? Michele -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Ajai Khattri Sent: Sunday, January 25, 2009 2:46 PM To: NYPHP Talk Subject: Re: [nycphp-talk] mcrypt_encrypt On Sun, 25 Jan 2009, Michele Waldman wrote: > I'm guessing my hosting provider didn't include it. So what's new? > > I see a lot on line about using use_entension=php_mcrypt.dll, but that's in > a windows environment. > > Does anyone know? If I have to do anything in the php.ini file to use > mcrypt on linux/apache/redhat? Or if it's installed it just works? What does phpinfo() show? > I hate to think I'm going to have to recompile php on my machine, just > to get that function. Maybe you will have to. But more importantly, your hosting provider will have to be told/convinced. -- Aj. _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php From tim_lists at o2group.com Sun Jan 25 15:34:43 2009 From: tim_lists at o2group.com (Tim Lieberman) Date: Sun, 25 Jan 2009 15:34:43 -0500 Subject: [nycphp-talk] mcrypt_encrypt In-Reply-To: <20090125201120.MPEW26080.hrndva-omta04.mail.rr.com@DeJaVu> References: <20090125201120.MPEW26080.hrndva-omta04.mail.rr.com@DeJaVu> Message-ID: <38480E93-CF70-4EE2-99AD-ADC92846DDEA@o2group.com> On Jan 25, 2009, at 3:11 PM, Michele Waldman wrote: > What am I looking for? I've never seen phpinfo() where mcrypt was > installed. > --disable-posix-threads in the configuration command or something in > additional .ini files parsed? Would it list mcrypt explicitly? > Michele You'll see --with-mcrypt in the configure command at the top, and an mcrypt section farther down in the phpinfo() output. According to php.net, you probably need to compile libmcrypt itself, passing --disable-posix-threads to libmcrypt's configure script -Tim From ioplex at gmail.com Sun Jan 25 16:23:45 2009 From: ioplex at gmail.com (Michael B Allen) Date: Sun, 25 Jan 2009 16:23:45 -0500 Subject: [nycphp-talk] mcrypt_encrypt In-Reply-To: <20090125194331.MBGV26080.hrndva-omta04.mail.rr.com@DeJaVu> References: <20090125194331.MBGV26080.hrndva-omta04.mail.rr.com@DeJaVu> Message-ID: <78c6bd860901251323x41afa4d0iab4d6af7cef1583d@mail.gmail.com> On Sun, Jan 25, 2009 at 2:43 PM, Michele Waldman wrote: > I got an undefined function error on mcrypt_encrypt. > > It looks to be an extension. I downloaded the source code. > > I'm guessing my hosting provider didn't include it. So what's new? > > I see a lot on line about using use_entension=php_mcrypt.dll, but that's in > a windows environment. > > Does anyone know? If I have to do anything in the php.ini file to use > mcrypt on linux/apache/redhat? Or if it's installed it just works? If you're using Red Hat just do: # yum install php-mcrypt ...y # apachectrl restart Mike -- Michael B Allen Java Active Directory Integration http://www.ioplex.com/ From bonsaime at gmail.com Sun Jan 25 23:20:05 2009 From: bonsaime at gmail.com (Jesse Callaway) Date: Sun, 25 Jan 2009 23:20:05 -0500 Subject: [nycphp-talk] spreading php out Message-ID: I was about to install php on a G4 I have and thought I should maybe go lightweight with it. Really I'm sure it can handle Apache 2 just fine, since it's just for development... but why not make it fun? So I took a look at going with lighttpd from the php manual and the setup that that would entail. What really struck me was that fastcgi can take a network socket as well as the traditional file socket. Here's an excerpt from the php.net manual: http://us2.php.net/manual/en/install.unix.lighttpd-14.php Connecting to remote FCGI instances Fastcgi instances can be spawned on multiple remote machines in order to scale applications. Example #3 Connecting to remote php-fastcgi instances fastcgi.server = ( ".php" => (( "host" => "10.0.0.2", "port" => 1030 ), ( "host" => "10.0.0.3", "port" => 1030 )) ) Whoa! Has anyone done this? I understand php isn't probably what's killing your CPU, rather, it's the database... but I was psyched to stumble upon this anyway in case it ever comes up in the future. More people are probably familiar with traditional load balancing using Apache 1 stripped down. I'm interested to see if anyone's stripping it *all the way* down like in this example. -jesse From mmwaldman at nyc.rr.com Mon Jan 26 09:45:57 2009 From: mmwaldman at nyc.rr.com (Michele Waldman) Date: Mon, 26 Jan 2009 09:45:57 -0500 Subject: [nycphp-talk] Php off root Message-ID: <20090126144557.ZDND3899.hrndva-omta01.mail.rr.com@DeJaVu> Guys, I posted a while back about php dumping to the screen for God knows what reason, the sys admin or something. Anyway, I picked up Chris Shiftlett's book "Essential Handbook on Php Security". Nestled in the 100 page book was don't keep php in webroot. I can't remember the reason for that statement, but that cleared up my concern for code dumping to the screen for God knows what reason. It also, cleared up my concerns about keeping passwords in php. Now, a lot of people attacked me for my ignorance, but I'm new to web development. I've had my company for just one year now and I haven't been taking clients of even one year. My total experience has been about 2 years part-time. I was a c programmer for 7 years and have a Computer Science degree from UC-Berkeley. I'm no hack. I'm just a newbie in the web arena. But, don't go to sleep on me. I'm a quick study. Plus, I work at home. I'd be in a vacuum if it wasn't for the web and these mailing list. So, anyway for anyone that I caused concern for the solution for me is keep code off webroot and in webroot just include those file. Worries over. Bad sys admin or no. Someone have told me that or directed me to a good book, rather than getting flustered with me. Frustrated, I went to Barnes and Noble. When the gal typed in php and security she found Chris's book and another book that's supposed to be realeased this month. For a new programmer, Chris's book is chalked full of good info. Straight to the code. No fluff. Michele -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul at devonianfarm.com Mon Jan 26 09:56:57 2009 From: paul at devonianfarm.com (Paul A Houle) Date: Mon, 26 Jan 2009 09:56:57 -0500 Subject: [nycphp-talk] spreading php out In-Reply-To: References: Message-ID: <497DCF39.2010301@devonianfarm.com> Jesse Callaway wrote: > I was about to install php on a G4 I have and thought I should maybe > go lightweight with it. Really I'm sure it can handle Apache 2 just > fine, since it's just for development... but why not make it fun? > Personally I avoid off-brand web servers. Many of them have correctness problems that cause, say, 1 in 100 large file downloads to be corrupted. I've tried a number of "lightweight web servers" including "lighthttpd" and, so far, I've always had problems when they're used in production systems. From brenttech at gmail.com Mon Jan 26 10:10:26 2009 From: brenttech at gmail.com (Brent Baisley) Date: Mon, 26 Jan 2009 10:10:26 -0500 Subject: [nycphp-talk] spreading php out In-Reply-To: References: Message-ID: <5d515c620901260710s2faf2411xe95cafba79de1630@mail.gmail.com> I don't think you need to strip anything down. Apache/PHP/MySQL would run just fine on a G4 in their standard setup, just some standard configuration tweaking. The hardware would actually be a good setup to optimize your code, which is where the biggest slow downs usually occur. If it runs fine on a G4, it will run great on better hardware. Also, if you are running OSX, especially and older version, the bottleneck could be the operating system. Older versions of OSX didn't have fine grained locking of system resources (i.e. networking), so the slowdowns occur because of locking and waiting, not because of CPU load. OSX is getting better, but still has a little ways to go. Brent Baisley On Sun, Jan 25, 2009 at 11:20 PM, Jesse Callaway wrote: > I was about to install php on a G4 I have and thought I should maybe > go lightweight with it. Really I'm sure it can handle Apache 2 just > fine, since it's just for development... but why not make it fun? > > So I took a look at going with lighttpd from the php manual and the > setup that that would entail. What really struck me was that fastcgi > can take a network socket as well as the traditional file socket. > Here's an excerpt from the php.net manual: > > http://us2.php.net/manual/en/install.unix.lighttpd-14.php > > Connecting to remote FCGI instances > > Fastcgi instances can be spawned on multiple remote machines in order > to scale applications. > > Example #3 Connecting to remote php-fastcgi instances > > fastcgi.server = ( ".php" => > (( "host" => "10.0.0.2", "port" => 1030 ), > ( "host" => "10.0.0.3", "port" => 1030 )) > ) > > > Whoa! Has anyone done this? I understand php isn't probably what's > killing your CPU, rather, it's the database... but I was psyched to > stumble upon this anyway in case it ever comes up in the future. > > More people are probably familiar with traditional load balancing > using Apache 1 stripped down. I'm interested to see if anyone's > stripping it *all the way* down like in this example. > > -jesse > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > From bonsaime at gmail.com Mon Jan 26 10:40:17 2009 From: bonsaime at gmail.com (Jesse Callaway) Date: Mon, 26 Jan 2009 10:40:17 -0500 Subject: [nycphp-talk] spreading php out In-Reply-To: <497DCF39.2010301@devonianfarm.com> References: <497DCF39.2010301@devonianfarm.com> Message-ID: On Mon, Jan 26, 2009 at 9:56 AM, Paul A Houle wrote: > Jesse Callaway wrote: >> >> I was about to install php on a G4 I have and thought I should maybe >> go lightweight with it. Really I'm sure it can handle Apache 2 just >> fine, since it's just for development... but why not make it fun? >> > > Personally I avoid off-brand web servers. Many of them have correctness > problems that cause, say, 1 in 100 large file downloads to be corrupted. > > I've tried a number of "lightweight web servers" including "lighthttpd" > and, so far, I've always had problems when they're used in production > systems. > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > Hey all, This is more of a fastcgi/php question. If anyone has experience working like this it would be interesting to hear. I don't really care. I should probably go bug the fastcgi people about this.... It's nice to hear what people have to say about webservers, but it's this concept of having just fastcgi running in some sort of a farm that's interesting me. Lighty, apache, iis.... not really the issue for me. Things like - "This kills APC due to weird cache misses" are what I'm looking to hear if anyone has experience on it. -jesse From ajai at bitblit.net Mon Jan 26 12:22:00 2009 From: ajai at bitblit.net (Ajai Khattri) Date: Mon, 26 Jan 2009 12:22:00 -0500 (EST) Subject: [nycphp-talk] Php off root In-Reply-To: <20090126144557.ZDND3899.hrndva-omta01.mail.rr.com@DeJaVu> Message-ID: On Mon, 26 Jan 2009, Michele Waldman wrote: > So, anyway for anyone that I caused concern for the solution for me is keep > code off webroot and in webroot just include those file. Worries over. Bad > sys admin or no. Yeah, generally code that doesn't need to be opened in a browser, doesn't need to be in the webroot (and that means include files too!). Im working a lot with symfony these days, and the only file in the webroot is the single entrypoint via index.php. > For a new programmer, Chris's book is chalked full of good info. Straight > to the code. No fluff. I think you're preaching to the converted perhaps? :-) -- Aj. From anthony at thrillist.com Mon Jan 26 12:27:43 2009 From: anthony at thrillist.com (Anthony Wlodarski) Date: Mon, 26 Jan 2009 09:27:43 -0800 Subject: [nycphp-talk] PHP Scope in foreach construct. Message-ID: When working with foreach constructs do the functions and variables defined get returned to the garbage collector on each iteration or does the foreach have to finish execution before things can be returned to the garbage collector? The reason that I ask is because we are generating data for Google Maps and they require one very large XML file which keeps blowing our memory size definition inside the php.ini file. What we might end up doing is creating the XML file in batches of lets say 500 items or less and then append the files manually. I figured this was an interesting question and I can't find any answers anywhere else (even on php.net docs). -Anthony -- Anthony Wlodarski www.thrillist.com Web Applications Developer 568 Broadway Ste. 605 New York, NY, 10012 (o) 646.786.1944 -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajai at bitblit.net Mon Jan 26 12:28:44 2009 From: ajai at bitblit.net (Ajai Khattri) Date: Mon, 26 Jan 2009 12:28:44 -0500 (EST) Subject: [nycphp-talk] spreading php out In-Reply-To: Message-ID: On Sun, 25 Jan 2009, Jesse Callaway wrote: > Example #3 Connecting to remote php-fastcgi instances > > fastcgi.server = ( ".php" => > (( "host" => "10.0.0.2", "port" => 1030 ), > ( "host" => "10.0.0.3", "port" => 1030 )) > ) Yeah, Ive been using a similar setup for about a year now... Now, for extra points, you'll show us how to recode Apache rewrite rules so they work in light :-)) -- Aj. From ajai at bitblit.net Mon Jan 26 12:30:36 2009 From: ajai at bitblit.net (Ajai Khattri) Date: Mon, 26 Jan 2009 12:30:36 -0500 (EST) Subject: [nycphp-talk] spreading php out In-Reply-To: <497DCF39.2010301@devonianfarm.com> Message-ID: On Mon, 26 Jan 2009, Paul A Houle wrote: > I've tried a number of "lightweight web servers" including > "lighthttpd" and, so far, I've always had problems when they're used > in production systems. Generally, lighty is great for image servers and other static resources. Since it can hand off the dynamic requests to another server, it can be used as a proxy in front of a farm of Apache servers that will do the heavy lifting. -- Aj. From ajai at bitblit.net Mon Jan 26 12:31:37 2009 From: ajai at bitblit.net (Ajai Khattri) Date: Mon, 26 Jan 2009 12:31:37 -0500 (EST) Subject: [nycphp-talk] spreading php out In-Reply-To: <5d515c620901260710s2faf2411xe95cafba79de1630@mail.gmail.com> Message-ID: On Mon, 26 Jan 2009, Brent Baisley wrote: > I don't think you need to strip anything down. Apache/PHP/MySQL would > run just fine on a G4 in their standard setup, just some standard > configuration tweaking. Im running that on a G3 (not a production server!), but to be fair, the G3 is running Linux :-) -- Aj. From brenttech at gmail.com Mon Jan 26 12:50:38 2009 From: brenttech at gmail.com (Brent Baisley) Date: Mon, 26 Jan 2009 12:50:38 -0500 Subject: [nycphp-talk] PHP Scope in foreach construct. In-Reply-To: References: Message-ID: <5d515c620901260950v976b17ak351e3f00102b3941@mail.gmail.com> foreach makes a copy of the array element you are processing. If the current "value" is large, like another array, then you have 2 large arrays. Use a for loop instead or use a reference for the value variable: foreach ( $array as &$value ) ... If you are running into memory problems, you probably should rethink how you are processing the data. You should process it in chunks and stream it out to the XML file. Then it does matter how large the data set gets. You can also just adjust the php memory limit if you haven't done that already. It defaults to 8MB or 16MB (5.2). Use memory_get_usage to see where your memory is jumping. Hope that helps. Brent Baisley On Mon, Jan 26, 2009 at 12:27 PM, Anthony Wlodarski wrote: > When working with foreach constructs do the functions and variables defined > get returned to the garbage collector on each iteration or does the foreach > have to finish execution before things can be returned to the garbage > collector? > > The reason that I ask is because we are generating data for Google Maps and > they require one very large XML file which keeps blowing our memory size > definition inside the php.ini file. What we might end up doing is creating > the XML file in batches of lets say 500 items or less and then append the > files manually. > > I figured this was an interesting question and I can't find any answers > anywhere else (even on php.net docs). > > -Anthony > -- > Anthony Wlodarski > www.thrillist.com > Web Applications Developer > 568 Broadway Ste. 605 > New York, NY, 10012 > (o) 646.786.1944 > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > From anthony at thrillist.com Mon Jan 26 12:58:53 2009 From: anthony at thrillist.com (Anthony Wlodarski) Date: Mon, 26 Jan 2009 09:58:53 -0800 Subject: [nycphp-talk] PHP Scope in foreach construct. In-Reply-To: <5d515c620901260950v976b17ak351e3f00102b3941@mail.gmail.com> Message-ID: Brent, Thanks for the feedback, we are going to do the XML file in batches but it is interesting to see that the memory from within the foreach never gets returned (tested with memory_get_usage). Now there are a couple of other variables to assume with this application. It is Drupal based so yeah there is bloat but we take that into consideration (our memory size is set to 128mb per operation) and we also assume that the postgresql db driver in Drupal is doing its job on not creating un necessary connections for each call to node_load() but we haven't dug that deep into the Drupal core for times sake. But I didn't know you could use the variable in a foreach as a reference, I will have to take that into consideration when being a memory conservationist in the future. -Anthony -- Anthony Wlodarski www.thrillist.com Web Applications Developer 568 Broadway Ste. 605 New York, NY, 10012 (o) 646.786.1944 ________________________________ From: Brent Baisley Reply-To: NYPHP Talk Date: Mon, 26 Jan 2009 09:50:38 -0800 To: NYPHP Talk Subject: Re: [nycphp-talk] PHP Scope in foreach construct. foreach makes a copy of the array element you are processing. If the current "value" is large, like another array, then you have 2 large arrays. Use a for loop instead or use a reference for the value variable: foreach ( $array as &$value ) ... If you are running into memory problems, you probably should rethink how you are processing the data. You should process it in chunks and stream it out to the XML file. Then it does matter how large the data set gets. You can also just adjust the php memory limit if you haven't done that already. It defaults to 8MB or 16MB (5.2). Use memory_get_usage to see where your memory is jumping. Hope that helps. Brent Baisley On Mon, Jan 26, 2009 at 12:27 PM, Anthony Wlodarski wrote: > When working with foreach constructs do the functions and variables defined > get returned to the garbage collector on each iteration or does the foreach > have to finish execution before things can be returned to the garbage > collector? > > The reason that I ask is because we are generating data for Google Maps and > they require one very large XML file which keeps blowing our memory size > definition inside the php.ini file. What we might end up doing is creating > the XML file in batches of lets say 500 items or less and then append the > files manually. > > I figured this was an interesting question and I can't find any answers > anywhere else (even on php.net docs). > > -Anthony > -- > Anthony Wlodarski > www.thrillist.com > Web Applications Developer > 568 Broadway Ste. 605 > New York, NY, 10012 > (o) 646.786.1944 > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From tmpvar at gmail.com Mon Jan 26 15:28:22 2009 From: tmpvar at gmail.com (Elijah Insua) Date: Mon, 26 Jan 2009 15:28:22 -0500 Subject: [nycphp-talk] Php off root In-Reply-To: References: <20090126144557.ZDND3899.hrndva-omta01.mail.rr.com@DeJaVu> Message-ID: <2b4feca10901261228v7d0d2db4n2b4f281a9bbc24a3@mail.gmail.com> Michele, I'm happy you found your way! -- Elijah On Mon, Jan 26, 2009 at 12:22 PM, Ajai Khattri wrote: > On Mon, 26 Jan 2009, Michele Waldman wrote: > > > So, anyway for anyone that I caused concern for the solution for me is > keep > > code off webroot and in webroot just include those file. Worries over. > Bad > > sys admin or no. > > Yeah, generally code that doesn't need to be opened in a browser, doesn't > need to be in the webroot (and that means include files too!). Im working > a lot with symfony these days, and the only file in the webroot is the > single entrypoint via index.php. > > > For a new programmer, Chris's book is chalked full of good info. > Straight > > to the code. No fluff. > > I think you're preaching to the converted perhaps? :-) > > > -- > Aj. > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From shiflett at php.net Mon Jan 26 15:38:46 2009 From: shiflett at php.net (Chris Shiflett) Date: Mon, 26 Jan 2009 15:38:46 -0500 Subject: [nycphp-talk] Php off root In-Reply-To: <20090126144557.ZDND3899.hrndva-omta01.mail.rr.com@DeJaVu> References: <20090126144557.ZDND3899.hrndva-omta01.mail.rr.com@DeJaVu> Message-ID: Hi Michele, > Anyway, I picked up Chris Shiftlett's book "Essential Handbook on Php > Security". Nestled in the 100 page book was don't keep php in > webroot. I hope you enjoy the book. :-) The recommendation you're referring to is probably to reduce risk wherever possible. For resources that don't need to be directly accessible via URL, there's no reason to keep them in document root. But, to be clear, the risk in this case is human error. > It also, cleared up my concerns about keeping passwords in php. I hope this isn't bad news, but if you're on a shared host, there's another concern here. Others can potentially access your files, even if they're not in document root. I think the book discusses this in Chapter 8. I have a free article that might also be helpful: http://shiflett.org/articles/shared-hosting > Now, a lot of people attacked me for my ignorance, but I'm new to web > development. I remember the discussion, and I don't believe you were attacked. Just be a little more honest with your uncertainty when presenting information. In your case, you were presenting misinformation as if it were fact, and people understandably corrected that. I can understand how this can make you feel attacked, but hopefully you can step back and see the bigger picture now. :-) > So, anyway for anyone that I caused concern for the solution for me > is keep > code off webroot and in webroot just include those file. Worries > over. Bad > sys admin or no. Exactly. If you can architect a system in a way that makes human error less likely or less damaging, then doing so is a good idea. Everyone will agree with that. > Frustrated, I went to Barnes and Noble. When the gal typed in php and > security she found Chris's book and another book that's supposed to be > realeased this month. Do you remember the new book? I'd like to read it. > For a new programmer, Chris's book is chalked full of good info. > Straight > to the code. No fluff. Nice to know. Thanks very much. Chris -- Chris Shiflett http://shiflett.org/ From mmwaldman at nyc.rr.com Mon Jan 26 18:16:16 2009 From: mmwaldman at nyc.rr.com (Michele Waldman) Date: Mon, 26 Jan 2009 18:16:16 -0500 Subject: [nycphp-talk] Php off root In-Reply-To: Message-ID: <20090126231615.QCVM4789.hrndva-omta02.mail.rr.com@DeJaVu> I think it was called "Securing Php Applications" -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Chris Shiflett Sent: Monday, January 26, 2009 3:39 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Php off root Hi Michele, > Anyway, I picked up Chris Shiftlett's book "Essential Handbook on Php > Security". Nestled in the 100 page book was don't keep php in > webroot. I hope you enjoy the book. :-) The recommendation you're referring to is probably to reduce risk wherever possible. For resources that don't need to be directly accessible via URL, there's no reason to keep them in document root. But, to be clear, the risk in this case is human error. > It also, cleared up my concerns about keeping passwords in php. I hope this isn't bad news, but if you're on a shared host, there's another concern here. Others can potentially access your files, even if they're not in document root. I think the book discusses this in Chapter 8. I have a free article that might also be helpful: http://shiflett.org/articles/shared-hosting > Now, a lot of people attacked me for my ignorance, but I'm new to web > development. I remember the discussion, and I don't believe you were attacked. Just be a little more honest with your uncertainty when presenting information. In your case, you were presenting misinformation as if it were fact, and people understandably corrected that. I can understand how this can make you feel attacked, but hopefully you can step back and see the bigger picture now. :-) > So, anyway for anyone that I caused concern for the solution for me > is keep > code off webroot and in webroot just include those file. Worries > over. Bad > sys admin or no. Exactly. If you can architect a system in a way that makes human error less likely or less damaging, then doing so is a good idea. Everyone will agree with that. > Frustrated, I went to Barnes and Noble. When the gal typed in php and > security she found Chris's book and another book that's supposed to be > realeased this month. Do you remember the new book? I'd like to read it. > For a new programmer, Chris's book is chalked full of good info. > Straight > to the code. No fluff. Nice to know. Thanks very much. Chris -- Chris Shiflett http://shiflett.org/ _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php From nynj.tech at hotmail.com Mon Jan 26 22:54:20 2009 From: nynj.tech at hotmail.com (chad qian) Date: Mon, 26 Jan 2009 22:54:20 -0500 Subject: [nycphp-talk] How to pass array when click on "submit" ? Message-ID: In "tbody",I can add or remove more "name[]","position[]","city[]","state[]" and "zip[]" through "add" or "remove" buttons. On "create.php" page, I expect to show all like: 1. name position city state zip 2. name position city state zip 3. name position city state zip ---------- -------- -------- How to program php script to pass all these above information?"name","position","city","state" and "zip" are all array. Thanks! chad
Step2: Board of directors:(Must have at least one)   Position: City: State: Zip:
_________________________________________________________________ Windows Live? Hotmail?:?more than just e-mail. http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t2_hm_justgotbetter_explore_012009 -------------- next part -------------- An HTML attachment was scrubbed... URL: From fgabrieli at gmail.com Mon Jan 26 23:38:00 2009 From: fgabrieli at gmail.com (Fernando Gabrieli) Date: Tue, 27 Jan 2009 01:38:00 -0300 Subject: [nycphp-talk] How to pass array when click on "submit" ? In-Reply-To: References: Message-ID: chad, when posted the arrays should be available using $_POST['name'], $_POST['position'], etc try doing print_r($_POST['name']) to check this i am not seeing an input type="submit" on your form...which should be there if the user is submitting everything after filling the fields fernando On Tue, Jan 27, 2009 at 12:54 AM, chad qian wrote: > In "tbody",I can add or remove more > "name[]","position[]","city[]","state[]" and "zip[]" through "add" or > "remove" buttons. > On "create.php" page, I expect to show all like: > 1. > name > position > city > state > zip > 2. > name > position > city > state > zip > 3. > name > position > city > state > zip > ---------- > -------- > -------- > > How to program php script to pass all these above > information?"name","position","city","state" and "zip" are all array. > > Thanks! > > chad > >
> > Step2: Board of directors:(Must have at least > one) >   > > > > > > > > Position: > > > > City: > > > > State: > > > > Zip: > > > > > >
> > ------------------------------ > Windows Live? Hotmail(R):?more than just e-mail. Check it out. > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From vtbludgeon at gmail.com Tue Jan 27 11:36:05 2009 From: vtbludgeon at gmail.com (David Mintz) Date: Tue, 27 Jan 2009 11:36:05 -0500 Subject: [nycphp-talk] How to pass array when click on "submit" ? In-Reply-To: References: Message-ID: <721f1cc50901270836i4ed7b5e7med3aff00309b342f@mail.gmail.com> >> >> How to program php script to pass all these above >> information?"name","position","city","state" and "zip" are all array. >> >> Thanks! >> >> chad >> >> > If city, state etc are all scalars, why do you want an array at all? And if you do want some or all of the form data wrapped into an array, you might want to use notation like -- David Mintz http://davidmintz.org/ The subtle source is clear and bright The tributary streams flow through the darkness -------------- next part -------------- An HTML attachment was scrubbed... URL: From artur at marnik.net Tue Jan 27 11:51:19 2009 From: artur at marnik.net (Artur Marnik) Date: Tue, 27 Jan 2009 11:51:19 -0500 Subject: [nycphp-talk] How to pass array when click on "submit" ? In-Reply-To: <721f1cc50901270836i4ed7b5e7med3aff00309b342f@mail.gmail.com> References: <721f1cc50901270836i4ed7b5e7med3aff00309b342f@mail.gmail.com> Message-ID: <497F3B87.9020907@marnik.net> or you can just use: .... .... then you will get an array after the post Artur David Mintz wrote: > > > > > How to program php script to pass all these above > information?"name","position","city","state" and "zip" are all > array. > > Thanks! > > chad > > > > If city, state etc are all scalars, why do you want an array at all? And > if you do want some or all of the form data wrapped into an array, you > might want to use notation like > > > > > -- > David Mintz > http://davidmintz.org/ > > The subtle source is clear and bright > The tributary streams flow through the darkness > > > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php From nynj.tech at hotmail.com Tue Jan 27 12:16:39 2009 From: nynj.tech at hotmail.com (chad qian) Date: Tue, 27 Jan 2009 12:16:39 -0500 Subject: [nycphp-talk] How to pass array when click on "submit" ? In-Reply-To: <497F3B87.9020907@marnik.net> References: <721f1cc50901270836i4ed7b5e7med3aff00309b342f@mail.gmail.com> <497F3B87.9020907@marnik.net> Message-ID: I am not sure how many "name","position",.."zip".I guess maybe I need foreach.How to program foreach here? Thanks! chad> Date: Tue, 27 Jan 2009 11:51:19 -0500> From: artur at marnik.net> To: talk at lists.nyphp.org> Subject: Re: [nycphp-talk] How to pass array when click on "submit" ?> > or you can just use:> > > ....> > > ....> > > > then you will get an array after the post> > Artur> > > > David Mintz wrote:> > > > > > > > > > How to program php script to pass all these above> > information?"name","position","city","state" and "zip" are all> > array.> > > > Thanks!> > > > chad> > > > > > > > If city, state etc are all scalars, why do you want an array at all? And > > if you do want some or all of the form data wrapped into an array, you > > might want to use notation like> > > > > > > > > > -- > > David Mintz> > http://davidmintz.org/> > > > The subtle source is clear and bright> > The tributary streams flow through the darkness> > > > > > ------------------------------------------------------------------------> > > > _______________________________________________> > New York PHP User Group Community Talk Mailing List> > http://lists.nyphp.org/mailman/listinfo/talk> > > > http://www.nyphp.org/show_participation.php> _______________________________________________> New York PHP User Group Community Talk Mailing List> http://lists.nyphp.org/mailman/listinfo/talk> > http://www.nyphp.org/show_participation.php _________________________________________________________________ Windows Live?: E-mail. Chat. Share. Get more ways to connect. http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t2_allup_explore_012009 -------------- next part -------------- An HTML attachment was scrubbed... URL: From fgabrieli at gmail.com Tue Jan 27 12:20:26 2009 From: fgabrieli at gmail.com (Fernando Gabrieli) Date: Tue, 27 Jan 2009 14:20:26 -0300 Subject: [nycphp-talk] How to pass array when click on "submit" ? In-Reply-To: References: <721f1cc50901270836i4ed7b5e7med3aff00309b342f@mail.gmail.com> <497F3B87.9020907@marnik.net> Message-ID: suppose your input is names[] foreach ($_POST['names'] as $name) { } where $name has the value for each entry of the array php.net/foreach fernando On Tue, Jan 27, 2009 at 2:16 PM, chad qian wrote: > I am not sure how many "name","position",.."zip".I guess maybe I need > foreach.How to program foreach here? > > Thanks! > > chad > > > Date: Tue, 27 Jan 2009 11:51:19 -0500 > > From: artur at marnik.net > > To: talk at lists.nyphp.org > > Subject: Re: [nycphp-talk] How to pass array when click on "submit" ? > > > > > or you can just use: > > > > > > .... > > > > > > .... > > > > > > > > then you will get an array after the post > > > > Artur > > > > > > > > David Mintz wrote: > > > > > > > > > > > > > > > How to program php script to pass all these above > > > information?"name","position","city","state" and "zip" are all > > > array. > > > > > > Thanks! > > > > > > chad > > > > > > > > > > > > If city, state etc are all scalars, why do you want an array at all? > And > > > if you do want some or all of the form data wrapped into an array, you > > > might want to use notation like > > > > > > > > > > > > > > > -- > > > David Mintz > > > http://davidmintz.org/ > > > > > > The subtle source is clear and bright > > > The tributary streams flow through the darkness > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > _______________________________________________ > > > New York PHP User Group Community Talk Mailing List > > > http://lists.nyphp.org/mailman/listinfo/talk > > > > > > http://www.nyphp.org/show_participation.php > > _______________________________________________ > > New York PHP User Group Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > http://www.nyphp.org/show_participation.php > > > ------------------------------ > Windows Live?: E-mail. Chat. Share. Get more ways to connect. Check it > out. > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tmpvar at gmail.com Tue Jan 27 12:24:37 2009 From: tmpvar at gmail.com (Elijah Insua) Date: Tue, 27 Jan 2009 12:24:37 -0500 Subject: [nycphp-talk] How to pass array when click on "submit" ? In-Reply-To: References: <721f1cc50901270836i4ed7b5e7med3aff00309b342f@mail.gmail.com> <497F3B87.9020907@marnik.net> Message-ID: <2b4feca10901270924u865ba8y2eb884856c8c973b@mail.gmail.com>
when this form is submitted $_POST will contain $_POST['data']['test'][0] = "index 0" $_POST['data']['test'][1] = "index 1" $_POST['data']['test'][2] = "index 2" I'd suggest messing around with [] in the name attribute and looking at what you can get out of post with different combinations. -- Elijah On Tue, Jan 27, 2009 at 12:16 PM, chad qian wrote: > I am not sure how many "name","position",.."zip".I guess maybe I need > foreach.How to program foreach here? > > Thanks! > > chad > > > Date: Tue, 27 Jan 2009 11:51:19 -0500 > > From: artur at marnik.net > > To: talk at lists.nyphp.org > > Subject: Re: [nycphp-talk] How to pass array when click on "submit" ? > > > > > or you can just use: > > > > > > .... > > > > > > .... > > > > > > > > then you will get an array after the post > > > > Artur > > > > > > > > David Mintz wrote: > > > > > > > > > > > > > > > How to program php script to pass all these above > > > information?"name","position","city","state" and "zip" are all > > > array. > > > > > > Thanks! > > > > > > chad > > > > > > > > > > > > If city, state etc are all scalars, why do you want an array at all? > And > > > if you do want some or all of the form data wrapped into an array, you > > > might want to use notation like > > > > > > > > > > > > > > > -- > > > David Mintz > > > http://davidmintz.org/ > > > > > > The subtle source is clear and bright > > > The tributary streams flow through the darkness > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > _______________________________________________ > > > New York PHP User Group Community Talk Mailing List > > > http://lists.nyphp.org/mailman/listinfo/talk > > > > > > http://www.nyphp.org/show_participation.php > > _______________________________________________ > > New York PHP User Group Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > http://www.nyphp.org/show_participation.php > > > ------------------------------ > Windows Live?: E-mail. Chat. Share. Get more ways to connect. Check it > out. > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From zakir_tariverdiev at yahoo.com Tue Jan 27 19:44:40 2009 From: zakir_tariverdiev at yahoo.com (Zakir Tariverdiev) Date: Tue, 27 Jan 2009 16:44:40 -0800 (PST) Subject: [nycphp-talk] How to pass array when click on "submit" ? In-Reply-To: Message-ID: <587815.45470.qm@web52401.mail.re2.yahoo.com> OnClick=AddRow()"... are you trying to send a JavaScript array to the server? This is not really a PHP issue. But check out the following link, http://www.coderanch.com/t/120794/HTML-JavaScript/sending-javascript-array-server it might help. Also, note that your City and State are enclosed inside