SitePoint Sponsor

User Tag List

Page 7 of 8 FirstFirst ... 345678 LastLast
Results 151 to 175 of 186
  1. #151
    SitePoint Member
    Join Date
    Oct 2005
    Location
    css ajax pear smarty php asp scripts web templates
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Reply to "register_globals - ON/OFF" by Aadhunik Jaspal

    If you're on a shared environment, and have no way of disabling register_globals, this little "unregister_globals" snippet could come in handy:

    <?php
    if (@ini_get('register_globals'))
    foreach ($_REQUEST as $key => $value)
    unset($GLOBALS[$key]);
    ?>
    Last edited by Helge; Feb 4, 2007 at 09:44.

  2. #152
    Non-Member Icheb's Avatar
    Join Date
    Mar 2003
    Location
    Germany
    Posts
    1,474
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by jaspalmxtech
    If you're on a shared environment, and have no way of disabling register_globals
    There is actually a reason why register_globals is enabled by default. So you might as well code your applications to take advantage of it.

  3. #153
    SitePoint Addict
    Join Date
    Aug 2004
    Location
    Chicago
    Posts
    296
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Icheb
    There is actually a reason why register_globals is enabled by default. So you might as well code your applications to take advantage of it.
    a) it's disabled by default (both php.ini-dist and php.ini-reccomended have them at off), and b) no you shouldn't

    I don't have register globals enabled, and I'm sure many people don't. So you're going to leave them out? Bad, bad buisness practices... (Although I'd hope you'd never own a buisness)
    Why's (Poignant) Guide to Ruby
    learn ruby with foxes, wizards, and chunky bacon

  4. #154
    Non-Member Icheb's Avatar
    Join Date
    Mar 2003
    Location
    Germany
    Posts
    1,474
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, of course, I meant disabled.
    And even if it's enabled, the _POST or HTTP_POST_VAR array is still accessible. So there is absolutely no reason why you should code with it being enabled, unless you like developing insecure applications. Bad business practice.
    You're not the only one who can be arrogant.

  5. #155
    SitePoint Member
    Join Date
    Nov 2005
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Its possible to modify an array in a foreach statement:

    If you do something like this:

    PHP Code:
     $numbers = array(1,2,3,4,5,6);

    foreach(
    $numbers as $number){
         
    $number 7;

    The numbers in the original array arent changed at all.

    But this:

    PHP Code:
     $numbers = array(1,2,3,4,5,6);

    foreach(
    $numbers as &$number){
         
    $number 7;

    Will do the work.

    Look the & sign that you should put in front of the variable, now you array contains only sevens!

  6. #156
    It's been real... Forbes's Avatar
    Join Date
    Dec 2004
    Location
    Yorkshire, England
    Posts
    676
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    While I'm not entirely new to this forum, there's still oodles of stuff I keep discovering all of the time.

    I hope I'm not repeating what's been said earlier, but I have a tip for in-bound variables within classes.

    This method copies a bunch of stock super global variables into just one associative array variable:
    PHP Code:
        function getGlobals () {

            
    // if any POST values are issued, they are dealt with here...
            
    if (!empty($_POST)) {

                
    $this->arrayActions Index::ValidateUserSessionTime($_POST);

            
    // ... else, if any GET values are issued...
            
    } elseif (!empty($_GET)) {

                
    $this->arrayActions Index::ValidateUserSessionTime($_GET);

            
    // ... else, if any COOKIE values are issued...
            
    } elseif (!empty($_COOKIE)) {

                
    $this->arrayActions Index::ValidateUserSessionTime($_COOKIE);

            } 
    // end if

        
    // end function getGlobals 
    And just to add some extra funk, each time a new variable enters the application, a call is made to a method which checks to see if this session is still active. If not, you're logged out:
    PHP Code:
        function ValidateUserSessionTime ($arrayActions) {

            
    /**

                When the User logs in, the session is assigned a UNIX date & time stamp. This stamp needs to be varified.
                If the stamp is equal to or older than one hour, then the user is automatically logged out of whatever
                application they happen to be at the time.

            */


            // if the User is already logged in...
            
    if (!empty($_SESSION['activetime'])) {

                
    // if the User has been active for one hour or less...
                
    if (($integerUNIXDateTImeStamp mktime(date("H"), date("i"), date("s"), date("m"), date("d"), date("Y")) - $_SESSION['activetime']) < SESSION_TIMEOUT) {

                    
    // renew the account active date & time session
                    
    $_SESSION['activetime'] = mktime(date("H"), date("i"), date("s"), date("m"), date("d"), date("Y"));

                    
    // return an array of the global data
                    
    return $arrayActions;

                
    // ... else, log them out...
                
    } else {

                    
    // create the variables to automatically log the User out
                    
    $arrayActions['action'] = "logout";

                    return 
    $arrayActions;

                } 
    // end if

            // ... else, if the User has only just entered...
            
    } else {

                
    // return an array of the global data
                
    return $arrayActions;

            } 
    // end if

        
    // end function ValidateUserSessionTime 
    I've no doubt that there's room for improvement, or it maybe that others have done better.

    All I hope for is that this offering might help someone.

    Hope that helps?

  7. #157
    SitePoint Wizard holmescreek's Avatar
    Join Date
    Mar 2001
    Location
    Northwest Florida
    Posts
    1,707
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    A Simple Tutorial On Using PHP and HTML Templates

    A simple tutorial on using PHP to load html page templates, for beginners to understand how to seperate code from html.

    http://www.sitepoint.com/forums/showthread.php?t=338850


    Enjoy!
    intragenesis, llc professional web & graphic design

  8. #158
    SitePoint Enthusiast Durinthiam's Avatar
    Join Date
    Jan 2005
    Location
    www.raidshout.com
    Posts
    87
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Now that register_globals is by default, off. The key to using ?p=blah designs is by inserting into the top of your webpage

    PHP Code:
    $blah=$_GET["blah"]; 
    If the variable is from a link

    PHP Code:
    $blah=$_POST["blah"]; 
    If the variable is from a form

    PHP Code:
    $blah=$_SERVER["blah"]; 
    If the variable is from a server environment




    edit: noticed a brief discussion on the other page, however this gives clear cut information
    Jim Maitland
    Freelance Designer, Programmer & Tutorial Writer

  9. #159
    SitePoint Member
    Join Date
    May 2006
    Posts
    21
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by HarryF
    80 characters per line is a magic numbers. More than 80 characters does wierd things to editors like VI, and makes code near impossible to read. Believe the 80 char thing goes back to the days of mainframes.

    Just read through the thread... lots of useful information. Thanks for all the examples.

    I didn't see a response to the assertion above, but felt like adding in some history for the young guys. 80 characters was the number of columns in the old punch cards used in programming back until the 70s. You couldn't physically have bits of code longer than 80 columns, and the practice of limiting code to 80 columns has stuck since. This is true especially since the width of screens wasn't conducive to horizontal scrolling until recently, and wrapping code was not and is still not elegant. It's kind of like that adage that states how the space shuttle's booster rocket size is based off the size of a horse's butt. More fun with punch cards can be found at http://en.wikipedia.org/wiki/Punch_card

  10. #160
    Wadge! F4nat1c's Avatar
    Join Date
    Oct 2005
    Location
    South Wales, UK
    Posts
    1,134
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Durinthiam
    PHP Code:
    $blah=$_SERVER["blah"]; 
    If the variable is from a server environment
    That is unclear. $_SERVER is a reserved array that does not accept information, but it can be used to give information about certain things. It has a list of keywords which give the relative information.

    $_POST, $_GET, $_REQUEST, $_COOKIE, $_SESSION (all of these require register globals turned off) are arrays that can receive information, but do not hold specific keywords.

    PHP Code:
    $nhostame $_POST['name']; // can be modified accordingly

    $hostname $_SERVER['REQUEST_METHOD']; // can not be changed 
    The second example will actually show you what method was used to transfer information to that page ($_GET, $_POST etc).
    OMFG SitePoint ROXORZ TEH BIG ONE111!
    Wish you were invisible?

  11. #161
    Non-Member Icheb's Avatar
    Join Date
    Mar 2003
    Location
    Germany
    Posts
    1,474
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by F4nat1c
    That is unclear. $_SERVER is a reserved array that does not accept information
    Of course it "accepts" information. You can store whatever you like in $_SERVER.

    Quote Originally Posted by F4nat1c
    (all of these require register globals turned off)
    They are also present when register_globals is enabled.

    Quote Originally Posted by F4nat1c
    PHP Code:
     $nhostame $_POST['name']; // can be modified accordingly
     
     
    $hostname $_SERVER['REQUEST_METHOD']; // can not be changed 
    I can't believe anyone actually assigns variables just for the sake of it. If you have to change the content of the variable in two or more different ways, then it's useful. But in every other circumstance you should just continue to use the original variable name, if only because your code will be easier to comprehend.

  12. #162
    SitePoint Wizard Sillysoft's Avatar
    Join Date
    May 2002
    Location
    United States :)
    Posts
    1,691
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Icheb
    I can't believe anyone actually assigns variables just for the sake of it. If you have to change the content of the variable in two or more different ways, then it's useful. But in every other circumstance you should just continue to use the original variable name, if only because your code will be easier to comprehend.
    I thought the same way, but when I started at this other job the head developer did that. Said it made it easier to read for others. So I did it and it helps me. Theres no real fact to go one way or another I guess. To me this seems cleaner:

    PHP Code:
    $that trim($_POST['that'];
    $sql "SELECT * FROM table WHERE this='$that'"
    Compared to:
    PHP Code:
    $sql "SELECT * FROM table WHERE this = $_POST['that']"
    But you save a line in the second example. Of course I would "clean" $_POST['that'] prior to putting it into any query.

    Silly

  13. #163
    Non-Member Icheb's Avatar
    Join Date
    Mar 2003
    Location
    Germany
    Posts
    1,474
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Sillysoft
    PHP Code:
      $that trim($_POST['that']);
      
    $sql "SELECT * FROM table WHERE this='$that'"
    The problem with this (for me) is that it makes the code a lot harder to read when you don't have the assignment right above the query code. If $_POST['that'] were directly included in the query, I'd know in an instant where it comes from. If the query is on line 5.000 and the assignment is taking place on line 250, you have no idea where that variable comes from and you have to search for it, in the worst case across multiple files.
    So why not do it "right" right away? Especially if you have the assignment a few lines above the query I don't see how this benefits anyone, because you see right away what's what. (All this isn't limited to queries alone of course.) It just doesn't make sense to me. And if I don't know where $_POST['that'] comes from I most certainly won't know where $that comes from. To me, you are basically taking information AWAY from the code AND cluttering it up at the same time.

  14. #164
    SitePoint Wizard Sillysoft's Avatar
    Join Date
    May 2002
    Location
    United States :)
    Posts
    1,691
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Icheb
    The problem with this (for me) is that it makes the code a lot harder to read when you don't have the assignment right above the query code. If $_POST['that'] were directly included in the query, I'd know in an instant where it comes from. If the query is on line 5.000 and the assignment is taking place on line 250, you have no idea where that variable comes from and you have to search for it, in the worst case across multiple files.
    So why not do it "right" right away? Especially if you have the assignment a few lines above the query I don't see how this benefits anyone, because you see right away what's what. (All this isn't limited to queries alone of course.) It just doesn't make sense to me. And if I don't know where $_POST['that'] comes from I most certainly won't know where $that comes from. To me, you are basically taking information AWAY from the code AND cluttering it up at the same time.
    Again your way is based on personal preference. There is no fact on either side of the argument. I was merely stating why I assign variables that way, not that its right or wrong.

    Silly

  15. #165
    Non-Member Icheb's Avatar
    Join Date
    Mar 2003
    Location
    Germany
    Posts
    1,474
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Then please tell me how it's easier to read for you, because that's something I can't understand. As I said, in my opinion it takes information away instead of adding them.

  16. #166
    SitePoint Guru aamonkey's Avatar
    Join Date
    Sep 2004
    Location
    kansas
    Posts
    953
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Unless you want your website hacked, you shouldn't be using the raw unvalidated $_POST variables anyway (especially in a query), and your argument kind of loses steam after that...

  17. #167
    SitePoint Member
    Join Date
    Jun 2006
    Location
    England
    Posts
    24
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    A simple snippet for adding random numbers to a file while uploading to prevent files over-writing

    PHP Code:
    //The name of the file passed from the form
    $file_name $_FILES['userfile']['name'];

    //A random 6 digit number
    $random_digit=rand(000000,999999);

    //Put the random digit before the file name, using a decimal point to seperate the two variables
    $new_file_name=$random_digit.$file_name;

    //Sets the path (relative to the directory of your php script
    //For instance, if you had public_html/quotescript/ and want the quotes in public_html/quotes/ then you would make $path ../quotes/ going back a step
    //this example is if you want public_html/quotescript/quotes/ 
    $path"quotes/".$new_file_name;

    //if there is a file
    if($userfile !=none)
    //open if statement

    //Copy it to the path
    if(copy($_FILES['userfile']['tmp_name'], $path))

    {
    //open if statement
    echo $new_file_name;

    //close if statement
    else
    //open else statement
    echo "Error";
    // close else statement
    // close if statement 
    NOTE: This is a very basic way of doing things with no deep error checking involved
    I am still learning -Michaelangelo
    Imagination is more important than knowledge - Albert Einstein
    The day others learn from me, is the day I should be working - Me

  18. #168
    SitePoint Wizard holmescreek's Avatar
    Join Date
    Mar 2001
    Location
    Northwest Florida
    Posts
    1,707
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Don't Forget About Form Actions

    Quote Originally Posted by Durinthiam
    Now that register_globals is by default, off. The key to using ?p=blah designs is by inserting into the top of your webpage

    PHP Code:
    $blah=$_GET["blah"]; 
    Another thing to remember is that if your passing variables across the url to a php file and you also need to get variables passed by a form make sure to use GET in your form action and NOT post :

    Code:
    $id=$_GET['id'];
    $MyName = $_GET['MyName'];
    
    
    blah...
    
    <form method="GET" action="$PHP_SELF">
    <input type="text" name="MyName">
    </form>
    
    blah...
    intragenesis, llc professional web & graphic design

  19. #169
    SitePoint Enthusiast
    Join Date
    Jun 2006
    Posts
    79
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    POST is as good as GET and even better. There is no reason to use GET in a form instead of POST or not that I know of...

  20. #170
    SitePoint Wizard holmescreek's Avatar
    Join Date
    Mar 2001
    Location
    Northwest Florida
    Posts
    1,707
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What I'm saying is if you have a script that passes both form values and values across the url you would have to use "get" in your form.

    For instance if you have a link inside of index.php like so :

    index.php?id=123

    $_POST won't retrieve the value.
    intragenesis, llc professional web & graphic design

  21. #171
    SitePoint Enthusiast
    Join Date
    Jun 2006
    Posts
    79
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I know that, but why can't you use url values (GET) and POST values of a form at the same time? POST does not come in the url which has some advantages!

  22. #172
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,806
    Mentioned
    157 Post(s)
    Tagged
    3 Thread(s)
    Quote Originally Posted by jcauweli
    POST is as good as GET and even better. There is no reason to use GET in a form instead of POST or not that I know of...
    Yes there is!
    Example: a search script.
    If the user were to use the POST method each time they went back to the original search results page the browser would require the form to be submitted again giving the 'page expired' warning or that nice little 'Resend you data' pop up. By using GET instead, the variabel is still in the url and so doesn;t need to be resent - it can be read instantly.

    Also if you want to use both POST or GET have a look at REQUEST

    Spike
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  23. #173
    SitePoint Guru
    Join Date
    Jun 2006
    Posts
    638
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Just make sure the string passed is not to big, else you need a post.

  24. #174
    Non-Member I87's Avatar
    Join Date
    Mar 2006
    Location
    UK
    Posts
    378
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Don't use the function to backslash variables stated by Dr_LaRrY_PePpEr,

    use the one on php.net


    http://mx.php.net/manual/en/function...ape-string.php


    PHP Code:
    <?php
    // Quote variable to make safe
    function quote_smart($value)
    {
       
    // Stripslashes
       
    if (get_magic_quotes_gpc()) {
           
    $value stripslashes($value);
       }
       
    // Quote if not a number or a numeric string
       
    if (!is_numeric($value)) {
           
    $value "'" mysql_real_escape_string($value) . "'";
       }
       return 
    $value;
    }

    // Connect
    $link mysql_connect('mysql_host''mysql_user''mysql_password')
       OR die(
    mysql_error());

    // Make a safe query
    $query sprintf("SELECT * FROM users WHERE user=%s AND password=%s",
               
    quote_smart($_POST['username']),
               
    quote_smart($_POST['password']));

    mysql_query($query);
    ?>

    Why?
    look here

  25. #175
    SitePoint Zealot the DtTvB's Avatar
    Join Date
    Jul 2006
    Location
    Thailand
    Posts
    162
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Making Function Names Shorter:
    You can specify a variable with function name and do like this:
    Code:
    $fetch = 'mysql_fetch_assoc';
    $arr = $fetch($result); // Will do the same as mysql_fetch_assoc
    Making Variable Names Shorter:
    Code:
    $some_really_long_variable = 'some value';
    $s = 'some_really_long_variable';
    echo $$s;
    // Notice 2 dollar signs! -- Outputs some value
    Evaluate Variable Name:
    Code:
    $y = 'hello';
    ${'data_' . $y} = 'test';
    // $data_hello has been set to 'test'
    echo $data_hello . ' ' . ${'data_' . $y};
    // Outputs test test


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •