From plehrer at gmail.com Sat Apr 1 09:44:36 2006 From: plehrer at gmail.com (Peter Lehrer) Date: Sat, 1 Apr 2006 09:44:36 -0500 Subject: [nycphp-talk] off topic: atom size computers Message-ID: IBM scientists tout tool to possibly build atom-size computers http://news.yahoo.com/s/afp/20060331/sc_afp/uscomputerresearchatom_060331140719 -------------- next part -------------- An HTML attachment was scrubbed... URL: From tedd at sperling.com Sat Apr 1 10:53:49 2006 From: tedd at sperling.com (tedd) Date: Sat, 1 Apr 2006 10:53:49 -0500 Subject: [nycphp-talk] off topic: atom size computers In-Reply-To: References: Message-ID: >IBM scientists tout tool to possibly build atom-size computers > >http://news.yahoo.com/s/afp/20060331/sc_afp/uscomputerresearchatom_060331140719 Yeah, and I bet that M$ can make it bloat. tedd -- -------------------------------------------------------------------------------- http://sperling.com From lists at zaunere.com Sat Apr 1 12:57:57 2006 From: lists at zaunere.com (Hans Zaunere) Date: Sat, 1 Apr 2006 12:57:57 -0500 Subject: [nycphp-talk] The New York PHP Meetup Group In-Reply-To: <00b601c654cc$b34f0640$0a02a8c0@superioss.com> Message-ID: <00b001c655b5$cfaef8b0$640aa8c0@MZ> All, This "meetup" is not affiliated with New York PHP in any way, even though Beau would apparently like people to think it is. Beau has quite a reputation around the user groups in the area. I would recommend steering clear of providing your information to him. Beau, It quite amusing, actually, that you setup a meetup - and named it New York PHP Meetup - so that you can augment your headhunting work. And what's better is that you are looking for organizer because you're not in NY anymore. He was a day early, but I think the April Fool's award goes to Beau. Anyway, Beau, you have been moderated on NYPHP lists due to EAB (excessive annoying behavior). Happy fools day, --- Hans Zaunere / President / New York PHP www.nyphp.org / www.nyphp.com Beau Gould wrote on Friday, March 31, 2006 9:09 AM: > Join the New York PHP Meetup Group > http://php.meetup.com/322 > > > Thank you, > Beau J. Gould > > Open Source Staffing > beau at open-source-staffing.com > www.open-source-staffing.com > > http://groups.yahoo.com/group/linuxjobz > > > > -- > No virus found in this outgoing message. > Checked by AVG Free Edition. > Version: 7.1.385 / Virus Database: 268.3.3/298 - Release Date: > 3/30/2006 > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From tedd at sperling.com Sun Apr 2 10:16:01 2006 From: tedd at sperling.com (tedd) Date: Sun, 2 Apr 2006 10:16:01 -0400 Subject: [nycphp-talk] Unfriendly Float Handling In-Reply-To: <200603311915.49719.jellicle@gmail.com> References: <200603311915.49719.jellicle@gmail.com> Message-ID: >Banks just handle monetary values to 4 or 6 decimal places. If you >manipulate values as "49.9500", it doesn't matter what you do to it, it >will come out correct to the cent. > >Michael Sims I wouldn't mind having the $0.00005 rounding error of all Bank transactions sent to me. :-) tedd -- -------------------------------------------------------------------------------- http://sperling.com From lists at genoverly.net Sun Apr 2 13:17:49 2006 From: lists at genoverly.net (michael) Date: Sun, 2 Apr 2006 13:17:49 -0400 Subject: [nycphp-talk] FW: [PHP] Re: APC and PHP 5.1.2 In-Reply-To: <00ea01c63f47$d209bfc0$640aa8c0@MZ> References: <00ea01c63f47$d209bfc0$640aa8c0@MZ> Message-ID: <20060402131749.3f22e08b@wit.genoverly.home> On Fri, 3 Mar 2006 23:55:10 -0500 "Hans Zaunere" wrote: > Some tips from Rasmus on PHP General on performance... > Rasmus Lerdorf wrote on Friday, March 03, 2006 11:51 PM: > > 4. Make use of APC's apc_store/apc_fetch mechanism. If you have any > > sort of large array of data you need often, stick it in shared > > memory with an apc_store() call. For example, a typical thing > > you see in PHP applications is some sort of config.php file. It > > might look like this: > > > > > $config['db_type'] = 'mysql'; > > $config['db_user'] = 'bob'; > > $config['db_pswd'] = 'foobar'; > > $config['data_dir'] = '/var/www/app_data'; > > ... > > > > > > And then on every page you have: include './config.php'; > > > > This is very inefficient even though the actual file will be > > cached in the opcode cache, it still has to execute and create > > the array. You can cache the created array like this: > > > > if(!$config = apc_fetch('config')) { > > include './config.php'; > > apc_store('config',$config); > > } > > > > Here we only include the config file and thus create the $config > > array if it isn't in the cache. So this will only happen on the > > very first request. From then on it will get pulled from the > > shared memory cache. > > > > If you look around there are usually a couple of candidates for > > this sort of caching in every application and it can make quite > > a difference for large arrays. Try to avoid caching objects > > because they need to be serialized and unserialized in and out > > of the cache and you can only cache the properties anyway, so > > pull the data you want to cache into an array and cache that. > > > > -Rasmus I was looking over these slides, http://talks.php.net/show/yul/ and found (among other great things) http_load. I've installed and run it and I am now looking for ways to 'bring up my numbers'. I know many, many, many things influence performance.. but.. the above example seems like good advice. I haven't seen much talk about The Alternative PHP Cache (APC) opcode cache on this list. Is anyone making use of it? I also found xdebug (xdebug.org), but have not installed it. Can anyone thumbs up/down on that one? -- Michael From chsnyder at gmail.com Sun Apr 2 14:04:20 2006 From: chsnyder at gmail.com (csnyder) Date: Sun, 2 Apr 2006 14:04:20 -0400 Subject: [nycphp-talk] FW: [PHP] Re: APC and PHP 5.1.2 In-Reply-To: <20060402131749.3f22e08b@wit.genoverly.home> References: <00ea01c63f47$d209bfc0$640aa8c0@MZ> <20060402131749.3f22e08b@wit.genoverly.home> Message-ID: On 4/2/06, michael wrote: > I was looking over these slides, http://talks.php.net/show/yul/ and > found (among other great things) http_load. I've installed and run it > and I am now looking for ways to 'bring up my numbers'. > > I know many, many, many things influence performance.. but.. the above > example seems like good advice. I haven't seen much talk about The > Alternative PHP Cache (APC) opcode cache on this list. Is anyone > making use of it? > > I also found xdebug (xdebug.org), but have not installed it. Can > anyone thumbs up/down on that one? > I'm using the apc for opcode caching. I use a lot of includes per request, and I haven't seen it do anything gnarly. I haven't bothered to use it for shared memory yet, but I'm sure that would speed things up _a lot_. How is http_load different from ab (the Apache benchmark tool)? And what's the Callgrind business? I'd like to see a tutorial on that. -- Chris Snyder http://chxo.com/ From lists at genoverly.net Sun Apr 2 14:32:54 2006 From: lists at genoverly.net (michael) Date: Sun, 2 Apr 2006 14:32:54 -0400 Subject: [nycphp-talk] FW: [PHP] Re: APC and PHP 5.1.2 In-Reply-To: References: <00ea01c63f47$d209bfc0$640aa8c0@MZ> <20060402131749.3f22e08b@wit.genoverly.home> Message-ID: <20060402143254.19b3d73b@wit.genoverly.home> On Sun, 2 Apr 2006 14:04:20 -0400 csnyder wrote: > On 4/2/06, michael wrote: > > > I was looking over these slides, http://talks.php.net/show/yul/ and > > found (among other great things) http_load. I've installed and run > > it and I am now looking for ways to 'bring up my numbers'. > > > > I know many, many, many things influence performance.. but.. the > > above example seems like good advice. I haven't seen much talk > > about The Alternative PHP Cache (APC) opcode cache on this list. > > Is anyone making use of it? > > > > I also found xdebug (xdebug.org), but have not installed it. Can > > anyone thumbs up/down on that one? > > > > I'm using the apc for opcode caching. I use a lot of includes per > request, and I haven't seen it do anything gnarly. I haven't bothered > to use it for shared memory yet, but I'm sure that would speed things > up _a lot_. so.. 'not gnarly' is a +1? [grin] > How is http_load different from ab (the Apache benchmark tool)? yea, I was curious why he chose http_load over the apache tool. I ran the same test on with tools and got different results. It appears (in my un-scientific study) ab gives better resutls. > And what's the Callgrind business? I'd like to see a tutorial on that. I've seen it elsewhere, pretty cool; but it looks to be based on linux-specific valgrind. http://valgrind.org/ and the kde-specific: http://kcachegrind.sourceforge.net/cgi-bin/show.cgi/KcacheGrindIndex -- Michael From nyphp at n0p.net Sun Apr 2 16:24:25 2006 From: nyphp at n0p.net (Flavio daCosta) Date: Sun, 02 Apr 2006 16:24:25 -0400 Subject: [nycphp-talk] FW: [PHP] Re: APC and PHP 5.1.2 In-Reply-To: <20060402131749.3f22e08b@wit.genoverly.home> References: <00ea01c63f47$d209bfc0$640aa8c0@MZ> <20060402131749.3f22e08b@wit.genoverly.home> Message-ID: <443032F9.3050804@n0p.net> On 04/02/2006 01:17 PM, michael wrote: > I also found xdebug (xdebug.org), but have not installed it. Can > anyone thumbs up/down on that one? I use xdebug for profiling. I used to use APD but (afaik) it doesn't work in PHP5 :( Aside from a few minor annoyances, overall I have been very happy with xdebug and the cachegrind output. Although I use Gnome, I have come to terms with KCacheGrind ;-) I find it very enlightening to actually see where your bottlenecks are as opposed to *assuming*. Flavio From shiflett at php.net Sun Apr 2 17:17:23 2006 From: shiflett at php.net (Chris Shiflett) Date: Sun, 02 Apr 2006 17:17:23 -0400 Subject: [nycphp-talk] FW: [PHP] Re: APC and PHP 5.1.2 In-Reply-To: <20060402131749.3f22e08b@wit.genoverly.home> References: <00ea01c63f47$d209bfc0$640aa8c0@MZ> <20060402131749.3f22e08b@wit.genoverly.home> Message-ID: <44303F63.3050403@php.net> > I haven't seen much talk about The Alternative PHP Cache (APC) > opcode cache on this list. Is anyone making use of it? Yep, it does its job well. Yahoo also uses it. (The creator of APC lurks on this list.) > I also found xdebug (xdebug.org), but have not installed > it. Can anyone thumbs up/down on that one? I have more experience with APD, but I think both have strong reputations and are reasonably well maintained. Chris From shiflett at php.net Sun Apr 2 17:30:24 2006 From: shiflett at php.net (Chris Shiflett) Date: Sun, 02 Apr 2006 17:30:24 -0400 Subject: [nycphp-talk] FW: [PHP] Re: APC and PHP 5.1.2 In-Reply-To: References: <00ea01c63f47$d209bfc0$640aa8c0@MZ> <20060402131749.3f22e08b@wit.genoverly.home> Message-ID: <44304270.7030206@php.net> csnyder wrote: > I'm using the apc for opcode caching. I use a lot of includes > per request, and I haven't seen it do anything gnarly. The performance gurus recommend keeping your include trees reasonably small. Opcode caches don't erase that performance penalty. > And what's the Callgrind business? I'd like to see a tutorial > on that. There are lots of good docs here: http://kcachegrind.sourceforge.net/cgi-bin/show.cgi/KcacheGrindDocs Slides 22 - 24 of this talk give you a peek at using KCachegrind with APD: http://www.omniti.com/~george/talks/Profiling-phpworks-2004.pdf If you're interested in APD itself, these notes are really good: http://www.omniti.com/~george/talks/Profiling-Notes-phpworks-2004.pdf Chris From nyphp at n0p.net Sun Apr 2 17:56:15 2006 From: nyphp at n0p.net (Flavio daCosta) Date: Sun, 02 Apr 2006 17:56:15 -0400 Subject: [nycphp-talk] FW: [PHP] Re: APC and PHP 5.1.2 In-Reply-To: <443032F9.3050804@n0p.net> References: <00ea01c63f47$d209bfc0$640aa8c0@MZ> <20060402131749.3f22e08b@wit.genoverly.home> <443032F9.3050804@n0p.net> Message-ID: <4430487F.7090402@n0p.net> On 04/02/2006 04:24 PM, Flavio daCosta wrote: > I use xdebug for profiling. I used to use APD > but (afaik) it doesn't work in PHP5 :( Hmmm, I just tried APD with PHP5.1.2 and it works. Yay. For whatever reason, I though it wasn't working with PHP5 (was getting seg faults) about a year ago, thats when I found xdebug. I am glad to know I was wrong and can use APD again! :-) Flavio From adlermedrado at gmail.com Sun Apr 2 18:28:16 2006 From: adlermedrado at gmail.com (Adler Medrado) Date: Sun, 2 Apr 2006 19:28:16 -0300 Subject: [nycphp-talk] is this true ? Message-ID: Hello! I think this is a 1st April's joke... http://phpro.org/articles/Microsoft-Purchases-Zend-for-$113-Million.html -- Nesher Technologies http://www.neshertech.net http://adler.neshertech.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From shiflett at php.net Sun Apr 2 19:01:08 2006 From: shiflett at php.net (Chris Shiflett) Date: Sun, 02 Apr 2006 19:01:08 -0400 Subject: [nycphp-talk] is this true ? In-Reply-To: References: Message-ID: <443057B4.6080605@php.net> Adler Medrado wrote: > http://phpro.org/articles/Microsoft-Purchases-Zend-for-$113-Million.html I think this is the real one: http://phpdeveloper.org/news/5084 :-) Chris From adlermedrado at gmail.com Sun Apr 2 19:14:47 2006 From: adlermedrado at gmail.com (Adler Medrado) Date: Sun, 2 Apr 2006 20:14:47 -0300 Subject: [nycphp-talk] is this true ? In-Reply-To: <443057B4.6080605@php.net> References: <443057B4.6080605@php.net> Message-ID: I hate 1st April !!! :( On 4/2/06, Chris Shiflett wrote: > > Adler Medrado wrote: > > http://phpro.org/articles/Microsoft-Purchases-Zend-for-$113-Million.html > > I think this is the real one: > > http://phpdeveloper.org/news/5084 > > :-) > > Chris > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- Nesher Technologies http://www.neshertech.net http://adler.neshertech.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From patterson at computer.org Sun Apr 2 19:44:27 2006 From: patterson at computer.org (Bill Patterson) Date: Sun, 02 Apr 2006 19:44:27 -0400 Subject: [nycphp-talk] Unfriendly Float Handling In-Reply-To: References: Message-ID: <443061DB.5030301@computer.org> This has been a problem in the computer field for decades. Many language developers have not understood the importance of precision in this way. I agree that it would be good to have a type of number that is treated as fixed. In C++ this can be addressed by operator overloading. But PHP doesn't have operator overloading so it would have to be done with more non-visually pleasing object methods without a change to the language. Bill Tim McEwen wrote: >I apologize if this has already been discussed to death here but I >would love to hear people's thoughts on it. I am trying to justify >to a colleague why the behavior below is not a massive flaw in PHP. >To a new programmer, the following code should result in $a being >equal to $b: > >$a="49.95" + "3.95"; // or even $a = 49.95 + 3.95; >$b=53.90; > >Unfortunately floats in PHP are subject to the same problems you find >in many languages with fixed precision. So due to rounding, in this >case $a is not equal to $b. This behavior is documented in the >manual: http://www.php.net/manual/en/ >language.types.float.php#AEN3375 Straight from the manual: "So >never trust floating number results to the last digit and never >compare floating point numbers for equality." Come again? Never >compare floating point numbers for equality? And thats not a bad >thing? > >Given the fact that PHP is so easy to learn and that it is very >commonly used for financial related tasks such as ecommerce, doesn't >it stand to reason that people will assume that they can use the >internal PHP operators on dollar amounts? Since many people are >going to just assume they can do math in a natural manner, shouldn't >PHP a little more proactive to ensure that developers won't get >burned by this? > >I've spoken to a few php contributors about this have had very little >interest in tackling this issue. The "official" answer is that if >you are doing math on fixed precision numbers you should use either >the bc or gmp but these extension as not even enabled by default. > > From what I understand, there would be a speed penalty for >detecting and dealing with fixed percision numbers. Some people >might not mind the speed hit so why not make it a configurable >choice? Or why not create a built in fixed precision type? Whatever >the case, I think PHP needs a built in solution that does not rely on >extensions. Thoughts? > >-Tim >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk >New York PHP Conference and Expo 2006 >http://www.nyphpcon.com >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php > > > > From jonbaer at jonbaer.com Mon Apr 3 01:09:08 2006 From: jonbaer at jonbaer.com (Jon Baer) Date: Mon, 3 Apr 2006 01:09:08 -0400 Subject: [nycphp-talk] is this true ? In-Reply-To: References: <443057B4.6080605@php.net> Message-ID: <11367FF3-6E78-48F0-A788-663C73E97B2C@jonbaer.com> This one *almost* had me fooled .. http://www.sitepoint.com/blogs/2006/03/31/php6-gets-a-comefrom- statement/ - Jon On Apr 2, 2006, at 7:14 PM, Adler Medrado wrote: > I hate 1st April !!! :( > > On 4/2/06, Chris Shiflett wrote: > Adler Medrado wrote: > > http://phpro.org/articles/Microsoft-Purchases-Zend-for-$113- > Million.html > > I think this is the real one: > > http://phpdeveloper.org/news/5084 > > :-) > > Chris > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > > -- > Nesher Technologies > http://www.neshertech.net > http://adler.neshertech.net > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From keith at keithjr.net Wed Apr 5 08:20:08 2006 From: keith at keithjr.net (Keith Richardson) Date: Wed, 5 Apr 2006 08:20:08 -0400 Subject: [nycphp-talk] php encoders Message-ID: <4e1a9bc0604050520t5d7be594v332680e217eb09d4@mail.gmail.com> Has anyone here dealt with php encoders? I am looking into using one, and wanted to go with the best, most affordable one that works without having to install anything on the system level for customers to use the software. Any thoughts/experience? -- Keith Richardson keithjr at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From dcech at phpwerx.net Wed Apr 5 08:30:50 2006 From: dcech at phpwerx.net (Dan Cech) Date: Wed, 05 Apr 2006 08:30:50 -0400 Subject: [nycphp-talk] php encoders In-Reply-To: <4e1a9bc0604050520t5d7be594v332680e217eb09d4@mail.gmail.com> References: <4e1a9bc0604050520t5d7be594v332680e217eb09d4@mail.gmail.com> Message-ID: <4433B87A.7090909@phpwerx.net> Keith Richardson wrote: > Has anyone here dealt with php encoders? I am looking into using one, and > wanted to go with the best, most affordable one that works without having to > install anything on the system level for customers to use the software. > > Any thoughts/experience? I use ionCube (http://www.ioncube.com/) at work and it works very well. It's trivial to bundle the loader with your software, so that the user doesn't have to install anything to run the encoded files. One caveat is that if the user has an older version of the loader already installed on their system it will need to be upgraded or removed before the files encoded with the newer encoder will work. Dan From kenzolist at counterfolk.com Wed Apr 5 12:12:10 2006 From: kenzolist at counterfolk.com (Ken) Date: Wed, 05 Apr 2006 12:12:10 -0400 Subject: [nycphp-talk] php encoders Message-ID: <6.43892478942871.240.78186583519@1.00011576311831> I'd been meaning to ask a similar question. In particular, I currently use Turck mmcache and have been planning on switching to its successor, Eaccelerator (necessary if one wants to upgrade to more recent PHP versions). Does anyone have any experience, or recommendations for or against? Thanks, Ken At 08:30 AM 4/5/2006 -0400, Dan Cech wrote: >Keith Richardson wrote: >> Has anyone here dealt with php encoders? I am looking into using one, and >> wanted to go with the best, most affordable one that works without having to >> install anything on the system level for customers to use the software. >> >> Any thoughts/experience? From chsnyder at gmail.com Wed Apr 5 13:06:25 2006 From: chsnyder at gmail.com (csnyder) Date: Wed, 5 Apr 2006 13:06:25 -0400 Subject: [nycphp-talk] php encoders In-Reply-To: <4433B87A.7090909@phpwerx.net> References: <4e1a9bc0604050520t5d7be594v332680e217eb09d4@mail.gmail.com> <4433B87A.7090909@phpwerx.net> Message-ID: On 4/5/06, Dan Cech wrote: > Keith Richardson wrote: > > Has anyone here dealt with php encoders? I am looking into using one, and > > wanted to go with the best, most affordable one that works without having to > > install anything on the system level for customers to use the software. > > > > Any thoughts/experience? > > I use ionCube (http://www.ioncube.com/) at work and it works very well. > > It's trivial to bundle the loader with your software, so that the user > doesn't have to install anything to run the encoded files. > > One caveat is that if the user has an older version of the loader > already installed on their system it will need to be upgraded or removed > before the files encoded with the newer encoder will work. > > Dan ... another caveat would be that it only works with php4 (or did last time I checked). From 1j0lkq002 at sneakemail.com Wed Apr 5 13:30:08 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Wed, 05 Apr 2006 10:30:08 -0700 Subject: [nycphp-talk] php encoders In-Reply-To: <4433B87A.7090909@phpwerx.net> References: <4e1a9bc0604050520t5d7be594v332680e217eb09d4@mail.gmail.com> <4433B87A.7090909@phpwerx.net> Message-ID: <4803-51419@sneakemail.com> Dan Cech dcech-at-phpwerx.net |nyphp dev/internal group use| wrote: >Keith Richardson wrote: > > >>Has anyone here dealt with php encoders? I am looking into using one, and >>wanted to go with the best, most affordable one that works without having to >>install anything on the system level for customers to use the software. >> >>Any thoughts/experience? >> >> > >I use ionCube (http://www.ioncube.com/) at work and it works very well. > >It's trivial to bundle the loader with your software, so that the user >doesn't have to install anything to run the encoded files. > >One caveat is that if the user has an older version of the loader >already installed on their system it will need to be upgraded or removed > before the files encoded with the newer encoder will work. > >Dan >___________ > Have they fixed the incompatiblity issues when Zend encoder is already installed? I recal a load ordering issue that seemed simple enough but in practice caused all sorts of headaches. -=john andrews http://www.seo-fun.com From dcech at phpwerx.net Wed Apr 5 14:08:13 2006 From: dcech at phpwerx.net (Dan Cech) Date: Wed, 05 Apr 2006 14:08:13 -0400 Subject: [nycphp-talk] php encoders In-Reply-To: <4803-51419@sneakemail.com> References: <4e1a9bc0604050520t5d7be594v332680e217eb09d4@mail.gmail.com> <4433B87A.7090909@phpwerx.net> <4803-51419@sneakemail.com> Message-ID: <4434078D.2040308@phpwerx.net> inforequest wrote: > Dan Cech dcech-at-phpwerx.net |nyphp dev/internal group use| wrote: >> I use ionCube (http://www.ioncube.com/) at work and it works very well. >> > Have they fixed the incompatiblity issues when Zend encoder is already > installed? I recal a load ordering issue that seemed simple enough but > in practice caused all sorts of headaches. The only time we've run into a problem was on a machine running a very old version of the zend encoder, which was solved after an upgrade. csnyder wrote: > ... another caveat would be that it only works with php4 (or did last > time I checked). I've only used it with PHP4, but the current version (6.5) does seem to support PHP5. Dan From hansen1 at cloud9.net Wed Apr 5 14:54:36 2006 From: hansen1 at cloud9.net (hansen1 at cloud9.net) Date: Wed, 05 Apr 2006 14:54:36 -0400 Subject: [nycphp-talk] Colo NYC/Westchester Message-ID: <20060405145436.rd8mqzm8w0cowwk0@www.mail.cloud9.net> I am looking for a datacenter to colocate a webserver.? Do you have any ideas for a reasonably priced datacenter near NYC/Westchester?? I am looking at Cloud9.net, Mags.net and Invision.com right now. Has anyone had experience with any of these datacenters?? Thanks for your help. -Barbara -------------- next part -------------- An HTML attachment was scrubbed... URL: From rsd at electronink.com Wed Apr 5 15:06:27 2006 From: rsd at electronink.com (Russ Demarest) Date: Wed, 5 Apr 2006 15:06:27 -0400 Subject: [nycphp-talk] Colo NYC/Westchester In-Reply-To: <20060405145436.rd8mqzm8w0cowwk0@www.mail.cloud9.net> References: <20060405145436.rd8mqzm8w0cowwk0@www.mail.cloud9.net> Message-ID: <28F1BAC9-DED2-40CF-9620-C05460E54B5E@electronink.com> I have 2 servers co-lo'd at Xand and have had a great experience. Awesome support, 100% uptime, secure. I was at "The Bunker" run by Savvy Networks but would not recommend them. http://www.xand.com/ Russ On Apr 5, 2006, at 2:54 PM, hansen1 at cloud9.net wrote: > I am looking for a datacenter to colocate a webserver. Do you have > any ideas for a reasonably priced datacenter near NYC/Westchester? > I am looking at Cloud9.net, Mags.net and Invision.com right now. > Has anyone had experience with any of these datacenters? Thanks > for your help. > > > -Barbara > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From 1j0lkq002 at sneakemail.com Wed Apr 5 15:19:11 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Wed, 05 Apr 2006 12:19:11 -0700 Subject: [nycphp-talk] Colo NYC/Westchester In-Reply-To: <20060405145436.rd8mqzm8w0cowwk0@www.mail.cloud9.net> References: <20060405145436.rd8mqzm8w0cowwk0@www.mail.cloud9.net> Message-ID: <25994-44083@sneakemail.com> hansen1-at-cloud9.net |nyphp dev/internal group use| wrote: > I am looking for a datacenter to colocate a webserver. Do you have > any ideas for a reasonably priced datacenter near NYC/Westchester? I > am looking at Cloud9.net, Mags.net and Invision.com right now. Has > anyone had experience with any of these datacenters? Thanks for your > help. > > -Barbara > >------------------------------------------------------------------------ > http://tellurian.com/ highly recommended...not that far away. -=john andrews http://www.seo-fun.com From ps at pswebcode.com Thu Apr 6 17:00:05 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Thu, 6 Apr 2006 17:00:05 -0400 Subject: [nycphp-talk] IE7 Beta 2 [OT] Message-ID: <009801c659bd$14fc2e00$68e4a144@Rubicon> Maybe you and your office hold certain responsibilities regarding web site display nits on client sites and apps. Recently downloaded IE7 Beta 2 and it is (at least at this time) demonstrating differing display characteristics from IE6 possibly altering divs and frames presentation. I think might be related to how IE is actually attempting to handle web pages based on the DOCTYPE: transitional vs. strict, etc. Additionally, IE7 has a heaping of fresh chrome and menus have gone off and sidestepped their original locations. Under Tools>Internet Options>Advanced, the sections Browsing and Security may be of worthwhile note including a default Phishing Filter and some possible upgrade tomfoolery with SSL and TLS. Default install, of course, saw IE6 subsumed by IE7. Though documentation claims that IE7 will go peaceably via Add/Remove Programs. And, lo, it is there. Warmest regards, Peter Sawczynec, Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management ps at pswebcode.com 718.796.1951 www.pswebcode.com From 1j0lkq002 at sneakemail.com Thu Apr 6 17:15:08 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Thu, 06 Apr 2006 14:15:08 -0700 Subject: [nycphp-talk] IE7 Beta 2 [OT] In-Reply-To: <009801c659bd$14fc2e00$68e4a144@Rubicon> References: <009801c659bd$14fc2e00$68e4a144@Rubicon> Message-ID: <28386-14478@sneakemail.com> Peter Sawczynec ps-at-pswebcode.com |nyphp dev/internal group use| wrote: >Maybe you and your office hold certain responsibilities regarding web site >display nits on client sites and apps. > >Recently downloaded IE7 Beta 2 and it is (at least at this time) >demonstrating differing display characteristics from IE6 possibly altering >divs and frames presentation. I think might be related to how IE is actually >attempting to handle web pages based on the DOCTYPE: transitional vs. >strict, etc. > >Additionally, IE7 has a heaping of fresh chrome and menus have gone off and >sidestepped their original locations. > >Under Tools>Internet Options>Advanced, the sections Browsing and Security >may be of worthwhile note including a default Phishing Filter and some >possible upgrade tomfoolery with SSL and TLS. > >Default install, of course, saw IE6 subsumed by IE7. Though documentation >claims that IE7 will go peaceably via Add/Remove Programs. And, lo, it is >there. > >Warmest regards, > >Peter Sawczynec, >Technology Director > If you are interested you can follow this on the serious CSS lists/forums. Ever since IE7 started Beta they have been picking it apart and it is, indeed, rather ugly so far. On April 1, someone released a "perfect style sheet" which was actually a simple all-table layout for all versions of IE, with no-layout for everyone else. No more issues! -=john andrews http://www.seo-fun.com From rsd at electronink.com Thu Apr 6 17:51:06 2006 From: rsd at electronink.com (Russ Demarest) Date: Thu, 6 Apr 2006 17:51:06 -0400 Subject: [nycphp-talk] IE7 Beta 2 [OT] In-Reply-To: <28386-14478@sneakemail.com> References: <009801c659bd$14fc2e00$68e4a144@Rubicon> <28386-14478@sneakemail.com> Message-ID: What are the "serious CSS lists/forums" of which you speak? Russ On Apr 6, 2006, at 5:15 PM, inforequest wrote: > Peter Sawczynec ps-at-pswebcode.com |nyphp dev/internal group use| > wrote: > >> Maybe you and your office hold certain responsibilities regarding >> web site >> display nits on client sites and apps. >> >> Recently downloaded IE7 Beta 2 and it is (at least at this time) >> demonstrating differing display characteristics from IE6 possibly >> altering >> divs and frames presentation. I think might be related to how IE >> is actually >> attempting to handle web pages based on the DOCTYPE: transitional vs. >> strict, etc. >> >> Additionally, IE7 has a heaping of fresh chrome and menus have >> gone off and >> sidestepped their original locations. >> >> Under Tools>Internet Options>Advanced, the sections Browsing and >> Security >> may be of worthwhile note including a default Phishing Filter and >> some >> possible upgrade tomfoolery with SSL and TLS. >> >> Default install, of course, saw IE6 subsumed by IE7. Though >> documentation >> claims that IE7 will go peaceably via Add/Remove Programs. And, >> lo, it is >> there. >> >> Warmest regards, >> >> Peter Sawczynec, >> Technology Director >> > If you are interested you can follow this on the serious CSS > lists/forums. Ever since IE7 started Beta they have been picking it > apart and it is, indeed, rather ugly so far. > > On April 1, someone released a "perfect style sheet" which was > actually > a simple all-table layout for all versions of IE, with no-layout for > everyone else. No more issues! > > -=john andrews > http://www.seo-fun.com > > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From 1j0lkq002 at sneakemail.com Thu Apr 6 20:36:24 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Thu, 06 Apr 2006 17:36:24 -0700 Subject: [nycphp-talk] XAMPP or EASYPHP and Windows and session wierdness In-Reply-To: References: <009801c659bd$14fc2e00$68e4a144@Rubicon> <28386-14478@sneakemail.com> Message-ID: <28324-18545@sneakemail.com> Argh. Once again all clues point to session wierdness on Windows. Has anyone ever actually identified specific problems with sessions on Windows vs. TheRestOfTheWorld when doing dev work using XAMPP or EasyPHP? This time it's smarty related.... SmartyValidator works fine on any linux/bsd host but chokes on Windows and as usual I went through all the work of checking paths and roots and path separators and PHP versions and testing the smarty install and yet the problem persists. thanks for any ideas or even external validation that winblows is useless for dev work. -=john andrews http://www.seo-fun.com From adlermedrado at gmail.com Thu Apr 6 21:20:51 2006 From: adlermedrado at gmail.com (Adler Medrado) Date: Thu, 6 Apr 2006 22:20:51 -0300 Subject: [nycphp-talk] XAMPP or EASYPHP and Windows and session wierdness In-Reply-To: <28324-18545@sneakemail.com> References: <009801c659bd$14fc2e00$68e4a144@Rubicon> <28386-14478@sneakemail.com> <28324-18545@sneakemail.com> Message-ID: I've used sometimes both and i never had problems... But i like to install this without these installers. []s adler medrado http://adler.neshertech.net On 4/6/06, inforequest <1j0lkq002 at sneakemail.com> wrote: > > Argh. > > Once again all clues point to session wierdness on Windows. > > Has anyone ever actually identified specific problems with sessions on > Windows vs. TheRestOfTheWorld when doing dev work using XAMPP or EasyPHP? > > This time it's smarty related.... SmartyValidator works fine on any > linux/bsd host but chokes on Windows and as usual I went through all the > work of checking paths and roots and path separators and PHP versions > and testing the smarty install and yet the problem persists. > > thanks for any ideas or even external validation that winblows is > useless for dev work. > > -=john andrews > http://www.seo-fun.com > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- Nesher Technologies http://www.neshertech.net http://adler.neshertech.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From danielc at analysisandsolutions.com Sat Apr 8 09:14:12 2006 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sat, 8 Apr 2006 09:14:12 -0400 Subject: [nycphp-talk] XAMPP or EASYPHP and Windows and session wierdness In-Reply-To: <28324-18545@sneakemail.com> References: <009801c659bd$14fc2e00$68e4a144@Rubicon> <28386-14478@sneakemail.com> <28324-18545@sneakemail.com> Message-ID: <20060408131412.GA3549@panix.com> Hey John: On Thu, Apr 06, 2006 at 05:36:24PM -0700, inforequest wrote: > > This time it's smarty related.... SmartyValidator works fine on any > linux/bsd host but chokes on Windows and as usual I went through all the > work of checking paths and roots and path separators and PHP versions > and testing the smarty install and yet the problem persists. There are SEVERAL things that could be out of kilter. * Is session.save_path being overridden to something that doesn't exist on your windows box? * Cookie settings in your browser aren't allowing cookies for the Windows boxs' domain. * The URI path of the sites' cookies don't match on the two boxes. See session.cookie_path. * Is a custom session handler being used? See session.save_handler and session_set_save_handler(). * Is session.auto_start off? Do some grepping of the offending script directories to find out. Good luck, --Dan PS: In the future, when starting new threads, can you please start with a new email rather than replying to an existing one and changing the subject? Makes threading work right. Thanks. -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From 1j0lkq002 at sneakemail.com Sat Apr 8 13:39:08 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Sat, 08 Apr 2006 10:39:08 -0700 Subject: [nycphp-talk] XAMPP or EASYPHP and Windows and session wierdness In-Reply-To: <20060408131412.GA3549@panix.com> References: <009801c659bd$14fc2e00$68e4a144@Rubicon> <28386-14478@sneakemail.com> <28324-18545@sneakemail.com> <20060408131412.GA3549@panix.com> Message-ID: <9675-59991@sneakemail.com> Daniel Convissor danielc-at-analysisandsolutions.com |nyphp dev/internal group use| wrote: >Hey John: > >On Thu, Apr 06, 2006 at 05:36:24PM -0700, inforequest wrote: > > >>This time it's smarty related.... SmartyValidator works fine on any >>linux/bsd host but chokes on Windows and as usual I went through all the >>work of checking paths and roots and path separators and PHP versions >>and testing the smarty install and yet the problem persists. >> >> > >There are SEVERAL things that could be out of kilter. > >* Is session.save_path being overridden to something that doesn't >exist on your windows box? > > Thanks Dan. This is helpful. I checked the php config but not whether it was being overwritten. >* Cookie settings in your browser aren't allowing cookies for the >Windows boxs' domain. > > Another good point but ok for now (problem exists even with my dangerously unsecured test install of IE ) >* The URI path of the sites' cookies don't match on the two boxes. >See session.cookie_path. > >* Is a custom session handler being used? See session.save_handler >and session_set_save_handler(). > >* Is session.auto_start off? > >Do some grepping of the offending script directories to find out. > > yes, thanks. From 1j0lkq002 at sneakemail.com Sun Apr 9 22:36:24 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Sun, 09 Apr 2006 19:36:24 -0700 Subject: [nycphp-talk] XAMPP or EASYPHP and Windows and session wierdness In-Reply-To: <20060408131412.GA3549@panix.com> References: <009801c659bd$14fc2e00$68e4a144@Rubicon> <28386-14478@sneakemail.com> <28324-18545@sneakemail.com> <20060408131412.GA3549@panix.com> Message-ID: <19058-50131@sneakemail.com> Daniel Convissor danielc-at-analysisandsolutions.com |nyphp dev/internal group use| wrote: >Hey John: > >On Thu, Apr 06, 2006 at 05:36:24PM -0700, inforequest wrote: > > >>This time it's smarty related.... SmartyValidator works fine on any >>linux/bsd host but chokes on Windows and as usual I went through all the >>work of checking paths and roots and path separators and PHP versions >>and testing the smarty install and yet the problem persists. >> >> > >There are SEVERAL things that could be out of kilter. > >* Is session.save_path being overridden to something that doesn't >exist on your windows box? > > No, and I can see session files. >* Is a custom session handler being used? See session.save_handler >and session_set_save_handler(). > > Nah. >* Is session.auto_start off? > > Yes, it was off but turning it on didn't change anything and I was already seing sessions so not the problem. Maybe I am wrong about sessions being the culprit... Smarty not seeing IDs as validated: *Warning*: Smarty error: validate: validator id 'p_user' is not registered. in *C:\...**a\libs\smarty\Smarty.class.php even though I can see the ID inside the SmartyValidate cookie. This is code that works fine on every Linux box I've tried and some Windows but not *my* Windows setup under XAMP or EasyPHP. Thanks anyway for the ideas. * From 1j0lkq002 at sneakemail.com Mon Apr 10 00:07:50 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Sun, 09 Apr 2006 21:07:50 -0700 Subject: [nycphp-talk] XAMPP or EASYPHP and Windows and session wierdness THANKS DAN In-Reply-To: <20060408131412.GA3549@panix.com> References: <009801c659bd$14fc2e00$68e4a144@Rubicon> <28386-14478@sneakemail.com> <28324-18545@sneakemail.com> <20060408131412.GA3549@panix.com> Message-ID: <6734-03925@sneakemail.com> Damned if it wasn't too strange, so I looked externally and sure enough...a new firewall was blocking 3rd party cookies. Thanks again for the guidance. -=john Daniel Convissor danielc-at-analysisandsolutions.com |nyphp dev/internal group use| wrote: >Hey John: > >On Thu, Apr 06, 2006 at 05:36:24PM -0700, inforequest wrote: > > >>This time it's smarty related.... SmartyValidator works fine on any >>linux/bsd host but chokes on Windows and as usual I went through all the >>work of checking paths and roots and path separators and PHP versions >>and testing the smarty install and yet the problem persists. >> >> > >There are SEVERAL things that could be out of kilter. > >* Is session.save_path being overridden to something that doesn't >exist on your windows box? > >* Cookie settings in your browser aren't allowing cookies for the >Windows boxs' domain. > >* The URI path of the sites' cookies don't match on the two boxes. >See session.cookie_path. > >* Is a custom session handler being used? See session.save_handler >and session_set_save_handler(). > >* Is session.auto_start off? > >Do some grepping of the offending script directories to find out. > >Good luck, > >--Dan > >PS: In the future, when starting new threads, can you please start >with a new email rather than replying to an existing one and changing >the subject? Makes threading work right. Thanks. > > > From adlermedrado at gmail.com Mon Apr 10 20:32:31 2006 From: adlermedrado at gmail.com (Adler Medrado) Date: Mon, 10 Apr 2006 21:32:31 -0300 Subject: [nycphp-talk] PHP IDE Message-ID: Hello all !!! I am trying to use the Eclipse PHP IDE Plugin, but the code assist/code completion is not working. Does anyone here knows what is happening? I've tried use this on windows and now on linux and the same problem occurred in both. When i am editing a HTML page it complete fine, but when the code is PHP it not work; I think it needs some configuration... well, can anyone help ??? Thanks a lot. adler medrado http://adler.neshertech.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From yournway at gmail.com Tue Apr 11 03:17:14 2006 From: yournway at gmail.com (Alberto dos Santos) Date: Tue, 11 Apr 2006 08:17:14 +0100 Subject: [nycphp-talk] PHP IDE In-Reply-To: References: Message-ID: Hi. Forgive me the stupid question, have you tried CTRL+SPACE to activate the code assist? What version of eclipse have you downloaded? Have you heard of the Web Tools Project, it's a version with all we need to make websites (hand coded, of course). http://download.eclipse.org/webtools/downloads/drops/R-1.0.1-200602171228/ Enjoy, it has worked fine for me, although we must not expect the operability of the zend IDE, but hey! it's FREE! Al. On 11/04/06, Adler Medrado wrote: > > Hello all !!! > > I am trying to use the Eclipse PHP IDE Plugin, but the code assist/code > completion is not working. > Does anyone here knows what is happening? I've tried use this on windows > and now on linux and the same problem occurred in both. > When i am editing a HTML page it complete fine, but when the code is PHP > it not work; > I think it needs some configuration... well, can anyone help ??? Thanks a > lot. > > adler medrado > http://adler.neshertech.net > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > -- Alberto dos Santos Consultor em TI IT Consultant http://www.yournway.com A internet ? sua maneira. The Internet your own way. -------------- next part -------------- An HTML attachment was scrubbed... URL: From adlermedrado at gmail.com Tue Apr 11 07:49:51 2006 From: adlermedrado at gmail.com (Adler Medrado) Date: Tue, 11 Apr 2006 08:49:51 -0300 Subject: [nycphp-talk] PHP IDE In-Reply-To: References: Message-ID: Hello Alberto. Of course i did it. And it not work. I've followed the instructions in http://www.zend.com/phpide The Eclipse version i am using is the Eclipse Webtools 3.1.2 is this correct? []s adler medrado http://adler.neshertech.net On 4/11/06, Alberto dos Santos wrote: > > Hi. > Forgive me the stupid question, have you tried CTRL+SPACE to activate the > code assist? > What version of eclipse have you downloaded? > > Have you heard of the Web Tools Project, it's a version with all we need > to make websites (hand coded, of course). > http://download.eclipse.org/webtools/downloads/drops/R-1.0.1-200602171228/ > > Enjoy, it has worked fine for me, although we must not expect the > operability of the zend IDE, but hey! it's FREE! > > Al. > > On 11/04/06, Adler Medrado wrote: > > > Hello all !!! > > I am trying to use the Eclipse PHP IDE Plugin, but the code assist/code > completion is not working. > Does anyone here knows what is happening? I've tried use this on windows > and now on linux and the same problem occurred in both. > When i am editing a HTML page it complete fine, but when the code is PHP > it not work; > I think it needs some configuration... well, can anyone help ??? Thanks a > lot. > > adler medrado > http://adler.neshertech.net > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > > > > -- > Alberto dos Santos > Consultor em TI > IT Consultant > > http://www.yournway.com > A internet ? sua maneira. > The Internet your own way. > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > -- Nesher Technologies http://www.neshertech.net http://adler.neshertech.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From adlermedrado at gmail.com Tue Apr 11 08:02:44 2006 From: adlermedrado at gmail.com (Adler Medrado) Date: Tue, 11 Apr 2006 09:02:44 -0300 Subject: [nycphp-talk] PHP IDE In-Reply-To: References: Message-ID: Another problem is when i put the mouse cursor on some method and press control and click it doesn't show me the source of that method... On 4/11/06, Alberto dos Santos wrote: > > Hi. > Forgive me the stupid question, have you tried CTRL+SPACE to activate the > code assist? > What version of eclipse have you downloaded? > > Have you heard of the Web Tools Project, it's a version with all we need > to make websites (hand coded, of course). > http://download.eclipse.org/webtools/downloads/drops/R-1.0.1-200602171228/ > > Enjoy, it has worked fine for me, although we must not expect the > operability of the zend IDE, but hey! it's FREE! > > Al. > > On 11/04/06, Adler Medrado wrote: > > > Hello all !!! > > I am trying to use the Eclipse PHP IDE Plugin, but the code assist/code > completion is not working. > Does anyone here knows what is happening? I've tried use this on windows > and now on linux and the same problem occurred in both. > When i am editing a HTML page it complete fine, but when the code is PHP > it not work; > I think it needs some configuration... well, can anyone help ??? Thanks a > lot. > > adler medrado > http://adler.neshertech.net > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > > > > -- > Alberto dos Santos > Consultor em TI > IT Consultant > > http://www.yournway.com > A internet ? sua maneira. > The Internet your own way. > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > -- Nesher Technologies http://www.neshertech.net http://adler.neshertech.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From yournway at gmail.com Tue Apr 11 08:50:02 2006 From: yournway at gmail.com (Alberto dos Santos) Date: Tue, 11 Apr 2006 13:50:02 +0100 Subject: [nycphp-talk] PHP IDE In-Reply-To: References: Message-ID: 1) Have you checked the box on the preferences dialog "enable auto activation" and checked the activation chars are ok? 2) have you declared the files where your methods are? 3) do you have the autobuild feature on? (project>auto build) On 11/04/06, Adler Medrado wrote: > > Another problem is when i put the mouse cursor on some method and press > control and click it doesn't show me the source of that method... > > > > On 4/11/06, Alberto dos Santos wrote: > > > Hi. > > Forgive me the stupid question, have you tried CTRL+SPACE to activate > > the code assist? > > What version of eclipse have you downloaded? > > > > Have you heard of the Web Tools Project, it's a version with all we need > > to make websites (hand coded, of course). > > http://download.eclipse.org/webtools/downloads/drops/R-1.0.1-200602171228/ > > > > > > Enjoy, it has worked fine for me, although we must not expect the > > operability of the zend IDE, but hey! it's FREE! > > > > Al. > > > > On 11/04/06, Adler Medrado < adlermedrado at gmail.com> wrote: > > > > > Hello all !!! > > > > I am trying to use the Eclipse PHP IDE Plugin, but the code assist/code > > completion is not working. > > Does anyone here knows what is happening? I've tried use this on windows > > and now on linux and the same problem occurred in both. > > When i am editing a HTML page it complete fine, but when the code is PHP > > it not work; > > I think it needs some configuration... well, can anyone help ??? Thanks > > a lot. > > > > adler medrado > > http://adler.neshertech.net > > > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > New York PHP Conference and Expo 2006 > > http://www.nyphpcon.com > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > > > > > > > > > > -- > > Alberto dos Santos > > Consultor em TI > > IT Consultant > > > > http://www.yournway.com > > A internet ? sua maneira. > > The Internet your own way. > > > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > New York PHP Conference and Expo 2006 > > http://www.nyphpcon.com > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > > > > > > > -- > > Nesher Technologies > http://www.neshertech.net > http://adler.neshertech.net > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > -- Alberto dos Santos Consultor em TI IT Consultant http://www.yournway.com A internet ? sua maneira. The Internet your own way. -------------- next part -------------- An HTML attachment was scrubbed... URL: From edwardpotter at gmail.com Tue Apr 11 08:54:38 2006 From: edwardpotter at gmail.com (edward potter) Date: Tue, 11 Apr 2006 08:54:38 -0400 Subject: [nycphp-talk] PHP IDE In-Reply-To: References: Message-ID: A friend has recommended Xcode on the mac for PHP coding, has anyone given it a try? thanks, ed :-) On 4/11/06, Alberto dos Santos wrote: > Hi. > Forgive me the stupid question, have you tried CTRL+SPACE to activate the > code assist? > What version of eclipse have you downloaded? > > Have you heard of the Web Tools Project, it's a version with all we need to > make websites (hand coded, of course). > http://download.eclipse.org/webtools/downloads/drops/R-1.0.1-200602171228/ > > Enjoy, it has worked fine for me, although we must not expect the > operability of the zend IDE, but hey! it's FREE! > > Al. > > On 11/04/06, Adler Medrado wrote: > > > > Hello all !!! > > > > I am trying to use the Eclipse PHP IDE Plugin, but the code assist/code > completion is not working. > > Does anyone here knows what is happening? I've tried use this on windows > and now on linux and the same problem occurred in both. > > When i am editing a HTML page it complete fine, but when the code is PHP > it not work; > > I think it needs some configuration... well, can anyone help ??? Thanks a > lot. > > > > > > adler medrado > > http://adler.neshertech.net > > > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > New York PHP Conference and Expo 2006 > > http://www.nyphpcon.com > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > > > > > > > > -- > Alberto dos Santos > Consultor em TI > IT Consultant > > http://www.yournway.com > A internet ? sua maneira. > The Internet your own way. > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > From adlermedrado at gmail.com Tue Apr 11 09:44:54 2006 From: adlermedrado at gmail.com (Adler Medrado) Date: Tue, 11 Apr 2006 10:44:54 -0300 Subject: [nycphp-talk] PHP IDE In-Reply-To: References: Message-ID: Yes for all questions. I've checked this before you ask and verified again now... and this problem has occurred on windows and linux. i think is something with this eclipse version. but i've downloaded the version in the www.zend.com/phpide On 4/11/06, Alberto dos Santos wrote: > > > 1) Have you checked the box on the preferences dialog "enable auto > activation" and checked the activation chars are ok? > 2) have you declared the files where your methods are? > 3) do you have the autobuild feature on? (project>auto build) > > > > On 11/04/06, Adler Medrado wrote: > > > > Another problem is when i put the mouse cursor on some method and press > > control and click it doesn't show me the source of that method... > > > > > > > > On 4/11/06, Alberto dos Santos wrote: > > > > > Hi. > > > Forgive me the stupid question, have you tried CTRL+SPACE to activate > > > the code assist? > > > What version of eclipse have you downloaded? > > > > > > Have you heard of the Web Tools Project, it's a version with all we > > > need to make websites (hand coded, of course). > > > http://download.eclipse.org/webtools/downloads/drops/R-1.0.1-200602171228/ > > > > > > > > > Enjoy, it has worked fine for me, although we must not expect the > > > operability of the zend IDE, but hey! it's FREE! > > > > > > Al. > > > > > > On 11/04/06, Adler Medrado < adlermedrado at gmail.com> wrote: > > > > > > > Hello all !!! > > > > > > I am trying to use the Eclipse PHP IDE Plugin, but the code > > > assist/code completion is not working. > > > Does anyone here knows what is happening? I've tried use this on > > > windows and now on linux and the same problem occurred in both. > > > When i am editing a HTML page it complete fine, but when the code is > > > PHP it not work; > > > I think it needs some configuration... well, can anyone help ??? > > > Thanks a lot. > > > > > > adler medrado > > > http://adler.neshertech.net > > > > > > _______________________________________________ > > > New York PHP Community Talk Mailing List > > > http://lists.nyphp.org/mailman/listinfo/talk > > > New York PHP Conference and Expo 2006 > > > http://www.nyphpcon.com > > > Show Your Participation in New York PHP > > > http://www.nyphp.org/show_participation.php > > > > > > > > > > > > > > > > > > -- > > > Alberto dos Santos > > > Consultor em TI > > > IT Consultant > > > > > > http://www.yournway.com > > > A internet ? sua maneira. > > > The Internet your own way. > > > > > > _______________________________________________ > > > New York PHP Community Talk Mailing List > > > http://lists.nyphp.org/mailman/listinfo/talk > > > New York PHP Conference and Expo 2006 > > > http://www.nyphpcon.com > > > Show Your Participation in New York PHP > > > http://www.nyphp.org/show_participation.php > > > > > > > > > > > > > > > -- > > > > Nesher Technologies > > http://www.neshertech.net > > http://adler.neshertech.net > > > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > New York PHP Conference and Expo 2006 > > http://www.nyphpcon.com > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > > > > > > > -- > Alberto dos Santos > Consultor em TI > IT Consultant > > http://www.yournway.com > A internet ? sua maneira. > The Internet your own way. > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > -- Nesher Technologies http://www.neshertech.net http://adler.neshertech.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From jonbaer at jonbaer.com Tue Apr 11 11:28:44 2006 From: jonbaer at jonbaer.com (Jon Baer) Date: Tue, 11 Apr 2006 11:28:44 -0400 Subject: [nycphp-talk] PHP IDE (Mac) In-Reply-To: References: Message-ID: Like many it's *extremely* bloated for just doing PHP when it wasn't designed for it ... TextMate (www.macromates.com) on the Mac has to be the most flexible, lightweight, productive app to come along in a while ... http://anon:anon at macromates.com/svn/Bundles/trunk/Bundles/ PHP.tmbundle/README Other points: Subversion support built in, bundles for CakePHP and Smarty ... http://anon:anon at macromates.com/svn/Bundles/trunk/Bundles/ CAKE.tmbundle/Snippets/ http://anon:anon at macromates.com/svn/Bundles/trunk/Bundles/ Smarty.tmbundle/Snippets/ - Jon On Apr 11, 2006, at 8:54 AM, edward potter wrote: > A friend has recommended Xcode on the mac for PHP coding, has anyone > given it a try? > > thanks, ed :-) From chsnyder at gmail.com Tue Apr 11 12:11:53 2006 From: chsnyder at gmail.com (csnyder) Date: Tue, 11 Apr 2006 12:11:53 -0400 Subject: [nycphp-talk] PHP IDE (Mac) In-Reply-To: References: Message-ID: On 4/11/06, Jon Baer wrote: > Like many it's *extremely* bloated for just doing PHP when it wasn't > designed for it ... > > TextMate (www.macromates.com) on the Mac has to be the most flexible, > lightweight, productive app to come along in a while ... > > http://anon:anon at macromates.com/svn/Bundles/trunk/Bundles/ > PHP.tmbundle/README > > Other points: Subversion support built in, bundles for CakePHP and > Smarty ... > > http://anon:anon at macromates.com/svn/Bundles/trunk/Bundles/ > CAKE.tmbundle/Snippets/ > http://anon:anon at macromates.com/svn/Bundles/trunk/Bundles/ > Smarty.tmbundle/Snippets/ > > - Jon > > On Apr 11, 2006, at 8:54 AM, edward potter wrote: > > > A friend has recommended Xcode on the mac for PHP coding, has anyone > > given it a try? > > > > thanks, ed :-) I tried using XCode for a while before Jeff Knight finally convinced me that the Zend IDE was the way to go on Mac. Despite the bloat it generally stays out of the way, and if you take the time to change some of the poor key-mapping and syntax-coloring choices, it's a great editor. Well, okay, the interface takes up a little too much real-estate on a 12" PowerBook, but that's life. XCode has a nice enough interface, and it will make your code look good on screen, but it's ultimately the wrong tool for the job... unless you're mixing Objective-C into your php project, of course. ;-) -- Chris Snyder http://chxo.com/ From tedd at sperling.com Tue Apr 11 12:55:05 2006 From: tedd at sperling.com (tedd) Date: Tue, 11 Apr 2006 12:55:05 -0400 Subject: [nycphp-talk] PHP IDE (Mac) In-Reply-To: References: Message-ID: At 12:11 PM -0400 4/11/06, csnyder wrote: > > On Apr 11, 2006, at 8:54 AM, edward potter wrote: >> >> > A friend has recommended Xcode on the mac for PHP coding, has anyone >> > given it a try? >> > >> > thanks, ed :-) > >I tried using XCode for a while before Jeff Knight finally convinced >me that the Zend IDE was the way to go on Mac. Despite the bloat it >generally stays out of the way, and if you take the time to change >some of the poor key-mapping and syntax-coloring choices, it's a great >editor. Chris: I have Zend IDE Professional as well, but I seldom use it. Surprisingly enough, I use GoLive for the Mac and program directly on my host. However, GoLive has some minor issues with function coloring, minor editing annoyances, and it occasionally loses track of what it should upload (it often looks at two files with the same name as being the same even though they reside in different folders). However, I know what to lookout for and it works well for me. I tried XCode, but it's far too much -- it's like driving a thumbtack with a sledge hammer. I want something like me, simple. :-) tedd -- -------------------------------------------------------------------------------- http://sperling.com From TBoyden at SUPERCOUPS.com Tue Apr 11 13:28:41 2006 From: TBoyden at SUPERCOUPS.com (Tim Boyden) Date: Tue, 11 Apr 2006 13:28:41 -0400 Subject: [nycphp-talk] PHP4 Array/XML sorting question Message-ID: Hello, I am working on a web page that lists some ads stored in an XML file and I'm having trouble with figuring out how to sort the listings by their "category" element. Currently I pull the "ad" elements from the XML into an array and print out the HTML list of ads in a non-sorted manner. I'd like it to print out with a header for the category followed by a list of ads in that category. I'm not sure how to code it though. Any help would be appreciated. Below is a snippet from the XML file: test Food Test 1 testpage1.pdf test Home Improvement Test 2 testpage2.pdf test Services Test 3 testpage3.pdf Thanks, Tim Boyden --------------------------- Timothy Boyden Network Administrator tboyden at supercoups.com SuperCoups(r) | 350 Revolutionary Drive | E. Taunton, MA 02718 508-977-2034 | www.supercoups.com --------------------------- Local Coupons. Super Savings.(r) -------------- next part -------------- An HTML attachment was scrubbed... URL: From craig at juxtadigital.com Tue Apr 11 13:33:42 2006 From: craig at juxtadigital.com (Craig Thomas) Date: Tue, 11 Apr 2006 13:33:42 -0400 Subject: [nycphp-talk] PHP IDE (Mac) In-Reply-To: References: Message-ID: <443BE876.9030609@juxtadigital.com> tedd wrote: > At 12:11 PM -0400 4/11/06, csnyder wrote: > >> > On Apr 11, 2006, at 8:54 AM, edward potter wrote: >> >>> > A friend has recommended Xcode on the mac for PHP coding, has anyone >>> > given it a try? >>> > >>> > thanks, ed :-) >> >>I tried using XCode for a while before Jeff Knight finally convinced >>me that the Zend IDE was the way to go on Mac. Despite the bloat it >>generally stays out of the way, and if you take the time to change >>some of the poor key-mapping and syntax-coloring choices, it's a great >>editor. > > > Chris: > > I have Zend IDE Professional as well, but I seldom use it. Why? too much IDE? I'm contemplating a purchase as my trial is about to expire and I've loved it so far. Just wondered. > I tried XCode, but it's far too much -- it's like driving a thumbtack > with a sledge hammer. I want something like me, simple. :-) I use bluefish for a fast and simple editor [on linux]. Looks as if it also works for Mac OSX: http://bluefish.openoffice.nl/download.html > tedd -- Craig From tedd at sperling.com Tue Apr 11 14:12:45 2006 From: tedd at sperling.com (tedd) Date: Tue, 11 Apr 2006 14:12:45 -0400 Subject: [nycphp-talk] PHP IDE (Mac) In-Reply-To: <443BE876.9030609@juxtadigital.com> References: <443BE876.9030609@juxtadigital.com> Message-ID: > > I have Zend IDE Professional as well, but I seldom use it. > >Why? too much IDE? I'm contemplating a purchase as my trial is about >to expire and I've loved it so far. Just wondered. Maybe it's too much for me. I started out hard coding everything in a text editor and running it on my host -- if I remember correctly, some time ago, the IDE will run on the host IF something was installed and it wasn't -- and I could get the host to do anything, so I gave up. Maybe I should review it again. But, what I want is something that doesn't run on my machine, but rather something that I can see in real time on the net instead of preview in browser. Oh well... back to basics. tedd -- -------------------------------------------------------------------------------- http://sperling.com From ps at pswebcode.com Tue Apr 11 14:34:23 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Tue, 11 Apr 2006 14:34:23 -0400 Subject: [nycphp-talk] PHP4 Array/XML sorting question In-Reply-To: Message-ID: <003a01c65d96$8e6d8ea0$68e4a144@Rubicon> I believe, XSL Transformations (XSLT) is a correct method for achieving your end, i.e. use XSL to format and sort the XML. PHP 4.1+ XSLT library will let you do roughly so... $xsltHnd = xslt_create(); xslt_set_base($xsltHnd,''); $html = xslt_process($xsltHnd, 'my_listings.xml', 'my_listings_format.xsl'); echo $html; Above, the XML param is your XML file. The XSL file contains a mixture of XHTML, CSS and XSL. The XSL allows you to sort and format XML quite effectively. Your XSL file will contain code like the following snippets: images/ads/ 0 Above shows very roughly the technique for using XSL to sort XML and then push the XML data into some XHTML to create a hyperlinked thumbnail image for display in the browser. Now that is just to give you an idea. This technique, of course, has a learning curve. You need to look up PHP XML/XSLT tutorials and samples on the web and get familiar with XSL in general. Particularly you need to grasp XSL templates and how to apply to XML data. Again, this is just one avenue but once you got it, you can apply this approach on many tasks with few changes. Otherwise, look at PHP array sort techniques at: http://us2.php.net/manual/en/ref.array.php Warmest regards, Peter Sawczynec, Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management ps at pswebcode.com 718.796.1951 www.pswebcode.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Tim Boyden Sent: Tuesday, April 11, 2006 1:29 PM To: talk at lists.nyphp.org Subject: [nycphp-talk] PHP4 Array/XML sorting question Hello, I am working on a web page that lists some ads stored in an XML file and I'm having trouble with figuring out how to sort the listings by their "category" element. Currently I pull the "ad" elements from the XML into an array and print out the HTML list of ads in a non-sorted manner. I'd like it to print out with a header for the category followed by a list of ads in that category. I'm not sure how to code it though. Any help would be appreciated. Below is a snippet from the XML file: test Food Test 1 testpage1.pdf test Home Improvement Test 2 testpage2.pdf test Services Test 3 testpage3.pdf Thanks, Tim Boyden --------------------------- Timothy Boyden Network Administrator tboyden at supercoups.com SuperCoupsR | 350 Revolutionary Drive | E. Taunton, MA 02718 508-977-2034 | www.supercoups.com --------------------------- Local Coupons. Super Savings.R From jonbaer at jonbaer.com Tue Apr 11 14:58:46 2006 From: jonbaer at jonbaer.com (Jon Baer) Date: Tue, 11 Apr 2006 14:58:46 -0400 Subject: [nycphp-talk] PHP4 Array/XML sorting question In-Reply-To: <003a01c65d96$8e6d8ea0$68e4a144@Rubicon> References: <003a01c65d96$8e6d8ea0$68e4a144@Rubicon> Message-ID: If im not mistaken in *theory* this is exactly the type of work that XQuery was made for ... Your query would look something similar to: { for $ad in doc("ads.xml")//ad order by $ad/category return $ad/title } Looks beautiful and much cleaner eh? The problem is no library support whatsoever on the PHP side, all implementations have been Java based ... There is a preliminary library here: http://phpxmlclasses.sourceforge.net/show_doc.php? class=class_xquery_lite.html But no sorting support as of yet and Im not sure if those libraries are even in active development. I also do not beleive Simple XML has this capability, only simple Xpath. - Jon On Apr 11, 2006, at 2:34 PM, Peter Sawczynec wrote: > I believe, XSL Transformations (XSLT) is a correct method for > achieving your > end, i.e. use XSL to format and sort the XML. > PHP 4.1+ XSLT library will let you do roughly so... > > $xsltHnd = xslt_create(); > xslt_set_base($xsltHnd,''); > $html = xslt_process($xsltHnd, 'my_listings.xml', > 'my_listings_format.xsl'); > echo $html; > > > Above, the XML param is your XML file. The XSL file contains a > mixture of > XHTML, CSS and XSL. > The XSL allows you to sort and format XML quite effectively. > > Your XSL file will contain code like the following snippets: > > > xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> > > > > > > > > > > > > > > > select="@url"/> > > name="src">images/ads/ select="title"/> > name="border">0 > > > > > > > > > > > > > > > > > Above shows very roughly the technique for using XSL to sort XML > and then > push the XML data into some XHTML to create a hyperlinked thumbnail > image > for display in the browser. > > Now that is just to give you an idea. > > This technique, of course, has a learning curve. You need to look > up PHP > XML/XSLT tutorials and samples on the web and get familiar with XSL in > general. Particularly you need to grasp XSL templates and how to > apply to > XML data. > > Again, this is just one avenue but once you got it, you can apply this > approach on many tasks with few changes. > > Otherwise, look at PHP array sort techniques at: > http://us2.php.net/manual/en/ref.array.php > > Warmest regards, > > Peter Sawczynec, > Technology Director > PSWebcode > _Design & Interface > _Ecommerce > _Database Management > ps at pswebcode.com > 718.796.1951 > www.pswebcode.com > > > > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk- > bounces at lists.nyphp.org] On > Behalf Of Tim Boyden > Sent: Tuesday, April 11, 2006 1:29 PM > To: talk at lists.nyphp.org > Subject: [nycphp-talk] PHP4 Array/XML sorting question > > > Hello, > > I am working on a web page that lists some ads stored in an XML > file and I'm > having trouble with figuring out how to sort the listings by their > "category" element. Currently I pull the "ad" elements from the XML > into an > array and print out the HTML list of ads in a non-sorted manner. > I'd like it > to print out with a header for the category followed by a list of > ads in > that category. I'm not sure how to code it though. Any help would be > appreciated. Below is a snippet from the XML file: > > > > > test > Food > Test 1 > testpage1.pdf > > > test > Home Improvement > Test 2 > testpage2.pdf > > > test > Services > Test 3 > testpage3.pdf > > > > Thanks, > > Tim Boyden > > --------------------------- > Timothy Boyden > Network Administrator > tboyden at supercoups.com > > SuperCoupsR | 350 Revolutionary Drive | E. Taunton, MA 02718 > 508-977-2034 | www.supercoups.com > --------------------------- > Local Coupons. Super Savings.R > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From ps at pswebcode.com Tue Apr 11 15:02:06 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Tue, 11 Apr 2006 15:02:06 -0400 Subject: [nycphp-talk] PHP4 Array/XML sorting question In-Reply-To: Message-ID: <003b01c65d9a$6db6a170$68e4a144@Rubicon> For reference, here is a 3-pack zipped download that contains a working XSLT task sample: http://www.pswebcode.com/samples/XML-XSLTSample.zip This task reads apartment listings from an XML file, sorts them by price and displays them on a complete XHTML page. The files included are: listings_list.php [A PHP file that transforms an XML file with an XSL file.] listings_list.xml [A very short demo XML data file.] listings_list.xsl [A complete XSLT file containing sample XHTML, CSS and XSL that transforms the XML.] Warmest regards, Peter Sawczynec, Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management ps at pswebcode.com 718.796.1951 www.pswebcode.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Tim Boyden Sent: Tuesday, April 11, 2006 1:29 PM To: talk at lists.nyphp.org Subject: [nycphp-talk] PHP4 Array/XML sorting question Hello, I am working on a web page that lists some ads stored in an XML file and I'm having trouble with figuring out how to sort the listings by their "category" element. Currently I pull the "ad" elements from the XML into an array and print out the HTML list of ads in a non-sorted manner. I'd like it to print out with a header for the category followed by a list of ads in that category. I'm not sure how to code it though. Any help would be appreciated. Below is a snippet from the XML file: test Food Test 1 testpage1.pdf test Home Improvement Test 2 testpage2.pdf test Services Test 3 testpage3.pdf Thanks, Tim Boyden --------------------------- Timothy Boyden Network Administrator tboyden at supercoups.com SuperCoupsR | 350 Revolutionary Drive | E. Taunton, MA 02718 508-977-2034 | www.supercoups.com --------------------------- Local Coupons. Super Savings.R From TBoyden at SUPERCOUPS.com Tue Apr 11 15:24:09 2006 From: TBoyden at SUPERCOUPS.com (Tim Boyden) Date: Tue, 11 Apr 2006 15:24:09 -0400 Subject: [nycphp-talk] PHP4 Array/XML sorting question Message-ID: Peter, Thanks so much for the XSL examples, that definitely puts me going in the right direction I think. I was narrowly stuck on a PHP coded solution and forgot all about XSL and XSLTs. It's been awhile but I'll brush up on that. Again Thanks! Tim Boyden --------------------------- Timothy Boyden Network Administrator tboyden at supercoups.com SuperCoups(r) | 350 Revolutionary Drive | E. Taunton, MA 02718 508-977-2034 | www.supercoups.com --------------------------- Local Coupons. Super Savings.(r) -------------- next part -------------- An HTML attachment was scrubbed... URL: From chsnyder at gmail.com Tue Apr 11 15:43:04 2006 From: chsnyder at gmail.com (csnyder) Date: Tue, 11 Apr 2006 15:43:04 -0400 Subject: [nycphp-talk] PHP IDE (Mac) In-Reply-To: References: <443BE876.9030609@juxtadigital.com> Message-ID: On 4/11/06, tedd wrote: > > > I have Zend IDE Professional as well, but I seldom use it. > > > >Why? too much IDE? I'm contemplating a purchase as my trial is about > >to expire and I've loved it so far. Just wondered. > > Maybe it's too much for me. > > I started out hard coding everything in a text editor and running it > on my host -- if I remember correctly, some time ago, the IDE will > run on the host IF something was installed and it wasn't -- and I > could get the host to do anything, so I gave up. > > Maybe I should review it again. But, what I want is something that > doesn't run on my machine, but rather something that I can see in > real time on the net instead of preview in browser. > If the host is local (a server on your LAN) you can use VNC/Remote Desktop/X-Windows to edit remotely. At work I use Cygwin's free X Server for Windows to control a remote copy of the ide on my workstation. But there's nothing easy about setting that up if you don't know what you're doing already. A better approach for remote servers is to use WebDAV or some network filesystem so that you can work on the remote files as if they were local. I've been experimenting with Samba over SSH, which could be great except that there are no off-the-shelf apps that do it (to my knowledge). From lists at jack-scott.com Tue Apr 11 16:19:26 2006 From: lists at jack-scott.com (Jack Scott) Date: Tue, 11 Apr 2006 16:19:26 -0400 Subject: [nycphp-talk] PHP IDE (Mac) In-Reply-To: References: <443BE876.9030609@juxtadigital.com> Message-ID: <1144786766.8183.30.camel@localhost> I used BBEdit on Mac and it was OK. Why don't you use pico, nano, vi, emacs, etc and edit remotely? On Tue, 2006-04-11 at 15:43 -0400, csnyder wrote: > A better approach for remote servers is to use WebDAV or some network > filesystem so that you can work on the remote files as if they were > local. I've been experimenting with Samba over SSH, which could be > great except that there are no off-the-shelf apps that do it (to my > knowledge). you will need sshfs installed on you system, but this is a safe and easy way to mount remote file systems over ssh. http://fuse.sourceforge.net/sshfs.html If you want to automate the mount using fstab, you will need to set up key authentication so a password is not needed. Once that is set up you can run: mount -t sshfs user at host /mnt/myfiles FYI -- If you plan on mounting a Server 2003 share using samba, you will need CIFS support either built in to your kernel or as a module. -------------- next part -------------- An HTML attachment was scrubbed... URL: From IAlsoAgree at stny.rr.com Wed Apr 12 01:33:10 2006 From: IAlsoAgree at stny.rr.com (IAlsoAgree at stny.rr.com) Date: Wed, 12 Apr 2006 01:33:10 -0400 Subject: [nycphp-talk] Problem With Making Cookies Message-ID: I have a script that creates a cookie. The text for the cookie is created like this (I previously used implode and got the exact same problem I'm about to describe): $cookiedata = $infoarray[0].'#'.$infoarray[1].'#'.$infoarray[2]; However, when I actually check the data inside the cookie, it's saved not with pound signs in between the data, but instead with %23. I've tried using commas, new line characters, hyphen, and all of them return some kind of % character, usually %2C. Is there something I'm not doing correctly? PHP.net says to use implode and a character as the glue, but it doesn't matter what character I choose for the glue, it always gets changed into a % character (I've only tried characters that are pratical, letters and numbers will not be pratical for me as glue) and I can't retrieve the data. What can I do? -Joe From subson at gmail.com Wed Apr 12 01:51:20 2006 From: subson at gmail.com (Subson Mittal) Date: Wed, 12 Apr 2006 11:21:20 +0530 Subject: [nycphp-talk] Problem With Making Cookies In-Reply-To: References: Message-ID: You can use "_" underscore character in place of other special characters like # and all it might be encoding them to ASCII values for Browser query string values. Thanks Subson Mittal Open Source Programmer On 4/12/06, IAlsoAgree at stny.rr.com wrote: > > I have a script that creates a cookie. The text for the cookie is > created like this (I previously used implode and got the exact same > problem I'm about to describe): > $cookiedata = $infoarray[0].'#'.$infoarray[1].'#'.$infoarray[2]; > > However, when I actually check the data inside the cookie, it's saved > not with pound signs in between the data, but instead with %23. I've > tried using commas, new line characters, hyphen, and all of them return > some kind of % character, usually %2C. Is there something I'm not doing > correctly? > > PHP.net says to use implode and a character as the glue, but it doesn't > matter what character I choose for the glue, it always gets changed into > a % character (I've only tried characters that are pratical, letters and > numbers will not be pratical for me as glue) and I can't retrieve the > data. > > What can I do? > > -Joe > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- Thanks Subson Mittal -------------- next part -------------- An HTML attachment was scrubbed... URL: From shiflett at php.net Wed Apr 12 07:35:49 2006 From: shiflett at php.net (Chris Shiflett) Date: Wed, 12 Apr 2006 07:35:49 -0400 Subject: [nycphp-talk] Problem With Making Cookies In-Reply-To: References: Message-ID: <443CE615.5030502@php.net> IAlsoAgree at stny.rr.com wrote: > $cookiedata = $infoarray[0].'#'.$infoarray[1].'#'.$infoarray[2]; You should definitely check out implode(). > However, when I actually check the data inside the cookie, it's > saved not with pound signs in between the data, but instead with > %23. That's something setcookie() does. You can use header() if you want to have precise control over your Set-Cookie header. Try this example: The headers I see are: Set-Cookie: foo=one#two#three Set-Cookie: bar=one%23two%23three Hope that helps. Chris From cliff at pinestream.com Wed Apr 12 09:41:32 2006 From: cliff at pinestream.com (Cliff Hirsch) Date: Wed, 12 Apr 2006 09:41:32 -0400 Subject: [nycphp-talk] Web Site Monitoring Message-ID: <002001c65e36$cf720980$0aa8a8c0@cliff> Ok, so this is a little off base -- not really php related. But I just stumbled on this company: http://www.alertbot.com/ for remote monitoring. Seems pretty cool. Is this old hat? Are there lots of companies that do this? Do you just perform the monitoring using your own servers? Thoughts? Suggestions? Cliff Hirsch _______________________________ Pinestream Communications, Inc. Publisher of Semiconductor Times & Telecom Trends Tel: 781.647.8800, Fax: 781.647.8825 http://www.pinestream.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From edwardpotter at gmail.com Wed Apr 12 09:48:05 2006 From: edwardpotter at gmail.com (edward potter) Date: Wed, 12 Apr 2006 09:48:05 -0400 Subject: [nycphp-talk] Web Site Monitoring In-Reply-To: <002001c65e36$cf720980$0aa8a8c0@cliff> References: <002001c65e36$cf720980$0aa8a8c0@cliff> Message-ID: I guess it's pretty easy to create montioring tools on your own, and probably perl has a zillion of them cooked up already (perl is great at that kind of thing). Here's a big list, lots of free tools. http://www.softwareqatest.com/qatweb1.html -ed On 4/12/06, Cliff Hirsch wrote: > > Ok, so this is a little off base -- not really php related. > > But I just stumbled on this company: http://www.alertbot.com/ for remote > monitoring. > > Seems pretty cool. Is this old hat? Are there lots of companies that do > this? Do you just perform the monitoring using your own servers? Thoughts? > Suggestions? > > > Cliff Hirsch > _______________________________ > Pinestream Communications, Inc. > Publisher of Semiconductor Times & Telecom Trends > Tel: 781.647.8800, Fax: 781.647.8825 > http://www.pinestream.com > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > From ps at pswebcode.com Wed Apr 12 10:41:20 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Wed, 12 Apr 2006 10:41:20 -0400 Subject: [nycphp-talk] Web Site Monitoring In-Reply-To: <002001c65e36$cf720980$0aa8a8c0@cliff> Message-ID: <001a01c65e3f$2a4567a0$68e4a144@Rubicon> http://www.keynote.com Warmest regards, Peter Sawczynec, Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management ps at pswebcode.com 718.796.1951 www.pswebcode.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Cliff Hirsch Sent: Wednesday, April 12, 2006 9:42 AM To: talk at lists.nyphp.org Subject: [nycphp-talk] Web Site Monitoring Ok, so this is a little off base -- not really php related. But I just stumbled on this company: http://www.alertbot.com/ for remote monitoring. Seems pretty cool. Is this old hat? Are there lots of companies that do this? Do you just perform the monitoring using your own servers? Thoughts? Suggestions? Cliff Hirsch _______________________________ Pinestream Communications, Inc. Publisher of Semiconductor Times & Telecom Trends Tel: 781.647.8800, Fax: 781.647.8825 http://www.pinestream.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From IAlsoAgree at stny.rr.com Wed Apr 12 12:43:49 2006 From: IAlsoAgree at stny.rr.com (IAlsoAgree at stny.rr.com) Date: Wed, 12 Apr 2006 12:43:49 -0400 Subject: [nycphp-talk] Problem With Making Cookies In-Reply-To: <443CE615.5030502@php.net> References: <443CE615.5030502@php.net> Message-ID: Actually, I had been using implode as stated. On another note, _ worked although I continued to have a lot of trouble. While I could extract information from the cookie, my script seemed to be refusing to use it until I noticed that I had done a test on part of the cookie which should be (and infact was) 1, checking to see if it was not equal to 1 using !=. Apparently, even though it was evaluating 1 != 1 it was getting "true." Setting it to 1 == 1 now returns false. I'm not sure why, but at least it works properly now. Thanks, -Joe ----- Original Message ----- From: Chris Shiflett Date: Wednesday, April 12, 2006 7:35 am Subject: Re: [nycphp-talk] Problem With Making Cookies To: NYPHP Talk > IAlsoAgree at stny.rr.com wrote: > > $cookiedata = $infoarray[0].'#'.$infoarray[1].'#'.$infoarray[2]; > > You should definitely check out implode(). > > > However, when I actually check the data inside the cookie, it's > > saved not with pound signs in between the data, but instead with > > %23. > > That's something setcookie() does. You can use header() if you want > to > have precise control over your Set-Cookie header. Try this example: > > > > $info = array(); > $info[] = 'one'; > $info[] = 'two'; > $info[] = 'three'; > > > $cookie = implode('#', $info); > > > header("Set-Cookie: foo=$cookie"); > setcookie('bar', $cookie); > > > ?> > > The headers I see are: > > Set-Cookie: foo=one#two#three > Set-Cookie: bar=one%23two%23three > > Hope that helps. > > Chris > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From 1j0lkq002 at sneakemail.com Wed Apr 12 14:58:29 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Wed, 12 Apr 2006 11:58:29 -0700 Subject: [nycphp-talk] Web Site Monitoring In-Reply-To: <002001c65e36$cf720980$0aa8a8c0@cliff> References: <002001c65e36$cf720980$0aa8a8c0@cliff> Message-ID: <16798-89191@sneakemail.com> Cliff Hirsch cliff-at-pinestream.com |nyphp dev/internal group use| wrote: > Ok, so this is a little off base -- not really php related. > > But I just stumbled on this company: http://www.alertbot.com/ for > remote monitoring. > > Seems pretty cool. Is this old hat? Are there lots of companies that > do this? Do you just perform the monitoring using your own servers? > Thoughts? Suggestions? > > Cliff Hirsch > _______________________________ > *Pinestream Communications, Inc.* > Publisher of /Semiconductor Times/ & /Telecom Trends/ > Tel: 781.647.8800, Fax: 781.647.8825 > http://www.pinestream.com > Used alertsite.com for years... -=john andrews http://www.seo-fun.com From IAlsoAgree at stny.rr.com Wed Apr 12 20:55:02 2006 From: IAlsoAgree at stny.rr.com (IAlsoAgree at stny.rr.com) Date: Wed, 12 Apr 2006 20:55:02 -0400 Subject: [nycphp-talk] PHP Error - Need Help Debugging Message-ID: I'm sure it's going to be something really obvious, but for now I just can't seem to figure out what it is. I'm getting the following error: Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING The line of code is: $checkreplies = "SELECT posts.postid, posts.subject, posts.body, posts.created, users.userid, users.username, users.aim, users.created, users.admin FROM posts, users WHERE posts.postid = \"$_GET[id]\" AND posts.userid = users.userid AND posts.replyto = $_GET[postid] LIMIT ".($pagecount-1)*10-1.", 10"; >From what I can gather, it sounds like I misused a double quote or misplaced a peroid. But looking at the code, I can't see where I did either wrong. Anyhelp would be appreciated. Thanks, -Joe From volcimaster at gmail.com Wed Apr 12 20:57:27 2006 From: volcimaster at gmail.com (Warren Myers) Date: Wed, 12 Apr 2006 20:57:27 -0400 Subject: [nycphp-talk] PHP Error - Need Help Debugging In-Reply-To: References: Message-ID: Doesn't SQl normally require single quotes aroung string comparison? like this: $q = "select * from sometable where column='$_GET['jerry']'" Warren On 4/12/06, IAlsoAgree at stny.rr.com wrote: > > I'm sure it's going to be something really obvious, but for now I just > can't seem to figure out what it is. > > I'm getting the following error: > Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING > > The line of code is: > $checkreplies = "SELECT posts.postid, posts.subject, posts.body, > posts.created, users.userid, users.username, users.aim, users.created, > users.admin FROM posts, users WHERE posts.postid = \"$_GET[id]\" AND > posts.userid = users.userid AND posts.replyto = $_GET[postid] LIMIT > ".($pagecount-1)*10-1.", 10"; > > >From what I can gather, it sounds like I misused a double quote or > misplaced a peroid. But looking at the code, I can't see where I did > either wrong. > > Anyhelp would be appreciated. > > Thanks, > -Joe > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- http://warrenmyers.com "God may not play dice with the universe, but something strange is going on with the prime numbers." --Paul Erd?s "It's not possible. We are the type of people who have everything in our favor going against us." --Ben Jarhvi, Short Circuit 2 -------------- next part -------------- An HTML attachment was scrubbed... URL: From IAlsoAgree at stny.rr.com Wed Apr 12 21:07:03 2006 From: IAlsoAgree at stny.rr.com (IAlsoAgree at stny.rr.com) Date: Wed, 12 Apr 2006 21:07:03 -0400 Subject: [nycphp-talk] PHP Error - Need Help Debugging In-Reply-To: References: Message-ID: Actually, I have no problems with using double quotes on the command line (and in PHP scripts) with MySQL. In addition, that would not return a PHP Parse error, it would return a MySQL error from the database (the code would actually run, a line from the database citing the error would be inserted in the middle of my HTML). ----- Original Message ----- From: Warren Myers Date: Wednesday, April 12, 2006 8:58 pm Subject: Re: [nycphp-talk] PHP Error - Need Help Debugging To: NYPHP Talk > Doesn't SQl normally require single quotes aroung string > comparison? like > this: > > $q = "select * from sometable where column='$_GET['jerry']'" > > > Warren > > > On 4/12/06, IAlsoAgree at stny.rr.com wrote: > > > > I'm sure it's going to be something really obvious, but for now I > just> can't seem to figure out what it is. > > > > I'm getting the following error: > > Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING > > > > The line of code is: > > $checkreplies = "SELECT posts.postid, posts.subject, posts.body, > > posts.created, users.userid, users.username, users.aim, > users.created,> users.admin FROM posts, users WHERE posts.postid = > \"$_GET[id]\" AND > > posts.userid = users.userid AND posts.replyto = $_GET[postid] LIMIT > > ".($pagecount-1)*10-1.", 10"; > > > > >From what I can gather, it sounds like I misused a double quote or > > misplaced a peroid. But looking at the code, I can't see where I did > > either wrong. > > > > Anyhelp would be appreciated. > > > > Thanks, > > -Joe > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > New York PHP Conference and Expo 2006 > > http://www.nyphpcon.com > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > > > > -- > http://warrenmyers.com > "God may not play dice with the universe, but something strange is > going on > with the prime numbers." --Paul Erd?s > "It's not possible. We are the type of people who have everything > in our > favor going against us." --Ben Jarhvi, Short Circuit 2 > From LeeEyerman at aol.com Wed Apr 12 21:14:06 2006 From: LeeEyerman at aol.com (LeeEyerman at aol.com) Date: Wed, 12 Apr 2006 21:14:06 EDT Subject: [nycphp-talk] PHP Error - Need Help Debugging Message-ID: <26a.95d0f89.316effde@aol.com> I'd also make sure that the variables are not returning something that is throwing off the SQL command - like adding an extra ' or ", etc. In a message dated 4/12/2006 8:58:00 PM Eastern Daylight Time, volcimaster at gmail.com writes: WHERE posts.postid = \"$_GET[id]\" AND posts.userid = users.userid AND posts.replyto = $_GET[postid] LIMIT ".($pagecount-1)*10-1.", 10"; -------------- next part -------------- An HTML attachment was scrubbed... URL: From edwardpotter at gmail.com Wed Apr 12 21:15:54 2006 From: edwardpotter at gmail.com (edward potter) Date: Wed, 12 Apr 2006 21:15:54 -0400 Subject: [nycphp-talk] PHP Error - Need Help Debugging In-Reply-To: References: Message-ID: I don't think I've every used double quotes in sql, and why not covert this to a variable value ahead of time? Looks a bit scarry. And then just stick that in. At least it makes it a bit easier to debug, and more readable. $id = $_GET[id]; $start = (($pagecount-1)*10)-1; etc. -ed :-) On 4/12/06, IAlsoAgree at stny.rr.com wrote: > I'm sure it's going to be something really obvious, but for now I just > can't seem to figure out what it is. > > I'm getting the following error: > Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING > > The line of code is: > $checkreplies = "SELECT posts.postid, posts.subject, posts.body, > posts.created, users.userid, users.username, users.aim, users.created, > users.admin FROM posts, users WHERE posts.postid = \"$_GET[id]\" AND > posts.userid = users.userid AND posts.replyto = $_GET[postid] LIMIT > ".($pagecount-1)*10-1.", 10"; > > >From what I can gather, it sounds like I misused a double quote or > misplaced a peroid. But looking at the code, I can't see where I did > either wrong. > > Anyhelp would be appreciated. > > Thanks, > -Joe > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From IAlsoAgree at stny.rr.com Wed Apr 12 21:21:38 2006 From: IAlsoAgree at stny.rr.com (IAlsoAgree at stny.rr.com) Date: Wed, 12 Apr 2006 21:21:38 -0400 Subject: [nycphp-talk] PHP Error - Need Help Debugging In-Reply-To: References: Message-ID: Adding your $start line fixed the problem. Once again, MySQL has no problem with double or single quotes. You can use them interchangably. I've done this both via PHP and on the command line and never had any problems with it. I still don't understand what I had done wrong in my previous code. What there would have returned that error, any ideas? Thanks, -Joe ----- Original Message ----- From: edward potter Date: Wednesday, April 12, 2006 9:16 pm Subject: Re: [nycphp-talk] PHP Error - Need Help Debugging To: NYPHP Talk > I don't think I've every used double quotes in sql, and why not covert > this to a variable value ahead of time? Looks a bit scarry. And then > just stick that in. At least it makes it a bit easier to debug, and > more readable. > > $id = $_GET[id]; > $start = (($pagecount-1)*10)-1; > > etc. > > -ed :-) > > On 4/12/06, IAlsoAgree at stny.rr.com wrote: > > I'm sure it's going to be something really obvious, but for now I > just> can't seem to figure out what it is. > > > > I'm getting the following error: > > Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING > > > > The line of code is: > > $checkreplies = "SELECT posts.postid, posts.subject, posts.body, > > posts.created, users.userid, users.username, users.aim, > users.created,> users.admin FROM posts, users WHERE posts.postid = > \"$_GET[id]\" AND > > posts.userid = users.userid AND posts.replyto = $_GET[postid] LIMIT > > ".($pagecount-1)*10-1.", 10"; > > > > >From what I can gather, it sounds like I misused a double quote or > > misplaced a peroid. But looking at the code, I can't see where I did > > either wrong. > > > > Anyhelp would be appreciated. > > > > Thanks, > > -Joe > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > New York PHP Conference and Expo 2006 > > http://www.nyphpcon.com > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From dirn at dirnonline.com Wed Apr 12 21:39:09 2006 From: dirn at dirnonline.com (Andy Dirnberger) Date: Wed, 12 Apr 2006 21:39:09 -0400 Subject: [nycphp-talk] PHP Error - Need Help Debugging In-Reply-To: Message-ID: <000f01c65e9b$0fcaab40$6301a8c0@dirnpc> To get your original code to work, the ($pagecount-1)*10-1 expression needs to be in parentheses: (($pagecount-1)*10-1) DiRN -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of IAlsoAgree at stny.rr.com Sent: Wednesday, April 12, 2006 9:22 PM To: NYPHP Talk Subject: Re: [nycphp-talk] PHP Error - Need Help Debugging Adding your $start line fixed the problem. Once again, MySQL has no problem with double or single quotes. You can use them interchangably. I've done this both via PHP and on the command line and never had any problems with it. I still don't understand what I had done wrong in my previous code. What there would have returned that error, any ideas? Thanks, -Joe ----- Original Message ----- From: edward potter Date: Wednesday, April 12, 2006 9:16 pm Subject: Re: [nycphp-talk] PHP Error - Need Help Debugging To: NYPHP Talk > I don't think I've every used double quotes in sql, and why not covert > this to a variable value ahead of time? Looks a bit scarry. And then > just stick that in. At least it makes it a bit easier to debug, and > more readable. > > $id = $_GET[id]; > $start = (($pagecount-1)*10)-1; > > etc. > > -ed :-) > > On 4/12/06, IAlsoAgree at stny.rr.com wrote: > > I'm sure it's going to be something really obvious, but for now I > just> can't seem to figure out what it is. > > > > I'm getting the following error: > > Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING > > > > The line of code is: > > $checkreplies = "SELECT posts.postid, posts.subject, posts.body, > > posts.created, users.userid, users.username, users.aim, > users.created,> users.admin FROM posts, users WHERE posts.postid = > \"$_GET[id]\" AND > > posts.userid = users.userid AND posts.replyto = $_GET[postid] LIMIT > > ".($pagecount-1)*10-1.", 10"; > > > > >From what I can gather, it sounds like I misused a double quote or > > misplaced a peroid. But looking at the code, I can't see where I did > > either wrong. > > > > Anyhelp would be appreciated. > > > > Thanks, > > -Joe > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > New York PHP Conference and Expo 2006 > > http://www.nyphpcon.com > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk New York PHP Conference and Expo 2006 http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From IAlsoAgree at stny.rr.com Wed Apr 12 21:49:24 2006 From: IAlsoAgree at stny.rr.com (IAlsoAgree at stny.rr.com) Date: Wed, 12 Apr 2006 21:49:24 -0400 Subject: [nycphp-talk] PHP Error - Need Help Debugging In-Reply-To: <000f01c65e9b$0fcaab40$6301a8c0@dirnpc> References: <000f01c65e9b$0fcaab40$6301a8c0@dirnpc> Message-ID: Actually, after I had given it a look I was begining to think that too. The 1 looked off right next to the peroid. Thanks for confirming that for me Andy. -Joe ----- Original Message ----- From: Andy Dirnberger Date: Wednesday, April 12, 2006 9:39 pm Subject: Re: [nycphp-talk] PHP Error - Need Help Debugging To: 'NYPHP Talk' > To get your original code to work, the ($pagecount-1)*10-1 > expression needs > to be in parentheses: (($pagecount-1)*10-1) > > DiRN > > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk- > bounces at lists.nyphp.org] On > Behalf Of IAlsoAgree at stny.rr.com > Sent: Wednesday, April 12, 2006 9:22 PM > To: NYPHP Talk > Subject: Re: [nycphp-talk] PHP Error - Need Help Debugging > > Adding your $start line fixed the problem. > > Once again, MySQL has no problem with double or single quotes. You can > use them interchangably. I've done this both via PHP and on the > commandline and never had any problems with it. > > I still don't understand what I had done wrong in my previous code. > Whatthere would have returned that error, any ideas? > > Thanks, > -Joe > > ----- Original Message ----- > From: edward potter > Date: Wednesday, April 12, 2006 9:16 pm > Subject: Re: [nycphp-talk] PHP Error - Need Help Debugging > To: NYPHP Talk > > > I don't think I've every used double quotes in sql, and why not > covert> this to a variable value ahead of time? Looks a bit scarry. > And then > > just stick that in. At least it makes it a bit easier to debug, and > > more readable. > > > > $id = $_GET[id]; > > $start = (($pagecount-1)*10)-1; > > > > etc. > > > > -ed :-) > > > > On 4/12/06, IAlsoAgree at stny.rr.com wrote: > > > I'm sure it's going to be something really obvious, but for now > I > > just> can't seem to figure out what it is. > > > > > > I'm getting the following error: > > > Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING > > > > > > The line of code is: > > > $checkreplies = "SELECT posts.postid, posts.subject, posts.body, > > > posts.created, users.userid, users.username, users.aim, > > users.created,> users.admin FROM posts, users WHERE posts.postid > = > > \"$_GET[id]\" AND > > > posts.userid = users.userid AND posts.replyto = $_GET[postid] > LIMIT> > ".($pagecount-1)*10-1.", 10"; > > > > > > >From what I can gather, it sounds like I misused a double > quote or > > > misplaced a peroid. But looking at the code, I can't see where > I did > > > either wrong. > > > > > > Anyhelp would be appreciated. > > > > > > Thanks, > > > -Joe > > > _______________________________________________ > > > New York PHP Community Talk Mailing List > > > http://lists.nyphp.org/mailman/listinfo/talk > > > New York PHP Conference and Expo 2006 > > > http://www.nyphpcon.com > > > Show Your Participation in New York PHP > > > http://www.nyphp.org/show_participation.php > > > > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > New York PHP Conference and Expo 2006 > > http://www.nyphpcon.com > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From andrew at plexpod.com Wed Apr 12 21:51:42 2006 From: andrew at plexpod.com (Andrew Yochum) Date: Wed, 12 Apr 2006 21:51:42 -0400 Subject: [nycphp-talk] PHP Error - Need Help Debugging In-Reply-To: References: <000f01c65e9b$0fcaab40$6301a8c0@dirnpc> Message-ID: <20060413015142.GJ14736@desario.homelinux.net> On Wed, Apr 12, 2006 at 09:49:24PM -0400, IAlsoAgree at stny.rr.com wrote: > Actually, after I had given it a look I was begining to think that too. > The 1 looked off right next to the peroid. > > Thanks for confirming that for me Andy. For reference, the PHP order of operations: http://www.php.net/manual/en/language.operators.php#language.operators.precedence + - and . operators are all equal, thus your problem. HTH, Andrew -- Andrew Yochum Plexpod andrew at plexpod.com 718-360-0879 From shiflett at php.net Wed Apr 12 22:53:48 2006 From: shiflett at php.net (Chris Shiflett) Date: Wed, 12 Apr 2006 22:53:48 -0400 Subject: [nycphp-talk] PHP Error - Need Help Debugging In-Reply-To: References: Message-ID: <443DBD3C.10508@php.net> IAlsoAgree at stny.rr.com wrote: > $checkreplies = "SELECT posts.postid, posts.subject, posts.body, > posts.created, users.userid, users.username, users.aim, users.created, > users.admin FROM posts, users WHERE posts.postid = \"$_GET[id]\" AND > posts.userid = users.userid AND posts.replyto = $_GET[postid] LIMIT > ".($pagecount-1)*10-1.", 10"; It sounds like you've fixed your immediate problem, but I'd like to stress the risk in letting a user modify your SQL query like this. Every time you use $_GET['id'] or $_GET['postid'], it's like handing over your keyboard to the user - you never know what he will type. Chris From IAlsoAgree at stny.rr.com Thu Apr 13 00:05:36 2006 From: IAlsoAgree at stny.rr.com (IAlsoAgree at stny.rr.com) Date: Thu, 13 Apr 2006 00:05:36 -0400 Subject: [nycphp-talk] PHP Error - Need Help Debugging In-Reply-To: <443DBD3C.10508@php.net> References: <443DBD3C.10508@php.net> Message-ID: Doesn't matter. I do tests on all the data for validity before I try to do anything with it. In this case, postid is checked against the database for a valid post id (that also isn't a response to a post) before ANY actions are taken. Same is done for the page number. The page number is checked to make sure there will actually be posts on that page before any action is taken. Thus, a user can type whatever he/she wants for either, a script will react appropriately. -Joe ----- Original Message ----- From: Chris Shiflett Date: Wednesday, April 12, 2006 10:53 pm Subject: Re: [nycphp-talk] PHP Error - Need Help Debugging To: NYPHP Talk > IAlsoAgree at stny.rr.com wrote: > > $checkreplies = "SELECT posts.postid, posts.subject, posts.body, > > posts.created, users.userid, users.username, users.aim, > users.created,> users.admin FROM posts, users WHERE posts.postid = > \"$_GET[id]\" AND > > posts.userid = users.userid AND posts.replyto = $_GET[postid] LIMIT > > ".($pagecount-1)*10-1.", 10"; > > It sounds like you've fixed your immediate problem, but I'd like to > stress the risk in letting a user modify your SQL query like this. > Every > time you use $_GET['id'] or $_GET['postid'], it's like handing over > your > keyboard to the user - you never know what he will type. > > Chris > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From dipeshjr at yahoo.com Thu Apr 13 00:07:06 2006 From: dipeshjr at yahoo.com (DIPESH RABADIYA) Date: Wed, 12 Apr 2006 21:07:06 -0700 (PDT) Subject: [nycphp-talk] PHP Error - Need Help Debugging In-Reply-To: Message-ID: <20060413040706.7817.qmail@web54002.mail.yahoo.com> Hi You can try with this too... $checkreplies = "SELECT posts.postid, posts.subject, posts.body, posts.created, users.userid, users.username, users.aim, users.created, users.admin FROM posts, users WHERE posts.postid ='".$_GET['id']."' AND posts.userid = users.userid AND posts.replyto ='".$_GET['postid']."' LIMIT ".($pagecount-1)*10-1.", 10"; IAlsoAgree at stny.rr.com wrote: I'm sure it's going to be something really obvious, but for now I just can't seem to figure out what it is. I'm getting the following error: Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING The line of code is: $checkreplies = "SELECT posts.postid, posts.subject, posts.body, posts.created, users.userid, users.username, users.aim, users.created, users.admin FROM posts, users WHERE posts.postid = \"$_GET[id]\" AND posts.userid = users.userid AND posts.replyto = $_GET[postid] LIMIT ".($pagecount-1)*10-1.", 10"; >From what I can gather, it sounds like I misused a double quote or misplaced a peroid. But looking at the code, I can't see where I did either wrong. Anyhelp would be appreciated. Thanks, -Joe _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk New York PHP Conference and Expo 2006 http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php --------------------------------- Love cheap thrills? Enjoy PC-to-Phone calls to 30+ countries for just 2?/min with Yahoo! Messenger with Voice. -------------- next part -------------- An HTML attachment was scrubbed... URL: From arzala at gmail.com Thu Apr 13 00:24:12 2006 From: arzala at gmail.com (Anirudh Zala) Date: Thu, 13 Apr 2006 09:54:12 +0530 Subject: [nycphp-talk] PHP Error - Need Help Debugging In-Reply-To: References: Message-ID: Yes, reason is pretty obvious that you have misused quotes as well your didn't close that mathematical expression with parenthesis that determines limit part of sql. I strongly recommend you to first learn how to write php statements with proper syntax. For that you must understand what is exact use of " and ' in writing any statement. " is used to evaluate any given php, in fact in most of programming languages, statement while ' used to take given statement or part of statement as it is. Same applies to mysql and most of databases as well. In your case you have used " everywhere even when it is not required at all. So in context of php, your statement could look like below. $checkreplies='SELECT posts.postid, posts.subject, posts.body, posts.created, users.userid, users.username, users.aim, users.created, users.admin FROM posts, users WHERE posts.postid='.$_GET['id'].' AND posts.userid=users.userid AND posts.replyto='.$_GET['postid'].' LIMIT '.(($pagecount - 1) * 10 - 1).',10'; Some other points to be kept in mind while using arrays is that you should always enclose keys of all array by necessary " or ' depending upon same rule mentioned above. So $_GET[id] should be $_GET['id'], otherwise if key "id" of this array is defined as constant somewhere in your script, GET array will use it's value as key and you will get different result than what you expect. And of course also try to consider tips given by Chris and Lee. I hope YouAlsoAgree at above suggestions. :) Thanks Anirudh Zala On Thu, 13 Apr 2006 06:25:02 +0530, wrote: > I'm sure it's going to be something really obvious, but for now I just > can't seem to figure out what it is. > > I'm getting the following error: > Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING > > The line of code is: > $checkreplies = "SELECT posts.postid, posts.subject, posts.body, > posts.created, users.userid, users.username, users.aim, users.created, > users.admin FROM posts, users WHERE posts.postid = \"$_GET[id]\" AND > posts.userid = users.userid AND posts.replyto = $_GET[postid] LIMIT > ".($pagecount-1)*10-1.", 10"; > >> From what I can gather, it sounds like I misused a double quote or > misplaced a peroid. But looking at the code, I can't see where I did > either wrong. > > Anyhelp would be appreciated. > > Thanks, > -Joe > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php -- ----------------------------------------------- Anirudh Zala (Project Manager) ASPL, http://www.aspl.in Ph: +91 281 245 1894 arzala at gmail.com ----------------------------------------------- From subscriptions at burakueda.com Thu Apr 13 00:29:17 2006 From: subscriptions at burakueda.com (subscriptions) Date: Thu, 13 Apr 2006 13:29:17 +0900 Subject: [nycphp-talk] PHP Error - Need Help Debugging In-Reply-To: References: Message-ID: <443DD39D.8070702@burakueda.com> You are trying to concatenate a numer with strings. Try this one: $checkreplies = "SELECT posts.postid, posts.subject, posts.body, posts.created, users.userid, users.username, users.aim, users.created, users.admin FROM posts, users WHERE posts.postid = '".$_GET["id"]."' AND posts.userid = users.userid AND posts.replyto = '".$_GET["postid"]."' LIMIT ".strval(($pagecount-1)*10-1).", 10"; Using strval() does the trick :D hope this helps... Burak IAlsoAgree at stny.rr.com wrote: > I'm sure it's going to be something really obvious, but for now I just > can't seem to figure out what it is. > > I'm getting the following error: > Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING > > The line of code is: > $checkreplies = "SELECT posts.postid, posts.subject, posts.body, > posts.created, users.userid, users.username, users.aim, users.created, > users.admin FROM posts, users WHERE posts.postid = \"$_GET[id]\" AND > posts.userid = users.userid AND posts.replyto = $_GET[postid] LIMIT > ".($pagecount-1)*10-1.", 10"; > > >From what I can gather, it sounds like I misused a double quote or > misplaced a peroid. But looking at the code, I can't see where I did > either wrong. > > Anyhelp would be appreciated. > > Thanks, > -Joe > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > From drydell at optonline.net Thu Apr 13 00:56:25 2006 From: drydell at optonline.net (drydell at optonline.net) Date: Thu, 13 Apr 2006 00:56:25 -0400 Subject: [nycphp-talk] PHP Error - Need Help Debugging In-Reply-To: References: Message-ID: the syntax error has to do with $_GET[id] and $_GET[postid]... WHERE posts.postid = \"{$_GET['id']}\" AND posts.userid = users.userid AND posts.replyto = {$_GET['postid']} would fix the syntax error > I'm getting the following error: > Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING > > The line of code is: > $checkreplies = "SELECT posts.postid, posts.subject, posts.body, > posts.created, users.userid, users.username, users.aim, users.created, > users.admin FROM posts, users WHERE posts.postid = \"$_GET[id]\" AND > posts.userid = users.userid AND posts.replyto = $_GET[postid] LIMIT > ".($pagecount-1)*10-1.", 10"; > > >From what I can gather, it sounds like I misused a double quote or > misplaced a peroid. But looking at the code, I can't see where I did > either wrong. > > Anyhelp would be appreciated. > > Thanks, > -Joe > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From tedd at sperling.com Thu Apr 13 10:23:12 2006 From: tedd at sperling.com (tedd) Date: Thu, 13 Apr 2006 10:23:12 -0400 Subject: [nycphp-talk] PHP Error - Need Help Debugging In-Reply-To: References: Message-ID: -Joe: >Once again, MySQL has no problem with double or single quotes. You can >use them interchangably. MySQL may not have any problems storing double or single quotes, but you can't always exchange them in a query and say the same thing. Double quoted strings are subject to variable substitution and escape sequence handling, while single quotes are not. tedd -- -------------------------------------------------------------------------------- http://sperling.com From linux_rocks1 at yahoo.com Thu Apr 13 11:58:36 2006 From: linux_rocks1 at yahoo.com (Linux Rocks) Date: Thu, 13 Apr 2006 08:58:36 -0700 (PDT) Subject: [nycphp-talk] print parsing confusion Message-ID: <20060413155836.37470.qmail@web35911.mail.mud.yahoo.com> Hello all: I am having a problem trying to get a text field get its name in a while loop like this expense_cat1, expense_cat2 ... etc. here's a snip of the code: while( $row = mysql_fetch_array( $category ) ) { echo( "" . $row['expenses_cat_desc'] . ""); } I pass this to another page and try to print it using $_POST['expense_cat1'] and is giving me an empty string. Now, I check phpinfo() and the variable name gets created as: $_POST['expense_cat1'] I don't know how I can get around this. What other function can I use to get this working correctly. Thank you in advanced for your help. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From dirn at dirnonline.com Thu Apr 13 12:02:49 2006 From: dirn at dirnonline.com (Andy Dirnberger) Date: Thu, 13 Apr 2006 12:02:49 -0400 Subject: [nycphp-talk] print parsing confusion In-Reply-To: <20060413155836.37470.qmail@web35911.mail.mud.yahoo.com> Message-ID: <004c01c65f13$b8015430$9a65a8c0@andyabs> You need to close the input tag. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Linux Rocks Sent: Thursday, April 13, 2006 11:59 AM To: NY PHP Subject: [nycphp-talk] print parsing confusion Hello all: I am having a problem trying to get a text field get its name in a while loop like this expense_cat1, expense_cat2 ... etc. here's a snip of the code: while( $row = mysql_fetch_array( $category ) ) { echo( "" . $row['expenses_cat_desc'] . ""); } I pass this to another page and try to print it using $_POST['expense_cat1'] and is giving me an empty string. Now, I check phpinfo() and the variable name gets created as: $_POST['expense_cat1'] I don't know how I can get around this. What other function can I use to get this working correctly. Thank you in advanced for your help. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk New York PHP Conference and Expo 2006 http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From yournway at gmail.com Thu Apr 13 12:08:09 2006 From: yournway at gmail.com (Alberto dos Santos) Date: Thu, 13 Apr 2006 17:08:09 +0100 Subject: [nycphp-talk] print parsing confusion In-Reply-To: <20060413155836.37470.qmail@web35911.mail.mud.yahoo.com> References: <20060413155836.37470.qmail@web35911.mail.mud.yahoo.com> Message-ID: You must set the value on the input. while( $row = mysql_fetch_array( $category ) ) { echo( "" .$row['expenses_cat_desc'] .""); } And learn your syntax too... On 13/04/06, Linux Rocks wrote: > > Hello all: > > I am having a problem trying to get a text field get > its name in a while loop like this expense_cat1, > expense_cat2 ... etc. here's a snip of the code: > > while( $row = mysql_fetch_array( $category ) ) > { > echo( "" . $row['expenses_cat_desc'] . > " $row['expenses_cat_number'] . (""); > > } > > I pass this to another page and try to print it using > $_POST['expense_cat1'] and is giving me an empty > string. > > Now, I check phpinfo() and the variable name gets > created as: > > $_POST['expense_cat1'] > > I don't know how I can get around this. What other > function can I use to get this working correctly. > > > Thank you in advanced for your help. > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- Alberto dos Santos Consultor em TI IT Consultant http://www.yournway.com A internet ? sua maneira. The Internet your own way. -------------- next part -------------- An HTML attachment was scrubbed... URL: From linux_rocks1 at yahoo.com Thu Apr 13 12:08:52 2006 From: linux_rocks1 at yahoo.com (Linux Rocks) Date: Thu, 13 Apr 2006 09:08:52 -0700 (PDT) Subject: [nycphp-talk] print parsing confusion In-Reply-To: <004c01c65f13$b8015430$9a65a8c0@andyabs> Message-ID: <20060413160852.91217.qmail@web35906.mail.mud.yahoo.com> Oops. Thanks a lot. --- Andy Dirnberger wrote: > You need to close the input tag. > > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org] On > Behalf Of Linux Rocks > Sent: Thursday, April 13, 2006 11:59 AM > To: NY PHP > Subject: [nycphp-talk] print parsing confusion > > Hello all: > > I am having a problem trying to get a text field get > its name in a while loop like this expense_cat1, > expense_cat2 ... etc. here's a snip of the code: > > while( $row = mysql_fetch_array( $category ) ) > { > echo( "" . $row['expenses_cat_desc'] . > " . > $row['expenses_cat_number'] . (""); > > } > > I pass this to another page and try to print it > using > $_POST['expense_cat1'] and is giving me an empty > string. > > Now, I check phpinfo() and the variable name gets > created as: > > $_POST['expense_cat1'] > > I don't know how I can get around this. What other > function can I use to get this working correctly. > > > Thank you in advanced for your help. > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam > protection around > http://mail.yahoo.com > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From scott at crisscott.com Thu Apr 13 12:17:30 2006 From: scott at crisscott.com (Scott Mattocks) Date: Thu, 13 Apr 2006 12:17:30 -0400 Subject: [nycphp-talk] print parsing confusion In-Reply-To: References: <20060413155836.37470.qmail@web35911.mail.mud.yahoo.com> Message-ID: <443E799A.60401@crisscott.com> Alberto dos Santos wrote: > You must set the value on the input. > > while( $row = mysql_fetch_array( $category ) ) > { > echo( > "" .$row['expenses_cat_desc'] ." name=expense_cat value=" . $row['expenses_cat_number'] . " />"); > } > > And learn your syntax too... And by that I am sure you meant to say, "Don't use parenthesis with echo" right? http://us2.php.net/manual/en/function.echo.php -- Scott Mattocks Author of the soon to be published: Pro PHP-GTK http://www.crisscott.com From sailer at bnl.gov Thu Apr 13 12:05:51 2006 From: sailer at bnl.gov (Tim Sailer) Date: Thu, 13 Apr 2006 12:05:51 -0400 Subject: [nycphp-talk] print parsing confusion In-Reply-To: <20060413155836.37470.qmail@web35911.mail.mud.yahoo.com> References: <20060413155836.37470.qmail@web35911.mail.mud.yahoo.com> Message-ID: <20060413160551.GA26461@bnl.gov> On Thu, Apr 13, 2006 at 08:58:36AM -0700, Linux Rocks wrote: > Hello all: > > I am having a problem trying to get a text field get > its name in a while loop like this expense_cat1, > expense_cat2 ... etc. here's a snip of the code: > > while( $row = mysql_fetch_array( $category ) ) > { > echo( "" . $row['expenses_cat_desc'] . > " $row['expenses_cat_number'] . (""); > > } > > I pass this to another page and try to print it using > $_POST['expense_cat1'] and is giving me an empty > string. > > Now, I check phpinfo() and the variable name gets > created as: > > $_POST['expense_cat1'] One, possibly two, problem(s). First, $row['expenses_cat_number'] . (""); ^ Where is this from? Looks like unmatched parens. Then, the immediate problem, the line should read like: $row['expenses_cat_number'] . ">"); You need to add the '>' to close the tag. Tim -- Tim Sailer Information and Special Technologies Program Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 From linux_rocks1 at yahoo.com Thu Apr 13 13:23:21 2006 From: linux_rocks1 at yahoo.com (Linux Rocks) Date: Thu, 13 Apr 2006 10:23:21 -0700 (PDT) Subject: [nycphp-talk] print parsing confusion In-Reply-To: <20060413160551.GA26461@bnl.gov> Message-ID: <20060413172321.42358.qmail@web35915.mail.mud.yahoo.com> --- Tim Sailer wrote: > On Thu, Apr 13, 2006 at 08:58:36AM -0700, Linux > Rocks wrote: > > Hello all: > > > > I am having a problem trying to get a text field > get > > its name in a while loop like this expense_cat1, > > expense_cat2 ... etc. here's a snip of the code: > > > > while( $row = mysql_fetch_array( $category ) ) > > { > > echo( "" . $row['expenses_cat_desc'] . > > " name=expense_cat" . > > $row['expenses_cat_number'] . (""); > > > > } > > > > I pass this to another page and try to print it > using > > $_POST['expense_cat1'] and is giving me an empty > > string. > > > > Now, I check phpinfo() and the variable name gets > > created as: > > > > $_POST['expense_cat1'] > > One, possibly two, problem(s). > > First, > $row['expenses_cat_number'] . (""); > ^ > Where is this from? Looks like unmatched parens. > Then, the immediate problem, the line should read > like: The parenthesis were not in the code. I added them because I had two echo statements I did a cut a paste and forgot to remove the parenthesis. Sorry if that threw someone off. The problem is solved by ending the input tag with >. Thanks a lot to those who replied. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From dcech at phpwerx.net Thu Apr 13 14:03:06 2006 From: dcech at phpwerx.net (Dan Cech) Date: Thu, 13 Apr 2006 14:03:06 -0400 Subject: [nycphp-talk] print parsing confusion In-Reply-To: <20060413172321.42358.qmail@web35915.mail.mud.yahoo.com> References: <20060413172321.42358.qmail@web35915.mail.mud.yahoo.com> Message-ID: <443E925A.9000501@phpwerx.net> Linux Rocks wrote: > > --- Tim Sailer wrote: > >> On Thu, Apr 13, 2006 at 08:58:36AM -0700, Linux >> Rocks wrote: >>> Hello all: >>> >>> I am having a problem trying to get a text field >> get >>> its name in a while loop like this expense_cat1, >>> expense_cat2 ... etc. here's a snip of the code: >>> >>> while( $row = mysql_fetch_array( $category ) ) >>> { >>> echo( "" . $row['expenses_cat_desc'] . >>> "> name=expense_cat" . >>> $row['expenses_cat_number'] . (""); >>> >>> } >>> >>> I pass this to another page and try to print it >> using >>> $_POST['expense_cat1'] and is giving me an empty >>> string. >>> >>> Now, I check phpinfo() and the variable name gets >>> created as: >>> >>> $_POST['expense_cat1'] >> One, possibly two, problem(s). >> >> First, >> $row['expenses_cat_number'] . (""); >> ^ >> Where is this from? Looks like unmatched parens. >> Then, the immediate problem, the line should read >> like: > > The parenthesis were not in the code. I added them > because I had two echo statements I did a cut a paste > and forgot to remove the parenthesis. Sorry if that > threw someone off. The problem is solved by ending the > input tag with >. Thanks a lot to those who replied. You should probably also check out this PHundamentals article: http://www.nyphp.org/phundamentals/storingretrieving.php You'll find some useful information there about properly escaping data. Dan From linux_rocks1 at yahoo.com Thu Apr 13 15:07:50 2006 From: linux_rocks1 at yahoo.com (Linux Rocks) Date: Thu, 13 Apr 2006 12:07:50 -0700 (PDT) Subject: [nycphp-talk] Passing Arrays Message-ID: <20060413190750.11527.qmail@web35903.mail.mud.yahoo.com> Hello again: I'm passing an array to a page and can't figure out how to access each row with $_POST['array_name']. How can I browse each row for ie: print array_name[1] print array_name[2] etc.... __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From kenrbnsn at rbnsn.com Thu Apr 13 15:16:15 2006 From: kenrbnsn at rbnsn.com (Ken Robinson) Date: Thu, 13 Apr 2006 15:16:15 -0400 Subject: [nycphp-talk] Passing Arrays In-Reply-To: <20060413190750.11527.qmail@web35903.mail.mud.yahoo.com> References: <20060413190750.11527.qmail@web35903.mail.mud.yahoo.com> Message-ID: <7.0.1.0.2.20060413151229.0552aca8@rbnsn.com> At 03:07 PM 4/13/2006, Linux Rocks wrote: >Hello again: > >I'm passing an array to a page and can't figure out >how to access each row with $_POST['array_name']. > >How can I browse each row for ie: > >print array_name[1] >print array_name[2] What do you mean by "passing am array to a page". Is there a form involved? If so please post the script that generates the form. Ken From the.wolfy at gmail.com Thu Apr 13 15:19:21 2006 From: the.wolfy at gmail.com (Wolfy) Date: Thu, 13 Apr 2006 16:19:21 -0300 Subject: [nycphp-talk] problems with zend studio Message-ID: hey guys, i?ve had install zend studio enterprise 5.1 on my linux. it?s running ok, but when i try to write some letters such as ? ? ?, it doesn?t work and shows me " [] " characters ". i have already change the encoding parameter to ISO-8859-1, but it didn?t work out. does anybody can help me? thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From enunez at tiaa-cref.org Thu Apr 13 15:25:21 2006 From: enunez at tiaa-cref.org (Nunez, Eddy) Date: Thu, 13 Apr 2006 15:25:21 -0400 Subject: [nycphp-talk] Passing Arrays Message-ID: <15781715614BCB43AB7083C37880D19C1E21F6@NYCPDMSXMB06.ad.tiaa-cref.org> If you're trying to get php to create an array from your a form field... a very common mistake is forgetting the brackets in the form field name. If you leave out the brackets, all you'll get is the last selected item/option, not all of them. e.g. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Ken Robinson Sent: Thursday, April 13, 2006 3:16 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Passing Arrays At 03:07 PM 4/13/2006, Linux Rocks wrote: >Hello again: > >I'm passing an array to a page and can't figure out >how to access each row with $_POST['array_name']. > >How can I browse each row for ie: > >print array_name[1] >print array_name[2] What do you mean by "passing am array to a page". Is there a form involved? If so please post the script that generates the form. Ken _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk New York PHP Conference and Expo 2006 http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php ************************************************************** This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, please contact sender immediately by reply e-mail and destroy all copies. You are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. TIAA-CREF ************************************************************** From linux_rocks1 at yahoo.com Thu Apr 13 15:25:47 2006 From: linux_rocks1 at yahoo.com (Linux Rocks) Date: Thu, 13 Apr 2006 12:25:47 -0700 (PDT) Subject: [nycphp-talk] Passing Arrays In-Reply-To: <7.0.1.0.2.20060413151229.0552aca8@rbnsn.com> Message-ID: <20060413192547.1806.qmail@web35909.mail.mud.yahoo.com> --- Ken Robinson wrote: > At 03:07 PM 4/13/2006, Linux Rocks wrote: > >Hello again: > > > >I'm passing an array to a page and can't figure out > >how to access each row with $_POST['array_name']. > > > >How can I browse each row for ie: > > > >print array_name[1] > >print array_name[2] > > What do you mean by "passing am array to a page". > > Is there a form involved? If so please post the > script that generates the form. Yes. There is a form involved. I found out the solution after searching for about an hour. This was enough: $_POST['array_name'][1] Thanks Mr. Robinson __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From linux_rocks1 at yahoo.com Thu Apr 13 15:26:27 2006 From: linux_rocks1 at yahoo.com (Linux Rocks) Date: Thu, 13 Apr 2006 12:26:27 -0700 (PDT) Subject: [nycphp-talk] Passing Arrays In-Reply-To: <15781715614BCB43AB7083C37880D19C1E21F6@NYCPDMSXMB06.ad.tiaa-cref.org> Message-ID: <20060413192627.18379.qmail@web35903.mail.mud.yahoo.com> Thanks Mr. Nunez as well. --- "Nunez, Eddy" wrote: > > If you're trying to get php to create an array from > your a form field... > a very common mistake is forgetting the brackets in > the form field name. > > If you leave out the brackets, all you'll get is the > last selected item/option, not all of them. > > e.g. > > > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of > Ken Robinson > Sent: Thursday, April 13, 2006 3:16 PM > To: NYPHP Talk > Subject: Re: [nycphp-talk] Passing Arrays > > > At 03:07 PM 4/13/2006, Linux Rocks wrote: > >Hello again: > > > >I'm passing an array to a page and can't figure out > >how to access each row with $_POST['array_name']. > > > >How can I browse each row for ie: > > > >print array_name[1] > >print array_name[2] > > What do you mean by "passing am array to a page". > > Is there a form involved? If so please post the > script that generates the form. > > Ken > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > ************************************************************** > This message, including any attachments, contains > confidential information intended for a specific > individual and purpose, and is protected by law. If > you are not the intended recipient, please contact > sender immediately by reply e-mail and destroy all > copies. You are hereby notified that any > disclosure, copying, or distribution of this > message, or the taking of any action based on it, is > strictly prohibited. > TIAA-CREF > ************************************************************** > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From yournway at gmail.com Thu Apr 13 16:05:33 2006 From: yournway at gmail.com (Alberto dos Santos) Date: Thu, 13 Apr 2006 21:05:33 +0100 Subject: [nycphp-talk] print parsing confusion In-Reply-To: <443E799A.60401@crisscott.com> References: <20060413155836.37470.qmail@web35911.mail.mud.yahoo.com> <443E799A.60401@crisscott.com> Message-ID: Hehe, Scott, I just removed what didn't work, didn't even think about the rest, you are right, of course. Cheers, On 13/04/06, Scott Mattocks wrote: > > Alberto dos Santos wrote: > > You must set the value on the input. > > > > while( $row = mysql_fetch_array( $category ) ) > > { > > echo( > > "" .$row['expenses_cat_desc'] ." > name=expense_cat value=" . $row['expenses_cat_number'] . " > />"); > > } > > > > And learn your syntax too... > > And by that I am sure you meant to say, "Don't use parenthesis with > echo" right? > http://us2.php.net/manual/en/function.echo.php > > -- > Scott Mattocks > Author of the soon to be published: Pro PHP-GTK > http://www.crisscott.com > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- Alberto dos Santos Consultor em TI IT Consultant http://www.yournway.com A internet ? sua maneira. The Internet your own way. -------------- next part -------------- An HTML attachment was scrubbed... URL: From tedd at sperling.com Thu Apr 13 16:24:35 2006 From: tedd at sperling.com (tedd) Date: Thu, 13 Apr 2006 16:24:35 -0400 Subject: [nycphp-talk] print parsing confusion In-Reply-To: References: <20060413155836.37470.qmail@web35911.mail.mud.yahoo.com> <443E799A.60401@crisscott.com> Message-ID: At 9:05 PM +0100 4/13/06, Alberto dos Santos wrote: >Hehe, Scott, I just removed what didn't work, didn't even think >about the rest, you are right, of course. Removing what doesn't work is OK, but the hard part is putting in things that do work. tedd -- -------------------------------------------------------------------------------- http://sperling.com From to_dngo at yahoo.com Thu Apr 13 16:27:30 2006 From: to_dngo at yahoo.com (David Ngo) Date: Thu, 13 Apr 2006 13:27:30 -0700 (PDT) Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: Message-ID: <20060413202730.81101.qmail@web34205.mail.mud.yahoo.com> Hi guys, I just moved to the NYC area and am looking at the market for PHP developers. What is a competitive salary in NYC for an object oriented PHP dev with 4 years of experience. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From tedd at sperling.com Thu Apr 13 16:38:16 2006 From: tedd at sperling.com (tedd) Date: Thu, 13 Apr 2006 16:38:16 -0400 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: <20060413202730.81101.qmail@web34205.mail.mud.yahoo.com> References: <20060413202730.81101.qmail@web34205.mail.mud.yahoo.com> Message-ID: At 1:27 PM -0700 4/13/06, David Ngo wrote: >Hi guys, I just moved to the NYC area and am looking >at the market for PHP developers. What is a >competitive salary in NYC for an object oriented PHP >dev with 4 years of experience. I recently saw a part time php programming position offered on guru for 4-5 hours per day and it paid $300 per month (no lie). tedd -- -------------------------------------------------------------------------------- http://sperling.com From edwardpotter at gmail.com Thu Apr 13 16:39:09 2006 From: edwardpotter at gmail.com (edward potter) Date: Thu, 13 Apr 2006 16:39:09 -0400 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: <20060413202730.81101.qmail@web34205.mail.mud.yahoo.com> References: <20060413202730.81101.qmail@web34205.mail.mud.yahoo.com> Message-ID: Well! A good question for sure, I just moved to upstate New York from NYC. I'm paying less rent for a great 1 bedroom with river view then Bangalore, and I've been doing PHP things almost 8 years. Soooooo.... pricing is hard. Really depends on your expectations. Working for yourself is BRUTAL, but you get the benefits. A rough range? $35 - $75 per hour. BUT I really think per project pricing is the way to go. The hourly thing generally limits you. After you spend 10 hours on a bug, it's hard to charge the client for bug fixes on your part or homework you have to do. They are usually not too happy about that. I'm sure you'll get some interesting answers from the list. -ed :-) On 4/13/06, David Ngo wrote: > Hi guys, I just moved to the NYC area and am looking > at the market for PHP developers. What is a > competitive salary in NYC for an object oriented PHP > dev with 4 years of experience. > > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From chsnyder at gmail.com Thu Apr 13 18:05:47 2006 From: chsnyder at gmail.com (csnyder) Date: Thu, 13 Apr 2006 18:05:47 -0400 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: References: <20060413202730.81101.qmail@web34205.mail.mud.yahoo.com> Message-ID: On 4/13/06, tedd wrote: > I recently saw a part time php programming position offered on guru > for 4-5 hours per day and it paid $300 per month (no lie). That sounds perfect for a guru. The trick with a job like that is to do everything they want in 1 hour, and spend the rest of the time moonlighting on better-paying gigs. David, ask for $100/hr, but accept $80,000 a year. Good luck, and welcome to NYC. From rolan at omnistep.com Thu Apr 13 22:05:11 2006 From: rolan at omnistep.com (Rolan Yang) Date: Thu, 13 Apr 2006 22:05:11 -0400 Subject: [nycphp-talk] Problem With Making Cookies In-Reply-To: References: Message-ID: <443F0357.1080000@omnistep.com> If you are just looking to store arbitrary data in the cookie, you might want to serialize() the array before storing it. That should take care of any conflicting delimiter issues. ~Rolan IAlsoAgree at stny.rr.com wrote: > I have a script that creates a cookie. The text for the cookie is > created like this (I previously used implode and got the exact same > problem I'm about to describe): > $cookiedata = $infoarray[0].'#'.$infoarray[1].'#'.$infoarray[2]; > > However, when I actually check the data inside the cookie, it's saved > not with pound signs in between the data, but instead with %23. I've > tried using commas, new line characters, hyphen, and all of them return > some kind of % character, usually %2C. Is there something I'm not doing > correctly? > > PHP.net says to use implode and a character as the glue, but it doesn't > matter what character I choose for the glue, it always gets changed into > a % character (I've only tried characters that are pratical, letters and > numbers will not be pratical for me as glue) and I can't retrieve the data. > > What can I do? > > -Joe > > From rolan at omnistep.com Thu Apr 13 22:24:18 2006 From: rolan at omnistep.com (Rolan Yang) Date: Thu, 13 Apr 2006 22:24:18 -0400 Subject: [nycphp-talk] PHP Error - Need Help Debugging In-Reply-To: References: Message-ID: <443F07D2.9090009@omnistep.com> Heh, I am surprised it took that many responses to arrive at the correct answer. Adding to Chris' comment about sql security, If your query used to validate the id and postid are formatted in the same manner (including {$_GET['id']} in the query), someone could inject a query into yours... Something disasterous might be if the hacker manually posted with an $id value "1; DELETE * FROM USERS; select * from posts,users where 1=1" To be safe, I try to keep all my id's as integers and do something like: $id=intval($_GET['id']); ~Rolan drydell at optonline.net wrote: > the syntax error has to do with $_GET[id] and $_GET[postid]... > > WHERE posts.postid = \"{$_GET['id']}\" AND posts.userid = users.userid AND posts.replyto = {$_GET['postid']} would fix the syntax error > > >> I'm getting the following error: >> Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING >> >> The line of code is: >> $checkreplies = "SELECT posts.postid, posts.subject, posts.body, >> posts.created, users.userid, users.username, users.aim, users.created, >> users.admin FROM posts, users WHERE posts.postid = \"$_GET[id]\" AND >> posts.userid = users.userid AND posts.replyto = $_GET[postid] LIMIT >> ".($pagecount-1)*10-1.", 10"; > From andrew at plexpod.com Thu Apr 13 22:31:55 2006 From: andrew at plexpod.com (Andrew Yochum) Date: Thu, 13 Apr 2006 22:31:55 -0400 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: References: <20060413202730.81101.qmail@web34205.mail.mud.yahoo.com> Message-ID: <20060414023155.GC10871@desario.homelinux.net> On Thu, Apr 13, 2006 at 06:05:47PM -0400, csnyder wrote: > On 4/13/06, tedd wrote: > > I recently saw a part time php programming position offered on guru > > for 4-5 hours per day and it paid $300 per month (no lie). > > That sounds perfect for a guru. The trick with a job like that is to > do everything they want in 1 hour, and spend the rest of the time > moonlighting on better-paying gigs. Not sure what Chris is smoking, but $300 per month isn't even enough for 1 hour per day, IMO! > David, ask for $100/hr, but accept $80,000 a year. I concur. Depending on level of expertise and skillset, I'd say rock bottom is $70k, on up to $120k or more per year. > Good luck, and welcome to NYC. The monthly NYPHP meetings are a great place to network and have a good time. Good luck David. Regards, Andrew -- Andrew Yochum Plexpod andrew at plexpod.com 718-360-0879 From 1j0lkq002 at sneakemail.com Thu Apr 13 23:13:54 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Thu, 13 Apr 2006 20:13:54 -0700 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: References: <20060413202730.81101.qmail@web34205.mail.mud.yahoo.com> Message-ID: <10074-87682@sneakemail.com> csnyder chsnyder-at-gmail.com |nyphp dev/internal group use| wrote: >On 4/13/06, tedd wrote: > > >>I recently saw a part time php programming position offered on guru >>for 4-5 hours per day and it paid $300 per month (no lie). >> >> > >That sounds perfect for a guru. The trick with a job like that is to >do everything they want in 1 hour, and spend the rest of the time >moonlighting on better-paying gigs. > >David, ask for $100/hr, but accept $80,000 a year. > >Good luck, and welcome to NYC. > ? Umm... are you saying the profit is in the cheat, Chris? From edwardpotter at gmail.com Thu Apr 13 23:19:18 2006 From: edwardpotter at gmail.com (edward potter) Date: Thu, 13 Apr 2006 23:19:18 -0400 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: <20060414023155.GC10871@desario.homelinux.net> References: <20060413202730.81101.qmail@web34205.mail.mud.yahoo.com> <20060414023155.GC10871@desario.homelinux.net> Message-ID: This is where I have an amazing advatage by living out of NYC. This Summer, for $850 a month I can get a great 1 bedroom, a car (with insurance), and a months worth of food, with lots left over. Of course I have to go to Canada for Sushi! (Ok, add taxes, etc, but still a heck of a bargain!). Movie night? $3.50. Just saw V for Vendeta, but I'll have to wait till I get to NYC to see the new Bjork film, that for sure will not make it up here. But hey, Netflix, FedEx and Paypal can save the day. It is very, very rural here (20 mins from the Canadian border). However we have 4 - 5 mbs wireless connections everywhere. 2 years ago there was nothing I'm told. http://www.google.com/maps?f=q&hl=en&q=100+market+street,+potdam,+new+york+13676&ll=45.660127,-74.838867&spn=5.313602,17.841797 And I'm sure I can match a $75K - $120,000K a year NYC programmer with portfolio and skills. Diving into Ajax/JSON now! :-) ed On 4/13/06, Andrew Yochum wrote: > On Thu, Apr 13, 2006 at 06:05:47PM -0400, csnyder wrote: > > On 4/13/06, tedd wrote: > > > I recently saw a part time php programming position offered on guru > > > for 4-5 hours per day and it paid $300 per month (no lie). > > > > That sounds perfect for a guru. The trick with a job like that is to > > do everything they want in 1 hour, and spend the rest of the time > > moonlighting on better-paying gigs. > > Not sure what Chris is smoking, but $300 per month isn't even enough for > 1 hour per day, IMO! > > > David, ask for $100/hr, but accept $80,000 a year. > > I concur. Depending on level of expertise and skillset, I'd say rock > bottom is $70k, on up to $120k or more per year. > > > Good luck, and welcome to NYC. > > The monthly NYPHP meetings are a great place to network and have a good > time. Good luck David. > > Regards, > Andrew > -- > Andrew Yochum > Plexpod > andrew at plexpod.com > 718-360-0879 > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From IAlsoAgree at stny.rr.com Thu Apr 13 23:38:46 2006 From: IAlsoAgree at stny.rr.com (IAlsoAgree at stny.rr.com) Date: Thu, 13 Apr 2006 23:38:46 -0400 Subject: [nycphp-talk] PHP Error - Need Help Debugging In-Reply-To: References: Message-ID: Incorrect. "I strongly recommend you to first learn how to write php statements with proper syntax. For that you must understand what is exact use of " and ' in writing any statement." -Anirudh Zala This seems a tad insulting for no apparent reason. My choice of using double quotes may not be neccessary, but makes the code a LOT easier to read and easier to write. So $_GET[id] should be $_GET['id'] I'd suggest that you "learn how to write php statements with proper syntax" before telling me to do so. For those that don't already know: when you use double quotes in PHP, you CAN'T include the single quotes for an array unless you put the array in brackets. Check http://www.php.net/ for further details on including arrays in double quotes. Thus, inside of double quotes, you need to do it as I have done (or as {$_GET['id']}). The problem was my code was lacking a pair of outer quotation marks around the entire mathmatical operation. I used a different method to get rid of the ".expression." I was having, but it still worked. Thanks anyway though, -Joe ----- Original Message ----- From: drydell at optonline.net Date: Thursday, April 13, 2006 0:57 am Subject: Re: [nycphp-talk] PHP Error - Need Help Debugging To: NYPHP Talk > the syntax error has to do with $_GET[id] and $_GET[postid]... > > WHERE posts.postid = \"{$_GET['id']}\" AND posts.userid = > users.userid AND posts.replyto = {$_GET['postid']} would fix the > syntax error > > > I'm getting the following error: > > Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING > > > > The line of code is: > > $checkreplies = "SELECT posts.postid, posts.subject, posts.body, > > posts.created, users.userid, users.username, users.aim, > users.created,> users.admin FROM posts, users WHERE posts.postid = > \"$_GET[id]\" AND > > posts.userid = users.userid AND posts.replyto = $_GET[postid] LIMIT > > ".($pagecount-1)*10-1.", 10"; > > > > >From what I can gather, it sounds like I misused a double quote or > > misplaced a peroid. But looking at the code, I can't see where I did > > either wrong. > > > > Anyhelp would be appreciated. > > > > Thanks, > > -Joe > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > New York PHP Conference and Expo 2006 > > http://www.nyphpcon.com > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From arzala at gmail.com Fri Apr 14 00:04:06 2006 From: arzala at gmail.com (Anirudh Zala) Date: Fri, 14 Apr 2006 09:34:06 +0530 Subject: [nycphp-talk] problems with zend studio In-Reply-To: References: Message-ID: Don't know about Zend studio but we had similar problem in Quanta editor, after changing encoding to "cp 1252" it started working properly, you may try this if it is available in Zend editor. Also try to copy paste those letters from any material or website to check whether it is problem with key board or not, because sometimes som european language characters have problems with key board. Thanks, Anirudh Zala On Fri, 14 Apr 2006 00:49:21 +0530, Wolfy wrote: > hey guys, > > i?ve had install zend studio enterprise 5.1 on my linux. it?s running ok, > but when i try to write some letters such as ? ? ?, it doesn?t work and > shows me " [] " characters ". > > i have already change the encoding parameter to ISO-8859-1, but it didn?t > work out. > > does anybody can help me? > > > thanks -- ----------------------------------------------- Anirudh Zala (Project Manager) ASPL, http://www.aspl.in Ph: +91 281 245 1894 arzala at gmail.com ----------------------------------------------- From to_dngo at yahoo.com Fri Apr 14 00:14:18 2006 From: to_dngo at yahoo.com (David Ngo) Date: Thu, 13 Apr 2006 21:14:18 -0700 (PDT) Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: Message-ID: <20060414041418.76435.qmail@web34213.mail.mud.yahoo.com> If all you care about is having a cheap standard of living and still being in a good job market, you should try Denver, where I just moved from. For $760 a month I have a 900sq ft luxury 2 bedroom. Food and insurance are cheap too, thats all relative to NYC. --- edward potter wrote: > This is where I have an amazing advatage by living > out of NYC. > > This Summer, for $850 a month I can get a great 1 > bedroom, a car (with > insurance), and a months worth of food, with lots > left over. Of > course I have to go to Canada for Sushi! (Ok, add > taxes, etc, but > still a heck of a bargain!). > > Movie night? $3.50. Just saw V for Vendeta, but > I'll have to wait > till I get to NYC to see the new Bjork film, that > for sure will not > make it up here. But hey, Netflix, FedEx and Paypal > can save the day. > > It is very, very rural here (20 mins from the > Canadian border). > However we have 4 - 5 mbs wireless connections > everywhere. 2 years ago > there was nothing I'm told. > > http://www.google.com/maps?f=q&hl=en&q=100+market+street,+potdam,+new+york+13676&ll=45.660127,-74.838867&spn=5.313602,17.841797 > > And I'm sure I can match a $75K - $120,000K a year > NYC programmer > with portfolio and skills. Diving into Ajax/JSON > now! > > :-) ed > > On 4/13/06, Andrew Yochum > wrote: > > On Thu, Apr 13, 2006 at 06:05:47PM -0400, csnyder > wrote: > > > On 4/13/06, tedd wrote: > > > > I recently saw a part time php programming > position offered on guru > > > > for 4-5 hours per day and it paid $300 per > month (no lie). > > > > > > That sounds perfect for a guru. The trick with a > job like that is to > > > do everything they want in 1 hour, and spend the > rest of the time > > > moonlighting on better-paying gigs. > > > > Not sure what Chris is smoking, but $300 per month > isn't even enough for > > 1 hour per day, IMO! > > > > > David, ask for $100/hr, but accept $80,000 a > year. > > > > I concur. Depending on level of expertise and > skillset, I'd say rock > > bottom is $70k, on up to $120k or more per year. > > > > > Good luck, and welcome to NYC. > > > > The monthly NYPHP meetings are a great place to > network and have a good > > time. Good luck David. > > > > Regards, > > Andrew > > -- > > Andrew Yochum > > Plexpod > > andrew at plexpod.com > > 718-360-0879 > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > New York PHP Conference and Expo 2006 > > http://www.nyphpcon.com > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From 1j0lkq002 at sneakemail.com Fri Apr 14 02:49:09 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Thu, 13 Apr 2006 23:49:09 -0700 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: <20060414041418.76435.qmail@web34213.mail.mud.yahoo.com> References: <20060414041418.76435.qmail@web34213.mail.mud.yahoo.com> Message-ID: <29640-77623@sneakemail.com> David Ngo to_dngo-at-yahoo.com |nyphp dev/internal group use| wrote: >If all you care about is having a cheap standard of >living and still being in a good job market, you >should try Denver, where I just moved from. For $760 a >month I have a 900sq ft luxury 2 bedroom. Food and >insurance are cheap too, thats all relative to NYC. > > Ah but that I25 traffic around the DTC is worse than Bergen County NJ on a Saturday! And it's that way every single day! (I teach competitive webmastering in DTC area...Lone Tree is the best desert development I've seen outside of Vegas!) -=john andrews http://www.seo-fun.com From tim_lists at o2group.com Fri Apr 14 04:01:42 2006 From: tim_lists at o2group.com (Tim Lieberman) Date: Fri, 14 Apr 2006 01:01:42 -0700 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: <29640-77623@sneakemail.com> References: <20060414041418.76435.qmail@web34213.mail.mud.yahoo.com> <29640-77623@sneakemail.com> Message-ID: <443F56E6.5060700@o2group.com> inforequest wrote: >David Ngo to_dngo-at-yahoo.com |nyphp dev/internal group use| wrote: > > > >>If all you care about is having a cheap standard of >>living and still being in a good job market, you >>should try Denver, where I just moved from. For $760 a >>month I have a 900sq ft luxury 2 bedroom. Food and >>insurance are cheap too, thats all relative to NYC. >> >> >> >> >Ah but that I25 traffic around the DTC is worse than Bergen County NJ on >a Saturday! And it's that way every single day! >(I teach competitive webmastering in DTC area...Lone Tree is the best >desert development I've seen outside of Vegas!) > > Bah. Do like I do: Pay too much to live in boulder, but work from home most of the time. Drive a beater because you don't need commute. Walk to the trailhead when you need to get the blood flowing. It takes a pretty important meeting to get me south of LoDo on 25. -Tim From codebowl at gmail.com Fri Apr 14 08:09:46 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Fri, 14 Apr 2006 08:09:46 -0400 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: References: <20060413202730.81101.qmail@web34205.mail.mud.yahoo.com> Message-ID: <8d9a42800604140509s1be4c442g91421345fcfa40e1@mail.gmail.com> i saw this too and it's pathetic that they would offer those peanuts. On 4/13/06, tedd wrote: > > At 1:27 PM -0700 4/13/06, David Ngo wrote: > >Hi guys, I just moved to the NYC area and am looking > >at the market for PHP developers. What is a > >competitive salary in NYC for an object oriented PHP > >dev with 4 years of experience. > > > I recently saw a part time php programming position offered on guru > for 4-5 hours per day and it paid $300 per month (no lie). > > tedd > -- > > -------------------------------------------------------------------------------- > http://sperling.com > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From codebowl at gmail.com Fri Apr 14 08:12:36 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Fri, 14 Apr 2006 08:12:36 -0400 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: References: <20060413202730.81101.qmail@web34205.mail.mud.yahoo.com> <20060414023155.GC10871@desario.homelinux.net> Message-ID: <8d9a42800604140512p4be9e397y53e6ae16f93a81f7@mail.gmail.com> Also look at what potsdam is... a college town :) Party Central :) -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From dmintz at davidmintz.org Fri Apr 14 09:11:09 2006 From: dmintz at davidmintz.org (David Mintz) Date: Fri, 14 Apr 2006 09:11:09 -0400 (EDT) Subject: [nycphp-talk] problems with zend studio In-Reply-To: References: Message-ID: On Thu, 13 Apr 2006, Wolfy wrote: > i?ve had install zend studio enterprise 5.1 on my linux. it?s running ok, > but when i try to write some letters such as ? ? ?, it doesn?t work and > shows me " [] " characters ". > > i have already change the encoding parameter to ISO-8859-1, but it didn?t > work out. I don't think there is any relief available. I went back and forth with Zend tech support on this a while ago. They say it's Java's fault. (I'm paraphrasing, but essentially that's my understanding.) --- David Mintz http://davidmintz.org/ Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. From tedd at sperling.com Fri Apr 14 11:36:51 2006 From: tedd at sperling.com (tedd) Date: Fri, 14 Apr 2006 11:36:51 -0400 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: <20060414023155.GC10871@desario.homelinux.net> References: <20060413202730.81101.qmail@web34205.mail.mud.yahoo.com> <20060414023155.GC10871@desario.homelinux.net> Message-ID: >I concur. Depending on level of expertise and skillset, I'd say rock >bottom is $70k, on up to $120k or more per year. I'd give my left nut for $70k per year. Last year I was actually considering work from Indian (no lie). If anyone wants to farm any of that out, please let me know. tedd -- -------------------------------------------------------------------------------- http://sperling.com From danielc at analysisandsolutions.com Fri Apr 14 11:58:00 2006 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Fri, 14 Apr 2006 11:58:00 -0400 Subject: [nycphp-talk] print parsing confusion In-Reply-To: <20060413155836.37470.qmail@web35911.mail.mud.yahoo.com> References: <20060413155836.37470.qmail@web35911.mail.mud.yahoo.com> Message-ID: <20060414155759.GA24400@panix.com> Hi, uh, whatever your name is: On Thu, Apr 13, 2006 at 08:58:36AM -0700, Linux Rocks wrote: > > while( $row = mysql_fetch_array( $category ) ) > { > echo( "" . $row['expenses_cat_desc'] . > " $row['expenses_cat_number'] . (""); > > } Your coding style and security practices are abysmal. You need to quote the HTML attribute values and escape the database output: while($row = mysql_fetch_array($category)) { echo '' . htmlspecialchars($row['expenses_cat_desc']) . '' . "\n"; } Yours pedantically, --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From cliff at pinestream.com Fri Apr 14 11:59:54 2006 From: cliff at pinestream.com (Cliff Hirsch) Date: Fri, 14 Apr 2006 11:59:54 -0400 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: Message-ID: <005101c65fdc$78954490$0aa8a8c0@cliff> If I may interject -- without anyone throwing spears my way. I think the big question isn't "what is the going rate", it's what is your value proposition and what do you want to be when you grow up. Pro baseball player and astronaut do not count. As someone who has been on this group for about a year, had a fine time at the Zend conference, hired a 15 year old programmer, coded a lot myself and enjoy being way to geeky if allowed, tried a few flakey freelancers, looked at very capable, but expensive Yankees, and finally settled on that evil word -- offshore, STOP focusing on price. You will never, ever be able to compete on price. Do you want to be a laborer or the master of your destiny? Focus on value. And simply FOCUS. Look at Chris Shiflett. I actually have no idea how or if he makes a decent living, but I would bet he is not offering his services for $500 to build Mama's Awesome yoyo website. By focusing on security, he has separated himself from the pack. I have looked at hundreds of designers and programmers over the past year. Here's the story: 50% are musicians, artists and security guards that can amazingly program too. 45% are unfocused programmers that will do what the customer wants. Want me to make you a web site -- sure? Want me to whip you up a pizza -- I can do that too. Than there's the 5% that know what their strength is. No...I'm not a graphic designer. No...I don't do Cold fusion. Etc. I have even seen guys that ONLY focus on CSS. If I were trying to make a living programming, I would try to find a single area where I can be that expert -- and command a price based upon value, not time. Remember, there is no bar exam, no medical license, no pilot's license (and medical test which I failed), etc. for programming and to quote a popular book -- the world is flat. Ok, I'll stop acting like my father and yoda and will now put on my body armor... Cliff -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of tedd Sent: Friday, April 14, 2006 11:37 AM To: NYPHP Talk Subject: Re: [nycphp-talk] Whats a Competitive Salary for PHP Dev >I concur. Depending on level of expertise and skillset, I'd say rock >bottom is $70k, on up to $120k or more per year. I'd give my left nut for $70k per year. Last year I was actually considering work from Indian (no lie). If anyone wants to farm any of that out, please let me know. tedd -- ------------------------------------------------------------------------ -------- http://sperling.com _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk New York PHP Conference and Expo 2006 http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From mitch.pirtle at gmail.com Fri Apr 14 12:05:23 2006 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Fri, 14 Apr 2006 12:05:23 -0400 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: <005101c65fdc$78954490$0aa8a8c0@cliff> References: <005101c65fdc$78954490$0aa8a8c0@cliff> Message-ID: <330532b60604140905udfdaf5byb47434fcac0ba51@mail.gmail.com> On 4/14/06, Cliff Hirsch wrote: > If I may interject -- without anyone throwing spears my way. *spacemonkey smiles, rests hand on big red button > If I were trying to make a living programming, I would try to find a > single area where I can be that expert -- and command a price based upon > value, not time. Excellent comments - however I'd just like to add that when you choose an area for specialization, you do not become dependent upon vertical technologies. In the webspace at least, trends come and go at a frightening pace, so being an AJAX specialist may net you lots of bootie right now and then land you on the bench, permanently, when the next big thing comes along. -- Mitch Pirtle Joomla! Core Developer Open Source Matters From brian at vermonster.com Fri Apr 14 12:17:36 2006 From: brian at vermonster.com (Brian Kaney) Date: Fri, 14 Apr 2006 12:17:36 -0400 Subject: [nycphp-talk] print parsing confusion In-Reply-To: <20060414155759.GA24400@panix.com> References: <20060413155836.37470.qmail@web35911.mail.mud.yahoo.com> <20060414155759.GA24400@panix.com> Message-ID: <443FCB20.4000403@vermonster.com> Daniel Convissor wrote: > Hi, uh, whatever your name is: > > On Thu, Apr 13, 2006 at 08:58:36AM -0700, Linux Rocks wrote: > >>while( $row = mysql_fetch_array( $category ) ) >>{ >> echo( "" . $row['expenses_cat_desc'] . >> ">$row['expenses_cat_number'] . (""); >> >>} > > > Your coding style and security practices are abysmal. You need to > quote the HTML attribute values and escape the database output: > > while($row = mysql_fetch_array($category)) { > echo '' . htmlspecialchars($row['expenses_cat_desc']) > . '' . "\n"; > } > > And the markup is not really semanticly sound. I hate mixing markup with code, but you may want to consider: while($row = mysql_fetch_array($category)) { echo '' . '' . "\n"; } Or even using a definition list, if you want to be super accessible: echo '
'; while($row = mysql_fetch_array($category)) { echo '
' . '
' . "\n"; } echo '
'; -- Brian Kaney [ brian at vermonster.com ] Vermonster LLC. [ http://www.vermonster.com ] 312 Stuart St. 2nd Fl. Boston, MA 02116 US Direct: +1 617 960-3554 Mobile: +1 617 312-0826 From tedd at sperling.com Fri Apr 14 12:29:06 2006 From: tedd at sperling.com (tedd) Date: Fri, 14 Apr 2006 12:29:06 -0400 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: <005101c65fdc$78954490$0aa8a8c0@cliff> References: <005101c65fdc$78954490$0aa8a8c0@cliff> Message-ID: Cliff >If I may interject -- without anyone throwing spears my way. No, your opinion has as much value as anyone else's. However, your opinion is based upon your experiences and those may be limited as compared to others. >If I were trying to make a living programming, I would try to find a >single area where I can be that expert -- and command a price based upon >value, not time. That's nice in theory, but not that easy in practice. You might be a world authority on one specific topic, but if no one is interested, then you're out of luck (been there, done that -- and that's another topic). But opportunity (excluding health) is what is most important. Most of us (my past self included) often take opportunity for granted -- we think it will always be around, but that's not true. And one day you may find yourself without opportunity and then will be willing to settle for just about anything, while holding your breath waiting for a better opportunity. However, holding your breath has it's limits. So, putting on my "father-yoda" suit, I say take every opportunity afforded you because this too will pass. tedd --- >Ok, I'll stop acting like my father and yoda and will now put on my body >armor... > >Cliff > >-----Original Message----- >From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] >On Behalf Of tedd >Sent: Friday, April 14, 2006 11:37 AM >To: NYPHP Talk >Subject: Re: [nycphp-talk] Whats a Competitive Salary for PHP Dev > > >>I concur. Depending on level of expertise and skillset, I'd say rock >>bottom is $70k, on up to $120k or more per year. > >I'd give my left nut for $70k per year. Last year I was actually >considering work from Indian (no lie). > >If anyone wants to farm any of that out, please let me know. > >tedd > >-- >------------------------------------------------------------------------ >-------- >http://sperling.com _______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk >New York PHP Conference and Expo 2006 >http://www.nyphpcon.com >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php > >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk >New York PHP Conference and Expo 2006 >http://www.nyphpcon.com >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php -- -------------------------------------------------------------------------------- http://sperling.com From tedd at sperling.com Fri Apr 14 12:29:32 2006 From: tedd at sperling.com (tedd) Date: Fri, 14 Apr 2006 12:29:32 -0400 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: <8d9a42800604140509s1be4c442g91421345fcfa40e1@mail.gmail.com> References: <20060413202730.81101.qmail@web34205.mail.mud.yahoo.com> <8d9a42800604140509s1be4c442g91421345fcfa40e1@mail.gmail.com> Message-ID: >i saw this too and it's pathetic that they would offer those peanuts. Not only that, but I've seen numerous times on guru.com where potential employers have a long list of requirements, but won't pay over $10 per hour. Over the last 60+ guru.com prospects I've submitted (where I took the time and personally addressed the clients needs in the proposal) I've had three reply: One, I spent another couple of hours of my time trying to convince him that the problem actually had a solution; One, I sent several emails asking about funding his grandiose idea, but no support of funding was forthcoming; And the last, I had an interview for $50 per hour where, after driving an hour (which is not easy for me), no one even attended the interview -- and this was not a small company. Outside of guru.com, which has only cost me money, I don't even want to address the problems I've encountered in trying to find work. In short, I've had terrible luck in finding work. However, programming is what I like, and like the starving artist, I'll continue practicing my craft and perhaps after I'm dead, it will be worth something. :-) tedd -- -------------------------------------------------------------------------------- http://sperling.com From tedd at sperling.com Fri Apr 14 12:32:44 2006 From: tedd at sperling.com (tedd) Date: Fri, 14 Apr 2006 12:32:44 -0400 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: <330532b60604140905udfdaf5byb47434fcac0ba51@mail.gmail.com> References: <005101c65fdc$78954490$0aa8a8c0@cliff> <330532b60604140905udfdaf5byb47434fcac0ba51@mail.gmail.com> Message-ID: >On 4/14/06, Cliff Hirsch wrote: >> If I may interject -- without anyone throwing spears my way. > >*spacemonkey smiles, rests hand on big red button > >> If I were trying to make a living programming, I would try to find a >> single area where I can be that expert -- and command a price based upon >> value, not time. > >Excellent comments - however I'd just like to add that when you choose >an area for specialization, you do not become dependent upon vertical >technologies. In the webspace at least, trends come and go at a >frightening pace, so being an AJAX specialist may net you lots of >bootie right now and then land you on the bench, permanently, when the >next big thing comes along. > >-- >Mitch Pirtle More excellent comments. I picked an area of specialization and found myself on the bench -- so, I can speak to the truth of that observation. tedd -- -------------------------------------------------------------------------------- http://sperling.com From cliff at pinestream.com Fri Apr 14 12:43:03 2006 From: cliff at pinestream.com (Cliff Hirsch) Date: Fri, 14 Apr 2006 12:43:03 -0400 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: Message-ID: <005a01c65fe2$7fde4ac0$0aa8a8c0@cliff> Mitch has some great thoughts. So think UI, security, DB, etc. functionality, not technology. I think guru.com and elance are ridiculous ways to generate business. Let's think about this -- auctioning off your services... I just hired a writer for $8/hour. Seriously... To draw a parallel to the semiconductor space, RF design specialists are in really, really hot demand. RF will never, ever go away. It is not a technology, it is a market arena. But that poor semiconductor guy that focused on emitter coupled logic isn't looking too happy -- that is unless he shifted with the market and realized his expertise wasn't actually ECL -- it was high speed design and hey guess what, that's kind of like RF isn't it or that 3GHz processor that is fabricated in CMOS but has the same exact design challenges as that 20 year old ECL process. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of tedd Sent: Friday, April 14, 2006 12:33 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Whats a Competitive Salary for PHP Dev >On 4/14/06, Cliff Hirsch wrote: >> If I may interject -- without anyone throwing spears my way. > >*spacemonkey smiles, rests hand on big red button > >> If I were trying to make a living programming, I would try to find a >> single area where I can be that expert -- and command a price based >> upon value, not time. > >Excellent comments - however I'd just like to add that when you choose >an area for specialization, you do not become dependent upon vertical >technologies. In the webspace at least, trends come and go at a >frightening pace, so being an AJAX specialist may net you lots of >bootie right now and then land you on the bench, permanently, when the >next big thing comes along. > >-- >Mitch Pirtle More excellent comments. I picked an area of specialization and found myself on the bench -- so, I can speak to the truth of that observation. tedd -- ------------------------------------------------------------------------ -------- http://sperling.com _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk New York PHP Conference and Expo 2006 http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From edwardpotter at gmail.com Fri Apr 14 13:01:34 2006 From: edwardpotter at gmail.com (edward potter) Date: Fri, 14 Apr 2006 13:01:34 -0400 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: <005a01c65fe2$7fde4ac0$0aa8a8c0@cliff> References: <005a01c65fe2$7fde4ac0$0aa8a8c0@cliff> Message-ID: I was thinking of applying to grad school next year. Check out this program description (MS/PHd), I really don't think this type of work is going to be "outsourced" to Bangalore, at least not for a few years! ed :-) UCSB http://www.mat.ucsb.edu/matHtml/index.php MAT research interests include: transarchitectures and worldmaking, virtual and mixed realities, intelligent space and interactive/transactive installations, electronic and generative music synthesis, multi-channel spatialized sound, human-computer interaction, motion-capture and distributed sensing, digital signal processing, wireless broadband, algorithmic morphogenesis, digital sculpture and robotics, and more. On 4/14/06, Cliff Hirsch wrote: > Mitch has some great thoughts. So think UI, security, DB, etc. > functionality, not technology. I think guru.com and elance are > ridiculous ways to generate business. Let's think about this -- > auctioning off your services... I just hired a writer for $8/hour. > Seriously... > From tedd at sperling.com Fri Apr 14 13:18:07 2006 From: tedd at sperling.com (tedd) Date: Fri, 14 Apr 2006 13:18:07 -0400 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: References: <005a01c65fe2$7fde4ac0$0aa8a8c0@cliff> Message-ID: At 1:01 PM -0400 4/14/06, edward potter wrote: >I was thinking of applying to grad school next year. Check out this >program description (MS/PHd), I really don't think this type of work >is going to be "outsourced" to Bangalore, at least not for a few >years! > >ed :-) > >UCSB >http://www.mat.ucsb.edu/matHtml/index.php ed: Yeah, provided that the government stays out of the medical biz -- you might be home free. But if it does, you might find yourself in a life-long cubical with your greatest joy in waiting for retirement. However, if I had it to do again, that's exactly where I would focus my education. But, I'm seldom right. tedd -- -------------------------------------------------------------------------------- http://sperling.com From patterson at computer.org Fri Apr 14 13:28:51 2006 From: patterson at computer.org (Bill Patterson) Date: Fri, 14 Apr 2006 13:28:51 -0400 Subject: [nycphp-talk] naked header In-Reply-To: <20060414155759.GA24400@panix.com> References: <20060413155836.37470.qmail@web35911.mail.mud.yahoo.com> <20060414155759.GA24400@panix.com> Message-ID: <443FDBD3.4070405@computer.org> I'm trying to find a way to, from PHP, see the entire string that is being sent by the client to the server, especially the header. There are many ways to see things IN the header, but I am looking for a way to see the WHOLE string. Any ideas? Bill Patterson From codebowl at gmail.com Fri Apr 14 13:44:47 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Fri, 14 Apr 2006 13:44:47 -0400 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: References: <005a01c65fe2$7fde4ac0$0aa8a8c0@cliff> Message-ID: <8d9a42800604141044j2b676aeds54142a4be7818460@mail.gmail.com> I have to pipe in here and say something about guru.com... maybe you guys are not using the system properly, i have been a member for 4 months and brought in a lot of cash, i have jumped to rank #12 so far and going to be at #9 on the next update. I am not sure what you are doign wrong :) Who know's most of that is from one client also so it may be that i just got lucky? I love guru and will say your ranking and your professionalism will get you far (as long as your knowledge and proficiency are there also) -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From tedd at sperling.com Fri Apr 14 13:51:27 2006 From: tedd at sperling.com (tedd) Date: Fri, 14 Apr 2006 13:51:27 -0400 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: <8d9a42800604141044j2b676aeds54142a4be7818460@mail.gmail.com> References: <005a01c65fe2$7fde4ac0$0aa8a8c0@cliff> <8d9a42800604141044j2b676aeds54142a4be7818460@mail.gmail.com> Message-ID: >I have to pipe in here and say something about guru.com... maybe >you guys are not using the system properly, i have been a member for >4 months and brought in a lot of cash, i have jumped to rank #12 so >far and going to be at #9 on the next update. I am not sure what you >are doign wrong :) Who know's most of that is from one client also >so it may be that i just got lucky? Perhaps. >I love guru and will say your ranking and your professionalism will >get you far (as long as your knowledge and proficiency are there >also) Well maybe that's where I'm going wrong. tedd -- -------------------------------------------------------------------------------- http://sperling.com From 1j0lkq002 at sneakemail.com Fri Apr 14 14:22:13 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Fri, 14 Apr 2006 11:22:13 -0700 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: <330532b60604140905udfdaf5byb47434fcac0ba51@mail.gmail.com> References: <005101c65fdc$78954490$0aa8a8c0@cliff> <330532b60604140905udfdaf5byb47434fcac0ba51@mail.gmail.com> Message-ID: <8399-05240@sneakemail.com> Mitch Pirtle mitch.pirtle-at-gmail.com |nyphp dev/internal group use| wrote: >On 4/14/06, Cliff Hirsch wrote: > > >>If I may interject -- without anyone throwing spears my way. >> >> > >*spacemonkey smiles, rests hand on big red button > > > >>If I were trying to make a living programming, I would try to find a >>single area where I can be that expert -- and command a price based upon >>value, not time. >> >> > >Excellent comments - however I'd just like to add that when you choose >an area for specialization, you do not become dependent upon vertical >technologies. In the webspace at least, trends come and go at a >frightening pace, so being an AJAX specialist may net you lots of >bootie right now and then land you on the bench, permanently, when the >next big thing comes along. > > Good thing you need TWO keys and authorization signed by the President before you can hit that big red button, monkey ;-) As for "when the next big thing comes along" well now that should never happen, should it? The Next Big Thing is already out there somewhere picking up steam. Best not keep your head in the cubicle all day long. From codebowl at gmail.com Fri Apr 14 14:28:08 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Fri, 14 Apr 2006 14:28:08 -0400 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: References: <005a01c65fe2$7fde4ac0$0aa8a8c0@cliff> <8d9a42800604141044j2b676aeds54142a4be7818460@mail.gmail.com> Message-ID: <8d9a42800604141128p2b2d76b9oad09a2a04ea16ae0@mail.gmail.com> Tedd, Please note that the professionalism etc was not directed toward you i was just stating that if you have the expertise and professionalism you will go furthur. -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From dmintz at davidmintz.org Fri Apr 14 14:38:42 2006 From: dmintz at davidmintz.org (David Mintz) Date: Fri, 14 Apr 2006 14:38:42 -0400 (EDT) Subject: [nycphp-talk] print parsing confusion In-Reply-To: <443FCB20.4000403@vermonster.com> References: <20060413155836.37470.qmail@web35911.mail.mud.yahoo.com> <20060414155759.GA24400@panix.com> <443FCB20.4000403@vermonster.com> Message-ID: On Fri, 14 Apr 2006, Brian Kaney wrote: > And the markup is not really semanticly sound. I hate mixing markup > with code, but you may want to consider: > > while($row = mysql_fetch_array($category)) { > echo '' > . '' . "\n"; > } > > > Or even using a definition list, if you want to be super accessible: >[...] It's all an eyesore to me. Not to start a religious debate, but this is almost an argument for things like Smarty {section loop=$rows name=i} {$rows[i].expenses_cat_number|escape} {$rows[i].expenses_cat_desc|escape} {/section} or perhaps an argument for dropping into good old HTML mode interpersed with the "friendly" PHP syntax while($row = mysql_fetch_array($category)) : ?> --- David Mintz http://davidmintz.org/ Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. From dmintz at davidmintz.org Fri Apr 14 14:44:09 2006 From: dmintz at davidmintz.org (David Mintz) Date: Fri, 14 Apr 2006 14:44:09 -0400 (EDT) Subject: [nycphp-talk] print parsing confusion In-Reply-To: References: <20060413155836.37470.qmail@web35911.mail.mud.yahoo.com> <20060414155759.GA24400@panix.com> <443FCB20.4000403@vermonster.com> Message-ID: On Fri, 14 Apr 2006, David Mintz wrote: > while($row = mysql_fetch_array($category)) : ?> > > > > > Oops forgot to close the parens --- David Mintz http://davidmintz.org/ Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. From cliff at pinestream.com Fri Apr 14 14:47:44 2006 From: cliff at pinestream.com (Cliff Hirsch) Date: Fri, 14 Apr 2006 14:47:44 -0400 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: <8d9a42800604141128p2b2d76b9oad09a2a04ea16ae0@mail.gmail.com> Message-ID: <001001c65ff3$eaffc480$0aa8a8c0@cliff> On that note -- and this isn't directed ay anybody. To me guru or elance is a launching point. When I went through several recent searches, I was generally shocked at the low quality of many service provider web sites. Shabby, broken links, unimpressive portfolios, etc. This is your Billboard!!! I know some say, "I'm too busy" or "I have too much work." But if you don't -- show off. When I see bad web sites, I think that either you don't know what you are doing or you don't care. Show me a great web site, a thoughtful blog, a wicked cool -- as we say in Boston -- feature, and I think, "wow, this person is good, this person is passionate about what he/she does. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Joseph Crawford Sent: Friday, April 14, 2006 2:28 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Whats a Competitive Salary for PHP Dev Tedd, Please note that the professionalism etc was not directed toward you i was just stating that if you have the expertise and professionalism you will go furthur. -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From craig at juxtadigital.com Fri Apr 14 14:50:51 2006 From: craig at juxtadigital.com (Craig Thomas) Date: Fri, 14 Apr 2006 14:50:51 -0400 Subject: [nycphp-talk] naked header In-Reply-To: <443FDBD3.4070405@computer.org> References: <20060413155836.37470.qmail@web35911.mail.mud.yahoo.com> <20060414155759.GA24400@panix.com> <443FDBD3.4070405@computer.org> Message-ID: <20060414145051.768dee10.craig@juxtadigital.com> On Fri, 14 Apr 2006 13:28:51 -0400 Bill Patterson wrote: > I'm trying to find a way to, from PHP, see the entire string that is > being sent by the client to the server, especially the header. There > are many ways to see things IN the header, but I am looking for a way to > see the WHOLE string. Any ideas? I know of a couple [built in] ways to see the headers, not sure about the whole request. one if you are using PHP 5: and one if you are using PHP >= 4.3.0 : $value) { echo "$header: $value
\n"; } ?> HTH, -- Craig From patterson at computer.org Fri Apr 14 14:57:52 2006 From: patterson at computer.org (Bill Patterson) Date: Fri, 14 Apr 2006 14:57:52 -0400 Subject: [nycphp-talk] naked header In-Reply-To: <20060414145051.768dee10.craig@juxtadigital.com> References: <20060413155836.37470.qmail@web35911.mail.mud.yahoo.com> <20060414155759.GA24400@panix.com> <443FDBD3.4070405@computer.org> <20060414145051.768dee10.craig@juxtadigital.com> Message-ID: <443FF0B0.5070205@computer.org> Thanks, but unfortunately, they only show some of the information. I'm looking for the whole string, as you said. Bill Craig Thomas wrote: >On Fri, 14 Apr 2006 13:28:51 -0400 >Bill Patterson wrote: > > > >>I'm trying to find a way to, from PHP, see the entire string that is >>being sent by the client to the server, especially the header. There >>are many ways to see things IN the header, but I am looking for a way to >>see the WHOLE string. Any ideas? >> >> > > >I know of a couple [built in] ways to see the headers, not sure about the whole request. > >one if you are using PHP 5: > >headers_list(); >?> > >and one if you are using PHP >= 4.3.0 : > >$headers = apache_request_headers(); > >foreach ($headers as $header => $value) { > echo "$header: $value
\n"; >} >?> > > >HTH, > >-- >Craig >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk >New York PHP Conference and Expo 2006 >http://www.nyphpcon.com >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php > > > > From tedd at sperling.com Fri Apr 14 16:59:06 2006 From: tedd at sperling.com (tedd) Date: Fri, 14 Apr 2006 16:59:06 -0400 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: <8d9a42800604141128p2b2d76b9oad09a2a04ea16ae0@mail.gmail.com> References: <005a01c65fe2$7fde4ac0$0aa8a8c0@cliff> <8d9a42800604141044j2b676aeds54142a4be7818460@mail.gmail.com> <8d9a42800604141128p2b2d76b9oad09a2a04ea16ae0@mail.gmail.com> Message-ID: >Tedd, > >Please note that the professionalism etc was not directed toward you >i was just stating that if you have the expertise and >professionalism you will go furthur. > >-- >Joseph Crawford Jr. Oh, no offense taken -- but in truth, I'm not the sharpest crayon in the box either. I only get things done because I'm persistent. tedd -- -------------------------------------------------------------------------------- http://sperling.com From tedd at sperling.com Fri Apr 14 17:28:18 2006 From: tedd at sperling.com (tedd) Date: Fri, 14 Apr 2006 17:28:18 -0400 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: <001001c65ff3$eaffc480$0aa8a8c0@cliff> References: <001001c65ff3$eaffc480$0aa8a8c0@cliff> Message-ID: >Show me a great web site, a thoughtful blog, a wicked cool -- as we >say in Boston -- feature, and I think, "wow, this person is good, >this person is passionate about what he/she does. I know what you mean. But, a web site may not be a good indicator of the persons abilities. For example, besides this list (and others) I also attend the css-discuss list, where they have css experts who have web sites that don't validate while they preach compliance. When confronted with "If you care about compliance issues, then why doesn't your site validate?" They respond with "Compliance is a goal and not a requirement" -- whatever that means. Like the Old Indian in Outlaw Josey Wales -- the politicians kept telling him "We admire your persistence in your commitment to persevere" -- I don't understand what the hell they're telling me. In any event, I think that web sites are not a good tool for measuring ability -- even with those proficient in css. It probably best to look at their work product. As for me, my site is not great, but it's not bad, it validates, meets disability issues, and has a good ranking -- so, I think it works in the ways I think are important. But as far as sending any business my way as as result of "wow, this person is good", nah -- that hasn't happened. tedd -- -------------------------------------------------------------------------------- http://sperling.com From evdo.hsdpa at gmail.com Fri Apr 14 17:51:33 2006 From: evdo.hsdpa at gmail.com (Robert Kim Wireless Internet Advisor) Date: Fri, 14 Apr 2006 14:51:33 -0700 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: References: <001001c65ff3$eaffc480$0aa8a8c0@cliff> Message-ID: <1ec620e90604141451o7e6d92fbjedf8df563900d031@mail.gmail.com> In the end it comes down to what you can sell your services for. On 4/14/06, tedd wrote: > >Show me a great web site, a thoughtful blog, a wicked cool -- as we > >say in Boston -- feature, and I think, "wow, this person is good, > >this person is passionate about what he/she does. > > I know what you mean. But, a web site may not be a good indicator of > the persons abilities. > > For example, besides this list (and others) I also attend the > css-discuss list, where they have css experts who have web sites that > don't validate while they preach compliance. > > When confronted with "If you care about compliance issues, then why > doesn't your site validate?" They respond with "Compliance is a goal > and not a requirement" -- whatever that means. Like the Old Indian in > Outlaw Josey Wales -- the politicians kept telling him "We admire > your persistence in your commitment to persevere" -- I don't > understand what the hell they're telling me. > > In any event, I think that web sites are not a good tool for > measuring ability -- even with those proficient in css. It probably > best to look at their work product. > > As for me, my site is not great, but it's not bad, it validates, > meets disability issues, and has a good ranking -- so, I think it > works in the ways I think are important. But as far as sending any > business my way as as result of "wow, this person is good", nah -- > that hasn't happened. > > tedd > -- -- Robert Q Kim, Wireless Internet Advisor http://wireless-internet-coverage.blogspot.com http://evdo-coverage.com 2611 S. Pacific Coast Highway 101 Suite 203 Cardiff by the Sea, CA 92007 206 984 0880 From tedd at sperling.com Fri Apr 14 18:27:19 2006 From: tedd at sperling.com (tedd) Date: Fri, 14 Apr 2006 18:27:19 -0400 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: <1ec620e90604141451o7e6d92fbjedf8df563900d031@mail.gmail.com> References: <001001c65ff3$eaffc480$0aa8a8c0@cliff> <1ec620e90604141451o7e6d92fbjedf8df563900d031@mail.gmail.com> Message-ID: >In the end it comes down to what you can sell your services for. Ahhhh -- okay -- what's your point? >-- >Robert Q Kim, Wireless Internet Advisor >http://wireless-internet-coverage.blogspot.com >http://evdo-coverage.com >2611 S. Pacific Coast Highway 101 >Suite 203 >Cardiff by the Sea, CA 92007 >206 984 0880 I've always liked Pacific Coast Highway. tedd -- -------------------------------------------------------------------------------- http://sperling.com From rotsen at gmail.com Fri Apr 14 19:07:59 2006 From: rotsen at gmail.com (Nestor) Date: Fri, 14 Apr 2006 16:07:59 -0700 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: References: <001001c65ff3$eaffc480$0aa8a8c0@cliff> <1ec620e90604141451o7e6d92fbjedf8df563900d031@mail.gmail.com> Message-ID: Nice to see someone else from the San Diego area in the list :-) On 4/14/06, tedd wrote: > >In the end it comes down to what you can sell your services for. > > Ahhhh -- okay -- what's your point? > > >-- > >Robert Q Kim, Wireless Internet Advisor > >http://wireless-internet-coverage.blogspot.com > >http://evdo-coverage.com > >2611 S. Pacific Coast Highway 101 > >Suite 203 > >Cardiff by the Sea, CA 92007 > >206 984 0880 > > I've always liked Pacific Coast Highway. > > tedd > -- > -------------------------------------------------------------------------------- > http://sperling.com > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From 1j0lkq002 at sneakemail.com Fri Apr 14 20:57:19 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Fri, 14 Apr 2006 17:57:19 -0700 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: References: <001001c65ff3$eaffc480$0aa8a8c0@cliff> Message-ID: <21400-42591@sneakemail.com> tedd tedd-at-sperling.com |nyphp dev/internal group use| wrote: >>Show me a great web site, a thoughtful blog, a wicked cool -- as we >>say in Boston -- feature, and I think, "wow, this person is good, >>this person is passionate about what he/she does. >> >> >I know what you mean. But, a web site may not be a good indicator of >the persons abilities. > > That is funny. Never is this theory tested more than in marketing. Your logic says a good marketer must have an amazingly well marketed business. Hah. The best marketers I know do no marketing at all for their own businesses. The best SEOs I know have simple, one age websites, and even then only because they needed somewhere to point the people they *didn't* want to talk to. I work in competitive tactics. I deploy fast and innovate on the fly. Almost everything is opportunity driven, and backed by a strong faith in fundamentals. That flies in the face of modern "expectations". I *could* show you my tricks and tactics and methods by using them on my own website, but why would I? In fact, it is conceivable that I would use the wrong methods and tactics on my public website, just to distract the competition from my real work. Ditto for CSS pros who achieve goals with CSS. Why give it away by labeling it as "your best work" and putting it up at a known address for anyone to inspect, copy, critique? I know.... not a simple topic. Chicken and egg, etc. But it has always been true that you should not judge a book by it's cover in most cases. -=john andrews http://www.seo-fun.com From rolan at omnistep.com Fri Apr 14 23:11:56 2006 From: rolan at omnistep.com (Rolan Yang) Date: Fri, 14 Apr 2006 23:11:56 -0400 Subject: [nycphp-talk] naked header In-Reply-To: <443FDBD3.4070405@computer.org> References: <20060413155836.37470.qmail@web35911.mail.mud.yahoo.com> <20060414155759.GA24400@panix.com> <443FDBD3.4070405@computer.org> Message-ID: <4440647C.1040403@omnistep.com> If YOU are (or can be) the client, I would recommend the Tamper plugin for Firefox browser. It's a great debugging tool. ~Rolan Bill Patterson wrote: > I'm trying to find a way to, from PHP, see the entire string that is > being sent by the client to the server, especially the header. There > are many ways to see things IN the header, but I am looking for a way to > see the WHOLE string. Any ideas? > > From tedd at sperling.com Fri Apr 14 23:28:00 2006 From: tedd at sperling.com (tedd) Date: Fri, 14 Apr 2006 23:28:00 -0400 Subject: [nycphp-talk] Whats a Competitive Salary.. [OT] In-Reply-To: References: <001001c65ff3$eaffc480$0aa8a8c0@cliff> <1ec620e90604141451o7e6d92fbjedf8df563900d031@mail.gmail.com> Message-ID: >Nice to see someone else from the San Diego area in the list :-) I grew up a little further north (i.e., LA), but now live surrounded by 20 percent of the world's fresh water. But I still miss PCH. tedd -- -------------------------------------------------------------------------------- http://sperling.com From tedd at sperling.com Fri Apr 14 23:36:43 2006 From: tedd at sperling.com (tedd) Date: Fri, 14 Apr 2006 23:36:43 -0400 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: <21400-42591@sneakemail.com> References: <001001c65ff3$eaffc480$0aa8a8c0@cliff> <21400-42591@sneakemail.com> Message-ID: >tedd tedd-at-sperling.com |nyphp dev/internal group use| wrote: > > >I know what you mean. But, a web site may not be a good indicator of >>the persons abilities. >> >> >That is funny. Never is this theory tested more than in marketing. Your >logic says a good marketer must have an amazingly well marketed >business. Hah. No, if you will note, I said the opposite. A web site (self-marketing) may NOT be a good indicator of the persons abilities. >The best marketers I know do no marketing at all for their own >businesses. The best SEOs I know have simple, one age websites, and even >then only because they needed somewhere to point the people they >*didn't* want to talk to. What I know of SEO is more than what can be shown by any single web site -- the bottom line is the number of productive hits that count and that can be only measured by the recipient. >I work in competitive tactics. I deploy fast and innovate on the fly. >Almost everything is opportunity driven, and backed by a strong faith in >fundamentals. That flies in the face of modern "expectations". I *could* >show you my tricks and tactics and methods by using them on my own >website, but why would I? Don't. >In fact, it is conceivable that I would use >the wrong methods and tactics on my public website, just to distract the >competition from my real work. In my mind, that's thinking too much. That's like walking into a party thinking everyone notices you, when in fact no one cares -- they're too involved with other things to notice. >Ditto for CSS pros who achieve goals with CSS. Why give it away by >labeling it as "your best work" and putting it up at a known address for >anyone to inspect, copy, critique? Then why do css pro's (or anyone for that matter) write books or participate in discussion groups? Remember, they have to put out their best work, or no one will buy it. Plus, and more importantly, there is a professional clique from peers that's expected and has consequences if you don't produce. Reputation is paramount and becoming increasingly more so. >I know.... not a simple topic. Chicken and egg, etc. But it has always >been true that you should not judge a book by it's cover in most cases. I'll agree with you there. I would much rather be underestimated, and surprise people, than be overestimated and make a fool of myself -- I've done enough of that already. Best, tedd -- -------------------------------------------------------------------------------- http://sperling.com From andrew at plexpod.com Sat Apr 15 10:41:44 2006 From: andrew at plexpod.com (Andrew Yochum) Date: Sat, 15 Apr 2006 10:41:44 -0400 Subject: [nycphp-talk] naked header In-Reply-To: <4440647C.1040403@omnistep.com> References: <20060413155836.37470.qmail@web35911.mail.mud.yahoo.com> <20060414155759.GA24400@panix.com> <443FDBD3.4070405@computer.org> <4440647C.1040403@omnistep.com> Message-ID: <20060415144144.GE23792@desario.homelinux.net> On Fri, Apr 14, 2006 at 11:11:56PM -0400, Rolan Yang wrote: > If YOU are (or can be) the client, I would recommend the Tamper plugin > for Firefox browser. It's a great debugging tool. > > ~Rolan > > Bill Patterson wrote: > > I'm trying to find a way to, from PHP, see the entire string that is > > being sent by the client to the server, especially the header. There > > are many ways to see things IN the header, but I am looking for a way to > > see the WHOLE string. Any ideas? I second that. TamperData is a great tool: http://tamperdata.mozdev.org/ Also you may try reading standard input: $raw_request_data = file_get_contents('php://input'); if you wish to do it server side. HTH, Andrew -- Andrew Yochum Plexpod andrew at plexpod.com 718-360-0879 From papillion at gmail.com Sat Apr 15 11:32:23 2006 From: papillion at gmail.com (Anthony Papillion) Date: Sat, 15 Apr 2006 10:32:23 -0500 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: <001001c65ff3$eaffc480$0aa8a8c0@cliff> References: <8d9a42800604141128p2b2d76b9oad09a2a04ea16ae0@mail.gmail.com> <001001c65ff3$eaffc480$0aa8a8c0@cliff> Message-ID: <5458518f0604150832x45647621j842de07c8bd4f9e9@mail.gmail.com> On 4/14/06, Cliff Hirsch wrote: > When I see bad web sites, I think that either you don't know what you are > doing or you don't care. Just wanted to chime in here for a second. While I understand what you're saying, I don't totally agree with your assumptions that a bad website means someone either doesn't know what they are doing or that they don't care. I'm a PHP developer. Most of what I do is actual coding with very little website design. I *can* design a website but it's not going to be nearly as good looking as someone who does design day in and day out. Ask me to code PHP and I can do nearly anything you like; ask me to design you a great site and it will be a little harder for me because I am not a designer. Does that mean I don't know what I'm doing in my area of expertise? Absolutely not. I think when you're considering someone for a job you need to take into account what their skills and experience are. Being a strong PHP developer doesn't automatically mean you're a strong website designer. And not being a strong website designer doesn't mean you're not an incredible PHP developer. You just can't judge one set of skills by another. It'd be like saying someone is a poor driver so they must be a poor mechanic. The two aren't mutually inclusive. Anthony Papillion From max at neuropunks.org Sat Apr 15 14:09:38 2006 From: max at neuropunks.org (Max Gribov) Date: Sat, 15 Apr 2006 13:09:38 -0500 Subject: [nycphp-talk] Web app security scanners Message-ID: <444136E2.4050201@neuropunks.org> Hello all, does anyone know of any opensource/free web app security scanner? Basically, I just want something (else besides me) to go through all the GET's and POST's on my PHP site and see if XSS/sql injection/etc is possible. I certainly did an audit of my own code, but another pair of eyes, especially automated, would never hurt. Something down the lines of Nessuss only for web apps basically. I've seen this: www.acunetix.com, and signed up for a trial audit, but am wondering if there is something I can actually download. I havent seen anything on freshmeat or even google, most things are either tutorials or non-free. thanks! max From chsnyder at gmail.com Sat Apr 15 13:15:35 2006 From: chsnyder at gmail.com (csnyder) Date: Sat, 15 Apr 2006 13:15:35 -0400 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: <21400-42591@sneakemail.com> References: <001001c65ff3$eaffc480$0aa8a8c0@cliff> <21400-42591@sneakemail.com> Message-ID: On 4/14/06, inforequest <1j0lkq002 at sneakemail.com> wrote: > In fact, it is conceivable that I would use > the wrong methods and tactics on my public website, just to distract the > competition from my real work. But you enjoy the cloak-and-daggerness of it, and you obviously have enough work to keep you busy and networked into new clients. If you were looking for growth, you would deploy world-class techniques and sit at the top of the results. The volume of new business could allow you to hire a big chunk of the competition. > Ditto for CSS pros who achieve goals with CSS. Why give it away by > labeling it as "your best work" and putting it up at a known address for > anyone to inspect, copy, critique? You're trolling now, because anybody who writes CSS for a living knows that their work is on display for anyone to see. My god, how fortunate you will be if someone actually takes the time to inspect, copy, and critique. The only reason to hide a good idea is because you are afraid you'll never have a better one. Good luck selling yourself if you're never going to have any more good ideas. From nyphp at n0p.net Sat Apr 15 14:15:29 2006 From: nyphp at n0p.net (Flavio daCosta) Date: Sat, 15 Apr 2006 14:15:29 -0400 Subject: [nycphp-talk] Web app security scanners In-Reply-To: <444136E2.4050201@neuropunks.org> References: <444136E2.4050201@neuropunks.org> Message-ID: <44413841.9050709@n0p.net> Although not totally what you are looking for as it wont test custom applications, Nikto has a decent arsenal of _generic_ test. And knowing that at least someone on the Internet may run it against your site, it might as well be you. ;-) Flavio From lists at genoverly.net Sat Apr 15 14:32:24 2006 From: lists at genoverly.net (michael) Date: Sat, 15 Apr 2006 14:32:24 -0400 Subject: [nycphp-talk] fun fire fox facts Message-ID: <20060415143224.729217c4@wit.genoverly.home> OT alert I stumbled onto this today http://firefoxfacts.com/ -- Michael From jonbaer at jonbaer.com Sat Apr 15 15:12:51 2006 From: jonbaer at jonbaer.com (Jon Baer) Date: Sat, 15 Apr 2006 15:12:51 -0400 Subject: [nycphp-talk] Web app security scanners In-Reply-To: <444136E2.4050201@neuropunks.org> References: <444136E2.4050201@neuropunks.org> Message-ID: Foundstone has an app called WSDigger ... and a slew of others tools you might want to check out ... http://www.foundstone.com/resources/s3i_tools.htm Best bet might be to drop by your local Barnes and Noble and check out the resources listed on the backs of the "l33t" books ... or keep tabs on a site like packetstormsecurity.org. - Jon On Apr 15, 2006, at 2:09 PM, Max Gribov wrote: > Hello all, > does anyone know of any opensource/free web app security scanner? > Basically, I just want something (else besides me) to go through > all the > GET's and POST's on my PHP site and see if XSS/sql injection/etc is > possible. > I certainly did an audit of my own code, but another pair of eyes, > especially automated, would never hurt. > Something down the lines of Nessuss only for web apps basically. > I've seen this: www.acunetix.com, and signed up for a trial audit, but > am wondering if there is something I can actually download. > I havent seen anything on freshmeat or even google, most things are > either tutorials or non-free. > > thanks! > > max > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From jonbaer at jonbaer.com Sat Apr 15 15:18:49 2006 From: jonbaer at jonbaer.com (Jon Baer) Date: Sat, 15 Apr 2006 15:18:49 -0400 Subject: [nycphp-talk] fun fire fox facts (FireBug) In-Reply-To: <20060415143224.729217c4@wit.genoverly.home> References: <20060415143224.729217c4@wit.genoverly.home> Message-ID: Along the same Firefox discussion, this is a pretty sweet plugin/ extension Ive been playing around w/ past few days ... https://addons.mozilla.org/extensions/moreinfo.php?id=1843 -snip- FireBug lets you explore the far corners of the DOM by keyboard or mouse. All of the tools you need to poke, prod, and monitor your JavaScript, CSS, HTML and Ajax are brought together into one seamless experience, including an error console, command line, and a variety of fun inspectors. -snip- Try including prototype/scriptaculous on any project and away you go ... - Jon On Apr 15, 2006, at 2:32 PM, michael wrote: > OT alert > > I stumbled onto this today http://firefoxfacts.com/ > > > > -- > > Michael > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From danielc at analysisandsolutions.com Sat Apr 15 16:23:07 2006 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sat, 15 Apr 2006 16:23:07 -0400 Subject: [nycphp-talk] PHP in SecurityFocus #343 Message-ID: <20060415202123.6E15D6A9B03@mailspool2.panix.com> These summaries are available online RSS: http://phpsec.org/projects/vulnerabilities/securityfocus.xml HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html Alerts from SecurityFocus Newsletter #343 Wow! This week's newsletter has a plethora problematic PHP programs. PHP --- PHP html_entity_decode() Information Disclosure Vulnerability http://www.securityfocus.com/bid/17296 This has been fixed in 5.1.3-RC1. The patch was also applied to the 4.4 branch but hasn't made it into a release yet. APPLICATIONS USING PHP ---------------------- PHPAdsNew and PHPPGAds Multiple Input Validation Vulnerabilities http://www.securityfocus.com/bid/17251 AkoComment akocomment.PHP Multiple SQL Injection Vulnerabilities http://www.securityfocus.com/bid/17241 Nuked-Klan Index.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/17233 SaphpLesson Print.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/17239 Calendar Express Multiple Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/17240 WEBalbum Remote Command Execution Vulnerability http://www.securityfocus.com/bid/17228 ConfTool Index.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17231 PHP-Stats Multiple Input Validation and Information Disclosure Vulnerabilities http://www.securityfocus.com/bid/16963 PHPBookingCalendar Details_View.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/17230 PHP Ticket Search.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/17229 DSDownload Multiple SQL-Injection Vulnerabilities http://www.securityfocus.com/bid/17116 DSCounter Index.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/17112 eXpandable Home Page CMS Multiple Access Validation Vulnerabilities http://www.securityfocus.com/bid/17209 PhxContacts Login.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17307 Null News Multiple SQL Injection Vulnerabilities http://www.securityfocus.com/bid/17300 PHP Classifieds Search.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17305 Sourceworkshop Newsletter Newsletter.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/17304 PhxContacts Multiple SQL Injection Vulnerabilities http://www.securityfocus.com/bid/17306 vCounter vCounter.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/17302 PHPNewsManager Multiple SQL Injection Vulnerabilities http://www.securityfocus.com/bid/17301 Tilde CMS Index.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/17299 PhpCollab Sendpassword.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/17283 NetOffice Sendpassword.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/17286 OneOrZero Helpdesk Index.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/17298 PHP Script Index Search Parameter Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17297 Horde Help Viewer Remote PHP Code Execution Vulnerability http://www.securityfocus.com/bid/17292 PHPKIT Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17291 VWar Functions_install.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/17290 AL-Caricatier Multiple Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/17289 CONTROLzx HMS Multiple Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/17282 PHPmyfamily Track.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17278 phpCOIN Multiple Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/17279 Tachyondecay VSNS Lemon Final_functions.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/17281 ActiveCampaign SupportTrio Multiple Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/17276 MediaWiki Encoded Page Link HTML Injection Vulnerability http://www.securityfocus.com/bid/17269 TFT Gallery Administrator Password Information Disclosure Vulnerability http://www.securityfocus.com/bid/17250 DSLogin Index.PHP Multiple SQL Injection Vulnerabilities http://www.securityfocus.com/bid/17262 Pixel Motion Multiple SQL Injection Vulnerabilities http://www.securityfocus.com/bid/17260 Meeting Reserve SearchResult.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17256 G-Book HTML Injection Vulnerability http://www.securityfocus.com/bid/17253 Maian Weblog Multiple SQL-Injection Vulnerabilities http://www.securityfocus.com/bid/17247 RELATED STUFF ------------- Sendmail Asynchronous Signal Handling Remote Code Execution Vulnerability http://www.securityfocus.com/bid/17192 From danielc at analysisandsolutions.com Sat Apr 15 16:23:12 2006 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sat, 15 Apr 2006 16:23:12 -0400 Subject: [nycphp-talk] PHP in SecurityFocus #345 Message-ID: <20060415202132.9D40F6A9B03@mailspool2.panix.com> These summaries are available online RSS: http://phpsec.org/projects/vulnerabilities/securityfocus.xml HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html Alerts from SecurityFocus Newsletter #345 PHP --- PHP Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities http://www.securityfocus.com/bid/17439 This was fixed in CVS on April 6, so should show up in PHP 5.1.3. APPLICATIONS USING PHP ---------------------- Gallery Unspecified Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17437 Horde Help Viewer Remote PHP Code Execution Vulnerability http://www.securityfocus.com/bid/17292 PHPWebGallery Multiple Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/17421 phpMyForum Index.PHP Multiple Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/17420 MyBulletinBoard Newthread.PHP HTML Injection Vulnerability http://www.securityfocus.com/bid/17427 Clever Copy Connect.INC Information Disclosure Vulnerability http://www.securityfocus.com/bid/17461 JetPhoto Multiple Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/17449 SIRE Lire.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/17428 APT-webshop Modules.PHP Multiple SQL Injection Vulnerabilities http://www.securityfocus.com/bid/17425 SPIP Spip_login.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/17423 JBook Index.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17419 AWeb's Scripts Seller Buy.PHP Authorization Bypass Vulnerability http://www.securityfocus.com/bid/17417 AWeb's Banner Generator Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17416 PHPList Index.PHP Local File Include Vulnerability http://www.securityfocus.com/bid/17429 Clansys Index.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/17456 SmartISoft phpListPro Config.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/17448 AzDGVote Remote File Include Vulnerability http://www.securityfocus.com/bid/17447 XMB Forum Flash Video Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17445 VWar Admin.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/17443 ShopWeezle Multiple SQL Injection Vulnerabilities http://www.securityfocus.com/bid/17441 XBrite Members.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/17424 Shadowed Portal Load.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17430 SQuery LibPath Parameter Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/17434 VegaDNS Multiple Input Validation Vulnerabilities http://www.securityfocus.com/bid/17433 Design Nation DNGuestbook Admin.PHP SQL Injection Vulnerabilities http://www.securityfocus.com/bid/17435 SIRE Arbitrary File Upload Vulnerability http://www.securityfocus.com/bid/17431 Indexu Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/17470 PHPKIT Include.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/17467 Blursoft Blur6ex Multiple Input Validation Vulnerabilities http://www.securityfocus.com/bid/17465 Dokeos Viewtopic.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/17463 JBook Form.PHP SQL Injection Vulnerabilities http://www.securityfocus.com/bid/17458 From danielc at analysisandsolutions.com Sat Apr 15 16:23:10 2006 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sat, 15 Apr 2006 16:23:10 -0400 Subject: [nycphp-talk] PHP in SecurityFocus #344 Message-ID: <20060415202130.CDB7BE0F502@mailspool3.panix.com> These summaries are available online RSS: http://phpsec.org/projects/vulnerabilities/securityfocus.xml HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html Alerts from SecurityFocus Newsletter #344 PHP --- PHP PHPInfo Large Input Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17362 This was fixed in CVS on March 30, so should show up in PHP 5.1.3 when it's released. APPLICATIONS USING PHP ---------------------- PHPBB Profile.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17355 Horde MIME Viewer Inline Attachment HTML Injection Vulnerability http://www.securityfocus.com/bid/15535 Esqlanelapse Unspecified Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17331 Mon Album Multiple SQL Injection Vulnerabilities http://www.securityfocus.com/bid/17327 Mantis View_All_Set.PHP Multiple Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/17326 Horde Help Viewer Remote PHP Code Execution Vulnerability http://www.securityfocus.com/bid/17292 O2PHP Oxygen Post.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/17324 MediaSlash Gallery Index.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/17323 VNews Multiple Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/17317 VNews Multiple SQL Injection Vulnerabilities http://www.securityfocus.com/bid/17316 VBook Index.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/17320 VBook Multiple Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/17319 VWar Functions_Admin.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/17315 VWar Get_header.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/17358 X-Changer Multiple SQL Injection Vulnerabilities http://www.securityfocus.com/bid/17322 PHPNewsManager Multiple SQL Injection Vulnerabilities http://www.securityfocus.com/bid/17301 PHPNuke-Clan Functions_Common.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/17356 AngelineCMS Loadkernel.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/17371 MyBulletinBoard Email BBCode Tag HTML Injection Vulnerability http://www.securityfocus.com/bid/17368 LucidCMS Index.PHP Multiple Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/17360 WebAPP Multiple Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/17359 Exponent CMS Banner Module Arbitrary Script Execution Vulnerability http://www.securityfocus.com/bid/17357 Basic Analysis and Security Engine Base_maintenance.PHP Authentication Bypass Vulnerability http://www.securityfocus.com/bid/17354 ReloadCMS User-Agent HTML Injection Vulnerability http://www.securityfocus.com/bid/17353 PHPSelect Submit-A-Link HTML Injection Vulnerability http://www.securityfocus.com/bid/17348 Blank'N'Berg Directory Traversal Vulnerability http://www.securityfocus.com/bid/17345 Blank'N'Berg Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17346 Claroline Rqmkhtml.PHP Information Disclosure Vulnerability http://www.securityfocus.com/bid/17343 Claroline RQMKHTML.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17344 Claroline ScormExport.inc.PHP File Include Vulnerability http://www.securityfocus.com/bid/17341 RedCMS Multiple Input Validation Vulnerabilities http://www.securityfocus.com/bid/17336 Softbiz Image Gallery Multiple SQL Injection Vulnerabilities http://www.securityfocus.com/bid/17339 DbbS Topics.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/17338 Warcraft III Replay Parser for PHP Index.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/17334 V-creator Remote Shell Code Execution Vulnerability http://www.securityfocus.com/bid/17328 QLnews Multiple Input Validation Vulnerabilities http://www.securityfocus.com/bid/17335 qliteNews Multiple SQL Injection Vulnerabilities http://www.securityfocus.com/bid/17333 GTD-PHP Multiple Input Validation Vulnerabilities http://www.securityfocus.com/bid/17366 RELATED STUFF ------------- Apache Struts Multiple Remote Vulnerabilities http://www.securityfocus.com/bid/17342 From syntux at gmail.com Sat Apr 15 17:59:06 2006 From: syntux at gmail.com (Jad madi) Date: Sun, 16 Apr 2006 00:59:06 +0300 Subject: [nycphp-talk] Web app security scanners In-Reply-To: <444136E2.4050201@neuropunks.org> References: <444136E2.4050201@neuropunks.org> Message-ID: <1145138346.5564.18.camel@localhost> http://securityscanner.lostfiles.de/ and some other cool stuff but not code scanner http://tamperdata.mozdev.org/ http://cyberai.com/inputfilter/index.php On Sat, 2006-04-15 at 13:09 -0500, Max Gribov wrote: > Hello all, > does anyone know of any opensource/free web app security scanner? > Basically, I just want something (else besides me) to go through all the > GET's and POST's on my PHP site and see if XSS/sql injection/etc is > possible. > I certainly did an audit of my own code, but another pair of eyes, > especially automated, would never hurt. > Something down the lines of Nessuss only for web apps basically. > I've seen this: www.acunetix.com, and signed up for a trial audit, but > am wondering if there is something I can actually download. > I havent seen anything on freshmeat or even google, most things are > either tutorials or non-free. > > thanks! > > max > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From 1j0lkq002 at sneakemail.com Sat Apr 15 21:15:05 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Sat, 15 Apr 2006 18:15:05 -0700 Subject: [nycphp-talk] Whats a Competitive Salary for PHP Dev In-Reply-To: References: <001001c65ff3$eaffc480$0aa8a8c0@cliff> <21400-42591@sneakemail.com> Message-ID: <14192-50621@sneakemail.com> csnyder chsnyder-at-gmail.com |nyphp dev/internal group use| wrote: >On 4/14/06, inforequest <1j0lkq002 at sneakemail.com> wrote: > > >>In fact, it is conceivable that I would use >>the wrong methods and tactics on my public website, just to distract the >>competition from my real work. >> >> > >But you enjoy the cloak-and-daggerness of it, and you obviously have enough work to keep you busy and networked into new clients. If you >were looking for growth, you would deploy world-class techniques and sit at the top of the results. The volume of new business could allow >you to hire a big chunk of the competition. > > If I wanted to spend my hours managing a large business with employees and clients maybe, but I prefer to spend my hours optimizing and strategizing. Growth for me is larger, more complex and long term projects, not volumes if optimize-these-title-tags work where I would have to hire monkeys and cut contracts with banana farmers. The problem with my line of work is that it is easier to make $N using the tools for myself in the market than to make the same $N deploying the tools for someone else. Customers are not often interested in paying to learn why they should do what I suggest, and I literally have to dig into a field in order to be successful (so it has to be interesting to me either way). What sells SEO is competition - when a site owner loses to rank the owner seeks out an SEO. What they will find in the SEO serps is someone to take their money. If you even try to rank in the SEO world you will have to outrank big money fast-talking MMF outfits and that's not affordable. >>Ditto for CSS pros who achieve goals with CSS. Why give it away by labeling it as "your best work" and putting it up at a known address for >>anyone to inspect, copy, critique? >> >> > >You're trolling now, because anybody who writes CSS for a living knows that their work is on display for anyone to see. My god, how fortunate >you will be if someone actually takes the time to inspect, copy, and critique. > > Me? Troll? No way! ;-) Eric Meyer does not have an excellent website IMHO, yet he's a CSS guru. And if I challenged you to find a URL that showcased his best work, could you? I have often wished I knew when my CSS guru launched a new site... I'd be all over it as I would not have to pay him so much to repeat the best of it for me. And he knows that, and keeps his client list under wraps. >The only reason to hide a good idea is because you are afraid you'll never have a better one. Good luck selling yourself if you're never >going to have any more good ideas. > > Not true at all in an opportunity-driven market. Good ideas are cheap, and execution is everything. I can guarantee you that if I post a page of my best SEO work with my name on it, it will be duplicated many times in the same markets within days. Partly because my work is focused on opportunity (if I did it there must be opportunity) but also because of a blind faith that I would not have executed if it were not worthwhile - a blindness fueled by the low cost of copying. Misdirection raises the costs of copying. From jeff.loiselle at gmail.com Mon Apr 17 13:30:14 2006 From: jeff.loiselle at gmail.com (Jeff Loiselle) Date: Mon, 17 Apr 2006 13:30:14 -0400 Subject: [nycphp-talk] Adding Text To The Top of a PDF Message-ID: <4b1887110604171030p10010534i2e8c6fdbe552c3c9@mail.gmail.com> What's the best way to stab at adding two lines of text to the top of an existing PDF? --- Jeff Loiselle Web Developer, Musician, and Observer http://jeff.loiselles.com From jeff.knight at gmail.com Mon Apr 17 13:34:25 2006 From: jeff.knight at gmail.com (Jeff Knight) Date: Mon, 17 Apr 2006 12:34:25 -0500 Subject: [nycphp-talk] Adding Text To The Top of a PDF In-Reply-To: <4b1887110604171030p10010534i2e8c6fdbe552c3c9@mail.gmail.com> References: <4b1887110604171030p10010534i2e8c6fdbe552c3c9@mail.gmail.com> Message-ID: <2ca9ba910604171034x3a1877c8o76fbd3aef6ee8bb8@mail.gmail.com> Try http://www.fpdf.org/ On 4/17/06, Jeff Loiselle wrote: > What's the best way to stab at adding two lines of text to the top of > an existing PDF? > > --- > Jeff Loiselle > Web Developer, Musician, and Observer > http://jeff.loiselles.com > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From robynover at gmail.com Mon Apr 17 14:56:21 2006 From: robynover at gmail.com (robyn o) Date: Mon, 17 Apr 2006 14:56:21 -0400 Subject: [nycphp-talk] phpmailer + general PHP/email strategies? Message-ID: Hi list, I'm working with phpmailer to send email announcements. It's working, but I'm concerned that maybe it's not working as efficiently as it could be. I've sent it to a relatively small group of people (about 35) and I don't see the group getting beyond 100 email addresses for this application. However, looping through the addresses tends to go slowly -- fine for if I'm using it myself, but possibly too long to expect other users to wait. Because each email has information specific to that user, I'm sending individual emails instead of just adding all the addresses to a Bcc in one message. So the code is something like this: --------- $mail = new PHPMailer(); foreach ($recipients as $r){ bodymsg = "Hi $name"; $mail->Body = $bodymsg; $mail->AddAddress($r); if(!$mail->Send()){ //do something } else { //etc } $mail->ClearAddresses(); //clear for next loop } --------- Is this a reasonable way to do it? Is there a more efficient way of handling the code? Or maybe phpmailer is not the right tool. My other thought is that maybe the actual mailing should happen behind the scenes, using cron (all the user data is in MySQL) ... Thanks in advance, Robyn -------------- next part -------------- An HTML attachment was scrubbed... URL: From tedd at sperling.com Mon Apr 17 19:22:16 2006 From: tedd at sperling.com (tedd) Date: Mon, 17 Apr 2006 19:22:16 -0400 Subject: [nycphp-talk] Adding Text To The Top of a PDF In-Reply-To: <4b1887110604171030p10010534i2e8c6fdbe552c3c9@mail.gmail.com> References: <4b1887110604171030p10010534i2e8c6fdbe552c3c9@mail.gmail.com> Message-ID: >What's the best way to stab at adding two lines of text to the top of >an existing PDF? > >--- >Jeff Loiselle It depends if you're right or left handed. tedd -- -------------------------------------------------------------------------------- http://sperling.com From yournway at gmail.com Tue Apr 18 04:30:03 2006 From: yournway at gmail.com (Alberto dos Santos) Date: Tue, 18 Apr 2006 09:30:03 +0100 Subject: [nycphp-talk] Adding Text To The Top of a PDF In-Reply-To: References: <4b1887110604171030p10010534i2e8c6fdbe552c3c9@mail.gmail.com> Message-ID: You may try your luck with Adobe Illustrator, it may (or not...) open the doc.pdf and then you can edit it. Cheers, On 18/04/06, tedd wrote: > > >What's the best way to stab at adding two lines of text to the top of > >an existing PDF? > > > >--- > >Jeff Loiselle > > > It depends if you're right or left handed. > > tedd > -- > > -------------------------------------------------------------------------------- > http://sperling.com > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- Alberto dos Santos Consultor em TI IT Consultant http://www.yournway.com A internet ? sua maneira. The Internet your own way. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dmintz at davidmintz.org Tue Apr 18 09:48:13 2006 From: dmintz at davidmintz.org (David Mintz) Date: Tue, 18 Apr 2006 09:48:13 -0400 (EDT) Subject: [nycphp-talk] Adding Text To The Top of a PDF In-Reply-To: <4b1887110604171030p10010534i2e8c6fdbe552c3c9@mail.gmail.com> References: <4b1887110604171030p10010534i2e8c6fdbe552c3c9@mail.gmail.com> Message-ID: On Mon, 17 Apr 2006, Jeff Loiselle wrote: > What's the best way to stab at adding two lines of text to the top of > an existing PDF? I think you want http://fpdi.setasign.de/index.php?p=home I have a project in which I am going to need to open a PDF template and fill in some data. Just to prove I could do it I created a document in OpenOffice Writer with an empty rectangle drawn in a more or less arbitrary position on the page, then saved it as a PDF called test_pdf.pdf, then tried to use this class to open it, squirt some fresh red ink right into the little box and save the new PDF to disk. It works. setTextColor(255,0,0); $pagecount = $pdf->setSourceFile("./test_pdf.pdf"); $tplidx = $pdf->ImportPage(1); $pdf->addPage(); $pdf->useTemplate($tplidx); $pdf->SetXY(66,52); $pdf->SetFont('helvetica','B',10); $pdf->Cell(150,20,'new text written '.date('r')); $pdf->Ln(5); $pdf->SetX(66); $pdf->Cell(150,20,'more text written soon thereafter'); $pdf->Output('./output.pdf','F'); $pdf->closeParsers(); echo "ok"; ?> --- David Mintz http://davidmintz.org/ Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. From max at neuropunks.org Tue Apr 18 11:23:57 2006 From: max at neuropunks.org (max) Date: Tue, 18 Apr 2006 10:23:57 -0500 Subject: [nycphp-talk] Web app security scanners In-Reply-To: <444136E2.4050201@neuropunks.org> References: <444136E2.4050201@neuropunks.org> Message-ID: <20060418152357.GA13328@neuropunks.org> Well, heres a short followup on this. I used the acunetix free web based scanner, and it seems to be pretty thourough. The free report of course has no details in it, only number of potentials problems. However, looking at the webserver logs, you can see what they were checking for, and it looks serious. They try 13 different XSS attacks, 3 sql injections, cookie rewriter, all kinds of dir traversal, and trace/track/connect http request issues. I still dont think im going to dish out 3 something K for the full version, but at least from their brief report you can check the logs for their requests, and see your server's response, and try it yourself. Pretty educational overall actually. On Sat, Apr 15, 2006 at 01:09:38PM -0500, Max Gribov wrote: > Hello all, > does anyone know of any opensource/free web app security scanner? > Basically, I just want something (else besides me) to go through all the > GET's and POST's on my PHP site and see if XSS/sql injection/etc is > possible. > I certainly did an audit of my own code, but another pair of eyes, > especially automated, would never hurt. > Something down the lines of Nessuss only for web apps basically. > I've seen this: www.acunetix.com, and signed up for a trial audit, but > am wondering if there is something I can actually download. > I havent seen anything on freshmeat or even google, most things are > either tutorials or non-free. > > thanks! > > max > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From 1j0lkq002 at sneakemail.com Tue Apr 18 13:41:14 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Tue, 18 Apr 2006 10:41:14 -0700 Subject: [nycphp-talk] Web app security scanners In-Reply-To: <20060418152357.GA13328@neuropunks.org> References: <444136E2.4050201@neuropunks.org> <20060418152357.GA13328@neuropunks.org> Message-ID: <23447-89818@sneakemail.com> Thanks Max. Did you go for the "free website audit" because I dl'ed the free scanner and it says it only runs against their test sites, not your own sites. Thanks. -=john andrews http://www.seo-fun.com max max-at-neuropunks.org |nyphp dev/internal group use| wrote: >Well, heres a short followup on this. >I used the acunetix free web based scanner, and it seems to be pretty thourough. >The free report of course has no details in it, only number of potentials problems. >However, looking at the webserver logs, you can see what they were checking for, and it looks serious. >They try 13 different XSS attacks, 3 sql injections, cookie rewriter, all kinds of dir traversal, and >trace/track/connect http request issues. >I still dont think im going to dish out 3 something K for the full version, but at least from their brief report you can check the logs for their requests, and see your server's response, and try it yourself. >Pretty educational overall actually. > > >On Sat, Apr 15, 2006 at 01:09:38PM -0500, Max Gribov wrote: > > >>Hello all, >>does anyone know of any opensource/free web app security scanner? >>Basically, I just want something (else besides me) to go through all the >>GET's and POST's on my PHP site and see if XSS/sql injection/etc is >>possible. >>I certainly did an audit of my own code, but another pair of eyes, >>especially automated, would never hurt. >>Something down the lines of Nessuss only for web apps basically. >>I've seen this: www.acunetix.com, and signed up for a trial audit, but >>am wondering if there is something I can actually download. >>I havent seen anything on freshmeat or even google, most things are >>either tutorials or non-free. >> >>thanks! >> >>max >>_______________ >> From max at neuropunks.org Tue Apr 18 22:09:27 2006 From: max at neuropunks.org (max at neuropunks.org) Date: Tue, 18 Apr 2006 21:09:27 -0500 Subject: [nycphp-talk] Web app security scanners In-Reply-To: <23447-89818@sneakemail.com> References: <23447-89818@sneakemail.com> Message-ID: <0.94168900.1145412567@neuropunks.org> Yup, it was this http://www.acunetix.com/vulnerability-scanner/audit.aspx They do verify if your email address matches the site though. In my case, the IP block the dev site was on is owned by our company, so I emailed them from my work email, and they queued it up. The email about verification did come from a real human too. If you\'d like, I can email you off list the logfiles from the webserver so you can see the queries they make. --- Original Message --- From: inforequest <1j0lkq002 at sneakemail.com> Sent: Tue, 18 Apr 2006 10:41:14 -0700 To: talk at lists.nyphp.org Subject: Re: [nycphp-talk] Web app security scanners > > Thanks Max. Did you go for the \"free website audit\" because I dl\'ed the > free scanner and it says it only runs against their test sites, not your > own sites. Thanks. > > -=john andrews > http://www.seo-fun.com > > > max max-at-neuropunks.org |nyphp dev/internal group use| wrote: > > >Well, heres a short followup on this. > >I used the acunetix free web based scanner, and it seems to be pretty thourough. > >The free report of course has no details in it, only number of potentials problems. > >However, looking at the webserver logs, you can see what they were checking for, and it looks serious. > >They try 13 different XSS attacks, 3 sql injections, cookie rewriter, all kinds of dir traversal, and > >trace/track/connect http request issues. > >I still dont think im going to dish out 3 something K for the full version, but at least from their brief report you can check the logs for their requests, and see your server\'s response, and try it yourself. > >Pretty educational overall actually. > > > > > >On Sat, Apr 15, 2006 at 01:09:38PM -0500, Max Gribov wrote: > > > > > >>Hello all, > >>does anyone know of any opensource/free web app security scanner? > >>Basically, I just want something (else besides me) to go through all the > >>GET\'s and POST\'s on my PHP site and see if XSS/sql injection/etc is > >>possible. > >>I certainly did an audit of my own code, but another pair of eyes, > >>especially automated, would never hurt. > >>Something down the lines of Nessuss only for web apps basically. > >>I\'ve seen this: www.acunetix.com, and signed up for a trial audit, but > >>am wondering if there is something I can actually download. > >>I havent seen anything on freshmeat or even google, most things are > >>either tutorials or non-free. > >> > >>thanks! > >> > >>max > >>_______________ > >> > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > From arzala at gmail.com Tue Apr 18 23:59:35 2006 From: arzala at gmail.com (Anirudh Zala) Date: Wed, 19 Apr 2006 09:29:35 +0530 Subject: [nycphp-talk] Web app security scanners In-Reply-To: <0.94168900.1145412567@neuropunks.org> References: <23447-89818@sneakemail.com> <0.94168900.1145412567@neuropunks.org> Message-ID: I have 1 small comment on this issue. Instead of using any other software to scan all these, can't we scan all our get and post variable for validity of data using regular expressions? For example, we can 3 numeric variables that we receive via GET method. Before using them for further operations in our script, we can design a function that can check data associated with those 3 variables. If data of any of that variable seems invalid you can through 400 error (Bad request). I assume we can control 90% of our data by scanning them ourselves since we most of time know what data is going to arrive with those variables. Similarly we can do for POST variables as well. Thanks Anirudh Zala On Wed, 19 Apr 2006 07:39:27 +0530, wrote: > > Yup, it was this http://www.acunetix.com/vulnerability-scanner/audit.aspx > They do verify if your email address matches the site though. > In my case, the IP block the dev site was on is owned by our company, so > I emailed them from my work email, and they queued it up. The email > about verification did come from a real human too. > If you\'d like, I can email you off list the logfiles from the webserver > so you can see the queries they make. > > > > > > --- Original Message --- > From: inforequest <1j0lkq002 at sneakemail.com> > Sent: Tue, 18 Apr 2006 10:41:14 -0700 > To: talk at lists.nyphp.org > Subject: Re: [nycphp-talk] Web app security scanners > >> >> Thanks Max. Did you go for the \"free website audit\" because I dl\'ed >> the >> free scanner and it says it only runs against their test sites, not your >> own sites. Thanks. >> >> -=john andrews >> http://www.seo-fun.com >> >> >> max max-at-neuropunks.org |nyphp dev/internal group use| wrote: >> >> >Well, heres a short followup on this. >> >I used the acunetix free web based scanner, and it seems to be pretty >> thourough. >> >The free report of course has no details in it, only number of >> potentials problems. >> >However, looking at the webserver logs, you can see what they were >> checking for, and it looks serious. >> >They try 13 different XSS attacks, 3 sql injections, cookie rewriter, >> all kinds of dir traversal, and >> >trace/track/connect http request issues. >> >I still dont think im going to dish out 3 something K for the full >> version, but at least from their brief report you can check the logs >> for their requests, and see your server\'s response, and try it >> yourself. >> >Pretty educational overall actually. >> > >> > >> >On Sat, Apr 15, 2006 at 01:09:38PM -0500, Max Gribov wrote: >> > >> > >> >>Hello all, >> >>does anyone know of any opensource/free web app security scanner? >> >>Basically, I just want something (else besides me) to go through all >> the >> >>GET\'s and POST\'s on my PHP site and see if XSS/sql injection/etc is >> >>possible. >> >>I certainly did an audit of my own code, but another pair of eyes, >> >>especially automated, would never hurt. >> >>Something down the lines of Nessuss only for web apps basically. >> >>I\'ve seen this: www.acunetix.com, and signed up for a trial audit, >> but >> >>am wondering if there is something I can actually download. >> >>I havent seen anything on freshmeat or even google, most things are >> >>either tutorials or non-free. >> >> >> >>thanks! >> >> >> >>max >> >>_______________ >> >> >> >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> New York PHP Conference and Expo 2006 >> http://www.nyphpcon.com >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> >> > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php -- ----------------------------------------------- Anirudh Zala (Project Manager) ASPL, http://www.aspl.in Ph: +91 281 245 1894 arzala at gmail.com ----------------------------------------------- From chsnyder at gmail.com Wed Apr 19 08:08:31 2006 From: chsnyder at gmail.com (csnyder) Date: Wed, 19 Apr 2006 08:08:31 -0400 Subject: [nycphp-talk] Adding Text To The Top of a PDF In-Reply-To: References: <4b1887110604171030p10010534i2e8c6fdbe552c3c9@mail.gmail.com> Message-ID: On 4/18/06, David Mintz wrote: > http://fpdi.setasign.de/index.php?p=home > [snip] > then tried to use this class to open it, squirt some fresh > red ink right into the little box and save the new PDF to disk. Ahhh, the old jelly donut test! From max at neuropunks.org Wed Apr 19 11:49:43 2006 From: max at neuropunks.org (max) Date: Wed, 19 Apr 2006 10:49:43 -0500 Subject: [nycphp-talk] Web app security scanners In-Reply-To: References: <23447-89818@sneakemail.com> <0.94168900.1145412567@neuropunks.org> Message-ID: <20060419154943.GB8908@neuropunks.org> Well, i personally use switch() to filter main input (like index.php?section=about) and then everything thats GET or POST goes into addslashes and either has html/script things stripped, or converted to htmlentities. if you look at preg_replace on php.net manual, you'll find some examples on how to strip html/script tags easily. This audit was still usefull in my opinion. Its good to be able to see what someone who charges, and apparently successfully, for their scanning software would do to simulate real attacks. Obviously, i can google for XSS, and I have, but another set of eyes is always great. 2c... On Wed, Apr 19, 2006 at 09:29:35AM +0530, Anirudh Zala wrote: > I have 1 small comment on this issue. Instead of using any other software > to scan all these, can't we scan all our get and post variable for > validity of data using regular expressions? > > For example, we can 3 numeric variables that we receive via GET method. > Before using them for further operations in our script, we can design a > function that can check data associated with those 3 variables. If data of > any of that variable seems invalid you can through 400 error (Bad request). > > I assume we can control 90% of our data by scanning them ourselves since > we most of time know what data is going to arrive with those variables. > Similarly we can do for POST variables as well. > > > include_once 'some_function.inc' > > scanGetVars($_GET); > > ... > ... > rest of code. > rest of code. > ... > ... > > ?> > > Thanks > Anirudh Zala > > On Wed, 19 Apr 2006 07:39:27 +0530, wrote: > > > > > Yup, it was this http://www.acunetix.com/vulnerability-scanner/audit.aspx > > They do verify if your email address matches the site though. > > In my case, the IP block the dev site was on is owned by our company, so > > I emailed them from my work email, and they queued it up. The email > > about verification did come from a real human too. > > If you\'d like, I can email you off list the logfiles from the webserver > > so you can see the queries they make. > > > > > > > > > > > > --- Original Message --- > > From: inforequest <1j0lkq002 at sneakemail.com> > > Sent: Tue, 18 Apr 2006 10:41:14 -0700 > > To: talk at lists.nyphp.org > > Subject: Re: [nycphp-talk] Web app security scanners > > > >> > >> Thanks Max. Did you go for the \"free website audit\" because I dl\'ed > >> the > >> free scanner and it says it only runs against their test sites, not your > >> own sites. Thanks. > >> > >> -=john andrews > >> http://www.seo-fun.com > >> > >> > >> max max-at-neuropunks.org |nyphp dev/internal group use| wrote: > >> > >> >Well, heres a short followup on this. > >> >I used the acunetix free web based scanner, and it seems to be pretty > >> thourough. > >> >The free report of course has no details in it, only number of > >> potentials problems. > >> >However, looking at the webserver logs, you can see what they were > >> checking for, and it looks serious. > >> >They try 13 different XSS attacks, 3 sql injections, cookie rewriter, > >> all kinds of dir traversal, and > >> >trace/track/connect http request issues. > >> >I still dont think im going to dish out 3 something K for the full > >> version, but at least from their brief report you can check the logs > >> for their requests, and see your server\'s response, and try it > >> yourself. > >> >Pretty educational overall actually. > >> > > >> > > >> >On Sat, Apr 15, 2006 at 01:09:38PM -0500, Max Gribov wrote: > >> > > >> > > >> >>Hello all, > >> >>does anyone know of any opensource/free web app security scanner? > >> >>Basically, I just want something (else besides me) to go through all > >> the > >> >>GET\'s and POST\'s on my PHP site and see if XSS/sql injection/etc is > >> >>possible. > >> >>I certainly did an audit of my own code, but another pair of eyes, > >> >>especially automated, would never hurt. > >> >>Something down the lines of Nessuss only for web apps basically. > >> >>I\'ve seen this: www.acunetix.com, and signed up for a trial audit, > >> but > >> >>am wondering if there is something I can actually download. > >> >>I havent seen anything on freshmeat or even google, most things are > >> >>either tutorials or non-free. > >> >> > >> >>thanks! > >> >> > >> >>max > >> >>_______________ > >> >> > >> > >> _______________________________________________ > >> New York PHP Community Talk Mailing List > >> http://lists.nyphp.org/mailman/listinfo/talk > >> New York PHP Conference and Expo 2006 > >> http://www.nyphpcon.com > >> Show Your Participation in New York PHP > >> http://www.nyphp.org/show_participation.php > >> > >> > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > New York PHP Conference and Expo 2006 > > http://www.nyphpcon.com > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > > -- > ----------------------------------------------- > Anirudh Zala (Project Manager) > ASPL, http://www.aspl.in > Ph: +91 281 245 1894 > arzala at gmail.com > ----------------------------------------------- > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From dcech at phpwerx.net Wed Apr 19 12:21:49 2006 From: dcech at phpwerx.net (Dan Cech) Date: Wed, 19 Apr 2006 12:21:49 -0400 Subject: [nycphp-talk] Web app security scanners In-Reply-To: <20060419154943.GB8908@neuropunks.org> References: <23447-89818@sneakemail.com> <0.94168900.1145412567@neuropunks.org> <20060419154943.GB8908@neuropunks.org> Message-ID: <4446639D.7020700@phpwerx.net> max wrote: > Well, i personally use switch() to filter main input (like index.php?section=about) > and then everything thats GET or POST goes into addslashes and either has html/script things stripped, or converted to htmlentities. > if you look at preg_replace on php.net manual, you'll find some examples on how to strip html/script tags easily. > This audit was still usefull in my opinion. Its good to be able to see what someone who charges, and apparently successfully, for their scanning software would do to simulate real attacks. > Obviously, i can google for XSS, and I have, but another set of eyes is always great. > > > 2c... When you get right down to it, if you use the basic precautions laid out in the relevant PHundamentals article (http://www.nyphp.org/phundamentals/storingretrieving.php), you will not need to 'strip' or 'filter' input to avoid breaking the application itself. There are very few reasons to strip or filter data: * if you need to echo user input to the browser as HTML, in which case best practice would be to vet the tags using a whitelist approach * if you are enforcing business rules (allowed values for a field, etc) * if you are outputting data to other systems (eg sending email headers) Provided you treat the data correctly, your program will see it as just that, data, regardless of the content. If certain input would break your system, it is the system which should be changed, not the data. Dan From 1j0lkq002 at sneakemail.com Wed Apr 19 15:24:33 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Wed, 19 Apr 2006 12:24:33 -0700 Subject: [nycphp-talk] Web app security scanners In-Reply-To: <4446639D.7020700@phpwerx.net> References: <23447-89818@sneakemail.com> <0.94168900.1145412567@neuropunks.org> <20060419154943.GB8908@neuropunks.org> <4446639D.7020700@phpwerx.net> Message-ID: <8630-09965@sneakemail.com> Dan Cech dcech-at-phpwerx.net |nyphp dev/internal group use| wrote: >max wrote: > > >>Well, i personally use switch() to filter main input (like index.php?section=about) >>and then everything thats GET or POST goes into addslashes and either has html/script things stripped, or converted to htmlentities. >>if you look at preg_replace on php.net manual, you'll find some examples on how to strip html/script tags easily. >>This audit was still usefull in my opinion. Its good to be able to see what someone who charges, and apparently successfully, for their scanning software would do to simulate real attacks. >>Obviously, i can google for XSS, and I have, but another set of eyes is always great. >> >> >>2c... >> >> > >When you get right down to it, if you use the basic precautions laid out >in the relevant PHundamentals article >(http://www.nyphp.org/phundamentals/storingretrieving.php), you will not >need to 'strip' or 'filter' input to avoid breaking the application itself. > >There are very few reasons to strip or filter data: > >* if you need to echo user input to the browser as HTML, in which case >best practice would be to vet the tags using a whitelist approach > >* if you are enforcing business rules (allowed values for a field, etc) > >* if you are outputting data to other systems (eg sending email headers) > >Provided you treat the data correctly, your program will see it as just >that, data, regardless of the content. If certain input would break >your system, it is the system which should be changed, not the data. > >Dan > Hey Dan I totally agree with you, but I also note that errors are made and systems are often coded by multiple people most of whom do not have the time to read through all of the code before adding or making changes to part of the code. So in the name of "robustness" isn't it still a god idea to sanitize everything? I think an optimization step might be to remove uneeded sanitization, but it seems to be a relatively low-cost safe practice to me. -=john andrews http://www.seo-fun.com From dkov at optonline.net Thu Apr 20 09:32:06 2006 From: dkov at optonline.net (dkov at optonline.net) Date: Thu, 20 Apr 2006 09:32:06 -0400 Subject: [nycphp-talk] introduction and first question relating to blogging software Message-ID: Hello to all, I am new and would like to introduce myself and say that I was happy to find a NY PHP group. I'm from the Bronx. I would like to ask if anyone knows what software http://www.blog-city.com/ is built on? I want to create a site like this and have already installed software like wordpress and joomla. I have tried customizing these to function so that users can create their own blogs. I installed the mamblog component. However, it doesn't work just like blog-city. If there is open source software that is designed to have a blog cms whose sole purpose is to host multiple user's blogs I would rather use that. Thanks. Kind regards, David From chsnyder at gmail.com Thu Apr 20 10:35:26 2006 From: chsnyder at gmail.com (csnyder) Date: Thu, 20 Apr 2006 10:35:26 -0400 Subject: [nycphp-talk] introduction and first question relating to blogging software In-Reply-To: References: Message-ID: On 4/20/06, dkov at optonline.net wrote: > > Hello to all, > > I am new and would like to introduce myself and say that I was happy to find a NY PHP group. I'm from the Bronx. > > I would like to ask if anyone knows what software http://www.blog-city.com/ is built on? I want to create a site like this and have already installed software like wordpress and joomla. I have tried customizing these to function so that users can create their own blogs. I installed the mamblog component. However, it doesn't work just like blog-city. If there is open source software that is designed to have a blog cms whose sole purpose is to host multiple user's blogs I would rather use that. > > Thanks. > > Kind regards, > David Blog-city looks like it's built in Java, based on the error message the "About Us" page generates. But that's beside the point. Really, Joomla has no virtual hosting modules? -- Chris Snyder http://chxo.com/ From adlermedrado at gmail.com Thu Apr 20 10:42:22 2006 From: adlermedrado at gmail.com (Adler Medrado) Date: Thu, 20 Apr 2006 11:42:22 -0300 Subject: [nycphp-talk] introduction and first question relating to blogging software In-Reply-To: References: Message-ID: i think it was made with coldfusion, cause i've found this link: http://www.blog-city.com/bc/version.cfm []s adler medrado -- Nesher Technologies http://www.neshertech.net http://adler.neshertech.net On 4/20/06, csnyder wrote: > > On 4/20/06, dkov at optonline.net wrote: > > > > Hello to all, > > > > I am new and would like to introduce myself and say that I was happy to > find a NY PHP group. I'm from the Bronx. > > > > I would like to ask if anyone knows what software > http://www.blog-city.com/ is built on? I want to create a site like this > and have already installed software like wordpress and joomla. I have tried > customizing these to function so that users can create their own blogs. I > installed the mamblog component. However, it doesn't work just like > blog-city. If there is open source software that is designed to have a blog > cms whose sole purpose is to host multiple user's blogs I would rather use > that. > > > > Thanks. > > > > Kind regards, > > David > > > Blog-city looks like it's built in Java, based on the error message > the "About Us" page generates. > > But that's beside the point. Really, Joomla has no virtual hosting > modules? > > -- > Chris Snyder > http://chxo.com/ > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailinglists at caseysoftware.com Thu Apr 20 10:48:38 2006 From: mailinglists at caseysoftware.com (Keith Casey) Date: Thu, 20 Apr 2006 10:48:38 -0400 Subject: [nycphp-talk] introduction and first question relating to blogging software In-Reply-To: References: Message-ID: On 4/20/06, csnyder wrote: > Blog-city looks like it's built in Java, based on the error message > the "About Us" page generates. Whatever the system is, it's running on Jetty. > But that's beside the point. Really, Joomla has no virtual hosting modules? I haven't dug into that side of Joomla very deeply, but I know Drupal can handle multiple blogs simultaneously... and each user gets their own feed, etc. -- Keith Casey CEO, http://CaseySoftware.com 2006 DC PHP Conference Details: http://dcphpconference.com/ From talk at esteticastudios.com Thu Apr 20 20:32:46 2006 From: talk at esteticastudios.com (Iulian Manea) Date: Fri, 21 Apr 2006 03:32:46 +0300 Subject: [nycphp-talk] Php in the twilight zone In-Reply-To: Message-ID: <20060421003257.AC99AA865D@virtu.nyphp.org> Hey everybody, For about the last 7 hours I am trying to get a script to work and I have absolutely no more ideas of why it isn't. I run the script in a browser, and it has to run for some time, but after about 20 minutes it suddenly . stops . it just pukes. No there is no error, and yes the display_errors is on. The script just stops as if it was stoped by someone no eror, the erver has absolutely no load, so it's not the server either. I then put in the script once every 3-4 lines Echo __LINE__; so I would actually know on what line it pukes. and it stops randomly. Te funny thing is that last time I ran it, the last lines it displayed were: 228, 234, 23 , so it just puked in THE MIDDLE of displaying 236! Cound it be because of the browser??? Or the server would stop it?? I ran it in firefox and internet explorer. Do any of you have any idea, because I would be imensly gratefull, at the moment I am absolutely cluless! Thanks a lot!!!!! -------------- next part -------------- An HTML attachment was scrubbed... URL: From nyphp at n0p.net Thu Apr 20 21:02:03 2006 From: nyphp at n0p.net (Flavio daCosta) Date: Thu, 20 Apr 2006 21:02:03 -0400 Subject: [nycphp-talk] Php in the twilight zone In-Reply-To: <20060421003257.AC99AA865D@virtu.nyphp.org> References: <20060421003257.AC99AA865D@virtu.nyphp.org> Message-ID: <44482F0B.6040805@n0p.net> No solutions, but some thoughts... Apache, IIS, other? > I run the script in a browser, and it has to run for some time, but > after about 20 minutes it suddenly ? stops ? it just pukes. If I read that sentence correct, that seems like quite a long time for a (web) script to be running...? Could you be hitting resource limits in php.ini? max_execution_time, max_input_time ? Are you normally outputting anything to the browser during this time? Could the web server _think_ it is a dead connection from no data being transfered for such a long period and drop or kill it? > No there is > no error, and yes the display_errors is on. The script just stops as if > it was stoped by someone no eror, the erver has absolutely no load, so > it?s not the server either. To tell you the truth, sounds like a php segfault to me, any errors in the web server logs? Can you turn web server log verbosity up? Did you compile PHP or a prepackaged one? What extensions are loaded, can you disable any of them? Do you have any database connections open? If so, are the client versions compatible? (e.g. I have noticed some issues with pgsql.so and Postgresql server 8.1 which may be related to the version of pg libs it was compiled against) > I then put in the script once every 3-4 lines > Echo __LINE__; so I would actually know on what line it pukes? and it > stops randomly. Te funny thing is that last time I ran it, the last > lines it displayed were: > > 228, 234, 23 , so it just puked in THE MIDDLE of displaying 236! what about adding some memory_get_usage () calls as well. > Cound it be because of the browser??? Or the server would stop it?? There is also a setting in php.ini to ignore if the user clicks 'stop' ignore_user_abort = On. Perhaps no help at all, but thought I would share my first impressions. Flavio From nyphp at n0p.net Thu Apr 20 21:35:19 2006 From: nyphp at n0p.net (Flavio daCosta) Date: Thu, 20 Apr 2006 21:35:19 -0400 Subject: [nycphp-talk] Php in the twilight zone In-Reply-To: <44482F0B.6040805@n0p.net> References: <20060421003257.AC99AA865D@virtu.nyphp.org> <44482F0B.6040805@n0p.net> Message-ID: <444836D7.2020809@n0p.net> >> I run the script in a browser, and it has to run for some time, but >> after about 20 minutes it suddenly ? stops ? it just pukes. > > If I read that sentence correct, that seems like quite a long time for a > (web) script to be running...? Just to add as a side note, I try to keep my web facing scripts as speedy as possible. When there is a resource/time intense task (such as gathering/sorting millions or rows from a db,) I almost always insert a _request_ into a working queue, and return control to the browser as quickly as possible. I will then handle the request with a command line script, and then notify the user via another method (email, web alert on next page hit, etc.) This method seems to blend better with the web paradigm. Once again I haven't helped you with your direct problem, but just wanted to add some food for thought. Ok, I will stop replying to my own post now. :-P Flavio From chsnyder at gmail.com Fri Apr 21 09:08:34 2006 From: chsnyder at gmail.com (csnyder) Date: Fri, 21 Apr 2006 09:08:34 -0400 Subject: [nycphp-talk] Php in the twilight zone In-Reply-To: <44482F0B.6040805@n0p.net> References: <20060421003257.AC99AA865D@virtu.nyphp.org> <44482F0B.6040805@n0p.net> Message-ID: On 4/20/06, Flavio daCosta wrote: > To tell you the truth, sounds like a php segfault to me, any errors in > the web server logs? I thought segfault, too, but you usually don't get any output back. Then again. if the script is running for 20 minutes, Apache may just be flushing the output buffer out of boredom. -- Chris Snyder http://chxo.com/ From talk at esteticastudios.com Fri Apr 21 09:21:36 2006 From: talk at esteticastudios.com (Iulian Manea) Date: Fri, 21 Apr 2006 16:21:36 +0300 Subject: [nycphp-talk] Php in the twilight zone In-Reply-To: Message-ID: <20060421132140.E343DA863E@virtu.nyphp.org> > if the script is running for 20 minutes, Apache may just be flushing the > output buffer out of boredom. The script is used for spidering a site, which is quite big .. so the 20 minutes isn't that much. But each time the script finds a new link it flushes it to the browser, so the connection shouldn't timeout or anything ... -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of csnyder Sent: Friday, April 21, 2006 4:09 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Php in the twilight zone On 4/20/06, Flavio daCosta wrote: > To tell you the truth, sounds like a php segfault to me, any errors in > the web server logs? I thought segfault, too, but you usually don't get any output back. Then again. if the script is running for 20 minutes, Apache may just be flushing the output buffer out of boredom. -- Chris Snyder http://chxo.com/ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk New York PHP Conference and Expo 2006 http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From cahoyos at us.ibm.com Fri Apr 21 09:54:47 2006 From: cahoyos at us.ibm.com (Carlos A Hoyos) Date: Fri, 21 Apr 2006 09:54:47 -0400 Subject: [nycphp-talk] Php in the twilight zone In-Reply-To: <20060421132140.E343DA863E@virtu.nyphp.org> Message-ID: talk-bounces at lists.nyphp.org wrote on 04/21/2006 09:21:36 AM: > The script is used for spidering a site, which is quite big .. so the 20 > minutes isn't that much. But each time the script finds a new link it > flushes it to the browser, so the connection shouldn't timeout or anything > ... Sounds like a segmentation fault. I saw this happen some time ago with a similar script, where given the structure of the site one of the urls was always different per page, creating an infinite descend. Running on *nix, if you can run the script from the command line, "strace" can help you debug and understand why the script is dying. Carlos Hoyos, From ajai at bitblit.net Fri Apr 21 10:20:01 2006 From: ajai at bitblit.net (Ajai Khattri) Date: Fri, 21 Apr 2006 10:20:01 -0400 Subject: [nycphp-talk] introduction and first question relating to blogging software In-Reply-To: References: Message-ID: <4448EA11.3040305@bitblit.net> Adler Medrado wrote: > i think it was made with coldfusion, cause i've found this link: > http://www.blog-city.com/bc/version.cfm And Cold Fusion is written in Java... From ajai at bitblit.net Fri Apr 21 10:21:08 2006 From: ajai at bitblit.net (Ajai Khattri) Date: Fri, 21 Apr 2006 10:21:08 -0400 Subject: [nycphp-talk] introduction and first question relating to blogging software In-Reply-To: References: Message-ID: <4448EA54.9060900@bitblit.net> Keith Casey wrote: > > > I haven't dug into that side of Joomla very deeply, but I know Drupal > can handle multiple blogs simultaneously... and each user gets their > own feed, etc. I think b2evolution handles multiple blogs simultaneously too. From lists at jack-scott.com Fri Apr 21 10:24:04 2006 From: lists at jack-scott.com (Jack Scott) Date: Fri, 21 Apr 2006 10:24:04 -0400 Subject: [nycphp-talk] Php in the twilight zone In-Reply-To: <20060421132140.E343DA863E@virtu.nyphp.org> References: <20060421132140.E343DA863E@virtu.nyphp.org> Message-ID: <1145629444.17316.41.camel@localhost> On Fri, 2006-04-21 at 16:21 +0300, Iulian Manea wrote: > The script is used for spidering a site, which is quite big .. so the 20 > minutes isn't that much. But each time the script finds a new link it > flushes it to the browser, so the connection shouldn't timeout or anything > ... This doesn't fix your immediate problem, but if you are on *nix you could run wget, lynx, or webBot to spider the site and then parse out those results? I have had to do this in the past and used wget to recursively spider a site and create html files locally. Once that is done I grep the results and pipe them to sed and/or (g,n)awk to fine tune the desired results. There are a ton of similar windows utilities out there as well if that is your platform. Hope this helps, Jack From edwardpotter at gmail.com Fri Apr 21 10:48:24 2006 From: edwardpotter at gmail.com (edward potter) Date: Fri, 21 Apr 2006 10:48:24 -0400 Subject: [nycphp-talk] ok, the Holy Grail? joomla? Message-ID: Well it seems to have it all, it's been out for awhile, has an interesting history. You can basically mash it up with wordpress and you have 100's of extensions. all OS/php/mysql. Over 300,000 forum posts. http://www.joomla.org From sequethin at gmail.com Fri Apr 21 10:53:55 2006 From: sequethin at gmail.com (Michael Hernandez) Date: Fri, 21 Apr 2006 10:53:55 -0400 Subject: [nycphp-talk] ok, the Holy Grail? joomla? In-Reply-To: References: Message-ID: <378AFB27-85EB-434C-82D9-484EC3D7132C@gmail.com> On Apr 21, 2006, at 10:48 AM, edward potter wrote: > Well it seems to have it all, it's been out for awhile, has an > interesting history. You can basically mash it up with wordpress and > you have 100's of extensions. all OS/php/mysql. Over 300,000 forum > posts. > > http://www.joomla.org > _______________________________________________ eh... it's mambo (basically) ;) I use it and enjoy using it. It's a bit overkill where wordpress is enough for simple blogs, but it's extensibility is great for sites with potential to get larger. I look forward to seeing what joomla will offer in the next major release. Mike From aaron at aarond.com Fri Apr 21 12:50:00 2006 From: aaron at aarond.com (aaron) Date: Fri, 21 Apr 2006 12:50:00 -0400 Subject: [nycphp-talk] word doc properties Message-ID: <44490D38.80809@aarond.com> Is there an easy way to get the properties of a Word doc in a php script? I'm specifically looking to grab the 'Title' on the summary tab. I found some info on COM objects, but it's a little confusing. My servers are IIS on Win2k. thanks, Aaron D. From adlermedrado at gmail.com Fri Apr 21 13:17:28 2006 From: adlermedrado at gmail.com (Adler Medrado) Date: Fri, 21 Apr 2006 14:17:28 -0300 Subject: [nycphp-talk] introduction and first question relating to blogging software In-Reply-To: <4448EA11.3040305@bitblit.net> References: <4448EA11.3040305@bitblit.net> Message-ID: but it is not java ;) On 4/21/06, Ajai Khattri wrote: > > Adler Medrado wrote: > > i think it was made with coldfusion, cause i've found this link: > > http://www.blog-city.com/bc/version.cfm > And Cold Fusion is written in Java... > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- Nesher Technologies http://www.neshertech.net http://adler.neshertech.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From 1j0lkq002 at sneakemail.com Fri Apr 21 13:46:25 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Fri, 21 Apr 2006 10:46:25 -0700 Subject: [nycphp-talk] ok, the Holy Grail? joomla? In-Reply-To: <378AFB27-85EB-434C-82D9-484EC3D7132C@gmail.com> References: <378AFB27-85EB-434C-82D9-484EC3D7132C@gmail.com> Message-ID: <31429-42621@sneakemail.com> Michael Hernandez sequethin-at-gmail.com |nyphp dev/internal group use| wrote: >On Apr 21, 2006, at 10:48 AM, edward potter wrote: > > > >>Well it seems to have it all, it's been out for awhile, has an >>interesting history. You can basically mash it up with wordpress and >>you have 100's of extensions. all OS/php/mysql. Over 300,000 forum >>posts. >> >>http://www.joomla.org >>_______________________________________________ >> >> > >eh... it's mambo (basically) ;) I use it and enjoy using it. It's a >bit overkill where wordpress is enough for simple blogs, but it's >extensibility is great for sites with potential to get larger. I look >forward to seeing what joomla will offer in the next major release. > >Mike > > > yeah, wordpress is so lightweight and unbloated... great for simple blogs. -- ------------------------------------------------------------- http://www.seo-fun.com "writing is often like driving a truck at night without headlights, losing your way along the road and spending a decade in a ditch" -- Gay Talese From codebowl at gmail.com Fri Apr 21 13:50:42 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Fri, 21 Apr 2006 13:50:42 -0400 Subject: [nycphp-talk] PHP Scanning for unused functions or vars Message-ID: <8d9a42800604211050j3942610bq5b6e00e51d0bd86@mail.gmail.com> Hey everyone, Is there a tool that can be used to scan php files in a dir to tell me if there are any function / classes / variables / constants / etc. that are in the code but never used? This would come in handy for code where you were not the original developer but wanted to clean things up without breaking functionality. Is this something Zend Studio can do? I have that but have not seen the feature. Thanks, -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From codebowl at gmail.com Fri Apr 21 14:00:31 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Fri, 21 Apr 2006 14:00:31 -0400 Subject: [nycphp-talk] word doc properties In-Reply-To: <44490D38.80809@aarond.com> References: <44490D38.80809@aarond.com> Message-ID: <8d9a42800604211100o74cf3135mc3add27c50e96b3d@mail.gmail.com> I believe you would need to use a COM object within PHP to actually launch MS Word to read the files like you wish to. I did an article on weberdev about using Word and Mail Merge from within PHP. http://www.weberdev.com/get_example-4232.html It also explains that you need to set the COM permissions so that the IIS user or current windows user has access to remotely open Word "hidden" in the background. Thanks, -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From sequethin at gmail.com Fri Apr 21 14:09:56 2006 From: sequethin at gmail.com (Michael Hernandez) Date: Fri, 21 Apr 2006 14:09:56 -0400 Subject: [nycphp-talk] ok, the Holy Grail? joomla? In-Reply-To: <31429-42621@sneakemail.com> References: <378AFB27-85EB-434C-82D9-484EC3D7132C@gmail.com> <31429-42621@sneakemail.com> Message-ID: On Apr 21, 2006, at 1:46 PM, inforequest wrote: > > yeah, wordpress is so lightweight and unbloated... great for simple > blogs. > > > Well it's certainly not as massive as joomla. I don't see how wordpress is bloated enough to draw sarcastic comments really. Could you elaborate? From nyphp at n0p.net Fri Apr 21 14:13:51 2006 From: nyphp at n0p.net (Flavio daCosta) Date: Fri, 21 Apr 2006 14:13:51 -0400 Subject: [nycphp-talk] PHP Scanning for unused functions or vars In-Reply-To: <8d9a42800604211050j3942610bq5b6e00e51d0bd86@mail.gmail.com> References: <8d9a42800604211050j3942610bq5b6e00e51d0bd86@mail.gmail.com> Message-ID: <444920DF.1060007@n0p.net> On 04/21/2006 01:50 PM, Joseph Crawford wrote: > Hey everyone, > > Is there a tool that can be used to scan php files in a dir to tell me > if there are any function / classes / variables / constants / etc. that > are in the code but never used? I am on my way out, so no time to validate my claims/memory for correctness, but take a look at xdebug and PHPUnit2 (or one of the testing suites) From 1j0lkq002 at sneakemail.com Fri Apr 21 15:07:39 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Fri, 21 Apr 2006 12:07:39 -0700 Subject: [nycphp-talk] ok, the Holy Grail? joomla? In-Reply-To: References: <378AFB27-85EB-434C-82D9-484EC3D7132C@gmail.com> <31429-42621@sneakemail.com> Message-ID: <27321-60667@sneakemail.com> Michael Hernandez sequethin-at-gmail.com |nyphp dev/internal group use| wrote: >On Apr 21, 2006, at 1:46 PM, inforequest wrote: > > > >>yeah, wordpress is so lightweight and unbloated... great for simple >>blogs. >> >> >> >> >> > >Well it's certainly not as massive as joomla. I don't see how >wordpress is bloated enough to draw sarcastic comments really. Could >you elaborate? > > > probably just a fleeting aggravation with the wysiwyg editor..as my machine crashed...probably due to an errant plug-in, or the spell-checker...who knows... or maybe I'm just tired of working thru the new rewrite system... or maybe it was the, oh nevermind. -- ------------------------------------------------------------- http://www.seo-fun.com "writing is often like driving a truck at night without headlights, losing your way along the road and spending a decade in a ditch" -- Gay Talese From codebowl at gmail.com Fri Apr 21 17:07:00 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Fri, 21 Apr 2006 17:07:00 -0400 Subject: [nycphp-talk] Strange Characters Message-ID: <8d9a42800604211407o3b17322fje1bb89b7475fab75@mail.gmail.com> Hello, Has anyone seen these characters before? ??? One of my clients sites has that on 1 particular page and i cannot figure out what is causing it. Thanks, -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From chsnyder at gmail.com Fri Apr 21 17:12:12 2006 From: chsnyder at gmail.com (csnyder) Date: Fri, 21 Apr 2006 17:12:12 -0400 Subject: [nycphp-talk] Strange Characters In-Reply-To: <8d9a42800604211407o3b17322fje1bb89b7475fab75@mail.gmail.com> References: <8d9a42800604211407o3b17322fje1bb89b7475fab75@mail.gmail.com> Message-ID: On 4/21/06, Joseph Crawford wrote: > Hello, > > Has anyone seen these characters before? > > ??? > > One of my clients sites has that on 1 particular page and i cannot figure > out what is causing it. Mismatch between htmlentities() charset parameter and Content-type charset? Copy and paste from Word into web form? Bug? From rahmin at insite-out.com Fri Apr 21 17:38:55 2006 From: rahmin at insite-out.com (Rahmin Pavlovic) Date: Fri, 21 Apr 2006 17:38:55 -0400 Subject: [nycphp-talk] Strange Characters In-Reply-To: <8d9a42800604211407o3b17322fje1bb89b7475fab75@mail.gmail.com> Message-ID: On 4/21/06 5:07 PM, "Joseph Crawford" wrote: > Hello, > > Has anyone seen these characters before? > > ??? Yes, that's what happens when you echoing something that's not within your charset. Printing high-bit chars can be weird, at best. Our editor's format their own HTML, but they also use stuff like Word and Quark, so I came up with a blacklist mapping solution to keep any HTML we want but convert the high-bit stuff like: char(133) => '...' char(147) => '"e;' char(148) => '"e;' char(162) => '¢' char(163) => '£' char(165) => '¥' etc From mailinglists at caseysoftware.com Fri Apr 21 17:28:05 2006 From: mailinglists at caseysoftware.com (Keith Casey) Date: Fri, 21 Apr 2006 17:28:05 -0400 Subject: [nycphp-talk] Strange Characters In-Reply-To: References: <8d9a42800604211407o3b17322fje1bb89b7475fab75@mail.gmail.com> Message-ID: On 4/21/06, csnyder wrote: > > Has anyone seen these characters before? > > > > ??? > > Mismatch between htmlentities() charset parameter and Content-type charset? Actually, I've been poking at pretty much the same thing today. I'm parsing an incoming rss feed and weird things appeared. Turns out my case is that it's a "smart quote" and causing all kinds of issues because as soon as I do anything with it - other than an xml to xml transform - it morphs into a nasty character like above... -- Keith Casey CEO, http://CaseySoftware.com 2006 DC PHP Conference Details: http://dcphpconference.com/ From evdo.hsdpa at gmail.com Fri Apr 21 17:53:20 2006 From: evdo.hsdpa at gmail.com (Robert Kim Wireless Internet Advisor) Date: Fri, 21 Apr 2006 14:53:20 -0700 Subject: [nycphp-talk] WIMAX vs 3g EVDO HSDPA wireless internet coverage map - want your help Message-ID: <1ec620e90604211453q23017544qa6ef4206f69b9b56@mail.gmail.com> WIMAX vs 3g EVDO HSDPA wireless internet coverage map - want your help slightly off topic but I want your help. I'm building a WIMAX Google Map. Feel free to add any and all WIMAX or WISP providers that you know of internationally at http://map.wirelessinternetcoverage.com As you do... please please ... send me an email re your experience and recommended upgrades.. this is just a BETA for now.. so go easy!.. thanks.. bob -- Robert Q Kim, Wireless Internet Advisor http://wireless-internet-coverage.blogspot.com http://evdo-coverage.com 2611 S. Pacific Coast Highway 101 Suite 203 Cardiff by the Sea, CA 92007 206 984 0880 From danielc at analysisandsolutions.com Fri Apr 21 18:10:16 2006 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Fri, 21 Apr 2006 18:10:16 -0400 Subject: [nycphp-talk] Php in the twilight zone In-Reply-To: <20060421132140.E343DA863E@virtu.nyphp.org> References: <20060421132140.E343DA863E@virtu.nyphp.org> Message-ID: <20060421221016.GA19895@panix.com> On Fri, Apr 21, 2006 at 04:21:36PM +0300, Iulian Manea wrote: > > The script is used for spidering a site, which is quite big .. so the 20 > minutes isn't that much. Running a script for so long in a web browser is nuts. Make it a shell script (possibly run via cron) that outputs HTML that you can look at once the process is done. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From lists at zaunere.com Fri Apr 21 21:19:21 2006 From: lists at zaunere.com (Hans Zaunere) Date: Fri, 21 Apr 2006 21:19:21 -0400 Subject: [nycphp-talk] WIMAX vs 3g EVDO HSDPA wireless internet coverage map- want your help In-Reply-To: <1ec620e90604211453q23017544qa6ef4206f69b9b56@mail.gmail.com> Message-ID: <002901c665aa$c99c30a0$640aa8c0@MZ> Bob, This is not an appropriate post for this list. It doesn't relate to PHP or open source in any way, and in fact your site doesn't work. Please refrain from making another post like this. --- Hans Zaunere / President / New York PHP www.nyphp.org / www.nyphp.com Robert Kim Wireless Internet Advisor wrote on Friday, April 21, 2006 5:53 PM: > WIMAX vs 3g EVDO HSDPA wireless internet coverage map - want your > help > > slightly off topic but I want your help. I'm building a WIMAX Google > Map. Feel free to add any and all WIMAX or WISP providers that you > know of internationally at http://map.wirelessinternetcoverage.com > > As you do... please please ... send me an email re your experience > and recommended upgrades.. this is just a BETA for now.. so go > easy!.. > thanks.. bob > > > -- > Robert Q Kim, Wireless Internet Advisor > http://wireless-internet-coverage.blogspot.com > http://evdo-coverage.com > 2611 S. Pacific Coast Highway 101 > Suite 203 > Cardiff by the Sea, CA 92007 > 206 984 0880 > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From evdo.hsdpa at gmail.com Fri Apr 21 22:15:45 2006 From: evdo.hsdpa at gmail.com (Robert Kim Wireless Internet Advisor) Date: Fri, 21 Apr 2006 19:15:45 -0700 Subject: [nycphp-talk] WIMAX vs 3g EVDO HSDPA wireless internet coverage map- want your help In-Reply-To: <002901c665aa$c99c30a0$640aa8c0@MZ> References: <1ec620e90604211453q23017544qa6ef4206f69b9b56@mail.gmail.com> <002901c665aa$c99c30a0$640aa8c0@MZ> Message-ID: <1ec620e90604211915n73893561j8346baced07e33a2@mail.gmail.com> I do agree that My post was not strictly relevant BUT.. the Google MAP I am building is totally "open source" and is a Public Development Project... so i though you guys would atleast stand with me here. But I understand.. and thanks for your professionalism. - bob On 4/21/06, Hans Zaunere wrote: > > Bob, > > This is not an appropriate post for this list. It doesn't relate to > PHP or open source in any way, and in fact your site doesn't work. > Please refrain from making another post like this. > > Robert Kim Wireless Internet Advisor wrote on Friday, April 21, 2006 > 5:53 PM: > > WIMAX vs 3g EVDO HSDPA wireless internet coverage map - want your > > help > > > > slightly off topic but I want your help. I'm building a WIMAX Google > > Map. Feel free to add any and all WIMAX or WISP providers that you > > know of internationally at http://map.wirelessinternetcoverage.com > > > > As you do... please please ... send me an email re your experience > > and recommended upgrades.. this is just a BETA for now.. so go > > easy!.. > > thanks.. bob > > -- Robert Q Kim, Wireless Internet Advisor http://wireless-internet-coverage.blogspot.com http://evdo-coverage.com 2611 S. Pacific Coast Highway 101 Suite 203 Cardiff by the Sea, CA 92007 206 984 0880 From tedd at sperling.com Sat Apr 22 11:02:00 2006 From: tedd at sperling.com (tedd) Date: Sat, 22 Apr 2006 11:02:00 -0400 Subject: [nycphp-talk] Strange Characters In-Reply-To: <8d9a42800604211407o3b17322fje1bb89b7475fab75@mail.gmail.com> References: <8d9a42800604211407o3b17322fje1bb89b7475fab75@mail.gmail.com> Message-ID: >Hello, > >Has anyone seen these characters before? > >??? > >One of my clients sites has that on 1 particular >page and i cannot figure out what is causing it. > >Thanks, >-- >Joseph Crawford Jr. Who knows what they were. Keep in mind that at each stage, each rendering agent (desktop application, browser, server, email client, etc.) displays the text as what it believes it is with the resources it has available (i.e., font, char-set, ASCII, Unicode code points) -- that's the reason for Unicode. tedd -- -------------------------------------------------------------------------------- http://sperling.com From mitch.pirtle at gmail.com Sat Apr 22 13:22:21 2006 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Sat, 22 Apr 2006 13:22:21 -0400 Subject: [nycphp-talk] Web app security scanners In-Reply-To: <8630-09965@sneakemail.com> References: <23447-89818@sneakemail.com> <0.94168900.1145412567@neuropunks.org> <20060419154943.GB8908@neuropunks.org> <4446639D.7020700@phpwerx.net> <8630-09965@sneakemail.com> Message-ID: <330532b60604221022t1736b592q66569989bba5fe7d@mail.gmail.com> Just received a copy of "Penetration Tester's Open Source Toolkit" from Syngress, and it looks like a great reference for everyone that builds websites. A big, thick beastie, there seems to be a load of reference on many different toolkits and plenty of language-based discussion (c, perl, php, etc). Might want to start there, if you want something with some heft to keep you busy ;-) IMHO the tools like nmap, nessus and ettercap are a great start, but just that - a start. Getting an understanding of how these tools work, and why they do what they do, is the real value. With that knowlege you are then empowered to take a proactive approach. -- Mitch From mitch.pirtle at gmail.com Sat Apr 22 13:31:26 2006 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Sat, 22 Apr 2006 13:31:26 -0400 Subject: [nycphp-talk] ok, the Holy Grail? joomla? In-Reply-To: <378AFB27-85EB-434C-82D9-484EC3D7132C@gmail.com> References: <378AFB27-85EB-434C-82D9-484EC3D7132C@gmail.com> Message-ID: <330532b60604221031y119f885ds2472909a80db4613@mail.gmail.com> On 4/21/06, Michael Hernandez wrote: > > On Apr 21, 2006, at 10:48 AM, edward potter wrote: > > > Well it seems to have it all, it's been out for awhile, has an > > interesting history. You can basically mash it up with wordpress and > > you have 100's of extensions. all OS/php/mysql. Over 300,000 forum > > posts. > > > > http://www.joomla.org > > _______________________________________________ > > eh... it's mambo (basically) ;) Careful, son. In these here parts them's fightin' words. Actually, what was called Mambo is now Joomla, and what is now called Mambo is something completely different. I'd tell you more, but I'm supposed to advise everyone to wait for the movie. > I use it and enjoy using it. It's a > bit overkill where wordpress is enough for simple blogs, but it's > extensibility is great for sites with potential to get larger. I look > forward to seeing what joomla will offer in the next major release. Then download the 1.5 nightly, found from our developer portal: http://dev.joomla.org Also, you can peruse the newfangled API here: http://api.joomla.org The coolest thing (IMHO) about what we have done with the 1.5 release is the JApplication class, where you can make a standalone PHP script that uses the same session management, database access, and so on without having to make a proper component and serve it from a Joomla website. And the XML-RPC server and client are now default, and there is already a Java-based flat client for content managers in a working state. Oh, you gotta check out the nightly, we just did some freaky work on the front end editor too... In a way, you could say we wrote the Joomla CMS with the Joomla framework. Maybe it's time for another presentation? Is there any interest in this? -- Mitch Pirtle Joomla! Core Developer Open Source Matters From talk at esteticastudios.com Sat Apr 22 14:20:11 2006 From: talk at esteticastudios.com (Iulian Manea) Date: Sat, 22 Apr 2006 21:20:11 +0300 Subject: [nycphp-talk] Php in the twilight zone In-Reply-To: Message-ID: <20060422182019.38990A8635@virtu.nyphp.org> Hey again, I ran it with strace , and yes, it's a segmentation fault ... here are the last few lines from the output txt file: send(8, "\35\300\1\0\0\1\0\0\0\0\0\0\3www\ttalkshack\3com\0\0"..., 35, 0) = 35 poll([{fd=8, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 ioctl(8, FIONREAD, [145]) = 0 recvfrom(8, "\35\300\205\200\0\1\0\2\0\2\0\2\3www\ttalkshack\3com\0"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("69.93.35.154")}, [16]) = 145 --- SIGSEGV (Segmentation fault) @ 0 (0) --- +++ killed by SIGSEGV (core dumped) +++ Now .. my problem would be.. does anyone have ay idea how to interpret strace output??? Thx... -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Carlos A Hoyos Sent: Friday, April 21, 2006 4:55 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Php in the twilight zone talk-bounces at lists.nyphp.org wrote on 04/21/2006 09:21:36 AM: > The script is used for spidering a site, which is quite big .. so the 20 > minutes isn't that much. But each time the script finds a new link it > flushes it to the browser, so the connection shouldn't timeout or anything > ... Sounds like a segmentation fault. I saw this happen some time ago with a similar script, where given the structure of the site one of the urls was always different per page, creating an infinite descend. Running on *nix, if you can run the script from the command line, "strace" can help you debug and understand why the script is dying. Carlos Hoyos, _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk New York PHP Conference and Expo 2006 http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php __________ NOD32 1.1454 (20060321) Information __________ This message was checked by NOD32 antivirus system. http://www.nod32.com From matt at jiffycomp.com Sat Apr 22 15:21:24 2006 From: matt at jiffycomp.com (Matt Morgan) Date: Sat, 22 Apr 2006 15:21:24 -0400 Subject: [nycphp-talk] ok, the Holy Grail? joomla? In-Reply-To: <330532b60604221031y119f885ds2472909a80db4613@mail.gmail.com> References: <378AFB27-85EB-434C-82D9-484EC3D7132C@gmail.com> <330532b60604221031y119f885ds2472909a80db4613@mail.gmail.com> Message-ID: <444A8234.7000103@jiffycomp.com> Mitch Pirtle wrote: > [snip] > >In a way, you could say we wrote the Joomla CMS with the Joomla >framework. Maybe it's time for another presentation? Is there any >interest in this? > > > I would make time for that presentation. From mwithington at PLMresearch.com Sat Apr 22 15:26:50 2006 From: mwithington at PLMresearch.com (Mark Withington) Date: Sat, 22 Apr 2006 15:26:50 -0400 Subject: [nycphp-talk] ok, the Holy Grail? joomla? Message-ID: <1F3CD8DDFB6A9B4C9B8DD06E4A7DE35801355ED1@network.PLMresearch.com> Those interested can hear core devs: Mitch Pirtle, Louis Landry, Andy Miller and even Johan Janssens in Belgium (courtesy of Skype and strong coffee) walked through the latest Joomla! 1.5 news at http://www.bostonphp.org/ when they visited us during LinuxWorld. You can either subscribe to the podcast or listen directly: http://www.bostonphp.org/images/stories/podcasts/bphp_3_3_06_joomla.mp3 Cheers, Mark -------------------------- Mark L. Withington PLMresearch "eBusiness for the Midsize Enterprise" PO Box 1354 Plymouth, MA 02362 o: 800-310-3992 ext. 704 f: 508-746-4973 v: 508-746-2383 m: 508-801-0181 Skypein: 508-570-2285 http://www.PLMresearch.com AIM/MSN/Skype: PLMresearch Yahoo: PLMresearch2000 mwithington at plmresearch.com Public Key: http://www.plmresearch.com/keys/MLW_public_key.asc Calendar: http://www.plmresearch.com/calendar.php > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Mitch Pirtle > Sent: Saturday, April 22, 2006 1:31 PM > To: NYPHP Talk > Subject: Re: [nycphp-talk] ok, the Holy Grail? joomla? > > > On 4/21/06, Michael Hernandez wrote: > > > > On Apr 21, 2006, at 10:48 AM, edward potter wrote: > > > > > Well it seems to have it all, it's been out for awhile, has an > > > interesting history. You can basically mash it up with > wordpress and > > > you have 100's of extensions. all OS/php/mysql. Over 300,000 forum > > > posts. > > > > > > http://www.joomla.org > > > _______________________________________________ > > > > eh... it's mambo (basically) ;) > > Careful, son. In these here parts them's fightin' > words. > > Actually, what was called Mambo is now Joomla, and what is now called > Mambo is something completely different. I'd tell you more, but I'm > supposed to advise everyone to wait for the movie. > > > I use it and enjoy using it. It's a > > bit overkill where wordpress is enough for simple blogs, but it's > > extensibility is great for sites with potential to get > larger. I look > > forward to seeing what joomla will offer in the next major release. > > Then download the 1.5 nightly, found from our developer portal: > > http://dev.joomla.org > > Also, you can peruse the newfangled API here: > > http://api.joomla.org > > The coolest thing (IMHO) about what we have done with the 1.5 release > is the JApplication class, where you can make a standalone PHP script > that uses the same session management, database access, and so on > without having to make a proper component and serve it from a Joomla > website. And the XML-RPC server and client are now default, and there > is already a Java-based flat client for content managers in a working > state. > > Oh, you gotta check out the nightly, we just did some freaky work on > the front end editor too... > > In a way, you could say we wrote the Joomla CMS with the Joomla > framework. Maybe it's time for another presentation? Is there any > interest in this? > > -- > Mitch Pirtle > Joomla! Core Developer > Open Source Matters > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From lamolist at cyberxdesigns.com Sat Apr 22 15:38:09 2006 From: lamolist at cyberxdesigns.com (Hans Kaspersetz) Date: Sat, 22 Apr 2006 15:38:09 -0400 Subject: [nycphp-talk] OT - Character Set Message-ID: <444A8621.6080005@cyberxdesigns.com> I have a page that is supposed to be displayed using a polish character set. What character set do I define at the top of the page? Hans From tgales at tgaconnect.com Sat Apr 22 15:55:39 2006 From: tgales at tgaconnect.com (Tim Gales) Date: Sat, 22 Apr 2006 15:55:39 -0400 Subject: [nycphp-talk] OT - Character Set In-Reply-To: <444A8621.6080005@cyberxdesigns.com> References: <444A8621.6080005@cyberxdesigns.com> Message-ID: <444A8A3B.9080309@tgaconnect.com> Hans Kaspersetz wrote: > I have a page that is supposed to be displayed using a polish character > set. What character set do I define at the top of the page? > > > Look at Latin2 at: http://czyborra.com/charsets/iso8859.html#ISO-8859-5 -- T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From mitch.pirtle at gmail.com Sat Apr 22 20:15:29 2006 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Sat, 22 Apr 2006 20:15:29 -0400 Subject: [nycphp-talk] word doc properties In-Reply-To: <8d9a42800604211100o74cf3135mc3add27c50e96b3d@mail.gmail.com> References: <44490D38.80809@aarond.com> <8d9a42800604211100o74cf3135mc3add27c50e96b3d@mail.gmail.com> Message-ID: <330532b60604221715y5b60c02ao352dbaaf1d7ffa5a@mail.gmail.com> On 4/21/06, Joseph Crawford wrote: > I believe you would need to use a COM object within PHP to actually launch > MS Word to read the files like you wish to. I did an article on weberdev > about using Word and Mail Merge from within PHP. > http://www.weberdev.com/get_example-4232.html > It also explains that you need to set the COM permissions so that the IIS > user or current windows user has access to remotely open Word "hidden" in > the background. Back in my Zope/Plone days *gasp* there was always the PyUNO driver from OpenOffice.org to convert, manipulate, or pretty much whatever you wanted. To this day, I have not heard of anything that was similar in the PHP world. Is that still the case? Do I still have to fire off a python script to manipulate office binary files? Looking around PEAR and the documentation, I have no idea what extensions are available to work with these binary formats. -- Mitch Pirtle Joomla! Core Developer Open Source Matters From lists at genoverly.net Sun Apr 23 11:07:39 2006 From: lists at genoverly.net (michael) Date: Sun, 23 Apr 2006 11:07:39 -0400 Subject: [nycphp-talk] OT - meta tags Message-ID: <20060423110739.658dc2a5@wit.genoverly.home> I have a client that someone has convinced that gobs of meta tags in the headers is vital to the success of their website. I'm happy to comply, but, aren't some of these meta tags soooo 90's? -- Michael From edwardpotter at gmail.com Sun Apr 23 13:29:43 2006 From: edwardpotter at gmail.com (edward potter) Date: Sun, 23 Apr 2006 13:29:43 -0400 Subject: [nycphp-talk] Google calendar API, ruby out, python out, No php? Message-ID: The Ruby and Python crowd has already announced their respective API's for the Google calendar (also .net and Java things are already there). PHP which probably has 10X-50X the number of developers, yet nothing is brewing. Just wondering why? Anyway, cracking open the python books now! -ed :-) From 1j0lkq002 at sneakemail.com Sun Apr 23 18:14:17 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Sun, 23 Apr 2006 15:14:17 -0700 Subject: [nycphp-talk] OT - meta tags In-Reply-To: <20060423110739.658dc2a5@wit.genoverly.home> References: <20060423110739.658dc2a5@wit.genoverly.home> Message-ID: <21873-96288@sneakemail.com> michael lists-at-genoverly.net |nyphp dev/internal group use| wrote: >I have a client that someone has convinced that gobs of meta tags in the >headers is vital to the success of their website. I'm happy to comply, >but, aren't some of these meta tags soooo 90's? > > > > > > > > > > > > everyone has an opinion :-) Numbering them from the top down. #1 is a very useful tool, but not when it's empty #2 is essential #3 is very, very useful #4 I never use #5 I never use #6 I never use #7 I never use #8 is a legal technicality I rarely use, but has a place and is used by some scanners. -=john andrews -- ------------------------------------------------------------- http://www.seo-fun.com "writing is often like driving a truck at night without headlights, losing your way along the road and spending a decade in a ditch" -- Gay Talese From tedd at sperling.com Sun Apr 23 18:29:31 2006 From: tedd at sperling.com (tedd) Date: Sun, 23 Apr 2006 18:29:31 -0400 Subject: [nycphp-talk] OT - meta tags In-Reply-To: <21873-96288@sneakemail.com> References: <20060423110739.658dc2a5@wit.genoverly.home> <21873-96288@sneakemail.com> Message-ID: >michael lists-at-genoverly.net |nyphp dev/internal group use| wrote: > >>I have a client that someone has convinced that gobs of meta tags in the >>headers is vital to the success of their website. I'm happy to comply, >>but, aren't some of these meta tags soooo 90's? >> >> >> >> >> >> >> >> >> >> >> >> >everyone has an opinion :-) > >Numbering them from the top down. > >#1 is a very useful tool, but not when it's empty >#2 is essential >#3 is very, very useful >#4 I never use >#5 I never use >#6 I never use >#7 I never use >#8 is a legal technicality I rarely use, but has a place and is used by >some scanners. > >-=john andrews Meta tags used to be important, but much less so these days and even less so tomorrow. They were a way to provide a short cut to what the site was about, but now for several reasons, they aren't very important any longer. tedd -- -------------------------------------------------------------------------------- http://sperling.com From ps at pswebcode.com Sun Apr 23 19:23:03 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Sun, 23 Apr 2006 19:23:03 -0400 Subject: [nycphp-talk] OT - meta tags In-Reply-To: Message-ID: <001601c6672c$de886320$68e4a144@Rubicon> http://www.scientificamerican.com/article.cfm?articleID=00048144-10D2-1C70-8 4A9809EC588EF21&catID=2 In the above article "The Semantic Web" by Tim Berners-Lee he essentially presents that meta data (data about data) will be a vital component in the intricately interconnected Internet that will lift Web 2.0 into a new realm. So just to keep in spirit with his forward looking premise, I use all the META tags that I can get my hands on. I try not to overload the tags, but I use them nonetheless. Whatever, take a read of the article as it provides some intriguing perspectives on why we are programming what we program. Warmest regards, Peter Sawczynec, Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management ps at pswebcode.com 718.796.1951 www.pswebcode.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of tedd Sent: Sunday, April 23, 2006 6:30 PM To: NYPHP Talk Subject: Re: [nycphp-talk] OT - meta tags >michael lists-at-genoverly.net |nyphp dev/internal group use| wrote: > >>I have a client that someone has convinced that gobs of meta tags in >>the headers is vital to the success of their website. I'm happy to >>comply, but, aren't some of these meta tags soooo 90's? >> >> >> >> >> >> >> >> >> >> >> >> >everyone has an opinion :-) > >Numbering them from the top down. > >#1 is a very useful tool, but not when it's empty >#2 is essential >#3 is very, very useful >#4 I never use >#5 I never use >#6 I never use >#7 I never use >#8 is a legal technicality I rarely use, but has a place and is used by >some scanners. > >-=john andrews Meta tags used to be important, but much less so these days and even less so tomorrow. They were a way to provide a short cut to what the site was about, but now for several reasons, they aren't very important any longer. tedd -- ---------------------------------------------------------------------------- ---- http://sperling.com _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk New York PHP Conference and Expo 2006 http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From kenrbnsn at rbnsn.com Sun Apr 23 19:56:48 2006 From: kenrbnsn at rbnsn.com (Ken Robinson) Date: Sun, 23 Apr 2006 19:56:48 -0400 Subject: [nycphp-talk] Google calendar API, ruby out, python out, No php? In-Reply-To: References: Message-ID: <7.0.1.0.2.20060423193927.0570ced0@rbnsn.com> At 01:29 PM 4/23/2006, edward potter wrote: >The Ruby and Python crowd has already announced their respective API's > for the Google calendar (also .net and Java things are already >there). > >PHP which probably has 10X-50X the number of developers, yet nothing >is brewing. Just wondering why? Anyway, cracking open the python >books now! The following was posted on the newsgroup Google Calendar Data API From: Kyle Marvin Date: Fri, Apr 21 2006 2:56 pm Email: "Kyle Marvin" On 4/20/06, needhelpcallari at gmail.com wrote: > is anyone considering making a php class to interface with the google > calendar api? PHP client support is definitely on the roadmap of client library languages that will be available. I can't give you a specific availability date right now, but can say that there is work in progress and it will be supported. -- Kyle Ken -------------- next part -------------- An HTML attachment was scrubbed... URL: From edwardpotter at gmail.com Sun Apr 23 20:11:36 2006 From: edwardpotter at gmail.com (edward potter) Date: Sun, 23 Apr 2006 20:11:36 -0400 Subject: [nycphp-talk] Google calendar API, ruby out, python out, No php? In-Reply-To: <7.0.1.0.2.20060423193927.0570ced0@rbnsn.com> References: <7.0.1.0.2.20060423193927.0570ced0@rbnsn.com> Message-ID: Yes, thanks I saw that post. The ruby and python things were done by independent coders, I was just wondering why some hardcore php folks we not at the head of the pack! :-) thanks, ed :-) On 4/23/06, Ken Robinson wrote: > At 01:29 PM 4/23/2006, edward potter wrote: > > The Ruby and Python crowd has already announced their respective API's > for the Google calendar (also .net and Java things are already > there). > > PHP which probably has 10X-50X the number of developers, yet nothing > is brewing. Just wondering why? Anyway, cracking open the python > books now! > The following was posted on the newsgroup Google Calendar Data API < > http://groups.google.com/group/google-calendar-help-dataap> > > From: Kyle Marvin Date: Fri, Apr 21 2006 2:56 pm Email: "Kyle Marvin" > > > On 4/20/06, needhelpcallari at gmail.com wrote: > > is anyone considering making a php class to interface with the google > > calendar api? > PHP client support is definitely on the roadmap of client library languages > that will be available. I can't give you a specific availability date > right now, but can say that there is work in progress and it will be > supported. > -- Kyle > Ken > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > From shiflett at php.net Sun Apr 23 20:19:45 2006 From: shiflett at php.net (Chris Shiflett) Date: Sun, 23 Apr 2006 20:19:45 -0400 Subject: [nycphp-talk] Web app security scanners In-Reply-To: <8630-09965@sneakemail.com> References: <23447-89818@sneakemail.com> <0.94168900.1145412567@neuropunks.org> <20060419154943.GB8908@neuropunks.org> <4446639D.7020700@phpwerx.net> <8630-09965@sneakemail.com> Message-ID: <444C19A1.3080702@php.net> > So in the name of "robustness" isn't it still a god idea to sanitize > everything? I think this thread illustrates one of the challenges faced by the security community - inconsistent vocabulary. I've seen strip, filter, and sanitize used to describe various types of activity, including escaping. All input should be filtered, without exception. Inspection is better than stripping, and escaping is an entirely different topic (of equal or greater importance). Chris From jonbaer at jonbaer.com Sun Apr 23 20:39:05 2006 From: jonbaer at jonbaer.com (Jon Baer) Date: Sun, 23 Apr 2006 20:39:05 -0400 Subject: [nycphp-talk] Google calendar API, ruby out, python out, No php? In-Reply-To: References: <7.0.1.0.2.20060423193927.0570ced0@rbnsn.com> Message-ID: <19250F16-DD4B-4264-8B40-A2B557661B31@jonbaer.com> For the curious ... http://code.google.com/apis/gdata/calendar.html Don't other APIs already work the same? Couldn't you just reuse something else? On Apr 23, 2006, at 8:11 PM, edward potter wrote: > Yes, thanks I saw that post. > > The ruby and python things were done by independent coders, I was just > wondering why some hardcore php folks we not at the head of the pack! > :-) > > thanks, ed :-) > > On 4/23/06, Ken Robinson wrote: >> At 01:29 PM 4/23/2006, edward potter wrote: >> >> The Ruby and Python crowd has already announced their respective >> API's >> for the Google calendar (also .net and Java things are already >> there). >> >> PHP which probably has 10X-50X the number of developers, yet >> nothing >> is brewing. Just wondering why? Anyway, cracking open the python >> books now! >> The following was posted on the newsgroup Google Calendar Data API < >> http://groups.google.com/group/google-calendar-help-dataap> >> >> From: Kyle Marvin Date: Fri, Apr 21 2006 2:56 pm Email: "Kyle >> Marvin" >> >> >> On 4/20/06, needhelpcallari at gmail.com >> wrote: > >> is anyone considering making a php class to interface with the >> google > >> calendar api? >> PHP client support is definitely on the roadmap of client library >> languages >> that will be available. I can't give you a specific availability >> date >> right now, but can say that there is work in progress and it will be >> supported. >> -- Kyle >> Ken >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> New York PHP Conference and Expo 2006 >> http://www.nyphpcon.com >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> >> >> > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From danielc at analysisandsolutions.com Sun Apr 23 23:00:13 2006 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sun, 23 Apr 2006 23:00:13 -0400 Subject: [nycphp-talk] PHP in SecurityFocus #346 Message-ID: <20060424025823.3C16310B5204@mailspool3.panix.com> These summaries are available online RSS: http://phpsec.org/projects/vulnerabilities/securityfocus.xml HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html Alerts from SecurityFocus Newsletter #346 This week brings many issues in PHP applications. More importantly, you better upgrade your Mozilla programs! APPLICATIONS USING PHP ---------------------- MODxCMS Index.PHP Directory Traversal Vulnerability http://www.securityfocus.com/bid/17533 MODxCMS Index.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17532 AWebBB Multiple Input Validation Vulnerabilities http://www.securityfocus.com/bid/17352 Papoo Print.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17530 LifeType Index.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17529 Simplog Multiple SQL Injection Vulnerabilities http://www.securityfocus.com/bid/17491 Simplog Remote File Include Vulnerability http://www.securityfocus.com/bid/17490 Simplog Login.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17493 PowerClan Member.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/17528 RedCMS Multiple Input Validation Vulnerabilities http://www.securityfocus.com/bid/17336 PlanetSearch + Planetsearchplus.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17527 AR-Blog Print.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17522 Warforge.NEWS Multiple Input Validation Vulnerabilities http://www.securityfocus.com/bid/17520 FlexBB Multiple Input Validation Vulnerabilities http://www.securityfocus.com/bid/17574 FlexBB Index.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/17568 FlexBB Multiple HTML Injection Vulnerabilities http://www.securityfocus.com/bid/17539 MD News Admin.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/17394 Serendipity Blog Config.PHP Script Injection Vulnerability http://www.securityfocus.com/bid/17566 Coppermine Index.PHP Local File Include Vulnerability http://www.securityfocus.com/bid/17570 MyBB Global Variable Overwrite Vulnerability http://www.securityfocus.com/bid/17564 Jax Guestbook Jax_guestbook.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17560 Calendarix YearCal.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17562 BoastMachine Search.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17550 DbbS Topics.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/17338 DbbS Multiple Input Validation Vulnerabilities http://www.securityfocus.com/bid/17559 PHPWebFTP Index.PHP Directory Traversal Vulnerability http://www.securityfocus.com/bid/17557 BetaBoard User Profile HTML Injection Vulnerability http://www.securityfocus.com/bid/17556 Blursoft Blur6ex Index.PHP Local File Include Vulnerability http://www.securityfocus.com/bid/17554 BlackOrpheus Member.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/17558 Neuron Blog Multiple HTML Injection Vulnerabilities http://www.securityfocus.com/bid/17552 TinyPHPForum Multiple Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/17553 Monster Top List Functions.PHP Remote File Include Vulnerability http://www.securityfocus.com/bid/17546 Boardsolution Index.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17549 ShoutBOOK Multiple HTML Injection Vulnerabilities http://www.securityfocus.com/bid/17548 myEvent Multiple Remote File Include Vulnerabilities http://www.securityfocus.com/bid/17575 myEvent Multiple Input Validation Vulnerabilities http://www.securityfocus.com/bid/17580 MusicBox Multiple Input Validation Vulnerabilities http://www.securityfocus.com/bid/17545 Snipe Gallery Multiple Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/17543 Snipe Gallery Multiple Input Validation Vulnerabilities http://www.securityfocus.com/bid/15844 PHPGraphy Index.PHP Unauthorized Access Vulnerability http://www.securityfocus.com/bid/17567 phpFaber TopSites Index.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17542 PHPLister Index.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17591 RechnungsZentrale V2 Authent.PHP4 Remote File Include Vulnerability http://www.securityfocus.com/bid/17589 RechnungsZentrale V2 Authent.PHP4 SQL Injection Vulnerability http://www.securityfocus.com/bid/17588 phpLinks Index.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17586 PHPGuestbook HTML Injection Vulnerability http://www.securityfocus.com/bid/17537 Tiny Web Gallery Index.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17536 FarsiNews Search.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/17534 RELATED STUFF ------------- Mozilla Suite, Firefox, SeaMonkey, and Thunderbird Multiple Remote Vulnerabilities http://www.securityfocus.com/bid/17516 These problems have been fixed in the following versions: Firefox versions 1.0.8 and 1.5.0.2 Thunderbird versions 1.0.8 and 1.5.0.2 Mozilla Suite version 1.7.13 SeaMonkey version 1.0.1 From 1j0lkq002 at sneakemail.com Mon Apr 24 00:59:18 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Sun, 23 Apr 2006 21:59:18 -0700 Subject: [nycphp-talk] OT - meta tags In-Reply-To: <001601c6672c$de886320$68e4a144@Rubicon> References: <001601c6672c$de886320$68e4a144@Rubicon> Message-ID: <30067-11903@sneakemail.com> Just to clarify, and the reason I started my reply with "everyone has an opinion" : my advice is based on current performance-based research. Not theory, not future projections, not relative to yesterday, but what works today (with "works" defined as a performance metric - customer-facing user interface issues, search marketing/SEO, and the like). If I build a site today... this is what I would do. I don't view this as OT but respect the list's opinion on that. It is not OT for me because I am forever asking PHP coders to *start* with an assumption that meta data is dynamic (not static), that link attributes are dynamic (not static with default values) etc etc etc. IMHO PHP is great for the power it provides, and not so great for the power it hands over to the PHP coder (vs the page designer or website designer or business strategist). -=john andrews Peter Sawczynec ps-at-pswebcode.com |nyphp dev/internal group use| wrote: >http://www.scientificamerican.com/article.cfm?articleID=00048144-10D2-1C70-8 >4A9809EC588EF21&catID=2 > >In the above article "The Semantic Web" by Tim Berners-Lee he essentially >presents that meta data (data about data) will be a vital component in the >intricately interconnected Internet that will lift Web 2.0 into a new realm. > > >So just to keep in spirit with his forward looking premise, I use all the >META tags that I can get my hands on. I try not to overload the tags, but I >use them nonetheless. > >Whatever, take a read of the article as it provides some intriguing >perspectives on why we are programming what we program. > >Warmest regards, > >Peter Sawczynec, >Technology Director >PSWebcode >_Design & Interface >_Ecommerce >_Database Management >ps at pswebcode.com >718.796.1951 >www.pswebcode.com > > >-----Original Message----- >From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On >Behalf Of tedd >Sent: Sunday, April 23, 2006 6:30 PM >To: NYPHP Talk >Subject: Re: [nycphp-talk] OT - meta tags > > > > >>michael lists-at-genoverly.net |nyphp dev/internal group use| wrote: >> >> >> >>>I have a client that someone has convinced that gobs of meta tags in >>>the headers is vital to the success of their website. I'm happy to >>>comply, but, aren't some of these meta tags soooo 90's? >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>everyone has an opinion :-) >> >>Numbering them from the top down. >> >>#1 is a very useful tool, but not when it's empty >>#2 is essential >>#3 is very, very useful >>#4 I never use >>#5 I never use >>#6 I never use >>#7 I never use >>#8 is a legal technicality I rarely use, but has a place and is used by >>some scanners. >> >>-=john andrews >> >> > > >Meta tags used to be important, but much less so these days and even >less so tomorrow. They were a way to provide a short cut to what the >site was about, but now for several reasons, they aren't very >important any longer. > > >tedd > > -- ------------------------------------------------------------- http://www.seo-fun.com "writing is often like driving a truck at night without headlights, losing your way along the road and spending a decade in a ditch" -- Gay Talese From nyphp at n0p.net Mon Apr 24 09:05:53 2006 From: nyphp at n0p.net (Flavio daCosta) Date: Mon, 24 Apr 2006 09:05:53 -0400 Subject: [nycphp-talk] My Presentation Message-ID: <444CCD31.1020309@n0p.net> FWIW: I gave a presentation this weekend on PHP Application Security. Although bullets and slides can be misleading without the commentary, I figured I would share them with the group. You will no doubt see an uncanny influence from some of the greats on this list. I did try to make my presentation my own, but there is no denying "Filter Input, Escape Output" is classic. (I even presented in uniform ) Of course constructive criticism is welcome as I always strive to improve. Flavio From ps at pswebcode.com Mon Apr 24 09:52:11 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Mon, 24 Apr 2006 09:52:11 -0400 Subject: [nycphp-talk] Search Engine Product Recommendation Message-ID: <000901c667a6$4977ae10$68e4a144@Rubicon> Does anyone have a recommendation (notes of caution, other helpful tips, errata) for a single-site search engine product. Have you used any GPL (preferably PHP/MySQL) search engine product(s) that spider HTML, text files and can [optionally] do PDF, Word, Excel and PowerPoint files. Warmest regards, Peter Sawczynec, Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management ps at pswebcode.com 718.796.1951 www.pswebcode.com From dan at danhorning.com Mon Apr 24 10:09:25 2006 From: dan at danhorning.com (Dan Horning) Date: Mon, 24 Apr 2006 10:09:25 -0400 Subject: [nycphp-talk] Search Engine Product Recommendation In-Reply-To: <000901c667a6$4977ae10$68e4a144@Rubicon> References: <000901c667a6$4977ae10$68e4a144@Rubicon> Message-ID: <444CDC15.4080006@danhorning.com> mann i sooo miss EWS. (for those who dont recall - it was Excite for Web Servers) and there are a few on here that are ok http://php.resourceindex.com/Complete_Scripts/Searching/Searching_Your_Web_Site/ but i can't personally attest to the usability for these. since i haven't used one for a few years now - the older ones used to work really nicely, but the only thing is how you're web pages are SEO'd or if they are just flat text. -dan (it's a monday and i'm scatterbrained) Peter Sawczynec wrote: > Does anyone have a recommendation (notes of caution, other helpful tips, > errata) for a single-site search engine product. > > Have you used any GPL (preferably PHP/MySQL) search engine product(s) that > spider > HTML, text files and can [optionally] do PDF, Word, Excel and PowerPoint > files. > > > Warmest regards, > > Peter Sawczynec, > Technology Director > PSWebcode > _Design & Interface > _Ecommerce > _Database Management > ps at pswebcode.com > 718.796.1951 > www.pswebcode.com > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- Dan Horning - danhorning.com American Digital Services - americandigitalservices.com Where you are only limited by imagination. 1-866-493-4218 (direct) / 1-800-863-3854 (main number) From michaelhasz at gmx.net Mon Apr 24 12:26:31 2006 From: michaelhasz at gmx.net (Michael Haszprunar) Date: Mon, 24 Apr 2006 18:26:31 +0200 Subject: [nycphp-talk] Arrays and string concat in classes Message-ID: <444CFC37.1070706@gmx.net> Hi folks, Today I found an interesting/anoying thing regarding classes in PHP4. What I tried was this: class blabla { var $bla = array( 'test' => MY_CONSTANT.'some text' ); } and PHP threw an error ("syntax error, unexpected '.', expecting ')'"). It seems that string concatenation is not allowed. Is this a bug or a feature? Why should this not be allowed? Thanks and also many thanks for all the other interessting things I can read on that mailing list. Kind regards from Munich, Germany Michael From dcech at phpwerx.net Mon Apr 24 12:52:40 2006 From: dcech at phpwerx.net (Dan Cech) Date: Mon, 24 Apr 2006 12:52:40 -0400 Subject: [nycphp-talk] Arrays and string concat in classes In-Reply-To: <444CFC37.1070706@gmx.net> References: <444CFC37.1070706@gmx.net> Message-ID: <444D0258.2060309@phpwerx.net> Michael Haszprunar wrote: > > Hi folks, > > Today I found an interesting/anoying thing regarding classes in PHP4. > What I tried was this: > > class blabla > { > var $bla = array( > 'test' => MY_CONSTANT.'some text' > ); > } > > and PHP threw an error ("syntax error, unexpected '.', expecting ')'"). > It seems that string concatenation is not allowed. > > Is this a bug or a feature? Why should this not be allowed? > > Thanks and also many thanks for all the other interessting things I can > read on that mailing list. > > Kind regards from Munich, Germany > > Michael > > Michael, This is because you cannot have evaluated code in the class definition. If you were to use the construct: class blabla { var $bla; function blabla() { $this->bla = array( 'test' => MY_CONSTANT.'some text' ); } } That would work because the concatenation is evaluated when the object is instantiated. Dan From ps at pswebcode.com Mon Apr 24 13:24:28 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Mon, 24 Apr 2006 13:24:28 -0400 Subject: [nycphp-talk] Search Engine Product Recommendation In-Reply-To: <444CDC15.4080006@danhorning.com> Message-ID: <001701c667c3$f16a7f90$68e4a144@Rubicon> After a little legwork here's some fairly recently maintained search projects: PhpDig, http://www.phpdig.net/ [Can spider PDF, Office doc with additional extensions] TSEP, http://www.tsep.info/index.php mnoGoSearch, http://www.mnogosearch.org/ SWISH++, http://homepage.mac.com/pauljlucas/software/swish/ [Can spider Office docs with additional updates] Peter -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Dan Horning Sent: Monday, April 24, 2006 10:09 AM To: NYPHP Talk Subject: Re: [nycphp-talk] Search Engine Product Recommendation mann i sooo miss EWS. (for those who dont recall - it was Excite for Web Servers) and there are a few on here that are ok http://php.resourceindex.com/Complete_Scripts/Searching/Searching_Your_Web_S ite/ but i can't personally attest to the usability for these. since i haven't used one for a few years now - the older ones used to work really nicely, but the only thing is how you're web pages are SEO'd or if they are just flat text. -dan (it's a monday and i'm scatterbrained) Peter Sawczynec wrote: > Does anyone have a recommendation (notes of caution, other helpful > tips, > errata) for a single-site search engine product. > > Have you used any GPL (preferably PHP/MySQL) search engine product(s) > that spider > HTML, text files and can [optionally] do PDF, Word, Excel and PowerPoint > files. > > > Warmest regards, > > Peter Sawczynec, > Technology Director > PSWebcode > _Design & Interface > _Ecommerce > _Database Management > ps at pswebcode.com > 718.796.1951 > www.pswebcode.com > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- Dan Horning - danhorning.com American Digital Services - americandigitalservices.com Where you are only limited by imagination. 1-866-493-4218 (direct) / 1-800-863-3854 (main number) _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk New York PHP Conference and Expo 2006 http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From tedd at sperling.com Mon Apr 24 13:56:12 2006 From: tedd at sperling.com (tedd) Date: Mon, 24 Apr 2006 13:56:12 -0400 Subject: [nycphp-talk] OT - meta tags In-Reply-To: <001601c6672c$de886320$68e4a144@Rubicon> References: <001601c6672c$de886320$68e4a144@Rubicon> Message-ID: At 7:23 PM -0400 4/23/06, Peter Sawczynec wrote: >http://www.scientificamerican.com/article.cfm?articleID=00048144-10D2-1C70-8 >4A9809EC588EF21&catID=2 > >In the above article "The Semantic Web" by Tim Berners-Lee he essentially >presents that meta data (data about data) will be a vital component in the >intricately interconnected Internet that will lift Web 2.0 into a new realm. No offense, but "meta-tags" are not even mentioned in the above article and the subject of the post was "meta-tags". The article deals with the larger use and application of data (i.e., data-mining, agents, XML, AI) rather than trying to cram everything "important" into a limited and outdated meta-tag methodology. Sure, if you want to keep with current misconceptions, then put in meta-tags in your web pages -- after all, it certainly won't hurt. However, their contribution is questionable; what tag to use ranges from "useless" to "can't hurt"; their misuse is far too common; and their future is certainly limited. In short, they are problematic in their delivery of useful and accurate information. If one wanted to study the difference between what the web author thought of his publication and what it actually was, then meta-tags may have some value. But outside of that, meta-tags usefulness as a real description as to what the content of a web page is falls woefully short. And because of this shortcoming, unless something changes, their future is limited as an accurate source of information. Meta-tags are/were meant for search engines. But not all search engines use them the same way and Google even reports that they don't use them at all (but, I suspect they do). But as to the question of using "meta-tags" -- use them, or don't. But, it's the content of your site that makes the real difference. tedd -- -------------------------------------------------------------------------------- http://sperling.com From chsnyder at gmail.com Mon Apr 24 17:36:53 2006 From: chsnyder at gmail.com (csnyder) Date: Mon, 24 Apr 2006 17:36:53 -0400 Subject: [nycphp-talk] Google calendar API, ruby out, python out, No php? In-Reply-To: References: <7.0.1.0.2.20060423193927.0570ced0@rbnsn.com> Message-ID: On 4/23/06, edward potter wrote: > Yes, thanks I saw that post. > > The ruby and python things were done by independent coders, I was just > wondering why some hardcore php folks we not at the head of the pack! > :-) > > thanks, ed :-) > So why haven't _you_ done it? I looked at their API. I thought, "Yep, I can develop against that." And then I went back to work. It's no big deal... is it? -- Chris Snyder http://chxo.com/ From chsnyder at gmail.com Mon Apr 24 17:56:55 2006 From: chsnyder at gmail.com (csnyder) Date: Mon, 24 Apr 2006 17:56:55 -0400 Subject: [nycphp-talk] OT - meta tags In-Reply-To: References: <001601c6672c$de886320$68e4a144@Rubicon> Message-ID: Just to add some fuel to this fire: tags are toooo 90s, but if the client likes to see them in the code they aren't going to hurt anything (subject to John Andrew's observations, of course). They will only ever be used by internal search engines, because no one else is gonna be looking for them. The most robust and extensible way to do the same thing is to use embedded RDF with Dublin Core extensions, which is what Sir TBL was pimping in that 2001 article that Peter sent. At least if external search engines are looking for Creative Commons or Friend-of-a-Friend metadata, they will find and parse your RDF. Like many great solutions, RDF will probably never catch on because people just can't bear to think in tuples. Hence the Web 2.0 style, which is preferred by the in-crowd right now: ... etc. Until one or more of the major search engines puts up a sign saying "Semantic Web Now Open" with a list of names/relations to use on your content, it's all a bit of a crapshoot. If you have some internal reason to put metadata on your pages, then decide on a namespace and go for it. Otherwise, I'm not sure why you'd bother. From edwardpotter at gmail.com Mon Apr 24 18:25:25 2006 From: edwardpotter at gmail.com (edward potter) Date: Mon, 24 Apr 2006 18:25:25 -0400 Subject: [nycphp-talk] Google calendar API, ruby out, python out, No php? In-Reply-To: References: <7.0.1.0.2.20060423193927.0570ced0@rbnsn.com> Message-ID: ahhh, well I would love to do it, except I have a thesis due in 2 weeks, 18 graduate credits, and a full time coding gig. so I'm diving into the python api. figure that might be fun! :-) On 4/24/06, csnyder wrote: > On 4/23/06, edward potter wrote: > > Yes, thanks I saw that post. > > > > The ruby and python things were done by independent coders, I was just > > wondering why some hardcore php folks we not at the head of the pack! > > :-) > > > > thanks, ed :-) > > > > So why haven't _you_ done it? > > I looked at their API. I thought, "Yep, I can develop against that." > And then I went back to work. It's no big deal... is it? > > -- > Chris Snyder > http://chxo.com/ > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From 1j0lkq002 at sneakemail.com Mon Apr 24 19:17:08 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Mon, 24 Apr 2006 16:17:08 -0700 Subject: [nycphp-talk] OT - meta tags In-Reply-To: References: <001601c6672c$de886320$68e4a144@Rubicon> Message-ID: <3621-51638@sneakemail.com> csnyder chsnyder-at-gmail.com |nyphp dev/internal group use| wrote: >Just to add some fuel to this fire: > > tags are toooo 90s, but if the client likes to see them in the >code they aren't going to hurt anything (subject to John Andrew's >observations, of course). They will only ever be used by internal >search engines, because no one else is gonna be looking for them. > >The most robust and extensible way to do the same thing is to use >embedded RDF with Dublin Core extensions, which is what Sir TBL was >pimping in that 2001 article that Peter sent. At least if external >search engines are looking for Creative Commons or Friend-of-a-Friend >metadata, they will find and parse your RDF. > >Like many great solutions, RDF will probably never catch on because >people just can't bear to think in tuples. Hence the Web 2.0 style, >which is preferred by the in-crowd right now: > > > > >... etc. > >Until one or more of the major search engines puts up a sign saying >"Semantic Web Now Open" with a list of names/relations to use on your >content, it's all a bit of a crapshoot. If you have some internal >reason to put metadata on your pages, then decide on a namespace and >go for it. Otherwise, I'm not sure why you'd bother. > That's the point exactly... as php coder/developer, you're not sure why anyone would bother. But is that your call? Meta data is "about" the content, and as such it may have a value of "empty" but it has to be able to accept a value if one is desired.If one is desired, it is likely to be contextual... so the coder needs to be prepared for that. Sure, it's not worth it... until one day someone needs it and it's a tear-out job just to make it possible. is an important meta tag today for all the major search engines. It is context-dependent, where in this particular case the context is the page as the page's purpose is defined within the site. It is also temporal... it may need to be something some times and different other times. It may also be visitor-dependent, as itis in the case of IP-based content delivery. So what is the hook for this dynamic meta data? The coder usually won't know... the site achitect would, as would the strategist working at the SEO level. In most cases I see (every case aside from my own sites?) there is no hook at all. Now after we talk about the dynamic nature of meta tags, we can talk about the dynamic nature of anchor text. and then CSS positioning outside of content. And styles. And on and on. I see so much talk about "dynamic sites" and yet so little recognition of dynamic "sites".... just dynamic pages. I could write a book about this... oh, wait a sec.... -=john andrews http://www.seo-fun.com -- ------------------------------------------------------------- http://www.seo-fun.com "writing is often like driving a truck at night without headlights, losing your way along the road and spending a decade in a ditch" -- Gay Talese From tedd at sperling.com Mon Apr 24 22:00:57 2006 From: tedd at sperling.com (tedd) Date: Mon, 24 Apr 2006 22:00:57 -0400 Subject: [nycphp-talk] OT - meta tags In-Reply-To: <3621-51638@sneakemail.com> References: <001601c6672c$de886320$68e4a144@Rubicon> <3621-51638@sneakemail.com> Message-ID: At 4:17 PM -0700 4/24/06, inforequest wrote: > is an important >meta tag today for all the major search engines. No offense meant, but this meta-tag is just plain dumb. When a robot visits your page, they are there to do one job and that's to index your site -- why tell a robot to do something that they are there to do anyway? If you want to forbid robots from indexing portions of your site, then use directives in robot.txt. But, if you think that the above meta-tag is an important meta-tag and one that is considered important by ALL the major search engines, then think again, it's not. If you want to use meaningful meta-tags, then consider the following: That with most browsers, places a nice icon in the viewer's url. This set's your char-set for your site -- nice to have for unicode characters. This is nice to have for setting the language and (to bring this on-topic) can be used by php/ajax for changing language settings on the fly. Keywords and description tags can be useful for some search engines, but not ALL search engines consider them. In addition, meta-tags can hurt if you don't know how to use them -- like using the same keyword more than three times in a tag (i.e., such as "fly" in the above meta-tag). Some SE's consider that spamming and will treat your site accordingly. Additionally, there are many different methods of using php, php/ajax, css, javascript to present selected text to SE's while presenting something different to the viewer. For example, expert SEO guru's say that keywords count more when placed in paragraphs toward the beginning of your text content. However, by using css, you can place paragraphs anywhere you want in the html (for a SE perspective) and have those paragraphs appear in a different positions to the viewer. A trick that SE's won't detect and even with a personal review, there's nothing wrong with using css to rearrange things -- css' purpose is to separate style from content, right? You can drive yourself crazy trying to figure out what to do with meta-tags -- testing, changing, testing, but in the end there's no guaranteed formula that will work, regardless of what the SEO guru's (with a vested interest) will say. The truth is, that meta-tags are not actually needed. As a test, not that one test is conclusive, I created a site that has a current PageRank of 5 without ANY meta-tags whatsoever and without even submitting the site to a single search engine -- explain that. The explanation is that robots index sites, on their own time table, and make their own assessments regardless of meta-tags. SE's method of evaluating sites is a dynamic process continuously in a state of flux and is certainly not constrained, limited, or influenced greatly by the use of meta-tags. We've gone far past that. tedd -- -------------------------------------------------------------------------------- http://sperling.com From danielc at analysisandsolutions.com Mon Apr 24 23:16:11 2006 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Mon, 24 Apr 2006 23:16:11 -0400 Subject: [nycphp-talk] OT - meta tags In-Reply-To: References: <001601c6672c$de886320$68e4a144@Rubicon> <3621-51638@sneakemail.com> Message-ID: <20060425031610.GB8631@panix.com> Tedd: On Mon, Apr 24, 2006 at 10:00:57PM -0400, tedd wrote: > The truth is, that meta-tags are not actually needed. As a test, not > that one test is conclusive, I created a site that has a current > PageRank of 5 without ANY meta-tags whatsoever and without even > submitting the site to a single search engine -- explain that. Congrats. As the author of many, many pages with #1 ranks, it seems to me, the meta tags are part of the strategy. In addition, I know John and that his advice works. So, +1 for meta tags. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From 1j0lkq002 at sneakemail.com Mon Apr 24 23:53:31 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Mon, 24 Apr 2006 20:53:31 -0700 Subject: [nycphp-talk] OT - meta tags In-Reply-To: References: <001601c6672c$de886320$68e4a144@Rubicon> <3621-51638@sneakemail.com> Message-ID: <23069-37940@sneakemail.com> tedd tedd-at-sperling.com |nyphp dev/internal group use| wrote: >At 4:17 PM -0700 4/24/06, inforequest wrote: > > > >> is an important >>meta tag today for all the major search engines. >> >> >No offense meant, but this meta-tag is just plain dumb. > > None taken - I welcoem the discussion. I would not disagree... much of what goes on these days seems dumb to me as well. >The truth is, that meta-tags are not actually needed. As a test, not that one test is conclusive, I created a site that has a current PageRank of 5 without ANY meta-tags whatsoever and without even >submitting the site to a single search engine -- explain that. > > I'll try, but there are others on this list that are better versed in PR than I am. Page Rank is a reflection of backlink support. Get a few links from pr6 pages that don't link to to many others, and you'll earn yourself a PR5. It has nothing to do with meta tags or even page content for that matter. Unfortunately, PageRank has little to do with your appearance in the results sets as well. It does seem to get spidered alot more, though, and it gives links on your pages more "authority". Hopefully, you know what to do with that authority (these days it seems the best use of a high PR is to sell links to less-knowledgable people who think it is important). >The explanation is that robots index sites, on their own time table, and make their own assessments regardless of meta-tags. SE's method of evaluating sites is a dynamic process continuously in a state of flux and is certainly not constrained, limited, or influenced greatly by the use of meta-tags. We've gone far past that. > >tedd > Here's an example of creative use of the robots tag. Suppose you have a shopping cart full of product info pages, product purchase pages, and follow up "you bought this you might also like that" pages. You don't want anything cached, because you don't believe Google has a right to show your content without your knowing about it/countng it/putting ads onto it/whatever. You don't want the actual cart pages (product purchase) to be indexed, because they are just lists of somebody's order. You want the follow-on pages of suggestions to be indexed because of their excellent cross-referenced linking (a.k.a. effective use of PR). So you set the product pages to "index, follow, nocache" and the cart pages to "noindex, follow, nocache" and the follow-on pages to "index, follow, nocache" and the spider does as you request. Most of you out there know how to do that dynamically via PHP..it's just writing out the meta info on page load. What would the robots.txt alternative approach be? -=john andrews http://www.seo-fun.com From tedd at sperling.com Tue Apr 25 10:50:40 2006 From: tedd at sperling.com (tedd) Date: Tue, 25 Apr 2006 10:50:40 -0400 Subject: [nycphp-talk] OT - meta tags In-Reply-To: <23069-37940@sneakemail.com> References: <001601c6672c$de886320$68e4a144@Rubicon> <3621-51638@sneakemail.com> <23069-37940@sneakemail.com> Message-ID: > >The truth is, that meta-tags are not actually needed. As a test, >not that one test is conclusive, I created a site that has a current >PageRank of 5 without ANY meta-tags whatsoever and without even >>submitting the site to a single search engine -- explain that. >> >> >I'll try, but there are others on this list that are better versed in PR >than I am. > >Page Rank is a reflection of backlink support. Get a few links from pr6 >pages that don't link to to many others, and you'll earn yourself a PR5. >It has nothing to do with meta tags or even page content for that >matter. Unfortunately, PageRank has little to do with your appearance in >the results sets as well. It does seem to get spidered alot more, >though, and it gives links on your pages more "authority". Hopefully, >you know what to do with that authority (these days it seems the best >use of a high PR is to sell links to less-knowledgable people who think >it is important). -=john: My "question" was rhetorical -- I believe I know what PageRank represents (link popularity). However admittedly, I do not know how the algorithm works. I've read and tried to understand the explanations provided by Larry Page et al, I get the general idea, but the details are beyond me. Okay, PageRank and meta-tags have nothing to do with each other directly, but both are used in some fashion to determine SE placement of a site, correct? So, in that manner, they are related. The importance of that relationship is unknown by me -- your mileage may vary. As for meta-tags, I'm not disputing that the keywords and description are not used, but I am suggesting that their importance is lessening. I am also suggesting that several of the meta-tag types are simply not of any value. However, you have given me cause for me to re-think my stand regarding the robot tag. As for my stand on meta-tags, I seldom think of anything these days as being sound enough foundation to stand upon. In any event, I shall comment on the remaining portion of your post as soon as I can digest and investigate it. :-) Thanks for the exchange. tedd -- -------------------------------------------------------------------------------- http://sperling.com From lists at genoverly.net Tue Apr 25 11:27:45 2006 From: lists at genoverly.net (michael) Date: Tue, 25 Apr 2006 11:27:45 -0400 Subject: [nycphp-talk] OT - meta tags In-Reply-To: <20060423110739.658dc2a5@wit.genoverly.home> References: <20060423110739.658dc2a5@wit.genoverly.home> Message-ID: <20060425112745.77a16308@wit.genoverly.home> On Sun, 23 Apr 2006 11:07:39 -0400 michael wrote: > I have a client that someone has convinced that gobs of meta tags in > the headers is vital to the success of their website. I'm happy to > comply, but, aren't some of these meta tags soooo 90's? Hey, great discussion, thanks for the insight! -- Michael From 1j0lkq002 at sneakemail.com Tue Apr 25 14:32:19 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Tue, 25 Apr 2006 11:32:19 -0700 Subject: [nycphp-talk] OT - meta tags In-Reply-To: <20060425112745.77a16308@wit.genoverly.home> References: <20060423110739.658dc2a5@wit.genoverly.home> <20060425112745.77a16308@wit.genoverly.home> Message-ID: <14124-50594@sneakemail.com> michael lists-at-genoverly.net |nyphp dev/internal group use| wrote: >On Sun, 23 Apr 2006 11:07:39 -0400 >michael wrote: > > > >>I have a client that someone has convinced that gobs of meta tags in >>the headers is vital to the success of their website. I'm happy to >>comply, but, aren't some of these meta tags soooo 90's? >> >> > >Hey, great discussion, thanks for the insight! > > > Funny how something as trivial as meta tags leads to insightful discussions, but it is always true. I see post after post on SEO forums about how meta tags are dead, yet barely a decent discussion of *why* or *how* they might be useful. Here, we really didn't even get into most of the meta tags... there was so much to talk about around the meta tag issue an done example of meta robots. Now how about the isue as many people will have interpreted it? Do the meta-keywords and meta-description tags have any value today? Hop on over to search.msn.com and run a query. Take "php training" (no quotes) for example. Now look at the top 5 results. View source for each. What do you see? You see title text and meta-desc and meta-kw aligning with SERP rank, except in the most obvious cases of authority (php.net). Now try it again with something less competitive... what do you see? 90% of SEO is as hard as washing your car. Everybody can do it, and if they put a little work into it they can do a great job. But do they? -=john andrews http://www.seo-fun.com -- ------------------------------------------------------------- http://www.seo-fun.com "writing is often like driving a truck at night without headlights, losing your way along the road and spending a decade in a ditch" -- Gay Talese From dwclifton at gmail.com Tue Apr 25 14:45:06 2006 From: dwclifton at gmail.com (Douglas Clifton) Date: Tue, 25 Apr 2006 14:45:06 -0400 Subject: [nycphp-talk] OT - meta tags Message-ID: <7d6cdcb0604251145i265a6fceo4a3dbe4bca1a7371@mail.gmail.com> > ---------- Forwarded message ---------- > From: tedd > To: NYPHP Talk > Date: Mon, 24 Apr 2006 22:00:57 -0400 > Subject: Re: [nycphp-talk] OT - meta tags > At 4:17 PM -0700 4/24/06, inforequest wrote: > [snip] > From my understanding, meta description is the only one that has any value when it comes to search engines. -- Douglas Clifton dwclifton at gmail.com http://loadaveragezero.com/ http://loadaveragezero.com/app/s9y/ http://loadaveragezero.com/drx/rss/recent From aaron at aarond.com Tue Apr 25 15:09:02 2006 From: aaron at aarond.com (aaron) Date: Tue, 25 Apr 2006 15:09:02 -0400 Subject: [nycphp-talk] php/java Message-ID: <444E73CE.4000801@aarond.com> I apologize if this has been hashed over before, but I wanted to get the nyphp feel for any proven ways to integrate java & php code. The setup I'm going for is to have Java handle user authorization (already setup) and allow php to tell if a user has permission to view certain data by asking a java class. The options I've seen are setting up a php/java bridge on a php server (http://php-java-bridge.sourceforge.net/) or to integrate php into a Java servlet environment. (I hope I'm wording this correctly. I'm just the php side working with the java developers) thoughts or links? thanks, Aaron D. From jeff.loiselle at gmail.com Wed Apr 26 10:37:22 2006 From: jeff.loiselle at gmail.com (Jeff Loiselle) Date: Wed, 26 Apr 2006 10:37:22 -0400 Subject: [nycphp-talk] php_admin_flag display_errors in httpd.conf Message-ID: <4b1887110604260737j1c87df54xc8975d5e6edd8c83@mail.gmail.com> Yola, Does setting in httpd.conf for mod_php php_admin_flag display_errors on count as being set at runtime? In php.ini, display_errors is off. But that cannot be changed. So I cannot display fatal errors. Is the only way to display fatal errors to change php.ini? /jeff --- Jeff Loiselle Web Developer, Musician, and Observer http://jeff.loiselles.com ""A man is what he thinks about all day long." - Ralph Waldo Emerson From lists at jack-scott.com Wed Apr 26 10:48:24 2006 From: lists at jack-scott.com (Jack Scott) Date: Wed, 26 Apr 2006 10:48:24 -0400 Subject: [nycphp-talk] php_admin_flag display_errors in httpd.conf In-Reply-To: <4b1887110604260737j1c87df54xc8975d5e6edd8c83@mail.gmail.com> References: <4b1887110604260737j1c87df54xc8975d5e6edd8c83@mail.gmail.com> Message-ID: <1146062904.8127.85.camel@localhost> On Wed, 2006-04-26 at 10:37 -0400, Jeff Loiselle wrote: > Is the only way to display fatal errors to change php.ini? no you can use ini_set() in your scripts: http://us2.php.net/manual/en/function.ini-set.php Heres a list of directives available to these functions. http://us2.php.net/manual/en/ini.php#ini.list -Jack From jeff.loiselle at gmail.com Wed Apr 26 10:52:38 2006 From: jeff.loiselle at gmail.com (Jeff Loiselle) Date: Wed, 26 Apr 2006 10:52:38 -0400 Subject: [nycphp-talk] php_admin_flag display_errors in httpd.conf In-Reply-To: <1146062904.8127.85.camel@localhost> References: <4b1887110604260737j1c87df54xc8975d5e6edd8c83@mail.gmail.com> <1146062904.8127.85.camel@localhost> Message-ID: <4b1887110604260752i7b55ebfco4ffbb17f44e72471@mail.gmail.com> Jack, I don't think ini_set display_errors catches fatals. But I just solved my problem. Thanks anyway! /jeff On 4/26/06, Jack Scott wrote: > On Wed, 2006-04-26 at 10:37 -0400, Jeff Loiselle wrote: > > > Is the only way to display fatal errors to change php.ini? > no > > you can use ini_set() in your scripts: > http://us2.php.net/manual/en/function.ini-set.php > > Heres a list of directives available to these functions. > http://us2.php.net/manual/en/ini.php#ini.list > > -Jack > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- --- Jeff Loiselle Web Developer, Musician, and Observer http://jeff.loiselles.com ""A man is what he thinks about all day long." - Ralph Waldo Emerson From lists at jack-scott.com Wed Apr 26 11:04:04 2006 From: lists at jack-scott.com (Jack Scott) Date: Wed, 26 Apr 2006 11:04:04 -0400 Subject: [nycphp-talk] php_admin_flag display_errors in httpd.conf In-Reply-To: <4b1887110604260752i7b55ebfco4ffbb17f44e72471@mail.gmail.com> References: <4b1887110604260737j1c87df54xc8975d5e6edd8c83@mail.gmail.com> <1146062904.8127.85.camel@localhost> <4b1887110604260752i7b55ebfco4ffbb17f44e72471@mail.gmail.com> Message-ID: <1146063844.8129.88.camel@localhost> display_errors = 1 && error_reporting = E_ALL On Wed, 2006-04-26 at 10:52 -0400, Jeff Loiselle wrote: > Jack, > > I don't think ini_set display_errors catches fatals. But I just solved > my problem. Thanks anyway! > > /jeff > > On 4/26/06, Jack Scott wrote: > > On Wed, 2006-04-26 at 10:37 -0400, Jeff Loiselle wrote: > > > > > Is the only way to display fatal errors to change php.ini? > > no > > > > you can use ini_set() in your scripts: > > http://us2.php.net/manual/en/function.ini-set.php > > > > Heres a list of directives available to these functions. > > http://us2.php.net/manual/en/ini.php#ini.list > > > > -Jack > > > > > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > New York PHP Conference and Expo 2006 > > http://www.nyphpcon.com > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > > > -- > --- > Jeff Loiselle > Web Developer, Musician, and Observer > http://jeff.loiselles.com > > ""A man is what he thinks about all day long." - Ralph Waldo Emerson > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > From aaron at aarond.com Wed Apr 26 12:03:59 2006 From: aaron at aarond.com (aaron) Date: Wed, 26 Apr 2006 12:03:59 -0400 Subject: [nycphp-talk] OT - web marketing Message-ID: <444F99EF.2080709@aarond.com> I'm looking for recommendations for any small business web marketing firms to handle pay per click and banner ad campaigns. Maybe like Overture or something. Any suggestions? Or can you point me to other mail lists/boards that can help? thanks, Aaron D. From list at harveyk.com Wed Apr 26 12:21:18 2006 From: list at harveyk.com (harvey) Date: Wed, 26 Apr 2006 12:21:18 -0400 Subject: [nycphp-talk] OT - web marketing In-Reply-To: <444F99EF.2080709@aarond.com> References: <444F99EF.2080709@aarond.com> Message-ID: <444F9DFE.30106@harveyk.com> Hi Aaron, If you give me a few more details, I'll probably be able to make a recommendation. You can email me directly at harvey at bigcitypartners.com Thanks, Harvey aaron wrote: > I'm looking for recommendations for any small business web marketing > firms to handle pay per click and banner ad campaigns. Maybe like > Overture or something. Any suggestions? Or can you point me to other > mail lists/boards that can help? > > thanks, > Aaron D. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From jonbaer at jonbaer.com Wed Apr 26 12:54:32 2006 From: jonbaer at jonbaer.com (Jon Baer) Date: Wed, 26 Apr 2006 12:54:32 -0400 Subject: [nycphp-talk] OT - web marketing In-Reply-To: <444F99EF.2080709@aarond.com> References: <444F99EF.2080709@aarond.com> Message-ID: <92555744-6D48-4544-BA5A-C022996AEA74@jonbaer.com> You can do this all on your own (and all with pretty effective web- based tools) ... I beleive these are the "big 3" of the niche ... http://www.cj.com http://www.performics.com http://www.linkshare.com Don't tell your marketing dept as it may put them out of a job ;-) Or if you are feeling adventurous set it up your own ... http:// phpadsnew.com/two/ - Jon On Apr 26, 2006, at 12:03 PM, aaron wrote: > I'm looking for recommendations for any small business web marketing > firms to handle pay per click and banner ad campaigns. Maybe like > Overture or something. Any suggestions? Or can you point me to other > mail lists/boards that can help? > > thanks, > Aaron D. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From 1j0lkq002 at sneakemail.com Wed Apr 26 13:32:59 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Wed, 26 Apr 2006 10:32:59 -0700 Subject: [nycphp-talk] OT - web marketing In-Reply-To: <92555744-6D48-4544-BA5A-C022996AEA74@jonbaer.com> References: <444F99EF.2080709@aarond.com> <92555744-6D48-4544-BA5A-C022996AEA74@jonbaer.com> Message-ID: <8953-15744@sneakemail.com> Jon Baer jonbaer-at-jonbaer.com |nyphp dev/internal group use| wrote: >You can do this all on your own (and all with pretty effective web- >based tools) ... I beleive these are the "big 3" of the niche ... > >http://www.cj.com >http://www.performics.com >http://www.linkshare.com > >Don't tell your marketing dept as it may put them out of a job ;-) > >Or if you are feeling adventurous set it up your own ... http:// >phpadsnew.com/two/ > >- Jon > > I am not soliciting business and am not available for new contextual advertising clients, but I will say that those who think they can do it themselves competitively are providing the profits for the rest of us. Of course there are exceptions. -=john andrews http://www.seo-fun.com >On Apr 26, 2006, at 12:03 PM, aaron wrote: > > > >>I'm looking for recommendations for any small business web marketing >>firms to handle pay per click and banner ad campaigns. Maybe like >>Overture or something. Any suggestions? Or can you point me to other >>mail lists/boards that can help? >> >>thanks, >>Aaron D. >>____________ >> > > -- ------------------------------------------------------------- http://www.seo-fun.com "writing is often like driving a truck at night without headlights, losing your way along the road and spending a decade in a ditch" -- Gay Talese From tedd at sperling.com Wed Apr 26 14:03:28 2006 From: tedd at sperling.com (tedd) Date: Wed, 26 Apr 2006 14:03:28 -0400 Subject: [nycphp-talk] OT - meta tags In-Reply-To: <23069-37940@sneakemail.com> References: <001601c6672c$de886320$68e4a144@Rubicon> <3621-51638@sneakemail.com> <23069-37940@sneakemail.com> Message-ID: tedd ignorantly said: > >The truth is, that meta-tags [robots] are not actually needed. > > john correctly answered: >Here's an example of creative use of the robots tag. Suppose you have a >shopping cart full of product info pages, product purchase pages, and >follow up "you bought this you might also like that" pages. You don't >want anything cached, because you don't believe Google has a right to >show your content without your knowing about it/countng it/putting ads >onto it/whatever. You don't want the actual cart pages (product >purchase) to be indexed, because they are just lists of somebody's >order. You want the follow-on pages of suggestions to be indexed because >of their excellent cross-referenced linking (a.k.a. effective use of >PR). So you set the product pages to "index, follow, nocache" and the >cart pages to "noindex, follow, nocache" and the follow-on pages to >"index, follow, nocache" and the spider does as you request. Most of you >out there know how to do that dynamically via PHP..it's just writing out >the meta info on page load. I stand corrected -- well actually, I lean a bit to the right, but that's another topic. I didn't understand the depth and scope of the robot-tag. Thanks for straightening me out about that. tedd -- -------------------------------------------------------------------------------- http://sperling.com From aaron at aarond.com Wed Apr 26 14:07:20 2006 From: aaron at aarond.com (aaron) Date: Wed, 26 Apr 2006 14:07:20 -0400 Subject: [nycphp-talk] OT - web marketing In-Reply-To: <92555744-6D48-4544-BA5A-C022996AEA74@jonbaer.com> References: <444F99EF.2080709@aarond.com> <92555744-6D48-4544-BA5A-C022996AEA74@jonbaer.com> Message-ID: <444FB6D8.7000608@aarond.com> Thanks for the links I'll look over them but I don't have time to manage the marketing myself. When you guys create an e-com site for small business where do you send the client for marketing? Jon Baer wrote: >You can do this all on your own (and all with pretty effective web- >based tools) ... I beleive these are the "big 3" of the niche ... > >http://www.cj.com >http://www.performics.com >http://www.linkshare.com > >Don't tell your marketing dept as it may put them out of a job ;-) > >Or if you are feeling adventurous set it up your own ... http:// >phpadsnew.com/two/ > >- Jon > >On Apr 26, 2006, at 12:03 PM, aaron wrote: > > > >>I'm looking for recommendations for any small business web marketing >>firms to handle pay per click and banner ad campaigns. Maybe like >>Overture or something. Any suggestions? Or can you point me to other >>mail lists/boards that can help? >> >>thanks, >>Aaron D. >>_______________________________________________ >>New York PHP Community Talk Mailing List >>http://lists.nyphp.org/mailman/listinfo/talk >>New York PHP Conference and Expo 2006 >>http://www.nyphpcon.com >>Show Your Participation in New York PHP >>http://www.nyphp.org/show_participation.php >> >> >> > >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk >New York PHP Conference and Expo 2006 >http://www.nyphpcon.com >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From edwardpotter at gmail.com Wed Apr 26 14:11:10 2006 From: edwardpotter at gmail.com (edward potter) Date: Wed, 26 Apr 2006 14:11:10 -0400 Subject: [nycphp-talk] OT - web marketing In-Reply-To: <444F99EF.2080709@aarond.com> References: <444F99EF.2080709@aarond.com> Message-ID: try the wwwac.org board, I'm sure you'll get a number of replies. thanks, ed :-) On 4/26/06, aaron wrote: > I'm looking for recommendations for any small business web marketing > firms to handle pay per click and banner ad campaigns. Maybe like > Overture or something. Any suggestions? Or can you point me to other > mail lists/boards that can help? > > thanks, > Aaron D. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From 1j0lkq002 at sneakemail.com Wed Apr 26 15:20:29 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Wed, 26 Apr 2006 12:20:29 -0700 Subject: [nycphp-talk] OT - web marketing In-Reply-To: <444FB6D8.7000608@aarond.com> References: <444F99EF.2080709@aarond.com> <92555744-6D48-4544-BA5A-C022996AEA74@jonbaer.com> <444FB6D8.7000608@aarond.com> Message-ID: <20060-51298@sneakemail.com> aaron aaron-at-aarond.com |nyphp dev/internal group use| wrote: > Thanks for the links I'll look over them but I don't have time to > manage the marketing myself. When you guys create an e-com site for > small business where do you send the client for marketing? It really depends on the niche market they want to market to... you want a marketer who knows the niche but not a marketer who is a competitor in that niche (or whose biggest clients are competitors). If you email me a few details I might be able to refer your client to someone appropriate. -=john andrews -- ------------------------------------------------------------- http://www.seo-fun.com "writing is often like driving a truck at night without headlights, losing your way along the road and spending a decade in a ditch" -- Gay Talese From njaldwin at gmail.com Wed Apr 26 19:25:03 2006 From: njaldwin at gmail.com (Nick Aldwin) Date: Wed, 26 Apr 2006 19:25:03 -0400 Subject: [nycphp-talk] PHP MySQL File Upload Help Message-ID: <32be13900604261625q61eac567j1d8e1acf6e445e7f@mail.gmail.com> I have the following code to handle file uploads. There is a database called "media". The errors I keep getting will follow the code. The upload data gets into the database fine; it seems to be storing the file that causes a problem. Please help! *Warning*: move_uploaded_file(PLACE/8.dat): failed to open stream: No such file or directory in *BLAHBLAH/upload.php* on line *17* *Warning*: move_uploaded_file(): Unable to move '/tmp/phpD4xBiO' to 'mnestuffz/8.dat' in *BLAHBLAH/upload.php* on line *17* *Warning*: Cannot modify header information - headers already sent by (output started at BLAHBLAH/upload.php:17) in BLAHBLAH*/upload.php* on line *19* -- Nick Aldwin NJAldwin at gmail.com http://www.nictitatingrabbit.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From ps at pswebcode.com Wed Apr 26 19:37:09 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Wed, 26 Apr 2006 19:37:09 -0400 Subject: [nycphp-talk] Still Selling the PHP5 Upgrade Message-ID: <002e01c6698a$5615a420$68e4a144@Rubicon> I need a quick intense refresher on 6-10 of the most tangible, most salient, conversational selling points for doing the PHP 4.3.x upgrade to PHP 5.1.2. So far I've got: 1) OOP 2) Better XML, Web Services handling potential 3) [duh] ... Isn't there more versatile date handling? Is the new MySQLi extension offering some speed or flexibility enhancements? I just need a few good ones to present. Anything in areas of improved speed or security would be solid. [ By the by, is that AJAX in use at http://us2.php.net/search.php ] Warmest regards, Peter Sawczynec, Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management ps at pswebcode.com 718.796.1951 www.pswebcode.com From ps at pswebcode.com Wed Apr 26 19:47:53 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Wed, 26 Apr 2006 19:47:53 -0400 Subject: [nycphp-talk] PHP MySQL File Upload Help In-Reply-To: <32be13900604261625q61eac567j1d8e1acf6e445e7f@mail.gmail.com> Message-ID: <002f01c6698b$d612ba40$68e4a144@Rubicon> >From php.net: Note: move_uploaded_file() is both safe mode and open_basedir aware. Peter -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Nick Aldwin Sent: Wednesday, April 26, 2006 7:25 PM To: talk at lists.nyphp.org Subject: [nycphp-talk] PHP MySQL File Upload Help I have the following code to handle file uploads. There is a database called "media". The errors I keep getting will follow the code. The upload data gets into the database fine; it seems to be storing the file that causes a problem. Please help! Warning: move_uploaded_file(PLACE/8.dat): failed to open stream: No such file or directory in BLAHBLAH/upload.php on line 17 Warning: move_uploaded_file(): Unable to move '/tmp/phpD4xBiO' to 'mnestuffz/8.dat' in BLAHBLAH/upload.php on line 17 Warning: Cannot modify header information - headers already sent by (output started at BLAHBLAH/upload.php:17) in BLAHBLAH/upload.php on line 19 -- Nick Aldwin NJAldwin at gmail.com http://www.nictitatingrabbit.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From tim at tmcode.com Wed Apr 26 20:00:24 2006 From: tim at tmcode.com (Tim McEwen) Date: Wed, 26 Apr 2006 20:00:24 -0400 Subject: [nycphp-talk] Still Selling the PHP5 Upgrade In-Reply-To: <002e01c6698a$5615a420$68e4a144@Rubicon> References: <002e01c6698a$5615a420$68e4a144@Rubicon> Message-ID: <7AE80D68-B351-4538-8D43-AC250835F5F4@tmcode.com> Off the top of my head: 1) Exceptions (i know you already mentioned oop but i think exceptions are worth their own bullet) 2) file_put_contents (and all the other built in functions available only 5+ (userland alts are slower) 3) Speed (all of the big and little tweaks to memory handling pay off, especially with OOP) 4) Reflection API (as a lazy documenter, i have a soft spot for the reflection api) 5) PDO (parameter binding, easy, parameter binding, easy) 6) Iterators (once again, oop but worth its own mention) 6) SPL (DirectoryIterator is so much more fun than opendir....) 7) Upgrading to php5 will give you practice for upgrading to php6. :) Probably taking some major php5 feature for granted but its been a while since I've had to work with php4 so my memory is a little dusty. Good luck with the sell.... -Tim On Apr 26, 2006, at 7:37 PM, Peter Sawczynec wrote: > I need a quick intense refresher on 6-10 of the most tangible, most > salient, > conversational selling points for doing the PHP 4.3.x upgrade to > PHP 5.1.2. > So far I've got: > 1) OOP > 2) Better XML, Web Services handling potential > 3) [duh] ... > > Isn't there more versatile date handling? Is the new MySQLi extension > offering some speed or flexibility enhancements? > > I just need a few good ones to present. Anything in areas of > improved speed > or security would be solid. > > [ By the by, is that AJAX in use at http://us2.php.net/search.php ] > > Warmest regards, > > Peter Sawczynec, > Technology Director > PSWebcode > _Design & Interface > _Ecommerce > _Database Management > ps at pswebcode.com > 718.796.1951 > www.pswebcode.com > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From ntang at communityconnect.com Wed Apr 26 20:14:49 2006 From: ntang at communityconnect.com (Nicholas Tang) Date: Wed, 26 Apr 2006 20:14:49 -0400 Subject: [nycphp-talk] Still Selling the PHP5 Upgrade Message-ID: Well, from my experience, performance is terrible. So I wouldn't list that as a selling point. Nicholas ________________________________ From: talk-bounces at lists.nyphp.org on behalf of Peter Sawczynec Sent: Wed 4/26/2006 7:37 PM To: talk at lists.nyphp.org Subject: [nycphp-talk] Still Selling the PHP5 Upgrade I need a quick intense refresher on 6-10 of the most tangible, most salient, conversational selling points for doing the PHP 4.3.x upgrade to PHP 5.1.2. [snip] -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 3540 bytes Desc: not available URL: From ps at pswebcode.com Wed Apr 26 20:48:26 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Wed, 26 Apr 2006 20:48:26 -0400 Subject: [nycphp-talk] Still Selling the PHP5 Upgrade In-Reply-To: Message-ID: <003e01c66994$4b76f000$68e4a144@Rubicon> Thanks, so far. Okay, here is my improved list: 1) OOP for scaling up with diversified enterprise applications and maintaining centralized control of core business logic. 2) XML/RSS/Web Services integration more accurate, simpler and faster. Jump starts integration potential with other sites and third-party services. 3) File Upload is more secure and standardized. Firmer control at this vital user interface. 4) Date/Time handling is broadened in scope and features more date formatting options to satisfy local and international needs. 5) MySQL database interface is more coherent and more versatile: handles connections and queries more efficiently. 6) Read and display full directories with more ease, accuracy and speed. This vital user experience is enhanced. I need a few more features as they would be sold to an enterprise web site management team, not as to be sold to programmers. Any more PHP beats the street-wise ideas? Peter -----Original Message----- From: Nicholas Tang [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Nicholas Tang Sent: Wednesday, April 26, 2006 8:15 PM To: NYPHP Talk Subject: RE: [nycphp-talk] Still Selling the PHP5 Upgrade Well, from my experience, performance is terrible. So I wouldn't list that as a selling point. Nicholas _____ From: talk-bounces at lists.nyphp.org on behalf of Peter Sawczynec Sent: Wed 4/26/2006 7:37 PM To: talk at lists.nyphp.org Subject: [nycphp-talk] Still Selling the PHP5 Upgrade I need a quick intense refresher on 6-10 of the most tangible, most salient, conversational selling points for doing the PHP 4.3.x upgrade to PHP 5.1.2. [snip] -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 4920 bytes Desc: not available URL: From gatzby3jr at gmail.com Wed Apr 26 20:50:11 2006 From: gatzby3jr at gmail.com (Brian O'Connor) Date: Wed, 26 Apr 2006 20:50:11 -0400 Subject: [nycphp-talk] PHP MySQL File Upload Help In-Reply-To: <002f01c6698b$d612ba40$68e4a144@Rubicon> References: <32be13900604261625q61eac567j1d8e1acf6e445e7f@mail.gmail.com> <002f01c6698b$d612ba40$68e4a144@Rubicon> Message-ID: <29da5d150604261750h274f1ec4ic2cdc4745cbc5c85@mail.gmail.com> While we're on this topic, I was wondering if some people could enlighten me on some good practices (if any at all really) for allowing users to upload files via a php page. Currently, I am using the ftp approach to upload certain files to my site, but I'm not really sure if that's the safest / most effective way. I had been using move_uploaded_file() before, but that didn't seem to work for me on some hosts (I'm on a shared host, and I probably will be for quite some time). Thanks. PS, I don't mean to change the topic from Nick's but I've been wondering about this for some time, and this seemed like a good place to ask the question. -- Brian O'Connor -------------- next part -------------- An HTML attachment was scrubbed... URL: From ps at pswebcode.com Wed Apr 26 20:50:41 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Wed, 26 Apr 2006 20:50:41 -0400 Subject: [nycphp-talk] Still Selling the PHP5 Upgrade In-Reply-To: <7AE80D68-B351-4538-8D43-AC250835F5F4@tmcode.com> Message-ID: <004701c66994$9bebdc80$68e4a144@Rubicon> Thanks, so far. Okay, here is my improved list: 1) OOP for scaling up with diversified enterprise applications and maintaining centralized control of core business logic. 2) XML/RSS/Web Services integration more accurate, simpler and faster. Jump starts integration potential with other sites and third-party services. 3) File Upload is more secure and standardized. Firmer control at this vital user interface. 4) Date/Time handling is broadened in scope and features more date formatting options to satisfy local and international needs. 5) MySQL database interface is more coherent and more versatile: handles connections and queries more efficiently. 6) Read and display full directories with more ease, accuracy and speed. This vital user experience is enhanced. I need a few more features as they would be sold to an enterprise web site management team, not as to be sold to programmers. Any more PHP beats the street-wise ideas? Peter -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Tim McEwen Sent: Wednesday, April 26, 2006 8:00 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Still Selling the PHP5 Upgrade Off the top of my head: 1) Exceptions (i know you already mentioned oop but i think exceptions are worth their own bullet) 2) file_put_contents (and all the other built in functions available only 5+ (userland alts are slower) 3) Speed (all of the big and little tweaks to memory handling pay off, especially with OOP) 4) Reflection API (as a lazy documenter, i have a soft spot for the reflection api) 5) PDO (parameter binding, easy, parameter binding, easy) 6) Iterators (once again, oop but worth its own mention) 6) SPL (DirectoryIterator is so much more fun than opendir....) 7) Upgrading to php5 will give you practice for upgrading to php6. :) Probably taking some major php5 feature for granted but its been a while since I've had to work with php4 so my memory is a little dusty. Good luck with the sell.... -Tim On Apr 26, 2006, at 7:37 PM, Peter Sawczynec wrote: > I need a quick intense refresher on 6-10 of the most tangible, most > salient, > conversational selling points for doing the PHP 4.3.x upgrade to > PHP 5.1.2. > So far I've got: > 1) OOP > 2) Better XML, Web Services handling potential > 3) [duh] ... > > Isn't there more versatile date handling? Is the new MySQLi extension > offering some speed or flexibility enhancements? > > I just need a few good ones to present. Anything in areas of > improved speed > or security would be solid. > > [ By the by, is that AJAX in use at http://us2.php.net/search.php ] > > Warmest regards, > > Peter Sawczynec, > Technology Director > PSWebcode > _Design & Interface > _Ecommerce > _Database Management > ps at pswebcode.com > 718.796.1951 > www.pswebcode.com > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk New York PHP Conference and Expo 2006 http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From andrew at plexpod.com Wed Apr 26 21:08:28 2006 From: andrew at plexpod.com (Andrew Yochum) Date: Wed, 26 Apr 2006 21:08:28 -0400 Subject: [nycphp-talk] Still Selling the PHP5 Upgrade In-Reply-To: <004701c66994$9bebdc80$68e4a144@Rubicon> References: <7AE80D68-B351-4538-8D43-AC250835F5F4@tmcode.com> <004701c66994$9bebdc80$68e4a144@Rubicon> Message-ID: <20060427010827.GC17829@desario.homelinux.net> Peter, Fact: PHP 4 is only receiving bug & security fixes. No new features will be added to PHP 4, nor will it receive maintenance. Speculation, as I don't believe its been discussed in a public forum by those who make such decisions: I expect PHP 4 to be sunsetted eventually, but the userbase is very large so it is hard to guess how long that might be. For reference, PHP 3 was sunsetted about 5 months after PHP 4 was released. We've now seen PHP 4 be supported much longer than that, but who knows how much longer. If others knows more about this subject, please speak up. HTH, Andrew On Wed, Apr 26, 2006 at 08:50:41PM -0400, Peter Sawczynec wrote: > Thanks, so far. Okay, here is my improved list: > > 1) OOP for scaling up with diversified enterprise applications and > maintaining centralized control of core business logic. > 2) XML/RSS/Web Services integration more accurate, simpler and faster. Jump > starts integration potential with other sites and third-party services. > 3) File Upload is more secure and standardized. Firmer control at this vital > user interface. > 4) Date/Time handling is broadened in scope and features more date > formatting options to satisfy local and international needs. > 5) MySQL database interface is more coherent and more versatile: handles > connections and queries more efficiently. > 6) Read and display full directories with more ease, accuracy and speed. > This vital user experience is enhanced. > > I need a few more features as they would be sold to an enterprise web site > management team, not as to be sold to programmers. > > Any more PHP beats the street-wise ideas? > > Peter > > > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On > Behalf Of Tim McEwen > Sent: Wednesday, April 26, 2006 8:00 PM > To: NYPHP Talk > Subject: Re: [nycphp-talk] Still Selling the PHP5 Upgrade > > > Off the top of my head: > > 1) Exceptions (i know you already mentioned oop but i think > exceptions are worth their own bullet) > 2) file_put_contents (and all the other built in functions available > only 5+ (userland alts are slower) > 3) Speed (all of the big and little tweaks to memory handling pay > off, especially with OOP) > 4) Reflection API (as a lazy documenter, i have a soft spot for the > reflection api) > 5) PDO (parameter binding, easy, parameter binding, easy) > 6) Iterators (once again, oop but worth its own mention) > 6) SPL (DirectoryIterator is so much more fun than opendir....) > 7) Upgrading to php5 will give you practice for upgrading to php6. :) > > Probably taking some major php5 feature for granted but its been a > while since I've had to work with php4 so my memory is a little dusty. > > Good luck with the sell.... > > -Tim > > On Apr 26, 2006, at 7:37 PM, Peter Sawczynec wrote: > > > I need a quick intense refresher on 6-10 of the most tangible, most > > salient, > > conversational selling points for doing the PHP 4.3.x upgrade to > > PHP 5.1.2. > > So far I've got: > > 1) OOP > > 2) Better XML, Web Services handling potential > > 3) [duh] ... > > > > Isn't there more versatile date handling? Is the new MySQLi extension > > offering some speed or flexibility enhancements? > > > > I just need a few good ones to present. Anything in areas of > > improved speed > > or security would be solid. > > > > [ By the by, is that AJAX in use at http://us2.php.net/search.php ] > > > > Warmest regards, > > > > Peter Sawczynec, > > Technology Director > > PSWebcode > > _Design & Interface > > _Ecommerce > > _Database Management > > ps at pswebcode.com > > 718.796.1951 > > www.pswebcode.com > > > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > New York PHP Conference and Expo 2006 > > http://www.nyphpcon.com > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php -- Andrew Yochum Plexpod andrew at plexpod.com 718-360-0879 From adam at trachtenberg.com Wed Apr 26 22:30:58 2006 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Wed, 26 Apr 2006 22:30:58 -0400 (EDT) Subject: [nycphp-talk] Still Selling the PHP5 Upgrade In-Reply-To: <20060427010827.GC17829@desario.homelinux.net> References: <7AE80D68-B351-4538-8D43-AC250835F5F4@tmcode.com> <004701c66994$9bebdc80$68e4a144@Rubicon> <20060427010827.GC17829@desario.homelinux.net> Message-ID: On Wed, 26 Apr 2006, Andrew Yochum wrote: > Speculation, as I don't believe its been discussed in a public forum > by those who make such decisions: I expect PHP 4 to be sunsetted > eventually, but the userbase is very large so it is hard to guess > how long that might be. For reference, PHP 3 was sunsetted about 5 > months after PHP 4 was released. We've now seen PHP 4 be supported > much longer than that, but who knows how much longer. Based on my experience, PHP 4 will be sunsetted right around the time none of the core developers are still using it. -adam -- adam at trachtenberg.com | http://www.trachtenberg.com author of o'reilly's "upgrading to php 5" and "php cookbook" avoid the holiday rush, buy your copies today! From dallas.devries at gmail.com Thu Apr 27 00:26:42 2006 From: dallas.devries at gmail.com (Dallas DeVries) Date: Thu, 27 Apr 2006 00:26:42 -0400 Subject: [nycphp-talk] Still Selling the PHP5 Upgrade In-Reply-To: References: <7AE80D68-B351-4538-8D43-AC250835F5F4@tmcode.com> <004701c66994$9bebdc80$68e4a144@Rubicon> <20060427010827.GC17829@desario.homelinux.net> Message-ID: <1200dbac0604262126y63306434o10ad0e7cecea8805@mail.gmail.com> Any good framework to develop in is going to require the advanced features of php5, there is just no way php4 can do this well. Probably a good argument for an enterprise web site management team. -Dallas On 4/26/06, Adam Maccabee Trachtenberg wrote: > > On Wed, 26 Apr 2006, Andrew Yochum wrote: > > > Speculation, as I don't believe its been discussed in a public forum > > by those who make such decisions: I expect PHP 4 to be sunsetted > > eventually, but the userbase is very large so it is hard to guess > > how long that might be. For reference, PHP 3 was sunsetted about 5 > > months after PHP 4 was released. We've now seen PHP 4 be supported > > much longer than that, but who knows how much longer. > > Based on my experience, PHP 4 will be sunsetted right around the time > none of the core developers are still using it. > > -adam > > -- > adam at trachtenberg.com | http://www.trachtenberg.com > author of o'reilly's "upgrading to php 5" and "php cookbook" > avoid the holiday rush, buy your copies today! > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ps at pswebcode.com Thu Apr 27 06:11:28 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Thu, 27 Apr 2006 06:11:28 -0400 Subject: [nycphp-talk] Still Selling the PHP5 Upgrade In-Reply-To: <1200dbac0604262126y63306434o10ad0e7cecea8805@mail.gmail.com> Message-ID: <005d01c669e2$f34ccd60$68e4a144@Rubicon> Okay, here's more sell based on the input and comments: 7) Freely-available, superior open source PHP business-solutions projects in their next wave will not be backwards compatible to PHP4. 8) PHP5 natively engenders coding innovation, improved security and more web application strength. Peter -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Dallas DeVries Sent: Thursday, April 27, 2006 12:27 AM To: NYPHP Talk Subject: Re: [nycphp-talk] Still Selling the PHP5 Upgrade Any good framework to develop in is going to require the advanced features of php5, there is just no way php4 can do this well. Probably a good argument for an enterprise web site management team. -Dallas On 4/26/06, Adam Maccabee Trachtenberg wrote: On Wed, 26 Apr 2006, Andrew Yochum wrote: > Speculation, as I don't believe its been discussed in a public forum > by those who make such decisions: I expect PHP 4 to be sunsetted > eventually, but the userbase is very large so it is hard to guess > how long that might be. For reference, PHP 3 was sunsetted about 5 > months after PHP 4 was released. We've now seen PHP 4 be supported > much longer than that, but who knows how much longer. Based on my experience, PHP 4 will be sunsetted right around the time none of the core developers are still using it. -adam -- adam at trachtenberg.com | http://www.trachtenberg.com author of o'reilly's "upgrading to php 5" and "php cookbook" avoid the holiday rush, buy your copies today! _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk New York PHP Conference and Expo 2006 http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From ps at pswebcode.com Thu Apr 27 07:49:58 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Thu, 27 Apr 2006 07:49:58 -0400 Subject: [nycphp-talk] Still Selling the PHP5 Upgrade In-Reply-To: <1200dbac0604262126y63306434o10ad0e7cecea8805@mail.gmail.com> Message-ID: <006e01c669f0$b5be1a40$68e4a144@Rubicon> Okay, here it is -- my last draft on "Selling the PHP 5 Upgrade": 1) XML/RSS/Web Services Integration Accurate, simpler and faster usage of these essential technologies. Jump starts integration potential with other sites and third-party services. 2) File Upload/Downloads Improved This increasingly vital user interface is more securely implemented and the usage standardized for more exacting control. 3) Date/Time Handling Improved Date usage is broadened in scope and features more date formatting options to satisfy more local and international needs. 4) Database Interface Improved More coherent and more versatile MySQL functions: opens/closes connections, executes queries, and returns large result sets more efficiently. 5) Directory Reading and Display Improved Scan full directories of files with more ease, accuracy and speed. This resource intensive user experience is enhanced. 6) OOP [Object Oriented Programming] Model Eases the maintenance of centralized core business logic and handles scaling up for large enterprise applications. 7) PHP5 Eases Management Concerns PHPP5 natively engenders more coding innovation. Management rests easier knowing that web applications are being built from scratch with built-in improved security and more application strength. 8) PHP5 Will Eclipse PHP4 in Best Code Projects Freely-available, open source PHP business-solutions projects in their next wave will not be backwards compatible to PHP4. Warmest regards, Peter Sawczynec, Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management ps at pswebcode.com 718.796.1951 www.pswebcode.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Dallas DeVries Sent: Thursday, April 27, 2006 12:27 AM To: NYPHP Talk Subject: Re: [nycphp-talk] Still Selling the PHP5 Upgrade Any good framework to develop in is going to require the advanced features of php5, there is just no way php4 can do this well. Probably a good argument for an enterprise web site management team. -Dallas On 4/26/06, Adam Maccabee Trachtenberg wrote: On Wed, 26 Apr 2006, Andrew Yochum wrote: > Speculation, as I don't believe its been discussed in a public forum > by those who make such decisions: I expect PHP 4 to be sunsetted > eventually, but the userbase is very large so it is hard to guess > how long that might be. For reference, PHP 3 was sunsetted about 5 > months after PHP 4 was released. We've now seen PHP 4 be supported > much longer than that, but who knows how much longer. Based on my experience, PHP 4 will be sunsetted right around the time none of the core developers are still using it. -adam -- adam at trachtenberg.com | http://www.trachtenberg.com author of o'reilly's "upgrading to php 5" and "php cookbook" avoid the holiday rush, buy your copies today! _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk New York PHP Conference and Expo 2006 http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From jeff.loiselle at gmail.com Thu Apr 27 10:01:51 2006 From: jeff.loiselle at gmail.com (Jeff Loiselle) Date: Thu, 27 Apr 2006 10:01:51 -0400 Subject: [nycphp-talk] php_admin_flag display_errors in httpd.conf In-Reply-To: <1146063844.8129.88.camel@localhost> References: <4b1887110604260737j1c87df54xc8975d5e6edd8c83@mail.gmail.com> <1146062904.8127.85.camel@localhost> <4b1887110604260752i7b55ebfco4ffbb17f44e72471@mail.gmail.com> <1146063844.8129.88.camel@localhost> Message-ID: <4b1887110604270701h46049f99w9c66af10714862ba@mail.gmail.com> Jack, ini_set('display_errors', 'on') will not work during a fatal parse error. You can set this in .htaccess or httpd.conf using the php_admin_flag or php_flag directives. At first I was having problems with it.. I thought the .htaccess directive wasnt working. But then I realized I was suppressing the messages with this typo: error_reporting('E_STRICT'); oops. On 4/26/06, Jack Scott wrote: > display_errors = 1 && error_reporting = E_ALL > > On Wed, 2006-04-26 at 10:52 -0400, Jeff Loiselle wrote: > > Jack, > > > > I don't think ini_set display_errors catches fatals. But I just solved > > my problem. Thanks anyway! > > > > /jeff > > > > On 4/26/06, Jack Scott wrote: > > > On Wed, 2006-04-26 at 10:37 -0400, Jeff Loiselle wrote: > > > > > > > Is the only way to display fatal errors to change php.ini? > > > no > > > > > > you can use ini_set() in your scripts: > > > http://us2.php.net/manual/en/function.ini-set.php > > > > > > Heres a list of directives available to these functions. > > > http://us2.php.net/manual/en/ini.php#ini.list > > > > > > -Jack > > > > > > > > > _______________________________________________ > > > New York PHP Community Talk Mailing List > > > http://lists.nyphp.org/mailman/listinfo/talk > > > New York PHP Conference and Expo 2006 > > > http://www.nyphpcon.com > > > Show Your Participation in New York PHP > > > http://www.nyphp.org/show_participation.php > > > > > > > > > -- > > --- > > Jeff Loiselle > > Web Developer, Musician, and Observer > > http://jeff.loiselles.com > > > > ""A man is what he thinks about all day long." - Ralph Waldo Emerson > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > New York PHP Conference and Expo 2006 > > http://www.nyphpcon.com > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- --- Jeff Loiselle Web Developer, Musician, and Observer http://jeff.loiselles.com ""A man is what he thinks about all day long." - Ralph Waldo Emerson From chsnyder at gmail.com Thu Apr 27 12:17:59 2006 From: chsnyder at gmail.com (csnyder) Date: Thu, 27 Apr 2006 12:17:59 -0400 Subject: [nycphp-talk] PHP MySQL File Upload Help In-Reply-To: <29da5d150604261750h274f1ec4ic2cdc4745cbc5c85@mail.gmail.com> References: <32be13900604261625q61eac567j1d8e1acf6e445e7f@mail.gmail.com> <002f01c6698b$d612ba40$68e4a144@Rubicon> <29da5d150604261750h274f1ec4ic2cdc4745cbc5c85@mail.gmail.com> Message-ID: On 4/26/06, Brian O'Connor wrote: > While we're on this topic, I was wondering if some people could enlighten me > on some good practices (if any at all really) for allowing users to upload > files via a php page. > > Currently, I am using the ftp approach to upload certain files to my site, > but I'm not really sure if that's the safest / most effective way. I had > been using move_uploaded_file() before, but that didn't seem to work for me > on some hosts (I'm on a shared host, and I probably will be for quite some > time). > > Thanks. Which ftp approach do you mean? Some things you can do to safely handle uploaded files are: 1) use is_uploaded_file() to make sure you can trust the data in the temporary file 2) make sure uploaded files are *never* saved with .php extensions (or any other extension the webserver might execute as php). it's possible to embed php code in files of any mimetype. 3) store uploads outside of the web root, so that an attacker can't request an uploaded file directly. this helps mitigate the risk in #2. -- Chris Snyder http://chxo.com/ From gatzby3jr at gmail.com Thu Apr 27 12:26:25 2006 From: gatzby3jr at gmail.com (Brian O'Connor) Date: Thu, 27 Apr 2006 12:26:25 -0400 Subject: [nycphp-talk] PHP MySQL File Upload Help In-Reply-To: References: <32be13900604261625q61eac567j1d8e1acf6e445e7f@mail.gmail.com> <002f01c6698b$d612ba40$68e4a144@Rubicon> <29da5d150604261750h274f1ec4ic2cdc4745cbc5c85@mail.gmail.com> Message-ID: <29da5d150604270926g1d5373d9o12e79a1d60bb61dd@mail.gmail.com> This is the way I currently upload some images to my website now. I really have no idea how safe this is, so if its unsafe, please let me know. // FTP configuration $ftp_server = 'myftpaddr'; $ftp_user_name = 'myuser'; $ftp_user_pass = 'mypass'; // Connect $conn_id = ftp_connect($ftp_server); // Get filename / extension $filename = explode('.', $_FILES['ap_filename']['name']); $ext = $filename[count($filename) - 1]; // Make sure extension is jpg if(strtolower($ext) != 'jpg') { $failure = true; $message .= 'The file type must be jpeg.
'; } // login with username and password $login_result = ftp_login($conn_id, $ftp_user_name, $ftp_user_pass); // check connection if ((!$conn_id) || (!$login_result)) { $failure = true; $message .= 'Connection was not established.
'; } // Change directory $directory = ftp_chdir($conn_id, 'path/to/dir'); if(!$directory) { $failure = true; $message .= 'Could not change directories.
'; } // Temporary name $source_file = $_FILES['ap_filename']['tmp_name']; // Real name $destination_file = $_FILES['ap_filename']['name']; // some error handling // upload the file $upload = ftp_put($conn_id, $destination_file, $source_file, FTP_BINARY); ftp_close($conn_id); On 4/27/06, csnyder wrote: > > On 4/26/06, Brian O'Connor wrote: > > While we're on this topic, I was wondering if some people could > enlighten me > > on some good practices (if any at all really) for allowing users to > upload > > files via a php page. > > > > Currently, I am using the ftp approach to upload certain files to my > site, > > but I'm not really sure if that's the safest / most effective way. I > had > > been using move_uploaded_file() before, but that didn't seem to work for > me > > on some hosts (I'm on a shared host, and I probably will be for quite > some > > time). > > > > Thanks. > > > Which ftp approach do you mean? > > Some things you can do to safely handle uploaded files are: > > 1) use is_uploaded_file() to make sure you can trust the data in the > temporary file > > 2) make sure uploaded files are *never* saved with .php extensions (or > any other extension the webserver might execute as php). it's possible > to embed php code in files of any mimetype. > > 3) store uploads outside of the web root, so that an attacker can't > request an uploaded file directly. this helps mitigate the risk in #2. > > > -- > Chris Snyder > http://chxo.com/ > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- Brian O'Connor -------------- next part -------------- An HTML attachment was scrubbed... URL: From chsnyder at gmail.com Thu Apr 27 14:34:47 2006 From: chsnyder at gmail.com (csnyder) Date: Thu, 27 Apr 2006 14:34:47 -0400 Subject: [nycphp-talk] PHP MySQL File Upload Help In-Reply-To: <29da5d150604270926g1d5373d9o12e79a1d60bb61dd@mail.gmail.com> References: <32be13900604261625q61eac567j1d8e1acf6e445e7f@mail.gmail.com> <002f01c6698b$d612ba40$68e4a144@Rubicon> <29da5d150604261750h274f1ec4ic2cdc4745cbc5c85@mail.gmail.com> <29da5d150604270926g1d5373d9o12e79a1d60bb61dd@mail.gmail.com> Message-ID: On 4/27/06, Brian O'Connor wrote: > This is the way I currently upload some images to my website now. I really > have no idea how safe this is, so if its unsafe, please let me know. > > // FTP configuration > $ftp_server = 'myftpaddr'; > $ftp_user_name = 'myuser'; > $ftp_user_pass = 'mypass'; > > // Connect > $conn_id = ftp_connect($ftp_server); [snip] > > // upload the file > $upload = ftp_put($conn_id, $destination_file, $source_file, > FTP_BINARY); > > ftp_close($conn_id); Ah, that ftp solution. By using a localhost ftp connection, you can save the files as your login user and avoid both world-writeable directories and undeleteable (because owned by apache) files. Those are big pros. There are also some big cons, depending on your situation. First, we all know that ftp is an insecure protocol, right? This isn't an issue if the ftp server is localhost, but if you are making connections over a network you are potentially exposing your password to anyone with access to the packets. Second, and more importantly, you are potentially exposing your login credentials to anyone else on the shared server with read access to your script. This is the fundamental problem with shared hosting, and it applies to database credentials as well. That seems like a bigger risk (since all of your files are accessible) than just having a world-writeable directory (where only uploaded files are accessible). The convenience of having the uploaded files owned by you rather than by the webserver may still outweigh the security issues, but you have to make that call. Not all shared servers are alike, of course. If you have any question about whether other users on the box could read your scripts, ask your hosting company. -- Chris Snyder http://chxo.com/ From gatzby3jr at gmail.com Thu Apr 27 21:58:33 2006 From: gatzby3jr at gmail.com (Brian O'Connor) Date: Thu, 27 Apr 2006 21:58:33 -0400 Subject: [nycphp-talk] PHP MySQL File Upload Help In-Reply-To: References: <32be13900604261625q61eac567j1d8e1acf6e445e7f@mail.gmail.com> <002f01c6698b$d612ba40$68e4a144@Rubicon> <29da5d150604261750h274f1ec4ic2cdc4745cbc5c85@mail.gmail.com> <29da5d150604270926g1d5373d9o12e79a1d60bb61dd@mail.gmail.com> Message-ID: <29da5d150604271858m4393defeu87655779e3a1866b@mail.gmail.com> Ah I see, thanks for the insight, greatly appreciated. I'll contact my hosting company to find out the details and make a decision based on the facts. On 4/27/06, csnyder wrote: > > On 4/27/06, Brian O'Connor wrote: > > This is the way I currently upload some images to my website now. I > really > > have no idea how safe this is, so if its unsafe, please let me know. > > > > // FTP configuration > > $ftp_server = 'myftpaddr'; > > $ftp_user_name = 'myuser'; > > $ftp_user_pass = 'mypass'; > > > > // Connect > > $conn_id = ftp_connect($ftp_server); > > [snip] > > > > > // upload the file > > $upload = ftp_put($conn_id, $destination_file, $source_file, > > FTP_BINARY); > > > > ftp_close($conn_id); > > > Ah, that ftp solution. > > By using a localhost ftp connection, you can save the files as your > login user and avoid both world-writeable directories and undeleteable > (because owned by apache) files. > > Those are big pros. There are also some big cons, depending on your > situation. > > First, we all know that ftp is an insecure protocol, right? This isn't > an issue if the ftp server is localhost, but if you are making > connections over a network you are potentially exposing your password > to anyone with access to the packets. > > Second, and more importantly, you are potentially exposing your login > credentials to anyone else on the shared server with read access to > your script. This is the fundamental problem with shared hosting, and > it applies to database credentials as well. That seems like a bigger > risk (since all of your files are accessible) than just having a > world-writeable directory (where only uploaded files are accessible). > > The convenience of having the uploaded files owned by you rather than > by the webserver may still outweigh the security issues, but you have > to make that call. > > Not all shared servers are alike, of course. If you have any question > about whether other users on the box could read your scripts, ask your > hosting company. > > > -- > Chris Snyder > http://chxo.com/ > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- Brian O'Connor -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailinglists at caseysoftware.com Fri Apr 28 10:27:00 2006 From: mailinglists at caseysoftware.com (Keith Casey) Date: Fri, 28 Apr 2006 10:27:00 -0400 Subject: [nycphp-talk] Any PHP Analysis Tools? Message-ID: I just got a steaming pile of PHP dropped in my lap which - as far as I can tell - has no classes, 100+ functions, lots of globals, nothing resembling security and/or input filtering, a rather large user base, and a hitlist of new requirements/requests. Help! Alright, got that out of the way... Now I'm trying to do some analysis to figure out which functions and variables are/aren't being used, the general flow of the code, and some basic metrics. Something like PMD or Perl::Critic (I think) would be the ideal, but now I'd just be happy with something beyond my mediocre grepping skills. I've dug around and found this - http://dev.eclipse.org/newslists/news.eclipse.tools.php/msg00038.html - which doesn't bode well, but I thought maybe someone around here would know some more... ideas? -- Keith Casey CEO, http://CaseySoftware.com 2006 DC PHP Conference Details: http://dcphpconference.com/ From edwardpotter at gmail.com Fri Apr 28 11:48:11 2006 From: edwardpotter at gmail.com (edward potter) Date: Fri, 28 Apr 2006 11:48:11 -0400 Subject: [nycphp-talk] Any PHP Analysis Tools? In-Reply-To: References: Message-ID: May I suggest you get an Intern(s) from a local college to give you a hand? There are 1000's of students hitting the streets this Summer looking for Internships. Yes, they do work for free (but hey, give them a few $$$s), they need it for their resumes, and sometimes schools will give them credit. And almost all colleges teach a PHP/scripting course. -ed :-) On 4/28/06, Keith Casey wrote: > I just got a steaming pile of PHP dropped in my lap which - as far as > I can tell - has no classes, 100+ functions, lots of globals, nothing > resembling security and/or input filtering, a rather large user base, > and a hitlist of new requirements/requests. Help! > > Alright, got that out of the way... > > Now I'm trying to do some analysis to figure out which functions and > variables are/aren't being used, the general flow of the code, and > some basic metrics. Something like PMD or Perl::Critic (I think) > would be the ideal, but now I'd just be happy with something beyond my > mediocre grepping skills. > > I've dug around and found this - > http://dev.eclipse.org/newslists/news.eclipse.tools.php/msg00038.html > - which doesn't bode well, but I thought maybe someone around here > would know some more... ideas? > > -- > Keith Casey > CEO, http://CaseySoftware.com > > 2006 DC PHP Conference Details: http://dcphpconference.com/ > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From andrew at plexpod.com Fri Apr 28 12:01:28 2006 From: andrew at plexpod.com (Andrew Yochum) Date: Fri, 28 Apr 2006 12:01:28 -0400 Subject: [nycphp-talk] Any PHP Analysis Tools? In-Reply-To: References: Message-ID: <20060428160128.GQ17829@desario.homelinux.net> On Fri, Apr 28, 2006 at 10:27:00AM -0400, Keith Casey wrote: > I just got a steaming pile of PHP dropped in my lap which - as far as > I can tell - has no classes, 100+ functions, lots of globals, nothing > resembling security and/or input filtering, a rather large user base, > and a hitlist of new requirements/requests. Help! > > Alright, got that out of the way... > > Now I'm trying to do some analysis to figure out which functions and > variables are/aren't being used, the general flow of the code, and > some basic metrics. Something like PMD or Perl::Critic (I think) > would be the ideal, but now I'd just be happy with something beyond my > mediocre grepping skills. > > I've dug around and found this - > http://dev.eclipse.org/newslists/news.eclipse.tools.php/msg00038.html > - which doesn't bode well, but I thought maybe someone around here > would know some more... ideas? Xdebug is great for tracing & profiling code. Use it with kcachegrind for nice visualization. It won't give you the code analysis stuff that Perl::Critic would, but its a start to give you a picture of whats going on. HTH, Andrew -- Andrew Yochum Plexpod andrew at plexpod.com 718-360-0879 From danielc at analysisandsolutions.com Fri Apr 28 12:10:06 2006 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Fri, 28 Apr 2006 12:10:06 -0400 Subject: [nycphp-talk] Any PHP Analysis Tools? In-Reply-To: References: Message-ID: <20060428161006.GA1368@panix.com> Hi: On Fri, Apr 28, 2006 at 11:48:11AM -0400, edward potter wrote: > May I suggest you get an Intern(s) from a local college to give you a hand? The likelyhood they'll properly clean up the code and resolve security issues is VERY low. Wouldn't be surprised if the reason the thing is a "steaming pile" is the people who wrote it in the first place were interns. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From danielc at analysisandsolutions.com Fri Apr 28 12:11:10 2006 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Fri, 28 Apr 2006 12:11:10 -0400 Subject: [nycphp-talk] Any PHP Analysis Tools? In-Reply-To: References: Message-ID: <20060428161110.GB1368@panix.com> On Fri, Apr 28, 2006 at 10:27:00AM -0400, Keith Casey wrote: > > Now I'm trying to do some analysis to figure out which functions and > variables are/aren't being used, the general flow of the code, and > some basic metrics. Zend Studio has tools for this. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From daniel at reflexionsdata.com Fri Apr 28 12:11:44 2006 From: daniel at reflexionsdata.com (Daniel Leslie) Date: Fri, 28 Apr 2006 12:11:44 -0400 Subject: [nycphp-talk] Seeking Senior OSS Developer / Solutions Manager Message-ID: <44523EC0.1070908@reflexionsdata.com> Hi everyone, [Apologies in advance for the cross-post to NYPHP Talk. Wanted to make sure you guys saw this.] Our company is actively seeking a full time Senior Developer who has knowledge of PHP and other OSS technologies. We're a web/software development firm based in White Plains, NY. Our team currently consists of 9 full time employees and we have a fun, casual atmosphere. The position offers highly competitive salary and benefits. We're also open to the possibility of a part time remote working situation. More information about the position can be found here: http://www.reflexionsdata.com/company/employment In addition if you happen to know anyone who might be a good match for a Sales/Solutions Manager, this position is also open. We're also offering paid seasonal internship opportunities. Details on these positions can be found using the above link. Have a good weekend, Dan Leslie -- Partner / Director of Business Development r e f l e x i o n s d a t a business solutions for the web http://www.reflexionsdata.com/ 34 South Broadway, Suite 716 White Plains, NY 10601 T: 914-946-3711 x200 C: 914-439-1385 F: 914-206-3646 E: daniel at reflexionsdata.com From mailinglists at caseysoftware.com Fri Apr 28 12:29:37 2006 From: mailinglists at caseysoftware.com (Keith Casey) Date: Fri, 28 Apr 2006 12:29:37 -0400 Subject: [nycphp-talk] Any PHP Analysis Tools? In-Reply-To: <20060428161006.GA1368@panix.com> References: <20060428161006.GA1368@panix.com> Message-ID: On 4/28/06, Daniel Convissor wrote: > The likelyhood they'll properly clean up the code and resolve security > issues is VERY low. Wouldn't be surprised if the reason the thing is a > "steaming pile" is the people who wrote it in the first place were > interns. >From talking to some of the other people involved (non-technical), I think this assessment was accurate. It appears the bulk of the code was written 2-3 years ago by a handful of people who were working on their first non-academic project. They didn't appear to be using version control either, so there are huge sections commented out instead of deleted... and the communication was poor, so there are differing implementations for the same things. The security aspect is one of the larger ones to me... as a test this morning, I submitted some simple javascript alerts and sql-injection and they made it through no problem. Thanks for the tip on Zend Studio, I'll look into that first. -- Keith Casey CEO, http://CaseySoftware.com 2006 DC PHP Conference Details: http://dcphpconference.com/ From edwardpotter at gmail.com Fri Apr 28 12:56:32 2006 From: edwardpotter at gmail.com (edward potter) Date: Fri, 28 Apr 2006 12:56:32 -0400 Subject: [nycphp-talk] Any PHP Analysis Tools? In-Reply-To: <20060428161006.GA1368@panix.com> References: <20060428161006.GA1368@panix.com> Message-ID: Yes, those pesky students, like the ones that started SUN, Yahoo, and Google! :-) >From my experiences, students are VERY OFTEN much better at this business then the teachers. Why? Because they have time on their hands, professors are having a hard time catching up to the latest technologies, they're in staff meetings most of the day. Just my 2 cents! -ed :-) PS. In the worlds of the new MIT Media Lab guy, "ideas are now coming from the bottom up, NO longer from the top down.". On 4/28/06, Daniel Convissor wrote: > Hi: > > On Fri, Apr 28, 2006 at 11:48:11AM -0400, edward potter wrote: > > May I suggest you get an Intern(s) from a local college to give you a hand? > > The likelyhood they'll properly clean up the code and resolve security > issues is VERY low. Wouldn't be surprised if the reason the thing is a > "steaming pile" is the people who wrote it in the first place were > interns. > > --Dan > > -- > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > data intensive web and database programming > http://www.AnalysisAndSolutions.com/ > 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From jonbaer at jonbaer.com Fri Apr 28 14:01:27 2006 From: jonbaer at jonbaer.com (Jon Baer) Date: Fri, 28 Apr 2006 14:01:27 -0400 Subject: [nycphp-talk] Any PHP Analysis Tools? In-Reply-To: References: Message-ID: <8BC2A50C-B391-41F6-A311-BE5AA150F3E7@jonbaer.com> You could try RATS ... http://www.securesoftware.com/resources/download_rats.html Below is a quick sample output ... basically there is a /usr/local/ share/rats-php.xml file which lists a bunch of vulnerabilities. I believe the app was mainly conceived for C which you can tell by the # of entries it has. This app needs a Chris Shiflett to pump a few hundred entries into that XML file :-) iMac-G5:~/Work/rats-2.1 jonbaer$ ./rats ./test.php Entries in perl database: 33 Entries in python database: 62 Entries in c database: 334 Entries in php database: 55 Analyzing ./test.php ./test.php:3: High: mail Arguments 1, 2, 4 and 5 of this function may be passed to an external program. (Usually sendmail). Under Windows, they will be passed to a remote email server. If these values are derived from user input, make sure they are properly formatted and contain no unexpected characters or extra data. Total lines analyzed: 10 Total time 0.004717 seconds 2119 lines per second iMac-G5:~/Work/rats-2.1 jonbaer$ - Jon On Apr 28, 2006, at 10:27 AM, Keith Casey wrote: > I just got a steaming pile of PHP dropped in my lap which - as far as > I can tell - has no classes, 100+ functions, lots of globals, nothing > resembling security and/or input filtering, a rather large user base, > and a hitlist of new requirements/requests. Help! > > Alright, got that out of the way... > > Now I'm trying to do some analysis to figure out which functions and > variables are/aren't being used, the general flow of the code, and > some basic metrics. Something like PMD or Perl::Critic (I think) > would be the ideal, but now I'd just be happy with something beyond my > mediocre grepping skills. > > I've dug around and found this - > http://dev.eclipse.org/newslists/news.eclipse.tools.php/msg00038.html > - which doesn't bode well, but I thought maybe someone around here > would know some more... ideas? > > -- > Keith Casey > CEO, http://CaseySoftware.com > > 2006 DC PHP Conference Details: http://dcphpconference.com/ > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From 1j0lkq002 at sneakemail.com Fri Apr 28 16:06:18 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Fri, 28 Apr 2006 13:06:18 -0700 Subject: [nycphp-talk] Any PHP Analysis Tools? In-Reply-To: <20060428161006.GA1368@panix.com> References: <20060428161006.GA1368@panix.com> Message-ID: <19020-98746@sneakemail.com> Daniel Convissor danielc-at-analysisandsolutions.com |nyphp dev/internal group use| wrote: >Hi: > >On Fri, Apr 28, 2006 at 11:48:11AM -0400, edward potter wrote: > > >>May I suggest you get an Intern(s) from a local college to give you a hand? >> >> > >The likelyhood they'll properly clean up the code and resolve security >issues is VERY low. Wouldn't be surprised if the reason the thing is a >"steaming pile" is the people who wrote it in the first place were >interns. > >--Dan > > When I saw Keith's post, I spit out my coffee. I wondered if he was hired to work on the code base of a little SEO project I'm doing... talk about steaming piles. Unfortunately, Dan, this little beast in front of me was coded by people who are *gasp* on this list. As usual, I suspect it's management at fault. A terrible intern can be very helpful if properly managed. -=john andrews http://www.seo-fun.com -- ------------------------------------------------------------- Consider funding the Starbucks Card of a struggling independent webmaster. I gave these cards out to good quality people who are working hard to learn SEO and Competitive Webmastering: 6021 5832 6182 0859 and 6021 5832 6654 3210 and 6021 5828 3088 6638 See details at http://www.seo-fun.com From danielc at analysisandsolutions.com Sat Apr 29 14:52:04 2006 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sat, 29 Apr 2006 14:52:04 -0400 Subject: [nycphp-talk] PHP MySQL File Upload Help In-Reply-To: <32be13900604261625q61eac567j1d8e1acf6e445e7f@mail.gmail.com> References: <32be13900604261625q61eac567j1d8e1acf6e445e7f@mail.gmail.com> Message-ID: <20060429185204.GA27970@panix.com> Sir Nick: You've got a lot of issues here. On Wed, Apr 26, 2006 at 07:25:03PM -0400, Nick Aldwin wrote: > > $filetempname=$_FILES['file']['tmp_name']; > $filename=$_FILES['file']['name']; > $filetype=$_FILES['file']['type']; > > $query = "INSERT INTO `media` VALUES ('','$filename','$filetype')"; You're letting users inject SQL statements. Also, you're delimiting your table name, via "`". You should never use names that require delimiting. To make sure of that, never delimit names. Plus, name your columns in the insert query. Makes things clearer here and keeps you from having to rewrite your application if you add another column to the table at some point in the future. So, turn that into: $filename_sql = mysql_real_escape_string($filename); $filetype_sql = mysql_real_escape_string($filetype); $query = "INSERT INTO media (fname, ftype) VALUES ('$filename_sql','$filetype_sql')"; > $result = mysql_query($query); > $query = "SELECT * FROM `media` WHERE `filename` = '$filename'"; Simlilar things, escape the SQL and ditch the delimiters: $query = "SELECT * FROM media WHERE filename = '$filename_sql'"; > $result = mysql_query($query); > $newname = mysql_result($result,0,"id"); Does the "media" table have a unique key to prevent file names from being reused? Otherwise your logic will fail, since you'll end up getting the id for the earlier file. I wouldn't call that variable $newname, since it's not a name, just an ID. More importantly than all the above, it looks like that id column in the "media" table is an auto-increment. Right? If so, you don't even need that select query. You can get the id by calling mysql_insert_id(). > move_uploaded_file( $filetempname, "PLACE/".$newname.".dat"); > mysql_close($link); > header( "location: PAGE.PHP" ); That should be capitalized and use a fully qualified URI, and you should use single quotes since it's not being evaluated (doesn't have variables in it): header('Location: http://host/dir/PAGE.PHP'); By the way, your coding standard is all over the place in terms of spacing, quoting and variable placement. It helps in the long term to be consistent. > *Warning*: move_uploaded_file(PLACE/8.dat): failed to open stream: No such > file or directory in *BLAHBLAH/upload.php* on line *17* So, does PLACE exist? Does the web server have permissions to that location? Are you running in safe mode or have a restriction on open base dir? --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From ntang at communityconnect.com Sun Apr 30 13:48:45 2006 From: ntang at communityconnect.com (Nicholas Tang) Date: Sun, 30 Apr 2006 13:48:45 -0400 Subject: [nycphp-talk] Interesting PHP5 benchmarks Message-ID: I may actually have to eat my words - or at least nibble on them a bit. ;) We were benchmarking our new beta setup - Apache 2, PHP 5, and APC 3 - and seeing absolutely terrible results. Really, really bad. Atrocious. As in, I had momentary fears we'd have to pick between a rewrite in PHP 4 or double the size of our webserver farm to manage it. Anyways, while I can't reveal the exact results (and since they're using our in-house apps they wouldn't help much anyways) but under a load of 12,000 simultaneous simulated users (approximately 600 page views/ second), we were seeing page load times averaging over 20 seconds per page during our test on Tuesday morning - obviously completely unusable on a production website. Friday morning we re-ran the test and got it down into the sub-4 seconds per-page range. What changed? Amazingly, while I did tweak some settings here and there, and we did nudge a few things in the code, the biggest change? We downgraded our servers from Red Hat Enterprise 4 Update 3 to Update 2. That was it. Approximately 90% of the difference in the two tests came from that one shift - a shift that should have been completely inconsequential. Now, before you ask - we build our own Apache/PHP/APC binaries, so none of those would have been changed. We still haven't isolated it to any specific issue, but *something* changed drastically on the OS side, something that absolutely killed performance. Until we can isolate it, and fix/remote/work-around it, we're officially standardizing on RHEL 4U2 - and I advise anyone out there who is running RHEL and considering moving to Update 3 to test it thoroughly before embarking on that journey. It should be harmless, but in our case, it was anything but. (On the flip side, U3 fixes several critical bugs in multipath-tools, so we've had to upgrade some of our DBs to it. We haven't noticed any major performance degredation w/ Oracle, which is good.) Nicholas -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 4980 bytes Desc: not available URL: