Apologies if you already received this message, I tried to send it
earlier from my webmail but it doesn't seem to have worked.
Al wrote:
Just use stripslashes() on your submitted data and forget about
testing for magic_quotes. It's good practice anyhow. \" is not legit
text regardless.
U
Jim Lucas wrote:
Here is a nice little hack that I use.
"Little hack" it is, "nice" it isn't.
Ideally just turn off magic_quotes_gpc - you can do so in php.ini, or
perhaps your web server configuration files (httpd.conf, .htaccess etc.).
If you don't have access to any of the above then ins
aised.
It remains to be seen in the final version whether that notice is raised
or that this operator exists at all
Arpad
it would be great if php 6 could have a solution for this. php is
sweet when it's compact!
On 18/07/07, Arpad Ray <[EMAIL PROTECTED]> wrote:
You can use empty(
Olav Mørkrid wrote:
consider the following statement:
$language =
isset($_SERVER["HTTP_ACCEPT_LANGUAGE"]) &&
$_SERVER["HTTP_ACCEPT_LANGUAGE"] != "" ?
$_SERVER["HTTP_ACCEPT_LANGUAGE"] : "*";
when using strings in arrays that may be non-existing or empty, you
have to repeat the reference *three*
Nicolas Quirin wrote:
Hi,
i'm french, i'm using regular expressions in php in order to rewrite hyperlink
tags in a specific way before apache output is beeing sent to client.
Purpose is to replace href attribute of any A html tag by a javascript function
calling an ajax loader.
Currently I h
Phil Princely wrote:
thanks for all the help.
My code was wrong in the first post, I just copied it straight from
the web. This one works:
if (get_magic_quotes_gpc()) {
stripslashes_array($_GET);
stripslashes_array($_POST);
stripslashes_array($_REQUEST);
stripslashes_array($_COO
Phil Princely wrote:
What do people on this list usually do with this kind of problem. To
me, the .htaccess seems the easiest solution, since I don't have to
change any scripts.
I would certainly turn it off in php.ini or apache config files if
possible (the .htaccess line should be "php_flag
Jim Lucas wrote:
foreach ( $someArray AS $k => $v ) {
$someArray[$k] = preg_replace('!\s!', '', $v);// Removes white
space ' ', \n, \r\n, etc...
$someArray[$k] = str_replace(' ', '', $v);// Removes only spaces
}
str_replace() also operates on arrays so there's no need for
Richard Kurth wrote:
if(response.indexOf('|' != -1)) {
Spot the misplaced bracket.
if($_GET['takeaction']=="delete"){
$uid=$_GET['uid'];
echo $uid;
This is wide open to XSS attacks, you need to be just as careful with
scripts intended to be accessed via javascript as you do with us
M.Sokolewicz wrote:
Basically what you can remember here is:
:: calls a property or method in a STATIC context (ie. without access
to the object's (if any) actual properties)
-> calls a propert or method in a DYNAMIC context (ie. WITH access to
that specific object's collection of methods and p
Roman Neuhauser wrote:
implode(' ', preg_split('~(?=[[:upper:]])~', 'FooBarBaz', -1,
PREG_SPLIT_NO_EMPTY));
Or just.. preg_replace('/\B[A-Z]/', ' $0', 'FooBarBaz')
Arpad
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Dave Goodchild wrote:
Any ideas on the most efficient way to do it? I am working on using
combinations of array_search, in_array and so on and want to avoid
regular
expressions if I can. Many thanks in advance for any suggestions!
If you mean that you only want one date for each month (you'll e
Many legitimate users will have their referrer blocked by proxies or by
browser preference so you'll also have false negatives.
Arpad
cajbecu wrote:
it is not safe. i can use curl (www.php.net/curl) and modify the referer
of my script to pass this security check. i advise you to add i
Brad Bonkoski wrote:
$files[] = $entry;
perhaps look into the array_push() function http://www.php.net/array_push
$files[] = $entry; is perfectly fine.
$thumbnailFiles=listFiles($thumbnailsDirectory);
print"";
print_r($thumbnailsFiles);
print"";
The code is fine, spot the typ
Dave Goodchild wrote:
I have converted the user-friendly date output to timestamps to check and
sure enough, when the user selects a start date before March 26 2007,
March
26 2007 is output as:
1174863600
...after that it becomes:
117486
...a difference of 3600
Is this anything to do w
Dan Shirah wrote:
On my second insert statement, please note "credit_card_id". This is an
auto_increment column in table1. What I need to do is pull the value of
"credit_card_id" from the newly inserted row from insert1 and put that
value
in a variable to assign it to "credit_card_id" in ins
Sergiu Voicu wrote:
In the second case, and if PHP isn't in safe mode, at the beggining of
your script place this line
ini_set("upload_max_filesize","41M");
ini_set() will have no effect there because by the time the script is
executed, the upload has finished.
You can probably use php_value to
$post = file_get_contents('php://input');
Or for older versions of PHP, just use $HTTP_RAW_POST_DATA.
Arpad
Nicholas Yim wrote:
> Hello EveryOne,
>
> like parse the soap request body
>
> not through $_POST nor $_FILE
>
> Best regards,
>
> Nicholas Yim
> [EMAIL PROTECTED]
> 2007-02-12
Roman Neuhauser wrote:
This shouldn't do too much backtracking, try it out:
"*8*" => /^(?:\d*8\d*){4}$/
The {4} in there repeats the subpattern 4 times, rather than limiting it
to 4 characters.
I really can't think of an elegant to do what you ask with regex - why
limit yourself to regex a
$filename = implode(array_reverse(explode('/', $value)));
Arpad
Reinhart Viane wrote:
Is this a good way to convert 01/02/2007 to 20070201
$value='01/02/2007';
list($day, $month, $year) = split('[/.-]', $value);
$filename=$year.''.$month.''.$day;
It does work but i would like to ver
Martin Alterisio wrote:
Double slash to prevent PHP interpreting the slashes. Also using single
quotes would be a good idea:
if (preg_match('/[\\w\\x2F]{6,}/',$a))
Just switching to single quotes would do the trick - you don't need to
escape anything but single quotes, and backslashes if the
Have you checked out the PEAR Validate packages?
http://pear.php.net/package/Validate_ISPN in particular might help you
along ;)
And BTW, most servers are set up to display php files renamed to .phps
with syntax highlighting, so give that a try instead of .php.txt next time.
Regards,
Arpad
B
Note that $ allows a trailing newline, but \z doesn't.
Arpad
Stut wrote:
Chris Boget wrote:
echo 'Is String: [' . ( is_string( 'a1b2c3' ) && preg_match(
'/[A-Za-z]+/', 'a1b2c3' )) . ']';
echo 'Is Numeric: [' . ( is_numeric( 'a1b2c3' ) && preg_match(
'/[0-9]+/', 'a1b2c3' )) . ']';
echo 'Is St
Those patterns aren't anchored to the ends of the string, so as long as
the string contains one matching character, the succeeds.
^ anchors the pattern to the beginning, \z to the end, so you want:
/^[A-Za-z]+\z/
Or test the opposite case to see if it fails:
/[^A-Za-z]/
Arpad
Chris Boget wrote
Angelo Zanetti wrote:
So is there a way to test for \r\n? or what else can I use to delimit
these two values (last column of row and first column of next row)?
Since it's coming from a file, you might as well just read it with
file(), which will split eac
Jochem Maas wrote:
Arpad Ray wrote:
return preg_replace('#%5[bd](?=[^&]*=)#ei', 'urldecode("\0")', $s);
could you explain your regexp - I'd like to replace my version with
your (if for no other reason than that shorter code is easier to rea
Jochem Maas wrote:
function inputPostQueryUnBorker($s)
{
return preg_replace('#(\?|&(?:amp;)?)([^=]*)=#eU',
"'\\1'.str_replace(array('%5B','%5D'), array('[',']'),
'\\2').'='",
$s);
}
so how bad is it
This is a bit more concise. I d
Sancar Saran wrote:
For example I had a several php pages. In this page there was an array named
$arrHede
It has lots of values.
in index.php
$arrHede['antin']='yada';
in config.php
$arrHede['kuntin']='bada';
and so.
So I want to write a scrpit check all those files to get all $arrHede keys
Incidentally, a nice side effect of heredoc is that some editors (like
vim) recognise <
Ron Piggott (PHP) wrote:
Is there a PHP function which verifies a valid date has been entered
(-MM-DD)? Ron
preg_match('/^(\d{4})-(\d\d)-(\d\d)\z/', $s, $m) && checkdate($m[2],
$m[3], $m[1])
Arpad
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php
Marek 'MMx' Ludha wrote:
I need to send large binary data over http post (so that urlencoding
or base64 encoding is not an option). I use request like this:
http://people.ksp.sk/~mmx/request
(there is a zero byte between A and B). There are 3 bytes of data, but
when I do
it yields 1 (it trunca
Micky Hulse wrote:
Can I replace the above with some sort of XMLHTTP request?
As noted, that's a javascript question. However your PHP code is
vulnerable to XSS attacks; you should at least encode the output with
htmlspecialchars() so that URLs like
"foo.php/alert('hi');" are safe.
eg.
A
Ford, Mike wrote:
How about something like:
switch
Beware that PHP_SELF is injectable like several other $_SERVER
variables, so you must at least encode it to prevent XSS attacks.
Eg. http://example.com/foo.php/";>
Brad Bonkoski wrote:
Some already good workarounds given for this question...
BUT.
Is it even possible to override a core function?
Like I wrote a function called 'exit' and I got a parser error, which
leads me to believe it is not even possible to override the core
functions. Is this true of
You can't just define a new function with the same name. The only way I
know to literally redefine the function is using the runkit extension -
http://pecl.php.net/package/runkit
That allows you to rename functions as well as moving them, so you could
rename it to something like old_mysql_query(
$string) {
$strings[$key] = '' . $string[0] . '' . substr($string, 1);
}
?>
Micky Hulse wrote:
Hi,
It is getting late, and I do not think I am thinking clearly...
What would be the best way to wrap tag around the first
letter of a string?
I know it has to be a combination of str_repla
36 matches
Mail list logo
