-
Posts
15,229 -
Joined
-
Last visited
-
Days Won
427
Everything posted by requinix
-
Risks of allowing users to upload files to the server
requinix replied to NotionCommotion's topic in PHP Coding Help
Rely on it in the sense that what you see is going to be what the server sees. Sure, I can stick a %PNG into whatever I want and make my .zip look like an image, however the server is going to use the same logic to come to the same conclusion. Even if I ignore the MIME type, the rest of the system may not, so I'd rather derive the same results as it will now than leave the question unanswered. Strictly speaking yes, data is data and harm only comes from using it incorrectly. But there are more ways to harm a system than waiting for a user to try to download the file to their computer or otherwise execute it. If the file is malicious I don't want it on my server. Period. I don't care if the web server won't try to interpret it, I don't care if the file sits unused for eternity, it should not be there at all. Ideally, yes, but I don't know of an operating system where you can specify the behavior of an individual file without having to rely on things like MIME type detection or file extension mappings. I'm sure we're on the same page regarding validation -
Risks of allowing users to upload files to the server
requinix replied to NotionCommotion's topic in PHP Coding Help
Just because it's not enough doesn't mean it's useless. Assuming we're talking about determining the MIME type server-side and not getting it from $_FILES, of course. - Best way to determine the proper file extension when it's not known ahead of time - Good indication as to how an operating system (and to a lesser degree, your server) will interpret the file, if combined with using the correct file extension - Provides validation for the good users - Quick way to deny lazy attackers who aren't forging their own upload requests -
It's an important skill to be able to read dumps like this. $stock = (array(1)$stock is an array with one item. { ["stock"]=> array(2)The key is "stock" and the value is another array, this time with two items. { [0]=> array(2)The first key is 0 suggesting the parent array is something you should foreach over. The value is another array. { ["operator"]=> string(3) "ECL" ["sims"]=> array(51)In the array are two items, "operator" (a string) and "sims" (yet another array). All together, foreach ($stock["stock"] as $stock) { foreach ($stock["sims"] as $sim) {
-
I'm confident that the official manual did not tell you to do ranges using a switch. I'm looking now and I don't see anything telling you to do that. In fact I had to go into the user comments until I found something to do with ranges: this guy from a few years ago. (There were other comments like that but were all rated $randomizer = rand(1,50); switch($randomizer) { case ($randomizer <= 20): $font_size = "11"; break;That code is wrong and I just downvoted the comment for it. It will always work, yes, but if I made a tiny change to it $randomizer = rand(0,50); switch($randomizer) { case ($randomizer <= 20): $font_size = "11"; break;then there's a 1/50 chance that it will fail, PHP will raise an undefined variable warning, and the CSS in the outputted HTML echo '<span style="font-size: ' .$font_size. ';">' .$link[$i]. '</span> ';will be invalid. actually it's a 1/51 chance The only change I made was going from rand(1,50) to rand(0,50). So what? I added one more number, that's all. And that's the problem: it's not obvious why the code will fail, it'll be hard to reproduce, and you the developer will tear your hair out trying to figure out why there's this weird bug on your site that people are complaining about. Just because you yourself cannot see the problem doesn't mean there isn't one. Using your code from a few posts ago, switch($magnitude) { case $magnitude >=0 && $magnitude <=0.9: $magScale = 'rgb(195, 218, 236)'; break; case $magnitude >=1 && $magnitude <=1.9: $magScale = 'rgb(210, 238, 197)'; break; case $magnitude >=2 && $magnitude <=2.9: $magScale = 'rgb(244, 240, 202)'; break; case $magnitude >=3 && $magnitude <=3.9: $magScale = 'rgb(244, 223, 202)'; break; case $magnitude >=4 && $magnitude <=4.9: $magScale = 'rgb(240, 199, 205)'; break; case $magnitude >=5 && $magnitude <=20: $magScale = 'rgb(212, 195, 236)'; break; }set $magnitude = 0 and see what happens. Should be pale blue, right? Nope. Now forget for a moment that $magnitude "should not" ever be 0 and think about the fact that your code did something it wasn't supposed to. And it's another way that would force you to get the logic right. If you tried that switch above as an if/else then I'm sure you'll see the behavior is different. If you're saying what I think you're saying, No. That is flat-out wrong. If two cases are both true at once then one of them will win. However, because of the bug in (the old version? of) your switch, you may have gotten the result you did because none of the cases matched the switch condition. Now I phrased that last sentence very carefully so if you want to show the code you had as a way to prove I'm wrong, it won't work. Oh. Not "the old version" then. Keep this thread in mind when you get weird behavior from a switch. And I do mean "when", not "if". I don't know what code you tried for those two attempts but the switch(TRUE) is in the correct form. Note "correct form". The reason it doesn't work is because of the conditions. Look at them: case $LRH_calcDepart >=0 && $LRH_calcDepart <=-2:Please give me an example value of $LRH_calcDepart that will satisfy that condition.You'll get light purple for every value >= -10 because that last case there is the only one that could ever possibly match. Texan knows something that has never been wrong in his/her experience. We're saying that it is, in fact, wrong. It's good to be a bit stubborn.Of course I'm still hoping for that "ah ha" moment where everything we're saying clicks.
-
MailChimp has an api for doing exactly this. Have your code send a subscribe request to MailChimp instead of using the form method.
-
Does PHP supports read/write from Linked tables in ms-access
requinix replied to rajendradewani's topic in PHP Coding Help
My feedback would be the same as mattficken's. Bug #68578 MS-Access's Linked tables are Not supported on PHP -
It's working for the wrong reasons so it's teaching you the wrong way to use a switch. This time it works, sure, but next time it won't and you won't understand why because "it worked that other time".
-
What is the q for?
-
That won't work either. if ($magnitude == ($magnitude >= 0 && $magnitude Seeing the pattern yet? what you put in the switch == each case Really. Forget the switch and go with a normal if. if ($magnitude >= 0 && $magnitude
-
A switch (just called "switch") doesn't really do ranges. It's a fancy way of doing a lot of if/else ifs. switch ($value) { case $condition1: // if ($value == $condition1) case $condition2: // else if ($value == $condition2) ...What you've written is if ($magnitude == (myInterval >= 0 && myInterval <= 0.9)) { $magScale = 'rgb(195, 218, 236)'; } else if ($magnitude == (myInterval >= 1 && myInterval <= 1.9)) { $magScale = 'rgb(210, 238, 197)'; // ...which doesn't make sense, least of all because of whatever the "myInterval" thing is. There is a way to do this with a switch but it looks weird so you might as well just use a regular if block. if (myInterval >= 0 && myInterval < 1) { $magScale = 'rgb(195, 218, 236)'; } else if (myInterval >= 1 && myInterval < 2) { $magScale = 'rgb(210, 238, 197)'; // ...Note that I switched the second condition to a strict less-than: I don't know your application or the values of myInterval but it's safer to make sure there's no possible value being missed out on, and with the current version if myInterval=0.95 then nothing will happen. Even if you're sure that "0.95" won't happen.
-
Okay.
-
The client would be whatever is sending the email, and it's to do with the server you're sending email through, not the one you're sending the message to. Using Gmail? You have to set up your client to authenticate against the server: Google doesn't allow anonymous access, you have to put in your username/email address and password to send from that account just like you have to do to get to the emails you've received. Exactly how and where you enter that information into your client depends on what you're using: mail() and PHP, or some email client?
-
http://support.microsoft.com/kb/954946
-
Pluses in query strings have a special meaning and you won't get pluses back out from $_GET. People really shouldn't be putting stuff in the URL by themselves. Give them a form to type their equation into; it can still use GET but your code will work (because the browser will encode the pluses correctly). But if you insist, +s represent spaces so $equation = str_replace(" ", "+", $_GET["equation"]);That won't help you next time you need a symbol that has a special meaning. Or you can forgo the "equation=" part, leaving just /letterMath.php/?1+2+3 and $equation = $_SERVER["QUERY_STRING"];(which will give you the raw value)
-
No, it's your-account@mail.your-domain.com. Only the "mail." was literal. You hadn't mentioned your email username or domain name in your posts - just in the images - so I didn't mention them either. Typically (a) a missing VirtualHost configuration, or (b) not putting your files in the right place. That would be directly addressing the (b) above Spam folder, not receiving bounce messages, failing to send in a different way, blah blah blah. GoDaddy Only for a few minutes after posting. Easier to read a new post than to backtrack through a thread to understand why people seem to be replying to something that doesn't exist (anymore). And edited posts don't "bump" threads. Can't forward emails that aren't being received
-
s is a string, not a jQuery object. Don't .val() it.
-
Take a look at their documentation for DNS. There are four mandatory DNS records you need, including one MX record (Host=@, Points To=mail.domain.com) that I don't see on your domain. Does an email to you@mail.domain.com work?
-
Where is it in the URL? Is there any URL rewriting? Why are people typing directly into the URL in the first place?
-
I don't understand how you can have stuff "written for each domain", and at the same time not know which domain each was written for.
-
Apache plays no part in any of this, so no the Apache forum isn't really the appropriate place to ask. We don't have a mail server forum but this "Other Web Server Software" is close enough. DNS may take a while to fully propagate, so there's that. Cpanel where? Did you install it yourself or is it part of a hosting package? Is there an actual email server set up?
-
basic rundown of using php
requinix replied to greenace92's topic in PHP Installation and Configuration
Either it's on the internet and you block access to everyone but you, or (the normal solution:) you install PHP and other stuff in a development environment, like on your own computer. I doubt that's the problem. What's happening? You need "web" but that doesn't necessarily mean the internet. You can set up a web server wherever you want, include PHP and stuff, set it up right, and use that. Depends how the data comes to PHP - I don't know how the video capturing part works. You pick the location yourself. Did you know the path to the .htpasswd file has to be absolute? You can't just use ".htpasswd" because Apache will think you mean to look in the server configuration files, not in the same directory as the .htaccess. -
Each row itself, yes. The table has columns for the X and Y coordinates, the type of cell (potentially), and the bitmask of where the walls are. But I'm liking Barand's idea more now. Have the client tell you the direction they want to move. That way all you have to validate is the direction (only four possible) and whether it's allowed (based on walls). Wouldn't expect it to be CPU intensive - most of the time would be spent waiting for the client to act. But it will use a lot of connections on the server.
-
That's a clever idea. If the maze is drawn to specific, known constraints, you can use basic image reading functions to "parse" it. If each square is a cell or wall with a fixed size then you can pull the color of a specific pixel to determine the contents. If walls are not the same size, like they're borders, then it's a little trickier but you can still do some simple math to determine which pixel to look at for what.
-
Did you upload it with a .php extension? Have you verified that your host supports PHP? Or maybe it requires an abnormal extension like .php5 or .cgi. [edit] Oh, and please don't post passwords
-
Storage space efficiency aside, my first thought would be that each cell is a number 0-15 indicating where there are not walls. A bitmask. WSEN 0 0000 1 0001 2 0010 3 0011 4 0100 5 0101 6 0110 7 0111 8 1000 9 1001 10 1010 11 1011 12 1100 13 1101 14 1110 15 1111The cell with the ◄ would be a 12: N=0 (0), E=0 (0), S=1 (2**2=4), W=1 (2**3=8 ). Moving S brings you to a 3 cell (N+E). In MySQL you can do that with a SET automatically.