Jump to content

Albright

Members
  • Posts

    31
  • Joined

  • Last visited

    Never

Everything posted by Albright

  1. That's eight characters too long. MD5 hashes are only 32 characters long. But you should set it to varchar(40) anyway. SHA1 hashes (made using the sha1() function in the same way as the md5() one) are 40 characters long. And unless there's some special reason (intercompatibility with some other system), you should always use the SHA1 algorithm for hashing passwords instead of MD5, as it is more secure. Also, consider using PDO for your database access, as it is more secure and results in more portable code.
  2. By the way, the execute call expects an array, so the code looked more like… <?php $stmnt->execute(array(implode(',', $ids))); It looks like trying to extend PDOStatement will require extending PDO and so on and so forth… and be more trouble than it's worth. What I guess I'll do instead is something like… <?php $qmarks = ""; $until = count($ids) - 1; if ($until > -1) { for ($x = 0; $x < $until; $x++) { $qmarks .= "?,"; } $qmarks .= "?"; } $stmnt = $db->prepare("SELECT * FROM table WHERE id IN ({$qmarks})"); $stmnt->execute($ids);
  3. Sorry for the late reply, but I took a day off from this project and there was a bit of work I had to get through before I could check if that worked. Which, by the way, it doesn't… I'm guessing it's because PDO is being too smart and seeing that implode(',', $ids) is returning a string, and therefore escaping the string -- so the query that's hitting the database server is "SELECT * FROM table WHERE id IN ('1,2,3')". That ain't gonna work! Hmm. I'm going to see if I can maybe extend PDOStatement and add a bindArray() function or something. Hopefully that won't be too difficult. It would be great if this functionality were built in, though.
  4. Using PDO's prepare() and bindParam() functions, is it possible to execute a SQL query using IN? For example: SELECT * FROM table WHERE id IN (0, 1, 2); Now of course this is simple if the number of values in the parentheses is constant, but it won't always be. In other words, I want to know the best way to do something like… $query = "SELECT * FROM table WHERE id IN (" . implode(',', $ids) . ")"; …but sticking to PDO conventions.
  5. Okay, interesting. Thanks for the info. So this also holds true for passing vars by reference into functions as well as assigning them linearly as in your and that link's examples? And it's great that PHP is trying to save on overhead by handling all this for us, but I still don't see where the slowness will come in by explicitly passing by reference.
  6. I appreciate your feedback, but if that is true, could you at least explain why? It is counter-intuitive.
  7. I've recently taken a new job working on a pre-existing site for a financial services company which already has a lot of code and a massive database. In addition to writing new code, I've also been going through some of the pre-existing stuff and tweaking it for performance or convenience. Whoever wrote the bulk of the existing code apparently wasn't familiar with references; none of the function declarations that I've come across so far had any ampersands in them, even when things like database handlers were being passed. So I've been going through and fixing that as I've come across it. My boss has noticed as he has been looking through diffs. He didn't explicitly tell me to stop, but he told me he heard that explicitly using references in PHP, though it may save RAM, actually causes more computational overhead than passing copies and that PHP will actually be smart enough to pass variables to functions by reference anyway if they're not going to be modified -- or something like that. I was skeptical, but conceded that perhaps PHP differs from other languages in regards to referencing and that I would investigate the matter over the weekend. I've looked through References Explained in the PHP manual, and it doesn't seem to align with what he was talking about. But I want to make sure I'm not missing something, since the current site has some slowness issues (though it's really more due to the massive database full of seventeen years' worth of data on mutual funds than the PHP code). So does anyone know for certain if my boss's concern in this matter is justified, or can I go on using ampersands with impunity? Thanks in advance for any light you can shed on this.
  8. "Reins" is not misspelled if you're talking about the ropes used to control beasts of burden. If you're talking about a period of rule of, say, a king, it's "reign" as a noun, "to reign" as a verb, and "reigns" as conjugated in the present progressive. Your dictionary of choice will back me up on this.
  9. Actually, in that context, the correct spelling of "reins" is "reigns." [quote]PHP allows web servers to render more than just static HTML, it facilitates dynamic content and interaction.[/quote] Run-on sentence [quote]PHP is often associated as a web server script interpreter; but that is like calling a battleship a canoe.[/quote] Poor usage of "associated" [quote]Only Rasmus Lerdorf himself could truely tell you[/quote] You need "truly"
  10. It probably means that they want the navigation elements (menus and such) on the left side of the screen. However, you'd probably be best off contacting the client and asking them to clarify if you're unsure.
  11. Layout appearance = :) Color choices = :) Table-based layout = :( Copy littered with spelling, grammar and punctuation mistakes = :( The same terms and words linked to the same web pages multiple times in a page, or even a sentence = :(
  12. Hypnos, your answer doesn't seem to be relevant to the questions... All elements $_POST (excluding file uploads, where things start to get funky) are string variables. This includes things you'd expect to be only boolean, such as check boxes; when checked, the data will look like $_POST['checkbox']=="on". if($var) is functionally equivalent to if($var==true) (though I believe the latter actually consumes more processor cycles, because the computer has to make two boolean checks instead of one... first it checks if $var is true, then it checks if it's true that $var is true, if that makes any sense). isset($var) returns true if a variable exists that is named $var. [code] <?php error_reporting(E_ALL); //Let's turn on error reporting because we are smart if(isset($var)){ echo("Set"); } else{ echo("Not Set"); } //Will output "Set" $var=false; if(isset($var)){ echo("Set"); } else{ echo("Not Set"); } //Will output "Not Set" if($var){ echo("True"); } else{ echo("False"); } //Will output "false" unset($var); if($var){ echo("True"); } else{ echo("False"); } /*Will cause an "Undefined Variable" error... but would print "False" if we were dumb and didn't turn on full error reporting*/ ?>[/code]
  13. HUUUUUUUUUUUUUUUUUUUUUUUUUUUUGE SECURITY ISSUES HERE! If you're not careful, you could make it so anyone could edit [i]any file[/i] on your server. I would strongly [i]not[/i] recommend ever implementing something like this. Anyway... Your edit form is probably blank because it looks like you're trying to insert the contents of an invalid file; that is, a directory, just named "news/". Try setting $fn equal to a valid file. Or better yet, never implement something like this in the first place.
  14. Methinks you kinda skimmed my original post, including the part where I acknowledge that you seem to have come up with the same idea. =P SigFeeder doesn't work by peeking into databases; it uses RSS or Atom feeds from blogs instead. Your blog doesn't seem to be offering a feed, so you might not be able to test it... Did you roll your own blog script? With regards to it being skinnable, I'm all over that! Check out [url=http://sigfeeder.com/Blog/index.php?/archives/XML-SigFeed-layouts-now-working.html]this[/url] for an idea of the wide variety of different looks you can achieve with SigFeeder.
  15. The heck? Why are you using a switch when there's only two possibilities? Also, your code will trigger a false positive if the substring is somewhere in the string besides the first four letters. [code]<?php $array1 = array('med:1','med:2','med:3','temp','start'); foreach($array1 as $item){ if(strpos($item,"med:")===0){ //Note we used === instead of ==. false==0, but false!==0. //Also note that using strpos instead of regular expressions is faster for simple searches like this. //Do something } else{ //Do something else } } ?>[/code]
  16. Tons of needless space? Not necessarily, especially if the database supports short integers and the concept of "null." A little needless space, sure, but not "tons" of it. And with that method, you can also use simpler SQL calls, with no need to join upon join upon join.
  17. If your entries only need to go down a certain level of depth (say, only two levels; entries can have a "parent" and a "grandparent" but not a "great-grandparent"), it would be easier and faster just to add a "grandparent" column to the table in addition to a parent one. Then add a "great-grandparent" column if necessary, and so on.
  18. I think you want to remove those ! from before sha1 or md5, but yeah, that should work; just transparently re-hash the password if the old hash algorithm shows that it is correct. One thing to keep in mind is that md5() creates a string of 32 characters, and sha1() creates 40 characters. If you've set up the password field in your database to only hold 32 characters, you should modify it first to fit all 40 characters that a sha1() call will give you.
  19. [code] <?php $message=str_replace("\n","",$message); ?> [/code] That should strip out all the newline characters.
  20. [quote author=lucasl link=topic=118688.msg485267#msg485267 date=1166160279]With the appearance, I can't do much about the right sidebar, because I need it in the blog and not the site.[/quote] Well, it's not so much that as it is that the colored boxes and such change position. I think the fact that you're adding a new sidebar wouldn't be so bad if every other element on the page looked the same, especially since the sidebar is on the right and, English being a left-to-right language, English readers tend to expect visual anchors (if you will) on the left. I'm not sure how much control Google gives you to changing the appearance. The Request form is more beautiful. I'd allow for a blank line underneath the text fields for a little more visual separation, but otherwise it's solid. My bad about Notepad++. I had just never heard of it before, so I assumed it was a Windows-only thing.
  21. For one, the jump in appearance between the Blog section and the other sections of the site is not good, in terms of consistency. You should try to make one look as much like the other as possible. Second, the form on the Request page is not pretty. You need to have one of the radio buttons selected by default. The text fields do not line up; consider putting them all on new lines, directly below their header. None of these fields should already have text in them -- then the user has to go out of their way to erase it to write their message, if they even bother to do so at all. Finally (a pet peeve of mine), the "Reset" button is and always has been unnecessary. It's nothing but a source of frustration for people who accidentally click it instead of the "Submit" button and watch all the data they spent the last two/five/ten minutes get erased. Look at Google Mail, Yahoo! Mail, all major message board scripts... [i]none[/i] of them make use of a "Reset" button. One more thing: Remember that not everyone in the world is unfortunate enough to use Windows. You should specify on the main page of your site that you only offer [i]Windows[/i] freeware. I am typing this on a FreeBSD machine and I'm saving up my doucats to be able to afford a new Mac.
  22. Oh, Smarty. Everyone should use Smarty. It [i]pains[/i] me to see people still blending together PHP and HTML nowadays... There shouldn't be any problems once you transfer the site to the server, no. Smarty is a pretty widely-compatible doodad; I've yet to have any problems where a weird config setting or missing module somewhere was causing it not to work .
  23. My current project, and the first PHP project I hope to eventually make a serious profit from, is called SigFeeder. It's a tool which captures the headlines from peoples' blogs via RSS and makes an image out of them. It's intended that people can put that image in their signatures when they post on forums, so that others can see what the latest headlines in their blog is, and click on it to go to the blog if they're interested. For example, here's the "SigFeed" for the official SigFeeder blog: [url=http://sigfeeder.com/Blog/][img]http://sigfeeder.com/f/1.png[/img][/url] This might look a bit familiar... Browsing through this forum, I saw many posts by "SharkBait" who has something similar in their sig, so clearly I'm not the only one to have this idea. (SharkBait, if you're reading this... Did you hack that together yourself, or do I have a competitor somewhere?) Anyway, the site is built in what should be fully compliant XHML and CSS, and just yesterday I got all the IE 6 workarounds implemented, so it should look good in any modern browser. I'll be the first to admit I'm not an artist, though, so I'm not looking for suggestions with regard to the appearance so much as the function. So if any of you have a blog and could sign up for an account and test things out for me, I'd greatly appreciate it. (If you want to test the premium features, let me know what email address you signed up with and I'll upgrade your account.) For the coding, we're lookin' at PHP 5, with a good deal of OOPness going around. I used the Smarty templating engine; I can't imagine how I ever coded without it. Database stuff is handled with SQLite via PDO (see my so-far-unanswered [url=http://www.phpfreaks.com/forums/index.php/topic,118658.0.html]thread about the security implications[/url] of this). I wrote my own code to handle the RSS by using SimpleXML; at first I tried using RSS parsing libraries like Magpie, but they were too inflexible or bulky for my needs. (And, ho boy, PHP's standard non-"simple" XML handling features are a nightmare.) Please feel free to try to break stuff; I feel that not planning for unexpected user input is one of my weak points when it comes to programming, so I'll appreciate any bug reports you can give me about this (or anything else). Thanks in advance. EDIT: D'oh, how 'but a link to the site in question? http://sigfeeder.com
  24. Man, you use some long variable names. Instead of just posting code preceding it, could you post the code after as well? What happens when you cram that long SQL statement call function all in one line? Does PHP still call out the line with the bracket as faulty?
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.