.josh

Excellent question! hmm tough choice... do the gloves have cut-off fingers?

Oye, here's another tl;dr, brought to you by CV... Summary People are grossly mis-informed about cookies and being tracked and their privacy in general. Some people out there are making a mountain out of a molehill about privacy issues, and in the end, the only people who are gonna get hurt by it are the same people they are supposedly trying to "protect" : the end users. What tracking tools do not do First, let me clear up the air here. All of the major tracking tools anybody cares about (GA, YWA, WebTrends, Omniture, etc..) have their own rules about privacy already in place. Some will track more than others, but none of them officially sanction personally identifiable information. So what constitutes "personally identifiable information"? Let me use Google Analytics (GA) as an example, since it is the one most people know about and are probably most concerned about, and because unlike some of the other tracking tools, GA is part of Google, and Google extends much farther than just website tracking GA ToS states that you cannot send any data to GA that personally identifies a visitor. This means no IP address, no email address, no phone number, physical address, real name, etc... In addition to that, they take it a step further and say that you are not allowed to even send data to GA that can link GA to personally identifiable information in your own DB. For example, if you have a db table on your own server that stores personal information (stuff mentioned above) and then a unique user id associated with it, you cannot send that id to GA. Okay fine, but there is no official law, no way to enforce something like that "Fine and dandy, but no official laws mean they don't have to do it, therefore someone out there will not." Fair enough. But I want to point out that in my experience, there is a certain amount of self-policing that goes on with clients and the tracking tool companies. Two words: "Competitive Intelligence." In most cases, all of the coding as far as getting data from point A to point B is done virtually 100% client-side. That means that data is exposed to whoever wants to grab it. The bottom line is that nobody wants to broadcast your personally identifiable info because it gives their competitors a chance to grab that info and steal their (potential) business. So companies have a vested interest in not sending your personal info to tracking tools like GA. But I see stuff in ads that I've previously searched for! Okay first off, let's clarify something here: When you are fapping to midget pr0n on some smut site and then later on see an ad inviting you to ride 3 foot cowboys hung like horses..that is not personally identifiable information. Having said that, when you do see something like that...let's clarify another thing here: some of that is not because of these open-to-the-public tracking tools. In-House-Advertising There is a lot of "in-house" tracking going on. If for instance you go to amazon.com and register and buy something, and then go back again later to shop around, amazon.com will indeed show you targeted advertisements, even if you aren't officially logged back in yet. But this is based on their own cookies, drawing from their own database, etc... This has nothing to do with tracking tools like GA. Slapping lots of stupid rules on tracking tools like GA will do nothing to stop this kind of targeted advertising. In fact, there is currently no way to legally create laws to keep companies from keeping a record of your previous transactions, because there are already laws in place (mostly tax laws) that require them to keep those records. Now...making laws that tell companies whether or not they can leverage their own data to further advertise to you is another story. But I somehow doubt anybody is going to ever make a law that prohibits websites from doing something like that. It is your choice to register and by from xyz.com. It is your choice to go back there. It's as if I were to invite you over to my house and you ask for some tea and then you come over the next day, and me not being allowed to offer you any tea, based on my previous knowledge of you liking tea. It's your choice to come over to my house in the first place. And how would you even go about proving that I'm not just offering you tea because that's all I have, vs. specifically offering you tea because of past history? Sure, with websites its a bit different...you can look at their code and see the algorithms..but do you really think anybody will ever pass a law expecting websites to expose their proprietary code like that? Cross-site-advertising freelance84 wrote, and Maq responded: Something like that would be a huge security & privacy issue. This is in essence what most people are really bitching about, when they talk about privacy concerns (when they are not busy thinking companies are sending their CC#'s to GA, that is). Google has a complex system involving 1st and 3rd party cookies and affiliate systems and tools (GA, Adsense, their main search engine, etc...) and lots of server-side code and databases etc, that tie all of them together. This complex system Google has setup is basically the environment where that "super super global variable" you are speaking of would live. Why? If it helps, think of it in terms of trying to best describe the "root" of the internet. What would you describe as the "root" of the internet (from an average end-user PoV)? In theory, there is no "root" to speak of. In practice however, it's the search engines - they are the lowest common denominators of the internet. So in practice, this is where a "super super global variable" would live. And this complex system of tools and cookies is that "super super global variable" you speak of. And google isn't the only company out there doing this; Yahoo does it too, and so does Microsoft. But very few companies actually do this, because very few companies have all these systems that lots of people use and sites register with, etc... so when we are talking about a battle over "privacy," it's really only against a handful of companies, because there are only a handful of companies out there big enough and have the resources and tools to do this sort of thing. Not even companies/tools like WebTrends, Omniture or Piwik can be put in this bucket, because site tracking tools are just one piece of the puzzle. But back to the point: what do you see in those ads? Do you see your name popping up? Do you see your phone number or address? No! You for example go to site A and search for computer books and then go to site B and then see ads related to books or computer books - non-personal information. And yet, people are bitching about this. Granted, a lot of it is unfounded fears of people thinking more than just that is being tracked, as well as fears that if more that is tracked in the future, there's currently no law to prevent it, but people are still lumping it all into one top level category of "zomg privacy breach." Which brings me too... Tracking non-personal information Why the are people complaining about this? All day long people bitch and moan about how it's hard to find stuff online. You wanna buy a new phone and you spend forever trying to find what you are looking for because of horrible UX issues. This is ultimately what these tracking tools are for: improving UX. Before the internet came along, it was really easy to buy something. For most people, your choices included going to whatever stores happened to be in your physical area. Walk into the store, find your item, pick it up, read the label, shake it around, put it into your basket. Maybe hit up another store that sells the same thing first, but at that point in time, it boils down to which store sells it cheaper. This is not how the internet works. More accurately, the internet has a lot more to it than that. When you go online to try and search for or especially buy something, you do not want to spend hours on end trying to find what you want. You do not want to spend forever trying to figure out whether or not it's even the right item. But you can conceivably end up doing just that, because your perception of the "right item" is not based on what you are physically holding in your hands, but in how the site chooses to display information they decide is associated with the item. bestbuy.com can list their computers under lawn furniture if they want. Or show shitty pictures, or leave out half the info you wanna know about, that some other site does list. So how do you know you're comparing apples to apples? There's got to be some common denominator. And yes there usually is, stuff like UPC codes or product IDs and model numbers and shit. But who shops like that? Tech people? In case you haven't noticed, most people aren't tech people. There needs to be some kind of system in place that lets me shop around from site to site for a widget and gives me some kind of clue that I'm comparing apples to apples so that I don't spend all this extra time trying to figure that shit out, and that's more or less the goal of tracking your online activity. It is essence someone out there saying "Hey, I notice you just went to somesite.com and you're searching for xyz, let me help you find it, show you what others are offering." Is that really so bad? We spend all day bitching about making things easier to do online. Easier to search for relevant stuff. Easier to buy relevant stuff. Easier to filter out the bad or half-assed stuff and get the good stuff. But we are individuals, so in order to find stuff relevant to us as individuals, a paper trail must be made and analyzed. You cannot find the next step without first establishing the pattern. So what do companies do with the information collected? An online company is like any other company in that the ultimate goal of the company is to make money. Whether they accomplish this by selling a product or service or being a resource or <insert whatever> is irrelevant to the point. The point is that every site out there is ultimately trying to make money, even the "public" or "non-profit" places. It takes money to run the site, etc.. and whether they get if from selling something or ads or donations...the point is, they need money in order to run, and the goal is always to make more money, because that's the fertilizer that makes companies grow. Therefore they need a system in place to get that money, and also a system in place to see how users go through that system in order to make it more streamlined, efficient, etc.. (UX). All tracking for this stuff falls under 3 general categories: General tracking This is where tracking tools come in, using GA or the like. GA enables companies to see where you are at on the site, how far into the process you get. What if a lot of people aren't purchasing something on their site because one of the steps in the process was poorly designed? With tracking in place, they can setup points of conversion ("events" or "actions") and see where people are dropping off. They can for instance see that "Hey, we have 5 pages in a registration form, and everybody is leaving after the 3rd page...let's go investigate page #3...maybe there's a coding issue, maybe instructions on that page are unclear, maybe they don't like that posted disclaimer about them selling their soul to us...". So how do they do that? It boils down to using a uniquely generated ID the same principle as a session id, for sessions. In fact, "visit" and "session" are often used interchangeably. All these tools do is make up a unique session/visit ID and pass that along each request so that they can see things like paths taken on the site. Other information they pass are URLs or designated custom values like "page names" or "site sections". None of this information personally identifies you, and as mentioned, tools like GA already have in place strict rules about what information you can pass to them. UX testing Tracking tools like GA help you see bottlenecks in your site's flow, or what pages people are actually going to on your site, etc.. You identify those bottlenecks and then move on to testing with tools such as Google Website Optimizer (GWO), which is basically a tool that lets you display alternate versions of an image, copy, whole page, etc.. and see which ones ultimately yield more conversions. This is good for you because it helps make your time on their site easier. Web developers generally understand this concept (UX in general), though maybe not so much the details about the tracking/testing stuff. But normal users don't know any of that shit. All they know is they go to xyz.com and can't figure anything out and then they get the vague impression someone is watching them because they are starting to see targeted ads and shit, and then read articles from jackasses making out like companies are trying to track and pass off to everybody their personal information. Behavioral tracking This really falls under the general tracking, but this deserves its own section, because this is the core of what drives cross-domain advertising, and what people are specifically worried about. First off, yes, behavioral tracking does take place. Analysts and Marketing folks are interested in knowing things like how often you visit certain sections or pages of a website, because it helps them better gage how interested and/or serious you are about something. For example, let's say you randomly for the hell of it start looking around for a computer. With no history, there's little incentive or motivation for companies to invest time and effort and money into offering discounts or advertisements or anything at that point in time. But if for instance, it is determined that in the last week you have done a search on "buy computer" (or similar), visited several sites that sell computers, etc.. this means there is a good chance you are seriously considering buying a computer soon, and this gives companies more incentive to try and offer you some kind of discount or special package or something "better" than the other guy, so that you will buy from them instead of that other guy. So here's the secret nobody seems to understand about behavioral tracking and targeted advertising: The more we enable companies to engage in this sort of thing, the less we will see random spam, and the better those discounts will be for us. How is that possible, you ask? Think about it...companies are going to advertise regardless. They can't just sit there and hope people will magically come to their store, especially on the internet. The only way they can get people in the door is by going out there and telling people there is a door to go to. Incidentally, if you are a website owner hoping to make money from banner ads, getting like 1/100th of a penny per impression or some stupid shit, lack of behavioral tracking is the core of the reason why you barely make anything. Companies are not willing to pay Google very much to feature their banner ads on other peoples' sites when there is literally almost 0% chance someone will actually click on it, and Google in turn passes that lack of paying on to you. That's why targeted advertising yields you more $$. Google knows there is a higher % chance a user will click on that banner ad if it's something relevant to them, and companies know that if users are being directed to their site because they are actively looking for something, there is a higher chance of them buying it, so they in turn are willing to pay Google more $$ to have their banner ad displayed. It's common sense: I don't care if you're offering me a $1000 computer for $500 (and it's not a scam): if I don't need a computer, I'm not going to go buy it, regardless of how good the deal is. Okay some people will, but that's an issue with compulsive buying. Most of us aren't like that. If we were, random banners ads would yield higher conversions, and you would be getting extra $$ passed on to you from having them on your site. Point is, there is a greater chance of me clicking on a banner ad if I'm actively searching for something, even if there is no specific "discount" or "offer", than just randomly offering me "good deals" when I don't even need the product or service. Or...banner ads showing summer items to a region/country of the world when they are in the middle of their winter season. It makes no sense and wastes everybody's money and guess who gets to make up for that cost in the end: you. And that is the core of what behavioral targeting is all about...looking at trends in activities, finding the patterns and placing bets on the next step in the pattern. This saves everybody time and money and guessing and that makes its way down to us, in the form of being able to find what we are looking for easier, and getting things cheaper in general. But we are too stupid to look at this bigger picture, and are shooting ourselves in the foot. The bottom line Concerns of "privacy" boil down to a whole lot of misunderstanding about what information is actually being tracked, and the motives behind it, and a lot of it is rooted in a fundamental difference in understanding of what "non-personal information" is. We want the internet to be vast and unending, full of limitless possibilities and information and product choices, and yet we also want it to be easy to find the things we want. Well we can't have our cake and eat it too. The internet is too big. There are too many choices, and those choices aren't just about you holding a physical item in your hand, it's you also trying to figure out if you're even comparing apples to apples, where arbitrary people are giving arbitrary descriptions of those apples. And companies recognize that problem as well. They want a standardized, guided way of you getting from point A to point B. They want to make it super easy for you to find what you are looking for, because it means you are spending money, either directly or indirectly. And like all companies, they want you to spend you money on them. Companies aren't interested in broadcasting your personal information to the world, because tracking and broadcasting your personally identifiable information to 3rd parties or the world in general gives their competition a chance to put your money in their pocket. But they do recognize that they have to work together with other companies in order to help you find what you are looking for to begin with, and that is where 3rd parties like Google and tracking non-personal information come into play. And in order to even make all this investment worth it, there has to be things like behavioral tracking, because flipping a coin is no way to run a business. The point is, the more we bitch about our "privacy" (that we really aren't losing), the more we push to make laws that create anonymous surfing the norm, the more we are just hurting ourselves. Do we really prefer massive, untargeted spam or even targeted spam, vs. ads striving to show us deals on stuff we are actively looking for? I for one do not, and this tracking and "privacy" crap is going in the opposite direction.

"Normal eng?" Really? What school are you attending? Government is talking about cutting school funding. Let's vote to have the government take away funding from there...get it closed. They obviously fail.

$bad_stuff = ("'",'"','%27','SELECT','INSERT','script'); $input = "input from user"; foreach ($bad_stuff as $bad) { if (stripos($input, $bad) !== 0) { // bad item found, do something } }

This topic has been moved to Third Party PHP Scripts. http://www.phpfreaks.com/forums/index.php?topic=333987.0

vsprintf should do the trick Good for if you have established positions of array values... $query = "SELECT * FROM users WHERE user_name = '%s' AND user_role = '%s'"; $query = vsprintf($query,array('name','role')); echo $query; If you need something more complex, for example, arbitrarily positioned values in the array, you can do something like this: $query = "SELECT * FROM users WHERE user_name = '%2\$s' AND user_role = '%1\$s'"; $query = vsprintf($query,array('role','name')); echo $query; Notice how the array has the values listed backwards, and in the query string, I'm specifying array elements (note: this acts more like regex's captured groups, starting at 1, not 0)

different browsers render what you put differently. For instance, it could shorten it to '#eee' or do it as rgb(value,value,value), or '#eeeeee' or 'eeeeee'. Try adding the following to your loop (not inside the condition): alert(document.getElementById('answer'+i).style.backgroundColor); look at what the value actually is (and compare in different browsers and versions that you are coding for).

Your posted regex can't make what you are saying it's making. You have: (?<!href=")(https?://[A-Za-z0-9+\-=._/*(),@\'$:;&!?%]+) This pattern says to match (https?://[A-Za-z0-9+\-=._/*(),@\'$:;&!?%]+) if it is not preceded by href=". So if you have... [link href="http://www.mycoolsite.com/" target="_blank"]http://www.mycoolsite.com/[/link] ...the http://www.mycoolsite.com/ in your [link] tag won't match, because it is preceded by href=" The only way you could be getting the output you say you are getting is if you are doing something more than this preg_replace(), and have not posted everything you are actually doing here. However, I do see a flaw in what you have posted: test: $str = "http://www.mycoolsite.com/"; $str = preg_replace('|(?<!href=")(https?://[A-Za-z0-9+\-=._/*(),@\'$:;&!?%]+)|i','[link href="$1" target="_blank"]$1[/link]', $str); echo "round 1 : " . $str . "<br/>"; $str = preg_replace('|(?<!href=")(https?://[A-Za-z0-9+\-=._/*(),@\'$:;&!?%]+)|i','[link href="$1" target="_blank"]$1[/link]', $str); echo "round 2 : " . $str . "<br/>"; $str = preg_replace('|(?<!href=")(https?://[A-Za-z0-9+\-=._/*(),@\'$:;&!?%]+)|i','[link href="$1" target="_blank"]$1[/link]', $str); echo "round 3 : " . $str . "<br/>"; output: round 1 : [link href="http://www.mycoolsite.com/" target="_blank"]http://www.mycoolsite.com/[/link] round 2 : [link href="http://www.mycoolsite.com/" target="_blank"][link href="http://www.mycoolsite.com/" target="_blank"]http://www.mycoolsite.com/[/link][/link] round 3 : [link href="http://www.mycoolsite.com/" target="_blank"][link href="http://www.mycoolsite.com/" target="_blank"][link href="http://www.mycoolsite.com/" target="_blank"]http://www.mycoolsite.com/[/link][/link][/link] So I do see a flaw..but not what you are saying. I see matching and replacing the original link inside the tag, not inside your [link..] tag. This should solve that... $str = preg_replace('~(?<!link href="|\])(https?://[A-Za-z0-9+\-=._/*(),@\'$:;&!?%]+)~i','[link href="$1" target="_blank"]$1[/link]', $str); p.s. - I changed your pattern delimiter from | to ~ you should not use | as the pattern delimiter because it has special meaning in regex (it is the "or" operator). While it is possible to use | as the delimiter, it makes it very difficult to then use it as the "or" operator in the pattern.

To clarify, the phpfreaks SMF board is broken down into several forums. "PHPFreaks.com Questions, Comments, & Suggestions" is one forum on the board. This forum is not for asking php/coding questions, it's for asking questions about the forums/board/site/community itself (read the stickies in this forum). If you ask your question in this forum, it will be moved or removed and you may or may not get a thonging out of it. However, there are lots of other forums on this board where you can ask coding questions.

I lied. I actually used print up until about 5m ago when I read salathe prefers echo. So I chose echo because I'm totally stalking salathe.

I grew up with print as well. Having said that, I prefer echo for no particular reason.

As a security measure, you cannot do this with Javascript. The only thing on your machine Javascript is allowed to read are cookies from the browser's cookie file, based on the domain of the requested page. In order to do something like this, you will need to write a browser plugin or ActiveX control to act as a proxy between the file and javascript - something the user will have to specifically install or allow to run in the browser.

afaik there is not.

I think your problem is probably the browser caching the image. Only way to really keep it from doing that is attaching a random number to the request, like <img src="pic.php?n=123"> usually people just do something like this: <img src="pic.php?n=<?php echo time(); ?>"> which just uses the current unix timestamp as the number. ...but you said you can't change index.html. Well..I'm afraid you're out of luck then. Image caching happens in the browser, so you're going to have to change index.html like above or have a meta tag or something specifically telling the browser not to use cached images.

This topic has been moved to PHP Coding Help. http://www.phpfreaks.com/forums/index.php?topic=333172.0

guys, he's asking about generating passwords, not validating them. OP: I'm confused, you refer to "oh" and "el" as letters... so when you say you do not want it to contain "oh" or "el" do you mean 1) 2 literal 2-character strings? Like.. ohxxxxxx <-bad oxxxxxxx <-good hxxxxxxx <-good oxhxxxxx <-good elxxxxxx <-bad exlxxxxx <-good exxxxxxx <-good lxxxxxxx <-good 1) Or, were you just "pronouncing" them, and you really meant "o" and "l", like... xxxxxxxx <- good oxxxxxxx <- bad hxxxxxxx <- good exxxxxxx <- good lxxxxxxx <- bad if the answer is #2 (which I'm guessing that's what you meant...) $password_length = 8; $pool = array_merge(range('a','k'),range('m','n'),range('p','z'),range(2,9)); shuffle ($pool); $password = implode('', array_slice($pool,0,$password_length));

To recursively farm for people to spam, obviously.

make sure to put in your .htaccess file to mark it as permanent 301 redirect so that the search engines don't write you off as trying to dupe content.

Okay, so you are trying to post copyrighted material. That is not acceptable. Also, I just deleted a yii thread of yours, where you advertised yii. And yes you did advertise it because in a followup post, you felt necessary to correct someone that you were not spamming, but advertising (which is the same thing btw). If you are not aware of the rules, then You should not even be a registered member, as reading the ToS is a requirement of registering. Yeah yeah I know nobody really reads that stuff but that's not an excuse. I suggest you go and read the rules now. There is a link in the menu, as well as right above every single Post button.

Yes, what is this pdf you are trying to post? If you are trying to post copyrighted or illegal content, or promote something (spam/advertising), that's a ticket to banville.

SEO? ewww...go wash yourself thoroughly before coming back here.

I haven't fully looked at it but at first glance, your issue is probably because you are using greedy quantifiers instead of lazy quantifiers. Use .+? instead of .+

If you are using php 5.3+ You can just use strstr $user = strstr($email, '@', true);

Also those aren't errors they are warnings.