neoform

other than: < ? > ' " $ what else should i escape from a string if i'm to write it into a php file? i'm writing the following line to my vars.php file $file_contents .= "define('".$var_name."', base64_decode('".base64_encode($value)."'));\n"; I wanna get away from using base64 since it's completely unreadable, but I don't want to create an exploit either.. ($var_name is already clean, only [A-Za-z\_] accepted).

requirements: Apache with Mod rewrite PHP 5 MySQL 5 My bad, I just noticed the the 'dictionary' table is missing from the zip file. *updated*

Hey, I've been working on a site framework for about a year now that I use on a number of my websites (eg: newsique.com). It's still in it's early stages of beta, I just wanted to see how well it works for others since I've only tested it on 3 different servers so far. Basically it's a site framework + backend control panel with user creation/editing system that allows for good looking URL structures without creating millions of folders all over the site. Instead you create "stuctures" through the backend and pass variables through the path names instead.. eg: http://www.newsique.com/forum/site/site_news/changed_seeding_window/page1/ instead of http://www.newsique.com/?s=forum&section=site&forum=site_news&thread=changed_seeding_window&page=1 You can play with it here: http://www.phpneoform.com/ Here are some basic screen shots: http://www.phpneoform.com/public/screen1.png http://www.phpneoform.com/public/screen2.png http://www.phpneoform.com/public/screen3.png http://www.phpneoform.com/php.neoform.v1.04b.zip

Just wondering if there's a way to tell if a function is disabled on a system? I'm trying to call exec() on the system and instead it throws the error: WARNING - exec() has been disabled for security reasons which is crappy since function_exists('exec') returns true.. so far i can't find a Function_Disabled('exec'); function..

Two complaints: 1) Needs more lively colors.. right now it feels kinda drowsy. 2) The middle area probably shouldn't be a frame and it needs some padding, text sits right at the edge of the frame making it annoying to read.

I'd love to be able to get pictures on the site, but getting the rights to use those photos would be either very costly or very difficult.. kinda sucks.. :(

I dropped it down to 200, gonna try this for a bit and see if i like it.. :P I dunno if i want to swap the columns though, I want to try to get the eye to look at the center of the screen the most by having the top stories there..

I know I posted this up a while ago, but I've made quite a few changes to the site.. http://www.newsique.com Still has some ways to go before it's done, but just wanted to get some critiquing.. etc. p.s. here's an example page of my comment/moderation system.. http://www.newsique.com/politics/vice_presidents_lesbian_daughter/ (i used this story for no particular reason btw, it was just there..)

Hmmm, my only problem is that about 5% of the time i use microtime() i get negative values..... any ideas why that might happen?

Just wondering if there was a built-in function that would give me a given query's execution time.. sort of like a mysql_ insert_ id() but for how long the query took.. I ask because i've noticed that when running queries from a command prompt, i can see the time it took, but i've never seen anything like that in php and using microtime() instead always gives me horribly inaccurate results..

well.. yeah, I've got the cert setup and it works.. what my problem is when i add that line (shown above) apache dies out..  my private key and cert are both included and work great..  it's this "issuing cert" that messes things up..

I just got a cert with Godaddy and they gave me a cert as well as an issuing cert (never used one before).. problem is when i add this line to my ssl.conf apache wont start. [code]SSLCertificateChainFile "C:/server/ssl_certs/sf_issuing.crt"[/code] (apache2.0 + win2k3) any ideas?

so, basically this is all a conspiracy to get everyone to use mysql_real_escape_string isn't it? I seee..............

See, that's what i normally do, but i have yet to find an example of what can actually be done if i don't do it.. :P  Is it really worth the extra processing?

Hey, I was just wondering, if I have magic quotes turned on, is this vulnerable to SQL injection attacks? [code] if (isset($_GET['i'])) $i=$_GET['i']; $query = "SELECT * FROM table WHERE username = '$i'"; [/code] If so, what could be done?

works fine.. turns out it was the program i was using, was actually doing an escape of the letter G. i switched to the dos prompt and it worked. :P

I'm not sure what's causing this error, I'm using MySQL 5.0.27-win and from what I can tell, this command should work.. [code]mysql> SHOW PROCESSLIST\G; ERROR 1064 : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\G' at line 1[/code]

Just wondering, I'm assuming HTTPS is slower than HTTP, but by how much? Would i see a huge hit if i switched my entire site to HTTPS vs. just pages like the login page.. ? Just wondering cause i'm one of those super paranoid types that loves encryption.. (wanna use it on http://www.newsique.com/)

yehaw. set up apache to capture it's ip as a hex value.. http://0x52a5b562 hehe, sucks though, apache doesn't like the integer thing.. dunno why.

so..  we're not friends anymore? *sniff* :'(

I just figured it out. window's TCP/IP stack does a special conversion on integers..  that's actually Google's IP address 64.233.160.0 converted to an INT(10) Here's the PHP code for encoding/decoding an IP address so you can test it yourself..  you can access any website that way.. PHPfreaks.com = http://1113697029 (doesn't work though, apache no likey that url, heh) [code] function ip_encode($ip) {     if ($ip == '')         return 0;     else     { $ips = split ("\.", $ip); return ($ips[3] + $ips[2] * 256 + $ips[1] * 256 * 256 + $ips[0] * 256 * 256 * 256);     } } function ip_decode($int) {     if ($int == '')         return 0;     else     { $w = (int)(($int / 16777216) - 256 * floor(($int / 16777216) / 256)); $x = (int)(($int / 65536) - 256 * floor(($int / 65536) / 256)); $y = (int)(($int / 256) - 256 * floor(($int / 256) / 256)); $z = (int)(($int) - 256 * floor(($int) / 256)); return ($w.'.'.$x.'.'.$y.'.'.$z);     } }[/code]

I was just sitting in my parents basement typing http://1 .. http://2 .. http://3 ... http://4 .. until i got to http://1089059683 and poof, there was google! go figure.

How is it possible that http://1089059683 takes me to Google.com ? there's no TLD!

Now that's what i'm talkin' about! :D thanks :)

ok, so i've got this big query that deals with 3 rather large tables..  I've indexed all appropriate fields, yet the query still takes up to 15 seconds to load..  is there any way to get this going faster? [code]SELECT listings.id, listings.url_name, listings.name FROM keywords INNER JOIN keywords_items ON keywords.id = keywords_items.keyword_id INNER JOIN listings ON keywords_items.item_id = listings.id WHERE (word_stemmed IN ("advertis", "promot")) AND city = '33939' GROUP BY listings.id LIMIT 0, 15[/code] [code]+----+-------------+----------------+--------+-----------------------+---------------+---------+---------------------------------------+------+-----------------------------------------------------------+ | id | select_type | table          | type  | possible_keys        | key          | key_len | ref                                  | rows | Extra                                                    | +----+-------------+----------------+--------+-----------------------+---------------+---------+---------------------------------------+------+-----------------------------------------------------------+ |  1 | SIMPLE      | keywords      | range  | PRIMARY,word_stemmed  | word_stemmed  | 31      | NULL                                  |  20 | Using where; Using index; Using temporary; Using filesort | |  1 | SIMPLE      | keywords_items | ref    | PRIMARY,keyword_index | keyword_index | 3      | localdirectory.keywords.id            |  66 |                                                          | |  1 | SIMPLE      | listings      | eq_ref | PRIMARY,city,city_id  | PRIMARY      | 3      | localdirectory.keywords_items.item_id |    1 | Using where                                              | +----+-------------+----------------+--------+-----------------------+---------------+---------+---------------------------------------+------+-----------------------------------------------------------+ [/code] kewords (index: keyword_stemmed/id) this table has about 800,000 rows [code]+--------------+-----------------------+------+-----+---------+----------------+ | Field        | Type                  | Null | Key | Default | Extra          | +--------------+-----------------------+------+-----+---------+----------------+ | id          | mediumint(8) unsigned | NO  | PRI | NULL    | auto_increment | | word        | char(30)              | YES  | UNI | NULL    |                | | word_stemmed | char(30)              | YES  | MUL | NULL    |                | +--------------+-----------------------+------+-----+---------+----------------+[/code] Keywords_items (Indexed: keyword_id/item_id) this table has about 54,000,000 rows [code]+------------+-----------------------+------+-----+---------+-------+ | Field      | Type                  | Null | Key | Default | Extra | +------------+-----------------------+------+-----+---------+-------+ | item_id    | mediumint(8) unsigned | NO  | PRI | 0      |      | | keyword_id | mediumint(8) unsigned | NO  | PRI | 0      |      | | weight    | smallint(5) unsigned  | NO  |    |        |      | +------------+-----------------------+------+-----+---------+-------+[/code] Listings (index: city) this table has about 8,100,000 rows [code]+-----------------+-----------------------+------+-----+---------+----------------+ | Field          | Type                  | Null | Key | Default | Extra          | +-----------------+-----------------------+------+-----+---------+----------------+ | id              | mediumint(8) unsigned | NO  | PRI | NULL    | auto_increment | | url_name        | char(50)              | YES  | UNI | NULL    |                | | longitude      | double                | NO  | MUL |        |                | | latitude        | double                | NO  |    |        |                | | name            | char(255)            | YES  |    | NULL    |                | | address        | char(255)            | YES  |    | NULL    |                | | state          | smallint(5) unsigned  | YES  | MUL | NULL    |                | | city            | mediumint(8) unsigned | YES  | MUL | NULL    |                | | zip            | char(6)              | YES  |    | NULL    |                | | phone          | char(10)              | YES  |    | NULL    |                | | fax            | char(10)              | YES  |    | NULL    |                | | email          | char(128)            | YES  |    | NULL    |                | | website        | char(255)            | YES  |    | NULL    |                | | description    | text                  | YES  |    | NULL    |                | | hours          | text                  | YES  |    | NULL    |                | | payment_options | text                  | YES  |    | NULL    |                | | locations      | smallint(5) unsigned  | YES  |    | NULL    |                | | established_on  | date                  | YES  |    | NULL    |                | | image          | enum('yes','no')      | YES  |    | no      |                | | keywords        | text                  | YES  |    | NULL    |                | | added_on        | datetime              | YES  |    | NULL    |                | | rating          | tinyint(3) unsigned  | YES  |    | NULL    |                | +-----------------+-----------------------+------+-----+---------+----------------+[/code]