marklarah

Why? If html_entity_decode is simply the exact reverse of htmlentities, the only changes from the original data that would be lost would be whitespace, or unsuitable characters...which we wouldn't want to store anyway. Of course if your application has to perform lots of operations on the stored unencoded data, then yes it would make sense to store it as such. But I think for most applications (forums, blogs etc), storing it encoded seems to be a much more hassle-free way of doing it. Anyway, I appreciate the arguments you've made, thanks. For large scale applications, I will store it unencoded, but as long as I know all I'm doing with the data is displaying it, I can't see any reason not to store it encoded. Thanks!

I earnestly believe it to be, yes. I find you only actually "need" the original data in those sorts of situations far less often than you do just output it. In which scenario, the same argument can be said that you need to remember to encode on every. single. output. each. time. In any case, if it's just a question of connivence, then imo both methods are valid, and its just down to preference, and what your application calls for.

Hmm, I'm not entirely convinced that's a brilliant solution though - and what about those of us who don't template? idk, it seems there's not really any strong YOU MUST NOT DO THIS OR APACHE WILL EXPLODE kind of reasoning behind not sanitising. As long as you remember do it for every input, and have a method for getting the original data, you can't go wrong!

Hi; thanks for the responses! Just curious though... I agree there could be these situations, but then surely the inverse of the clean function would return it to its original formatting (minus any extraneous whitespace)? htmlentites is a 1to1 mapping, as is html_entity_decode, so any 'mangled' data can be returned to its original form, and then used in such situations. To my mind, it's just as easy (if not easier) to encode the data on input, rather than having to encode it each time on output, and simply running an unclean() function the odd occasion you may need to create an RSS feed or whatever. This is all of course, as matters appear to my na?ve mind.... I could perhaps be completely wrong haha. Essentially, all I'm trying to say is that for every argument made for NOT encoding data on input, the same can be said for the converse. Thanks!

Hi This is more of a general question - obviously when we have user input in our applications, the traditional defence against XSS and Injections and all that kind of thing is to validate user input (and add slashes) and then encode its output each time. This is as opposed to sanitisation. So the age-old question: What's really wrong with encoding the input, rather than the output? Then you don't have to encode data each time you call it! Say this is what my clean function would look like <?php function clean($dirty) { if ($dirty === FALSE) return ''; $dirty = htmlentities($dirty, ENT_QUOTES, "UTF-8"); return trim($dirty); } ?> and I run that on all user input before entering it into the DB. Why is this considered bad practise?

You sir, are a god amongst men. Many thanks.

Absolutely, you should keep it in MySQL, storing it in PHP files is extremely counterintuitive (and will be slow when you try to execute it and take up memory). Your best bet is to use memcached I think.

I believe this is what you're looking for http://php.net/manual/en/function.nl2br.php

Hey hey dudes So I'm fairly new to regex (I've avoided having to write my own expressions up till now lol) So I have a big expression that matches URLs, but I don't want it to match if it's proceeded by something. To boil it down and put it simply, something like this ([a-z]+)(?!( hi)) with string "hello hi" would match "hell", but how would I make it so it matches nothing? ie how do I put everything else that I'd normally test for together in a group or something, with a conditional that if everything is proceeded by something else, the whole thing returns no matches. Hope I'm making myself clear.... Thanks! Mark

Think I've got my head round your checkbox conundrum. Whilst there are probably more efficient ways of achieving what you want, the simple way is to put all the IDs contained in $result_checked into an array. Then, in your loop, have something like while($row4 = mysql_fetch_array($quer4)) { $checked = (in_array($row4[workshop_id], $myArray)) ? ' checked="yes"' : ''; echo "<input type='checkbox' name='workshop_link_1[]' value='".$row4[workshop_id]."'".$checked.">".$row4[workshop_title]."<BR>"; } or something like that, idk if that helps at all. - mark.

What are you trying to achieve? As for file hosting sites they use the tokens to determine wether the user is real and the user status. Since the services always return a file its goddamn heavy on the servers, thats why they've got plenty of them. And if I understood you correctly you are returning a file that contains text (or html or what ever) and renders it to browser, it really doesnt matter since the client must anyhow download all the data (but for small optimization you could always cache the page(s) on the server and skip the readfile part in whole). No, they're likely to be video files, and when I say echoing to the browser, that is infact what reading the file does, regardless of file type. and by his posts, there is no real concept of what file functions do. and how do throtthle bandwidth. 1) learn to code 2) Post code yer having probs with otherwise this thread will just be forgotten in a few days Actually I've been coding for 5 years now, but heavy download sites isn't something I've ever needed to dabble with until now. My simple questions still remains unanswered: isn't using fread/readfile or something of the sort a bad hog on the server, and what are the alternatives

how do download sites do it if not by reading the file? There has to be a way of controlling download speed etc

Ok readfile, whatever. How bad is using readfile though over and over again, won't that hammer the server?

Hi! I run a site the requires users to access largeish files, for download as well for streaming to the browser. It's fairly active, so assuming the worst, how bad is getting php to read the files that would be stored outside of the webroot and then getting it to echo it to a page dynamically for the browser to then read? Currently, I just have the files stored accessible to the web, but a htaccess protects them via requiring a cookie but also requires the referrer to be my site. Now I'm not totally stupid and realise those are both easily spoofed, so I'm looking for a better solution. How do the file hosting sites do it? Using a token system has to involve PHP or some other server side scripting, but then getting the server to read the file with fread() or some similar equivalent would be resource heavy, no? Is that the best way to do it?

Yes it is. I should clarify: it would need user intervention though. Otherwise any old webpage could steal your cookie file for example.

I thought it looked bare until the images kicked in then I was like whoah. Look good for what it is man, job well done imo.

Wait never mind $query="SELECT SUM(rating) AS `total` , COUNT(rating) AS `nums` from votes WHERE sid='$num'"; $result=mysql_query($query); $total=mysql_result($result,0,"total"); $nums=mysql_result($result,0,"nums"); works. thanks!

So I'm building a thumbs up/thumbs down rating system, and for the most part it's working. The fields in the table is either -1 or 1 for an up or down, and it counts it all to get the final rating, using this: $query="SELECT SUM(rating) AS `total` from votes WHERE sid='$num'"; $result=mysql_query($query); $total=mysql_result($result,0,"total"); where $total will obviously be the final rating. How would I get the number of rows that it counted, so it could say something like Rating: 23, with 48 votes or something? thanks mark

Actually the text file I'm looking at which I want to do this with looks like it's already had that done to. So I'll use the reverse to get something like what I have above...then *just tried it* You are a god. Thanks!

Didn't read (I'm super tired) but emptying your cache is always a good idea.

Hi Let's say I have just declared an array as such: <?php $array = array( "Cheese" => "$4.99", "Pepperoni" => "$6.99", "Mushroom" => "$5.49", "Pineapple" => "$5.99" ); print_r($array); ?> Will obviously result in But let's say I had { Cheese" => "$4.99", "Pepperoni" => "$6.99", "Mushroom" => "$5.49", "Pineapple" => "$5.99" } stored in a text file. Short of doing a load explodes, is there any way to convert that to an array? I'm thinking maybe something with eval() but I've no idea yeah.

Aye...it's 32 characters long everytime, so it is a hash, you're quite correct. However, what you gave me works perfectly! I love you! Thanks...I didn't really think about ignoring the rest of the string...

$order = (if button one was selected) ? "DESC" : "ASC"; $query = mysql_query("SELECT * FROM images ORDER BY date $order LIMIT $offset, $rowsPerPage",$con); Something like that? I'm not sure...

What?

It should be easy to set up pagination. I'll give you quick how to, and you can attempt it. First, define how many results per page you want, then from a GET variable, get what page you are on. Assuming you have your array of results somewhere, loop through them from array number currentpage*resultsperpage, to (currentpage*resultsperpage)+50, then display that.