random1

Is there a way to use less SQL code in the code: SELECT `sid`, `sbody`, `stitle`, `sdescription` FROM `simple_search` WHERE `sbody` LIKE '%Survivor%' OR `stitle` LIKE '%Survivor%' OR `sdescription` LIKE '%Survivor%' ORDER BY `stitle` LIMIT 10; to something like: SELECT `sid`, `sbody`, `stitle`, `sdescription` FROM `simple_search` WHERE `sbody` OR `stitle` OR `sdescription` LIKE '%Survivor%' ORDER BY `stitle` LIMIT 10;

Hey All, I'm trying to get some opinions on source code formatting in HTML (using the TAB character). For example: <html> <head> <title>TITLE</title> </head> <body> <div> <div> <div> test </div> </div> </div> </body> </html> VS <html> <head> <title>TITLE</title> </head> <body> <div> <div> <div> test </div> </div> </div> </body> </html> I already tab indent any of my PHP source files however I haven't for HTML source files. What do you think is the better choice for HTML? Should there be a limit set of how many levels of indent to avoid it getting to hard to follow?

Thanks blacknight That worked

Hi All! I've got the following simple example code I've created for a db table "simple_search": SELECT `sid`, `sbody`, `stitle`, `sdescription` FROM `simple_search` WHERE `stitle` LIKE '%the%' ORDER BY `stitle` LIMIT 10; It currently returns records that have "the", "The", "THE", "thE" etc for the title. How can I make a case-sensitive version of this that ONLY returns records that match "the"? I'm using the collation 'utf8_unicode_ci" and the engine "InnoDB".

I ended up using: function rand_str($len, $norepeat = true) { $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*'; $max = strlen($chars) - 1; if($norepeat && $len > $max + 1) { throw new Exception('Non repetitive random string can\'t be longer than charset'); } $rand_chars = array(); while($len) { $picked = $chars[mt_rand(0, $max)]; if($norepeat) { if(!array_key_exists($picked, $rand_chars)) { $rand_chars[$picked] = true; $len--; } } else { $rand_chars[] = $picked; $len--; } } return implode('', $norepeat ? array_keys($rand_chars) : $rand_chars); } echo rand_str(32, true); Sample output: bkWfyRME%qYHncUF$BjgPLxei5JdSmGs I'll test it more but I'm rather happy with it

Yeah I attempted it using mt_rand like voip03 did, but his is far more elegant. I'll get started on this now

I'm looking for a function that creates a random string that contains random letters, numbers and symbols. Also it needs to generate it in a way that there are no repeating characters. Any ideas?

Yeah that seems pretty solid. Just make sure you understand it first and then test, test, test! Quote: And btw, is using hard-coded pepper together with a random generated salt better than simply using salt or pepper alone? A) Hmmm I'm not sure. Maybe someone else knows this?

Encrypting more that once; say md5 then sha1; may seem good but it is really bad idea. It reduces security since it increases the chances of someone using a "rainbow table" and "hashing collision" to hone down on a password. I'd use sha512 (in the SHA2 family) once and choose a good salt for it. Also just a side note. try thinking hard about whether or not to encrypt the username or not. Because one way encrypting a username would mean that you couldn't display or use the username on your site. Really only passwords should be one way encrypted.

"sha1" has been compromised and governments across the world and no longer using it. so I'd advise against it You should use: http://www.php.net/manual/en/function.hash.php (if you are using PHP 5.1.2 or above) Supported algorithms: http://www.php.net/manual/en/function.hash-algos.php I'm currently using "sha512" but may change that soon after more research. To get and indication of the performance of the hashing on your server try: [run the test when the server has full resources available] hash.php <?php define('HASH_TIMES', 1000); define('HASH_DATA', 'The quick brown fox jumped over!'); // 32 bytes header('Content-Type: text/plain'); echo 'Testing ' . strlen(HASH_DATA) . ' bytes of data over ' . HASH_TIMES . " iterations:\n"; foreach (hash_algos() as $algo) { $time = microtime(1); for ($i = 0; $i < HASH_TIMES; $i++) hash($algo, HASH_DATA); $results[$algo] = microtime(1) - $time; } $time = microtime(1); for ($i = 0; $i < HASH_TIMES; $i++) crc32(HASH_DATA); $results['crc32()'] = microtime(1) - $time; $time = microtime(1); for ($i = 0; $i < HASH_TIMES; $i++) md5(HASH_DATA); $results['md5()'] = microtime(1) - $time; $time = microtime(1); for ($i = 0; $i < HASH_TIMES; $i++) sha1(HASH_DATA); $results['sha1()'] = microtime(1) - $time; asort($results, SORT_NUMERIC); foreach ($results as $algo => $time) echo "\n$time\t$algo"; ?> This "performance" is not really equal to "security" so pick wisely Some reading: http://en.wikipedia.org/wiki/Secure_Hash_Algorithm All the Best!, - Deano

Thanks for the detailed help, really useful!

Hey All! I'm trying to get some experienced advise on how to localize and internationalize a PHP app. My current app uses UTF-8 and I have multiple languages in my database listing the translated strings of text. I have set it up to have all data in a mysql database and have no strings hard-coded in any PHP files. How can I echo out for example: - the current date and time - the current date and time plus 1 hour - a money format (e.g. $1000.00 to EU$1000,00) in a format suitable for say the 'de-DE' (German) locale? Should I be using gettext or setlocale()?

I've currently got: SELECT `sid`, `sbody`, `stitle`, `sdescription` FROM `simple_search` WHERE `sbody` LIKE '%test%' ORDER BY `stitle`; How can I change this to order by the number of occurrences of "test"?

Hey All, In my current PHP project I am putting all my HTML in a variable called $buffer and echoing that out at the end of the page generation. Is there an elegant way in PHP to cache generated pages to for example, pagename.htm with a timeout until it should get fresh page data?

I found: http://cslyon.net/2011/05/10/sha-512-w-per-user-salts-is-not-enough/ But I'm not sure how accurate it is.

What is the current best (most secure) one-way password encryption method in PHP? So far I think that: echo hash('sha512', $password . $salt); is the most secure. I'd really love some more help from someone who has far more experience than me

Hey All, I've been working on a "New Account" registration screen: I'm trying to keep it as small and simple as possible (HTML prototype at this stage) as I'll only ask for things like "postal address" IF the user is checking out an order for the first time. Do you think I should be collecting any additional information like "first name", "last name" or "email address" at this early stage of registration? Any other tips for making it as good as it can be?

I have a form field that I'm currently allowing only positive numbers to be entered in. I'm currently using onkeypress on the input field: <input name="card_security_code" type="text" maxlength="4" size="4" onkeypress="return onlyNumbers(event);" /> It's currently working although I'm concerned about using onkeypress, is it reliable and does this fire when using things like ipod and mobile devices? I've heard that using onblur is not recommended for this and I've tried using onchange but that does not work. Any suggestions on what I should use for this kind of field validation?

I'm currently using mysqli in my PHP database class however I'm looking to change it to use PDO (included in PHP). Is PDO stable enough and faster than mysqli? Is it better practice to use PDO since it supports a variety of databases?

Thanks, that's what I thought. I'll much around with it and wrestle it to the ground.

I've written the following code: $mode = 'development'; // 'Development' or 'Public' // Writes a buffer to a file /** * ob_file_callback() * Writes the generated CSS to a file. * @param mixed $buffer * @return void */ function ob_file_callback($buffer) { // stylesheet-public.css is the output generated file $ob_file = fopen('stylesheet-' . $mode . '.css','w'); fwrite($ob_file, $buffer); } $buffer = 'test'; ob_start('ob_file_callback'); $mode is always empty when I run this code. Is it an issue because ob_file_callback is an overridden function?

I have some simple test code: echo memory_get_usage(true); echo("\n" . '<br />' . "\n"); echo memory_get_usage(false); echo("\n" . '<br />' . "\n"); echo memory_get_peak_usage(); that prints out the three types of memory usage in bytes for my basic admin page. All three values are around 2.25 MB in bytes. What's best practice for PHP memory usage? Is 2.25MB far too much for a single user's visit? Do these PHP memory values include images in the page?

Hey all, I'm trying to find out a way to: - Limit a visitor to X concurrent downloads - Limit a visitor's transfer rate (download) to a certain limit (e.g. 1.5MB/s) - Limit a visitor's downloads per hour to X Any ideas?

Hey All, I'm a complete noob with JavaScript. How can I get the HTML from an external website into a JavaScript variable? For example: http://mcse.pair.com/html/tut1.html

Thanks all... I will be using this function to determine Apache during a setup script