Jump to content

justsomeguy

Moderator
  • Content count

    30,334
  • Joined

  • Last visited

Community Reputation

996 Excellent

7 Followers

About justsomeguy

  • Rank
    More Human Than Human
  • Birthday 06/03/1979

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    Phoenix

Previous Fields

  • Languages
    Focusing on PHP and JavaScript

Recent Profile Visitors

280,869 profile views
  1. PHP Upgrade from 5.5.38 to 5.6.33

    I understand that, I understand what superglobals are. But when you're talking about checking if a variable is defined, whether or not it is a value in a superglobal is completely irrelevant. That is, the rules that you should follow for checking if things are defined before you use them are no different based on what kind of value you're dealing with. It doesn't matter that it's a superglobal. No it's not, it's important to fundamentally understand what's going on. Normally PHP documents do not communicate with each other. The web browser, not a PHP document, sends a request to the web server. It's important to understand that. PHP files do not directly communicate with each other unless you're doing something like sending a cURL request from one PHP file to another PHP URL, but even in that case it's still sending an HTTP request. It might just be terminology, but it's important to understand how the request/response cycle is the foundation of PHP running on a web server. Specifically, you need to keep in mind that your web browser is what is sending data to your server, it's not one PHP page on your server sending data to another one. Whether form controls have a default value has nothing to do with checking what data came from a form. You should still check for the presence of any value that you are going to reference, that should be part of form validation. If your form has a zip code field, don't just assume it came with the rest of the form, check for it. Maybe someone is messing with your server looking for vulnerabilities (even in that case, your code should not emit errors), maybe you made a new form page and forgot a field, etc. For the simple purpose that you know you're not using any undefined variables, and that your code is not producing errors (even if you're ignoring them). It's really that simple, there's not a lot to think about here. When processing user-submitted data, just verify that it's set before using it. That's all there is to it, there's not much philosophy behind this. Just check if things got submitted instead of assuming they were, that's all it is.
  2. PHP Upgrade from 5.5.38 to 5.6.33

    I'm having problems parsing that sentence. First, I'm not sure why being a superglobal is significant. Second, documents don't really send values to each other, PHP works with the web server in a request-response format. Requests are sent, with any accompanying data, and PHP and the web server produce a response. This is just the web browser and the web server communicating with each other. Ideally, they should. It's not always necessary though, or even possible. You don't initialize variables in $_GET or $_POST, for example. No, you need a value on the right side of the assignment operator.
  3. change column names without changing the type

    Why is that a goal? Specifically, what problem are you trying to solve by making those things variable? Why do you think that would mitigate SQL attacks? We already have well-known and easy ways to protect against things like SQL injection attacks, what does changing identifier names add to that? If someone is able to attack your database and the only thing stopping them is identifier names (which are relatively easy to figure out if they can already attack your database), the solution is to make it impossible to attack the database in the first place instead of trying to hide the names. I've worked with an application which added tables as needed. When you have several thousand tables all holding similar data then database maintenance becomes a nightmare. That application was poorly designed.
  4. You wouldn't want to just search all fields in all tables, you need more intelligence than that. You would only want to target specific fields that contain the data they might be looking for (there's no reason to search in an autonumber ID field, for example). If you want to just search for a specific string of text then you can use a LIKE clause in the select query. If you want a more natural language search then you should look into fulltext indexes, although you'll need to change some of the database structure to support fulltext searching. Specifically, those columns need to be one of the text data types (tinytext, text, mediumtext, etc), and you need to define a fulltext index spanning all of the columns in the table that you want to include in the search. You may need to change the storage engine also, I know that InnoDB tables support fulltext searching but I'm not sure about MyISAM tables.
  5. change column names without changing the type

    I don't know. I do know that the only time I've seen an application try to dynamically change the database structure, the problems stacked up quickly. Your database design shouldn't need to be changed ideally.
  6. change column names without changing the type

    It looks like the column definition is required.
  7. PHP Upgrade from 5.5.38 to 5.6.33

    I don't think that's necessarily true, if you try to access an undefined variable I don't think PHP allocates anything for it in the hash tables, because if you try to access it a second time it does the same thing.
  8. PHP Upgrade from 5.5.38 to 5.6.33

    So what? I'll bet 10 to 1 that the major change was that your php.ini changed so that PHP is now reporting more errors than it used to. Referencing undefined variables has been an error for a long, long time. If you weren't seeing it, your options were set up to ignore those errors. Ignoring errors isn't a good idea, because like you're finding out you might take your code to a PHP environment that is configured differently and all of a sudden it's emitting all of these notices and warnings that your old server was set to ignore. You should always develop code with maximum error reporting, and you shouldn't stop until there are no more error messages. The solution is to fix the errors in your code. I bet they're hiding them! Not a good idea. For what it's worth, our applications report all errors, but have display_errors disabled so that users do not see them, but we use error logging to write them all to a file. So if someone is reporting problems I can go check the log to see the actual error messages that happened when that person was using it. What I would never even think about doing is just turning off error reporting. That's your opinion. In practice, if well-written code is trying to refer to an undefined value then it's highly likely that the programmer made an error. Your code should never produce error messages regardless of error reporting settings. if (isset($_GET['refer_type']) && filter_var($_GET['refer_type'], FILTER_VALIDATE_INT)) {
  9. What questions do you have about it? If most of your page content is stored in a database then you would search those fields for what someone types in. There are several ways to search in MySQL depending on the type of tables and fields.
  10. 403 Error

    I would start by removing most of that htaccess file and then check if you get the 403, and if not then start adding things back piece by piece and testing until you see the 403 again. If so, the last thing you added caused the problem and at least you've narrowed it down to a specific part and can then figure out why that's causing the issue.
  11. Did not receive any file attachment in thunderbird email

    You still call $formproc->AddFileUploadField only once. If that's the only way to add a file to the email, if the library you're using doesn't have a way to add an entire array of files, then you need to call that once per file to add each file with its own name. Also, your code here will be a lot easier to read if you post it inside a code block.
  12. How to write if else

    That's also assuming that if the cell has a 0 it will return the string "0" instead of a number, otherwise you should cast the value to a string. I don't know enough about the Excel API to know whether you need to do that or not.
  13. How to write if else

    Does it work? The only issue I see is that you're defining that as a string and then comparing it with 0, which is a number.
  14. Did not receive any file attachment in thunderbird email

    If the thing you're using to process that form will accept an uploaded file array, then use that. If it doesn't, your options are either to give each upload field a different name and process them individually, or have some PHP code that takes the incoming $_FILES array and rebuilds it to give the array unique names and then calls the attach method for each name.
  15. build file XML with Xpath and Python

    I don't know where to start. If you want to write software in Python, and you don't know anything about Python, then you probably need to start with the beginner tutorials and books.
×