XP Pro SP3 and PHP 5.2.5
Probably a silly question, and admittedly rather minor, but ... I seem
to be getting inconsistant sandbox results. Usually, it's common to
modify a var by referencing it to itself; e.g. 'n=n+1' , '$var=$var &&
"this" ', etc.
==============
Is it legal to use the following PHP line ($string is the operative
object here)?
$string = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) for
instance?
or must I use something like:
$stringA = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) ?
and then work with $stringA thereafter?
==============
It seems to work OK and then at the odd times it doesn't. I'm using an
Apache local server for this testing and feeding it either by a manually
typed localhost or 127. ... URL or letting NotePadPro throw it to the
server; either way gets the same results.
Looking for verification, I went out and looked at a bunch of tuts,
phpnet, w3, etc, and they never use a variable to operate on itself like
that in any of their stubs and examples, but ... at the same time I
can't find anything saying I can not do so there nor on any of the
Google finds I've looked at.
Is it a case of it's "just me" that something like
$string = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) for
instance
seems to fail at the odd times but works most of the time?
Or, am I chasing a wild goose and it's going to be caused by
something else entirely?
Oh, and whether or not I use Flags doesn't seem to matter.
I've restarted the machine once (warm boot) without anything changing.
I've stopped and restarted the server and editors, browsers, etc., all
to no avail; I still get the off failure happening unpredictably. I do
have error reporting on, ALL, and messages too, plus added
"ini_set('display_errors', 1);" recently, just for good measure.
Any clarification/verification/whatever would be most appreciated if you
have any knowledge of my predicament. Basically what I'm doing is
upgrading from PHP 4 to 5 and trying to use some of the new functions it
provides. It's not exactly the end of the world but it's annoying as
hell and means something somewhere isn't doing what it's supposed to do,
so it definitely needs investigation IMO.
Thanks much,
Twayne
6  2233 
Twayne escribió:
Is it legal to use the following PHP line ($string is the operative
object here)?
$string = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) for
instance?
As far as I know, filter_var() is a function like any other; it doesn't
have anything magical or special. The only drawback I can think of is
that the function "Returns the filtered data, or FALSE if the filter
fails", so in case of failure you lose your data.
or must I use something like:
$stringA = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) ?
and then work with $stringA thereafter?
Do you need later the original value of $string?
==============
It seems to work OK and then at the odd times it doesn't. I'm using an
Apache local server for this testing and feeding it either by a manually
typed localhost or 127. ... URL or letting NotePadPro throw it to the
server; either way gets the same results.
The concept of throwing a file to the server is new to me xD
When you say "doesn't work", do you mean that filter_var() returns a
boolean FALSE? Do you get different output with the same input?
--
-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://bits.demogracia.com
-- Mi web de humor al baño María: http://www.demogracia.com
--
On Fri, 07 Nov 2008 02:47:52 GMT, no****@devnull.spamcop.net wrote:
XP Pro SP3 and PHP 5.2.5
Probably a silly question, and admittedly rather minor, but ... I seem
to be getting inconsistant sandbox results. Usually, it's common to
modify a var by referencing it to itself; e.g. 'n=n+1' , '$var=$var &&
"this" ', etc.
==============
Is it legal to use the following PHP line ($string is the operative
object here)?
$string = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) for
instance?
or must I use something like:
$stringA = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) ?
and then work with $stringA thereafter?
==============
Both are valid assignments, although your posted statements lack a
semi-colon. I'll assume that isn't the problem. :P
It seems to work OK and then at the odd times it doesn't.
What does that mean? Can you explain exactly how it doesn't work?
[snip]
Is it a case of it's "just me" that something like
$string = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) for
instance
seems to fail at the odd times but works most of the time?
[snip]
So, at times, you don't get any output? Please be more specific
about what behavior does not meet your expectations.
--
Curtis
$email = str_replace('sig.invalid', 'gmail.com', $from);
Twayne escribió:
>Is it legal to use the following PHP line ($string is the operative
object here)?
$string = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) for
instance?
As far as I know, filter_var() is a function like any other; it
doesn't have anything magical or special. The only drawback I can
think of is that the function "Returns the filtered data, or FALSE if
the filter fails", so in case of failure you lose your data.
>or must I use something like:
$stringA = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) ?
and then work with $stringA thereafter?
Do you need later the original value of $string?
Yes. I store some of them as session variables for a later confirmation
comparison.
>
>==============
It seems to work OK and then at the odd times it doesn't. I'm using
an Apache local server for this testing and feeding it either by a
manually typed localhost or 127. ... URL or letting NotePadPro
throw it to the server; either way gets the same results.
The concept of throwing a file to the server is new to me xD
lol, sorry, I just mean feeding the URL to my local server
(localhost... ).
>
When you say "doesn't work", do you mean that filter_var() returns a
boolean FALSE? Do you get different output with the same input?
Yes. To make running the form easier, I have prefilled it with data so
I don't have to keep entering or clicking it back into existence each
time the form paints so all I have to do is click the Submit to run that
code. Where I'm expecting foo I'll get back the original 'foo'
just once in awhile. Maybe once in 10 or 20 times; it varies.
I turned power to the PC off overnight, thinking a cold boot this am
might help something. At first I thought it did and just as I was about
to pronounce it gone, it happened again.
I'll probably rewrite the whole page later today to see if that makes
any difference; I guess it could be a corrupted file, but ... it's so
inconsistant I don't know ... ?
Regards,
Twayne
>
--
-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://bits.demogracia.com
-- Mi web de humor al baño María: http://www.demogracia.com
Curtis said:
On Fri, 07 Nov 2008 02:47:52 GMT, no****@devnull.spamcop.net wrote:
> XP Pro SP3 and PHP 5.2.5
Probably a silly question, and admittedly rather minor, but ... I
seem to be getting inconsistant sandbox results. Usually, it's
common to modify a var by referencing it to itself; e.g. 'n=n+1' ,
'$var=$var && "this" ', etc.
==============
Is it legal to use the following PHP line ($string is the operative
object here)?
$string = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) for
instance?
or must I use something like:
$stringA = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) ?
and then work with $stringA thereafter?
==============
Both are valid assignments, although your posted statements lack a
semi-colon. I'll assume that isn't the problem. :P
Thanks, that's the clarification I was looking for. No, it's not the
semi-colons; I wish it was! Looks like I overtyped them with the
question marks etc. here. Dunno why I did that.
>
>It seems to work OK and then at the odd times it doesn't.
What does that mean? Can you explain exactly how it doesn't work?
It passes the variable unsanitized. A <script say will come
thru unchanged or a special character will not be stripped, things like
that. It's not returning False, it's just not doing the filtering
intermittantly and not very often for the same data, which is now
prefilled into the form to speed thngs u p.
Based on your clarification above, about all that's left is file
corruption of some sort but darned if I know why it's so intermittant.
I think when I get more time (and coffee in me) I'll rewrite that whole
section from scratch, a validate & sanitize at a time and see what
happens. If it's still a problem then I'll upload it to my remote
server and see what happens there. I've been afraid to do that in case
it hides the problem, but at least I'll have come concrete data to work
with if it comes back.
Oh; should have mentioned I'm no PHP expert by any means; I think I'd be
considered more a neophyte as I don't have a lot of experience yet.
Also, I've preloaded all the form data to make it faster & easier to
work with it. The testing is driving me nuts!
Thanks Curtis,
Twayne
>
[snip]
>Is it a case of it's "just me" that something like
$string = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) for
instance
seems to fail at the odd times but works most of the time?
[snip]
So, at times, you don't get any output? Please be more specific
about what behavior does not meet your expectations.
On Fri, 07 Nov 2008 16:06:58 GMT, no****@devnull.spamcop.net wrote:
Curtis said:
On Fri, 07 Nov 2008 02:47:52 GMT, no****@devnull.spamcop.net wrote:
XP Pro SP3 and PHP 5.2.5
Probably a silly question, and admittedly rather minor, but ... I
seem to be getting inconsistant sandbox results. Usually, it's
common to modify a var by referencing it to itself; e.g. 'n=n+1' ,
'$var=$var && "this" ', etc.
==============
Is it legal to use the following PHP line ($string is the operative
object here)?
$string = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) for
instance?
or must I use something like:
$stringA = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) ?
and then work with $stringA thereafter?
==============
Both are valid assignments, although your posted statements lack a
semi-colon. I'll assume that isn't the problem. :P
Thanks, that's the clarification I was looking for. No, it's not the
semi-colons; I wish it was! Looks like I overtyped them with the
question marks etc. here. Dunno why I did that.
It seems to work OK and then at the odd times it doesn't.
What does that mean? Can you explain exactly how it doesn't work?
It passes the variable unsanitized. A <script say will come
thru unchanged or a special character will not be stripped, things like
that. It's not returning False, it's just not doing the filtering
intermittantly and not very often for the same data, which is now
prefilled into the form to speed thngs u p.
Based on your clarification above, about all that's left is file
corruption of some sort but darned if I know why it's so intermittant.
I think when I get more time (and coffee in me) I'll rewrite that whole
section from scratch, a validate & sanitize at a time and see what
happens. If it's still a problem then I'll upload it to my remote
server and see what happens there. I've been afraid to do that in case
it hides the problem, but at least I'll have come concrete data to work
with if it comes back.
[snip]
So you're using filter_var() for form data in your actual script? If
so, you ought to be using filter_input(). Actually, I'm not sure of
any benefit using filter_var() with FILTER_SANITIZE_SPECIAL_CHARS
over htmlspecialchars() (maybe the options); this is just a guess,
though.
This still doesn't explain your problem, and I have yet to reproduce
the behavior (PHP 5.2.6, Win32, Apache 2 module). Have you searched
the PHP bug tracker?
Here's a php.net example using filter_input:
<?php
$search_html = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_SPECIAL_CHARS);
$search_url = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_ENCODED);
echo "You have searched for $search_html.\n";
echo "<a href='?search=$search_url'>Search again.</a>";
?>
--
Curtis
$email = str_replace('sig.invalid', 'gmail.com', $from);
Curtis said:
[snip]
So you're using filter_var() for form data in your actual script? If
so, you ought to be using filter_input(). Actually, I'm not sure of
any benefit using filter_var() with FILTER_SANITIZE_SPECIAL_CHARS
over htmlspecialchars() (maybe the options); this is just a guess,
though.
This still doesn't explain your problem, and I have yet to reproduce
the behavior (PHP 5.2.6, Win32, Apache 2 module). Have you searched
the PHP bug tracker?
PHP 5.2.2(Apache/2.2.8 (Win32) here.
>
Here's a php.net example using filter_input:
><?php
$search_html = filter_input(INPUT_GET, 'search',
FILTER_SANITIZE_SPECIAL_CHARS); $search_url =
filter_input(INPUT_GET, 'search', FILTER_SANITIZE_ENCODED);
echo "You have searched for $search_html.\n";
echo "<a href='?search=$search_url'>Search again.</a>";
DAMN! It *seems* to be working now. And I have abolutely NO techincal
Idea why! The overnight AV scan came up with an unidentified "high"
rated virus overnight, claiming it couldn't completely clean it or
quarantine it and a manual link to follow for manual cleaning/reporting.
I followed the instructions and when I came back to look at that alert
again, it was gone! If that was on purpose, it's kind of rude not to
let me know why it closed. Anyway, I'm rerunning the scans on that
machine now but it's going to take a long time because I let it include
the 2 500 Gig external drives in addition to the system drives which
total around 600 Gig.
Silly question, assuming the problem isn't actually gone: I'm running
PHP 5.2.2 because that's what's on my remote server; seemed like the
route to the least problems. I do have PHP 5.2.6 though, and could run
it instead (on my local Apache server, that is).
Would there be any benifit in temporarily running 5.2.6? I don't
think so, but since you indicated it's what you're using I thought I'd
ask.
I've been meaning to learn filter_input() as a matter of fact, having
only really discovered it since this problem arose. Thanks much for
the code stub; it will help a lot in getting started.
Another question: Everything I've ever read, and several others on
the groups, have warned me away from _GETs. I recall there is a _POST
also from my readings. In this context, I can't imagine a downside to
it, but ... if I don't ask ... <g>.
Does it matter whether GET or POST is used in this context?
Many thanks Curtis, I appreciate your efforts. I'll be back one way or
another.
Regards,
Twayne This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: BJS |
last post by:
WipeDotNet is a program that I wrote that implements item D of the
Clearing and Sanitization Matrix listed in section 8-306 of DOD
5220.22-M - The National Industrial Security Program Operating...
|
by: Salad |
last post by:
I have a strange one that's making me scratch my head.
The app is written in AccessXP. The table is a FoxPro 2.6 table. I
link to it via ODBC. There is a field called Active, type Logical...
|
by: jay lavelle |
last post by:
We have numerous A97 databases running on NT4.0(SP6). We now have some
XP-Pro boxes with Office 2003 (approximately 7% of users). When some
of the A97 databases are opened in A03 either 1.)...
|
by: Salad |
last post by:
It used to work on my WinXP machine. A while back I had both A97 and
A2K on my XP machine. I removed A2K and somehow that killed the ability
to export text files in A97. I didn't realize all I...
|
by: cody |
last post by:
no this is no trollposting and please don't get it wrong but iam very
curious why people still use C instead of other languages especially C++.
i heard people say C++ is slower than C but i can't...
|
by: David C |
last post by:
I've posted a couple of times before, but to my amazement, nobody else seems
to have experienced.
In short, while I am coding in the codebehind of a aspx page, color coding
and intellisen vanish...
|
by: lifenetjon |
last post by:
I have a report menu page generated via a datagrid from an xml file. One of the columns on the menu page is a buttoncolumn. I thot I'd set the commandname of the buttoncolumn to the URL of the...
|
by: Mohammad Omer |
last post by:
Hi,
I tried to validate file path without calling file creating functions.
Is it possible? How?
Regards,
-aims
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
| |
