|
Posted by Twayne on November 6, 2008, 9:47 pm
Please log in for more thread options
XP Pro SP3 and PHP 5.2.5
Probably a silly question, and admittedly rather minor, but ... I seem
to be getting inconsistant sandbox results. Usually, it's common to
modify a var by referencing it to itself; e.g. 'n=n+1' , '$var=$var &&
"this" ', etc.
==============
Is it legal to use the following PHP line ($string is the operative
object here)?
$string = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) for
instance?
or must I use something like:
$stringA = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) ?
and then work with $stringA thereafter?
==============
It seems to work OK and then at the odd times it doesn't. I'm using an
Apache local server for this testing and feeding it either by a manually
typed localhost or 127. ... URL or letting NotePadPro throw it to the
server; either way gets the same results.
Looking for verification, I went out and looked at a bunch of tuts,
phpnet, w3, etc, and they never use a variable to operate on itself like
that in any of their stubs and examples, but ... at the same time I
can't find anything saying I can not do so there nor on any of the
Google finds I've looked at.
Is it a case of it's "just me" that something like
$string = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) for
instance
seems to fail at the odd times but works most of the time?
Or, am I chasing a wild goose and it's going to be caused by
something else entirely?
Oh, and whether or not I use Flags doesn't seem to matter.
I've restarted the machine once (warm boot) without anything changing.
I've stopped and restarted the server and editors, browsers, etc., all
to no avail; I still get the off failure happening unpredictably. I do
have error reporting on, ALL, and messages too, plus added
"ini_set('display_errors', 1);" recently, just for good measure.
Any clarification/verification/whatever would be most appreciated if you
have any knowledge of my predicament. Basically what I'm doing is
upgrading from PHP 4 to 5 and trying to use some of the new functions it
provides. It's not exactly the end of the world but it's annoying as
hell and means something somewhere isn't doing what it's supposed to do,
so it definitely needs investigation IMO.
Thanks much,
Twayne
|
|
Posted by =?ISO-8859-1?Q?=22=C1lvaro_G=2 on November 7, 2008, 3:54 am
Please log in for more thread options
Twayne escribió:
show/hide quoted text
> Is it legal to use the following PHP line ($string is the operative
> object here)?
>
> $string = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) for
> instance?
As far as I know, filter_var() is a function like any other; it doesn't
have anything magical or special. The only drawback I can think of is
that the function "Returns the filtered data, or FALSE if the filter
fails", so in case of failure you lose your data.
show/hide quoted text
> or must I use something like:
>
> $stringA = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) ?
> and then work with $stringA thereafter?
Do you need later the original value of $string?
show/hide quoted text
> ==============
> It seems to work OK and then at the odd times it doesn't. I'm using an
> Apache local server for this testing and feeding it either by a manually
> typed localhost or 127. ... URL or letting NotePadPro throw it to the
> server; either way gets the same results.
The concept of throwing a file to the server is new to me xD
When you say "doesn't work", do you mean that filter_var() returns a
boolean FALSE? Do you get different output with the same input?
--
-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://bits.demogracia.com
-- Mi web de humor al baño María: http://www.demogracia.com
--
|
|
Posted by Twayne on November 7, 2008, 10:46 am
Please log in for more thread options show/hide quoted text
> Twayne escribió:
>> Is it legal to use the following PHP line ($string is the operative
>> object here)?
>> $string = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) for
>> instance?
> As far as I know, filter_var() is a function like any other; it
> doesn't have anything magical or special. The only drawback I can
> think of is that the function "Returns the filtered data, or FALSE if
> the filter fails", so in case of failure you lose your data.
>> or must I use something like:
>> $stringA = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) ?
>> and then work with $stringA thereafter?
> Do you need later the original value of $string?
Yes. I store some of them as session variables for a later confirmation
comparison.
show/hide quoted text
>> ==============
>> It seems to work OK and then at the odd times it doesn't. I'm using
>> an Apache local server for this testing and feeding it either by a
>> manually typed localhost or 127. ... URL or letting NotePadPro
>> throw it to the server; either way gets the same results.
> The concept of throwing a file to the server is new to me xD
lol, sorry, I just mean feeding the URL to my local server
(localhost... ).
show/hide quoted text
> When you say "doesn't work", do you mean that filter_var() returns a
> boolean FALSE? Do you get different output with the same input?
Yes. To make running the form easier, I have prefilled it with data so
I don't have to keep entering or clicking it back into existence each
time the form paints so all I have to do is click the Submit to run that
code. Where I'm expecting foo I'll get back the original 'foo'
just once in awhile. Maybe once in 10 or 20 times; it varies.
I turned power to the PC off overnight, thinking a cold boot this am
might help something. At first I thought it did and just as I was about
to pronounce it gone, it happened again.
I'll probably rewrite the whole page later today to see if that makes
any difference; I guess it could be a corrupted file, but ... it's so
inconsistant I don't know ... ?
Regards,
Twayne
show/hide quoted text
> --
> -- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
> -- Mi sitio sobre programación web: http://bits.demogracia.com
> -- Mi web de humor al baño María: http://www.demogracia.com
|
|
Posted by Curtis on November 7, 2008, 4:07 am
Please log in for more thread options On Fri, 07 Nov 2008 02:47:52 GMT, nobody@devnull.spamcop.net wrote:
show/hide quoted text
> XP Pro SP3 and PHP 5.2.5
>
> Probably a silly question, and admittedly rather minor, but ... I seem
> to be getting inconsistant sandbox results. Usually, it's common to
> modify a var by referencing it to itself; e.g. 'n=n+1' , '$var=$var &&
> "this" ', etc.
> ==============
> Is it legal to use the following PHP line ($string is the operative
> object here)?
>
> $string = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) for
> instance?
> or must I use something like:
>
> $stringA = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) ?
> and then work with $stringA thereafter?
> ==============
Both are valid assignments, although your posted statements lack a
semi-colon. I'll assume that isn't the problem. :P
show/hide quoted text
> It seems to work OK and then at the odd times it doesn't.
What does that mean? Can you explain exactly how it doesn't work?
[snip]
show/hide quoted text
> Is it a case of it's "just me" that something like
> $string = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) for
> instance
> seems to fail at the odd times but works most of the time?
[snip]
So, at times, you don't get any output? Please be more specific
about what behavior does not meet your expectations.
--
Curtis
$email = str_replace('sig.invalid', 'gmail.com', $from);
|
|
Posted by Twayne on November 7, 2008, 11:06 am
Please log in for more thread options Curtis said:
show/hide quoted text
> On Fri, 07 Nov 2008 02:47:52 GMT, nobody@devnull.spamcop.net wrote:
>> XP Pro SP3 and PHP 5.2.5
>> Probably a silly question, and admittedly rather minor, but ... I
>> seem to be getting inconsistant sandbox results. Usually, it's
>> common to modify a var by referencing it to itself; e.g. 'n=n+1' ,
>> '$var=$var && "this" ', etc.
>> ==============
>> Is it legal to use the following PHP line ($string is the operative
>> object here)?
>> $string = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) for
>> instance?
>> or must I use something like:
>> $stringA = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) ?
>> and then work with $stringA thereafter?
>> ==============
> Both are valid assignments, although your posted statements lack a
> semi-colon. I'll assume that isn't the problem. :P
Thanks, that's the clarification I was looking for. No, it's not the
semi-colons; I wish it was! Looks like I overtyped them with the
question marks etc. here. Dunno why I did that.
show/hide quoted text
>> It seems to work OK and then at the odd times it doesn't.
> What does that mean? Can you explain exactly how it doesn't work?
show/hide quoted text
It passes the variable unsanitized. A <script> say will come
thru unchanged or a special character will not be stripped, things like
that. It's not returning False, it's just not doing the filtering
intermittantly and not very often for the same data, which is now
prefilled into the form to speed thngs u p.
Based on your clarification above, about all that's left is file
corruption of some sort but darned if I know why it's so intermittant.
I think when I get more time (and coffee in me) I'll rewrite that whole
section from scratch, a validate & sanitize at a time and see what
happens. If it's still a problem then I'll upload it to my remote
server and see what happens there. I've been afraid to do that in case
it hides the problem, but at least I'll have come concrete data to work
with if it comes back.
Oh; should have mentioned I'm no PHP expert by any means; I think I'd be
considered more a neophyte as I don't have a lot of experience yet.
Also, I've preloaded all the form data to make it faster & easier to
work with it. The testing is driving me nuts!
Thanks Curtis,
Twayne
show/hide quoted text
> [snip]
>> Is it a case of it's "just me" that something like
>> $string = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) for
>> instance
>> seems to fail at the odd times but works most of the time?
> [snip]
> So, at times, you don't get any output? Please be more specific
> about what behavior does not meet your expectations.
|
|
XML Sitemap
> object here)?
>
> $string = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) for
> instance?