|
|
|
|
|
|
Powered byD's Bloggie
| Weblog Archive browse by category ... |
|
|
|
|
Time zone! Oh come on... - 2:43 am
Bug , PHP , Site Issue , SQL , Standards , Web Hosting -  DaRen
I'm tired of dealing with time zone thing on this server... all my blog entries and calendar don't work out like what I expected... so there's the conversation between me and 100Webspace support team:
Quote:
31 October 2005
Me: Hi. I've noticed that PHP is using GMT+2 time zone but MySQL is set to use GMT+3 time zone. On top of that, apache log is using GMT+3 time zone. Can the time zones be standardized ?
Support: Finding a solution of your problem requires a consultation with our administrators. I have forwarded the issue to them and we will send you our answer as soon as we receive their instructions. If you have any additional questions, do not hesitate to ask. Meanwhile just wait for our next response.
Me: Hi. Thanks for replying. I'll wait for the next reply.
Support: We will contact you when we have solution about this issue.
01 November 2005
Me: Hi. Just wondering hows the progress.
Support: Our administrators haven't replied yet, I will remind them about this issue.
07 November 2005 (a week later...)
Support: The server time is now correct, sorry for the delay.
11 November 2005
Me: (revived) *geez* ... *checking back the access log*, found that the admin already response to it and standardize all the timezone on 31 October as soon as I made the post, but some how the reply from support team reaches me a week later...but at least they still reply, ain't that a good thing ? ;)
Shouldn't they take care of this in early stage when server is set up ?
Last edited: Mon 2005-10-17 @ 19:01 , by DaRen 1 time(s)
PHP Passing by Reference - 3:07 pm
Bug , Coding , PHP - DaRen
PHP's function supports passing by reference. However, default values may ONLY be passed by reference starting from PHP >= 5. Default values in PHP functions are like:
[ Hide ] // function declaration with default value
function foo($bar = 'default value here'){ ... };
// function declaration with passing by reference
function foo(&$bar){ ... };
What pissed me off is that I'm using PHP 5 for my computer but the hosting server is using PHP4. I only realize that PHP 4 doesn't supports that after I uploaded all my files to the server. Example of default values passed by reference:
[ Hide ] // This won't work in PHP < 5
function foo(&$bar = 'default value here'){ ... };
Workaround :
Set allow_call_time_pass_reference to true in php.ini if you're using php >= 5 so that you won't get a bunch of warning messages filling your screen.
Trick to do default values passed by reference [ Hide ] <?
// function declaration
function foo($bar = 'default value here') { ... };
// function calling
foo(); // valid call
foo(&$var); // this, however is consider deprecated in PHP >= 5
?>
Base on the above code:
PHP < 5 complains:
Parse error: parse error, expecting ')' and later on by a fatal error and killing the script execution.
PHP >= 5 complains:
Warning: Call-time pass-by-reference has been deprecated - argument passed by value; If you would like to pass it by reference, modify the declaration of [runtime function name](). If you would like to enable call-time pass-by-reference, you can set allow_call_time_pass_reference to true in your INI file. However, future versions may not support this any longer.
Working on weblog archive - 11:48 pm
PHP , Site Issue , Site Updates - DaRen
I've been working on the weblog archives these few days, most of them are done. The calendar should be working correctly now. Thanks to PHP online documentation, I've got PHP's time(), mktime(), gmmktime(), date(), gmdate() messed up and confused for a while. It's very confusing when it comes to local time and GMT/UTC conversion especially the online documentation from PHP site isn't clearly enough. It's like I'm using +10 EST time zone for localhost (testing), storing the timestamps in GMT format, and trying to adjust to +10 GMT in a server which is using +3 GMT time zone. Hows that huh ?
For the weblog archive part, I still need to implement a feature so that blogs displaying are split into pages. This will be very handy for increasing blog post and for easy navigation. There is a more "proper" and technical term for it, pagination, or google it if you wanna know more.
Last edited: Tue 2005-10-11 @ 01:56 , by DaRen 1 time(s)
Opera and PHP header() - 7:27 pm
Browser , Bug , PHP , Standards - DaRen
It's pretty common in PHP where a header() function is used to redirect the user to a specify page.
[ Hide ] <?
header("Location: http://www.domain.com");
header("Refresh: 5; http://www.domain.com"); // Redirect after 5 secs
?>
The above code will work perfectly. However, given a URI http://www.domain.com/file01.php?do=something#anchorhere
[ Hide ] <?
// This won't work with Opera 7.54 or even earlier,
// or this never worked before in Opera up to 8.5
header("Location: http://www.domain.com/file01.php?do=something#anchorhere");
// No problem for this though
header("Refresh: 5; http://www.domain.com/file01.php?do=something#anchorhere");
// A method to overcome the problem in Opera
header("Refresh: 0; http://www.domain.com/file01.php?do=something#anchorhere");
?>
Apparently, it's the '#anchorhere' in the URI that causes Opera failed to redirect to that page. According to the HTTP/1.1 protocol, there is no restriction for using #anchor for the URI inside the header's Location field. I haven't test this with IE and FireFox myself but there are reports saying both IE and FF are working fine.
For more info, click here.
PHP urldecode() - 8:20 pm
Coding , PHP , Security - DaRen
Don't use a urldecode on a $_GET variable !
Say you have a script:
script.php [ Hide ] <?php
// Don't do this !
$value = urldecode($_GET['something']);
?>
Exploit:
An attacker can make a query to that script script.php?something=%2527 [...]
The fact...
PHP "receives" this as %27, which your urldecode() will convert to ' (the singlequote). This may be CATASTROPHIC when injecting into SQL or some PHP functions relying on escaped quotes -- magic quotes rightly cannot detect this and will not protect you!
Eg. This exploit affects phpBB < 2.0.11
Solution:
Just an example of how you can make that more secure:
PHP Single Quote vs Doubel Quote - 7:24 pm
Coding , PHP - DaRen
What's the differences between a ' (single quote) and " (double quote) in PHP programming ? They act quite the same. However, for double quotes, PHP checks the contents for a variable to interpolate and escape characters like the \n newline. This makes your scripts SLOWER. It's doesn't really matters if you're writing a small script, but it will help PHP parse faster in a larger script.
Consider the following:
[ Hide ] $name = 'Darren'; // This one's better
$name = "Darren";
That doesn't mean that double quotes are useless. It helps on readability in some situations:
[ Hide ] echo '<a href="' . $url . '">' . $text . '</a>';
echo "<a href=\"$url\">$text</a>";
// You cannot do a \n with single quote
echo "\nThis is a new line\n";
Using ' or " ? You should know which to use next time.
PHP register_globals - 6:26 pm
Coding , PHP , Security - DaRen
There are numerous ways and possibility which makes your code unsecure when PHP register_globals directive is set to ON.
Below are few examples:
Unsecure Example 1 [ Hide ] <?php $_SESSION['test'] = "original"; $test = "modified"; // this will output "modified" instead of "original" ?>
Unsecure Example 2 [ Hide ] <?php $_SESSION['test'] = $something; // Point to the file in browser, with query append to the back: // test.php?something=modified // The string "modified" will be output ?>
|
|
|
|
|
