Jump to content
Larry Ullman's Book Forums

All Activity

This stream auto-updates

  1. Last week
  2. Earlier
  3. If I'm following your question correctly, I suspect the intent is you one one query to confirm that the email address isn't already registered. You'd print an error message if it is registered or continue with the registration--run the INSERT--if not.
  4. I'm having trouble understanding what to do for the modifying register review part of chapter 9 using mysql and PHP. It says you should you mysqli_query() to check if the user is entering a repeat email/account reg info but then it says this checks if it is safe to insert the reg info via the form. How are you supposed to enter 2 queries using the mysqli_query() function when that is not possible; I have read. Apparently you have to use multi queries which I cannot wrap my head around. Any help on this subject would be much appreciated, thanks .
  5. Thank you for your response Larry, I will fiddle with it a bit. Best regards.
  6. If the business name is optional, then it doesn't need to be in the main conditional. I would think your NULLIF() usage should work, it's just a question what false-ish PHP value will equate to a NULL-ish MySQL value. I don't know the answer to that but you ought to be able to figure it out with some experimentation.
  7. Hey Alexander. Thanks for you help with this! Please do just post them here and I'll correct them in the next release.
  8. Hi Larry, Thank you very much for your response. Unfortunately I couldn't get it to work yet. If I remove the $bn variable from the IF conditional (to test), the query executes but doesn't set the NULL (default value) in the business_name field in the database. Is that correct? Or could you suggest a way to check for either $bn values in the IF conditional? Best regards.
  9. Thanks for your question. This is not something I've ever covered in one of my books but what you want to search for is "responsive images": https://developer.mozilla.org/en-US/docs/Learn/HTML/Multimedia_and_embedding/Responsive_images
  10. Hmmm... I would think this line would never be true if you assign $bn a NULL value. if ($fn && $ln && $bn && $c && $s && $e && $p) { // If everything's OK. But I could be wrong. In any case, are you still having problems with this or is it working now?
  11. I thought the chapter on image uploads was very clear. However, I have not found anything to help with the subject of how to render an appropriate sized image depending upon the device size. If I load a large image (for desktop), the same image will also be loaded for mobile too. I suspect the answer is to take copies of an image and somehow provide the code which enables to server to know which image to render (small, medium large for example). What approach is best taken here? and do you have this subject covered in any of your other books? Thank you
  12. Hi Larry, Please accept my sincere apology for wasting your time by adding the wrong code. The code above included an alternative solution that I found, but I prefer to use your code and solution as below. I tested only the business_name column in the database by inserting the NULL value via the Xammp MariaDB SQL console, and the query executed and inserted the NULL value. Below please find the actual code from your code examples. Thank you. <?php /* * Script: signup.php * Modified: 03-18-2022 * Frontend: HTML5 & CSS3 * Backend: PHP 7 * Database: MariaDB 10 */ /* This script: - is the sign up page for the application. - calls the configuration script. - redirects invalid users. - opens the database connection. - displays, validates and processes the sign up form. */ // Require the configuration before any PHP code as the configuration controls error reporting: require('includes/config.inc.php'); // The config file also starts the session. // If an id session variable exists, redirect the user: if (isset($_SESSION['user_id'])) { $url = 'dashboard.php'; // Define the URL. ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } // Require the database connection: require(MYSQL); // Include the page title: $page_title = $words['words200']; // Include the HTML header file: include('templates/header.html'); // Look for a form submission: if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Trim all the incoming data: $trimmed = array_map('trim', $_POST); // Assume invalid values: $fn = $ln = $bn = $c = $s = $e = $p = FALSE; // Look for a first name: if (preg_match('/^[A-Z \'.-]{2,40}$/i', $trimmed['first_name'])) { $fn = mysqli_real_escape_string($dbc, $trimmed['first_name']); } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words201'] . '</p> </div>'; } // Look for a last name: if (preg_match('/^[A-Z \'.-]{2,40}$/i', $trimmed['last_name'])) { $ln = mysqli_real_escape_string($dbc, $trimmed['last_name']); } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words202'] . '</p> </div>'; } // Look for a business name (not required): if (empty($trimmed['business_name'])) { $bn = NULL; } elseif (preg_match('/^[A-Z0-9 \',.#-]{2,80}$/i', $trimmed['business_name'])) { $bn = mysqli_real_escape_string($dbc, $trimmed['business_name']); } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words203'] . '</p> </div>'; } // Look for a country: if (isset($_POST['country']) && filter_var($_POST['country'], FILTER_VALIDATE_INT, array('min_range' => 1)) ) { $c = $_POST['country']; } else { // No country selected. echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words204'] . '</p> </div>'; } // Look for a state: if (isset($_POST['state']) && filter_var($_POST['state'], FILTER_VALIDATE_INT, array('min_range' => 1)) ) { $s = $_POST['state']; } else { // No state selected. echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words205'] . '</p> </div>'; } // Look for an email address: if (filter_var($trimmed['email1'], FILTER_VALIDATE_EMAIL)) { if ($trimmed['email1'] == $trimmed['email2']) { $e = mysqli_real_escape_string($dbc, $trimmed['email1']); } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words206'] . '</p> </div>'; } } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words207'] . '</p> </div>'; } // Look for a password and match against the confirmed password: if (strlen($trimmed['password1']) >= 8) { if ($trimmed['password1'] == $trimmed['password2']) { $p = password_hash($trimmed['password1'], PASSWORD_DEFAULT); } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words208'] . '</p> </div>'; } } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words209'] . '</p> </div>'; } if ($fn && $ln && $bn && $c && $s && $e && $p) { // If everything's OK. // Make sure the email address is available: $q = "SELECT user_id FROM users WHERE email='$e'"; $r = mysqli_query($dbc, $q) or trigger_error("Query: $q\n<br>MySQL Error: " . mysqli_error($dbc)); if (mysqli_num_rows($r) == 0) { // Available. // Create the activation code: $a = md5(uniqid(rand(), true)); // Add the user to the database: $q = "INSERT INTO users (first_name, last_name, business_name, country_id, state_id, email, pass, active, date_created) VALUES ('$fn', '$ln', '$bn', '$c', '$s', '$e', '$p', '$a', NOW() )"; $r = mysqli_query($dbc, $q) or trigger_error("Query: $q\n<br>MySQL Error: " . mysqli_error($dbc)); if (mysqli_affected_rows($dbc) == 1) { // If it ran OK. // Send a sign up notification email: $body = "" . $words['words210'] . "\n\n" . $words['words211'] . "\n\n"; $body .= BASE_URL . 'activate.php?x=' . urlencode($e) . "&y=$a\n\n" . $words['words212'] . "\n\n" . $words['words213'] . ""; mail($trimmed['email1'], $words['words214'], $body, 'From: ' . SEND_EMAIL); // Finish the script: echo '<div class="alert alert-success" role="alert" my-3> <i class="fa-solid fa-circle-check fa-4x"></i> <h4 class="alert-heading">' . $words['words215'] . '</h4> <p class="text-md">' . $words['words216'] . '</p> </div>'; include('templates/footer.html'); // Include the HTML footer. exit(); // Stop the script. } else { // If it did not run OK. echo '<div class="alert alert-danger" role="alert" my-3> <i class="fa-solid fa-circle-exclamation fa-4x"></i> <h4 class="alert-heading">' . $words['words217'] . '</h4> <p class="text-md">' . $words['words218'] . '</p> </div>'; } } else { // The email address is not available. echo '<div class="alert alert-danger" role="alert" my-3> <i class="fa-solid fa-circle-exclamation fa-4x"></i> <h4 class="alert-heading">' . $words['words219'] . '</h4> <p class="text-md">' . $words['words220'] . '</p> </div>'; } } else { // If one of the data tests failed. echo '<div class="alert alert-danger" role="alert" my-3> <i class="fa-solid fa-circle-exclamation fa-4x"></i> <h4 class="alert-heading">' . $words['words221'] . '</h4> <p class="text-md">' . $words['words222'] . '</p> </div>'; } } // End of the main Submit conditional. ?> <!-- Sign Up Form --> <section class="slice sct-color-2 border-top border-bottom" id="signup"> <div class="container"> <div class="row justify-content-center g-5"> <div class="col-lg-7"> <div class="card form-card form-card--style-2"> <div class="form-header text-center"> <div class="form-header-icon"> <i class="fa-solid fa-user-plus"></i> </div> </div> <div class="form-body"> <div class="text-center px-2"> <h3 class="heading heading-2 strong-600 text-normal"><?php echo $words['words223'] ?></h3> </div> <p class="text-center mt-2"><?php echo $words['words224'] ?></p> <p class="text-center mt-2"><?php echo $words['words225'] ?> <a href="signin.php" class=""><?php echo $words['words226'] ?></a> </p> <form action="signup.php" method="post" class="form-signup" role="form"> <div class="row"> <div class="col-md-6"> <div class="form-group"> <input type="text" name="first_name" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['first_name'])) echo $trimmed['first_name']; ?>" placeholder="<?php echo $words['words227'] ?>" maxlength="40" required> </div> </div> <div class="col-md-6"> <div class="form-group"> <input type="text" name="last_name" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['last_name'])) echo $trimmed['last_name']; ?>" placeholder="<?php echo $words['words228'] ?>" maxlength="40" required> </div> </div> </div> <div class="row"> <div class="col-md-12"> <div class="form-group"> <input type="text" name="business_name" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['business_name'])) echo $trimmed['business_name']; ?>" placeholder="<?php echo $words['words229'] ?>" maxlength="80"> </div> </div> </div> <div class="row"> <div class="col-md-6"> <div class="form-group"> <select name="country" class="form-control form-control-lg mt-2"><option><?php echo $words['words230'] ?></option> <?php // Retrieve all the countries and add to the pull-down menu: $q = "SELECT country_id, country FROM countries WHERE lang_id={$_SESSION['lid']} AND status='Active' ORDER BY country ASC"; $r = mysqli_query($dbc, $q); while ($row = mysqli_fetch_array($r, MYSQLI_NUM)) { echo "<option value=\"$row[0]\""; // Look for stickyness: if (isset($_POST['country']) && ($_POST['country'] == $row[0]) ) echo ' selected="selected"'; echo ">$row[1]</option>\n"; } ?> </select> </div> </div> <div class="col-md-6"> <div class="form-group"> <select name="state" class="form-control form-control-lg mt-2"><option><?php echo $words['words231'] ?></option> <?php // Retrieve all the states and add to the pull-down menu: $q = "SELECT state_id, state FROM states WHERE lang_id={$_SESSION['lid']} AND status='Active' ORDER BY state ASC"; $r = mysqli_query($dbc, $q); while ($row = mysqli_fetch_array($r, MYSQLI_NUM)) { echo "<option value=\"$row[0]\""; // Look for stickyness: if (isset($_POST['state']) && ($_POST['state'] == $row[0]) ) echo ' selected="selected"'; echo ">$row[1]</option>\n"; } ?> </select> </div> </div> </div> <div class="row"> <div class="col-md-6"> <div class="form-group"> <input type="email" name="email1" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['email1'])) echo $trimmed['email1']; ?>" placeholder="<?php echo $words['words232'] ?>" maxlength="50" required> </div> </div> <div class="col-md-6"> <div class="form-group"> <input type="email" name="email2" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['email2'])) echo $trimmed['email2']; ?>" placeholder="<?php echo $words['words233'] ?>" maxlength="50" required> </div> </div> </div> <div class="row"> <div class="col-md-6"> <div class="form-group"> <input type="password" name="password1" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['password1'])) echo $trimmed['password1']; ?>" placeholder="<?php echo $words['words234'] ?>" maxlength="50" required> </div> </div> <div class="col-md-6"> <div class="form-group"> <input type="password" name="password2" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['password2'])) echo $trimmed['password2']; ?>" placeholder="<?php echo $words['words235'] ?>" maxlength="50" required> </div> </div> </div> <div class="row"> <div class="col-md-12"> <div class="form-group"> <p class="text-center mt-2"> <?php echo $words['words236'] ?> <a href="" data-toggle="modal" data-target="#privacyModal"><?php echo $words['words237'] ?></a> <?php echo $words['words238'] ?> <a href="" data-toggle="modal" data-target="#termsModal"><?php echo $words['words239'] ?></a>. </p> </div> </div> </div> <button type="submit" name="submit" class="w-100 btn btn-block btn-styled btn-base-2 mt-2"><?php echo $words['words240'] ?></button> </form> <!-- Form Auxiliary Links --> <div class="form-user-footer-links"> <div class="row"> <div class="col-6"> <p class="mt-4"> <a href="reset_password.php" class=""><?php echo $words['words241'] ?></a> </p> </div> <div class="col-6"> <p class=" text-right mt-4"> <a href="index.php" class=""><?php echo $words['words242'] ?></a> </p> </div> </div> </div> </div> </div> </div> </div> </div> </section><!-- /.sign up form --> <?php // Include the HTML footer file: include('templates/footer.html');
  13. In your two code examples you have different assigned values for if the business name is empty. First you assign it to the PHP NULL and in the script you assign it to the PHP true. Then you use this value in the MySQL NULLIF() function. In either case you use the value in quotes, which might work, but probably isn't in your case. When you're testing this query directly you say it works, but I imagine at that time you're using a query with NULLIF('', ''), which is probably not the same as whatever PHP is doing. My suspicion is the PHP-generated values don't resolve to an equal comparison in the MySQL query. Specifically I would guess that the PHP NULL or true would get converted to 0 or 1 when put into a string and quoted. You can confirm this by printing out the query dynamically generated by the PHP script.
  14. Hi Larry, Apologies as I tried to submit more information after I realized that I hadn't provided enough, but forgot to submit it! Below is the complete signup script. Thank you. <?php /* * Script: signup.php * Modified: 03-18-2022 * Frontend: HTML5 & CSS3 * Backend: PHP 7 * Database: MariaDB 10 */ /* This script: - is the sign up page for the application. - calls the configuration script. - redirects invalid users. - opens the database connection. - displays, validates and processes the sign up form. */ // Require the configuration before any PHP code as the configuration controls error reporting: require('includes/config.inc.php'); // The config file also starts the session. // If an id session variable exists, redirect the user: if (isset($_SESSION['user_id'])) { $url = 'dashboard.php'; // Define the URL. ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } // Require the database connection: require(MYSQL); // Include the page title: $page_title = $words['words200']; // Include the HTML header file: include('templates/header.html'); // Look for a form submission: if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Trim all the incoming data: $trimmed = array_map('trim', $_POST); // Assume invalid values: $fn = $ln = $bn = $c = $s = $e = $p = FALSE; // Look for a first name: if (preg_match('/^[A-Z \'.-]{2,40}$/i', $trimmed['first_name'])) { $fn = mysqli_real_escape_string($dbc, $trimmed['first_name']); } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words201'] . '</p> </div>'; } // Look for a last name: if (preg_match('/^[A-Z \'.-]{2,40}$/i', $trimmed['last_name'])) { $ln = mysqli_real_escape_string($dbc, $trimmed['last_name']); } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words202'] . '</p> </div>'; } // Look for a business name (not required): if (empty($trimmed['business_name'])) { $bn = true; } elseif (preg_match('/^[A-Z0-9 \',.#-]{2,80}$/i', $trimmed['business_name'])) { $bn = mysqli_real_escape_string($dbc, $trimmed['business_name']); } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words203'] . '</p> </div>'; } // Look for a country: if (isset($_POST['country']) && filter_var($_POST['country'], FILTER_VALIDATE_INT, array('min_range' => 1)) ) { $c = $_POST['country']; } else { // No country selected. echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words204'] . '</p> </div>'; } // Look for a state: if (isset($_POST['state']) && filter_var($_POST['state'], FILTER_VALIDATE_INT, array('min_range' => 1)) ) { $s = $_POST['state']; } else { // No state selected. echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words205'] . '</p> </div>'; } // Look for an email address: if (filter_var($trimmed['email1'], FILTER_VALIDATE_EMAIL)) { if ($trimmed['email1'] == $trimmed['email2']) { $e = mysqli_real_escape_string($dbc, $trimmed['email1']); } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words206'] . '</p> </div>'; } } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words207'] . '</p> </div>'; } // Look for a password and match against the confirmed password: if (strlen($trimmed['password1']) >= 8) { if ($trimmed['password1'] == $trimmed['password2']) { $p = password_hash($trimmed['password1'], PASSWORD_DEFAULT); } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words208'] . '</p> </div>'; } } else { echo '<div class="alert alert-danger mb-3"> <p class="text-md">' . $words['words209'] . '</p> </div>'; } if ($fn && $ln && $bn && $c && $s && $e && $p) { // If everything's OK. // Make sure the email address is available: $q = "SELECT user_id FROM users WHERE email='$e'"; $r = mysqli_query($dbc, $q) or trigger_error("Query: $q\n<br>MySQL Error: " . mysqli_error($dbc)); if (mysqli_num_rows($r) == 0) { // Available. // Create the activation code: $a = md5(uniqid(rand(), true)); // Add the user to the database: $q = "INSERT INTO users (first_name, last_name, business_name, country_id, state_id, email, pass, active, date_created) VALUES ('$fn', '$ln', NULLIF ('$bn',''), '$c', '$s', '$e', '$p', '$a', NOW() )"; $r = mysqli_query($dbc, $q) or trigger_error("Query: $q\n<br>MySQL Error: " . mysqli_error($dbc)); if (mysqli_affected_rows($dbc) == 1) { // If it ran OK. // Send a sign up notification email: $body = "" . $words['words210'] . "\n\n" . $words['words211'] . "\n\n"; $body .= BASE_URL . 'activate.php?x=' . urlencode($e) . "&y=$a\n\n" . $words['words212'] . "\n\n" . $words['words213'] . ""; mail($trimmed['email1'], $words['words214'], $body, 'From: ' . SEND_EMAIL); // Finish the script: echo '<div class="alert alert-success" role="alert" my-3> <i class="fa-solid fa-circle-check fa-4x"></i> <h4 class="alert-heading">' . $words['words215'] . '</h4> <p class="text-md">' . $words['words216'] . '</p> </div>'; include('templates/footer.html'); // Include the HTML footer. exit(); // Stop the script. } else { // If it did not run OK. echo '<div class="alert alert-danger" role="alert" my-3> <i class="fa-solid fa-circle-exclamation fa-4x"></i> <h4 class="alert-heading">' . $words['words217'] . '</h4> <p class="text-md">' . $words['words218'] . '</p> </div>'; } } else { // The email address is not available. echo '<div class="alert alert-danger" role="alert" my-3> <i class="fa-solid fa-circle-exclamation fa-4x"></i> <h4 class="alert-heading">' . $words['words219'] . '</h4> <p class="text-md">' . $words['words220'] . '</p> </div>'; } } else { // If one of the data tests failed. echo '<div class="alert alert-danger" role="alert" my-3> <i class="fa-solid fa-circle-exclamation fa-4x"></i> <h4 class="alert-heading">' . $words['words221'] . '</h4> <p class="text-md">' . $words['words222'] . '</p> </div>'; } } // End of the main Submit conditional. ?> <!-- Sign Up Form --> <section class="slice sct-color-2 border-top border-bottom" id="signup"> <div class="container"> <div class="row justify-content-center g-5"> <div class="col-lg-7"> <div class="card form-card form-card--style-2"> <div class="form-header text-center"> <div class="form-header-icon"> <i class="fa-solid fa-user-plus"></i> </div> </div> <div class="form-body"> <div class="text-center px-2"> <h3 class="heading heading-2 strong-600 text-normal"><?php echo $words['words223'] ?></h3> </div> <p class="text-center mt-2"><?php echo $words['words224'] ?></p> <p class="text-center mt-2"><?php echo $words['words225'] ?> <a href="signin.php" class=""><?php echo $words['words226'] ?></a> </p> <form action="signup.php" method="post" class="form-signup" role="form"> <div class="row"> <div class="col-md-6"> <div class="form-group"> <input type="text" name="first_name" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['first_name'])) echo $trimmed['first_name']; ?>" placeholder="<?php echo $words['words227'] ?>" maxlength="40" required> </div> </div> <div class="col-md-6"> <div class="form-group"> <input type="text" name="last_name" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['last_name'])) echo $trimmed['last_name']; ?>" placeholder="<?php echo $words['words228'] ?>" maxlength="40" required> </div> </div> </div> <div class="row"> <div class="col-md-12"> <div class="form-group"> <input type="text" name="business_name" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['business_name'])) echo $trimmed['business_name']; ?>" placeholder="<?php echo $words['words229'] ?>" maxlength="80"> </div> </div> </div> <div class="row"> <div class="col-md-6"> <div class="form-group"> <select name="country" class="form-control form-control-lg mt-2"><option><?php echo $words['words230'] ?></option> <?php // Retrieve all the countries and add to the pull-down menu: $q = "SELECT country_id, country FROM countries WHERE lang_id={$_SESSION['lid']} AND status='Active' ORDER BY country ASC"; $r = mysqli_query($dbc, $q); while ($row = mysqli_fetch_array($r, MYSQLI_NUM)) { echo "<option value=\"$row[0]\""; // Look for stickyness: if (isset($_POST['country']) && ($_POST['country'] == $row[0]) ) echo ' selected="selected"'; echo ">$row[1]</option>\n"; } ?> </select> </div> </div> <div class="col-md-6"> <div class="form-group"> <select name="state" class="form-control form-control-lg mt-2"><option><?php echo $words['words231'] ?></option> <?php // Retrieve all the states and add to the pull-down menu: $q = "SELECT state_id, state FROM states WHERE lang_id={$_SESSION['lid']} AND status='Active' ORDER BY state ASC"; $r = mysqli_query($dbc, $q); while ($row = mysqli_fetch_array($r, MYSQLI_NUM)) { echo "<option value=\"$row[0]\""; // Look for stickyness: if (isset($_POST['state']) && ($_POST['state'] == $row[0]) ) echo ' selected="selected"'; echo ">$row[1]</option>\n"; } ?> </select> </div> </div> </div> <div class="row"> <div class="col-md-6"> <div class="form-group"> <input type="email" name="email1" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['email1'])) echo $trimmed['email1']; ?>" placeholder="<?php echo $words['words232'] ?>" maxlength="50" required> </div> </div> <div class="col-md-6"> <div class="form-group"> <input type="email" name="email2" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['email2'])) echo $trimmed['email2']; ?>" placeholder="<?php echo $words['words233'] ?>" maxlength="50" required> </div> </div> </div> <div class="row"> <div class="col-md-6"> <div class="form-group"> <input type="password" name="password1" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['password1'])) echo $trimmed['password1']; ?>" placeholder="<?php echo $words['words234'] ?>" maxlength="50" required> </div> </div> <div class="col-md-6"> <div class="form-group"> <input type="password" name="password2" class="form-control form-control-lg mt-2" value="<?php if (isset($trimmed['password2'])) echo $trimmed['password2']; ?>" placeholder="<?php echo $words['words235'] ?>" maxlength="50" required> </div> </div> </div> <div class="row"> <div class="col-md-12"> <div class="form-group"> <p class="text-center mt-2"> <?php echo $words['words236'] ?> <a href="" data-toggle="modal" data-target="#privacyModal"><?php echo $words['words237'] ?></a> <?php echo $words['words238'] ?> <a href="" data-toggle="modal" data-target="#termsModal"><?php echo $words['words239'] ?></a>. </p> </div> </div> </div> <button type="submit" name="submit" class="w-100 btn btn-block btn-styled btn-base-2 mt-2"><?php echo $words['words240'] ?></button> </form> <!-- Form Auxiliary Links --> <div class="form-user-footer-links"> <div class="row"> <div class="col-6"> <p class="mt-4"> <a href="reset_password.php" class=""><?php echo $words['words241'] ?></a> </p> </div> <div class="col-6"> <p class=" text-right mt-4"> <a href="index.php" class=""><?php echo $words['words242'] ?></a> </p> </div> </div> </div> </div> </div> </div> </div> </div> </section><!-- /.sign up form --> <?php // Include the HTML footer file: include('templates/footer.html');
  15. Hey Jacques! There's not really enough information here for me to make any suggestions. I'd start with the standard debugging methods: print out the query being run on the database (i.e., an example of the dynamically generated query) and also have the database report any errors (do this in the PHP script itself).
  16. Hi Larry. I'm studying Yii2 with your book, many thanks for it. I intend do put a few issues I can possibly find here, if there is no problem with that. I find no other place to do that, is there any? I want to collaborate only. Many thanks for your excellent book. I'm loving it. Alexander
  17. Hi Larry, I am using your validation method from chapter 10 to validate and optional business name but the query doesn't want to execute. I have re-checked the validation (no errors) and database, but cannot find anything wrong. When I run a SQL query in Xammp to update a user's business name to NULL, the record updates, so the column settings are correct. Do you perhaps have any suggestions? Thank you. // Look for a business name (not required): if (empty($trimmed['business_name'])) { $bn = NULL; } elseif (preg_match('/^[A-Z0-9 \',.#-]{2,80}$/i', $trimmed['business_name'])) { $bn = mysqli_real_escape_string($dbc, $trimmed['business_name']); } else { echo '<p>Please enter a valid business name!</p>'; }
  18. That means your query didn't run properly due to an error. I suspect it's because you can't return an array from a function like that (as an aside, that's not a good use of a user-defined function). If you start by printing out the value of $existing_Query you can confirm this.
  19. Can someone please tell me how to fix this? here is the code function getPosts() { $posts = array(); $posts[0] = $_POST['course']; $posts[1] = $_POST['level']; $posts[2] = $_POST['section']; return $posts; } if (isset($_POST['insert'])) { $data = getPosts(); $existing_Query ="SELECT * FROM `class` WHERE `course`='$data[0]' OR `level`='$data[1]' OR `section`='$data[2]'"; $existing_Result = mysqli_query($con, $existing_Query); if(0 < mysqli_num_rows ($existing_Result)){ echo '<script type="text/javascript"> alert("your entry is already in the class. please choose another class."); window.location="addclass.php"; </script>'; } else { $insert_Query = "INSERT INTO `class` (`course`, `level`, `section`) VALUES ('$data[0]', '$data[1]', '$data[2]')"; $insert_Result = mysqli_query($con, $insert_Query); if ($insert_Result) { Thanks.
  20. How the Stripe integration works has changed significantly since this edition was written. I'd look at Stripe's documentation for the proper JavaScript and PHP code to use in 2022. Sorry for the confusion!
  21. I had a further look at code that I wrote over 2 years ago where I did a fairly major adaptation of Larry's STRIPE payment processing as my situation was a standard shopping cart. In my implementation I have an HTML form which I then process in a REDUX call to extract the credit card number from the form's submitted $_POST data. So I probably can't help you. I am sorry if I have wasted your time. Regards, Necuima
  22. Hi, I had a look at code that I also used from Larry's book. In my implementation the $cc_number PHP variable is set when the $_POST data are processed from the submitted form. In Larry's code I think that that is in module billing.php (line 55). Do you have this in your implementation? Regards, Necuima
  23. Hi Larry, I copied your code line to line, and the only reference is in the billing.js file on line 16 var cc_number = $('#cc_number').val(), Also, it's in the billing_stripe.html form <div class="field"><label for="cc_number"><strong>Card Number</strong></label><br /><input type="text" id="cc_number" autocomplete="off" /></div> Other than that, I can't see it defined anywhere else. QU: Do I need to define the variable 'cc_number' again somewhere else, because I literally copied your entire code and assumed everything is fine, so I am reluctant to change anything. I have run out of ideas regards
  24. Hi DMX1, I had a look at your code and cannot see where $cc_number is defined. Is it defined somewhere else? Regards
  25. Hi Larry, I am having a few problems regarding the 'billing_stripe.php' file. I wrote the code below that's in my 'billing_stripe.php' file. When I get to the line: $cc_last_four = substr($cc_number, -4); An error is thrown up and it says: 'Undefined variable: cc_number'. I have tried everything but I can't seem to find out why it's saying that the cc_number variable is undefined. Qu 1: Do you have any suggestions as to what might be the problem? Qu 2: Is the code in the billing_stripe.php file below correct, or do I need to take out some sections? Code for 'billing_stripe.php' file <?php // This file is the second step in the checkout process. // It takes and validates the billing information. // This updated versions uses Stripe. // This script is created in Chapter 15. // Require the configuration before any PHP code: require('./includes/config.inc.php'); // Start the session: session_start(); // The session ID is the user's cart ID: $uid = session_id(); // Check that this is valid: if (!isset($_SESSION['customer_id'])) { // Redirect the user. $location = 'https://' . BASE_URL . 'checkout.php'; header("Location: $location"); exit(); } // Require the database connection: require(MYSQL); // Validate the billing form... // For storing errors: $billing_errors = array(); // Check for a form submission: if ($_SERVER['REQUEST_METHOD'] === 'POST') { //if (get_magic_quotes_gpc()) { $_POST['cc_first_name'] = stripslashes($_POST['cc_first_name']); // Repeat for other variables that could be affected. // } // Check for a first name: if (preg_match ('/^[A-Z \'.-]{2,20}$/i', $_POST['cc_first_name'])) { $cc_first_name = $_POST['cc_first_name']; } else { $billing_errors['cc_first_name'] = 'Please enter your first name!'; } // Check for a last name: if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $_POST['cc_last_name'])) { $cc_last_name = $_POST['cc_last_name']; } else { $billing_errors['cc_last_name'] = 'Please enter your last name!'; } // Check for a Stripe token: if (isset($_POST['token'])) { $token = $_POST['token']; } else { $message = 'The order cannot be processed. Please make sure you have JavaScript enabled and try again.'; $billing_errors['token'] = true; } // Check for a street address: if (preg_match ('/^[A-Z0-9 \',.#-]{2,160}$/i', $_POST['cc_address'])) { $cc_address = $_POST['cc_address']; } else { $billing_errors['cc_address'] = 'Please enter your street address!'; } // Check for a city: if (preg_match ('/^[A-Z \'.-]{2,60}$/i', $_POST['cc_city'])) { $cc_city = $_POST['cc_city']; } else { $billing_errors['cc_city'] = 'Please enter your city!'; } // Check for a state: /*if (preg_match ('/^[A-Z]{2}$/', $_POST['cc_state'])) { $cc_state = $_POST['cc_state']; } else { $billing_errors['cc_state'] = 'Please enter your state!'; } */ // Check for a zip code: if (preg_match ('/^[a-z]{1,2}\d[a-z\d]?\s*\d[a-z]{2}$/i', $_POST['cc_zip'])) { $cc_zip = $_POST['cc_zip']; } else { $billing_errors['cc_zip'] = 'Please enter your zip code!'; } if (empty($billing_errors)) { // If everything's OK... // Check for an existing order ID: if (isset($_SESSION['order_id'])) { // Use existing order info: $order_id = $_SESSION['order_id']; $order_total = $_SESSION['order_total']; } else { // Create a new order record: // Get the last four digits of the credit card number: // Temporary solution for Stripe: // $cc_last_four = 1234; $cc_last_four = substr($cc_number, -4); // PROBLEM-----------------------PROBLEM LINE---------------------------PROBLEM LINE // Call the stored procedure: $shipping = $_SESSION['shipping'] * 100; $r = mysqli_query($dbc, "CALL add_order({$_SESSION['customer_id']}, '$uid', $shipping, $cc_last_four, @total, @oid)"); // Confirm that it worked: if ($r) { // Retrieve the order ID and total: $r = mysqli_query($dbc, 'SELECT @total, @oid'); if (mysqli_num_rows($r) == 1) { list($order_total, $order_id) = mysqli_fetch_array($r); // Store the information in the session: $_SESSION['order_total'] = $order_total; $_SESSION['order_id'] = $order_id; } else { // Could not retrieve the order ID and total. unset($cc_number, $cc_cvv, $_POST['cc_number'], $_POST['cc_cvv']); trigger_error('Your order could not be processed due to a system error. We apologize for the inconvenience.'); } } else { // The add_order() procedure failed. trigger_error('Your order could not be processed due to a system error. We apologize for the inconvenience.'); } } // End of isset($_SESSION['order_id']) IF-ELSE. // ------------------------ // Process the payment! if (isset($order_id, $order_total)) { try { // Include the Stripe library: require_once('includes/stripe-php-master.php'); // set your secret key: remember to change this to your live secret key in production // see your keys here https://manage.stripe.com/account Stripe::setApiKey('sk_test_5671Ho5BXJqZPKqEIbC9WJInaYpkgFz0TKM00yZFexsOh'); // Charge the order: $charge = Stripe_Charge::create(array( 'amount' => $order_total, 'currency' => 'GBP', 'card' => $token, 'description' => $_SESSION['email'], 'capture' => false ) ); // echo '<pre>' . print_r($charge, 1) . '</pre>';exit; // Did it work? if ($charge->paid == 1) { // Add slashes to two text values: $full_response = addslashes(serialize($charge)); // Record the transaction: $r = mysqli_query($dbc, "CALL add_charge('{$charge->id}', $order_id, 'auth_only', $order_total, '$full_response')"); // Add the transaction info to the session: $_SESSION['response_code'] = $charge->paid; // Redirect to the next page: $location = 'https://' . BASE_URL . 'final.php'; header("Location: $location"); exit(); } else { // Charge was not paid! $message = $charge->response_reason_text; } } catch (Stripe_CardError $e) { // Stripe declined the charge. $e_json = $e->getJsonBody(); $err = $e_json['error']; $message = $err['message']; } catch (Exception $e) { // Try block failed somewhere else. trigger_error(print_r($e, 1)); } } // End of isset($order_id, $order_total) IF. // Above code added as part of payment processing. // ------------------------ } // Errors occurred IF } // End of REQUEST_METHOD IF. // Include the header file: $page_title = 'EFYHAH - Checkout - Your Billing Information'; include('./includes/checkout_header.html'); // Get the cart contents: $r = mysqli_query($dbc, "CALL get_shopping_cart_contents('$uid')"); if (mysqli_num_rows($r) > 0) { // Products to show! if (isset($_SESSION['shipping_for_billing']) && ($_SERVER['REQUEST_METHOD'] !== 'POST')) { $values = 'SESSION'; } else { $values = 'POST'; } include('./views/billing_stripe.html'); } else { // Empty cart! include('./views/emptycart.html'); } // Finish the page: include('./includes/footer.html'); ?>
  26. Sure, sure! So, simply put, if there's a problematic character in a value that could break syntax of the SQL query when you go to run it. For example, say a person's last name is O'Brien, then this query: INSERT INTO people (last_name) VALUES ('$last_name') becomes INSERT INTO people (last_name) VALUES ('O'Brien') That query won't run in the database because of a syntax error. To prevent this problem, PHP developed this thing called Magic Quotes, which automatically escaped problematic characters. But the mysqli_real_escape_string() function actually does a better job of that, as it'll have database-specific results. So what this escape_data() function did was run data through mysqli_real_escape_string(). However, if Magic Quotes was on, that'd result in a value being overly escaped, so that's what the IF clause was addressing.
  27. Can you please explain what you mean when you say "failing to use mysqli_real_escape_string() will cause your query to break"?
  1. Load more activity
×
×
  • Create New...