Jump to content
Larry Ullman's Book Forums


  • Content Count

  • Joined

  • Last visited

  • Days Won


Larry last won the day on September 23 2020

Larry had the most liked content!

Community Reputation

428 Excellent

About Larry

  • Rank

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Thanks for the nice words and for the interest in my books. It is appreciated! I discuss PDO in my PHP Advanced book, however that was last published in 2013 and I'm sure I didn't cover all the functions. Since you're already using PHP, maybe try giving the PHP manual a go first?
  2. Ah, okay, so it could definitely be possible that you're just not running the code you think you're running. Specifically: you're still submitting the form to the older version of register.php, which does not mysqli_real_escape_string(). That would solve this mystery.
  3. Sorry, I should have been more clear. The original else clause for handling the last name is this: } else { $ln = mysqli_real_escape_string($dbc, trim($_POST['last_name'])); } Replace that with what I previously posted and then fill out the form--using an apostrophe in the last name value--and submit the form to see the results. But that mysqli_get_charset() returns nothing is informative already. The problem isn't going to be with your HTML form. The values are getting to PHP fine, they're just not being escaped by mysqli_real_escape_string().
  4. Sorry for the delay; this is a super random issue that I've never seen before. I'm not finding anything relevant in Google searches, either. Yes, you can use prepared statements, which don't use mysqli_real_escape_string() at all. That's totally fine, if not a better end result. If you want to continue debugging this, change your code to this, try it, and let me know what the result is: } else { echo '<p>Submitted last name: ' . $_POST['last_name'] . '</p>'; echo '<p>Established charset: ' . mysqli_get_charset($dbc) . '</p>'; $ln = mysqli_real
  5. Ah, okay. First, you definitely DO NOT store the hashed password in the cookie. The password may be the most important thing to protect, period, especially since users often re-use passwords (i.e., you wouldn't just be compromising their security at your site, you'd be compromising it at other sites potentially as well). "Keep me logged in" is just a matter of extending the session beyond its normal, short length. The specifics of how you do this depend upon how you manage sessions but the basic idea is: 1. Store the session ID in a cookie with a longer expiration. 2. Store th
  6. The premise is pretty simple: if the user checks the "Remember Me" box you send an additional cookie with a longer expiration and a unique identifier. When the user returns, if the cookie still exists, the unique identifier can then be used to pull their username or email address from the database and prepopulate the form with it. In terms of security, just be sure that the cookie value isn't easily reverse-engineered. For example, storing the user's ID or email address or some similar unique identifier in plain text would be the worst possible thing. Storing a hashed version is slightly
  7. You have a syntax error in your connection script: "my_sqli_connect..." Working backwords, mysqli_real_escape_string() won't work--won't escape an apostrophe--if it doesn't have access to a database connection with an established CHARSET. To the problem should be either with the database connection or the charset not being set. First, fix the syntax error and then try again. If that doesn't work, print out the value of $dbc to confirm that it's an object. If it has a false value, that's a problem. If you're still not seeing the cause, connect directly to MySQL using the terminal
  8. Okay, in looking at ZF, as of a year ago it's now been converted to an open source project: https://framework.zend.com/blog/2020-01-24-laminas-launch So in a production environment you'd use Laminas mail, not ZF (https://docs.laminas.dev/laminas-mail/). It should be secure and efficient enough and would work in a hosted environment. Another alternative is to use a third-party email service like Mailgun or Sendmail. Both cost money but provide additional features, such as detailed logs, protection from spam (i.e., your mail server being used to send spam), greatly improved success in an em
  9. This is very weird. You've done good detective work but it doesn't seem like mysqli_real_escape_string() is doing what it's supposed to be doing. I'm kind of guessing here, but mysqli_real_escape_string() requires that the CHARSET is established. I'd start by making your your MySQL connection script does that. mysqli_set_charset($dbc, 'utf8');
  10. For what it's worth, I almost never bother with trying to send email from a local environment. It's just a huge PITA and there can be a ton of reasons why it's not working. It doesn't look like MAMP comes with a mail server, so you'll need to use SMTP to either your ISP's email server or a third-party (e.g., Gmail). Your ISP may or may not allow this, though. But if you google "<your ISP> smtp settings" you might be able to find the settings you need.
  11. Hmmm...sorry about that! I can't seem to find it either now. And I'm not exactly sure what I was thinking at the time I wrote it (now, years later). I don't have scripts created for either--anything I would have created would have been put in the downloadable files--but these are both pretty simple form -> populate database examples. Let me know if you have any questions as to how they'd be implemented. Sorry about the confusion!
  12. Thanks for the nice words! It is appreciated! Unfortunately I'm not sure what's going on with that error message. It looks like it's suggesting that there's a problem with order_contents.print_id as a PRIMARY KEY but it's not a PRIMARY KEY and there's nothing in the SQL you posted that makes it a PRIMARY KEY. I've not seen this before. I'd double-check that the created database in phpMyAdmin matches the description put forth in the book. Thanks again!
  13. Happy Holidays to you as well! Sorry for the confusion on these two related issues. Neither of those scripts exist yet--they weren't created for the book and they're not part of the downloadable scripts. But both should be quite easy to write yourself. Just copy view_orders.php and view_order.php and then update the code to change from orders to customers. Let me know if you have any additional questions about this.
  14. I'm pleasantly surprised to hear that HTML_QuickForm2 is still maintained! I don't have a better solution than what you put forth but that's also a solution I've resorted to using in my dev life, so you should be okay!
  • Create New...