Jump to content
Larry Ullman's Book Forums


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by Larry

  1. Sorry for the delay; this is a super random issue that I've never seen before. I'm not finding anything relevant in Google searches, either. Yes, you can use prepared statements, which don't use mysqli_real_escape_string() at all. That's totally fine, if not a better end result. If you want to continue debugging this, change your code to this, try it, and let me know what the result is: } else { echo '<p>Submitted last name: ' . $_POST['last_name'] . '</p>'; echo '<p>Established charset: ' . mysqli_get_charset($dbc) . '</p>'; $ln = mysqli_real
  2. Ah, okay. First, you definitely DO NOT store the hashed password in the cookie. The password may be the most important thing to protect, period, especially since users often re-use passwords (i.e., you wouldn't just be compromising their security at your site, you'd be compromising it at other sites potentially as well). "Keep me logged in" is just a matter of extending the session beyond its normal, short length. The specifics of how you do this depend upon how you manage sessions but the basic idea is: 1. Store the session ID in a cookie with a longer expiration. 2. Store th
  3. The premise is pretty simple: if the user checks the "Remember Me" box you send an additional cookie with a longer expiration and a unique identifier. When the user returns, if the cookie still exists, the unique identifier can then be used to pull their username or email address from the database and prepopulate the form with it. In terms of security, just be sure that the cookie value isn't easily reverse-engineered. For example, storing the user's ID or email address or some similar unique identifier in plain text would be the worst possible thing. Storing a hashed version is slightly
  4. You have a syntax error in your connection script: "my_sqli_connect..." Working backwords, mysqli_real_escape_string() won't work--won't escape an apostrophe--if it doesn't have access to a database connection with an established CHARSET. To the problem should be either with the database connection or the charset not being set. First, fix the syntax error and then try again. If that doesn't work, print out the value of $dbc to confirm that it's an object. If it has a false value, that's a problem. If you're still not seeing the cause, connect directly to MySQL using the terminal
  5. Okay, in looking at ZF, as of a year ago it's now been converted to an open source project: https://framework.zend.com/blog/2020-01-24-laminas-launch So in a production environment you'd use Laminas mail, not ZF (https://docs.laminas.dev/laminas-mail/). It should be secure and efficient enough and would work in a hosted environment. Another alternative is to use a third-party email service like Mailgun or Sendmail. Both cost money but provide additional features, such as detailed logs, protection from spam (i.e., your mail server being used to send spam), greatly improved success in an em
  6. This is very weird. You've done good detective work but it doesn't seem like mysqli_real_escape_string() is doing what it's supposed to be doing. I'm kind of guessing here, but mysqli_real_escape_string() requires that the CHARSET is established. I'd start by making your your MySQL connection script does that. mysqli_set_charset($dbc, 'utf8');
  7. For what it's worth, I almost never bother with trying to send email from a local environment. It's just a huge PITA and there can be a ton of reasons why it's not working. It doesn't look like MAMP comes with a mail server, so you'll need to use SMTP to either your ISP's email server or a third-party (e.g., Gmail). Your ISP may or may not allow this, though. But if you google "<your ISP> smtp settings" you might be able to find the settings you need.
  8. Hmmm...sorry about that! I can't seem to find it either now. And I'm not exactly sure what I was thinking at the time I wrote it (now, years later). I don't have scripts created for either--anything I would have created would have been put in the downloadable files--but these are both pretty simple form -> populate database examples. Let me know if you have any questions as to how they'd be implemented. Sorry about the confusion!
  9. Thanks for the nice words! It is appreciated! Unfortunately I'm not sure what's going on with that error message. It looks like it's suggesting that there's a problem with order_contents.print_id as a PRIMARY KEY but it's not a PRIMARY KEY and there's nothing in the SQL you posted that makes it a PRIMARY KEY. I've not seen this before. I'd double-check that the created database in phpMyAdmin matches the description put forth in the book. Thanks again!
  10. Happy Holidays to you as well! Sorry for the confusion on these two related issues. Neither of those scripts exist yet--they weren't created for the book and they're not part of the downloadable scripts. But both should be quite easy to write yourself. Just copy view_orders.php and view_order.php and then update the code to change from orders to customers. Let me know if you have any additional questions about this.
  11. I'm pleasantly surprised to hear that HTML_QuickForm2 is still maintained! I don't have a better solution than what you put forth but that's also a solution I've resorted to using in my dev life, so you should be okay!
  12. Okay, so the code is the same as in the book and the library is roughly the same and the code examples in GitHub are roughly the same. This is going to be hard to debug! My inclination is that either the library doesn't work on HTTP or it has something to do with the sandbox. I would first log into Authorize.net and see if I can view the requests being made. First check that the requests are getting there. Then, if so, check that the requests are receiving the CC dummy values.
  13. Hmmm...it's been a long while since I've looked at this code. What version of the Authorize.NET PHP library are you using? This could be a change in their library since the book was written.
  14. Hmmm...this can be tricky. I'd start by re-evaluating whether it's really necessary to enable SSL on your Mac. Eventually I stopped bothering (I was never using real data that needed to be protected and since it's localhost, the data isn't leaving my computer regardless). But if you do want to continue the first trick is to figure out exactly why Apache doesn't like those settings. I normally start with Apache's "configtest" command, but you'll need to run that using MAMP's Apache. For the Mac's primary Apache you'd run `apachectl configtest`. Unfortunately I don't know what the properly
  15. Unfortunately I'm not familiar with VSC 2019 and its PHP support. Or what it means to Live View a PHP file in it. Hopefully someone else might know and post an answer, or an internet search turns up the solution.
  16. Hey Vikky! To implement a coupon system, you'd want to start by creating a coupon table. A coupon would have a code, probably an expiration date, and then either be a percent off or a fixed-amount off. In more sophisticated systems, coupons may only apply to certain items or total order amount, etc. You may also want to track coupon usage. Then, as part of the checkout process, you'd need to add a field to accept a coupon. Your programming logic would need to verify that the coupon is valid, and adjust the order total accordingly. You'd want to update your orders table in the database to
  17. Hey! You're having this problem because PHP runs on the server, which means all of your PHP code has already been executed before you see the HTML page in the browser. Secondarily, your button as written doesn't actually do anything. There's no programming logic attached to it. That would require JavaScript, which runs in the client.
  18. Good question! First, I guess I'd say that if having too many database records might be a problem, you probably want to rethink your hosting situation. The space used by fake records should be one of the furthest things from your mind, ideally. I imagine my forums has 1,000-2,000 fake registrations. That being said, you can just run delete queries to remove fake registrations on a manual schedule of your choosing. But it's probably worth trying to implement a couple of things to prevent fake registrations in the first place (reCAPTCHA and then some).
  19. Thanks for your questions and for your interest in the book. I appreciate it! Yes, I think the 5th edition would still be a fine way to learn PHP. It was written using PHP 7.0.6. The current stable version is 7.4.11. I'm not aware of any deprecated code, but I also haven't written a guide for that. Most of the feature changes that have come along are in the more advanced and esoteric areas of the language. Yes, this book is designed to be an entry into the PHP and MySQL book. Yes, forum posts can be pinned to the top of the list. Let me know if you have any additional q
  20. Okay, I think you should be able to do something like $(this).parent().prev().text(); Or it may be parent(). parent(). You can experiment with manipulating the DOM in the browser's console window to get the right solution. All that being said, if you have a form whose values are going into a database, I'm not quite following what the benefit is of updating an HTML table, too. The form selections already indicate what the user wants. You probably have a good reason--or I may be missing something--but I just wanted to raise the question.
  21. It's probably help if you could share that part of the DOM here so we could understand how you might navigate it.
  22. You probably want to be using $('#hway').text(returnval); as the DIV doesn't have a "value".
  23. I would always promote the benefits of walking away and returning when it starts to get muddled. Absolutely move on in the book and then come back to this in a bit!
  24. I wouldn't create multiple $color_ variables. Just create and use one $color variable.
  25. Ah, okay. So $phpvqs et al. represent their own indexed arrays, which means that indexing $phpvqs at 'PHP VQS' in the main array is the same as if you defined that sub-array there. Or put another way, imagine $phpvqs was equal to 2. Then $books['PHP VQS'] would also be 2. As for the actual variables $title and $chapters, those are named and created within the foreach loop to represent the index and the value at that index. These could be named anything--$k (or $key) and $v (or $value) are also commonly used. So the foreach loop doesn't "know" anything about the structure of the inn
  • Create New...