Larry

Thanks, Antonio. It will look better once I customize it, but it's absolutely fine for now.

That *might* work, but what you really should do is use an export and import utility. MySQL comes with command-line versions, but I normally recommend using phpMyAdmin instead.

Thank you for all the effort you put in to share what you learned. I really love seeing that! A .sock file creates a socket, which is a port of communication. So, in complete layman's term, the mysql.sock file is the door that MySQL creates so that communications can get through. There should only be one, not two. Yes, MySQL creates a new .sock file when it starts. That I don't know. Yes, this is important and probably a big cause of your problems. I thought MySQL on Mac OS X ran by default as the "mysql" user, so that user needs to have access to everything it needs. If you change the user that MySQL is running as, then that user needs permission to access everything. Thanks again for sharing!

XDebug is one of the standard debugging tools and it is very useful. I think it's built into many IDEs. I haven't used FirePHP, but taking a quick look at its documentation, it seems like you have to do a fair amount of work to get just a bit of benefit.

I just updated the forum software to the latest version. It has some new features, which will hopefully be appreciated. It may take me a day or two to get everything in terms of appearance and functionality to where I want it, though (the update required that I recreate the template). Apologies in advance for any inconvenience!

Well, I do like my analogies...

Without exaggeration, regular expressions are one of the most important and useful inventions in the history of computers and programming. Period. So much of what's done by software is searching for things, whether it's text within strings or files within a directory. Without regular expressions you can only search for specific, literal things. For example, it'd take two searches to find every file that's a .jpg or .jpeg. Or four, if you factor in case sensitivity. With regular expressions, that's one search. Matching email addresses, phone numbers, names, postal codes, URLs, other numbers, and so forth, all requires regular expressions. Which is to say that a ton of security is added by using regex. Yes, regular expressions is all about matching patterns, but that's kind of like saying that airplanes are just about allowing you to travel through the air. Compared to the alternatives, it's a pretty big difference.

You're quite welcome and thank you!

Off the top of my head, I don't know. Sorry!

Thanks for the questions. Yes, Bob would need to be a registered user AND know his user ID. Unless Bob the hacker is just trying to cause trouble, in which case he may not be trying to improve his account but rather exploit the security hole for that sake alone. Which is something many hackers do: they do it not because they benefit but because they can do it. If Bob is a registered user and it may be "risky", Bob is likely not registered with his real information and even if he was, and he was caught, nothing's going to happen to him anyway. And generally speaking, people who attempt to hack into computers and systems and Web sites aren't too concerned about consequences. Bob would see the end result of the request yes, in the sense of he (again, assuming this was his account) would have some way to see changes in his account, but he wouldn't see the end result of the actual request, because it's Alice's browser that's making the actual server request. In fact, Alice wouldn't see it either in this case, because it's happening as the src attribute of an image. Hope that helps. Let me know if you have any other questions.

Glad to hear it's resolved and thanks for letting us know.

Thanks, Antonio. I haven't updates the Amazon widget yet as the book isn't available yet, but will soon. Thanks for mentioning it!

I specifically use stored functions in situations where very complex logic needs to be applied to column values, such as the mathematical calculation of distance on the earth based upon latitude and longitude. I use stored procedures for complex, multipart transactions and/or for improved security and/or for improved performance and/or for better separation of logic from presentation. I've written about this some in a newsletter: http://www.larryullman.com/2011/07/04/what-is-larry-thinking-42-doing-what-i-do-part-3/#qa Other things I would recommend would be to look into MySQL's storage engines and how it uses indexes. Understanding both goes a long way towards making the most of a database.

If you know that it means the query didn't work, then I assume you know that you'll need to apply the standard PHP-MYSQL debugging techniques to find out WHY it didn't work.

Thanks for sharing!

I've heard similar comments about those books; haven't seen them myself. And, yes, the manual isn't too approachable for beginners. I'm hoping to work on a Yii book at the end of the year, thanks for asking. If you base this upon the schema in the book, then the POST model would already have a topic_id property (or a theme_id or a forum_id, depending upon which exact schema). In the controller, I would start by creating a new POST instance, based upon the form data. If that resulting object already has a topic_id (or whatever) property value, then you know it's a reply and it can be saved. If not, then the controller just has to create the corresponding new Topic model and assign to the POST->topic_id property the value just created.

If you look at the PHP manual's page for str_getcsv(), added in PHP 5.3, you'll see several user-supplied functions that replicate str_getscv().

Well, just out of curiosity, why would you use POST here? To me, POST is inappropriate and GET is the correct request method to use. POST is normally used to change server data; GET used to request server data.

And thanks, Ashely, for the nice words on the book!

I would further argue that using one or more spaces at the beginning and end of a password doesn't add much security whereas not using trim() could make things much harder for your users if extra spaces inadvertently get in there (before or after). This can happen through no fault of their own, by the way, like if the HTML isn't tight. That's my opinion, anyway. As for your problem, if I understand you correctly, the use of SHA1() is making the query not return any results. You can compare the stored value to what it should be by just running the password through SHA1() and echoing the result, then comparing this value to the stored value. Perhaps the original, stored password isn't what you think it is? You could also reset the stored password and test it again.

Yes, that's the point I was trying to make, just not as efficiently or clearly.

Sorry about that. Those pages had to be cut out at the last minute. But the content can be found in a PDF you can download here: http://www.larryullman.com/2010/11/11/“effortless-e-commerce-with-php-and-mysql”-chapter-10-bonus-pages/ That error, though, always means that the query didn't work (as in wasn't executable).

I would say you're well more than "decent" at JavaScript! I would start by saying, however, that I probably would never do any one of these approaches. It's dangerous to have a variable and a function with the same name (this is more true in JavaScript where both can be objects). And with an init function, there's not much benefit to creating it as a variable as it probably won't be used more than once. In any case, the problem in the second code is that you're associating a variable with no value to window.onload. In the first example, it's not a problem because of the way that the JS engine parses the code. You can call functions before they're defined in code because the JS engine will implement all the JS function definitions first, before executing the other code.

Yes, exactly, VIEWS reside in the database and can be queried as if they were real tables. I believe MySQL will automatically update the VIEW when the data in the underlying query tables changes. I don't believe MySQL re-does the JOIN with every query of the VIEW, as that would defeat the purpose.

Did you rerun a phpinfo() function to confirm that cURL was now enabled?