Larry
Administrators-
Posts
5413 -
Joined
-
Last visited
-
Days Won
155
Everything posted by Larry
-
Thanks, Antonio. It will look better once I customize it, but it's absolutely fine for now.
-
How Do I Copy A Mysql File To The Server
Larry replied to Peter77's topic in MySQL: Visual QuickStart Guide (2nd Edition)
That *might* work, but what you really should do is use an export and import utility. MySQL comes with command-line versions, but I normally recommend using phpMyAdmin instead. -
Thank you for all the effort you put in to share what you learned. I really love seeing that! A .sock file creates a socket, which is a port of communication. So, in complete layman's term, the mysql.sock file is the door that MySQL creates so that communications can get through. There should only be one, not two. Yes, MySQL creates a new .sock file when it starts. That I don't know. Yes, this is important and probably a big cause of your problems. I thought MySQL on Mac OS X ran by default as the "mysql" user, so that user needs to have access to everything it needs. If you change the user that MySQL is running as, then that user needs permission to access everything. Thanks again for sharing!
-
I just updated the forum software to the latest version. It has some new features, which will hopefully be appreciated. It may take me a day or two to get everything in terms of appearance and functionality to where I want it, though (the update required that I recreate the template). Apologies in advance for any inconvenience!
-
Without exaggeration, regular expressions are one of the most important and useful inventions in the history of computers and programming. Period. So much of what's done by software is searching for things, whether it's text within strings or files within a directory. Without regular expressions you can only search for specific, literal things. For example, it'd take two searches to find every file that's a .jpg or .jpeg. Or four, if you factor in case sensitivity. With regular expressions, that's one search. Matching email addresses, phone numbers, names, postal codes, URLs, other numbers, and so forth, all requires regular expressions. Which is to say that a ton of security is added by using regex. Yes, regular expressions is all about matching patterns, but that's kind of like saying that airplanes are just about allowing you to travel through the air. Compared to the alternatives, it's a pretty big difference.
-
Csrf Attack Example On P. 45
Larry replied to hacker's topic in Effortless E-Commerce with PHP and MySQL
You're quite welcome and thank you! -
Send Mail With Remote Smtp Server
Larry replied to Hope4You's topic in PHP 5 Advanced: Visual QuickPro Guide (2nd Edition)
Off the top of my head, I don't know. Sorry! -
Csrf Attack Example On P. 45
Larry replied to hacker's topic in Effortless E-Commerce with PHP and MySQL
Thanks for the questions. Yes, Bob would need to be a registered user AND know his user ID. Unless Bob the hacker is just trying to cause trouble, in which case he may not be trying to improve his account but rather exploit the security hole for that sake alone. Which is something many hackers do: they do it not because they benefit but because they can do it. If Bob is a registered user and it may be "risky", Bob is likely not registered with his real information and even if he was, and he was caught, nothing's going to happen to him anyway. And generally speaking, people who attempt to hack into computers and systems and Web sites aren't too concerned about consequences. Bob would see the end result of the request yes, in the sense of he (again, assuming this was his account) would have some way to see changes in his account, but he wouldn't see the end result of the actual request, because it's Alice's browser that's making the actual server request. In fact, Alice wouldn't see it either in this case, because it's happening as the src attribute of an image. Hope that helps. Let me know if you have any other questions. -
Glad to hear it's resolved and thanks for letting us know.
-
I specifically use stored functions in situations where very complex logic needs to be applied to column values, such as the mathematical calculation of distance on the earth based upon latitude and longitude. I use stored procedures for complex, multipart transactions and/or for improved security and/or for improved performance and/or for better separation of logic from presentation. I've written about this some in a newsletter: http://www.larryullman.com/2011/07/04/what-is-larry-thinking-42-doing-what-i-do-part-3/#qa Other things I would recommend would be to look into MySQL's storage engines and how it uses indexes. Understanding both goes a long way towards making the most of a database.
-
If you know that it means the query didn't work, then I assume you know that you'll need to apply the standard PHP-MYSQL debugging techniques to find out WHY it didn't work.
-
I've heard similar comments about those books; haven't seen them myself. And, yes, the manual isn't too approachable for beginners. I'm hoping to work on a Yii book at the end of the year, thanks for asking. If you base this upon the schema in the book, then the POST model would already have a topic_id property (or a theme_id or a forum_id, depending upon which exact schema). In the controller, I would start by creating a new POST instance, based upon the form data. If that resulting object already has a topic_id (or whatever) property value, then you know it's a reply and it can be saved. If not, then the controller just has to create the corresponding new Topic model and assign to the POST->topic_id property the value just created.
-
Well, just out of curiosity, why would you use POST here? To me, POST is inappropriate and GET is the correct request method to use. POST is normally used to change server data; GET used to request server data.
-
I would further argue that using one or more spaces at the beginning and end of a password doesn't add much security whereas not using trim() could make things much harder for your users if extra spaces inadvertently get in there (before or after). This can happen through no fault of their own, by the way, like if the HTML isn't tight. That's my opinion, anyway. As for your problem, if I understand you correctly, the use of SHA1() is making the query not return any results. You can compare the stored value to what it should be by just running the password through SHA1() and echoing the result, then comparing this value to the stored value. Perhaps the original, stored password isn't what you think it is? You could also reset the stored password and test it again.
-
Something I Don'T Get About Js
Larry replied to HartleySan's topic in Building a Web Site with Ajax: Visual QuickProject
Yes, that's the point I was trying to make, just not as efficiently or clearly. -
Sorry about that. Those pages had to be cut out at the last minute. But the content can be found in a PDF you can download here: http://www.larryullman.com/2010/11/11/“effortless-e-commerce-with-php-and-mysql”-chapter-10-bonus-pages/ That error, though, always means that the query didn't work (as in wasn't executable).
-
Something I Don'T Get About Js
Larry replied to HartleySan's topic in Building a Web Site with Ajax: Visual QuickProject
I would say you're well more than "decent" at JavaScript! I would start by saying, however, that I probably would never do any one of these approaches. It's dangerous to have a variable and a function with the same name (this is more true in JavaScript where both can be objects). And with an init function, there's not much benefit to creating it as a variable as it probably won't be used more than once. In any case, the problem in the second code is that you're associating a variable with no value to window.onload. In the first example, it's not a problem because of the way that the JS engine parses the code. You can call functions before they're defined in code because the JS engine will implement all the JS function definitions first, before executing the other code. -
Did you rerun a phpinfo() function to confirm that cURL was now enabled?