Larry
-
Posts
5413 -
Joined
-
Last visited
-
Days Won
155
Posts posted by Larry
-
-
Thanks, Antonio. For future reference, this is the kind of question that's very quickly answered by looking up the function definition in the PHP manual.
-
One thing to keep in mind is that information sent over email is harder to protect. It's easy to use SSL for Web activity, but to secure an email, the sender needs to use SSL, you need to use SSL to get the email, and the email really ought to be encrypted because it'll go through computers in between. That's assuming there's something sensitive in the email.
As for two actions on one form, if I understand your question, you can't do that using HTML. You can use JavaScript to fake it, but it'd be better to create two different forms with two different actions.
-
-
To be frank, I go back and forth with how I name the primary key, and using frameworks has influenced that. So sometimes it'd be "id" as the PK and "category_id" as the FK and other times I'll end up doing "category_id" for both.
-
Thanks for the nice words on the book. I appreciate it! It sounds like you're describing things properly, but I don't have the book next to me and want to double-check that page to confirm what I say on the reference page first.
-
The German language and the German people seem to have some fantastic expressions!
-
It's okay. As for an answer, I haven't personally tested this, but it looks promising:
http://bitprison.net/php_mail_utf-8_subject_and_message
I think the application of base 64 encoding is the key.
If you look at the user comments for the mail() function (http://php.net/manual/en/function.mail.php), you'll see other recommendations, including the use of the mb_encode_mimeheader() function (http://php.net/manual/en/function.mb-encode-mimeheader.php).
Let us know if that helps and if you find a solution or need more assistance.
-
Well, the difference between the code that does work and the code that doesn't is the wrapping of the destination URL in quotes (although I expect the single quote comes before "reports" not "href"). I would use quotes in the other code, too.
-
Well...you can start by reading the forum guidelines. In it, I say:
PLEASE DO NOT:
- ...post messages that add nothing to the description of the problem (like just posting "Help please?" or "Anyone?").
Obviously if someone could help, they would, right? So you don't need to post a message like this. This is one of my days to answer questions and I'm hoping to find the time to do some research to find you an answer, because I don't know it offhand. In the meantime, please be patient.
-
You need to add $s to this:
$fn = $ln = $e = $p = FALSE;
-
1
-
-
Sure, that'd be:
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { $problem = TRUE; // Etc.I'd be inclined to add an isset() clause to that conditional, too, but that's a minor point.
-
That's excellent and thanks for sharing. One change I'd make is use PHP's uniqid() function to create a unique identifier, which is then stored in the cookie and the session. That'd be better than salting and hashing a number.
-
So...do you want an answer from me (at this time) or no? Up to you...
-
You're quite welcome.
-
I would do something in between. It would be inefficient, and unnecessary, to look up the conversion rate from a service on the fly and use it on each page. I would be inclined to set this value in a text file or the database and then retrieve and use it. An admin script would be needed to set that value and, depending upon the site, it could be changed every X days.
-
I don't mind at all. Matt's last request was for me to actually read what you're talking about. Like I have time to read questions before I answer them! Do what you want to do, feel free to tell me not to answer questions all you want, and just send out an S.O.S. when you'd like me to chime in (on this particular thread).
Good luck!
-
Thanks for letting me know. I don't say this too often, especially not in books, but I kind of hate computers! So very...inexplicable...sometimes. As a person dedicated to explaining the why's of technical things, I can't get away with "Magic Gnomes" answers as much as I'd like to!
-
Hello Mike,
These kinds of threads, with a tit for tat, can quickly escalate, so I'm going to try to provide a couple of gentle replies and hope this doesn't get out of control.
Thank you for answering the post with a clear explanation. By mentioning in your post that you are giving free advice to strangers, it makes you sound a little upset.Not upset at all. That's the perspective I have with these forums and the "strangers" are everyone: me, you, HartelySan, Matt, etc. In my mind, when people are looking for help, that's the perspective I'd like them to consider. I'm not saying you aren't doing this, I'm just saying that's the perspective I have and that I'd like people to consider.
The only reason I asked is because your books (which I bought) encourage me to ask questions here if I don`t understand, so I`m a little disappointed to get this put back in my face.Yes, the books encourage readers to ask questions here. I'm not trying to put that back anywhere. And part of the reason I encourage people to ask questions here is that compared to being asked questions via email:
- Other people (besides me) can provide an answer.
- Other people can benefit from the exchange.
Yes, i am a stranger, but I am also a customer and your books encourage me to post here. I don`t think it`s a good business practice to refer to your customers that way, especially when you encourage them to come to your forums.Yes, you are a customer but you're also a stranger. I don't think of that as a negative but perhaps you do. I'll stop using the "S" word from here on out. But even if you are my customer, you're not Matt's customer, he gets absolutely nothing out of trying to assist people for free (well, not absolutely nothing but he certainly has less to gain from doing so than I do, as a person trying to sell books). Moreover, because I very, very, very much appreciate anyone willing to help out in these forums (it makes a world of difference to me), it's critically important to me that such helpers feel appreciated.
I'll also say that I view these forums as a bonus to the books. That's my perspective which I expect some/many readers don't have (not saying you feel this way or not). The books should hopefully stand on their own and the forums are a bonus, above and beyond the price of admission. So I'd hope that you (the reader in general, not you specifically) feel that the $25 or whatever that you paid for the book, of which I'll get about $2, was worth it, and that you (general) appreciate the forum as being a bonus. Again, that's my perspective.
But you also seem to imply that you are upset (or less inclined to answer) to provide this advice because Matt already provided the answer and you believe he was correct, or 90% correct. I totally disagree and I think your answer proves the point.Yes, to be clear, I am not (and was not) upset but I was less inclined to answer primarily because:
1. Matt seemed to be answering the question correctly, if not to your satisfaction.
2. You are saying Matt was wrong, when I think he was right (even if he wasn't explaining things to your satisfaction).
From my perspective, the thread looked like this:
Question Right answer No, I'll rephrase. Right answer. You're wrong. That's a very simplified version, of course, and you were more delicate than that, but if I'm interpreting the thread this way, why would I answer the question? In my mind you've already been given, and rejected, two right answers. What's the benefit of a third?
Matt provided two posts. In one post, he answered a question that wasn`t asked, and in the second post,when he tried to explain in detail the actual question that was asked, he was 100% wrong -- at least as far as I can see and which your answer shows.Respectfully, I disagree with your interpretation. I'm glad you felt my answer was helpful, and if you feel Matt's answers were wrong or just not helpful, that's your choice, but I don't think it's reasonable to blame me for not being inclined to answer a question that I felt was already answered correctly.
Contrary to what Larry says, I was not asking how JOINS work. I was asking how this joined work in particular. Given that Matt also didn`t understand the proper answer, it might not be as simple as you imagine for people at our level. yes, I know how JOINs work and have read about them, but understanding examples can be more difficult.I can appreciate that understanding specific examples can be more difficult, just as in math class in school, they show you how to do A and then the quiz does B, which is a slight variation on A, and it seems like it's out of nowhere. To me, as I wrote before and with which you disagree, it seemed like you weren't following a basic principle of a JOIN. I understand that you're saying you weren't following this particular part of this particular JOIN.
Furthermore, Larry seems a little surprised I told Matt he was wrong twice. However, if I don`t agree with Matt`s answer, what am I supposed to do? Upon examination of Larry`s answer, I believe i am correct in saying that Matt was wrong!To you, my reaction is strange, because you think Matt was wrong. To me, Matt's answers weren't wrong so... In answer to your question, if you don't agree with Matt's answer, a more diplomatic way to handle it (i.e., in a "free help from strangers" mentality), would be to express appreciation for the attempt but admit that you're still confused. Even if you did believe Matt was wrong, which you clearly do, changing the "almost 100% sure you're not right" to "Thanks but I'm still confused" would have totally changed the tenor of this thread. Not to hammer the "free help from S" angle, but I think it's good policy in such situations to always err on the side of being too appreciative. Somebody you don't know, perhaps halfway around the world, is giving up part of their day to try to help you and expecting nothing in return. That's a huge thing, in my opinion.
Furthermore, for your next edition, as you claim in your books that you can explain Geek to Normal people, I think it would be useful to into more depth sometimes because it`s clear that people aren`t getting it!Four things here. First, the "Translating Geek to English" blurb is clearly a marketing thing. It's intended to be true, but it's not a contract. Second, you're entitled to your opinion of course, and you clearly see what's happened here differently than I do or Matt does or HartleySan does, but this little comment here verges on being insulting. In fact, it may be insulting, but I'm trying not to take it personally. Third, as I've just stated here, I do feel like your question was one that basic knowledge of a JOIN would have made clear (and, yes, I know you feel that's not the case), and I do feel like this question is below the intended audience of the book. Not trying to be insulting here. I wrote the book for experienced PHP and MySQL developers (I say this in the introduction and on its Amazon page), so in my mind, this kind of question wouldn't have come up for this book. Yes, you say this isn't a basic JOIN question and that you understand JOINs and I'll take you at your word. And, even if a reader (some other reader, not you) wasn't quite where they needed to be for this book and asked questions that I didn't expect, that would be absolutely fine, because that's what the forum is for, but when that same reader is telling people that are trying to help that they're wrong, that's a problem if I feel the answers are right.
Fourth, and most importantly, if there's something that's not clear in a book, I absolutely want to know about it so I can clarify the issue in the next edition. Absolutely. That's one of the benefits I get from the forum: it makes me a better writer and leads to better books. I'm currently writing the fourth edition of my PHP and MySQL book and I'm still expanding things, changing things, trying to make improvements so it's a better book for readers. That's my goal. And this book has been out a few months and I already have a handful of ways I want to improve the next edition (i.e., a running list of how I could have done better). But I'll be honest: this isn't going to make that list. In my mind, this is a question about a basic JOIN.
Thank you for your assistance.I will provide the version information next time I come.
You're welcome and that would be appreciated. I'm going to re-read my response in the hopes of catching anything that might offend, as that's not my intention. The fundamental conflict here is that you, the person asking for help, has one sense of what's happened and at least three people trying to help have a different sense. I hope that you're not offended by anything I wrote, that you appreciate the efforts being made here, and that we can move on.
-
Matt will get there in good time. Can't go giving away the "Expert Advisor" label that you've worked hard to earn!
-
I can test separate on my Windows computer if you want, but on my Mac,
php -r 'echo "Hello, world!";'
works just fine. However,
php -r "echo 'Hello, world!';"
does not.
So I expect this is an operating-system difference thing.
-
Thanks for your help, HartleySan. I just answered his other post in more detail. Your answer here is the same thing Matt was saying and is also correct. This is basic JOIN stuff and the ON (or USING or WHERE) clause is required to enforce matching records when joining multiple tables.
-
Mike, in another post you specifically asked me to look at this post. You may not like my answer, however. First of all, per the forum guidelines, I'd really like to see you including your versions in use in all your posts. That information is almost always useful for those trying to assist you, and even when it's not, it's better to have more information than less. But the versions in use is what I consider to be just about the most important information, if not THE most. Which, of course, is why the forum guidelines specifically suggest you include such information. In fact, here's how it's stated in the guidelines:
Failure to abide by the above, in particular not including the versions you're using, will virtually guarantee that I don't answer your question or that it takes longer for your question to be answered.
So if you want me to answer your posts, I'd appreciate it if you'd abide by the guidelines. It just makes my job (in this specific case, providing free help to strangers) a little bit easier. Many people add these details to their signatures, so it's never missing.
Second, although you say that you're "almost 100% sure [Matt is] not right", he's essentially 90% right. He's describing how JOINs work, which is all that's happening here. You're asking a really basic question on how JOINs work and he's trying to answer you and he's much closer to being right than you are. Much closer. From my perspective, Matt's given you two correct answers and you've told him he's wrong twice. As you might imagine, such situations make me less inclined to chime in with the same correct answer. But since you've specifically requested that I chime in, here's that same correct answer in more detail...
In terms of the numbers, based upon the tables, I expect you're actually getting 50 records qualifying, not 30. You're only getting 30 records at the end because of your LIMIT clause. The reason for the 50 matches is because of Cartesian Products, as Matt said. There are 10 records returned by the JOIN across general coffees and specific coffees. There are 5 sizes. When you join 5 sizes with 10 records, you get 50 matches: 5 matches for each of the 10 records (again, this is what Matt was saying). The ON clause restricts how a match is made, specifically, THIS size_id must match THAT size_id. The effect is that instead of all 5 sizes being returned for each of the original 10 records, only the 1 matching size will be returned. This is why pretty much all JOINs should use an ON, USING, or WHERE clause to restrict the matches. That information is basic JOIN know-how, by the way. So the answer to the question of "how did Larry know this ON clause was needed?" is because that's a standard JOIN. This is a JOIN across multiple tables, but the premise is the same whether you JOIN 2 tables or 20: if you don't limit the JOINs to matching records (using ON, USING, or WHERE), you'll get Cartesian Products. If you removed the other ON clause, you'd get X specific coffees times Y general coffees times Z sizes results: a Cartesian Product.
And my thanks to Matt for helping out. I really appreciate it!
-
@Larry I will do more reading up on it as you suggest, but I wonder if you might detail a specific example
Yeah, a lot of what you're asking about is fundamental SQL/MySQL, the kinds of things this book assumes you already know. You seem to be doing well enough with the material, but for what it's worth, these aren't the kinds of questions I was expecting from this book.
If you have time, and inclination to answer that other post (someone has tried unsuccessfully so far), could you also explain, using this example, how that query`s performance was enhanced using the key size_id? For example, was this key necessary to help avoid the duplication in results that I describe in that post?No, as I wrote previously, keys have no impact on the results of a query, just how efficiently those results are garnered. The duplication is avoided by the SQL command itself. With the key on size_id, the size_id in the one table will be indexed as a primary key. In the other table it's a foreign key. As the size_id will be the basis of a JOIN, MySQL will perform that query more efficiently if both columns used as the basis of the JOIN have indexes upon them.
An index, in case it's not clear and in case you haven't looked at the MySQL manual (or online) yet, is just a way of telling the database to pay attention to a column (or combination of columns). So an index on size_id (as a foreign key), is a way of saying "Pay attention to these values as I'm going to use them in later queries."
Again, the index (or key) is part of the table definition. It does not impact the results of a query*, just the efficiency of executing that query.
(* There is an exception in that a FULLTEXT index is required to perform a FULLTEXT search query, but I think that's the only exception).
-
Thanks for the wonderful words on the book. It is appreciated.
Prevent Sql Injection Function
in PHP 6 and MySQL 5 for Dynamic Web Sites: Visual QuickPro Guide (3rd Edition)
Posted
The code you've posted isn't very good, in my opinion. It's a bit hard to read, but...
- It's a stylistic issue, but it'd be clearer if the function_exists() and get_magic_quotes_gpc() calls were the conditions themselves, instead of assigning their calls to variables and then using the variables.
- mysql_real_escape_string() is by no means "new". It was added in PHP 4.3.
- It'd be better if the function tested for the existence of mysqli_real_escape_string() and used that, or mysql_real_escape_string() instead.
- The *_real_escape_string() functions require a database connection, so one ought to be made available to the function.
- addslashes() isn't nearly as secure as the *_real_escape_string() functions. If the code can't even use mysql_real_escape_string(), then prepared statements or other solutions ought to be applied instead.