Larry

That's a really good technique, Jay! Thanks for sharing that!

Thanks for catching that and for letting me know! I'll pass it along to the publisher.

You need to execute the query from within the FOREACH as that's the only place you have access to each individual selected size.

it's in the sql.sql file: https://github.com/LarryUllman/phpmysqlvqp-5ed/blob/master/sql.sql

Ah, no, you can't do that. You'll need to use PHP to break the multiple selections into their single counterparts and insert each one separately.

Add the "multiple" property to the opening select tag: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/select

Ugh! Thanks for reporting and sorry about that!

I haven't used PHPStorm in a long while, so I'm not positive but maybe adding id="gender" to both of the inputs would solve it.

I'm not sure what you mean by "combine the two queries together" as one is an INSERT and another is a SELECT. They cannot be combined into one. But from the looks of it what I think you should be doing is executing the INSERT query, then checking for affected rows, then executing the SELECT query. Also, separately, it's pretty weird to print out JavaScript like you're doing as opposed to just redirecting the browser directly within PHP.

It wouldn't make any sense to prevent a user from using the same password as another user. I've never seen that done. As for forcing people to reset their password, that makes for good security but it's still not that common and definitely not common--in my experience--in places it matters most, such as financial institutions. I also personally find prevention of re-using a password to be annoying, although not a terrible inconvenience when using a password manager. My current approach is pretty strongly a matter of: tell users how to be smart about their passwords but don't put many restrictions on what passwords they actually use.

I assume you're putting blank values into the database then. Right now you bind 7 variables to parameters but only assign values to 5 variables.

Thanks for sharing what you found! Personally, though, I'd still use the GET method here. POST doesn't really make sense in this case.

Most likely this is because you don't have an input named 'pass' in your form. On another note, though, it's not a great idea to store the user's password in an unencrypted manner.

Thanks for the interest in the book! I do appreciate it. I don't actually have a list of changes, however. I'd recommend checking out what's changed in PHP since the book was written. The major changes there are probably most important for your case. Best wishes with your studies!

Okay, two ways of going about this. The first is to make a SELECT menu whose option value is the category ID and then you add the JavaScript that redirects the browser when the selection changes. Alternatively you could create an unordered list of links that's collapsed into one menu using JavaScript and CSS. I think the later is likely more common.

As far as I know, the only way to make a SELECT work as a list of links is to use JavaScript to redirect the browser upon changing or selecting an item in the list. I don't think that's something you want to do. As for your MATCH...AGAINST, you probably don't have a fulltext index set on sizes.size, which could cause that error.

So I assume that limiting by number of views means a certain number of views within a specific time from (e.g., 10 per month). I'd start with the standard subscription model, where you store the date and then refresh the date with every successful payment (i.e., add a month). This separates active subscriptions from inactive ones. Then create a way of recording views, maybe in another table. When the user views a page, check how many views they have in the current period (i.e., since their last payment date). If they have none left, print that message. If they have any left, show the content but update the record of views.

It definitely sounds like the virtual subscription model is the correct choice for you.

From the error message it looks like you're trying to treat a variable as an array but it has a null value (i.e., it's not an array).

Glad to hear it! For what it's worth, haters have been predicting the death of PHP for forever. But it's still in use by 80% of sites, including Facebook, Wikipedia, and everything WordPress. It's a zillion years from obsolete! And, honestly, anyone claiming you should move from PHP to Python has NO IDEA what they're talking about. Python is a fine language, but the notion of going from PHP to Python for web development is bonkers.

Thanks for the question! I'm not terribly worried about this. Microsoft said they're not going to provide builds of PHP for Windows anymore. Certainly someone else will pick up the torch. Also, to me, this is more of an issue for people learning or developing on Windows. I don't have hard numbers but I assume the vast majority of servers using PHP are running Linux.

Thanks so much for sharing all that, Max! Kudos for your success in stopping more of the dreaded spam.

Yes, both versions are comparable with respect to validating the gender. To use the NULL coalescing operator in Script 2.4, you'd probably just write it like your version of Script 2.3 (note that you don't need the $gender = NULL in there though).

I wouldn't say that line is necessary. The $gender variable is already assigned a value before being used so assigning it a "false" value has no impact.

For starters I definitely wouldn't put this into the users table. That table represents an entity: the user. What you're describing is representing activity, so I'd create a logins table for that. As for the goal itself, as I'm sure Netflix can attest, this is tricky and may not be worth the effort. You can't assume people will log out, as you noted. But that also includes situations like I start using the site on one device but then go to switch devices. I definitely access some sites on multiple devices in a single day. In any case, the best thing I can think of would be to rely upon sessions here. Store the session ID in the database, along with the user ID. Sessions will automatically expire after inactivity, based upon your site/server settings. When someone logs in, you could check if there's an active session already. But I wouldn't bother, personally. You'll have to create a lot of work to hopefully catch a few cheaters while occasionally annoying legitimate users. I'd rather put my effort into making a product so great people would gladly pay for it.