timpearson26

I have recently finished your book PHP for the web and am now starting this new book. When I originally installed MAMP on my computer quite a few months ago, I installed mysql version 5.1.xx. I noticed now in this book that your are using mysql version 5.5.8. Is there any reason to update mysql to the latest version? I looked just briefly on the internet for a how to and it didn't seem to be very straightforward. Any suggestions? Thanks. Tim

The more I am reading about security, the more this seems to become clear. Pretty much what I've learned is: nothing is totally safe.

Thanks for the reply. Yeah, I already have the next book, looking forward to starting it soon. Thanks.

In the Chapter 13 web app, cookies are used to verify if a person has administrator access. It seems that using a cookie is similar to a password in the way that in the book, Larry says to set a cookie with sort of a random name and value. For instance, don't set a cookie with the name of 'login' and the value of 'true' (instead a cookie named Samuel is set with a value of Clemens). But, because cookies are easily viewed once they are set, for example using firebug on firefox, it seems like this is not the best method for veirifying who has access to a site and who doesn't. For example. Lets say someone signs up for a username and password on my site, I grant that person permission to my site and set a cookie named Samuel with a value of Clemens. But lets say for some reason in the future I choose to deny that user access to my site. If while he had access to my site, he happened to check the name and value of the cookie, that person after he looses access to my site could easily create a cookie himself named Samuel with a value of Clemens. Then what? Is this the method that websites actually use to verify login credentials? (obviously I know this is a beginner book and there is probably much more to it than this, but I was wondering if this was an easy way to mimic a login example, or if some form of this method is used in professional sites.)

It sounds like you are not using a web server program on your computer. Are you running XAMPP or MAMPP? If not your scripts will not work. You cannot just open them in a web browser, you first have to have a server read the PHP code which will then send the html to the browser.

the last pursue question says: use the combination of writing to and reading from text files, plus either sessions or cookies, to create a real registration and login system. I am having a problem wrapping my head around the concept of using the session in the registration process and how you would make this unique to the person logging in. What i understand so far is this: - when a person registers, their username and password gets written to a file - when they loggin the script checks the just entered username and password to see if it matches with a username and pass on file - if it does match I should send a cookie saying something like $_COOKIE['logged_in'] = TRUE. - then in the follwing pages of the website, I should check for this 'logged_in' cookie to see if it is there. What I don't get is how to make the logged_in cookie personal to the specific user. For example, when I login to my bank website, I want to see my money, not another users money. Or is this pursue question just asking for the baby step of creating this generic cookie only, and later on we will learn how to make it specific. Thanks for the help. Tim

ahhh, should have thought of that. Thanks.

Chapter 11 prusue #4 says: Change add_quote.php so that it takes the quotation and the attribution as separate inputs and writes them separately to the text file. Then modify view_quote.php so that it retrieves and displays both the pieces of data. What does it mean by the 'attribution'? Thanks Tim

Sure no prob. Glad it helped. Tim

Yeah, probably wouldn't be fair if you answer it Still thinking about this one. I think I am going to move on for now and come back to it later. Tim

Do you understand how the 'if' conditional works? When writing the 'if' conditional, if whatever is in the parentheses is TRUE, the following lines of code will be executed. But if whatever is in the parentheses is FALSE, the following lines of code will not be executed. For example: if (1 == 1) { print '<p>You have been successfully registered (but not really).</p>'; } (this above example will print) but this example: if (1 == 2) { print '<p>You have been successfully registered (but not really).</p>'; } this will not print because, obviously, 1 does not equal 2. So in the code on page 123. You see on line 20 the flag variable is created and is given the value of TURE. At this point if everything goes good, the success message will print. BUT, before the success message prints, you first have to get past the other 2 'if' statements. Those 'if' statements validate the email and password. If either one of those 'if' statements has a value of TRUE (in other words, if either the $_POST['email'] or the $_POST['password'] is empty), then the code below those 'if' statements execute. And both of those validation 'if' statements do 2 things. First, they print an error message, and 2nd, they change the value of $okay to the value of FALSE. If that happens, you will not see the success message because now: if ($okay) { ...} has the value of if (FALSE) { //therefor nothing happens } Hopefully that makes it a little more clear. Tim

I am just starting Chapter 10 Pursue #4 now and am still brain storming. Just curious what others came up with? BTW Purse #4 reads: come up with an idea for, create, and use your own custom function. Tim

Wow, just got through reading all of the back and forth here. Now my brain hurts I got the same answer as phpRob for the pursue #3. However, it looks to me that April, you did not correctly answer the Pursue #2 question. (also phpRob, your above script doesn't answer Pursue #2 question, but perhaps you were just intending to answer #3 and you left the code out for the #2 answer for simplicity, not sure). Anyway the code that I came up with that answers Pursue #2 and #3 is this: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"/> <title>Sticky Text Inputs</title> </head> <body> <?php //script 10.2 - sticky1.php - sticky2.php //this script defines and calls a function that creates a sticky text input. //this function makes a sticky text input //this function requires two arguments be passed to it. function make_text_input ($name, $label, $text_or_pass = 'text', $size = 20) { //begin a paragraph and a label: print '<p><label>' . $label . ': '; //Begin the input print '<input type="' . $text_or_pass . '" name="' . $name . '" size="' . $size . '" '; //add the value if (isset($_POST[$name])) { print ' value="' . htmlspecialchars($_POST[$name]) . '"'; } elseif (isset($_GET[$name])) { print ' value="' . htmlspecialchars($_GET[$name]) . '"'; } //complete the input, the label and the paragraph: print ' /></label></p>'; } //end of make_text_input() function. //make the form print '<form action="" method="POST">'; //create some text inputs make_text_input('first_name', 'First Name'); make_text_input('last_name', 'Last Name', '', 30); make_text_input('email', 'Email Address', '', 50); make_text_input('password', 'Password', 'password'); print '<input type="submit" name="submit" value="Register!" /></form>'; ?> </body> </html> April, you need to have this code: elseif (isset($_GET[$name])) { print ' value="' . htmlspecialchars($_GET[$name]) . '"'; } to check for $_GET values. Otherwise if the form method = GET your form won't be sticky. Did anyone else get a similar answer? Tim

Can you give the page number in the book your referring to. If I remember, I think that form validation is all part of an 'if' conditional. So if $okay = FALSE then the the conditional will be false and the success message won't print. Not sure if thats correct or not, I'm sure you'll get more clarification when you give the page number. Tim

Thanks. Yeah I stopped for the night just before the 'Variable Scope' section . After just reading it, it makes a lot more sense. What exactly answered my question was this: page 279: Function variables - the arguments of a function as well as any ariables defined within the function - exist only within that function and aren't accessible outside of it. also page 280: Because of variable scope, a local variable within a function is a different entity than a variable outside of the function, even if the two variables use the exact same name. Thanks.