Antonio Conte

Prepared statements are kind of weird. You have to bind the results to. if ( $stmt = $mysqli->prepare("SELECT first_name, last_name FROM person") ) { /* execute statement */ $stmt->execute(); /* bind result variables */ $stmt->bind_result($fn, $ln); /* fetch values */ while ($stmt->fetch()) { echo $fn. ', ' . $ln. '<br/>'; } /* close statement */ $stmt->close(); }

To be honest, I think stored procedures look way scarier than prepared statements. When you get it down, it's very simple and logical. Reading a simple guide from something like NetTuts should teach you how to use them quite quickly. Not really a problem. I just bought new hosting for my website, so I have plenty of everything. I guess installing Xampp or something would really let you test the same way, but I could lend you some space if needed. I can lend you FTP access, a subdomain and a DB for a month if you want to test a live environment before you buy anything.

1. True 2. Yes. This particular instance of SiteController. Because $this IS the SiteController object. $this->SiteController does not make sense. Edit: Some clarifications. I miss led you a bit.

Just save it as a normal query. Stores procedures can be nice, but I've generally never used them. I generally prefer not to use stored procedures. If it's important for you to learn this, hit me a personal message. I can lend you a Db for a couple of weeks. If you really need it for production, I guess that just sucks. You'll defiantly find a workaround in most cases though.

$this is just a variable. It could be $anything. It depends in how you pass on the variable from the controller to the view. Just names. Because it's not $this as inside the class itself. It's confusing, but as it's the controllers own object you pass along, you often call it "$this". In the end, it's just a name. Change it to $object or something else if that makes more sense to you. @ Always preceds because of something called PhpDoc. It's a documenting syntax that widely recognized, as it's build on JavaDoc. It makes more sense when a coding software often called an IDE can utilize the documentation to give you help as you write code. "@return SiteController $this" could be used in a method inside the SiteController that uses "return $this; This is not critical by any stretch of the imagination as PHPDoc is not syntax checked. It helps you out understanding a class quickly, nothing else. That reference is the essence of what I wrote above. As it's $this in a view only means the SiteController passes it's own instance object through to the view. This can be complicated to grasp, but It's really only an object that can be used exactly like $user. Hope that clarifies. Please ask if you need more man.

Ok. Hope you get that sorted. My last suggesion is totTry switching delimiter to something like "DELIMITER //;" instead. I've seen some code use that. You must also change it from "end$$" ot "end //" too if you try that. I've also seen people comment that not using a space in for example "end$$" might be a problem. Guess we just have to wait for Larry on this one. Sorry I couldn't really help.

Wild guess after searching a bit: Try adding a colon to the "DELIMITER $$;" part. I guess that'll do the trick.

Yes, it would. This is a syntax error, definitely. Once you can save the stored procedure, I would just call that directly. You would get a different error if you had connection problems.

It's very good use IDs in longs texts. Think law data, etc. That way, you can link directly to a heading (or other element) in the middle of a web page. Where you call the method: // inside a class $param = array("#" => "law-4.2") $this->someMethod($param); // Might have other params... And in a view file: <!-- Creating a heading with an anchorID --> <h2 id="law-4.2">§ 4.2 - Important law</h2> Where the URL would look something like: http://domain.com/controllerID/actionID/#law-4.2

This is the MVC pattern at work. All these are variables that are passed to the view by a controller action. These variables holds objects, where $this in both cases points to a controller object. $model is the User object. You have to look at the actual controller and models classes to determine what methods are available to you. You should really use time to revisit the introduction on MVC. It's one of the keys to understanding YII.

This is because you have a syntax error in one of your queries. mysqli_result() return a MySQLi_result object (or resource) on successfully query, and a boolean false on errors. As mysqli_num_rows() expect that resource/object, you'll get that error message you display here. Try debugging it by printing out the query, make sure your variables holds values, and that kind of stuff. Running the query in something like phpMyAdmin is also helpful.

KeepLearning: A Record is not a term related to OOP nor procedural programming. It's simply a term for data returned from a function that interacts with a database. That data can be several different kinds of data structures, but are generally (not always) an associate array in procedural programming and an object in object-oriented programming. Thus, a record is a common used word to describe returned data from a database. Also, I don't try to talk down on others programming skills or belittle people. The suggestion was only given as record is such normal terminology that I just assumed you had little prior experience. Sorry about that, man. I can assure you I did only try to help. I do agree with you, though. Larry is awesome because he has a special gift. Too many tech books describe things to advanced. A framework is a little different, though. It will be more advanced as it limits your freedom on how to code. In a framework, you need to build code as it's supposed to get a good result. Therefor, it will obviously be a lot of knowledge and best practices to explain, and some of them will be confusing. Don't feel "to smart" to really understand the basics first. Understanding OOP principles and the MVC pattern is a huge part of that. To many of those that come from a procedural background feel jumping straight into coding because they know PHP! Sure they do, but object-orientation is like learning a new language - The most important part is understanding the basics. It does not mean you are a bad or inexperienced developer. OOP is just different.

It's related to a database record. Thus Post is one record from a table called Post. Keep in mind that using a framework requires you to have a solid understanding of programming concepts. Another book might be a better match? You can always come back to this one later.

The reason for the error message is your problem here. Static methods are not inherited as they are static. Static methods do not get inherited by childeren that extends a parent. I would GUESS the confusion comes after seing YII code. As that is a framework, it can't be looked at as normal PHP code. However, this is done through some "magic" that hides the essential parts of the code. Larry might be able to clarify on this. It's way over my head without diving into the framework. (I can't give a CLEAR explanation at least) A better suggestion might be to look at another library using the factory pattern. RedBeans PHP is an ORM (Active Records is an ORM pattern) build in PHP. It also uses the factory pattern for object creation. Here is how you perform simple CRUD: // Insert (Note: Returns Post objects) $post = R::dispense('post'); $post->text = 'Hello World'; //Create or Update $id = R::store($post); // Get $post = R::load('post',$id); // Delete R::trash($post); This is very similar to something like User::get_by_pk() or what it's called in YII. However, these methods are not INHERITED. A possible solution is using the magic method like __get() and __set(). (which I actually know YII does) These methods could do a call to a method found in ActiveRecords (which most DB models in YII extend) looking something like: (__set() is as we know called when a method is not found in a class) __set( $method ) { return parent::set(__CLASS__, $method) } Active Records could then transform that into something like: (ta-da) __set( $class = __CLASS__ ) { return ActiveRecordsClass::$method($class); } Obviously, this is framework magic and not very interesting for most of us, but that's a very plausible explanation at least. Hope my stupid ramblings clearify something atleast.

I would go for custom exceptions. Definetly the cleanest approach I can think of. try { User::model()->activateUser($x, $y); } catch ( InvalidActivationException $iae ) { Yii::app()->user->setFlash('error',$iee->getMessage()); } // Render $this->render('verify'); Just add the exceptions to your model. class Model .... { public function activateUser($x, $y) { $model = User::model()->findByAttributes(array('email'=>$x, 'active'=>$y)); if($model === NULL) { throw new InvalidActivationException("Something bad happened"); } ... } } /** * InvalidActivationException */ class InvalidActivationException extends Exception { public function __construct($message) { parent::__construct($message); } } Hope that helps man.

It might be, yes. Doing that is as simple as setting a hidden input field with HTML and retriving it in the PHP $_POST array. That value should be generated dynamically, using for example the GET value of your request. (along the lines of http://domain.com/something.php?id=1.) Generating ID, based on GET <form action="" method="post"> <input type="hidden" name="id" value="<?= isset($_GET['id']) ? (int) $_GET['id'] : 0; ?>"> <!-- Generated dynamically. ---> </form> This allows you to get the ID as POST // Check for a form submission: if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Handle the form submission // Make sure an ID is found $id = isset($_POST['id']) ? (int) $_POST['id'] : 0; // Make sure ID is valid if ( $id === 0 ) { // Serve error message, redirect or do something along those lines exit("ID not found/not valid integer (0)."); } // Validate the form data: if ($form->validate()) { // Safely use $id } } Btw. I use short-hand IF-else here. It's great for such things, as you can check values AND type cast. The great thing about type casting is that a String "x" is cast to an Integer 0... Therefor, you always have a POST value to send, and you know it's an Integer. Also, learn to debug your logic flow. Use IF-else to controll values you depends on, try debugging by echo out variables, print out your query to make sure it's correct. Etc. Hope that helps you out.

Ok. The problem with that part is the quotations marks. Your $id variable is passed as text, not as a variable. Several ways to solve this, but I would do as below. // Store in a session: $_SESSION['id'] = $id; // Update Database with new values $qry = 'UPDATE pages SET title=:title, content=:content WHERE id=:id'; $stmt = $pdo->prepare($q); $run = $stmt->execute( array( ':id' => $id, ':title'=> $title->getValue(), ':content' => $content->getValue() ) );

I'm guessing the script is using prepared statements. :id is therefor a binding parameter, and not a variable itself. . What you need to do is bind the parameter to :id. This is done via Mysqli::bind_param(), a function with two paramters. The first is type, i.e the type of the variable. This is most like an integer here. The second parameter is the the actuall variable (or a simple value). I've included an example with a table having three columns. ID, col1 and col2. These uses three variables bound using Stmt::bind_param(). The data types: s = String (Most data, including dates, etc) i = Integer (Integers) d = Doubles (Numbers with decimals) b = blob (packaged data, not often used) /* create a prepared statement */ if ($stmt = $mysqli->prepare("INSERT into table (id, col1, col2) VALUES id = ':id', col1 = ':val1', col2 = ':val2'")) { /* bind parameters for markers */ $stmt->bind_param("i", $id); $stmt->bind_param("s", $val1); $stmt->bind_param("s", $val2); /* execute query */ $stmt->execute(); /* close statement */ $stmt->close(); } Hope that solves it for you.

Saw you included a chapter on authentification this time. That's pretty awesome as I'm currently considering using YII for a new project. I'm wondering if I should use YII's auth, depend on phpBB3 (as all users are currently there) or write a "man-in-the-middle" service. I did the last thing for a Wordpress plugin that required login before you could leave a comment. The goal was getting as few dependencies to both Wordpress and phpBB3 as possible. The plugin still works like a charm, though not publicly available. I think the end result was so good I consider doing it again. The last thing I consider is Facebook, Google, Twitter, whatever-auth. I don't currently like that. Looking forward to read now, Larry. Almost posted some of these questions just a few days ago.

Without any real experience with YII, I could recommend you a combination of the CRangeValidator and the CNumberValidator. Build this into your Validate() method of the model. The CNumberValidator allows you to specify a max and a min, and the range can be defined using a list of viable options. Run that method from your controller to validate. That's the proper way to do it. Regarding the actual validation, I guess you have better knowledge than me on valid/invalid cases.

Do some refactoring and bug testing while you wait. Boring but important job.

I'm only allowed to pick 5 tickets, and the rest seems to get calculated correctly. Did you get this to work now?

Did you guys look at the YII requirements script? I would guess you are failing the test for HMAC support. You need that extension installed.

You can use most IDEs really. The problem will be type hinting, as frameworks sometimes need special support for that. A quick search gave me a quick guide for installing YII support in Eclipse: - http://yiiclipse.maziarz.org/ I'm sure you can find it for other IDEs too.

Sometimes, it's not the end of the travel that's important, but rather the travel itself. I get that part completly, Dimitry. That being said, you got to respect other people's time. Larry passing on this thread once a satisfying answer is provided can't really be looked down upon. However, escpecially as a student and hobby programmer, I can appriciate the interest. Sometimes, those interest must be persued on your own. Most people don't have the time, even if they'd probably both want to and find the topic interesting. I'm not really interested in Regexes, and I definitly don't have the knowlege to help you. Just wanted to rant a little, as usual... And give you a little nod.