old.graham

Thank you to Deaddog for his view_users.php (script 10.5) code which solved a problem for me. I wanted to switch form ASC to DESC for the lists, and got about halfway there, but this solved the problem for me. I have altered it slightly to suit my own requirements but gave honourable mention in the comments.

Hi Larry, Thank you for your very prompt reply. I take it then that finfo_file() is going to depend on browser variety? Firefox may possibly give different results from IE or Chrome? I guess then that finfo_file() would be the one to use where the file's attributes/MIME type is critical. Gratitude for unravelling that. old.graham

Hi and thanks in advance. I run apache 2.2.22 , php 5.3.10-10 in Ubuntu 12.04. I have been working through the chapter13 Review and Pursue topics . The Pursue 4/5th topics suggest modifying the upload_rtf.php code. I have added code to display the name, type and size of a file that has been offered for uploading. I get some unexpected and inconsistent results for MIME types for an RTF file type and also some other file types. The relevant code is: //indicate it's OK: also print file MIME type echo '<p><em>The ' . finfo_file($fileinfo, $_FILES['upload']['tmp_name']) . ' file would be acceptable.</em></p>'; //print_r($_FILES['upload']) ; //just testing the array echo '<p><em>The file <b>' . $_FILES['upload']['name'] . '</b> is a MIME type ' . $_FILES['upload']['type'] . '. The file size is ' . $_FILES['upload']['size'] . ' bytes.</em></p>'; When the code is executed in the browser (Firefox 17.0.1): An rtf file is given as text/rtf by one line then application/rtf by the next line. A php file is given as text/x-php on the first line then application/x-php by the second line. However, a jpg or gif file is given as image/jpg or image/gif on both lines. I have looked around the 'net for explanations, but haven't found anything that led to an understanding of how this occurs. Can anybody suggest why this should be?

Hi again, and a good new year to all. I have been working away at chapters 11 and 12 and the Review and Pursue sections. Most of the answers that I came up with for chapter 11 are too long for inclusion in the forum, so I have stuck them as usual in my site at www.visitingfife.co.uk/computers along with the usual caveats. Chapter 12 answers are (so far) a lot shorter, so here are my stabs at them. The first bit is a couple of attempts at item 6 of the review, function returning multiple values. <?php function demoReturn($rock, $gem, $soil){//create some parameters if(!empty($rock) && !empty($gem) && !empty($soil)){ // parameters not empty $genre = array('horror', 'family', 'sci-fi', 'musical', 'fantasy'); //create an array return $genre; //return the array }else{//if it went wahoonee shaped echo 'Give the function some values!'; } } $info = demoReturn('hardstuff', 'shinything', 'mud'); //call the function and enter some parameters foreach ($info as $v){ //foreach loop to display the array values echo ' - '. $v . '<br />'; //show array returned by the function } function demoReturn2($some, $more){//some parameters if (!empty($some) && !empty($more)){//were values entered into the parameters? $lots = array_merge ($some, $more); //set variable for the 2 arrays added together $many = implode( " ", $lots);//change merged array to a string return $many;//return the string }else{ echo 'Give the function some values!'; } } $herd = array('Ant', 'Bear', 'Cat', 'Dog', 'Elk');//an array $herd2 = array('Zebra', 'Yak', 'Warthog');//another array $amount = demoReturn2($herd, $herd2);//call the function echo $amount ; //display the function results ?> Next up is the 3rd item of Ch 12 pursue. The best answer I came up with is not in fact mine. Best to look at http://www.larryullm...ursue-number-3/ for a discussion of this topic. For the 4th item, modify redirect_user(), I thought of several ways of doing this finally deciding that this was at least as good as any. The line $url .= '/ch12test/'; is just the directory where I put the file(s) to be redirected to. I also stuck the index.php in the ch12test directory. The 2 directories (ch12 and ch12test) are in the same parent directory. You would have to change the line (line 22) that calls the function in the login.php script to suit your own purposes. Since this was an experiment I stuck in redirect_user('ch12redirect.php');//test version. function redirect_user ($page = 'index.php'){ $url = 'http://' . $_SERVER['HTTP_HOST'];//root directory $url .= '/ch12test/';//directory containing file $url .= $page;//file header ("Location: $url"); //site1/ch12test/$page: variable containing the file redirected to exit; //kill the script //redirect the user: header("Location: $url"); exit(); //quit the script }//end of redirect_user() function The 5th item, using a cookie to store a user preference, was the one I have so far found most interesting. The idea of allowing a user to interact with a web page to choose formatting is compelling. I have kept this VERY simple just to show the principle. The code and css is below. The css was in 3 external files (blue.css etc). blue.css file p{ color: blue; } red.css file p{ color: red; } green.css file p{ color: #00782B; } <?php if ($_SERVER['REQUEST_METHOD']=='GET'){ $colour = 'blue'; echo '<link rel="stylesheet" href="$colour.css" type="text/css" media="screen" />'; }else{//not sure this is the best way... //if ($_SERVER['REQUEST_METHOD']=='POST'){ $colour = $_POST['colour']; setcookie('colour', $colour); } ?> <link rel="stylesheet" href="<?php echo "$colour.css" ?>" type="text/css" media="screen" /> <!--form to make choices--> <form action="choose_colour.php" method="post"> <p>Colour?: <input type="radio" name="colour" value="blue" checked="checked" />Blue <input type="radio" name="colour" value="red" />Red <input type="radio" name="colour" value="green" />Green</p> <p>Submit: <input type="submit" name="submit" value="submit" /></p> </form> And so far, that's all. Hope it wasn't too long. I have run all of it and it seems to run OK.

Finally, I get it. Thanks for the second post, Larry. That was the one that clinched it for me. I had the same problem as HartleySan and had to read the posts several times. Still puzzled, I walked away from it and had a Eureka moment about an hour later. My code above is unnecessary. You don't have to force the error to be string or array, but I wouldn't have got it without all the input from the Advanced Members. All the best for the New Year to you all.

After my less than useful last post, I thought about it overnight. I came up with this. Is this the sort of thing that would satisfy the question? <?php //define variables //$wrong1 = 'This the wrong1'; $wrong1 = ''; //$wrong2 = 'This is the wrong2'; $wrong2 = ''; if(empty($wrong1)){//if var is empty assign message to var $err1 = 'Wrong1 empty.'; }else{//no worries echo 'Wrong1 is right<br />'; } if(empty($wrong2)){//if var is empty assign message to var $err2 = 'Wrong2 is empty'; }else{//no worries echo 'Wrong2 is right<br />'; } if(empty($wrong1) && empty($wrong2)){//if both empty $error = array($err1, $err2);//create an array of error messages }elseif(empty($wrong1)){//only one wrong $error = $err1;//assign a message to $error }elseif(empty($wrong2)){ $error = $err2; }else{ $error = 'No problems.';//if all variables have values } if(is_array($error)){//is it an array? foreach($error as $msg){ echo " - $msg<br />";//display the error messages } }else{ echo " $error";//only one value missing } ?>

Had to delete it. It doesn't work after all. Sorry.

Hi Victor, I read your comment on my solution for the "handle_errors.php" yesterday and that really gave me pause for thought. I tested it in one of my scripts, then I tested it again removing the final ?> as you said. Both work without any obvious error. I suspect that you may well have the right of it but I would be interested to hear from Advanced Members or even Larry on this. I have had a quick look through your answer(s) for the Pursue Chapter 10 and on my first glance you've come up with similar solutions to myself which reassuring for me. I guess if it works then it is probably OK.

I have been slowly working my way through the chapter 10 Pursue section and have pretty much completed it, but as I mentioned above on 16 October, the coded solutions are much too big for this forum. They seem to work OK but I make no guarantees that the code could not be better written! I have published them as pdf files at http://www.visitingfife.co.uk/computers/index.html. I have had to add data to the database to make the code work realistically. If anyone wants the edited tables, then I can be mailed at old.graham@gmail.com.

I finally got around to chapter 10 Review and Pursue section after getting VERY sidetracked with chapter 9 Review and Pursue, banking database. I haven't added any error checking just to keep it simple. In order to get the edit.php and delete_user.php to display the user name in the browser title bar (and also the header because it looks good) I found that I had to change some lines in the view_user.php script. Lines 76-86 (page 324) I replaced with: while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)){ extract($row);/*this allows variables with the same name as the $row['something'] to be created. e.g $row['something'] becomes $something I came across this and thought it a neat trick */ $bg = ($bg == '#CCC' ? '#FFF' : '#CCC'); echo'<tr bgcolor="' . $bg . '"> <td align="left"><a href="edit_user.php?id=' . $user_id . '&fn=' . $first_name . '&ln=' . $last_name . '">Edit</a></td> <td align="left"><a href="delete_user.php?id=' . $user_id . '&fn=' . $first_name . '&ln=' . $last_name . '">Delete</a></td> <td align="left">' . $user_id . '</td> <td align="left">' . $last_name . '</td> <td align="left">' . $first_name . '</td> <td align="left">' . $dr . '</td> </tr> '; }//end of while loop In the delete_user.php script, I added: if ($_SERVER['REQUEST_METHOD']=='GET'){ $page_title= 'Delete User: '. $_GET['fn'] . ' ' . $_GET['ln']; }else{ $page_title="Delete User: " . $_POST['first_name'] . ' ' . $_POST['last_name']; } //and then the header and title as before include ('includes/header.html'); echo '<h1>Delete a User</h1>'; //check for valid user ID, through GET or POST if ((isset($_GET['id'])) && (is_numeric($_GET['id']))){//this page accessed from view_user.php $id = $_GET['id']; $fn = $_GET['fn'];//needs this to pass to form $ln = $_GET['ln'];//needs this to pass to form }elseif((isset($_POST['id'])) && (is_numeric($_POST['id']))){//submitted from this page and form $id = $_POST['id']; $fn = $_POST['first_name'];//from form from $_POST $ln = $_POST['last_name'];//from form from $_POST }else{//no valid ID. end script echo '<p class="error">This page has been accessed in error.</p>'; include ('includes/footer.html'); exit(); } I also made some additions to the <form> that starts at line 59 on page 305: //create the form echo '<form action="delete_user.php" method="post"> <input type="radio" name="sure" value="Yes" />Yes <input type="radio" name="sure" value="No" checked="checked" />No <input type="submit" name="submit" value="Submit" /> <input type="hidden" name="id" value =" ' . $id . '" /> <input type="hidden" name="first_name" value =" ' . $fn . '" /> <input type="hidden" name="last_name" value =" ' . $ln . '" /> </form>'; These last 2 inputs pass hidden values to $page_title. In the edit_user.php script, I made the following changes: //change page title to suit user to be edited as per Review and Pursue chapter 10: not secure: just to show principal if ($_SERVER['REQUEST_METHOD']=='GET'){ $page_title= 'Edit User: '. $_GET['fn'] . ' ' . $_GET['ln']; }else{ $page_title='Edit User: ' . $_POST['first_name'] . ' ' . $_POST['last_name']; } //and then the header and title include ('includes/header.html'); echo '<h1> Edit User Details</h1>'; I also added the following lines to the UPDATE query that starts on line 56. This displays a message if nothing has been altered and prevents an error message. }elseif(@mysqli_affected_rows($dbc)==0){//no row changed: no new details //display message echo '<p>No new details have been inserted.</p>'; Hope this lot helps someone. For the 2nd Pursue question, I am creating a version of edit_users.php that allows the changing of a user's password which is a cross between the change_password script and the edit_user script. My take on this is more complex than the suggestion on one of the sidebars in chapter 10, page 315. I have hesitated to publish it in the forum as it currently runs to 145 lines of code. Once I add the error/security checking it will run to rather more. I therefore intend to display it on a page on my site at www.visitingfife.co.uk as soon as I am happy with it.

Hi Antonio, Thanks for looking in again. Earlier in the script each of the user inputs are treated thus: //check for first name if(empty($_POST['first_name'])){ $errors[] = 'You forgot to enter your first name'; }else{ $fn = mysqli_real_escape_string($dbc, trim($_POST['first_name'])); //validate user input } Is this enough or should there be further checks on input? I have seen forums where prepared statements are recommended, but that looks a bit advanced for this forum _ and for me _ as yet.

Thanks for the suggestion. I have altered all the relevant code in my IDE to help me remember that. I now make my offering for Q4 page 298 using mysqli_affected _rows(). I have just posted what I believe to be the relevant bit. Hope I got this OK. //make the query $query = "INSERT INTO users (first_name, last_name, email, pass, registration_date) VALUES ('$fn', '$ln', '$email', SHA1('$password'), NOW() )"; $request = @mysqli_query ($dbc, $query);//run the query if (mysqli_affected_rows($dbc) == 1){//if it ran OK should be 1 row only changed //display message echo '<h1>Thank you!</h1> <p>You are now registered. In Chapter 12 you will be able to (gasp) log in!</p> <p><br /></p>'; I am going to mess about with queries for the next couple of weeks as mentioned in the final part of the Review and Pursue ch9 because I can use the practice!

Hi Antonio, Does this fit the bill? //check for email if(empty($_POST['email'])){ $errors[] = 'You did not enter your email.'; }else{ $email = mysqli_escape_string($dbc, trim($_POST['email'])); //this is escaped bit //make a query to check if email is already in use $q = "SELECT user_id FROM users WHERE email = '$email'"; $r = @mysqli_query($dbc, $q); $n_rows = mysqli_num_rows($r); if ($n_rows > 0){ $errors[] = 'This email address is already in use.'; }else{ $email = mysqli_escape_string($dbc, trim($_POST['email'])); }//end if email already in use }//end if empty email Thanks for your taking the time to check this for me. I tend to learn much from what I get wrong and it really helps when someone points out my mistakes.

Hi Antonio, Thanks for the heads up on that, but it has me really puzzled _ unless you mean the error suppressor operator? If that is what you mean then you are quite correct and I should have it in. That would then be $r = @mysqli_query($dbc, $q); If that's not it, can you be more explicit because I can't think what else it could be? Thanking you in advance and mea culpa for the fault. I have just noticed another error in the code. I have inserted the code fragment in the wrong place. It should go in line 33. As it was, it only works if all the other inputs have been filled. I cover my eyes in shame.

Hi Larry, Thanks for your comment. But your book really makes it so easy I can take very little credit. Any road up, here is my solution to the 4th question on the chapter 9 Pursue and Review using mysqli_num_rows() function to test for previous use of the email address. //make a query to check if email is already in use $q = "SELECT user_id FROM users WHERE email = '$email'"; $r = mysqli_query($dbc, $q); $n_rows = mysqli_num_rows($r); if ($n_rows > 0){ $errors[] = 'This email address is already in use.'; }else{ $email = mysqli_escape_string($dbc, trim($_POST['email'])); }//end if email already in use This is inserted below line 45 and above line 46 register.php script on page 287. I have tested it and it works fine for me. I use $email rather than $e as a variable name to make it clearer for myself.