giantsfan24

Ironically I either figured it out that night or the next day. My apologies Hartley for the lost post but you'll always have the memory of the once great post lol. Anyway, it wasn't really me, it was a tutorial I found on closures. It's weird, in PHP, we don't really have to worry much about closures(maybe in more advanced you do). Anyway, here is the code that looks to do something very similar to Hartley's but instead of looping through the function creation, it just loops through the function(could be semantics as they accomplish the same goal: <script> $(document).ready(function() { function doCheck(i) { var classInfoHidden = null; var stepsVisible = null; $('#galleryImage'+i+'').mouseout(function() { var classInfoHidden = setTimeout(function(){ $('#image_info').css("visibility" , "hidden"); },2000); var defaultVisible = setTimeout(function(){ $('#default').css("visibility" , "visible"); },2000); }); $('#galleryImage'+i+'').mouseover(function() { $.ajax({ type: "GET", // The HTTP request method. url: '/Ecommerce_Site_3/ajax/getimageinfo.php?imageId=' + i, // The URL of the data to fetch. data: null, // Don't add any data to the URL. dataType:"html"}) // Execute response as a script. .done (function(html) { clearTimeout(classInfoHidden); clearTimeout(stepsVisible); $('#default').css("visibility", "hidden"); $('#image_info').css("visibility", "visible"); $("#image_info").html(html); }); }); } for (var i = 1; i <= 5; i++) { doCheck(i); } }) </script> What was so frustrating is that closures are very hard to explain and still really paint a picture in your mind. You just have to see it. The problem seemed to be that the for loop kept overwriting the variable i because the function was NOT being executed, just created. What both Hartley and I's examples do is execute the function with each iteration. Instead of hijacking my own thread, when I get curious, I'll google why PHP generally does have to worry about closures as much(if at all). Here are the two pages I saved that appear to have been my inspiration to unlocking it: http://stackoverflow.com/questions/2687679/jquery-ajax-inside-a-loop-problem http://www.mennovanslooten.nl/blog/post/62

Ok, so I am finally back to this. Hartley was absolutely right, this was a closure issue. By the time you "mouseover" the galleryimage, the variable i is already six. So I just spent the last hour trying to figure out how to get the variable i in my Ajax URL to properly assign the right variable for each DOM element in question('#galleryImage') Here is the code in question. I'll shorten it and space it out and add notes to show exactly what I want to do, what I've tried, and how that didn't work. //I'm trying to create a closure so when the for loop gets to that part of the code //(where the function would be called), it returns the variable i that exists in that //part of the for loop iteration, 1,2,3,4 etc //(i used n in the function definition to avoid confusion) function returnVariable( n ) { return function() { return n ; } }; for (var i = 1; i <= 5; i++) { //this part works. the for loop does create a mouseover event for each galleryimage //(1 through 6) $('#galleryImage'+i+'').mouseover(function() { $.ajax({ type: "GET", // The HTTP request method. url: '/Jindo_site/ajax/getimageinfo.php?imageId='+ returnVariable(i), //this is where I thought the function would work, but instead of returning the //variable i that exists in that part of the iteration, it returns the following //"http://localhost/Jindo_site/ajax/getimageinfo.php?imageId=function%20()%20{return%20n%20;}" //this is the net "effect" I want for each loop $('#galleryImage1).mouseover(function() { $.ajax({ type: "GET", // The HTTP request method. url: '/Jindo_site/ajax/getimageinfo.php?imageId=1, //next loop $('#galleryImage2).mouseover(function() { $.ajax({ type: "GET", // The HTTP request method. url: '/Jindo_site/ajax/getimageinfo.php?imageId=2, //next loop $('#galleryImage3).mouseover(function() { $.ajax({ type: "GET", // The HTTP request method. url: '/Jindo_site/ajax/getimageinfo.php?imageId=3, // and so on...again the galleryimage part works, but the URL does not. //I either get "imageId=6"(if I just use " + i) //or //"imageId=function%20()%20{return%20n%20;}" if I use the returnVariable() function defined above.

Good stuff, but I've discovered a hole in the striptags()(and even htmlspecialchars() and htmlentities(): you can still inject Javascript into the acceptable tags. The script doesn't need to start with "<script>". This is explained here. http://www.deepshiftlabs.com/dev_blog/?p=1885&lang=en-us There seam to be two solutions. 1.To simply not allow any submitted HTML to actually go on your site until you(or an authorized user) approves it(fairly easy with an extra column in the table called "approved"...then the PDO/mysqli will onyl return results that have a true or yes type value). XSS does nothing when stored in a database(not to be confused with sql injection, which prepared statements take care of), but can do damage if posted on your site. 2. You sanitize the HTML. The most popular seems to be something called "HTML purifier". I would imagine that's what this site, and the thousands of other sites that allow certain submitted HTML code on their site. P.S. Hartley, what you had described is a blacklist. Wouldn't a whitelist be better, since they are alrways coming up with new "bad" code that you would need to constantly update your blacklist

I was alking to one of the IT guys at work and he was telling me that a better career path may be database administration as opposed to being a developer. He was saying the entry level jobs are higher paying and they are more in demand since there are less of them. I wanted to get your thoughts on this? Would it be worth it to abandon developing and moving into DBA or can you do both?

I'll probably come back to this when I have a free hour to devote to it. I have no doubt it's exactly what you said. Thanks again.

The website is learnasp4.com . The basic course is totally free and other than the computer generated voice(sounds like a very proper English gentleman), it really does a good job of walking thru step by step. Hartley, I meant that it is just set up very different than Dreamweaver. It almost seams one with the code, rather than as Dreamweaver, that seams like it's allowing you to access your code through it but the program itself is not interfering. It could be that I haven't really gotten into the main C# part of the videos yet and he's just going thru all the stuff Visual Studio can do. I've never taken a formal course in Dreamweaver and after seeing this, perhaps I should. It is amazing though that I can just about understand all the C# code I've seen so far(simple as it may be). C# seams to be a combination of PHP and JS( a very simple, perhaps naive statement on my part), in that it has event handlers(and other client side code) like JS but is server based(so I would imagine it can do alot of the more indepth server code PHP handles as well). That makes sense as it seems to be a more general language where PHP is geared directly to web based server side code.

Thanks alot Margaux. Good tips. Lucky enough, all of those are on my to-learn list this year. I'm breaking it down. Instead of learning one at a time, I'm learning asp.net(and C#) today. Tomorrow is client side day, which means learning or expanding in something the client will actually see(JS, Jquery, CSS/3 HTML/5 and yes Responsive Web Design). Third day is my work day, where I actually work on my current project(of course that can be added to other days as well). That's my little roadmap for this year at least( I know you were dying to know)...and let me tell you, if you've never worked with asp.net and Visual Studio Express before, you are in for a bit of a shock. I love Dreamweaver and am feeling like a total newb right now working without it lol, but i can't wait until I can put asp.net and C# on my resume under skills since it opens up a hole new avenue since alot of corps use asp.net, not php so my options expand. Anyway Thanks alot again guys. I really appreciate it. Hartley, I took your advice and found a free asp.net online tutorial. It's quite extensive. If Larry doesn't mind, I will post the link here as it assumes you don't know any C#(which I don't) but already, I can understand much of the language I am seeing.

Good deal guys. I guess it's true. Learning one programing language makes each successive language easier to learn since alot of the concepts are the same, just the syntax is different. Maybe a better question would be knowing my history, which would suggest would be the most beneficial to my career: ASP, Jquery(more of it anyway), or Responsive Web Design, or maybe a technology I haven't mentioned. I'm not looking for definitive answers, more your thoughts and experiences.

Coupe things. In the code I was using I did substitute the 1 for the variable i like you showed. It did work in the sense that it created 6 events on the six thumbnails. The part I still can't understand is that url part of the $.ajax function didn't work with the i variable. It wasn't being sent/received by the php ajax page. Anyway, I'm sure your right that it must have been something with my code but I'm not going to spend 2 hours looking for it. Thanks for the help. You are the Larry when Larry is out being Larry.

Unfortunately not, because even though the JS/JQ loop works, it doesn't create the code/function 6 times, it just loops through the function definition 6 times(essentially overwriting itself with each loop) and since those 6 definitions are not output to the browser(my initial fear), the browser only recognizes one script block, with one function definition(the final loop). It was a little experiment that unfortunately didn't work. Luckily there is a pretty easy solution. Since the JS/JQ code is already on a page with PHP on it, I can just run the script block through a PHP for loop six times using the PHP $i variable/string. Bottom line is the browser needs to see six function definitions and that won't happen with a JS, only an PHP echo type loop(or whatever the programming language you use that mirrors echo) . A cleaner way would just be to create a separate PHP include file but since it just experimenting, I just want to make sure it works before I pretty it up lol. Anyway, thanks for the tips and the advice with spacing my code. EDIT Just tried running thru a PHP for loop and it works perfectly(I'll post the code when I'm less tired. It was weird though. The JS/JQ loop did work by assigning the event handler to each of the six thumbnails, so it seams it was creating 6 function definitions but for whatever reason, the URL for the ajax request did not recognize the variable i. Very very odd.

Ok, so I'm attempting to use ajax to bring up the images description when you click on the image thumb nail. To do so, I'm running my function definition through a for loop, replacing select parts of the function to correspond to the image number selected. When it is output in the browser, the code below $(document).ready(function() { is only output once, not 6 times. Does this matter? I'm not nearly as familiar with JS/Jquery as PHP and want to make sure the for loop would be asigning the variable i through six loops. Please also note I have not yet replaced the variable "i" in the for loop because I am still figuring out the syntax for that also. I want to replace galleryImage1 with galleryImage"variable i" and imageId1 with imageId"variable i" so if you could help me with that syntax also, much help appreciated. I figured that part out. I forgot you concatenate in JS with the "+" sign, so the code would be: <script type="text/javascript"> $(document).ready(function() { for (var i = 1; i <= 6; i++) { var classInfoHidden = null; var stepsVisible = null; $('#galleryImage'+i+'').mouseout(function() { var classInfoHidden = setTimeout(function(){ $('#image_info').css("visibility" , "hidden"); },2000); var defaultVisible = setTimeout(function(){ $('#default').css("visibility" , "visible"); },2000); }); $('#galleryImage'+i+'').mouseover(function() { $.ajax({ type: "GET", // The HTTP request method. url: '/Ecommerce_Site_3/ajax/getimageinfo.php?imageId=' + i, // The URL of the data to fetch. data: null, // Don't add any data to the URL. dataType:"html"}) // Execute response as a script. .done (function(html) { clearTimeout(classInfoHidden); clearTimeout(stepsVisible); $('#default').css("visibility", "hidden"); $('#image_info').css("visibility", "visible"); $("#image_info").html(html); }); }); } })

Hey guys, loving Larry's books and will be using Larry's Yii Book to create my own portfolio site to see how much time using a PHP framework saves. Anyway, in doing my current web project, I decided to use Jquery instead of straight Javascript to handle the Ajax and I got to thinking: I love knowing Javascript and the awesome flexibility it gives me, but more and more, I'm seeing people just using Jquery instead to save time. In addition to the many things I hope to add to my developer toolbelt this year(which includes mobile development and even some flash(or it's equivalent)), I see alot of jobs asking for familiarity with both Jquery and ASP.net. Jquery I feel I could pick up rather quickly with my history with it, combined with my PHP and Javascript knowledge, but ASP I have zero experience with. Since Larry hasn't written a book on either subject(i.e. I won't be taking money away from him), can you guys please give me your recommendations on good Jquery and ASP.net books since there are so many out there(tip, Larry, please write a Jquery, ASP and Mobile Dev Book lol)? P.S. I am posting this here because if you post here, you obviously like Larry's teaching style and so your recommendations would be more likely to fit my own preferred book style. Thanks in advance.

First, thank you for the quick reply. Second, I think your second idea would be better, as to know what all the 'bad' may be harder to pin down than the benign ones. That said, apparently, there is a feature to strip_tags that I didn't know about. It takes a second argument. The first is the data to strip the tags from, and the second optional argument is maybe a string(or array) of allowable tags. That is exactly what i was looking for. Where did I find that? Where else, from Larry's Effortless Ecommerce Example 1, where he uses TinyMCE and runs the content through strip_tags but builds a string like so "$allowed = '<div><p><span><br><a><img><h1><h2><h3><h4><ul><ol><li><blockquote>';" and uses that string as the second argument. This filtered data is then sent to the database etc.

Hey Larry, I am building a site using this part of the book to allow users to upload their own articles, and use the $page->getContent() object to output the content, as shown on page 300. Is the only way to have this type system, where an admin did not have to approve every article, be to use TinyMCE(or a similar plugin that uses it's own tag filters)? I ask because the main text field has no tag filter(strip_tags, htmlspecialchars, etc) applied to it either on the input to the database or the output. Is there a way to filter out all tags except benign tags like <p> for long articles? I was about to ask also about SQL Injection Attacks but I then saw you used prepared statements, which solves that threat

Awesome, thanks Larry. That's what I wanted to know. Off to read your article about how to implement Stripe. Also, I still welcome any other comments by others that have used such software.

Having basically grown up in PHP(and JS) with you and your books, pretty much everything in them is hand coded(though I really can't wait to dive into your Yii book to see how much time it will save when starting a new site). Anyway, I am, as your recently alluded to resolution list states, trying to learn or at least be familiar with as many technologies as possible. One of those is shopping cart software. I go to the website template sites(because like you, I can create a pretty decent looking site but when a client wants a really nice site, I know my limitations) and see all these templates for various shopping cart software(Zencart, OsCommerce, Magneto etc) and I'm actually a little puzzled. Having created two sites using your code for example 2 in this book as a backbone, I know what a shopping cart looks like behind the scenes. So my question(yes finally lol) is what exactly do these software systems offer that is better than your code. Or in other words: before devoting a week or 4 learning one of them, do I even need to IF I know how to code a shopping cart by hand? BTW this question is not just for Larry but for anyone familiar with that software.

I appreciate the bluntness(word?). I created a complete response detailing: when the ONLY variable was either GET or POST, it changed the ajax.responseText. I then looked at my PHP code again. The IF conditional expected a POST variable, so it progressed to the unset $dbc, but when it ran through GET, it completely bypassed it, and thus the error was never there when using GET. I tested this by simply pasting: $e = mysqli_real_escape_string($dbc, $_POST['email']); outside the IF conditional below, and sure enough, when the ajax ran through GET, it threw an error(maybe technically an exception since it is OOP lol). Point is, thank you Larry for causing me to take a 3rd look at the code and not pass on mis-information. echo 'VALID'; // Array for recording errors: $login_errors = array(); // Validate the email address: if ($_SERVER['REQUEST_METHOD'] == 'POST' && filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { $e = mysqli_real_escape_string($dbc, $_POST['email']); } else { $login_errors['email'] = 'Please enter a valid email address!'; } ajax.open('POST', 'ajax/loginajax3.php', true); ajax.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); var data = 'email=' + encodeURIComponent(email) + '&pass=' + encodeURIComponent(pass); ajax.send(data);

Sorry guys, I tend to type how I think, which is not always linear. The $dbc PHP variable was not declared/created on the ajax-version of the validation page, it was just referenced/called(in the mysqli real escape string function). On the 'normal', non-ajax PHP validation script(following the progressive enhancement mindset and was used as the template(with minor alterations) for the ajax version), the script itself was included in another script(index.php), and on THAT page(index.php), it also included a MYSQL PHP script that contained the database connection info, including the $dbc variable. So, when the Javascript file opened the ajax-version of the validation script via POST, it could not receive back the 'VALID' response text because of the uncreated YET referenced $dbc variable. The quark I referenced in the subject line of this thread was that when I switched the Javascript to access the ajax-version of the validation script via GET, instead of POST, it worked just fine. Also, when I ran the ajax-PHP script by itself(as Larry advised doing, which is AWESOME advice btw), still containing the undeclared $dbc variable, it did not throw PHP error for some reason. Usually if you try to use a variable that has never been created, it will throw all kinds of errors, but apparently not when using the mysqli real escape string function. I hope that clears up my findings. If not, maybe I'l just create a quick youtube vid showing what I mean.

I was importing some of the Ajax code covered in the book to a completed site. I was testing out my Ajax skills by ajax-ifying a login form. Well, it turns out that if a PHP variable on the ajax-version of the php script is unset(in my case $dbc), the POST request from Ajax doesn't work. I even made sure the ajax-php page only returned the word 'VALID' and it still wouldn't work. Odd as I ran the php script by itself to test it and it never threw an unset variable error. Took me about 2 hours to figure that out. Here's the really funny thing: I switched the Ajax request to GET, and it didn't care about the unset $dbc variable. The real lesson for me was to always, always remember when ajaxifying a modular type site that the original validation script is usually contained in another script which also contains other settings and such. This is not the case when doing ajax as it runs the php script all alone(unless you are really smart and have your ajax and non ajax validation code in the same file). If you have any questions about what I mean here, please reply. I thought this may help out some of us.

On page 292, when adding an order, you get the value for shipping from $_SESSION['shipping']. Where on earth did we set that session variable? I searched through the scripts and couldn't find it. I even used CTRL+F.

It's really more of a ecommerce payment submission type thing(the delay is also used to show the processing .gif to further discourage double clicking...you could also just disable the submit button on click). Larry, you had done basically the identical thing in you Effortless Ecommerce Extras PDF, but for some reason, I remember it not working for me(99.99999% sure I did something wrong). Hartley, thanks for the tip with the appendChild. So using a flag variable, you would basically turn the flag variable false once the user had clicked the submit button once? How would you then prevent a duplicate submission? I'm sure I;ve seen it done. TY

Woops, I hope everyone sees my first mistake. I put one too many zeroes in the setTimeout function(method). I had it set for 50 seconds. Also now that the form submits after 5 seconds, and reloads the page, the Delay then goes away. For anyone wondering how could I make the reload/submission less obvious(especially if they are going to stay on the same page)....AJAX! I guess to turn this into a base JS script, you would simply use getElementById to grab the form reference, get rid of var form = this, and use whatever base JS function you use(the name escapes me for the moment) to add an element to the DOM. Also, if you want to get rid of the processing message before the form submits, you can create another setTimeout function to remove it from the DOM(and maybe replace it from "processing" to "submitting"). I am sorry if you wasted any time with my original question, but I hope this shows how one little thing(me being a bonehead) can make you think your entire script doesn't work.

I am loving Javascript. I don't want to be a JS Ninja, but the things it can do really excite me. I am intrigued by all the uses for timers. I searched online for this but have found only mostly JQuery answers, which I don't want(ironically I like the more "spelled out" syntax of base JS). Anyway, if i have a form that needs to be submitted, and I want to delay the submission of the form by 5 seconds and show a processing gif, how would I do that. The closest Jquery thing I could find was the following(again I don't want it in Jquery). I does stop the form submission at first(so I know Jquery was able to grab the reference to the form), but it never actually submits the form after. BTW, the $("<p>Delay...</p>").appendTo("body"); is there just as a debug. I can't figure out how to make it go away once the form submits. <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/ jquery.min.js" type="text/javascript" charset="utf-8"></script> <script type="text/javascript" charset="utf-8"> $('form').submit(function (e) { var form = this; e.preventDefault(); setTimeout(function () { form.submit(); }, 50000); // in milliseconds $("<p>Delay...</p>").appendTo("body"); });</script>

Hi Larry, I must begin my post the same way I begin every new topic: Thank You. Thank You for making PHP(and web programming in general) palatable for the normal folk. My question is quite simple but the answer may not be. How would I port the second example to the Yii framework? I obviously don't mean the database itself or even the original html template files, as Yii is built to use both. It would seem, in going through your mini-series on the Yii framework that when you create the MVC via Yii, it creates it's own validation and such. How much of that type code would you keep in the current example as is and how much would need to remove and yield to the generated(and edited) code Yii has done. My purpose for this question is pretty straightforward: I know the steps/time taken to create the site as is, 100 percent hand coded from scratch. I just want to know how much time/coding using the Yii framework would save me on a future project of similar size. I know the Yii framework(and frameworks in general) use OOP while Example 2 is Procedural, but any ideas would be most helpful. P.S. The site, as is, has given me a wonderful template and blocks of code that can now be modified for other sites, so that alone has made this book unbelievably valuble. Thank You again. P.P.S. I asked this question because I wanted to know, duh, but also from the following line on the Amazon description section From the Author for this book , "After much debate, I decided not to use object-oriented programming or frameworks in the book, although I do intend to write up supplemental material showing how some of the examples and code would be translated into an OOP or framework version." If I completely missed these posts, please just point me to them.

The specific one I am referring to is on 233-234, but it applies to another procedure defined in chapter 8 as well. Sorry, I thought I included that in my post.