markifornia

thanks taking a look

Hi Sonal, Thanks for the input, it is important to be aware of date type conversions. However as Hartley points out, even with parseInt() function passed, it is then concatenated with an empty string (the space), it is therefore a string anyway. But you bring up a point though, in order to pass the variable (may or may not be a string), for added precaution it is best to pass it through the parseInt() function first even before it can be passed through the Math.random() function. var numbers = ' '; for (var i = 0; i < 6; i++) { numbers += parseInt((Math.random() * 100), 10) + ' '; } // complete loop

I am trying to work the random.js script by trimming off the last space, I am not getting the numbers output anymore. I have looked around forums and it looks like javascript doesn't have a trim() function. Also I have not yet reached the part of the book where regular expressions is used yet, this might be another preferred method (using regex)? Referring back to the example on page 115 of the book I have: 1. used the lastIndexOf() function to find the last space 2. used the slice() function to now slice from index 0 up to the last character before the space. See my modifications in RED: function showNumbers() { 'use strict'; var numbers = ' '; for (var i = 0; i < 6; i++) { numbers += parseInt((Math.random() * 100), 10) + ' '; } // complete loop // Find the last index of a space lastSpace = numbers.lastIndexOf(' '); // slice from the beginning to the last space. numbers = numbers.slice(0, lastSpace); // Reference form element var output = document.getElementById('output'); if (output.textContent !== undefined) { output.textContent = numbers; } else { output.innerText = numbers; } // End of showNumbers() function. } window.onload = showNumbers; Thanks, Mark

Roy did you get this to work? I may have over complicated the logic or have taken an unnecessary route in my script in what is being pursued here. See my modification to the script below: // Get a reference to form elements. var email = document.getElementById('email'); var comments = document.getElementById('comments'); // Validate the email address: if (!email || !email.value || (email.value.length > 6) || (email.value.indexOf('@') == -1) || (email.value.lastIndexOf('@') == -1)) { // Checks to see that the first instance or last instance is -1 if ((email.value.indexOf('@') != -1) || (email.value.indexOf('@') != -1)) { // Then check if they are equal to each other. if (email.value.indexOf('@') == email.value.lastIndexOf('@')) { okay = false; alert('Two of instances of @ found, please enter a valide email address!'); } } okay = false; alert('Please enter a valid email address!); }

page 164.

Hartley, the reason why I bring this up is because in comparison to an example in the book where volume is calculated. function calculate() { 'use strict'; // volume is declared, but not initialized var volume; // Get a reference to the form's radius value var radius = document.getElementById('radius'); if (radius && (radius.value > 0) ) { // calculate the volume. volume = (4/3) * Math.PI * Math.pow(radius.value,3); // format the volume to four decimals. volume = volume.toFixed(4); } else if (isNaN(volume)) { volume = 'Please enter a numeric value!'; } else { volume = 'Please enter a valid radius!'; } // End of if See here the variable volume is just declared, not initialized.

That example was actually taken from the book. It may have just been Larry showing how to use the parseInt() function with the Math.random() function at the same time, who knows. Correct though in that even when the numbers object is turned into in fact a number type, it reverts back into a string anyway. Might as well just use Math.random(). It does seem like the general rule of thumb should be to do the following: var numbers = ' '; Whenever that variable (or any variable) will be passed through a loop.

ok thanks hartley, it is a very important general rule of thumb not mentioned much. But consider the two loops below, one is using the +=, the other is reassigning the value to numbers. 1. var numbers = ' '; for (var i = 0; i < 6; i++) { numbers += parseInt((Math.random() * 100), 10) + ' '; } // complete loop VS 2. var numbers; for (var i = 0; i < 6; i++) { numbers = numbers + parseInt((Math.random() * 100), 10) + ' '; } // complete loop Would var numbers; now be ok with the second example?

So I removed the empty string from numbers like so: var numbers = ' '; to var numbers; The result is that I get an undefined value before the 6 random number generated from the script. I simply don't understand why it becomes undefined. I actually wondered why the numbers variable was set to empty even before I saw the pursue section. Why isn't this okay? var numbers; The variable is initialized. It is ready to hold any values. Thanks, Mark

hmm makes sense Edward if (mysqli_num_rows($r) == 1) { it would be a good idea to always wrap the fetch function inside of this conditional block. I have some scripts that don't have this, looks like I'll be looking to modify those now.

Thanks Larry, I don't have the book with me at the moment so I was unable to check if your chapter on salting also includes passing the same data to a SHA1 function as well. Is it possible to salt and pass the SHA1 function to the data? Does this make the data more secure? If applying both methods simultaneously (for a lack of a better word) makes things "more" secure, then that is the approach that should be ideally used.

On line 33 it reads: $words = FALSE; // Flag variable - Why is this needed? Why false boolean? On line 37 it reads: $r = msyqli_query($dbc, $q); if (mysqli_num_rows($r) == 1) { $words = mysqli_fetch_array($r, MYSQLI_ASSOC); } - Is this common practice, to check to see if there is at least one result returned from the query? In some scripts, this is included and then in some it is. For example go to line 47 of the same script, when the array is fetched the function isn't wrapped in the same way as above. Line 46, 47: $r = msyqli_query($dbc, $q); $r = mysqli_fetch_array($r, MYSQLI_ASSOC);

Steve, I am also curious about the comparison between SHA1 vs salted passwords. In your example above, I've never seen the password pass to two of the functions md5 and sha1, is that common? Would SHA1 suffice, or would the extra md5 function add more encrypted security? I am not clear though as to which one is more secure though, salted passwords more secure than just passing the SHA1 function? Which one to use?

cool thanks.

To name a few, there are some others headers and session variables that I don't even know of. But what really takes precedence when placing functions before an opening tag? Does it matter what order? Best to not leave spaces between the order? <?php header('Content-Type': text/html; charset=UTF-8'); session(); // Some code ?> VS <?php session(); header('Content-Type': text/html; charset=UTF-8'); // Some code ?> Thanks, Mark

thanks hartley, you're input is always useful.

Hey Hartley, well i resorted to just inputting the languages straight into mysqlPHPadmin by copy pasting portuguese. This worked fine. I also use a command to list the columns in the database, and the accented portuguese showed fine. Not sure how Larry did it, it might have to do with a locale configuration script within ssh. See below:

Here I've taken some screenshots of the database and table. It is strange that Larry has an example with the mysql client using the terminal. I am not sure how he go the accents to work or if special keys were required (or a copy and paste?). It shows on page 448 in plain site that he used this method. I hope the tables help, I am trying to locate that the tables are in fact using UTF8, but couldn't find it. Thanks.

It just refuses to take the different language encodings.

I'm actually using the mysql client through the terminal command line. like so: mysql > INSERT INTO languages (lang, lang_eng) VALUES ('English', 'English'), ('Português', 'Portuguese'), ('Français', 'French'), ('Norsk', 'Norwegian'), ('Romanian', 'Romanian'), ('ελληνικά', 'Greek'), ('Deutsch', 'German'), ('Srpski', 'Serbian'), ('日本国', Japanese), ('Nederlands', 'Dutch') But when I get to the first instance of a different encoding, it doesn't paste correctly.

Hartley on page 448, there are instructions for inserting languages. How do we add Francais, Greek, Portuguese, an Japanese to the table? It's not taking them because they are in a different language. I copy pasted them off the web, don't know if that's the reason why. I have taken these steps in my mysql client (shell). (1) mysql > CHARSET UTF8; (2) have altered all my tables to utf8 encoding INSERT INTO languages (lang, lang_eng) VALUES ('English', 'English'), ('Português', 'Portuguese'), ('Français', 'French'), ('Norsk', 'Norwegian'), ('Romanian', 'Romanian'), ('ελληνικά', 'Greek'), ('Deutsch', 'German'), ('Srpski', 'Serbian'), ('日本国', Japanese), ('Nederlands', 'Dutch') Thanks, Mark

Many thanks for your observation notes Hartley. I had to read that great example twice per stackoverflow - but i finally go it. Page 452 - 453, Or using both is fine I guess. Either way, this satisfies my question.

Mentioned in the book in especially Chapter 14: Making Universal Sites and Chapter 15: Message board example, are recommendations for processing unicode safe data. We learn that utf-8 supports a wide list of languages. There was so much information to digest, I could not recall if every action is required when building a universal/multilingual site. Are all of these set by default? Particularly the database character set. My mySQL is already set as (actually copied this straight from phpMyAdmin) utf8_unicode_ci Unicode (multilingual), case-insensitive Would I then have to establish a charset and collation for the database? Are these actions needed each time, here is a list I gathered up while reading. Added to inbetween the head tags <meta http-equiv="content-type" content="text/html; charset=utf-8"> -> Page 416-417 Must be the first line before any HTML, must be a php script page header('Content-Type: text/html; charset=UTF-8'); -> Page 452 (and more information in Chapter 14) Mysql Client CREATE DATABASE forum2 CHARACTER SET utf8; -> Page 444 mysql_connection mysqli_set_charset($dbc, 'utf8'); or mysqli_query($dbc, 'SET NAMES utf8'); -> Page 450 Any one with some insight on this great appreciated with any comments. -Mark

thanks larry, interesting that it goes in inverse order. I had done this to a variable a long time ago (before getting my hands on your book), and it was giving strange results. But it maybe because of the inverse order in the way I was passing the functions.

The variable $var is passed through 3 functions below: 1. mysqli_real_escape_string() 2. trim() 3. strtolower() Example 1 passes $var through nested functions: $var = mysqli_real_escape_string($dbc, trim(strtolower($_POST['hello_world']))); Example 2 uses step by step method of passing the $var to the 3 functions: $var = mysqli_real_escape_string($dbc, $_POST['helloworld']); $var = trim($var); $var = strtolower($var); I'm not even sure if Example 2 might have problems, or if any of you had any instances where this method didn't work. My concern with Example 1 is that what if I had about 5 functions to pass $var too, it would be a really long nested line. I know also I can create a custom function containing the 5 functions, but in some cases it's not necessary. Any advice appreciated Thanks, Mark