Josee

Thank you for your answer, HartleySan. Sorry for the delay in answering you; it always takes me a while to post a message on this forum because I have to struggle with 2 foreign languages: English, and PHP/MySQL. I usually use either Camino or Firefox (still the 3.6 version). But I haven't noticed any difference between the two for this script. Since my previous post, I've been thinking that one reason for str_replace() failing to replace \r and \n with a space may be that I start the file with this line: setlocale(LC_ALL, 'fr_FR.UTF-8'); That's because I usually apply the multibyte family of functions since my websites use mainly French but also other European languages. I'll have to test Larry's script in another file, without this setlocale() line. Yes, of course. I was just trying to post what was really useful from my example. From what I've read in the PHP manual (http://us2.php.net/manual/en/language.operators.comparison.php), you are right… but I was not really wrong. Since the first part is the equivalent of an if conditional, it should be wrapped in parentheses; but I read on some other page too that you should wrap the whole ternary operator in parentheses. So, at least for more complex conditionals than this one, the best would apparently be: $before = ((get_magic_quotes_gpc()) ? stripslashes($_POST['example']) : $_POST['example']); Sorry for not being clearer. In fact Larry uses the array_map() function to apply the spam_scrubber function to the whole POST array. In my example, I had no need for array_map(), so I left it out in order to focus on the str_replace function. They are not replaced with double quotation marks; the ones you see at the end were in the text I typed, they surrounded the second occurrences of %0a and %0d. So they are left behind, with a space between them. That's what I expected… From my point of view, str_replace() should behave just the same with \r and \n! I'll go on playing with these scripts a bit, and if I see the light, I'll let you know!

Thank you, HartleySan. You clarified things for me writing "if anything bad is found, the following $result variable is set to an empty string". As for the array_map() function (it's used to apply the spam_scrubber() function to the whole POST array), I had indeed read the PHP manual page before posting here, but I still don't really understand "lost". I suppose I'll suddenly see the light after further testing! I did test the spam_scrubber() quite intensively, on a very simple example (not mail, since that's not the easiest thing to test), and I'm still confused. Using the script below, if I type anything from the $very_bad array, the script works fine and returns an empty string, whatever else I may have typed. But the str_replace() function works very partially or at least not as I expected it to work: it removes %0a and %0d, but it doesn't remove \n or \r. For instance, if I type: I get I don't understand why. I'm using the str_replace() function quite a lot on my website, and it has never failed to replace strings, so I don't understand why it's not the case here. I anyone has an explanation, I'll be glad to read it! With thanks for your help once again, Josée ----- The script I'm using for testing the spam_scrubber() function. <?php date_default_timezone_set('Europe/Paris'); setlocale(LC_ALL, 'fr_FR.UTF-8'); ?> <h1>Test</h1> <p></p> <?php if (isset($_POST['submitted'])) { $before = (get_magic_quotes_gpc() ? stripslashes($_POST['example']) : $_POST['example']); function spam_scrubber($value) { if (get_magic_quotes_gpc()) { $value = stripslashes($value); } $value = str_replace(array("\r", "\n", "%0a", "%0d"), ' ', $value); $very_bad = array('to:', 'cc:', 'bcc:', 'content-type:', 'mime-version:', 'multipart-mixed:', 'content-transfer-encoding:'); foreach ($very_bad as $v) { if (stripos($value, $v) !== false) return ''; } return trim($value); } $after = spam_scrubber($_POST['example']); echo "<h2>Before</h2> <p>$before</p> <hr /> <h2>After</h2> <p>$after</p> <hr />"; } ?> <form action="spam_scrubber.php5" method="post"> <p><label for="example">Example:</label><textarea name="example" id="example" rows="5" cols="70"></textarea></p> <p><input type="submit" name="submit" value="Submit" /></p> <input type="hidden" name="submitted" value="TRUE" /> </form>

Isn't it because you are including the 'header.html' file (from the 'templates' subdirectory) twice, on line 5 and on the last line?

Think of it as meaning "one element from the $students array that we shall call $x (or anything else)" and "another element from the $students array that we shall call $y (or anything else)". So the function will take for instance $students[9][name] (value: "Stephen") and compare it with $students[2][name] (value: "Vance"); and then go on comparing pairs of elements from the array to decide which must come first.

Hello, Larry and forumers, I'm still trying to better understand functions, and I have two questions regarding the user-defined spam_scrubber() function. On page 365, you begin defining it: function spam_scrubber($value) { $very_bad = array('to:', 'cc:', 'bcc:', 'content-type:', 'mime-version:', 'multipart-mixed:', 'content-transfer-encoding:'); foreach ($very_bad as $v) { if (stripos($value, $v) !== false) return ''; } ... } and then explain: "The first time that any of these items is found in the submitted value, the function will return an empty string and terminate (functions automatically stop executing once they hit a return)." Does that mean that it will replace any "bad item" with an empty string, or that it will empty the whole form field? For instance, if bcc: is found in $body, will $body be completely empty after spam_scrubber() has returned an empty string ? Also, in your first tip, on page 367, you say : "Using the array_map() function is convenient but not without its downsides. […] Any multidimensional arrays within $_POST will be lost." What does "lost" mean? I understand that array_map() will indiscriminately apply the spam_scrubber() function to the entire $_POST array, but if there are "clean" rows from a database inside, for instance, with none of the "bad items", what will it do to the data? With thanks for your help,

I was still a bit confused about variables passed by reference (using & before a variable name) and found this page from the PHP manual clarified things for me: http://us2.php.net/m...s.arguments.php I hope this helps someone else!

Thank you, Antonio Conte.

Thank you, Jonathon. But I just found the explanation for the & sign in the comments to the PHP manual (http://us2.php.net/manual/en/function.reset.php). One user said: "I had a problem with PHP 5.0.5 somehow resetting a sub-array of an array with no apparent reason. The problem was in doing a foreach() on the parent array PHP was making a copy of the subarrays and in doing so it was resetting the internal pointers of the original array." And another answered:

Thank you very much, Jonathon: "static" did it! One more subject to add to the list of all the things I still have to learn…

Hello, I'm so little advanced that I got stuck right at the beginning of chapter 1. On page 3, Larry says: "By printing out the values of $x[‘key1’] and $y[‘key1’], one can see how the user-defined sorting function is invoked." So that's what I'm trying to do. I got this far: function mysort1 ($x, $y) { echo "<p>Iteration: ".$x['key1']." vs ".$y['key1']."</p>"; return ($x['key1'] > $y['key1']); } and the result is as follows but how do you number the iterations so as to obtain the same result as in the book? I tried this: $n = 0; echo "<p>Iteration ".$n++.": ".$x['key1']." vs ".$y['key1']."</p>"; but all iterations get numbered "0". Obviously, there's something fundamental I don't understand about functions and would be very grateful if someone can enlighten me! Also: I went to read the "usort" page in the PHP manual and saw this: What does "&" in front of a variable name mean? Or what does it do? With thanks for your help,

I'm also very much looking forward to your JS book, and my preferred format would undoubtedly be PDF. I like to "scribble" on books too, but nowadays, and for computer-linked subjects, I much prefer to scribble on a PDF version! This way, when I want to change one of my annotations or delete it, the copy remains clean-looking. Also, typing is much, much more readable than my handwriting. I can add as many bookmarks or links to other files/pages as I wish, copy/paste snippets from the text, use the "search" menu, and I very much like having the list of contents easily accessible (also as bookmarks). As I have quite a large screen (24"), the PDF version also allows having both the book and a text editor window side by side, which makes it easy alternately to read and type code, and test it in the browser. The last thing is that with a PDF it can be easy for the author to allow buyers to download updated or corrected versions of the book whenever they like (or, even better, only corrected pages, so that they can replace the faulty ones without having to drop the whole original version, with all its personal annotations and bookmarks). O'Reilly commercial politics are great for that: whenever you buy a PDF book from them, you can download updated versions with no further charge. On the other hand, I hate Peachpit's politics (sorry, Larry!), because the only way you can read their PDFs is in Adobe Digital Editions, which may look fine on screen but is really much less user-friendly than Adobe Acrobat Professional. Adobe Digital Editions is the kind of software that was created to protect the publisher, not to make it easy to read PDFs on your computer! For all these reasons, I'm not sure I would be interested in an app. Demonstrable JavaScript can make things easy for the reader now and then, but I know that if I don't type code and test it just by myself, I won't memorise anything; so demonstrable JavaScript would not make me buy an app! In fact, I think what I would really like is a PDF version with a lay-out optimized for the screen. So that you can easily have one whole page on screen, even if you like using a 125% zoom. Also optimized in the sense that the author includes links to websites with content complementing his explanations, for instance. I think there's a lot an author or publisher can do to sell screen versions of their books that are much more convenient and user-friendly than printed versions, especially for all computer-linked subjects. But, for that, PDFs can't be just a screen output of a printed version. They will usually be much better if they have been conceived right from the start for use on a computer. Sorry to have been so lengthy!