Jump to content
Larry Ullman's Book Forums


  • Content Count

  • Joined

  • Last visited

  • Days Won


indigetal last won the day on January 15 2014

indigetal had the most liked content!

Community Reputation

2 Neutral

About indigetal

  • Rank
  1. Validate the submitted email address in forgot_password.php using the Filter extension or a regular expression. It’s been a while since I’ve worked on this, but I’m glad I left it at this example, as it’s very easy to implement. Really, all I’m doing is taking the example from post #3 and applying the portion that relates to the email input. $_POST['email'] is already run through the mysqli_real_escape_string() function, which makes data safe to use in a query by escaping what could be problematic characters, within the db query itself, so this seems to be all that is needed: if (filter_
  2. If you’ve added the last_login field, set it to print a message on the home page as to how many users have logged in in the past say, hour or day. After validating that the main db query ran successfully, run the db query to retrieve the necessary data: $q = "SELECT COUNT(user_id) AS num_login FROM users WHERE last_login > DATE_SUB(NOW(), INTERVAL 60 MINUTE)"; $r = mysqli_query($dbc, $q) or trigger_error("Query: $q\n<br>MySQL Error: " . mysqli_error($dbc)); The DATE_SUB() function subtracts an amount of days, months, years, hours, minutes and seconds from a D
  3. Add a last_login DATETIME field to the users table and update its value when a user logs in. Use this info to indicate to the user how long it has been since the last time she or he accessed the site. Thank you everybody for all of your help with the last task. I've found that this next one was a bit over my head also, as my first attempt ended up being way off. However, having searched the forum I've found several previous threads that I was able to use as a reference, particularly this one (Thank you Christopher for your work). So my work here is going to largely be a detailed walk-throu
  4. Hi abigail, Removing first_name from the database query results in the same error message, except for the last_name column. This tells me that it's not the column, but either the table or database. I believe its most likely something to do with the table since the email and pass columns are requested before the first_name and last_name columns and they aren't creating any error messages. Following your advice, I created another table, that I named 'registered,' using the exact same code used to create the users table and ran the script in the browser. What occurred was very interesting, it
  5. Thank you Antonio very much for responding. I have now confirmed beyond any doubt that it is in fact a database issue, but even after narrowing that down I've run out of ideas. I hope there is a great lesson in my troubles with this (and hopefully not a completely ridiculous noob mistake), but so far, I have established the following: The database query fails with the exact same error message regardless if I use the code that I have written or if I use the downloaded code, (only changing the database access information). The error that I'm getting is:An error occured in script '/Users/indigit
  6. Hi Larry, Thanks for the tip, I understood that it had something to do with the database because the same error occurs on both the script that I've written based on the code in the book, and the unadulterated script that I downloaded. I did notice that the database's collation was set as swedish for some crazy reason and so I have since opted to drop the whole database and start over, making sure that the first_name column existed and that the character set and collation was utf8. However, I'm still getting the same exact error message! Just to be sure, here is the SQL commands that I'm usin
  7. Make the login form sticky Starting on page 91, in Chapter 3, "Creating Dynamic Websites," Larry discusses several strategies for presetting the value of text inputs, as well as radio buttons and check boxes. Basically, by printing the appropriate variables if and when they exist. The login form, login.php currently only has 2 fields, the username and password. Easy enough, however, I wanted to know if I should have to use the original $_POST['value'] or the trimmed value that is passed through the array_map() function, $trimmed['value'] such as: <p><b>Email Address:</b>
  8. Hi abigail, Ok, I think I know what needs to happen now! The message board example does not contain a config file and currently the database connection is established within header.html, meaning it absolutely must be included early in the script in order for any database query's to take place. So, adding a config file is necessary if I want to be able to untether the database connection file from the header file. As a reminder, I ultimately want to retrieve the records from the database for the thread's subject ($messages['subject']), before calling the header in read.php in orde
  9. Apply the same validation techniques to login.php as used in register.php In Chapter 9, "Using PHP with MySQL" - page 285, Larry explains that "database security with respect to PHP comes down to three broad issues: 1. Protecting the MySQL access information 2. Not revealing too much about the database. 3. Being cautious when running queries, particularly those involving user-submitted data." (Ullman 285) This bullet point concerns the third objective in that we are applying extra precautions when using user-supplied data to query the database: a. Validate that some val
  10. Hi abigail! Thanks for the tip, I never thought to tackle the issue from that angle and playing around with it I did get something going. However, I wanted to be able to add the name of each thread within read.php as the subtitle (namely, $messages['subject']), and maybe even use language-specific subtitles for the other pages (like $words['specific_page']). In my last attempt at a solution, reply #4 - this thread, I imagined that I needed to: Possibly turning the $messages['subject'] into a globally accessible variable. Concatenate $page_title within the code somewhere before the brow
  11. I created a chart demonstrating the site architecture of this example, which can be found here. REVIEW: 1. What is output buffering? What are the benefits of using it? Output Buffering prevents everything that a PHP script prints and any HTML outside of the PHP tags from immediately being sent to the Web browser by placing them in a memory buffer until it is flushed. Therefore, you are free to call header(), setcookie(), and session_start() functions, which can normally only be called if nothing has been sent to the Web browser, at any point in a script. This can be a performance im
  12. Well, that completes all the bullet points for review and pursue. Sadly, there is still three known issues that I was unable to resolve: The first bullet point, modifying the page title to include a page-specific subtitle, was pretty much an epic failure, even though I went in thinking it was going to be the easiest. I would appreciate if anybody could provide new insights into the issue, see reply #3 for details. While adding paginating functionality, reply #5, the database query for the last and first posts within forum.php doesn't produce any results. Adding a search page, search.php
  13. 5. Create a search page for this forum. If you need help, see the search.php basic example available in the downloadable code. The first thing I noticed about this is that search.php was nowhere to be found in the book, but I did find it in the downloaded scripts just as was instructed. So, this is going to have to be reverse-engineered like in the real world. I tested this in the browser right away and noticed that there is no translations in the words table for "search," so that will be the first thing to do: ALTER TABLE words ADD COLUMN search VARCHAR(30) NOT NULL; SHOW COLUMNS FROM w
  14. Hi eric, I don't know if this helps you, but I added new records into the words table using: UPDATE words SET new_col = 'english_value.' WHERE lang_id = 1;
  15. 4. Apply the redirect_user() function to post_form.php here (see p372). The redirect_user() function was introduced in Chapter 12, "Cookies and Sessions" and script 12.2 - login_functions.inc.php. Looking over that script, the function seems pretty straightforward, dynamically creating an absolute URL and redirecting users that log-in or to the home page when not logged-in. The post_form.php is meant to be an included file and therefore it can never be accessed directly, also, because only logged-in users can access it, it makes sense to immediately re-direct users to index.php when t
  • Create New...