ericp

In your book, you said that [^aeiou] will match any non-vowel because the caret is a negation operator when used as the first character in the class. However, in the PHP manual (http://php.net/manual/en/regexp.reference.character-classes.php) , it says that [^aeiou] matches any character that is not a lower case vowel. This makes me confused, as I think that [a-z] will match any single lowercase letter and [A-Z] is any uppercase, or [A-Za-z] is any letter in general. Thanks for your feedback. Eric

Hi, Just a small curious about a note on page 307 regarding this script that says that '... For example, if the query tries to delete the record where the user ID is equal to 42000 (and if that doesn’t exist), no rows will be deleted but no MySQL error will occur. Still, because of the checks made when the form is first loaded, it would take a fair amount of hacking by the user to get to that point.' Does it mean that the primary key number 42000 would NEVER be generated, by default, for the table in MySQL platform used with PHP? or what? And what can make it easily vulnerable? Thanks

Instead of typing $_SESSION['cart'][$pid], I did $_SESSION['cart']['$pid'] That's the reason....and it took me days to find it out.... Thanks for your help.

Ok. I will check it again and come back to you for help should any problem occurs. Thanks

Thanks. but the point is that I haven't changed anything in your script. / check if the form has been submitted (to update cart) if($_SERVER['REQUEST_METHOD'] == 'POST'){ // update quantities: foreach ($_POST['qty'] as $k => $v) { // Must be interger $pid = (int) $k; $qty = (int) $v; if ($qty == 0){ // Delete unset ($_SESSION['cart']['$pid']); } elseif ($qty > 0){ // change quantity $_SESSION['cart']['$pid']['quantity'] = $qty; } //end of IF } // end of foreach } // end of submitted IF // Display the cart if it's not empty... if (!empty($_SESSION['cart'])) { // Retrieve all of the information for the prints in the cart: require ('./mysqli_connect.php'); // Connect to the database. $q = "SELECT print_id, CONCAT_WS(' ', first_name, middle_name, last_name) AS artist, print_name FROM artists, prints WHERE artists.artist_id = prints.artist_id AND prints.print_id IN ("; foreach ($_SESSION['cart'] as $pid => $value) { $q .= $pid . ','; } $q = substr($q, 0, -1) . ') ORDER BY artists.last_name ASC'; $r = mysqli_query($dbc, $q) or die("MySQL error: " . mysqli_error($dbc) . "<hr>\nQuery: $q"); // Create a form and a table: echo '<form action="view_cart_19.php" method="post"> <table border="0" width="90%" cellspacing="3" cellpadding="3" align="center"> <tr> <td align="left" width="30%"><b>Artist</b></td> <td align="left" width="30%"><b>Print Name</b></td> <td align="right" width="10%"><b>Price</b></td> <td align="center" width="10%"><b>Qty</b></td> <td align="right" width="10%"><b>Total Price</b></td> </tr> '; // Print each item... $total = 0; // total cost of the order while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC) ) { // Calculate the total and subtotal: $subtotal = $_SESSION['cart'][$row['print_id']]['quantity'] * $_SESSION['cart'][$row['prnt_id']]['price']; $total += $subtotal; // Print the row: echo "\t<tr> <td align=\"left\">{$row['artist']}</td> <td align=\"left\">{$row['print_name']}</td> <td align=\"right\">\${$_SESSION['cart'][$row['print_id']]['price']}</td> <td align=\"center\"><input type=\"text\" size=\"3\" name=\"qty[{$row['print_id']}]\" value=\"{$_SESSION['cart'][$row['print_id']]['quantity']}\" /></td> <td align=\"right\">$" . number_format ($subtotal, 2) . "</td> </tr>\n"; } // End of WHILE loop mysqli_close($dbc); // Close the database connection. // Print the total, close the table, and the form: echo '<tr> <td colspan="4" align="right"><b>Total:</b></td> <td align="right">$' . number_format ($total, 2) . '</td> </tr> </table> <div align="center"><input type="submit" name="submit" value="Update My Cart" /></div> </form> <p align="center">Enter a quantity of 0 to remove an item. <br /><br /><a href="checkout_19.php">Checkout</a></p>'; } else { echo "<p>Your cart is currently empty!</p>"; } And the error still happens. What should I be wrong? Eric

Hi Larry cc all, I have tried to code the view_cart.php script for several times. The error returned saying that MySQL error: Unknown column '$pid' in 'where clause'. I first thought that it was my typing mistake or so. So, i later tried copying and pasting your original script 19.10 - view_cart.php into my site to test it. The same error happened too. Note: 1/ I added or die("MySQL error: " . mysqli_error($dbc) . "<hr>\nQuery: $q") after the $r = mysqli_query($dbc, $q) to turn on the error message. When I commented it out, the error message returned like this: Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in /home/content/.../view_cart.php on line 55, which means the error happens at while ($row = mysqli_fetch_array ($r, MYSQLI_ASSOC)) {... 2/ I use Linux shared web hosting package at godaddy.com 3/ PHP version: 5.3.21 Your help will be appreciated. Eric

Hi Larry cc all, I totally understand how to create the self-defined error handling function, i.e., my_error_handler, and what the error-reporting levels mean as indicated in table 8.1. However, the question that i am still concerning (and it's still vague) about the five arguments such as $e_num ber, $e_ message, $e_file, $e_line, and $e_vars in the function. So,Where do the values come from that these variables can get to give report to email when errors may occur (as I don't see any of them have been created or defined as an variable normally should be before these arguments/ variables are named and added to the function)? in order words, what is the possible debugging information they can get to add to the $message? or is it set as/by default in PHP programming language? Thanks and regards,

Hi Larry and all, Have you ever tried revising the script 19.2 using Fileinfo extension to validate the file type yet with more security improvement? With my limited knowledge and experience, I failed to create the $temp variable so that I could rename the files later in the script. Your sharing will be appreciated. Rgds,

Hi all, One more thing about this script is that I tried to improve this script by adding the validation code to allow some certain file size and types as per the script 11.2 in the chapter 11 suggests- before moving them to the permanent destination, 'uploads' folder. It works well! My concern is that should I add the else { $temp = NULL; } to the if (is_uploaded_file($_FILES['image']['tmp_name'])) {... or to the if ($_FILES['image']['error'] > 0) {... ? because the code check the size errors before the type ones. Rgds,

To my understanding, it is the variable that carries the value to be retrieved so that the associated image can be renamed later. Am I correct, Larry?

OK. I will take a look at them when the files—the images—are served by the public side of the site, as the book says 'you’ll soon see'. Just a bit curious... as I thought that it's renamed in the database.

Hi there, Is there anyone having the same issue as mine or not that my uploaded file is not renamed in the database though I have tried several uploads? I do not make any changes to the sample codes at all. // Create a temporary file name: $temp = './uploads/' . md5($_FILES['image']['name']); . . . // rename image $id = mysqli_stmt_insert_id($stmt); // Get the print ID rename ($temp, "./uploads/$id"); Your help will be appreciated. Regards, Ericp

I successfully configured this already. The problem was at godaddy server. If you guys out there use Godaddy sharing hosting plan (Linux), you need to create a php5.ini file with the code to reset the upload_tmp_dir to /tmp value instead of No Value by default. the code is upload_tmp_dir = /tmp

Sorry, but the name of the book i am discussing about is PHP and MYSQL for Dynamic web sites, 4th Edition, Copyright © 2012 by Larry Ullman. So, can you help me move this topic to the appropriate book's forum, please? Thanks and regards, Ericp

yes, because margaux complicated it.

yes, because margaux complicated it.

Thanks, But the variable $array('x','y','z') as in script 11.2 as per your recomendation is to check the MIME type of the particular files the browser can do. What I mean is to be able to apply the Fileinfo extension into the syntax of the multiple file's types verification or not? Would I code if (finfo_file($fileinfo, $_FILES['upload']['tmp_name']) == 'text/x', 'image/JPG') { or if (finfo_file($fileinfo, $_FILES['upload']['tmp_name']) == $allowed) { or what? Thanks

Hi Larry and all, Is there anyway that the Fileinfo extension can verify multiple file's types, but not only a certain one (e.g., == 'text/rtf'). If yes, what does the syntax look like? Regards,

Hi there, Can you help me with the script 19.2. please? The problem is that though I uploaded the size-allowed image to uploads folder, which is in the same directory as add_print.php file, but it failed and the error message says 'No file was uploaded.' . You can test it here (http://hiteachers.com/add_print.php) Note: As the uploads folder is on the same level as the add_print.php, and I don't create the admin folder either, I change the paths for $temp from '../../uploads/' . md5($_FILES['image']['name']); to $temp = './uploads/' . md5($_FILES['image']['name']); and for rename from ($temp, "../../uploads/$id"); to rename ($temp, "./uploads/$id"); Is it the cause of the problem or what else? Thanks for your help in advance. Regards, Ericp

Hi, Regarding script 13.3, which is the more reliable way of confirming a file’s type using the Fileinfo extension. I understood. However, the example script 13.3 I could see shows that the codes (... if (finfo_file($fileinfo, $_FILES['upload']['tmp_name']) == 'text/rtf') {...) only check and validate only one type of file, called .rtf. Is there other ways that we can validate multible types of file using the Fileinfo extention, e.g., .jpg, .gif, .docx, ect? Thanks

I can see the root cause now. As I use godaddy.com hosting service, which requires the From email address MSUST be the hosted domain name. The email address does not necessarily need to exist, but there are SPAM filters on the outgoing emails to prevent SPAM and spoofing. Eric P

But we can not do this @ godaddy.com Do you think so? Ericp

Hi, I copy-and-paste the activate.php I indeed received emails with activation links for the first several days. Now. It stops working. And I don't know why? I learned from another post (http://www.larryullman.com/forums/index.php?/topic/1648-chapter-18-registerphp-sendmail/) to add sendmail_path =/usr/sbin/sendmail -t into my .ini file. It still didn't work. I use: Linux share host at godaddy.com PHP version: 5.3.21 Can you help? Eric P

Oop... I haven't got them yet. BTW, have you got any code for this to share? Loving is caring, right? Ericp

Hi all, This is my code: <?php //Count the logged in users in the last 600 minutes: require ('includes/config.inc.php'); $page_title = 'Count Logged in users in the last 60 minutes'; include ('includes/header.html'); require (MYSQL); // Define the query: $q="SELECT COUNT(*) FROM users WHERE last_login > DATE_SUB(NOW(), INTERVAL 600 MINUTE)"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); $row = @mysqli_fetch_array ($r, MYSQLI_NUM); // Count the number of returned rows: $num = mysqli_num_rows($r); if ($num > 0) { // If it ran OK, display the records. echo "<p>There are <strong> $num </strong> active users in the last 600 minutes: </p>\n"; // Table header: echo '<table align="center" cellspacing="3" cellpadding="3" width="75%"> <tr> <td align="left"><b>User\'s First Name</b></td> <td align="left"><b>Last Log-In</b></td> </tr> '; // Fetch and print all the records: while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) { echo '<tr> <td align="left">' . $row['first_name'] . '</td> <td align="left">' . $row['last_login'] . '</td> </tr> '; } echo '</table>'; mysqli_free_result($r); } else { // If no records were returned. echo '<p class="error">There are no active users in the last 600 minutes.</p>'; } mysqli_close($dbc); include ('includes/footer.html'); exit(); // quit the script ?> and this is the output: http://hiteachers.com/count_logged_in_users.php Which returns zero logged in users though it counted 1 (one) active users from the last_login row in users table. Can you help me with this? Thanks