Jump to content
Larry Ullman's Book Forums


  • Posts

  • Joined

  • Last visited

Everything posted by grahamgr3

  1. I am wondering if there is a way to use this book without performing the complex joins that have UNION statements in them. I think it is chapter 9 or 10 of the book, the chapter that shows the most complex mysql statements. How could I go about using this book without using those complex mysql joins.
  2. In the ecommerce2 example is how shipping is covered handled. I am wondering how we code our php scripts to know how to calculate shipping for multiple products per order, by weight, size, etc. How do we do that, in the glossary I don't see a section that covers shipping.
  3. In the following code, (I know the if statement isn't complete, I am referring to the part before it) I am unclear why (int) is used, after using php for over a year I have never really understood when I should use (int). Is it to make sure the returned number is changed from a decimal to an integer?? Please explain why it is used in this block of code. It is from chapter 6 in the ipn.php script. if (mysqli_num_rows($r) === 0){ $uid = (isset($_POST['custom'])) ? (int) $_POST['custom'] : 0; $status = escape_data($_POST['payment_status'], $dbc); $amount = (int) ($_POST['mc_gross'] * 100); $q = "INSERT INTO orders (user_id, transaction_id, payment_status, payment_amount) VALUES ($uid, '$txn_id', '$status', $amount)"; $r = mysqli_query($dbc, $q); if (mysqli_affected_rows($dbc) === 1){ } }
  4. Hi Larry The other 2 errors are that the bootstrap.min.js is not in the downloads you provide. It took me hours to get one of the scripts in the book to work, I think it was in chapter 5 that that file is required. I finally figured out with firebug that this file was missing in the js folder. You should include it in the downloads. The other error is that there is no dummy content in the sql file download, in the book it says that the sql file has dummy content but it doesn't.
  5. On page 117 Larry forgot to enter this line of code at the beginning of the script. if ($_SERVER['REQUEST_METHOD'] === 'POST') { Larry should post a full forum post with all the errors in this book to help us out, it is very frustrating having to try and make scripts work with errors in them, especially when we are not as experienced as Larry. I will post every error I find in this book in this forum as well as the solutions. So far I have found 3 errors in the book and I am only at chapter 5.
  6. Hi Larry In chapter 5, the add_page.php page doesn't seem to be working correctly. What values do I enter into the database to add content. I tried entering numeric categories in the categories table, but it doesn't work, it keeps saying Please select a category, like there is a problem with the select menu. Please tell me what to enter in the database to be able to add pages of content via the add_page.php page.
  7. On page 124 it says you can use sql commands from your website to populate the database. But the sql commands I got from the download don't have any sample content, all that is in the sql commands is the commands to add the tables to the database. No content. Where can I get the file with the data to populate the tables. Please indicate the url where I can download that. I am trying to populate the pages myself but I keep getting the error which says Please select a category! I added 2 numeric categories to the categories table, but the form still won't accept it. There seems to be a problem with the code of the select menu. I could really use some help with this part of the book. Some help would be appreciated.
  8. What is the difference between mysqli_real_escape_string and escape_data(). When should we use escape_data() as opposed to mysqli_real_escape_string.
  9. In chapter 4 if I click on the Account tab once logged in, no links appear that allow me to change my password or logout, the account link is a dead link?. It is supposed to give me the option to logout and other links too. I am using the files from the download on this site. I finally found the problem, there is no bootstrap.min.js file in the downloads for this book. That is why the dropdown menu wasn't working. I went to the bootstrap site and downloaded and now it works fine. This really should be in the download files...
  10. In the ecommerce book, in chapter 3, you include files like so: include('./includes/header.html'); doesn't include('includes/header.html') do the same thing? Why use the ./ I don't understand. This wasn't covered in the other book I read from you php and mysql 4th edition.
  11. Here is my directory structure currently in the public html folder. uploaded_images (folder) allmyotherphpfiles.php allmyotherphpfiles.php allmyotherphpfiles.php allmyotherphpfiles.php Should the uploaded_images (folder) be stored outside the public html folder, so that hackers can't hack that folder, or is it safe to leave my folder like it is now.
  12. Hi Larry, Ok, so as for validation, can you clarify how I would add validation to the following code. And as for code including a hidden input, I am already using that, and I also have an input thats hidden via css. Wonder why that isn't working. My code for that is below too. Please advise me on how to improve if possible. thank you if (preg_match ('/^[A-Z \'.-]{2,20}$/i', $trimmed['last_name'])){ $ln = mysqli_real_escape_string($dbc, ($trimmed['last_name'])); } else { $errors[] = '<p class="error">Please enter your last name</p>'; } <p><div class="fielde">Leave this field blank<input type="text" name="idea" size="15" maxlength="50" /></div></p> <input type="hidden" name="correctsum" value="<?php echo $sum; ?>" /> <p><b>Mathematical Security Question:</b></p><label for="captcha" class="label"><b><?php echo $number1.' + '.$number2.' = '; ?></b></label><input type="text" name="captcha" size="5" value="" /><small> Enter only numbers</small></p>
  13. I have a website that I am going to turn into a store and I am reading your book. It says that it might be best to use an ssl connection only on pages where it is needed. I don't know how to implement ssl only on specific pages. How do we do that. Right now I only know how to either add it to every page using the .htaccess file or not at all. What code do I use to only make some pages secure? Because if I only use https on some links, if I click on a page of my site that doesn't have https and then click on a page that does, my browser then makes all the other links I click on in my site use https too. Is that normal. That is also after I remove my .htaccess code that makes all pages contain https.
  14. Spammers are sometimes visiting my new website and entering false data in my register.php script. The result is that they don't register and several php error log messages are emailed to me. I get an error message email for each form field that has an undefined index. I would like to know how to stop getting these emails. Here is a copy of a section of the error message email. An error occurred in script '/home/strawb15/public_html/examplesite.com/register.php' on line 40: Undefined index: emailArray ( [_GET] => Array ( ) [_POST] => Array ( [username] => hebirchfijose [usermail] => aulbachpuid@sohu.com [userpass] => E970d483- [usersex] => 1 [userliving] => 16 [bdayy] => 1930 [bdaym] => 3 [bdayd] => 12 [imgcode] => [formsubmit] => Y [submit] => 確定 ) [_COOKIE] => Array ( ) [_FILES] => Array [_SERVER] => Array ( [CONTENT_LENGTH] => 173 [CONTENT_TYPE] => application/x-www-form-urlencoded [DOCUMENT_ROOT] => /home/strawb15/public_html/examplesite.com [GATEWAY_INTERFACE] => CGI/1.1 [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;image/png,image/jpeg,image/*;q=0.9,*/*;q=0.8 [HTTP_ACCEPT_ENCODING] => gzip [HTTP_ACCEPT_LANGUAGE] => en-us;q=0.7, en;q=0.3 [HTTP_CACHE_CONTROL] => max-age=259200 [HTTP_CONNECTION] => keep-alive [HTTP_HOST] =>www.examplesite.com [HTTP_REFERER] =>http://www.examplesite.com/register.php [HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 [HTTP_VIA] => 1.1 117-30-149:55336 (s.r577) [HTTP_X_FORWARDED_FOR] => [PATH] => /bin:/usr/bin [phpRC] => /home/strawb15/public_html [QUERY_STRING] => [REDIRECT_STATUS] => 200 [REMOTE_ADDR] => [REMOTE_PORT] => 13417 [REQUEST_METHOD] => POST [REQUEST_URI] => /register.php [sCRIPT_FILENAME] => /home/strawb15/public_html/examplesite.com/register.php [sCRIPT_NAME] => /register.php [sERVER_ADDR] => [sERVER_ADMIN] => webmaster@examplesite.com [sERVER_NAME] => www.examplesite.com [sERVER_PORT] => 80 [sERVER_PROTOCOL] => HTTP/1.0 [sERVER_SIGNATURE] => [sERVER_SOFTWARE] => Apache [uNIQUE_ID] => VXgCnBfrzmMAAHvJFtIAAAA3 [php_SELF] => /register.php [REQUEST_TIME_FLOAT] => 1433928348.53 [REQUEST_TIME] => 1433928348 [argv] => Array ( ) [argc] => 0
  15. I just built a website with the tactics in this book. I am looking for a small script to resend the activation link in case someone didn't get it. Any ideas on how I should make it.
  16. I am creating a forum for my site from the example in this book. I want to include a feature to my new forum where people can see the number of views a thread has had. Does anyone have any ideas on how I could code that.
  17. I have my own website that I am trying to install clean search engine friendly urls on. I am doing this for the article page section of my site. I have it working except for a glitch. I am comparing my setup with that of this website and others which use htaccess clean urls. So basically I have my url which is like the following. http://stackoverflow.com/questions/9183130/php-htaccess-apply-page-title-in-url it works when I click on it and everything is fine. but if I take a part of the url like so: http://stackoverflow.com/questions/9183130/php-htaccess-apply-pag and refresh it still works which is ok. but the url doesn't return to the former one, it stays like that, missing part of the title in the url. I can't figure out how to make it revert back to the original url. All pages which seem to use clean urls have it working like that. here is my htaccess rule. and then I will show you the link I am using to link to the page. RewriteEngine On RewriteRule ^article/([0-9]+)/([a-zA-Z]+) article.php?id=$1&title=$2 $punctuation = array('$', '-', ',', '/', '\\', '!', '.', ' ', '*', '&', '?', '%', '\'', '<', '>', '[', ']', '(', ')'); $real_title = str_replace($punctuation, '-', $row5['title']); $real_title = str_replace(' ', '-', $real_title); $real_title = strtolower($real_title); $real_title = mysqli_real_escape_string($dbc, $real_title); <a href="http://www.example.com/article/'.$row5['article_id'].'/'.$real_title.'">'.$row5['title'].'</a>
  18. Hi That is not what I am looking for exactly. But thanks for creating that. I will do my best to clearly tell you what I want to do. I have my link that people click on which is <a href="edit_images.php?id=' .$row['article_id'] . '">Edit Images</a> The article_id is not a session variable. How can I make it so that when people see the address in the address bar they can't change the number 4 to something else in the link edit_images.php?id=4 Because if they do right now on my site, they can view other people's data from their accounts. I think Larry taught this in the book, I looked through the book but I can't find it. Right now my site is terribly insecure. I think the best thing would be to hash the id number maybe with md5. Unless there is a much simpler way to protect against this security flaw. I tried using the following <a href="edit_images.php?id=' .(md5($row['article_id'])) . '"> That does give a hashed id number. But now since the id number is different than the original, my page doesn't work anymore like it should, it gives an error because the id number is now incorrect. How can I make the page recognize that the id number is the same just hashed. Would i edit the following code in some way to make it recognize the id number as valid. if (isset($_GET['id']) && is_numeric($_GET['id']){ $id = $_GET['id']; } elseif (isset($_POST['id']) && is_numeric($_POST['id'])) { $id = $_POST['id']; } else { echo '<p class="error">This page has been accessed in error.</p>'; include ('includes/footer.html'); exit(); }
  19. I am using the code from the book. if (isset($_GET['id']) && is_numeric($_GET['id']){ $id = $_GET['id']; } elseif (isset($_POST['id']) && is_numeric($_POST['id'])) { $id = $_POST['id']; } else { echo '<p class="error">This page has been accessed in error.</p>'; include ('includes/footer.html'); exit(); } the solution you gave above is great for pages where the id value is a $_SESSION variable. But what about when the id value is something else not stored in a session variable. What I am really looking for I guess is a way to hide the id value or hash it. I have searched everywhere online and can't find a way to make it work. I am just a beginner. Can you give me an example code that uses the code above if possible. That way users won't be able to tell what the id is in the url.
  20. Right now on my website I created when someone is logged in they can go to the url in the address bar and change the id number associated with the url. for example one page I have is add_image.php?id=4 4 is the id associated with the article. If someone changes the 4 to a 7 for example. Then my page will show the other user's data on my page without them even entering that other person's login info. How do I make sure people can't see other user's data when they change the id number. I am using the scripts from this book. Maybe I missed something. I am using sessions properly as far as I can tell. I really would need some help with this. please give an example of secure code to use. thank you
  21. Hi I am using the footer script provided often in this book. And i am getting the following error from my website's error email log message. ob_end_flush(): failed to delete and flush buffer. No buffer to delete or flushArray Is there something we need to do to prevent from getting this error. I looked online and found one answer, can anyone tell me if this is the correct thing to do for this problem. Or should I take another look at my scripts for errors. if (ob_get_level()>1){ ob_end_flush(); } thank you
  22. I am using the php mail function on my site for user registration, so that the user receives an email confirmation link to click on when he registers. However during testing not every email address receives the confirmation email and sometimes after sending it, I can't send email to that email address anymore, no email gets through. what could be causing it. I am using the php mail function exactly like it says in this book.
  23. Hi, thanks for the tip. I installed ckeditor but I am having trouble setting the maxlength that people can type into the textarea now that ckeditor is installed. I looked everywhere and cant find a solution. The maxlength in html doesn't apply anymore. Do you have javascript code that works.
  24. When entering values into our tables in mysql is it better to enter specifically NULL where no value goes, or is it ok if it is just blank. Because when I submit a form that has no value for one of the fields, I can't write NULL in the insert query because it might have a value. How to get around that?
  25. I have an images table that has 5 foreign keys that reference 5 other tables, each of those tables uses the images table to store images, when an image gets uploaded, the foreign key in question gets a value associated with it in the images table but the other 4 foreign keys will get NULL values in that row. Is that acceptable, or should I rethink my database design? What would be the best way to go?
  • Create New...