Jump to content
Larry Ullman's Book Forums

grahamgr3

Members
  • Posts

    99
  • Joined

  • Last visited

Posts posted by grahamgr3

  1. I tried the mysql query I am using in my login.php page and it works fine, it returns the data it should. It is SELECT UserID, Fname FROM users WHERE (Email='$e' AND Pass=SHA1('$p')) AND Active IS NULL

    So I am guessing the problem isn't there. So where could the problem be.

    Like I said I don't get an error message, it just redirects me back to index.php. Sometimes it takes 2 or 3 login attempts before it works.

  2. I am not exactly sure what mean, do I login with a known username and password combination that I know is in the database, and then try and login with a username password combo that doesn't exist in the db. I just tried that and it gave an error. when I login with a good username and password that exists sometimes it logs me in, and when it doesn't it doesn't give an error, it just redirects me back to the index page. 

  3. I built a login page from the model in this book, and for some reason, sometimes when I login it redirects me back to index.php and it doesn't log me in. Other times it logs me in just fine. Any idea what could be causing this? Here is my login page code.

     

    <?php
    $page_title = 'Login to your account';
    include ('includes/header.html');
    include ('includes/config.inc.php');
    if ($_SERVER['REQUEST_METHOD'] == 'POST'){
    require (MYSQL);
    $trimmed = array_map('trim', $_POST);
    if (!empty($trimmed['Email']) && filter_var($trimmed['Email'], FILTER_VALIDATE_EMAIL)){
    $e = mysqli_real_escape_string($dbc, $trimmed['Email']);
    } else {
    $e = FALSE;
    echo '<p class="error">You forgot to enter your email address, or the email you entered is invalid.</p>';
    }
    if (!empty($trimmed['Pass'])){
    $p = mysqli_real_escape_string($dbc, $trimmed['Pass']);
    } else {
    $p = FALSE;
    echo '<p class="error">You forgot to enter your password, or the password you entered is invalid.</p>';
    }
    if ($e && $p){
    $q = "SELECT UserID, Fname FROM users WHERE (Email='$e' AND Pass=SHA1('$p')) AND Active IS NULL";
    $r = mysqli_query($dbc, $q) or trigger_error("Query: $q\n<br /> Mysql Error:" . mysqli_error($dbc));
    if (@mysqli_num_rows($r) == 1){
    $_SESSION = mysqli_fetch_array($r, MYSQLI_ASSOC);
    mysqli_free_result($r);
    mysqli_close($dbc);
    $url = BASE_URL . 'index.php';
    ob_end_clean();
    header("Location: $url");
    exit();
    } else {
    echo '<p class="error">Either the username and password you entered do not match those we have on file, or you have not yet activated your account.</p>';
    }
    } else {
    echo '<p class="error">Please Try Again</p>';
    }
    mysqli_close($dbc);
    }
     
    ?>
    <div class="text">
    <h1>Login</h1>
    <p>Your browser must allow cookies in order to log in.</p>
    <form action="login.php" method="post">
    <fieldset>
    <p><b>Email: <input type="text" name="Email" /></b></p>
    <p><b>Password: <input type="password" name="Pass" /></b></p>
    <input type="submit" name="submit" value="Login!" />
    </fieldset>
    </form>
    </div>
    <? include ('includes/footer.html'); ?>
  4. In the following code I am validating a url in a practice page I am using from the stuff I learned in the book­. When I enter an invalid url in my form, I get an $url undefined error when running the code below. I am guessing the error is pretty easy to spot, but I am new at this. 

     

    if (filter_var($scrubbed['url'], FILTER_VALIDATE_URL)){

    $url = mysqli_real_escape_string($dbc, $scrubbed['url']);

    } else {

    echo '<p class="error">Please enter a valid url</p>';

    }

  5. I am on Chapter 18, I created all the files and they seem to be all like it is written in the book, when I logout I can still see the user menu, if I click on one of the user links it takes me back to the index.php (some of the time) page which is great, meaning I am logged out. But why can I still see the Logged in User links even after I click on logout, sometimes when I click on the user links I can even get to the logged in page after I am logged out. I double checked my login and logout pages and they seem the same as in the book. Is this normal??

  6. In Chapter 19, the $_SESSION['customer_id'] variable is often used for things like isset($_SESSION['customer_id'])

    why though can't we use other table columns that are like customer_id in the $_SESSION[]

    for example $_SESSION['order_id']

     

    In chapter 19 also, the $_GET['id'] is the same id as the customer's. Why is it the same? Where does it get declared as the same, I have searched through the scripts and I don't see it. 

     

    I am trying to create a script where users can view their past orders. The trouble I am having is calculating the total amount of the order in the checkout.php script, because there is no customer_id field in the order_contents table. 

    Here is where I am at with that in the checkout.php script: 

    $u = "SELECT price * quantity AS amount FROM order_contents WHERE order_id=?not sure what to put here";
    $total = mysqli_query($dbc, $u);
  7. I am having a bit of trouble with a register.php script I created for chapter 19's review and pursue. I created it so customers can register before shopping for prints. The problem is that after completing registration and all the fields are entered correctly an error message appears . The message is You could not be registered due to a system error, we apologize for the inconvenience. So it would seem that there mysqli_affected_rows doesn't equal 1. Why is what I can't figure out. A problem with my mysqli insert statement maybe??

     

    Here is the code. 

     

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Untitled Document</title>
    </head>
     
    <body>
    <?php
    # Script 19.21 register.php -
    if ($_SERVER['REQUEST_METHOD'] == 'POST'){
    include ('mysqli_connect44.php');
    $errors = array();
    if (empty($_POST['first_name'])){
    $errors[] = 'You forgot to enter your first name';
    } else {
    $fn = mysqli_real_escape_string($dbc, trim($_POST['first_name']));
    }
    if (empty($_POST['last_name'])){
    $errors[] = 'You forgot to enter your last name';
    } else {
    $ln = mysqli_real_escape_string($dbc, trim($_POST['last_name']));
    }
    if (!empty($_POST['email']) && filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){
    $em = mysqli_real_escape_string($dbc, trim($_POST['email']));
    } else {
    $errors[] = 'Either you forgot to enter your email address, or the email you entered is not a valid email address.';
    }
    if (empty($_POST['address'])){
    $errors[] = 'You forgot to enter your address';
    } else {
    $add = mysqli_real_escape_string($dbc, trim($_POST['address']));
    }
    if (empty($_POST['zipcode'])){
    $errors[] = 'You forgot to enter your zip (postal) code';
    } else {
    $zip = mysqli_real_escape_string($dbc, trim($_POST['zipcode']));
    }
    if (empty($_POST['city'])){
    $errors[] = 'You forgot to enter your city';
    } else {
    $city = mysqli_real_escape_string($dbc, trim($_POST['city']));
    }
    if (empty($_POST['state'])){
    $errors[] = 'You forgot to enter your state';
    } else {
    $state = mysqli_real_escape_string($dbc, trim($_POST['state']));
    }
    if (empty($_POST['country'])){
    $errors[] = 'You forgot to enter your country';
    } else {
    $coun = mysqli_real_escape_string($dbc, trim($_POST['country']));
    }
    if (empty($_POST['username'])){
    $errors[] = 'You forgot to enter your username';
    } else {
    $user = mysqli_real_escape_string($dbc, trim($_POST['username']));
    }
    if (!empty($_POST['pass']) && ($_POST['pass'] != ($_POST['pass2']))){
    $errors[] = 'Your passwords don\'t match, please reconfirm your password';
    } else {
    $pass = mysqli_real_escape_string($dbc, trim($_POST['pass']));
    }
     
    if (empty($errors)){
     
    $q = "INSERT INTO customers (first_name, last_name, email, address, zipcode, city, state, country, username, pass) VALUES('$fn', '$ln', '$em', '$add', '$zip', '$city', '$state', '$coun', '$user', '$pass')";
    $query = @mysqli_query($dbc, $q);
    if (mysqli_affected_rows($dbc) == 1){
    echo 'You are now registered, to shop for prints just <a href="login.php">Login</a> and begin shopping!';
    } else {
    echo 'You could not be registered due to a system error, we apologize for the inconvenience.';
    }
    } else {
    echo 'The following errors occurred';
    foreach($errors as $msg){
    echo "- $msg<br />";
    }
    }
    }
     
    ?>
    <p><h1>Register to Shop our Prints Catalog</h1></p>
    <form action="register.php" method="post">
    <p><b>First Name:</b> <input type="text" name="first_name" size="20" maxlength="30" value="<?php if (isset($_POST['first_name'])) echo $_POST['first_name']; ?>" /></p>
    <p><b>Last Name:</b> <input type="text" name="last_name" size="30" maxlength="40" value="<?php if (isset($_POST['last_name'])) echo $_POST['last_name']; ?>" /></p>
    <p><b>Email Address:</b> <input type="text" name="email" size="40" maxlength="60" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>" /></p>
    <p><b>Address:</b> <input type="text" name="address" size="40" maxlength="70" value="<?php if (isset($_POST['address'])) echo $_POST['address']; ?>" /></p>
    <p><b>Zip (Postal)Code:</b> <input type="text" name="zipcode" size="6" maxlength="7" value="<?php if (isset($_POST['zipcode'])) echo $_POST['zipcode']; ?>" /></p>
    <p><b>City:</b> <input type="text" name="city" size="6" maxlength="6" value="<?php if (isset($_POST['city'])) echo $_POST['city']; ?>" /></p>
    <p><b>State:</b> <input type="text" name="state" size="6" maxlength="6" value="<?php if (isset($_POST['state'])) echo $_POST['state']; ?>" /></p>
    <p><b>Country:</b> <input type="text" name="country" size="15" maxlength="25" value="<?php if (isset($_POST['country'])) echo $_POST['country']; ?>" /></p>
    <p><b>Username:</b> <input type="text" name="username" size="15" maxlength="25" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /></p>
    <p><b>Password:</b> <input type="password" name="pass" size="10" maxlength="20" value="<?php if (isset($_POST['pass'])) echo $_POST['pass']; ?>" /></p>
    <p><b>Confirm Password:</b> <input type="password" name="pass2" size="10" maxlength="20" value="<?php if (isset($_POST['pass2'])) echo $_POST['pass2']; ?>" /></p>
    <p><input type="submit" name="submit" value="Submit" /></p>
    </form>
    </body>

     

    </html>

     

     

  8. I am almost finished the book, and I am not totally clear on how to use the $page_title variable that appears throughout the book, do we have to include the following code in the title tag of each php script in order to use $page_title. <?php echo $page_title; ?>. In most of the examples in this book the $page_title variable is used in the script without showing the code used in the title tag. Also since the $page_title variable appears below the title tag when I load the php script in my browser I get an error message saying that $page_title isn't a valid variable. 

     

    Can someone explain to me how to properly use the $page_title variable when writing php scripts. Or is it just easier to write the title in the title tag without using this variable. 

  9. I advanced a bit, now I atleast managed to get the unavailable image to display for 2 prints, with the others I am still getting the same error message I put in my previous post. Here is the source code with the image tag which appears now. Please let me know how to make it work. thanks for your help.

     

    <div align="center">   <b>php</b> by   Graham David Rodrigue<br />u<br />$66.00   <a href="add_cart.php?pid=85">Add to Cart</a>   </div><br /><div align="center"><img src="show_image.php?image=85&name=php_mysql_logo.png" width="321" height="186" alt="php" /></div>   <p align="center">(No description available)</p><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">   <html xmlns="http://www.w3.org/1999/xhtml">   <head>   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />   <title>Untitled Document</title>   </head>
  10. Hi

    sorry for not understanding, but after trying countless things in the past 45 minutes I am getting nowhere. I am not sure how to verify the location of $pid relative to the script. I mean I am using the file downloaded from the working files in this forum. I just changed the uploads path and the connection. I checked show_image.php too and don't know what else to check. I removed the @ and this is the error it gives me. 

     

    Warning: getimagesize(../../../../uploads/62): failed to open stream: No such file or directory inD:\xampp\htdocs\larry\chapter19\view_print.php on line 36

    No image available.
  11. Hi

    Here is the source code from view_prints.php. I don't see an image tag, it just says No Image Available.

     

    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>best2233</title>
    </head>
     
     
    <body>
    <table cellspacing="0" cellpadding="0" border="0" align="center" width="600">
    <tr>
    <td align="center" colspan="3"><img src="images/title.jpg" width="600" height="61" border="0" alt="title" /></td>
    </tr>
    <tr>
    <td><a href="index.php"><img src="images/home.jpg" width="200" height="39" border="0" alt="home page" /></a></td>
    <td><a href="browse_prints.php"><img src="images/prints.jpg" width="200" height="39" border="0" alt="view the prints" /></a></td>
    <td><a href="view_cart.php"><img src="images/cart.jpg" width="200" height="39" border="0" alt="view your cart" /></a></td>
    </tr>
    <tr>
    <td align="left" colspan="3" bgcolor="#ffffcc"><br />
    </body>
    </html><div align="center">
    <b>best2233</b> by 
    Graham David Rodrigue<br />22<br />$22.00 
    <a href="add_cart.php?pid=66">Add to Cart</a>
    </div><br /><div align="center">No image available.</div>
    <p align="center">ss</p><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Untitled Document</title>
    </head>
     
    <body>
    <!-- Script 19.4 - footer.html -->
    <br /></td>
    </tr>
    <tr>
    <td align="center" colspan="3" bgcolor="#669966"><font color="#ffffff">©Copyright...</font></td>
    </tr>
    </table>
    </body>
    </html>
  12. Hi 

    I have done that already, I am following your book to the letter, it just takes me to the view_print.php page where it says the image is unavailable. So what now?

    here is a part of the source code. 

     

    td align="left"><a href="browse_prints.php?aid=1">Graham David Rodrigue</a></td>
    <td align="left"><a href="view_print.php?pid=66">best2233</a></td>
    <td align="left">ss</td>
    <td align="right">$22.00</td>
    </tr>
    <tr>
    <td align="left"><a href="browse_prints.php?aid=1">Graham David Rodrigue</a></td>
    <td align="left"><a href="view_print.php?pid=65">best99</a></td>
    <td align="left">ss</td>
    <td align="right">$22.00</td>
    </tr>
    <tr>
    <td align="left"><a href="browse_prints.php?aid=1">Graham David Rodrigue</a></td>
    <td align="left"><a href="view_print.php?pid=63">bestr77</a></td>
    <td align="left">ss</td>
    <td align="right">$22.00</td>
  13. Hi Larry

    Here is the trouble I am having with the script add_print.php, browse_prints.php, and view_print.php.

    For add_print.php, when I use your scripts from this site modified with my database settings and changed so that they point to my uploads folder, when I upload a jpg image or other type of image, the file goes to my uploads folder, but it appears as  a blank file, when I look at the properties of the file it calls it type "file". When I added 2 lines of my own code and changed a third line to it I can view the images in my uploads folder, without the 2 lines of code it is impossible, I don't see them. Here are the 3 lines of code. 

    $path_parts = pathinfo($_FILES["image"]["name"]);

    $extension = $path_parts['extension'];
    rename ($temp, "../../../uploads/$id.".".$extension");
     
    For view_print.php and browse_prints.php , I don't see the images I uploaded when I click on the links to the images on browse_prints.php. It says image unavailable. Yet I know they are there. 
     
    Could it be because I am running Windows 8.1?
    I have spent several hours trying different things and nothing works. 
  14. After exhausting searching and trying many different things and asking people about the add_print.php script in chapter 19 I am now positive that there are errors in this script. I have tried using the exact script supplied by the author in his working files and the images don't display in my uploads folder, and they also don't show up in my view_print.php page. 

     

    I put the entire script up on stack overflow and got an answer that partially helped fix this. I however still don't see the images on my view_print pages. The show_image.php isn't doing it's job like it should, and I am using the exact files provided by the author. This is extremely frustrating and time consuming, one would expect the examples to be error free.

     

    Here is the fix  I got on stack overflow. 

     

    You need to add a couple lines of code and change one line to actually display the image in your uploads folder. The entire modified script is below. Note that this doesn't entirely fix the problem though, you still don't see the images on the view_print.php page.

    $path_parts = pathinfo($_FILES["image"]["name"]);
    $extension = $path_parts['extension'];
     
    $id = mysqli_stmt_insert_id($stmt); // Get the print ID.
    rename ($temp, "../../../uploads/$id.".".$extension");
     
     
    <?php # Script 19.2 - add_print.php
    // This page allows the administrator to add a print (product).
     
    require ('../../mysqli_connect.php');
     
    if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Handle the form.
     
    // Validate the incoming data...
    $errors = array();
     
    // Check for a print name:
    if (!empty($_POST['print_name'])) {
    $pn = trim($_POST['print_name']);
    } else {
    $errors[] = 'Please enter the print\'s name!';
    }
     
    // Check for an image:
    if (is_uploaded_file ($_FILES['image']['tmp_name'])) {
     
    // Create a temporary file name:
    $temp = '../../../uploads/' . md5($_FILES['image']['name']);
     
    // Move the file over:
    if (move_uploaded_file($_FILES['image']['tmp_name'], $temp)) {
     
    echo '<p>The file has been uploaded!</p>';
     
    // Set the $i variable to the image's name:
    $i = $_FILES['image']['name'];
    } else { // Couldn't move the file over.
    $errors[] = 'The file could not be moved.';
    $temp = $_FILES['image']['tmp_name'];
    }
     
    } else { // No uploaded file.
    $errors[] = 'No file was uploaded.';
    $temp = NULL;
    }
     
    // Check for a size (not required):
    $s = (!empty($_POST['size'])) ? trim($_POST['size']) : NULL;
     
    // Check for a price:
    if (is_numeric($_POST['price']) && ($_POST['price'] > 0)) {
    $p = (float) $_POST['price'];
    } else {
    $errors[] = 'Please enter the print\'s price!';
    }
     
    // Check for a description (not required):
    $d = (!empty($_POST['description'])) ? trim($_POST['description']) : NULL;
     
    // Validate the artist...
    if ( isset($_POST['artist']) && filter_var($_POST['artist'], FILTER_VALIDATE_INT, array('min_range' => 1))  ) {
    $a = $_POST['artist'];
    } else { // No artist selected.
    $errors[] = 'Please select the print\'s artist!';
    }
     
    if (empty($errors)) { // If everything's OK.
     
    // Add the print to the database:
    $q = 'INSERT INTO prints (artist_id, print_name, price, size, description, image_name) VALUES (?, ?, ?, ?, ?, ?)';
    $stmt = mysqli_prepare($dbc, $q);
    mysqli_stmt_bind_param($stmt, 'isdsss', $a, $pn, $p, $s, $d, $i);
    mysqli_stmt_execute($stmt);
     
    // Check the results...
    if (mysqli_stmt_affected_rows($stmt) == 1) {
     
    // Print a message:
    echo '<p>The print has been added.</p>';
     
    // Rename the image:
    $path_parts = pathinfo($_FILES["image"]["name"]);
    $extension = $path_parts['extension'];
    $id = mysqli_stmt_insert_id($stmt); // Get the print ID.
    rename ($temp, "../../../uploads/$id.".".$extension");
     
    // Clear $_POST:
    $_POST = array();
     
    } else { // Error!
    echo '<p style="font-weight: bold; color: #C00">Your submission could not be processed due to a system error.</p>'; 
    }
     
    mysqli_stmt_close($stmt);
     
    } // End of $errors IF.
     
    // Delete the uploaded file if it still exists:
    if ( isset($temp) && file_exists ($temp) && is_file($temp) ) {
    unlink ($temp);
    }
     
    } // End of the submission IF.
     
    // Check for any errors and print them:
    if ( !empty($errors) && is_array($errors) ) {
    echo '<h1>Error!</h1>
    <p style="font-weight: bold; color: #C00">The following error(s) occurred:<br />';
    foreach ($errors as $msg) {
    echo " - $msg<br />\n";
    }
    echo 'Please reselect the print image and try again.</p>';
    }
     
    // Display the form...
    ?>
    <h1>Add a Print</h1>
    <form enctype="multipart/form-data" action="add_print.php" method="post">
     
    <input type="hidden" name="MAX_FILE_SIZE" value="524288" />
     
    <fieldset><legend>Fill out the form to add a print to the catalog:</legend>
     
    <p><b>Print Name:</b> <input type="text" name="print_name" size="30" maxlength="60" value="<?php if (isset($_POST['print_name'])) echo htmlspecialchars($_POST['print_name']); ?>" /></p>
     
    <p><b>Image:</b> <input type="file" name="image" /></p>
     
    <p><b>Artist:</b> 
    <select name="artist"><option>Select One</option>
    <?php // Retrieve all the artists and add to the pull-down menu.
    $q = "SELECT artist_id, CONCAT_WS(' ', first_name, middle_name, last_name) FROM artists ORDER BY last_name, first_name ASC";
    $r = mysqli_query ($dbc, $q);
    if (mysqli_num_rows($r) > 0) {
    while ($row = mysqli_fetch_array ($r, MYSQLI_NUM)) {
    echo "<option value=\"$row[0]\"";
    // Check for stickyness:
    if (isset($_POST['artist']) && ($_POST['artist'] == $row[0]) ) echo ' selected="selected"';
    echo ">$row[1]</option>\n";
    }
    } else {
    echo '<option>Please add a new artist first.</option>';
    }
    mysqli_close($dbc); // Close the database connection.
    ?>
    </select></p>
     
    <p><b>Price:</b> <input type="text" name="price" size="10" maxlength="10" value="<?php if (isset($_POST['price'])) echo $_POST['price']; ?>" /> <small>Do not include the dollar sign or commas.</small></p>
     
    <p><b>Size:</b> <input type="text" name="size" size="30" maxlength="60" value="<?php if (isset($_POST['size'])) echo htmlspecialchars($_POST['size']); ?>" /> (optional)</p>
     
    <p><b>Description:</b> <textarea name="description" cols="40" rows="5"><?php if (isset($_POST['description'])) echo $_POST['description']; ?></textarea> (optional)</p>
     
    </fieldset>
     
    <div align="center"><input type="submit" name="submit" value="Submit" /></div>
     
    </form>
     
    </body>
    </html>

     

  15. For some reason the images I am uploading to my uploads folder are just showing as blank, the files are there but it is not showing them as images. It is written that the type of file it is is just File. and it shows the path to the image D:\xampp\htdocs\uploads.

    My add_print.php is just fine as far as I can tell. I tested it with the script written by Larry in the working files for this book, it doesn't work either. I checked my permissions for my uploads folder and they look fine too. 

     

    I am thinking the problem is maybe because no Mime type is specified for the images being uploaded. If that isn't where the error is, it is maybe in the code below, where my uploads folder is. it is specified as ../../../uploads. any help would be appreciated.

     

    if (is_uploaded_file($_FILES['image']['tmp_name'])){
    $temp = '../../../uploads/' . md5($_FILES['image']['name']);
    if (move_uploaded_file($_FILES['image']['tmp_name'], $temp)){
    echo '<p>The file has been uploaded!</p>';
    $i = $_FILES['image']['name'];
     
    or could the problem be below:?
     
    if (mysqli_stmt_affected_rows($stmt) == 1){
    echo '<p>The print has been added.</p>';
    $id = mysqli_stmt_insert_id($stmt);
    rename ($temp, "../../../uploads/$id");
    $_POST = array();

     

  16. I want to create a contact form that has an email field where the user can't enter any white space in the field, for example: test@ex ample.com

    I am using a spam scrubbing function taught to us in the book to clean user inputs. 

    I am using my variable like so.

    $email = strip_tags($scrubbed['email']);

     

    how can I add something like this $email = preg_replace('/\s+/', '', $email);

    to the existing $email = strip_tags($scrubbed['email']);

     

    I tried 

    $email = (preg_replace('/\s+/', '', $email)(strip_tags($scrubbed['email'])));

     

    and all sorts of variations to that. it doesn't work. 

  17. 2 problems with my code, the filter_var doesn't seem to work at all for any of my variables, also the spam_scrubber function doesn't seem to clean \r, and \n, when put in my contact form, it cleans all the rest though just fine. 

     

    <?php

    // resources.php 

    function spam_scrubber($value){

    $very_bad = array('to:', 'cc:', 'bcc:', 'content-type:', 'mime-version:', 'multipart-mixed:', 'content-transfer-encoding:');

    foreach ($very_bad as $v){

    if (stripos($value, $v) !== false) return '';

    }

    $value = str_replace(array( "\r", "\n", "%0a", "%0d"), ' ', $value);

    return trim($value);

    }//end of spam_scrubber function

    $scrubbed = array_map('spam_scrubber', $_POST);

    $comments = strip_tags($scrubbed['comments']);

     

    $url = $scrubbed['url'];

    if (isset($url)){

    filter_var($url, FILTER_VALIDATE_URL, FILTER_SANITIZE_URL);

    } else {

    echo NULL;

    }

    $url2 = $scrubbed['url2'];

    if (isset($url2)){

    filter_var($url2, FILTER_VALIDATE_URL, FILTER_SANITIZE_URL);

    } else {

    echo NULL;

    }

    $linkpageurl = $scrubbed['linkpageurl'];

    if (isset($linkpageurl)){

    filter_var($linkpageurl, FILTER_VALIDATE_URL, FILTER_SANITIZE_URL);

    } else {

    echo NULL;

    }

    $linkpageurl2 = $scrubbed['linkpageurl2'];

    if (isset($linkpageurl2)){

    filter_var($linkpageurl2, FILTER_VALIDATE_URL, FILTER_SANITIZE_URL);

    } else {

    echo NULL;

    }

    $email = $scrubbed['email'];

    if (isset($email)){

    filter_var($email, FILTER_VALIDATE_EMAIL, FILTER_SANITIZE_EMAIL);

    } else {

    echo NULL;

    }

    $pagerank = $scrubbed['pagerank'];

    if (isset($pagerank)){

    filter_var($pagerank, FILTER_VALIDATE_INT, FILTER_SANITIZE_NUMBER_INT);

    } else {

    echo NULL;

    }

     


    if (!empty($email) && !empty($url) && !empty($linkpageurl) && !empty($comments) && !empty($pagerank)){

     

    $body = "Email: {$email}\n\n Url: {$url}\n\n Url2: {$url2}\n\n Pagerank: {$pagerank}\n\n Linkpageurl: {$linkpageurl} \n\n Linkpageurl2: {$linkpageurl2}\n\n Comments: {$comments}";

    $body = wordwrap($body, 70);

    $headers = "From: {$email}\r\n";

    mail('email@example.com', 'Link Exchange Form Submission', $body, $headers);

    echo '<p><em>Thank you for contacting us.</em></p><div id="formecho"><h3>Form submission received, we will get back to you soon.</h3></div>';

    $_POST = array();

    } else {

    echo '<p style="font-weight: bold; color: #C00">Please fill out the form completely.</p>';

    }

     

    ?>

     


    <div id="form">

    <form action="linkexchangecontactform2.php" method="post">

    <p><b>Email:</b> <input type="text" size="30" maxlength="50" name="email" value="<?php if(isset($scrubbed['submit']))echo $scrubbed['email']; ?>" /></p>

    <p><b>Url:</b> <input type="text" size="30" maxlength="50" name="url" value="<?php if(isset($scrubbed['url']))echo $scrubbed['url']; ?>" /></p>

    <p><b>2nd Url (leave empty if you have just 1 website):</b><br /> <input type="text" size="30" maxlength="50" name="url2" value="<?php if(isset($scrubbed['url2']))echo $scrubbed['url2']; ?>" /></p>

    <p><b>Pagerank:</b> <input type="text" size="5" maxlength="10" name="pagerank" value="<?php if(isset($scrubbed['pagerank']))echo $scrubbed['pagerank']; ?>" /></p>

    <p><b>Link page url:</b> <input type="text" size="30" maxlength="50" name="linkpageurl" value="<?php if(isset($scrubbed['linkpageurl']))echo $scrubbed['linkpageurl']; ?>" /></p>

    <p><b>2nd Link page url (leave empty if you have just 1 website):</b><br /> <input type="text" size="30" maxlength="50" name="linkpageurl2" value="<?php if(isset($scrubbed['linkpageurl2']))echo $scrubbed['linkpageurl2']; ?>" /></p>

    <p><b>Comments:</b><br>

     <textarea name="comments" rows="7" cols="40"><?php if (isset($scrubbed['comments'])) echo $scrubbed['comments']; ?></textarea></p>

    <p><input type="submit" name="submit" value="Submit" /></p>

    </form></div>

  18. In chapter 10, in pagination, I am having trouble understanding why the background colors of the table will alternate based on the ternary operator used. I don't understand why $bg will change from #eeeeee to #ffffff. Before the ternary operator $bg is set to #eeeeee, and I don't see how that will change based on the code. Here is the code.

     

    $q = "SELECT last_name, first_name, DATE_FORMAT(registration_date, '%M %d, %Y') AS dr, user_id FROM users ORDER BY registration_date ASC LIMIT $start, $display";
    $r = @mysqli_query ($dbc, $q);
    echo '<table align="center" cellspacing="0" cellpadding="5" width="75%"><tr><td align"left"><b>Edit</b></td><td align="left"><b>Delete</b></td>';
    echo '<td align="left"><b>Last Name</b></td><td align="left"><b>First Name</b></td><td align="left"><b>Date Registered</b></td></tr>';
    $bg = '#eeeeee';
    while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)){
    $bg = ($bg=='#eeeeee' ? '#ffffff' : '#eeeeee');
    echo '<tr bgcolor="' . $bg .'"><td align="left"><a href="edit_user.php?id=' . $row['user_id'] . '">Edit</a></td><td align="left"><a href="delete_user.php?id=' . $row['user_id'] . '">';
    echo 'Delete</a></td><td align="left">' . $row['last_name'] . '</td><td align="left">' . $row['first_name'] . '</td><td align="left">' . $row['dr'] . '</td></tr>';
    }
    echo '</table>';
×
×
  • Create New...