Jump to content
Larry Ullman's Book Forums


  • Posts

  • Joined

  • Last visited

Everything posted by mmichals

  1. Can you please explain what you mean when you say "failing to use mysqli_real_escape_string() will cause your query to break"?
  2. An error occurred in script '/home/XXXXX/XXXXX.com/includes/config.inc.php' on line 101: Function get_magic_quotes_gpc() is deprecated I use DreamHost and they are now suggesting running PHP 7.4. According to this post on stackoverflow, we don't need to sanitize input: https://stackoverflow.com/questions/61054418/php-7-4-deprecated-get-magic-quotes-gpc-function-alternative/61260285 So how should the following code be updated? function escape_data($data, $db) { if(get_magic_quotes_gpc()) { $data = stripslashes($data); } return mysqli_real_escape_string($db, trim($data)); }
  3. Hi Larry, Not sure if you are still running these forums... I gotta say this book allowed me to start a business with no limits and for that I am very grateful. I wish you could teach me more. I'm currently getting PHP error log messages related to the function escape_data() part of the code - due to deprecation in the newer versions of PHP. All of my code is written using procedural code. So without changing hundreds of files to prepared statements, how would you replace the escape_data() portion of code to keep input data safe? I am filtering all data using unique regex for each input and, of course, the escape data() function. So how do we replace the escape_data() function? // Check for a first name: if ( !empty($_POST['contact_us_first_name'] ) && preg_match( '/^[A-Z \'.-]{2,20}$/i', $_POST['contact_us_first_name'] ) ) { $contact_fname = escape_data( $_POST[ 'contact_us_first_name' ], $dbc ); } else { $errors_array['contact_us_first_name'] = 'Please enter your first name!'; } // Check for a last name: if ( !empty( $_POST[ 'contact_us_last_name' ] ) && preg_match( '/^[A-Z \'.-]{2,40}$/i', $_POST[ 'contact_us_last_name' ] ) ) { $contact_lname = escape_data( $_POST[ 'contact_us_last_name' ], $dbc ); } else { $errors_array[ 'contact_us_last_name' ] = 'Please enter your last name!'; }
  4. Yes, please. I'd like to add Summernote to my textareas and I'm just trying to figure out the best way to protect against code injection, etc...
  5. In my Stripe Dashboard it says my API version is out of date. What is required to upgrade to the latest version of the API? It's great that Stripe outlines all changes since you start using the API. But how do I know what changes need to be made? Do you have any errata to make the previous code still work but upgrade to the latest version of the API at the same time?
  6. In my case it's for a real estate website, so I added a column "active". This will allow me to track which properties users are adding as a favorite and then removing that same property. It also allows me to reach out to buyers and see what they like and dislike. In the users dashboard this will be helpful for the user to re-activate any favorites he may have removed by mistake. Thanks for your quick responses, Larry. Always appreciated. So when are you writing a book about using Stripe's Connect platform? I want to get my head around that next
  7. OK, Larry. I've never used the network tools in the browser. What are they? How do I use them on Chrome? I'm assuming Internet Explorer is probably not as good for this? There was an error in the ajax/favorites.php script. My hosting provider does not allow REPLACE queries. So I had to change the code to an INSERT query.
  8. I tried to implement the code in Chapter 14 for adding favorites and it's not working. How can I see what the problem is considering it's using an AJAX call?
  9. It's great that Stripe have created a solution for this use case scenario! I think I can do this. Thanks again, Larry! You're the boss!!!
  10. Okay, so that will allow me to capture the token from the Customer object when performing the initial single charge and then use that same token to start a subscription at a later point in time (more than 7 days after initial credit card charge) without asking the customer for the credit card info all over again? So how do I capture the Customer object's token using your single charge script? Do I get that info back from the Stripe server as part of the response to your single charge script? Or do I have to make a separate call to Stripe's server after we receive the initial token confirming successful credit card processing? Also, I'm assuming I would need to make sure the credit card can still be charged (i.e., that it's not maxed out) at the time that it will be used? Or does Stripe do that for me and notify me if there are any problems? Would the same possible errors/problems be received from Stripe's server as when making a single charge? We already have a "customers" MySQL table, so I guess it would be logical to save the customer token there, correct?
  11. Do you know of any good books out there that cover this subject matter, as well as, Stripe Connect for a different website?
  12. I should say the Stripe token, not charge ID. Or is it maybe that I should be using the charge ID? I don't know how to make this work. Can I make a call to the Stripe server to charge the same customer to start a Stripe subscription? What calls would I need to make? I'm sure there's a way to do this. I need to get the site up and running asap. Thanks, Larry!
  13. I have a for-sale-by-owner real estate website that I want to charge a monthly listing subscription fee to keep a property listing active. But I also need to pre-sell my monthly subscription service to customers so that I don't lose business to my competitors ahead of the Spring/Summer home selling market. Thanks to your wonderful book, I have the single Stripe charges working successfully. So I'm basically charging the customer for their first months' subscription upfront without knowing when the customer will actually initialize their property listing in the coming weeks or months (note: these pre-sale subscriptions will expire after 6 months of inactivation). Each customer goes to their dashboard after logging in. The dashboard lists property listings that have already been previously activated, as well as, purchased property listing subscriptions that have not yet been activated. It is on this page that I would like to add PHP code that would create a new Stripe recurring payments subscription when the customer clicks the "Activate Listing Subscription" button. The first month of the Stripe subscription would be free considering the customer has already paid for the first month when the customer initially purchased the listing subscription service. I have already created the Stripe plan for this payment scenario where the customer gets billed a monthly subscription fee after the first free month. My question is how can I start a Stripe subscription without asking the customer for all of their credit card payment information again? (You can imagine that for a customer who wants to activate their listing subscription right away, having to input their credit card info a second time would be very frustrating - and for that customer I can use the same Stripe charge ID to start a subscription in the same PHP script that processes the initial purchase. What information from Stripe can I save in my database that I can use to process a Stripe subscription in the future?
  14. I have a contact form on my site. I'm using the book's methods to validate POST data from a textarea input field called "contact_info". if ($_SERVER['REQUEST_METHOD'] == 'POST') { ... if (empty($_POST['contact_info'])) { $contact_errors['contact_info'] = 'Please enter a comment.'; } elseif (preg_match('/^[A-Za-z0-9.,-$?!]*$/', $_POST['contact_info'])) { $_POST['contact_info'] = str_replace(' ','',$_POST['contact_info']); //remove all spaces $_POST['contact_info'] = trim($_POST['contact_info']); //remove any space before or after any characters $_POST['contact_info'] = escape_data($_POST['contact_info'], $dbc); // add htmlspecialchars ??? // anything else ??? } else { $contact_errors['contact_info'] = 'Your comment contains inappropriate characters. Allowable characters include letters a to z, letters A to Z, numbers 0 to 9, as well as, period, comma, exclamation mark, question mark, dollar sign and hyphen.'; } ... } <form method="post" accept-charset="utf-8"> ... <?php create_contact_form_input('contact_info', 'textarea', $contact_errors); ?> ... </form> What is the most secure way to validate user input from a textarea field?
  15. Hi Larry, I don't see the Stripe folder you are referring to in the book when I go to the stripe-php/lib/ folder of the downloaded . So what files do I need to copy to my website's directory to make everything work? Michal
  16. HI Larry and all, In Chapter 15 (pp. 508) of the 2nd ed., point #6 states "Copy the Stripe.php file and the Stripe folder from the downloaded file to your site's directory." I downloaded the latest version 3.12.1 of the Stripe PHP files from https://github.com/stripe/stripe-php/releases, but there is no Stripe folder existing in the lib folder. I did find the Stripe.php file though. Question is where do I find the Stripe folder and all the files needed that are in that folder? Do you have a list of which files are required on my server? Has the PHP ZIP file changed? Thanks in advance as always!
  17. Hi Larry, I'm just wondering what is the syntax that needs to be used when adding additional options at the end of a create_form_input() form input? For example, I want to create a textarea with 5 rows by default. So how do I add rows="5" to the textarea html? <?php create_form_input('info', 'textarea', 'Provide info:', 'placeholder', $errors, ?optionsArray? ); ?> where function create_form_input($name, $type, $label='', $placeholder='', $errors = array(), $options = array()) Michal
  • Create New...