Jump to content
Larry Ullman's Book Forums


  • Posts

  • Joined

  • Last visited

Everything posted by American_Buddy

  1. Hey CMGR, I think you're missing a set of parenthesis in your form validation. In the code you copied, you have: if (isset $_POST['distance'], $_POST['gallon_price'], $_POST['efficiency']) && is_numeric($_POST['distance']) && is_numeric($_POST['gallon_price']) && is_numeric($_POST['efficiency']) But it should be as follows: if (isset($_POST['distance'], $_POST['gallon_price'], $_POST['efficiency']) && is_numeric($_POST['distance']) && is_numeric($_POST['gallon_price']) && is_numeric($_POST['efficiency']) ) { Notice after the isset() you are missing the opening parenthesis (before $_POST['distance'], but you have the closing one after $_POST['efficiency']. Your also missing the final closing parenthesis after the '&& is_numeric($_POST['efficiency'])' -- there should be a second parenthesis. The parenthesis before the isset() and at the very end should essentially be 'wrapping itself' around all six of the validators (ie everything you're checking is TRUE via your IF statement). I also noticed in your html inputs, it you have this code: <p>Fuel Efficiency: <select name="efficiency"> <option value-"10">Terrible</option> <option value-"20">Decent</option> <option value-"30">Very good</option> <option value-"50">Outstanding</option> </select></p> HTML values, I believe, always need to be assigned with the equals (=) operator, so it should be like this: <p>Fuel Efficiency: <select name="efficiency"> <option value="10">Terrible</option> <option value="20">Decent</option> <option value="30">Very Good</option> <option value="50">Outstanding</option> </select></p> If you're getting this error: echo 'Please enter a valid distance, price per gallon, and fuel efficiency' it could be because the HTML inputs are not able to interpret the values of the radio options. Another cause could be because you have inconsistent naming in your doc. In this line: $dollars = $gallons * $_POST['gallon-price']; you name $_POST['gallon-price']; but in your HTML, you have it as 'gallon_price' -- which matches your PHP validation. Again, the HTML and PHP probably aren't able to communicate values when the naming is inconsistent or has an error. You should change that array value to 'gallon_price', so it looks like so: $dollars = $gallons * $_POST['gallon_price']; Lastly, and this may be nothing, in your form action, you have: <form action="calculator1.php" method="post"> is that the name of the file on your server? One other note, I noticed you said you use Dreamweaver -- I'd highly recommend downloading a text editor like Visual Studio Code, which will let you compare your code to Larry's code on the book's github. I haven't heard of anyone using DW in a the last several years, and VS Code is a free download with lots of plugins and extensions. It will highlight discrepancies which makes debugging and looking for syntactical errors much faster. I'd also recommend downloading and installing MAMP/LAMP and running your server via that application as well. Hopefully you're able to make the changes and get moving foward!
  2. Hey, I notice this thread is from 2018, but I can't seem to find any other information on it -- just let me know if I should make a new thread. Basically, I'm having the exact same problem as the OP from 2018 -- I've worked through ch. 13, and can add/register a new user by using the 13.7 password_hash() function. I've checked in phpMyAdmin and can see the new user, the hashed password, etc. I can also update the user from the edit page as well. For reference, I'm on PHP Version 7.4.12. Basically, when trying to do the login function from 13.8, I keep getting 'Error - the email address and password do not match what we have on file.' I've tested this with a few different usernames and pw's, and can assure the passwords are correct, but I keep getting the error. I've also tested the error reporting, and can say for certain the error is not being thrown by the if/else statement here: if (mysqli_num_rows($r) == 1) ...... } else { //Not a match $errors[] = 'The email testing address and password entered do not match those on file.'; But rather, the error is coming from here: if (password_verify($p, $row['pass'])) { unset($row['pass']); return [true, $row]; } else { $errors[] = 'The email testing2 address and password entered do not match those on file.'; } So, in the book, I noticed on the text of pg. 455 (5th edition) that it says to input this: $q = "SELECT user_id, first_name, pass FROM users WHERE email='$e'"; however in the visual examples, it says to use this code, which is also how the file on github has the code for 13.8 as well: $q = "SELECT user_id, first_name FROM users WHERE email='$e'"; I've tried running the code both with and without the 'pass' value in the SELECT function, but I keep getting the error. I'll post my code below, but basically, I'm just trying to see if there's a definite answer for what I'm doing wrong. In the thread above, someone mentioned needing the 'pass' and it makes sense, but there's conflicting information between the book elements, github, and the prior post. For reference, I've also compared my .php file to the 13.8 file on github, but can't seem to find the mistake I'm making on this one. One last note, I also tried commenting out the code from 'unset($row['pass'])) to see if that would help, but that also does not seem to be causing the issue. Here's my code as of now: <?php #Script 12.2 - login_functions.inc.php function redirect_user($page = 'index.php') { //start defining the URL... //URL is http:// plus the host name plus the current directory: $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); //remove any trailing slashes: $url = rtrim($url, '/\\'); //Add the page: $url .= '/' . $page; //Redirect the user: header("location: $url"); exit(); //Quit the script. } //End of redirect_user function. function check_login($dbc, $email = '', $pass = '') { $errors = []; //Initialize error array if (empty($email)) { $errors[] = 'You forgot to enter your email address.'; } else { $e = mysqli_real_escape_string($dbc, trim($email)); } if (empty($pass)) { $errors[] = 'You forgot to enter your password.'; } else { $p = trim($pass);//$p = mysqli_real_escape_string($dbc, trim($pass)); } if (empty($errors)) { $q = "SELECT user_id, first_name, pass FROM users WHERE email='$e'"; $r = mysqli_query($dbc, $q); if (mysqli_num_rows($r) == 1) { $row = mysqli_fetch_array($r, MYSQLI_ASSOC); if (password_verify($p, $row['pass'])) { unset($row['pass']); return [true, $row]; } else { $errors[] = 'The email testing2 address and password entered do not match those on file.'; } //return [true, $row]; } else { //Not a match $errors[] = 'The email testing address and password entered do not match those on file.'; } } //End of empty($errors) IF return [false, $errors]; } //End of check_login function. I really appreciate your help on this. Chapter 14 has been great so far, I just wanted to see if I could get some clarity on this matter before I forget about the issue coming up. Thanks Again in Advance!
  3. Okay, that makes sense, I was just confused how exactly the scripts were able to pick up on using the 'id' but I think you explained it well. Again, I appreciate you taking your time to help me solve this issue -- thanks again!
  4. Thanks Larry, that fixed it, by adding the opening quotation mark, it worked as intended. It's weird because learning the new concepts/syntax of php doesn't seem to be causing me problems, but like every time I hit a roadblock it's like bad HTML or something basic like having the wrong link set up. Anyway, I appreciate your help on this. Perhaps you could clarify for me, or point me to the right resource: I don't understand how the delete_users.php actually knows the 'id' value is the same entered for the user_id from the DB. <a href="delete_user.php?id=' . $row['user_id'] . '">Delete</a></td> Does the '?id=' in the a href itself work as assigning the the 'user_id' to the 'id' value? Unless I'm missing something, everywhere else in view_users and delete_users references the 'user_id', as does the db. I guess I don't see why we'd use $_GET['id'] instead of $_GET['user_id']? Again, thanks for your help on this!
  5. Hello all, I'm having an issue w/ Script 10.2, wherein I keep getting errors from the first part of the script, wherein you check for a valid ID via GET or POST. Basically, I've read online and most people suggest sessions, which is covered later in the book. I've read some past forums on this site, and I don't think there's an issue w/ the database, as I can add/update password, and view the database entries on the browser. For reference, I'm using PHP 7.4.12. In the browser, I can see the URL when I get to the error page, and the URL is displaying "?=57" or whatever each entry's user_id is. I've also tried to change the ['id']'s in the first if/else argument to ['user_id'], to see if they needed to match the column name in mySQL, but to no avail -- I still get the error message, and the same thing happened when I ran the PHP file from the book's website. When I do this exercise, I've ran it comparing it to Ullman's php file, and am not able to see what I'm doing wrong. Also, I've downloaded the book's php file for this script, and connected it to the view_users.php on my server, but I get the same error message: "This page has been accessed in error." My code looks like this: <?php #Script 10.2 - delete_user.php $page_title = 'Delete a User'; include('/Applications/MAMP/htdocs/Chapter 9/includes/header.html'); echo '<h1 style="margin: 100px">Delete a User</h1>'; if ( (isset($_GET['id'])) && (is_numeric($_GET['id'])) ){ //from view_users.php $id = $_GET['id']; } elseif ( (isset($_POST['id'])) && (is_numeric($_POST['id'])) ){ //Form submission $id = $_POST['id']; } else { //no valid ID, kill the script echo '<p class="error" style="margin: 100px">Jello This page has been accessed in error.</p>'; include('/Applications/MAMP/htdocs/Chapter 9/includes/footer.html'); exit(); } require('../mysqli_connect.php'); //check if for has been submitted if ($_SERVER['REQUEST_METHOD'] == 'POST'){ if ($_POST['sure'] == 'Yes'){ //delete the record //making a query $q = "DELETE FROM users WHERE user_id=$id LIMIT 1"; $r = mysqli_query($dbc, $q); if (mysqli_affected_rows($dbc) == 1){//if it ran okay //print a message echo '<p style="margin: 100px">The user has been deleted.</p>'; } else {//if query did not run okay echo '<p class="error" style="margin: 100px">The user could not be deleted due to a system error.</p>'; //public message echo '<p>' . mysqli_error($dbc) . '<br>Query: ' . $q . '</p>'; //debug message } } else {//no confirmation or deletion echo '<p>The user has NOT been deleted.</p>'; } } else { //show the form //retreive the user's info" $q = "SELECT CONCAT(last_name, ', ', first_name) FROM users WHERE user_id=$id"; $r = mysqli_query($dbc, $q); if (mysqli_num_rows($r) == 1) { //valid user ID, show the form //get user's information $row = mysqli_fetch_array($r, MYSQLI_NUM); //display the record being deleted echo "<h3>Name: $row[0]</h3> Are you sure you want to delete this user?"; //create the form: echo '<form action="delete_user.php" method="post"> <input type="radio" name="sure" value="Yes"> Yes <input type="radio" name="sure" value="No" checked="checked"> No <input type="submit" name="submit" value="Submit" > <input type="hidden" name="id" value="' . $id . '"> </form>'; } else { //not a valid user ID echo '<p class="error" style="margin: 100px">Hello This page has been accessed in error.</p>'; } } //end of main submit conditional mysqli_close($dbc); include('/Applications/MAMP/htdocs/Chapter 9/includes/footer.html'); ?> A quick note, I've commented out the exit() command in the first if/else argument, to see if that would change anything, and I get these errors: Since this whole thing depends on the view_users.php, I'll include that code below: <?php #Script 9.4 - view_users.php $page_title = 'View the Current Users'; include('/Applications/MAMP/htdocs/Chapter 9/includes/header.html'); echo '<h1 style="margin-top: 100px;">Registered Users</h1>'; require('../mysqli_connect.php'); $q = "SELECT last_name, first_name, DATE_FORMAT(registration_date, '%M, %d, %Y') AS dr, user_id FROM users ORDER BY registration_date ASC"; $r = @mysqli_query ($dbc, $q); $num = mysqli_num_rows($r); if ($num > 0) { echo "<p>There are currently $num registered users.</p>\n"; echo '<table width = "60%"> <thead> <tr> <th align="left"><strong>Edit</strong></th> <th align="left"><strong>Delete</strong></th> <th align="left"><strong>Last Name</strong></th> <th align="left"><strong>First Name</strong></th> <th align="left"><strong>Date Registered</strong></th> </tr> </thead> <tbody>'; while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) { echo '<tr> <td align="left"><a href=edit_user.php?id=' . $row['user_id'] . '">Edit</a></td> <td align="left"><a href=delete_user.php?id=' . $row['user_id'] . '">Delete</a></td> <td align="left">' . $row['last_name'] . '</td> <td align="left">' . $row['first_name'] . '</td> <td align="left">' . $row['dr'] . '</td> </tr> '; } echo '</tbody></table>'; mysqli_free_result($r); } else { //Public message echo '<p class="error">There are currently no registered users.</p>'; //Debuging message echo '<p>' . mysqli_error($dbc) . '<br><br>Query: ' . $q . '</p>'; } // End of ($r) IF mysqli_close($dbc); //close db connection include('/Applications/MAMP/htdocs/Chapter 9/includes/footer.html'); ?> I guess what I don't get is how the 'id' is recognized by the delete_users.php. I get how the hidden field passes the value in the URL via the <a href> in view_users.php, put shouldn't the if( (isset($_GET['id])) ) and so on's in the first if/else actually be looking for the 'user_id' value, rather than just 'id'? I truly appreciate anyone's help on this. Maybe I just need a set of 'fresh eyes' on it. Thank you all in advance!
  6. Hello all, I'm having an issue w/ Script 10.2, wherein I keep getting errors from the first part of the script, whereing you check for a valid ID via GET or POST. Basically, I'
  7. Lol, wow that was it. Literally just not double checking my form action in the HTML section was causing the script to be ran on the old, register.php. At least, I'll now know to double check that aspect, and hopefully won't make this mistake again. I really appreciate your help in figuring out this issue, even though it was a mistake in the HTML form action on my end, at least we were able to get it working. Thanks Again Larry!
  8. Hey, I'm going to test that new code you sent later today, but I've been busy on my end. Either way, I was looking into making this a prepared statement, and think I got that aspect figured out, but I noticed something that I think eluded me before. Essentially, we have the register.php for 9.3, originally made without the mysqli_real_escape_string, and at the bottom of which, we have HTML code, that creates the input, using form action="register.php". As I've been working on this, I noticed there was a typo that was displaying at the bottom of my screen, 'jj0j' via HTML. I found that same typo in the php file, when changing 9.3 to 9.5, so I deleted the typo, added the mysqil_real_esacpes, and saved the file (9.5) as register_safe.php. I then changed my header.html section to look like this: body> <nav class="navbar navbar-default navbar-fixed-top"> <div class="container"> <div class="navbar-header"><a class="navbar-brand" href="index.php">Your Website</a></div> <div id="navbar" class="collapse navbar-collapse"> <ul class="nav navbar-nav"> <li class="active"><a href="index.php">Home</a></li> <li><a href="register_safe.php">Register</a></li> <li><a href="view_users.php">View Users</a></li> <li><a href="password.php">Change Password</a></li> </ul> </div> </div> </nav> I then started to hit the snag, and I think I became 'blind' to this, but that typo I deleted from 9.5 'jj0j' started to show again in the error message, when I would not be able to insert a name w/ an apostrophe. On recently testing, what I'm noticing is when I click on the Register button on the header, I'm taken to register_safe.php. Same w/ View users. But, when I go to actually submit, I can submit any name w/o an apostrophe fine, but get the error w/ the apostrophe. I've noticed that my URL changes though upon hitting the submit button, so it'll start at: http://localhost:8888/Chapter 9/register_safe.php But when I click the submit button w/ o'hampton in the last name field, the URL changes back to: http://localhost:8888/Chapter 9/register.php I further tested this by adding test to the appropriate HTML, so the error would say '...this message is a test of new theory' but the standard default message from register.php only prints, along with the typo 'jj0J'. So then, I looked at the HTML form again, and noticed I did not update the <Form Action"=register.php"> to <Form Action="register_safe.php">. I changed this, so the from HTML now reads: <div style="margin: 100px;"><h1>Register</h1> <form action="register_safe.php" method="post"> <p>First Name: <input type="text" name="first_name" size="15" maxlength="20" value="<?php if (isset($_POST['first_name'])) echo $_POST['first_name'];?>"></p> <p>Last Name: <input type="text" name="last_name" size="15" maxlength="40" value="<?php if (isset($_POST['last_name'])) echo $_POST['last_name'];?>"></p> <p>E-Mail: <input type="text" name="email" size="15" maxlength="60" value="<?php if (isset($_POST['email'])) echo $_POST['email'];?>"></p> <p>Password: <input type="text" name="pass1" size="10" maxlength="20" value="<?php if (isset($_POST['pass1'])) echo $_POST['pass1'];?>"></p> <p>Confirm Password: <input type="text" name="pass2" size="10" maxlength="20" value="<?php if (isset($_POST['pass2'])) echo $_POST['pass2'];?>"></p> <p><input type="submit" value="Register"></p> </form> </div> However, after reloading the site, it looks like when I go to enter that name, the URL is still reverting to register.php, rather than running the form action from register_safe.php. It's like I have an incorrect link somewhere, where the form is wanting to use the code and error message from 9.3 register.php instead of using the form action of 9.5 to use register_safe.php. I know this is a different direction than you posted before, and I'll still run that test and let you know what come up -- but I wouldn't be surprised if there really isn't an issue with mysqli_real_escape_string, but rather an issue with the form action or page linking continuing to reference the code from 9.3 on submittal of the form's button, rather than running w/ and displaying the error code from 9.5. Let me know your thoughts on this hypothesis, thanks again for all your help, I'll post when I get a chance to run that code from your last post.
  9. No worries -- I'm cool to keep debugging it. Based on your prior response, I put this code on the page: if($dbc) { echo "$dbc"; } else { echo '<p>Submitted last name: ' . $_POST['last_name'] . '</p>'; echo '<p>Established charset: ' . mysqli_get_charset($dbc) . '</p>'; $ln = mysqli_real_escape_string($dbc, trim($_POST['last_name'])); echo '<p>Processed last name: ' . $ln . '</p>'; } And when I do so, I see this printed: So it prints the HTML elements, but not the information called by PHP. For reference, here's what my HTML code looks like on register.php, for the form inputs -- maybe there is an error here? <div style="margin: 100px;"><h1>Register</h1> <form action="register.php" method="post"> <p>First Name: <input type="text" name="first_name" size="15" maxlength="20" value="<?php if (isset($_POST['first_name'])) echo $_POST['first_name'];?>"></p> <p>Last Name: <input type="text" name="last_name" size="15" maxlength="40" value="<?php if (isset($_POST['last_name'])) echo $_POST['last_name'];?>"></p> <p>E-Mail: <input type="text" name="email" size="15" maxlength="60" value="<?php if (isset($_POST['email'])) echo $_POST['email'];?>"></p> <p>Password: <input type="text" name="pass1" size="10" maxlength="20" value="<?php if (isset($_POST['pass1'])) echo $_POST['pass1'];?>"></p> <p>Confirm Password: <input type="text" name="pass2" size="10" maxlength="20" value="<?php if (isset($_POST['pass2'])) echo $_POST['pass2'];?>"></p> <p><input type="submit" value="Register"></p> </form> </div> Thanks again for your help and insight!
  10. I do have an update on this topic, maybe it can help to shed some more light. I double checked my SQL in phpMyAdim -- and my tables have all been collated in utf8_general_ci, but the server collation (in phpMyAdmin) was set to: utf9mb4_unicode_ci. I changed the server collation to match utf8_general_ci, but it looks like the error is still persistent. I also changed the mysqli_set_charset() in mysqli_connnect.php to ...($dbc, 'utf8_general_ci) to see if that would have any affect, but it looks like that's not the case. I also accessed the mySQL from the terminal and could find/edit all entries there as well. I can also upload a name like 'o'shanuassay' from within phpMyAdmin or from the terminal, and that name will display correctly on view_users.php. A couple other tests that I did was to to test other special characters, like quotation marks and a hash tag, and those characters will upload to the database from the html form just fine. I believe this is to be expected though, as I gather the mysqli_real_escape_string() is designed primarily to escape those apostrophes, in this instance. I also put the CHARSET function in the register.php file, like so, to see if it wasn't being executed in the mysqli_connect file: $page_title = 'Register'; include('/Applications/MAMP/htdocs/Chapter 9/includes/header.html'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { require('../mysqli_connect.php'); mysqli_set_charset($dbc, 'utf8'); $errors = []; //initialize an error array. but even in putting that mysqli_set_charset() in register.php doesn't seem to change the process one way or the other. Another thought I had, is because the error code I'm getting comes from this section: $q = "INSERT INTO users (first_name, last_name, email, pass, registration_date) VALUES ('$fn', '$ln', '$e', SHA2('$p', 512), NOW() )"; $r = @mysqli_query($dbc, $q); if ($r) { echo '<div style= "margin: 100px"><h1>Thank You!</h1> <p>You are now registered. In chapter 12 you will actually be able to log in!</p><p><br></p></div>'; } else { echo '<div style="margin: 100px;"><h1>System Error</h1> <p class="error"> You could not be registered due to a system error. We apologize for any inconvenience.</p>'; //debug message echo '<p>' . mysqli_error($dbc) . '<br><br>Query: ' . $q . '</p></div>'; } // end of ($r) IF I'm wondering why this if/else function would essentially return $r as true when there is no apostrophe in a given input field, but then false/else if that apostrophe exists. On another note, I published this problem on another forum, and the users there basically told me to not use this mysqli_real_escape_string() function, but instead to use a Prepared Statement as it negates the need to escape in this instance. It looks like in Chapter 13 there's a section about the benefits of using this method instead. I'd hate to leave this unresolved, as I'd like to know what is going wrong to avoid it in the future, but do you think it'd be wise to just rewrite the code as a prepared statement as suggested? Again, I appreciate your time and input on this; Thank You!
  11. Thanks for the reply, Larry. I double checked my database in myPHP admin, to make sure it's using UTF8, and it says the collation is 'utf8_general_ci' but that's how all my databases have been set up, so I think that's good to go. I fixed the mysqli_connect syntax, but the issue is still happening where I can enter a name w/o an apostrophe, but not one including the special character. I had some issue printing the value of $dbc to confirm it's an object: require('../mysqli_connect.php'); echo "$dbc"; and got the error message: Recoverable fatal error: Object of class mysqli could not be converted to string in /Applications/MAMP/htdocs/Chapter 9/register_safe.php on line 110; I also tried: require('../mysqli_connect.php'); if($dbc) { echo "$dbc"; } else { echo '$dbc not working'; } and the else statement didn't print, but rather I got this error again: Recoverable fatal error: Object of class mysqli could not be converted to string in... I searched google, and it looks like trying to print the value of $dbc isn't working for me, because PHP is looking for mysql_fetch_array() or mysqli_fetch_assoc() to be used to pull data from the database, so maybe I'm misunderstanding how to print the value of $dbc in the browser? I can say that the records returned in view_users.php is working correctly for the existing records. I also checked the values of the database login information on phpmyadmin, and they appear correctly entered into my mysquli_connect.php script. I appreciate yourhelp on this. I'll keep working through this and let you know if I can find anything else on my end.
  12. Hey Larry, Thanks for getting back to me, I really appreciate it. Also, really digging the book, I'm starting to feel much more confident in the PHP and SQL -- the book and forum is very helpful in learning this, and this knowledge has helped me me a ton in my work, so thank you! Regarding your suggestion, I double checked my script, and it has the CHARSET in it, I'll attach that code below. One other thought I had is that it might have something to due with a setting in mySQL. In chapter 7, I can't remember the script, but I got an error, and upon reading the forums, I found out I needed to turn of 'ONLY_FULL_GROUP_BY' in mySQL DB - > Variables, due to a change in the most recent version of mySQL from the publication of the book. I was specifically looking to see if there was a setting/feature that has been put into place in either mySQL or PHP that would affect the php function in the last couple years, but I can't seem to find anyone mentioning that being the case. Do you think there is a setting in mySQL variables that may be overriding the php input of mysqli_real_escape_string()? Thanks again for your help and insight into this matter! <?php #Script 9.2 - mysqli_connect.php define('DB_USER', 'JohnS'); define('DB_PASSWORD', 'DumbDog2018!'); define('DB_HOST', 'localhost'); define('DB_NAME', 'book_db'); $dbc = @mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) OR die('Could not connect to MySQL: ' . my_sqli_connect_error() ); mysqli_set_charset($dbc, 'utf8');
  13. Hello, Basically, I'm on script 9.5, using mysqli_real_escape_string(). After making the changes to the 9.3 script, I went to enter the name information, but what's weird is this: I can enter a name if there is no apostrophe or problematic characters, but still can't add to the database if those characters exist. For example: I can connect to the database and insert a record using "Sinead Oconnor" -- and when I look in the database, I can confirm that is uploading correctly I get an error message if I try the same with "Sinead O'Connor" - and can confirm this data is not sent to the database. Through research and testing, it looks like I am opening/closing the database connections the same way as the written in the book. What's also weird is that if I go to the book's github, and download the file from the Chapter 9 folder, this same error occurs. Normally, if I've gotten stuck, I've downloaded the book resources to compare to my code, and see if the book's code will work, and every time, when downloading the books code, it will run the script and I can identify my problem. This time I'm stuck, because the php script is connecting to the database and updating, but not updating with an apostrophe in the name. I checked the PHP manual and stack overflow, and it doesn't appear the mysqli_real_escape_string is deprecated, so I just wanted to see if someone else could look at this w/ 'fresh eyes' and maybe spot what I'm not seeing. My PHP script is below. For what it's worth, the PHP version I'm on is PHP Version 7.2.8, and the error message I get is: ***You could not be registered due to a system error. We apologize for any inconvenience. . mysqli_error($dbc) . Query: INSERT INTO users (first_name, last_name, email, pass, registration_date) VALUES ('Sinead', 'O'Connor', 'jaz@music.com', SHA2('hello1', 512), NOW() )*** Thank you all in advance! <?php # Script 9.3 - register.php $page_title = 'Register'; include('/Applications/MAMP/htdocs/Chapter 9/includes/header.html'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { require('../mysqli_connect.php'); $errors = []; //initialize an error array. if (empty($_POST['first_name'])) { $errors[] = 'You forgot to enter your first name. '; } else { $fn = mysqli_real_escape_string($dbc, trim($_POST['first_name'])); } if (empty($_POST['last_name'])) { $errors[] = 'You Forgot to enter your last name. '; } else { $ln = mysqli_real_escape_string($dbc, trim($_POST['last_name'])); } if (empty($_POST['email'])) { $errors[] = 'You forgot to enter your email address. '; } else { $e = mysqli_real_escape_string($dbc, trim($_POST['email'])); } if (!empty($_POST['pass1'])) { if ($_POST['pass1'] != $_POST['pass2']) { $errors[] = 'Your password did not match the confirmed password. '; } else { $p = mysqli_real_escape_string($dbc, trim($_POST['pass1'])); } } else { $errors[] = 'You forgot to enter your password. '; } if (empty($errors)) { //If everything is okay //register user into database $q = "INSERT INTO users (first_name, last_name, email, pass, registration_date) VALUES ('$fn', '$ln', '$e', SHA2('$p', 512), NOW() )"; $r = @mysqli_query($dbc, $q); if ($r) { echo '<div style= "margin: 100px"><h1>Thank You!</h1> <p>You are now registered. In chapter 12 you will actually be able to log in!</p><p><br></p></div>'; } else { echo '<div style="margin: 100px;"><h1>System Error</h1> <p class="error"> You could not be registered due to a system error. We apologize for any inconvenience.</p>'; //debug message echo '<p> . mysqli_error($dbc) . <br><br>Query: ' . $q . '</p></div>jj0j'; } // end of ($r) IF mysqli_close($dbc); //closes db connection //inlcuding footer and quit the script include('/Applications/MAMP/htdocs/Chapter 9/includes/footer.html'); exit(); } else { //reports the errors echo '<div style="margin: 100px;"><h1>Error!</h1> <p class="error">The following error(s) occurred:<br>'; foreach ($errors as $msg) { //Print each error. echo " - $msg<br>\n"; } echo '<p>Please try again.</p><p><br></p></div>'; } //end of (empty($errors)) IF mysqli_close($dbc); //Close the db connection. } //end of main submit conditional ?>
  14. Hey Carbs, I appreciate the heads up on the white space, and tightened it up, but didn't see a difference. When I was doing that though, I looked at the whole file w/ 'fresh eyes,' and caught that I had missed an underscore in the validation check: && is_numeric($_POST['gallon price']) && -- there should be an underscore between gallon and price. I added the underscore and it worked perfectly. Thank you for your time looking this over for me! Crazy how a little slip up like that got me and bottlenecked my progress, but it's a mistake I'll likely not make as much in the future. Thanks Again and have a great week!
  15. Hello All! I'm hoping to get some help with my validation check on this exercise. Basically what's happening is the calculator will work, but only if I comment out the 'minimal form validation' php script. I read in an earlier post that it might have something to do w/ missing braces, but I don't think that's the case as I've looked at this code both in VS Code and Brackets and both show the braces as being balanced. I also don't get any errors when debugging or saving the .php file. I have a hunch it might have something to do w/ the radio options in the HTML portion, or the value of the fuel efficiency in the html, but I'm not sure, as the calculation is performed when I comment out the validation, so perhaps I have a mistake in that syntax. I've been looking at this on and off for the last 2 days and found/fixed some other errors, but I can't seem to find this one. I appreciate any help, and please don't feel you have to give me the answer outright, just a nudge in the right direction is all I am asking. Thanks Again! My Code: <?php #Script 3.5 - calculator.php $page_title = 'Trip Cost Calculator'; include('/Applications/MAMP/htdocs/Chapter 3 Files/includes/header.html'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { if(isset($_POST['distance'], $_POST['gallon_price'], $_POST['efficiency']) && is_numeric($_POST['distance']) && is_numeric($_POST['gallon price']) && is_numeric($_POST['efficiency'])) { //calculate the results $gallons = $_POST['distance'] / $_POST['efficiency']; $dollars = $gallons * $_POST['gallon_price']; $hours = $_POST['distance'] / 65; //printing results echo '<div class="page-header"><h1>Total Estimated Cost</h1></div> <p>The total cost of driving ' . $_POST['distance'] . ' miles, averaging ' . $_POST['efficiency'] . ' miles per gallon, and paying an average of $' . $_POST['gallon_price'] . ' per gallon, is $' . number_format($dollars, 2) . '. If you drive at an average of 65 miles per hour, the trip will take approximately ' . number_format($hours, 2) . ' hours.</p>'; } else { //Invalid submitted forms echo '<div class="page-header"><h1>Error!</h1></div> <p class ="text-danger">Please enter a valid distance, price per gallon, and fuel efficiency.</p>'; } } //leaving PHP and now making HTML form ?> <div class="page-header"><h1>Trip Cost Calculator</h1></div> <form action="calculator.php" method ="post"> <p>Distance (in miles): <input type="number" name = "distance"></p> <p>Avg. Price Per Gallon: <input type="radio" name="gallon_price" value ="3.00">3.00 <input type="radio" name="gallon_price" value="3.50">3.50 <input type="radio" name="gallon_price" value="4.00">4.00</p> <p>Fuel Efficiency: <select name="efficiency"> <option value="10">Terrible</option> <option value="20">Decent</option> <option value="30">Very Good</option> <option value="50">Outstanding</option> </select></p> <p><input type="submit" name="submit" value="Calculate!"></p> </form> <?php include('/Applications/MAMP/htdocs/Chapter 3 Files/includes/footer.html'); ?>
  • Create New...