Lou

I also got another verification to work... creating a captcha image with the gd library. In the example I learned from, the user's $_POST input is also matched against the image's value which is stored in a... session! I guess you need to store the original value in a session so it matches when the form is submitted, because if the math problem or captcha phrase is random, it will always change and not match the original value. Would it be more secure to store the original value (in a session) with sha1 encryption, and then match the $_POST with the sha1 version of the original? Can you use sha1 on numbers too? (say, 15+20 = 35)

Here's the rough code, without strong checks on the $_POST yet. First part is the rough validation routine. if (empty($_POST['answer'])){ $errors['answer'] = 'Please answer the question'; $flag = true; } elseif ($_SESSION['sum'] == $_POST['answer']){ $answer = true; $flag = false; } else { $flag = true; $errors['answer'] = 'Incorrect answer.'; } This is the HTML section with embedded PHP. I will put the random number section in a function eventually. <p> <?php $num1 = rand(10, 100); $num2 = rand(5, 50); $sum = $num1 + $num2; $_SESSION['sum'] = $sum; ?><Label for="question">What is <?php echo $num1 . ' + ' . $num2 . '?'; if (isset($errors['answer'])) {?> <span class="error"><?php echo $errors['answer'];?></span><?php }?></label><br> <input type="text" name="answer" id="answer"></input> </p>

I wrote a script that generates two random numbers, adds them together, and stores the sum. On my form, I simply ask the question "what is $num1 + $num2?" If the user enters the correct answer when the form is submitted, the mail function sends the comments via email. At first I stored the sum in the $_POST variable $_POST['sum'] in another variable, such as $sum. However, no matter what the user enters as an answer, it's marked incorrect on form submission because loading the form generates two new random numbers, and thus a new sum. I only got this to work correctly by storing the sum in a session, such as $_SESSION['sum']. Only then, does the answer submitted by the user verify with the sum of the original question. Does this make sense? Am I coding this correctly by storing the answer to the original question in a session? Or is there a way to store the proper answer without using a session or a hidden input? In $_POST, for example. Thanks, I'm really starting to understand PHP and writing my own scripts (that work) is very exciting.

Larry, For connecting to a database, do you usually use mysqli (object oriented or procedural) or the PDO extension? Any reasons why you use one over the other? One book I'm reading recommends using PDO for new web development.

Well I do read other books but I always come back to yours for clarification on some issues. Some books cover more material but use a lot of user made functions that have the reader bouncing back and forth to figure out what does what. Sometimes it's too convoluted to make sense of, sadly.

Yes you can create your own cookie instead of letting the session create one and give it a short time limit. I read about this in the "PHP and MySQL Web Development" book by Luke Welling. A book pretty much useless except for a few nuggets of info. Larry writes the cleanest code of any author I've read.

I could destroy the session and cookie after the registration is done. This is just a sample registration form that i'm using to learn about multipage forms. The first form is 3 text inputs, you proceed to the next form, which is just one input. Then the three session variables and one post variable get sent to the database. After that point, I destroy the session variables. It's just that register2 page that I don't want people to be able to access for very long after they fill in the first page. I'm close to figuring this out.

But isn't a cookie sent automatically when you start a session, with the same name as the session? I can over ride this cookie and add a time limit? But won't that make all of my $_SESSION variables have that time limit? I only want the $_SESSION variables associated with page 1 of the form to have that short time limit. Confused... read three books on sessions and only one so far has even talked about time limits on sessions... PHP Solutions by David Powers.

It comes with mercury mail? the linux version doesn't.

LOL, easy. I was thinking you could only do that with a cookie. Thank you.

@Hartley... How would I have a flag variable though? I'm redirecting to register2.php with a header. So I can't use a hidden input on register.php, since that would only be available to the processing script, which would be register.php. If I store the flag variable in a session, it will always be available after the first time a user fills out register.php successfully. If they later decide not to finish the 2nd part, and go to different pages on the site, they could go directly to register2.php without first refilling out the first form. I have to think about this.

Another quick question... How do I block users from accessing 'register2.php' without first completing 'register.php'? I tried checking if the $_SESSION variables are set (at the time $_POST is validated I also assign it to $_SESSION['something'] so I can pass it to the next page via a location header), but if the user sets them once (say they fill out register,php, then get to register2.php, then decide they don't want to sign up) so that doesn't work. I also tried using hidden inputs until i realized hidden inputs only work on the action page, and i'm using headers to redirect.

Larry, I think I figured it out. I feel so stupid... just use a header redirect to 'register2.php' once everything is validated on register.php, right? Then send the data to the database... the $_SESSION variables from page 1, mixed with the $_POST variable from page 2. You must have said it a bunch of times in your books... after awhile you see the same techniques used to accomplish other tasks. This is what I'm talking about... deep inside my brain I should know what to do, but I just can't put 2+2 together. I was so busy trying to think how to get to the 2nd form page with the form action, that I completely forgot about my knowledge of headers and how you can redirect, change the content type (to say, send text instead of html), etc.

Larry, I asked about multi page forms a few months ago, you explained it a bit, but I still can't figure it out. I understand that you have to use a combination of $_SESSION and $_POST variables to jump from page to page and then insert the data into the database... however... If the first form page has say, 3 text inputs (username, password, and confirm password) and I want the second page to have one text field for their email address, I don't understand how to accomplish this if the first page displays and processes the form. The form action is "register.php" and it processes and displays the form. If I set the form action to "register2.php", the page that contains the other input I want filled out, the items on the first page never get validated. Yes, 3 text inputs on one page and 1 on the other is not a good use of a multi page form, but I wanted to keep it simple until I figure it out. After the validation routines on the username and password fields, each gets assigned to the variables $username and $password. Also, I assign $_SESSION['username'] and $_SESSION['password'] the values of $username and $password, respectively. But how do I get to the next page (register2.php)? I know I can use the session variables on that next page, and when THAT page is completed, I can send the $_SESSION variables from page 1 and the $_POST variable from page 2 to the database. I just don't see how to validate page 1, then go to page 2 if the form can only have one action. Any help is appreciated. -Lou

Does anyone here use Netbeans? I'm coding on Linux and enjoy using Netbeans, but I can't seem to save a file outside of the project folder, which is bad news for the sql script. Any ideas?

Plus the way I've been working is strange... I read mostly, I don't like sitting down to code until I have a clear picture of what I'm doing. I'm trying to read every book I can and do the examples. There are a lot of PHP books.

Well, I'm working on a buying/selling site, and I'm just not sure how to finish things... actually allowing users to buy/sell items... how to code that section of it all. how i'm going to handle uploading item photos/how to display them on the auctions, basically all the necessary things. Most books show how to make login forms, create areas for users once logged in, pagination, handling sessions, etc, but it's difficult for me to write code for the important stuff. I'm just clueless until I see how it's actually done. I guess I have some more reading to do (working through Wrox PHP and MySQL right now). I know books aren't going to sugar coat it and show you exactly what to do (well they will, but only for the basics) but I just have a hard time figuring out what i'm doing.

Yes, the book mentions using the extract function. Can you demonstrate it so I can see what you're talking about? Thank you.

I was laid off in early 2009 (i'm an accountant) and became fed up with the current economy. At least in my area, after finishing college with a degree in accounting, I landed a few jobs that lasted only 6 months to 1 year. I was only brought in to do special projects (fix their bank reconciliation problems, etc) and then let go. Or, I was hired but then a year later they decided to outsource their business and I was let go as part of that downsizing. For those reasons I decided to learn web design/web programming in hopes to have my own side business and make some good money, while also having the ability to work in accounting. The more things you know, the better, right? I've purchased just about every PHP, MySQL, HTML, and CSS book out there. I was originally a programming major the first time I went through college but I couldn't keep up with the math and had trouble understanding C++ when it got too abstract. However I switched to accounting and it was right for me. But because of my earlier problems trying to learn C++, I was worried I couldn't learn PHP programming or anything in depth as far as web programming. At first, it was difficult to read through your books and other PHP books. Your PHP for the Web Volume 3 was the best though, along with your PHP and MySQL for Dynamic Web Sites (love your explanations for pagination and verifying accounts via email). It took several months to start to understand it, and I was always in a rush to start coding. I remember reading through half of your book and then sitting down trying to code and not knowing what I was really doing (things didn't really start to click for me until I realized PHP programming is basically all about storing things in variables and then manipulating those variables with other functions). I opened Notepad and was clueless. Notepad! When I got a list of errors I was counting each line trying to find what line the error was on. For whatever reason, it was only weeks later that I started to actually "read" your book and realize that I needed either Notepad plus, Netbeans, or some other IDE. Over time I've discovered and installed Linux, Netbeans, XAMPP, etc. Now i run both Windows 7 and Linux on my laptop (Linux is for web development, Windows 7 is for fun). Two years ago I wouldn't have dreamed I could learn so much and have a decent grasp of HTML (the easiest), CSS 2.1/3 (the most fun), or how PHP and MySQL work together. Even though i used the net since... 1992/93 (Prodigy) I never really sat down to try to learn how the web worked, or how to program for the web. In the beginning I was very confused by "web root" and "outside the web root", IDEs, etc. But at some point more things started to click and things started changing. I can understand HTML/XHTML and validate my pages. I see how the structure is laid out, and how CSS is used to style sites into 2/3 column, etc. And I also see how PHP and MySQL fits in and can write code for logging in, out, creating dynamic headers and footers, etc. Learning all of this from your books has been an eye opening experience, even though it has taken me almost 2 years to become a low moderate/moderate programmer. However I still have not completed my dream of finishing a PHP driven website. I still need more work on joining multiple tables, getting more comfortable with SQL, and the like. I get so far but then just can't get over the hump yet. I guess it doesn't help that I want to keep reading and have a broad overview of what's going on before I sit down and code. I made the mistake before of trying to code things without a good plan, jumping back and forth between html, css, php... and it was just a mess. Eventually I wouldn't know what to do next, then would try and read some advanced topics like AJAX. It seems as if the book learning will never end. I have however concentrated my PHP efforts on all three of your PHP books (PHP for the Web, PHP and MySQL, and Advanced PHP) along with Head First PHP and MySQL, and PHP Solutions by David Powers. Your books, along with the other two I just mentioned, are by far the best. You are my favorite author by far. Thanks for reading. I just wanted to get some comments and see if anyone else who is an avid reader of these books has suffered the same problems in finishing a site. Thanks for reading!

I picked up Rasmus Lerdorf's "PHP Pocket Reference" and he talks about dynamic (variable) variables and I'm a bit confused. $var = 'hello'; $$var = 'World'; I understand that the name of $$var will be set to the value of $var. Therefore $$var becomes $hello and has a value of 'World'. However, later he talks about variable variables with arrays. $array['abc'] = 'Hello'; $array['def'] = 'World'; He says you can turn these entity names into variables with the following code: foreach $array as $index->$value{ $$index = $value; } That would make each array index a new variable named as the index. $abc = 'Hello' and $def = 'World'. But why wouldn't it work without using variable variables? Is it because $index will keep getting overwritten with a new value? foreach $array as $index->$value{ $index = value; } Thank you for any clarification you can give.

This is a great new edition, but I think using the mysql function was a mistake. New PHP books should use mysqli instead. Why did you use the older version for this book?

Hi, I'm still working on my website with the help of this book but I'm confused again about something that should be quite simple. When using PHP to bring the header, content page (registration, login, other page), and footer together, what do you do if you want certain pages (such as a registration page) to have a different style, such as 2 columns compared to other pages that have say, 3 columns? Do you just build your registration page that's 2 column with different divs and classes (for css), and then include a different header or footer if need be? the way the book outlines it, every page will be the same, be it 2 or 3 column for your main template.