Jonathon

Most foreign keys are usually numeric Id fields from other tables, so they would normally be integers.

Quickly looking at this you're right. I would guess Larry does it like that as there are times you will have various foreign keys within one table and it's just a clearer way to to workout what the key represents.

No problem, just pop back if you have any other queries

Hi, I think if you change `somecompanyname` to 'somecompanyname' will work as you're using backticks for a string let me know how you get on

No I'm not asking questions on security. I just found a couple of apps and thought I'd try them out. I wasn't even after an app I just read a post somewhere and someone said look at these. You know as you do wandering around the net

Well, they come next week, I've got another book to read first then I'll read them.

I'm sorry I don't understand what your asking.

Well I understand why you may feel like that. I quite enjoy this forum because it's smaller and we all have a common factor. I.e - larry's books. I also understand why you could be thinking negatively about the whois records check. But there's nothing they can actually do with the info, I'd just put it down to curiosity. Bottom line is for me, it's a nice forum, people happy to help each other out and we've all got the reading topic in common.

I see what your saying HartleySan. I've never really thought about it to be honest, but I'm always interested in peoples thoughts. Have you got PHP5 advanced? Larry calls his images through a script, so I just assumed this was probably the better way to go. I think I'll have a look around (at some point), see what I can find on it. Yes tonywuk I'm aware of this, but thanks for taking the time to reply.

Out of interest HartleySan why does it bug you using the php as source? I haven't used php in image manipulation that much so I'm interested on your ideas. I thought it was the only way to use on the fly images inside a html page, as the headers would have already been sent??

Your suggested code is something quite similar to what I would have suggested. But as I wrote my post it was quite late where I am. I would think that by keeping the url in a session and then logging out and using the Location redirect as HartleySan correctly referenced would let you achieve your goal. That's how I would have tried to do it. Keep us posted how you get on

To update this post. I've just bought both of these books, so look forward to reading them and giving my feedback for any one who is interested.

I forgot that I started this post and then didn't finish it off. In short, I struggled with Burpe suite, it seemed pretty complex or I was doing something very wrong. And the damn vunerable web app. Was better in that it showed you levels of php security. For instance XSS it would show the low level php code that allowed the XSS to wrok then you could adjust the settings in order to show higher levels of secure php coding that stopped xss being implemented. However from watching video on youtube about it, it seemed to expect that you yourself knew how to do various types of web 'attack'. Such as CSRF and others. Perhaps I missed something.

Is it wrong that this post made me want to check your whois records? (I haven't by the way). **UPDATE: Found the post, I hadn't seen the foresaid post**

Hi Tony, For me it would be easier if you posted all your code, as I like to get a proper feel for it

Hi Matt, Updated: Why can't you just add a redirect after you've logged out that takes the user back to the index page? What kind of errors did you get?

Page 208 perhaps?I've only skimmed the pages but the same principles apply. You store either the full path or a filename and then work your while loop in order to generate the relative or absolute path to the image. If you look you'll see something like: Src="/products/' . row['image'] . '". All this is doing is giving most of the file location hardcoded into the while loop and your just looping over the image column to swap in the correct filename.jpg for the product. Hope that helps

I just copied your code to my editor and your single quotes were'nt actually single quotes. Once i replaced your quotes that seemed to be in between a back tick ` and a single quote ' it worked fine.

I am also based currently in England and it would be useful. But I'm also sure that paypal provide a lot of documentation and help in general for using website pro. It might be a good idea to check their docs as you might find the answer your after. I can't speak for Larry, but for reading between the lines of his newsletter/blogs he's busy writing the 4th edition of php and mysql, but from memory I do remember him saying he'd look into it for Larry L.

Hi i'm not 100% sure what your set up is here. When you say Do you mean that when you try to open handle_form.php it won't open it and tries to open it in your editor. If so what URL are you trying to open the file with? It also could be helpful that you post your code for the two files using the code tags. As i'm still not 100%sure if this is a set up error or coding error

Thanks to both of you for going the extra mile to try and explain it, because I didn't know of the top of my head. Admittedly I havent re-checked the book or any sources. I must have just blazed past it as I read the book as it was early on and I just wanted to read too much. I understand (I think now). Sometimes though I find with some examples that although I understand the logic. I don't really understand a real world example of where I'd use it? Would anyone know of any?

Hi Ryan, Yep I can try help you figure it out. What I would say is wrong here is that you are running the mysqli_num_rows query in the wrong place. You need to take the input from the form, in particulary the email and query the database to see if it returned any rows. This is because if it doesnt return 0 rows then the email alaready exists in the database so you don't need to bother processing the form. If it does return 0 then it's ok to try and add the record as you know there is nobody else in the system registered with that email. So in short process all the inputs such as: if(empty($_POST['email'])) { $errors[]='You forgot to enter your email address'; }else { $e=mysqli_real_escape_string($dbc, trim($_POST['email'])); } Then if there ok Query the database to see if the email supplied exists. Then once you've done this query run the if (mysqli_num_rows($r) !=0)) { Then if the query does return 0 then use the big query you used to submit the data to the databse as you have validated all the inputs and checked that the email doesn't exist either. Let me know how you get on too.

Hello Shakey There is an in depth discussion on this topid already. Terry amongst others provided lots of useful information. So you can search the forum for 'base uri' and I'm sure you'll find it. However to help you know, there is no way your base-url is www.google.com. I don't use Wamp, but perhaps your base-url will be more like 'C:\wamp\www\ecommerce1\' Let me know how you get on. But look into the topic alreasy on here

That's ok Josee. I'm going to get the book out in a bit and have a look over that section. See if I can figure the rest of your question out.

Hi Josee, I don't think I can help you with all of your questions, but I think the count number can be achieved by using a static variable. function() { static $n = 1; echo $n; } I think , please let me know how you get on.