Search the Community

What is the difference between mysqli_real_escape_string and escape_data(). When should we use escape_data() as opposed to mysqli_real_escape_string.

In chapter 4 if I click on the Account tab once logged in, no links appear that allow me to change my password or logout, the account link is a dead link?. It is supposed to give me the option to logout and other links too. I am using the files from the download on this site. I finally found the problem, there is no bootstrap.min.js file in the downloads for this book. That is why the dropdown menu wasn't working. I went to the bootstrap site and downloaded and now it works fine. This really should be in the download files...

In the ecommerce book, in chapter 3, you include files like so: include('./includes/header.html'); doesn't include('includes/header.html') do the same thing? Why use the ./ I don't understand. This wasn't covered in the other book I read from you php and mysql 4th edition.

I'm used to using $_POST to handle my form data. In chapter 2, Mr Ullman states to use $_REQUEST. I did look up $_REQUEST on php.net and it says that it contains data for $_GET, $_POST, and $_COOKIE. Does that mean I no longer need to bother with $_GET or $_POST and just use $_REQUEST going forward? Sorry for the amateur question. I've done some PHP programming in the past and I'm trying to get back into it (hopefully in the correct way). Thank, James

Here is my directory structure currently in the public html folder. uploaded_images (folder) allmyotherphpfiles.php allmyotherphpfiles.php allmyotherphpfiles.php allmyotherphpfiles.php Should the uploaded_images (folder) be stored outside the public html folder, so that hackers can't hack that folder, or is it safe to leave my folder like it is now.

I have a website that I am going to turn into a store and I am reading your book. It says that it might be best to use an ssl connection only on pages where it is needed. I don't know how to implement ssl only on specific pages. How do we do that. Right now I only know how to either add it to every page using the .htaccess file or not at all. What code do I use to only make some pages secure? Because if I only use https on some links, if I click on a page of my site that doesn't have https and then click on a page that does, my browser then makes all the other links I click on in my site use https too. Is that normal. That is also after I remove my .htaccess code that makes all pages contain https.

Spammers are sometimes visiting my new website and entering false data in my register.php script. The result is that they don't register and several php error log messages are emailed to me. I get an error message email for each form field that has an undefined index. I would like to know how to stop getting these emails. Here is a copy of a section of the error message email. An error occurred in script '/home/strawb15/public_html/examplesite.com/register.php' on line 40: Undefined index: emailArray ( [_GET] => Array ( ) [_POST] => Array ( [username] => hebirchfijose [usermail] => aulbachpuid@sohu.com [userpass] => E970d483- [usersex] => 1 [userliving] => 16 [bdayy] => 1930 [bdaym] => 3 [bdayd] => 12 [imgcode] => [formsubmit] => Y [submit] => 確定 ) [_COOKIE] => Array ( ) [_FILES] => Array [_SERVER] => Array ( [CONTENT_LENGTH] => 173 [CONTENT_TYPE] => application/x-www-form-urlencoded [DOCUMENT_ROOT] => /home/strawb15/public_html/examplesite.com [GATEWAY_INTERFACE] => CGI/1.1 [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;image/png,image/jpeg,image/*;q=0.9,*/*;q=0.8 [HTTP_ACCEPT_ENCODING] => gzip [HTTP_ACCEPT_LANGUAGE] => en-us;q=0.7, en;q=0.3 [HTTP_CACHE_CONTROL] => max-age=259200 [HTTP_CONNECTION] => keep-alive [HTTP_HOST] =>www.examplesite.com [HTTP_REFERER] =>http://www.examplesite.com/register.php [HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 [HTTP_VIA] => 1.1 117-30-149:55336 (s.r577) [HTTP_X_FORWARDED_FOR] => 162.211.122.43 [PATH] => /bin:/usr/bin [phpRC] => /home/strawb15/public_html [QUERY_STRING] => [REDIRECT_STATUS] => 200 [REMOTE_ADDR] => 218.203.13.233 [REMOTE_PORT] => 13417 [REQUEST_METHOD] => POST [REQUEST_URI] => /register.php [sCRIPT_FILENAME] => /home/strawb15/public_html/examplesite.com/register.php [sCRIPT_NAME] => /register.php [sERVER_ADDR] => 23.235.206.99 [sERVER_ADMIN] => webmaster@examplesite.com [sERVER_NAME] => www.examplesite.com [sERVER_PORT] => 80 [sERVER_PROTOCOL] => HTTP/1.0 [sERVER_SIGNATURE] => [sERVER_SOFTWARE] => Apache [uNIQUE_ID] => VXgCnBfrzmMAAHvJFtIAAAA3 [php_SELF] => /register.php [REQUEST_TIME_FLOAT] => 1433928348.53 [REQUEST_TIME] => 1433928348 [argv] => Array ( ) [argc] => 0

I must be missing something very basic but I'm stuck after several hrs of trying various solutions to this apparent function re-declaration in my config.inc.php file. Possibly after staring at the code for so long I just can't see it any more. But, I keep getting an error: Cannot redeclare my_error_handler() (previously declared in C:\xampp\htdocs\muztash\config\config.inc.php:64) in C:\xampp\htdocs\muztash\config\config.inc.php on line 91 The error seems to say that the function is being declared twice on the same page. Line 64 is the 1st line of the actual declaration: function my_error_handler($e_number,$e_message,$e_file,$e_line,$e_vars) { Line 91 is the ending } of the declaration. It matches the opening { on line 64 and there are no brace mismatches inside the declaration - which pretty closely follows the example code in the book. I have a couple of other questions but I'll focus on this one first. Thanks to whoever can help me with this.

I just built a website with the tactics in this book. I am looking for a small script to resend the activation link in case someone didn't get it. Any ideas on how I should make it.

I am creating a forum for my site from the example in this book. I want to include a feature to my new forum where people can see the number of views a thread has had. Does anyone have any ideas on how I could code that.

I have my own website that I am trying to install clean search engine friendly urls on. I am doing this for the article page section of my site. I have it working except for a glitch. I am comparing my setup with that of this website and others which use htaccess clean urls. So basically I have my url which is like the following. http://stackoverflow.com/questions/9183130/php-htaccess-apply-page-title-in-url it works when I click on it and everything is fine. but if I take a part of the url like so: http://stackoverflow.com/questions/9183130/php-htaccess-apply-pag and refresh it still works which is ok. but the url doesn't return to the former one, it stays like that, missing part of the title in the url. I can't figure out how to make it revert back to the original url. All pages which seem to use clean urls have it working like that. here is my htaccess rule. and then I will show you the link I am using to link to the page. RewriteEngine On RewriteRule ^article/([0-9]+)/([a-zA-Z]+) article.php?id=$1&title=$2 $punctuation = array('$', '-', ',', '/', '\\', '!', '.', ' ', '*', '&', '?', '%', '\'', '<', '>', '[', ']', '(', ')'); $real_title = str_replace($punctuation, '-', $row5['title']); $real_title = str_replace(' ', '-', $real_title); $real_title = strtolower($real_title); $real_title = mysqli_real_escape_string($dbc, $real_title); <a href="http://www.example.com/article/'.$row5['article_id'].'/'.$real_title.'">'.$row5['title'].'</a>

Right now on my website I created when someone is logged in they can go to the url in the address bar and change the id number associated with the url. for example one page I have is add_image.php?id=4 4 is the id associated with the article. If someone changes the 4 to a 7 for example. Then my page will show the other user's data on my page without them even entering that other person's login info. How do I make sure people can't see other user's data when they change the id number. I am using the scripts from this book. Maybe I missed something. I am using sessions properly as far as I can tell. I really would need some help with this. please give an example of secure code to use. thank you

Hello! I'm doing the appendix test PHP and SQL page and i keep getting a 'object not found' page. The requested URL was not found on this server. Can anyone fill in what i maybe doing wrong here. I checked the spelling it's not that.

I want to get the primary key values of movie and actor table. When i selected values in radio button primary key has been created automatically to the movie and actor table. Now I want to get that primary key value and insert to the movie_actor table. my code connect.php <?php $dbc = mysqli_connect('localhost','root','black98765','db_name') OR die("Cannot connect to MySQL:" . mysqli_connect_error()); //insert into actor table $q = "INSERT INTO actor (name) VALUES ('$actor')"; //insert into movie table $q2 = "INSERT INTO movie (movie_name, release_year) VALUES ('$movie','$year')"; //movie_actor table $q3 = "INSERT INTO movie_actor (movie_no,actor_no,rate) VALUES ('$rate')"; //what value i need to put inside values for movie_no and actor_no? //connect and insert $q $r = mysqli_query($dbc,$q); $r2 = mysqli_query($dbc,$q2); $r3 = mysqli_query($dbc,$q3); if($r && $r2 && $r3){ echo "Inserted Successfully!"; }else{ echo "Failed to Insert Data!"; mysqli_error($dbc); } mysqli_close($dbc); ?> form.php <?php if(isset($_POST['submit'])){ if($_SERVER['REQUEST_METHOD'] == 'POST'){ $error = array(); //choose actor if(!isset($_POST['actor'])){ $error[] = "Please choose of the following actors!"; }else{ $actor = $_POST['actor']; } //choose movie if(!isset($_POST['movie'])){ $error[] = "Please choose of the following movies!"; }else { $movie = $_POST['movie']; } //choose release year if(!isset($_POST['year'])){ $error[] = "Please choose of the following release year!!"; }else{ $year = $_POST['year']; } //choose rate if(!isset($_POST['rate'])){ $error[] = "Please choose of the following rate!"; }else{ $rate = $_POST['rate']; } //if no errors if(empty($error)){ require('connect.php'); }else{ echo "<p>System Error!</p>"; foreach($error as $msg){ echo $msg."<br/>\n"; } } } } ?> <form action="form.php" method="POST"> <p>Select on the following Selections</p> <p><label for="actor">Name of Actor:</label> <input type="radio" name="actor1" value="Jet Li"/>Jet Li <input type="radio" name="actor2" value="Sylvester Stallone"/>Sylvester Stallone <input type="radio" name="actor3" value="Jason Statham"/>Jason Statham</p> <p><label for="movie">Name of Movie:</label> <input type="radio" name="movie1" value="Expendables 3"/>Expendables 3 <input type="radio" name="movie2" value="Rocky"/>Rocky <input type="radio" name="movie3" value="Kiss of the Dragon"/>Kiss of the Dragon</p> <p><label for="movie">Release Year:</label> <input type="radio" name="year1" value="2014"/>2014 <input type="radio" name="year2" value="1976"/>1976 <input type="radio" name="year3" value="2001"/>2001</p> <p><input type="submit" name="submit" value="Insert"/></p> </form>

In the source code and as well as the book you write if (isset($_SESSION['user_id']) && !isset($_SESSION['user_not_expired'])) { echo '<div class="alert"><h4>Expired Account</h4>Thank you for your interest in this content. Unfortunately your account has expired. Please <a href="renew.php">renew your account</a> in order to access site content.</div>'; } elseif (!isset($_SESSION['user_id'])) { echo '<div class="alert">Thank you for your interest in this content. You must be logged in as a registered user to view site content.</div>'; } and it displays the error that the member needs to renew, However I set the date to expire a month out on both my admin and member logins. when I take out the "!" from the second parameter it fixes the problem and the error message goes away. Was the "!" a mistake or am I not doing something correctly? I have been running off of the full scripts download and only tweaking things to sync up with my database. Also after I removed the "!" when I click on a category after it displays no error and I go to a page.php and click back to a category, or click on a different/same category I get the error to renew. Insights would be greatly appreciated.

Hi I am using the footer script provided often in this book. And i am getting the following error from my website's error email log message. ob_end_flush(): failed to delete and flush buffer. No buffer to delete or flushArray Is there something we need to do to prevent from getting this error. I looked online and found one answer, can anyone tell me if this is the correct thing to do for this problem. Or should I take another look at my scripts for errors. if (ob_get_level()>1){ ob_end_flush(); } thank you

I am using the php mail function on my site for user registration, so that the user receives an email confirmation link to click on when he registers. However during testing not every email address receives the confirmation email and sometimes after sending it, I can't send email to that email address anymore, no email gets through. what could be causing it. I am using the php mail function exactly like it says in this book.

I have a client complaining that the php mail form I made is not working. He is not able to retrieve any mail from his web page. As a check, I substituted his email address with two of my own. They each worked as they should though he claims they still aren't reaching him. As I see it, the mail is definitely being sent from the web form page. If they are not getting to him, the only thing I can think of is Outlook is filtering them. Is mail sent from using php "mail" different enough from other mail to cause it to look like spam? Or something nefarious? thanks, for helping Chop

Hello, I have PHP file (file1.php) asking for a date: echo '<form action="charts.php" id="form_chart_date" method="post"> <div id="form_chart_date"> <p>Please select date. </p> <p><input name="date_looking" type="text"> <input type="submit" value="Display data" name="display_chart"></p> </div> </form>'; After submission file1.php handles the process but there is reference to JavaScript file which reads PHP generated JSON file. JavaScript file looks like: (document).ready(function() { var date = "<?php echo json_encode($_POST); ?>"; $.ajax({ data: {date_looking: date}, url: "http://localhost:8888//live_site_local/www/json.php", dataType: "JSON", type: "POST", cache: false, success: function(pieData) { var ctx = $("#chart-area").get(0).getContext("2d"); new Chart(ctx).Pie(pieData); } }); }); If I replace variable date with something like: var date = "2015-01-01"; then everything works ok. It looks like the problem is that I can not pass PHP $_POST array to JavaScript. Here is the line from PHP file (json.php) that generates JSON object. $date_looking = $_POST['date_looking']; Does anyone know what I am doing incorect? Thanks

Hi Larry, Hope your having a good day today as you read this message. I just want to get some advice from you personally. My problem is I really would like to be a good programmer like you larry. But I think that cannot be accomplished easily. I just wanna know what are your strategies when your just starting out as a developer. How many hours you read a book in PHP js or mysql? and how do you know if its time to move in a diff topic like ex. procedural to object oriented. Coz I think I'm having a bad habit of reading a book like, after I read a single book i'll read another book right away then I tend to forget what i've learned in the previous book. So what i usually do is I will try go back to the previous book just to refresh what i've learned. And i'm not sure if I'm doin the correct way to learn. I'm really amazed on you larry bec you know not only 1 programming language. So I just wanna know your strategies on learning. I'm very sorry for my english by the way, and I know your a super busy person. I will really appreciate your reply Larry. And I hope you understand my point. Thank you so much in advance. Regards, Jan

I am building a site from the info in this book. And the post I am writing as you read this has a toolbar at the top that allows me to add bold to text, and other cool options. Where could I get a toolbar like this for my website, so I can add it to form fields.? The main thing I am looking for is adding paragraphs when people type 2 carriage returns on their keyboard. So that the text area form field behaves like as if you are typing in a word processing document. Adding bold to text, italics, and underline would be great too, but as a beginner I can accept if the paragraphs is all I can handle code-wise. I do know some javascript, so if coding it involves that I might be able to. Any ideas on how to go about this would be wonderful!

I am using a live site and the error message shouldn't be displayed on my website but it is. I don't know why. The error message it shows online is Could not connect to MySQL: Access denied for user 'moreaw32_grah2'@'localhost' (using password: YES) . When other errors occur on my site it does not show the detailed message. I don't want it to show the details of my database like my user name which it does show. Here is the line of code in my connection script. $dbc = @mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) OR die ('Could not connect to MySQL: ' . mysqli_connect_error()) What can I do to prevent this.

The select query below returns 1 row when it should be 3. I am pretty sure it is because of the AVG(k.sumtotal) field. If I rewrite the query and take out that AVG(k.sumtotal) column and take out the FROM inv_ratings AS k, I get my 3 rows. I looked online for hours trying to find information about returning results using the AVG clause and didn't find much. Do I have to use a group by clause, I tried that and only get errors. If it is a group by clause please type the exact group by clause to use if you could. thank you. $p = "SELECT i.invention_id, i.inv_title, i.date_submitted, i.category_id, i.approved, c.category_id, c.category, u.image_name, AVG(k.sumtotal) FROM inv_ratings AS k INNER JOIN inventions AS i USING (invention_id) INNER JOIN categories AS c USING (category_id) INNER JOIN images AS u USING (invention_id) WHERE c.category_id = $cat AND i.approved = 'approved' HAVING u.image_name < 2 ORDER BY date_submitted DESC LIMIT $start, $display"; $q = mysqli_query($dbc, $p) or trigger_error("Query: $p\n<br />mysqli Error: " . mysqli_error($dbc));

In the following code would you leave the part in where it says or trigger error and so on, on a live site mysqli_query($dbc, $i) or trigger_error("Query: $i\n<br />mysqli Error: " . mysqli_error($dbc));

I am building a forum from the example in the book, and I am having trouble getting the page numbers to work like they should, right now the thread results don't update when you click on other page numbers, it is always the same query results on every page. Here is some code where I think the problem is, but I can't find it. I would post the whole page's code, but I have done that before and didn't get many helpers for that. The query I am using is $sql = "SELECT t.thread_id, t.subject, u.username, COUNT(p.post_id) - 1 AS responses, MAX(DATE_FORMAT($last, '%e-%b-%y %l:%i %p')) AS last, MIN(DATE_FORMAT($first, '%e-%b-%y %l:%i %p')) AS first, w.forum_id FROM threads AS t INNER JOIN posts AS p USING (thread_id) INNER JOIN forums AS w ON t.forum_id = w.forum_id INNER JOIN users AS u ON t.user_id = u.user_id WHERE w.forum_id=$forumid AND t.lang_id = {$_SESSION['lid']} GROUP BY (p.thread_id) ORDER BY last DESC"; $query = mysqli_query ($dbc, $sql); At the top of my forum.php page I am using this code to identify which forum the threads belong to. if (isset($_GET['id']) && is_numeric($_GET['id'])){ $forumid = $_GET['id']; } elseif (isset($_POST['id']) && is_numeric($_POST['id'])) { $forumid = $_POST['id']; } else { echo '<p class="error">This page has been accessed in error.</p>'; include ('includes/footer.html'); exit(); } Here are the page links, modified to include the forum_id in the url. if ($pages > 1){ echo '<br /><p class="center4">'; $current_page = ($start/$display) + 1; // If it's not the first page, make a Previous button: if ($current_page != 1) { echo '<a href="forum.php?s=' . ($start - $display) . '&p=' . $pages . '&id='.$forumid.'">Previous</a> '; } // Make all the numbered pages: for ($i = 1; $i <= $pages; $i++) { if ($i != $current_page) { echo '<a href="forum.php?s=' . (($display * ($i - 1))) . '&p=' . $pages . '&id='.$forumid.'">' . $i . '</a> '; } else { echo $i . ' '; } } // End of FOR loop. // If it's not the last page, make a Next button: if ($current_page != $pages) { echo '<a href="forum.php?s=' . ($start + $display) . '&p=' . $pages . '&id='.$forumid.'">Next</a>'; } echo '</p>'; // Close the paragraph. } // End of links section. thanks for taking a look.