Search the Community

First I just want to thank Larry for explaining PHP in a method I could understand. From reading his book in three days I went from a barely functioning site with security holes to a improved, stable site. If your interested in seeing it, its here, http://medieval.name I did have one issue, that is with using a sort feature. I use the template from Chapter 10. Setting the sort variable, setting up the switch, adding $order_by to the query, adding sort to the pagination. The sort works, but it sorts all data, not limiting itself to the data from the query. Im sure Im missing something obvious. The following is the only editing I did, // Default is by registration date. $sort = (isset($_GET['sort'])) ? $_GET['sort'] : 'te'; // Determine the sorting order: switch ($sort) { case 'te': $order_by = 'term ASC'; break; case 'ct': $order_by = 'category ASC'; break; case 'pl': $order_by = 'place ASC'; break; default: $order_by = 'term ASC'; $sort = 'te'; break; } echo ' <a href="search_results.php?sort=te">Term</a> <a href="search_results.php?sort=ct">Category</a> <a href="search_results.php?sort=pl">place</a> '; Suggestions are welcome.

I have a quick question about chapter 10, script 10.1 view_users.php; I updated the view_users.php via the script 10.1, when I executed the script, the Labels did not line up properly; Last Name, First Name, Registration Date is not in the appropriate place, they are to the far left, right below Edit. I have not made any changes to the script or to the css that I have downloaded from this site. The last view_users was visually correct and so is the home page. I am not sure why these labels are out of place and unsure of how to correct them. The books say to align to the left but I believe that is referring to inside of its header. Edit & Delete are in their respectable places. <?php # script 9.6 - view_users.php // This script retrieves all the records from the users table $page_title = 'View the Current Users'; include ('include/header.html'); // Page header echo '<h1>Registered Users<h1>'; require ('mysqli_connect.php'); // connect to database // DEFINE the query Make the query: /* original script below $q = "SELECT CONCAT(last_name, ', ', first_name) AS name, DATE_FORMAT(time, '%M %d, %Y') AS dr FROM users_info ORDER BY time ASC"; */ // make/define the query $q = "SELECT last_name, first_name, DATE_FORMAT(time, '%M %d, %Y') AS dr, user_id FROM users_info ORDER BY time ASC"; $r = @mysqli_query ($dbc, $q); // Run the query $num = mysqli_num_rows($r); if ($num > 0) { // If it ran OK, display the records. echo "<p>There are currently $num registered users</p>\n"; // Table header echo '<table align="center" cellspacing="3" cellpadding="3" width="75%"> <tr> <td align="left"><b>Edit</b></td> <td align="left"><b>Delete</b></td></tr> <td align="left"><b>Last Name</b></td></tr> <td align="left"><b>First Name</b></td></tr> <td align="left"><b>Date Registered</b></td> </tr> '; // Fetch and print all the records: while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) { echo '<tr> <td align="left"><a href="edit_user.php?id=' . $row['user_id'] . '">Edit</a></td> <td align="left"><a href="delete_user.php?id=' . $row['user_id'] . '">Delete</a></td> <td align="left">' . $row['last_name'] . '</td> <td align="left">' . $row['first_name'] . '</td> <td align="left">' . $row['dr'] . '</td> </tr> '; } echo '</table>'; // Close the table mysqli_free_result ($r); // Free up the resources. } else { // If no records were returned // public message: echo '<p class="error">There are currently no registered users. Step yo game up!</p>'; //Debugging message: // echo '<p>' . mysqli_error($dbc) . '<br /><br />Query: ' . $q . '</p>'; } // End of if ($r) IF. mysqli_close($dbc); // close the data connection. include ('include/footer.html'); ?> Thank you

Hi, In chapter 10,script 10.3 Upload_Image. I get the message The file has been uploaded! even when I can't see the file in the 'uploads' folder I added to the website. If I replace ../uploads/ with ../htdocs/ in the script the image appears in the website 'htdocs' folder - great, at least the script is working as expected there. I can create folders alongside the htdocs one in my webspace but I can't change the properties of them - although they all seem to have the same (htdocs and uploads for example). My web host is Fasthosts. I see on the forum there have been similar questions, but with no conclusions. I suspect this is more of a web host issue than a php one, but it would be nice to know for sure and if there is a way round it. Thanks. Chris

Hi All, I'm currently working in Chapter 10 with the delete user script. I have followed the code in the book as itis but when I click "delete" from the view users page I keep getting "this page has been accessed in error". The only difference that I can see in my code and the book's is that my script is called "delete.php" and the book's is "delete.php". I have changed the name in the script to be correct. Also in the book the DB is named "users" but mine is called "user". The DB connection works fine as I can see my list of registered users. When I land on the delete a user page I can see my header and the <h2> tag "Delete a user" and my footer but no form to actually delete the user. My code is below. I'm probably doing something really stupid but any help would be great. thanks, Tony. <?php # Script 10.2 - delete.php $page_title = 'Delete a User'; include ('_include/header.php'); echo '<h2>Delete a User</h2>'; // Check for a valid user ID, through GET or POST: if ( (isset($_GET['id'])) && (is_numeric($_GET['id'])) ) { // From view_users.php $id = $_GET['id']; } elseif ( (isset($_POST['id'])) && (is_numeric($_POST['id'])) ) { // Form submission. $id = $_POST['id']; } else { // No valid ID, kill the script. echo '<p class="error">This page has been accessed in error.</p>'; include ('_include/footer.php'); exit(); } require_once ('../../mysqli_connect.php'); // Check if the form has been submitted: if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($_POST['sure'] == 'Yes') { // Delete the record. // Make the query: $q = "DELETE FROM user WHERE user_id=$id LIMIT 1"; $r = @mysqli_query ($dbc, $q); if (mysqli_affected_rows($dbc) == 1) { // If it ran OK. // Print a message: echo '<p>The user has been deleted.</p>'; } else { // If the query did not run OK. echo '<p class="error">The user could not be deleted due to a system error.</p>'; // Public message. echo '<p>' . mysqli_error($dbc) . '<br />Query: ' . $q . '</p>'; // Debugging message. } } else { // No confirmation of deletion. echo '<p>The user has NOT been deleted.</p>'; } } else { // Show the form. // Retrieve the user's information: $q = "SELECT CONCAT(last_name, ', ', first_name) FROM users WHERE user_id=$id"; $r = @mysqli_query ($dbc, $q); if (mysqli_num_rows($r) == 1) { // Valid user ID, show the form. // Get the user's information: $row = mysqli_fetch_array ($r, MYSQLI_NUM); // Display the record being deleted: echo "<h3>Name: $row[0]</h3> Are you sure you want to delete this user?"; // Create the form: echo '<form action="delete.php" method="post"> <input type="radio" name="sure" value="Yes" /> Yes <input type="radio" name="sure" value="No" checked="checked" /> No <input type="submit" name="submit" value="Submit" /> <input type="hidden" name="id" value="' . $id . '" /> </form>'; } else { // Not a valid user ID. echo '<p class="error">This page has been accessed in error.</p>'; } } // End of the main submission conditional. mysqli_close($dbc); include ('_include/footer.php'); ?>

Hello. I want to do the exercises at the end of chapter 10 but I need help. If any one can help that would be greatly appreciated. Here is the code and I have commented in what needs to happen according to the book's exercises: Change the delete and edit user pages so that they display the user being affected in the title bar of your browser window.<?php # Script 10.2 - delete_user.php // This page is for deleting a user record. // This page is accessed through view_users.php. $page_title = 'Delete a User'; include ('includes/header.html'); echo '<h1>Delete a User</h1>'; // Check for a valid user ID, through GET or POST: if ( (isset($_GET['id'])) && (is_numeric($_GET['id'])) ) { // From view_users.php $id = $_GET['id']; } elseif ( (isset($_POST['id'])) && (is_numeric($_POST['id'])) ) { // Form submission. $id = $_POST['id']; } else { // No valid ID, kill the script. echo '<p class="error">This page has been accessed in error.</p>'; include ('includes/footer.html'); exit(); } require ('../mysqli_connect.php'); // Check if the form has been submitted: if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($_POST['sure'] == 'Yes') { // Delete the record. // Make the query: $q = "DELETE FROM users WHERE user_id=$id LIMIT 1"; $r = @mysqli_query ($dbc, $q); if (mysqli_affected_rows($dbc) == 1) { // If it ran OK. // Print a message: echo '<p>The user has been deleted.</p>'; } else { // If the query did not run OK. echo '<p class="error">The user could not be deleted due to a system error.</p>'; // Public message. echo '<p>' . mysqli_error($dbc) . '<br />Query: ' . $q . '</p>'; // Debugging message. } } else { // No confirmation of deletion. echo '<p>The user has NOT been deleted.</p>'; } } else { // Show the form. // Retrieve the user's information: $q = "SELECT CONCAT(last_name, ', ', first_name) FROM users WHERE user_id=$id"; $r = @mysqli_query ($dbc, $q); if (mysqli_num_rows($r) == 1) { // Valid user ID, show the form. // Get the user's information: $row = mysqli_fetch_array ($r, MYSQLI_NUM); // Display the record being deleted: echo "<h3>Name: $row[0]</h3> Are you sure you want to delete this user?"; // Create the form: echo '<form action="delete_user.php" method="post"> <input type="radio" name="sure" value="Yes" /> Yes <input type="radio" name="sure" value="No" checked="checked" /> No <input type="submit" name="submit" value="Submit" /> <input type="hidden" name="id" value="' . $id . '" /> </form>'; } else { // Not a valid user ID. echo '<p class="error">This page has been accessed in error.</p>'; } } // End of the main submission conditional. mysqli_close($dbc); include ('includes/footer.html'); /*This is what needs to happen: Change the delete and edit user pages so that they display the user being affected in the title bar of your browser window. Modify edit_user.php so that you can also change a user's password (remember to SHA the password for storage in the database). */ ?> <?php # Script 10.3 - edit_user.php // This page is for editing a user record. // This page is accessed through view_users.php. $page_title = 'Edit a User'; include ('includes/header.html'); echo '<h1>Edit a User</h1>'; // Check for a valid user ID, through GET or POST: if ( (isset($_GET['id'])) && (is_numeric($_GET['id'])) ) { // From view_users.php $id = $_GET['id']; } elseif ( (isset($_POST['id'])) && (is_numeric($_POST['id'])) ) { // Form submission. $id = $_POST['id']; } else { // No valid ID, kill the script. echo '<p class="error">This page has been accessed in error.</p>'; include ('includes/footer.html'); exit(); } require ('../mysqli_connect.php'); // Check if the form has been submitted: if ($_SERVER['REQUEST_METHOD'] == 'POST') { $errors = array(); // Check for a first name: if (empty($_POST['first_name'])) { $errors[] = 'You forgot to enter your first name.'; } else { $fn = mysqli_real_escape_string($dbc, trim($_POST['first_name'])); } // Check for a last name: if (empty($_POST['last_name'])) { $errors[] = 'You forgot to enter your last name.'; } else { $ln = mysqli_real_escape_string($dbc, trim($_POST['last_name'])); } // Check for an email address: if (empty($_POST['email'])) { $errors[] = 'You forgot to enter your email address.'; } else { $e = mysqli_real_escape_string($dbc, trim($_POST['email'])); } if (empty($errors)) { // If everything's OK. // Test for unique email address: $q = "SELECT user_id FROM users WHERE email='$e' AND user_id != $id"; $r = @mysqli_query($dbc, $q); if (mysqli_num_rows($r) == 0) { // Make the query: $q = "UPDATE users SET first_name='$fn', last_name='$ln', email='$e' WHERE user_id=$id LIMIT 1"; $r = @mysqli_query ($dbc, $q); if (mysqli_affected_rows($dbc) == 1) { // If it ran OK. // Print a message: echo '<p>The user has been edited.</p>'; } else { // If it did not run OK. echo '<p class="error">The user could not be edited due to a system error. We apologize for any inconvenience.</p>'; // Public message. echo '<p>' . mysqli_error($dbc) . '<br />Query: ' . $q . '</p>'; // Debugging message. } } else { // Already registered. echo '<p class="error">The email address has already been registered.</p>'; } } else { // Report the errors. echo '<p class="error">The following error(s) occurred:<br />'; foreach ($errors as $msg) { // Print each error. echo " - $msg<br />\n"; } echo '</p><p>Please try again.</p>'; } // End of if (empty($errors)) IF. } // End of submit conditional. // Always show the form... // Retrieve the user's information: $q = "SELECT first_name, last_name, email FROM users WHERE user_id=$id"; $r = @mysqli_query ($dbc, $q); if (mysqli_num_rows($r) == 1) { // Valid user ID, show the form. // Get the user's information: $row = mysqli_fetch_array ($r, MYSQLI_NUM); // Create the form: echo '<form action="edit_user.php" method="post"> <p>First Name: <input type="text" name="first_name" size="15" maxlength="15" value="' . $row[0] . '" /></p> <p>Last Name: <input type="text" name="last_name" size="15" maxlength="30" value="' . $row[1] . '" /></p> <p>Email Address: <input type="text" name="email" size="20" maxlength="60" value="' . $row[2] . '" /> </p> <p><input type="submit" name="submit" value="Submit" /></p> <input type="hidden" name="id" value="' . $id . '" /> </form>'; } else { // Not a valid user ID. echo '<p class="error">This page has been accessed in error.</p>'; } mysqli_close($dbc); include ('includes/footer.html'); /*This is what needs to happen: Change the delete and edit user pages so that they display the user being affected in the title bar of your browser window. Modify edit_user.php so that you can also change a user's password (remember to SHA the password for storage in the database). */ ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"/> <title>Cost Calculator</title> </head> <body> <?php // Script 10.4 - calculator.php /* this script displays and handles an HTML form. It uses a function to calculate a total from a quantity and price. */ //this function returns the calculations function calculate_total ($quantity, $price) { $total = $quantity * $price; //calculation $total = number_format ($total, 2); //formatting return $total; //return the value. } //end of calculate_total() function //check for form submisstion if ($_SERVER['REQUEST_METHOD'] == 'POST') { //form validation if (is_numeric($_POST['quantity']) && is_numeric($_POST['price'])) { //call the function and print the results $total = calculate_total($_POST['quantity'], $_POST['price']); print "<p>Your total comes to $<span style=\"font-weight: bold;\">$total.</span></p>"; } else { print '<p style="color: red;">Please make sure to enter only numbers into the calculator.</p>'; } // end of form validation } // end of if checking form has been submitted. ?> <form action="calculator.php" method="POST"> <p>Quantity: <input type="text" name="quantity" size="3" /></p> <p>Price: <input type="text" name="price" size="3" /></p> <p><input type="submit" name="submit" value="Calculate!" /></p> </body> </html> Are variables located inside of functions separate from variables located outside of functions? For example in the above code, the calculate_total() function returns the variable $total. But later on in the script, I assign $total to this: $total = calculate_total($_POST['quantity'], $_POST['price']); By doing that am I overwriting the $total variable? My guess is that the answer is no, because I tried changing the $total variable to something different, for example to $sum, like this: //call the function and print the results $sum = calculate_total($_POST['quantity'], $_POST['price']); print "<p>Your total comes to $<span style=\"font-weight: bold;\">$sum.</span></p>"; and the function still worked properly. I was just looking for a little clarification on this. Thanks. Tim

I am just starting Chapter 10 Pursue #4 now and am still brain storming. Just curious what others came up with? BTW Purse #4 reads: come up with an idea for, create, and use your own custom function. Tim