Errata

The paragraph says "If there is any PHP code in a web page, it's a good idea to name the file on the web server with .php, not .html". Actually, it is usually required to name it .php to tell the server to parse a script. .html pages will mostly not get parsed and will return the source code of the php script instead.

In the the bubble next to sally@gregs-list.net it says that a SQL statements does not end in a semicolon when used in PHP code. However, in the PHP code in the example that follows, the $query variable that is assigned from the INSERT INTO statement ends in a semicolon. Also, when entering the code into the MYSQL terminal, the semicolon is also required. I was confused by the bubble box statement.

<?php


$dbc = msqli_connect ('localhost','elmer','theking','elvis_store')
or die ('unable to connect'); //the semicolon was missing here
I must admit I didn't even saw it until I compaired my code with the one in the book ;-)


?>

The text indicates that we want to require input to both the subject and the text fields. The 2nd IF statement only outputs an error message if both fields are blank. The IF statement should use an OR, not an AND.

$_POST['elvismail'] is assigned to the variable $text, but the validation logic statements use the variable $body.

Continuation of the same problem on page 171. If you use the logic in the book as is, then if subject is blank and text is filled in, no email will be sent and no error message will be given. Same thing if subject is filled in and the text field is blank.

The same logic error as on 171 and 172.

You are missing the echo statement below the following statement:

// We know both $subject AND $text are blank"

The echo statement should be:

echo 'You forgot the email subject and body text.<br />';

"Just make sure the 'submit' matches up with the id attribute of the Submit button in the form code." should say "Just make sure the 'submit' matches up with the name attribute of the Submit button in the form code."

I tried using the id attribute instead of the name attribute, and it did not work.

The first line of the comment is incorrect:

We check the value of $_POST"submit']

The line should be:

We check the value of $_POST['submit']

Sample code's textarea tag is indented <?php echo $text; ?> on next line, but doing so caused whitespace to be inserted in form's textarea on initial page load. If no body text is entered in the form, the spaces in the textarea still cause the $text variable to be "not empty" and the email is able to be sent despite the user not having entered any text there.

Removing the indentation got rid of the spaces and enable the validation to work properly again.

The comment:

After entering a name and score and clicking Add, the new score is confirmed and added to the guitarwars table in the database.

This should be changed to:

After entering a name and score and clicking Add, the new score is added to the guitarwars table in the database.

The new score at this point of the coding only gets added to the database, it DOES NOT GET CONFIRMED AND ADDED. The confirmation is performed by the Administrator at a later time by accessing the Admin page.

sql statement is incorrect uses DESCRIBE email_list; should be DESCRIBE guitarwars;

Before creating the table, you have to either create a new database, or decide to add the table to an existing database. Then you have to issue the USE statement; then you can run the CREATE TABLE and INSERT statements.

"With a new column added to the high score database,"?? The database is named "gwdb" and the table is named "guitarwars." I think it should say "With a new column added to the guitarwars table,"

This line:

.....bytes is 1.22MB, or 1,250KB).

Should be replaced by:

.....bytes is 1.28MB, or 1,280KB).

Looks like we are testing for 4 error conditions, but only displaying a message for 3 of them.
The "if ($_FILES['screenshot']['error'] == 0 {" does not display an error if there was an upload problem, you just fall out and nothing happens.
The code that sounds like the right message for this condition is run if there is an error moving the uploaded file from the temp directory to the target. I think we need an appropriate message for this condition. Then by rearranging the '}' we can have the proper message for the upload error statement.

The following line:

.....(GW_MAXFILESIZE / 1024) . ' KB in size.</p>';

Should be changed to:

(GW_MAXFILESIZE / 32) . ' KB in size.</p>';

Passwords should always be encyrpted becosue pepole don't use diffrent passwords on separate sites. On page 301 it gives the developers the idea that passwrods should at any time be unencrypted. This is not a good idea becosue pepole use their password in more places then one.

Not only that it is not that hard to do encryption on passwords.

The login.php code starts with getting an include file:
<?php
require_once('connectvars.php');
.....
However, this is just before the header authentication code.
I received an error message:
PHP Warning: Cannot modify header information - headers already sent by (output started at ............/ch7/connectvars.php:1)

Obviously the page is sending a header before the authentication header. So moving the include file line to just after the header but before the database connection resolves the issue.

When conducting the "Test Drive" and adding a image i was getting an error stating "Notice: Undefined index: file ...editprofile.php line 60"
the error on this line looked something like this:
if ($_FILES['file']['error'] == 0) {

Corrected like this and the error goes away:
if ($_FILES['new_picture']['error'] == 0) {

In the script which generates the mismatch_topic table it looks like there are some typos in category labels:

Specifically for:

1. Bill Gates
2. Easy Listening Music

The $query in the book and in the download code is: "SELECT topic_id FROM mismatch_topic ORDER BY category_id, topic_id"

The $query should actually read: "SELECT topic_id FROM mismatch_topic ORDER BY category, topic_id"

Basically, category_id should be replaced with category. Also shown on pages 448 and 456.

the second query reads "SELECT topic_id FROM mismatch_topic ORDER BY category_id, topic_id";


category_id DOES NOT EXIST YET

It is still category

On page 492, "The text response('2' for example) is cast to an integer(2) so that it can be added and compared. In both the code supplied for page 493 and the final code, the int() cast is missing:

if ($user_responses[$i]['response'] + $mismatch_responses[$i]['response'] == 3) {
$score += 1;

The code in this page and the downloaded file does not work correctly unless you also check in the "for" loop if the variable
$mismatch_responses is not empty. If one or more users did not answer any of the questions, a message would be printed on the screen.

Just like this:

"Notice: Undefined offset: 0 in E:\xampp\htdocs\mismatch\mymismatchoriginal.php on line 60"

ORIGINAL CODE

for ($i = 0; $i < count($user_responses); $i++) {
if ($user_responses[$i]['response'] + $mismatch_responses[$i]['response'] == 3) {
$score += 1;
array_push($topics, $user_responses[$i]['topic_name']);
}
}

SUGGESTED MODIFIED CODE

for ($i = 0; $i < count($user_responses) && !empty($mismatch_responses); $i++) {
if ($user_responses[$i]['response'] + $mismatch_responses[$i]['response'] == 3) {
$score += 1;
array_push($topics, $user_responses[$i]['topic_name']);
}
}

In the magnet exercise solution, it only shows "Human Cannonball" and "Team Mascot" being a match for LIKE '%ma%'; however, since the LIKE term is case insensitive and % matches on anything INCLUDING nothing, it should also list "Matador" as a match.

It looks like one of the magnets is missing for 'c%' (the magnet for Crash Test Dummy)

The comment in that section states that the data is in MM-DD-YYYY format, but it's not. It's YYYY-MM-DD.

You may also want to expand the text stating that storing dates in ISO8601 format is:

1) Unambiguous across various date/time standards throughout the world. Europeans use DD-MM-YYYY, USA uses MM-DD-YYYY, so what date is 03-04-2011? Is it March 4th, or is it April 3rd?

2) It allows for easy sorting.

In the queries the actual column name created by the script is "title" yet in the answers it is written as "job_title".

When I take the test drive, I get an error "Notice: Undefined index: sort in C:\Inetpub\wwwroot\hfphp\ch09\riskyjobs\search.php on line 109.

I changed the code from
"$sort = $_GET['sort'];"

to

"isset($_GET['sort']) ? $sort = $_GET['sort'] : $sort = '';"

I got the same error when I ran the code I downloaded from your site.

The last line of the page says, "For example, here's how you get rows 11 through 25, which would be the third page of the results:". The '25' should be replaced with a '15'.

Hi, me again.

I noticed this earlier than was likely mentioned in the book, but the same error occurs in the downloaded code.

The line 144 in search.php is:
$sort = $_GET['sort'];

But the first sort will not have this variable sent in the GET so it shows an error:

Notice: Undefined index: sort in D:\wamp\www\search.php on line 141

I fixed it as you did with the page GET variable.

$sort = isset($_GET['sort']) ? $_GET['sort'] : '';

When you do a less than sign or greater than sign in HTML it should probably be done with &gt; or &lt; rather than the direct symbol since the '>' is used to do the markup.

Write a regular expression that matches international phone numbers:

Maybe this should actually read "matches U.S. phone numbers."

On page 582 is a regex made and used in the further pages, it contains an error...

/^\(?[2-9]\d{2}\)?[-\s]\d{3}[-\s]\d{4}$/
is what it should be, the regex mentioned (also in the files!!!!) is
/^\(?[2-9]\d{2}\)?[-\s]\d{3}-\d{4}$/
(mind the dash in the used regex, this makes the use of a space here impossible)

Similar to error on 552. The registration form attempts to pre-populate the input fields with variables based on the $_POST data. The first time the script is run these variables do not exist and each field shows a php "Undefined variable" error.

Each field could use a ternary input such as
echo isset($first_name) ? $first_name : '';

In the sample regex, the question mark is not escaped. According to the text on page 580 a question mark must be escaped because it is a reserved character.

Also, in many places in the book hyphens (dashes) are escaped even though they are not included in the list on page 580 of characters that must be escaped.

Escaping characters that do not require it is in most cases OK but it is not advised according to my research, as one may inadvertently change a character into a metacharacter by escaping it.

I think we need to add a caret to the beginning of the regular expression which checks for the valid local part of the email address.

The description of the imagefilledellipse points to parameters 2 and 3 as width and height, and parameters 4 and 5 as x and y coordinates. It seems as though they are reversed. Parameters 2 and 3 should represent the x and y coordinates and parameters 4 and 5 should represent the width and height.

Line 49 of index.php has $row[last_name], should be $row['last_name'].

The book suggests to go to the www.libgd.org website to obtain the php_gd2.dll file. It seems that this is no longer the case or there is now an easier method.

I have installed Apache 2.2.15 and PHP 5.2.13 (using the windows installer provided on the PHP website). If you have installed these versions using the installer, then to add the php_gd2.dll extension, you must to to Control Panel -> Add or Remove Programs and select "PHP" and press the "Change" button. Press Next, then press "Change" again, press Next two more times, and enable the "GD2" extension.