Hi guys
Im fairly new to php but I have a little exerience,

I have been reading PHP5 and Mysql bible from wiley and hoping one of you guys have the same book or can point me to a similar resource.

Ok so far the book is great and i can understand most of it but this has me a little confused with the user authentication part,
On page 828 on the second line down it reads

if ($submit == 'Mail confirmaion'){

now as i understand this will perform said action between {} if this case is true however i cant seem to find any other reference to this varible in any of the sample code so whats it doing there? from what i ca see $submit will always be false. so why have it there???

this is in a user registration form and i would expect maybe this to be used to tell the script to process the users data once the form has been submitted instead of displaying the form again.

The only thing i can see is this

at the end of the page the last form object is the submit button

<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Mail confirmaton">

so i would assume that at the beginning the posted value of "submit" should be assigned to variable $submit

ie $submit = $_POST['submit'];

then
if ($submit == 'Mail confirmation') {process the details}

else {show the form}

if anyone can explain id be greatful

Thanks
Matt

That is just looking to see if the submit button has been presses and since the value of the submit button is "Mail confirmation" then $POST['submit'] would in fact be true so basically that condition wil not be met or executed until the user has pressed the submit button of the form somewhere in the code $submit should be set to $POST['submit'] and if you look real hard you will probably see it.

lol ok i've read these pages so many times now i have a headache lol im really thinking maybe theres a printing error! as i have been lead to believe the way to do it is indeed how you just said. However im now going to read it yet again line for line with a ruler just incase but im 99.9% certain $submit = $_POST['submit']; is not in there anywhere. I've also since noticed that the sample cod ethat you can download fron Wileys website is not available for this chapter!

Ok i'll read now and post back in a moment

Heh.. unless they're assuming register_globals to be enabled, in which case $POST['submit'] can be reference as $submit.... so you wouldn't see the following line:
$submit = $POST['submit']

Since I don't have the book, i can't be certain. If it's in fact a php 5 book, then shame on them, and write to Wiley about a book that uses deprecated or disabled features in their code. Register globals was a security risk, and has been deemed unnecessary by the majority of the PHP group and will not show up in v6, and is not enabled v5.

The simple solution: change $submit to $_POST['submit'].....

ok I've read it for the last time and i am 100% certain the line $submit = $_POST['submit']; does not appear anywhere in the code so I'm going to say its a printing error in the book. Especially as you have confirmed as i though that this line should be there somewhere.

I'll have a go at putting the code into practice tomorrow and maybe drop Wiley an email.

Thanks

Matt

Hi
having read this and a couple of other posts on the matter I think I will write to them

as about 4 pages before they print this code there is a big heading under "Avoiding Common Security Issues" in huge bold type that reads "Turn off register_globals" and ye sit is the php5 book they released in the beginning of 2004

bpat1434 wrote:

Heh.. unless they're assuming register_globals to be enabled, in which case $POST['submit'] can be reference as $submit.... so you wouldn't see the following line:
$submit = $POST['submit']

Since I don't have the book, i can't be certain. If it's in fact a php 5 book, then shame on them, and write to Wiley about a book that uses deprecated or disabled features in their code. Register globals was a security risk, and has been deemed unnecessary by the majority of the PHP group and will not show up in v6, and is not enabled v5.

The simple solution: change $submit to $_POST['submit'].....

I think this is just a typo. If you go to the books website and download the code archive and look for chapter 44 you will find the code for register.php and right at the top it has:

($_POST['submit'] == 'Mail confirmation')

Blu.

hi where abouts are you downloading this code form as i have downloaded the archive from the website specified in the book and chapter 44 along with a few others are missing

I downloaded form
http://eu.wiley.com/WileyCDA/WileyAncillary/productCd-0764557467,typeCd-DOWNLOAD.html

Matt

lol ok i got it now :-(

i should read more carefully as there are two addresses listed on the page you mention,
I was downloading from www.wiley.com/compbooks/converse which seems to be missing some chapters

the on at www.troutworks.com/phpbook is however complete!

Thanks guys

You are welcome.

sorry one last thing

I have noticed that in the book and the code i downloaded they have stored the database conection details in a file called db_vars.inc

this file includes the username / password etc for the database

now if i upload this file then point my browser to www.mysite.com/db_vars.inc it just loads right up in my browser like a text file allowing me to see the contents of pasword / username please correct me if im wrong but shouldnt this file have a .php extension so the contents wont be displayed if the file is loaded directly or am i missing something??

and if this is the case what are they playing at!!

i know its probably unlikely that anybody would guess the file name but its still surely not as secure

Do you have a webserver with PHP on your local machine?

Houdini wrote:

Do you have a webserver with PHP on your local machine?

I do but i tested this by uploading their file to my normal web host. Maybe my host should be processing .inc files the same as .php?

For what its worth (probably not very much ) I call all my include files that contain variables I will want to use later with a .php extension.

I've also seen people call files connect.inc.php which I guess some folk might find useful.

Blu