Strider64

I just notice these errors, there are probably more: // You have this <form action="sqltest.php" method"post"> // Should be this <form action="sqltest.php" method="post"> // You have this <input type="submit" value="ADD RECORD" /> // Should be this <input type="submit" name="submit" value="ADD RECORD" />

magic quotes, run for the hills.....

// Password must be strong if(preg_match("/^.*(?=.{8,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).*$/", $pass) === 0) $errPass = '<p class="errText">Password must be at least 8 characters and must contain at least one lower case letter, one upper case letter and one digit</p>'; } I find trying to get one RegEx to work one at a time works better, also don't hash your password until checking it .

My question is why are you using global variables? That to me defeats using OOP a little bit.

I found a book "PHP Advanced and Object-Oriented Programming" by Larry Ullman (Third Edition...though the Fourth Edition might be out now). This is the first book that OOP started making sense to me and he teaches you how to do a CMS using MVC (though he says MVC isn't technically a design pattern), though as he calls it a light form of MVC. I usually don't recommend books for I have come across some clunkers or they were way over my head, but not with this book. I'm still learning new things about OOP and still consider myself a newbie compared to others (specially ones who post here), though I find can look at OOP and understand what they are trying to do (In some cases what not to do. )

reportview.php <?php if (isset($_POST['submit']) && $_POST['submit'] == 'submit') { $redirectToPage = htmlspecialchars($_POST['report']); //Sanitize user's input header("Location: " . $redirectToPage); exit; } ?> <!DOCTYPE HTML> <html> <head> <meta charset="utf-8"> <title>Reports Tutorial</title> <style> #basic { background-color: #efefef; border: 2px solid #000; color: red; font-family: "Palatino Linotype", "Book Antiqua", Palatino, serif; font-size: 16px; font-weight: bold; padding: 10px; } #basic option { background-color: #666; color: #fff; padding: 5px 5px 0; } #basic:hover, #basic option:hover { background: #ccc; } </style> </head> <body> <form action="reportview.php" method="post"> <select id="basic" name="report"> <option selected="selected" value="reportbyplatform.php">Please select your report:</option> <option value="reportbyplatform.php">Platform</option> <option value="reportbyplaylists.php">Playlist</option> <option value="reportbybuild.php">Build</option> </select> <input type="submit" name="submit" value="submit"> </form> </body> </html>

In my opinion you don't need to save the image path for you already know the path, just store the image name. All you really need to do is something like: $this->uniqueName = 'img-' . $this->uniqueName . '.' . $this->imageExt; // If no errors move the image to the upload directory: if (!$this->imageError) { move_uploaded_file($this->imageTemp, 'upload/' . $this->uniqueName); return 'upload/' . $this->uniqueName; } I store the image name without the path in a separate table and give it an unique name (you can even re-size and give it a specific image type at this time if you want). There are scripts for the .htaccess to limit users what they can access to that folder and that is something you should do, for no matter what you do in php it can be easily defeated by a script kiddy.

First, connecting to a database by using an include files is just silly when one can do something like this: <?php # PDO database: only one connection is allowed. class Database { private $_connection; // Store the single instance. private static $_instance; // Get an instance of the Database. // @return Database: public static function getInstance() { if (!self::$_instance) { self::$_instance = new self(); } return self::$_instance; } // Constructor - Build the PDO Connection: public function __construct() { $db_options = array( PDO::ATTR_EMULATE_PREPARES => false // important! use actual prepared statements (default: emulate prepared statements) , PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION // throw exceptions on errors (default: stay silent) , PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC // fetch associative arrays (default: mixed arrays) ); $this->_connection = new PDO('mysql:host=localhost;dbname=cms;charset=utf8', 'username', 'password', $db_options); } // Empty clone magic method to prevent duplication: private function __clone() {} // Get the PDO connection: public function getConnection() { return $this->_connection; } } You could do something like this for a mysqli type of connection: Then you can autoload your class(es) in an include file (utilities.inc.php for example) that you would put at the top of you php file (index.php for example). // Autoload classes from "classes" directory: function class_loader($class) { require('classes/' . $class . '.php'); } spl_autoload_register('class_loader'); I would suggest reading an book on PHP Object-Oriented Programming (a recent version). Oh, to connect you would do something like: // Connect to Database: $db = Database::getInstance(); // Actually it's an instance of a class, it's just worded badly. $pdo = $db->getConnection();

<?php class MyCalculator { private $numberOne = NULL; private $numberTwo = NULL; private $operator; private $result; private $operators = array('+', '-', '*', '/'); public function getNumberOne() { return $this->numberOne; } public function setNumberOne($numberOne) { $this->numberOne = $numberOne; } public function getNumberTwo() { return $this->numberTwo; } public function setNumberTwo($numberTwo) { $this->numberTwo = $numberTwo; } public function getOperator() { return $this->operator; } public function setOperator($operator) { $this->operator = $operator; } public function calculate() { if (isset($this->numberOne) && isset($this->numberTwo)) { if (isset($this->operator) && in_array($this->operator, $this->operators)) { switch ($this->operator) { case '+' : $this->result = $this->numberOne + $this->numberTwo; break; case '-' : $this->result = $this->numberOne - $this->numberTwo; break; case '*' : $this->result = $this->numberOne * $this->numberTwo; break; case '/' : $this->result = $this->numberOne / $this->numberTwo; break; } return $this->result; } } } } $calc = new MyCalculator(); if (isset($_POST['action']) && $_POST['action'] == 'calculate') { $calc->setNumberOne($_POST['value1']); $calc->setOperator($_POST['operator']); $calc->setNumberTwo($_POST['value2']); $result = $calc->getNumberOne() . ' ' . $calc->getOperator() . ' ' . $calc->getNumberTwo() . ' = ' . $calc->calculate(); } ?> <form action="my_calculator.php" method="post" > <input type="hidden" name="action" value="calculate" /> Value 1 <input type="text" name="value1" size="6" /> <select id="basic" name="operator"> <option selected="selected" value="+">Please Select Operator</option> <option value="+">+</option> <option value="-">-</option> <option value="*">*</option> <option value="/">/</option> </select> Value 2 <input type="text" name="value2" size="6"/> <input type="submit" value="EQUALS"> </form> <h3><?php echo (isset($result)) ? $result : "Example: 2 + 2 = 4"; ?></h3> I was goofing around with this and I know I could had used a constructor, but I decided to use traditional setters and getters. I was basically just trying to refresh my memory on them and decided to use this for doing so. This is far from perfect, but like I said I was just goofing around.

Your not returning anything, you're sorting a multidimensional array. The following works perfectly fine: <?php $students = array( 256 => array('name' => 'Jon', 'score' => 98.5), 2 => array('name' => 'Vance', 'score' => 85.1), 9 => array('name' => 'Stephen', 'score' => 94.0), 364 => array('name' => 'Steve', 'score' => 85.1), 68 => array('name' => 'Rob', 'score' => 74.6) ); function score_sort($x, $y) { return ($x['score'] < $y['score']); } // Print the array as is: echo '<h2>Array As Is</h2><pre>' . print_r($students, 1) . '</pre>'; // Sort by score: uasort($students, 'score_sort'); echo '<h2>Array Sorted By Score</h2><pre>' . print_r($students, 1) . '</pre>';

I'm confused, couldn't you just do the following? function sort_by_value($x, $y) { return ($x['value'] > $y['value']); } uasort($array, 'sort_by_value');

For example Address:<input type="text" id="add" size=20> might look something like <input type="text" name="address" id="address-style" size="20"> and your php: $address = $_POST['address'];

I'll add my .05 cents to the conversation. While I'm starting to learn OOP the right way, I believe I am on the right track for I have read a couple of books, watched tutorials and of course visit forums on OOP, I have found the following: 1. You don't need to write OOP style for small projects, the Procedural way is just fine. 2. You can write OOP style for simple chores like writing a connection script to a database without have to know OOP. It doesn't mean that you know OOP, it just means that for that particular section of code you can have working code. Php.net is a very good source in finding out how to write those kind of scripts. Like I said to learn PHP code find a good recent book on OOP and start reading and follow the examples.

<?php // Using traditional setters and getters: class User { private $username = NULL; public function getUsername() { return $this->username; } public function setUsername($username) { $this->username = $username; } } $data = new User(); $data->setUsername('Justin Verlander'); echo $data->getUsername(); This uses traditional setters and getters method, but what really neat is that you don't need to use them when pulling from mysql , for you can do something like this: // Check against the database: $query = 'SELECT id, userType, username, email, pass, fullName, address, city, state, zipCode FROM users WHERE username=:username'; $stmt = $pdo->prepare($query); $stmt->execute(array(':username' => $_POST['username'])); $stmt->setFetchMode(PDO::FETCH_CLASS, 'User'); $stored_user_data = $stmt->fetch(); You just have to make sure that the names in the database corresponds to what in the class: For example public username=Null; must have a matching table column username. I also try to keep name my classes that corresponds in what I doing.

Ignore this Post - Sorry, I really need some caffeine in the morning....

First of wrap you code: // Check to see if edited data has been submitted by the user: if (isset($_POST['action']) && $_POST['action'] == 'enter') { // Determine if post should be sticky or not: $sticky = $_POST['sticky']; if(!$user->isAdmin()) { $sticky = 'no'; } // Update the edited text: $query = 'UPDATE pages SET creatorId = :creatorId, sticky = :sticky, title = :title, content = :content, dateUpdated = NOW() WHERE id=:id'; // Prepare the Statement: $stmt = $pdo->prepare($query); // Clean-up user content: // Setup an array - 'title' and 'content' are the keys: $data = array('title' => $_POST['title'], 'content' => $_POST['content']); // Create an new instance: $dirtyWord = new DirtyWord($data); // Check you content for bad language: $title = $dirtyWord->checkTitle; $content = $dirtyWord->checkContent; // execute the statement: $show_details = $stmt->execute(array(':creatorId' => $user->getId(), ':sticky' => $sticky, ':title' => $title, ':content' => $content, ':id' => $page->getId())); } Secondly what you are you using is depreciated http://www.php.net/manual/en/function.mysql-connect.php and I would advised you reading up on this then using either: http://us1.php.net/manual/en/mysqli.construct.php (mysqli) or http://us1.php.net/manual/en/pdo.construct.php (pdo) Lastly the above code is how you update something in PDO, it was written in OOP but php.net shows examples on how to do things the procedural way and once you get code written the correct way I'm sure people here will gladly help you out if you are stock.

It's also very easy to implement....

Or yo could do this: <?php $errMsg[] = NULL; $errMsg[] = 'This error 1!'; $errMsg[] = 'This error 2!'; //print_r($errMsg); if ($errMsg) { foreach ($errMsg as $value) { echo '<p>' . $value . '</p>'; } }

Go Wings! ..... Sorry I couldn't resist....

I've found out two things about OOP, one that first one should be able to write Procedural code fairly easily. Second sometimes is best to stick doing it the procedural way, specially if it's a small project. A good book I recommend is "PHP Advanced and Object-Oriented Programming" by Larry Ullman (3rd Ediition...although a 4th Edition might have come out). It's the first book that I have gone through the first chapter (I'm currently reading Chapter 11), that I haven't skipped anything and have followed the tutorials faithfully. It's interesting what you can do with just plain PHP (procedural code). Even after reading the book I still have a lot to learn for there are design patterns that you have to decide what direction you want to take OOP and that is best to do that from the start of the project.

Well, you don't mix Javascript with PHP.....might I suggest http://us2.php.net/manual/en/control-structures.if.php ?

I have a utilities file called oddly enough utilities.inc.php - here's a portion of it: // Autoload classes from "classes" directory: function class_loader($class) { require('classes/' . $class . '.php'); } spl_autoload_register('class_loader'); Then in the classes folder I have a file called Registration.php - here's a portion of that one: <?php class Registration extends DBConnect { // The member attributes containing required and optional information. // The attributes must correspond to the database table columns: private $id = NULL; private $userType=NULL; // Required (assigned) private $username=NULL; // Required private $email=NULL; // Required private $pass=NULL; // Required private $fullName=NULL; private $address=NULL; private $city=NULL; private $state=NULL; private $zipCode=NULL; I finally I have a file in my root directory called register.php....here's a portion: // Need the utilities file: require('includes/utilities.inc.php'); // ...... more code in between....... // Process form once user clicks on Register: if (isset($_POST['action']) && $_POST['action'] == 'register') { $guest = new Registration(); // Registration Class extends DBConnect Class. $errorMsg = NULL; $data['userType'] = 'public'; // User has no rights to add or edit pages. $data['username'] = trim($_POST['username']); // Required $data['email'] = trim($_POST['email']); // Required $password = trim($_POST['pass']); $passOK = $guest->isPassWordStrong($password); As you can see I don't have to worry about loading that class or any other class just as long as I put them in the classes library, I imagine if you were working for a large company you would even have sub-directories thus each employee can do their own thing without goofing up anyone's else code.

I just wanted to add you sometimes can combine Validating & Escaping in the same function thus killing two birds with one stone , but like kicken says always validate first.

<?php // At top of file have: $errorMsg = NULL; // Inside isset($_POST['adduser']) if statement if (!filter_var($email, FILTER_VALIDATE_EMAIL) { $errorMsg = '<li>Invalid Email Address!'</li>'; } if ($email == "") { $errorMsg .= '<li>Password is blank</li>'; } function isEmailAvailabe($email) { // I'll let you figure this function out... return $result; } // You can even check the database to see if email has been already used: if (isEmailAvailable($email)) { // I'll let you figure out how to write that function: $errorMsg .= '<li>Password is taken, Please Re-Enter: </li>'; } // Then when you are all done validating this: if (!$errorMsg) { // OK to write to Database: } ?> if you have errors you maybe can do something like this in your html: <div class="error-styling"> <ul> <?php echo (isset($errorMsg)) ? $errorMsg : '<li>Registration Page</li>'; ?> </ul> </div>

if ($stmt = mysqli->prepare("SELECT * FROM tblmembers WHERE mem_email=? LIMIT 1")) { $stmt->bind_param("s", $mem_email); $stmt->execute(); $stmt->store_result(); $count=$stmt->num_rows; $stmt->close(); } // If count is greater than 0 then you know email exists: if ($count) { header("index.php"); exit; }