The errata list is a list of errors and their corrections that were found after the product was released. If the error was corrected in a later version or reprint the date of the correction will be displayed in the column titled "Date Corrected".
The following errata were submitted by our customers and approved as valid errors by the author or editor.
Color key: Serious technical mistake Minor technical mistake Language or formatting error Typo Question Note Update
| Version |
Location |
Description |
Submitted By |
Date submitted |
Date corrected |
|
vii
Chapter 9 sections |
All instances of the abbreviation for Cross Site Scripting need to be changed from XXS to XSS. This error was submitted via a reader review
There are 6 pages where this problem occurs.
1.
vii
Data Validation Escape Output Cross-Site Scripting (XXS) and
2.
73
For the sake of simplicity and clarity, we are not concerned here with security of the content coming from the user ($_POST array). Be sure to review Chapter 9 on security, particularly the section titled "Cross-Site Scripting (XXS) and SQL Injection" on
3.
150
function, 54 counting array elements, 54 cross-site scripting (XXS), 115?116 E echo command
4.
116
Figure 9-1. Browser showing XXS injection vulnerability The attacker could also attempt to inject additional SQL commands into a form. Entering code like this into a field could expose an SQL injection opportunity: flintstone'; drop table customers; What
5.
115
Great Escape" on page 34. Cross-Site Scripting (XXS) and SQL Injection Cross-site scripting and ... your underlying code, so try not to be overly obvious in naming your entities. Cross-Site Scripting (XXS
6.
111
the most basic of levels. The section "Cross-Site Scripting (XXS) and SQL Injection"
Note from the Author or Editor:
correct as reported, these should all be changed to XSS |
O'Reilly Media
|
Jul 27, 2011 |
|
| Printed |
Page 3
Teble 1.1 |
the URL for Dotproject is listed as "www.dotproject.org", but it should be "www.dotproject.net"
Note from the Author or Editor:
You are correct, this will be noted, thanks - P |
Scott G Howard |
May 26, 2010 |
|
| Printed, PDF |
Page 49
1st full code section; 2nd full paragraph |
Array contains 6 elements of which 'phone' is the sixth, with index position 5.
Therefore code should state:
<blockquote><code>array_splic($myArray, 5);</code></blockquote>
and 2nd and 3rd sentences should state:
<blockquote>In this case, we are telling PHP to remove the <strong>sixth</strong> element from this array. Notice that we are using the index position value here, <strong>5</strong>, and not the key value of 0.</blockquote>
Note from the Author or Editor:
I stand corrected, thanks...
Peter |
Anonymous |
Oct 25, 2010 |
|
| Printed |
Page 50
code section after 2nd paragraph |
The code example is missing the closing round bracket. It should read:
unset($myArray['initial']);
Note from the Author or Editor:
Yes that is correct, it is missing the closing bracket - PBM |
Bob Monroe |
Jan 01, 2011 |
|
| PDF |
Page 65
3rd paragraph (excluding code) |
2nd paragraph ends, "...just to get the points of OPP across."
Typo - should be "OOP" :)
Note from the Author or Editor:
Confirmed typo, thanks ... |
Anonymous |
Oct 26, 2010 |
|