PHP: The Good Parts

Errata for PHP: The Good Parts

Submit your own errata for this product.


The errata list is a list of errors and their corrections that were found after the product was released. If the error was corrected in a later version or reprint the date of the correction will be displayed in the column titled "Date Corrected".

The following errata were submitted by our customers and approved as valid errors by the author or editor.

Color Key: Serious Technical Mistake Minor Technical Mistake Language or formatting error Typo Question Note Update



Version Location Description Submitted By Date Submitted Date Corrected
Safari Books Online
vii
Chapter 9 sections

All instances of the abbreviation for Cross Site Scripting need to be changed from XXS to XSS. This error was submitted via a reader review There are 6 pages where this problem occurs. 1. vii Data Validation Escape Output Cross-Site Scripting (XXS) and 2. 73 For the sake of simplicity and clarity, we are not concerned here with security of the content coming from the user ($_POST array). Be sure to review Chapter 9 on security, particularly the section titled "Cross-Site Scripting (XXS) and SQL Injection" on 3. 150 function, 54 counting array elements, 54 cross-site scripting (XXS), 115116 E echo command 4. 116 Figure 9-1. Browser showing XXS injection vulnerability The attacker could also attempt to inject additional SQL commands into a form. Entering code like this into a field could expose an SQL injection opportunity: flintstone'; drop table customers; What 5. 115 Great Escape" on page 34. Cross-Site Scripting (XXS) and SQL Injection Cross-site scripting and ... your underlying code, so try not to be overly obvious in naming your entities. Cross-Site Scripting (XXS 6. 111 the most basic of levels. The section "Cross-Site Scripting (XXS) and SQL Injection"

Note from the Author or Editor:
correct as reported, these should all be changed to XSS

J. David Eisenberg
O'Reilly Author 
Jul 27, 2011 
Printed
Page 3
Teble 1.1

the URL for Dotproject is listed as "www.dotproject.org", but it should be "www.dotproject.net"

Note from the Author or Editor:
You are correct, this will be noted, thanks - P

Scott G Howard  May 26, 2010 
Printed, PDF
Page 49
1st full code section; 2nd full paragraph

Array contains 6 elements of which 'phone' is the sixth, with index position 5. Therefore code should state: <blockquote><code>array_splic($myArray, 5);</code></blockquote> and 2nd and 3rd sentences should state: <blockquote>In this case, we are telling PHP to remove the <strong>sixth</strong> element from this array. Notice that we are using the index position value here, <strong>5</strong>, and not the key value of 0.</blockquote>

Note from the Author or Editor:
I stand corrected, thanks... Peter

Anonymous  Oct 25, 2010 
Printed
Page 50
code section after 2nd paragraph

The code example is missing the closing round bracket. It should read: unset($myArray['initial']);

Note from the Author or Editor:
Yes that is correct, it is missing the closing bracket - PBM

Bob Monroe  Jan 01, 2011 
PDF
Page 65
3rd paragraph (excluding code)

2nd paragraph ends, "...just to get the points of OPP across." Typo - should be "OOP" :)

Note from the Author or Editor:
Confirmed typo, thanks ...

Anonymous  Oct 26, 2010