Errata

Errata for PHP & MySQL: The Missing Manual

Submit your own errata for this product.

The errata list is a list of errors and their corrections that were found after the product was released.

The following errata were submitted by our customers and have not yet been approved or disproved by the author or editor. They solely represent the opinion of the customer.

Color Key: Serious technical mistake Minor technical mistake Language or formatting error Typo Question Note Update

Version	Location	Description	Submitted by	Date submitted
Printed	Page 1 Code sample - downloaded	In the supplied css you are inconsistent in referencing images. In some cases you use '/phpmm/images...' and in other places '../images'. The latter format is much better since it does not depend on the name given to the root directory. In my case I am using a wamp server on my PC and the first format simply does not work.	Anonymous	Jun 28, 2012
Printed	Page 1 pretty much everywhere	This whole book is a serious technical mistake. It is absolutely rife with blatant mistakes, omissions, typos and general sloppiness. This applies, very unfortunately, to both the textual content of the book as well as the code blocks. I have spent many frustrating hours dealing with error-ridden code. I'm not a programmer, so it has been a truly aggravating experience. What amazes me, though, is the sheer volume of typographical errors in the text. Every second page has one or more. Did anybody at O'Reilly actually proof this abomination? Is this the workmanship I should expect in all O'Reilly publications? The trouble is, seeing all the sloppy typos, how can I possibly trust anything the author says or writes? The whole darn thing has been seriously disappointing! Chris O'Brien Canada	Chris	Jan 23, 2013
Printed	Page 001 001	I'm trying to get cookies working - I believe it is in Chapter 12 (sorry, typing this from work and don't have book in front of me). However, showuser.php is failing as it doesn't seem to recognize the cookie. Is it possible that the default request_order in php.ini (GP) is preventing $_REQUEST from reading the cookie?	Ira Brickman	Mar 16, 2015
PDF	Page 14 Code for My First Program Section	Hello, I am a beginner PHP programmer. I have installed XAMPP and have been running many PHP scripts successfully until I tried you beginnig code example. I copied it from my PDF, save a file and ran it. I got the following error: Hello there. So I hear you're learning to be a PHP programmer! Why don't you type in your name for me: Warning: fgets(): supplied argument is not a valid stream resource in C:\xampp\htdocs\xampp\RGK\TheMissingManual_MyFirstProgram.php on line 4 Thanks, , it's really nice to meet you. I think there needs to be an open stream somewhere. Taek care Robin	Robin	Apr 15, 2012
Printed	Page 19 Fourth bullet	It is incorrect, and probably very confusing for a PHP novice, to say: "The <?php tells the browser some PHP code is coming". The browser neither sees the "<?php" nor PHP code. Rather, the PHP code is resolved at the web server prior being output to the client browser.	Göran Widheden, www.software-quality.se	May 21, 2015
Printed	Page 20 2nd Note	"it's okay if you're still a little fuzzyon the details..." Should be "fuzzy on".	Andrew Hawkins	May 01, 2012
Printed	Page 21 Throughout	The code section labelled "Running Your Second Program" is completely wrong and filled with errors. Even downloading the zipped code from the Web site presents me with code that does not work as it is described in the book. The CSS file does not return a page that looks anything like the figures in the book, and when I run the sayHello.html page and enter my name, the returned page does not contain the information expected. This is only page 21 of chapter 1. Should I expect this kind of garbage throughout the rest of the book?	Anonymous	Jul 15, 2014
Printed	Page 40 Right column of "What's With All the Angle Brackets?"	<a href="<?php echo 'http://www.twitter.com/' . $twitter_handle; ?>"> Your Facebook page </a><br /> Should be Your Twitter page. Same mistake on the second bit of code.	Andrew Hawkins	May 02, 2012
Printed	Page 48 2nd line	Please clarify syntax used in lines 2,3,4, and in the farther down the page: echo "\nEmail: " . $email; I can find no previous or subsequent explanation of or reference to the "\n" when referring to a variable. The other variables are called using $.	Nancy	May 19, 2013
Printed	Page 119 boldly printed code section	Missing a semicolon here: if($result) { echo "<p>Your query was processed successfully.</p>" <Missing semicolon here> echo "<p>{$query_text}</p>"; }	haitiman	May 07, 2013
Printed	Page 119 bottom of highlighted code	In the code on this page, the 4th line from the bottom reads echo "<p>Your query was processed successfully.</p>" Without the trailing semi-colon (;), the code breaks. The line should read, echo "<p>Your query was processed successfully.</p>"; (Note the semi-colon at the end.	Rob Noyes	May 15, 2013
Printed	Page 125 Power User's Clinic Rightside column 2nd & 3rd paragraphs	The error is in this section. The author writes "But it gets worse! You're dealing with real humans, and humans do funny things. Suppose someone enters this SQL into your form: CREATE TABLE urls ( id int, url varchar(100), description varchar(100) ); Now you've got a new problem: this isn't a SELECT, but your search code won't find one of those special words at the the beginning. The first character is a space: " "... " In these paragraphs, the author attempts to make a point about how white space could potentially kill your effort to locate SQL keywords CREATE, INSERT, UPDATE, DELETE, & DROP at the first character position. However, no one can see there is a problem with that query statement because all white space disappears in printed books. I am sure error was easy for the author to spot on screen, however, it's not visible to the reader in print.	haitiman	Apr 30, 2013
Printed	Page 156 1st paragraph	"TIme provide some feedback..." This should be: "Time to provide some feedback..."	haitiman	Mar 30, 2013
Printed	Page 160 Bottom paragraph	The issue is toward the bottom of the page were the reader places the new code with the preg_match function. Reading this contextually it is starting of stating $return_rows = true; it then scans the variable string $query_text for the regular expression and if it finds one it returns $return_rows = false. following this, is an if($return_rows),,,it should at this point be if(!return_rows) or you would want to start out the entire function at the beginning with $return_rows = false. I am new to all this but this is what I had to do in order to get the code to work!. $return_rows = true; if (preg_match("/^*(CREATE\|INSERT\|UPDATE\|DELETE\|DROP)/i", $query_text)) { $return_rows = false; } if (!$return_rows) { echo "<p>Results from your query:</p>"; echo "<ul>"; while ($row = mysql_fetch_row($result)) { echo "<li>{$row[0]}</li>"; } echo "</ul>"; } else { echo "<p>Your query was processed successfully.</p>"; echo "<p>{$query_text}</p>"; }	Jamie Bush	Aug 12, 2013
Printed	Page 195 4th paragraph	"..., without alarming your user will all the gory details." It should read: "..., without alarming your user with all the gory details." the word "will" should be changed to "with."	haitiman	Mar 31, 2013
Printed	Page 200 Creating a PHP Error Page -- Code segment	There is a HTML error in the code segment. There is an open <span> tag. The error is in the following code segment: <div id="content"> <h1>We're really sorry...</h1> <p><img src="../images/error.jpg" class="error" /> <?php echo $error_message; ?> <span></p> ... </div> The code segment should be (that is if it is the intention of the author to emphasize the error using CSS, and mirror it the way it is displayed in Figure 7-5): <div id="content"> <h1>We're really sorry...</h1> <p> <img src="../images/error.jpg" class="error" /> Apparently, <span><?php echo $error_message; ?></span> </p> ... </div>	haitiman	Apr 07, 2013
Printed	Page 204 Script at top of page	isset function always reads as true and therefore will never print "something went wrong, and that's how you ended up here". Maybe the preg_replace 'sets' it to an empty value? Using the empty() function like this seems to fix it: <?php $error_message = preg_replace("/\\\\/", '', $_REQUEST['error_message']); if (empty($error_message)) { $error_message = "Something wen't wrong, and that's how you ended up here!"; } ?>	Richard Simes	Jun 01, 2012
Printed	Page 208 Top - 1st paragraph	"... create a small script called display_error.php, and type this code:" <?php echo "Hello, {$first_name}\n\n"; $query = "SELECT * FROM users WHERE first_name = {$first_name}"; echo "{$query}\n\n"; ?> The question here is ..... in which directory should this little script be created. Because on page 210, the code now has a new require instruction see code below: <?php require '../scripts/app_config.php'; echo "Hello, {$first_name}\n\n"; $query = "SELECT * FROM users WHERE first_name = {$first_name}"; echo "{$query}\n\n"; ?> Because the author never made clear where create display_error.php, this require instruction could potentially cause any error (by pointing to a file that may or may not exist).	haitiman	Apr 13, 2013
Printed	Page 211 United States	This error has been reported for pages 202 and 204. This error also rears its head on page on 211 as well in the following code segment. <?php require 'app_config.php'; $error_message = preg_replace_all("/\\\\/",'',$_REQUEST['error_message']); * This should be preg_replace("/\\\\/",'',$_REQUEST['error_message']) as the author stated in the confirmed errata pages * ... ?>	haitiman	May 25, 2013
Printed	Page 237 In bold code halfway down page	The script given in the book is: (which did not seem to work) or handle_error("the server couldn't upload the image you selected.", $php_errors($_FILES[$image_fieldname]['error'])); This script does seem to work when square brackets are used like this: (as it is on the missing CD code) or handle_error("the server couldn't upload the image you selected.", $php_errors[$_FILES[$image_fieldname]['error']]);	Richard Simes	Jun 12, 2012
Printed	Page 237 3rd	it must b like this ... // Make sure we didn't have an error uploading the image ($_FILES[$image_fieldname]['error']==0) or handle_error("the server couldn't upload the image you selected.", $php_errors[$_FILES[$image_fieldname]['error']]); but in the book it's given like this... // Make sure we didn't have an error uploading the image ($_FILES[$image_fieldname]['error']==0) or handle_error("the server couldn't upload the image you selected.", $php_errors($_FILES[$image_fieldname]['error'])); this [ ] and ( ) confusion gives error... please rectify the printing mistake which otherwise leads to really unwanted errors... though you have given "as warning "on the next page but ,,,, then also it's really necessary for those people who are seriously following your code ...and especially if they're in a beginner stage.. thanking you if the problem is rectified as soon as possible... Ashish K mishra ... India Kolkata	ashish kumar	Aug 17, 2013
Printed	Page 246 First set of code, line 3	user_profile_pic should be user_pic_path	Richard Simes	Jul 10, 2012
Printed	Page 251 PHP code just below the middle of the page.	Suspected typo: echo "DOCUMENT ROOT: {$_SERVER['1G']}"; I suspect the index 1G (or whatever that second letter really is ...) is a typo. If its not a typo, please clarify text to explain that index.	Göran Widheden, www.software-quality.se	May 21, 2015
Printed	Page 257 multiple locations	On Mac OS X 10.7 $_SERVER['DOCUMENT_ROOT'] points to the Apache root for the computer, not the logged in user. This is /Library/WebServer/Documents which is way off from where it needs to be, namely /Users/[username]/Sites/ $_SERVER["PHP_SELF"] gets you a little closer. This basically breaks a lot of the scripts on the missing CD on Mac OS X. Note from the Author or Editor: Author will do further research.	Anonymous	Jan 12, 2012
Printed	Page 287 Just above middle of the page.	I suspect there is a typo in the PHP code where a call to PHP function header is made. The second and third line line should both be preceded by a quote character. Currently, the code tries to concatenate non-strings.	Göran Widheden, www.software-quality.se	May 21, 2015
Printed	Page 290 Code at bottom of page	} catch (Exception exc) { should be } catch (Exception $exc) {	Richard Simes	Aug 10, 2012
Printed	Page 290 2nd & 3rd examples	catch phrase missing $ Should read } catch (Exception $exc) {	August Binkert	Sep 09, 2012
Printed	Page 297 Near top of page.	Since the email address is inserted into a link, I believe the email address should be preceded by "mailto:", like so: <a href="<?php echo 'mailto:' . $email; ?>">	Göran Widheden, www.software-quality.se	May 21, 2015
Printed	Page 303 Caption to figure 10-1	"The delete image needs" should read "The delete user needs".	Göran Widheden, www.software-quality.se	May 21, 2015
Printed	Page 336 Throughout page	The author warns of the dangers of copy and paste, yet it would appear that his code examples suffer from a copy/paste mistake. The code at the top of the page creates a function, and is as follows: function display_message ($msg, $msg_type) { echo " <div class='{#msg_type}'>\n"; echo " <p>{$msg</p>\n"; echo " </div>\n"; } The typo is in line two: #msg_type was used rather than $msg_type. This typo was repeated a second time (the copy/paste pitfall) further down the page. The example code is repeated on the next page (337) and in the consolidated example, the correct $msg_type convention is printed.	Todd Hayward	Jun 04, 2012
Printed	Page 341 function in 3rd paragraph	The function display_messages() as proposed here will never work using default parameters. When passing only one parameter the function cannot 'know' wether that is a success or error message, so this will allways trigger success! Not good for teaching default function parameters. A better approach would have been to have a parameter $message and a parameter $message_type: display_messages($msg, $error=false) { if ($error) // display error else // display success } success: display_messages($msg); error: display_messages($msg, true);	Jan Truijens	Mar 14, 2013
Printed	Page 341 function display_head()	And again a default value problem: if one forgets to put in a $page_title, any submitted javascript will end up in the html <title> tag...	Jan Truijens	Mar 14, 2013
Printed, PDF	Page 367 Full Section on Usernames and Password	The Username and Password entered by the user are case sensitive which can cause problems with the code as shown. For example, there is mention on page 378 of insuring a unique Username by looking to see if it is in use before allowing a new user to request it. This means that the supplied code will not spot that BobR and bobr are the same username and thus will allow both of them. This can be fixed by taking the Username that the user enters as a DISPLAY ID and lower-casing it for use as the official id for comparison purposes (both versions being saved in the database) and as the salt on page 386 for the encrypted password. That way the user can use BobR and bobr (and other case versions) and still be seen as the same user. This case insensitivity exists for example (in many cases) with email Usernames and URLs so users tend to expect it and can be surprised when case sensitivity is enforced without a warning. Also, there should be a warning on the Password field that it IS case sensitive and thus must be entered the same way every time. Otherwise the comparisons will not work (unless you want to reduce the valid character selection count and thus the security level by lower-casing the entered string for storing, comparison, and encrypting).	Robert A. Rosenberg	Jun 05, 2012
Printed	Page 378 FAQ Box - Paragraph 3	There is a statement in paragraph 3 that if the requested username is already assigned to go back and suggest that the user should try another password. This should read "try another username. The same text exists in the eBook version.	Robert A. Rosenberg	May 18, 2012
Printed	Page 379 Code at top of page	The page_start code at the top of the page consistently returns the following error: Notice: Undefined index: error_message in...	Anonymous	Aug 03, 2015
Printed	Page 386 Middle of the page.	It is not recommended to use the user name as salt. The user name (e.g. an email address) is known (to an adversary). This reduces the cost for the adversary trying to deduce the password.	Göran Widheden, www.software-quality.se	May 21, 2015
PDF	Page 394 2nd paragraph of code	in the book, (and FILES) it reads: define(VALiD_USERNAME, "admin"); define(VALiD_PASSWORD, "super_secret"); Which for me kept throwing up "undefined constant errors" It should read: define("VALID_USERNAME", "admin"); define("VALID_PASSWORD", "super_secret"); there needs to be quotation marks around "VALID_USERNAME" and "VALID_PASSWORD"	steve	Aug 24, 2015
Printed	Page 399 FAQ-box, right column.	Suspected typo: "totally ditch $_GET, $_REQUEST, $_COOKIE" should read: "totally ditch $_GET, $_POST, $_COOKIE".	Göran Widheden, www.software-quality.se	May 28, 2015
Printed	Page 408 Middle of page.	Where the code page_start("Sign In"); appears, please provide a reference to page 348 so that the reader can look up what page_start() is all about.	Göran Widheden, www.software-quality.se	May 28, 2015
Printed	Page 421 9:th line from top of page	The comment "// Log out on browser close" seems to be incorrect.	Göran Widheden, www.software-quality.se	May 28, 2015
Printed	Page 440 7:th line from top of page	"The string says" should read "The string stays".	Göran Widheden, www.software-quality.se	May 28, 2015
Printed	Page 441 FAQ First Paragraph	"... there are solutions to problems, and then they are better solutions to problems." "they" should the "there".	Andrew Hawkins	May 04, 2012
Printed, PDF	Page 447 Full Section on Sessions	Sessions uses Cookies to store and return the current SessionID when a page issues the session_start(); call. There is no mention of what happens if the user's browser rejects the setting request for the cookie or does not return it for any reason (such as cookies being turned off or cookie monitoring with permission requests being active). This possible cookie suppression can be compensated for by adding the SessionID to the URLs either implicately/automatically (via a PHP.INI setting) or explicitly by manually adding them to the URLs in the A/HREFs. There is no mention of this potential problem in the Sessions Section which assumes that the requisite cookie will always be available and thus the problem should at least be mentioned or even better addressed with sample code to manually add the SessionID to the URLs or make more make this inclusion automatic via the PHP.INI settings.	Robert A. Rosenberg	Jun 05, 2012
Printed	Page 484 show users code	I get a fatal error "Call to undefined function user_in_group() in /home2/roadruq0/public_html/scripts/view.php on line 37". To my knowledge I am not trying to use that function in this code.	Allison	Sep 19, 2015