PHP & MySQL: The Missing Manual

Errata for PHP & MySQL: The Missing Manual

Submit your own errata for this product.

The errata list is a list of errors and their corrections that were found after the product was released.

The following errata were submitted by our customers and have not yet been approved or disproved by the author or editor. They solely represent the opinion of the customer.

Color Key: Serious Technical Mistake Minor Technical Mistake Language or formatting error Typo Question Note Update

Version Location Description Submitted By Date Submitted
Printed Page 1
Code sample - downloaded

In the supplied css you are inconsistent in referencing images. In some cases you use '/phpmm/images...' and in other places '../images'. The latter format is much better since it does not depend on the name given to the root directory. In my case I am using a wamp server on my PC and the first format simply does not work.

Anonymous  Jun 28, 2012 
Printed Page 1
pretty much everywhere

This whole book is a serious technical mistake. It is absolutely rife with blatant mistakes, omissions, typos and general sloppiness. This applies, very unfortunately, to both the textual content of the book as well as the code blocks. I have spent many frustrating hours dealing with error-ridden code. I'm not a programmer, so it has been a truly aggravating experience. What amazes me, though, is the sheer volume of typographical errors in the text. Every second page has one or more. Did anybody at O'Reilly actually proof this abomination? Is this the workmanship I should expect in all O'Reilly publications? The trouble is, seeing all the sloppy typos, how can I possibly trust anything the author says or writes? The whole darn thing has been seriously disappointing! Chris O'Brien Canada

Chris  Jan 23, 2013 
Printed Page 001

I'm trying to get cookies working - I believe it is in Chapter 12 (sorry, typing this from work and don't have book in front of me). However, showuser.php is failing as it doesn't seem to recognize the cookie. Is it possible that the default request_order in php.ini (GP) is preventing $_REQUEST from reading the cookie?

Ira Brickman  Mar 16, 2015 
PDF Page 14
Code for My First Program Section

Hello, I am a beginner PHP programmer. I have installed XAMPP and have been running many PHP scripts successfully until I tried you beginnig code example. I copied it from my PDF, save a file and ran it. I got the following error: Hello there. So I hear you're learning to be a PHP programmer! Why don't you type in your name for me: Warning: fgets(): supplied argument is not a valid stream resource in C:\xampp\htdocs\xampp\RGK\TheMissingManual_MyFirstProgram.php on line 4 Thanks, , it's really nice to meet you. I think there needs to be an open stream somewhere. Taek care Robin

Robin  Apr 15, 2012 
Printed Page 19
Fourth bullet

It is incorrect, and probably very confusing for a PHP novice, to say: "The <?php tells the browser some PHP code is coming". The browser neither sees the "<?php" nor PHP code. Rather, the PHP code is resolved at the web server prior being output to the client browser.

Göran Widheden,  May 21, 2015 
Printed Page 20
2nd Note

"it's okay if you're still a little fuzzyon the details..." Should be "fuzzy on".

Andrew Hawkins  May 01, 2012 
Printed Page 21

The code section labelled "Running Your Second Program" is completely wrong and filled with errors. Even downloading the zipped code from the Web site presents me with code that does not work as it is described in the book. The CSS file does not return a page that looks anything like the figures in the book, and when I run the sayHello.html page and enter my name, the returned page does not contain the information expected. This is only page 21 of chapter 1. Should I expect this kind of garbage throughout the rest of the book?

Anonymous  Jul 15, 2014 
Printed Page 40
Right column of "What's With All the Angle Brackets?"

<a href="<?php echo '' . $twitter_handle; ?>"> Your Facebook page </a><br /> Should be Your Twitter page. Same mistake on the second bit of code.

Andrew Hawkins  May 02, 2012 
Printed Page 48
2nd line

Please clarify syntax used in lines 2,3,4, and in the farther down the page: echo "\nEmail: " . $email; I can find no previous or subsequent explanation of or reference to the "\n" when referring to a variable. The other variables are called using $.

Nancy  May 19, 2013 
Printed Page 119
boldly printed code section

Missing a semicolon here: if($result) { echo "<p>Your query was processed successfully.</p>" <Missing semicolon here> echo "<p>{$query_text}</p>"; }

haitiman  May 07, 2013 
Printed Page 119
bottom of highlighted code

In the code on this page, the 4th line from the bottom reads echo "<p>Your query was processed successfully.</p>" Without the trailing semi-colon (;), the code breaks. The line should read, echo "<p>Your query was processed successfully.</p>"; (Note the semi-colon at the end.

Rob Noyes  May 15, 2013 
Printed Page 125
Power User's Clinic Rightside column 2nd & 3rd paragraphs

The error is in this section. The author writes "But it gets worse! You're dealing with real humans, and humans do funny things. Suppose someone enters this SQL into your form: CREATE TABLE urls ( id int, url varchar(100), description varchar(100) ); Now you've got a new problem: this isn't a SELECT, but your search code won't find one of those special words at the the beginning. The first character is a space: " "... " In these paragraphs, the author attempts to make a point about how white space could potentially kill your effort to locate SQL keywords CREATE, INSERT, UPDATE, DELETE, & DROP at the first character position. However, no one can see there is a problem with that query statement because all white space disappears in printed books. I am sure error was easy for the author to spot on screen, however, it's not visible to the reader in print.

haitiman  Apr 30, 2013 
Printed Page 156
1st paragraph

"TIme provide some feedback..." This should be: "Time to provide some feedback..."

haitiman  Mar 30, 2013 
Printed Page 160
Bottom paragraph

The issue is toward the bottom of the page were the reader places the new code with the preg_match function. Reading this contextually it is starting of stating $return_rows = true; it then scans the variable string $query_text for the regular expression and if it finds one it returns $return_rows = false. following this, is an if($return_rows),,,it should at this point be if(!return_rows) or you would want to start out the entire function at the beginning with $return_rows = false. I am new to all this but this is what I had to do in order to get the code to work!. $return_rows = true; if (preg_match("/^*(CREATE|INSERT|UPDATE|DELETE|DROP)/i", $query_text)) { $return_rows = false; } if (!$return_rows) { echo "<p>Results from your query:</p>"; echo "<ul>"; while ($row = mysql_fetch_row($result)) { echo "<li>{$row[0]}</li>"; } echo "</ul>"; } else { echo "<p>Your query was processed successfully.</p>"; echo "<p>{$query_text}</p>"; }

Jamie Bush  Aug 12, 2013 
Printed Page 195
4th paragraph

"..., without alarming your user will all the gory details." It should read: "..., without alarming your user with all the gory details." the word "will" should be changed to "with."

haitiman  Mar 31, 2013 
Printed Page 200
Creating a PHP Error Page -- Code segment

There is a HTML error in the code segment. There is an open <span> tag. The error is in the following code segment: <div id="content"> <h1>We're really sorry...</h1> <p><img src="../images/error.jpg" class="error" /> <?php echo $error_message; ?> <span></p> ... </div> The code segment should be (that is if it is the intention of the author to emphasize the error using CSS, and mirror it the way it is displayed in Figure 7-5): <div id="content"> <h1>We're really sorry...</h1> <p> <img src="../images/error.jpg" class="error" /> Apparently, <span><?php echo $error_message; ?></span> </p> ... </div>

haitiman  Apr 07, 2013 
Printed Page 204
Script at top of page

isset function always reads as true and therefore will never print "something went wrong, and that's how you ended up here". Maybe the preg_replace 'sets' it to an empty value? Using the empty() function like this seems to fix it: <?php $error_message = preg_replace("/\\\\/", '', $_REQUEST['error_message']); if (empty($error_message)) { $error_message = "Something wen't wrong, and that's how you ended up here!"; } ?>

Richard Simes  Jun 01, 2012 
Printed Page 208
Top - 1st paragraph

"... create a small script called display_error.php, and type this code:" <?php echo "Hello, {$first_name}\n\n"; $query = "SELECT * FROM users WHERE first_name = {$first_name}"; echo "{$query}\n\n"; ?> The question here is ..... in which directory should this little script be created. Because on page 210, the code now has a new require instruction see code below: <?php require '../scripts/app_config.php'; echo "Hello, {$first_name}\n\n"; $query = "SELECT * FROM users WHERE first_name = {$first_name}"; echo "{$query}\n\n"; ?> Because the author never made clear where create display_error.php, this require instruction could potentially cause any error (by pointing to a file that may or may not exist).

haitiman  Apr 13, 2013 
Printed Page 211
United States

This error has been reported for pages 202 and 204. This error also rears its head on page on 211 as well in the following code segment. <?php require 'app_config.php'; $error_message = preg_replace_all("/\\\\/",'',$_REQUEST['error_message']); *** This should be preg_replace("/\\\\/",'',$_REQUEST['error_message']) as the author stated in the confirmed errata pages *** ... ?>

haitiman  May 25, 2013 
Printed Page 237
In bold code halfway down page

The script given in the book is: (which did not seem to work) or handle_error("the server couldn't upload the image you selected.", $php_errors($_FILES[$image_fieldname]['error'])); This script does seem to work when square brackets are used like this: (as it is on the missing CD code) or handle_error("the server couldn't upload the image you selected.", $php_errors[$_FILES[$image_fieldname]['error']]);

Richard Simes  Jun 12, 2012 
Printed Page 237

it must b like this ... // Make sure we didn't have an error uploading the image ($_FILES[$image_fieldname]['error']==0) or handle_error("the server couldn't upload the image you selected.", $php_errors[$_FILES[$image_fieldname]['error']]); but in the book it's given like this... // Make sure we didn't have an error uploading the image ($_FILES[$image_fieldname]['error']==0) or handle_error("the server couldn't upload the image you selected.", $php_errors($_FILES[$image_fieldname]['error'])); this [ ] and ( ) confusion gives error... please rectify the printing mistake which otherwise leads to really unwanted errors... though you have given "as warning "on the next page but ,,,, then also it's really necessary for those people who are seriously following your code ...and especially if they're in a beginner stage.. thanking you if the problem is rectified as soon as possible... Ashish K mishra ... India Kolkata

ashish kumar  Aug 17, 2013 
Printed Page 246
First set of code, line 3

user_profile_pic should be user_pic_path

Richard Simes  Jul 10, 2012 
Printed Page 251
PHP code just below the middle of the page.

Suspected typo: echo "DOCUMENT ROOT: {$_SERVER['1G']}"; I suspect the index 1G (or whatever that second letter really is ...) is a typo. If its not a typo, please clarify text to explain that index.

Göran Widheden,  May 21, 2015 
Printed Page 257
multiple locations

On Mac OS X 10.7 $_SERVER['DOCUMENT_ROOT'] points to the Apache root for the computer, not the logged in user. This is /Library/WebServer/Documents which is way off from where it needs to be, namely /Users/[username]/Sites/ $_SERVER["PHP_SELF"] gets you a little closer. This basically breaks a lot of the scripts on the missing CD on Mac OS X.

Note from the Author or Editor:
Author will do further research.

Anonymous  Jan 12, 2012 
Printed Page 287
Just above middle of the page.

I suspect there is a typo in the PHP code where a call to PHP function header is made. The second and third line line should both be preceded by a quote character. Currently, the code tries to concatenate non-strings.

Göran Widheden,  May 21, 2015 
Printed Page 290
Code at bottom of page

} catch (Exception exc) { should be } catch (Exception $exc) {

Richard Simes  Aug 10, 2012 
Printed Page 290
2nd & 3rd examples

catch phrase missing $ Should read } catch (Exception $exc) {

August Binkert  Sep 09, 2012 
Printed Page 297
Near top of page.

Since the email address is inserted into a link, I believe the email address should be preceded by "mailto:", like so: <a href="<?php echo 'mailto:' . $email; ?>">

Göran Widheden,  May 21, 2015 
Printed Page 303
Caption to figure 10-1

"The delete image needs" should read "The delete user needs".

Göran Widheden,  May 21, 2015 
Printed Page 336
Throughout page

The author warns of the dangers of copy and paste, yet it would appear that his code examples suffer from a copy/paste mistake. The code at the top of the page creates a function, and is as follows: function display_message ($msg, $msg_type) { echo " <div class='{#msg_type}'>\n"; echo " <p>{$msg</p>\n"; echo " </div>\n"; } The typo is in line two: #msg_type was used rather than $msg_type. This typo was repeated a second time (the copy/paste pitfall) further down the page. The example code is repeated on the next page (337) and in the consolidated example, the correct $msg_type convention is printed.

Todd Hayward  Jun 04, 2012 
Printed Page 341
function in 3rd paragraph

The function display_messages() as proposed here will never work using default parameters. When passing only one parameter the function cannot 'know' wether that is a success or error message, so this will allways trigger success! Not good for teaching default function parameters. A better approach would have been to have a parameter $message and a parameter $message_type: display_messages($msg, $error=false) { if ($error) // display error else // display success } success: display_messages($msg); error: display_messages($msg, true);

Jan Truijens  Mar 14, 2013 
Printed Page 341
function display_head()

And again a default value problem: if one forgets to put in a $page_title, any submitted javascript will end up in the html <title> tag...

Jan Truijens  Mar 14, 2013 
Printed, PDF Page 367
Full Section on Usernames and Password

The Username and Password entered by the user are case sensitive which can cause problems with the code as shown. For example, there is mention on page 378 of insuring a unique Username by looking to see if it is in use before allowing a new user to request it. This means that the supplied code will not spot that BobR and bobr are the same username and thus will allow both of them. This can be fixed by taking the Username that the user enters as a DISPLAY ID and lower-casing it for use as the official id for comparison purposes (both versions being saved in the database) and as the salt on page 386 for the encrypted password. That way the user can use BobR and bobr (and other case versions) and still be seen as the same user. This case insensitivity exists for example (in many cases) with email Usernames and URLs so users tend to expect it and can be surprised when case sensitivity is enforced without a warning. Also, there should be a warning on the Password field that it IS case sensitive and thus must be entered the same way every time. Otherwise the comparisons will not work (unless you want to reduce the valid character selection count and thus the security level by lower-casing the entered string for storing, comparison, and encrypting).

Robert A. Rosenberg  Jun 05, 2012 
Printed Page 378
FAQ Box - Paragraph 3

There is a statement in paragraph 3 that if the requested username is already assigned to go back and suggest that the user should try another password. This should read "try another username. The same text exists in the eBook version.

Robert A. Rosenberg  May 18, 2012 
Printed Page 379
Code at top of page

The page_start code at the top of the page consistently returns the following error: Notice: Undefined index: error_message in...

Anonymous  Aug 03, 2015 
Printed Page 386
Middle of the page.

It is not recommended to use the user name as salt. The user name (e.g. an email address) is known (to an adversary). This reduces the cost for the adversary trying to deduce the password.

Göran Widheden,  May 21, 2015 
PDF Page 394
2nd paragraph of code

in the book, (and FILES) it reads: define(VALiD_USERNAME, "admin"); define(VALiD_PASSWORD, "super_secret"); Which for me kept throwing up "undefined constant errors" It should read: define("VALID_USERNAME", "admin"); define("VALID_PASSWORD", "super_secret"); there needs to be quotation marks around "VALID_USERNAME" and "VALID_PASSWORD"

steve  Aug 24, 2015 
Printed Page 399
FAQ-box, right column.

Suspected typo: "totally ditch $_GET, $_REQUEST, $_COOKIE" should read: "totally ditch $_GET, $_POST, $_COOKIE".

Göran Widheden,  May 28, 2015 
Printed Page 408
Middle of page.

Where the code page_start("Sign In"); appears, please provide a reference to page 348 so that the reader can look up what page_start() is all about.

Göran Widheden,  May 28, 2015 
Printed Page 421
9:th line from top of page

The comment "// Log out on browser close" seems to be incorrect.

Göran Widheden,  May 28, 2015 
Printed Page 440
7:th line from top of page

"The string says" should read "The string stays".

Göran Widheden,  May 28, 2015 
Printed Page 441
FAQ First Paragraph

"... there are solutions to problems, and then they are better solutions to problems." "they" should the "there".

Andrew Hawkins  May 04, 2012 
Printed, PDF Page 447
Full Section on Sessions

Sessions uses Cookies to store and return the current SessionID when a page issues the session_start(); call. There is no mention of what happens if the user's browser rejects the setting request for the cookie or does not return it for any reason (such as cookies being turned off or cookie monitoring with permission requests being active). This possible cookie suppression can be compensated for by adding the SessionID to the URLs either implicately/automatically (via a PHP.INI setting) or explicitly by manually adding them to the URLs in the A/HREFs. There is no mention of this potential problem in the Sessions Section which assumes that the requisite cookie will always be available and thus the problem should at least be mentioned or even better addressed with sample code to manually add the SessionID to the URLs or make more make this inclusion automatic via the PHP.INI settings.

Robert A. Rosenberg  Jun 05, 2012 
Printed Page 484
show users code

I get a fatal error "Call to undefined function user_in_group() in /home2/roadruq0/public_html/scripts/view.php on line 37". To my knowledge I am not trying to use that function in this code.

Allison  Sep 19, 2015