Chapter 10 - Review

Output

What is the standard sequence of steps for debugging PHP-MySQL problems (explicitly conveyed at the end of Chapter 8)?

Troubleshooting errors in your PHP/MySQL script include these and MORE...

Make sure you are editing the proper script/page. With includes - lots of different files can contribute to the creation of a page. Know where you are.
Make sure any changes to the document have been saved.
Make sure you are accessing the file through a url.
Know which versions of key software are running and the limitations/functionality of that partcular version.
Determine which part of your script is faulty...USER error, HTML/CSS, Javascript/AJAX, PHP coding , MySQL formatting/queries, DATA in the database
Utilize all error reporting that comes built into the software. This can help with any PHP Parse errors, misspellings, syntactical mistakes, function parameter errors etc...
Use quotes methodically and consistantly.
Use comments to deactivate portions of code to narrow down the error.
Output to screen arrays, objects, and variables to track their expected values.
Use echo() to add comments within complex logic blocks to indicate code execution.
Print out mysql queries to see if any errors in expression.
Run mysql queries in client or separate ap (like Workbench) to test result set and query variations.
Double check database permissions and user information are compatible.
Step away from the machine.

What are the two ways of passing values to a PHP script (aside from user input)?

The programmer can pass values to a php script as a query string appended to the url or through a form as a hidden field value. Two other methods not yet discussed are through cookies and session variables.

What security measures do the delete_user.php and edit_user.php scripts take to prevent malicious or accidental deletions?

The delete_user script requires additional user confirmation before deletion. They both validate the user_id is a numeric value. Any values are run through mysqli_real_escape_string() before they are inserted into the database. The php script also reinforces the MYSQL rules for unique indexes on the email field.

Why is it safe to use the $id value in queries without running it through mysqli_real_escape_string() first?

The id value has been checked as numeric - so it is not a string and therefore does not need to be escaped.

In what situation will the mysqli_affected_rows() function return a false negative (i.e., report that no records were affected despite the fact that the query ran without error)?

mysqli_affected_rows() returns an integer greater than zero matching the number of rows affected or retrieved. Zero indicates that no records were updated for an UPDATE statement, no rows matched the WHERE clause in the query or that no query has yet been executed. -1 indicates that the query returned an error.

What is the ternary operator? How is it used?

Ternary operator logic is the process of using "(condition) ? (true return value) : (false return value)" statements to shorten your if/else structures.

What two values are required to properly paginate query results?

To properly paginate query results - you must set the LIMIT start, duration values of your query. Start corresponds to the record index to begin from, duration indicates the number of results to return from that point forward. By issueing subsequent queries with the same parameters but changes in the limit - you can retrieve your results in a bite size, orderly manner.

How do you alter a query so that its results are paginated?

By setting the LIMIT clause to return subsets of the query you can paginate the results.

If a paginated query is based upon additional criteria (beyond those used in a LIMIT clause), what would happen if those criteria are not also passed along in every pagination link?

The query used must be exactly the same on each subsequent call. Only alter the Limit clause, otherwise the subset will contain different data entirely, not a subset of the larger query result.

Why is it important not to directly use the value of $_GET['sort']in a query?

Any $_GET value can be altered by the user and should not be trusted. By limiting the values of $_GET to only a few acceptable options, you prevent intentional/accidental malicious code from entering your script.

Why is it important to pass the sorting value along in each pagination link?

The sorting value is used in each query call to format the results in the ORDER BY clause. If omitted, your results and pagination will no longer be consistent.

Source

<?php 
$review = array(
	1 => array(
		'q'=>'What is the standard sequence of steps for debugging PHP-MySQL problems (explicitly conveyed at the end of Chapter 8)?',
		'a'=>'<p>Troubleshooting errors in your PHP/MySQL script include these and MORE...
		<ul>
		<li>Make sure you are editing the proper script/page. With includes - lots of different files can contribute to the creation of a page. Know where you are.</li>
		<li>Make sure any changes to the document have been saved.</li>
		<li>Make sure you are accessing the file through a url.</li>
		<li>Know which versions of key software are running and the limitations/functionality of that partcular version.</li>
		<li>Determine which part of your script is faulty...USER error, HTML/CSS, Javascript/AJAX, PHP coding , MySQL formatting/queries, DATA in the database</li>
		<li>Utilize all error reporting that comes built into the software. This can help with any PHP Parse errors, misspellings, syntactical mistakes, function parameter errors etc...</li>
		<li>Use quotes methodically and consistantly.</li>
		<li>Use comments to deactivate portions of code to narrow down the error.</li>
		<li>Output to screen arrays, objects, and variables to track their expected values.</li>
		<li>Use echo() to add comments within complex logic blocks to indicate code execution.</li>
		<li>Print out mysql queries to see if any errors in expression.</li>
		<li>Run mysql queries in client or separate ap (like Workbench) to test result set and query variations.</li>
		<li>Double check database permissions and user information are compatible.</li>
		<li>Step away from the machine.</li>
		</ul></p>'
	),
	2 => array(
		'q'=>'What are the two ways of passing values to a PHP script (aside from user input)?',
		'a'=>'<p>The programmer can pass values to a php script as a query string appended to the url or through a form as a 
		hidden field value. Two other methods not yet discussed are through cookies and session variables.</p>'
	),
	3 => array(
		'q'=>'What security measures do the delete_user.php and edit_user.php scripts take to prevent malicious or accidental deletions?',
		'a'=>'<p>The delete_user script requires additional user confirmation before deletion. They both validate the user_id is a numeric value.
		 Any values are run through mysqli_real_escape_string() before they are inserted into the database. The php script also reinforces the 
		 MYSQL rules for unique indexes on the email field.</p>'
	),
	4 => array(
		'q'=>'Why is it safe to use the $id value in queries without running it through mysqli_real_escape_string() first?',
		'a'=>'<p>The id value has been checked as numeric - so it is not a string and therefore does not need to be escaped.</p>'
	),
	5 => array(
		'q'=>'In what situation will the mysqli_affected_rows() function return a false negative (i.e., report that no records were affected 
			despite the fact that the query ran without error)?',
		'a'=>'<p>mysqli_affected_rows() returns an integer greater than zero matching the number of rows affected or retrieved. Zero indicates 
		that no records were updated for an UPDATE statement, no rows matched the WHERE clause in the query or that no query has yet 
		been executed. -1 indicates that the query returned an error.</p>'
	),
	6 => array(
		'q'=>'What is the ternary operator? How is it used?',
		'a'=>'<p>Ternary operator logic is the process of using "(condition) ? (true return value) : (false return value)" 
		statements to shorten your if/else structures.</p>'
	),
	7 => array(
		'q'=>'What two values are required to properly paginate query results?',
		'a'=>'<p>To properly paginate query results - you must set the <b>LIMIT start, duration</b> values of your query. Start corresponds to the 
		record index to begin from, duration indicates the number of results to return from that point forward. By issueing subsequent queries with the
		same parameters but changes in the limit - you can retrieve your results in a bite size, orderly manner.</p>'
	),
	8 => array(
		'q'=>'How do you alter a query so that its results are paginated?',
		'a'=>'<p>By setting the LIMIT clause to return subsets of the query you can paginate the results.</p>'
	),
	9 => array(
		'q'=>'If a paginated query is based upon additional criteria (beyond those used in a LIMIT clause), what would happen if those 
		criteria are not also passed along in every pagination link?',
		'a'=>'<p>The query used must be exactly the same on each subsequent call. Only alter the Limit clause, otherwise the subset will contain 
		different data entirely, not a subset of the larger query result.</p>'
	),
	10 => array(
		'q'=>'Why is it important not to directly use the value of $_GET[\'sort\']in a query?',
		'a'=>'<p>Any $_GET value can be altered by the user and should not be trusted. By limiting the values of $_GET to only a few acceptable
		options, you prevent intentional/accidental malicious code from entering your script.</p>'
	),
	11 => array(
		'q'=>'Why is it important to pass the sorting value along in each pagination link?',
		'a'=>'<p>The sorting value is used in each query call to format the results in the ORDER BY clause. If omitted, your results and pagination
		will no longer be consistent.</p>'
	)
);
include('templates/review.php');

Includes

Includes

PHP Percolate 6

Chapter 10 - Review