A Whole Application
Workshop Requirements
Before beginning this workshop ensure that you have the ability to upload PHP files to a PHP enabled webserver that has a MySQL database server also. See Setting Up a Server for details on how to install one if you don't already have access.
You should also have completed the following Virtual Workshops:
- PHP Web Databases - Part 1
- PHP Web Databases - Part 2
- PHP Web Databases - Part 3
- PHP Web Databases - Part 4
- PHP Web Databases - Part 5
- The MySQL Series of Workshops
You should also have some experience with HTML programming.
The Final Stretch
In the past five workshops we have introduced PHP and begun to build a web interface for our database. In order to have a fully functioning database application, we still need to create ways to add new data, new copies and delete any records that we don't want. Thus we have 4 functions to implement.
- Add new cd data
- Display blank form fields for new data
- Insert new data into the database
- Add a new copies
- Count Copies
- Add Copy
- Delete copy
- Get Available Copies
- Delete Copy
This workshop will be fairly short as we begin to see the advantages of creating several of the functions, allowing us to reuse code. First we will adapt our if statement to check for new values in the submit button.
if (!$_REQUEST['Submit']) {
html_form();
} elseif ($_REQUEST['Submit'] == "ViewCds") {
select_cd();
} elseif ($_REQUEST['Submit'] == "Edit") {
get_data();
} elseif ($_REQUEST['Submit'] == "Update") {
update_cds();
} elseif ($_REQUEST['Submit'] == "AddCopy") {
add_copy();
} elseif ($_REQUEST['Submit'] == "NewCd") {
add_new();
} elseif ($_REQUEST['Submit'] == "InsertCd") {
insert_record();
} elseif ($_REQUEST['Submit'] == "DeleteCopy") {
delete_copy();
}
Adding a Copy
We must create the code required to add more copies before creating the 'add new data' functions, because we want to be able to add copies to existing releases and specify how many copies to add to the database when adding new releases. We can use an MySQL statement selects the rows that contain the releaseID in the cds_bought table. Then the mysql_num_rows() function to counts the number of occurrences.
First we are going to add a piece of code to our get_data() function (existing extract in black) that will create another form below the existing release information form telling us how many copies there are, that will allow a user to add a copy.
</tr>
</table>
</form>";
/* Second SQL query to Count the number of copies*/
$sql_count = "SELECT * FROM cds_bought WHERE cds_bought.releaseID =" . $_REQUEST['releaseID'];
/* Passes count query to database */
$result_count = @mysql_query($sql_count, $conn);
if (!$result_count) {
echo("<p>Error performing query: " . mysql_error() . "</p>");
exit();
}
/* Counts the number of rows (therefore copies) */
$count = mysql_num_rows($result_count);
/* If statement to check singular and correct grammer ;-) */
if ($count != 1) {
print "<p>There are $count copies of this CD</p>";
} else {
print "<p>There is $count copy of this CD</p>";
}
/* starts form to add a copy */
print "<form name=\"Copies\" method=\"post\" action=\"$_SERVER[PHP_SELF]\">";
/* prints hidden fields to store values needed by the add_copy() function */
print "<input type=\"hidden\" name=\"releaseID\" value=\"$row[releaseID]\" />\n
<input type=\"hidden\" name=\"artist\" value=\"$row[Artist]\" />\n
<input type=\"hidden\" name=\"title\" value=\"$row[Title]\" />\n
<input type=\"hidden\" name=\"existing_copies\" value=\"$count\" />\n";
/* prints dropdown menu with number of copies to add */
print "<p>Add <select name=\"copies\" id=\"copies\">
<option value=\"1\">1</option>
<option value=\"2\">2</option>
<option value=\"3\">3</option>
<option value=\"4\">4</option>
<option value=\"5\">5</option>
<option value=\"6\">6</option>
<option value=\"7\">7</option>
<option value=\"8\">8</option>
<option value=\"9\">9</option>
</select>
Copies ";
/* prints submit button */
print "<input type=\"submit\" name=\"Submit\" value=\"AddCopy\" /></p>";
/* closes form */
print "</form>";
} else {
echo("There has been an error" . mysql_error());
}
/* closes connection */
mysql_close ($conn);
}
Next we need to create a function called add_copy() except this time we are going to look at having a default value in a function that may or may not be overridden by a value passed when the function is called.
Passing Variables to a Function
Imagine that we want to give two values to a function to use (e.g. $first = keith and $sec = brown). We declare the variable names as part of the function definition.
function my_new_funk($first, $sec)
This means that when we call this function the first value is assigned to $first and the second to $sec.
my_new_funk("keith", "brown");
And within the function these could be used:
echo($first $sec);
In the add_copy() function we want to pass the number of copies to be added (or alternatively have a default value of 1) and the releaseID. Thus we create the function like so:
function add_copy($no_copies='1',$releaseID) {
echo $no_copies . " " . $releaseID;
}
Thus we have specified the default value of 1 if no other value is passed, and also echoed the result (for debugging) and the releaseID. If you save the script and test it by clicking the AddCopy button we created above on the edit page, you should see the number 1 displayed (but no releaseID). Next replace:
} elseif ($_REQUEST['Submit'] == "AddCopy") {
add_copy();
In the initial submit checking code with:
if ($_REQUEST['copies']) {
add_copy($_REQUEST['copies'],$_REQUEST['releaseID']);
} else {
add_copy();
}
Which checks to see if there has been a number of copies passed to the script from a form, passing that value to the add_copy() function, and if not calls the function without passing a value.
Adding Copies
The next step is to add some meaningful functionality to the add_copy() function that will add our copies to the cds_bought table that has the following structure.
mysql> describe cds_bought; +-----------+--------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +-----------+--------+------+-----+---------+----------------+ | cdID | int(4) | | PRI | NULL | auto_increment | | releaseID | int(4) | | | 0 | | | copy | int(2) | | | 0 | | +-----------+--------+------+-----+---------+----------------+ 3 rows in set (0.00 sec)
First we need a loop that for each copy requested, will make an entry in the cds_bought table entering the releaseID and copy.
function add_copy($no_copies='1',$releaseID) {
$count = 1;
/* Loop for each copy required */
while ($count <= $no_copies) {
print "$count<br /> \n";
$count += 1;
}
}
As long as the variable $count (which starts with a value of 1) is less than or equal to the number of copies to be added ($no_copies) then the $count value will be echoed (is is probably worth adding about 4 or 5 cds just to test things). We will replace this echoed value with database interactions later. Again save and test this addition to the script. Next we construct the SQL statement (using the passed releaseID) that we will use to enter the details of the copy and print that to check that the statements that are generated are correct:
while ($count <= $no_copies) {
/* sql statement to insert the releaseID and copy into the cds_bought
table (the releaseID will be generated automatically) */
$sql_copy = "INSERT INTO cds_bought VALUES ('?', '$releaseID',";
$sql_copy .= "'" . ($count + $_REQUEST['existing_copies']) . "')";
print "$sql_copy<br />";
$count += 1;
}
NOTE: To achieve the correct copy number for each statement we add the number of copies stored in the hidden field to the $count variable.
Connecting to the database and passing the query are standard now, but what is new is using the mysql_insert_id() function that retrieves the value of the AUTO_INCREMENTing field of the record that has just been entered. This will allow us to give this unique ID back to the user to attach to the physical CD. Thus we result in an add_copy() function that looks like so.
function add_copy($no_copies='1',$releaseID) {
/* Sets connection and $count variable */
$conn = my_conn();
$count = 1;
/* Loop for each copy required */
while ($count <= $no_copies) {
/* sql statement to insert the releaseID and copy into the cds_bought
table (the releaseID will be generated automatically) */
$sql_copy = "INSERT INTO cds_bought VALUES ('?', '$releaseID',";
$sql_copy .= "'" . ($count + $_REQUEST['existing_copies']) . "')";
/* Passes query */
$result_copy = @mysql_query($sql_copy, $conn);
/* Checks for error */
if (!$result_copy) {
echo("<p>Error performing query: " . mysql_error() . "</p>");
exit();
}
/* Increases count */
$count += 1;
}
}
Again should this work flawlessly and once it does we can just add a call to the get_data() function below the close connection code to display details of the cd and number of copies. We only want this call to be made however if a $_REQUEST['releaseID'] exists. This is important as the add_new() function below will use this function, but that process generates it's own form and releaseID.
/* Closes Connection */
mysql_close ($conn);
/* Checks if $_REQUEST['releaseID'] exists */
if ($_REQUEST['releaseID']) {
get_data();
}
Other Buttons for Other Functions
Before continuing we need to create the other buttons that will trigger the remaining functions we are about to create.
First add a 'NewCd' button to our html_form() function next to the 'Viewcds' button.
<input type="submit" name="Submit" value="ViewCds" />
<input type="submit" name="Submit" value="NewCd" />
We also need to add the 'NewCd' button to the get_data() function.
<input type=\"submit\" name=\"Submit\" value=\"Update\" /><br />
<input type=\"submit\" name=\"Submit\" value=\"Delete\" /><br />
<input type=\"submit\" name=\"Submit\" value=\"NewCd\" />
A blank form for the user
As we saw above, the first part of adding new cds is to display a blank form. This is almost identical to the code used in the get_data function, except we don't need to retrieve the data to be put in the form and we want to add a 'No. of copies' field.
function add_new() {
print "<h4>Add New CD</h4>";
/* prints out our HTML form 'escaping' any double quotes '\"' */
print "<form name=\"CDs\" method=\"post\" action=\"$_SERVER[PHP_SELF]\">
<table width=\"600\">
<tr>
<td width=\"150\"><strong>Artist</strong></td>
<td width=\"350\"><input type=\"text\" name=\"artist\"></td>
<td rowspan=\"5\" valign=\"top\"><input type=\"submit\" name=\"Submit\" value=\"InsertCd\">
</td>
</tr>
<tr>
<td width=\"150\"><strong>Title</strong></td>
<td width=\"350\"><input type=\"text\" name=\"title\"></td>
</tr>
<tr>
<td width=\"150\"><strong>Year</strong></td>
<td width=\"350\"><input type=\"text\" name=\"year\"></td>
</tr>
<tr>
<td width=\"150\"><strong>Label</strong></td>
<td width=\"350\"><input type=\"text\" name=\"label\"></td>
</tr>
<tr>
<td width=\"150\"><strong>Tracks</strong></td>
<td width=\"350\"><input type=\"text\" name=\"tracks\"></td>
</tr>
<tr>
<td width=\"150\"><strong>No. of Copies</strong></td>
<td width=\"350\"><select name=\"copies\" id=\"copies\">
<option value=\"1\">1</option>
<option value=\"2\">2</option>
<option value=\"3\">3</option>
<option value=\"4\">4</option>
<option value=\"5\">5</option>
<option value=\"6\">6</option>
<option value=\"7\">7</option>
<option value=\"8\">8</option>
<option value=\"9\">9</option>
</select></td>
</tr>
</table>
</form>";
}
The Insert Function
In this function we are going to do three things. First we are going to check that the user has filled out all the form fields, and if not, return the form with some of the fields filled out. Secondly we need to execute an SQL statement to insert the data, and finally we need to return the form for the user to update or delete the data.
There are a few things for us to note here. Returning the form with data present in the fields is very similar to our get_data() function, and under other circumstances we may wish to adapt it to accept variables from this function. We do not wish to carry that out at this stage though. However, we will show a form to the user (either fully or partially completed), with the difference being the buttons offered. Thus we will create a condition that will print different buttons depending on whether all fields have been completed. Only when all fields have been completed will the SQL statement be executed.
To check if the fields are empty we are going to use a while loop to retiree all the field names and values, then PHP's built in empty() function with an if statement to check that all fields have values. Again the code is annotated.
function insert_record() {
/* makes connection */
$conn = my_conn();
/* sets an $allfilled variable to true. if any fields are empty
this will be set to false below */
$allfilled = "true";
/* Splits each variable into name and values to be used in a while loop */
while(list($name, $value) = each($_REQUEST)) {
/* Ignore the submit value else carry on */
if ($name != "Submit") {
/* Checks if there is a value */
if (empty($value)) {
/* Makes the name of the field Uppercase first letter */
$missing = ucfirst($name);
/* Gives missing message to the user */
echo "<p>Please Fill out the '$missing' Field</p>";
/* Sets $allfilled variable to false */
$allfilled = "false";
}
}
}
/* Checks status of the $allfilled variable */
if ($allfilled == "true") {
/* Executes Insert Query (with error checking) */
$sql_insert = "INSERT INTO cd_releases VALUES";
$sql_insert .= "('?', '$_REQUEST[artist]', '$_REQUEST[title]', '$_REQUEST[year]', ";
$sql_insert .= "'$_REQUEST[label]', '$_REQUEST[tracks]')";
$result = mysql_query($sql_insert, $conn);
if (!$result) {
echo("<p>Error performing query: " . mysql_error() . "</p>");
exit();
}
/* Gets the releaseID using the mysql_insert_id() */
$releaseID = mysql_insert_id();
/* Calls Insert copies function to insert copies */
add_copy($_REQUEST['copies'],$releaseID);
/* starts printing table with values and buttons appropirate for editing
which should result in the same table as the get_data() function */
print "<form name=\"CDs\" method=\"post\" action=\"$_SERVER[PHP_SELF]\">
<table width=\"600\">
<tr>
<td width=\"150\"><strong>releaseID</strong></td>
<td width=\"350\"><input type=\"text\" name=\"releaseID\" value=\"$releaseID\"></td>
<td rowspan=\"6\" valign=\"top\">
<input type=\"submit\" name=\"Submit\" value=\"Update\">
<br><input type=\"submit\" name=\"Submit\" value=\"Delete\">
<br><input type=\"submit\" name=\"Submit\" value=\"NewCd\"></td>
</tr>
<tr>
<td width=\"150\"><strong>Artist</strong></td>
<td width=\"350\"><input type=\"text\" name=\"artist\" value=\"$_REQUEST[artist]\"></td>
</tr>
";
} elseif ($allfilled == "false") {
/* print out the form to be the same as add_new() except with
non-empty fields filled */
print "<form name=\"CDs\" method=\"post\" action=\"$_SERVER[PHP_SELF]\">
<table width=\"600\">
<tr>
<td width=\"150\"><strong>Artist</strong></td>
<td width=\"350\"><input type=\"text\" name=\"artist\" value=\"$_REQUEST[artist]\"></td>
<td rowspan=\"5\" valign=\"top\"><input type=\"submit\" name=\"Submit\" value=\"InsertCd\">
</td>
</tr>";
}
/* Print the parts of the form which are the same for both,
if a field has been filled out it the value will appear */
print "<tr>
<td width=\"150\"><strong>Title</strong></td>
<td width=\"350\"><input type=\"text\" name=\"title\" value=\"$_REQUEST[title]\"></td>
</tr>
<tr>
<td width=\"150\"><strong>Year</strong></td>
<td width=\"350\"><input type=\"text\" name=\"year\" value=\"$_REQUEST[year]\"></td>
</tr>
<tr>
<td width=\"150\"><strong>Label</strong></td>
<td width=\"350\"><input type=\"text\" name=\"label\" value=\"$_REQUEST[label]\"></td>
</tr>
<tr>
<td width=\"150\"><strong>Tracks</strong></td>
<td width=\"350\"><input type=\"text\" name=\"tracks\" value=\"$_REQUEST[tracks]\"></td>
</tr>";
/* Filling out the passed value in 'copies' by using a
while loop and if statement */
print "<tr>
<td width=\"150\"><strong>No. of Copies</strong></td>
<td width=\"350\"><select name=\"copies\" id=\"copies\">";
$count = 1;
while ($count < 10) {
if ($count == $_REQUEST[copies]) {
print "<option value=\"$count\" selected=\"selected\">$count</option>";
} else {
print "<option value=\"$count\">$count</option>";
}
$count += 1;
}
/* prints end of form */
print "
</select></td>
</tr>
</table>
</form>";
/* prints add copy form if all fields have been filled and thus
statement executed */
if ($allfilled == "true") {
print "<form name=\"Copies\" method=\"post\" action=\"$_SERVER[PHP_SELF]\">";
/* prints hidden fields to store values needed by the add_copy() function */
print "<input type=\"hidden\" name=\"releaseID\" value=\"$releaseID\" />\n
<input type=\"hidden\" name=\"artist\" value=\"$_REQUEST[artist]\" />\n
<input type=\"hidden\" name=\"title\" value=\"$_REQUEST[title]\" />\n
<input type=\"hidden\" name=\"existing_copies\" value=\"$_REQUEST[copies]\" />\n";
/* prints dropdown menu with number of copies to add */
print "<p>Add <select name=\"copies\" id=\"copies\">
<option value=\"1\">1</option>
<option value=\"2\">2</option>
<option value=\"3\">3</option>
<option value=\"4\">4</option>
<option value=\"5\">5</option>
<option value=\"6\">6</option>
<option value=\"7\">7</option>
<option value=\"8\">8</option>
<option value=\"9\">9</option>
</select>
Copies ";
/* prints submit button */
print "<input type=\"submit\" name=\"Submit\" value=\"AddCopy\" /></p>";
/* closes form */
print "</form>";
}
/* Closes Connection */
mysql_close ($conn);
}
Also note that we have included a while loop and an if statement to print out the number of copies selected when the form is returned to the user. We also print out the Add Copy form and further note again the use of the mysql_insert_id() function that retrieves the unique ID of the newly inserted data.
Deleting Copies
Deleting copies is again a 2 stage first process. We will first create a function - get_copies() - and then call then function were we want the copies to be displayed (in the get_data() and insert_cd() functions). Then another delete_copy() function
Modifying Script Again
This time we have to add calls to the the get_copies() function from the get_date() function:
} else {
echo("There has been an error" . mysql_error());
}
/* closes connection */
mysql_close ($conn);
get_copies($_REQUEST['releaseID']);
and the insert_cd() function:
print "</form>";
}
/* closes connection */
mysql_close ($conn);
get_copies($releaseID);
Retrieving Copy information
The data we need to retrieve with the get_copies() function is stored in the cds_bought table (cdID) which we can be achieved using the releaseID to match all copies, similar to counting the copies above. Only this time we will display all the copies and their cdID as well as print a delete link that will use the GET method to pass the cdID to the delete_copy() funciton.
NOTE: The delete link contains the cdID AND the releaseID as the latter will be required by the delete_copy() function below
function get_copies($cdreleaseID) {
/* makes connection */
$conn = my_conn();
/* Creates SQL statement to retrieve the copies using the releaseID */
$sql_copies = "SELECT * FROM cds_bought WHERE cds_bought.releaseID =" . $cdreleaseID;
/* Passes count query to database */
$result_copies = @mysql_query($sql_copies, $conn);
if (!$result_copies) {
echo("<p>Error performing query: " . mysql_error() . "</p>");
exit();
}
/* Starts printing table with data.*/
print "
<h4>Copy Details</h4>
<table width=\"300\">
<tr>
<td><b>Copy Number</b></td>
<td><b>cdID</b></td>
<td></td>
</tr>
";
/* Sets current_copy variable start value*/
$current_copy = 1;
/* While loop printing out each row */
while ($row = mysql_fetch_array($result_copies, MYSQL_ASSOC)) {
print "<tr>
<td>$current_copy</td>"; // the copy number which will increase with each record retrieved
print "<td>$row[cdID]</td>"; // the cdID
/* Final cell in the row prints the delete link using a
similar technique to the edit button above */
print " print "<td><a href="$_SERVER[PHP_SELF]?cdID=$row[cdID]&releaseID=$cdreleaseID&Submit=DeleteCopy\">
Delete Copy</a></td>
</tr>";
/* increases current_copy variable by one */
$current_copy += 1;
}
/* Closes Table */
print "</table>";
/* Closes Connection */
mysql_close ($conn);
}
Deleting the copy.
This is a simplier fucntion that uses an SQL statement to delete a record in the cds_bought table based on the cdID, then call the get_copy() function (which need the releaseID and why we included it in the URL string).
function delete_copy() {
/* makes connection */
$conn = my_conn();
/* Creates SQL statement to retrieve the copies using the releaseID */
$sql_delete = "DELETE FROM cds_bought WHERE cds_bought.cdID =" . $_REQUEST['cdID'];
/* Passes count query to database */
$result_delete = @mysql_query($sql_delete, $conn);
if (!$result_delete) {
echo("<p>Error performing query: " . mysql_error() . "</p>");
exit();
}
echo "<p>Copy Successfully deleted</p>";
/* Closes connection */
mysql_close ($conn);
/* calls get_data */
get_data();
}
Tidying Up
Before we leave PHP / databases and the whole malarky, we need to just review things slightly and look to see if there is anything that could be done slightly differently (and arguably better), but haven't due to this being a learning exercise. A couple stand out.
Include Files
We have seen the usefulness of being able to reuse code as part of functions. This has led to a long file that may be difficult to debug. Another approach would have been to have smaller files that did more specific things (eg update.php, delete.php, insert.php etc). We could have still reused certain functions by putting those shared pieces of code into another separate file and then including it within the other scripts.
To illustrate this principle we are going to make a simple footer.php file that prints out the date and author, and include it in our cds.php file at the end. This will then be included on every page regardless of which fucntion's are called. Create a new file called footer.php and put the following code in it:
<?php
print "
<h5>Made from a Virtual Workshop by Keith Brown. The
time is ";
echo date ("l dS of F Y h:i:s A");
print "</h5>";
?>
The codes in the date function determine how the date is displayed in a similar manner to SSI and the full listing can be found on the PHP site. Next we want to add an include line at the end of our cds.php script, below the delete_copy() function.
include 'footer.php';
Save the file and upload BOTH to the server and when you now look at your database you should see that the included file is treated exactly the same as if it was in the script at the point.
Connections
Looking at our script, almost every function opens and closes a connection to the mysql server, while there is nothing wrong with this, under a heavy load this maybe a problem and you should possibly look at using SESSIONS and the mysql_pconnect() (p stands for persistent) to maintain variables and connections etc across an entire user session. I plan to write a Virtual Workshop covering this exact topic sometime in the future. Until then this warning will hopefully be enough of a pointer in the right direction.
Conclusion
At the end of the first six parts of this series of workshops to construct simple web based databases. There is still a lot that can be done such as sessions or user authentication. These topics will be covered at some point in the future, but for now if you have a problem or a question (or even a nice positive comment) leave a message below and I'll get back to you.
Lastest 10 Threads - view all
Thanks
Posted By: Lawrence at 07:46:52 on Monday the 22nd of August 2005
thanx for ur update code. It worked and i had failed with other sites. However, how do i add more fields especially for those fields in lower case like 'year', 'title'. God Bless and keep it up.
Stuck due to error in your code...
Posted By: JW at 20:33:57 on Tuesday the 15th of February 2005
There's an error in your code in the function get_copies. The error deals with the 3rd PRINT statement inside your while loop. You can visually see the error (a parse error I do believe) on this web page. Can you please update the code? BTW, thanks a million for your efforts. This is great stuff!
Refresh Button in Browser
Posted By: Mish at 19:05:33 on Wednesday the 29th of December 2004
Hi Keith! I have payed attention that after successful executing of the add_copy() function through the "AddCopy" button in application, if you use browser "REFRESH" button, the function will be executed again and will add new copy to the cds_bought table without any INCREMENT in 'copy' field. While that fact doesn't have too much impact in proceeding retrieve,access or even update functions, it is most significant in functions that are dealing with adding new data to database. Q.: How can we eliminate or check or prevent function's executing when it invokes by "Refresh" button of browser?
Re: Refresh Button in Browser
Posted By: keith at 19:42:23 on Wednesday the 29th of December 2004
....I haven't covered SESSION variables, but you could set one of them as a 'lock' (and checking for presence of same) to ensure that a refresh doesn't add more data. You would then also have to 'unlock' the ability to add copies later.
VERY NICE ARTICLEs!
Posted By: Yuri at 21:01:13 on Saturday the 9th of October 2004
Really! You have a talant to be a teacher. Very usefull.
Great Teacher
Posted By: Marty Richey at 22:03:50 on Friday the 20th of August 2004
I teach! But most coders just write code and expect the reader to understand how obvious it all is. You do a great job in coding and teaching. Just wanted to let you know I appreciated the difference. To note is that I have never left anyone else a comment. As my students would say -- "You ROCK!"
Problem with add_copy() function
Posted By: Buddha Joe at 06:51:29 on Saturday the 17th of January 2004
I seem to be mucking things up with the add_copy() function and can't seem to resolve the issue.
What happens is as soon as I call the get_data() function by clicking on edit it displays the info twice as get_data() is also called at the end of the add_copy function if releaseID is present in the array.
Now if I actually use the add_copy() function here the database is updated and the page is displayed properly there after.
Re: Problem with add_copy() function
Posted By: Buddha Joe at 22:42:13 on Sunday the 18th of January 2004
I fixed it.. I placed that if statement in the wrong place.. I missunderstood the instructions..
Account and Password
Posted By: Albert at 10:42:09 on Saturday the 16th of August 2003
I noticed you've embedded the database account and password in the HTML codes. If I used the codes for my website, could visitors see the account/password by revealing the source codes? If yes, how do I hide the account/password? Keith, thanks for the virtual workshops!
Re: Account and Password
Posted By: keith at 12:19:00 on Saturday the 16th of August 2003
...well obviously the user/password combinations used in these workshops are not real and I've assumed that the reader would similarly change their passwords as well.
As to your question. well generally username/password combos are hidden by placing the values in a external file then including that file. This file is normally outside of the server document root so that the file cannot be served accidently as plain text, thus revealing the password. Other methods I've seen discussed (and depend on setup) include having the include files in a directory with restricted access or running PHP as a CGI application, but I think the first method is usually OK.
I haven't talked much about security in these 'novice' workshops but you should investigate field validation and SQL injection vulnerabilities (and I will probably write about them at some point).
K
Urgent Query
Posted By: Puneet Taneja at 07:23:52 on Monday the 9th of June 2003
1. How to validate a text field for only a particular input, that is, only characters or only numeric fields in a form. 2. Is there a function in php to convert any character/number entered to its corresponding ASCII value??
Re: Urgent Query
Posted By: keith at 16:01:37 on Monday the 9th of June 2003
1) Yup you can use regular expressions (which I haven't gotten around to writing about yet). See the PHP manual for more details
http://uk.php.net/manual/en/function.preg-match.php
2) Well there is the ascii() funciton, but from memory that only works with one character at a time. You could read the whole string into and array and perform the transformation that way (just off the top of my head).
date
Posted By: murugan at 13:22:16 on Wednesday the 24th of August 2005
how to check only date and month using like in mysql
Reply to this comment