Scribd
Upload
5 views24 pages

Lecture 9 - More On PHP and SQL

The document provides an overview of advanced features for dynamic web development using PHP and SQL, focusing on sending values to scripts, handling form submissions with GET and POST methods, and updating or deleting records in a database. It includes code examples for creating forms, retrieving user data, and managing user records through edit and delete functionalities. Additionally, it highlights the differences between GET and POST methods, as well as best practices for handling user input securely.

Uploaded by

Pele Mpele
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
5 views24 pages

Lecture 9 - More On PHP and SQL

The document provides an overview of advanced features for dynamic web development using PHP and SQL, focusing on sending values to scripts, handling form submissions with GET and POST methods, and updating or deleting records in a database. It includes code examples for creating forms, retrieving user data, and managing user records through edit and delete functionalities. Additionally, it highlights the differences between GET and POST methods, as well as best practices for handling user input securely.

Uploaded by

Pele Mpele
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 24

DYNAMIC WEB DEVELOPMENT

MORE ON PHP AND SQL

Dr. Basel Almourad


GOALS
 Learn some advanced feature for creating dynamic web
sites…...

OUTLINE
1. Sending values to a script
2. GET & POST
3. Using hidden form inputs
4. Editing existing records
5. Q & A
SENDING VALUES TO A
SCRIPT

<input type="hidden" name="do" value="this" />

www.example.com/page.php?do=this
RETRIEVING SUBMITTED DATA
(USING POST) - REVISITED

<html> • To build a form, you must


<head> have at least the following
<title>Form Test</title> elements:
</head>
<body> • An opening <form> and
<form method="post" action="handle_form.php"> closing </form> tag.
Name: <input type="text" name="name">
Department: <input type="text" name=“dept"> • A submission type
<input type="submit“ value=“submit”>
specifying either a GET or
</form> POST method.
</body>
</html> • One or more input fields.

• The destination URL to


which the form data is to be
submitted.
CONT.,
<?php
• We used the “POST” method to
if(isset($_POST['name'])) send the data the user entered to
$name=$_POST['name']; the page “handle_form.php”
else
$name="Not entered"; • Hence, the data is temporarily
received in the $_POST array
if(isset($_POST[‘dept']))
(which is a global associative array
$dept=$_POST[‘dept'];
else
in PHP).
$dept="Not entered";
• We can now access the data. It
should be in the $_POST array
echo "Name: $name";

echo “Department: $dept"; handle_form.php could be


separate file or integrated with the
?> form
GETTING DATA USING
GET
• One of the ways to send data to the server is to use the GET method.

• We can send information via GET using the URL parameters. For instance, in
the image above, we are sending these two pieces of information to the server:
name ==> “Sam”, dept ==> “computer science”
• The information passed via the URL parameters are stored in the $_GET array
temporarily.
• $_GET is an associative array that is a global variable.
• Information sent from a form with the GET method is visible to everyone (all
variable names and values are displayed in the URL).
• GET also has limits on the amount of information to send. The limitation is about
2000 characters. However, because the variables are displayed in the URL, it is
possible to bookmark the page. This can be useful in some cases.
• GET may be used for sending non-sensitive data.
<?php
• isset tells us whether a
variable exists.
if(isset($_GET['name'])){ //does the variable
$_GET['name'] exist?
• The first if statement checks
echo "Name: ".$_GET['name']."<br>"; whether a value for the
} “name” parameter has been
passed in the URL.
if(isset($_GET['dept'])){ //does the variable
$_GET['dept'] exist?
echo "Department: ".$_GET['dept']."<br>"; • The second if statement
} checks whether a value for
?>
the “name” parameter has
been passed in the URL.
GET VS POST
GET POST
Type of data Associative array ($_GET) Associative array ($_POST)
Key: URL parameter name Key: form element name
Value: URL parameter value Value: the values the user enter

Visibility of data visible to everyone (all variable invisible to others (all names/values
names and values are displayed are embedded within the body of the
in the URL). HTTP request)
Limitations 2000 characters. no limits on the amount of information
to send.
Uploading files? No Yes

Should it be No Yes
used to send
sensitive data?
UPDATE RECORDS FROM
DATABASE: REVISITED
 The easiest way for updating/deleting records is to
first display the records and add for each an
update and a delete button/link
alleviates user from remembering which record to
delete/update
Avoids mistakes

 Example
VIEW_USERS10_1.PHP
Change the Query:
• First Name & Last name are separate
• User_id is included

$q = "SELECT last_name, first_name,


DATE_FORMAT(registration_date, '%M %d, %Y') AS dr,
user_id FROM users ORDER BY registration_date ASC";

$r = @mysqli_query($dbc, $q);
$num = mysqli_num_rows($r);
UPDATE/DELETE RECORDS
FROM DATABASE:

View_users10_1.php
…..
while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) {
echo '<tr>
<td align="left"><a href="edit_user.php?id=' . $row['user_id'] . '">Edit</a></td>
<td align="left"><a href="delete_user.php?id=' . $row['user_id'] . '">Delete</a></td>
<td align="left">' . $row['last_name'] . '</td>
<td align="left">' . $row['first_name'] . '</td>
<td align="left">' . $row['dr'] . '</td>
Sending $row[‘user_id’]
</tr> values to a edit_user &
'; delete_user scripts

}
EDIT_USER.PHP
CHECK FOR A VALID USER ID,
THROUGH GET OR POST:
 How Edit_user script can get a given user record using user_id
Edit_user.php
…..
// Check for a valid user ID, through GET or POST:
if ( (isset($_GET['id'])) && (is_numeric($_GET['id'])) ) { // From view_users10_1.php
$id = $_GET['id'];
} elseif ( (isset($_POST['id'])) && (is_numeric($_POST['id'])) ) { // Form submission.
$id = $_POST['id'];
} else { // No valid ID, kill the script.
echo '<p class="error">This page has been accessed in error.</p>';
include ('includes/header.inc');
exit(); Will be needed by the Form
}
RETRIEVE THE USER'S
INFORMATION

Edit_user.php
…..
// Retrieve the user's information:
$q = "SELECT first_name, last_name, email FROM users WHERE user_id=$id";
$r = @mysqli_query($dbc, $q);

if (mysqli_num_rows($r) == 1) { // Valid user ID, show the form.

Check if the user $id is exist


// Get the user's information:
$row = mysqli_fetch_array($r, MYSQLI_NUM);

Show the form with user $id


existing data in form (next Page)
CREATE THE FORM

Edit_user.php
…..
echo '<form action="edit_user.php" method="post">
<p>First Name: <input type="text" name="first_name" size="15" maxlength="15" value="' . $row[0] . '"></p>
<p>Last Name: <input type="text" name="last_name" size="15" maxlength="30" value="' . $row[1] . '"></p>
<p>Email Address: <input type="email" name="email" size="20" maxlength="60" value="' . $row[2] . '"> </p>
<p><input type="submit" name="submit" value="Submit"></p>
<input type="hidden" name="id" value="' . $id . '">
</form>';

} else { // Not a valid user ID.


Need hidden filed to hold
echo '<p class="error">This page has been accessed in error.</p>';user id so it can be pick up
}
by $_POST['id’]
UPDATING THE RECORD
Edit_user.php
…..
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
….. Check for Form entry errors
$q = "SELECT user_id FROM users WHERE email='$e' AND user_id != $id";
$r = @mysqli_query($dbc, $q); Test for unique email address

if (mysqli_num_rows($r) == 0) {
$q = "UPDATE users SET first_name='$fn', last_name='$ln’, email='$e' WHERE user_id=$id LIMIT 1";
$r = @mysqli_query($dbc, $q);
if (mysqli_affected_rows($dbc) == 1) { // If it ran OK.
echo '<p>The user has been edited.</p>';
} else { // If it did not run OK.
echo '<p>The user could not be edited</p>';
}
} else { // Already registered.
echo '<p>The email address has already bee registered.</p>’;
} ……
DELETE RECORDS FROM
DATABASE:

View_users10_1.php
…..
while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) {
echo '<tr>
<td align="left"><a href="edit_user.php?id=' . $row['user_id'] . '">Edit</a></td>
<td align="left"><a href="delete_user.php?id=' . $row['user_id'] . '">Delete</a></td>
<td align="left">' . $row['last_name'] . '</td>
<td align="left">' . $row['first_name'] . '</td>
<td align="left">' . $row['dr'] . '</td>
Sending $row[‘user_id’]
</tr> values to a edit_user &
'; delete_user scripts

}
DELETE_USER.PHP
CHECK FOR A VALID USER ID,
THROUGH GET OR POST:
 How delete_user script can get a given user record using user_id
delete_user.php
…..
// Check for a valid user ID, through GET or POST:
if ( (isset($_GET['id'])) && (is_numeric($_GET['id'])) ) { // From view_users10_1.php
$id = $_GET['id'];
} elseif ( (isset($_POST['id'])) && (is_numeric($_POST['id'])) ) { // Form submission.
$id = $_POST['id'];
} else { // No valid ID, kill the script.
echo '<p class="error">This page has been accessed in error.</p>';
include ('includes/header.inc');
exit(); Will be needed by the Form
}
RETRIEVE THE USER'S
INFORMATION

delete_user.php
…..
$q = "SELECT CONCAT(last_name, ', ', first_name) FROM users WHERE user_id=$id";
$r = @mysqli_query($dbc, $q);

if (mysqli_num_rows($r) == 1) { // Valid user ID, show the form.

// Get the user's information:


Check if the user $id is exist
$row = mysqli_fetch_array($r, MYSQLI_NUM);

Show the form with user $id


existing data in form (next Page)
CREATE THE FORM

delete_user.php
…..// Display the record being deleted:
echo "<h3>Name: $row[0]</h3>
Are you sure you want to delete this user?";
// Create the form:
echo '<form action="delete_user.php" method="post">
<input type="radio" name="sure" value="Yes"> Yes
<input type="radio" name="sure" value="No" checked="checked"> No
<input type="submit" name="submit" value="Submit">
<input type="hidden" name="id" value="' . $id . '">
</form>';
Need hidden filed to hold
} else { // Not a valid user ID. user id so it can be pick up
echo '<p>This page has been accessed in error.</p>';
by $_POST['id’]
DELETING THE RECORD
delete_user.php
….. // Check if the form has been submitted:
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($_POST['sure'] == 'Yes') { // Delete the record.
// Make the query:
$q = "DELETE FROM users WHERE user_id=$id LIMIT 1";
Test for unique email address
$r = @mysqli_query($dbc, $q);
if (mysqli_affected_rows($dbc) == 1) { // If it ran OK.
echo '<p>The user has been deleted.</p>';
} else { // If the query did not run OK.
echo '<p>The user could not be deleted due to a system error.</p>'; // Public message.
}
} else { // No confirmation of deletion.
echo '<p>The user has NOT been deleted.</p>';
}

} else { // Show the form. ……


ANY QUESTIONS?

23
REFERENCES AND MORE READING
• Book
• Chapter 10: Common Programming Techniques

• W3School
• https://www.w3schools.com/php/func_math_ceil.asp
• http://php.net/manual/en/class.mysqli-stmt.php

24

You might also like