nmd202 web scripting week5. what we will cover today phpmyadmin debugging – using print_r...
TRANSCRIPT
What we will cover today
PHPmyAdmin Debugging – using print_r Modifying Data PHP (cont.) 4D Methodology File and IO operations Exercises
PHPmyAdmin
MySQL has a lot of clients with GUI.
phpMyAdmin is an open source tool written in PHP intended to handle the administration of MySQL over the web.
PHPmyAdmin
Setup:
Copy the phpMyAdmin (in Xampp root folder) to document folder (xampp/htdocs)
Access it through the browser:
http://localhost/phpMyAdmin
Debug
Using print_r:$a = array ('a' => 'apple', 'b' => 'banana', 'c' => array ('x', 'y', 'z'));
echo “<pre>”;
print_r ($a);
echo “</pre>”;
Array (
[a] => apple
[b] => banana
[c] => Array (
[0] => x
[1] => y
[2] => z
)
)
Sanitize queries
mysql_real_escape_string()
This function must always be used to make data safe before sending a query to MySQL.
$query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",
mysql_real_escape_string($user),
mysql_real_escape_string($password));
Redirection
There are several ways to perform page redirection in PHP
The most common way is to send a special header to the browser:
header(‘Location:page.php’);
Headers must be sent before any information is sent to the browser, this includes any white spaces, make sure you open the php script tag in the first line of your document otherwise you will get the following error:
Warning: Cannot modify header information - headers already sent by
Ini Files
Ini files are special files where you include configuration information for your application, if you are know *nix system you are used to this format:
; This is a sample configuration file
;Comments start with ';', as in php.ini
[database]
host = localhost
username = root
password =
database = sampleDataBase
$conf = parse_ini_file($filename) loads in the ini file specified in filename , and returns the settings in it in an associative array.
Modifying Data
Insert Form:
•If form has been submitted then run the insert query (after validation) and provide feedback (optionally redirect the page to the List screen)•Draw the form action attribute should be set to $_SERVER[‘PHP_SELF’]
Modifying Data
Edit Form:
•ID of the record is passed in the querystring•If form has been submitted then run the update query (after validation) and provide feedback (optionally redirect the page to the List screen)•Draw the form with the values populated from query results
•Usually Insert and edit screen are integrated in the same PHP page
Modifying Data
Deleting Data
• Id record to delete is passed through the querystring • Query is built based on id (data should be sanitized)• Query is performed• Feedback is given to the user (optionally redirect to the list screen)
•Sometimes Delete is integrated in the list screen, using a querystring like ?task=delete&Id=25, before displaying the list record is deleted by testing if $_GET[‘task’]==“delete”
Exercise
Build a complete set of screens to insert, update, display and delete the students records.
On the display table insert two more columns with links to the delete and edit pages, providing the id of the record.
Split the logical parts into separate php files: display.php, edit.php, insert.php, delete.php, configuration.ini
Sanitize your data
4D methodology
4D Methodology is a variation of the waterfall methodology
Is a methodology that allows you to understand the system you are trying to achieve, implement it and deliver it according to the needs of a client
4D methodology
Define – Understand the requirement of the system
Design – Design the system (ER Diagrams, page navigation diagrams, templates, page description)
Develop – Implement and test the system
Deploy – Deploy the system in the client infraestructure
4D methodology
The most crucial steps in building any system is the Define and Design steps.
Failure to do so will result in a large amount of time spent in the implementation.
4D methodology
Page description:•General description of the page•How does the user comes here, where does it go from here (include parameters in querystring, ie:edit page)•Description form if any, including field labels, database field, validation rules, control type (textbox, selectbox etc)•Business rules, ie: User can only be deleted if there is no records from that user.
File and IO operations
PHP can handle all vulgar file operations including:
Read
Write
Delete
List files in folder
Change attributes (*nix chmod)
Etc
File and IO operations
Read file:
<?php// get contents of a file into a string$filename = "/usr/local/something.txt";$handle = fopen($filename, "r");$contents = fread($handle, filesize($filename));fclose($handle);?>
$filename can be a URL
File and IO operations
Write file:
<?php$fp = fopen('data.txt', 'w');fwrite($fp, '1');fwrite($fp, '23');fclose($fp);
// the content of 'data.txt' is now 123 and not 23!?>
File and IO operations
Error Handling:<?php$filename = 'test.txt';$somecontent = "Add this to the file\n";
// Let's make sure the file exists and is writable first.if (is_writable($filename)) {
// In our example we're opening $filename in append mode. // The file pointer is at the bottom of the file hence // that's where $somecontent will go when we fwrite() it. if (!$handle = fopen($filename, 'a')) { echo "Cannot open file ($filename)"; exit; }
// Write $somecontent to our opened file. if (fwrite($handle, $somecontent) === FALSE) { echo "Cannot write to file ($filename)"; exit; }
echo "Success, wrote ($somecontent) to file ($filename)";
fclose($handle);
} else { echo "The file $filename is not writable";}?>
Exercise
Create a file in a special folder /gradeLogs (maybe accessible from the student list as a link) that generates a file (in a special folder) with the current students, and their grades ie, filename should be unique (use the date function to generate unique filenames):
Luis
Maths:14
Maths2:13
-----------------------------------------------
John:15
Create another screen where you can list the files in the folder and
allow user to click and see the content file