Seguerof the VoidSydney, AustraliaRegistered Userregular
edited June 2009
You.. can do it that way. That's actually how I did my Greasemonkey script in my signature - the Javascript function that I tack on to each page actually contains part of the html that appears in the popup, but I don't suggest that.
EDIT Before I even hit reply: I think I misunderstood, you if blocks are in PHP right? That's another way you can do it, such as index.php?action=add or action=update and then in the page itself you echo/print/etc a bunch of stuff for that page.
What you're moving into is basic CRUD operations (create/read/update/delete). The page you've been working on so far is Read.
Think about it this way - if you want to update an entry, that form needs to know which entry it is updating, and you actually need to read in its data first so that you can see what was there.
As for having multiple pages you can do this a few ways - on that "Read" page you can have links that go to Update/Delete which can display forms that were hidden on that page itself to do what you want for Update, or just a delete link.
Create could go at the bottom of the page with all the form elements required to create a new entry.
What I was thinking was placing if statements inside the javascript to check for each unique id, but the way I tried didn't work. I'm not sure I understand the index.php?action=xxx route, but what I meant for having separate pages was a page for add (add.php), update (update.php), and remove/delete (remove.php). They would be small pages containing only textareas, etc. intended for the pop-up windows.
ed: I'd prefer not to have separate pages, which is why I brought it up.
guar on
0
Options
Seguerof the VoidSydney, AustraliaRegistered Userregular
edited June 2009
Did you take a look at the thickbox link?
It will do what you want - a popup containing whatever html you want, and in this case form elements.
I did, but I'd rather implement this myself than download a solution.
guar on
0
Options
Seguerof the VoidSydney, AustraliaRegistered Userregular
edited June 2009
Alright well you'd still have to do a lot yourself - all thickbox does is easily let you have a little popup. You still have to figure out what goes in the popup and how your code handles it.
Any tips on how to get started? I tried doing separate pages, but I've run into the problem of being unable to identify for which system the pop-up is being called. My code:
I used to be the same way, but it's really not necessary. Piling too much into a single file makes it much harder to maintain down the road. It really doesn't buy you any advantages.
But if you're determined to do it, you can direct page rendering by adding variables to the url, and testing for that variable in your script. That is, something like:
I'll take your advice then. Would my approach be the best for going about what I'm trying to do, or is there an easier way? When I fill in the form and submit, my database doesn't seem to reflect the changes.
Well to access variables coming in from forms you can either check the $_GET or $_POST depending on what you specify your form's method to be, or just use the catch-all $_REQUEST which includes both.
As for your one page / multiple pages I usually seperate things out onto seperate pages. A controller for a database element will consist of a page for adding / editing, one for deleting and one for browsing the contents. I find it's easier for me to maintain a bunch of small pages rather than one massive one.
You could also streamline your code from the previous page by including an switch to check for the form being submitted, and either displaying the form or processing the results, so something like add.php consisting of:
<?php
if (isset($_POST['submitter_check')) {
// perform db update
print "totally saved";
} else {
?>
<form action="add.php" method="post">
<input type="hidden" name="submitter_check" value="totallytrue" />
<!-- rest of form gubbins -->
</form>
<?php
}
?>
I'm probably not the best at explaining things, but I do this stuff for a living so the knowledge is there, buried under layers of crap.
SporkAndrew on
The one about the fucking space hairdresser and the cowboy. He's got a tinfoil pal and a pedal bin
Well to access variables coming in from forms you can either check the $_GET or $_POST depending on what you specify your form's method to be, or just use the catch-all $_REQUEST which includes both.
Bad idea, generally speaking, for security reasons. Use the correct super-global array.
you should check to see if the inputs have values, and if they're legit/properly formed before inserting them into the db. also, for the love of god, use mysql_real_escape_string().
I'm trying to do that right now, by checking to see if the comment field is empty. I guess I'm not doing it correctly, as instead of adding an entry with/without a comment, it adds one with no comment and a completely blank entry.
you should check to see if the inputs have values, and if they're legit/properly formed before inserting them into the db. also, for the love of god, use mysql_real_escape_string().
I'm trying to do that right now, by checking to see if the comment field is empty. I guess I'm not doing it correctly, as instead of adding an entry with/without a comment, it adds one with no comment and a completely blank entry.
Use "==" when checking to see if something is equal, "=" makes assignments. Right now, that code sets the comment to null, which technically returns true, so it then inserts that blank comment.
As for mysql_real_escape_string, it prevents SQL injection by escaping the data. SQL injection occurs when someone enters SQL into a text box or passes it through post data, and MySQL/any other SQL server executes that query.
I had it working, but now it won't accept anything without a comment. The only changes I've made are swapping some table parameters, but it should still accept input with a null comment field (it accepts it at the command line).
Before
mysql> describe ds;
+---------+--------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+---------+--------------+------+-----+---------+-------+
| name | varchar(127) | YES | | NULL | |
| comment | varchar(255) | YES | | NULL | |
| status | char(1) | YES | | NULL | |
+---------+--------------+------+-----+---------+-------+
3 rows in set (0.02 sec)
After
mysql> describe ds;
+---------+--------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+---------+--------------+------+-----+---------+-------+
| name | varchar(127) | NO | PRI | NULL | |
| comment | varchar(255) | YES | | NULL | |
| status | char(1) | NO | | NULL | |
+---------+--------------+------+-----+---------+-------+
3 rows in set (0.02 sec)
I don't believe sprintf can accept null as a parameter. Also, you need to ensure that the order of your parameters are correct when you query the db. It needs to match the actual table structure, so name, then comment, then status.
You don't need to check if the comment is null...an empty string will suffice. So, that way, you remove a conditional and make your code that much easier to debug.
Mmm, just in case you're interested. You had a typo in the original code. Misplaced ' that made your char field take 2 chars which can't happen. It would have worked otherwise.
Edit: And it's always a good idea to read your code before asking for help.
If I'm posting here, it's because I've gone over my code several times and I'm completely stumped. Writing code is like writing a paper, it helps to get a second (or fifth) opinion.
guar on
0
Options
Seguerof the VoidSydney, AustraliaRegistered Userregular
edited June 2009
Damn you guys, I go to sleep and holy crap a whole page goes by.
Just a few things guar:
I would use an add.php that has the form and submits (POSTs) to itself, then have code that checks the $_POST super global array to see whether a form submission occured, because you can then report errors or report success directly on the form, with the old data that was submitted.
Accessing stuff from an array (zeeny mentioned this) you have to use a ' or " to escape the literal string, so that something like $_POST[name] becomes $_POST. This is so PHP knows that name is not a function/variable/etc. PHP usually is smart enough to "figure it out", but will tell you what it assumed (if your PHP said nothing I'd check your settings, not sure which unfortunately..)
HTML Labels: If you put the input inside the Label, you don't need to use the for attribute. Useful when the label and input are directly next to each other in the source code.
I think, but I'm not sure, that the Doctype needs to be the very first line that a browser sees, so if you have PHP before it, just end the php (?>) on the same line as the Doctype.
<?php
//stuff
?><!DOCTYPE...
How have you separated out your database tables for the different consoles? Do you have a table for each console? You might want to look at having a single table and an extra column, either enum or just plain-text to describe, such as console_type. Then you just select where console_type = type of console
This would also make it easier to grab related data such as "all my unfinished games". Obviously this only works if the columns are the same in all your tables.
Dropped the tables and added my parameters to the start of index.php. OP updated with new code. I'm in the process of working on remove/delete now, which should make it easy to do update afterwards (layout-wise).
How have you separated out your database tables for the different consoles? Do you have a table for each console? You might want to look at having a single table and an extra column, either enum or just plain-text to describe, such as console_type. Then you just select where console_type = type of console
This would also make it easier to grab related data such as "all my unfinished games". Obviously this only works if the columns are the same in all your tables.
Different table for each system + columns are the same. I might consider having one table, but I'd need to have 2 primary keys to avoid any duplicates.
Here's a question: can I call a method from index.php from within remove.php? Specifically, I need to use the sortBy() method I defined in index.php; could I do something like parent.sortBy(#, #) ?
Here's a question: can I call a method from index.php from within remove.php? Specifically, I need to use the sortBy() method I defined in index.php; could I do something like parent.sortBy(#, #) ?
Make a sort.inc.php file. Cut/paste the sortBy() function in it and do an
require('sort.inc.php'); // assuming same directory
in the start of the php section of both files making use of the routine.
It is usually a good idea to organize all functions by type/relation into separate inc files into separate php include files. Makes it a lot easier to reuse code.
It's even a better idea to make use of PHP's OO capabilities, but probably unnecessary for the size of your project.
zeeny on
0
Options
Seguerof the VoidSydney, AustraliaRegistered Userregular
Dropped the tables and added my parameters to the start of index.php. OP updated with new code. I'm in the process of working on remove/delete now, which should make it easy to do update afterwards (layout-wise).
How have you separated out your database tables for the different consoles? Do you have a table for each console? You might want to look at having a single table and an extra column, either enum or just plain-text to describe, such as console_type. Then you just select where console_type = type of console
This would also make it easier to grab related data such as "all my unfinished games". Obviously this only works if the columns are the same in all your tables.
Different table for each system + columns are the same. I might consider having one table, but I'd need to have 2 primary keys to avoid any duplicates.
You just need an auto-increment id column which is unique - anything else like name/title doesn't need to be?
Also, your javascript popup function should probably add the bolded+underlined parts - not all browsers might treat an anchor object as resolving to its href.
You just need an auto-increment id column which is unique - anything else like name/title doesn't need to be?
No, just the title. If I could figure out how to pass the system name to the pop-up window, I'd stick with my current setup. I don't really need to query the database beyond what I'm doing at this point.
So I have this method:
<script type="text/javascript">
function select() {
var i = document.rform.rname.selectedIndex;
var selected = document.rform.rname.options[i].text;
document.rform.name.value = selected;
document.rform.comment.value = "";
}
</script>
My intent is to have the Name, Comment, and Status fields display the values corresponding to what's selected in the drop down menu. How can I get the comment and status to do this?
guar on
0
Options
Seguerof the VoidSydney, AustraliaRegistered Userregular
edited June 2009
You're starting to move into AJAX territory, or having all that data exist on the page initially.
You need to use an id column. DELETE from where name is a bad idea.
In fact you've gone about this removal form the wrong way; you shouldn't need one at all. On your index page you should just be able to click a link to remove that particular game.
Game Name
Game Description
Edit | Delete
Edit takes you to a form, Delete just deletes (preferably with a javascript confirm at the very least).
The delete link should take you to something like /delete.php?id=6, where id is the id of the game being deleted, which would then just redirect back to index.php
I feel like doing this myself over the weekend now...
EDIT: As for passing the "system name" to the popup window, that is simple - just have the link be different using page.php?systemname=something, or in the case that I really want you to use, page.php?id=id
You just need an auto-increment id column which is unique - anything else like name/title doesn't need to be?
No, just the title.
Just as a side note, ideal database design suggests you never use a column with inherent meaning as a primary key. I would understand not wanting to redo all your work so far, but in the future, an auto-incrementing ID as a primary key would be preferable.
EDIT: As for passing the "system name" to the popup window, that is simple - just have the link be different using page.php?systemname=something, or in the case that I really want you to use, page.php?id=id
I'm not sure I understand this. Can I pass variables between pages, or are you implying I make a separate page for each id?
EDIT: As for passing the "system name" to the popup window, that is simple - just have the link be different using page.php?systemname=something, or in the case that I really want you to use, page.php?id=id
I'm not sure I understand this. Can I pass variables between pages, or are you implying I make a separate page for each id?
You can pass variables between pages. From the '?' on is what's known as a query string. PHP can grab a hold of whatever value(s) is/are in there via the $_GET superglobal array.
So, say you have a query string of page.php?system=23&user=67 - you can simply grab them like so:
Be sure to code defensively, though, as values are being passed to your script from the address bar. Anyone can modify the query string and submit it to your page(s).
Seguerof the VoidSydney, AustraliaRegistered Userregular
edited June 2009
Sorry guar I thought you knew what I meant by that because GET had already been discussed here; Nightslyr is right. $_GET will get what you want from the query string. Variables on a query string are separated by an & so ?var1=value1&var2=value2. You probably want to use mysql_escape_string on the id or name if you're going to directly use it in a query (coding defensively)
Seguerof the VoidSydney, AustraliaRegistered Userregular
edited June 2009
Just one more thing: when you write your links to include query strings, you need to write & as & (& is a "reserved" character to start an entity character, of which & means &)
A few quick questions: (1) for auto-increment, can I force the database to fill deleted unique ids? i.e. I populate a table with ids 1 through 8, but delete ids 3 and 7 sometime after. Is there a way for the next entry added to have 3 assigned to its id number?
(2) I've set it up before to have the pop-up window close on submit, but it closes before the data is sent. How can I have it so after hitting the 'Add/Update' button, it closes the window and refreshes index.php ? I have delete.php set up to immediately redirect back to index.php via a meta tag in the header, can I do something similar with this?
A few quick questions: (1) for auto-increment, can I force the database to fill deleted unique ids? i.e. I populate a table with ids 1 through 8, but delete ids 3 and 7 sometime after. Is there a way for the next entry added to have 3 assigned to its id number?
You don't want to do this. An ID is just that, it should be unique for the lifetime of your database. The game that was #3 is not the game you are adding, so you don't want to call it #3 in your database.
If I have another table that has a record saying "I completed 56% of game #3" and I don't clean that up when I delete #3 from the game table, then when I add a new game and it's given ID #3 then it's inconsistently marked 56% complete.
That's a trivial example and likely to be cleaned up properly, but only because the database is so simple. The proper way is the way the database is currently working your auto-increment and this is why.
(2) I've set it up before to have the pop-up window close on submit, but it closes before the data is sent. How can I have it so after hitting the 'Add/Update' button, it closes the window and refreshes index.php ? I have delete.php set up to immediately redirect back to index.php via a meta tag in the header, can I do something similar with this?
You could do asynchronous submits (AJAX) but the simpler solution for you would probably be to do the redirect yes. Just handle the form submit and then redirect to a closewin.php that just simply closes itself.
Btw, you can do an HTTP redirect instead of an HTML meta refresh, by doing the following instead of sending any HTML back.
Posts
EDIT Before I even hit reply: I think I misunderstood, you if blocks are in PHP right? That's another way you can do it, such as index.php?action=add or action=update and then in the page itself you echo/print/etc a bunch of stuff for that page.
What you're moving into is basic CRUD operations (create/read/update/delete). The page you've been working on so far is Read.
Think about it this way - if you want to update an entry, that form needs to know which entry it is updating, and you actually need to read in its data first so that you can see what was there.
As for having multiple pages you can do this a few ways - on that "Read" page you can have links that go to Update/Delete which can display forms that were hidden on that page itself to do what you want for Update, or just a delete link.
Create could go at the bottom of the page with all the form elements required to create a new entry.
ed: I'd prefer not to have separate pages, which is why I brought it up.
It will do what you want - a popup containing whatever html you want, and in this case form elements.
add.html
add.php
Again, I'd like to not have separate pages, but this seemed like the easiest method. I'd prefer to keep all code in index.php
But if you're determined to do it, you can direct page rendering by adding variables to the url, and testing for that variable in your script. That is, something like:
http://me.com/index.php
Loads the main page.
http://me.com/index.php?page=form
Loads the submission form. Make branches in your script with an if() statement.
But like I said, it gets messy fast.
to:
or you can use _REQUEST if you prefer. Is this your first time attempting this sort of thing?
As for your one page / multiple pages I usually seperate things out onto seperate pages. A controller for a database element will consist of a page for adding / editing, one for deleting and one for browsing the contents. I find it's easier for me to maintain a bunch of small pages rather than one massive one.
You could also streamline your code from the previous page by including an switch to check for the form being submitted, and either displaying the form or processing the results, so something like add.php consisting of:
I'm probably not the best at explaining things, but I do this stuff for a living so the knowledge is there, buried under layers of crap.
Please do the world a favor and run all submitted variables through mysql_real_escape_string before putting them in a query.
Bad idea, generally speaking, for security reasons. Use the correct super-global array.
Aside from some logical things, your one file solution should be similar to the code above.
I'm trying to do that right now, by checking to see if the comment field is empty. I guess I'm not doing it correctly, as instead of adding an entry with/without a comment, it adds one with no comment and a completely blank entry.
Also, why do I need mysql_real_escape_string() ?
Use "==" when checking to see if something is equal, "=" makes assignments. Right now, that code sets the comment to null, which technically returns true, so it then inserts that blank comment.
As for mysql_real_escape_string, it prevents SQL injection by escaping the data. SQL injection occurs when someone enters SQL into a text box or passes it through post data, and MySQL/any other SQL server executes that query.
Before
After
And here's my add.php code:
Try simply:
You don't need to check if the comment is null...an empty string will suffice. So, that way, you remove a conditional and make your code that much easier to debug.
Edit: And it's always a good idea to read your code before asking for help.
Just a few things guar:
I would use an add.php that has the form and submits (POSTs) to itself, then have code that checks the $_POST super global array to see whether a form submission occured, because you can then report errors or report success directly on the form, with the old data that was submitted.
Accessing stuff from an array (zeeny mentioned this) you have to use a ' or " to escape the literal string, so that something like $_POST[name] becomes $_POST. This is so PHP knows that name is not a function/variable/etc. PHP usually is smart enough to "figure it out", but will tell you what it assumed (if your PHP said nothing I'd check your settings, not sure which unfortunately..)
HTML Labels: If you put the input inside the Label, you don't need to use the for attribute. Useful when the label and input are directly next to each other in the source code.
I think, but I'm not sure, that the Doctype needs to be the very first line that a browser sees, so if you have PHP before it, just end the php (?>) on the same line as the Doctype.
How have you separated out your database tables for the different consoles? Do you have a table for each console? You might want to look at having a single table and an extra column, either enum or just plain-text to describe, such as console_type. Then you just select where console_type = type of console
This would also make it easier to grab related data such as "all my unfinished games". Obviously this only works if the columns are the same in all your tables.
It's been so long since I actually used raw sql to make an update that I forget it every time. Usually propel / Smarty sanitises everything for me.
Different table for each system + columns are the same. I might consider having one table, but I'd need to have 2 primary keys to avoid any duplicates.
Make a sort.inc.php file. Cut/paste the sortBy() function in it and do an
in the start of the php section of both files making use of the routine.
It is usually a good idea to organize all functions by type/relation into separate inc files into separate php include files. Makes it a lot easier to reuse code.
It's even a better idea to make use of PHP's OO capabilities, but probably unnecessary for the size of your project.
You just need an auto-increment id column which is unique - anything else like name/title doesn't need to be?
Also, your javascript popup function should probably add the bolded+underlined parts - not all browsers might treat an anchor object as resolving to its href.
No, just the title. If I could figure out how to pass the system name to the pop-up window, I'd stick with my current setup. I don't really need to query the database beyond what I'm doing at this point.
So I have this method:
My intent is to have the Name, Comment, and Status fields display the values corresponding to what's selected in the drop down menu. How can I get the comment and status to do this?
You need to use an id column. DELETE from where name is a bad idea.
In fact you've gone about this removal form the wrong way; you shouldn't need one at all. On your index page you should just be able to click a link to remove that particular game.
Game Name
Game Description
Edit | Delete
Edit takes you to a form, Delete just deletes (preferably with a javascript confirm at the very least).
The delete link should take you to something like /delete.php?id=6, where id is the id of the game being deleted, which would then just redirect back to index.php
I feel like doing this myself over the weekend now...
EDIT: As for passing the "system name" to the popup window, that is simple - just have the link be different using page.php?systemname=something, or in the case that I really want you to use, page.php?id=id
Just as a side note, ideal database design suggests you never use a column with inherent meaning as a primary key. I would understand not wanting to redo all your work so far, but in the future, an auto-incrementing ID as a primary key would be preferable.
I'm not sure I understand this. Can I pass variables between pages, or are you implying I make a separate page for each id?
You can pass variables between pages. From the '?' on is what's known as a query string. PHP can grab a hold of whatever value(s) is/are in there via the $_GET superglobal array.
So, say you have a query string of page.php?system=23&user=67 - you can simply grab them like so:
Be sure to code defensively, though, as values are being passed to your script from the address bar. Anyone can modify the query string and submit it to your page(s).
(2) I've set it up before to have the pop-up window close on submit, but it closes before the data is sent. How can I have it so after hitting the 'Add/Update' button, it closes the window and refreshes index.php ? I have delete.php set up to immediately redirect back to index.php via a meta tag in the header, can I do something similar with this?
You don't want to do this. An ID is just that, it should be unique for the lifetime of your database. The game that was #3 is not the game you are adding, so you don't want to call it #3 in your database.
If I have another table that has a record saying "I completed 56% of game #3" and I don't clean that up when I delete #3 from the game table, then when I add a new game and it's given ID #3 then it's inconsistently marked 56% complete.
That's a trivial example and likely to be cleaned up properly, but only because the database is so simple. The proper way is the way the database is currently working your auto-increment and this is why.
You could do asynchronous submits (AJAX) but the simpler solution for you would probably be to do the redirect yes. Just handle the form submit and then redirect to a closewin.php that just simply closes itself.
Btw, you can do an HTTP redirect instead of an HTML meta refresh, by doing the following instead of sending any HTML back.
You just need to do it before anything (HTML, whitespace, etc...) is sent to the browser, else you'll get a "Headers already sent" error.
Right right, it needs to be the only thing sent. Not technically, but as far as you're concerned it's easiest to think of it that way Guar.