creating a dynamic web site stewart blakeway fml 208 [email protected]
Post on 22-Dec-2015
218 views
TRANSCRIPT
Creating a Dynamic Web Site
Stewart BlakewayFML [email protected]
http://hopelive.hope.ac.uk/computing/
What will we cover
Deleting Records Amending Records
http://hopelive.hope.ac.uk/computing/
Why
You need to authenticate the user before allowing them to delete/amend records
You need to be able to delete/amend records as a user and as an administrator
With conditions
http://hopelive.hope.ac.uk/computing/
User Sessions
You will have to authenticate the log in of the user in order to allow the addition of records into the database
You have to follow certain steps in order to ensure that the user is who they claim to be Refer to slides from last week if you have
forgotten how to do this
http://hopelive.hope.ac.uk/computing/
Deleting Data
Before we allow the deletion of data we need to ensure the user is logged in
We have to establish if the user is authorised to delete the record The user added that particular book The user has administrator privileges
http://hopelive.hope.ac.uk/computing/
Deleting Structureif user not logged in
{
display login link
}
else
{
display form to select record
display the selected record and confirm deletion
delete the selected record
}
http://hopelive.hope.ac.uk/computing/
Further refinementif form not yet displayed
{
display form to select record to delete
}
else if record selected
{
display the selected record
}
else if delete confirmed
{
delete the record
}
http://hopelive.hope.ac.uk/computing/
Checking to see if the user has logged in
<?phpif (!isset($_SESSION[‘username']){
echo "not authorised";echo "<p><a href=\"login.php\">Login</a></p>";}
else{
// DISPLAY THE FORM}
http://hopelive.hope.ac.uk/computing/
Displaying the formThis form is different to the forms we have already
seen. So far we have seen a form that passes data to itself and does a simple if else check
if (!isset($_POST[‘viewed’])) {
// Display form }else
{// Process Data
}
http://hopelive.hope.ac.uk/computing/
3 Checks
This time we have 3 major checks with the processing of the form
1. Has form been displayed?2. Has user selected the record?3. Has user confirmed deletion of the
record?
http://hopelive.hope.ac.uk/computing/
Display Records and Get Users Selection
Show user their selection and Confirm Delete
Delete / Not Delete the Record
http://hopelive.hope.ac.uk/computing/
3 Checksif (!isset($_POST[‘selected’]))
{
// Display form and get selection
}
if (isset ($_POST[‘selected’]))
{
// Display selection for confirmation
}
if (isset ($_POST[‘delete’]))
{
// Delete the record
}
http://hopelive.hope.ac.uk/computing/
Another Check
Just because the user is logged in does not mean that they are authorised to delete the record!
Should user Smith be able to delete an entry added by Williams?
What about the administrator of the website or the content manager?
http://hopelive.hope.ac.uk/computing/
Simple Checkif user != user that initially added the
record
{
display “not authorised”;
}
else
{
delete the record
}
http://hopelive.hope.ac.uk/computing/
Refinedif user != user that initially added the record or
user != “administrator”
{
display “not authorised”;
}
else
{
delete the record
}
http://hopelive.hope.ac.uk/computing/
What about future growth?
Initially your website is small and only has two or three administrators.
As your website grows your administration team will grow.
What if your administration team becomes four strong?
http://hopelive.hope.ac.uk/computing/
Not a great solution!if user != user that initially added the record or
user != “administrator” or user != “content_administrator” or user != “designer_administrator” or user != “stradministrator”
{
display “not authorised”;
}
else
{
delete the record
}
http://hopelive.hope.ac.uk/computing/
What about now?if user != user that initially added the record or
user_level != “administrator”
{
display “not authorised”;
}
else
{
delete the record
}
http://hopelive.hope.ac.uk/computing/
so far!if user authorisedif form not displayedif record selectedif delete confirmedif user = original user if user level = administratorand couple of whiles (for the extraction of data)
That’s a lot of {{{{}}}}} and we haven’t even included any validation of the text entry boxes!
http://hopelive.hope.ac.uk/computing/
Indentation & Comments
Your code is growing with each conditional IF you insert.
You have to indent your code so that it reads well.
You have to comment your code throughout.
Failure to comment code and indent throughout will result in marks being deducted
Better Still – Break your code down into functions, try not to over use functions though
http://hopelive.hope.ac.uk/computing/
Display Records and Get Users Selection
Show user their selection and Confirm Delete
Delete / Not Delete the Record
function showRecords()
function showSelected()
function deleteRecord()
http://hopelive.hope.ac.uk/computing/
So how do we delete?
DELETE FROM table WHERE something = ‘something'
DELETE FROM `user` WHERE name = 'Carl'
http://hopelive.hope.ac.uk/computing/
Amending Records Structure
if form not yet displayed{display form to select record to amend}
else if record selected{display the selected recordallow amendments}
else if amend confirmed{amend the record}
http://hopelive.hope.ac.uk/computing/
Displaying the formThis form is very similar to deleting a record in
that there are three if conditions
if (($_POST[viewed] != "yes") && ($_POST[viewed] != "amend")) {
// Display form and Set viewed = “yes” }elseif ($_POST[viewed] != "amend")
{// Process Data and Set viewed = “amend”
}else
{ // Amend the Record}
http://hopelive.hope.ac.uk/computing/
Amending the Record$sql = “UPDATE book SET (
‘username’ = '$_POST[bUsername]',‘bookTitle’ = '$_POST[bTitle]',‘bookType’ = '$_POST[bType]',‘bookDesc’ = '$_POST[bDesc]',‘bookPrice’ = '$_POST[bPrice] ‘
WHERE ‘bookID’ = ‘$_POST[bID]’)";
http://hopelive.hope.ac.uk/computing/
A Week Friday
Submission of Portfolio Exercises Save onto CD Submitted to Deanery Office by 3pm Worth 40% of PBL 3
http://hopelive.hope.ac.uk/computing/
After EasterTestSubmission of Website
Working WebsiteConnectivity to the databaseAble to add/view/delete/update recordsUser able to registerUser Login and AuthenticationAppropriate validation on text fieldsAppropriate use of CSSCross browser/platform supportCode must be commented throughout
Database Team Report Reflection
http://hopelive.hope.ac.uk/computing/
Test
2 Sections 10 Multiple Choice Questions worth 10
marks Code to debug, 15 Errors worth 30 marks
http://hopelive.hope.ac.uk/computing/
Example QuestionQuestion – Which best describes an Associate Array?
a) Associate Arrays use a numbered index; you can specify the index with any integer value. An associative array is principally the same as an ordinary array – however instead of labelled indexes you use integers.
b) Associate Arrays do not use a numbered index; you can specify the index with meaningful names. An associative array is principally the same as an ordinary index array – however instead of numbered indexes you use labels.
c) Associate Arrays do not use an index at all; when you build the array the items are sorted automatically which eliminates the need for such an index.
d) Associate Arrays are a combination of two or more arrays with a relationship to the parent array of the parent class. The child class or child array within the child class will inherit all the values from the parent array contained within the parent class.
http://hopelive.hope.ac.uk/computing/
Example Code$conn = mysql_connect("localhost","stewart","");mysql_select_database("sbass",$conn);if (($_POST[viewed] != "yes") & ($_POST[viewed] != "amend")){
echo "<h1>Select Entry</h1>";$get_list = "SELECT bookTitle FROM book";$get_list_res = mysql_query(get_list);
echo "<form method=\"POST\" action=$SERVER[PHP_SELF]>Select a Record to View<select name=\"sel_book\"<option value=\"\">-- Select a Book --</option>";
…5 Errors – Can you spot them?
http://hopelive.hope.ac.uk/computing/
Example Code$conn = mysql_connect("localhost","stewart","");mysql_select_db("sbass",$conn);if (($_POST[viewed] != "yes") && ($_POST[viewed] != "amend")){
echo "<h1>Select Entry</h1>";$get_list = "SELECT bookTitle FROM book";$get_list_res = mysql_query($get_list);
echo = "<form method=\"POST\" action=\"$SERVER[PHP_SELF]\">Select a Record to View<select name=\"sel_book\"><option value=\"\">-- Select a Book --</option>";
…
http://hopelive.hope.ac.uk/computing/
Any Questions?
http://hopelive.hope.ac.uk/computing/
Conclusion