creating a dynamic web site stewart blakeway fml 208 [email protected]

Creating a Dynamic Web Site

Stewart BlakewayFML [email protected]

http://hopelive.hope.ac.uk/computing/

What will we cover

Deleting Records Amending Records


Why

You need to authenticate the user before allowing them to delete/amend records

You need to be able to delete/amend records as a user and as an administrator

With conditions


User Sessions

You will have to authenticate the log in of the user in order to allow the addition of records into the database

You have to follow certain steps in order to ensure that the user is who they claim to be Refer to slides from last week if you have

forgotten how to do this


Deleting Data

Before we allow the deletion of data we need to ensure the user is logged in

We have to establish if the user is authorised to delete the record The user added that particular book The user has administrator privileges


Deleting Structureif user not logged in

{

display login link

}

else

{

display form to select record

display the selected record and confirm deletion

delete the selected record

}


Further refinementif form not yet displayed

{

display form to select record to delete

}

else if record selected

{

display the selected record

}

else if delete confirmed

{

delete the record

}


Checking to see if the user has logged in

<?phpif (!isset($_SESSION[‘username']){

echo "not authorised";echo "<p><a href=\"login.php\">Login</a></p>";}

else{

// DISPLAY THE FORM}


Displaying the formThis form is different to the forms we have already

seen. So far we have seen a form that passes data to itself and does a simple if else check

if (!isset($_POST[‘viewed’])) {

// Display form }else

{// Process Data

}


3 Checks

This time we have 3 major checks with the processing of the form

1. Has form been displayed?2. Has user selected the record?3. Has user confirmed deletion of the

record?


Display Records and Get Users Selection

Show user their selection and Confirm Delete

Delete / Not Delete the Record


3 Checksif (!isset($_POST[‘selected’]))

{

// Display form and get selection

}

if (isset ($_POST[‘selected’]))

{

// Display selection for confirmation

}

if (isset ($_POST[‘delete’]))

{

// Delete the record

}


Another Check

Just because the user is logged in does not mean that they are authorised to delete the record!

Should user Smith be able to delete an entry added by Williams?

What about the administrator of the website or the content manager?


Simple Checkif user != user that initially added the

record

{

display “not authorised”;

}

else

{

delete the record

}


Refinedif user != user that initially added the record or

user != “administrator”

{


}

else

{

delete the record

}


What about future growth?

Initially your website is small and only has two or three administrators.

As your website grows your administration team will grow.

What if your administration team becomes four strong?


Not a great solution!if user != user that initially added the record or

user != “administrator” or user != “content_administrator” or user != “designer_administrator” or user != “stradministrator”

{


}

else

{

delete the record

}


What about now?if user != user that initially added the record or

user_level != “administrator”

{


}

else

{

delete the record

}


so far!if user authorisedif form not displayedif record selectedif delete confirmedif user = original user if user level = administratorand couple of whiles (for the extraction of data)

That’s a lot of {{{{}}}}} and we haven’t even included any validation of the text entry boxes!


Indentation & Comments

Your code is growing with each conditional IF you insert.

You have to indent your code so that it reads well.

You have to comment your code throughout.

Failure to comment code and indent throughout will result in marks being deducted

Better Still – Break your code down into functions, try not to over use functions though


Display Records and Get Users Selection

Show user their selection and Confirm Delete

Delete / Not Delete the Record

function showRecords()

function showSelected()

function deleteRecord()


So how do we delete?

DELETE FROM table WHERE something = ‘something'

DELETE FROM `user` WHERE name = 'Carl'


Amending Records Structure

if form not yet displayed{display form to select record to amend}

else if record selected{display the selected recordallow amendments}

else if amend confirmed{amend the record}


Displaying the formThis form is very similar to deleting a record in

that there are three if conditions

if (($_POST[viewed] != "yes") && ($_POST[viewed] != "amend")) {

// Display form and Set viewed = “yes” }elseif ($_POST[viewed] != "amend")

{// Process Data and Set viewed = “amend”

}else

{ // Amend the Record}


Amending the Record$sql = “UPDATE book SET (

‘username’ = '$_POST[bUsername]',‘bookTitle’ = '$_POST[bTitle]',‘bookType’ = '$_POST[bType]',‘bookDesc’ = '$_POST[bDesc]',‘bookPrice’ = '$_POST[bPrice] ‘

WHERE ‘bookID’ = ‘$_POST[bID]’)";


A Week Friday

Submission of Portfolio Exercises Save onto CD Submitted to Deanery Office by 3pm Worth 40% of PBL 3


After EasterTestSubmission of Website

Working WebsiteConnectivity to the databaseAble to add/view/delete/update recordsUser able to registerUser Login and AuthenticationAppropriate validation on text fieldsAppropriate use of CSSCross browser/platform supportCode must be commented throughout

Database Team Report Reflection


Test

2 Sections 10 Multiple Choice Questions worth 10

marks Code to debug, 15 Errors worth 30 marks


Example QuestionQuestion – Which best describes an Associate Array?

a) Associate Arrays use a numbered index; you can specify the index with any integer value. An associative array is principally the same as an ordinary array – however instead of labelled indexes you use integers.

b) Associate Arrays do not use a numbered index; you can specify the index with meaningful names. An associative array is principally the same as an ordinary index array – however instead of numbered indexes you use labels.

c) Associate Arrays do not use an index at all; when you build the array the items are sorted automatically which eliminates the need for such an index.

d) Associate Arrays are a combination of two or more arrays with a relationship to the parent array of the parent class. The child class or child array within the child class will inherit all the values from the parent array contained within the parent class.


Example Code$conn = mysql_connect("localhost","stewart","");mysql_select_database("sbass",$conn);if (($_POST[viewed] != "yes") & ($_POST[viewed] != "amend")){

echo "<h1>Select Entry</h1>";$get_list = "SELECT bookTitle FROM book";$get_list_res = mysql_query(get_list);

echo "<form method=\"POST\" action=$SERVER[PHP_SELF]>Select a Record to View<select name=\"sel_book\"<option value=\"\">-- Select a Book --</option>";

…5 Errors – Can you spot them?


Example Code$conn = mysql_connect("localhost","stewart","");mysql_select_db("sbass",$conn);if (($_POST[viewed] != "yes") && ($_POST[viewed] != "amend")){

echo "<h1>Select Entry</h1>";$get_list = "SELECT bookTitle FROM book";$get_list_res = mysql_query($get_list);

echo = "<form method=\"POST\" action=\"$SERVER[PHP_SELF]\">Select a Record to View<select name=\"sel_book\"><option value=\"\">-- Select a Book --</option>";

…


Any Questions?


Conclusion

creating a dynamic web site stewart blakeway fml 208 [email protected]

Documents

records slide

selected record

ukcomputing user sessions

display form

addition of records

display login link

deletion of data

administrator privileges