Creating a Dynamic Web Site Stewart Blakeway FML 208

What will we cover  Deleting Records  Amending Records

Why  You need to authenticate the user before allowing them to delete/amend records  You need to be able to delete/amend records as a user and as an administrator  With conditions

User Sessions  You will have to authenticate the log in of the user in order to allow the addition of records into the database  You have to follow certain steps in order to ensure that the user is who they claim to be  Refer to slides from last week if you have forgotten how to do this

Deleting Data  Before we allow the deletion of data we need to ensure the user is logged in  We have to establish if the user is authorised to delete the record  The user added that particular book  The user has administrator privileges

Deleting Structure if user not logged in { display login link } else { display form to select record display the selected record and confirm deletion delete the selected record }

Further refinement if form not yet displayed { display form to select record to delete } else if record selected { display the selected record } else if delete confirmed { delete the record }

Checking to see if the user has logged in <?php if (!isset($_SESSION[‘username']) { echo "not authorised"; echo " Login "; } else { // DISPLAY THE FORM }

Displaying the form  This form is different to the forms we have already seen. So far we have seen a form that passes data to itself and does a simple if else check if (!isset($_POST[‘viewed’])) { // Display form } else { // Process Data }

3 Checks  This time we have 3 major checks with the processing of the form 1. Has form been displayed? 2. Has user selected the record? 3. Has user confirmed deletion of the record?

Display Records and Get Users Selection Show user their selection and Confirm Delete Delete / Not Delete the Record

3 Checks if (!isset($_POST[‘selected’])) { // Display form and get selection } if (isset ($_POST[‘selected’])) { // Display selection for confirmation } if (isset ($_POST[‘delete’])) { // Delete the record }

Another Check  Just because the user is logged in does not mean that they are authorised to delete the record!  Should user Smith be able to delete an entry added by Williams?  What about the administrator of the website or the content manager?

Simple Check if user != user that initially added the record { display “not authorised”; } else { delete the record }

Refined if user != user that initially added the record or user != “administrator” { display “not authorised”; } else { delete the record }

What about future growth?  Initially your website is small and only has two or three administrators.  As your website grows your administration team will grow.  What if your administration team becomes four strong?

Not a great solution! if user != user that initially added the record or user != “administrator” or user != “content_administrator” or user != “designer_administrator” or user != “stradministrator” { display “not authorised”; } else { delete the record }

What about now? if user != user that initially added the record or user_level != “administrator” { display “not authorised”; } else { delete the record }

so far! if user authorised if form not displayed if record selected if delete confirmed if user = original user if user level = administrator and couple of whiles (for the extraction of data) That ’ s a lot of {{{{}}}}} and we haven ’ t even included any validation of the text entry boxes!

Indentation & Comments  Your code is growing with each conditional IF you insert.  You have to indent your code so that it reads well.  You have to comment your code throughout.  Failure to comment code and indent throughout will result in marks being deducted Better Still – Break your code down into functions, try not to over use functions though

Display Records and Get Users Selection Show user their selection and Confirm Delete Delete / Not Delete the Record function showRecords() function showSelected() function deleteRecord()

So how do we delete? DELETE FROM table WHERE something = ‘ something' DELETE FROM `user` WHERE name = 'Carl'

Amending Records Structure if form not yet displayed { display form to select record to amend } else if record selected { display the selected record allow amendments } else if amend confirmed { amend the record }

Displaying the form  This form is very similar to deleting a record in that there are three if conditions if (($_POST[viewed] != "yes") && ($_POST[viewed] != "amend")) { // Display form and Set viewed = “ yes ” } elseif ($_POST[viewed] != "amend") { // Process Data and Set viewed = “ amend ” } else { // Amend the Record }

Amending the Record $sql = “ UPDATE book SET ( ‘ username ’ = '$_POST[bUsername]', ‘ bookTitle ’ = '$_POST[bTitle]', ‘ bookType ’ = '$_POST[bType]', ‘ bookDesc ’ = '$_POST[bDesc]', ‘ bookPrice ’ = '$_POST[bPrice] ‘ WHERE ‘ bookID ’ = ‘ $_POST[bID] ’ )";

A Week Friday  Submission of Portfolio Exercises  Save onto CD  Submitted to Deanery Office by 3pm  Worth 40% of PBL 3

After Easter  Test  Submission of Website  Working Website  Connectivity to the database  Able to add/view/delete/update records  User able to register  User Login and Authentication  Appropriate validation on text fields  Appropriate use of CSS  Cross browser/platform support  Code must be commented throughout  Database  Team Report  Reflection

Test  2 Sections  10 Multiple Choice Questions worth 10 marks  Code to debug, 15 Errors worth 30 marks

Example Question Question – Which best describes an Associate Array? a)Associate Arrays use a numbered index; you can specify the index with any integer value. An associative array is principally the same as an ordinary array – however instead of labelled indexes you use integers. b)Associate Arrays do not use a numbered index; you can specify the index with meaningful names. An associative array is principally the same as an ordinary index array – however instead of numbered indexes you use labels. c)Associate Arrays do not use an index at all; when you build the array the items are sorted automatically which eliminates the need for such an index. d)Associate Arrays are a combination of two or more arrays with a relationship to the parent array of the parent class. The child class or child array within the child class will inherit all the values from the parent array contained within the parent class.

Example Code $conn = mysql_connect("localhost","stewart",""); mysql_select_database("sbass",$conn); if (($_POST[viewed] != "yes") & ($_POST[viewed] != "amend")) { echo " Select Entry "; $get_list = "SELECT bookTitle FROM book"; $get_list_res = mysql_query(get_list); echo " Select a Record to View <select name=\"sel_book\" -- Select a Book -- "; … 5 Errors – Can you spot them?

Example Code $conn = mysql_connect("localhost","stewart",""); mysql_select_db("sbass",$conn); if (($_POST[viewed] != "yes") && ($_POST[viewed] != "amend")) { echo " Select Entry "; $get_list = "SELECT bookTitle FROM book"; $get_list_res = mysql_query($get_list); echo = " Select a Record to View -- Select a Book -- "; …

Any Questions?

Conclusion