406PHP5/MySQLProgrammingfortheAbsoluteBeginner$values[] = $value; } // end if} //

When you include a file, it is interpreted as HTML, not PHP. This means you canplace any HTML code in an includefile and it is automatically inserted in youroutput wherever the includefunction occurred. I took advantage of this fact toinclude a CSS block in the library. If you want PHP code in your library file, surround your code with PHP tags () in the library file. Setting Systemwide VariablesAnother huge advantage of a library file is the ability to set and use variables thathave meaning throughout the entire system. Since each PHP program in the sys- tem includes the library, all have access to any variables declared in the libraryfile s main section. Of course, you need to use the globalkeyword to access aglobal variable from within a function.

Hint: If you are looking for very good and affordable webspace to host and run your java hosting application check Virtualwebstudio java web hosting provider

406PHP5/MySQLProgrammingfortheAbsoluteBeginner$values[] = $value; } // end if} //

406PHP5/MySQLProgrammingfortheAbsoluteBeginner$values[] = $value; } // end if} // end foreachprint procAdd($theTable, $fields, $values); print mainButton(); ?> Creating the spyLib Library ModuleAlthough I have described several PHP programs in this chapter, most of themare simple. The spyLiblibrary code does most of the heavy lifting. Having alibrary like spyLibmakes data programming pretty easy, because you don t haveto know all the spyLibdetails to make it work. All you need is a basic under- standing of the functions in the library, what each function expects as input, andwhat it will produce as output. Although this library has a good amount of code (over 500 lines, in fact), there areno new concepts in the library code. It s worth looking carefully at this codebecause it can give you a good idea of how to create your own libraries. You also findthere s no better way to understand the library than to dig around under the hood. Setting a CSS StyleSome of the simplest elements can have profound effects. One example of thismaxim is the storage of a CSS style in the library code. Each program in the systemoperates using the style specified in the library. This means you can easily changethe look and feel of the entire system by manipulating one block.

Hint: If you are looking for very good and affordable webspace to host and run your java hosting application check Virtualwebstudio java web hosting provider

Viewing the deleteRecord.php ProgramThe deleteRecord.phpprogram acts in a

include spyLib.php ?; $dbConn = connectToSpy(); print tToAdd($tableName); print mainButton(); ?> Viewing the processAdd.php ProgramThe tToAdd()function called by the addRecord.phpprogram doesn t actually add arecord. Instead, it places an HTML form on the screen that allows the user to enterthe data for a new record. When the user submits this form, he is passed to theprocessAdd.phpprogram, which calls procAdd()in the library code. The procAdd() function generates the appropriate SQL code to add the new record to the table. In order to do this, procAdd()needs to know the field names and values. The namesand values are passed to the function in arrays just like in updateRecord.php.

Process Add

$value){ if ($fieldName == tableName ?){ $theTable = $value; } else { $fields[] = $fieldName;
Note: If you are looking for good and quality webspace to host and run your java application check Actions java hosting services

Viewing the deleteRecord.php ProgramThe deleteRecord.phpprogram acts in a

Viewing the deleteRecord.php ProgramThe deleteRecord.phpprogram acts in a now-familiar manner. It mainly serves asa wrapper for a function in the spyLiblibrary. In this particular case, the pro- gram simply sends the name of the current table, the name of the key field, andthe value of the current record s key to the delRec()function. That functiondeletes the record and returns a message regarding the success or failure of theoperation.

Delete Record

Viewing the addRecord.php ProgramAdding a record, which requires two distinctive steps, is actually much like edit- ing a record. The addRecord.phpprogram calls the tToAdd()function, whichbuilds a form allowing the user to add data to whichever table is currentlyselected. It isn t necessary to send any information except the name of the tableto this function, because tToAdd()automatically generates the key value.

Add Record

Note: If you are looking for good and quality webspace to host and run your java application check Actions java hosting services

Viewing the editRecord.php ProgramThe editRecord.phpprogram is called from

Update Record

$value){ if ($fieldName == tableName ?){ $theTable = $value; } else { $fields[] = $fieldName; $values[] = $value; } // end if} // end foreachprint updateRec($theTable, $fields, $values); print mainButton(); ?> It is more convenient for the updateRec()function if the field names and valuesare sent as arrays. Therefore, the PHP code in updateRecord.phpconverts the$_REQUESTarray to an array of fields and another array of values. These two arraysare passed to the updateRec()function, which processes them.

Hint: If you are looking for high quality and reliable webspace provider to host and run your jsp hosting application check Virtualwebstudio jsp web hosting provider

Viewing the editRecord.php ProgramThe editRecord.phpprogram is called from

Viewing the editRecord.php ProgramThe editRecord.phpprogram is called from a form generated by editTable.php. (Actually, the tToEdit()function generates the form, but tToEdit()is called fromeditTable.php.) This program expects variables called $tableName, $keyName, and$keyVal. These variables, automatically provided by tToEdit(), help editRecordbuild a query that returns whatever record the user selects. (You can read aheadto the description of tToEdit() for details on how this works.)

Edit Record

The editRecord.phpprogram prints the results of the smartRToEdit()library func- tion. This function takes the single-record query and prints HTML code that letsthe user appropriately update the record. Viewing the updateRecord.php ProgramThe smartRToEdit()function calls another PHP program called updateRecord.php. This program calls a library function that actually commits the user s changes tothe database. 402PHP5/MySQLProgrammingfortheAbsoluteBeginner

Hint: If you are looking for high quality and reliable webspace provider to host and run your jsp hosting application check Virtualwebstudio jsp web hosting provider

Once viewQuery.phpconnects to the library, it uses functions

The mainButton()function produces a simple HTML form that directs the userback to the spyMaster.phppage. Even though the code for this is relatively simple, it is repeated so often that it makes sense to store it in a function rather thancopying and pasting it in every page of the system. Viewing the editTable.php ProgramThe editTable.phpfollows a familiar pattern. It has a small amount of PHP code, but most of the real work is sent off to a library function. This module s main jobis to check for an administrative password. If the user does not have the appro- priate password, further access to the system is blocked. If the user does have thecorrect password, the very powerful tToEdit()function provides access to theadd, edit, and delete functions.

Edit Table

You must have administrative access to proceed

\n ?; } // end ifprint mainButton(); ?> The $pwdvalue comes from a field in the spyMaster.phppage. The $adminPasswordvalue is stored in spyLibrary.php. (The default admin password is absolute, butyou can change it to whatever you want by editing spyLib.php.)

Hint: This post is supported by Gama besplatan domen provider

Once viewQuery.phpconnects to the library, it uses functions

Once viewQuery.phpconnects to the library, it uses functions in the library to con- nect to the database and print desired results. The qToTable()function does mostof the actual work, taking whatever query is passed to it and generating a tablewith add, delete, and edit buttons. The str_replace()function is necessary because SQL queries contain single quo- tation mark ( ) characters. When I store a query as a VARCHARentity, the single quo- tation marks embedded in the query cause problems. The normal solution to thisproblem is to use a backslash, which indicates that the mark should not be imme- diately interpreted, but should be considered a part of the data. The problem withthis is the backslash is still in the string when I try to execute the query. Thestr_replace()function replaces all instances of \ with a simple single quote ( ). Note that the qToTable()function doesn t actually print anything to the screen. All it does is build a complex string of HTML code. The viewQuery.phpprogramprints the code to the screen. If you are using a library, it s best if the library code does not print anything directlyto the screen. Instead, it should return a value to whatever program called it. Thisallows multiple uses for the data. For example, if the qToTable()function printeddirectly to the screen, you could not use it to generate a file. Since the library codereturns a value but doesn t actually do anything with that value, the code that callsthe function has the freedom to use the results in multiple ways. TRICK400PHP5/MySQLProgrammingfortheAbsoluteBeginnerWHYSTOREQUERIESINTHEDATABASE? You might wonder why I chose to store queries in the database. After all, I couldhave let the user type in a query directly or provided some form that allows theuser to search for certain values. Either of these approaches has advantages, butthey also pose some risks. It s very dangerous to allow direct access to your datafrom a Web form. Malicious users can introduce Trojan horse commands thatsnoop on your data, change data, or even delete information from the database. I sometimes build a form that has enough information to create an SQL query andthen build that query in a client-side form. (Sounds like a good end-of-chapterexercise, right?) In this case, I stored queries in another table. People withadministrative access can add new queries to the database, but ordinary usersdo not. I preloaded the storedQuerydatabase with a number of useful queries, then added the capacity to add new queries whenever the situation demands it. Drawbacks remain (primarily that ordinary users cannot build custom queries), but it is far more secure than a system that builds a query based on user input.

Hint: This post is supported by Gama besplatan domen provider

Edit / Delete table data Password: agents specialties

To make debugging easier, I preloaded the passwordfield with the appropriatepassword. In a production environment, you should, of course, leave the passwordfield blank so the user cannot get into the system without the password. Building the viewQuery.php ProgramWhen the user chooses a query, program control is sent to the viewQuery.phpprogram. This program does surprisingly little on its own:

Edit / Delete table data Password: agents specialties