delete the record

Download Report

Transcript delete the record 

Creating a Dynamic Web Site
Stewart Blakeway
FML 208
[email protected]
What will we cover
Deleting Records
Amending Records
http://hopelive.hope.ac.uk/computing/
Why
 You need to authenticate the user before
allowing them to delete/amend records
 You need to be able to delete/amend
records as a user and as an administrator
 With conditions
http://hopelive.hope.ac.uk/computing/
User Sessions
You will have to authenticate the log in of
the user in order to allow the addition of
records into the database
You have to follow certain steps in order to
ensure that the user is who they claim to
be
Refer to slides from last week if you have
forgotten how to do this
http://hopelive.hope.ac.uk/computing/
Deleting Data
Before we allow the deletion of data we
need to ensure the user is logged in
We have to establish if the user is
authorised to delete the record
The user added that particular book
The user has administrator privileges
http://hopelive.hope.ac.uk/computing/
Deleting Structure
if user not logged in
{
display login link
}
else
{
display form to select record
display the selected record and confirm deletion
delete the selected record
}
http://hopelive.hope.ac.uk/computing/
Further refinement
if form not yet displayed
{
display form to select record to delete
}
else if record selected
{
display the selected record
}
else if delete confirmed
{
delete the record
}
http://hopelive.hope.ac.uk/computing/
Checking to see if the user
has logged in
<?php
if (!isset($_SESSION[‘username'])
{
echo "not authorised";
echo "<p><a
href=\"login.php\">Login</a></p>";
}
else
{
// DISPLAY THE FORM
}
http://hopelive.hope.ac.uk/computing/
Displaying the form
 This form is different to the forms we have already seen.
So far we have seen a form that passes data to itself and
does a simple if else check
if (!isset($_POST[‘viewed’]))
{
// Display form
}
else
{
// Process Data
}
http://hopelive.hope.ac.uk/computing/
3 Checks
This time we have 3 major checks with the
processing of the form
1. Has form been displayed?
2. Has user selected the record?
3. Has user confirmed deletion of the record?
http://hopelive.hope.ac.uk/computing/
Display Records and Get Users Selection
Show user their selection and Confirm Delete
Delete / Not Delete the Record
http://hopelive.hope.ac.uk/computing/
3 Checks
if (!isset($_POST[‘selected’]))
{
// Display form and get selection
}
if (isset ($_POST[‘selected’]))
{
// Display selection for confirmation
}
if (isset ($_POST[‘delete’]))
{
// Delete the record
}
http://hopelive.hope.ac.uk/computing/
Another Check
Just because the user is logged in does not
mean that they are authorised to delete
the record!
Should user Smith be able to delete an
entry added by Williams?
What about the administrator of the
website or the content manager?
http://hopelive.hope.ac.uk/computing/
Simple Check
if user != user that initially added the record
{
display “not authorised”;
}
else
{
delete the record
}
http://hopelive.hope.ac.uk/computing/
Refined
if user != user that initially added the record or
user != “administrator”
{
display “not authorised”;
}
else
{
delete the record
}
http://hopelive.hope.ac.uk/computing/
What about future growth?
Initially your website is small and only has
two or three administrators.
As your website grows your administration
team will grow.
What if your administration team becomes
four strong?
http://hopelive.hope.ac.uk/computing/
Not a great solution!
if user != user that initially added the record or
user != “administrator” or user !=
“content_administrator” or user !=
“designer_administrator” or user !=
“stradministrator”
{
display “not authorised”;
}
else
{
delete the record
}
http://hopelive.hope.ac.uk/computing/
What about now?
if user != user that initially added the record or
user_level != “administrator”
{
display “not authorised”;
}
else
{
delete the record
}
http://hopelive.hope.ac.uk/computing/
so far!
if user authorised
if form not displayed
if record selected
if delete confirmed
if user = original user
if user level = administrator
and couple of whiles (for the extraction of data)
That’s a lot of {{{{}}}}} and we haven’t even
included any validation of the text entry boxes!
http://hopelive.hope.ac.uk/computing/
Indentation & Comments
Your code is growing with each conditional
IF you insert.
You have
yourcode
code
so that it
Better to
Stillindent
– Break your
down
readsinto
well.
functions, try not to over use
functions
You have
to though
comment your code
throughout.
Failure to comment code and indent
throughout will result in marks being
deducted
http://hopelive.hope.ac.uk/computing/
Display Records
andshowRecords()
Get Users Selection
function
function
showSelected()
Show user their
selection
and Confirm Delete
function
Delete
/ NotdeleteRecord()
Delete the Record
http://hopelive.hope.ac.uk/computing/
So how do we delete?
DELETE FROM table WHERE something =
‘something'
DELETE FROM `user` WHERE name = 'Carl'
http://hopelive.hope.ac.uk/computing/
Amending Records Structure
if form not yet displayed
{
display form to select record to amend
}
else if record selected
{
display the selected record
allow amendments
}
else if amend confirmed
{
amend the record
}
http://hopelive.hope.ac.uk/computing/
Displaying the form
 This form is very similar to deleting a record in that there
are three if conditions
if (($_POST[viewed] != "yes") && ($_POST[viewed] != "amend"))
{
// Display form and Set viewed = “yes”
}
elseif ($_POST[viewed] != "amend")
{
// Process Data and Set viewed = “amend”
}
else
{
// Amend the Record
}
http://hopelive.hope.ac.uk/computing/
Amending the Record
$sql = “UPDATE book SET (
‘username’ = '$_POST[bUsername]',
‘bookTitle’ = '$_POST[bTitle]',
‘bookType’ = '$_POST[bType]',
‘bookDesc’ = '$_POST[bDesc]',
‘bookPrice’ = '$_POST[bPrice] ‘
WHERE ‘bookID’ = ‘$_POST[bID]’
)";
http://hopelive.hope.ac.uk/computing/
A Week Friday
Submission of Portfolio Exercises
Save onto CD
Submitted to Deanery Office by 3pm
Worth 40% of PBL 3
http://hopelive.hope.ac.uk/computing/
After Easter
 Test
 Submission of Website
 Working Website
 Connectivity to the database
 Able to add/view/delete/update records
 User able to register
 User Login and Authentication
 Appropriate validation on text fields
 Appropriate use of CSS
 Cross browser/platform support
 Code must be commented throughout
 Database
 Team Report
 Reflection
http://hopelive.hope.ac.uk/computing/
Test
2 Sections
10 Multiple Choice Questions worth 10 marks
Code to debug, 15 Errors worth 30 marks
http://hopelive.hope.ac.uk/computing/
Example Question
Question – Which best describes an Associate Array?
a)
Associate Arrays use a numbered index; you can specify the index with
any integer value. An associative array is principally the same as an
ordinary array – however instead of labelled indexes you use integers.
b)
Associate Arrays do not use a numbered index; you can specify the index
with meaningful names. An associative array is principally the same as
an ordinary index array – however instead of numbered indexes you use
labels.
c)
Associate Arrays do not use an index at all; when you build the array the
items are sorted automatically which eliminates the need for such an
index.
d)
Associate Arrays are a combination of two or more arrays with a
relationship to the parent array of the parent class. The child class or
child array within the child class will inherit all the values from the parent
array contained within the parent class.
http://hopelive.hope.ac.uk/computing/
Example Code
$conn = mysql_connect("localhost","stewart","");
mysql_select_database("sbass",$conn);
if (($_POST[viewed] != "yes") & ($_POST[viewed] != "amend"))
{
echo "<h1>Select Entry</h1>";
$get_list = "SELECT bookTitle FROM book";
$get_list_res = mysql_query(get_list);
echo "<form method=\"POST\" action=$SERVER[PHP_SELF]>
Select a Record to View
<select name=\"sel_book\"
<option value=\"\">-- Select a Book --</option>";
…
5 Errors – Can you spot them?
http://hopelive.hope.ac.uk/computing/
Example Code
$conn = mysql_connect("localhost","stewart","");
mysql_select_db("sbass",$conn);
if (($_POST[viewed] != "yes") && ($_POST[viewed] != "amend"))
{
echo "<h1>Select Entry</h1>";
$get_list = "SELECT bookTitle FROM book";
$get_list_res = mysql_query($get_list);
echo = "<form method=\"POST\" action=\"$SERVER[PHP_SELF]\">
Select a Record to View
<select name=\"sel_book\">
<option value=\"\">-- Select a Book --</option>";
…
http://hopelive.hope.ac.uk/computing/
Any Questions?
http://hopelive.hope.ac.uk/computing/
Conclusion
http://hopelive.hope.ac.uk/computing/