Tutorial:
Database - PHP - Delete Security Users By Name With Access Database
Dr.
Thomas E. Hicks
Computer Science
Department
Trinity University
IIS 5 Install on Windows XP Pro
IIS 5 Installation on Windows 2000 Pro/Server
It might even help to read a tutorial that describes the need for Database Web Applications.
Database Need For Web Applications
You may use the basic ideas of this tutorial for either the ODBC connection or the MapPath connection..
Database - PHP - ODBC Connections
Database - PHP - MapPath Connections
For purposes of discussion, let us suppose that an Access Database, called Security.mdb, resides at the root of drive C. (See Below!) When a database is installed on the web server, the necessary ODBC drivers are also installed. If the web server does not have the database installed, then the ODBC drivers will have to be downloaded and installed; this process differs from database to database and is beyond the scope of this paper. Microsoft Access and the appropriate ODBC drivers have been installed on the server illustrated below.
The Security Database is opened and the Tables tab is selected; in order to keep our example simplistic, the Security Database has only a single table, called Users. The contents of our very simple Users table can be seen below.
Each record in the Users table contains fields Name, No, Password, and IDNo; these will be needed later.
The datatypes of each field may be seen below.
The Security Database above was is ultra trivial application which had only one database table. Relational databases often have many tables; this is true of Access databases as well. This database may be downloaded.
We are going to place all of the PHP files in folder C:\Inetpub\wwwroot\PHP. We could place the database files anywhere on the drive. For security reasons, it is not a good idea to place them in the wwwroot directory.
For purposes of this tutorial, we shall assume that the Security database files are located in C:\Security. For purposes of this tutorial, we shall assume that the Security database is located in C:\.
File adodb.inc.php includes many of the database PHP4 extensions to php. File adodb-time.inc.php is used by adodb.inc.php. These should be placed in the web site. I have chosen to place them in directory ADODB for purposes of this tutorial..
There is PHP support for many databases; among them are Oracle, informix, mysql, ibase, cvc, postgres, sybase, foxpro, etc. Each of these shall require its own driver. Although you shall not neeed all of the drivers, I have placed a collection that I downloaded from the Internet in directory Drivers. See Below! These should be placed in the web site. I have chosen to place them in directory ADODB for purposes of this tutorial..
You might want to download your own files from the Internet, but for sake of simplicity, I have included those used in the tutorial in the zipped file below; place them in a folder, called ADODB, at the root of your IIS directory. (See Below!)
The first page shall be called DeleteSecurityUserByName.php. It shall be the responsibility of this page to prompt the user for a DeleteName and transfer processing control to the second page.
The second page shall be called DeleteSecurityUserByNameConfirmation.php. It shall be the responsibility of this page to display all of the Users that match the DeleteName. Control shall pass to a generic Error.php page in the event that the DeleteName is blank. Control shall also pass to Error.php if there are no users with DeleteName.
<?PHP #========================================================================= #========================================================================= #==== DeleteSecurityUserByName.php ==== #========================================================================= #==== ==== #==== Purpose : Prompt the user for the User Name & transfer ==== #==== to page DeleteUserByNameConfirmation.php for ==== #==== processing. ==== #==== ==== #==== Written By : Dr. Thomas E. Hicks Date: 08/1/2003 ==== #========================================================================= #========================================================================= ?> |
The documentation block provides a brief statement of purpose.
#--------------------------------------------------------------------------
# This block of code starts a new session and clears any session
# variables. It shall make sure that the input boxes on this form
# are initially blank; session variables shall store a copy of the
# user responses in all input boxes so that they may be reloaded on
# the page in the event that the user must return back to this page
# because of invalid input. The PreviousPage variable shall
# enable the corresponding confirmation page to assure that it is
# only called from this page.
#--------------------------------------------------------------------------
If (!IsSet($NewDeleteName))
{
Session_Start();
Session_UnSet();
$NewDeleteName = "";
$PreviousPage = "DeleteName1";
$DeleteName = "";
Session_Register("NewDeleteName");
Session_Register("PreviousPage");
}
Else
$DeleteName = $_SESSION["NewDeleteName"];
$_SESSION["PreviousPage"] = "DeleteName1";
?>
|
This block of code starts a new session and clears any session variables. It shall make sure that the input boxes on this form are initially blank; session variables shall store a copy of the user responses in all input boxes so that they may be reloaded on the page in the event that the user must return back to this page because of invalid input. The PreviousPage variable shall enable the corresponding confirmation page to assure that it is only called from this page.
<HTML> <HEAD><TITLE>Dr. Thomas E. Hicks - DeleteSecurityUserByName.php</TITLE> </HEAD> |
The HTML places Dr. Thomas E. Hicks - DeleteSecurityUserByName.php in the browser title bar.
<BODY TEXT = "#000000"
BGCOLOR = "#000000"
VLINK ="#000000"
ALINK ="#000000"
BACKGROUND ="Paper.jpg">
|
This HTML code above defines the page background, the default text color, the default background color, and the default link colors.
<CENTER><FONT FACE ="Arial" SIZE="4">DeleteSecurityUserByName.php<BR> Written By<BR>Dr. Thomas E. Hicks</FONT></CENTER><HR> |
The HTML code above creates the following commercial at the top of the page.
DeleteSecurityUserByName.php
Written By
Dr. Thomas E. Hicks
<FORM METHOD = "GET"
ACTION = "DeleteSecurityUserByNameConfirmation.php">
|
This is a standard HTML form which
shall provide the user an opportunity to enter information and submit/transfer
that information to page DeleteSecurityUserByNameConfirmation.php.
You can see that the Get Method passes the DeleteName variable in the URL when
control is submitted/passed to page DeleteSecurityUserByNameConfirmation.php.
You can visibly see Tom passed in the URL below.
<TABLE BORDER = "5"
CELLPADDING = "4"
CELLSPACING = "4"
STYLE = "border-collapse: collapse"
BORDERCOLOR = "#800000"
BGCOLOR = "#FFFFFF"
WIDTH = "100%" >
|
A table shall be used to organize the prompts, buttons, and input boxes.
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Display Users With Name
<INPUT TYPE = "Text"
VALUE = "<?PHP Print $DeleteName ?>"
NAME = "DeleteName"
SIZE = 20
MAXSIZE = 20></B></FONT>
</TD></TR>
|
In the first row of the table shall be a prompt ==> Display Users With Name ==> and a 20 character text box in which to enter the information.. Note that the name of the textbox is DeleteName; the get method will transfer this information to the confirmation page.
<TR><TD>
<INPUT TYPE = "SUBMIT"
VALUE = "Display all Users With This Name Now!"
STYLE = "BACKGROUND=BLUE; COLOR=#FFFFFF ;CURSOR=hand;
FONT-FAMILY ='SYSTEM';FONT-SIZE=10pt">
</TD></TR>
|
The second row of the table shall contain a blue submit button whose caption is Display All Users With This Name Now!
</TABLE></FORM> </BODY></HTML> |
The remainder of the HTML code above simply ends the table, the form, the body, and the document.
The complete code may be found below. A working model may be found at
<?PHP
#=========================================================================
#=========================================================================
#==== DeleteSecurityUserByName.php ====
#=========================================================================
#==== ====
#==== Purpose : Prompt the user for the User Name & transfer ====
#==== to page DeleteUserByNameConfirmation.php for ====
#==== processing. ====
#==== ====
#==== Written By : Dr. Thomas E. Hicks Date: 08/1/2003 ====
#=========================================================================
#=========================================================================
#--------------------------------------------------------------------------
# This block of code starts a new session and clears any session
# variables. It shall make sure that the input boxes on this form
# are initially blank; session variables shall store a copy of the
# user responses in all input boxes so that they may be reloaded on
# the page in the event that the user must return back to this page
# because of invalid input. The PreviousPage variable shall
# enable the corresponding confirmation page to assure that it is
# only called from this page.
#--------------------------------------------------------------------------
If (!IsSet($NewDeleteName))
{
Session_Start();
Session_UnSet();
$NewDeleteName = "";
$PreviousPage = "DeleteName1";
$DeleteName = "";
Session_Register("NewDeleteName");
Session_Register("PreviousPage");
}
Else
$DeleteName = $_SESSION["NewDeleteName"];
$_SESSION["PreviousPage"] = "DeleteName1";
?>
<HTML>
<HEAD><TITLE>Dr. Thomas E. Hicks - DeleteSecurityUserByName.php</TITLE>
</HEAD>
<BODY TEXT = "#000000"
BGCOLOR = "#000000"
VLINK ="#000000"
ALINK ="#000000"
BACKGROUND ="Paper.jpg">
<CENTER><FONT FACE ="Arial" SIZE="4">DeleteSecurityUserByName.php<BR>
Written By<BR>Dr. Thomas E. Hicks</FONT></CENTER><HR>
<FORM METHOD = "GET"
ACTION = "DeleteSecurityUserByNameConfirmation.php">
<TABLE BORDER = "5"
CELLPADDING = "4"
CELLSPACING = "4"
STYLE = "border-collapse: collapse"
BORDERCOLOR = "#800000"
BGCOLOR = "#FFFFFF"
WIDTH = "100%">
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Delete Users With Name
<INPUT TYPE = "Text"
VALUE = "<?PHP Print $DeleteName ?>"
NAME = "DeleteName"
SIZE = 20
MAXSIZE = 20></B></FONT>
</TD></TR>
<TR><TD ALIGN = "Center">
<INPUT TYPE = "SUBMIT"
VALUE = "Delete all Users With This Name Now!"
STYLE = "BACKGROUND=BLUE; COLOR=#FFFFFF ;CURSOR=hand;
FONT-FAMILY ='SYSTEM';FONT-SIZE=10pt">
</TD></TR>
</TABLE></FORM>
</BODY></HTML>
|
You can see the results below:
<?PHP #========================================================================= #========================================================================= #==== DeleteSecurityUserByNameConfirmation.php ==== #========================================================================= #==== ==== #==== Purpose : Transfer to page Error.php and report error if ==== #==== user does not enter the Sought Name. Transfer ==== #==== to page Error.php and report error if the ==== #==== there are no matches in the database. Delete ==== #==== the record if found. ==== #==== ==== #==== Written By : Dr. Thomas E. Hicks Date: 08/1/2003 ==== #========================================================================= #========================================================================= |
The documentation block provides a brief statement of purpose. Immediately following the documentation block are declarations for all of the variables used on this page. Blocks of PHP code begin with <?PHP and end with ?>.
#--------------------------------------------------------------------------
# Include The Database Utilities
#--------------------------------------------------------------------------
Include('../adodb/adodb.inc.php');
|
Include file adodb.inc.php which contains many of the database access extensions to PHP.
#--------------------------------------------------------------------------
# Continue The Session
#--------------------------------------------------------------------------
#--------------------------------------------------------------------------
# May Only Enter This Page From DeleteSecurityUserByName.php!
#--------------------------------------------------------------------------
If ($_SESSION["PreviousPage"] != "DeleteName1" )
{
Print "<Script Language = 'JavaScript'> " .
"window.location = 'EditSecurityUserByName1.php'</Script>";
Print " ";
Exit;
}
|
The user should not be able to directly evoke this page from the browser; make sure that the only way that this page can be launched is from the DeleteSecurityUserByName.php page.
#-------------------------------------------------------------------------- # Declarations & Initializations #-------------------------------------------------------------------------- $Counter = 1; $DeleteName = Trim($_REQUEST["DeleteName"]); $_SESSION["NewDeleteName"] = Trim($_REQUEST["DeleteName"]); |
Initialize Counter to 1. Fill DeleteName with the trimmed value from the form on page DeleteSecurityUserConfirmation.php
#--------------------------------------------------------------------------
# Make Sure That DeleteName Is Not Blank!
#--------------------------------------------------------------------------
If (StrLen($DeleteName) == 0)
{
$ErrorMessage = "The Sought Name May Not Be Blank!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
|
If the user fails to enter a DeleteName, then the length will be zero. A successful Delete requires the DeleteName to be greater than zero. In the event that the user leaves the DeleteName blank, a session variable, describing the error, is created and the generic Error.php is loaded to display the error. The extra Print and Exit simply delay the processing so that things work in synch.
#--------------------------------------------------------------------------
# Access Database RealPath Connect To The Server
#--------------------------------------------------------------------------
#------------------------ Create A Connection Object ----------------------
$Conn = New COM("ADODB.Connection");
#------------------------------ Absolute Path -----------------------------
$ConnStr = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" .
RealPath("C:\Security.mdb");
#------------------------------ Relative Path -----------------------------
$ConnStr = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" .
RealPath("../../../Security.mdb");
#--------------------------------- Connect --------------------------------
$Conn->Open($ConnStr);
|
The block of code above connects this page to the Security database. A connection object is created. Variable ConnString contains part of the connection arguments. The Conn->Open opens the Security database and associates it with the connection object. You may use either the Relative Path or the Absolute Path; you need not include both.
#--------------------------------------------------------------------------
# Read All Of The Matching User Names Into The RecordSet
#--------------------------------------------------------------------------
#--------------------------- Traditional SQL Query ------------------------
$UserSQL = " SELECT * " .
" FROM Users " .
" WHERE Name = '" . $DeleteName . "'" ;
#------------- Create A Record Set That Contains Results Of Query ---------
$UsersRecordSet = $Conn->Execute($UserSQL);
|
The SQL query is to select all of the information about those users whose Name contains the DeleteName. The UserRecordSet object is created and filled with those matches, if any.
#------- If No Record Set Was Generated, Print Out The Error Message ------
If (!$UsersRecordSet)
{
$ErrorMessage = "System Error - Unable To Generate Record Set!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
|
If the record set is not created, then there is a definite error; a session variable, describing the error, is created and the generic Error.php is loaded to display the error.
#------- If There Are No Records In The Record Set, Display Message -------
If ($UsersRecordSet->EOF)
{
$ErrorMessage = "There Are No Records Matching This Sought Name!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
|
If the user enters a DeleteName that is not found in the Users table, then the record set will be empty and EOF will be true. In the event that the query is unsuccessful, a session variable, describing the error, is created and the generic Error.php is loaded to display the error.
#------------------------------------------------------------------------
# Delete Users That Match This Information
#------------------------------------------------------------------------
$UserSQL = " DELETE " .
" FROM Users " .
" WHERE Users.Name = '" . $DeleteName ."'" ;
#-------------------------------------------------------------------------- # Close RecordSet and Re-Use It To Delete #-------------------------------------------------------------------------- $UsersRecordSet->Close(); $UsersRecordSet = $Conn->Execute($UserSQL); |
The SQL query is to delete all of the records whose Name is the DeleteName. It is best to close the previous record set before generating another one.
<HTML><HEAD> <TITLE>Dr. Thomas E. Hicks - DeleteSecurityUserConfirmation.php </TITLE> </HEAD> |
The HTML places Dr. Thomas E. Hicks - DeleteSecurityUserByNameConfirmation.php in the browser title bar.
<BODY TEXT = "#000000" BGCOLOR = "#000000" VLINK ="#000000" ALINK ="#000000" BACKGROUND ="Paper.jpg"> |
This HTML code above defines the page background, the default text color, the default background color, and the default link colors.
<CENTER> <font face="Arial" size="4">DeleteSecurityUserConfirmation.php<br> Written By<br> Dr. Thomas E. Hicks</font></p> </CENTER> <HR> |
The HTML code above creates the following commercial at the top of the page.
DeleteSecurityUserByNameConfirmation.php
Written By
Dr. Thomas E. Hicks
<p><font color="#FF0000" face="Arial"> <?PHP Print $DeleteName ?> has been deleted! </font></p> |
A brief confirmation to the user letting them know which record was deleted.
<?PHP #-------------------------------------------------------------------------- # Close & Terminate The Connections #-------------------------------------------------------------------------- $Conn->Close(); $UsersRecordSet = null; $Conn = null; |
Close the connection. Since the delete does not return a record set, you may not close it! Set both to null.
#-------------------------------------------------------------------------- # Terminate The Session #-------------------------------------------------------------------------- Session_UnSet(); Session_Destroy(); ?> |
Clear the session variables and close the session.
</TABLE> </BODY></HTML> |
The HTML code above simply ends the table, the body, and the document.
The complete code may be found below. A working model may be found at
<?PHP
#=========================================================================
#=========================================================================
#==== DeleteSecurityUserByNameConfirmation.php ====
#=========================================================================
#==== ====
#==== Purpose : Transfer to page Error.php and report error if ====
#==== user does not enter the Sought Name. Transfer ====
#==== to page Error.php and report error if the ====
#==== there are no matches in the database. Delete ====
#==== the record if found. ====
#==== ====
#==== Written By : Dr. Thomas E. Hicks Date: 08/1/2003 ====
#=========================================================================
#=========================================================================
#--------------------------------------------------------------------------
# Include The Database Utilities
#--------------------------------------------------------------------------
Include('../adodb/adodb.inc.php');
#--------------------------------------------------------------------------
# Continue The Session
#--------------------------------------------------------------------------
#--------------------------------------------------------------------------
# May Only Enter This Page From DeleteSecurityUserByName.php!
#--------------------------------------------------------------------------
If ($_SESSION["PreviousPage"] != "DeleteName1" )
{
Print "<Script Language = 'JavaScript'> " .
"window.location = 'EditSecurityUserByName1.php'</Script>";
Print " ";
Exit;
}
#--------------------------------------------------------------------------
# Declarations & Initializations
#--------------------------------------------------------------------------
$Counter = 1;
$DeleteName = Trim($_REQUEST["DeleteName"]);
$_SESSION["NewDeleteName"] = Trim($_REQUEST["DeleteName"]);
#--------------------------------------------------------------------------
# Make Sure That DeleteName Is Not Blank!
#--------------------------------------------------------------------------
If (StrLen($DeleteName) == 0)
{
$ErrorMessage = "The Sought Name May Not Be Blank!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
#--------------------------------------------------------------------------
# Access Database RealPath Connect To The Server
#--------------------------------------------------------------------------
#------------------------ Create A Connection Object ----------------------
$Conn = New COM("ADODB.Connection");
#------------------------------ Absolute Path -----------------------------
$ConnStr = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" .
RealPath("C:\Security.mdb");
#------------------------------ Relative Path -----------------------------
$ConnStr = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" .
RealPath("../../../Security.mdb");
#--------------------------------- Connect --------------------------------
$Conn->Open($ConnStr);
#--------------------------------------------------------------------------
# Read All Of The Matching User Names Into The RecordSet
#--------------------------------------------------------------------------
#--------------------------- Traditional SQL Query ------------------------
$UserSQL = " SELECT * " .
" FROM Users " .
" WHERE Name = '" . $DeleteName . "'" ;
#------------- Create A Record Set That Contains Results Of Query ---------
$UsersRecordSet = $Conn->Execute($UserSQL);
#------- If No Record Set Was Generated, Print Out The Error Message ------
If (!$UsersRecordSet)
{
$ErrorMessage = "System Error - Unable To Generate Record Set!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
#------- If There Are No Records In The Record Set, Display Message -------
If ($UsersRecordSet->EOF)
{
$ErrorMessage = "There Are No Records Matching This Sought Name!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
#------------------------------------------------------------------------
# Delete Users That Match This Information
#------------------------------------------------------------------------
$UserSQL = " DELETE " .
" FROM Users " .
" WHERE Users.Name = '" . $DeleteName ."'" ;
#--------------------------------------------------------------------------
# Close RecordSet and Re-Use It To Delete
#--------------------------------------------------------------------------
$UsersRecordSet->Close();
$UsersRecordSet = $Conn->Execute($UserSQL);
?>
<HTML><HEAD>
<TITLE>Dr. Thomas E. Hicks - DeleteSecurityUserConfirmation.php </TITLE>
</HEAD>
<BODY TEXT = "#000000"
BGCOLOR = "#000000"
VLINK ="#000000"
ALINK ="#000000"
BACKGROUND ="Paper.jpg">
<CENTER>
<FONT FACE="Arial" SIZE="4"> DeleteSecurityUserConfirmation.php <BR>
Written By<BR>
Dr. Thomas E. Hicks</font><P>
</CENTER>
<HR>
<p><font color="#FF0000" face="Arial">
<?PHP
Print $DeleteName
?> has been deleted! </font></p>
<?PHP
#--------------------------------------------------------------------------
# Close & Terminate The Connections
#--------------------------------------------------------------------------
$Conn->Close();
$UsersRecordSet = null;
$Conn = null;
#-------------------------------------------------------------------------- # Terminate The Session #-------------------------------------------------------------------------- Session_UnSet(); Session_Destroy(); ?> </BODY></HTML> |
You can see the results below:
The complete code may be found below.
<?PHP
#====================================================================================
#====================================================================================
#==== DisplayError.asp ====
#==== ====
#==== Purpose : Display the global System variable ErrorMessage and provide the ====
#==== User with a button which will allow them to return to the ====
#==== original form two levels back in the history. ====
#==== ====
#==== Written By : Dr. Thomas E. Hicks ====
#====================================================================================
#====================================================================================
?>
<HTML><BODY BACKGROUND = "Paper.jpg">
<HR>
<CENTER><p Align="Center"><b><Font Size=+0 Color="#660033">
<br>
<?PHP
Print $ErrorMessage;
?>
</font></b>
<FORM METHOD="POST">
<INPUT TYPE = "BUTTON"
VALUE = " Click This Button To Go Back To Correct The Problem! "
STYLE = "BackGround=DarkGreen; Color=#FFFFFF ;Cursor=hand; ".
"Font-Family ='system';Font-Size=10pt"
OnClick = "history.go( -2 ); return true;">
</FORM>
<HR></CENTER></BODY></HTML>
|