Tutorial:
Database - PHP - Edit Security Users By Name With Access Database
Dr.
Thomas E. Hicks
Computer Science
Department
Trinity University
IIS 5 Install on Windows XP Pro
IIS 5 Installation on Windows 2000 Pro/Server
It might even help to read a tutorial that describes the need for Database Web Applications.
Database Need For Web Applications
You may use the basic ideas of this tutorial for either the ODBC connection or the MapPath connection..
Database - PHP - ODBC Connections
Database - PHP - MapPath Connections
For purposes of discussion, let us suppose that an Access Database, called Security.mdb, resides at the root of drive C. (See Below!) When a database is installed on the web server, the necessary ODBC drivers are also installed. If the web server does not have the database installed, then the ODBC drivers will have to be downloaded and installed; this process differs from database to database and is beyond the scope of this paper. Microsoft Access and the appropriate ODBC drivers have been installed on the server illustrated below.
The Security Database is opened and the Tables tab is selected; in order to keep our example simplistic, the Security Database has only a single table, called Users. The contents of our very simple Users table can be seen below.
Each record in the Users table contains fields Name, No, Password, and IDNo; these will be needed later.
The datatypes of each field may be seen below.
The Security Database above was is ultra trivial application which had only one database table. Relational databases often have many tables; this is true of Access databases as well. This database may be downloaded.
We are going to place all of the PHP files in folder C:\Inetpub\wwwroot\PHP. We could place the database files anywhere on the drive. For security reasons, it is not a good idea to place them in the wwwroot directory.
For purposes of this tutorial, we shall assume that the Security database files are located in C:\Security. For purposes of this tutorial, we shall assume that the Security database is located in C:\.
The first page shall be called EditSecurityUserByName1.php. It shall be the responsibility of this page to prompt the user for a EditName and then transfer processing control to the second page.
The second page shall be called EditSecurityUserByName2.php. Control shall pass to a generic Error.php page in the event that the EditName is blank. Control shall pass to a generic Error.php page in the event that the EditName is not numeric. Control shall pass to a generic Error.php page in the event that the there is no record whose No is EditName. It shall be the responsibility of this page to retrieve the existing information from the user record and enable the user to alter the Name, Password, or No; upon completion, transfer processing control to the third page.
The third page shall be called EditSecurityUserByNameConfirmation.php. It shall be the responsibility of this page to update/modify the user record in the database table if correct. Control shall pass to a generic Error.php page in the event that the NewName is blank. Control shall pass to a generic Error.php page in the event that the NewNo is blank. Control shall pass to a generic Error.php page in the event that the NewPassword is blank. Control shall pass to a generic Error.php page in the event that the NewPassword is not numeric.
The autonumber field, IDNo shall be automatically completed by the database.
<?PHP #========================================================================= #========================================================================= #==== EditSecurityUserByName1.php ==== #========================================================================= #==== ==== #==== Purpose : Prompt the user for the User No & transfer ==== #==== to page EditSecurityUserByName2.php to load ==== #==== current information and allow user to edit. ==== #==== ==== #==== Written By : Dr. Thomas E. Hicks Date: 08/1/2003 ==== #========================================================================= #========================================================================= |
The server will have one default scripting language. This may or may not be VBScript. This line makes sure that the scripting language is VBScript. Blocks of PHP code begin with <% and end with %>.
#--------------------------------------------------------------------------
# This block of code starts a new session and clears any session
# variables. It shall make sure that the input boxes on this form
# are initially blank; session variables shall store a copy of the
# user responses in all input boxes so that they may be reloaded on
# the page in the event that the user must return back to this page
# because of invalid input. The PreviousPage variable shall
# enable the corresponding confirmation page to assure that it is
# only called from this page.
#--------------------------------------------------------------------------
If (!IsSet($NewEditName))
{
Session_Start();
Session_UnSet();
$NewEditName = "";
$PreviousPage = "Edit1";
$EditName = "";
Session_Register("NewEditName");
Session_Register("PreviousPage");
}
Else
$EditName = $_SESSION["NewEditName"];
$_SESSION["PreviousPage"] = "Edit1";
?>
|
This block of code starts a new session and clears any session variables. It shall make sure that the input boxes on this form are initially blank; session variables shall store a copy of the user responses in all input boxes so that they may be reloaded on the page in the event that the user must return back to this page because of invalid input. The PreviousPage variable shall enable the corresponding confirmation page to assure that it is only called from this page.
<HTML> <HEAD><TITLE>Dr. Thomas E. Hicks - EditSecurityUserByName1.php</TITLE> </HEAD> |
The HTML places Dr. Thomas E. Hicks - EditSecurityUserByName1.php in the browser title bar.
<BODY TEXT = "#000000"
BGCOLOR = "#000000"
VLINK ="#000000"
ALINK ="#000000"
BACKGROUND ="Paper.jpg">
|
This HTML code above defines the page background, the default text color, the default background color, and the default link colors.
<CENTER><FONT FACE ="Arial" SIZE="4">EditSecurityUserByName1.php<BR> Written By<BR>Dr. Thomas E. Hicks</FONT></CENTER><HR> |
The HTML code above creates the following commercial at the top of the page.
EditSecurityUserByName1.php
Written By
Dr. Thomas E. Hicks
<FORM METHOD = "POST"
ACTION = "EditSecurityUserByName2.php">
|
This is a standard HTML form which shall provide the user an opportunity to enter a user No and transfer that information to page EditSecurityUserByName2.php.
<TABLE BORDER = "5"
CELLPADDING = "4"
CELLSPACING = "4"
STYLE = "border-collapse: collapse"
BORDERCOLOR = "#800000"
BGCOLOR = "#FFFFFF"
ALIGN = "Center">
|
A table shall be used to organize the prompts, buttons, and input boxes.
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Edit User With Name
<INPUT TYPE = "Text"
VALUE = "<?PHP Print $EditName ?>"
NAME = "EditName"
SIZE = 20
STYLE = "FONT-FAMILY ='Arial';FONT-SIZE=12pt; FONT-Weight='Bold'"
MAXSIZE = 20></B></FONT>
</TD></TR>
|
In the first row of the table shall be a prompt ==> Edit User Name ==> and a 10 character text box in which to enter the information. Note that the name of the textbox is EditName; the post method will transfer this information to the confirmation page.
<TR><TD>
<INPUT TYPE = "SUBMIT"
VALUE = "Edit This User Now!"
STYLE = "BACKGROUND=BLUE; COLOR=#FFFFFF ;CURSOR=hand;
FONT-FAMILY ='SYSTEM';FONT-SIZE=10pt">
</TD></TR>
</TABLE></FORM>
</BODY></HTML>
|
The second row of the table shall contain a blue submit button whose caption is Edit This User Now! The remainder of the HTML code above simply ends the table, the form, the body, and the document.
The complete code may be found below. A working model may be found at
<?PHP
#=========================================================================
#=========================================================================
#==== EditSecurityUserByName1.php ====
#=========================================================================
#==== ====
#==== Purpose : Prompt the user for the User Name & transfer ====
#==== to page EditSecurityUserByNo2.asp to load ====
#==== current information and allow user to edit. ====
#==== ====
#==== Written By : Dr. Thomas E. Hicks Date: 08/1/2003 ====
#=========================================================================
#=========================================================================
#--------------------------------------------------------------------------
# This block of code starts a new session and clears any session
# variables. It shall make sure that the input boxes on this form
# are initially blank; session variables shall store a copy of the
# user responses in all input boxes so that they may be reloaded on
# the page in the event that the user must return back to this page
# because of invalid input. The PreviousPage variable shall
# enable the corresponding confirmation page to assure that it is
# only called from this page.
#--------------------------------------------------------------------------
If (!IsSet($NewEditName))
{
Session_Start();
Session_UnSet();
$NewDeleteName = "";
$PreviousPage = "Edit1";
$EditName = "";
Session_Register("NewEditName");
Session_Register("PreviousPage");
}
Else
$EditName = $_SESSION["NewEditName"];
$_SESSION["PreviousPage"] = "Edit1";
?>
<HTML>
<HEAD><TITLE>Dr. Thomas E. Hicks - EditSecurityUserByName1.php</TITLE>
</HEAD>
<BODY TEXT = "#000000"
BGCOLOR = "#000000"
VLINK ="#000000"
ALINK ="#000000"
BACKGROUND ="Paper.jpg">
<CENTER><FONT FACE ="Arial" SIZE="4">EditSecurityUserByName1.php<BR>
Written By<BR>Dr. Thomas E. Hicks</FONT></CENTER><HR>
<FORM METHOD = "GET"
ACTION = "EditSecurityUserByName2.php">
<TABLE BORDER = "5"
CELLPADDING = "4"
CELLSPACING = "4"
STYLE = "border-collapse: collapse"
BORDERCOLOR = "#800000"
BGCOLOR = "#FFFFFF"
WIDTH = "100%">
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Edit User With Name
<INPUT TYPE = "Text"
VALUE = "<?PHP Print $EditName ?>"
NAME = "EditName"
SIZE = 20
STYLE = "FONT-FAMILY ='Arial';FONT-SIZE=12pt; FONT-Weight='Bold'"
MAXSIZE = 20></B></FONT>
</TD></TR>
<TR><TD ALIGN = "Center">
<INPUT TYPE = "SUBMIT"
VALUE = "Edit User With This Name Now!"
STYLE = "BACKGROUND=BLUE; COLOR=#FFFFFF ;CURSOR=hand;
FONT-FAMILY ='SYSTEM';FONT-SIZE=10pt">
</TD></TR>
</TABLE></FORM>
</BODY></HTML>
|
You can see the results below:
<?PHP #======================================================================== #======================================================================== #==== EditSecurityUserByName2.php ==== #======================================================================== #==== ==== #==== Purpose : Read the desired record into a form for editing. ==== #==== Go to page EditSecurityUserByNameConfirmation.asp ==== #==== to update the record. ==== #==== ==== #==== Written By : Dr. Thomas E. Hicks Date: 6/1/2003 ==== #======================================================================== #======================================================================== |
The documentation block provides a brief statement of purpose. Blocks of PHP code begin with <?PHP and end with ?>.
#--------------------------------------------------------------------------
# Include The Database Utilities
#--------------------------------------------------------------------------
Include('../adodb/adodb.inc.php');
|
Include file adodb.inc.php which contains many of the database access extensions to PHP.
#--------------------------------------------------------------------------
# May Only Enter This Page From EditSecurityUserByName1.php!
#--------------------------------------------------------------------------
If ($_SESSION["PreviousPage"] != "Edit1" )
{
Print "<script language = 'JavaScript'> " .
"window.location = 'EditSecurityUserByName1.php'</Script>";
Print " ";
Exit;
}
|
The user should not be able to directly evoke this page from the browser; make sure that the only way that this page can be launched is from the EditSecurityUserByName1.php page.
#-------------------------------------------------------------------------- # Declarations & Initializations #-------------------------------------------------------------------------- $Counter = 1; $EditName = Trim($_REQUEST["EditName"]); $_SESSION["NewEditName"] = Trim($_REQUEST["EditName"]); $_SESSION["PreviousPage"] = "Edit2"; |
Initialize Counter to 1. Fill EditName with the trimmed value from the form on page EditSecurityUserConfirmation.php
#--------------------------------------------------------------------------
# Make Sure That EditName Is Not Blank!
#--------------------------------------------------------------------------
If (StrLen($EditName) == 0)
{
$ErrorMessage = "The Edit No May Not Be Blank!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
|
If the user fails to enter a EditName, then the length will be zero. A successful search for this record requires the length of the EditName to be greater than zero. In the event that the user leaves the EditName blank, a session variable, describing the error, is created and the generic Error.php is loaded to display the error. The extra Print and Exit simply delay the processing so that things work in synch.
#--------------------------------------------------------------------------
# Make Sure That EditName Is Numeric!
#--------------------------------------------------------------------------
If (Is_Numeric($EditName) == FALSE)
{
$ErrorMessage = "The Edit No Must Be Numeric!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
|
If the user fails to enter a valid number, then the search will be unsuccessful. In the event that the user enters an invalid number, a session variable, describing the error, is created and the generic Error.php is loaded to display the error. The extra Print and Exit simply delay the processing so that things work in synch.
#--------------------------------------------------------------------------
# Access Database RealPath Connect To The Server
#--------------------------------------------------------------------------
#------------------------ Create A Connection Object ----------------------
$Conn = New COM("ADODB.Connection");
#------------------------------ Absolute Path -----------------------------
$ConnStr = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" .
RealPath("C:\Security.mdb");
#------------------------------ Relative Path -----------------------------
$ConnStr = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" .
RealPath("../../../Security.mdb");
#--------------------------------- Connect --------------------------------
$Conn->Open($ConnStr);
|
The block of code above connects this page to the Security database. A connection object is created. Variable ConnStr contains part of the connection arguments. The Conn->Open opens the Security database and associates it with the connection object.
#--------------------------------------------------------------------------
# Attempt To Create a Record Set Containing The Record EditName
#--------------------------------------------------------------------------
#--------------------------- Traditional SQL Query ------------------------
$UserSQL = " SELECT * " .
" FROM Users " .
" WHERE Users.No = " . $EditName ;
#------------- Create A Record Set That Contains Results Of Query ---------
$UsersRecordSet = $Conn->Execute($UserSQL);
|
The SQL query is to search for and read the user whose No is EditName. This query may or may not be successful. There may be no matches..
#--------------------------------------------------------------------------
# There Must Be A Record Set
#--------------------------------------------------------------------------
If (!$UsersRecordSet)
{
$ErrorMessage = "System Error - Unable To Generate Record Set!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
|
If the record set is not created, then there is a definite error; a session variable, describing the error, is created and the generic Error.php is loaded to display the error.
#--------------------------------------------------------------------------
# There Must Be A Record To Edit
#--------------------------------------------------------------------------
If ($UsersRecordSet->EOF)
{
$ErrorMessage = "There Are No Records Matching This Sought No!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
|
If the user enters a EditName that is not found in the Users table, then the record set will be empty and EOF will be true. In the event that the query is unsuccessful, a session variable, describing the error, is created and the generic Error.php is loaded to display the error.
#--------------------------------------------------------------------------
# Read The Four Fields Of The Current Record Into Objects
#--------------------------------------------------------------------------
$Name = $UsersRecordSet->Fields(0);
$No = $UsersRecordSet->Fields(1);
$Password = $UsersRecordSet->Fields(2);
$IDNo = $UsersRecordSet->Fields(3);
|
For simplicity, these shall then be transferred into normal string and numeric variables.
#--------------------------------------------------------------------------
# Extract The Values From The Objects - Put Into Variables
#--------------------------------------------------------------------------
$NewName = $Name->Value;
$NewNo = $No->Value;
$NewPassword = $Password->Value;
$NewIdNo = $IDNo->Value;
?>
|
For simplicity, these shall then be transferred into normal string and numeric variables.
<HTML> <HEAD><TITLE>Dr. Thomas E. Hicks - EditSecurityUserByName2.php</TITLE></HEAD> |
Fill No with the integer value passed from EditName in the text input box.
<BODY TEXT = "#000000" BGCOLOR = "#000000" VLINK ="#000000" ALINK ="#000000" BACKGROUND ="Paper.jpg"> |
This HTML code above defines the page background, the default text color, the default background color, and the default link colors.
<CENTER><FONT FACE ="Arial" SIZE="4">EditSecurityUserByName2.php<BR> Written By<BR>Dr. Thomas E. Hicks</FONT></CENTER><HR> |
The HTML code above creates the following commercial at the top of the page.
EditSecurityUserByName2.php
Written By
Dr. Thomas E. Hicks
<FORM METHOD = "POST"
ACTION = "EditSecurityUserByName2.php">
|
This is a standard HTML form which shall provide the user an opportunity to enter a user No and transfer that information to page EditSecurityUserByName2.php.
<TABLE BORDER = "5"
CELLPADDING = "4"
CELLSPACING = "4"
STYLE = "border-collapse: collapse"
BORDERCOLOR = "#800000"
BGCOLOR = "#FFFFFF"
ALIGN = "Center">
|
A table shall be used to organize the prompts, buttons, and input boxes.
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Enter Name
<INPUT TYPE = "Text"
VALUE = "<?PHP Print $NewName ?>"
NAME = "NewName"
SIZE = 20
STYLE = "FONT-FAMILY ='Arial';FONT-SIZE=12pt; FONT-Weight='Bold'"
MAXSIZE = 20></B></FONT>
</TD></TR>
|
In the first row of the table shall be a prompt ==> Enter Name ==> and a 20 character text box in which to enter the information. Note that the name of the textbox is NewName; the post method will transfer this information to the confirmation page. It is initialized with the value read from the record.
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Enter No
<INPUT TYPE = "Text"
VALUE = "<?PHP Print $NewNo ?>"
NAME = "NewNo"
SIZE = 10
STYLE = "FONT-FAMILY ='Arial';FONT-SIZE=12pt; FONT-Weight='Bold'"
MAXSIZE = 10></B></FONT>
</TD></TR>
|
In the second row of the table shall be a prompt ==> Enter No ==> and a 10 character text box in which to enter the information. Note that the name of the textbox is NewNo; the post method will transfer this information to the confirmation page. It is initialized with the value read from the record.
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Enter Password
<INPUT TYPE = "Text"
VALUE = "<?PHP Print $NewPassword ?>"
NAME = "NewPassword"
SIZE = 15
STYLE = "FONT-FAMILY ='Arial';FONT-SIZE=12pt; FONT-Weight='Bold'"
MAXSIZE = 15></B></FONT>
</TD></TR>
|
In the third row of the table shall be a prompt ==> Enter Password ==> and a 15 character text box in which to enter the information. Note that the name of the textbox is NewPassword; the post method will transfer this information to the confirmation page. It is initialized with the value read from the record.
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B> ID # <FONT COLOR = "#000000"> <?PHP Print $NewIdNo ?> </FONT></FONT></B> </TD></TR> |
In the fourth row of the table shall be a display of the IDNo field; since it is a unique auto number field assigned by the access database, it may not be altered by the user or programmer.
<TR><TD><CENTER>
<INPUT TYPE = "SUBMIT"
VALUE = "Update This Record Now!"
STYLE = "BACKGROUND=BLUE; COLOR=#FFFFFF ;CURSOR=hand;
FONT-FAMILY ='SYSTEM'">
</CENTER></TD></TR>
</TABLE></FORM>
|
The fifth row of the table shall contain a blue submit button whose caption is Update This Record Now! The remainder of the HTML code above simply ends the table, the form, the body, and the document.
The complete code may be found below. A working model may be found at
<?PHP
#========================================================================
#========================================================================
#==== EditSecurityUserByName2.php ====
#========================================================================
#==== ====
#==== Purpose : Read the desired record into a form for editing. ====
#==== Go to page EditSecurityUserByNameConfirmation.asp ====
#==== to update the record. ====
#==== ====
#==== Written By : Dr. Thomas E. Hicks Date: 6/1/2003 ====
#========================================================================
#========================================================================
#--------------------------------------------------------------------------
# Include The Database Utilities
#--------------------------------------------------------------------------
Include('../adodb/adodb.inc.php');
#--------------------------------------------------------------------------
# Create A Session With The Server
#--------------------------------------------------------------------------
#--------------------------------------------------------------------------
# $May Only Enter This Page From EditSecurityUserByName1.php!
#--------------------------------------------------------------------------
If ($_SESSION["PreviousPage"] != "Edit1" )
{
Print "<script language = 'JavaScript'> " .
"window.location = 'EditSecurityUserByName1.php'</Script>";
Print " ";
Exit;
}
#--------------------------------------------------------------------------
# Declarations & Initializations
#--------------------------------------------------------------------------
$Counter = 1;
$EditName = Trim($_REQUEST["EditName"]);
$_SESSION["NewEditName"] = Trim($_REQUEST["EditName"]);
$_SESSION["PreviousPage"] = "Edit2";
#--------------------------------------------------------------------------
# Make Sure That EditName Is Not Blank!
#--------------------------------------------------------------------------
If (StrLen($EditName) == 0)
{
$ErrorMessage = "The Sought Name May Not Be Blank!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
#--------------------------------------------------------------------------
# Access Database RealPath Connect To The Server
#--------------------------------------------------------------------------
#------------------------ Create A Connection Object ----------------------
$Conn = New COM("ADODB.Connection");
#------------------------------ Absolute Path -----------------------------
$ConnStr = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" .
RealPath("C:\Security.mdb");
#------------------------------ Relative Path -----------------------------
$ConnStr = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" .
RealPath("../../../Security.mdb");
#--------------------------------- Connect --------------------------------
$Conn->Open($ConnStr);
#--------------------------------------------------------------------------
# Read All Of The Matching User Names Into The RecordSet
#--------------------------------------------------------------------------
#--------------------------- Traditional SQL Query ------------------------
$UserSQL = " SELECT * " .
" FROM Users " .
" WHERE Name = '" . $EditName . "'" ;
#------------- Create A Record Set That Contains Results Of Query ---------
$UsersRecordSet = $Conn->Execute($UserSQL);
#------- If No Record Set Was Generated, Print Out The Error Message ------
If (!$UsersRecordSet)
{
$ErrorMessage = "System Error - Unable To Generate Record Set!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
#------- If There Are No Records In The Record Set, Display Message -------
If ($UsersRecordSet->EOF)
{
$ErrorMessage = "There Are No Records Matching This Sought Name!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
#------------------ There Are Records To Display ---------------------------
If (!IsSet($Name))
{
$Name = $UsersRecordSet->Fields(0);
$No = $UsersRecordSet->Fields(1);
$Password = $UsersRecordSet->Fields(2);
$IDNo = $UsersRecordSet->Fields(3);
$NewName = $Name->Value;
$NewNo = $No->Value;
$NewPassword = $Password->Value;
$NewIdNo = $IDNo->Value;
}
?>
<HTML>
<HEAD><TITLE>Dr. Thomas E. Hicks - EditSecurityUserByName2.php</TITLE></HEAD>
<BODY TEXT = "#000000"
BGCOLOR = "#000000"
VLINK = "#000000"
ALINK = "#000000"
BACKGROUND = "Paper.jpg">
<CENTER><FONT FACE ="Arial" SIZE="4">EditSecurityUserByName2.php<BR>
Written By<BR>Dr. Thomas E. Hicks</FONT></CENTER><HR>
<FORM METHOD = "POST"
ACTION = "EditSecurityUserByNameConfirmation.php">
<TABLE BORDER = "5"
CELLPADDING = "4"
CELLSPACING = "4"
STYLE = "border-collapse: collapse"
BORDERCOLOR = "#800000"
BGCOLOR = "#FFFFFF"
ALIGN = "Center">
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Enter Name
<INPUT TYPE = "Text"
VALUE = "<?PHP Print $NewName ?>"
NAME = "NewName"
SIZE = 20
STYLE = "FONT-FAMILY ='Arial';FONT-SIZE=12pt; FONT-Weight='Bold'"
MAXSIZE = 20></B></FONT>
</TD></TR>
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Enter No
<INPUT TYPE = "Text"
VALUE = "<?PHP Print $NewNo ?>"
NAME = "NewNo"
SIZE = 10
STYLE = "FONT-FAMILY ='Arial';FONT-SIZE=12pt; FONT-Weight='Bold'"
MAXSIZE = 10></B></FONT>
</TD></TR>
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Enter Password
<INPUT TYPE = "Text"
VALUE = "<?PHP Print $NewPassword ?>"
NAME = "NewPassword"
SIZE = 15
STYLE = "FONT-FAMILY ='Arial';FONT-SIZE=12pt; FONT-Weight='Bold'"
MAXSIZE = 15></B></FONT>
</TD></TR>
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
ID #
<FONT COLOR = "#000000">
<?PHP Print $NewIdNo ?>
</FONT></FONT></B>
</TD></TR>
<TR><TD><CENTER>
<INPUT TYPE = "SUBMIT"
VALUE = "Update This User In Database!"
STYLE = "BACKGROUND=BLUE; COLOR=#FFFFFF ;CURSOR=hand;
FONT-FAMILY ='SYSTEM';FONT-SIZE=10pt">
</CENTER></TD></TR>
</TABLE></FORM>
</BODY></HTML>
|
You can see the results below:
<?PHP #======================================================================== #======================================================================== #==== EditSecurityUserByNameConfirmation.php ==== #======================================================================== #==== ==== #==== Purpose : Transfer to page Error.asp and report error if ==== #==== user does not enter the Sought No. Transfer ==== #==== to page Error.asp and report error if the ==== #==== search comes up empty. Update the corrected ==== #==== record. ==== #==== ==== #==== Written By : Dr. Thomas E. Hicks Date: 6/1/2003 ==== #======================================================================== #======================================================================== |
The documentation block provides a brief statement of purpose. Blocks of PHP code begin with <?PHP and end with ?>.
#--------------------------------------------------------------------------
# Include The Database Utilities
#--------------------------------------------------------------------------
Include('../adodb/adodb.inc.php');
#--------------------------------------------------------------------------
# Continue The Session
#--------------------------------------------------------------------------
|
Include file adodb.inc.php which contains many of the database access extensions to PHP.
#--------------------------------------------------------------------------
# May Only Enter This Page From EditSecurityUserByName2.php!
#--------------------------------------------------------------------------
If ($_SESSION["PreviousPage"] != "Edit2" )
{
Print "<Script Language = 'JavaScript'> " .
"window.location = 'EditSecurityUserByName1.php'</Script>";
Print " ";
Exit;
}
|
The user should not be able to directly evoke this page from the browser; make sure that the only way that this page can be launched is from the EditSecurityUserByName2.php page.
#------------------------------------------------------------------------ # Initializations - Fill Local Variables From Form Info #------------------------------------------------------------------------ $NewPassword = Trim($_REQUEST["NewPassword"]); $NewName = Trim($_REQUEST["NewName"]); $NewNo = Trim($_REQUEST["NewNo"]); |
NewName, NewNo, and NewPassword shall be passed to the confirmation page. You will not see them in the URL with the Post option.
#------------------------------------------------------------------------
# Transfer To Page Error If User Does Not Enter A Name
#------------------------------------------------------------------------
If (StrLen($NewName) == 0)
{
$ErrorMessage = "The Name May Not Be Blank!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
|
If the user fails to enter a NewName, then the length will be zero. A successful add requires the NewNameto be greater than zero. In the event that the user leaves the NewName blank, a session variable, describing the error, is created and the generic Error.php is loaded to display the error.
#------------------------------------------------------------------------
# Transfer To Page Error If User Does Not Enter A No
#------------------------------------------------------------------------
If (StrLen($NewNo) == 0)
{
$ErrorMessage = "The No May Not Be Blank!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
|
If the user fails to enter a NewNo, then the length will be zero. A successful add requires the NewNobe greater than zero. In the event that the user leaves the NewNo blank, a session variable, describing the error, is created and the generic Error.php is loaded to display the error.
#------------------------------------------------------------------------
# Transfer To Page Error If User Does Not Enter A Password
#------------------------------------------------------------------------
If (StrLen($NewPassword) == 0)
{
$ErrorMessage = "The Password May Not Be Blank!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
|
If the user fails to enter a NewPassword, then the length will be zero. A successful add requires the NewNameto be greater than zero. In the event that the user leaves the NewPassword blank, a session variable, describing the error, is created and the generic Error.php is loaded to display the error.
#------------------------------------------------------------------------
# Transfer To Page Error If User Does Not Enter A Numeric Value
#------------------------------------------------------------------------
If (Is_Numeric($NewNo) == FALSE)
{
$ErrorMessage = "The Edit No Must Be Numeric!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
|
If the user must enter a numerical value for NewNo. In the event that the user a non-numerical value, a session variable, describing the error, is created and the generic Error.php is loaded to display the error.
#--------------------------------------------------------------------------
# Access Database RealPath Connect To The Server
#--------------------------------------------------------------------------
#------------------------ Create A Connection Object ----------------------
$Conn = New COM("ADODB.Connection");
#------------------------------ Absolute Path -----------------------------
$ConnStr = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" .
RealPath("C:\Security.mdb");
#------------------------------ Relative Path -----------------------------
$ConnStr = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" .
RealPath("../../../Security.mdb");
#--------------------------------- Connect --------------------------------
$Conn->Open($ConnStr);
|
The block of code above connects this page to the Security database. A connection object is created. Variable ConnStr contains part of the connection arguments. The Conn->Open opens the Security database and associates it with the connection object.
#------------------------------------------------------------------------
# Add The Record To The Database
#------------------------------------------------------------------------
$UserSQL = " UPDATE Users SET " .
" Name = '" . $NewName . "', " .
" No = " . $NewNo . ", " .
" Password = '" . $NewPassword . "' " .
" Where Name = '" . $_SESSION["NewEditName"] . "'" ;
$UsersRecordSet = $Conn->Execute($UserSQL);
?>
|
The SQL query updates the record in the Users database table.
<HTML><HEAD> <TITLE>Dr. Thomas E. Hicks - EditSecurityUserConfirmation.php </TITLE> </HEAD> |
The HTML places Dr. Thomas E. Hicks - EditSecurityUserByNameConfirmation.php in the browser title bar.
<BODY TEXT = "#000000" BGCOLOR = "#000000" VLINK ="#000000" ALINK ="#000000" BACKGROUND ="Paper.jpg"> |
This HTML code above defines the page background, the default text color, the default background color, and the default link colors.
<CENTER> <FONT FACE="Arial" SIZE="4">EditSecurityUserConfirmation.php<BR> Written By<BR> Dr. Thomas E. Hicks</font><P> </CENTER> <HR> |
The HTML code above creates the following commercial at the top of the page.
EditSecurityUserByNameConfirmation.php
Written By
Dr. Thomas E. Hicks
<P><FONT COLOR="#FF0000" FACE="Arial"> <?PHP Print $NewName ; ?> has been updated in the database! <FONT> |
Although it is not essential, we are going to display the name of the user added to the database.
<?PHP #-------------------------------------------------------------------------- # Close & Terminate The Connections #-------------------------------------------------------------------------- $Conn->Close(); $UsersRecordSet = null; $Conn = null; |
Close the connection. Since the delete does not return a record set, you may not close it! Set both to null.
#-------------------------------------------------------------------------- # Terminate The Session #-------------------------------------------------------------------------- Session_UnSet(); Session_Destroy(); ?> |
Clear the session variables and close the session.
</TABLE> </BODY></HTML> |
The HTML code above simply ends the table, the body, and the document.
The complete code may be found below. A working model may be found at
<?PHP
#========================================================================
#========================================================================
#==== EditSecurityUserByNameConfirmation.php ====
#========================================================================
#==== ====
#==== Purpose : Transfer to page Error.asp and report error if ====
#==== user does not enter the Sought Name. Transfer ====
#==== to page Error.asp and report error if the ====
#==== search comes up empty. Update the corrected ====
#==== record. ====
#==== ====
#==== Written By : Dr. Thomas E. Hicks Date: 6/1/2003 ====
#========================================================================
#========================================================================
#--------------------------------------------------------------------------
# Include The Database Utilities
#--------------------------------------------------------------------------
Include('../adodb/adodb.inc.php');
#--------------------------------------------------------------------------
# Continue The Session
#--------------------------------------------------------------------------
#--------------------------------------------------------------------------
# $May Only Enter This Page From EditSecurityUserByName2.php!
#--------------------------------------------------------------------------
If ($_SESSION["PreviousPage"] != "Edit2" )
{
Print "<Script Language = 'JavaScript'> " .
"window.location = 'EditSecurityUserByName1.php'</Script>";
Print " ";
Exit;
}
#------------------------------------------------------------------------
# Initializations - Fill Local/Sessio Variables
#------------------------------------------------------------------------
$NewPassword = Trim($_REQUEST["NewPassword"]);
$NewName = Trim($_REQUEST["NewName"]);
$NewNo = Trim($_REQUEST["NewNo"]);
#------------------------------------------------------------------------
# Transfer To Page Error If User Does Not Enter A Name
#------------------------------------------------------------------------
If (StrLen($NewName) == 0)
{
$ErrorMessage = "The Name May Not Be Blank!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
#------------------------------------------------------------------------
# Transfer To Page Error If User Does Not Enter A No
#------------------------------------------------------------------------
If (StrLen($NewNo) == 0)
{
$ErrorMessage = "The No May Not Be Blank!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
#------------------------------------------------------------------------
# Transfer To Page Error If User Does Not Enter A Password
#------------------------------------------------------------------------
If (StrLen($NewPassword) == 0)
{
$ErrorMessage = "The Password May Not Be Blank!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
#------------------------------------------------------------------------
# Transfer To Page Error If User Does Not Enter A Numeric Value
#------------------------------------------------------------------------
If (Is_Numeric($NewNo) == FALSE)
{
$ErrorMessage = "The Sought No Must Be Numeric!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
#--------------------------------------------------------------------------
# Access Database RealPath Connect To The Server
#--------------------------------------------------------------------------
#------------------------ Create A Connection Object ----------------------
$Conn = New COM("ADODB.Connection");
#------------------------------ Absolute Path -----------------------------
$ConnStr = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" .
RealPath("C:\Security.mdb");
#------------------------------ Relative Path -----------------------------
$ConnStr = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" .
RealPath("../../../Security.mdb");
#--------------------------------- Connect --------------------------------
$Conn->Open($ConnStr);
#------------------------------------------------------------------------
# Add The Record To The Database
#------------------------------------------------------------------------
$UserSQL = " UPDATE Users SET " .
" Name = '" . $NewName . "', " .
" No = " . $NewNo . ", " .
" Password = '" . $NewPassword . "' " .
" Where Name = '" . $_SESSION["NewEditName"] . "'" ;
$UsersRecordSet = $Conn->Execute($UserSQL);
?>
<HTML><HEAD>
<TITLE>Dr. Thomas E. Hicks - EditSecurityUserConfirmation.php </TITLE>
</HEAD>
<BODY TEXT = "#000000"
BGCOLOR = "#000000"
VLINK ="#000000"
ALINK ="#000000"
BACKGROUND ="Paper.jpg">
<CENTER>
<FONT FACE="Arial" SIZE="4">EditSecurityUserConfirmation.php<BR>
Written By<BR>
Dr. Thomas E. Hicks</font><P>
</CENTER>
<HR>
<P><FONT COLOR="#FF0000" FACE="Arial">
<?PHP
Print $NewName ;
?> has been updated in the database! <FONT>
<?PHP
#--------------------------------------------------------------------------
# Close & Terminate The Connections
#--------------------------------------------------------------------------
$Conn->Close();
$UsersRecordSet = null;
$Conn = null;
#--------------------------------------------------------------------------
# Terminate The Session
#--------------------------------------------------------------------------
Session_UnSet();
Session_Destroy();
?>
</BODY></HTML>
|
You can see the results below:
The complete code may be found below.
<?PHP
#====================================================================================
#====================================================================================
#==== DisplayError.asp ====
#==== ====
#==== Purpose : Display the global System variable ErrorMessage and provide the ====
#==== User with a button which will allow them to return to the ====
#==== original form two levels back in the history. ====
#==== ====
#==== Written By : Dr. Thomas E. Hicks ====
#====================================================================================
#====================================================================================
?>
<HTML><BODY BACKGROUND = "Paper.jpg">
<HR>
<CENTER><p Align="Center"><b><Font Size=+0 Color="#660033">
<br>
<?PHP
Print $ErrorMessage;
?>
</font></b>
<FORM METHOD="POST">
<INPUT TYPE = "BUTTON"
VALUE = " Click This Button To Go Back To Correct The Problem! "
STYLE = "BackGround=DarkGreen; Color=#FFFFFF ;Cursor=hand; ".
"Font-Family ='system';Font-Size=10pt"
OnClick = "history.go( -2 ); return true;">
</FORM>
<HR></CENTER></BODY></HTML>
|