Tutorial:
Database - PHP - Edit Security Users By No With Access Database
Dr.
Thomas E. Hicks
Computer Science
Department
Trinity University
IIS 5 Install on Windows XP Pro
IIS 5 Installation on Windows 2000 Pro/Server
It might even help to read a tutorial that describes the need for Database Web Applications.
Database Need For Web Applications
You may use the basic ideas of this tutorial for either the ODBC connection or the MapPath connection..
Database - PHP - ODBC Connections
Database - PHP - MapPath Connections
For purposes of discussion, let us suppose that an Access Database, called Security.mdb, resides at the root of drive C. (See Below!) When a database is installed on the web server, the necessary ODBC drivers are also installed. If the web server does not have the database installed, then the ODBC drivers will have to be downloaded and installed; this process differs from database to database and is beyond the scope of this paper. Microsoft Access and the appropriate ODBC drivers have been installed on the server illustrated below.
The Security Database is opened and the Tables tab is selected; in order to keep our example simplistic, the Security Database has only a single table, called Users. The contents of our very simple Users table can be seen below.
Each record in the Users table contains fields Name, No, Password, and IDNo; these will be needed later.
The datatypes of each field may be seen below.
The Security Database above was is ultra trivial application which had only one database table. Relational databases often have many tables; this is true of Access databases as well. This database may be downloaded.
We are going to place all of the PHP files in folder C:\Inetpub\wwwroot\PHP. We could place the database files anywhere on the drive. For security reasons, it is not a good idea to place them in the wwwroot directory.
For purposes of this tutorial, we shall assume that the Security database files are located in C:\Security. For purposes of this tutorial, we shall assume that the Security database is located in C:\.
The first page shall be called EditSecurityUserByNo1.php. It shall be the responsibility of this page to prompt the user for a EditNo and then transfer processing control to the second page.
The second page shall be called EditSecurityUserByNo2.php. Control shall pass to a generic Error.php page in the event that the EditNo is blank. Control shall pass to a generic Error.php page in the event that the EditNo is not numeric. Control shall pass to a generic Error.php page in the event that the there is no record whose No is EditNo. It shall be the responsibility of this page to retrieve the existing information from the user record and enable the user to alter the Name, Password, or No; upon completion, transfer processing control to the third page.
The third page shall be called EditSecurityUserByNoConfirmation.php. It shall be the responsibility of this page to update/modify the user record in the database table if correct. Control shall pass to a generic Error.php page in the event that the NewName is blank. Control shall pass to a generic Error.php page in the event that the NewNo is blank. Control shall pass to a generic Error.php page in the event that the NewPassword is blank. Control shall pass to a generic Error.php page in the event that the NewPassword is not numeric.
The autonumber field, IDNo shall be automatically completed by the database.
<?PHP #========================================================================= #========================================================================= #==== EditSecurityUserByNo1.php ==== #========================================================================= #==== ==== #==== Purpose : Prompt the user for the User No & transfer ==== #==== to page EditSecurityUserByNo2.php to load ==== #==== current information and allow user to edit. ==== #==== ==== #==== Written By : Dr. Thomas E. Hicks Date: 08/1/2003 ==== #========================================================================= #========================================================================= |
The server will have one default scripting language. This may or may not be VBScript. This line makes sure that the scripting language is VBScript. Blocks of PHP code begin with <% and end with %>.
#--------------------------------------------------------------------------
# This block of code starts a new session and clears any session
# variables. It shall make sure that the input boxes on this form
# are initially blank; session variables shall store a copy of the
# user responses in all input boxes so that they may be reloaded on
# the page in the event that the user must return back to this page
# because of invalid input. The PreviousPage variable shall
# enable the corresponding confirmation page to assure that it is
# only called from this page.
#--------------------------------------------------------------------------
If (!IsSet($NewEditNo))
{
Session_Start();
Session_UnSet();
$NewEditNo = "";
$PreviousPage = "Edit1";
$EditNo = "";
Session_Register("NewEditNo");
Session_Register("PreviousPage");
}
Else
$EditNo = $_SESSION["NewEditNo"];
$_SESSION["PreviousPage"] = "Edit1";
?>
|
This block of code starts a new session and clears any session variables. It shall make sure that the input boxes on this form are initially blank; session variables shall store a copy of the user responses in all input boxes so that they may be reloaded on the page in the event that the user must return back to this page because of invalid input. The PreviousPage variable shall enable the corresponding confirmation page to assure that it is only called from this page.
<HTML> <HEAD><TITLE>Dr. Thomas E. Hicks - EditSecurityUserByNo1.php</TITLE> </HEAD> |
The HTML places Dr. Thomas E. Hicks - EditSecurityUserByNo1.php in the browser title bar.
<BODY TEXT = "#000000"
BGCOLOR = "#000000"
VLINK ="#000000"
ALINK ="#000000"
BACKGROUND ="Paper.jpg">
|
This HTML code above defines the page background, the default text color, the default background color, and the default link colors.
<CENTER><FONT FACE ="Arial" SIZE="4">EditSecurityUserByNo1.php<BR> Written By<BR>Dr. Thomas E. Hicks</FONT></CENTER><HR> |
The HTML code above creates the following commercial at the top of the page.
EditSecurityUserByNo1.php
Written By
Dr. Thomas E. Hicks
<FORM METHOD = "POST"
ACTION = "EditSecurityUserByNo2.php">
|
This is a standard HTML form which shall provide the user an opportunity to enter a user No and transfer that information to page EditSecurityUserByNo2.php.
<TABLE BORDER = "5"
CELLPADDING = "4"
CELLSPACING = "4"
STYLE = "border-collapse: collapse"
BORDERCOLOR = "#800000"
BGCOLOR = "#FFFFFF"
ALIGN = "Center">
|
A table shall be used to organize the prompts, buttons, and input boxes.
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Edit User With No
<INPUT TYPE = "Text"
VALUE = "<?PHP Print $EditNo ?>"
NAME = "EditNo"
SIZE = 20
STYLE = "FONT-FAMILY ='Arial';FONT-SIZE=12pt; FONT-Weight='Bold'"
MAXSIZE = 20></B></FONT>
</TD></TR>
|
In the first row of the table shall be a prompt ==> Edit User No ==> and a 10 character text box in which to enter the information. Note that the name of the textbox is EditNo; the post method will transfer this information to the confirmation page.
<TR><TD>
<INPUT TYPE = "SUBMIT"
VALUE = "Edit This User Now!"
STYLE = "BACKGROUND=BLUE; COLOR=#FFFFFF ;CURSOR=hand;
FONT-FAMILY ='SYSTEM';FONT-SIZE=10pt">
</TD></TR>
</TABLE></FORM>
</BODY></HTML>
|
The second row of the table shall contain a blue submit button whose caption is Edit This User Now! The remainder of the HTML code above simply ends the table, the form, the body, and the document.
The complete code may be found below. A working model may be found at
<?PHP
#=========================================================================
#=========================================================================
#==== EditSecurityUserByNo1.php ====
#=========================================================================
#==== ====
#==== Purpose : Prompt the user for the User No & transfer ====
#==== to page EditSecurityUserByNo2.php to load ====
#==== current information and allow user to edit. ====
#==== ====
#==== Written By : Dr. Thomas E. Hicks Date: 08/1/2003 ====
#=========================================================================
#=========================================================================
#--------------------------------------------------------------------------
# This block of code starts a new session and clears any session
# variables. It shall make sure that the input boxes on this form
# are initially blank; session variables shall store a copy of the
# user responses in all input boxes so that they may be reloaded on
# the page in the event that the user must return back to this page
# because of invalid input. The PreviousPage variable shall
# enable the corresponding confirmation page to assure that it is
# only called from this page.
#--------------------------------------------------------------------------
If (!IsSet($NewEditNo))
{
Session_Start();
Session_UnSet();
$NewEditNo = "";
$PreviousPage = "Edit1";
$EditNo = "";
Session_Register("NewEditNo");
Session_Register("PreviousPage");
}
Else
$EditNo = $_SESSION["NewEditNo"];
$_SESSION["PreviousPage"] = "Edit1";
?>
<HTML>
<HEAD><TITLE>Dr. Thomas E. Hicks - EditSecurityUserByNo1.php</TITLE>
</HEAD>
<BODY TEXT = "#000000"
BGCOLOR = "#000000"
VLINK ="#000000"
ALINK ="#000000"
BACKGROUND ="Paper.jpg">
<CENTER><FONT FACE ="Arial" SIZE="4">EditSecurityUserByNo1.php<BR>
Written By<BR>Dr. Thomas E. Hicks</FONT></CENTER><HR>
<FORM METHOD = "GET"
ACTION = "EditSecurityUserByNo2.php">
<TABLE BORDER = "5"
CELLPADDING = "4"
CELLSPACING = "4"
STYLE = "border-collapse: collapse"
BORDERCOLOR = "#800000"
BGCOLOR = "#FFFFFF"
WIDTH = "100%">
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Edit User With No
<INPUT TYPE = "Text"
VALUE = "<?PHP Print $EditNo ?>"
NAME = "EditNo"
SIZE = 20
STYLE = "FONT-FAMILY ='Arial';FONT-SIZE=12pt; FONT-Weight='Bold'"
MAXSIZE = 20></B></FONT>
</TD></TR>
<TR><TD ALIGN = "Center">
<INPUT TYPE = "SUBMIT"
VALUE = "Edit User With This No Now!"
STYLE = "BACKGROUND=BLUE; COLOR=#FFFFFF ;CURSOR=hand;
FONT-FAMILY ='SYSTEM';FONT-SIZE=10pt">
</TD></TR>
</TABLE></FORM>
</BODY></HTML>
|
You can see the results below:
<?PHP #======================================================================== #======================================================================== #==== EditSecurityUserByNo2.php ==== #======================================================================== #==== ==== #==== Purpose : Read the desired record into a form for editing. ==== #==== Go to page EditSecurityUserByNoConfirmation.asp ==== #==== to update the record. ==== #==== ==== #==== Written By : Dr. Thomas E. Hicks Date: 6/1/2003 ==== #======================================================================== #======================================================================== |
The documentation block provides a brief statement of purpose. Blocks of PHP code begin with <?PHP and end with ?>.
#--------------------------------------------------------------------------
# Include The Database Utilities
#--------------------------------------------------------------------------
Include('../adodb/adodb.inc.php');
|
Include file adodb.inc.php which contains many of the database access extensions to PHP.
#--------------------------------------------------------------------------
# May Only Enter This Page From EditSecurityUserByNo1.php!
#--------------------------------------------------------------------------
If ($_SESSION["PreviousPage"] != "Edit1" )
{
Print "<script language = 'JavaScript'> " .
"window.location = 'EditSecurityUserByNo1.php'</Script>";
Print " ";
Exit;
}
|
The user should not be able to directly evoke this page from the browser; make sure that the only way that this page can be launched is from the EditSecurityUserByNo1.php page.
#-------------------------------------------------------------------------- # Declarations & Initializations #-------------------------------------------------------------------------- $Counter = 1; $EditNo = Trim($_REQUEST["EditNo"]); $_SESSION["NewEditNo"] = Trim($_REQUEST["EditNo"]); $_SESSION["PreviousPage"] = "Edit2"; |
Initialize Counter to 1. Fill EditNo with the trimmed value from the form on page EditSecurityUserConfirmation.php
#--------------------------------------------------------------------------
# Make Sure That EditNo Is Not Blank!
#--------------------------------------------------------------------------
If (StrLen($EditNo) == 0)
{
$ErrorMessage = "The Edit No May Not Be Blank!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
|
If the user fails to enter a EditNo, then the length will be zero. A successful search for this record requires the length of the EditNo to be greater than zero. In the event that the user leaves the EditNo blank, a session variable, describing the error, is created and the generic Error.php is loaded to display the error. The extra Print and Exit simply delay the processing so that things work in synch.
#--------------------------------------------------------------------------
# Make Sure That EditNo Is Numeric!
#--------------------------------------------------------------------------
If (Is_Numeric($EditNo) == FALSE)
{
$ErrorMessage = "The Edit No Must Be Numeric!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
|
If the user fails to enter a valid number, then the search will be unsuccessful. In the event that the user enters an invalid number, a session variable, describing the error, is created and the generic Error.php is loaded to display the error. The extra Print and Exit simply delay the processing so that things work in synch.
#--------------------------------------------------------------------------
# Access Database RealPath Connect To The Server
#--------------------------------------------------------------------------
#------------------------ Create A Connection Object ----------------------
$Conn = New COM("ADODB.Connection");
#------------------------------ Absolute Path -----------------------------
$ConnStr = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" .
RealPath("C:\Security.mdb");
#------------------------------ Relative Path -----------------------------
$ConnStr = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" .
RealPath("../../../Security.mdb");
#--------------------------------- Connect --------------------------------
$Conn->Open($ConnStr);
|
The block of code above connects this page to the Security database. A connection object is created. Variable ConnStr contains part of the connection arguments. The Conn->Open opens the Security database and associates it with the connection object.
#--------------------------------------------------------------------------
# Attempt To Create a Record Set Containing The Record EditNo
#--------------------------------------------------------------------------
#--------------------------- Traditional SQL Query ------------------------
$UserSQL = " SELECT * " .
" FROM Users " .
" WHERE Users.No = " . $EditNo ;
#------------- Create A Record Set That Contains Results Of Query ---------
$UsersRecordSet = $Conn->Execute($UserSQL);
|
The SQL query is to search for and read the user whose No is EditNo. This query may or may not be successful. There may be no matches..
#--------------------------------------------------------------------------
# There Must Be A Record Set
#--------------------------------------------------------------------------
If (!$UsersRecordSet)
{
$ErrorMessage = "System Error - Unable To Generate Record Set!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
|
If the record set is not created, then there is a definite error; a session variable, describing the error, is created and the generic Error.php is loaded to display the error.
#--------------------------------------------------------------------------
# There Must Be A Record To Edit
#--------------------------------------------------------------------------
If ($UsersRecordSet->EOF)
{
$ErrorMessage = "There Are No Records Matching This Sought No!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
|
If the user enters a EditNo that is not found in the Users table, then the record set will be empty and EOF will be true. In the event that the query is unsuccessful, a session variable, describing the error, is created and the generic Error.php is loaded to display the error.
#--------------------------------------------------------------------------
# Read The Four Fields Of The Current Record Into Objects
#--------------------------------------------------------------------------
$Name = $UsersRecordSet->Fields(0);
$No = $UsersRecordSet->Fields(1);
$Password = $UsersRecordSet->Fields(2);
$IDNo = $UsersRecordSet->Fields(3);
|
For simplicity, these shall then be transferred into normal string and numeric variables.
#--------------------------------------------------------------------------
# Extract The Values From The Objects - Put Into Variables
#--------------------------------------------------------------------------
$NewName = $Name->Value;
$NewNo = $No->Value;
$NewPassword = $Password->Value;
$NewIdNo = $IDNo->Value;
?>
|
For simplicity, these shall then be transferred into normal string and numeric variables.
<HTML> <HEAD><TITLE>Dr. Thomas E. Hicks - EditSecurityUserByNo2.php</TITLE></HEAD> |
Fill No with the integer value passed from EditNo in the text input box.
<BODY TEXT = "#000000" BGCOLOR = "#000000" VLINK ="#000000" ALINK ="#000000" BACKGROUND ="Paper.jpg"> |
This HTML code above defines the page background, the default text color, the default background color, and the default link colors.
<CENTER><FONT FACE ="Arial" SIZE="4">EditSecurityUserByNo2.php<BR> Written By<BR>Dr. Thomas E. Hicks</FONT></CENTER><HR> |
The HTML code above creates the following commercial at the top of the page.
EditSecurityUserByNo2.php
Written By
Dr. Thomas E. Hicks
<FORM METHOD = "POST"
ACTION = "EditSecurityUserByNo2.php">
|
This is a standard HTML form which shall provide the user an opportunity to enter a user No and transfer that information to page EditSecurityUserByNo2.php.
<TABLE BORDER = "5"
CELLPADDING = "4"
CELLSPACING = "4"
STYLE = "border-collapse: collapse"
BORDERCOLOR = "#800000"
BGCOLOR = "#FFFFFF"
ALIGN = "Center">
|
A table shall be used to organize the prompts, buttons, and input boxes.
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Enter Name
<INPUT TYPE = "Text"
VALUE = "<?PHP Print $NewName ?>"
NAME = "NewName"
SIZE = 20
STYLE = "FONT-FAMILY ='Arial';FONT-SIZE=12pt; FONT-Weight='Bold'"
MAXSIZE = 20></B></FONT>
</TD></TR>
|
In the first row of the table shall be a prompt ==> Enter Name ==> and a 20 character text box in which to enter the information. Note that the name of the textbox is NewName; the post method will transfer this information to the confirmation page. It is initialized with the value read from the record.
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Enter No
<INPUT TYPE = "Text"
VALUE = "<?PHP Print $NewNo ?>"
NAME = "NewNo"
SIZE = 10
STYLE = "FONT-FAMILY ='Arial';FONT-SIZE=12pt; FONT-Weight='Bold'"
MAXSIZE = 10></B></FONT>
</TD></TR>
|
In the second row of the table shall be a prompt ==> Enter No ==> and a 10 character text box in which to enter the information. Note that the name of the textbox is NewNo; the post method will transfer this information to the confirmation page. It is initialized with the value read from the record.
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Enter Password
<INPUT TYPE = "Text"
VALUE = "<?PHP Print $NewPassword ?>"
NAME = "NewPassword"
SIZE = 15
STYLE = "FONT-FAMILY ='Arial';FONT-SIZE=12pt; FONT-Weight='Bold'"
MAXSIZE = 15></B></FONT>
</TD></TR>
|
In the third row of the table shall be a prompt ==> Enter Password ==> and a 15 character text box in which to enter the information. Note that the name of the textbox is NewPassword; the post method will transfer this information to the confirmation page. It is initialized with the value read from the record.
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B> ID # <FONT COLOR = "#000000"> <?PHP Print $NewIdNo ?> </FONT></FONT></B> </TD></TR> |
In the fourth row of the table shall be a display of the IDNo field; since it is a unique auto number field assigned by the access database, it may not be altered by the user or programmer.
<TR><TD><CENTER>
<INPUT TYPE = "SUBMIT"
VALUE = "Update This Record Now!"
STYLE = "BACKGROUND=BLUE; COLOR=#FFFFFF ;CURSOR=hand;
FONT-FAMILY ='SYSTEM'">
</CENTER></TD></TR>
</TABLE></FORM>
|
The fifth row of the table shall contain a blue submit button whose caption is Update This Record Now! The remainder of the HTML code above simply ends the table, the form, the body, and the document.
The complete code may be found below. A working model may be found at
<?PHP
#========================================================================
#========================================================================
#==== EditSecurityUserByNo2.php ====
#========================================================================
#==== ====
#==== Purpose : Read the desired record into a form for editing. ====
#==== Go to page EditSecurityUserByNoConfirmation.asp ====
#==== to update the record. ====
#==== ====
#==== Written By : Dr. Thomas E. Hicks Date: 6/1/2003 ====
#========================================================================
#========================================================================
#--------------------------------------------------------------------------
# Include The Database Utilities
#--------------------------------------------------------------------------
Include('../adodb/adodb.inc.php');
#--------------------------------------------------------------------------
# May Only Enter This Page From EditSecurityUserByNo1.php!
#--------------------------------------------------------------------------
If ($_SESSION["PreviousPage"] != "Edit1" )
{
Print "<script language = 'JavaScript'> " .
"window.location = 'EditSecurityUserByNo1.php'</Script>";
Print " ";
Exit;
}
#--------------------------------------------------------------------------
# Declarations & Initializations
#--------------------------------------------------------------------------
$Counter = 1;
$EditNo = Trim($_REQUEST["EditNo"]);
$_SESSION["NewEditNo"] = Trim($_REQUEST["EditNo"]);
$_SESSION["PreviousPage"] = "Edit2";
#--------------------------------------------------------------------------
# Make Sure That EditNo Is Not Blank!
#--------------------------------------------------------------------------
If (StrLen($EditNo) == 0)
{
$ErrorMessage = "The Edit No May Not Be Blank!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
#--------------------------------------------------------------------------
# Make Sure That EditNo Is Numeric!
#--------------------------------------------------------------------------
If (Is_Numeric($EditNo) == FALSE)
{
$ErrorMessage = "The Edit No Must Be Numeric!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
#--------------------------------------------------------------------------
# Access Database RealPath Connect To The Server
#--------------------------------------------------------------------------
#------------------------ Create A Connection Object ----------------------
$Conn = New COM("ADODB.Connection");
#------------------------------ Absolute Path -----------------------------
$ConnStr = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" .
RealPath("C:\Security.mdb");
#------------------------------ Relative Path -----------------------------
$ConnStr = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" .
RealPath("../../../Security.mdb");
#--------------------------------- Connect --------------------------------
$Conn->Open($ConnStr);
#--------------------------------------------------------------------------
# Attempt To Create a Record Set Containing The Record EditNo
#--------------------------------------------------------------------------
#--------------------------- Traditional SQL Query ------------------------
$UserSQL = " SELECT * " .
" FROM Users " .
" WHERE Users.No = " . $EditNo ;
#------------- Create A Record Set That Contains Results Of Query ---------
$UsersRecordSet = $Conn->Execute($UserSQL);
#--------------------------------------------------------------------------
# There Must Be A Record Set
#--------------------------------------------------------------------------
If (!$UsersRecordSet)
{
$ErrorMessage = "System Error - Unable To Generate Record Set!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
#--------------------------------------------------------------------------
# There Must Be A Record To Edit
#--------------------------------------------------------------------------
If ($UsersRecordSet->EOF)
{
$ErrorMessage = "There Are No Records Matching This Sought No!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
#--------------------------------------------------------------------------
# Read The Four Fields Of The Current Record Into Objects
#--------------------------------------------------------------------------
$Name = $UsersRecordSet->Fields(0);
$No = $UsersRecordSet->Fields(1);
$Password = $UsersRecordSet->Fields(2);
$IDNo = $UsersRecordSet->Fields(3);
#--------------------------------------------------------------------------
# Extract The Values From The Objects - Put Into Variables
#--------------------------------------------------------------------------
$NewName = $Name->Value;
$NewNo = $No->Value;
$NewPassword = $Password->Value;
$NewIdNo = $IDNo->Value;
?>
<HTML>
<HEAD><TITLE>Dr. Thomas E. Hicks - EditSecurityUserByNo2.php</TITLE></HEAD>
<BODY TEXT = "#000000"
BGCOLOR = "#000000"
VLINK = "#000000"
ALINK = "#000000"
BACKGROUND = "Paper.jpg">
<CENTER><FONT FACE ="Arial" SIZE="4">EditSecurityUserByNo2.php<BR>
Written By<BR>Dr. Thomas E. Hicks</FONT></CENTER><HR>
<FORM METHOD = "POST"
ACTION = "EditSecurityUserByNoConfirmation.php">
<TABLE BORDER = "5"
CELLPADDING = "4"
CELLSPACING = "4"
STYLE = "border-collapse: collapse"
BORDERCOLOR = "#800000"
BGCOLOR = "#FFFFFF"
ALIGN = "Center">
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Enter Name
<INPUT TYPE = "Text"
VALUE = "<?PHP Print $NewName ?>"
NAME = "NewName"
SIZE = 20
STYLE = "FONT-FAMILY ='Arial';FONT-SIZE=12pt; FONT-Weight='Bold'"
MAXSIZE = 20></B></FONT>
</TD></TR>
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Enter No
<INPUT TYPE = "Text"
VALUE = "<?PHP Print $NewNo ?>"
NAME = "NewNo"
SIZE = 10
STYLE = "FONT-FAMILY ='Arial';FONT-SIZE=12pt; FONT-Weight='Bold'"
MAXSIZE = 10></B></FONT>
</TD></TR>
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Enter Password
<INPUT TYPE = "Text"
VALUE = "<?PHP Print $NewPassword ?>"
NAME = "NewPassword"
SIZE = 15
STYLE = "FONT-FAMILY ='Arial';FONT-SIZE=12pt; FONT-Weight='Bold'"
MAXSIZE = 15></B></FONT>
</TD></TR>
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
ID #
<FONT COLOR = "#000000">
<?PHP Print $NewIdNo ?>
</FONT></FONT></B>
</TD></TR>
<TR><TD><CENTER>
<INPUT TYPE = "SUBMIT"
VALUE = "Update This User In Database!"
STYLE = "BACKGROUND=BLUE; COLOR=#FFFFFF ;CURSOR=hand;
FONT-FAMILY ='SYSTEM';FONT-SIZE=10pt">
</CENTER></TD></TR>
</TABLE></FORM>
</BODY></HTML>
|
You can see the results below:
<?PHP #======================================================================== #======================================================================== #==== EditSecurityUserByNoConfirmation.php ==== #======================================================================== #==== ==== #==== Purpose : Transfer to page Error.asp and report error if ==== #==== user does not enter the Sought No. Transfer ==== #==== to page Error.asp and report error if the ==== #==== search comes up empty. Update the corrected ==== #==== record. ==== #==== ==== #==== Written By : Dr. Thomas E. Hicks Date: 6/1/2003 ==== #======================================================================== #======================================================================== |
The documentation block provides a brief statement of purpose. Blocks of PHP code begin with <?PHP and end with ?>.
#--------------------------------------------------------------------------
# Include The Database Utilities
#--------------------------------------------------------------------------
Include('../adodb/adodb.inc.php');
#--------------------------------------------------------------------------
# Continue The Session
#--------------------------------------------------------------------------
|
Include file adodb.inc.php which contains many of the database access extensions to PHP.
#--------------------------------------------------------------------------
# May Only Enter This Page From EditSecurityUserByNo2.php!
#--------------------------------------------------------------------------
If ($_SESSION["PreviousPage"] != "Edit2" )
{
Print "<Script Language = 'JavaScript'> " .
"window.location = 'EditSecurityUserByNo1.php'</Script>";
Print " ";
Exit;
}
|
The user should not be able to directly evoke this page from the browser; make sure that the only way that this page can be launched is from the EditSecurityUserByNo2.php page.
#------------------------------------------------------------------------ # Initializations - Fill Local Variables From Form Info #------------------------------------------------------------------------ $NewPassword = Trim($_REQUEST["NewPassword"]); $NewName = Trim($_REQUEST["NewName"]); $NewNo = Trim($_REQUEST["NewNo"]); |
NewName, NewNo, and NewPassword shall be passed to the confirmation page. You will not see them in the URL with the Post option.
#------------------------------------------------------------------------
# Transfer To Page Error If User Does Not Enter A Name
#------------------------------------------------------------------------
If (StrLen($NewName) == 0)
{
$ErrorMessage = "The Name May Not Be Blank!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
|
If the user fails to enter a NewName, then the length will be zero. A successful add requires the NewNameto be greater than zero. In the event that the user leaves the NewName blank, a session variable, describing the error, is created and the generic Error.php is loaded to display the error.
#------------------------------------------------------------------------
# Transfer To Page Error If User Does Not Enter A No
#------------------------------------------------------------------------
If (StrLen($NewNo) == 0)
{
$ErrorMessage = "The No May Not Be Blank!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
|
If the user fails to enter a NewNo, then the length will be zero. A successful add requires the NewNobe greater than zero. In the event that the user leaves the NewNo blank, a session variable, describing the error, is created and the generic Error.php is loaded to display the error.
#------------------------------------------------------------------------
# Transfer To Page Error If User Does Not Enter A Password
#------------------------------------------------------------------------
If (StrLen($NewPassword) == 0)
{
$ErrorMessage = "The Password May Not Be Blank!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
|
If the user fails to enter a NewPassword, then the length will be zero. A successful add requires the NewNameto be greater than zero. In the event that the user leaves the NewPassword blank, a session variable, describing the error, is created and the generic Error.php is loaded to display the error.
#------------------------------------------------------------------------
# Transfer To Page Error If User Does Not Enter A Numeric Value
#------------------------------------------------------------------------
If (Is_Numeric($NewNo) == FALSE)
{
$ErrorMessage = "The Edit No Must Be Numeric!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
|
If the user must enter a numerical value for NewNo. In the event that the user a non-numerical value, a session variable, describing the error, is created and the generic Error.php is loaded to display the error.
#--------------------------------------------------------------------------
# Access Database RealPath Connect To The Server
#--------------------------------------------------------------------------
#------------------------ Create A Connection Object ----------------------
$Conn = New COM("ADODB.Connection");
#------------------------------ Absolute Path -----------------------------
$ConnStr = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" .
RealPath("C:\Security.mdb");
#------------------------------ Relative Path -----------------------------
$ConnStr = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" .
RealPath("../../../Security.mdb");
#--------------------------------- Connect --------------------------------
$Conn->Open($ConnStr);
|
The block of code above connects this page to the Security database. A connection object is created. Variable ConnStr contains part of the connection arguments. The Conn->Open opens the Security database and associates it with the connection object.
#------------------------------------------------------------------------
# Add The Record To The Database
#------------------------------------------------------------------------
$UserSQL = " UPDATE Users SET " .
" Name = '" . $NewName . "', " .
" No = " . $NewNo . ", " .
" Password = '" . $NewPassword . "' " .
" Where Users.No = " . $_SESSION["NewEditNo"] ;
$UsersRecordSet = $Conn->Execute($UserSQL);
?>
|
The SQL query updates the record in the Users database table.
<HTML><HEAD> <TITLE>Dr. Thomas E. Hicks - EditSecurityUserConfirmation.php </TITLE> </HEAD> |
The HTML places Dr. Thomas E. Hicks - EditSecurityUserByNoConfirmation.php in the browser title bar.
<BODY TEXT = "#000000" BGCOLOR = "#000000" VLINK ="#000000" ALINK ="#000000" BACKGROUND ="Paper.jpg"> |
This HTML code above defines the page background, the default text color, the default background color, and the default link colors.
<CENTER> <FONT FACE="Arial" SIZE="4">EditSecurityUserConfirmation.php<BR> Written By<BR> Dr. Thomas E. Hicks</font><P> </CENTER> <HR> |
The HTML code above creates the following commercial at the top of the page.
EditSecurityUserByNoConfirmation.php
Written By
Dr. Thomas E. Hicks
<P><FONT COLOR="#FF0000" FACE="Arial"> <?PHP Print $NewName ; ?> has been updated in the database! <FONT> |
Although it is not essential, we are going to display the name of the user added to the database.
<?PHP #-------------------------------------------------------------------------- # Close & Terminate The Connections #-------------------------------------------------------------------------- $Conn->Close(); $UsersRecordSet = null; $Conn = null; |
Close the connection. Since the delete does not return a record set, you may not close it! Set both to null.
#-------------------------------------------------------------------------- # Terminate The Session #-------------------------------------------------------------------------- Session_UnSet(); Session_Destroy(); ?> |
Clear the session variables and close the session.
</TABLE> </BODY></HTML> |
The HTML code above simply ends the table, the body, and the document.
The complete code may be found below. A working model may be found at
<?PHP
#========================================================================
#========================================================================
#==== EditSecurityUserByNoConfirmation.php ====
#========================================================================
#==== ====
#==== Purpose : Transfer to page Error.asp and report error if ====
#==== user does not enter the Sought No. Transfer ====
#==== to page Error.asp and report error if the ====
#==== search comes up empty. Update the corrected ====
#==== record. ====
#==== ====
#==== Written By : Dr. Thomas E. Hicks Date: 6/1/2003 ====
#========================================================================
#========================================================================
#--------------------------------------------------------------------------
# Include The Database Utilities
#--------------------------------------------------------------------------
Include('../adodb/adodb.inc.php');
#--------------------------------------------------------------------------
# Continue The Session
#--------------------------------------------------------------------------
#--------------------------------------------------------------------------
# May Only Enter This Page From EditSecurityUserByNo2.php!
#--------------------------------------------------------------------------
If ($_SESSION["PreviousPage"] != "Edit2" )
{
Print "<Script Language = 'JavaScript'> " .
"window.location = 'EditSecurityUserByNo1.php'</Script>";
Print " ";
Exit;
}
#------------------------------------------------------------------------
# Initializations - Fill Local Variables From Form Info
#------------------------------------------------------------------------
$Counter = 1;
$NewPassword = Trim($_REQUEST["NewPassword"]);
$NewName = Trim($_REQUEST["NewName"]);
$NewNo = Trim($_REQUEST["NewNo"]);
#------------------------------------------------------------------------
# Transfer To Page Error If User Does Not Enter A Name
#------------------------------------------------------------------------
If (StrLen($NewName) == 0)
{
$ErrorMessage = "The Name May Not Be Blank!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
#------------------------------------------------------------------------
# Transfer To Page Error If User Does Not Enter A No
#------------------------------------------------------------------------
If (StrLen($NewNo) == 0)
{
$ErrorMessage = "The No May Not Be Blank!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
#------------------------------------------------------------------------
# Transfer To Page Error If User Does Not Enter A Password
#------------------------------------------------------------------------
If (StrLen($NewPassword) == 0)
{
$ErrorMessage = "The Password May Not Be Blank!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
#------------------------------------------------------------------------
# Transfer To Page Error If User Does Not Enter A Numeric Value
#------------------------------------------------------------------------
If (Is_Numeric($NewNo) == FALSE)
{
$ErrorMessage = "The Edit No Must Be Numeric!";
Session_Register("ErrorMessage");
Print "<script language = 'JavaScript'> " .
"window.location = 'Error.php'</Script>";
Print " ";
Exit;
}
#--------------------------------------------------------------------------
# Access Database RealPath Connect To The Server
#--------------------------------------------------------------------------
#------------------------ Create A Connection Object ----------------------
$Conn = New COM("ADODB.Connection");
#------------------------------ Absolute Path -----------------------------
$ConnStr = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" .
RealPath("C:\Security.mdb");
#------------------------------ Relative Path -----------------------------
$ConnStr = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" .
RealPath("../../../Security.mdb");
#--------------------------------- Connect --------------------------------
$Conn->Open($ConnStr);
#------------------------------------------------------------------------
# Add The Record To The Database
#------------------------------------------------------------------------
$UserSQL = " UPDATE Users SET " .
" Name = '" . $NewName . "', " .
" No = " . $NewNo . ", " .
" Password = '" . $NewPassword . "' " .
" Where Users.No = " . $_SESSION["NewEditNo"] ;
$UsersRecordSet = $Conn->Execute($UserSQL);
?>
<HTML><HEAD>
<TITLE>Dr. Thomas E. Hicks - EditSecurityUserConfirmation.php </TITLE>
</HEAD>
<BODY TEXT = "#000000"
BGCOLOR = "#000000"
VLINK ="#000000"
ALINK ="#000000"
BACKGROUND ="Paper.jpg">
<CENTER>
<FONT FACE="Arial" SIZE="4">EditSecurityUserConfirmation.php<BR>
Written By<BR>
Dr. Thomas E. Hicks</font><P>
</CENTER>
<HR>
<P><FONT COLOR="#FF0000" FACE="Arial">
<?PHP
Print $NewName ;
?> has been updated in the database! <FONT>
<?PHP
#--------------------------------------------------------------------------
# Close & Terminate The Connections
#--------------------------------------------------------------------------
$Conn->Close();
$UsersRecordSet = null;
$Conn = null;
#--------------------------------------------------------------------------
# Terminate The Session
#--------------------------------------------------------------------------
Session_UnSet();
Session_Destroy();
?>
</BODY></HTML>
|
You can see the results below:
The complete code may be found below.
<?PHP
#====================================================================================
#====================================================================================
#==== DisplayError.asp ====
#==== ====
#==== Purpose : Display the global System variable ErrorMessage and provide the ====
#==== User with a button which will allow them to return to the ====
#==== original form two levels back in the history. ====
#==== ====
#==== Written By : Dr. Thomas E. Hicks ====
#====================================================================================
#====================================================================================
?>
<HTML><BODY BACKGROUND = "Paper.jpg">
<HR>
<CENTER><p Align="Center"><b><Font Size=+0 Color="#660033">
<br>
<?PHP
Print $ErrorMessage;
?>
</font></b>
<FORM METHOD="POST">
<INPUT TYPE = "BUTTON"
VALUE = " Click This Button To Go Back To Correct The Problem! "
STYLE = "BackGround=DarkGreen; Color=#FFFFFF ;Cursor=hand; ".
"Font-Family ='system';Font-Size=10pt"
OnClick = "history.go( -2 ); return true;">
</FORM>
<HR></CENTER></BODY></HTML>
|