Extends from the last chapter , This chapter takes a look at some real-world problems that can occur as you move your application
from testing to a live website, Through this chapter you will learn more important PHP and SQL code.
First Problem : Its never safe to assume a web form will be used exactly the way it was intended.
SO try and head off these kinds of problems by anticipating that some users will misuse your forms.
So the form is in need of validation, which is the process of checking to make sure form data is OK before doing anything with it.
Validation means making the data you get is the data you expect .
Just a tip here: you can also validating data on the client by JavaScript. But the server is the last line of defense for catching bad form data,
So server-side validation can't be ignored even if you have checked the data on the client-side.
Above the last project, we should add some code to sendemail.php that examines the values in the text boxes and checks to make
sure they aren't empty. If everything checks out OK, the script sends out the emails.
A form that references itself. An HTML form that is part of the PHP script that process it is known as self-referencing.(自引用表格,表格会提交到自身)
When a form is smart enough to remember data entered into it in prior submissions, its know as a sticky form, data sticks to it!
you can make the sendemail.php a self-referencing form like this :
<form action="sendemail.php" method="post">
or you can do it like this :
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
superglobal variable $_SERVER['PHP_SELF'], which stores the name of the current script. You can replace the script URL in the form action to
$_SERVER['PHP_SELF'], and not ever have to worry about updating anything if you ever need to rename the script.
To make the form Validation and Sticky , you can edit the sendemail.php like this :
1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 3 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> 4 <head> 5 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 6 <title>Make Me Elvis - Send Email</title> 7 <link rel="stylesheet" type="text/css" href="style.css" /> 8 </head> 9 <body> 10 <img src="blankface.jpg" width="161" height="350" alt="" style="float:right" /> 11 <img name="elvislogo" src="elvislogo.gif" width="229" height="32" border="0" alt="Make Me Elvis" /> 12 <p><strong>Private:</strong> For Elmer's use ONLY<br /> 13 Write and send an email to mailing list members.</p> 14 15 <?php 16 if (isset($_POST['submit'])) { 17 $from = 'elmer@makemeelvis.com'; 18 $subject = $_POST['subject']; 19 $text = $_POST['elvismail']; 20 $output_form = false; 21 22 if (empty($subject) && empty($text)) { 23 // We know both $subject AND $text are blank 24 echo 'You forgot the email subject and body text.<br />'; 25 $output_form = true; 26 } 27 28 if (empty($subject) && (!empty($text))) { 29 echo 'You forgot the email subject.<br />'; 30 $output_form = true; 31 } 32 33 if ((!empty($subject)) && empty($text)) { 34 echo 'You forgot the email body text.<br />'; 35 $output_form = true; 36 } 37 } 38 else { 39 $output_form = true; 40 } 41 42 if ((!empty($subject)) && (!empty($text))) { 43 $dbc = mysqli_connect("localhost","root","root","elvis_store") 44 or die("Error connectiong to MySQL"); 45 echo "Connecting success! </br>"; 46 47 $query = "SELECT * FROM email_list"; 48 $result = mysqli_query($dbc, $query) 49 or die("Error querying database!"); 50 echo "Quering success! </br>"; 51 52 while( $row = mysqli_fetch_array($result) ) { 53 $first_name = $row['first_name']; 54 $last_name = $row['last_name']; 55 $to = $row['email']; 56 57 $msg = "Dear $first_name $last_name, \n $text"; 58 59 mail($to, $subject, $msg, 'From: '.$from ); 60 61 echo 'Emai sent to :'.$to. "<br/>"; 62 } 63 mysqli_close($dbc); 64 } 65 66 if ($output_form) { 67 ?> 68 69 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> 70 <label for="subject">Subject of email:</label><br /> 71 <input id="subject" name="subject" type="text" value="<?php echo $subject; ?>" size="30" /><br /> 72 <label for="elvismail">Body of email:</label><br /> 73 <textarea id="elvismail" name="elvismail" rows="8" cols="40"><?php echo $text; ?></textarea><br /> 74 <input type="submit" name="submit" value="Submit" /> 75 </form> 76 77 <?php 78 } 79 ?> 80 81 </body> 82 </html>
Next we should the alter the table to make table rows should be uniquely identifialbe.
SQL has a command that lets you make changes to an existing table without losing any data.
ALTER TABLE table_name ADD column_name column_type
you can use it like this :
ALTER TABLE email_list ADD id INT NOT NULL AUTO_INCREMENT FIRST,
ADD PRIMARY KEY(id) #this little chunk of code tells MySQL that new id column is the primary key for the table, you can learn more detail here
After you have changed the database, you should also add validation to the addemail.php just like what we did before:
<? /** * Created by IntelliJ IDEA. * User: beyond_acm * Date: 9/1/2015 * Time: 9:58 AM */ ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Make Me Elvis - Add Email</title> <link rel="stylesheet" type="text/css" href="style.css" /> </head> <body> <img src="blankface.jpg" width="161" height="350" alt="" style="float:right" /> <img name="elvislogo" src="elvislogo.gif" width="229" height="32" border="0" alt="Make Me Elvis" /> <p>Enter your first name, last name, and email to be added to the <strong>Make Me Elvis</strong> mailing list.</p> <?php if( isset($_POST['submit']) ) { // if submit the form $first_name = $_POST['firstname']; $last_name = $_POST['lastname']; $email = $_POST['email']; $output_form = 'no'; //TODO the validation if (empty($first_name) || empty($last_name) || empty($email)) { // We know at least one of the input fields is blank echo 'Please fill out all of the email information.<br />'; $output_form = 'yes'; } } else { $output_form = 'yes'; } //If the form is validate, then todo insert the data into the database if (!empty($first_name) && !empty($last_name) && !empty($email)) { $dbc = mysqli_connect('localhost', 'root', 'root', 'elvis_store') or die('Error connecting to MySQL server.'); $query = "INSERT INTO email_list (first_name, last_name, email) VALUES ('$first_name', '$last_name', '$email')"; mysqli_query($dbc, $query) or die ('Data not inserted.'); echo 'Customer added.'; mysqli_close($dbc); } if ($output_form == 'yes') { ?> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <label for="firstname">First name:</label> <input type="text" id="firstname" name="firstname" /><br /> <label for="lastname">Last name:</label> <input type="text" id="lastname" name="lastname" /><br /> <label for="email">Email:</label> <input type="text" id="email" name="email" /><br /> <input type="submit" name="submit" value="Submit" /> </form> <?php } ?> </body> </html>
Last we should add a removeemail.php to delete users from the table, the removeemail.php is as followed :
<? /** * Created by IntelliJ IDEA. * User: Administrator * Date: 9/1/2015 * Time: 10:29 AM */ ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Make Me Elvis - Remove Email</title> <link rel="stylesheet" type="text/css" href="style.css" /> </head> <body> <img src="blankface.jpg" width="161" height="350" alt="" style="float:right" /> <img name="elvislogo" src="elvislogo.gif" width="229" height="32" border="0" alt="Make Me Elvis" /> <p>Please select the email addresses to delete from the email list and click Remove.</p> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <?php $dbc = mysqli_connect('localhost', 'root', 'root', 'elvis_store') or die('Error connecting to MySQL server'); //Delete the customer rows (only if the form has been submitted) if( isset($_POST['submit']) ) { foreach( $_POST['todelete'] as $delete_id ) { $query = "DELETE FROM email_list WHERE id = $delete_id"; mysqli_query($dbc, $query) or die('Error quering database'); } echo 'Customer(s) removed. </br>'; } //Display the customer rows with checkboxed for deleting $query = "SELECT * FROM email_list"; $result = mysqli_query($dbc, $query); while( $row = mysqli_fetch_array($result) ) { echo '<input type="checkbox" value=' .$row['id']. ' name="todelete[]" />'; echo $row['first_name']; echo ' '.$row['last_name']; echo ' '.$row['email']; echo '</br>'; } mysqli_close($dbc); ?> <input type="submit" name="submit" value="Remove"> </form> </body> </html>
if you get it right, you should see some pages as follows :
Now you can delete the registerd user stored in the database, Cool you have finished a real webapp.