dbk Posted July 14, 2010 Share Posted July 14, 2010 Hi guys I've been working on learning php for a month now and I'm very surprised with the progress . How I'm find my self standing at a crossroad - should I try understand how a framework works to separate php from html or .. should I just try to organise my code as much as possible?? To see how I structure my code here is an example of a application to my own little architectural company: <?php require_once '..\functions\func_access_db.php'; require_once '..\functions\func_doctype.php'; require_once '..\functions\functions.php'; //Get required data from url $action = $_GET['action']; $form_action = $_GET['form_action']; $user_id = $_GET['user_id']; //Get data from database if exists switch ($action) { case "user_edit": case "user_call": //Find user_id if no user is selected if ($user_id == "") { $user_db = "SELECT * FROM user ORDER BY user_title"; $user_result = mysql_query($user_db) or die("Invalid query: " . mysql_error()); $row = mysql_fetch_array($user_result); $user_id = $row['user_id']; } $usersql = "SELECT * FROM user WHERE user_id = $user_id"; $user_result = mysql_query($usersql) or die("Invalid query: " . mysql_error()); $row = mysql_fetch_array($user_result); $user_name = $row['user_name']; $existing_user_password = $row['user_password']; $user_title = $row['user_title']; $user_first_names = $row['user_first_names']; $user_surname = $row['user_surname']; $user_initials = $row['user_initials']; $user_direct_phone = $row['user_direct_phone']; $user_cellphone = $row['user_cellphone']; $user_mail = $row['user_mail']; $user_permissions = $row['user_permissions']; break; case "user_add": $user_name = ""; $user_password = ""; $user_title = ""; $user_first_names = ""; $user_surname = ""; $user_initials = ""; $user_direct_phone = ""; $user_cellphone = ""; $user_mail = ""; $user_permissions = ""; break; } //Evaluate form and handle data if($form_action == "commit"){ //Get form data $user_name = $_POST['user_name']; $user_password = $_POST['user_password']; $user_title = $_POST['user_title']; $user_first_names = ucwords(strtolower($_POST['user_first_names'])); $user_surname = ucwords(strtolower($_POST['user_surname'])); $user_initials = strtoupper($_POST['user_initials']);//convert alle letters to uppercast $user_direct_phone = $_POST['user_direct_phone']; $user_cellphone = $_POST['user_cellphone']; $user_mail = $_POST['user_mail']; $user_permissions = $_POST['user_permissions']; $new_user_password = $_POST['new_user_password']; $confirm_new_user_password = $_POST['confirm_new_user_password']; //eveluate user_name if (($user_name == "") OR ((strlen($user_name)) < 3)){ $user_name_error = "Brugernavnet skal være på mindst 3 tegn!"; } elseif((strlen($user_name)) >= 3){ // //Check if user_name is stored in the database // //Use this query if action == user_add if($action == "user_add"){ $check_user_name = "SELECT user_name FROM user"; } //Use this query if action == user_edit if($action == "user_edit"){ $check_user_name = "SELECT user_name FROM user WHERE user_id!=$user_id"; } $search_result = mysql_query($check_user_name); //Evaluate user_name $temp_array = array(); while ($user_row = mysql_fetch_array($search_result)) { $temp_array[] = $user_row['user_name']; } $search = in_array($user_name, $temp_array); if ($search == 1){ $user_name_error = "Brugernavnet findes allerede i databasen!"; } }//end evaluate user_name // //eveluate user_password // //use this evaluation user_password if action == user_add if ($action == "user_add"){ if (($user_password == "") OR ((strlen($user_password)) < 4)){ $user_password_error = "Password skal være på mindst 4 tegn!"; } } //use this evaluation user_password if action == user_edit if ($action == "user_edit"){ if (!empty($new_user_password)){ if (((strlen($new_user_password)) < 4)){ $new_user_password_error = "Password skal være på mindst 4 tegn!"; } if ($confirm_new_user_password != $new_user_password){ $user_password_error = "De indtastede password skal være ens!"; } } } //eveluate user_title if ($user_title == ""){ $user_title_error = "Brugeren skal have en titel!"; } //eveluate user_names if (($user_first_names == "") OR ((strlen($user_first_names)) < 2)){ $user_first_names_error = "Fornavn(e) skal være på mindst 2 tegn!"; } //eveluate user_surname if (($user_surname == "") OR ((strlen($user_surname)) < 2)){ $user_surname_error = "Efternavn skal være på mindst 2 tegn!"; } //eveluate user_initials if (($user_initials == "") OR ((strlen($user_initials)) < 2)){ $user_initials_error = "Initialer skal være på mindst 2 tegn!"; } //eveluate user_direct_phone if exitst if(!empty($user_direct_phone)){ if ((!is_numeric($user_direct_phone)) OR ((strlen($user_direct_phone)) != ) { $user_direct_phone_error = "Direkte nummer skal være på 8 tal!"; } } //eveluate user_cellphone if ((!is_numeric($user_cellphone)) OR ((strlen($user_cellphone)) != ){ $user_cellphone_error = "Mobil nummer skal være på 8 tal!"; } //eveluate user_mail if (eval_mail($user_mail)){ $user_mail_error = "Ikke en gyldig mailadresse!"; } // //start database handeling if no error is set // if(!isset($user_name_error) && !isset($user_password_error) && !isset($user_title_error) && !isset($user_first_names_error) && !isset($user_surname_error) && !isset($user_initials_error) && !isset($user_direct_phone_error) && !isset($user_cellphone_error) && !isset($user_mail_error) && !isset($new_user_password_error)) { // //use this query if a new user is added if($action == "user_add"){ $order_user_id = "ALTER TABLE user AUTO_INCREMENT = 1"; mysql_query($order_user_id); $sql = "INSERT INTO user (user_name, user_password, user_title, user_first_names, user_surname, user_initials, user_direct_phone, user_cellphone, user_mail, user_permissions) VALUES ('" . $user_name . "', '" . $encrypt_user_password = md5($user_password) . "', '" . $user_title . "', '" . $user_first_names . "', '" . $user_surname . "', '" . $user_initials . "', '" . $user_direct_phone . "', '" . $user_cellphone . "', '" . $user_mail . "', '" . $user_permissions . "')"; } // //use this query if a user is edited if($action == "user_edit"){ //if a new password is submitted //the new password gets encrypted and passed to new variable if(!empty($new_user_password)){ $user_password = md5($new_user_password); } else { $user_password = $existing_user_password; } $sql = "UPDATE user SET user_name = '$user_name', user_password = '$user_password', user_title = '$user_title', user_first_names = '$user_first_names', user_surname = '$user_surname', user_initials = '$user_initials', user_direct_phone = '$user_direct_phone', user_cellphone = '$user_cellphone', user_mail = '$user_mail', user_permissions = '$user_permissions' WHERE user_id = '$user_id'"; } // //check if query is set and not empty and sent query to database if (isset($sql) && !empty($sql)) { mysql_query($sql) or die("Invalid query: " . mysql_error()); //get user_id from last query if action == user_add if($action == "user_add") { $user_id = mysql_insert_id(); } ?> <html> <head> <script type="text/javascript"> window.onload = function() { // Reload the parent window window.top.location.href = "users.php?action=user_call&user_id=<?php echo $user_id; ?>"; } </script> </head> </html> <?php } } } ?> <!-- Print data to screen --> <?php echo $doctype; ?> <html> <head> <title>user call</title> <link rel="stylesheet" type="text/css" media="screen" href="../css/main_css.css"> </head> <body> <div id="framedocs"> <?php if($action != "user_call") { ?> <form action="<?php $_SERVER['PHP_SELF']?>?action=<?php echo $action; ?>&form_action=commit&user_id=<?php echo $user_id; ?>" method="post"> <?php } ?> <fieldset> <legend><a class="h1">BRUGEROPLYSNINGER</a></legend> <table cellspacing="0" cellpadding="3"> <tr> <td class="fade" width="35%">Titel:</td> <td width="35%"><?php if($action != "user_call"){ ?> <input class="required" type="text" name="user_title" value="<?php echo $user_title; ?>"> <?php } else {echo $user_title;} ?> </td> <td class="fade" width="20%" align="right">Initialer:</td> <td width="10%"><?php if($action != "user_call"){ ?> <input class="required" type="text" name="user_initials" value="<?php echo $user_initials; ?>"> <?php } else {echo $user_initials;} ?> </td> </tr> <?php //error if exists if(isset($user_title_error)){ ?> <tr> <td width="35%"></td> <td colspan="3" class="error"><?php echo $user_title_error; ?></td> </tr> <?php } ?> <?php //error if exists if(isset($user_initials_error)){ ?> <tr> <td width="35%"></td> <td colspan="3" class="error"><?php echo $user_initials_error; ?></td> </tr> <?php } ?> <tr> <td class="fade" width="35%">Fornavn(e):</td> <td width="65%" colspan="3"><?php if($action != "user_call"){ ?> <input class="required" type="text" name="user_first_names" value="<?php echo $user_first_names; ?>"> <?php } else {echo $user_first_names;} ?> </td> </tr> <?php //error if exists if(isset($user_first_names_error)){ ?> <tr> <td width="35%"></td> <td colspan="3" class="error"><?php echo $user_first_names_error; ?></td> </tr> <?php } ?> <tr> <td class="fade" width="35%">Efternavn:</td> <td width="65%" colspan="3"><?php if($action != "user_call"){ ?> <input class="required" type="text" name="user_surname" value="<?php echo $user_surname; ?>"> <?php } else {echo $user_surname;} ?> </td> </tr> <?php //error if exists if(isset($user_surname_error)){ ?> <tr> <td width="35%"></td> <td colspan="3" class="error"><?php echo $user_surname_error; ?></td> </tr> <?php } ?> <tr> <td class="fade" width="35%">Mobil nummer:</td> <td width="65%" colspan="3"><?php if($action != "user_call"){ ?> <input class="required" type="text" name="user_cellphone" value="<?php echo $user_cellphone; ?>"> <?php } else {echo $user_cellphone;} ?> </td> </tr> <?php //error if exists if(isset($user_cellphone_error)){ ?> <tr> <td width="35%"></td> <td colspan="3" class="error"><?php echo $user_cellphone_error; ?></td> </tr> <?php } ?> <tr> <td class="fade" width="35%">Direkte nummer:</td> <td width="65%" colspan="3"><?php if($action != "user_call"){ ?> <input type="text" name="user_direct_phone" value="<?php echo $user_direct_phone; ?>"> <?php } else {echo $user_direct_phone;} ?> </td> </tr> <?php //error if exists if(isset($user_direct_phone_error)){ ?> <tr> <td width="35%"></td> <td colspan="3" class="error"><?php echo $user_direct_phone_error; ?></td> </tr> <?php } ?> <tr> <td class="fade" width="35%">Mail:</td> <td width="65%" colspan="3"><?php if($action != "user_call"){ ?> <input class="required" type="text" name="user_mail" value="<?php echo $user_mail; ?>"> <?php } else {echo $user_mail;} ?> </td> </tr> <?php //error if exists if(isset($user_mail_error)){ ?> <tr> <td width="35%"></td> <td colspan="3" class="error"><?php echo $user_mail_error; ?></td> </tr> <?php } ?> <tr> <td class="fade" width="35%">Brugernavn:</td> <td width="65%" colspan="3"><?php if($action != "user_call"){ ?> <input class="required" type="text" name="user_name" value="<?php echo $user_name; ?>"> <?php } else {echo $user_name;} ?> </td> </tr> <?php //error if exists if(isset($user_name_error)){ ?> <tr> <td width="35%"></td> <td colspan="3" class="error"><?php echo $user_name_error; ?></td> </tr> <?php } ?> <?php if($action == "user_add"){ ?> <tr> <td class="fade" width="35%">Adgangskode:</td> <td width="65%" colspan="3"> <input class="required" type="text" name="user_password" value="<?php echo $user_password; ?>"> </td> </tr> <?php } ?> <?php if($action == "user_edit"){ ?> <tr> <td class="fade" width="35%">Ny adgangskode:</td> <td width="65%" colspan="3"> <input type="text" name="new_user_password" value="<?php echo $new_user_password; ?>"> </td> </tr> <?php //error if exists if(isset($new_user_password_error)){ ?> <tr> <td width="35%"></td> <td colspan="3" class="error"><?php echo $new_user_password_error; ?></td> </tr> <?php } ?> <tr> <td class="fade" width="35%">Bekræft adgangskode:</td> <td width="65%" colspan="3"> <input type="text" name="confirm_new_user_password" value=""> </td> </tr> <?php } ?> <?php //error if exists if(isset($user_password_error)){ ?> <tr> <td width="35%"></td> <td colspan="3" class="error"><?php echo $user_password_error; ?></td> </tr> <?php } ?> <tr> <td class="fade" width="35%">Rettigheder:</td> <td width="65%" colspan="3"> <?php echo $user_permissions; ?></td> </tr> </table> </fieldset> <table cellspacing="0" cellpadding="3"> <tr> <td align="right"> <?php if($action == "user_call"){ ?> <a class="fade">rediger</a> <a href="<?php $_SERVER['PHP_SELF']?>?action=user_edit&user_id=<?php echo $user_id; ?>"> <img src="../icon/pencil.png" title="rediger" alt="" border="0"/></a> <a class="fade">slet</a> <a href="user_delete.php?action=user_delete&user_id=<?php echo $user_id; ?>" target="_top"> <img src="../icon/delete.png" title="slet bruger" alt="" border="0"/></a> <?php } if($action != "user_call") { ?> <a class="fade">accepter</a> <input type="image" title="accepter" src="../icon/accept.png" style="width:16px; background-color: transparent"> <a class="fade">anuller</a> <a href="<?php $_SERVER['PHP_SELF']?>?action=user_call&user_id=<?php echo $user_id; ?>"> <img src="../icon/cross.png" title="anuller" alt="" border="0"/></a> <?php }?> </td> </tr> </table> <?php if($action != "user_call") { ?></form><?php } ?> </div> </body> </html> I will probably never become a programmer, but I like it and like to learn it probably (with limits of cause), and therefore your advice would be most welcome! Thanks! Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted July 15, 2010 Share Posted July 15, 2010 I realize you didn't ask for a code critique, but if that's from a live site, you need to take steps to prevent SQL injection attacks before they happen. Also, what is the purpose of using "ALTER TABLE user AUTO_INCREMENT = 1"prior to inserting a new user? Otherwise, I didn't see any glaring problems with the structure, etc. Quote Link to comment Share on other sites More sharing options...
dbk Posted July 15, 2010 Author Share Posted July 15, 2010 Thanks Pikachu2000! Your absolutely right, I have to prevent injections with the stripslashes and mysql_real_escape_string (the ones I know). The ALTER TABLE is used because users will be deleted and new made, and with ALTER I kind of reset the primary key to start from the highest key number. In that way I try to prevent to big "holes" in the sequence of primary key. The application is mostly for "in house" use, but the plan is to make it accessible from the web later on! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.