Using class method

[Bravat]

I found class on the net, and i am having a bit of a problem to understand how does update method works. Here is the code:

public function update() {
  global $database;
	// Don't forget your SQL syntax and good habits:
	// - UPDATE table SET key='value', key='value' WHERE condition
	// - single-quotes around all values
	// - escape all values to prevent SQL injection
	$attributes = $this->sanitized_attributes();
	$attribute_pairs = array();
	foreach($attributes as $key => $value) {
	  $attribute_pairs[] = "{$key}='{$value}'";
	}
	$sql = "UPDATE ".self::$table_name." SET ";
	$sql .= join(", ", $attribute_pairs);
	$sql .= " WHERE id=". $database->escape_value($this->id);
  $database->query($sql);
  return ($database->affected_rows() == 1) ? true : false;
}

 

I have form like this to deal with update:

<form action="index.php?page=languages" enctype="multipart/form-data" method="POST">
    <?php foreach($language as $lang){ ?>
    	<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $max_file_size; ?>" />
    <label>Jezik</label><input type="text" size="50" name="language" value="<?php 	echo $lang->lang; ?>" /><br>
    <input type="hidden" name="id_lang" value="<?php echo $lang->id_lang; ?>"  />
<label>Slika</label><input type="file" name="image"><?php 
echo "<img src=\"../images/";
		echo $lang->image;
		echo "\">";
?> <br>
    <label>Pozicija</label><input type="text" name="pozicija" value="<?php echo $lang->pozicija; ?>" size="2" /></p> <br>
<input type="submit" name="submit_update" value="Unesi"> 
    <?php } ?>  
    </form>

and code to start the function:

if(isset($_POST['submit_update'])) {
	$language = new Jezik();
	$language->update();		
}

What next???

[btherl]

Can you post the code for the sanitized_attributes() method please.  The entire class may be needed, to see how data gets into the class.

[Bravat]

This is the hole class:

class Jezik {

protected static $table_name=" language";
protected static $db_fields=array('id_lang', 'lang',  'image', 'pozicija');
public $id_lang;
public $lang;
public $image;
public $pozicija;

private $temp_path;
  protected $upload_dir="images";
  public $errors=array();
  
	  protected $upload_errors = array(
	// http://www.php.net/manual/en/features.file-upload.errors.php
	UPLOAD_ERR_OK 				=> "No errors.",
	UPLOAD_ERR_INI_SIZE  	=> "Larger than upload_max_filesize.",
  UPLOAD_ERR_FORM_SIZE 	=> "Larger than form MAX_FILE_SIZE.",
  UPLOAD_ERR_PARTIAL 		=> "Partial upload.",
  UPLOAD_ERR_NO_FILE 		=> "No file.",
  UPLOAD_ERR_NO_TMP_DIR => "No temporary directory.",
  UPLOAD_ERR_CANT_WRITE => "Can't write to disk.",
  UPLOAD_ERR_EXTENSION 	=> "File upload stopped by extension."
);

// Pass in $_FILE(['uploaded_file']) as an argument
  public function attach_file($file) {
	// Perform error checking on the form parameters
	if(!$file || empty($file) || !is_array($file)) {
	  // error: nothing uploaded or wrong argument usage
	  $this->errors[] = "No file was uploaded.";
	  return false;
	} elseif($file['error'] != 0) {
	  // error: report what PHP says went wrong
	  $this->errors[] = $this->upload_errors[$file['error']];
	  return false;
	} else {
		// Set object attributes to the form parameters.
	  $this->temp_path  = $file['tmp_name'];
	  $this->image   = basename($file['name']);
		// Don't worry about saving anything to the database yet.
		return true;

	}
}
  	public function save() {
	// A new record won't have an id yet.
	if(isset($this->id)) {
		// Really just to update the caption
		$this->update();
	} else {
		// Make sure there are no errors

		// Can't save if there are pre-existing errors
	  if(!empty($this->errors)) { return false; }	  

	  // Can't save without filename and temp location
	  if(empty($this->image) || empty($this->temp_path)) {
	    $this->errors[] = "The file location was not available.";
	    return false;
	  }

		// Determine the target_path
	  $target_path = SITE_ROOT .DS.$this->upload_dir .DS. $this->image;
		// Attempt to move the file 
		if(move_uploaded_file($this->temp_path, $target_path)) {
	  	// Success
			// Save a corresponding entry to the database
			if($this->create()) {
				// We are done with temp_path, the file isn't there anymore
				unset($this->temp_path);
				return true;
			}
		} else {
			// File was not moved.
	    $this->errors[] = "The file upload failed, possibly due to incorrect permissions on the upload folder.";
	    return false;
		}
	}
}

public function destroy() {
	// First remove the database entry
	if($this->delete()) {
		// then remove the file
	  // Note that even though the database entry is gone, this object 
		// is still around (which lets us use $this->image_path()).
		$target_path = SITE_ROOT.DS.$this->image_path();
		return unlink($target_path) ? true : false;
	} else {
		// database delete failed
		return false;
	}
}

public function image_path() {
  return $this->upload_dir.DS.$this->filename;
}

public function size_as_text() {
	if($this->size < 1024) {
		return "{$this->size} bytes";
	} elseif($this->size < 1048576) {
		$size_kb = round($this->size/1024);
		return "{$size_kb} KB";
	} else {
		$size_mb = round($this->size/1048576, 1);
		return "{$size_mb} MB";
	}
}

// Common Database Methods
public static function find_all() {
	return self::find_by_sql("SELECT * FROM ".self::$table_name);
  }
  
  public static function find_by_id($id=0) {
  global $database;
    $result_array = self::find_by_sql("SELECT * FROM ".self::$table_name." WHERE product_id=".$database->escape_value($id)." LIMIT 1");
	return !empty($result_array) ? array_shift($result_array) : false;
  }
  
  public static function find_by_sql($sql="") {
    global $database;
    $result_set = $database->query($sql);
    $object_array = array();
    while ($row = $database->fetch_array($result_set)) {
      $object_array[] = self::instantiate($row);
    }
    return $object_array;
  }

public static function count_all() {
  global $database;
  $sql = "SELECT COUNT(*) FROM ".self::$table_name;
    $result_set = $database->query($sql);
  $row = $database->fetch_array($result_set);
    return array_shift($row);
}

private static function instantiate($record) {
	// Could check that $record exists and is an array
    $object = new self;
	// Simple, long-form approach:
	// $object->id 				= $record['id'];
	// $object->username 	= $record['username'];
	// $object->password 	= $record['password'];
	// $object->first_name = $record['first_name'];
	// $object->last_name 	= $record['last_name'];

	// More dynamic, short-form approach:
	foreach($record as $attribute=>$value){
	  if($object->has_attribute($attribute)) {
	    $object->$attribute = $value;
	  }
	}
	return $object;
}

private function has_attribute($attribute) {
  // We don't care about the value, we just want to know if the key exists
  // Will return true or false
  return array_key_exists($attribute, $this->attributes());
}

protected function attributes() { 
	// return an array of attribute names and their values
  $attributes = array();
  foreach(self::$db_fields as $field) {
    if(property_exists($this, $field)) {
      $attributes[$field] = $this->$field;
    }
  }
  return $attributes;
}

protected function sanitized_attributes() {
  global $database;
  $clean_attributes = array();
  // sanitize the values before submitting
  // Note: does not alter the actual value of each attribute
  foreach($this->attributes() as $key => $value){
    $clean_attributes[$key] = $database->escape_value($value);
  }
  return $clean_attributes;
}

// replaced with a custom save()
// public function save() {
//   // A new record won't have an id yet.
//   return isset($this->id) ? $this->update() : $this->create();
// }

public function create() {
	global $database;
	// Don't forget your SQL syntax and good habits:
	// - INSERT INTO table (key, key) VALUES ('value', 'value')
	// - single-quotes around all values
	// - escape all values to prevent SQL injection
	$attributes = $this->sanitized_attributes();
  $sql = "INSERT INTO ".self::$table_name." (";
	$sql .= join(", ", array_keys($attributes));
  $sql .= ") VALUES ('";
	$sql .= join("', '", array_values($attributes));
	$sql .= "')";
  if($database->query($sql)) {
    $this->product_id = $database->insert_id();
    return true;
  } else {
    return false;
  }
}

public function update() {
  global $database;
	// Don't forget your SQL syntax and good habits:
	// - UPDATE table SET key='value', key='value' WHERE condition
	// - single-quotes around all values
	// - escape all values to prevent SQL injection
	$attributes = $this->sanitized_attributes();
	$attribute_pairs = array();
	foreach($attributes as $key => $value) {
	  $attribute_pairs[] = "{$key}='{$value}'";
	}
	$sql = "UPDATE ".self::$table_name." SET ";
	$sql .= join(", ", $attribute_pairs);
	$sql .= " WHERE id=". $database->escape_value($this->id);
  $database->query($sql);
  return ($database->affected_rows() == 1) ? true : false;
}

public function delete() {
	global $database;
	// Don't forget your SQL syntax and good habits:
	// - DELETE FROM table WHERE condition LIMIT 1
	// - escape all values to prevent SQL injection
	// - use LIMIT 1
  $sql = "DELETE FROM ".self::$table_name;
  $sql .= " WHERE id=". $database->escape_value($this->id);
  $sql .= " LIMIT 1";
  $database->query($sql);
  return ($database->affected_rows() == 1) ? true : false;

	// NB: After deleting, the instance of User still 
	// exists, even though the database entry does not.
	// This can be useful, as in:
	//   echo $user->first_name . " was deleted";
	// but, for example, we can't call $user->update() 
	// after calling $user->delete().
}

}

?>

[btherl]

update() calls sanitized_attributes() which uses $this->attributes(), which reads properties for each database field.  So you would use it like this:

 

$language->id_lang = ... ;

$language->lang = ... ;

$language->image = ... ;

$language->pozicija = ... ;

$language->update();

 

OR, you would use another class method to initialize those values, then change some of them, and then call update() to save the changes.

[Bravat]

This helps a lot  . Thank you.