Bravat Posted March 24, 2011 Share Posted March 24, 2011 I found class on the net, and i am having a bit of a problem to understand how does update method works. Here is the code: public function update() { global $database; // Don't forget your SQL syntax and good habits: // - UPDATE table SET key='value', key='value' WHERE condition // - single-quotes around all values // - escape all values to prevent SQL injection $attributes = $this->sanitized_attributes(); $attribute_pairs = array(); foreach($attributes as $key => $value) { $attribute_pairs[] = "{$key}='{$value}'"; } $sql = "UPDATE ".self::$table_name." SET "; $sql .= join(", ", $attribute_pairs); $sql .= " WHERE id=". $database->escape_value($this->id); $database->query($sql); return ($database->affected_rows() == 1) ? true : false; } I have form like this to deal with update: <form action="index.php?page=languages" enctype="multipart/form-data" method="POST"> <?php foreach($language as $lang){ ?> <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $max_file_size; ?>" /> <label>Jezik</label><input type="text" size="50" name="language" value="<?php echo $lang->lang; ?>" /><br> <input type="hidden" name="id_lang" value="<?php echo $lang->id_lang; ?>" /> <label>Slika</label><input type="file" name="image"><?php echo "<img src=\"../images/"; echo $lang->image; echo "\">"; ?> <br> <label>Pozicija</label><input type="text" name="pozicija" value="<?php echo $lang->pozicija; ?>" size="2" /></p> <br> <input type="submit" name="submit_update" value="Unesi"> <?php } ?> </form> and code to start the function: if(isset($_POST['submit_update'])) { $language = new Jezik(); $language->update(); } What next??? Quote Link to comment Share on other sites More sharing options...
btherl Posted March 24, 2011 Share Posted March 24, 2011 Can you post the code for the sanitized_attributes() method please. The entire class may be needed, to see how data gets into the class. Quote Link to comment Share on other sites More sharing options...
Bravat Posted March 24, 2011 Author Share Posted March 24, 2011 This is the hole class: class Jezik { protected static $table_name=" language"; protected static $db_fields=array('id_lang', 'lang', 'image', 'pozicija'); public $id_lang; public $lang; public $image; public $pozicija; private $temp_path; protected $upload_dir="images"; public $errors=array(); protected $upload_errors = array( // http://www.php.net/manual/en/features.file-upload.errors.php UPLOAD_ERR_OK => "No errors.", UPLOAD_ERR_INI_SIZE => "Larger than upload_max_filesize.", UPLOAD_ERR_FORM_SIZE => "Larger than form MAX_FILE_SIZE.", UPLOAD_ERR_PARTIAL => "Partial upload.", UPLOAD_ERR_NO_FILE => "No file.", UPLOAD_ERR_NO_TMP_DIR => "No temporary directory.", UPLOAD_ERR_CANT_WRITE => "Can't write to disk.", UPLOAD_ERR_EXTENSION => "File upload stopped by extension." ); // Pass in $_FILE(['uploaded_file']) as an argument public function attach_file($file) { // Perform error checking on the form parameters if(!$file || empty($file) || !is_array($file)) { // error: nothing uploaded or wrong argument usage $this->errors[] = "No file was uploaded."; return false; } elseif($file['error'] != 0) { // error: report what PHP says went wrong $this->errors[] = $this->upload_errors[$file['error']]; return false; } else { // Set object attributes to the form parameters. $this->temp_path = $file['tmp_name']; $this->image = basename($file['name']); // Don't worry about saving anything to the database yet. return true; } } public function save() { // A new record won't have an id yet. if(isset($this->id)) { // Really just to update the caption $this->update(); } else { // Make sure there are no errors // Can't save if there are pre-existing errors if(!empty($this->errors)) { return false; } // Can't save without filename and temp location if(empty($this->image) || empty($this->temp_path)) { $this->errors[] = "The file location was not available."; return false; } // Determine the target_path $target_path = SITE_ROOT .DS.$this->upload_dir .DS. $this->image; // Attempt to move the file if(move_uploaded_file($this->temp_path, $target_path)) { // Success // Save a corresponding entry to the database if($this->create()) { // We are done with temp_path, the file isn't there anymore unset($this->temp_path); return true; } } else { // File was not moved. $this->errors[] = "The file upload failed, possibly due to incorrect permissions on the upload folder."; return false; } } } public function destroy() { // First remove the database entry if($this->delete()) { // then remove the file // Note that even though the database entry is gone, this object // is still around (which lets us use $this->image_path()). $target_path = SITE_ROOT.DS.$this->image_path(); return unlink($target_path) ? true : false; } else { // database delete failed return false; } } public function image_path() { return $this->upload_dir.DS.$this->filename; } public function size_as_text() { if($this->size < 1024) { return "{$this->size} bytes"; } elseif($this->size < 1048576) { $size_kb = round($this->size/1024); return "{$size_kb} KB"; } else { $size_mb = round($this->size/1048576, 1); return "{$size_mb} MB"; } } // Common Database Methods public static function find_all() { return self::find_by_sql("SELECT * FROM ".self::$table_name); } public static function find_by_id($id=0) { global $database; $result_array = self::find_by_sql("SELECT * FROM ".self::$table_name." WHERE product_id=".$database->escape_value($id)." LIMIT 1"); return !empty($result_array) ? array_shift($result_array) : false; } public static function find_by_sql($sql="") { global $database; $result_set = $database->query($sql); $object_array = array(); while ($row = $database->fetch_array($result_set)) { $object_array[] = self::instantiate($row); } return $object_array; } public static function count_all() { global $database; $sql = "SELECT COUNT(*) FROM ".self::$table_name; $result_set = $database->query($sql); $row = $database->fetch_array($result_set); return array_shift($row); } private static function instantiate($record) { // Could check that $record exists and is an array $object = new self; // Simple, long-form approach: // $object->id = $record['id']; // $object->username = $record['username']; // $object->password = $record['password']; // $object->first_name = $record['first_name']; // $object->last_name = $record['last_name']; // More dynamic, short-form approach: foreach($record as $attribute=>$value){ if($object->has_attribute($attribute)) { $object->$attribute = $value; } } return $object; } private function has_attribute($attribute) { // We don't care about the value, we just want to know if the key exists // Will return true or false return array_key_exists($attribute, $this->attributes()); } protected function attributes() { // return an array of attribute names and their values $attributes = array(); foreach(self::$db_fields as $field) { if(property_exists($this, $field)) { $attributes[$field] = $this->$field; } } return $attributes; } protected function sanitized_attributes() { global $database; $clean_attributes = array(); // sanitize the values before submitting // Note: does not alter the actual value of each attribute foreach($this->attributes() as $key => $value){ $clean_attributes[$key] = $database->escape_value($value); } return $clean_attributes; } // replaced with a custom save() // public function save() { // // A new record won't have an id yet. // return isset($this->id) ? $this->update() : $this->create(); // } public function create() { global $database; // Don't forget your SQL syntax and good habits: // - INSERT INTO table (key, key) VALUES ('value', 'value') // - single-quotes around all values // - escape all values to prevent SQL injection $attributes = $this->sanitized_attributes(); $sql = "INSERT INTO ".self::$table_name." ("; $sql .= join(", ", array_keys($attributes)); $sql .= ") VALUES ('"; $sql .= join("', '", array_values($attributes)); $sql .= "')"; if($database->query($sql)) { $this->product_id = $database->insert_id(); return true; } else { return false; } } public function update() { global $database; // Don't forget your SQL syntax and good habits: // - UPDATE table SET key='value', key='value' WHERE condition // - single-quotes around all values // - escape all values to prevent SQL injection $attributes = $this->sanitized_attributes(); $attribute_pairs = array(); foreach($attributes as $key => $value) { $attribute_pairs[] = "{$key}='{$value}'"; } $sql = "UPDATE ".self::$table_name." SET "; $sql .= join(", ", $attribute_pairs); $sql .= " WHERE id=". $database->escape_value($this->id); $database->query($sql); return ($database->affected_rows() == 1) ? true : false; } public function delete() { global $database; // Don't forget your SQL syntax and good habits: // - DELETE FROM table WHERE condition LIMIT 1 // - escape all values to prevent SQL injection // - use LIMIT 1 $sql = "DELETE FROM ".self::$table_name; $sql .= " WHERE id=". $database->escape_value($this->id); $sql .= " LIMIT 1"; $database->query($sql); return ($database->affected_rows() == 1) ? true : false; // NB: After deleting, the instance of User still // exists, even though the database entry does not. // This can be useful, as in: // echo $user->first_name . " was deleted"; // but, for example, we can't call $user->update() // after calling $user->delete(). } } ?> Quote Link to comment Share on other sites More sharing options...
btherl Posted March 24, 2011 Share Posted March 24, 2011 update() calls sanitized_attributes() which uses $this->attributes(), which reads properties for each database field. So you would use it like this: $language->id_lang = ... ; $language->lang = ... ; $language->image = ... ; $language->pozicija = ... ; $language->update(); OR, you would use another class method to initialize those values, then change some of them, and then call update() to save the changes. Quote Link to comment Share on other sites More sharing options...
Bravat Posted March 24, 2011 Author Share Posted March 24, 2011 This helps a lot . Thank you. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.