Jump to content

creating an admin interface, info required!

fa_dy

By fa_dy
in PHP Coding Help

 Share

Recommended Posts

fa_dy Newbie

fa_dy

Posted
Posted

Hello guys, hope all of you are doing good. I want to ask a quick question . I have developed this track and trace application (php script) through which users can trace their shipment by entering a bill of lading number in the track and trace interface on our website and then the information stored in our database is displayed to them. Currently, what I do to add new or change the status of existing bill of lading numbers is that first I have to log in to the cPanel of my website, then I need to log in to phpmyadmin and then I can add new bill of lading numbers or change the number of existing bill of lading numbers. This is a pretty long way and I don't want to give the cPanel password to other employees so that they can do the job of entering bill of lading numbers. So I was thinking that can an interface be created through which any employee can add new or change the status etc. of the bill of lading numbers stored in the database without actually logging in to phpmyadmin? The interface would obviously be connected to the database and any new bill of lading number entered through the interface should automatically be stored in the database. And on the other hand, the bill of lading numbers which are already stored in the database, they can also be edited through this interface. Please let me know if such an interface can be created. And if yes, is there any tutorial on how this can be done? Thanks.

Link to comment
Share on other sites
downah Member

downah

Posted
Posted

Wouldn't be very hard to do! just check out the mysql update function http://www.w3schools.com/php/php_mysql_update.asp to update records and to create new records http://www.w3schools.com/php/php_mysql_insert.asp and to delete records http://www.w3schools.com/php/php_mysql_delete.asp

 

to connect to db:

http://www.w3schools.com/php/php_mysql_connect.asp

 

You could write that whole script in a day just getting things of w3schools php section, so don't worry and get started! :)

 

 

Link to comment
Share on other sites
jcbones Newbie

jcbones

Posted
Posted

Tizag is a much better tutorial than w3schools.  As w3schools will often lead you down the wrong path.  One thing that neither will tell you is how important data sanitation and validation are. 

 

If you get stuck, we can help.  If you have a question, we can help.

Link to comment
Share on other sites
scootstah Member

scootstah

Posted
Posted

Tizag is a much better tutorial than w3schools.  As w3schools will often lead you down the wrong path.  One thing that neither will tell you is how important data sanitation and validation are. 

 

If you get stuck, we can help.  If you have a question, we can help.

 

They're both out-dated.

 

If you're new to the scene anyway, you might as well learn it right the first time and use MySQLi or PDO.

 

Being a beginner you might be better off choosing MySQLi over PDO just due to the fact that MySQLi has an optional procedural API.

Link to comment
Share on other sites
downah Member

downah

Posted
Posted

Interesting, but I can't tell you how much I've learned on W3 schools(I have only been coding over the past couple of months), although you are right they don't help sanitize your code.. I don't really like tizag, and have only just recently read up about mysqli which is pretty annoying (wish I did from the start), but I didnt get pointed to it or really noticed it after awhile, most tutorials are the 'old'? mysql it seems.. either way apart from all that I have been writing pretty functional scripts so it is definitely still possible!

Link to comment
Share on other sites
scootstah Member

scootstah

Posted
Posted
most tutorials are the 'old'? mysql it seems..

 

Yeah, most of those tutorial sites are still in the PHP4 era. It's really frustrating helping beginners when they pretty much need to unlearn everything they have read on those sites because it's just plain wrong.

 

either way apart from all that I have been writing pretty functional scripts so it is definitely still possible!

 

Functional maybe, but efficient, secure, etc? Probably not (no offense to you). It would be in your best interest to stop going to those sites and learn from reputable and up-to-date sources. In fact, the PHP manual is (usually) pretty up-to-date and one of the best ways to learn how to use new functions or parts of the API.

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted
I have developed this track and trace application (php script) through which users can trace their shipment by entering a bill of lading number in the track and trace interface on our website

 

^^^ If you were able to do that, what exact issue are you having creating a php script to provide an administrative interface? It would be just more of the same basic form/form processing/database query concepts, possibly with a little login/session security to limit access to specific logged in users.

Link to comment
Share on other sites
downah Member

downah

Posted
Posted

most tutorials are the 'old'? mysql it seems..

 

Yeah, most of those tutorial sites are still in the PHP4 era. It's really frustrating helping beginners when they pretty much need to unlearn everything they have read on those sites because it's just plain wrong.

 

either way apart from all that I have been writing pretty functional scripts so it is definitely still possible!

 

Functional maybe, but efficient, secure, etc? Probably not (no offense to you). It would be in your best interest to stop going to those sites and learn from reputable and up-to-date sources. In fact, the PHP manual is (usually) pretty up-to-date and one of the best ways to learn how to use new functions or parts of the API.

 

You are probably right, but I don't have the knowledge to check either of those (downsides of being a nooby) so to me it functionals, and I stess lots on making it as secure as possible, sanitise each string that comes in (I only realized a while ago of things like firebug) and then I realized what if people change my select box to a normal input box and submit the form like that through firebug? since I wasn't sanitizing basically anything that wasn't normal text input  :-\ still not sure if that is possible with firebug but better safe than sorry.

 

Either way the PHP manual is actually very confusing for a beginner, so most people search for easier explained tutorials and websites, and unfortunately these seem to be the old ones.

 

Thanks for your advice though, if there is no mention of mysqli, would you say that is it outdated?

 

 

 

Link to comment
Share on other sites
scootstah Member

scootstah

Posted
Posted
still not sure if that is possible with firebug but better safe than sorry.

 

It is possible, and not just with Firebug. The PHP script doesn't know what kind of form field you used, only that it was sent a POST request. Therefore you can send any information that you want to any POST field. In fact, you can even create your own POST data to send to any website regardless of whether or not there was ever a form to submit. Because of this, you can never ever trust user input. You should only handle the data that you expect to receive and disregard all other data. If the data was not in the expected format, or of the expected type, etc you should either convert it to the proper format/type/value if it is non-essential or present them with an error. Aside from a bug in your code, the only time most of these things will ever occur is by someone purposefully trying to make them occur.

 

Either way the PHP manual is actually very confusing for a beginner, so most people search for easier explained tutorials and websites, and unfortunately these seem to be the old ones.

 

Don't forget to scroll down passed the actual manual. There are often comments which demonstrate different ways to do things that the manual doesn't cover.

 

Thanks for your advice though, if there is no mention of mysqli, would you say that is it outdated?

 

It is at least outdated on any MySQL tutorials. The mysql extension is for PHP4. There are better options available now, like the mysqli extension or the PDO extension. Each have their own pros and cons but they are both better than the mysql extension.

 

The good news for a beginner is that the mysqli extension exactly matches all of the functionality of the mysql extension. Therefore any tutorials using the mysql extensions are still technically viable by converting the syntax to the mysqli extension, which in most cases is simply adding an i to the end of the "mysql" in the function name and/or changing/adding different parameters to the function.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.