Typical problem to be solved with a web application is to offer a list of (cars, products, books...), where user should select one to buy or rent. For each line to be selected, there is either a link, or a button to press. The only correct way how to solve this problem is to use javascript, but it would be too complicate for us now.
Today, we will try to create a table with a list of products. We will solve a form response on the next week training.
Using links
It is the easiest way, but if we call a php script using a link, we will have to use the GET method. As a result, all passed parameters will be freely readable in the address line. For example, if we like to pass a variable "o" with the value of "6" and a variable "z" with the value of "wolf", we will write an "a" (anchor) html command:
|
For our application, we need a password as well (green in previous example). We can include it to the next variable, as in the example (but anybody could see it), or save it to cookie or a session variable (if we pass the login name, we can start session properly). The complete source of a table could look like this:
|
It should be repeated, that for keeping our examples as simple as possible, we have the password included as the next variable in the GET structure (as part of the url). Correct solution would be to create a cookie or a session with the login name as a key for the "session start" command.
The result could look like this:
| type | tax |
|---|---|
| Audi A100 | 12 |
| Renault 12 | 6 |
| Citroen 2CV | 4 |
Note, that we should list only cars, which is still free. For this, I have a column with id of user, who has the car rented, included in the table (if the car is free, we have a "0" in this column - the id of customers starts with 1 and has no duplicities, because it was created with SQL parameters "auto increment primary key". In applications, where objects are indexed from zero, we can use either -1, or a value, which is out of range, for example 99999):
| id | type | cost | who |
| 1 | Audi A100 | 12 | 6 |
| 2 | Renault 12 | 6 | 0 |
The previous table (for the car selection) could be created by code like this (assume setting of a user name in a variable of $_GET["login"] from the previous form):
<?php
$link=mysqli_connect('mysql.webzdarma.cz','zpp','[password]','zpp')
or die('Error: '.mysqli_error($link));
if ($result=mysqli_query($link,"select * from cars;") )
{
echo "<table border=1>\n<tr><th>type<th>tax\n";
while ($row=mysqli_fetch_row($result)) {
echo '<tr><td><a href="rent.php?o='.$row[0].'&z='.$_GET['login'].'&p='.$_GET['pwd'].'"';
echo ">".$row[1]."</a><td>".$row[2]."\n";
}
echo "</table>";
}
mysqli_close($link);
?>
?>
|
Note, that one of the echo command (marked
red) has to use apostrofes
instead of double quotations,
because there should be the double quotation in the resulting
html code.
Note II.: using the mysql_fetch_row we will get result as a
"classic" (one-dimensional, not associative) array, so
we can read it by indexes (numbers), instead of names of
particular fields. The first element in this type of array has
index 0 (indexed from zero).
Next week, we will show, how a rent.php should work.
The Submit buttons
If we need a POST method, the easiest way for us will be to make each button being the form itself. In this form, we will see only this "submit" buttons, but another values (login, password) could be included as an hidden input variable:
|
The resulting table could look like:
| type | tax | rent it! |
|---|---|---|
| Audi A100 | 12 | |
| Renault 12 | 6 | |
| Citroen 2CV | 4 |
For this form evaluation, we will have to ask, if the variable exists ( $_POST['id_3'] == true ), not for it's value (always "rent it"). It would sound reasonable to add the car id among the hidden parameters:
|
A double quotation could be inserted using apostrophes, or use
the backslash before them ( \" ). Again, assume $_POST["login"] and $_POST["login"]
will be set from a previous php script. The above table could be
than generated by following php code:
<?php
$link=mysqli_connect('mysql.webzdarma.cz','zpp','[password]','zpp')
or die('Error: '.mysqli_error($link));
if ($result=mysqli_query($link,"SELECT id,type,priceperday FROM cars;") )
{
echo "<table border=1>\n<tr><th>type<th>tax<th>rent it!";
while ($row=mysqli_fetch_row($result)) {
echo "<tr>";
echo "<td>".$row[1]."<td>".$row[2]."<td>";
echo '<Form action="rent.php" method="post">';
echo '<input type="submit" name="submit" value= "rent it">';
echo '<input type="hidden" name="login" value="'.$_GET["login"].'">';
echo '<input type="hidden" name="pwd" value="'.$_GET["pwd"].'">';
echo '<input type="hidden" name="car" value="'.$row[0].'">';
echo "\n</Form>\n";
}
echo "</table>";
}
mysqli_close($link);
?>
|
Tested: http://users.fs.cvut.cz/~hlavavla/SQL/SQL.php?login=scott&pwd=tiger with the universal form response as the link.
Note: the password control could be provided by following code:
<?php
$link=mysqli_connect('mysql.webzdarma.cz','zpp','[password]','zpp')
or die('Error: '.mysqli_error($link));
// we can split a command to more lines using backslash
// just before the end of line (there must be no spaces after it):
$result=mysqli_query($link,'SELECT id FROM people WHERE login="'\
.$_POST['login'].'" AND pwd="'.$_POST['pwd'].'";');
if ($result) { //we have value, so test, if it is a valid user...
$row=mysqli_fetch_assoc($result);
if ($row["id"]>0){ //yes, if "id" is bigger then zero, it is valid user
$id_z=$row["id"];
//**********
// any code of this page, for example from the above frame
//**********
} else {echo "internal error of our script";};}
mysqli_close($link);
?>
|
In this example, we assume getting a login and the pwd passed from the previous script in the POST structure; than we try to find this combination in the user table (pink); if there is this combination, the password is correct (the number of user, id, is then read from the table, see blue and violet lines). As a result, we will get (from the same line) the user id as well (we will need the user id for recording any changes into database).
http://users.fs.cvut.cz/~hlavavla/SQL/SQL.php?login=novak&pwd=honza ... http://iat.fs.cvut.cz/web/cv/sql/sql.html
http://users.fs.cvut.cz/~hlavavla/SQL/SQL1.php?login=scott&pwd=tiger ... http://iat.fs.cvut.cz/web/cv/sql/sql1.html
http://users.fs.cvut.cz/~hlavavla/PhpProject2/SQL2.php ... http://iat.fs.cvut.cz/web/cv/sql/sql2.html
http://users.fs.cvut.cz/~hlavavla/PhpProject2/SQL3.php?debug=1 (called by modified SQL1) ... http://iat.fs.cvut.cz/web/cv/sql/sql3.html
Another solution:
Prepared for the tables from the SQLtraining (DKS).
menu.php - order.php - rentit.php. Requites name and password from the userst table (zpp.wz.cz) .