Assignment 2 - Databse Design

Finally came across a validation script I understand! Shew. I suck at this. Not the neatest solution out there by a long shot but at least I can make it do what I want in terms of validating each field with its own criteria and error msg

===Att..@Johnny - 72985186

---Couldn't help notice that your database wasn't called "registration". I'm assuming Mac's database will be called "registration" and ours needs to match his?
----See my reply post to Absolom72945079 earlier.



Hey ,
yep it's just registration Thanks I did'nt even notice that mistake ...
sharp eye's...

Hope Johnny changed his database name to registration..

OK. So have been using includes to bring some of my external PHP scripts into the main php pages but the thing I don't like is that once it's all done, the forms are still on the page. Is there a way to do a redirect in PHP? Only way seems to be to use the header() function but seems a bit tricky as u can't have any code before it

Any other suggestions?

I don't quite understand

A word to the wise ain't necessary - it's the stupid ones that need the advice.
Student Number:72793775

Well, I have actually figured out a solution but let me explain my problem anyways

So basically I would have a page (eg. add_course.php). This page would contain a form with a text box to add the course name in. Once I click the add button, it adds the course but the form is still there on the page.

When I wasn't using functions, hitting the add button would redirect to a new page (something like add.php) and then it would just say "course added" with the menu at the top. Much cleaner.

But now my script simply redirects to the management page once the course has been added

I just used header for that

A word to the wise ain't necessary - it's the stupid ones that need the advice.
Student Number:72793775

With the way my pages were structured it was too tricky to get it in before everything else so I just used an HTML Meta redirect.

Hey guys, for the course table are there any specific courses provided for us that we should use? Or should we just make up our own?
Also for the student table where you have to give the option to add a student, wouldn't that just be like setting a link to your student form page or maybe a copy of it but without the email registration code so the user can add the student and not get an email?

and @ Belanda yeah my database is named registration now Thanks good spotting

Johnny - 72985186 Wrote:
-------------------------------------------------------
> Hey guys, for the course table are there any
> specific courses provided for us that we should
> use? Or should we just make up our own?
> Also for the student table where you have to give
> the option to add a student, wouldn't that just be
> like setting a link to your student form page or
> maybe a copy of it but without the email
> registration code so the user can add the student
> and not get an email?


The idea of the course table is that the user should be able to add courses as he/she sees fit, then on the student registration form there must be a drop down list showing those courses that where added. So you won't be adding any courses, the user will. You add the student on your student_reg.php page, you code the form there. There is a contact_flag field in your database which can either be a 0 or 1 or a y or n, meaning only if it's 1 or y then an email must be sent. So just use an if/else statement to tell it whether to send the email or not or in your query just use WHERE contact_flag = 'y' Hope I've answered your questions

A word to the wise ain't necessary - it's the stupid ones that need the advice.
Student Number:72793775

Ah so that's what that contact_flag field was for haha. So with that being said in my student_man.php page I can just set a link to the student_reg.php when selected add student?

You can if you want, there are numerous ways you can do it

A word to the wise ain't necessary - it's the stupid ones that need the advice.
Student Number:72793775

And I will take the simple, lazy road haha thanks for clearing that up for me

You are welcome

A word to the wise ain't necessary - it's the stupid ones that need the advice.
Student Number:72793775

Alright so I'm trying to add the edit part for the student table. I have the student_man.php page which displays the info and an editstudent.php for editing the info. I'm having some difficulty with this. First page seems fine, displays information and provides the edit link next to each row. Problems I'm having now is nr1 when selecting edit the previously entered information does not display instead the fields of the form is empty. Nr2 when I enter random letters of information and submitting it, I receive an error for the entered information.
Here's the error for example:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '`sname` = 'fdhdf' `init` = 'gfhgf' `fname` = 'ghfg' `title` = 'jhgj' ' at line 3

Anyone got any ideas? I haven't really paid any attention to sql injection prevention, for now I'm just trying to get it to work. Am I on the right path with this code.

Here are my pages:

Student_man.php:

Language: PHP
<!-- Start of php code for retrieving student information -->
 
<?php
 
 
include ';includes/config.php';;
 
 
 
		//connect to database
$link=mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
 
 
 
		//error check
if (!$link)
{
	die(';could not connect: '; . mysql_error());
}
 
$db_selected=mysql_select_db(DB_NAME, $link);
 
 
 
		// error check
if (!$db_selected)
{
	die(';can\t use '; . DB_NAME . ';: '; . mysql_error());
}
 
	//query database
$query=mysql_query("SELECT * FROM student ");
 
 
	//fetch results and convert to table
 
	while ($rows = mysql_fetch_array($query)):
	echo "<a href=\"editstudent.php?id=" . $rows[';sno';] ."\" > edit </a>";
	$cname=$rows[';cname';];
	$sname=$rows[';sname';];
	$init=$rows[';init';];
	$fname=$rows[';fname';];
	$title=$rows[';title';];
	$msname=$rows[';msname';];
	$dob=$rows[';dob';];
	$sex=$rows[';sex';];
	$lang=$rows[';lang';];
	$idno=$rows[';idno';];
	$telh=$rows[';telh';];
	$telw=$rows[';telw';];
	$cell=$rows[';cel';];
	$fax=$rows[';fax';];
	$email=$rows[';email';];
	$address=$rows[';address';];
 
	echo 
	" 
	<table border=1px> 
	<tr>
	<td>$cname</td>
	<td>$sname</td>
	<td>$init</td>
	<td>$fname</td>
	<td>$title</td>
	<td>$msname</td>
	<td>$dob</td>
	<td>$sex</td>
	<td>$idno</td>
	<td>$telh</td>
	<td>$telw</td>
	<td>$cell</td>
	<td>$fax</td>
	<td>$email</td>
	<td>$address</td>
	</tr>
	</table>" ;
 
	endwhile;
?>	
 
 
</body>
</html>

And this is my editstudent.php code

Language: PHP
<?php
 
include ';includes/config.php';;
 
//connect to database
$link=mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
 
		//error check
if (!$link)
{
	die(';could not connect: '; . mysql_error());
}
 
$db_selected=mysql_select_db(DB_NAME, $link);
 
 
 
		// error check
if (!$db_selected)
{
	die(';can\t use '; . DB_NAME . ';: '; . mysql_error());
}
		// connected to database
 
if (!isset($_POST[';submit';])) 
{
	$q = "SELECT * FROM student WHERE ID = $_GET[sno]";
	$result = mysql_query($q);
	$person = mysql_fetch_array($result);
}
 
?>
 
<h1> You are editing a student </h1>
<form action="<?php echo $_SERVER[';PHP_SELF';]; ?>" method="post">
 
 
 
 
<p>Course name:</p>
<INPUT TYPE = "text"  name="input1"value="<?php echo $person[';cname';]; ?>" /> 
<br>
 
<p>Surname:</p>
<INPUT TYPE = "text"  name="input2"value="<?php echo $person[';sname';]; ?>" /> 
<br>
<p>Initials:</p>
<INPUT TYPE = "text"  name="input3"value="<?php echo $person[';init';]; ?>" /> 
<br>
<p>Full First Name:</p>
<INPUT TYPE = "text"  name="input4"value="<?php echo $person[';fname';]; ?>" /> 
<br>
<p>Title:</p>
<INPUT TYPE = "text"  name="input5"value="<?php echo $person[';title';]; ?>" /> 
<br>
<p>Maiden or previous surname:</p>
<INPUT TYPE = "text"  name="input6"value="<?php echo $person[';msname';]; ?>" /> 
<br>
<p>Date of Birth:</p>
<INPUT TYPE = "text"  name="input7"value="<?php echo $person[';dob';]; ?>" /> 
<br>
<p>Gender:</p>
<INPUT TYPE = "text"  name="input8"value="<?php echo $person[';sex';]; ?>" /> 
<br>
<p>Language for correspondence:</p>
<INPUT TYPE = "text"  name="input9"value="<?php echo $person[';lang';]; ?>" /> 
<br>
<p>Identity Number:</p>
<INPUT TYPE = "text"  name="input10"value="<?php echo $person[';id';]; ?>" /> 
<br>
<p>Home Telephone Code + Number:</p>
<INPUT TYPE = "text"  name="input11"value="<?php echo $person[';telh';]; ?>" /> 
<br>
<p>Work Telephone Code + Number:</p>
<INPUT TYPE = "text"  name="input12"value="<?php echo $person[';telw';]; ?>" /> 
<br>
<p>Cell Phone Number:</p>
<INPUT TYPE = "text"  name="input13"value="<?php echo $person[';cel';]; ?>" /> 
<br>
<p>Fax Code + Number:</p>
<INPUT TYPE = "text"  name="input14"value="<?php echo $person[';fax';]; ?>" /> 
<br>
<p>E-mail Address:</p>
<INPUT TYPE = "text"  name="input15"value="<?php echo $person[';email';]; ?>" /> 
<br>
<p>Postal Address of student:</p>
<INPUT TYPE = "text"  name="input16"value="<?php echo $person[';address';]; ?>" /> 
<br>
<INPUT TYPE = "Submit" name="submit" VALUE = "Submit"/>
 
 
<input type="hidden" name="sno" value="<?php echo $_GET[';sno';]; ?>" />
</form>
 
<?php
 
if(isset($_POST[';submit';]))
 
{
 
	$u = "UPDATE student SET 
	`cname` = ';$_POST[input1]'; 
	`sname` = ';$_POST[input2]'; 
	`init` = ';$_POST[input3]'; 
	`fname` = ';$_POST[input4]'; 
	`title` = ';$_POST[input5]'; 
	`msname` = ';$_POST[input6]'; 
	`dob` = ';$_POST[input7]'; 
	`sex` = ';$_POST[input8]'; 
	`lang` = ';$_POST[input9]'; 
	`idno` =';$_POST[input10]'; 
	`telh` = ';$_POST[input11]'; 
	`telw` = ';$_POST[input12]'; 
	`cel` = ';$_POST[input13]'; 
	`fax` = ';$_POST[input14]'; 
	`email` = ';$_POST[input15]'; 
	`address` = ';$_POST[input16]'; 
 
	WHERE ID = $_POST(sno)";
	mysql_query($u) or die(mysql_error());
 
	echo "User has been modified!";
	header("Location: index.php");
 
}
?>

Sorry know its quite alot of code but didn't want to leave anything out that may be causing the problems. Any ideas as to what I am doing wrong?

NR1:

Language: PHP
if (!isset($_POST[';submit';])) 
{
	$q = "SELECT * FROM student WHERE ID = $_GET[sno]";

Depending on the edit link, the if part should probably be the same as the the usage of it.

Language: PHP
	WHERE ID = $_POST(sno)";

should probably be $_POST['sno']

The sql values need to be separated by a ','

Language: SQL
UPDATE student SET sname = ';sname';, title=';ms'; WHERE sno = 10

--

Student Number: 7298-786-3

I'm trying to get my course id to display in the bottom left corner of the browser when you hover over the link but this is just not working , can anyone help me? I need to do this before I start working on my editing system , is there something I am doing wrong my query and loop for the data is below I have also included the part that's not working:

<?php /*-----retrieving data from course table-----*/ $querycourse='SELECT * FROM course ORDER BY cid DESC'; $result=mysql_query($querycourse,$dbmysql); while($row=mysql_fetch_assoc($result)) { ?><?php } ?>
<?php echo $row['cname']?> <="" a=""> <="" a="">


and it works fine, it's just this link that's not showing my 'cid' in the bottom of the screen when I hover over the link, I used a similar function for my add link and it works.What am I doing wrong?

@Stefan.Wiswedel , Please share the link to the easy validation code you found, everything I am coming across is way too complicated....

Not sure what the error with your code is.

Cannot find the exact page I used to help with my form validation but I also used this one preg_match. So, I essentially used the preg_match function to validate forms.

Hope this helps!

Absolom72945079 Wrote:
-------------------------------------------------------
> I'm trying to get my course id to display in the
> bottom left corner of the browser when

u.s.e. t.h.e. f.o.r.m.a.t.t.e.d. c.o.d.e. b.u.t.t.o.n. when posting code...u.s.e. t.h.e. f.o.r.m.a.t.t.e.d. c.o.d.e. b.u.t.t.o.n. when posting code...u.s.e. t.h.e. f.o.r.m.a.t.t.e.d. c.o.d.e. b.u.t.t.o.n. when posting code...u.s.e. t.h.e. f.o.r.m.a.t.t.e.d. c.o.d.e. b.u.t.t.o.n. when posting code...u.s.e. t.h.e. f.o.r.m.a.t.t.e.d. c.o.d.e. b.u.t.t.o.n. when posting code...u.s.e. t.h.e. f.o.r.m.a.t.t.e.d. c.o.d.e. b.u.t.t.o.n. when posting code...u.s.e. t.h.e. f.o.r.m.a.t.t.e.d. c.o.d.e. b.u.t.t.o.n. when posting code...u.s.e. t.h.e. f.o.r.m.a.t.t.e.d. c.o.d.e. b.u.t.t.o.n. when posting code...u.s.e. t.h.e. f.o.r.m.a.t.t.e.d. c.o.d.e. b.u.t.t.o.n. when posting code...u.s.e. t.h.e. f.o.r.m.a.t.t.e.d. c.o.d.e. b.u.t.t.o.n. when posting code...u.s.e. t.h.e. f.o.r.m.a.t.t.e.d. c.o.d.e. b.u.t.t.o.n. when posting code...

I cannot even see wher eyou have added the link.

Sorry Dr Mac that was real dumb from me, lol....feeling very stupid , I have put all the code below, please have and look and let me know what I am doing wrong, its only the delete and edit links that are not working, firstly I want to be able to see the 'cid' for each course when I hover over the links but it's just not working, Please assist me, I have been tryiing to debug this for a long time now....

Language: PHP
<?php
/*------includes for connection to database-----*/
include(';includes/config.php';);
 
/*------includes for functions-----*/
include(';includes/functions.php';);
?>
| <a href="student_reg.php">Register a student</a> | <a href="course_man.php">Manage courses</a> | <a href="student_man.php">Manage students</a> | <a href="list.php">View registrations</a><br />
 
 
<!--checking if add link has been clicked or edit link has been clicked-->
 
<?Php
 
	if(isset($_GET[';add';]) || isset($_GET[';edit_id';]) )
 
	{
 
?>
 
<!--forms is below-->
 
<form name="addcourse" action="course_man.php" method="POST">
 
 
Course name : <INPUT TYPE = "Text" VALUE ="<?PHP print $course ; ?>" NAME = "coursename"><br />
<br />
 
<INPUT TYPE = "Submit" Name = "submitcourse" VALUE = "add course">
</form>
 
<?Php
 
}
else
{
 
 
?>
 
 
<a href="<?php $_SERVER[';PHP_SELF';] ?>?add=1">Add a new course</a><br />
 
<?Php
 
 
}
?>
 
<table width="50%" border="1" cellspacing="0" cellpadding="0">
<?php
 
/*-----retrieving data from course table-----*/
 
$querycourse=';SELECT * FROM course ORDER BY cid DESC';;
$result=mysql_query($querycourse,$dbmysql);
 
while($row=mysql_fetch_assoc($result))
{
 
 
 
?>
  <tr>
 
    <td><?php echo $row[';cname';]?></td>
    <td><a href="<?php $_SERVER[';PHP_SELF';].';?delete_id=';.$row[';cid';]?>">Delete</a></td>
    <td><a href="<?php $_SERVER[';PHP_SELF';] ?>?edit_id=.$row[';cid';]">Edit</a></td>
  </tr>
<?php
}
?>
</table>

@Absolom

To output information to the html stream you need to print or echo it to the stream

Language: PHP
<td><a href="<?php $_SERVER[';PHP_SELF';].';?delete_id=';.$row[';cid';]?>">Delete</a></td>
    <td><a href="<?php $_SERVER[';PHP_SELF';] ?>?edit_id=.$row[';cid';]">Edit</a></td>

will need to change to

Language: PHP
<td><a href="<?php echo $_SERVER[';PHP_SELF';].';?delete_id=';.$row[';cid';]?>">Delete</a></td>
    <td><a href="<?php echo $_SERVER[';PHP_SELF';] ?>?edit_id=.$row[';cid';]">Edit</a></td>

To confirm if the link is correct you can view the source of the page in the browser. Look for the link and confirm if the href value is filled in. I use Firebug in firefox to inspect the html as it is generated.

--

Student Number: 7298-786-3

Mac, if we remove the default 0 (year field) in our database's course_student table would that be against the rules?

A word to the wise ain't necessary - it's the stupid ones that need the advice.
Student Number:72793775

Cheers all.

This is me done. Away from tomorrow until May 16 so this is as much as I can do. Good luck!

Very sharp @wsbraun - you guys amaze me with how quickly you pick little rules up. That said, I am a great believer in echoing everything (including html) on single lines - then you do not have to worry about rules But there is a speed issue with echoing large blocks of HTML. Then there is the issue of echoing with single versus double quotes (the latter gets parsed/interpreted by the server taking longer, so that is where concatenation comes in). There are arguments against it. Your choice. Google for "PHP best coding practices". Lots to learn e.g http://www.hm2k.com/posts/50-php-optimisation-tips-revisited

@wsbraun, dude you're good, thanks so much for the tip, it's funny how such a small thing as echo can make everything stop, thanks Dr Mac for the tip on echoing everything, this has to be the bsst short course I have ever done, welldone Dr Mac, armed with this I think I can finish off this project soon.

There are some changes I would like to make to the database (too bad we can't ) but I've managed to find alternative solutions to the problems I came across.
I have listed all those changes in the logic.txt file that I'll email with the project.

Dr Mac below is my code when I try to add a new item is just adds blank and does not show show what I typed what I am doing wrong?

Language: PHP
<?php
/*------includes for connection to database-----*/
include(';includes/config.php';);
 
/*------includes for functions-----*/
include(';includes/functions.php';);
?>
| <a href="student_reg.php">Register a student</a> | <a href="course_man.php">Manage courses</a> | <a href="student_man.php">Manage students</a> | <a href="list.php">View registrations</a><br />
 
 
<!--checking if add link has been clicked or edit link has been clicked-->
 
<?Php
 
 
/*-----checking if course button has been clicked and form validation-----*/
 
if (isset($_POST[';submitcourse';])) {
 
 
 
if($_POST[';$course_id';]>0) {
 
	//update record
 
$querycourse=';UPDATE course SET
	cname="';.$course.';"
    WHERE cid="';.$_POST[';$course_id';].';"
	';;
 
	echo $querycourse;
	exit;
 
}
else
{
 
	/*-----inserting data into the database-----*/
$querycourse=';INSERT INTO course(cname
       )VALUES(
       "';.$course.';"
         )';;
 
	if(!mysql_query($querycourse,$dbmysql)){
		echo mysql_error();
		exit;
 
	}
 
/*-----to avoid records from duplicating after insertion-----*/
	header(';Location: ';.$_SERVER[';PHP_SELF';]);
	exit;
 
 
 
}
 
 
}
 
 
 
	if(isset($_GET[';add';]) || isset($_GET[';edit_id';]) )
 
 
/*--setting up to show the data in the form------*/
	{
/*-----set default values for adding data-----*/
	$course_id=0;
	$course=';';;
 
 
	if(isset($_GET[';edit_id';]) )
 
	{
		$query=';SELECT * FROM course WHERE cid = ';.$_GET[';edit_id';];
		$result=mysql_query($query,$dbmysql);
		$row=mysql_fetch_assoc($result);
 
		$course_id=$row[';cid';];
		$course=$row[';cname';];
 
	}
 
?>
 
<!--forms is below-->
 
<form name="addcourse" action="course_man.php" method="POST">
 
 
<INPUT TYPE = "hidden" VALUE ="<?PHP echo $course_id ; ?>" NAME = "course_id">
 
 
Course name : <INPUT TYPE = "Text" VALUE ="<?PHP echo $course ; ?>" NAME = "coursename"><br />
<br />
 
<INPUT TYPE = "Submit" Name = "submitcourse" VALUE = "add course">
</form>
 
<?Php
 
}
else
{
 
 
?>
 
 
<a href="<?php $_SERVER[';PHP_SELF';] ?>?add=1">Add a new course</a><br />
 
<?Php
 
 
}
?>
 
<table width="50%" border="1" cellspacing="0" cellpadding="0">
<?php
 
/*-----retrieving data from course table-----*/
 
$querycourse=';SELECT * FROM course ORDER BY cid DESC';;
$result=mysql_query($querycourse,$dbmysql);
 
while($row=mysql_fetch_assoc($result))
{
 
 
 
?>
  <tr>
 
    <td><?php echo $row[';cname';]?></td>
<td><a href="<?php echo $_SERVER[';PHP_SELF';].';?delete_id=';.$row[';cid';]?>">Delete</a></td>
    <td><a href="<?php echo $_SERVER[';PHP_SELF';].';?edit_id=';.$row[';cid';]?>">Edit</a></td>
  </tr>
<?php
}
?>
</table>

It is difficult to pick it up just by reading code. The best way to trace the error is to put test echo's in e.g.

Language: PHP
$submitcourse=$_POST[';submitcourse';]; 
$course_id=$_POST[';$course_id';];
echo "submitcourse=$submitcourse $course_id=$course_id"; // do a check to see if it was received from the form
 
if (isset($_POST[';submitcourse';])) {
 
  echo "yes"; //check to see if the if statement is true
 
if($_POST[';$course_id';]>0) { // you should be combining this and the above e.g. if( $isset($_POST[';submitcourse';]) && $_POST[';$course_id';]>0 )) { do update
 
	//update record
 
$querycourse=';UPDATE course SET cname="';.$course.';"    WHERE cid="';.$_POST[';$course_id';].';" ';;  
	echo $querycourse;
	exit;

This way you can check if the variables are there and what direction is taken. I still beleive in the old fashioned way on inserting

Language: PHP
$querycourse="INSERT INTO course VALUES ('; ';, $course';)";

using ' ' for the cid.

hi guys last minutes touch ups...

please help emailing back to student, i think its the mailing config hav to make sure though
look at the simple code below
***************************************
<?php


$sent = mail("1divava@gmail.com", "registration", "We hereby confirm your registration with us!";
if($sent){
echo "email is sent";
}
else {
echo "email send failed";
}
?>
******************************************
wen opening the browser it confirms "email is sent" but nothing in my email did this yesterday no mail yet....
what can i do ?