Website Development Database Issues. : Customer browser request service access page interpret set...
-
date post
19-Dec-2015 -
Category
Documents
-
view
219 -
download
1
Transcript of Website Development Database Issues. : Customer browser request service access page interpret set...
: Customer browser
request service
access page
interpretset data
present html
return html
get data
get data
databasescripting language
web server
Reminder of the general process
Two Tables
CREATE TABLE forum_topics
(topic_id int NOT NULL
AUTO_INCREMENT, PRIMARY KEY(topic_id),topic_title varchar(150),topic_create_time datetime,topic_owner varchar (150));
CREATE TABLE forum_posts
(post_id int NOT NULL
AUTO_INCREMENT, PRIMARY KEY(post_id),topic_id int not null,post_text text, post_create_time datetime,post_owner varchar (150));
Test
The Northwind Database
• Would be a very good database for an example e:commerce application
• Better if it were implemented in MySQL
• We can “reverse engineer” an entity model from the database using Visio.
Categories
PK CategoryID
CategoryName Description Picture
Shippers
PK ShipperID
CompanyName Phone
Order Details
PK,FK1 OrderIDPK,FK2 ProductID
UnitPrice Quantity Discount
Customers
PK CustomerID
CompanyName ContactName ContactTitle Address City Region PostalCode Country Phone Fax
Suppliers
PK SupplierID
CompanyName ContactName ContactTitle Address City Region PostalCode Country Phone Fax HomePage
Orders
PK OrderID
FK1 CustomerIDFK2 EmployeeID OrderDate RequiredDate ShippedDateFK3 ShipVia Freight ShipName ShipAddress ShipCity ShipRegion ShipPostalCode ShipCountry
Employees
PK EmployeeID
LastName FirstName Title TitleOfCourtesy BirthDate HireDate Address City Region PostalCode Country HomePhone Extension Photo Notes ReportsTo
Products
PK ProductID
ProductNameFK2 SupplierIDFK1 CategoryID QuantityPerUnit UnitPrice UnitsInStock UnitsOnOrder ReorderLevel Discontinued
Northwind Database Design
Suppliers
PK SupplierID
CompanyName ContactName ContactTitle Address City Region PostalCode Country Phone Fax HomePage
Categories
PK CategoryID
CategoryName Description Picture
Suppliers
PK SupplierID
CompanyName ContactName ContactTitle Address City Region PostalCode Country Phone Fax HomePage
Products
PK ProductID
ProductNameFK2 SupplierIDFK1 CategoryID QuantityPerUnit UnitPrice UnitsInStock UnitsOnOrder ReorderLevel Discontinued
How can we get from that to…
•A working online ordering system
•An administrative system for the online ordering system
“Skeleton” Functionality
Registration of usersLogging inAdmin and normal rightsAdding productsNavigationAdding to shopping basketOrderingViewing usersViewing ordersViewing baskets
<FORM METHOD="POST" ACTION="saveUser.php"><P><b>Registration</b></P>
<TABLE><TR>
<TD ALIGN="right"><em>User Name</em></TD><TD> <INPUT TYPE=TEXT NAME="UserName" SIZE=16 MAXLENGTH=16> </TD>
</TR><TR>
<TD ALIGN="right"><EM>Password</EM></TD><TD><INPUT TYPE=PASSWORD NAME="Password" SIZE=16 MAXLENGTH=16></TD>
</TR></TABLE><INPUT TYPE=SUBMIT VALUE="Submit Form"><INPUT TYPE=RESET VALUE="Reset Form">
</FORM>
Registering register.htm
What do we need to do now?
• Check to see if anyone has used that password already.
• If not add the new user to our table of registered users.
• This is dealt with in saveUser.php
$query = "SELECT PASSWORD FROM $table_users WHERE USERNAME = \"$UserName\"";
$result=mysql_query($query);
if (mysql_num_rows($result) > 1) {echo("Someone has already used that username<br>");include('register.htm');exit();
};
$query = "INSERT INTO $table_users SETUSERNAME = \"$UserName\",PASSWORD = \"$Password\"";
$result=mysql_query($query);
if ($result) { include('loginForm.htm');
};
Adding user record saveUser.php
What next?
• Once a user has registered we get them to log in using the standard login form.
• This is loginForm.htm
<FORM METHOD="POST" ACTION="login.php"><P><b>Log in</b></P><TABLE> <TR> <TD ALIGN="right"> <em>User Name</em></TD> <TD><INPUT TYPE=TEXT NAME="UserName" SIZE=16 MAXLENGTH=16></TD> </TR>
<TR><TD ALIGN="right"><EM>Password</EM></TD><TD><INPUT TYPE=PASSWORD NAME="Password" SIZE=16 MAXLENGTH=16></TD>
</TR></TABLE><INPUT TYPE=SUBMIT VALUE="Submit Form"><INPUT TYPE=RESET VALUE="Reset Form">
</FORM>
Logging in loginForm.htm
What next?
• This is the standard login form for registered users• We now need to find the username in our database
and check that the password matches the one we have on record.
• This is done in loginCheck.php• Save the username and password in a cookie so
we can remember it for future checks that the user has logged in
<?php setcookie("User", $UserName); ?><?php setcookie("Pword", $Password); ?><html><head></head><body>
<p><?php
$User=$UserName; $Pword = $Password;include('loginCheck.php');include('welcome.php');
?></body></html>
Logging in login.php
$query = "SELECT PASSWORD FROM $table_users WHERE USERNAME = \"$User\"";
$result=mysql_query($query);if (mysql_num_rows($result) == 0) {
echo("Not registered<br>");include('register.htm');exit();
};if (mysql_num_rows($result) > 1) {
echo("Multiple registration - contact the web master<br>");exit();
};
$row = mysql_fetch_row($result);
if ($row[0] <> $Pword) {echo("Wrong Password");include('loginForm.htm');exit();
};
Checking the log in loginCheck.php
What next?
• Now the user can do stuff
• Add comments to your Guestbook
• Buy things from Northwind etc.
Page Structures
Most of the php pages we have created have
had the following structure.
• Connect to the database
• Create some kind of query
• Execute the query
• Display the result.
General format of pages for an e:commerce application:
Check that the user is logged in and valid
Provide the page, pushing code into hidden functions where possible
Display navigation
<b>Order form</b><p>
<?php include('loginCheck.php'); ?>
<?php chooser();
include('navigation.php');
?></p>
Choosing products chooseProduct.php
<b>Shopping Basket</b>
<?php include('loginCheck.php');
showBasket();
include('navigation.php');?>
Showing the basket showBasket.php
<?php include('loginCheck.php');
$dbcnx = myConnect();$query = "SELECT $table_basket.PROD_ID, $table_basket.CUST_ID, QUANTITY
FROM $table_basket, $table_usersWHERE $table_basket.CUST_ID = $table_users.CUST_IDAND $table_users.USERNAME = \"$User\"";
$result=mysql_query($query);if (! $result) printf ("Error: %s<br>", mysql_error ());
for ($i = 0; $i < mysql_num_rows ($result); $i++) {$row = mysql_fetch_row($result);$cust_id = $row[1];$query = "INSERT INTO $table_order SET PROD_ID =".$row[0].
", QUANTITY = ".$row[2].", CUST_ID = ".$row[1].", DAY = ".date("Ymd");$result2=mysql_query($query);if (! $result2) printf ("Error: %s<br>", mysql_error ());
};
if (mysql_num_rows ($result)>0) {$query = "DELETE FROM $table_basket
WHERE $table_basket.CUST_ID = $cust_id";$result=mysql_query($query);if (! $result) printf ("Error: %s<br>", mysql_error ());
};
echo("ORDER SUBMITTED");include('navigation.php');?>
Submitting an order - example of detailed code submitOrder.php
<?php include('loginCheck.php'); ?>
<?php viewTable($table_products, "");
addToTable($table_products,"prodEdit.php");
include('navigation.php'); ?>
Editing the product table prodEdit.php
<table border=1><td><a href="chooseProduct.php">Choose Product </a><td><a href="showBasket.php">Show Basket </a><td><a href="submitOrder.php">Submit Order</a><td><?php if ($User == "ADMIN") { ?><td><a href="prodEdit.php">Add Product </a><td><a href="allBaskets.php">All Baskets </a><td><a href="allUsers.php”>All Users </a><td><a href="allOrders.php">All Orders </a><td><a href="dbCREATE.php">Zap Database</a><?php }; ?><td><a href="showOrders.php">Show Orders</a><td><a href="loginForm.htm">login</a></table>
Navigation and selective functionality navigation.php