Website Development

Database Issues

: Customer browser

request service

access page

interpretset data

present html

return html

get data

get data

databasescripting language

web server

Reminder of the general process

The Guestbook Database is a Bit Weedy

Two Tables

CREATE TABLE forum_topics

(topic_id int NOT NULL

AUTO_INCREMENT, PRIMARY KEY(topic_id),topic_title varchar(150),topic_create_time datetime,topic_owner varchar (150));

CREATE TABLE forum_posts

(post_id int NOT NULL

AUTO_INCREMENT, PRIMARY KEY(post_id),topic_id int not null,post_text text, post_create_time datetime,post_owner varchar (150));

Test

Remember this?

The Northwind Database

• Would be a very good database for an example e:commerce application

• Better if it were implemented in MySQL

• We can “reverse engineer” an entity model from the database using Visio.

Categories

PK CategoryID

CategoryName Description Picture

Shippers

PK ShipperID

CompanyName Phone

Order Details

PK,FK1 OrderIDPK,FK2 ProductID

UnitPrice Quantity Discount

Customers

PK CustomerID

CompanyName ContactName ContactTitle Address City Region PostalCode Country Phone Fax

Suppliers

PK SupplierID

CompanyName ContactName ContactTitle Address City Region PostalCode Country Phone Fax HomePage

Orders

PK OrderID

FK1 CustomerIDFK2 EmployeeID OrderDate RequiredDate ShippedDateFK3 ShipVia Freight ShipName ShipAddress ShipCity ShipRegion ShipPostalCode ShipCountry

Employees

PK EmployeeID

LastName FirstName Title TitleOfCourtesy BirthDate HireDate Address City Region PostalCode Country HomePhone Extension Photo Notes ReportsTo

Products

PK ProductID

ProductNameFK2 SupplierIDFK1 CategoryID QuantityPerUnit UnitPrice UnitsInStock UnitsOnOrder ReorderLevel Discontinued

Northwind Database Design

Forward engineering the model into MySQL

Categories

PK CategoryID

CategoryName Description Picture

Suppliers

PK SupplierID

CompanyName ContactName ContactTitle Address City Region PostalCode Country Phone Fax HomePage

Categories

PK CategoryID

CategoryName Description Picture

Suppliers

PK SupplierID

CompanyName ContactName ContactTitle Address City Region PostalCode Country Phone Fax HomePage

Products

PK ProductID

ProductNameFK2 SupplierIDFK1 CategoryID QuantityPerUnit UnitPrice UnitsInStock UnitsOnOrder ReorderLevel Discontinued

Let’s get some data in those tables

and so on…..

How can we get from that to…

•A working online ordering system

•An administrative system for the online ordering system

“Skeleton” Functionality

Registration of usersLogging inAdmin and normal rightsAdding productsNavigationAdding to shopping basketOrderingViewing usersViewing ordersViewing baskets

<FORM METHOD="POST" ACTION="saveUser.php"><P><b>Registration</b></P>

<TABLE><TR>

<TD ALIGN="right"><em>User Name</em></TD><TD> <INPUT TYPE=TEXT NAME="UserName" SIZE=16 MAXLENGTH=16> </TD>

</TR><TR>

<TD ALIGN="right"><EM>Password</EM></TD><TD><INPUT TYPE=PASSWORD NAME="Password" SIZE=16 MAXLENGTH=16></TD>

</TR></TABLE><INPUT TYPE=SUBMIT VALUE="Submit Form"><INPUT TYPE=RESET VALUE="Reset Form">

</FORM>

Registering register.htm

What do we need to do now?

• Check to see if anyone has used that password already.

• If not add the new user to our table of registered users.

• This is dealt with in saveUser.php

$query = "SELECT PASSWORD FROM $table_users WHERE USERNAME = \"$UserName\"";

$result=mysql_query($query);

if (mysql_num_rows($result) > 1) {echo("Someone has already used that username<br>");include('register.htm');exit();

};

$query = "INSERT INTO $table_users SETUSERNAME = \"$UserName\",PASSWORD = \"$Password\"";

$result=mysql_query($query);

if ($result) { include('loginForm.htm');

};

Adding user record saveUser.php

What next?

• Once a user has registered we get them to log in using the standard login form.

• This is loginForm.htm

<FORM METHOD="POST" ACTION="login.php"><P><b>Log in</b></P><TABLE> <TR> <TD ALIGN="right"> <em>User Name</em></TD> <TD><INPUT TYPE=TEXT NAME="UserName" SIZE=16 MAXLENGTH=16></TD> </TR>

<TR><TD ALIGN="right"><EM>Password</EM></TD><TD><INPUT TYPE=PASSWORD NAME="Password" SIZE=16 MAXLENGTH=16></TD>

</TR></TABLE><INPUT TYPE=SUBMIT VALUE="Submit Form"><INPUT TYPE=RESET VALUE="Reset Form">

</FORM>

Logging in loginForm.htm

What next?

• This is the standard login form for registered users• We now need to find the username in our database

and check that the password matches the one we have on record.

• This is done in loginCheck.php• Save the username and password in a cookie so

we can remember it for future checks that the user has logged in

<?php setcookie("User", $UserName); ?><?php setcookie("Pword", $Password); ?><html><head></head><body>

<p><?php

$User=$UserName; $Pword = $Password;include('loginCheck.php');include('welcome.php');

?></body></html>

Logging in login.php

$query = "SELECT PASSWORD FROM $table_users WHERE USERNAME = \"$User\"";

$result=mysql_query($query);if (mysql_num_rows($result) == 0) {

echo("Not registered<br>");include('register.htm');exit();

};if (mysql_num_rows($result) > 1) {

echo("Multiple registration - contact the web master<br>");exit();

};

$row = mysql_fetch_row($result);

if ($row[0] <> $Pword) {echo("Wrong Password");include('loginForm.htm');exit();

};

Checking the log in loginCheck.php

What next?

• Now the user can do stuff

• Add comments to your Guestbook

• Buy things from Northwind etc.

Page Structures

Most of the php pages we have created have

had the following structure.

• Connect to the database

• Create some kind of query

• Execute the query

• Display the result.

General format of pages for an e:commerce application:

Check that the user is logged in and valid

Provide the page, pushing code into hidden functions where possible

Display navigation

<b>Order form</b><p>

<?php include('loginCheck.php'); ?>

<?php chooser();

include('navigation.php');

?></p>

Choosing products chooseProduct.php

<b>Shopping Basket</b>

<?php include('loginCheck.php');

showBasket();

include('navigation.php');?>

Showing the basket showBasket.php

<?php include('loginCheck.php');

$dbcnx = myConnect();$query = "SELECT $table_basket.PROD_ID, $table_basket.CUST_ID, QUANTITY

FROM $table_basket, $table_usersWHERE $table_basket.CUST_ID = $table_users.CUST_IDAND $table_users.USERNAME = \"$User\"";

$result=mysql_query($query);if (! $result) printf ("Error: %s<br>", mysql_error ());

for ($i = 0; $i < mysql_num_rows ($result); $i++) {$row = mysql_fetch_row($result);$cust_id = $row[1];$query = "INSERT INTO $table_order SET PROD_ID =".$row[0].

", QUANTITY = ".$row[2].", CUST_ID = ".$row[1].", DAY = ".date("Ymd");$result2=mysql_query($query);if (! $result2) printf ("Error: %s<br>", mysql_error ());

};

if (mysql_num_rows ($result)>0) {$query = "DELETE FROM $table_basket

WHERE $table_basket.CUST_ID = $cust_id";$result=mysql_query($query);if (! $result) printf ("Error: %s<br>", mysql_error ());

};

echo("ORDER SUBMITTED");include('navigation.php');?>

Submitting an order - example of detailed code submitOrder.php

<?php include('loginCheck.php'); ?>

<?php viewTable($table_products, "");

addToTable($table_products,"prodEdit.php");

include('navigation.php'); ?>

Editing the product table prodEdit.php

<table border=1><td><a href="chooseProduct.php">Choose Product </a><td><a href="showBasket.php">Show Basket </a><td><a href="submitOrder.php">Submit Order</a><td><?php if ($User == "ADMIN") { ?><td><a href="prodEdit.php">Add Product </a><td><a href="allBaskets.php">All Baskets </a><td><a href="allUsers.php”>All Users </a><td><a href="allOrders.php">All Orders </a><td><a href="dbCREATE.php">Zap Database</a><?php }; ?><td><a href="showOrders.php">Show Orders</a><td><a href="loginForm.htm">login</a></table>

Navigation and selective functionality navigation.php

What’s Going On?

• We are beginning to develop a generic framework of php code for an e:commerce application

• You could “flesh out” this framework to work with a specific database

• Provided you are not frightened of php code!