Page 7 of 7

Re: Mixing php and html

Posted: Mon Apr 02, 2012 5:14 pm
by Pavilion
Hello Celauran:

Well I just completed the conversion of all my active php files to php PDO. I will spare you the script of all the php files. But.. am included the script for my profile edit page for two reasons.
  • Firstly - is my syntax for the PDO portions appropriate, or do I need to revise
  • Also Profile.php is the closest I've come to writing an entire page from the lessons I've learned here. I just wanted to run it by you and find out if you think my page construction is on track.
Following is the script for profile.php

Code: Select all

<?php
session_start();
// include database connection file, if connection doesn't work the include file will throw an error message
include '../####/include/db_connect.php';
	
if(!isset($_SESSION['user_id'])){
header("Location: login.php");
}
if (!empty($_POST)) 
{ // This tests to make sure form is submitted before error handling. Without this check, error messages will appear on simply opening the page because defaults don't fill in BEFORE script runs.

// ___________________________________________________________________________________________________________//
// Error handling routine. 
$errors = array(); //Declare an Array to store any error message. As php process the following "if" statement, true results are added to the $errors array.

    $email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
    if (!$email)
    {
        $errors['email'] = "Not a valid email address.";
    }
    if (!$_POST['fname']) // If NOT $_POST - again exclamation point is "not" in php.
    {
        $errors['fname'] = "First name cannot be empty.";
    }
    if (!$_POST['lname'])
    {
        $errors['lname'] = "Last name cannot be empty.";
	}

// Error handling is complete. 
// ___________________________________________________________________________________________________________//
// Clean phone numbers and apply variables before updating table. Start with desk phone.
$raw_dphone = trim($_POST['dphone']);

if (!$raw_dphone)
{
	$d_phone = NULL;
}
	else
	{
	$dphone_replaced = preg_replace('/[^0-9]/', '', $raw_dphone); // takes out all characters except numbers.
		if (strlen($dphone_replaced) == 10)
		{
		$d_phone = '(' . substr($dphone_replaced, 0, 3) . ') ' . substr($dphone_replaced, 3, 3) . '-' . substr($dphone_replaced, 6);
		}
		else
		{
		$errors['dphone'] = $raw_dphone . " is not a valid phone number, please include area code.";
		}
	}

// Now clean cell phone and assign to a variable for updating table.
$raw_cell = trim($_POST['cell']);

if (!$raw_cell)
{
	$cell = NULL;
}
	else
	{
	$cell_replaced = preg_replace('/[^0-9]/', '', $raw_cell); // takes out all characters except numbers.
		if (strlen($cell_replaced) == 10)
		{
		$cell = '(' . substr($cell_replaced, 0, 3) . ') ' . substr($cell_replaced, 3, 3) . '-' . substr($cell_replaced, 6);
		}
		else
		{
		$errors['cell'] = $raw_cell . " is not a valid cell phone number, please include area code.";
		}
	}
// Next declare remaining variables from $_POST data and run update query.
// ___________________________________________________________________________________________________________//

if (empty($errors)) // if empty $errors then proceed.
{
	$user = $_SESSION['user_id'];
    $fname = trim($_POST['fname']);
    $lname = trim($_POST['lname']);
    $title = trim($_POST['title']);
    $ext = trim($_POST['ext']);
	
	### PDO Compliant try block with sql statement. 
	try 
	{
	// Update table user record. 
	$update_profile = 'UPDATE UserTbl
	SET UserTbl.FName = :fname, UserTbl.LName = :lname, UserTbl.EmailAddress = :email, UserTbl.Title = :title, UserTbl.DeskPhone = :d_phone, UserTbl.Ext = :ext, UserTbl.CellPhone = :cell
	WHERE UserTbl.user_id=:user;';
	
		$prep = $link->prepare($update_profile);
		$prep->execute(array(':fname'=>$fname,  
			':lname'=>$lname,
			':email'=>$email,
			':title'=>$title,
			':d_phone'=>$d_phone,
			':ext'=>$ext,
			':cell'=>$cell,
			':user'=>$user,
		));
			// Print a customized message:
			if ($prep){
			$success = 'Your records have been updated.';
			}
	}
		// This block throws an error message if something goes wrong. PDO uses "exceoptions" to handle errors.
		catch(PDOException $e)
		{
		echo "For some reason your record could not be updated, please contact the administrator. <br />";

		// The following echo will return php generated message. Use for stepping through an error.
		/// echo $e->getMessage();
		}
	### End PDO Complian try block.
	
	if (empty($errors)) // If errors are empty - then reassign new values to $_SESSION.
	{
		$_SESSION['fname'] = $fname;
		$_SESSION['lname'] = $lname;
		$_SESSION['email'] = $email;
		$_SESSION['title'] = $title;
		$_SESSION['deskphone'] = $d_phone;
		$_SESSION['ext'] = $ext;
		$_SESSION['cell'] = $cell;
	}
}
}			
?>
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="content-type" content="text/html; charset=utf-8" />
        <title>Switchboard</title>
        <link rel="stylesheet" type="text/css" href="../###/include/formats.css"/>
    </head>
    <body>
	<div class="shadow"><div class="header"></div></div>
        <div class="shadow">
        <?php
        include '../###/include/menu.php';
        ?>
        </div>
	<h1>Welcome to your Switchboard, <?php echo $_SESSION['fname'];?>.</h1><br />
	<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
		<fieldset id="standardForm">
		<div class="headingbx">
		<?php if (isset($success))
		echo $success;
		else
		echo "Edit Your Profile Here.";?>
		</div><br />
			<div id="standFormLeft">               
				<label>First Name</label>
				<input tabindex="1" type="text" name="fname" value="<?php echo isset($_SESSION['fname']) ? $_SESSION['fname'] : ''; ?>" /><br />
				<label>Last Name</label>
				<input tabindex="2" type="text" name="lname" value="<?php echo isset($_SESSION['lname']) ? $_SESSION['lname'] : ''; ?>" /><br />
				<label>Email Address</label>
				<input tabindex="3" type="email" name="email" value="<?php echo isset($_SESSION['email']) ? $_SESSION['email'] : ''; ?>" /><br />
				<label>Job Title</label>
				<input tabindex="3.5" type="text" name="title" value="<?php echo isset($_SESSION['title']) ? $_SESSION['title'] : ''; ?>" /><br />				
			</div>
			<div id="standFormRight">               
				<label>Desk Phone</label>
				<input tabindex="4" type="tel" name="dphone" value="<?php echo isset($_SESSION['deskphone']) ? $_SESSION['deskphone'] : ''; ?>" /><br />
				<label>Ext</label>
				<input tabindex="5" type="tel" name="ext" value="<?php echo isset($_SESSION['ext']) ? $_SESSION['ext'] : ''; ?>" /><br />
				<label>Cell Phone</label>
				<input tabindex="6" type="tel" name="cell" value="<?php echo isset($_SESSION['cell']) ? $_SESSION['cell'] : ''; ?>" /><br />
			</div>
				<input tabindex="7" type="submit" value="Submit" />	<br />

		<?php if (!empty($errors)): ?>
		<div class="headingbx">		
		<p class="error">The following errors were detected:</p>
		<ul class="error">
			<?php if (isset($errors['fname'])): ?>
			<li><?php echo $errors['fname']; ?></li>
			<?php endif; ?>

			<?php if (isset($errors['lname'])): ?>
			<li><?php echo $errors['lname']; ?></li>
			<?php endif; ?>

			<?php if (isset($errors['email'])): ?>
			<li><?php echo $errors['email']; ?></li>
			<?php endif; ?>
			
			<?php if (isset($errors['dphone'])): ?>
			<li><?php echo $errors['dphone']; ?></li>
			<?php endif; ?>

			<?php if (isset($errors['cell'])): ?>
			<li><?php echo $errors['cell']; ?></li>
			<?php endif; ?>
		</ul>
		</div>
		<?php endif; ?>
		</fieldset>
	</form>
	</body>
</html>
Thank you again for all the help and advice you've provided. I feel as though I'm finally getting a handle on all of this.

Pavilion

Re: Mixing php and html

Posted: Mon Apr 02, 2012 7:47 pm
by Celauran
Looks good.