Page 1 of 1

My custom built books manager

Posted: Wed Jul 30, 2008 1:59 pm
by matthewcl375
NOTE: I custom built this app for MY own use and not to be distributed to others - the source code reflects this:

As many of the processor scripts in my app look the same, i am just posting one script - the book adding script - up here for criticism and checking.

form_processor.php

Code: Select all

<?php
 
include 'config.php';
 
$id = $_POST['id'];
$location = $_POST['location'];
$title = $_POST['title'];
$author = $_POST['author'];
$subject = $_POST['subject'];
$isbn = $_POST['isbn'];
 
//open database connection
$connection = mysql_connect($host, $user, $pass) or die ('Unable to connect!');
 
//select database
mysql_select_db($database) or die ('Unable to select database!');
 
//generate and execute query
$query = "INSERT INTO `library`.`books` (`ID`, `Location`, `Title`, `Author`, `Subject`, `ISBN`) VALUES ('$id', '$location', '$title', '$author', '$subject', '$isbn')";
 
$result = mysql_query($query) or die ('Error in query: ' . $query);
 
//print result
echo 'New record added succesfully!';
echo '<br>';
echo "<a href='test1.php'>Return >></a>";
 
//close database connection
mysql_close($connection);
 
?>
Thanks for any (constructive) criticism and reviewing!

Re: My custom built books manager

Posted: Wed Jul 30, 2008 2:23 pm
by Christopher
matthewcl375 wrote:NOTE: I custom built this app for MY own use and not to be distributed to others - the source code reflects this:
I don't see the source code having any license or restrictions with it. If the code you posted above cannot be used by others, then it would probably be better to remove it from this site. We do not delete old posts, so that code will be available for many years.

Re: My custom built books manager

Posted: Wed Jul 30, 2008 2:32 pm
by matthewcl375
The code above is allowed to be copied as it is only a part of my application. I will not be posting the whole code up on these forums.

I suppose i wrote that line a little wrongly. What i meant was that the APPLICATION was not to be distributed. I am not worried about whether this source code gets passed on or not.

Thanks for alerting me to this :wink:

Re: My custom built books manager

Posted: Sat Aug 16, 2008 12:48 pm
by Greenconure
I would probably change your query statement to the below snippet or something similar.
I would also add some verification of some sort (Only numbers for the ID/ISBN, Etc, etc)

Code: Select all

 
$query = sprintf("INSERT INTO `library`.`books` (`ID`, `Location`, `Title`, `Author`, `Subject`, `ISBN`) VALUES ('%s', '%s', '%s', '%s', '%s', '%s')",
mysql_real_escape_string($id),
mysql_real_escape_string($location),
mysql_real_escape_string($title),
mysql_real_escape_string($author)
mysql_real_escape_string($subject)
mysql_real_escape_string($isbn));
 

Re: My custom built books manager

Posted: Sat Aug 16, 2008 1:19 pm
by onion2k
If I was writing something to manage books I think I'd just get the user to enter the ISBN number (or better yet, buy a cheap barcode scanner and scan it) and then I'd use a web service like isbndb.com or Amazon to fetch the details from the net. Much easier for the user.

For example, the ISBNDB API - http://isbndb.com/docs/api/