07/14/00 "Admin user interface:
creating dynamic dropdown lists in mySQL" 
[next]PHP Diary
| scriptschool.com | PHP Scripts | TD Scripts.com 07/14/00 "Admin user interface:
creating dynamic dropdown lists in mySQL" [next]Don't forget the LIVE tech radio show today and EVERY Friday at 2pm PST :)
You can help the fight against nerd persecution and promote our weekly shows on the technical side of the net by putting up our realtime countdown box (it is served from our servers) at http://www.scriptschool.com/recip.phtml and is good illustration of blending PHP and JavaScript to create a realtime application. No matter what timezone you are in, the countdown will be accurate. You can also visit our LIVE chat to come and discuss PHP any time you want. Sometimes I am there and I'll chat with you if I'm not busy. You can visit the java chat by visiting http://www.scriptschool.com/commons/
We're adding a new weekly feature to our weekly tech radio show called the php diary and help forum recap which will review the week of diary lessons here and provide a bit more insight than what was provided as well as the occasional glimpse of what's coming in the future to our sites. Of special note:
For those who don't want to telnet in to create new users ... create a browser-based admin area
Yesterday I shared with you how to create a page by page user login system using a mySQL database. If the user wasn't in the mySQL database then he/she wasn't allowed to view the contents of your page. Today we're going to build a basic admin interface to allow you to add and delete users from the browser instead of having to Telnet into the mySQL monitor and do it manually. If you need help with how to log into the mySQL monitor then see the diary entry on connecting to mySQL.
Let's review the php code from yesterday of inserting new users into our already created login table.
<script language="php">
$query = "INSERT into login VALUES ( ";
$query .= "0, SYSDATE(), '$username', '$password' )";
mysql_query($query, $mysql_link);
</script>
For the sake of simplicity here, I'm going to assume you would put the script we are building in an admin protected directory. You can use script protection by visiting my prior article in January on creating a script-based protection scheme. I'll leave that part to you to add, but don't put this type of script in an unprotected area or anybody that knows the url can add themselves to your username/password database :)
IMPORTANT NOTE: I try to present concepts in these diary entries to show you useful code but I would never suggest that anyone take the code AS IS and plug it into public application today. All scripts I use (or would use) are modified and various security features have been added and updated. To repeatedly hammer this security coding into every example would be laborious, resource-intensive and example overkil (I will focus on security in some diary entries and where applicable I will show you techniques you can employ), but suffice to say if you don't add these security features to your PHP scripts you will leave gaping holes. A perfect example of this is yesterday where we pass the user login and password directly to the mySQL database without checking the data first (did you see my comment in the code that says "check the user submitted data before passing to mysql"? You would want to replace that comment with such a security routine). Why didn't I show you the security code first? Because I'm doing the one thing they tell you never to do, I'm assuming you realize that you MUST ALWAYS check user submitted data to make sure it looks like it is supposed to look before passing to a file system or database. You have been warned ... nicely, of course :)
The HTML Form that drives the admin script
The admin script will call itself similarly to the script in yesterday's diary entry so that we don't need to have 2 or 3 separate scripts. Oddly enough the last section of code is really the first step. We first design of the form we are going to use in HTML. This is where I like to use editors because I can open up Front Page or another fancy editor and then quickly create a new page and insert the forms where I want. Then view the source and take out the garbage the Front Page adds (like the web bot calls in the form action area for example). Then I can cut and paste the code to my working admin.phtml script.
<html><script language="php">
// INSERT a dropdown list with all valid usernames in the database
</script>
</select>
<input type="submit" value="Delete User">
</p>
</center></div>
</form>
</body>
</html>
Creating branches of code to accomplish multiple activites within the same script
Note the hidden form tags I've added to flag the script of what we are doing. Using hidden form tags you can create branches in your code to do many different things based on the value of the hidden form. This makes it so you can have one self-contained admin area instead of needing multiple scripts. This makes it easier to modify one script instead of multiple ones.
Creating a dynamic drop down list
You'll see the green area of code is where we will be adding the dynamic drop down list of usernames in the database. The form itself is pretty standard with a text box to add users and passwords at the top and the box to delete members at the bottom. Let's make the query to the database to get all the users out and then present them as options in the dropdown (select) list.
<script language="php">
$query = "SELECT user FROM login ";
$result = mysql_query($query, $mysql_link);
if(mysql_num_rows($result)) {
// we have at least one user, so show all
users as options in select form
while($row = mysql_fetch_row($result))
{
print("<option
value=\"$row[0]\">$row[0]</option>");
}
} else {
print("<option value=\"\">No
users created yet</option>");
}
</script>
Again you see how we used mysql_num_rows to determine if there were any results and then the PHP myql_fetch_row function is used to pull each consecutive row of data, if users exist in the table. We use a while to loop through the reseults until we reach the last row and the function returns false. Then we simply print the option value that makes up each separate element in the dropdown list. In our next diary entry we'll create the first section of admin.phtml code that actually adds and deletes users and complete this script.
Please vote on the usefulness of this diary entry so other people will know if it is worth their time to read :)
[back] 07/14/00 "Admin user interface:
creating dynamic dropdown lists in mySQL" [next]
PHP Diary | scriptschool.com | PHP Scripts | TD Scripts.com
Copyright 2000 php-scripts.com Last Modified 07/19/00 12:21