Creating a website in Dreamweaver using MySQL and PHP

[ClareJonsson]

I think I might have misled you on my last post - I realise that you don't create pages using PHP as a scripting language, PHP is a script which can be run inside a HTML page to change the data displayed on the HTML page that is shown to the browser, correct?

 

 

 

Ta, I worked through something like that this morning, covering the basics, arrays, loops, and variables. Some of it went over my head, but that one explained some parts clearer.

 

 

 

I'm curious as to whether a 'POST' can be given by two values. For example, if you had two fields in a table and wanted to combine them to create a single output. I know the usual POST script would be:

 

 

 

$quantity = $_POST['quantity'];

 

 

 

but could you do this?

 

 

 

$quantity = $_POST['quantity'.'item'];

 

 

 

Well you almost got it right. If you wanted to combine the output into a single variable (array) you could do something like this:

 

$quantity[0] = $_POST['quantity'];

$quantity[1] = $_POST['item'];

 

Or you can combine it into one line by doing the following:

 

$quantity = array($_POST['quantity'], $_POST['item']);

 

 

 

And to retrieve the data you would use:

 

echo $quantity[0]; //This echoes the quantity.

echo $quantity[1]; //This echoes the item.

 

If you don't want to use numbers and you would like to use something more meaningful, you could do the following complete with echoes:

 

$quantity = array("quantity" => $_POST['quantity'], "item" => $_POST['item']);



echo quantity["quantity"];

echo quantity["item"];

 

Now what if you wanted to load more than one record into the array, such as 2 items, each having their own quantities? Here's how:

 

$quantity[0] = array("quantity" => $_POST['quantity1'], "item" => $_POST['item1']);



$quantity[1] = array("quantity" => $_POST['quantity2'], "item" => $_POST['item2']);



echo quantity[0]["quantity"];

echo quantity[0]["item"];



echo quantity[1]["quantity"];

echo quantity[1]["item"];

 

Obviously the above code would more likely be used to pull items from a database and not from a form.

 

 

 

Bye for now,

 

Clare.

 

 

 

P.S. One point: Don't use POST variables throughout your code, grab the values at the beginning of the PHP and load them into standard variables.

 

POST should only be used to retrieve information from a form, i.e. what a user has typed into text fields or what options they have selected etc.

[Hobgoblin11]

Gotcha, so write something like:

 

 

 

$quantity = $_POST['quantity'];

$item = $_POST['item'];

 

 

 

at the top, and then whenever I want to display that value, use the variable:

 

 

 

echo $product;

or

echo $item;

 

 

 

Is that what you mean?

 

 

 

Going back to what you said about stripping the tags on the previous page, presumably it is possible to strip tags from a POST command? For example, taking a user-entered value from a form and posting it to the database whilst stripping the tags? I don't know whether you would need to include it in the variable, like this:

 

$quantity = $_POST strip_tags['quantity']

 

Which just seems to create an error, or whether you define the variable as usual and then strip the tags when you run the variable, e.g.:

 

$quantity = $_POST['quantity']

strip_tags $quantity

 

 

 

but this creates an error as well (except the error is where the variable was run, not where it was defined).

 

 

 

Any ideas?

[____]

it would be

 

 

 

$qty = strip_tags($_POST['quantity']);

$item = strip_tags($_POST['item']);

 

 

 

 

 

 

 

Function calls require to used the standard bracket set ( and ) with any variables for the functions to be within them, seperated by commas.

 

 

 

 

 

you can look up any function you need on the php website:

 

http://www.php.net

 

 

 

and look up how to use it, what paramaters it takes, what it returns, etc.

 

it will soon be your best friend. and if in doubt - always google for what you are attempting to do and more often than not someone will have written a function for doing exactly that if it doesn't already exist within php as standard.

[ClareJonsson]

Okay, we now know how to use a function called strip_tags(). Now you may want to know that you can create your own function. Your own functions can be used over and over and are worth their weight in gold. What if you wanted to perform certain actions on a lot of strings, such as strip_tags and removing single and double quotes, you could write something like this:

 

$item='"Hello"';

$RemoveThese = array("'", '"', '\'); //sets up what to remove from string

$item=str_replace($RemoveThese, "", $item); //removes anything in the $RemoveThese array.

$item=strip_tags($item); //Strip all tags from $item

echo $item;

 

The output would be just Hello with the quotes and tags removed. But doing that for every string will be a pain. However, you could create your own function and call it instead of typing it in for each string check, I have named my new function stripy_string():

 

//Place the function at the top of the page.

function stripy_string($TheString = ""){ //This starts the function



$RemoveThese = array("'", '"', '\'); //sets up what to remove from string

$Output=str_replace($RemoveThese, "", $TheString); //removes anything in the $RemoveThese array.

$Output=strip_tags($Output); //Strip all tags from $Output

return $Output; //Returns the string $Output back to the main program



} // This ends the function



//Now we can use the function!



$item='"Hello"'; //setup $item variable for test

$quantity='"Byeeeee"'; //setup $quantity variable for test



echo stripy_string($item); //echoes the result of the function

$quantity=stripy_string($quantity); //Runs the function on $quantity, and assigns the output back to $quantity

echo $quantity;

[Hobgoblin11]

OK Clare, I think I understand that.

 

 

 

I'm trying to find a way to link tables - I've read about foreign keys and they seem to be the way to do it, but I'm not sure how to go about it. PHPMyAdmin doesn't appear to be able to set foreign keys and several places I've seen that foreign keys can only be set in InnoDB tables.

 

 

 

What I'm trying to do is this: I have a registration page set-up, after quite a lot of work, that inserts a users email address (after piecing it together from a user-entered email prefix and an email domain taken from a drop down menu),their name and their encrypted password into a table called 'users', and also an encrypted, random confirmation code. It checks their email to ensure it is a unique entry (as this is what will be used to login), and emails them a confirmation link with the confirmation code as part of the URL, checks the URL code against the confirmation code in the database and if they match, it transfers all their information into a table called 'registered_users', deleting the entry from 'users', and sends them to 'userprofile.php'

 

 

 

I also have a login page that works properly, checking their username against the encrypted password, and if they match, it logs them in.

 

 

 

So, thats what I have so far. I've got a couple of questions though:

 

 

 

1. Should the script send the email if it is being run off localhost? I'm assuming not, but I just wanted to check. Is there any way of testing to see if the email actually gets sent, or can you only do that when it is hosted on a remote server? From what I can tell, it looks like it should work, but I'd like to check it, obviously.

 

 

 

2. I now want to create a page which allows the user to enter information about themselves into a table called 'userinfo'. However, I want this information to be linked to their login information in 'registered_users', so that the two records are associated with each other. How can i do this, and if it involves a foreign key, how do i set it?

 

 

 

3. I am currently trying to set a session variable in the login screen (in addition to the 'Usename' session variable), that holds the user_ID of the user that logs in. This is what I have so far (Username session variable has been set):

 

 

 

$Query = ("SELECT id FROM registered_users WHERE email='textfield'"); 



$Result_ID = mysql_query ($Query, $Conn); 

while ($list = mysql_fetch_array($Result_ID)) {

   $User_ID = "{$list['id']} 
";

} 



$_SESSION['User_ID'] = $User_ID;	

 

 

 

When I echo the session variable User_ID on the next page however, it comes up blank. After playing around a little, it seems that it is looking for 'textfield' in the actual database, rather than taking the user-entered value from the login form. How can I ask it to take the user-entered value rather than the literal term 'textfield'?

 

 

 

 

 

Thanks so much for all your help so far.

[ClareJonsson]

OK Two of the things you need to do:

 

1. In the registered_users table, create an int field called User_Ref that is the Primary Key, and set it to auto increment. What this does is, every time a record is created in the registered_users table, it automatically gets a new unique number.

 

 

 

2. Create the user_info table, and have one field also called User_Ref that has the same number as the User_Ref in the registered_users table. So anytime you need to check their details, you have a common unique number between the registered_users and user_info tables.

 

 

 

Or more simply, you could always forget the above and just add the extra fields to the registered_users table and leave the details blank until the user fill them in.

 

 

 

Regarding session variables, at the very top of the page do this:

 

<?php

session_start();

?>

 

This should be before anything else, even before all HTML.

 

session_start(); opens the session and should be at the top of all pages that use a session.

 

 

 

Regarding the email, you will probably have to setup the SMTP server, if you use an email client, look at what your SMTP server is set to. Note that down and open up the file c:\windows\php.ini and locate the SMTP section, edit it to reflect your SMTP server and your email address. It may look something like this:

 

[mail function]

; For Win32 only.

SMTP = smtp.MyISP.com ; for Win32 only

smtp_port = 25

sendmail_from= [email protected] ; for Win32 only

 

Don't forget to backup your php.ini file first just in case of accidents.

[Hobgoblin11]

OK Two of the things you need to do:

 

1. In the registered_users table, create an int field called User_Ref that is the Primary Key, and set it to auto increment. What this does is, every time a record is created in the registered_users table, it automatically gets a new unique number.

 

 

 

 

I thought about that, but then thought that if someone (user1) created and activated their account but then left before filling out userinfo, then someone else (user2) could come along and create an account, fill out the userinfo, and their userinfo would be given the User_Ref that User1 should have had, so the userid's would be out of sync. I think Ive got it sorted now though, I managed to create a session variable in the end (by defining 'textfield' as $loginuser and then entering $loginuser in the sql query), and now when the person enters their userinfo on the next page, it writes the session variable to the userinfo database. I've explained that in a confusing way but anyhoos, its sorted and it works!!!

 

 

 

Regarding the email, I've done what you suggested but it still doesn't send. Would it be helpful if I posted the code so you could have a look and see if anything's awry?

 

 

 

Thanks again to you and your seemingly endless knowledge of PHP :-P

[ClareJonsson]

 

 

 

Regarding the email, I've done what you suggested but it still doesn't send. Would it be helpful if I posted the code so you could have a look and see if anything's awry?

 

 

 

Thanks again to you and your seemingly endless knowledge of PHP :-P

 

 

 

Yes by all means post your email routine! But in the meantime, here's a simple email routine I sometimes use:

 

$from='[email protected]';

$headers  = "From: $from\r\n"; 

$headers .= "Content-type: text/html\r\n";

$to=$EmailAddress;

$subject='Place subject here';

$message='This is the message';



mail($to, $subject, $message, $headers);

 

 

 

By the way, have you figured out the difference between using single or double quotes yet, if not I can give you a quick run through as it's quite important.

[Hobgoblin11]

<?php

$to = $email;

//define the subject of the email

$subject = 'TheBigYearbook Confirmation Link';

//define the message to be sent. Each line should be separated with \n

$message="Your Confirmation link \r\n";

$message.="Click on this link to activate your account \r\n";

$message.="http://www.yourweb.com/confirm.php?passkey=$confirm_code";

//define the headers we want passed. Note that they are separated with \r\n

$headers = "From: [email protected]\r\nReply-To: [email protected]";

//send the email

$mail_sent = @mail( $to, $subject, $message, $headers );



?>

 

 

 

There's my email routine, as I said, I can't see anything wrong with it but the email just isn't sending. $email is taken from the script above.

 

 

 

No, I've realised that there is a difference obviously, but I've generally found out which one to use by trial and error! If you could explain it that would be great.

 

Cheers

[ClareJonsson]

It seems like your code is fine, but if you're still getting problems, try making a single page called testmail.php with just the email script on it. Also try using my example script.

 

 

 

One of the things that can stop emails from being sent is the SMTP settings are not correct in the c:\windows\php.ini file. If you're using localhost then you may need an SMTP client installed. Normally PHP would be installed on a server that already has an SMTP service installed.

 

Try setting your SMTP server to be the one your email client is set to use. So you're using the ISP as the relay instead of localhost. The only downside is if your ISP requires authentication then as far as I know PHP doesn't support SMTP authentication.

 

 

 

Okay, a quick lesson on quotes!

 

 

 

Single quotes uses the exact contents of the string contained by them, while double quotes parses the string replacing any variables and special characters. Here's an example:

 

$name='Fred';

echo "The name is $name!"; //echo using double quotes

 

The above would echo to the browser the following:

 

The name is Fred!

 

 

 

Doing the same with single quotes:

 

$name='Fred';

echo 'The name is $name!'; //echo using single quotes

 

The above would echo to the browser the following:

 

The name is $name!

 

It wouldn't replace $name with Fred as single quotes tells it to use the exact string. To get the single quote version to work you would do the following:

 

$name='Fred';

echo 'The name is ' . $name . '!'; 

 

Notice that I closed the string and then used a . to connect $name to it. A full stop is used to combine strings together.

 

 

 

Q. So which method is better? Isn't it easier to use double quotes all the time?

 

A. Using single quotes is better practice, the main reason is that every time you use double quotes, php looks through the string first in case there's something to replace. This takes time, and that's the point. Using the following:

 

echo 'The name is '.$name;

 

would run faster than using:

 

echo "The name is $name";

 

The output would be exactly the same but when you have a page that has hundreds of echoes in them, all those milliseconds all mount up making your pages slower to load.

 

This is called "Optimisation", or in this case 'Optimisation' :) . This is better for you as your pages will feel more slick, and better for the web server as it's likely to be running more than one php scipt at a time. Don't forget that you may have thousands or more requests for php pages on a server, and any optimisation of your code is always a good thing.

[Hobgoblin11]

Gotcha!! Used that several times today, cheers :thumbsup:

 

 

 

I'm trying to give my login script another condition at the moment. It currently stands at this:

 

 

 

    if (isset($_SESSION['PrevUrl']) && false) 

 $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];}

   header("Location: " . $MM_redirectLoginSuccess );

 }

 else {

   header("Location: ". $MM_redirectLoginFailed );

 }

 

 

 

,which was written by Dreamweaver. However, I want it to take into account a second condition: if login succeeds and an entry appears in the table 'userinfo' with the same ID as the session variable 'User_ID', then I want it to redirect to 'profile.php' instead, but if there is no entry in the table, I want it to run the login script as usual. I hope this is clear enough, I can't think of how else to explain it.

 

 

 

Basically it is so that if a user logs in for the first time and hasn't set their userinfo, it presents them with the page with the form to do that, but if they have set there userinfo, it will redirect them to profile.php.

 

 

 

I've been messing around for a few hours now but with no joy. Anything I try seems to either screw up the login script so login fails all the time, or produce an error.

[ClareJonsson]

You really are trying to over complicate things.

 

 

 

Start from scratch, create one user table with all the required fields about the user info etc. But add an additional field which is called AccountStatus. new users has the field set to New. Validated users has it set to Validated etc.... all you need to do is check one field to see if a user can access the site.

 

 

 

Forget about the new and registered thing, there's no point. You can do it all in one field, not only that, if someone was being an idiot, you can change their account to banned and stop them temp from access etc....

[Hobgoblin11]

Right you are. I've changed my scripts to run off one table.

 

 

 

On my userinfo form, I've included an upload image routine, so that each user can upload a picture. Part of the idea of the site is to display a lot of thumbnails on one page. To do this, I was initially going to user the uploaded images and resize them on the same page that they were displayed on, but then I wondered if that would put unnecessary strain on the server? Would it be better to resize the image and upload a thumbnail of it at the same time as I uploaded the larger image?

 

 

 

If it would be better to resize the image and upload it when I upload the main image, I need a bit of help. My main upload script runs from a form, and I can't figure out how to resize the image and upload a resized version of it at the same time.

 

 

 

Thanks a lot for your help.

[ClareJonsson]

If you upload a thumbnail and the full sized image then that is going to increase network bandwidth.

 

The better option would be to upload the full sized image (Which you're doing anyway) and then create the thumbnail.

[Hobgoblin11]

That saves a lot of wasted work, cheers!

[ClareJonsson]

That saves a lot of wasted work, cheers!

 

 

 

You're welcome, let me know how you get on :).

[Hobgoblin11]

I got my upload routine working perfectly, but i think I might have made a bit of a cockup with it. I followed a tutorial that explained how to upload images into a folder on the server. After doing this I then wrote a routine that inserted the location of that image into the users' row in the database, so that there is a way of identifying which image the user uploaded.

 

 

 

However, when I come to display the image, all i can find are tutorials that explain how to display images that are stored in a blob field in the database. Should I have uploaded the image to the database? If the way I've done it is OK, how do I display the image?

[ClareJonsson]

I got my upload routine working perfectly, but i think I might have made a bit of a cockup with it. I followed a tutorial that explained how to upload images into a folder on the server. After doing this I then wrote a routine that inserted the location of that image into the users' row in the database, so that there is a way of identifying which image the user uploaded.

 

 

 

However, when I come to display the image, all i can find are tutorials that explain how to display images that are stored in a blob field in the database. Should I have uploaded the image to the database? If the way I've done it is OK, how do I display the image?

 

 

 

Before I answer I need to know one thing, how many images per user are up-loadable? Are the images like avatars, or are they artwork? What I'm asking, is it likely that a user can upload many images?

[Hobgoblin11]

No, a user will only be allowed to upload a single image.

[ClareJonsson]

okey dokey, here's is how I would do it:

 

 

 

To start with, make sure every user has a unique identifier, I usually have a unique ID number using the auto increment method described earlier, but you could have a unique UserName instead.

 

 

 

Create a folder on the site and call it something like uploaded-images. When you upload an image, rename it to either the persons UserName, or to the unique ID number associated with their record in the database. So if you got a user called Fred, then rename the image to Fred.jpg or Fred.gif depending on the file extension. Save the same filename into the database.

 

 

 

when you need to display the image, lookup the filename in the database, load it into a variable called something like $UserImage and then you can display it in a browser by doing something like:

 

 

 

 

 

 

Notice I have inserted the PHP directly into the HTML.

 

 

 

Or you could do it like this:

 

 

 

<?php 

echo '';

?>

[Hobgoblin11]

Ha har!! Sorted, I had to rethink where I was placing my images, as it wasn't putting them where I expected.

 

 

 

Next job - resizing!! I can do it easily in HTML, by specifying the width I want, but the resized image is very jagged. Would it come out smoother if I resized it using PHP? (possibly using the gd library)? I would rather resize it using PHP, as I want to also use some effects, such as changing it to grayscale, inverting the colours etc.

 

 

 

How would I go about this? I've found a tutorial that shows how to transform a single image, but it gets the image using headers, so its no good to use on a page where you have other stuff going on. How do I get the image using PHP? I hope all this makes sense and I have the right end of the stick...

 

 

 

The tutorial I'm referring to is this one:

 

http://www.blizaga.com/tutorial/tutorial.php?id=4

[r2d2]

I hope you don't mind, I would like to suggest a few things that will save you many headaches in the near future:

 

 

 

don't use a code generator, make it all by hand. It seems pointless but the flaws of code generation are more trouble than they're worth.

 

 

 

learn the basics of PHP so you know what you're doing,

 

 

 

and instead of fussing with multiple entries for each user, assign all the values to an array, like user['name']= ['password']= etc., and just send that to the database, you say you know the basics of arrays and variables, so dissecting an array might be easier than multiple SQL queries.

 

 

 

just a thought.

[Hobgoblin11]

I'm starting to think the same way actually. I used DMX to begin with to write the login and registration pages, as that involved stuff that I hadn't learnt yet, but I'm writing pretty much all of the code myself now anyway. I'm still going to use Dreamweaver, but only because it has numbered lines, which are damn useful!

 

To be honest, I didn't realise how arrays could be used, I was pretty much just using variables, but now that you mention it, it is a helluva lot easier for fetching all of the data about a user, rather than fetching each bit seperately! Cheers

[Hobgoblin11]

So, any advice on the images?

[r2d2]

I'm starting to think the same way actually. I used DMX to begin with to write the login and registration pages, as that involved stuff that I hadn't learnt yet, but I'm writing pretty much all of the code myself now anyway. I'm still going to use Dreamweaver, but only because it has numbered lines, which are damn useful!

 

To be honest, I didn't realise how arrays could be used, I was pretty much just using variables, but now that you mention it, it is a helluva lot easier for fetching all of the data about a user, rather than fetching each bit seperately! Cheers

 

---

 

So, any advice on the images?

 

 

glad you think so. if you need any help with arrays or anything else feel free to ask me :

 

 

 

for the images, try:

 

<?php

define('UPLOAD_DIR', 'url');

//defines where to upload the pics, change url to whatever fits you  (must be preexisting)

move_uploaded_file($_FILES['image']['tmp_name'], UPLOAD_DIR.$_FILES['image']['name']

?>

 

if you don't know where the temp location/name is, use:

 

<?php

print_r($_FILES);

?>

 

on the same page as the upload form, right under it. it returns a nestled array, the

 tag helps keep the indents and enters to make it easier to read.

 

 

 

hope this helps!