I would also like to thank Ladd Hanson from the University of Texas at Austin who first introduced me to web database programming and gave me my first taste of PHP. I also want to thank those who read various parts of the book and made good suggestions. The second part of this title - "Using Open Source Tools" - defines the second goal of the book: to present a very exciting and powerful way to develop and distribute software.
INTRODUCTION
Program or Application - A means of creating and passing a user's request to a database and formatting its output in HTML. As mentioned earlier, one of the main goals of this book is to provide an introduction to open source tools. I conclude by showing you how to "program" the cooking of one of my favorite dishes: Shrimp Étouffée.
DATABASE BASICS
For example, SELECT * FROM patrons would fetch all fields from all records in patronstable. Stored procedures are pieces (modules) of programming code or SQL queries (or both) stored in the database for use by the database or applications. A good example of a primary key is the bibliographic record number (BR) in the MARC record.
SETUP AND
In this process, we will build a database that we can use in Chapter 5 to create reports and search pages. Before you create a database - to say nothing of the web pages that the database will generate - you need to understand how you want to use those pages, what data should populate the database and data to fulfill that purpose and where to find that data. You may also want to include email address, job title, type of position (civil service, faculty, administrative, etc.), or areas of expertise.
ADMINISTRATION
When preparing the list of data elements, you need to know a few things about each piece of data to be included in the database:2. In the first case, the database software may have a way for you to export it to a structured file for loading. SQL files - a series of SQL statements - in the form of INSERT statements - that can load the data into the database (see examples in the accompanying material download file).
ADDING A DATABASE You create a new database from this phpMy-Admin landing page by entering the name of the database—in this case, web_info—. We start by entering the name of the table that will contain the data in the Name edit box. To run a report, you need to create an account in the RDBMS that has permission to log into the database and run the desired query.
To set user permissions for this database, click on Home within phpMyAdmin and then click on the Privileges link in the right frame. We then select web_info, which causes the database to be loaded into the appropriate frame. In the next section, we'll take a look at some of the database administration tasks you'll need to take care of and show you how to do it.
Widely used in the field, especially in some of the conversion applications listed in the bibliography.
INTRODUCTORY PROGRAMMING
However, the bibliography provides a list of some of the most important tools and sites where you can obtain more information. We will now look at some of the techniques and concepts we use when we tell computers what to do. Note that I created the variables ($fat, $thickener, $liquid) by placing a dollar sign in front of the variable name.
Note that we are using a number as the index (array address, if you will) of the individual elements (or values) of the array. The $result_array[
In line 16 you get the temperature of the roux and continue with your if statements. In this case, the condition is to check the value by taking the temperature of the roux. Once it's even, that means all the liquid has been added and the sauce is made.
The bibliography also lists some websites where such applications can be found.
CREATING REPORTS
We use this comment style to explain subsections within the main sections of the page. Note that some departments in the department list have two words in their name. In the example above, $_GET is an array that contains all the information passed to the action page via the GET method.
This name here will be the name of the variable that will be passed to the action page. We use the name of the field (with the same capital letters) that will be searched. Because we need something to search for, at least one of the fields must have a value.
The program then iterates through the rest of the list of fields, adds an element to the $where_aryarray and adds 1 to . Within each of the four if areas, we check whether the field the user selected was location. For each parameter, we add the search element (either field='value'or the FULLTEXT formatted element) to the end of the $temp_where_strvariable.
One of the beauties of PHP is that you can step in and out of PHP blocks whenever you need to.
PROJECT DESIGN
Note that the same cannot be said for the other two items in the list, links (URL) and description. If it is a foreign key, enter the table and field name of the associated primary key (in the format Table.FieldName) in the Constraints column. We start by placing the name of the view - Subjects - in the first column, first row of the section.
We conclude by entering the name of the table into which we will insert it in the Table column. Next, we fill in the rest of the data for this table in the Views grid. This is because this is the value that will be placed in the corresponding foreign key field of the linked table.
If it is to be added to a field with a different name, that name will be given in the Notes cell. M uses the field, but not as defined in the view (the nature of the input is defined in the notes column). Once a record is fetched, we need to define how it participates in the editing process.
A full explanation of the grids is included in Grids.pdf in the download file with associated materials.
PROGRAMMING THE APPLICATION
Select the name of the table that contains the foreign key (in this case, websites) in the left frame of this interface. Select the Relationship View link (currently just after Print View and just below the Table Structure grid) in the right frame. Here we set it to CASCADE so that it will make the same changes to the foreign key field as were made to the primary key.
ADDING RECORDS The first scripts we will create will be to add subject records to the database. In the next line (49), we use the PHP mysql_query() function to send the query to the database. OPERATION OF RECORDS Once data is in the database, we need to be able to retrieve it in order to edit it.
For complete information about Write_Log(), please consult Functions_Guide.pdf in the companion material download file. Include in alphabetical_list?—the prompt to display in the form alphabetical_list—the names= variable to pass to the action page. We can now use the value in the Insert_Links() function to create the link table records.
To allow this behavior to be overridden, see Functions_Guide.pdf in the accompanying materials download.).
SECURITY-RELATED TECHNIQUES
You can then include() it where needed (see the Setup .pdf in the accompanying materials download for information on how to do this). One way to avoid this is to put code in an include file to check where the file it's calling is located. Using PHP's eregi() regular expression function, you can check "who's calling" at the top of your configuration file - that is, compare that information to what you've defined.
Then, when the user tries to sign in to the app, the input is encoded using the same method and compared to what's in the table to see if there's a match. Therefore, random users would not be able to do anything with the information in the users table if they were able to access it. Scripts that allow you to set encrypted passwords are included in the accompanying materials download.
Although hackers can compromise your system in any number of ways—and there are a number of ways to deal with it if they do—you can take some precautions to make things more secure from outside adversaries on the first order. First, make sure register_globalsis is disabled in php.ini (or set it to that in your local .htaccess file).3 If this can't be changed, call input values (especially session values) using their full name of the super-global array (for example, $_SESSION["name"] instead of . $name). Although setting the php.ini settings for error_reportingto on and display_errorsto E_ALL (every error, including undefined variables, is reported) is fine during the development process, these settings can provide potential hackers with information they shouldn't have .
Always enclose query parameters in single quotes (for example name='$name') even if they are numeric (neither MySQL nor PostgreSQL care about this) and make sure all query elements are single quoted, either via the gpc_magic_quotesto onin php setting .ini or by using addslashes() on them.
