Online Photo Album Development using PHP and GD: Part 2 - 1,2,3, Testing (Page 5 of 5 ) First we test to see if the hidden variable "edit" has been set. This variable is set ONLY after an album has been edited. It may seem like we're working backwards, and that's what we're doing. We're checking to see if the album has been edited, then we check whether a specific album ID has been chosen. If neither of the two conditions is true, we display all albums in the database with a link to edit each. If the edit value has been set – in other words, we've edited our album details -- we test to ensure that each field has been completed. If not, we display an error message to the user, with an option to return back to the edit screen. If the fields have been completed, we connect to the database, and update the specific album. We then display a result page notifying that the album has been successfully updated:
<p><span style="background-color: #ffff00;">} else if ( !$_POST['edit'] && !empty($_GET['album_id'])){
<br />db_connect();
<br />// Retrieve album information
<br />$sql = "SELECT album_id, album_name, album_desc FROM albums WHERE album_id =
" . addslahes($_GET['album_id']);
<br />$result = @mysql_query( $sql ) or die("Error retrieving record: " . mysql_error());
<br />while($row = mysql_fetch_array( $result )){
<br />// Display edit page
<br />$msg .= "
<form action="edit_albums.php" method="post">";
<br />$msg .= "
<table cellspacing="0" cellpadding="5" width="60%" border="0">";
<br />$msg .= "
<tbody>
<tr>
<td>Album Name:</td>
<td>
<input id="album_name" type="text" size="40" value="" name="album_name" /></td></tr>";
<br />$msg .= "
<tr>
<td>Album Description:</td>
<td><textarea id="album_desc" name="album_desc" rows="4" cols="30">" . $row['album_desc'] . "</textarea></td></tr>";
<br />$msg .= "
<tr>
<td>
<input type="hidden" value="1" name="edit" />
<input type="hidden" value="" name="album_id" /></td>";
<br />$msg .= "
<td>
<input id="submit" type="submit" value="Continue" name="submit" />";
<br />$msg .= "<a href="/administrator/del_albums.php?album_id=">Delete</a>";
<br />$msg .= "</td></tr></tbody></table></form>";
<br />$album_name = $row['album_name'];
<br />}
<br />displayPage($msg, "Editing Album " . $album_name . ":");</span>
<br />
<br />Here we test to see if edit has NOT been set and whether an album ID HAS been
passed (set) through the URL query string (ie: edit_albums.php?album_id=1). If
the condition is met (true), we display our edit album form, which is simply a
table containing pre-filled fields. The value of each field is retrieved from
our database, via our SQL SELECT query:</p>
<p>
<td />
<input type="hidden" value="1" name="edit" />
<input type="hidden" value="" name="album_id" /></p>
<p>This is where our hidden fields reside. The first field is our edit variable
that has been tested above. The second holds the ID value of the current album
we are editing. These hidden fields are passed to the processing page as POST
variables once the form is submitted.</p>
<p>The last link we provide is a delete link, which allows us to delete the current
album we are editing. Here, we call the del_album.php script, and pass to it our
album's ID.</p>
<p><span style="background-color: #ffff00;">// Display album summaries
<br />} elseif ( !$_GET['album_id'] ){
<br />db_connect();
<br />// Retrieve all album information
<br />$sql = "SELECT album_id, album_name FROM albums";
<br />$result = @mysql_query( $sql ) or die( "Error retrieving records: " . mysql_error()
);
<br />$i = 0;
<br />while($row = mysql_fetch_array($result)){
<br />if (( $i % 2 ) == 0 && ( $i != 0 )){
<br />$msg .= ("
</tr />
<tr />");
<br />}
<br />$msg .= ("
<td />" . ($i + 1) . ". <a href="/administrator/'edit_albums.php?album_id=">" . $row['album_name'] . "
</td />");
<br />$i++;
<br />}
<br />displayPage( $msg, "Edit Albums", false );
<br />}
<p>This last test checks to see whether or not an album ID has been set. If not,
we display each album name, in the database, in an HTML table and give the option
of editing the album via a hyperlink:</p>
<p>Now that we've completed the option of adding and editing our albums, its time
to go ahead to add some pictures!</p>
<p>Our del_albums.php script is quite simple:</p>
<p><!--p<-->include_once("../include/config.php");
<br />// No album id has been selected
<br />if( !$_GET['album_id'] ){
<br />// Display error message to user
<br />$msg .= "Album not selected. Please choose an album you wish to delete!";
<br />$msg .= "
<br /><a href="/administrator/edit_album.php">Edit albums</a>";
<br />displayPage($msg, "Error Selecting Album");
<br />} else {
<br />db_connect();
<br />// Delete specified album
<br />$sql = "DELETE FROM albums WHERE album_id = " . addslashes($_GET['album_id']);
<br />$result = @mysql_query($sql) or die("Error deleting record: " . mysql_error());
<br />// Display success to user
<br />$msg .= "Album has been successfully deleted!
<br /><a href="/administrator/'index.php'">Return to Admin Menu</a>";
<br />displayPage($msg, "Album Deleted!");
<br />}
<br /></p></a>"; displayPage($msg, "Error Selecting Album"); } else { db_connect(); // Delete specified album $sql = "DELETE FROM albums WHERE album_id = " . addslashes($_GET['album_id']);
$result = @mysql_query($sql) or die("Error deleting record: " . mysql_error());
// Display success to user $msg .= "Album has been successfully deleted! "; displayPage($msg, "Album Deleted!"); }
</a />"; displayPage($msg, "Error Selecting Album"); } else { db_connect(); // Delete
specified album $sql = "DELETE FROM albums WHERE album_id = " . addslashes($_GET['album_id']);
$result = @mysql_query($sql) or die("Error deleting record: " . mysql_error());
// Display success to user $msg .= "Album has been successfully deleted! "; displayPage($msg,
"Album Deleted!"); }
</a /></span></p>
The del_albums.php script is simply checks to see that an album ID was passed to it. If not, an error message is displayed to the user. If an album ID has been passed, we create an SQL DELETE statement that removes the specified album from the database. | DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
|
