 PHP Page 3 - Completing the Project Management Application |
The view_staff script - PHPIn this article we are going to look at the last three scripts for this application. They deal with viewing the names of staff members who work on a project and adding staff to a project. They will also enable you to remove staff from a project. This article is the conclusion to a seven-part series.
print this article SEARCH DEV SHED |
The view staff page lists all the staff members that are involved in a project. It runs a query to retrieve all the names from the staff table that match a particular project id, and then builds a dynamic table based on the result of the table. Below is a screen shot of what the page looks like:
And below is the code that makes up the page: <?php include "dbcon.php"; include "functions.php"; if(isset($_GET['pid'])){ //clean pid if(!is_numeric($_GET['pid'])){ //the value received is not numeric. redirect the user to login header("location:login.php"); } //otherwise clean the received value for query use $cpid = mysql_escape_string($_GET['pid']); //get project name $getname = "SELECT title FROM projects WHERE pid = '".$cpid."'"; $g_result = mysql_query($getname); if(!$g_result){ echo mysql_error() }else{ $rowname = mysql_fetch_assoc($g_result); $title = $row['title']; } //get the files $gettaff="SELECT * FROM staff WHERE p_id = '".$cpid."' ORDER BY sid"; $result = mysql_query($gettaff); if(!$result){ echo mysql_error(); }else{ $num=mysql_num_rows($result); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/PM_Main.dwt.php" codeOutsideHTMLIsLocked="false" --> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <!-- InstanceBeginEditable name="doctitle" --> <title>Untitled Document</title> <!-- InstanceEndEditable --> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="Templates/main.css" rel="stylesheet" type="text/css" /> </head> <body> <table width="100%" border="0"> <tr> <td width="33%"> </td> <td width="28%"> </td> <td width="39%">Logged in: <!-- InstanceBeginEditable name="login" --><? echo $_SESSION['name'];?> | <a href="logout.php">Logout</a><!-- InstanceEndEditable --></td> </tr> <tr> <td colspan="3" bgcolor="#6699CC" class="headertxt">Project Management Software </td> </tr> <tr> <td colspan="3"><!-- InstanceBeginEditable name="main" --> <table width="99%" border="0"> <tr> <td colspan="2" class="loginheader"><?php echo $title;?> </td> </tr> <tr> <td width="44%">Members of this project: </td> <td width="56%"> </td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td><strong> Name</strong></td> <td><strong>Action</strong></td> </tr> <?php if($num > 0){ while($row = mysql_fetch_assoc($result)){?> <tr> <td><?php echo $row['name']?> </td> <td><a href="delete_member.php?sid=<?php echo $row['sid']?> & cpid=<?php echo $cpid?> ">Delete</a></td> </tr> <?php } }else{ ?> <tr> <td colspan="2"><p>There are no members registered for this project.</p></td> </tr> <?php }
?> </table><!-- InstanceEndEditable --></td> </tr> <tr> <td colspan="3"><!-- InstanceBeginEditable name="nav" --><a href="main.php">View Project List</a> | <a href="admin/login.php">Administrators Corner </a><!-- InstanceEndEditable --></td> </tr> <tr> <td align="right" class="cright" colspan="3">copyright © 2007 PM </td> </tr> </table> </body> <!-- InstanceEnd --></html> delete <?php include "dbcon.php"; include "functions.php"; $remove = "DELETE FROM staff WHERE sid = '".$_GET['sid']."'"; mysql_query($remove); header("localtion:view_staff.php?pid=".$_GET['cpid'].""); ?> The code starts by checking to see if the pid is numeric or not. If it is not numeric, we will not be able to run the script at all. If it is numeric, it is escaped and ready to be used in a MySQL query: <?php include "dbcon.php"; include "functions.php"; if(isset($_GET['pid'])){ //clean pid if(!is_numeric($_GET['pid'])){ //the value received is not numeric. redirect the user to login header("location:login.php"); } //otherwise clean the received value for query use $cpid = mysql_escape_string($_GET['pid']); PHP then runs a query to retrieve the name of the project concerned, and stores the name in a variable called $title: //get project name $getname = "SELECT title FROM projects WHERE pid = '".$cpid."'"; $g_result = mysql_query($getname); if(!$g_result){ echo mysql_error() }else{ $rowname = mysql_fetch_assoc($g_result); $title = $row['title']; } Finally the query to get the list of staff names that work on the project is queried. The results are then stored in the $num variable: //get the files $getstaff="SELECT * FROM staff WHERE p_id = '".$cpid."' ORDER BY sid"; $result = mysql_query($gettaff); if(!$result){ echo mysql_error(); }else{ $num=mysql_num_rows($result); } ?>
blog comments powered by Disqus |
/ 7 
Oracle Releases Communications Network Integrity 7.1
