The PHP code of the page is very straightforward. The main page of the application sends over the project ID when the hyperlink with the project title is clicked. The view_ project page receives this ID, and then retrieves the project details based on the ID number. If you go back and look at the way our database tables are set up, you will notice that each table, with the exception of the users table, has a project ID field. The view_project page uses the same ID to retrieve project information from the following tables:

projects, staff, tasks and files

Once the information is gathered, it is organized and displayed on this page, as you can see from the earlier screen shot. The PHP code starts by including the usual bunch of files and then initializes variables:

<?php

include "dbcon.php";

include "functions.php";

//initialise variables

$alert =false;

Next, it checks whether a project id (pid) is sent over:

if(isset($_GET['pid'])){

If so, we start to filter the value. Although this value did not come from a form, we still need to check and verify it, since anyone can modify it while it is displayed in the browser. Because we know that the project ID is a number, it is easy to check it by using the is_numeric() function:

//clean pid

if(!is_numeric($_GET['pid'])){

//the value received is not numeric. redirect the user to login

header("location:login.php");

}

If it is indeed a number, then we need to escape it, before it is used in a MySQL query:

//otherwise clean the received value for query use

//get projects

$projectID = mysql_escape_string($_GET['pid']);

Once the variable has been escaped, we can retrieve the project details from the project table:

$getproject= "SELECT * FROM projects WHERE pid = '".$projectID."'";

$results = mysql_query($getproject);

$projectdetails = mysql_fetch_assoc($results);

Then we retrieve all the files that are connected to the project ID from the files table:

//get project files

$getfiles = "SELECT * FROM files WHERE p_id = '".$projectID."'";

$file_res = mysql_query($getfiles);

if(!$file_res){

echo mysql_error();

}else{

$num_files = mysql_num_rows($file_res);

}

And finally, we retrieve all the staff members that work on this project from the staff table:

//get project members

$getmembers = "SELECT name FROM staff WHERE p_id = '".$projectID."'";

$staff_res = mysql_query($getmembers);

if(!$staff_res){

echo mysql_error();

}else{

$num_staff = mysql_num_rows($staff_res);

}

}

The HTML part of the page basically displays the information that is gathered by these queries in an HTML table. If any of the queries return empty, then the appropriate message is displayed.

Conclusion

In the next article we will look at how to add new projects and how to change the contents of a project.