0% found this document useful (0 votes)
166 views17 pages

PHP 09 Crud

The document discusses the CRUD pattern for database operations. It describes the basic Create, Read, Update, and Delete functions. It then explains how to implement a multi-file CRUD application in PHP with database connections, queries, and form processing across several files to support adding, editing, viewing, and deleting database records.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
166 views17 pages

PHP 09 Crud

The document discusses the CRUD pattern for database operations. It describes the basic Create, Read, Update, and Delete functions. It then explains how to implement a multi-file CRUD application in PHP with database connections, queries, and form processing across several files to support adding, editing, viewing, and deleting database records.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 17

C.R.U.D.

Charles Severance
www.wa4e.com

http://www.wa4e.com/code/crud.zip
CRUD Pattern
• When we store things in database tables we generally
need
• Create - Insert a new row
• Read - Read existing row(s)
• Update - Change some values of a record
• Delete - Delete a record
• So far we have done most of CRUD
Our Program is a Little Ugly
Usually we create several screens
• Add new row
• View all rows (paging)
• View single row
• Edit single row
• Delete a row
Five Separate Files
• index.php - Main list and links to other files
• add.php - Add a new entry
• delete.php - Delete an entry
• edit.php - Edit existing
• view.php (if index.php needs a detail view)
<?php index.php
require_once "pdo.php";
session_start();
?>
<html><head></head>
<body>
<?php
if ( isset($_SESSION['error']) ) {
echo '<p style="color:red">'.$_SESSION['error']."</p>\n";
unset($_SESSION['error']);
}
if ( isset($_SESSION['success']) ) {
echo '<p style="color:green">'.$_SESSION['success']."</p>\n";
unset($_SESSION['success']);
}
echo('<table border="1">'."\n");
<?php index.php
echo('<table border="1">'."\n");
$stmt = $pdo->query("SELECT name, email, password, user_id FROM users");
while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ) {
echo "<tr><td>";
echo(htmlentities($row['name']));
echo("</td><td>");
echo(htmlentities($row['email']));
echo("</td><td>");
echo(htmlentities($row['password']));
echo("</td><td>");
echo('<a href="edit.php?user_id='.$row['user_id'].'">Edit</a> / ');
echo('<a href="delete.php?user_id='. $row['user_id'].'">Delete</a>');
echo("\n</form>\n");
echo("</td></tr>\n");
}
?>
</table>
<a href="add.php">Add New</a>
?>
<tr><td>Chuck</td><td>[email protected]</td><td>123</td><td>
<a href="edit.php?user_id=1">Edit</a> /
<a href="delete.php?user_id=1">Delete</a></td></tr>

<tr><td>Glenn</td><td>[email protected]</td><td>456</td><td>
<a href="edit.php?user_id=2">Edit</a> /
<a href="delete.php?user_id=2">Delete</a></td></tr>
<?php
require_once "pdo.php";
session_start(); add.php
if ( isset($_POST['name']) && isset($_POST['email'])
&& isset($_POST['password'])) {
$sql = "INSERT INTO users (name, email, password)
VALUES (:name, :email, :password)";
$stmt = $pdo->prepare($sql);
$stmt->execute(array(
':name' => $_POST['name'],
':email' => $_POST['email'],
':password' => $_POST['password']));
$_SESSION['success'] = 'Record Added';
header( 'Location: index.php' ) ;
return;
}
?>
<p>Add A New User</p>
<form method="post">
<p>Name:<input type="text" name="name"></p>
<p>Email:<input type="text" name="email"></p>
<p>Password:<input type="password" name="password"></p>
<p><input type="submit" value="Add New"/>
<a href="index.php">Cancel</a></p>
</form>
<?php
if ( isset($_POST['name']) && isset($_POST['email'])
&& isset($_POST['password'])) {
$sql = "INSERT INTO users (name, email, password)
VALUES (:name, :email, :password)";
$stmt = $pdo->prepare($sql);
$stmt->execute(array(
':name' => $_POST['name'],
':email' => $_POST['email'],
':password' => $_POST['password'])); if ( isset($_SESSION['success']) ) {
$_SESSION['success'] = 'Record Added'; echo '<p style="color:green">'.$_SESSION['success']."</p>\n";
header( 'Location: index.php' ) ; unset($_SESSION['success']);
}
return;
<?php
require_once "pdo.php";
session_start(); delete.php
if ( isset($_POST['delete']) && isset($_POST['user_id']) ) {
$sql = "DELETE FROM users WHERE user_id = :zip";
$stmt = $pdo->prepare($sql);
$stmt->execute(array(':zip' => $_POST['user_id']));
Don't alter
$_SESSION['success'] = 'Record deleted'; data in a GET.
header( 'Location: index.php' ) ;
return;
}
$stmt = $pdo->prepare("SELECT name, user_id FROM users where user_id = :xyz");
$stmt->execute(array(":xyz" => $_GET['user_id']));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ( $row === false ) {
$_SESSION['error'] = 'Bad value for user_id';
header( 'Location: index.php' ) ;
return;
}
?>
<p>Confirm: Deleting <?= htmlentities($row['name']) ?></p>

<form method="post"><input type="hidden"


name="user_id" value="<?= $row['user_id'] ?>">
<input type="submit" value="Delete" name="delete">
<a href="index.php">Cancel</a>
</form>
<?php
if ( isset($_POST['delete']) && isset($_POST['user_id']) ) {
$sql = "DELETE FROM users WHERE user_id = :zip";
$stmt = $pdo->prepare($sql);
$stmt->execute(array(':zip' => $_POST['user_id']));
$_SESSION['success'] = 'Record deleted';
header( 'Location: index.php' ) ;
return;
}
if ( isset($_SESSION['success']) ) {
?>
echo '<p style="color:green">'.$_SESSION['success']."</p>\n";
unset($_SESSION['success']);}
<?php
require_once "pdo.php";
session_start();
edit.php
if ( isset($_POST['name']) && isset($_POST['email'])
&& isset($_POST['password']) && isset($_POST['user_id']) ) {
$sql = "UPDATE users SET name = :name,
email = :email, password = :password
WHERE user_id = :user_id";
$stmt = $pdo->prepare($sql);
$stmt->execute(array(
':name' => $_POST['name'],
':email' => $_POST['email'],
':password' => $_POST['password'],
':user_id' => $_POST['user_id']));
$_SESSION['success'] = 'Record updated';
header( 'Location: index.php' ) ;
return;
}
$stmt = $pdo->prepare("SELECT * FROM users where user_id = :xyz");
$stmt->execute(array(":xyz" => $_GET['user_id']));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ( $row === false ) {
$_SESSION['error'] = 'Bad value for user_id';
header( 'Location: index.php' ) ;
return;
}
$n = htmlentities($row['name']);
$e = htmlentities($row['email']);
$p = htmlentities($row['password']);
$user_id = $row['user_id'];
?>
<p>Edit User</p>
<form method="post">
<p>Name:
<input type="text" name="name" value="<?= $n ?>"></p>
<p>Email:
<input type="text" name="email" value="<?= $e ?>"></p>
<p>Password:
<input type="text" name="password" value="<?= $p ?>"></p>
<input type="hidden" name="user_id" value="<?= $user_id ?>">
<p><input type="submit" value="Update"/>
<a href="index.php">Cancel</a></p>
</form>
edit.php
if ( isset($_POST['name']) && isset($_POST['email'])
&& isset($_POST['password']) && isset($_POST['user_id']) ) {
edit.php
$sql = "UPDATE users SET name = :name,
email = :email, password = :password
WHERE user_id = :user_id";
$stmt = $pdo->prepare($sql);
$stmt->execute(array(
':name' => $_POST['name'],
':email' => $_POST['email'],
':password' => $_POST['password'],
':user_id' => $_POST['user_id']));
$_SESSION['success'] = 'Record updated';
header( 'Location: index.php' ) ;
return;
}
Summary
• Making database connections
• Doing database operations
• SQL security (a.k.a. we love PDO prepared statements)
• Exploring errors...
• A multi-file CRUD application with redirect
Acknowledgements / Contributions
These slides are Copyright 2010- Charles R. Severance Continue new Contributors and Translators here
(www.dr-chuck.com) as part of www.wa4e.com and made
available under a Creative Commons Attribution 4.0 License.
Please maintain this last slide in all copies of the document to
comply with the attribution requirements of the license. If
you make a change, feel free to add your name and
organization to the list of contributors on this page as you
republish the materials.

Initial Development: Charles Severance, University of Michigan


School of Information

Insert new Contributors and Translators here including names


and dates

You might also like