Jump to content
Larry Ullman's Book Forums

Chapter 10 Exercises With Edit_User.Php And Delete_User.Php


Recommended Posts

Hello. I want to do the exercises at the end of chapter 10 but I need help. If any one can help that would be greatly appreciated.

 

Here is the code and I have commented in what needs to happen according to the book's exercises:

 

Change the delete and edit user pages so that they display the user being affected in the title bar of your browser window.<?php # Script 10.2 - delete_user.php
// This page is for deleting a user record.
// This page is accessed through view_users.php.
 
$page_title = 'Delete a User';
include ('includes/header.html');
echo '<h1>Delete a User</h1>';
 
// Check for a valid user ID, through GET or POST:
if ( (isset($_GET['id'])) && (is_numeric($_GET['id'])) ) { // From view_users.php
        $id = $_GET['id'];
} elseif ( (isset($_POST['id'])) && (is_numeric($_POST['id'])) ) { // Form submission.
        $id = $_POST['id'];
} else { // No valid ID, kill the script.
        echo '<p class="error">This page has been accessed in error.</p>';
        include ('includes/footer.html');
        exit();
}
 
require ('../mysqli_connect.php');
 
// Check if the form has been submitted:
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 
        if ($_POST['sure'] == 'Yes') { // Delete the record.
 
                // Make the query:
                $q = "DELETE FROM users WHERE user_id=$id LIMIT 1";            
                $r = @mysqli_query ($dbc, $q);
                if (mysqli_affected_rows($dbc) == 1) { // If it ran OK.
 
                        // Print a message:
                        echo '<p>The user has been deleted.</p>';      
 
                } else { // If the query did not run OK.
                        echo '<p class="error">The user could not be deleted due to a system error.</p>'; // Public message.
                        echo '<p>' . mysqli_error($dbc) . '<br />Query: ' . $q . '</p>'; // Debugging message.
                }
       
        } else { // No confirmation of deletion.
                echo '<p>The user has NOT been deleted.</p>';
        }
 
} else { // Show the form.
 
        // Retrieve the user's information:
        $q = "SELECT CONCAT(last_name, ', ', first_name) FROM users WHERE user_id=$id";
        $r = @mysqli_query ($dbc, $q);
 
        if (mysqli_num_rows($r) == 1) { // Valid user ID, show the form.
 
                // Get the user's information:
                $row = mysqli_fetch_array ($r, MYSQLI_NUM);
               
                // Display the record being deleted:
                echo "<h3>Name: $row[0]</h3>
                Are you sure you want to delete this user?";
               
                // Create the form:
                echo '<form action="delete_user.php" method="post">
        <input type="radio" name="sure" value="Yes" /> Yes
        <input type="radio" name="sure" value="No" checked="checked" /> No
        <input type="submit" name="submit" value="Submit" />
        <input type="hidden" name="id" value="' . $id . '" />
        </form>';
       
        } else { // Not a valid user ID.
                echo '<p class="error">This page has been accessed in error.</p>';
        }
 
} // End of the main submission conditional.
 
mysqli_close($dbc);
               
include ('includes/footer.html');
/*This is what needs to happen:
Change the delete and edit user pages so that
they display the user being affected in the title bar of your browser window.
 
Modify edit_user.php so that you can also change a user's password (remember to SHA the password for storage in the database).
*/
?>
<?php # Script 10.3 - edit_user.php
// This page is for editing a user record.
// This page is accessed through view_users.php.
 
$page_title = 'Edit a User';
include ('includes/header.html');
echo '<h1>Edit a User</h1>';
 
// Check for a valid user ID, through GET or POST:
if ( (isset($_GET['id'])) && (is_numeric($_GET['id'])) ) { // From view_users.php
        $id = $_GET['id'];
} elseif ( (isset($_POST['id'])) && (is_numeric($_POST['id'])) ) { // Form submission.
        $id = $_POST['id'];
} else { // No valid ID, kill the script.
        echo '<p class="error">This page has been accessed in error.</p>';
        include ('includes/footer.html');
        exit();
}
 
require ('../mysqli_connect.php');
 
// Check if the form has been submitted:
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 
        $errors = array();
       
        // Check for a first name:
        if (empty($_POST['first_name'])) {
                $errors[] = 'You forgot to enter your first name.';
        } else {
                $fn = mysqli_real_escape_string($dbc, trim($_POST['first_name']));
        }
       
        // Check for a last name:
        if (empty($_POST['last_name'])) {
                $errors[] = 'You forgot to enter your last name.';
        } else {
                $ln = mysqli_real_escape_string($dbc, trim($_POST['last_name']));
        }
 
        // Check for an email address:
        if (empty($_POST['email'])) {
                $errors[] = 'You forgot to enter your email address.';
        } else {
                $e = mysqli_real_escape_string($dbc, trim($_POST['email']));
        }
       
        if (empty($errors)) { // If everything's OK.
       
                //  Test for unique email address:
                $q = "SELECT user_id FROM users WHERE email='$e' AND user_id != $id";
                $r = @mysqli_query($dbc, $q);
                if (mysqli_num_rows($r) == 0) {
 
                        // Make the query:
                        $q = "UPDATE users SET first_name='$fn', last_name='$ln', email='$e' WHERE user_id=$id LIMIT 1";
                        $r = @mysqli_query ($dbc, $q);
                        if (mysqli_affected_rows($dbc) == 1) { // If it ran OK.
 
                                // Print a message:
                                echo '<p>The user has been edited.</p>';       
                               
                        } else { // If it did not run OK.
                                echo '<p class="error">The user could not be edited due to a system error. We apologize for any inconvenience.</p>'; // Public message.
                                echo '<p>' . mysqli_error($dbc) . '<br />Query: ' . $q . '</p>'; // Debugging message.
                        }
                               
                } else { // Already registered.
                        echo '<p class="error">The email address has already been registered.</p>';
                }
               
        } else { // Report the errors.
 
                echo '<p class="error">The following error(s) occurred:<br />';
                foreach ($errors as $msg) { // Print each error.
                        echo " - $msg<br />\n";
                }
                echo '</p><p>Please try again.</p>';
       
        } // End of if (empty($errors)) IF.
 
} // End of submit conditional.
 
// Always show the form...
 
// Retrieve the user's information:
$q = "SELECT first_name, last_name, email FROM users WHERE user_id=$id";               
$r = @mysqli_query ($dbc, $q);
 
if (mysqli_num_rows($r) == 1) { // Valid user ID, show the form.
 
        // Get the user's information:
        $row = mysqli_fetch_array ($r, MYSQLI_NUM);
       
        // Create the form:
        echo '<form action="edit_user.php" method="post">
<p>First Name: <input type="text" name="first_name" size="15" maxlength="15" value="' . $row[0] . '" /></p>
<p>Last Name: <input type="text" name="last_name" size="15" maxlength="30" value="' . $row[1] . '" /></p>
<p>Email Address: <input type="text" name="email" size="20" maxlength="60" value="' . $row[2] . '"  /> </p>
<p><input type="submit" name="submit" value="Submit" /></p>
<input type="hidden" name="id" value="' . $id . '" />
</form>';
 
} else { // Not a valid user ID.
        echo '<p class="error">This page has been accessed in error.</p>';
}
 
mysqli_close($dbc);
               
include ('includes/footer.html');
/*This is what needs to happen:
Change the delete and edit user pages so that
they display the user being affected in the title bar of your browser window.
 
Modify edit_user.php so that you can also change a user's password (remember to SHA the password for storage in the database).
*/
?>

 

Link to comment
Share on other sites

Here are what the exercises are in case you do not want to refer to the comments. Thanks

1.Change the delete and edit user pages so that
they display the user being affected in the title bar of your browser window.
 
2.Modify edit_user.php so that you can also change a user's password (remember to SHA the password for storage in the database).
Link to comment
Share on other sites

So I gather you have questions about how to do those things? If so, as for #1, you'll need to SELECT the user's record from the database before including the header, so that you can use the user's info in the title tag.

 

For #2, you would present two inputs for submitting passwords. Then, if those aren't empty, you'd validate them and update the database for the new password.

Link to comment
Share on other sites

 Share

×
×
  • Create New...