Comp 353 MySQL/PHP assignment
Due: April 26, 2011 (M.O.L.)
I have given you employees.php (also lib353.php), which creates a page that displays
the employees table from the database and then allows entry of
additional employees. We'll call this the Employee_Add page.
You are to create additional pages for the following:
- Employee_Update (employee_update.php): You enter a Ssn in one field, and click retrieve.
This fills in the other fields with the retrieved values for that
employee; the user can then edit some or all of them. You then click update to update the entire record with the new values. For simplicity, you may assume
that the Ssn field does not change. A nice touch is to display the
entire employee table, as in Employee_Add, so you can copy/paste Ssns. The preliminary version we did in class is here: empupdate.php.
- Project_Add (projects.php) Like Employee_Add, except for adding new projects. This is the easiest of these three.
- Works_on_Update
(works_on.php): Allows
entry of an employee Ssn, a project pno, and a value for hours.
Relevant columns of Project and Employee are shown (for Employee, there
is no need here for bdate, address, sex, salary). Ideally this page
will allow both new entries (assigning employees to projects) and
updates (adjusting the value for hours).
All pages (including Empoyee_Add) should validate all input data; that
is, Ssn should be 9 numeric characters, Sex should be 'M' or 'F', and
salary should be positive. All pages should also perform all
foreign-key checks; MySQL after all does not do these automatically.
That is, you should check in Employee_Add that super_ssn is a valid
employee Ssn, and that dno is a valid department number.
You should use prepared statements exclusively for MySQL queries. See the file employees.php for examples. However, you do not have to implement any protections against html injection (XSS attacks).
Good software design should be used throughout. Bulk HTML should, where possible, be created in heredoc format.
Navigation between pages is most easily implemented with php buttons in a different <form>; for example, on employee.php we would create our primary form with the following:
<form method="post" action="">
<input type="text" name="pname" value="demolition"><p>
...
<input type="submit" name="submit" value="submit data"><p>
<input type="submit" name="update" value="update">
</form>
Note that in the first line the form's action
is defined to be the empty string, meaning that employees.php will be
run again (but now with different data in $_POST[], which we can test
for). The buttons that trigger this action are the two input objects of type="submit"
at the bottom; we distinguish which was clicked by checking $_POST with
index "submit" or "update". Clicking these buttons will always run the
employees.php file, though.
Now we add a second form, as follows:
<form method="post" action="projects.php">
<input type="submit" value="projects">
</form>
This second form immediately follows the close of the first. Because it is a new form, it can have a new action, in this case projects.php; clicking on the button will launch the form action, projects.php. The value is what appears printed in the button; I did not assign a name attribute because we do not look in $_POST for any information as to this button.
Those enrolled for graduate credit should also implement the following:
Use <select> menus for things like Dept_name and Proj_name;
the numeric equivalents should not be used. (You can also use this for
the Sex attribute, but this is a special case because 'M' and 'F' do
not come from some other table.)
If some entries are missing, figure out how to highlight them, and make
it clear to the user that the form is incomplete. (You can embed this
logic entirely in the form; you do not have to read from the database which fields have a NOT NULL constraint.)
Create an additional page Dependents for adding dependents. Like the
Employee_Update page, you will first enter an employee Ssn, and then be
allowed to enter one or more dependents of that employee (with multiple
clicks).
You can work on this on your own machine, having installed LAMP or WAMP (instructions here). Note that you will also have to install the MDB2 PEAR library, at pear.php.net.
PEAR woes
I think you need only four files from PEAR: PEAR.php, PEAR5.php, MDB2.php and mysqli.php. If you are
having trouble getting PEAR to install, just download the
copies listed in the previous sentence (right-click and do save page as), put them in your project
directory, and then include them (not require them!) with
include 'MDB2.php';
I'm still working on where to put the mysqli.php driver.
Let me know if you have other problems (eg version-related, or if there
were unforeseen dependencies somewhere). I modified MDB2.php so that it
would include PEAR.php rather than require it (include looks first in the local directory; require
seems to look first in the library directory). If you have your own
copies of PEAR.php, PEAR5.php and MDB2.php, and you're having trouble
using mine due to, say, OS or version differences, make that same
change to MDB2.php and try your versions in your project directory.
LAMP
Alternatively, you can work on the CS department LAMP server lamp.cslabs.luc.edu.
Your login credentials are the same as for random.cs.luc.edu or other
CS servers. Outside of Loyola you will need to ssh into random/infinity
first, and from there to lamp.cslabs.luc.edu.
MySQL is running on cslabs.luc.edu. Your database name is your uvid and
database username is your uvid too. The database password is
pxxxxx (p followed by the last FIVE digits of your student ID, eg
00001234567).
You test your work by accessing the page, within Loyola, as
http://lamp.cslabs.luc.edu/~uvid/employees.php
This assumes you have put your employees.php file into your subdirectory public_html.
Outside of Loyola you can use http://webpages.cs.luc.edu/~uvid, but php will not actually run.
phpinfo()
The simplest php program is probably
<?php
phpinfo()
?>
lib353.php
We've already discussed table_format().
I recommend using connect() in my lib353.php
file. Note that if connect() fails, you should change 'mysqli' to
'mysql' in connect; see the comment. The latest version tries 'mysqli'
first, and, if that fails, tries 'mysql'; it may still lead to annoying
warning messages.
Note also that lib353.php now includes the line
error_reporting (E_ALL & ~E_NOTICE);
This line controls the kind of error messages you get. Other choices:
E_ALL
// adds E_NOTICE
E_ALL | E_STRICT // adds E_STRICT
E_ALL & ~E_NOTICE & ~E_DEPRECATED // takes away E_DEPRECATED, not avail on my machine
If you wish to turn on E_STRICT, I recommend doing that after MDB2.php is loaded.
I also added makePageButtons(); this draws a bar of four buttons
for the four pages. If you add a page, add a button here. If you rename
a page, update this appropriately.
debugging
Note that you can set the error messages with, eg
error_reporting (E_ALL & ~E_NOTICE);
You are likely to get significant messages if you either enable E_STRICT, or fail to disable E_NOTICE (as is done above).
If you get the message
Fatal error: Call to undefined method MDB2_Error::execute() in ....
the likeliest cause is that you called $stmt->execute($args) when $stmt was earlier the result of an error.
M.O.L = More or Less