iwato

Yes, I am preparing AJAX now. First, I had to discover a good CRUD model. There are several on the net, and always they are filled with new code that takes a while to wade through. The discovery is interesting and has nearly always proven beneficial, but the process is long and arduous. Back to my question: I assume that most browser network consoles operate similarly. If the page appears in the console as previously described what is being evidence -- any and all HTTP requests?

So, if upon clicking on the submit button with the console turned on, the same page appears under Network, then the page has reloaded. Is this correct?

In short, there is no page reload. Is this correct?

In this same context. BACKGROUND: I have two pages: one called index.php and another called crud.php. The latter page is included into the index.php page when the index.php is requested. Inside the index.php file is a form that produces several post variables that are transferred via a $_POST superglobal when the form data is submitted. The resulting $_POST superglobal is examined for content via an isset( ) functions that is part of the condition of an if-statement found in crud.php. The data contained in the $_POST is then processed and sent to a MySQL database within the body of the if-statement. At no point in this procedure is the $_SERVER superglobal invoked. The form element's method attribute is simply set to post. The action attribute is omitted. QUESTION: From the point of view of the browser is the transfer of data from the form to the if-statement and eventually to the database all conducted on the same page?

Donesuk: So, if I have understood correctly, always sanitize when using $_GET requests. JSG: I get your point. When I think of HTTP requests, I rarely think in terms of the $_SERVER variable, as the request and response are performed automatically and are rarely visible except for the realized webpage. I should probably have written "The first time that the page is requested there is no QUERY_STRING", for this would cover both $_GET and $_POST requests as was my original intention. Roddy

Dsonesuk and JSG: QUESTION ONE: The first time that the page is requested there is no HTTP Request. If I have understood correctly, when the link in question is clicked, the page is reloaded and a $_GET variable is generated. Because the page opens to itself is there a need for sanitization? QUESTION TWO: Is it necessary to reload the page in order to generate an HTTP request. Or, is it enough that the statement that receives the request be included from another file? Roddy

JSG: What do you think was meant by the words, There appears to be a degree of uncertainty in this method. How do you respond to Dsonesuk on this matter?

Based on the aforesaid, it appears appears to be a dangerous short-cut. Would it be better to write the query, say with a PHP magical constant?

I recently stumbled on still another piece of code to which I am not accustomed <a href="?edit=<?php echo $row['obs']; ?>" onclick="return confirm('sure to edit !'); " >edit</a> How does one read the phrase ?edit= in plain English? Roddy

Please consider the following two sets of code. Are they not identical in their functionality? BACKGROUND: I am troubled by the following set of code, for it intertwines PHP and HTML in a way that, for me, is neither intuitive, nor reasonable based on my limited knowledge of how PHP and HTML work. This said, it appears to work. <?php if(isset($_GET['edit'])) { ?> <button type="submit" name="update">update</button> <?php } else { ?> <button type="submit" name="save">save</button> <?php } ?> ANALYSIS: Had I written the code I would have felt compelled to enter the <button> elements as part of PHP echo statements. QUESTION: Is this proper coding technique? Roddy

Never mind, please. I have since discovered the meaning and use of prepared statements. I have employed them on my own pages in the past. Simply I was not thinking about security when I employed them and did not make the connection between the mysqli_stmt object and the prepare( ) statement in this context. By the way, I have since downloaded a different CRUD suite that does not use Bootstrap and Mysqli PDO, but does use prepared statements. Please respond to the rest of the question, however. Roddy

Please find below a copy of the entire class and a list of the occurrences of the property call $this->db. In the end can you explain the overall use of this statement? Why, for example, would $this->db not be listed as $db in the parameter list at the outset? Is this because it is a working variable within the class that takes only dynamically assigned values? ~/Sites/reflexive/javascript_practice/ajax/crud/db.php:22: $this->db = $conn; ~/Sites/reflexive/javascript_practice/ajax/crud/db.php:56: $result = $this->db->query($sql); ~/Sites/reflexive/javascript_practice/ajax/crud/db.php:102: $insert = $this->db->query($query); ~/Sites/reflexive/javascript_practice/ajax/crud/db.php:103: return $insert?$this->db->insert_id:false; ~/Sites/reflexive/javascript_practice/ajax/crud/db.php:138: $update = $this->db->query($query); ~/Sites/reflexive/javascript_practice/ajax/crud/db.php:139: return $update?$this->db->affected_rows:false; ~/Sites/reflexive/javascript_practice/ajax/crud/db.php:162: $delete = $this->db->query($query); <?php /* * DB Class * This class is used for database related (connect, insert, update, and delete) operations * @author CodexWorld.com * @url http://www.codexworld.com * @license http://www.codexworld.com/license */ class DB{ private $dbHost = "..."; private $dbUsername = "..."; private $dbPassword = "..."; private $dbName = "..."; public function __construct(){ if($this->dbName){ // Connect to the database $conn = new mysqli($this->dbHost, $this->dbUsername, $this->dbPassword, $this->dbName); if($conn->connect_error){ die("Failed to connect with MySQL: " . $conn->connect_error); }else{ $this->db = $conn; } } } /* * Returns rows from the database based on the conditions * @param string name of the table * @param array select, where, order_by, limit and return_type conditions */ public function getRows($table,$conditions = array()){ $sql = 'SELECT '; $sql .= array_key_exists("select",$conditions)?$conditions['select']:'*'; $sql .= ' FROM '.$table; if(array_key_exists("where",$conditions)){ $sql .= ' WHERE '; $i = 0; foreach($conditions['where'] as $key => $value){ $pre = ($i > 0)?' AND ':''; $sql .= $pre.$key." = '".$value."'"; $i++; } } if(array_key_exists("order_by",$conditions)){ $sql .= ' ORDER BY '.$conditions['order_by']; } if(array_key_exists("start",$conditions) && array_key_exists("limit",$conditions)){ $sql .= ' LIMIT '.$conditions['start'].','.$conditions['limit']; }elseif(!array_key_exists("start",$conditions) && array_key_exists("limit",$conditions)){ $sql .= ' LIMIT '.$conditions['limit']; } $result = $this->db->query($sql); if(array_key_exists("return_type",$conditions) && $conditions['return_type'] != 'all'){ switch($conditions['return_type']){ case 'count': $data = $result->num_rows; break; case 'single': $data = $result->fetch_assoc(); break; default: $data = ''; } }else{ if($result->num_rows > 0){ while($row = $result->fetch_assoc()){ $data[] = $row; } } } return !empty($data)?$data:false; } /* * Insert data into the database * @param string name of the table * @param array the data for inserting into the table */ public function insert($table,$data){ if(!empty($data) && is_array($data)){ $columns = ''; $values = ''; $i = 0; if(!array_key_exists('created',$data)){ $data['created'] = date("Y-m-d H:i:s"); } if(!array_key_exists('modified',$data)){ $data['modified'] = date("Y-m-d H:i:s"); } foreach($data as $key=>$val){ $pre = ($i > 0)?', ':''; $columns .= $pre.$key; $values .= $pre."'".$val."'"; $i++; } $query = "INSERT INTO ".$table." (".$columns.") VALUES (".$values.")"; $insert = $this->db->query($query); return $insert?$this->db->insert_id:false; }else{ return false; } } /* * Update data into the database * @param string name of the table * @param array the data for updating into the table * @param array where condition on updating data */ public function update($table,$data,$conditions){ if(!empty($data) && is_array($data)){ $colvalSet = ''; $whereSql = ''; $i = 0; if(!array_key_exists('modified',$data)){ $data['modified'] = date("Y-m-d H:i:s"); } foreach($data as $key=>$val){ $pre = ($i > 0)?', ':''; $colvalSet .= $pre.$key."='".$val."'"; $i++; } if(!empty($conditions)&& is_array($conditions)){ $whereSql .= ' WHERE '; $i = 0; foreach($conditions as $key => $value){ $pre = ($i > 0)?' AND ':''; $whereSql .= $pre.$key." = '".$value."'"; $i++; } } $query = "UPDATE ".$table." SET ".$colvalSet.$whereSql; $update = $this->db->query($query); return $update?$this->db->affected_rows:false; }else{ return false; } } /* * Delete data from the database * @param string name of the table * @param array where condition on deleting data */ public function delete($table,$conditions){ $whereSql = ''; if(!empty($conditions)&& is_array($conditions)){ $whereSql .= ' WHERE '; $i = 0; foreach($conditions as $key => $value){ $pre = ($i > 0)?' AND ':''; $whereSql .= $pre.$key." = '".$value."'"; $i++; } } $query = "DELETE FROM ".$table.$whereSql; $delete = $this->db->query($query); return $delete?true:false; } }

I am now able to connect to the database via the DB class, and the error message for the statement if(!$this->db){ Although I agree that the property is undefined, I do not understand the purpose of the statement in the first place. Also, what do you mean by the term prepared statements?

Yes, I agree. It appears that database connection is failing, but why? My test for instantiation proves positive. Can you explain the likely meaning of the following statement? $this->db It does not appear to refer to anything. Is it possible for it to refer to something that could appear later in the class. I have only exhibited a portion of the entire class. Also, what kinds of protection were you thinking of? All of the parameters are private. Please respond before the weekend begins, and have a good weekend yourself. You have been very helpful.

<?php /* * DB Class * This class is used for database related (connect, insert, update, and delete) operations * @author CodexWorld.com * @url http://www.codexworld.com * @license http://www.codexworld.com/license */ class DB{ private $dbHost = "..."; private $dbUsername = "..."; private $dbPassword = "..."; private $dbName = "..."; public function __construct(){ if(!$this->db){ // Connect to the database $conn = new mysqli($this->dbHost, $this->dbUsername, $this->dbPassword, $this->dbName); if($conn->connect_error){ die("Failed to connect with MySQL: " . $conn->connect_error); }else{ $this->db = $conn; } } } /* * Returns rows from the database based on the conditions * @param string name of the table * @param array select, where, order_by, limit and return_type conditions */ public function getRows($table,$conditions = array()){ $sql = 'SELECT '; $sql .= array_key_exists("select",$conditions)?$conditions['select']:'*'; $sql .= ' FROM '.$table; if(array_key_exists("where",$conditions)){ $sql .= ' WHERE '; $i = 0; foreach($conditions['where'] as $key => $value){ $pre = ($i > 0)?' AND ':''; $sql .= $pre.$key." = '".$value."'"; $i++; } } if(array_key_exists("order_by",$conditions)){ $sql .= ' ORDER BY '.$conditions['order_by']; } if(array_key_exists("start",$conditions) && array_key_exists("limit",$conditions)){ $sql .= ' LIMIT '.$conditions['start'].','.$conditions['limit']; }elseif(!array_key_exists("start",$conditions) && array_key_exists("limit",$conditions)){ $sql .= ' LIMIT '.$conditions['limit']; } $result = $this->db->query($sql); if(array_key_exists("return_type",$conditions) && $conditions['return_type'] != 'all'){ switch($conditions['return_type']){ case 'count': $data = $result->num_rows; break; case 'single': $data = $result->fetch_assoc(); break; default: $data = ''; } }else{ if($result->num_rows > 0){ while($row = $result->fetch_assoc()){ $data[] = $row; } } } return !empty($data)?$data:false; } } $test = new DB(); if ($test instanceof DB) { echo 'Instantiated'; } else { echo 'Uninstantiated. Include failed.'; } $conditions = []; $tbl_name = 'rss2_podcast_item'; $test->getRows($tbl_name, $conditions); function getRows($mysqli_obj, $table,$conditions = array()){ $sql = 'SELECT '; $sql .= array_key_exists("select",$conditions)?$conditions['select']:'*'; $sql .= ' FROM '.$table; if(array_key_exists("where",$conditions)){ $sql .= ' WHERE '; $i = 0; foreach($conditions['where'] as $key => $value){ $pre = ($i > 0)?' AND ':''; $sql .= $pre.$key." = '".$value."'"; $i++; } } if(array_key_exists("order_by",$conditions)){ $sql .= ' ORDER BY '.$conditions['order_by']; } if(array_key_exists("start",$conditions) && array_key_exists("limit",$conditions)){ $sql .= ' LIMIT '.$conditions['start'].','.$conditions['limit']; }elseif(!array_key_exists("start",$conditions) && array_key_exists("limit",$conditions)){ $sql .= ' LIMIT '.$conditions['limit']; } $result = $mysqli_obj->query($sql); if(array_key_exists("return_type",$conditions) && $conditions['return_type'] != 'all'){ switch($conditions['return_type']){ case 'count': $data = $result->num_rows; break; case 'single': $data = $result->fetch_assoc(); break; default: $data = ''; } }else{ if($result->num_rows > 0){ while($row = $result->fetch_assoc()){ $data[] = $row; } } } return !empty($data)?$data:false; } ?> <?php $tbl_name = 'rss2_podcast_item'; $conditions = []; print_r(getRows($mysqli_obj,$tbl_name,$conditions)); ?> Please find above two sets of code and a quoted error message from the first set. The first set of code is a portion of a PHP class called DB. The second set of code is extracted from the first and modified in order to test the integrity of the function. At the bottom of each block of code is included the code necessary to call the getRows() method/function. Whereas the method of the class fails, the extracted function does not. In both cases the same database and table are accessed with success. I am suspicious of the way in which the class is constructed. I have tried several modifications, but none of them appear to work. Roddy

http://www.grammarcaptive.com/podcast_dev_copy.php

Sorry. I mistyped. http://www.grammarcaptive.com/podcast_dev_copy.php

You gave me the clue I needed. This appears to do the trick. <?php if(!empty($_SESSION['podcast_no_item'])) { echo "<p id='today'>Podcast No. " . $_SESSION['podcast_no_item'] . "</p>"; $podcastNo = $_SESSION['podcast_no_item']; echo "<script type='text/javascript'>podcastNo = " . $podcastNo . ";</script>"; } ?> <script> $( document ).ready(function() { var podcastInsert = $('#podcast_insert').html(); if (typeof podcastNo != "undefined" && podcastNo !== null) { $('#main').html(podcastInsert); } }); </script> Please try the following two links in the order given and tell me if the desired result has been achieved: http://www.grammarcaptive.com/podcasts_dev_copy.php http://www.grammarcaptive.com/sender_proxy.php Roddy

This is the code that I finally settled for. Unfortunately, the test alert shows the value of podcastNo to be false -- with or without the $(document).ready() function. <?php if(!empty($_SESSION['podcast_no_item'])) { echo "<p id='today'>Podcast No. " . $_SESSION['podcast_no_item'] . "</p>"; $podcastNo = $_SESSION['podcast_no_item']; echo "<script type='text/javascript'>podcastNo = " . $podcastNo . ";</script>"; } ?> <script> $( document ).ready(function() { var podcastNo = false; alert(podcastNo); var podcastInsert = $('#podcast_insert').html(); if (podcastNo !== false) { $('#main').html(podcastInsert); } }); </script> You can see the above code in podcasts_dev_copy.php. It appears at line 188 in the <nav> element. Roddy

i understand the concept: Write the Javascript with everything well-defined and substitute the existing values with true values via Javascript embedded in PHP. As the PHP script is executed even before the HTML string reaches the Browser for processing, the true values are already in place before the remaining Javascript is loaded. Thus, with the exception of placing the script that creates the substitution in the replacement <div> the placement of the script should make no difference. Still i tried placing the code in different places, but it appears to make no difference. Notice that when the data reaches the podcasts.dev.copy.php page from the simulated third-party link clicking on the words Podcast No. 60 realizes the desired effect. Unfortunately, this effect should already be in place when the page loads. Triggering the effect via the phrase Podcast No. 60 acts as a pseudo page refresh. Roddy

I cannot get the above to work, and I have performed many different experiments with regard to the order, placement, and formatting of the Javascript and PHP. It simply does not work. Have you any other ideas? Roddy

QUESTION: What does it mean when the value of the QUERY_STRING looks like the following without end? &width=1920&height=1200&width=1920&height=1200&... Roddy

Well, I thought I had it, but now i must figure out what is suppressing the <div id='main'>...</div> element from displaying when the podcast hostage is opened directly, rather than via a third party website. Roddy

OK. I have fixed the problem by separating the Javascript from the PHP, setting two if-statements instead of one, and moving the Javascript outside of the copied <div> element into an external Javascript file. It all seems so awkward, but it works, and I can move on. What I do not understand is why the PHP that I placed into the javascript file even works. Is PHP always called when a page is loaded by a browser, no matter the nature of the page? CODE: HTML and PHP Placed into the host-page. http://www.grammarcaptive.com/podcast_dev_copy.php via http://www.grammarcaptive.com/sender_proxy.php <div id='podcast_insert'> <?php if((session_status() == 2) && isset($_SESSION['podcast_no_item'])) { $page->output(); } ?> </div><!-- end div#podcast_insert --> CODE: JAVASCRIPT and PHP Placed into the javascript file that services the host-page when the page loads -- namely, <script src="_utilities/javascript/podcasts.js"></script> var sessionStatus = "<?php echo session_status(); ?>"; var podcastNo = "<?php echo $_SESSION['podcast_no_item']; ?>"; var podcastInsert = $('#podcast_insert').html(); if (podcastNo) { $('#main').html(podcastInsert); }

is => to be