ITEC 325 2014fall ibarland

home—lects—hws
D2L—breeze (snow day)

wow-db
DB connectivity

Due: 2014.Nov.21 (Fri), but accepted through Dec.02 (Tue.) 23:59. Be aware that hw08 will be due Dec.05; it will be released over the break.

You will complete your .W.o.W. page by storing .W.o.W. skills in a database, and retreiving a summary list of all skills.

1. As in previous homeworks, your page at https://php.radford.edu/~yourUserId/itec325/hw07/index.php should have a link to your skill-entry form near the top, and include a list all your files (with links), and should also display their source (from Dec.02 through Dec.22).
   Also, submit your files on D2L.

   Exception: Don't publish your database password! That information should be in a small, separate file. To auto-generate your solution-listing and yet suppress this one file, you can either add an ad hoc if-statement inside the code that loops over your directory (kinda yucky), or you can generalize the function that generates the list to take in a directory and a list of filenames to exclude. (For example, search for array_diff in hw04-soln/ for an example.)

2. (40%) Modify the ol' skill entry form so once the information is validated, the skill gets added to the database.
   

   • Just over-write any previously existing information in the database, for that skill.

   • To help me grade, include a line at the bottom of the page which is the SQL INSERT command. Please render this line inside a <tt> tag.

   • Note: You don't need to add the classes-available-to, to get full credit.

   • Be sure all your pages/programs always close any database connection they open!

   Here is a wow-db-setup.sql file which you can use (either in MyPHP or Oracle SQL), to do a one-time creation the tables you'll need. (It's fine to adjust (or even ignore) this file, if you want something different. You can use the GUI interface via MySQL Admin if you prefer.)

   As discussed in lecture, be sure to guard against SQL injection — either by calling mysqli_real_escape_string on any user-provided text which becomes part of a SQL query, or (preferred, but not required) via prepared-statements. (Do this even if other validation requirements make such escaping moot.)

   Make sure you that you can insert/retrieve values that have “SQL-sensitive” characters like apostrophes, spaces, and semicolons (as well as the “html-sensitive” characters like less-than and ampersand that we've already handled). Automate this testing by adding/modifying your demo-forms (e.g. form-handle-demo1.php) to include such characters.

3. (30%) Make a page which shows a summary list of all skills previously entered: just the skill name, the associated ability (“Wisdom” etc.), and the minimum-level. This page should also include a link to the skill-entry-form page. (It does not need to be particularly pretty — just loop over the results of the database query.)

   Be sure to have a prominent link to this page near the start of your php.radford.edu/~yourUserId/hw07/index.php. (This can replace, or simply be next to, the link to the skill-entry-form.)

   Be sure all your pages/programs always close any database connection they open!

4. (30%) Each skill-name on the summary list should be a link which, when clicked, brings you to a detailed-information page that includes the previous information plus the full description and who submitted the skill.

   (The layout of this information does not need to be anything elegant, but it should not be prone to HTML/script injection.)

   Pro tip:

   From hw03 on, you already have a page which prints the summary information (on a successful submit); it used $_POST.

   You can re-factor that page so that instead of reading from $_POST, it reads from some other array, say, “$the-skill-info”. Then:

   • To get the old behavior, $the-skill-info = $_POST; followed by require("print-skill-info.php");.
   • To meet this new requirement for this hw, read the database-info for a skill into $the-skill-info, and then you can just require("print-skill-info.php"); from there!

   Adding a layer of indirection: is there any problem it can't solve?

   Note that this is asking for a link which behaves a little bit like a form-handler, since you won't have a separate URL for every single course — instead you'll have one page which (given a particular skill-name) pulls the detailed information out of the database. How do you have a link which provides an argument (skill-name) to another page? One easy way¹ is to have the link contain the parameter(s) explicitly, e.g. “<a href="skillDetail.php?skillName=juggling">…”, and the receiving page accesses that argument through the $_GET array (e.g., $_GET['skillName']).

   As always, to guard against HTML/script injection, be sure to call htmlspecialchars on any text which was originally provided by a user (even if retrieved from the database). (This goes for all pages, even if other validation requirements make such escaping moot).

   I'll say it again, just because it's fun: Be sure all your pages/programs always close any database connection they open!

Guidelines

• Each file should start (after a doctype declaration) with a PHP comment with your name and a summary description of what the php code accomplishes.
• Use meaningful variable names, function names, and good comments as needed. Javascript code should be described with inside (“<!-- … -->”) comments.
• Write functions (both php and javascript) as appropriate, to avoid repeated code.
• Be sure to make all links relative within the directory (so I can run the D2L submitted files in another directory).
• All code/html should be well formatted with appropriate white space and indentation so it is easy to read.
• Strive to minimize lines that wrap.
• Use standard XHTML tags and make sure your javascript does not use browser-specific constructs.
• If you have any questions, use the discussion board.
• Do not modify your final submission after the due-date.

home—lects—hws
D2L—breeze (snow day)

©2014, Ian Barland, Radford University Last modified 2014.Nov.17 (Mon)

Please mail any suggestions (incl. typos, broken links) to ibarlandradford.edu