PHP nemůže najít vaši funkci getRecords(). Zahrnuli jste soubor, ve kterém je tato funkce definována?
Upravit:
Měli byste se opravdu podívat na zabezpečení vašich odeslaných dat a pouze na obecnou čistotu kódu. Je lepší používat funkce, které mysql poskytuje přímo, než je zabalovat do funkcí, které jsou použitelné pouze pro jednu situaci.
A:proč proboha pokaždé vytváříte celou svou tabulku informací o zaměstnancích nebo alespoň kontrolujete, zda existuje? Mělo by to být něco, co uděláte jednou a zapomenete na to. Poté tento kód smažte, protože je matoucí.
Než se do toho pustíte, měli byste se zamyslet nad tím, jak by to všechno mělo logicky fungovat. Jde v podstatě o systém řízení zaměstnanců? Vypadá to, že chcete umět:Přidávat nové zaměstnance, vyhledávat zaměstnance, upravovat zaměstnance a mazat zaměstnance. Zde je základní implementace, chybí jí funkce pro přidání zaměstnance. Netestoval jsem to, ale doufám, že vás to nasměruje správným směrem:
<?php
/* Employees.php */
include('dbfactory.php');
include('header.php');
if(isset($_GET['do']) && (!empty($_GET['do']))){
switch($_GET['do']){
case 'search':
//The form action is appended with a query string, so we can handle multiple cases in process.php
?>
<form action="process.php?do=runsearch" method="POST">
<fieldset>
<legend>Search Employee Info</legend>
<label for="keyword">Enter Keyword</label>
<input id="keyword" name="keyword" value="" />
<input type="submit" name="submit" value="Search" />
</fieldset>
</form>
<?php
break;
case 'edit':
//Make sure that the employee id has been set!
if(isset($_GET['eid']) && (!empty($_GET['eid']))){
//Get the DB connection
$db = ConnectionFactory::getFactory()->getConnection();
//Set up the query with a ? placeholder
$sql = "Select * from employeeinfo WHERE personid = ? LIMIT 1";
$stmt = $db->prepare($sql);
//Bind the question mark with the Employee ID, as an Integer ONLY
$stmt->bindParam(1, $_GET['eid'], PDO::PARAM_INT);
$stmt->execute();
/* Get an array of the result */
$result = $stmt->fetch(PDO::FETCH_ASSOC);
/* Make an array of friendly names associated with the mysql fields */
if(count($result) > 0){
//Set up friendly names:
$fnames = array('firstname' => 'First Name',
'lastname' => 'Last Name',
'phone' => 'Phone Number',
'email' => 'Email Address',
'department' => 'Department',
'position' => 'Position');
/* Start the form, and make a hidden field with the employee id we want to edit.*/
?>
<form action="process.php?do=saveedits" method="POST">
<input type="hidden" name="personid" value="<?=$result['personid']?>" />
<?php
/* Unset the person id, because we already used it */
unset($result['personid']);
//*Fill the fields with values from the database, if a friendly name is found, it will be used as the label*/
foreach($result as $key => $value){
?>
<label for="<?=$key?>"><?=(isset($fnames["$key"]) ? $fnames["$key"] : $key)?></label>
<input id="<?=$key?>" name="<?=$key?>" value="<?=$value?>" />
<br>
<?php
}
?>
<input type="submit" value="Modify Employee" >
</form>
<?php
}
else{
/* Couldnt find that employee in the DB */
?>
<h2>Error, Employee Not Found</h2>
<?php
}
}
break;
case 'new':
//Make sure that the employee id has been set!
/* Make an array of friendly names associated with the mysql fields */
//Set up friendly names:
$fnames = array('firstname' => 'First Name',
'lastname' => 'Last Name',
'phone' => 'Phone Number',
'email' => 'Email Address',
'department' => 'Department',
'position' => 'Position');
/* Start the form, and make a hidden field with the employee id we want to edit.*/
?>
<form action="process.php?do=savenew" method="POST">
<?php
//*Fill the fields with values from the database, if a friendly name is found, it will be used as the label*/
foreach($fnames as $key => $value){
?>
<label for="<?=$key?>"><?=$value?></label>
<input id="<?=$key?>" name="<?=$key?>" />
<br>
<?php
}
?>
<input type="submit" value="Create New Employee" >
</form>
<?php
break;
case 'delete':
if(isset($_GET['eid']) && (!empty($_GET['eid']))){
$db = ConnectionFactory::getFactory()->getConnection();
/* Make sure this person exists, and get their info */
$sql = "Select * from employeeinfo WHERE personid = ?";
$stmt = $db->prepare($sql);
/* Same as above */
$stmt->bindParam(1, $_GET['eid'], PDO::PARAM_INT);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if(count($result) > 0){
/* Ask to confirm the delete */
?>
<h2>Are you sure you want to delete <?=$result['firstname']?> <?=$result['lastname']?>'s Records?</h2>
<a href="process.php?do=confirmdelete&eid=<?=$result['personid']?>">Yes, Confirm Delete!</a>
<?php
}
else{
?>
<h2>Error, Employee Not Found</h2>
<?php
}
}
break;
}
}
else{
//List employees
$db = ConnectionFactory::getFactory()->getConnection();
$sql = "SELECT * from employeeinfo";
$stmt = $db->prepare($sql);
$res = $stmt->execute();
/* Make a table with the results and headings */
if($res){
?>
<table>
<tr>
<td>First Name</td>
<td>Last Name</td>
<td>Email</td>
<td>Phone</td>
<td>Department</td>
<td>Position</td>
<td>Actions</td>
</tr>
<?php
while($result = $stmt->fetch(PDO::FETCH_ASSOC)){
?>
<tr>
<td><?=$result['firstname']?></td>
<td><?=$result['lastname']?></td>
<td><?=$result['email']?></td>
<td><?=$result['phone']?></td>
<td><?=$result['department']?></td>
<td><?=$result['position']?></td>
<td><a href="employees.php?do=edit&eid=<?=$result['personid']?>">Edit</a>
<a href="employees.php?do=delete&eid=<?=$result['personid']?>">Del</a>
</td>
</tr>
<?php
}
?>
</table>
<?php
}
}
include('footer.php');
/* End Employees.php */
?>
Process.php:
<?php
/* Process.php */
// Bind the parameter
include('dbfactory.php');
include('header.php');
if(isset($_GET['do']) && (!empty($_GET['do']))){
switch($_GET['do']){
case 'runsearch':
if((isset($_POST['keyword'])) && (!empty($_POST['keyword']))){
/* You have to put the % signs in beforehand with PDO */
$keyword = "%".$_POST['keyword']."%";
$db = ConnectionFactory::getFactory()->getConnection();
$sql = "SELECT * from employeeinfo WHERE
firstname LIKE ?
OR
lastname LIKE ?
OR
phone LIKE ?
OR
email LIKE ?
OR
department LIKE ?
OR
position LIKE ?";
$stmt = $db->prepare($sql);
/* There are 6 placeholders, so we need to loop 6 times, binding the new placeholder each time */
for($i=1; $i<=6; $i++){
$stmt->bindParam($i, $keyword, PDO::PARAM_STR);
}
$res = $stmt->execute();
/* Make a table with the results and headings */
if($stmt->rowCount() > 0){
?>
<table>
<tr>
<td>First Name</td>
<td>Last Name</td>
<td>Email</td>
<td>Phone</td>
<td>Department</td>
<td>Position</td>
<td>Actions</td>
</tr>
<?php
while($result = $stmt->fetch(PDO::FETCH_ASSOC)){
?>
<tr>
<td><?=$result['firstname']?></td>
<td><?=$result['lastname']?></td>
<td><?=$result['email']?></td>
<td><?=$result['phone']?></td>
<td><?=$result['department']?></td>
<td><?=$result['position']?></td>
<td><a href="employees.php?do=edit&eid=<?=$result['personid']?>">Edit</a>
<a href="employees.php?do=delete&eid=<?=$result['personid']?>">Del</a>
</td>
</tr>
<?php
}
?>
</table>
<?php
}
else{
?><h2>No Results Found!<?php
}
}
else{
?><h2>No Keyword Set!<?php
}
break;
case 'saveedits':
/* Array of the fields we expect to be Posted */
$required = array('personid' => 'Employee Id',
'firstname' => 'First Name',
'lastname' => 'Last Name',
'phone' => 'Phone Number',
'email' => 'Email Address',
'department' => 'Department',
'position' => 'Position');
/* Make sure all the fields have been posted */
$good = true;
foreach($required as $field => $value){
if(!isset($_POST[$field]))
$good = false;
}
if($good){
$db = ConnectionFactory::getFactory()->getConnection();
/* Have to temporarily store the personid in a temp variable, and remove it from the array */
$pid = $_POST['personid'];
unset($_POST['personid']);
$posted = $_POST;
/* Change this : firstname to : `firstname`=:firstname, etc, etc Runs over the whole arraay */
$params = join(", ", array_map(
function($col) {
return "`".preg_replace("/`/u","``",$col)."`=".":".preg_replace("/[`\s]/u","",$col);},
array_keys($posted)));
/* Put the personid back into the posted array, so we can use it again. */
$posted['personid'] = $pid;
$stmt = $db->prepare("UPDATE `employeeinfo` SET {$params} WHERE `personid`=:personid");
/* Use the whole post array to execute looks like: field => value */
$stmt->execute($posted);
if($stmt->rowCount() > 0){
?><h2>Employee Updated!</h2><?php
}
else{
?><h2>Error! Could Not Update Employee!</h2><?php
}
}
else{
print_r($_POST);
print_r($required);
?><h2>Form Error! Required fields not set!</h2><?php
}
break;
case 'savenew':
/* Array of the fields we expect to be Posted */
$required = array('firstname' => 'First Name',
'lastname' => 'Last Name',
'phone' => 'Phone Number',
'email' => 'Email Address',
'department' => 'Department',
'position' => 'Position');
/* Make sure all the fields have been posted */
$good = true;
foreach($required as $field => $value){
if(!isset($_POST[$field]))
$good = false;
}
if($good){
$db = ConnectionFactory::getFactory()->getConnection();
/* Have to temporarily store the personid in a temp variable, and remove it from the array */
$posted = $_POST;
$columns = join(",", array_map(
function($col) { return "`".preg_replace("/`/u","``",$col)."`";},
array_keys($posted)));
$params = join(",", array_map(
function($col) { return ":".preg_replace("/[`\s]/u","",$col);},
array_keys($posted)));
$query = "INSERT INTO `employeeinfo` ({$columns}) VALUES ({$params})";
$stmt = $db->prepare($query);
$stmt->execute($posted);
if($stmt->rowCount() > 0){
?><h2>Employee Created!</h2><?php
}
else{
?><h2>Error! Could Not Create Employee!</h2><?php
print_r($stmt->errorInfo());
}
}
else{
?><h2>Form Error! Required fields not set!</h2><?php
}
break;
/* Pretty Self Explanatory */
case 'confirmdelete':
if(isset($_GET['eid']) && (!empty($_GET['eid']))){
$db = ConnectionFactory::getFactory()->getConnection();
$sql = "Delete from `employeeinfo` WHERE personid = ?";
$stmt = $db->prepare($sql);
$stmt->bindParam(1, $_GET['eid'], PDO::PARAM_INT);
$stmt->execute();
if($stmt->rowCount() > 0){
?><h2>Employee Deleted!</h2><?php
}
else{
?><h2>Error! Could Not Delete Employee!<br></h2><?php
print_r($stmt->errorInfo());
}
}
else{
?><h2>Error! No Employee By That Id!</h2><?php
}
break;
}
}
else{
//Error nothing to do!
}
/* End process.php: */
?>
Dbfactory.php:
/* dbfactory.php: */
<?php
Class ConnectionFactory
{
private static $factory;
public static function getFactory()
{
if (!self::$factory)
self::$factory = new ConnectionFactory;
return self::$factory;
}
private $db;
public function getConnection() {
if (!isset($db)){
try{
//Make sure to fill out these values
$db = new PDO('mysql:dbname=YOURDATABASENAME;host=YOURDATABASEADDRESS', 'USERNAME', 'PASSWORD');
return $db;
}
catch(PDOException $e) {
echo 'DB Error: '. $e->getMessage();
}
}
}
}
?>
/* End dbfactory.php: */
Header.php:
/* Header.php: */
<html>
<head>
<style type="text/css">
td{
border:1px solid;
border-radius:3px;
padding:4px;
}
</style>
</head>
<body>
<a href="employees.php">Manage Employees</a> - <a href="employees.php?do=search">Search Employees</a> - <a href="employees.php?do=new">Add Employee</a>
<br>
<br>
/* End header.php */
Footer.php:
/*footer.php */
</body>
</html>
/* End footer.php */
Opět je to stále základní a tento druh věcí by měl být implementován do třídy php. Toto používá PDO, takže pokud se někdy změní podrobnosti o vaší db, stačí upravit dbfactory.php a máte hotovo.
Pokud bych se mohl vrátit a změnit jednu věc na tom, jak se začít učit PHP, bylo by to naučit se PDO místo zastaralých dotazovacích funkcí mysql, jaké používáte vy.
Toto v žádném případě není dokonalá implementace, jak jsem řekl, vše by mělo být klasifikováno a logika oddělena od prezentace; ale je to začátek!
Příjemné učení!