Saving a User’s Information PHP Help

You’ve had a table before, and now you’ve got a version of the users table that’s a little sturdier, with AUTO_INCREMENT and validation of values in a few key fields. Plus, your web form grabs just the information you need to stuff into that table. All that’s left is tying these things together via PHP, and you actually have almost everything you need for that. too

You can start with a new script or use your old version of gctF() as a
starting point. Either way, your first task is to capture the user’s entered information and do a little text manipulation to get the values just the way you want them:

<?php
$first_name = trim($_REOUEST[‘first_name’]);
$last_name = trim($_REOUEST[‘last_name’]);
$email = trim($_REOUEST[’email’]);
$facebook_url = strJeplace(“facebook.org”, “facebook.com”, trim($_
REOUEST[‘facebook_url’]»;
$po~ition = strpos($facebook_url, “facebook.com”);
if ($position === false) {
$facebook_url = http://www.facebook.com/.. $facebook_url;
$twitter_handle = trim($_REOUEST[‘twitter_handle’]);
$twitter_url = http://www.twitter.com/ ..;
$position = strpos($twitter_handle, “@”);
if ($position === false) {
$twitter_url = $twitter_url $twitter_handle;
} else {
$twitter_url = $twitter_url substr($twitter_handle, $position + 1);
?>

This is the kind of code you’ve written before, and because you haven’t changed your form, it still works perfectly well. Now, you just need to pdate it so it stores this information in your new u>,ei~;table

Name Follows Function

When you have a few web pages here and there, names are really not that big of a deal. Whether you name a page

But, even with medium-sized web apps, you’ll have a lot more files than that. In fact, if you start to do the testmg that you  absolutely should be doing, you can easily have hundreds of files. At that point. your names really need to be meaningful.

But there’s more to meaning than just description. Many of your forms and scripts are going to map and work directly with a single table in your database, and do one particular thing with regard to that table, such as creating a user via the table. In these cases, you make it really easy on yourself and others who’ll work on your code by naming your files after that functionality. This means that even though your form might get a user’s social information, it ultimately creates a user; thus,

Building Your SQL Query

Your.goal with the script for it to collect contact information from visitors to your site and store that information in the L p’ table. First, you can use your existing database connection script to make connecting easy

With a database connection ready for use, you need to turn all that information into the INSERT statement so that you can drop the information into your database.

Rather than just diving into your code, though, start with a sample statement. For example, pick a set of random values (maybe your own), and build up the SQL you want.

INSERT INTO users (first_name,
last_name,
email,
facebook_url,
twitter_handle)
VALUES (“Brett”,
“McLaughlin” ,
“brett.JT@me.com”,
http://www.facebook.com/bdmclaughlin ..•
“@bdmclaughlin”);

This statement now becomes sort of a template in the respect that you want to use this statement, but you need to replace your sample values with you user’s request information. Given that you already have those values, this actually isn’t too hard:

$ins:rt_sql = “INSERT INTO users (first_name, last_name, ” .
“email, facebook_url, twitter_handle) ”
“VALUES (‘{$first_name}’, ‘{$last_name}’, ‘{$email}’, ”
“‘{$facebook_url}’, ‘{$twitter_handle} ,);”;

The one gotcha here is that you must ensure that each value you’re sending to the database-which will eventually go into a text field in the users table-must be surrounded by quotes. Using single quotes lets you use double quotes around the entire query. It also lets you use curly braces ({ and}) to drop your variables right into the query string.

Inserting a User

In the previous section, you created a new string that includes the SOL query. Now, you can pass the $insert_sql query to mysql_ query and run it against your database. This is the easiest (and often the most fun) line of SQL-invoking PHP to write

<?php
II Handle user request
$insert_sql = “INSERT INTO users (first_name, last_name, email, ”
“facebook_url, twitter_handle) ”
“VALUES (‘{$first_name}’, ‘{$last_name}’, ‘{$email}’, ”
“‘{$facebook_url}’, ‘{$twitter_handle}’);”;
II Insert the user into the database
mysql_query($insert_sql);
?>

Unfortunately, this code doesn’t do anything in the event of an error-and there are a lot of things that can go wrong. What if the database reports an error? What if you forgot to add the users table first? What if you have a (S table, but without a facebook url column, or it has a misnamed or misspelled column

There’s really a lot of work to do when it comes to error reporting, but for now, take a really simple (and probably way too simple) approach. Add a die statement, like the one you saw in

<1php
II Handle user request
$insert_sql = “INSERT INTO users (first_name, last_name, email, facebook_url,
twitter_handle) ” .
“VALUES (‘{$first_name}’, ‘{$last~name}’, ‘{$email}’,”
“‘{$facebook_url}’, ‘{$twitter_handle}’);”;
II Insert the user into the database
mysql_query($insert_sql)
or die(mysql_error(»;
?>

This solution is far from perfect, but it works, and it gives you some kind of report in case of error.

At this point, you can actually tryout your page, albeit a little clumsily. Go ahead and visit your web page and fill out , some sample values, as in Figure 7-5.

Join the Missing Manual (Digital) Social Club

Join the Missing Manual (Digital) Social Club

Submit your page to run the new code. It constructs a SQL statement using your values, connects to the database, and inserts the data by using mysql_ query. Hopefully, your die statement won’t run.

Assuming that you don’t get an error, you’ll get almost nothing back. That’s rather disappointing, but something did happen-especially if you an error message.

The interest here is in what happened in your database. So, fire up a SOL tool and enter this query:

SELECT user_id, first_name, last name
FRQ users;
Hopefully you get back something like this:

row set

row set

If you want to use phpMyAdmin you can browse to your users table and check out any data that might be inside of it, as shown in Figure 7-6.

A First Pass at Confirmation

So far, you’ve got your page and a user (or many of them if you get cranking on your web form and enter more users) in your database, but your user-the person using your web application-sees nothing but a blank screen. That’s not very helpful

This is better than nothing, but there are some things you need to fix right off the bat. First, you’re not printing out the user’s Twitter handle; you’re printing out the URL to his handle. Although that’s probably more usable for clicking, it doesn’t actually represent what was entered into the database. That leaves you with a tough choice

You can print out what was entered into the database, which is the value in ” $twi tter _handle. That’s what was actually inserted, but it doesn’t have as much value in a web page, and it really is letting your users know what’s in your database. But, is that what your users sare about? Your database structure?

You can print out the actual URL, which is better for clicking, but doesn’t directly connect to what’s in the database. It’s a modification of the database value, which is OK, but might not be appropriate right on the heels of a form that is explicitly focused upon adding a user to the database.

All this may seem like a lot of fuss just for a Twitter handle. But the same issue comes up whether you show the first and last names or combine them together as this code does now

Name: <?php echo Hirst_name. ” ” . $last_name; ?><br />

There’s a deeper, bigger issue here: what exactly do you show your users with regard to data entered in the database? Do you show them the lite~al values as they’re stored in the database, or do you show them values that are a little more massaged, a little more human-readable?

Users are Users, Not Programmers

The answer to that question is fairly simple: you always want to show your users things that make sense to them. Very rarely will someone care about the columns in your database, or what value is a primary key, or whether you store their Twitter handle with the @ sign, or without it. Therefore, you should ah’ avs focus on what your users want to see, not what’s literally and technically in your database. (Yes, that’s two always-es in one paragraph.)

But, there’s something else going on here: what is the SOUTce of the information you’re showing? Implied in this idea of showing a user what makes sense to him is the idea that you, the wise programmer, take information from the database, work with it to get it into the right format, and then show that massaged information to the user

In this first pass at a confirmation, are you showing what’s in the database? Not at all; you’re just sending back out what the user gave you. What if something did happen when that information was inserted into your database table? You’d never know it. By showing the user his own information, you could be masking what really was dropped into the database

So, what do you do? You want to show users something that makes sense to them (there’s that double-always again), but you also want to show those values based on the database, rather than just repeating a form, because that doesn’t show any problems in the database

Hopefully, you do both! How, though? Well, suppose you had a way to pull the user’s information from the database, perhaps by using a SOL SELECT, and then based upon that information-information from the database, problems or not-construct something the user can see and read and that makes sense

Here’s one solution: After inserting the user, reload that same information, a bit like this

<?php
II Get the user’s information from the request array
II Connect to the database and insert the user
.$get_user_query = “SELECT * FROM USERS WHERE
mysql_query($get_user_query)
or die(mysql_error(»j
II load this information and ready it for display in the HTMl output
?>
<!– HTML output –>

That query gets you the user from the database and it still lets you modify those values as needed for good, human-readable display. You’d have to figure out how to find the particular user who was just inserted, but that’s something you’ll soon be able to handle.

The issue is that you’re doing a bunch of text manipulation on the request information, and then you need to do some of that again with the response from the database. Think about your application as a whole: Is there anywhere else you might want to display a user? Yes, absolutely. Every good application has a place where you can check out your own profile. If that’s the case, you’d need to take the code in the back part of and then copy it into a  script later.

That’s not good; remember, you really, really don’t want the same code in more than one place. That’s why you have the you
can use over and over.

What you need is another script, one that shows user information. Then, you can simply..throw users from creatc_userph,O, which creates users, to this new script, and let it figure out what to do in terms of a response. So, leave credtc_Llseroh.o somewhat incomplete for now; you can come back and fix it later.

Posted on January 13, 2016 in Generating Dynamic Web Pages

Share the Story

Back to Top