Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member
Before we move on, I want you to spend a few minutes doing some clean up on the code that we have. While we were learning, I let a few bad habits creep in. And I want to get us back to using best practices whenever possible. We're also going to make a few improvements to the appearance of our CMS at the same time. Let's start by opening up manage_content.php. That's where we began our coding for this. And in the area here where we have manage subject, I want to make a look at this part where we're echoing back the menu name. Now, this menu name is coming from the database, and it's a trusted string, it's something that an admin created. We're really not worried about hackers creating that value. However, any time we're going to output anything to HTML, we need to be concerned, even if it's a trusted value.
Because, an admin can very innocently use a special character here that would cause problems for HTML. We talk about that when we talked about encoding for HTML. And so, we always want to use either HTML special chars or HTML entities, and that's what I"m going to use here. HTML entities includes everything that HTML special chars does, plus a little more. So, I'm just going to use that, and we're going to want to do the same thing down here for the current page menu name as well. That will make sure that no matter what that string is, it won't cause problems for our HTML. Let's also add a couple of lines here below menu name in addition for the subject, we're not just going to show the menu name. Let's also display the current position.
Echo, I'm just going to grab this, save myself a little typing. But instead, it's going to be the position. Now, we don't need to escape this, because it's an integer. We can feel pretty good about the fact that this is an integer, and isn't going to cause problems for HTML. Put a br tag at the end. Let's do the same thing for visible. Visible is going to come back and is either going to be zero or one. Now that's fine, you could just display zero or one, but it's actually a little nicer to the user if we convert that into either true false or yes no. And you'll remember I have that ternary operator that allows me to write really short if else statements, that's really handy here. So if current subject visible is equal to 1, then I'll put a question mark and then the true value I'll say is yes.
And then a colon and the false value would be no. Let's just try that out real quick. Let's come over here, about Widget corp and now we can see those. And then I'm also going to just put one more br tag here at the end. Let's set that position invisible to the page as well. So right down here below menu_name position invisible, and it's going to be current_page instead of current_subject. So let's try that now, come over here and we'll click Our Mission. There we go. And remember we also have content for the page as well. So, let's add some content, so we can actually see what the page says. I'll put a br tag and on the next line let's start a new div; class view-content.
And this is going to be that block of content. And let me just grab this position right here. And this one is just going to be the content. And it's a string. So, we do need to be careful, and we want to use HTML in the design. Here we go. And then I give a class of a view content. Let's give a style for that real quick. So, over here, Public Style Sheets. I'll just drop down here, Page Content, and I'll make a new one here that's called view_content, and margin: 1em, padding: 1em, border: 1px solid.
We'll get 999. Okay. So that will just give me a little bit of style around it. Let's come back and reload that page now. Okay. Let's go back to our, our page again and I just want to look one more time down here. We've got a few links let's see. Where's our links? Here's edit subject. In our URL, we're outputting the subject id. Now, this is an integer. You probably don't need to worry, but again, I just want to follow best practices here. And let's get in the habit of always URL encoding whatever those values are.
So anything that we use for part of our URL string, we're always going to reuse URL encode, even if we feel very good about it, it feels very safe. Alright. So let's save that. That's manage content. Let's now jump back over here, and take a look. Next, we worked on new subject, and create subject. I've already taken a peek. And those are both going to be fine. We don't need to make any changes to those. Those all follow best practices already. More so, because they're new subjects. So, there's no strings or IDs or anything like that that we need to work with. Let's take a look though, at edit_subject.
Let's open that one up. And down here towards the bottom of that, you'll see that we've got this message that we output. Now, once again, any time we're outputting anything, we want to make sure that we're safe about it. Htmlentities will make sure that that is going to be safe. So, we don't inadvertently put something in our message that's going to break our HTML. We also have our current subject name being displayed here. HTML entities once again, will be useful there. And, here's our menu name that we're using as a value to our input field.
Doesn't matter, even though it's a value to the input field, we still want to use HTML entities around it. I see right here that we've got another URL, so let's URL encode that. And I believe I remember that at the bottom we have delete_subject, and we need a URL encode there. Okay, that should take care of editsubject.php. And then we've got deletesubject.php. And that one's also going to be okay. So let's jump up here to our functions, and let's take a look there.
There are a couple of spots here where we're not escaping values. The first is in our form errors. Now, when we're displaying the form errors, we're going through each of the errors and then outputting them in this li tag. We don't want to put HTML entities around the whole thing, but we do want to make sure that we call it right here, html entities called around this error. And I actually, because I'm going to go ahead and start using HTML entities here, I'm going to break it into separate ones. So that's a little clearer, output equals html entities and output.
There we go. Now, it's really clear that I'm escaping this so that it's suitable for HTML. And then let's shut down here towards the bottom. We've got our navigation. We're also putting together some HTML for our navigation. Any time I'm putting together HTML in a function, that's a key that you want to take a look and see if there's a problem. We are using urlencode there, which is great. But then, we're outputting the menu name again, and we're not calling html entities on that. So we want that, htmlentities.
And same thing for the pages. We're calling urlencode here, but we're not calling html entities on it. Okay, that should take care of all the URL encoding and HTML entities. You might want to take a quick scan through and see if you see any others that you want to fix. But I want us to look at something else now. and that is under our edit_subject, let's open this up, let me show you the problem that I want us to fix. If we go to a subject, and click Edit Subject, and we just click Edit Subject like it is, Subject update failed. Well, why did it fail? It failed because the values were exactly the same. So that's the change that I want to make here.
It's just, when we're checking to see MySQLi affected rows, we've still been checking to see if it's equal to one. But if nothing was changed, then it'll return 0. So, what we really want is to say that it's greater than or equal to 0. If it fails, and we have a, an actual error, we'll get a negative 1. So, this is really the better way to do it, because it allows us to account for the fact that the data might be exactly the same. Let's just try that now, Edit Subject.
And it says subject updated, even though the values were exactly the same. But I think that's a better user experience than what we had before. Now, let's make a few improvements to the way that the site looks. Now, notice that I have had this footer down here this whole time, that just has this date and I have 20xx for the date. Let's actually put the real date in there. We can use a little bit of PHP to dynamically add that. So, instead, put php echo, and then we're going to use a PHP function that we haven't learned yet, which is just called date. It takes the current date and then we provide a format to it, and the format is just going to be Y. Capital Y is going to be a four digit year.
You can look these up, there's a lot of date time functions. They're all pretty straight foreward and pretty easy to use. So, this will then, let me reload the page. And now I'm getting the current year down there instead. I also notice that there's no way from here to get back to our main menu, so let's make a quick improvement that will do that for us. Let's go to our manage content page. And from our manage content page, let's just right above the navigation, we'll put a br tag at the top and then let's put href equals admin.php. There we go.
Let's put some text in here, and I'm going to put a HTML character entity, which is laquo and then a semicolon main menu. See what that looks like. So, it just gives us this little double back arrow there. So we click on that, now we can go back to the main menu. Now you could also add that above all of the other pages, like add a subject so that it's always there. Or you could have it so you really have to click back to this manage content area before you see the main menu. But at least we have some way to get back there, and you know how to add it other places if you want to.
And then the very last improvement that I want us to make, is just to add a little bit better error appearance. So if we just click Create Subject here, you see we get the errors. It's not really great looking, so let's just add a bit of quick CSS here down at the bottom. And I'll just paste something in. You can pause the movie if you want to copy it down. I'll put a border around the error and a little bit of margin and padding, and give it a color, as well. So that just looks a little bit better. If we just click Create Subject now, we get please fix the following errors. That just looks a little cleaner, I think.
So now, we've gone through and done our clean-up. I think we're finally finished with our subjects area. In the next movie, I want to give you an assignment that you can try on your own to apply all the things that we've learned about our subject crud.
Get unlimited access to all courses for just $25/month.Become a member