Start learning with our library of video tutorials taught by experts. Get started

PHP with MySQL Essential Training

Cleaning up


From:

PHP with MySQL Essential Training

with Kevin Skoglund

Video: Cleaning up

Before we move on, I want you to spend a few minutes doing some clean up on the code that we have. While we were learning, I let a few bad habits creep in. And I want to get us back to using best practices whenever possible. We're also going to make a few improvements to the appearance of our CMS at the same time. Let's start by opening up manage_content.php. That's where we began our coding for this. And in the area here where we have manage subject, I want to make a look at this part where we're echoing back the menu name. Now, this menu name is coming from the database, and it's a trusted string, it's something that an admin created. We're really not worried about hackers creating that value. However, any time we're going to output anything to HTML, we need to be concerned, even if it's a trusted value.
Expand all | Collapse all
  1. 4m 8s
    1. Welcome
      1m 0s
    2. Using the exercise files
      3m 8s
  2. 15m 6s
    1. What is PHP?
      3m 52s
    2. The history of PHP
      2m 51s
    3. Why choose PHP?
      4m 10s
    4. Installation overview
      4m 13s
  3. 54m 53s
    1. Overview
      2m 33s
    2. Working with Apache Web Server
      6m 56s
    3. Changing the document root
      7m 24s
    4. Enabling PHP
      6m 16s
    5. Upgrading PHP
      3m 30s
    6. Configuring PHP
      10m 3s
    7. Installing MySQL
      5m 46s
    8. Configuring MySQL
      7m 24s
    9. Text editor
      5m 1s
  4. 31m 25s
    1. Overview
      3m 27s
    2. Installing WampServer
      5m 46s
    3. Finding the document root
      2m 24s
    4. Configuring PHP
      8m 12s
    5. Configuring MySQL
      5m 45s
    6. Text editor
      5m 51s
  5. 19m 12s
    1. Embedding PHP code on a page
      6m 43s
    2. Outputting dynamic text
      5m 55s
    3. The operational trail
      2m 27s
    4. Inserting code comments
      4m 7s
  6. 1h 18m
    1. Variables
      7m 50s
    2. Strings
      4m 38s
    3. String functions
      8m 54s
    4. Numbers part one: Integers
      6m 27s
    5. Numbers part two: Floating points
      5m 25s
    6. Arrays
      10m 0s
    7. Associative arrays
      6m 37s
    8. Array functions
      6m 33s
    9. Booleans
      3m 50s
    10. NULL and empty
      5m 15s
    11. Type juggling and casting
      8m 27s
    12. Constants
      4m 43s
  7. 27m 37s
    1. If statements
      6m 0s
    2. Else and elseif statements
      4m 16s
    3. Logical operators
      7m 30s
    4. Switch statements
      9m 51s
  8. 42m 15s
    1. While loops
      8m 41s
    2. For loops
      5m 59s
    3. Foreach loops
      8m 16s
    4. Continue
      8m 28s
    5. Break
      4m 8s
    6. Understanding array pointers
      6m 43s
  9. 37m 25s
    1. Defining functions
      8m 25s
    2. Function arguments
      5m 32s
    3. Returning values from a function
      7m 33s
    4. Multiple return values
      4m 53s
    5. Scope and global variables
      6m 2s
    6. Setting default argument values
      5m 0s
  10. 20m 18s
    1. Common problems
      3m 47s
    2. Warnings and errors
      8m 36s
    3. Debugging and troubleshooting
      7m 55s
  11. 57m 57s
    1. Links and URLs
      5m 33s
    2. Using GET values
      5m 35s
    3. Encoding GET values
      8m 41s
    4. Encoding for HTML
      9m 26s
    5. Including and requiring files
      7m 40s
    6. Modifying headers
      6m 45s
    7. Page redirection
      6m 43s
    8. Output buffering
      7m 34s
  12. 1h 3m
    1. Building forms
      7m 28s
    2. Detecting form submissions
      5m 59s
    3. Single-page form processing
      7m 57s
    4. Validating form values
      10m 40s
    5. Problems with validation logic
      9m 54s
    6. Displaying validation errors
      7m 23s
    7. Custom validation functions
      6m 28s
    8. Single-page form with validations
      7m 25s
  13. 28m 5s
    1. Working with cookies
      2m 49s
    2. Setting cookie values
      5m 55s
    3. Reading cookie values
      6m 1s
    4. Unsetting cookie values
      4m 51s
    5. Working with sessions
      8m 29s
  14. 48m 39s
    1. MySQL introduction
      6m 43s
    2. Creating a database
      7m 41s
    3. Creating a database table
      7m 42s
    4. CRUD in MySQL
      5m 48s
    5. Populating a MySQL database
      7m 32s
    6. Relational database tables
      6m 40s
    7. Populating the relational table
      6m 33s
  15. 56m 4s
    1. Database APIs in PHP
      4m 51s
    2. Connecting to MySQL with PHP
      7m 45s
    3. Retrieving data from MySQL
      8m 47s
    4. Working with retrieved data
      6m 12s
    5. Creating records with PHP
      6m 58s
    6. Updating and deleting records with PHP
      9m 6s
    7. SQL injection
      3m 5s
    8. Escaping strings for MySQL
      6m 45s
    9. Introducing prepared statements
      2m 35s
  16. 35m 58s
    1. Blueprinting the application
      7m 19s
    2. Building the CMS database
      5m 14s
    3. Establishing your work area
      4m 38s
    4. Creating and styling the first page
      4m 22s
    5. Making page assets reusable
      6m 36s
    6. Connecting the application to the database
      7m 49s
  17. 32m 49s
    1. Adding pages to the navigation subjects
      5m 58s
    2. Refactoring the navigation
      6m 7s
    3. Selecting pages from the navigation
      6m 2s
    4. Highlighting the current page
      5m 26s
    5. Moving the navigation to a function
      9m 16s
  18. 1h 45m
    1. Finding a subject in the database
      9m 48s
    2. Refactoring the page selection
      10m 52s
    3. Creating a new subject form
      6m 55s
    4. Processing form values and adding subjects
      11m 20s
    5. Passing data in the session
      9m 16s
    6. Validating form values
      9m 40s
    7. Creating an edit subject form
      8m 30s
    8. Using single-page submission
      7m 44s
    9. Deleting a subject
      9m 44s
    10. Cleaning up
      10m 37s
    11. Assignment: Pages CRUD
      4m 30s
    12. Assignment results: Pages CRUD
      6m 10s
  19. 39m 26s
    1. The public appearance
      8m 52s
    2. Using a context for conditional code
      11m 37s
    3. Adding a default subject behavior
      6m 9s
    4. The public content area
      5m 51s
    5. Protecting page visibility
      6m 57s
  20. 1h 3m
    1. User authentication overview
      4m 3s
    2. Admin CRUD
      8m 41s
    3. Encrypting passwords
      7m 26s
    4. Salting passwords
      5m 42s
    5. Adding password encryption to CMS
      11m 54s
    6. New PHP password functions
      3m 13s
    7. Creating a login system
      11m 28s
    8. Checking for authorization
      5m 48s
    9. Creating a logout page
      5m 40s
  21. 2m 4s
    1. Next steps
      2m 4s

Watch this entire course now—plus get access to every course in the library. Each course includes high-quality videos taught by expert instructors.

Become a member
Please wait...
PHP with MySQL Essential Training
14h 24m Beginner Jun 04, 2013

Viewers: in countries Watching now:

PHP is a popular, reliable programming language at the foundation of many smart, data-driven websites. This comprehensive course from Kevin Skoglund helps developers learn the basics of PHP (including variables, logical expressions, loops, and functions), understand how to connect PHP to a MySQL database, and gain experience developing a complete web application with site navigation, form validation, and a password-protected admin area. Kevin also covers the basic CRUD routines for updating a database, debugging techniques, and usable user interfaces. Along the way, he provides practical advice, offers examples of best practices, and demonstrates refactoring techniques to improve existing code.

Topics include:
  • What is PHP?
  • Installing and configuring PHP and MySQL
  • Exploring data types
  • Controlling code with logical expressions and loops
  • Using PHP's built-in functions
  • Writing custom functions
  • Building dynamic webpages
  • Working with forms and form data
  • Using cookies and sessions to store data
  • Connecting to MySQL with PHP
  • Creating and editing database records
  • Building a content management system
  • Adding user authentication
Subjects:
Developer Servers Programming Languages Web Development
Software:
MySQL PHP
Author:
Kevin Skoglund

Cleaning up

Before we move on, I want you to spend a few minutes doing some clean up on the code that we have. While we were learning, I let a few bad habits creep in. And I want to get us back to using best practices whenever possible. We're also going to make a few improvements to the appearance of our CMS at the same time. Let's start by opening up manage_content.php. That's where we began our coding for this. And in the area here where we have manage subject, I want to make a look at this part where we're echoing back the menu name. Now, this menu name is coming from the database, and it's a trusted string, it's something that an admin created. We're really not worried about hackers creating that value. However, any time we're going to output anything to HTML, we need to be concerned, even if it's a trusted value.

Because, an admin can very innocently use a special character here that would cause problems for HTML. We talk about that when we talked about encoding for HTML. And so, we always want to use either HTML special chars or HTML entities, and that's what I"m going to use here. HTML entities includes everything that HTML special chars does, plus a little more. So, I'm just going to use that, and we're going to want to do the same thing down here for the current page menu name as well. That will make sure that no matter what that string is, it won't cause problems for our HTML. Let's also add a couple of lines here below menu name in addition for the subject, we're not just going to show the menu name. Let's also display the current position.

Echo, I'm just going to grab this, save myself a little typing. But instead, it's going to be the position. Now, we don't need to escape this, because it's an integer. We can feel pretty good about the fact that this is an integer, and isn't going to cause problems for HTML. Put a br tag at the end. Let's do the same thing for visible. Visible is going to come back and is either going to be zero or one. Now that's fine, you could just display zero or one, but it's actually a little nicer to the user if we convert that into either true false or yes no. And you'll remember I have that ternary operator that allows me to write really short if else statements, that's really handy here. So if current subject visible is equal to 1, then I'll put a question mark and then the true value I'll say is yes.

And then a colon and the false value would be no. Let's just try that out real quick. Let's come over here, about Widget corp and now we can see those. And then I'm also going to just put one more br tag here at the end. Let's set that position invisible to the page as well. So right down here below menu_name position invisible, and it's going to be current_page instead of current_subject. So let's try that now, come over here and we'll click Our Mission. There we go. And remember we also have content for the page as well. So, let's add some content, so we can actually see what the page says. I'll put a br tag and on the next line let's start a new div; class view-content.

And this is going to be that block of content. And let me just grab this position right here. And this one is just going to be the content. And it's a string. So, we do need to be careful, and we want to use HTML in the design. Here we go. And then I give a class of a view content. Let's give a style for that real quick. So, over here, Public Style Sheets. I'll just drop down here, Page Content, and I'll make a new one here that's called view_content, and margin: 1em, padding: 1em, border: 1px solid.

We'll get 999. Okay. So that will just give me a little bit of style around it. Let's come back and reload that page now. Okay. Let's go back to our, our page again and I just want to look (UNKNOWN) one more time down here. We've got a few links let's see. Where's our links? Here's edit subject. In our URL, we're outputting the subject id. Now, this is an integer. You probably don't need to worry, but again, I just want to follow best practices here. And let's get in the habit of always URL encoding whatever those values are.

So anything that we use for part of our URL string, we're always going to reuse URL encode, even if we feel very good about it, it feels very safe. Alright. So let's save that. That's manage content. Let's now jump back over here, and take a look. Next, we worked on new subject, and create subject. I've already taken a peek. And those are both going to be fine. We don't need to make any changes to those. Those all follow best practices already. More so, because they're new subjects. So, there's no strings or IDs or anything like that that we need to work with. Let's take a look though, at edit_subject.

Let's open that one up. And down here towards the bottom of that, you'll see that we've got this message that we output. Now, once again, any time we're outputting anything, we want to make sure that we're safe about it. Htmlentities will make sure that that is going to be safe. So, we don't inadvertently put something in our message that's going to break our HTML. We also have our current subject name being displayed here. HTML entities once again, will be useful there. And, here's our menu name that we're using as a value to our input field.

Doesn't matter, even though it's a value to the input field, we still want to use HTML entities around it. I see right here that we've got another URL, so let's URL encode that. And I believe I remember that at the bottom we have delete_subject, and we need a URL encode there. Okay, that should take care of editsubject.php. And then we've got deletesubject.php. And that one's also going to be okay. So let's jump up here to our functions, and let's take a look there.

There are a couple of spots here where we're not escaping values. The first is in our form errors. Now, when we're displaying the form errors, we're going through each of the errors and then outputting them in thie li tag. We don't want to put HTML entities around the whole thing, but we do want to make sure that we call it right here, html entities called around this error. And I actually, because I'm going to go ahead and start using HTML entities here, I'm going to break it into separate ones. So that's a little clearer, output equals html entities and output.

There we go. Now, it's really clear that I'm escaping this so that it's suitable for HTML. And then let's shut down here towards the bottom. We've got our navigation. We're also putting together some HTML for our navigation. Any time I'm putting together HTML in a function, that's a key that you want to take a look and see if there's a problem. We are using urlencode there, which is great. But then, we're outputting the menu name again, and we're not calling html entities on that. So we want that, htmlentities.

And same thing for the pages. We're calling urlencode here, but we're not calling html entities on it. Okay, that should take care of all the URL encoding and HTML entities. You might want to take a quick scan through and see if you see any others that you want to fix. But I want us to look at something else now. and that is under our edit_subject, let's open this up, let me show you the problem that I want us to fix. If we go to a subject, and click Edit Subject, and we just click Edit Subject like it is, Subject update failed. Well, why did it fail? It failed because the values were exactly the same. So that's the change that I want to make here.

It's just, when we're checking to see MySQLi affected rows, we've still been checking to see if it's equal to one. But if nothing was changed, then it'll return 0. So, what we really want is to say that it's greater than or equal to 0. If it fails, and we have a, an actual error, we'll get a negative 1. So, this is really the better way to do it, because it allows us to account for the fact that the data might be exactly the same. Let's just try that now, Edit Subject.

And it says subject updated, even though the values were exactly the same. But I think that's a better user experience than what we had before. Now, let's make a few improvements to the way that the site looks. Now, notice that I have had this footer down here this whole time, that just has this date and I have 20xx for the date. Let's actually put the real date in there. We can use a little bit of PHP to dynamically add that. So, instead, put php echo, and then we're going to use a PHP function that we haven't learned yet, which is just called date. It takes the current date and then we provide a format to it, and the format is just going to be Y. Capital Y is going to be a four digit year.

You can look these up, there's a lot of date time functions. They're all pretty straight foreward and pretty easy to use. So, this will then, let me reload the page. And now I'm getting the current year down there instead. I also notice that there's no way from here to get back to our main menu, so let's make a quick improvement that will do that for us. Let's go to our manage content page. And from our manage content page, let's just right above the navigation, we'll put a br tag at the top and then let's put href equals admin.php. There we go.

Let's put some text in here, and I'm going to put a HTML character entity, which is laquo and then a semicolon main menu. See what that looks like. So, it just gives us this little double back arrow there. So we click on that, now we can go back to the main menu. Now you could also add that above all of the other pages, like add a subject so that it's always there. Or you could have it so you really have to click back to this manage content area before you see the main menu. But at least we have some way to get back there, and you know how to add it other places if you want to.

And then the very last improvement that I want us to make, is just to add a little bit better error appearance. So if we just click Create Subject here, you see we get the errors. It's not really great looking, so let's just add a bit of quick CSS here down at the bottom. And I'll just paste something in. You can pause the movie if you want to copy it down. I'll put a border around the error and a little bit of margin and padding, and give it a color, as well. So that just looks a little bit better. If we just click Create Subject now, we get please fix the following errors. That just looks a little cleaner, I think.

So now, we've gone through and done our clean-up. I think we're finally finished with our subjects area. In the next movie, I want to give you an assignment that you can try on your own to apply all the things that we've learned about our subject crud.

Find answers to the most frequently asked questions about PHP with MySQL Essential Training.


Expand all | Collapse all
Please wait...
Q: This course was revised on 6/4/2013. What changed?
A: The old version of this course was 6 years old and it was time for a complete revision, using PHP 5.4. (The tutorials will work with any version of PHP and covers any differences you might encounter). The author has also added updated installation instructions for Mac OS X Mountain Lion and Windows 8. The topics and end project are the same, but the code is slightly different. It also addresses frequently asked questions from the previous version.
Share a link to this course
Please wait... Please wait...
Upgrade to get access to exercise files.

Exercise files video

How to use exercise files.

Learn by watching, listening, and doing, Exercise files are the same files the author uses in the course, so you can download them and follow along Premium memberships include access to all exercise files in the library.
Upgrade now


Exercise files

Exercise files video

How to use exercise files.

For additional information on downloading and using exercise files, watch our instructional video or read the instructions in the FAQ.

This course includes free exercise files, so you can practice while you watch the course. To access all the exercise files in our library, become a Premium Member.

join now

Are you sure you want to mark all the videos in this course as unwatched?

This will not affect your course history, your reports, or your certificates of completion for this course.


Mark all as unwatched Cancel

Congratulations

You have completed PHP with MySQL Essential Training.

Return to your organization's learning portal to continue training, or close this page.


OK
Become a member to add this course to a playlist

Join today and get unlimited access to the entire library of video courses—and create as many playlists as you like.

Get started

Already a member?

Become a member to like this course.

Join today and get unlimited access to the entire library of video courses.

Get started

Already a member?

Exercise files

Learn by watching, listening, and doing! Exercise files are the same files the author uses in the course, so you can download them and follow along. Exercise files are available with all Premium memberships. Learn more

Get started

Already a Premium member?

Exercise files video

How to use exercise files.

Ask a question

Thanks for contacting us.
You’ll hear from our Customer Service team within 24 hours.

Please enter the text shown below:

The classic layout automatically defaults to the latest Flash Player.

To choose a different player, hold the cursor over your name at the top right of any lynda.com page and choose Site preferencesfrom the dropdown menu.

Continue to classic layout Stay on new layout
Welcome to the redesigned course page.

We’ve moved some things around, and now you can



Exercise files

Access exercise files from a button right under the course name.

Mark videos as unwatched

Remove icons showing you already watched videos if you want to start over.

Control your viewing experience

Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.

Interactive transcripts

Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.

Thanks for signing up.

We’ll send you a confirmation email shortly.


Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from lynda.com.

Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

   
submit Lightbox submit clicked