• If I want to improve a module, I do it once in the library rather than in several places. • It is extremely simple to modify the code library so it works with another database. • The details of each particular module are hidden in a separate library so I can focus on the bigger picture when writing each PHP page. • The routines can be reused to work with any table in the database. • The routines can automatically adjust to changes in the data structure. • The library can be readily reused for another project. Figure 12.11 shows a more detailed state diagram. When you begin looking at actual code, you’ll see most of the PHP programs are extremely simple. They usually just collect data for a library function, send pro- gram control off to that function, and then print any output produced by the function. Writing the Non-Library Code I begin here by describing all the parts of this project except the library. The library module is driven by the needs of the other PHP programs, so it makes sense to look at the other programs first. 393 C h a p t e r 1 2B u i l d i n g a T h r e e -T i e r e d D a t a A p p l i c a t i o n FIGURE 12.11 This state diagram illustrates the relationship between PHP programs and functions in the spyLib code library. Preparing the Database The database for this segment is almost the same as the one used in chapter 11, “Data Normalization.” I added one table to store queries. All other tables are the same as those in chapter 11. The SQL script that creates this new version of the spy database is available on the CD as buildSpy.sql. Note I have modified the database slightly from chapter 11, because the new ver- sion includes several queries as part of the data! In order to make the program reasonably secure, I don’t want typical users to be able to make queries. I also don’t want users to be limited to the few queries I thought of when building this system. One solution is to store a set of queries in the database and let appropri- ate users modify the queries. I called my new table the storedQuery table. It can be manipulated in the system just like the other tables, so a user with password access can add, edit, and delete queries. Here is the additional code used to build the storedQuery table: ###################################### # build storedQuery table ###################################### CREATE TABLE storedQuery ( storedQueryID int(11) NOT NULL AUTO_INCREMENT, description varchar(30), text varchar(255), PRIMARY KEY (storedQueryID) ); INSERT INTO storedQuery VALUES ( null, ‘agent info’, ‘SELECT * FROM agent’ ); The storedQuery table has three fields. The description field holds a short English description of each query. The text field holds the query’s actual SQL code. Examining the spyMaster.php Program The sypMaster.php program is the entry point into the system. All access to the system comes from this page. It has two main parts. One handles queries from ordinary users, and the other allows more sophisticated access by authorized 394 P H P 5 /M y S Q L P r o g r a m m i n g f o r t h e A b s o l u t e B e g i n n e r users. Each segment encapsulates an HTML form that sends a request to a par- ticular PHP program. The first segment has a small amount of PHP code that sets up the query list box. Proper SQL syntax is extremely important when you store SQL syntax inside an SQL database as I’m doing here. It’s especially important to keep track of single and double quotation marks. To include the single quotation marks that some queries require, precede the mark with a backslash character. For example, assume I want to store the following query: SELECT * FROM agent WHERE agent.name = ‘Bond’ I would actually store this text instead: SELECT * FROM agent WHERE agent.name = \‘Bond\’ This is necessary for storing the single quotation mark characters. Otherwise they are interpreted incorrectly. In SQLite, the syntax is two single quotation marks together. The SQLite version of the query text reads like this: SELECT * FROM agent WHERE agent.name = ‘’Bond’’ Creating the Query Form <html> <head> <title>Spy Master Main Page</title> <? include “spyLib.php”; ?> </head> <body> <form action = “viewQuery.php” method = “post”> <table border = 1 width = 200> <tr> <td><center><h2>View Data</h2></center></td> </tr> <tr> <td><center> <select name = “theQuery” size = 10> TRAP 395 C h a p t e r 1 2B u i l d i n g a T h r e e -T i e r e d D a t a A p p l i c a t i o n <? //get queries from storedQuery table $dbConn = connectToSpy(); $query = “SELECT * from storedQuery”; $result = mysql_query($query, $dbConn); while($row = mysql_fetch_assoc($result)){ $currentQuery = $row[‘text’]; $theDescription = $row[‘description’]; print <<<HERE <option value = “$currentQuery”>$theDescription</option> HERE; } // end while ?> </select> </center> </tr> <tr> <td><center> <input type = “submit” value = “execute request” > </center></td> </tr> </table> </form> Most of the code is ordinary HTML. The HTML code establishes a form that calls viewQuery.php when the user presses the Submit button. I added some PHP code that generates a special input box based on the entries in the storedQuery table. Including the spyLib Library The first thing to notice is the include() statement. This command allows you to import another file. PHP reads that file and interprets it as HTML. An included file can contain HTML, cascading style sheets (CSS), or PHP code. Most of the func- tionality for the spy data program is stored in the spyLib.php library program. 396 P H P 5 /M y S Q L P r o g r a m m i n g f o r t h e A b s o l u t e B e g i n n e r All the other PHP programs in the system begin by including spyLib.php. Once this is done, every function in the library can be accessed as if it were a locally defined function. This provides tremendous power and flexibility to a program- ming system. Connecting to the spy Database The utility of the spyLib library becomes immediately apparent as I connect to the spy database. Rather than worrying about exactly what database I’m con- necting to, I simply defer to the connectToSpy() function in spyLib(). In the cur- rent code I don’t need to worry about the details of connecting to the database. With a library I can write the connecting code one time and reuse that function as needed. Notice the connectToSpy() function returns a data connection pointer I can use for other database activities. There’s another advantage to using a library when connecting to a database. It’s likely that if you move this code to another system you’ll have a different way to log in to the data server. If the code for connecting to the server is centralized, it only needs to be changed in one place when you want to update the code. This is far more efficient than searching through dozens of programs to find every reference to the mysql_connect() function. Also, if you want to convert the MySQL-based code in this book to SQLite or another database system, you only have to change the connectToSpy() function. That’s pretty cool, huh? Retrieving the Queries I decided to encode a series of prepackaged queries into a table. (I explain more about my reasons for this in the section on the viewQuery program.) The main form must present a list of query descriptions and let the user select one of these queries. I use an SQL SELECT statement to extract everything from the storedQuery table. I then use the description and text fields from storedQuery to build a multiline list box. Creating the Edit Table Form The second half of the spyMaster program presents all the tables in the database and allows the user to choose a table for later editing. Most of the functionality in the system comes through this section. Surprisingly, there is no PHP code at all in this particular part of the page. An HTML form sends the user to the editTable.php program. TRICK 397 C h a p t e r 1 2B u i l d i n g a T h r e e -T i e r e d D a t a A p p l i c a t i o n . spyLib .php library program. 396 P H P 5 /M y S Q L P r o g r a m m i n g f o r t h e A b s o l u t e B e g i n n e r All the other PHP programs in the system begin by including spyLib .php. Once this. segment encapsulates an HTML form that sends a request to a par- ticular PHP program. The first segment has a small amount of PHP code that sets up the query list box. Proper SQL syntax is extremely. Form <html> <head> <title>Spy Master Main Page</title> <? include “spyLib .php ; ?> </head> <body> <form action = “viewQuery .php method = “post”> <table border = 1 width = 200> <tr> <td><center><h2>View