1. Trang chủ
  2. » Công Nghệ Thông Tin

Secure PHP Development- P66 pps

5 220 0

Đang tải... (xem toàn văn)

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 5
Dung lượng 117,42 KB

Nội dung

TABLE 9-1 [NAME OF DATABASE] DATABASE TABLES (Continued) Table Description CONTACT_KEYWORD Holds the contact keyword information. The contact keyword consists of the contact number ( CONTACT_ID) and keyword ( KEYWORD). CONTACT_MAIL Holds information about the contact e-mail information: the e-mail ID ( MAIL_ID), CONTACT_ID, CC To list ( CC_TO), the subject of the e-mail (SUBJECT), body ( BODY) of the e-mail, sending time stamp (SEND_TS), and the check flag ( CHECK_FLAG). The e-mail ID (MAIL_ID) is automatically generated by the database. CONTACT_REMINDER Contains reminder(s) of contacts. A reminder can be set up during contact creation to remind the administrator to call/email the contact at a later date. For example, say you got a contact from a trade show and would like to contact the person after a week or so, in such case you can set up a reminder when you add the contact to the database. Each reminder consists of IDCONTACT_ID, reminder created by ( CREATED_BY), reminder about ( REMIND_ABOUT), reminder date (REMIND_DATE), and MOTD ID (MOTD_ID). The ch9/sql/contact.sql file in the CDROM is a MySQL script to create the contact manager database. To create the contact manager database in MySQL, cre- ate a database called CONTACTS in your database server and run the following commands. mysqladmin -u root -p create CONTACTS mysql -u root -p -D CONTACTS < contact.sql Make sure you change the user name (root) to whatever is appropriate for your system. With the contact manager database ready, let’s look at the PHP classes that will be needed to implement the applications. 296 Part II: Developing Intranet Solutions 12 549669 ch09.qxd 4/4/03 9:25 AM Page 296 The Intranet Contact Manager Application Classes Now lets look at how we can design the contact manager system to work within our intranet. Figure 9-2 shows the system diagram for the objects needed to develop the contact manager. The category and contact objects are the only new objects in this diagram. All other objects and the framework have been already developed in ear- lier chapters. Figure 9-2: The contact manager system diagram. The category and contact objects can be created with two new classes: the Category class and the Contact class. The Message class needed for the contact manager has already been built in Chapter 7. Central Login/Logout Messages Categories Contacts User Home Interface PHP Application Framework Message Object Intranet Contact Manager Applications Category Object Contact Object class.Message.php class.Category.php class.Contact.php Chapter 9: Intranet Contact Manager 297 12 549669 ch09.qxd 4/4/03 9:25 AM Page 297 The Category class The Category class is used to manipulate each category. It allows an application to create, modify, and delete a category. The ch09/apps/class/class.Category.php file on the CD-ROM implements this class. This class implements the following methods: ◆ Category(): This is the constructor method. It performs the following functions: ■ Sets a member variable named dbi to point to the class.DBI.php- provided object, which is passed to the constructor by an application. dbi holds the DBI object that is used to communicate with the back- end database. ■ Sets a member variable named cat_tbl to $CONTACT_CATEGORY_TBL, which is loaded from the contact.conf file. $CONTACT_CATEGORY_TBL holds the name of the category table. ■ Sets a member variable named std_fields, which is an associative array to hold all the attributes of the CONTACT_CATEGORY table and their types. ■ Sets a member variable named fields, which is a comma-separated list of CONTACT_CATEGORY table fields. ■ Calls setCatID() to set a member variable called cid to the given cat- egory ID (if any). ◆ loadCatInfo(): This is the constructor method. It performs the following functions: ■ Calls setCatID() to make sure that the passed category ID (if any) is set to the member variable. ■ Creates in $stmt a statement to select all the table attribute values for the given category ID. ■ Uses the DBI object ($this->dbi) to run the $stmt statement via the $this->dbi->query() method in the DBI object, and stores the result in $result. ■ If there are more than zero rows in the $result object, each row is fetched in the $row variable. For each CONTACT_CATEGORY table field of type text, the data is stripped for embedded slash characters, which are used to escape quotation marks, and slashes in the value of the field. Each category field data is stored as an object variable using $this->$fieldname run-time variable. 298 Part II: Developing Intranet Solutions 12 549669 ch09.qxd 4/4/03 9:25 AM Page 298 ◆ getCategoryIDbyName(): This method returns the category ID of the cat- egory object from the given category name. This is how it works: ■ It formats the given category name to convert it to a SQL-capable string by adding slashes and quotes. ■ It creates in $stmt a statement to select all category IDs for the given category name. ■ It uses the DBI object $this->dbi to run the $stmt statement via the $this->dbi->query() method in the DBI object, and stores the result in $result variable. ■ If there are no rows in the $result object, the method returns null. If the result set is not empty, the row is fetched in the $row variable, and the category ID from the row is returned. ◆ addCategory(): This method adds a new category into to the CONTACT_CATEGORY table. The category name, category ID, category par- ent, and description are passed in an associative array as a parameter to the method. It works in the following manner: ■ From the given parameter all the values that are supposed to be of text type in the database are escaped for characters such as quotation marks and slashes using $this->dbi->quote(addslashes()) methods. ■ A variable called $values is assigned a comma-separated list of all the parameter values. ■ A SQL statement, $stmt, is created to insert the new category data into the CONTACT_CATEGORY table using the member variable ‘fields’ (contains attribute names) and $values. ■ The SQL statement is executed using $this->dbi->query(), and the result of the query is stored in the $result object. ■ If the $result status is not okay, the method returns FALSE to indicate insert failure. Otherwise, getCategoryIDbyName() is used to return the newly created category’s ID. ◆ getParentCategories(): This method returns all the parent (main) cate- gories. It works as follows: ■ A statement to select all the table (CONTACT_CATEGORY) attribute val- ues for the categories having parent ID as zero (the main categories) is created in $stmt. ■ The DBI object $this->dbi runs the $stmt statement via the $this- >dbi->query() method in the DBI object, and the result is stored in the $result variable. Chapter 9: Intranet Contact Manager 299 12 549669 ch09.qxd 4/4/03 9:25 AM Page 299 ■ If there are more than zero rows in the $result object, each row is fetched in the $row variable. ■ For each category, the category name and the category ID is stored in a single associative array. The method returns the array if the result set is not empty; otherwise, it returns null. ◆ getSubCategories(): This method returns all the children (subcategories) of a given parent category. This works as follows: ■ A statement to select all the table attribute values for the categories having parent IDs as the given category ID is created in $stmt. ■ Using the DBI object $this->dbi, the $stmt statement is run via the $this->dbi->query() method in the DBI object, and the result is stored in the $result variable. ■ If there are more than zero rows in the $result object, each row is fetched in the $row variable. ■ For each category found, the category name and the category ID is stored in a single associative array. ■ The method returns the array if the result set is not empty; otherwise, it returns null. ◆ modifyCategory(): This method updates the category information for a given category. Update information is passed in an associative array as a parameter to this method. The method works as follows: ■ From the given parameter list, all the values that are of text type in the database are escaped for characters such as quotation marks and slashes using $this->dbi->quote(addslashes()) methods. ■ A SQL statement, $stmt, is created to update the given category data to the CONTACT_CATEGORY table using the associative array that has been passed as parameter. ■ The SQL statement is executed using $this->dbi->query(). ■ The method returns TRUE on successful update operation; otherwise, it returns FALSE. ◆ getParentOf(): This method returns the parent of the given category. This is how it works: ■ setCatID()is called to set the given category ID. ■ A statement to select the parent category ID for the given category ID is created in $stmt. 300 Part II: Developing Intranet Solutions 12 549669 ch09.qxd 4/4/03 9:25 AM Page 300 . Home Interface PHP Application Framework Message Object Intranet Contact Manager Applications Category Object Contact Object class.Message .php class.Category .php class.Contact .php Chapter 9:. category. It allows an application to create, modify, and delete a category. The ch09/apps/class/class.Category .php file on the CD-ROM implements this class. This class implements the following methods: ◆ Category():. whatever is appropriate for your system. With the contact manager database ready, let’s look at the PHP classes that will be needed to implement the applications. 296 Part II: Developing Intranet

Ngày đăng: 07/07/2014, 07:20

TỪ KHÓA LIÊN QUAN