Commit 13b2619b authored by danmcquillan's avatar danmcquillan
Browse files

week 13: file upload

parent 95a55649
*********************************
* RECORD STORE APPLICATION *
*********************************
Description
-----------
This is a demo record store application. You can use it to help you complete lab 8. It is You can also read this README file to find out the sorts of things that should be included in a README file!
Author & Contact
----------------
Sorrel Harriet s.harriet@gold.ac.uk
Installation Instructions
-------------------------
+ Check you have a LAMP stack installed with PHP>5 and MySQL>5
+ Upload the application to your web root folder.
+ Run the record-store.sql file on your database.
+ Run the dummy_data.sql file to insert some data.
Configuration Instructions
--------------------------
Modify the includes/db_connect.php script with your MySQL database credentials.
Live Demo
---------
A demo version of this app is deployed at the following URL:
http://doc.gold.ac.uk/~sharr003/data-network-web/lab-exercises/week-8/record-store-app/
<?php
/* Open a new connection to the MySQL server */
/* connect to the database */
$link = mysqli_connect(
'localhost',
'recordstoreuser',
'recordstorepwd',
'recordstore'
);
/* check connection succeeded */
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
?>
<?php
// connect to the database
require('includes/db_connect.php');
// define a function to sanitise user input (this would ideally be in includes folder)
function clean_input($data) {
$data = trim($data); // strips unnecessary characters from beginning/end
$data = stripslashes($data); // remove backslashes
$data = htmlspecialchars($data); // replace special characters with HTML entities
return $data;
}
// include the header HTML
include('templates/header.html');
// include the navigation HTML
include('templates/navigation.html');
// get the page id from the URL
// if no parameter detected...
if (!isset($_GET['page'])) {
$id = 'home'; // display home page
} else {
$id = $_GET['page']; // else requested page
}
// use switch to determine which view to serve based on $id
switch ($id) {
case 'home' :
include 'views/home.php';
break;
case 'record' :
include 'views/record.php';
break;
case 'artist' :
include 'views/artist.php';
break;
case 'orders' :
include 'views/orders.php';
break;
case 'order' :
include 'views/order.php';
break;
case 'add-record' :
include 'views/add-record.php';
break;
case 'search' :
include 'views/search.php';
break;
default :
include 'views/404.php';
}
// close the connection to the database
mysqli_close($link);
// include the footer HTML
include('templates/footer.html');
?>
/* Note that, because foreign key values are being
inserted manually, tables must be recreated before running
this code in order to reset AUTO_INCREMENT */
/* Statement to insert some records in the artist table */
INSERT INTO artist (id, first_name, last_name)
VALUES
(NULL, 'Bob', 'Marley'),
(NULL, 'Peter', 'Tosh'),
(NULL, 'Burning', 'Spear'),
(NULL, 'Alton', 'Ellis'),
(NULL, 'Gregory', 'Issacs'),
(NULL, 'Desmond', 'Dekker');
INSERT INTO record (ean, title, artist_id, genre, year, price)
VALUES
('00562056', 'Soul Rebel', 1, 'Reggae', 1970, 25.99 ),
('50264967', 'Catch A Fire', 1, 'Reggae', 1973, 25.99 ),
('00748396', 'Natty Dread', 1, 'Reggae', 1974, 20.99 ),
('00495739', 'Babylon By Bus', 1, 'Reggae', 1978, 24.99 ),
('00738432', 'Legalize It', 2, 'Reggae', 1976, 22.99 ),
('50847583', 'Bush Doctor', 2, 'Reggae', 1978, 20.99 ),
('30748743', 'Marcus Garvey', 3, 'Reggae', 1975, 24.99 ),
('50856384', 'Night Nurse', 5, 'Reggae', 1982, 17.99 ),
('50264972', 'Mr Issacs', 5, 'Reggae', 1982, 9.99 ),
('00649573', 'Black and Dekker', 6, 'Reggae', 1980, 19.99 ),
('00625485', 'Sunday Coming', 4, 'Reggae', 1970, 15.99 );
INSERT INTO customer (id, first_name, last_name, email_address, address_1, address_2, postcode)
VALUES
(NULL, 'John', 'Smith', 'john@smith.com', '1 Fake Street', 'London', 'SE3 5RD'),
(NULL, 'Sukie', 'Bapswent', 's.baps@gmail.com', '64 The Terrace', 'Whitby', 'YO65 3TR'),
(NULL, 'John', 'Thumb', 'jthumb@gmail.com', '25 Fantasy Grove', 'Brighton', 'BR2 6LV');
INSERT INTO transaction (id, customer_id, delivery_method, dt_date)
VALUES
(NULL, 1, 2, '2015-07-01 14:34:58'),
(NULL, 1, 2, '2015-04-01 11:22:35'),
(NULL, 3, 1, '2015-04-01 19:47:03'),
(NULL, 2, 1, '2015-05-11 22:01:19');
INSERT INTO orderline (id, transaction_id, record_ean, quantity)
VALUES
(NULL, 1, '00562056', 1),
(NULL, 1, '00495739', 1),
(NULL, 2, '00649573', 2),
(NULL, 2, '00495739', 1),
(NULL, 3, '00738432', 2),
(NULL, 3, '00562056', 1),
(NULL, 3, '50856384', 3),
(NULL, 3, '00495739', 1),
(NULL, 4, '00625485', 1),
(NULL, 4, '00562056', 2);
INSERT INTO inventory (stock, record_ean)
VALUES
(25, '00562056'),
(18, '50264967'),
(15, '00748396'),
(20, '00495739'),
(10, '00738432'),
(7, '50847583'),
(3, '30748743'),
(34, '50856384'),
(22, '50264972'),
(15, '00649573'),
(12, '00625485');
/* Simple query
Fetch first_name and last_name columns from artist table */
SELECT first_name, last_name FROM artist;
/* Query with filters
Fetches titles from record table where year is 1973 and genre is Reggae */
SELECT title FROM record
WHERE year = 1973
AND genre = "Reggae";
\ No newline at end of file
/* Make sure tables don't exist before creation */
DROP TABLE IF EXISTS inventory, orderline, transaction, customer, record, artist;
/* Define table for storing artists */
CREATE TABLE artist (
id INT AUTO_INCREMENT,
first_name VARCHAR(50),
last_name VARCHAR(50),
PRIMARY KEY(id)
) ENGINE=InnoDB;
/* Define table for storing records (products) */
CREATE TABLE record (
ean CHAR(8) NOT NULL,
title VARCHAR(50) NOT NULL,
artist_id INT,
genre VARCHAR(50),
year YEAR(4),
price DECIMAL(10, 2) unsigned NOT NULL,
PRIMARY KEY (ean),
FOREIGN KEY (artist_id)
REFERENCES artist (id)
ON DELETE CASCADE
) ENGINE=InnoDB;
/* Define table for storing customers */
CREATE TABLE customer (
id INT AUTO_INCREMENT,
first_name VARCHAR(50) NOT NULL,
last_name VARCHAR(50) NOT NULL,
email_address VARCHAR(50) NOT NULL,
address_1 VARCHAR(50) NOT NULL,
address_2 VARCHAR(50),
postcode VARCHAR(10) NOT NULL,
PRIMARY KEY (id)
) ENGINE=InnoDB;
/* Define table for storing orders */
CREATE TABLE transaction (
id INT AUTO_INCREMENT,
customer_id INT NOT NULL,
delivery_method INT,
dt_date DATETIME,
PRIMARY KEY (id),
FOREIGN KEY (customer_id)
REFERENCES customer(id)
) ENGINE=InnoDB;
/* Define table for storing orderlines */
CREATE TABLE orderline (
id INT AUTO_INCREMENT,
transaction_id INT,
record_ean CHAR(8),
quantity INT NOT NULL,
PRIMARY KEY (id),
FOREIGN KEY (transaction_id)
REFERENCES transaction(id),
FOREIGN KEY (record_ean)
REFERENCES record(ean)
ON UPDATE CASCADE
ON DELETE CASCADE
) ENGINE=InnoDB;
/* Define table for inventory */
CREATE TABLE inventory (
stock INT unsigned DEFAULT 0,
record_ean CHAR(8),
PRIMARY KEY (stock, record_ean),
FOREIGN KEY (record_ean)
REFERENCES record (ean)
) ENGINE=InnoDB;
-- MySQL dump 10.13 Distrib 5.6.26, for Linux (x86_64)
--
-- Host: localhost Database: recordstore
-- ------------------------------------------------------
-- Server version 5.6.26
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
--
-- Table structure for table `artist`
--
DROP TABLE IF EXISTS `artist`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `artist` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`first_name` varchar(50) DEFAULT NULL,
`last_name` varchar(50) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=7 DEFAULT CHARSET=latin1;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `artist`
--
LOCK TABLES `artist` WRITE;
/*!40000 ALTER TABLE `artist` DISABLE KEYS */;
INSERT INTO `artist` VALUES (1,'Bob','Marley'),(2,'Peter','Tosh'),(3,'Burning','Spear'),(4,'Alton','Ellis'),(5,'Gregory','Issacs'),(6,'Desmond','Dekker');
/*!40000 ALTER TABLE `artist` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `customer`
--
DROP TABLE IF EXISTS `customer`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `customer` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`first_name` varchar(50) NOT NULL,
`last_name` varchar(50) NOT NULL,
`email_address` varchar(50) NOT NULL,
`address_1` varchar(50) NOT NULL,
`address_2` varchar(50) DEFAULT NULL,
`postcode` varchar(10) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `customer`
--
LOCK TABLES `customer` WRITE;
/*!40000 ALTER TABLE `customer` DISABLE KEYS */;
INSERT INTO `customer` VALUES (1,'John','Smith','john@smith.com','1 Fake Street','London','SE3 5RD'),(2,'Sukie','Bapswent','s.baps@gmail.com','64 The Terrace','Whitby','YO65 3TR'),(3,'John','Thumb','jthumb@gmail.com','25 Fantasy Grove','Brighton','BR2 6LV');
/*!40000 ALTER TABLE `customer` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `inventory`
--
DROP TABLE IF EXISTS `inventory`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `inventory` (
`stock` int(10) unsigned NOT NULL DEFAULT '0',
`record_ean` char(8) NOT NULL DEFAULT '',
PRIMARY KEY (`stock`,`record_ean`),
KEY `record_ean` (`record_ean`),
CONSTRAINT `inventory_ibfk_1` FOREIGN KEY (`record_ean`) REFERENCES `record` (`ean`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `inventory`
--
LOCK TABLES `inventory` WRITE;
/*!40000 ALTER TABLE `inventory` DISABLE KEYS */;
INSERT INTO `inventory` VALUES (20,'00495739'),(25,'00562056'),(12,'00625485'),(15,'00649573'),(10,'00738432'),(15,'00748396'),(1,'1010010'),(5,'12121212'),(2,'131313'),(3,'30748743'),(18,'50264967'),(22,'50264972'),(7,'50847583'),(34,'50856384');
/*!40000 ALTER TABLE `inventory` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `orderline`
--
DROP TABLE IF EXISTS `orderline`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `orderline` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`transaction_id` int(11) DEFAULT NULL,
`record_ean` char(8) DEFAULT NULL,
`quantity` int(11) NOT NULL,
PRIMARY KEY (`id`),
KEY `transaction_id` (`transaction_id`),
KEY `record_ean` (`record_ean`),
CONSTRAINT `orderline_ibfk_1` FOREIGN KEY (`transaction_id`) REFERENCES `transaction` (`id`),
CONSTRAINT `orderline_ibfk_2` FOREIGN KEY (`record_ean`) REFERENCES `record` (`ean`) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB AUTO_INCREMENT=11 DEFAULT CHARSET=latin1;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `orderline`
--
LOCK TABLES `orderline` WRITE;
/*!40000 ALTER TABLE `orderline` DISABLE KEYS */;
INSERT INTO `orderline` VALUES (1,1,'00562056',1),(2,1,'00495739',1),(3,2,'00649573',2),(4,2,'00495739',1),(5,3,'00738432',2),(6,3,'00562056',1),(7,3,'50856384',3),(8,3,'00495739',1),(9,4,'00625485',1),(10,4,'00562056',2);
/*!40000 ALTER TABLE `orderline` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `record`
--
DROP TABLE IF EXISTS `record`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `record` (
`ean` char(8) NOT NULL,
`title` varchar(50) NOT NULL,
`artist_id` int(11) DEFAULT NULL,
`genre` varchar(50) DEFAULT NULL,
`year` year(4) DEFAULT NULL,
`price` decimal(10,2) unsigned NOT NULL,
`image` varchar(64) DEFAULT NULL,
PRIMARY KEY (`ean`),
KEY `artist_id` (`artist_id`),
CONSTRAINT `record_ibfk_1` FOREIGN KEY (`artist_id`) REFERENCES `artist` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `record`
--
LOCK TABLES `record` WRITE;
/*!40000 ALTER TABLE `record` DISABLE KEYS */;
INSERT INTO `record` VALUES ('00495739','Babylon By Bus',1,'Reggae',1978,24.99,NULL),('00562056','Soul Rebel',1,'Reggae',1970,25.99,NULL),('00625485','Sunday Coming',4,'Reggae',1970,15.99,NULL),('00649573','Black and Dekker',6,'Reggae',1980,19.99,NULL),('00738432','Legalize It',2,'Reggae',1976,22.99,NULL),('00748396','Natty Dread',1,'Reggae',1974,20.99,NULL),('1010010','A test',6,'testy',2000,20.00,'uploads/2009-a32-08-05-adorno-b.jpg'),('12121212','Dek Stop',6,'2 tone',1978,10.99,NULL),('131313','blahblah',4,'hip hop',2011,9.99,NULL),('30748743','Marcus Garvey',3,'Reggae',1975,24.99,NULL),('50264967','Catch A Fire',1,'Reggae',1973,25.99,NULL),('50264972','Mr Issacs',5,'Reggae',1982,9.99,NULL),('50847583','Bush Doctor',2,'Reggae',1978,20.99,NULL),('50856384','Night Nurse',5,'Reggae',1982,17.99,NULL);
/*!40000 ALTER TABLE `record` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `transaction`
--
DROP TABLE IF EXISTS `transaction`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `transaction` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`customer_id` int(11) NOT NULL,
`delivery_method` int(11) DEFAULT NULL,
`dt_date` datetime DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `customer_id` (`customer_id`),
CONSTRAINT `transaction_ibfk_1` FOREIGN KEY (`customer_id`) REFERENCES `customer` (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `transaction`
--
LOCK TABLES `transaction` WRITE;
/*!40000 ALTER TABLE `transaction` DISABLE KEYS */;
INSERT INTO `transaction` VALUES (1,1,2,'2015-07-01 14:34:58'),(2,1,2,'2015-04-01 11:22:35'),(3,3,1,'2015-04-01 19:47:03'),(4,2,1,'2015-05-11 22:01:19');
/*!40000 ALTER TABLE `transaction` ENABLE KEYS */;
UNLOCK TABLES;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2016-01-19 18:54:19
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Record Store</title>
</head>
<body>
\ No newline at end of file
<nav>
<ul>
<li><a href="?page=home" title="home">Home</a></li>
<li><a href="?page=record" title="records">Records</a></li>
<li><a href="?page=orders" title="orders">Orders</a></li>
<li><a href="?page=add-record" title="add record">Add record</a></li>
<li><a href="?page=search" title="search">Search</a></li>
</ul>
</nav>
<?php
// create variable for content HTML
$content = "<h1>Page not found</h1>";
$content .= "<p>Sorry, the page you requested could not be found.</p>";
// output the content HTML
echo $content;
?>
<?php
$content = "<h1>Add a record</h1>";
// define a variable with path to the script which will process form
// -> $_SERVER["PHP_SELF"] is a path to the current script (index.php)
$action = $_SERVER["PHP_SELF"]."?page=add-record";
// fetch the artists so that we have access to their names and IDs
$sql = "SELECT id, first_name, last_name
FROM artist
ORDER BY last_name";
$result = mysqli_query($link, $sql);
// check query returned a result
if ($result === false) {
echo mysqli_error($link);
} else {
$options = "";
// create an option for each artist
while ($row = mysqli_fetch_assoc($result)) {
$options .= "<option value='".$row['id']."'>";
$options .= $row['first_name']." ".$row['last_name'];
$options .= "</option>";
}
}
// define the form HTML (would ideally be in a template)
$form_html = "<form action='".$action."' method='POST'>
<fieldset>
<label for='ean'>EAN (required):</label>
<input type='text' name='ean'/>
</fieldset>
<fieldset>
<label for='title'>Title:</label>
<input type='text' name='title' />
</fieldset>
<fieldset>
<label for='artist_id'>Artist:</label>
<select name='artist_id'>
".$options."
<option value='NULL'>Not listed</option>
</select>
</fieldset>
<fieldset>
<label for='genre'>Genre</label>
<input type='text' name='genre' />
</fieldset>
<fieldset>
<label for='year'>Year:</label>
<input type='text' name='year' size='5' placeholder='YYYY' />
</fieldset>
<fieldset>
<label for='price'>Price (&pound;):</label>
<input type='text' name='price' placeholder='00.00' />
</fieldset>
<button type='submit'>Submit</button>
</form>";
// append form HTML to content string
$content .= $form_html;
// ------- START form processing code... -------
// define variables and set to empty values
$title = $artist_id = $price = $year = $genre = "";
// check if there was a POST request
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// validate the form data
$ean = $_POST["ean"];
$title = $_POST["title"];
$artist_id = $_POST["artist_id"];
$genre = $_POST["genre"];
$year = $_POST["year"];
$price = $_POST["price"];
// define the insertion query
$sql = "INSERT INTO record (ean, title, artist_id, genre, year, price)
VALUES ('$ean', '$title', '$artist_id', '$genre', '$year', '$price')";
// run the query to insert the data
$result = mysqli_query($link, $sql);
// check if the query went ok
if ($result === false) {
echo mysqli_error($link);
} else {
$content .= "Record successfully added to database.";
}
}
// ------- END form processing code... -------
// output the html
echo($content);
?>
<?php
$content = "<h1>Add a record</h1>";
// define a variable with path to the script which will process form
// -> $_SERVER["PHP_SELF"] is a path to the current script (index.php)
// -> htmlspecialchars() is used to replace special characters with HTML entities */
$action = htmlspecialchars($_SERVER["PHP_SELF"]."?page=add-record");
// fetch the artists so that we have access to their names and IDs
$sql = "SELECT id, first_name, last_name