PHP ne peut pas localiser votre fonction getRecords(). Avez-vous inclus le fichier dans lequel cette fonction est définie ?
Modifier :
Vous devriez vraiment vous pencher sur la sécurisation de vos données publiées et uniquement sur la propreté générale du code. Il est préférable d'utiliser directement les fonctions fournies par mysql, au lieu de les envelopper dans des fonctions qui ne sont utilisables que dans une situation.
Et :pourquoi diable construisez-vous à chaque fois l'intégralité de votre table d'informations sur les employés, ou au moins vérifiez-vous si elle existe ? Cela devrait être quelque chose que vous faites une fois et que vous oubliez. Supprimez ensuite ce code, car il prête à confusion.
Vous devriez réfléchir à la façon dont tout cela devrait logiquement fonctionner avant de vous lancer. Il s'agit essentiellement d'un système de gestion des employés ? Il semble que vous souhaitiez pouvoir :ajouter de nouveaux employés, rechercher des employés, modifier des employés et supprimer des employés. Voici une implémentation de base, il manque la fonctionnalité pour ajouter un employé. Je n'ai pas testé cela, mais j'espère que cela vous orientera dans la bonne direction :
<?php
/* Employees.php */
include('dbfactory.php');
include('header.php');
if(isset($_GET['do']) && (!empty($_GET['do']))){
switch($_GET['do']){
case 'search':
//The form action is appended with a query string, so we can handle multiple cases in process.php
?>
<form action="process.php?do=runsearch" method="POST">
<fieldset>
<legend>Search Employee Info</legend>
<label for="keyword">Enter Keyword</label>
<input id="keyword" name="keyword" value="" />
<input type="submit" name="submit" value="Search" />
</fieldset>
</form>
<?php
break;
case 'edit':
//Make sure that the employee id has been set!
if(isset($_GET['eid']) && (!empty($_GET['eid']))){
//Get the DB connection
$db = ConnectionFactory::getFactory()->getConnection();
//Set up the query with a ? placeholder
$sql = "Select * from employeeinfo WHERE personid = ? LIMIT 1";
$stmt = $db->prepare($sql);
//Bind the question mark with the Employee ID, as an Integer ONLY
$stmt->bindParam(1, $_GET['eid'], PDO::PARAM_INT);
$stmt->execute();
/* Get an array of the result */
$result = $stmt->fetch(PDO::FETCH_ASSOC);
/* Make an array of friendly names associated with the mysql fields */
if(count($result) > 0){
//Set up friendly names:
$fnames = array('firstname' => 'First Name',
'lastname' => 'Last Name',
'phone' => 'Phone Number',
'email' => 'Email Address',
'department' => 'Department',
'position' => 'Position');
/* Start the form, and make a hidden field with the employee id we want to edit.*/
?>
<form action="process.php?do=saveedits" method="POST">
<input type="hidden" name="personid" value="<?=$result['personid']?>" />
<?php
/* Unset the person id, because we already used it */
unset($result['personid']);
//*Fill the fields with values from the database, if a friendly name is found, it will be used as the label*/
foreach($result as $key => $value){
?>
<label for="<?=$key?>"><?=(isset($fnames["$key"]) ? $fnames["$key"] : $key)?></label>
<input id="<?=$key?>" name="<?=$key?>" value="<?=$value?>" />
<br>
<?php
}
?>
<input type="submit" value="Modify Employee" >
</form>
<?php
}
else{
/* Couldnt find that employee in the DB */
?>
<h2>Error, Employee Not Found</h2>
<?php
}
}
break;
case 'new':
//Make sure that the employee id has been set!
/* Make an array of friendly names associated with the mysql fields */
//Set up friendly names:
$fnames = array('firstname' => 'First Name',
'lastname' => 'Last Name',
'phone' => 'Phone Number',
'email' => 'Email Address',
'department' => 'Department',
'position' => 'Position');
/* Start the form, and make a hidden field with the employee id we want to edit.*/
?>
<form action="process.php?do=savenew" method="POST">
<?php
//*Fill the fields with values from the database, if a friendly name is found, it will be used as the label*/
foreach($fnames as $key => $value){
?>
<label for="<?=$key?>"><?=$value?></label>
<input id="<?=$key?>" name="<?=$key?>" />
<br>
<?php
}
?>
<input type="submit" value="Create New Employee" >
</form>
<?php
break;
case 'delete':
if(isset($_GET['eid']) && (!empty($_GET['eid']))){
$db = ConnectionFactory::getFactory()->getConnection();
/* Make sure this person exists, and get their info */
$sql = "Select * from employeeinfo WHERE personid = ?";
$stmt = $db->prepare($sql);
/* Same as above */
$stmt->bindParam(1, $_GET['eid'], PDO::PARAM_INT);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if(count($result) > 0){
/* Ask to confirm the delete */
?>
<h2>Are you sure you want to delete <?=$result['firstname']?> <?=$result['lastname']?>'s Records?</h2>
<a href="process.php?do=confirmdelete&eid=<?=$result['personid']?>">Yes, Confirm Delete!</a>
<?php
}
else{
?>
<h2>Error, Employee Not Found</h2>
<?php
}
}
break;
}
}
else{
//List employees
$db = ConnectionFactory::getFactory()->getConnection();
$sql = "SELECT * from employeeinfo";
$stmt = $db->prepare($sql);
$res = $stmt->execute();
/* Make a table with the results and headings */
if($res){
?>
<table>
<tr>
<td>First Name</td>
<td>Last Name</td>
<td>Email</td>
<td>Phone</td>
<td>Department</td>
<td>Position</td>
<td>Actions</td>
</tr>
<?php
while($result = $stmt->fetch(PDO::FETCH_ASSOC)){
?>
<tr>
<td><?=$result['firstname']?></td>
<td><?=$result['lastname']?></td>
<td><?=$result['email']?></td>
<td><?=$result['phone']?></td>
<td><?=$result['department']?></td>
<td><?=$result['position']?></td>
<td><a href="employees.php?do=edit&eid=<?=$result['personid']?>">Edit</a>
<a href="employees.php?do=delete&eid=<?=$result['personid']?>">Del</a>
</td>
</tr>
<?php
}
?>
</table>
<?php
}
}
include('footer.php');
/* End Employees.php */
?>
Processus.php :
<?php
/* Process.php */
// Bind the parameter
include('dbfactory.php');
include('header.php');
if(isset($_GET['do']) && (!empty($_GET['do']))){
switch($_GET['do']){
case 'runsearch':
if((isset($_POST['keyword'])) && (!empty($_POST['keyword']))){
/* You have to put the % signs in beforehand with PDO */
$keyword = "%".$_POST['keyword']."%";
$db = ConnectionFactory::getFactory()->getConnection();
$sql = "SELECT * from employeeinfo WHERE
firstname LIKE ?
OR
lastname LIKE ?
OR
phone LIKE ?
OR
email LIKE ?
OR
department LIKE ?
OR
position LIKE ?";
$stmt = $db->prepare($sql);
/* There are 6 placeholders, so we need to loop 6 times, binding the new placeholder each time */
for($i=1; $i<=6; $i++){
$stmt->bindParam($i, $keyword, PDO::PARAM_STR);
}
$res = $stmt->execute();
/* Make a table with the results and headings */
if($stmt->rowCount() > 0){
?>
<table>
<tr>
<td>First Name</td>
<td>Last Name</td>
<td>Email</td>
<td>Phone</td>
<td>Department</td>
<td>Position</td>
<td>Actions</td>
</tr>
<?php
while($result = $stmt->fetch(PDO::FETCH_ASSOC)){
?>
<tr>
<td><?=$result['firstname']?></td>
<td><?=$result['lastname']?></td>
<td><?=$result['email']?></td>
<td><?=$result['phone']?></td>
<td><?=$result['department']?></td>
<td><?=$result['position']?></td>
<td><a href="employees.php?do=edit&eid=<?=$result['personid']?>">Edit</a>
<a href="employees.php?do=delete&eid=<?=$result['personid']?>">Del</a>
</td>
</tr>
<?php
}
?>
</table>
<?php
}
else{
?><h2>No Results Found!<?php
}
}
else{
?><h2>No Keyword Set!<?php
}
break;
case 'saveedits':
/* Array of the fields we expect to be Posted */
$required = array('personid' => 'Employee Id',
'firstname' => 'First Name',
'lastname' => 'Last Name',
'phone' => 'Phone Number',
'email' => 'Email Address',
'department' => 'Department',
'position' => 'Position');
/* Make sure all the fields have been posted */
$good = true;
foreach($required as $field => $value){
if(!isset($_POST[$field]))
$good = false;
}
if($good){
$db = ConnectionFactory::getFactory()->getConnection();
/* Have to temporarily store the personid in a temp variable, and remove it from the array */
$pid = $_POST['personid'];
unset($_POST['personid']);
$posted = $_POST;
/* Change this : firstname to : `firstname`=:firstname, etc, etc Runs over the whole arraay */
$params = join(", ", array_map(
function($col) {
return "`".preg_replace("/`/u","``",$col)."`=".":".preg_replace("/[`\s]/u","",$col);},
array_keys($posted)));
/* Put the personid back into the posted array, so we can use it again. */
$posted['personid'] = $pid;
$stmt = $db->prepare("UPDATE `employeeinfo` SET {$params} WHERE `personid`=:personid");
/* Use the whole post array to execute looks like: field => value */
$stmt->execute($posted);
if($stmt->rowCount() > 0){
?><h2>Employee Updated!</h2><?php
}
else{
?><h2>Error! Could Not Update Employee!</h2><?php
}
}
else{
print_r($_POST);
print_r($required);
?><h2>Form Error! Required fields not set!</h2><?php
}
break;
case 'savenew':
/* Array of the fields we expect to be Posted */
$required = array('firstname' => 'First Name',
'lastname' => 'Last Name',
'phone' => 'Phone Number',
'email' => 'Email Address',
'department' => 'Department',
'position' => 'Position');
/* Make sure all the fields have been posted */
$good = true;
foreach($required as $field => $value){
if(!isset($_POST[$field]))
$good = false;
}
if($good){
$db = ConnectionFactory::getFactory()->getConnection();
/* Have to temporarily store the personid in a temp variable, and remove it from the array */
$posted = $_POST;
$columns = join(",", array_map(
function($col) { return "`".preg_replace("/`/u","``",$col)."`";},
array_keys($posted)));
$params = join(",", array_map(
function($col) { return ":".preg_replace("/[`\s]/u","",$col);},
array_keys($posted)));
$query = "INSERT INTO `employeeinfo` ({$columns}) VALUES ({$params})";
$stmt = $db->prepare($query);
$stmt->execute($posted);
if($stmt->rowCount() > 0){
?><h2>Employee Created!</h2><?php
}
else{
?><h2>Error! Could Not Create Employee!</h2><?php
print_r($stmt->errorInfo());
}
}
else{
?><h2>Form Error! Required fields not set!</h2><?php
}
break;
/* Pretty Self Explanatory */
case 'confirmdelete':
if(isset($_GET['eid']) && (!empty($_GET['eid']))){
$db = ConnectionFactory::getFactory()->getConnection();
$sql = "Delete from `employeeinfo` WHERE personid = ?";
$stmt = $db->prepare($sql);
$stmt->bindParam(1, $_GET['eid'], PDO::PARAM_INT);
$stmt->execute();
if($stmt->rowCount() > 0){
?><h2>Employee Deleted!</h2><?php
}
else{
?><h2>Error! Could Not Delete Employee!<br></h2><?php
print_r($stmt->errorInfo());
}
}
else{
?><h2>Error! No Employee By That Id!</h2><?php
}
break;
}
}
else{
//Error nothing to do!
}
/* End process.php: */
?>
Dbfactory.php :
/* dbfactory.php: */
<?php
Class ConnectionFactory
{
private static $factory;
public static function getFactory()
{
if (!self::$factory)
self::$factory = new ConnectionFactory;
return self::$factory;
}
private $db;
public function getConnection() {
if (!isset($db)){
try{
//Make sure to fill out these values
$db = new PDO('mysql:dbname=YOURDATABASENAME;host=YOURDATABASEADDRESS', 'USERNAME', 'PASSWORD');
return $db;
}
catch(PDOException $e) {
echo 'DB Error: '. $e->getMessage();
}
}
}
}
?>
/* End dbfactory.php: */
En-tête.php :
/* Header.php: */
<html>
<head>
<style type="text/css">
td{
border:1px solid;
border-radius:3px;
padding:4px;
}
</style>
</head>
<body>
<a href="employees.php">Manage Employees</a> - <a href="employees.php?do=search">Search Employees</a> - <a href="employees.php?do=new">Add Employee</a>
<br>
<br>
/* End header.php */
Pied de page.php :
/*footer.php */
</body>
</html>
/* End footer.php */
Encore une fois, cela reste basique, et ce genre de chose devrait être implémenté dans une classe php. Cela utilise PDO, donc si les détails de votre base de données changent, il vous suffit de modifier dbfactory.php, et vous avez terminé.
Si je pouvais revenir en arrière et changer une chose au sujet de commencer à apprendre PHP, ce serait d'apprendre PDO au lieu des fonctions de requête mysql obsolètes que vous utilisez.
Ce n'est en aucun cas une implémentation parfaite, comme je l'ai dit, tout doit être classé et la logique séparée de la présentation ; mais c'est un début !
Bon apprentissage !
