php

Tuesday, October 19, 2010

Alert Before Delete

Table: hantu

ID	name
1	Hantu Raya
2	Hantu Ini
3	Hantu Itu

SQL Data Dari Table hantu:
<?php
$sql=mysql_query("SELECT * FROM hantu");
while($result=mysql_fetch_array($sql){
$nama=$result['name'];
$id=$resul['ID'];
echo $nama."<a href=javascript:; onClick=confirmDel('".$name."','".$id."');>Batal</a>";// display nama hantu serta link untuk padam
}
?>

<head>
<script language="javascript" type="text/javascript">
function confirmDel(name,id){
    if(confirm("Anda pasti untuk padam "+name+" ?")){
        window.location="delete.php?status=padam&name="+name+"&id="+id;
    }
}
</script>// skrip diletakkan pada tag <head>
</head>

delete.php
if($_GET['status']=='padam'){
mysql_query("DELETE FROM hantu WHERE ID='$_GET[id]'");
}

Thursday, September 23, 2010

Upload

Upload form:

<form action="uploadprocess.php" method="post" enctype="multipart/form-data">

<table width="200" border="0">
  <tr>
   <td><input type="file" name="upload" /></td>
  </tr>
  <tr>
   <td><label>
   <input type="submit" name="submit" value="Save" />
   </label></td>
  </tr>
</table>

</form>

Upload Script:

$upload=$_FILES['upload']['name'];//nama fail yang akan di dimuatnaik dan disimpan di dalam database/ the name of the file that will be uploaded and stored in database
$target='pictures/';//target dimana fail akan di simpan iaitu folder 'pictures'/ the target where the file will be stored that is in folder 'pictures'
$target=$target.basename($_FILES['upload']['name']);

if($_FILES[' upload']['size'] >= 10000000){//sekiranya saiz fail melebihi 10mb, error mesej akan muncul/ if the size of the file is exceeded 1MB, error message will appear

echo "file size over limit";//error mesej/ error message

}

elseif($_FILES['upload']['type'] != 'application/jpeg'){//sekiranya jenis fail selain jpeg error mesej akan muncul/ if the type of the file is not in jpeg format, error message will appear

echo "invalid file type";//error mesej/ error message

}

else{

mysql_query("INSERT INTO pics (mypic) VALUES ('$upload')");//nama fail akan disimpan di dalam database/ name of file stored in 'pics' table

move_uploaded_file($_FILES['upload']['tmp_name'], $target);//fail yang telah dimuat naik akan di simpan ke folder 'pictures'/ the file that has been uploaded will be stored in folder 'pictures'

}
Note: as we can see on the script, only the name of file will be stored in the database. the file itself will be stored in the folder 'pictures' that been created before.

____________________________________________________________________

Sekiranya fail yang hendak diupload lebih dari 1 fail:
Upload multiple file:

perlu tambah '[]' pada 'input name'
need to add '[]' at the end of 'input name'

<form action="uploadprocess.php" method="post" enctype="multipart/form-data">

</form

Upload Script:

$arr=array();

foreach($_FILES['upload']['name'] as $a => $b){ /menggunakan fungsi switch untuk data yang banyak/ using function switch for multiple data

$arr=$b;

$target='pictures/';//target dimana fail akan di simpan iaitu folder 'pictures'

$target=$target.basename($_FILES['upload']['name']);

if($_FILES['upload']['size'] >= 10000000){//sekiranya saiz fail melebihi 10mb, error mesej akan muncul

echo "file size over limit";//error mesej

}

elseif($_FILES['upload']['type'] != 'application/jpeg'){//sekiranya jenis fail selain jpeg error mesej akan muncul

echo "invalid file type";//error mesej

}

else{

mysql_query("INSERT INTO pics (mypic) VALUES ('$b')");//nama fail akan disimpan di dalam database

move_uploaded_file($_FILES['upload']['tmp_name'], $target);//fail yang telah dimuat naik akan di simpan ke folder 'pictures'

}

______________________________________________________________________

Bina folder 'subfoder' di dalam foder 'pictures' secara automatik apabila file diupload:
Create folder 'subfolder' inside folder 'pictures' automatically while files being uploaded:

here is the script to create 'subfolder':

$dir='pictures/';

mkdir($dir,'subfolder', 0777) or die ('could not create directory');

chmod($dir,'subfolder', 0777);

$arr=array();

foreach($_FILES['upload']['name'] as $a => $b){

$arr=$b;

$target='pictures/subfolder/';//target dimana fail akan di simpan iaitu folder 'subfolder'

$target=$target.basename($_FILES['upload']['name']);

if($_FILES['upload']['size'] >= 10000000){//sekiranya saiz fail melebihi 10mb, error mesej akan muncul

echo "file size over limit";//error mesej

}

elseif($_FILES['upload']['type'] != 'application/jpeg'){//sekiranya jenis fail selain jpeg error mesej akan muncul

echo "invalid file type";//error mesej

}

else{

mysql_query("INSERT INTO pics (mypic) VALUES ('$b')");//nama fail akan disimpan di dalam database

move_uploaded_file($_FILES['upload']['tmp_name'], $target);//fail yang telah dimuat naik akan di simpan ke folder 'pictures'

}

Wednesday, September 22, 2010

Login Script

Andaikan/ Suppose that
Database: whatever (Mysql Database)
Table: user
username: abcde (Mysql username)
password: aa123 (Mysql Password)

<form action="loginprocess.php" method="post">
<table width="302" height="175" border="1">
  <tr>
   <td>Username</td>
   <td><label>
   <input type="text" name="username">
   </label></td>
  </tr>
  <tr>
   <td>Password</td>
   <td><label>
   <input type="password" name="password">
   </label></td>
  </tr>
  <tr>
   <td> </td>
   <td><input type="submit" name="submit" value="Login"></td>
  </tr>
</table>
</form>
Username

Password

Proses login:
loginprocess.php
<?php
session_start();
mysql_connect('localhost','abcde','aa123') or die('could not connect to server');// sambungan ke server/ connect to server
mysql_select_db('whatever') or die ('could not connect to database');// sambungan ke database/ connect to database

if($_POST['submit']){ // sekiranya butang login diklik/ if submit button been clicked
      $result=mysql_query("SELECT * FROM user WHERE username='$_POST[username]' and password='$_POST[password]'");// query data daripada database/ query username and password from table user

   switch($result){   //menggunakan fungsi switch()/ using function switch
   case mysql_num_rows($result)==1: //sekiranya username dan password wujud pada satu row/ if username and password exist in one row
         $success=mysql_fetch_array($result);
   $user=$success['username'];
         $_SESSION['user']=$user;
   header('location:profile.php');
     break;
   case mysql_num_rows($result)==0:   //sekiranya username dan password salah atau tidak wujud pada satu row/ if username and
password entered is invalid, then will be directed to invalid.php
         header('location:invalid.php');
     break;
       }
}
?>
Atau/ Or:
<?php
session_start();
mysql_connect('localhost','abcde','aa123') or die('could not connect to server');// sambungan ke server/ connect to server
mysql_select_db('whatever') or die ('could not connect to database');// sambungan ke database/ connect to database

if($_POST['submit']){ // sekiranya butang login diklik/ if submit button been clicked
      $result=mysql_query("SELECT * FROM user WHERE username='$_POST[username]' and password='$_POST[password]'");// query data daripada database/ query username and password from table user

   if(mysql_num_rows($result))==1){//using function if()
      $success=mysql_fetch_array($result);
      $user=$success['username'];
      $_SESSION['user']=$user; //the session used for next pages. Username used as session here

      header('location:profile.php');
     }
   else
header('location:invalid.php');
}
?>

Note:
on my script above, i used direct select from the database: SELECT * FROM user WHERE username='$_POST[username]' and password='$_POST[password]'".
For the security reasons, better put mysql_real_escape_string($_POST['username']; and mysql_real_escape_string($_POST['password']; to prevent sql injection.
for example:
$username= mysql_real_escape_string($_POST['username'];
$password= mysql_real_escape_string($_POST['password'];
SELECT * FROM user WHERE username='$username' and password='$password'".