Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    Regular Coder
    Join Date
    Aug 2012
    Posts
    142
    Thanks
    39
    Thanked 3 Times in 3 Posts

    Modernize and clean this code

    I'm working on a new project and have resorted to a bunch of old techniques. I would appreciate any suggestions about modernizing this code. This is just a test page that starts a session, looks for a logged in user, pulls the user's first name and last name if the user is logged in, and displays a menu from a page database. The user is also given a chance to logout or login if he has not.

    I appreciate any thoughts about modernizing the code.
    PHP Code:
    <?php require_once('../Connections/memberData.php'); ?>
    <?php 
    require_once('../Connections/pageDB.php'); ?>

    <?php
    //initialize the session
    if (!isset($_SESSION)) {
      
    session_start();
    }

    // ** Logout the current user. **
    $logoutAction $_SERVER['PHP_SELF']."?doLogout=true";
    if ((isset(
    $_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
      
    $logoutAction .="&"htmlentities($_SERVER['QUERY_STRING']);
    }

    if ((isset(
    $_GET['doLogout'])) &&($_GET['doLogout']=="true")){
      
    //to fully log out a visitor we need to clear the session varialbles
      
    $_SESSION['MM_Username'] = NULL;
      
    $_SESSION['MM_UserGroup'] = NULL;
      
    $_SESSION['PrevUrl'] = NULL;
      unset(
    $_SESSION['MM_Username']);
      unset(
    $_SESSION['MM_UserGroup']);
      unset(
    $_SESSION['PrevUrl']);
        
      
    $logoutGoTo "success.php";
      if (
    $logoutGoTo) {
        
    header("Location: $logoutGoTo");
        exit;
      }
    }
    ?>

    <?php
    if (!function_exists("GetSQLValueString")) {
    function 
    GetSQLValueString($theValue$theType$theDefinedValue ""$theNotDefinedValue ""
    {
      if (
    PHP_VERSION 6) {
        
    $theValue get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
      }

      
    $theValue function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

      switch (
    $theType) {
        case 
    "text":
          
    $theValue = ($theValue != "") ? "'" $theValue "'" "NULL";
          break;    
        case 
    "long":
        case 
    "int":
          
    $theValue = ($theValue != "") ? intval($theValue) : "NULL";
          break;
        case 
    "double":
          
    $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
          break;
        case 
    "date":
          
    $theValue = ($theValue != "") ? "'" $theValue "'" "NULL";
          break;
        case 
    "defined":
          
    $theValue = ($theValue != "") ? $theDefinedValue $theNotDefinedValue;
          break;
      }
      return 
    $theValue;
    }
    }
    ?>

    <?php 
    // Current User Record Set
    $colname_currentUserRS "-1";
    if (isset(
    $_SESSION['MM_Username'])) {
      
    $colname_currentUserRS $_SESSION['MM_Username'];
    }
    mysql_select_db($database_memberData$memberData);
    $query_currentUserRS sprintf("SELECT users.*, members.firstName, members.lastName FROM users, members WHERE userName = %s AND members.id =users.memberID"GetSQLValueString($colname_currentUserRS"text"));
    $currentUserRS mysql_query($query_currentUserRS$memberData) or die(mysql_error());
    $row_currentUserRS mysql_fetch_assoc($currentUserRS);
    $totalRows_currentUserRS mysql_num_rows($currentUserRS);


    if (isset(
    $_SESSION['MM_Username'])) {
      
    $colname_currentUserRS $_SESSION['MM_Username'];
    }
    ?>
    <!doctype html>
    <html>
    <head>
    <meta charset="UTF-8">
    <title>success</title>
    </head>

    <body>
     
    <p>Side Nav:</p>
          <ul class="fluid fluidList mainNav zeroMargin_desktop zeroMargin_mobile">
            <p>
              <?php // Top Nav Querry
                  
    mysql_select_db($database_pageDB$pageDB);
                
    $parentid 0// assuming that 0 is the main category.
                
    getTopParent($parentid);
                function 
    getTopParent($parentid) { 
                    
    $sql "SELECT * FROM pageTypes, pages 
                    WHERE approved = 'y' 
                    AND pages.menuPosition = 1
                    AND pages.pageType = pageTypes.id 
                    AND pages.pageParent = "
    .$parentid."
                    ORDER BY menuOrder, pageName ASC"

                
    $run mysql_query($sql);
                
                echo 
    '';
                    while (
    $rec mysql_fetch_assoc($run)) { 
                    echo 
    '<li class="fluid mainNavBtn zeroMargin_mobile zeroMargin_tablet zeroMargin_desktop" />',
                    
    '<a href="',$rec['pageLinkName'],'?recordID='$rec['id'],'">',
                     
    $rec['pageName'], '</a>',
                    
    ' ' 
                    
    getTopParent($rec['id']);
                    }
                echo 
    '';
                }
                
    mysql_free_result($rec);
            
    ?>
            </p>
            <p>
              <?php if ($row_currentUserRS['id'] == ""){
      echo  
    '<a href="testLogin.php">login</a>';}
      
    ?>
              <?php if ($row_currentUserRS['id'] <> ""){
        echo 
    'Welcome
         '
    $row_currentUserRS['firstName'], '&nbsp;'$row_currentUserRS['lastName'],
        
    '&nbsp;&nbsp;<a href="adminHome/dashBoard.php">dashboard</a>/
        <a href="'
    $logoutAction'">logout';
        }
        
    ?>      
            </p>
    </ul>
    </body>
    </html>
    Last edited by rgEffects; 09-02-2013 at 07:28 PM.

  • #2
    Senior Coder
    Join Date
    Sep 2010
    Posts
    1,912
    Thanks
    15
    Thanked 227 Times in 227 Posts
    The session_start() statement should be at the very top of the page, and if they're logging out, why not use session_destroy(); which removes the whole session in one fell swoop. And you can remove some unneeded php tags.
    Welcome to http://www.myphotowizard.net

    where you can edit images, make a photo calendar, add text to images, and do much more.


    When you know what you're doing it's called Engineering, when you don't know, it's called Research and Development. And you can always charge more for Research and Development.

  • Users who have thanked DrDOS for this post:

    rgEffects (09-03-2013)

  • #3
    Regular Coder
    Join Date
    Aug 2012
    Posts
    142
    Thanks
    39
    Thanked 3 Times in 3 Posts
    Thanks for pointing that out. It actually helped the stability of the page.

    What are your thoughts on using $sql in the query vs the other options. I should be starting to learn the latest but I'm up against a deadline.

    Thanks again.

  • #4
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,616
    Thanks
    0
    Thanked 645 Times in 635 Posts
    Don't use mysql_ as it is obsolete and support for it is about to be dropped. Use either mysqli_ or PDO instead.

    Also you don't need any real_escape_string calls because both mysqli_ and PDO both support keeping the SQL and the data completely separate so that it is impossible for data to be misinterpreted as a part of the SQL.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • Users who have thanked felgall for this post:

    rgEffects (09-04-2013)

  • #5
    New Coder
    Join Date
    Sep 2011
    Posts
    63
    Thanks
    0
    Thanked 7 Times in 7 Posts
    You could try separating out your server side code, database logic and your html. This is called the MVC model, or Model - View - Controller.

    The benefit of this is each part of your application is nicely structured making testing and scalability a lot easier. Since discovering it I know write everything in a MVC format.

  • #6
    Regular Coder
    Join Date
    Aug 2012
    Posts
    142
    Thanks
    39
    Thanked 3 Times in 3 Posts
    I haven't jumped into mysqli yet. Maybe now is the time to start. There is so much conflicting and unorganized info on both mysqli on the web right now. Anyone have a link to a good site or a book for us part time coders trying to transition?

    Are there any good comparisons on the difference between mysqli and PDO? Do I need to install anything new on the site server to use PDO?

    Thanks.

  • #7
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,616
    Thanks
    0
    Thanked 645 Times in 635 Posts
    Quote Originally Posted by rgEffects View Post
    Are there any good comparisons on the difference between mysqli and PDO?
    The main difference is that mysqli_ only works with mySQL databases where PDO also works with a number of other relational databases making the code more portable.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •