View Record in HTML Form Creator Form CMS
This script is called view-record-in-html-form-creator-form.php
The View Record in HTML Form Creator Form CMS script is one of a group of PHP scripts that handle both the administrative and end-user aspects of a general purpose HTML Form Creator that allows not just input boxes but multiple selection enabled select/option lists as well. In addition to the expectable editing scripts for both administrative and end-user functions, there's also a Search and Match script so that users can use the scripts to find other users with various individual or group commonalities, including proximity searches, i.e., find all the users within various distances. There are even private messaging scripts.
- HTML Form Creator
- Edit Options in HTML Form Creator Form
- Administrator Page for HTML Form Creator
End-User HTML Form Creator Scripts
- HTML Form Creator—Register with Captcha
- HTML Form Creator—View Profile
- HTML Form Creator—Edit Profile
- HTML Form Creator—Search and Match
- HTML Form Creator—Search and Match — Security
- HTML Form Creator—Search and Match — JavaScript
- HTML Form Creator—Search and Match — Form
- HTML Form Creator—Search and Match — PHP
- HTML Form Creator—Enter Record in Form
- HTML Form Creator—View Record in Form
- HTML Form Creator—Profile and Account Management
- HTML Form Creator—Login to Profile and Account Management
- HTML Form Creator—Logout of Profile and Account Management
- HTML Form Creator—Delete Group Account
- HTML Form Creator—Forgot User Name
- HTML Form Creator—Forgot Password
- HTML Form Creator—Form to Send Private Message
- HTML Form Creator—Send Private Message
- HTML Form Creator—Private Message Outbox
- HTML Form Creator—Private Message Inbox
- HTML Form Creator—Delete Private Message from Inbox
- HTML Form Creator—Delete Private Message from Outbox
- HTML Form Creator—Private Message Logout
- HTML Form Creator—Search and Match Session Monitoring
- HTML Form Creator—Configure File for Database Connection
- HTML Form Creator—Captcha Script for Registration and Login
Administrative HTML Form Creator Scripts
The purpose of this script is to provide a way in which the user can view his record created by him using the administrator-created HTML form for data entry.
First, we start up a session and include the config.php script to ensure that our connection to our database is made correctly. This file has the codes below in it:
$theemailaddress = "yoursite@yoursite.com"; //EDIT ME
$roothostname = "localhost";
$theusername = "yourusername"; //EDIT ME
$thepassword = "yourpassword"; //EDIT ME
$thedatabasename = "yourdb"; //EDIT ME
mysql_connect("".$roothostname."","".$theusername."","".$thepassword."") or die(mysql_error());
mysql_select_db("".$thedatabasename."") or die(mysql_error());
We also use the checkid_.php script to ensure that the session id variable is set, and send the user to register-with-captcha_.php if it is not. Then we put the session variable 'username' into $U—we will be checking that it is set in a second. Then we define a named constant '_NODIRECTACCESS'. We include the config.php file (in the includes folder) which uses the PHP defined() function to check on this constant. If it is not set, we are thrown out of the config.php file like yesterday's trash.
Next we check if the session variables 'groupname', 'username', and 'userid' are set. If not, we are sent to the login script. We make sure $U is still equal to the session variable 'username', that it is not an empty string, and that it's at least 6 characters long or . . . you guessed it . . . the login script. We make sure the session id is set and send them away if not.
Next we do browser sniffing to deal with display quirks. Then we have several JavaScript calculation functions that are part of the algorithm for dealing with fixed positioning. Much as we'd like to claim credit for it, in truth it's actually JDenny who is the CSS and JavaScript genius who came up with this brilliant CSS and JavaScript fixed positioning code and put it on the Web to help those of us that were stumped trying to figure out good fixed positioning codes. Thanks a million JDenny! This has to be the most ingenious DHTML using CSS and JavaScript we've ever seen! (Note: The b.gif URL should be left as is, but you do NOT need a b.gif file: it is a dummy name just to keep the code working.) The CSS for BODY, the mytable id, and the menu id in the CSS styling section are part of this algorithm for fixed positioning as well. The BODY tag's CSS that uses t.gif for the background is using a real file. Make it yourself: it's simply an invisible 1-pixel gif, and this goes a long way to prevent any shimmering of the fixed-position side menu. If you are feeling lazy type in http://www.css-resources.com/t.gif and do Save As from the browser's File menu, since right clicking is dumb—right click WHAT?
The checkdb() function uses a regular expression pattern and the JavaScript search() method to check out the table prefix input box value just entered and an illegal value (or less than 3 or more than 20 characters) will cause an alert message outlining legal characters, after which the function will return false. This latter and the focus() function causes the cursor to stay on the current input box until a viable table prefix name is entered.
In PHP, the MySQL command SHOW TABLES LIKE '$table' will check to see if the table exists and give the user a message and a chance to retry if it does not. The function fix() deals with quirks about how various browsers handle fixed positioning.
Next comes the CSS. We already looked at the weird stuff in BODY, the mytable id and the menu id styling. These too help browsers handle fixed positioning.
Check out the function theoptions(), in the PHP section. The function is a display function which echoes one form input value for one tag name (whose name attribute is a table field name) which is either a select tag or an input tag. It displays it on the screen via the PHP echo function. It only does one because the function is used from a for loop that loops through all array values. The first thing is to check the options table for that field name. But if the PHP function mysql_num_rows() finds no rows, an input tag is echoed.
If mysql_num_rows() finds one or more rows in the options table, the echoing of option values commences. We do not need any data from the options table, we just need the user's chosen options, which are in the _database table and were sent to this function theoptions() via the variable $r. Next, using the PHP functions mysql_fetch_array() (in the page display code discussed later) to get the options from the query result and htmlentities() and stripslashes() for security, we explode the comma-separated string of option values from the _database table and with a loop we echo them to the screen.
The function underscore() takes the table of form questions and processes them into values that can and will be used as MySQL table field names, allowing only alphanumerics and underscores in the new array $i2[]. The middot (what JavaScript converted all single quotes to) characters which are sent from the table turn into space middot space, so to get them turned into _ characters so they can be field names requires the str_replace() function to replace "_middot_" since the spaces on the sides of the word middot were already converted to _ by the previous preg_replace() function. So what is the $i[] array? It is from the table and it contains the raw question data like "How many men, in your group, make over $50,000 a year (!) and a % goes to charity?" Allowed are ' ! ? $ % ( ) _ - , . and letters and numbers, even though the ' will get converted to middot. But the $i2[] array will contain only "How_many_men__in_your_group__make_over__50_000_a_year_____and_a___
goes_to_charity_", which is okay as a field name, a tag's name attribute, a JavaScript array element value, or a PHP array element value.
We've already started a session at the start of the whole script. Now let's use it. It turns out that session variables are a much easier way to deal with values that need to survive refresh/restart and submissions than sticking hidden fields, POSTs, and GETs everywhere full of flags or values. The first thing the user does on this record viewing page is to enter the table prefix name for this form and it is POSTed to $d. If the POST has reasonable content, it will (if found in the MySQL db as part of a table name) be used as the table prefix (since the prefix will be used before _database, _options, and _input tables in relating to MySQL tables). The db query SHOW TABLES LIKE '$aa' will be used to check whether the table prefix exists and therefore the tables exist. The $_SESSION['db']=$db command establishes a session variable, but if the mysql_num_rows() function finds no rows in the result set, this is quickly unset and the user sees "Table does not exist. Try again."
The very next command is that session variable being checked, and if the result is finding out it is unset, the echoed table prefix entry form will be presented again. Users cannot get anywhere until a valid name is entered. The input is filtered in the JavaScript checkdb() function. Bad input gets an alert and a refocusing of the cursor in the input box. Good input lets the user into the rest of the script, as you can see by the next PHP "if" conditional.
We stick the user's id into $id. Next, we define some arrays and table name suffixes. Then we do a query to grab all the items (form questions) from the db table $db."_inputs" and we stick them in the $i[] array, using a php while() statement and array_push() function. Now the underscore() function is run.
Next we create the overall display page, and in a for loop we call the theoptions() function repeatedly until all the input tags' table data and select tags' table data are displayed.
The script below is called: view-record-in-html-form-creator-form.php
<?php
session_start();
include_once"checkid_.php";
$U=$_SESSION['username'];
define('_NODIRECTACCESS', TRUE);
include_once"includes/config.php";
if (!isset($_SESSION['groupname']) || !isset($_SESSION['userid']) || !isset($_SESSION['username']) || $_SESSION
['username']<>$U || !isset($U) || $U=="" || strlen($U)<6 || !isset($_SESSION['sessionid'])){echo '<script language="javascript">alert("Please login."); window.location = "login_.php";</script>';}
?>
<html>
<head>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<TITLE>View Record in HTML Form Creator Form</TITLE>
<meta name="description" content="View Record in HTML Form Creator Form">
<meta name="keywords" content="View Record in HTML Form Creator Form,View Form Creator record,View record,php,javascript, dhtml, DHTML">
<script language="javascript">
mactest=(navigator.userAgent.indexOf("Mac")!=-1) //My browser sniffers
is_chrome = navigator.userAgent.toLowerCase().indexOf('chrome') > -1
Netscape=(navigator.appName.indexOf("Netscape") != -1)
msafari=(navigator.userAgent.indexOf("Safari")!= -1)
wsafari=0; if(!mactest&&msafari){wsafari=1;msafari=0}
is_opera = 0; if(window.opera){is_opera=1}
is_ie_mac = 0; is_ie=0;if(document.all){is_ie=1}
if(is_ie&&mactest){is_ie_mac=1}
function calculateBgX(oElement) {return document.body.scrollLeft - getOffsetLeft(oElement);}
function calculateBgY(oElement) {return document.body.scrollTop - getOffsetTop(oElement);}
function getOffsetTop(oElement) {var iResult= oElement.offsetTop;
while (oElement.offsetParent) {oElement = oElement.offsetParent;iResult += oElement.offsetTop;}
return iResult;}
function getOffsetLeft(oElement) {var iResult= oElement.offsetLeft;
while (oElement.offsetParent) {oElement = oElement.offsetParent;iResult += oElement.offsetLeft;}
return iResult;}
function checkdb(){
var ck_item3 = /^[A-Za-z0-9_]{3,20}$/;
if (document.nameform.db.value.search(ck_item3)==-1)
{alert("Please enter 3 to 20 letters, numbers, or underscore."); document.nameform.db.focus();return false;}}
function fix(){if(Netscape||is_opera){e=document.getElementById("mytable");e.style.position="absolute";e.style.marginTop=0+"px";
e=document.getElementById("j");e.style.top=p+"px";}}
</script>
<STYLE TYPE="text/css">
BODY {margin-left:0; margin-right:0; margin-top:0;text-align:left;background-image:url(t.gif);background-attachment:fixed;background-color:#ccc;}
p, li, td {font:13px Verdana; color:black;text-align:left}
h1 {font:bold 28px Verdana; color:black;text-align:center}
h2 {font:bold 24px Verdana;text-align:center}
h3 {font:bold 15px Verdana;}
#mytable {margin:26px 0 0 150px;width:820px;padding:10px;border:2px solid blue;background: url('b.gif');background-attachment: fixed;background-position: expression((calculateBgX(this))+"px "+(calculateBgY(this))+"px");background-color:#eee;}
#table1 {width:100%;border:1px solid blue;text-align:center}
#menu {background-color:#eee;position:fixed;left:2px;width:130px;padding:5px;border:2px solid blue;position: expression("absolute");top: expression(eval(document.body.scrollTop)+60);}
#getdbname {position:absolute;top:104px;left:353px;}
</STYLE>
</head>
<body onload="fix()">
<?php
function theoptions(){
global $i,$i2,$h,$aaa,$r;
$sql = mysql_query("SELECT options FROM $aaa WHERE field_name='$i2[$h]'") or die(mysql_error());
$number_rows = mysql_num_rows($sql);
if($number_rows==0){
echo "<tr><td width='470' align='left'><span style='color:red'>*</span>".$i[$h];
echo "</td><td width='330' align='left'>";
echo $r."</td></tr>";
}else{
echo "<tr><td width='470' align='left'><span style='color:red'>*</span>".$i[$h];
echo "</td><td width='330' align='left'>";
$j=explode(",",htmlentities(stripslashes($r), ENT_QUOTES));
for ($d=0;$d<count($j);$d++){
echo $j[$d]."<BR>";}
echo "</td></tr>";}}
function underscore(){
global $i,$i2;
$replacement="_";
$pattern9 = '/[^A-Za-z0-9_]/i';
for ($h = 0; $h < count($i); $h++) {
$i2[$h]=preg_replace($pattern9, $replacement, $i[$h]);$i2[$h]=str_replace("_middot_","_",$i2[$h]);}}
$d=mysql_real_escape_string($_POST['db']);if(strlen($d)>2){
$db=$d;$aa=$db."_database";$exists = mysql_query("SHOW TABLES LIKE '$aa'") or die(mysql_error());
$_SESSION['db']=$db;$num_rows = mysql_num_rows($exists);
if($num_rows==0){unset($_SESSION['db']);unset($db);unset($d);mysql_close();
echo '<script language="javascript">alert("Table does not exist. Try again");</script>';}}
if(!isset($_SESSION['db'])){
echo "<div id='getdbname'><form name='nameform' id='nameform' method='post' action='view-record-in-html-form-creator-form.php' onsubmit='return checkdb()'>db name <input type='text' id='db' name='db' maxlength='20' size='20'><input type='submit' value='submit'></form></div>";}
if(isset($_SESSION['db'])){$db=$_SESSION['db'];
$id=$_SESSION['userid'];
$i=array();$i2=array();$j=array();
$a=$db."_inputs";
$aa=$db."_database";$aaa=$db."_options";
$sql=mysql_query("SELECT item FROM $a ORDER BY N");
$num_rows = mysql_num_rows($sql);
while($row = mysql_fetch_array($sql)){
array_push ($i, htmlentities(stripslashes($row['item']), ENT_QUOTES));}
underscore();
echo "<center><h1>View Record in HTML Form Creator Form</h1></center>";
echo "<div id='mytable'><a name='form1'></a>";
echo "<table id='table1' border='1' width='800' style='table-layout:fixed'><col width='470'><col width='330'>";
echo "<tr><th width='470' align='center'>Questions</th><th width='330' align='center'>Answers</th></tr>";
$sql=mysql_query("SELECT * FROM $aa WHERE member_id='$id'");
while($row = mysql_fetch_array($sql)){
for ($h = 0; $h < $num_rows; $h++) {$r=$row[$i2[$h]];theoptions();}}
echo "</table><center><BR></center></div>";
mysql_close();
unset($b);unset($f);unset($w);
}
?>
<div id='menu'>
<b><a HREF="profile-and-account-management.php">Return to Profile and Account Management</a></b>
</div>
</body>
</html>