PHPはgetRecords()関数を見つけることができません。この関数が定義されているファイルを含めましたか?
編集:
投稿されたデータの保護と、一般的なコードのクリーンさを実際に検討する必要があります。 1つの状況でのみ使用できる関数でラップするのではなく、mysqlが提供する関数を直接使用することをお勧めします。
そして:なぜあなたは毎回employeeinfoテーブル全体を構築しているのですか、それとも少なくともそれが存在するかどうかをチェックしているのですか?これはあなたが一度やることであり、忘れるべきです。次に、混乱を招くため、そのコードを削除します。
飛び込む前に、これらすべてが論理的にどのように機能するかを考える必要があります。これは基本的に従業員管理システムですか?次のことができるようになります:新しい従業員の追加、従業員の検索、従業員の編集、および従業員の削除。これが基本的な実装ですが、従業員を追加する機能がありません。私はこれをテストしていませんが、正しい方向を示していることを願っています:
<?php
/* Employees.php */
include('dbfactory.php');
include('header.php');
if(isset($_GET['do']) && (!empty($_GET['do']))){
switch($_GET['do']){
case 'search':
//The form action is appended with a query string, so we can handle multiple cases in process.php
?>
<form action="process.php?do=runsearch" method="POST">
<fieldset>
<legend>Search Employee Info</legend>
<label for="keyword">Enter Keyword</label>
<input id="keyword" name="keyword" value="" />
<input type="submit" name="submit" value="Search" />
</fieldset>
</form>
<?php
break;
case 'edit':
//Make sure that the employee id has been set!
if(isset($_GET['eid']) && (!empty($_GET['eid']))){
//Get the DB connection
$db = ConnectionFactory::getFactory()->getConnection();
//Set up the query with a ? placeholder
$sql = "Select * from employeeinfo WHERE personid = ? LIMIT 1";
$stmt = $db->prepare($sql);
//Bind the question mark with the Employee ID, as an Integer ONLY
$stmt->bindParam(1, $_GET['eid'], PDO::PARAM_INT);
$stmt->execute();
/* Get an array of the result */
$result = $stmt->fetch(PDO::FETCH_ASSOC);
/* Make an array of friendly names associated with the mysql fields */
if(count($result) > 0){
//Set up friendly names:
$fnames = array('firstname' => 'First Name',
'lastname' => 'Last Name',
'phone' => 'Phone Number',
'email' => 'Email Address',
'department' => 'Department',
'position' => 'Position');
/* Start the form, and make a hidden field with the employee id we want to edit.*/
?>
<form action="process.php?do=saveedits" method="POST">
<input type="hidden" name="personid" value="<?=$result['personid']?>" />
<?php
/* Unset the person id, because we already used it */
unset($result['personid']);
//*Fill the fields with values from the database, if a friendly name is found, it will be used as the label*/
foreach($result as $key => $value){
?>
<label for="<?=$key?>"><?=(isset($fnames["$key"]) ? $fnames["$key"] : $key)?></label>
<input id="<?=$key?>" name="<?=$key?>" value="<?=$value?>" />
<br>
<?php
}
?>
<input type="submit" value="Modify Employee" >
</form>
<?php
}
else{
/* Couldnt find that employee in the DB */
?>
<h2>Error, Employee Not Found</h2>
<?php
}
}
break;
case 'new':
//Make sure that the employee id has been set!
/* Make an array of friendly names associated with the mysql fields */
//Set up friendly names:
$fnames = array('firstname' => 'First Name',
'lastname' => 'Last Name',
'phone' => 'Phone Number',
'email' => 'Email Address',
'department' => 'Department',
'position' => 'Position');
/* Start the form, and make a hidden field with the employee id we want to edit.*/
?>
<form action="process.php?do=savenew" method="POST">
<?php
//*Fill the fields with values from the database, if a friendly name is found, it will be used as the label*/
foreach($fnames as $key => $value){
?>
<label for="<?=$key?>"><?=$value?></label>
<input id="<?=$key?>" name="<?=$key?>" />
<br>
<?php
}
?>
<input type="submit" value="Create New Employee" >
</form>
<?php
break;
case 'delete':
if(isset($_GET['eid']) && (!empty($_GET['eid']))){
$db = ConnectionFactory::getFactory()->getConnection();
/* Make sure this person exists, and get their info */
$sql = "Select * from employeeinfo WHERE personid = ?";
$stmt = $db->prepare($sql);
/* Same as above */
$stmt->bindParam(1, $_GET['eid'], PDO::PARAM_INT);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if(count($result) > 0){
/* Ask to confirm the delete */
?>
<h2>Are you sure you want to delete <?=$result['firstname']?> <?=$result['lastname']?>'s Records?</h2>
<a href="process.php?do=confirmdelete&eid=<?=$result['personid']?>">Yes, Confirm Delete!</a>
<?php
}
else{
?>
<h2>Error, Employee Not Found</h2>
<?php
}
}
break;
}
}
else{
//List employees
$db = ConnectionFactory::getFactory()->getConnection();
$sql = "SELECT * from employeeinfo";
$stmt = $db->prepare($sql);
$res = $stmt->execute();
/* Make a table with the results and headings */
if($res){
?>
<table>
<tr>
<td>First Name</td>
<td>Last Name</td>
<td>Email</td>
<td>Phone</td>
<td>Department</td>
<td>Position</td>
<td>Actions</td>
</tr>
<?php
while($result = $stmt->fetch(PDO::FETCH_ASSOC)){
?>
<tr>
<td><?=$result['firstname']?></td>
<td><?=$result['lastname']?></td>
<td><?=$result['email']?></td>
<td><?=$result['phone']?></td>
<td><?=$result['department']?></td>
<td><?=$result['position']?></td>
<td><a href="employees.php?do=edit&eid=<?=$result['personid']?>">Edit</a>
<a href="employees.php?do=delete&eid=<?=$result['personid']?>">Del</a>
</td>
</tr>
<?php
}
?>
</table>
<?php
}
}
include('footer.php');
/* End Employees.php */
?>
Process.php:
<?php
/* Process.php */
// Bind the parameter
include('dbfactory.php');
include('header.php');
if(isset($_GET['do']) && (!empty($_GET['do']))){
switch($_GET['do']){
case 'runsearch':
if((isset($_POST['keyword'])) && (!empty($_POST['keyword']))){
/* You have to put the % signs in beforehand with PDO */
$keyword = "%".$_POST['keyword']."%";
$db = ConnectionFactory::getFactory()->getConnection();
$sql = "SELECT * from employeeinfo WHERE
firstname LIKE ?
OR
lastname LIKE ?
OR
phone LIKE ?
OR
email LIKE ?
OR
department LIKE ?
OR
position LIKE ?";
$stmt = $db->prepare($sql);
/* There are 6 placeholders, so we need to loop 6 times, binding the new placeholder each time */
for($i=1; $i<=6; $i++){
$stmt->bindParam($i, $keyword, PDO::PARAM_STR);
}
$res = $stmt->execute();
/* Make a table with the results and headings */
if($stmt->rowCount() > 0){
?>
<table>
<tr>
<td>First Name</td>
<td>Last Name</td>
<td>Email</td>
<td>Phone</td>
<td>Department</td>
<td>Position</td>
<td>Actions</td>
</tr>
<?php
while($result = $stmt->fetch(PDO::FETCH_ASSOC)){
?>
<tr>
<td><?=$result['firstname']?></td>
<td><?=$result['lastname']?></td>
<td><?=$result['email']?></td>
<td><?=$result['phone']?></td>
<td><?=$result['department']?></td>
<td><?=$result['position']?></td>
<td><a href="employees.php?do=edit&eid=<?=$result['personid']?>">Edit</a>
<a href="employees.php?do=delete&eid=<?=$result['personid']?>">Del</a>
</td>
</tr>
<?php
}
?>
</table>
<?php
}
else{
?><h2>No Results Found!<?php
}
}
else{
?><h2>No Keyword Set!<?php
}
break;
case 'saveedits':
/* Array of the fields we expect to be Posted */
$required = array('personid' => 'Employee Id',
'firstname' => 'First Name',
'lastname' => 'Last Name',
'phone' => 'Phone Number',
'email' => 'Email Address',
'department' => 'Department',
'position' => 'Position');
/* Make sure all the fields have been posted */
$good = true;
foreach($required as $field => $value){
if(!isset($_POST[$field]))
$good = false;
}
if($good){
$db = ConnectionFactory::getFactory()->getConnection();
/* Have to temporarily store the personid in a temp variable, and remove it from the array */
$pid = $_POST['personid'];
unset($_POST['personid']);
$posted = $_POST;
/* Change this : firstname to : `firstname`=:firstname, etc, etc Runs over the whole arraay */
$params = join(", ", array_map(
function($col) {
return "`".preg_replace("/`/u","``",$col)."`=".":".preg_replace("/[`\s]/u","",$col);},
array_keys($posted)));
/* Put the personid back into the posted array, so we can use it again. */
$posted['personid'] = $pid;
$stmt = $db->prepare("UPDATE `employeeinfo` SET {$params} WHERE `personid`=:personid");
/* Use the whole post array to execute looks like: field => value */
$stmt->execute($posted);
if($stmt->rowCount() > 0){
?><h2>Employee Updated!</h2><?php
}
else{
?><h2>Error! Could Not Update Employee!</h2><?php
}
}
else{
print_r($_POST);
print_r($required);
?><h2>Form Error! Required fields not set!</h2><?php
}
break;
case 'savenew':
/* Array of the fields we expect to be Posted */
$required = array('firstname' => 'First Name',
'lastname' => 'Last Name',
'phone' => 'Phone Number',
'email' => 'Email Address',
'department' => 'Department',
'position' => 'Position');
/* Make sure all the fields have been posted */
$good = true;
foreach($required as $field => $value){
if(!isset($_POST[$field]))
$good = false;
}
if($good){
$db = ConnectionFactory::getFactory()->getConnection();
/* Have to temporarily store the personid in a temp variable, and remove it from the array */
$posted = $_POST;
$columns = join(",", array_map(
function($col) { return "`".preg_replace("/`/u","``",$col)."`";},
array_keys($posted)));
$params = join(",", array_map(
function($col) { return ":".preg_replace("/[`\s]/u","",$col);},
array_keys($posted)));
$query = "INSERT INTO `employeeinfo` ({$columns}) VALUES ({$params})";
$stmt = $db->prepare($query);
$stmt->execute($posted);
if($stmt->rowCount() > 0){
?><h2>Employee Created!</h2><?php
}
else{
?><h2>Error! Could Not Create Employee!</h2><?php
print_r($stmt->errorInfo());
}
}
else{
?><h2>Form Error! Required fields not set!</h2><?php
}
break;
/* Pretty Self Explanatory */
case 'confirmdelete':
if(isset($_GET['eid']) && (!empty($_GET['eid']))){
$db = ConnectionFactory::getFactory()->getConnection();
$sql = "Delete from `employeeinfo` WHERE personid = ?";
$stmt = $db->prepare($sql);
$stmt->bindParam(1, $_GET['eid'], PDO::PARAM_INT);
$stmt->execute();
if($stmt->rowCount() > 0){
?><h2>Employee Deleted!</h2><?php
}
else{
?><h2>Error! Could Not Delete Employee!<br></h2><?php
print_r($stmt->errorInfo());
}
}
else{
?><h2>Error! No Employee By That Id!</h2><?php
}
break;
}
}
else{
//Error nothing to do!
}
/* End process.php: */
?>
Dbfactory.php:
/* dbfactory.php: */
<?php
Class ConnectionFactory
{
private static $factory;
public static function getFactory()
{
if (!self::$factory)
self::$factory = new ConnectionFactory;
return self::$factory;
}
private $db;
public function getConnection() {
if (!isset($db)){
try{
//Make sure to fill out these values
$db = new PDO('mysql:dbname=YOURDATABASENAME;host=YOURDATABASEADDRESS', 'USERNAME', 'PASSWORD');
return $db;
}
catch(PDOException $e) {
echo 'DB Error: '. $e->getMessage();
}
}
}
}
?>
/* End dbfactory.php: */
Header.php:
/* Header.php: */
<html>
<head>
<style type="text/css">
td{
border:1px solid;
border-radius:3px;
padding:4px;
}
</style>
</head>
<body>
<a href="employees.php">Manage Employees</a> - <a href="employees.php?do=search">Search Employees</a> - <a href="employees.php?do=new">Add Employee</a>
<br>
<br>
/* End header.php */
Footer.php:
/*footer.php */
</body>
</html>
/* End footer.php */
繰り返しになりますが、これはまだ基本的なことであり、この種のものはphpクラスに実装する必要があります。これはPDOを使用しているため、dbの詳細が変更された場合は、dbfactory.phpを変更するだけで完了です。
戻ってPHPの学習を開始することについて1つ変更できれば、使用しているような廃止されたmysqlクエリ関数の代わりにPDOを学習することになるでしょう。
私が言ったように、これは決して完璧な実装ではありません。すべてを分類し、ロジックをプレゼンテーションから分離する必要があります。しかし、それは始まりです!
幸せな学習!