Build a Shopping Cart Admin Tool for Your PHP Online Store | 2

Build a Shopping Cart Admin Tool for Your PHP Online Store [con't]

Administering the Online Shop

You need administration to enable a number of important tasks, including:

• Removing redundant data and in so doing freeing up resources
• Adding a new line of product (in this example, books to the Pleasure Reading, Inc. catalog)
• Adjusting prices

These are just some of the reasons why administering your online shop is important. With an administration interface, you can add new books, change the details of current books, and change the prices of books.

An administrative interface is more effective if you have a login script. It can then separate the administrators from other low-level users, and therefore make sure that only the administrator can do certain things.

The administration interface that you are going to create will be very simple and perform the following tasks:

• Add a new book
• Change book details, such as author and price

The first page is going to look like the index page of the main front page. The administrator will get to choose from a list of categories and then a list of books from that category will be shown. The difference here is that the booklist will give you the option to either change book details or remove the book entirely.

The Category Selection Page

Depending on what you choose, the change.php page will be shown or the delete.php script will be executed. Let's look at the code of the first page in the administration application:

<?php include "../connect.php"; $query ="SELECT * from genres"; $results=mysql_query($query); if($results){ $num = mysql_num_rows($results); }else{ $errmsg= mysql_error(); } ?> <html> <head> <title>Pleasure Reading Inc. - Administration</title> </head> <body> <table width="100%" border="0"> <tr> <td><h1>Pleasure Reading Inc. </h1> </td> </tr> <tr> <td> </td> </tr> <tr> <td>Select from the categories below: </td> </tr> <tr> <td> </td> </tr> <?php if($num>0){ while($row=mysql_fetch_assoc($results)){ ?> <tr> <td bgcolor="#ECE9D8"><img src="images/arrow.gif" width="9" height="9" /><a href="booklist.php?catid=<?php echo trim(stripslashes($row['gen_id']));?>&catname=<?php $_SESSION['catname']=$row['gen_name']; echo stripslashes(strtoupper($row['gen_name']));?>"><?php echo stripslashes(strtoupper($row['gen_name']));?></a></td> </tr> <?php } }else{ ?> <tr> <td>No categories available.</td> </tr> <? } ?> </table> </body> </html>

The code is fairly easy to understand. The first part of the code simply retrieves all the genres from the genres table after connecting to the database with the connect.php script:

include "../connect.php"; $query ="SELECT * from genres"; $results=mysql_query($query);

If the query was successful, the returned rows are stored in the $num variable:

if($results){ $num = mysql_num_rows($results);

Otherwise, an error message is stored in the appropriately named $errmsg variable:

}else{ $errmsg= mysql_error(); }

The reason for storing the returned rows in the $num variable is because it is going to be used to create a dynamic table later.

Let's look at the HTML that actually presents the list of genres. First, the table headers are created:

<table width="100%" border="0"> <tr> <td><h1>Pleasure Reading Inc. </h1> </td> </tr> <tr> <td> </td> </tr> <tr> <td>Select from the categories below: </td> </tr> <tr> <td> </td> </tr>

Then the number stored in the $num variable is used to iterate through the array of results that ultimately create the dynamic table rows:

<?php if($num>0){ while($row=mysql_fetch_assoc($results)){ ?>

The genre name and ID is used to make a hyperlink:

<tr> <td bgcolor="#ECE9D8"><img src="images/arrow.gif" width="9" height="9" /><a href="booklist.php?catid=<?php echo trim(stripslashes($row['gen_id']));?>&catname=<?php $_SESSION['catname']=$row['gen_name']; echo stripslashes(strtoupper($row['gen_name']));?>"><?php echo stripslashes(strtoupper($row['gen_name']));?></a></td> </tr>

If no genres have been found, an appropriate message is displayed:

<?php } }else{ ?> <tr> <td>No categories available.</td> </tr> <? } ?> </table>

And that's basically all there is to the main page of the administration script. The next script that you are going to look at is the booklist.php script. It has exactly the same function as the listbooks.php script in the main application, but with a slight difference in that it provides an option to either remove a book or change book details.

The Category List Page

Below is the code for the script:

<?php include "../connect.php"; //check if //A) a catid has been submitted //B) the submitted value is numeric if(isset($_GET['catid'])){ //clean it up if(!is_numeric($_GET['catid'])){ //Non numeric value entered. Someone tampered with the catid $error=true; $errormsg=" Security, Serious error. Contact webmaster: Catid enter: ".$_GET['catid'].""; }else{ //cat_id is numeric number //clean it up $error=false; $aID=mysql_escape_string($_GET['catid']); $query ="SELECT * from books INNER JOIN genres ON genID=gen_id WHERE genID='".$aID."' "; $results=mysql_query($query); if($results){ $num = mysql_num_rows($results); //$row=mysql_fetch_assoc($results); }//results else{ //there's a query error $error=true; $errormsg .=mysql_error(); }//result test }//numeric }//if isset ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="https://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> </head> <body> <?php if(!$error){ ?> <table width="100%" border="0"> <tr> <td colspan="3"><h1>Pleasure Reading Inc.</h1></td> </tr> <tr> <td colspan="4"> </td> </tr> <tr> <td colspan="4"><b><?php trim(stripslashes($_SESSION['catname'])) ?></b></td> </tr> <tr> <td width="10%"></td> <td width="90%"> </td> </tr> <tr> <td bgcolor="#CCCCCC"><strong>Title:</strong></td> <td bgcolor="#CCCCCC"><strong>Action:</strong></td> </tr> <?php if($num>0){ while($rowb=mysql_fetch_assoc($results)){ ?> <tr> <td><img src="../images/arrow.gif" width="9" height="9" /><?php echo trim(stripslashes($rowb['title']))?></td> <td><a href="change.php?bid=<?php echo trim(stripslashes($rowb['book_id']))?>">Change</a> | <a href="delete.php?bid=<?php echo trim(stripslashes($rowb['book_id']))?>">Remove </a> </td> </tr> <tr> <td colspan="2"><hr /></td> </tr> <?php } }else{ ?> <tr> <td colspan="2"> </td> </tr> <tr> <td colspan="2"><p>There are no books in this category.</p></td> </tr> <?php } ?> </table> <?php }else{ ?> <table> <tr> <td><p><?php echo "The following errors occurred: ".$errormsg."" ?></p></td> </tr> </table> <?php } ?> </body> </html>

Let's take a look at the PHP code. First, you need to filter the data before using it in a MySQL query. The main.php page sends over a variable called catid. Now, based on the database schema of the genre table, you know that the category ID or catid is a number. So, you need to do the usual checks with the is_numeric() function:

<?php include "../connect.php"; //check if //A) a catid has been submitted //B) the submitted value is numeric if(isset($_GET['catid'])){ //clean it up if(!is_numeric($_GET['catid'])){ //Non numeric value entered. Someone tampered with the catid $error=true; $errormsg=" Security, Serious error. Contact webmaster: Catid enter: ".$_GET['catid']."";

Once you have checked that the category ID is indeed numeric, you can then continue to run the query after escaping the catid with mysq_real_escape_string():

}else{ //cat_id is numeric number //clean it up $error=false; $aID=mysql_escape_string($_GET['catid']); $query ="SELECT * from books INNER JOIN genres ON genID=gen_id WHERE genID='".$aID."' "; $results=mysql_query($query);

If the query returns rows, then you store the value in the $num variable, which you will use to build a dynamic table with later on:

if($results){ $num = mysql_num_rows($results); //$row=mysql_fetch_assoc($results); }//results

If there were any errors from the query, then it is stored in the $errormsg variable:

else{ //there's a query error $error=true; $errormsg .=mysql_error(); }//result test }//numeric }//if isset

Now, the booklist script dynamically creates a table with two headers: Title and Action. The former will list the titles of the books in that category, and the latter will list the Remove or Change options as hyperlinks:

<tr> <td colspan="4"><b><?php trim(stripslashes($_SESSION['catname'])) ?></b></td> </tr> <tr> <td width="10%"></td> <td width="90%"> </td> </tr> <tr> <td bgcolor="#CCCCCC"><strong>Title:</strong></td> <td bgcolor="#CCCCCC"><strong>Action:</strong></td> </tr> <?php if($num>0){ while($rowb=mysql_fetch_assoc($results)){ ?> <tr> <td><img src="../images/arrow.gif" width="9" height="9" /><?php echo trim(stripslashes($rowb['title']))?></td> <td><a href="change.php?bid=<?php echo trim(stripslashes($rowb['book_id']))?>">Change</a> | <a href="delete.php?bid=<?php echo trim(stripslashes($rowb['book_id']))?>">Remove </a> </td> </tr> <tr> <td colspan="2"><hr /></td> </tr>

Clicking on the "Remove" link takes the user to the delete script, and clicking on the "Change" link takes the user to the change.php script.

The last part of the script displays a message if no books are found:

<?php } }else{ ?> <tr> <td colspan="2"> </td> </tr> <tr> <td colspan="2"><p>There are no books in this category.</p></td> </tr> <?php } ?> </table>

Conclusion

With an online shopping cart administration tool in place, you can easily create as many administrators and non-administrators for your site as you need and manage their privileges and tasks accordingly.

Original: February 17, 2010

Find a programming school near you

Zip Code:

Subject: - Select All Subjects - Computer Applications Computer Engineering Computer Science Computer Prog. - Software Dev. Computer Game Programming Web Design Web Development Internet Systems Internet Certification Database Design and Development Information Systems Management Information Technology Project Management Network Design - Development Systems Analyst

Degree: - Select All Degrees - Associate's Bachelor's Master's Doctoral Certificates Diplomas Coursework MBA

Online Campus Both