Ontzettend groot script voor heel weinig input.

Door Arno van Zanten op 17-04-2023 16:27

1.686 views

Wie kan mij helpen met dit te verbeteren?
Ik heb waarschijnlijk een te moeilijk script gemaakt, werkt wel, maar denk dat het beter en kleiner kan.


<?php
	/* profile page */
	if($_GET['menu'] == 'profile' && $_GET['action'] == 'edit') {
		
		/* Profile Edit */
		
		$sql = "SELECT * FROM Girls WHERE ID = ".$_GET['id']."";
		$results = mysqli_query($connect, $sql);
		$change = mysqli_fetch_all($results, MYSQLI_ASSOC);
			if($_GET['id'] == $_SESSION['ID']) {
				
			echo "<div class='edit'>
					<form id='edit' action='index.php?menu=profile&action=adjust' method='POST'>";
			
			foreach($change as $edit) {
				echo "<div class='tooltip' id='info3'>
						<img id='imginfo' src='./img/page/info.png'>
						<span class='tooltiptext'>Edit / Change your Nickname here, this is visable on the profile</span>
					</div>
					<div id='info2'>Nickname : </div>
					<div id='info'>
						<input type='text' name='Nickname' placeholder='".$edit['Nickname']."'>
					</div>
					<div class='tooltip' id='info3'>
						<img id='imginfo' src='./img/page/info.png'>
						<span class='tooltiptext'>Edit / Change your work number if needed, this is visable on your profile</span>
					</div>
					<div id='info2'>Work Number : </div>
					<div id='info'>
						<input type='number' name='Wphone' placeholder='+".$edit['Wphone']."'>
					</div>
					<div class='tooltip' id='info3'>
						<img id='imginfo' src='./img/page/info.png'>
						<span class='tooltiptext'>Edit / Change the 'In Case of Emergency' name if needed</span>
					</div>
					<div id='info2'>ICE Name 1 : </div>
					<div id='info'>
						<input type='text' name='ICEName1' placeholder='".$edit['ICEName1']."'>
					</div>
					<div class='tooltip' id='info3'>
						<img id='imginfo' src='./img/page/info.png'>
						<span class='tooltiptext'>Edit / Change the 'In Case of Emergency' number if needed</span>
					</div>
					<div id='info2'>ICE Number 1 : </div>
					<div id='info'>
						<input type='number' name='ICePhone1' placeholder='+".$edit['ICePhone1']."'>
					</div>
					<div class='tooltip' id='info3'>
						<img id='imginfo' src='./img/page/info.png'>
						<span class='tooltiptext'>Edit / Change the 'In Case of Emergency' second name if needed</span>
					</div>
					<div id='info2'>ICE Name 2 : </div>
					<div id='info'>
						<input type='text' name='ICEName2' placeholder='".$edit['ICEName2']."'>
					</div>
					<div class='tooltip' id='info3'>
						<img id='imginfo' src='./img/page/info.png'>
						<span class='tooltiptext'>Edit / Change the second 'In Case of Emergency' number if needed</span>
					</div>
					<div id='info2'>ICE Number 2 : </div>
					<div id='info'>
						<input type='number' name='ICEPhone2' placeholder='+".$edit['ICEPhone2']."'>
					</div>
					<div class='tooltip' id='info3'>
						<img id='imginfo' src='./img/page/info.png'>
						<span class='tooltiptext'>Edit or change your email address</span>
					</div>
					<div id='info2'>Email : </div>
					<div id='info'>
						<input type='email' name='Address' placeholder='".$edit['Address']."'>
					</div>";
			}
			echo "	<input type='submit' name='submit'>
					</form>
				</div>";
			foreach($change as $nonedit) {
				
				$fname = $nonedit['Fname'];
				$lname = $nonedit['Lname'];
				$idcard = $nonedit['IDcard'];
				$bday = $nonedit['Birthday'];
				$private = $nonedit['Pphone'];
				$region = $nonedit['Nationality'];
				
			echo "<div class='reminder'>Can not be changed only by admin (<a href='mailto:[email protected]'>Send mail</a>)</div>
				<div class='nonedit'>
					<div id='nonedit'>First name : ".$fname."</div>
					<div id='nonedit'>Last name : ".$lname."</div>
					<div id='nonedit'>ID Card : ".$idcard."</div>
					<div id='nonedit'>Birthday : ".$bday."</div>
					<div id='nonedit'>Private Number : +".$private."</div>
					<div id='nonedit'>Nationality : ".$region."</div>
				</div>";
			}
			} else {
				echo "!!!! NOT YOUR PROFILE !!!! , <a href='index.php?menu=profile&action=edit&id=".$_SESSION['ID']."'>Click here</a> to go back";
			}
	}elseif($_GET['menu'] == 'profile' && $_GET['action'] == 'adjust') {
		
		$sql = "SELECT * FROM Girls WHERE ID = ".$_SESSION['ID']."";
		$result = mysqli_query($connect, $sql);
		$profile = mysqli_fetch_all($result, MYSQLI_ASSOC);
			/* changes */
			
			$nick = $_POST['Nickname'];
			$wp = $_POST['Wphone'];
			$icen1 = $_POST['ICEName1'];
			$icep1 = $_POST['ICePhone1'];
			$icen2 = $_POST['ICEName2'];
			$icep2 = $_POST['ICEPhone2'];
			$addr = $_POST['Address'];			
		
		foreach($profile as $profileid) {
			/* in dbase */
		
			$wname = $profileid['Nickname'];
			$wphone = $profileid['Wphone'];
			$icename1 = $profileid['ICEName1'];
			$icephone1 = $profileid['ICePhone1'];
			$icename2 = $profileid['ICEName2'];
			$icephone2 = $profileid['ICEPhone2'];
			$eaddr = $profileid['Address'];
			
		}
			echo "<form action='index.php?menu=profile&action=edityes' method='POST'";
			echo "</font></b>";			
			if(!empty($nick)) {
				echo "You Changed the Nickname : <b><font color='#008800'>".$wname."</font></b> to : <b><font color='#008800'>".$nick."</font></b><br />
				<input type='hidden' name='Nickname' value='".$_POST['Nickname']."'>";
			}
			if(!empty($wp)) {
				echo "You Changed the Work number : <b><font color='#008800'>+".$wphone."</font></b> to : <b><font color='#008800'>+".$wp."</font></b><br />
				<input type='hidden' name='Wphone' value='".$_POST['Wphone']."'>";
			}
			if(!empty($icen1)) {
				echo "You Changed ICE Name 1 : <b><font color='#008800'>".$icename1."</font></b> to : <b><font color='#008800'>".$icen1."</font></b><br />
				<input type='hidden' name='ICEName1' value='".$_POST['ICEName1']."'>";
			}
			if(!empty($icep1)) {
				echo "You Changed ICE Number 1 : <b><font color='#008800'>+".$icephone1."</font></b> to : <b><font color='#008800'>+".$icep1."</font></b><br />
				<input type='hidden' name='ICePhone' value='".$_POST['ICePhone1']."'>";
			}
			if(!empty($icen2)) {
				if(empty($icename2)) {
					$icename2 = "[Not setted]";
				}
				echo "You Changed ICE Name 2 : <b><font color='#008800'>".$icename2."</font></b> to : <b><font color='#008800'>".$icen2."</b></font><br />
				<input type='hidden' name='ICEName2' value='".$_POST['ICEName2']."'>";
			}
			if(!empty($icep2)) {
				if(empty($icephone2)) {
					$icephone2 = "[Not setted]";
				}
				echo "You Changed ICE Number 2 : <b><font color='#008800'>+".$icephone2."</font></b> to : <b><font color='#008800'>+".$icep2."</font></b><br />
				<input type='hidden' name='ICEPhone2' value='".$_POST['ICEPhone2']."'>";
			}
			if(!empty($addr)) {
				echo "You Changed your email address : <b><font color='#008800'>".$eaddr."</font></b> to : <b><font color='#008800'>".$addr."</font></b><br />
				<input type='hidden' name='Address' value='".$_POST['Address']."'>";
			}
		echo "If this information is correct, click <input type='submit' name='submit'> to confirm. click <b><font color='#880000'><a href='index.php?menu=profile'>here</a></font></b> to cancel";
		echo "</form>";
			
	}elseif($_GET['menu'] == 'profile' && $_GET['action'] == 'edityes') {
		
		if(!empty($_POST['Nickname'])) {
			$query = 'UPDATE Girls SET Nickname="'.$_POST['Nickname'].'" WHERE ID="'.$_SESSION['ID'].'"';
			$result = mysqli_query($connect, $query);
		} else {echo "No changes";}
		if(!empty($_POST['Wphone'])) {
			$query = 'UPDATE Girls SET Wphone="'.$_POST['Wphone'].'" WHERE ID="'.$_SESSION['ID'].'"';
			$result = mysqli_query($connect, $query);
		} else {echo "No changes";}
		if(!empty($_POST['ICEName1'])) {
			$query = 'UPDATE Girls SET ICEName1="'.$_POST['ICEName1'].'" WHERE ID="'.$_SESSION['ID'].'"';
			$result = mysqli_query($connect, $query);
		} else {echo "No changes";}
		if(!empty($_POST['ICePhone1'])) {
			$query = 'UPDATE Girls SET ICePhone1="'.$_POST['ICePhone1'].'" WHERE ID="'.$_SESSION['ID'].'"';
			$result = mysqli_query($connect, $query);
		} else {echo "No changes";}
		if(!empty($_POST['ICEName2'])) {
			$query = 'UPDATE Girls SET ICEName2="'.$_POST['ICEName2'].'" WHERE ID="'.$_SESSION['ID'].'"';
			$result = mysqli_query($connect, $query);
		} else {echo "No changes";}
		if(!empty($_POST['ICEPhone2'])) {
			$query = 'UPDATE Girls SET ICEPhone2="'.$_POST['ICEPhone2'].'" WHERE ID="'.$_SESSION['ID'].'"';
			$result = mysqli_query($connect, $query);
		} else {echo "No changes";}
		if(!empty($_POST['Address'])) {
			$query = 'UPDATE Girls SET Address="'.$_POST['Address'].'" WHERE ID="'.$_SESSION['ID'].'"';
			$result = mysqli_query($connect, $query);
		} else {echo "No changes";}
		
		if(!empty($_POST['Nickname'])) {
			echo "Nickname is changed to ".$_POST['Nickname']."<br />";
		} else {echo "No changes";}
		if(!empty($_POST['Wphone'])) {
			echo "Work number is changed to +".$_POST['Wphone']."<br />";
		} else {echo "No changes";}
		if(!empty($_POST['ICEName1'])) {
			echo "ICE name 1 is changed to ".$_POST['ICEName1']."<br />";
		} else {echo "No changes";}
		if(!empty($_POST['ICePhone1'])) {
			echo "ICE number 1 is changed to +".$_POST['ICePhone1']."<br />";
		} else {echo "No changes";}
		if(!empty($_POST['ICEName2'])) {
			echo "ICE name 2 is changed to ".$_POST['ICEName2']."<br />";
		} else {echo "No changes";}
		if(!empty($_POST['ICEPhone2'])) {
			echo "ICE number 2 is changed to +".$_POST['ICEPhone2']."<br />";
		} else {echo "No changes";}
		if(!empty($_POST['Address'])) {
			echo "Email address is changed to".$_POST['Address']."<br />";
		} else {echo "No changes";}
		sleep(2);
		echo "Click <b><font color='#008800'><a href='index.php?menu=profile'>here</a></font></b> to go back";
		
	}else{
	/* Profile View*/

		$user = $_SESSION['Nickname'];
		$usid = $_SESSION['ID'];
		
		echo "<div class='welcome'>".$user."</div>";
		
			$sql = "SELECT * FROM Girls WHERE ID = ".$usid."";
			$result = mysqli_query($connect, $sql);
			$profile = mysqli_fetch_all($result, MYSQLI_ASSOC);
			
			echo "<div class='profile-grid'>";
			
				foreach($profile as $profileid) {

					$TDate = date('Y-m-d');
					$diff = date_diff(date_create($profileid['Birthday']), date_create($TDate));
					$age = $diff->format('%y');
					
				echo "<div class='profile-item' id='vissable'>Work name : ".$profileid['Nickname']."</div>";
				echo "<div class='profile-item' id='unvissable'>First name : ".$profileid['Fname']."</div>";
				echo "<div class='profile-item' id='unvissable'>IDcard : ".$profileid['IDcard']."</div>";
				if(empty($profileid['ICEName2'])){
						echo "<div class='profile-item' id='unvissable'>ICE Name 2 : Not set</div>";
					}else{
						echo "<div class='profile-item' id='unvissable'>ICE Name 2 : ".$profileid['ICEName2']."</div>";
					}
	
				echo "<div class='profile-item' id='vissable'>Age : ".$age."</div>";
				echo "<div class='profile-item' id='unvissable'>Last Name : ".$profileid['Lname']."</div>";
				echo "<div class='profile-item' id='unvissable'>ICE Name 1 : ".$profileid['ICEName1']."</div>";
				if(empty($profileid['ICEPhone2'])){
						echo "<div class='profile-item' id='unvissable'>ICE Number 2 : Not set</div>";
					}else{
						echo "<div class='profile-item' id='unvissable'>ICE Number 2 : +".$profileid['ICEPhone2']."</div>";
					}
				
				echo "<div class='profile-item' id='vissable'>Work Number : +".$profileid['Wphone']."</div>";
				echo "<div class='profile-item' id='unvissable'>Birthday : ".$profileid['Birthday']."</div>";
				echo "<div class='profile-item' id='unvissable'>ICE Number 1 : +".$profileid['ICePhone1']."</div>";
								
					
	
					echo "<div class='profile-item' id='unvissable'>Email Address : ".$profileid['Address']."</div>";
					echo "<div class='profile-item' id='vissable'>Nationality : ".$profileid['Nationality']."</div>";
					echo "<div class='profile-item' id='unvissable'>Private Number : +".$profileid['Pphone']."</div>";
					
					
				}
			echo "</div>
					<div class='legendas-grid'>
						<div class='legendas' id='vissable'>This color means, visable on you profile page</div>
						<div class='legendas' id='unvissable'>This color means, not visable on you profile page</div>
					</div>
					<div class='legendas-grid2'>
						<div id='item-menu2'><a href='index.php?menu=profile&action=edit&id=".$usid."'>Update your information</a></div>
					</div>";
	}

?>

Je ziet wel wat ik gedaan heb, maar denk dat het beter kan.

- Ariën -

17-04-2023 16:39 gewijzigd op 17-04-2023 16:40

Het ziet er aardig uit, maar ik heb wel wat puntjes.

- controleer met isset() of je GET-waarde bestaat, anders krijg je "Undefined index" foutmeldingen.
- Denk aan SQL-injection, Nu kan jan-en-alleman je query aanpassen met mogelijk gevaarlijke gevolgen van dien.
- Als het bij het wijzigen om je eigen gegevens gaat hoef je dit niet in de URL mee te geven. Aan de hand van je sessie is al bekend wie je bent. Als je een profiel van iemand anders wilt bekijken of wijzigen, dan is een GET-waarde wel noodzakelijk.
- Kopiëren van variabelen op lijn 78 t/m 83 en verderop in je code is onnodig.
- De sloot aan update-queries kan je prima samenbrengen naar een UPDATE die je eenmalig uitvoert. Als jij een berg aan chinees eten uit de koelkast wilt halen, dan loop je ook niet 12 keer heen en weer ;-)
- Grote lappen HTML-code zou ik buiten een echo, en ook buiten je PHP-blok plaatsen.

Arno van Zanten

17-04-2023 16:54

Mij gaat het vooral om dit gedeelte
[code]
<?php
}elseif($_GET['menu'] == 'profile' && $_GET['action'] == 'adjust') {

$sql = "SELECT * FROM Girls WHERE ID = ".$_SESSION['ID']."";
$result = mysqli_query($connect, $sql);
$profile = mysqli_fetch_all($result, MYSQLI_ASSOC);
/* changes */

$nick = $_POST['Nickname'];
$wp = $_POST['Wphone'];
$icen1 = $_POST['ICEName1'];
$icep1 = $_POST['ICePhone1'];
$icen2 = $_POST['ICEName2'];
$icep2 = $_POST['ICEPhone2'];
$addr = $_POST['Address'];

foreach($profile as $profileid) {
/* in dbase */

$wname = $profileid['Nickname'];
$wphone = $profileid['Wphone'];
$icename1 = $profileid['ICEName1'];
$icephone1 = $profileid['ICePhone1'];
$icename2 = $profileid['ICEName2'];
$icephone2 = $profileid['ICEPhone2'];
$eaddr = $profileid['Address'];

}
echo "<form action='index.php?menu=profile&action=edityes' method='POST'";
echo "";
if(!empty($nick)) {
echo "You Changed the Nickname : ".$wname." to : ".$nick." 
<input type='hidden' name='Nickname' value='".$_POST['Nickname']."'>";
}
if(!empty($wp)) {
echo "You Changed the Work number : +".$wphone." to : +".$wp." 
<input type='hidden' name='Wphone' value='".$_POST['Wphone']."'>";
}
if(!empty($icen1)) {
echo "You Changed ICE Name 1 : ".$icename1." to : ".$icen1." 
<input type='hidden' name='ICEName1' value='".$_POST['ICEName1']."'>";
}
if(!empty($icep1)) {
echo "You Changed ICE Number 1 : +".$icephone1." to : +".$icep1." 
<input type='hidden' name='ICePhone' value='".$_POST['ICePhone1']."'>";
}
if(!empty($icen2)) {
if(empty($icename2)) {
$icename2 = "[Not setted]";
}
echo "You Changed ICE Name 2 : ".$icename2." to : ".$icen2." 
<input type='hidden' name='ICEName2' value='".$_POST['ICEName2']."'>";
}
if(!empty($icep2)) {
if(empty($icephone2)) {
$icephone2 = "[Not setted]";
}
echo "You Changed ICE Number 2 : +".$icephone2." to : +".$icep2." 
<input type='hidden' name='ICEPhone2' value='".$_POST['ICEPhone2']."'>";
}
if(!empty($addr)) {
echo "You Changed your email address : ".$eaddr." to : ".$addr." 
<input type='hidden' name='Address' value='".$_POST['Address']."'>";
}
echo "If this information is correct, click <input type='submit' name='submit'> to confirm. click <a href='index.php?menu=profile'>here</a> to cancel";
echo "</form>";

}elseif($_GET['menu'] == 'profile' && $_GET['action'] == 'edityes') {

if(!empty($_POST['Nickname'])) {
$query = 'UPDATE Girls SET Nickname="'.$_POST['Nickname'].'" WHERE ID="'.$_SESSION['ID'].'"';
$result = mysqli_query($connect, $query);
} else {echo "No changes";}
if(!empty($_POST['Wphone'])) {
$query = 'UPDATE Girls SET Wphone="'.$_POST['Wphone'].'" WHERE ID="'.$_SESSION['ID'].'"';
$result = mysqli_query($connect, $query);
} else {echo "No changes";}
if(!empty($_POST['ICEName1'])) {
$query = 'UPDATE Girls SET ICEName1="'.$_POST['ICEName1'].'" WHERE ID="'.$_SESSION['ID'].'"';
$result = mysqli_query($connect, $query);
} else {echo "No changes";}
if(!empty($_POST['ICePhone1'])) {
$query = 'UPDATE Girls SET ICePhone1="'.$_POST['ICePhone1'].'" WHERE ID="'.$_SESSION['ID'].'"';
$result = mysqli_query($connect, $query);
} else {echo "No changes";}
if(!empty($_POST['ICEName2'])) {
$query = 'UPDATE Girls SET ICEName2="'.$_POST['ICEName2'].'" WHERE ID="'.$_SESSION['ID'].'"';
$result = mysqli_query($connect, $query);
} else {echo "No changes";}
if(!empty($_POST['ICEPhone2'])) {
$query = 'UPDATE Girls SET ICEPhone2="'.$_POST['ICEPhone2'].'" WHERE ID="'.$_SESSION['ID'].'"';
$result = mysqli_query($connect, $query);
} else {echo "No changes";}
if(!empty($_POST['Address'])) {
$query = 'UPDATE Girls SET Address="'.$_POST['Address'].'" WHERE ID="'.$_SESSION['ID'].'"';
$result = mysqli_query($connect, $query);
} else {echo "No changes";}

if(!empty($_POST['Nickname'])) {
echo "Nickname is changed to ".$_POST['Nickname']." ";
} else {echo "No changes";}
if(!empty($_POST['Wphone'])) {
echo "Work number is changed to +".$_POST['Wphone']." ";
} else {echo "No changes";}
if(!empty($_POST['ICEName1'])) {
echo "ICE name 1 is changed to ".$_POST['ICEName1']." ";
} else {echo "No changes";}
if(!empty($_POST['ICePhone1'])) {
echo "ICE number 1 is changed to +".$_POST['ICePhone1']." ";
} else {echo "No changes";}
if(!empty($_POST['ICEName2'])) {
echo "ICE name 2 is changed to ".$_POST['ICEName2']." ";
} else {echo "No changes";}
if(!empty($_POST['ICEPhone2'])) {
echo "ICE number 2 is changed to +".$_POST['ICEPhone2']." ";
} else {echo "No changes";}
if(!empty($_POST['Address'])) {
echo "Email address is changed to".$_POST['Address']." ";
} else {echo "No changes";}
sleep(2);
echo "Click <a href='index.php?menu=profile'>here</a> to go back";

}
?>
[]/code]

- Ariën -

17-04-2023 17:04 gewijzigd op 17-04-2023 17:05

Ja, kan korter als je één query gebruikt, en denk ook hier aan SQL-injection.
iemand met de naam Jacques Joop d'Ancona zal zich nu vanwege de apostrof erin zijn naam niet kunnen aanpassen.

En vanwaar die sleep()?

Verder is oud HTML wat al jaren niet meer actief gebruikt wordt. Het gebruik van CSS is al 20 jaar in.

Arno van Zanten

17-04-2023 17:07

ik weet, maar was om een specifiek doel aan te geven.
Verder gebruik in CSS ja.

- Ariën -

17-04-2023 17:12 gewijzigd op 17-04-2023 17:12

Met een array, en een foreach() kan je ook het één en ander inkorten.
Je zou met array_diff kunnen kijken wat er aangepast is tussen je huidige data uit je databasevelden en de $_POST velden, en zo een selectie maken wat er geüpdated is.

Het is net hoever je wilt gaan. Elke applicatie kan je uiteindelijk wel efficiënter programmeren, maar het gaat er ook om dat het overzichtelijk blijft, en dat je niet opnieuw bugs introduceert. Dus blijven testen!

Als je een beetje ervaren met PHP bent, dan is PHPunit wel handig.

Arno van Zanten

17-04-2023 17:17

dat array_diff() lijkt me wel wat, even checken hoe dat werkt.

- Ariën -

17-04-2023 17:46 gewijzigd op 17-04-2023 17:46

Kijk maar gerust naar de werking van [php]array_diff[/php].

Het is niet dat het moet. Ikzelf overschrijf in een query al mijn data, ook al als ik het niet bewerkt heb.
Een dergelijke aanpassing met array_diff() betekent wel extra testwerk: Hoe gaat het om met speciale tekens? Wat als iets leeg is? En zo zijn er nog wel wat voorwaarden.

Als jij van leesbare code houdt, net als ik, dan is het prima om één query te maken met al je wel-en-niet aangepaste $_POST variabelen die je (uiteraard geëscaped) opslaat in je database.

[size=xsmall]Toevoeging op 17/04/2023 17:54:18:[/size]

Even een mooi voorbeeldje van de functie array_diff:


<?php
$database_values = array("name"=> "Jan Joker", "place"=>"Schubbekutteveen", "hobby"=>"Ballonvouwen");
$post_values = array("name"=> "Jan Joker", "place"=>"Schubbekutteveenschemond", "hobby"=>"Punniken");

$result = array_diff($post_values,$database_values);
print_r($result);

/*
Uitvoer is:
Array

(
    [place] => Schubbekutteveenschemond
    [hobby] => Punniken
)

*/
?>

Arno van Zanten

17-04-2023 21:10 gewijzigd op 17-04-2023 21:11

Okay, maar ik wil ook zien wat precies wordt aangepast.

BV: Nickname -> Schaap is wordt nu -> Geit

Nu laat hij alleen zien wat er ingevoerd is.

BV: Geit

- Ariën -

17-04-2023 21:25 gewijzigd op 17-04-2023 21:47

~~Gebruik dan array_diff_assoc(...)~~

Arno van Zanten

17-04-2023 21:34

Blijft hetzelfde doen.

Reageren

Inloggen om te reageren