Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Added some code refactoring #1

Merged
merged 1 commit into from

2 participants

Alexey Novak Cindy Qi Li
Alexey Novak

No description provided.

Cindy Qi Li cindyli merged commit 56f9464 into from
Alexey Novak anvk deleted the branch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jan 21, 2013
  1. Alexey Novak

    Added some code refactoring

    anvk authored
This page is out of date. Refresh to see the latest.
Showing with 38 additions and 36 deletions.
  1. +18 −17 add_places.php
  2. +20 −19 login.php
35 add_places.php
View
@@ -1,30 +1,30 @@
<?php
-include("include/config.php");
+include_once("include/config.php");
session_start();
-if (!isset($_SESSION['login_user'])) {
- echo "You don't have privilege to access this page, please <a href=\"login.php\">login</a> first.";
- exit;
+if (!isset($_SESSION["login_user"]) || trim($_SESSION["login_user"]) == "") {
+ echo "You don't have privilege to access this page, please <a href=\"login.php\">login</a> first.";
+ exit;
}
-$username = $_SESSION['login_user'];
-
-if (isset($_POST["place"])) {
- $place = addslashes($_POST["place"]);
-
- $sql = "INSERT INTO places(place_name, created_by, created_date)
- SELECT '" . $place . "', user_id, now()
- FROM users
- WHERE username = '" . $username . "'";
-
- $result=mysql_query($sql);
+$username = $_SESSION["login_user"];
+
+if (isset($_POST["place"]) && trim($_POST["place"]) != "") {
+ $place = addslashes($_POST["place"]);
+
+ $sql = sprintf("INSERT INTO places(place_name, created_by, created_date)
+ SELECT '%s', user_id, now()
+ FROM users
+ WHERE username = '%s'", $place, $username);
+
+ $result = mysql_query($sql);
}
$sql = "SELECT username, place_name, created_date
FROM users u, places p
WHERE u.user_id = p.created_by";
-$result=mysql_query($sql);
+$result = mysql_query($sql);
?>
<body>
@@ -40,7 +40,8 @@
<table>
<?php
while ($row = mysql_fetch_assoc($result)) {
- echo "<span style=\"color: blue\">". $row["place_name"] ."</span> was added by " . $row["username"] . " at " . $row["created_date"] . "<br />";
+ // Notice string concatenation using "."
+ echo "<span style=\"color: blue\">". $row["place_name"] ."</span> was added by " . $row["username"] . " at " . $row["created_date"] . "<br />";
}
?>
</table>
39 login.php
View
@@ -1,27 +1,28 @@
<?php
-include("include/config.php");
+include_once("include/config.php");
session_start();
-if(isset($_POST["username"]))
+if(isset($_POST["username"]) && trim($_POST["username"]) != "")
{
- // username and password sent from Form
- $myusername=addslashes($_POST['username']);
-
- $sql="SELECT user_id FROM users WHERE username='$myusername'";
- $result=mysql_query($sql);
- $row=mysql_fetch_array($result);
-
- // If result matched $myusername and $mypassword, table row must be 1 row
- if(mysql_num_rows($result) == 0)
- {
- $sql = "INSERT INTO users(username) VALUES ('" . $myusername . "')";
- $result=mysql_query($sql);
- }
- $_SESSION['login_user'] = $myusername;
-
- header("location: add_places.php");
- exit;
+ // username and password sent from Form
+ $myusername=addslashes($_POST['username']);
+
+ $sql = "SELECT user_id FROM users WHERE username='$myusername'";
+ $result = mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ // If result matched $myusername, table should have at least 1 row
+ if(mysql_num_rows($result) == 0)
+ {
+ // If we did not find a user then let's add to the DB
+ $sql = sprintf("INSERT INTO users(username) VALUES ('%s')", $myusername);
+ $result = mysql_query($sql);
+ }
+ $_SESSION["login_user"] = $myusername;
+
+ header("location: add_places.php");
+ exit;
}
?>
Something went wrong with that request. Please try again.