Before we create our removestudent.php script, let's first add the removal links to our Main Student Listing index.php script.
Add Link to Font Awesome Stylesheet
We are going to use the Font Awesome trashcan link so the purpose of the link is obvious. To do that, we need to include the Font Awesome stylesheet in a <link>. Open up the index.php script and add the following stylesheet <link> just below the Bootstrap stylesheet, and just above the <title>Student Listing</title> line:
index.php - Student Listing: Add Font Awesome Stylesheet
Add a Remove Link Column to the Student Listing Table
Next, we need to add a column to our student listing table by adding a blank table head column. Then, we can add a data item for each student listing with a link to removestudent.php and the id of the student as a query parameter to the table row. Let us name the query parameter: id_to_delete:
index.php - Student Listing: Add a Remove Link Column to Table
Creating a Remove a Student Page with the Usual Bootstrap Template with a Card
Let's create a removestudent.php script using a Bootstrap template, set the <title> to Remove Student, and add a Card for our content with a header for the title of the page:
removestudent.php - Remove Student: using Bootstrap Template with Card
1 2 3 4 5 6 7 8 910111213141516171819202122232425
<html><head><linkrel="stylesheet"href="https://stackpath.bootstrapcdn.com/bootstrap/4.2.1/css/bootstrap.min.css"integrity="sha384-GJzZqFGwb1QTTN6wy59ffF1BuGJpLSa9DkKMp0DgiMDm4iYMj70gZWKYbI706tWS"crossorigin="anonymous"><title>Remove Student</title></head><body><divclass="card"><divclass="card-body"><h1>Remove a Student</h1></div></div><scriptsrc="https://code.jquery.com/jquery-3.3.1.slim.min.js"integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo"crossorigin="anonymous"></script><scriptsrc="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.6/umd/popper.min.js"integrity="sha384-wHAiFfRlMFy6i5SRaxvfOCifBUQy1xHdJ/yoi7FRNXMRBu5WHdZYu1hA6ZOblgut"crossorigin="anonymous"></script><scriptsrc="https://stackpath.bootstrapcdn.com/bootstrap/4.2.1/js/bootstrap.min.js"integrity="sha384-B0UglyR+jN6CkvvICOB2joaf5I4l3gm9GU6Hc1og6Ls7i6U/mkkaduKaBhlAXv9k"crossorigin="anonymous"></script></body></html>
Connect to the Student Database
removestudent.php - Remove Student: Connect to the Database
We'll need to access the Student database for the student we want to remove:
1 2 3 4 5 6 7 8 910
<body><div class="card"> <div class="card-body"> <h1>Remove a Student</h1><?phprequire_once('dbconnection.php');$dbc=mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME)ortrigger_error('Error connecting to MySQL server for DB_NAME.',E_USER_ERROR);
Multiple Ways to Navigate to Remove a Student Page
There are multiple ways to navigate to this Remove a Student page, so let's head back over to the lecture notes to discuss this.
We need to handle all of these possible methods of navigating to the removestudent.php script. So, first, we handle the expected ways of navigating to the removestudent.php script, then the unexpected ones.
The best way to deal with these choices is to create an if/elseif/else block of code as in:
1 2 3 4 5 6 7 8 91011121314
$dbc=mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME)ortrigger_error('Error connecting to MySQL server for DB_NAME.',E_USER_ERROR);if(isset($_POST['delete_student_submission'],$_POST['id'])):...elseif(isset($_POST['do_not_delete_student_submission'])):...elseif(isset($_GET['id_to_delete'])):...else:// Unintended page link...endif;?>
Navigating from the Trashcan Link on index.php
The first intended way we will navigate to removestudent.php is when the user selects the trashcan icon for a student they want to delete. Therefore we will be dealing with the second elseif block:
1
elseif(isset($_GET['id_to_delete'])):
They should be presented with a page like this:
First, display a deletion confirmation message using Bootstrap’s text-danger class:
1234
elseif(isset($_GET['id_to_delete'])):?> <h3 class="text-danger">Confirm Deletion of the Following Student Details:</h3><br/><?php
Next, grab the query parameter that holds the id of the student we want to delete from the $_GET[] superglobal array. With it, we can query the studentListing table in the Student database for the row of fields for the given student id:
1 2 3 4 5 6 7 8 91011121314151617
<h3 class="text-danger">Confirm Deletion of the Following Student Details:</h3><br/><?php$id=$_GET['id_to_delete'];$query="SELECT * FROM studentListing WHERE id = $id";$result=mysqli_query($dbc,$query)ortrigger_error('Error querying database studentListing',E_USER_ERROR);if(mysqli_num_rows($result)==1):$row=mysqli_fetch_assoc($result);else:?><h3>No Student Details :-(</h3><?phpendif;
And then display the student in an <h1> tag set and all the student details in a striped table:
Finally, display a form that self references the removestudent.php page with two submit buttons: one for deleting the student and another for not deleting the student:
Notice I created a hidden <input> element in the form and set it to the id of the student. After the form data is POSTed back to removestudent.php when the user presses the Delete Student submit button, the id is available to our PHP script in the $_POST[] superglobal array so that our code can delete it from the database. We have to do this because the web is stateless.
Let's head back over to the lecture notes to discuss this.
Clicking the Delete Student Button
Pressing the Delete Student button is the second intended way for user to arrive at the removestudent.php page. Therefore we are dealing with the if block:
When we reach this condition, it was because a user selected the Delete Student submit button. The browser then sends a POST request to removestudent.php with the form variables delete_student_submission and id in the $_POST[] superglobal array.
In this block, we delete the student with the given id from the studentListing table in the Student database. Then, we link back to the main Students index.php page:
1 2 3 4 5 6 7 8 910
if(isset($_POST['delete_student_submission'],$_POST['id'])):$id=$_POST['id'];$query="DELETE FROM studentListing WHERE id = $id";$result=mysqli_query($dbc,$query)ortrigger_error('Error querying database studentListing',E_USER_ERROR);header("Location: index.php");
Notice that once our code runs, the removed student is no longer listed on the Main page:
Pressing the Don't Delete Button
Pressing the Don't Delete button is the third intended way to navigate to the removestudent.php page. Therefore we will be dealing with first elseif block:
If this condition is true, it was because a user selected the Don't Delete submit button. Doing so, POSTs to removestudent.php with the form variables do_not_delete_student_submission in the $_POST[] superglobal array.
In this block, we redirect the user automatically to the main Students index.php page. Using the header() function, we send a Location: with the destination URL, index.php.
When the page reloads, notice the student was not removed:
Unexpected Navigation Method
Since the HTTP request is coming from the client, in theory, unanticipated, unwanted, and malicious parameters can be in the query string. All other conditions we could navigate to the removestudent.php page are unintended. Therefore, we are dealing with the else block:
1
else:// Unintended page link
Since all of the above conditions are where we want the application to function in a specific way, it is common practice to put the application’s response to unpredictable behavior in an else condition. In this case, we redirect to the main Studentsindex.php page:
123
else:// Unintended page link - No student to remove, link back to indexheader("Location: index.php");
