dynamicreport.com - Reducing SQL Modifications When Modifying Forms

dynamicreport.com News Member Login Knowledge Base Site Map
Support Support Ticket Contact Us
Products Drag & Drop Objects Drag & Drop Calendar UNIGEN Web Reporting Code View
Testimonials Downloads
Order

Updates: June 26, 2008

^new Drag-and-Drop Objects (ddobj) v3.10. Features skinned, resizable drag and drop information windows, tooltips, menus and widgets for W3C standards compliant Web pages using various doctypes. Includes optional AJAX support.

Click for details ...

Knowledge Base

UNIGEN

ddobj

News

Article #1007: Reducing SQL Modifications When Changing Form Data

The modification of Web forms is a three step process. The form itself is modified, and so to are the database procedures that insert or update records (our focus for automation) in conjunction to the modification of actual database table fields. Changes normally involve renaming, adding or removing form input controls and their associated reference names on a Web page and matching fields in database table(s). We can eliminate the often overlooked step of reflecting changes to our SQL statements in the source code after adjusting the form interface and database structure. The tedious task of adjusting the form's (behind the scenes) data storage procedure via SQL can become automated. The modification of SQL statements to transfer form input data into corresponding database records is self-adjusting. Through the use of a form input control naming convention -- manual SQL statement modifications pertaining to the INSERT and UPDATE procedures are eliminated via a generic form update handler. Believe it or not, this organized script will reduce development time whenever a form is updated to reflect new or different fields of information. The generic routine below is beneficial to large evolving projects with continuous structural changes that require modifications to forms and the storage of their associated input data using SQL. Adjusting the UI aspect of a form and forgetting to accommodate for the data storage procedure is no longer an overlooked debugging issue. The routine below automates this process as long as the form input controls on a Web page adhere to a convenient naming convention.

The form control naming convention helps the function: form_update_data() identify a means by which to generate a valid SQL statement, and without manual intervention. The form control naming convention: ([...] optional constituent)

Record Update or Insert (pre-determined key):
tableAcronym_correspondingTableFieldName_id[recordID]

Record Insert (database assigned key, i.e. auto increment key):
tableAcronym_correspondingTableFieldName_id[symbol+index]

The first parameter of the function call to form_update_data ($conv_id, $ins, $num, $input, $sql_vals); is the table identifier acronym, which will indicate which matching form data corresponds to the associated table. In the example below, "itm" would be table item. The second parameter is an indication of either an INSERT or UPDATE (true or false) operation. This is determined by your calling script perhaps by a database record look-up for an existing record. The INSERT operation can be replaced by the REPLACE command if preferred, and may deem a pre-existing record look-up unnecessary. The indication will default to INSERT for auto database assigned keys. The third parameter, when set to true, will avoid encompassing numeric values (hexadecimal, integer, float, etc.) by single quotes, which would generate an error in MSSQL for numeric fields. Set this parameter for MSSQL and clear it for MySQL. The forth parameter is the passing of an array containing the source data so a form would require the POST array. The last parameter takes a pass-by-reference array that will contain the actual values contained within the form controls or array source.

Eg. (item_name and item_cost field values for an existing record of ID 11237)
<input type = 'text' name = 'itm_item_name_id11237' value = 'Bolt'>
<input type = 'text' name = 'itm_item_cost_id11237' value = '0.20'>

Eg. (item_name and item_cost field values for a new record, no ID)
<input type = 'text' name = 'itm_item_name_id' value = 'Washer'>
<input type = 'text' name = 'itm_item_cost_id' value = '0.10'>

Eg. (item_name and item_cost field values for multiple new records, no ID)
<input type = 'text' name = 'itm_item_name_idi0' value = 'Washer'>
<input type = 'text' name = 'itm_item_cost_idi0' value = '0.10'>
<input type = 'text' name = 'itm_item_name_idi1' value = 'Bolt'>
<input type = 'text' name = 'itm_item_cost_idi1' value = '0.20'>

															<?

define ("INS_SYMBOL", "i"); // record insertion symbol for auto assigned DB record ID

// condense code associated with changing SQL statements when

// database storage of changing form control data output occurs

function form_update_data ($conv_id, $ins, $num, $input, &$sql_vals = NULL, $sql_escape = 0)

{	// table acronym identifier, record insertion or update, enable/disable numeric

  // data quote enclosure, array of fields, array to be filled with actual values,

  // 1 = mssql escape apostrophe (''), 2 = addslashes in mysql (\'), 0 = no escape

  $quote = "'";

  // sql fragment containing specific field assignments

  $sql_frag = array ();

  $ins_orig = $ins;

  foreach ($input as $shortnm => $val)

  {

    if ($sql_escape == 1) // mssql escaped apostrophe

      $val = str_replace("'", "''", $val);

    else if ($sql_escape == 2) // mysql escaped apostrophe

      $val = addslashes ($val);

    $ins = $ins_orig;

    // find the specific data according to convention ID

    if (preg_match ("/^($conv_id)_(.*)_id(.*){0,1}/i", $shortnm, $matches))

    {

      if (!$matches[1])

        continue;

      if ($matches[3][0] == INS_SYMBOL) // force insert (new record)

        $ins = 1;

      $id = $matches[3] ? $matches[3] : 0;

      if ($ins) // INSERT

      { // field & value clauses

        $sql_frag[$id][0] .= ($sql_frag[$id][0] != "" ? ", " : "");

        $sql_frag[$id][1] .= ($sql_frag[$id][1] != "" ? ", " : "");

      }

      else // UPDATE

        $sql_frag[$id] .= ($sql_frag[$id] != "" ? ", " : "");

      if ($num) // exclude quotes from numeric values

        $quote = (is_numeric ($val) ? "" : "'");

      if ($ins) // INSERT

      {

        $sql_frag[$id][0] .= $matches[2]; // field clause

        $sql_frag[$id][1] .= $quote.$val.$quote; // value clause

      }

      else // UPDATE

        $sql_frag[$id] .= "$matches[2] = ".$quote.$val.$quote;

      $sql_vals[$id][] = $val;

    }

  }

  return $sql_frag;

}

?>
Code View - dynamicreport.com

															<?

// place this code anywhere in your save form data procedure

$ins = false; // figure out if this is an insert or update procedure

$sql_vals = array (); // array will store actual SQL values

$sql_frag = form_update_data ("itm", $ins, true, $_POST, $sql_vals);

$table = "items";

$fld_id = "item_id";

// cycle through all form data pertaining to a table

foreach ($sql_frag as $id => $val)

{

  if ($id[0] == INS_SYMBOL)

  { // insertion of new records (auto database assigned key)

    if ($sql_vals[$id][0] == "")

      continue; // handle the 1st blank field, skip record

    $sql = "INSERT INTO $table (".$sql_frag[$id][0].") ".

      "VALUES (".$sql_frag[$id][1].")";

  }

  else

  { // update existing record, but delete it if essential field(s) are blank

    if ($sql_vals[$id][0] == "") // handle 1st blank field, delete record 1st

      $sql = "DELETE FROM $table WHERE $fld_id = '$id'";

    else

      $sql = "UPDATE $table SET $sql_frag[$id] WHERE $fld_id = '$id'";

  }

  $db->query ($sql); // execute the automated database query

?>
Code View - dynamicreport.com

Back to article listing