1. class
  2. Tsugi
  3. \
  4. UI
  5. \
  6. CrudForm

CrudForm

class CrudForm

This is a class that supports the creation of simple CRUD forms.

This code generates HTML pages and makes SQL queries to automate the creation of simple CRUD forms by passing in values, table names, and strings. Here is a code example from admin/keys/key-add.php:

$from_location = "keys.php";
$fields = array("key_key", "key_sha256", "secret", "created_at", "updated_at");
CrudForm::insertForm($fields, $from_location);

This will output the HTML for a form that the user can fill in and submit. The $from_location is used under the "Cancel" button.

The file admin/key/key-add.php is a good example of how to do an insert form and the file admin/key/key-detail.php is a good example of the update case - which is significantly more complex.

Constants

CRUD_SUCCESS

Indicates that CRUD operation was successful
CRUD_FAIL

Indicates that CRUD operation failed (likely an SQL problem)
CRUD_NONE

Indicates that a CRUD operation could not be done because it was missing data.

Methods

static 
insertForm($fields, $from_location, $titles = false, $fields_defaults = false)

Generate the HTML for an insert form.

static int
handleInsert($tablename, $fields)

Insert data from a $_POST of one of our generated forms insert form into the database.

static 
updateForm($row, $fields, $current, $from_location, $allow_edit = false, $allow_delete = false, $extra_buttons = false, $titles = false)

Generate the HTML for an update form.

static int
handleUpdate($tablename, $fields, $where_clause = false, $query_parms = array(), $allow_edit = false, $allow_delete = false)

Apply the results of an update form to the database

static 
fieldToTitle($name, $titles = false)

Maps a field name to a presentable title.

static string
valueToField($name, $values = false)

Maps a default value to a field.

static 
selectSql($tablename, $fields, $where_clause = false)

Produce the SELECT statement for a table, set of fields and where clause.

Details

at line 58
static insertForm($fields, $from_location, $titles = false, $fields_defaults = false)

Generate the HTML for an insert form.

Here is a sample call:

$from_location = "keys.php";
$fields = array("key_key", "key_sha256", "secret", "created_at", "updated_at");
CrudForm::insertForm($fields, $from_location);

Parameters

$fields An array of fields to prompt for.
$from_location A URL to jump to when the user presses 'Cancel'.
$titles An array of fields->titles
$fields_defaults An array of fields>default values

at line 98
static int handleInsert($tablename, $fields)

Insert data from a $_POST of one of our generated forms insert form into the database.

Here is a sample call:

$tablename = "tsugi_lti_key";
$fields = array("key_key", "key_sha256", "secret", "created_at", "updated_at");
CrudForm::handleInsert($tablename, $fields);

Parameters

$tablename
$fields

Return Value

int Returns the constant for SUCCESS, FAIL, or NONE

at line 185
static updateForm($row, $fields, $current, $from_location, $allow_edit = false, $allow_delete = false, $extra_buttons = false, $titles = false)

Generate the HTML for an update form.

Here is a sample call:

$from_location = "keys.php";
$fields = array("key_key", "key_sha256", "secret", "created_at", "updated_at");
$current = getCurrentFileUrl(__FILE__);
$retval = CrudForm::updateForm($row, $fields, $current, $from_location, true, true);

Parameters

$row The existing data for the fields.
$fields An array of fields to be shown.
$current The URL of the current HTML page.
$from_location A URL to jump to when the user presses 'Cancel'.
$allow_edit True/false as to whether to show an Edit button
$allow_delete True/false as to whether to show a Delete button
$extra_buttons An array of additional buttons to show
$titles An array of fields->titles

at line 312
static int handleUpdate($tablename, $fields, $where_clause = false, $query_parms = array(), $allow_edit = false, $allow_delete = false)

Apply the results of an update form to the database

Here is a sample call:

$tablename = "tsugi_lti_key";
$fields = array("key_id", "key_key", "secret", "created_at", "updated_at");
$where_clause .= "user_id = :UID";
$query_fields = array(":UID" => $_SESSION['id']);
$row =  CrudForm::handleUpdate($tablename, $fields, $where_clause, $query_fields, true, true);

This code very much depends on the $_POST data being generated from the form that this class created. For example it decides to delete or update based on a $_POST field from the button that was pushed. Also the primary key comes from the $_POST data, so this routine checks for consistency and provides a WHERE clause capability to make sure folks can only update data that belongs to them.

Also this code depends on database column naming conventions - in particular it knows that key_id is a primary key. In the above example, the ultimate WHERE clause will effectively be as follows:

UPDATE ... WHERE key_id = $_POST['key_id'] AND user_id = $_SESSION['id']

This way, even if the user forges the key_id data to be one that does not belong to them, the AND clause will stop the UPDATE from happening. If this is an administrator that can update any record - simply set the $where_clause to an empty string and $query_fields to an empty array.

If we were editing some context-wide data as instructor, we might add the current context_id of the logged in instructor to the WHERE clause.

Parameters

$tablename
$fields
$where_clause
$query_parms
$allow_edit
$allow_delete

Return Value

int Returns the constant for SUCCESS, FAIL, or NONE

at line 410
static fieldToTitle($name, $titles = false)

Maps a field name to a presentable title.

Parameters

$name
$titles

at line 420
static string valueToField($name, $values = false)

Maps a default value to a field.

Parameters

$name
$values

Return Value

string

at line 432
static selectSql($tablename, $fields, $where_clause = false)

Produce the SELECT statement for a table, set of fields and where clause.

Parameters

$tablename
$fields
$where_clause