Sample Application: Guestbook
| /web/www.example.com/smarty/guestbook/libs/guestbook.lib.php |
<?php
/**
* Project: Guestbook Sample Smarty Application
* Author: Monte Ohrt <monte [AT] ohrt [DOT] com>
* Date: March 14th, 2005
* File: guestbook.lib.php
* Version: 1.0
*/
/**
* guestbook application library
*
*/
class Guestbook {
// database object
var $sql = null;
// smarty template object
var $tpl = null;
// error messages
var $error = null;
/**
* class constructor
*/
function Guestbook() {
// instantiate the sql object
$this->sql =& new GuestBook_SQL;
// instantiate the template object
$this->tpl =& new Guestbook_Smarty;
}
/**
* display the guestbook entry form
*
* @param array $formvars the form variables
*/
function displayForm($formvars = array()) {
// assign the form vars
$this->tpl->assign('post',$formvars);
// assign error message
$this->tpl->assign('error', $this->error);
$this->tpl->display('guestbook_form.tpl');
}
/**
* fix up form data if necessary
*
* @param array $formvars the form variables
*/
function mungeFormData(&$formvars) {
// trim off excess whitespace
$formvars['Name'] = trim($formvars['Name']);
$formvars['Comment'] = trim($formvars['Comment']);
}
/**
* test if form information is valid
*
* @param array $formvars the form variables
*/
function isValidForm($formvars) {
// reset error message
$this->error = null;
// test if "Name" is empty
if(strlen($formvars['Name']) == 0) {
$this->error = 'name_empty';
return false;
}
// test if "Comment" is empty
if(strlen($formvars['Comment']) == 0) {
$this->error = 'comment_empty';
return false;
}
// form passed validation
return true;
}
/**
* add a new guestbook entry
*
* @param array $formvars the form variables
*/
function addEntry($formvars) {
$_query = sprintf(
"insert into GUESTBOOK values(0,'%s',NOW(),'%s')",
mysql_escape_string($formvars['Name']),
mysql_escape_string($formvars['Comment'])
);
return $this->sql->query($_query);
}
/**
* get the guestbook entries
*/
function getEntries() {
$this->sql->query(
"select * from GUESTBOOK order by EntryDate DESC",
SQL_ALL,
SQL_ASSOC
);
return $this->sql->record;
}
/**
* display the guestbook
*
* @param array $data the guestbook data
*/
function displayBook($data = array()) {
$this->tpl->assign('data', $data);
$this->tpl->display('guestbook.tpl');
}
}
?>
|
guestbook.lib.php is our application class. It contains the main logic
for our entire application. Lets look at each class method.
| class method Guestbook() |
/**
* class constructor
*/
function Guestbook() {
// instantiate the sql object
$this->sql =& new GuestBook_SQL;
// instantiate the template object
$this->tpl =& new Guestbook_Smarty;
}
|
This is the class constructor. It is executed each time we instantiate the
guestbook object. It instantiates the SQL and Smarty objects as properties. We
can then access them from within our object methods.
| class method displayForm() |
/**
* display the guestbook entry form
*
* @param array $formvars the form variables
*/
function displayForm($formvars = array()) {
// assign the form vars
$this->tpl->assign('post',$formvars);
// assign error message
$this->tpl->assign('error', $this->error);
$this->tpl->display('guestbook_form.tpl');
}
|
The displayForm() method is used for displaying the guestbook entry form.
It assigns the form variables and the form validation error message to the
template, then displays the form.
| class method mungeFormData() |
/**
* fix up form data if necessary
*
* @param array $formvars the form variables
*/
function mungeFormData(&$formvars) {
// trim off excess whitespace
$formvars['Name'] = trim($formvars['Name']);
$formvars['Comment'] = trim($formvars['Comment']);
}
|
The mungeFormData() method trims off whitespace from the form input. This
is called prior to form validation. Notice the form data is passed into the
method by reference so the changes will affect the original array.
| class method isValidForm() |
/**
* test if form information is valid
*
* @param array $formvars the form variables
*/
function isValidForm($formvars) {
// reset error message
$this->error = null;
// test if "Name" is empty
if(strlen($formvars['Name']) == 0) {
$this->error = 'name_empty';
return false;
}
// test if "Comment" is empty
if(strlen($formvars['Comment']) == 0) {
$this->error = 'comment_empty';
return false;
}
// form passed validation
return true;
}
|
The method isValidForm() validates the form input. This is a simple test
to see if the Name or Comment was empty. If so, the appropriate
error code is assigned to the error property. (These error codes are used by the
template later on.)
| class method addEntry() |
/**
* add a new guestbook entry
*
* @param array $formvars the form variables
*/
function addEntry($formvars) {
$_query = sprintf(
"insert into GUESTBOOK values(0,'%s',NOW(),'%s')",
mysql_escape_string($formvars['Name']),
mysql_escape_string($formvars['Comment'])
);
return $this->sql->query($_query);
}
|
The addEntry method enters a new guestbook entry into the database.
Notice the values are escaped to avoid SQL syntax errors or injection attacks.
| class method getEntries() |
/**
* get the guestbook entries
*/
function getEntries() {
$this->sql->query(
"select * from GUESTBOOK order by EntryDate",
SQL_ALL,
SQL_ASSOC
);
return $this->sql->record;
}
|
The method getEntries() gets all the guestbook entries from the
database in field => value format (SQL_ASSOC).
| class method displayBook() |
/**
* display the guestbook
*
* @param array $data the guestbook data
*/
function displayBook($data = array()) {
$this->tpl->assign('data', $data);
$this->tpl->display('guestbook.tpl');
}
|
The method displayBook() displays the guestbook entries. The $data
array is expected to be an array of the guestbook entries. This is assigned to
the template and then the template is displayed.
[Page 1]
[Page 2]
[Page 3]
[Page 4]
[Page 5]
|
