Flex Data Management 03 - Storing data in a relational DB on a remote server
The first and the second part of this tutorial covered the topics
- reading data from a relational DB and transforming the data into a suitable (XML) format so that Flex can use this data to establish a
DataProvider - setting up a (editable)
DataGridwith the DataProvider and checking user input for consistency
So now we’re ready to send the updated data back to our server: whenever the user changes the row (either by typing ‘enter’or by clicking into another row) the entered data will be checked. If the new Values are OK, the method sendData() will be called in order to construct an Object that will hold our parameters for the POST request by means of the AS3 HttpService Class:
function sendData(id:int, field:String, value:String)
{
var params: Object = {};
params.id = id;
params.field = field;
params.value = value;
var at:AsyncToken = updaterequest.send(params);
}
The HTTPService updaterequest which is called here is defined in
our .mxml-file:
<mx:HTTPService id="updaterequest"
result="handleUpdateResponse(event)"
showBusyCursor="true"
method="POST"
url="http://yourserver.com/yourscript.php"
useProxy="false" />
So far, the entered data has been sent back to our server. After the request is
done, the HttpService will call the
handleUpdateResponse() method in wich we can control the further
program behaviour acording to success or failure. But on the server side again,
we have to check the data before any attempt to write it into the DB: the param
id has to be numerical, the params field and value must be quoted to avoid
possible SQL injections! Let’s have a look at the PHP script that processes the
data and stores them in the mySQL Database:
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['id']))
{
// check whether the id is numeric and quote the other fields
// for security reasons so that there can be no sql injection
$id = is_numeric($_POST['id']) ? $_POST['id'] : 0;
$field = quoteInput($_POST['field']);
$value = quoteInput($_POST['value']);
updateUserList( $id, $field, $value );
}
function quoteInput($value)
{
// Stripslashes
if (get_magic_quotes_gpc()) $value = stripslashes($value);
// Quote if not integer
if (!is_numeric($value))
$value = "'" . mysql_real_escape_string($value) . "'";
return $value;
}
function updateUserList($id, $field, $value)
{
// open the connection to our DB host and select the DB we need
// you have to define these constants for your needs..
$link = mysql_connect(DB_HOST, DB_USER_ADMIN, DB_PASS_ADMIN)
or returnError('Could not connect: ' . mysql_error());
mysql_select_db(DB_NAME) or returnError('Could not select database');
// prepare the update statement for the user row in question
$exec = "UPDATE `user` SET `$field` ='$value'
WHERE `id`='$id'";
// execute the update and close the connection
$result = mysql_query($exec);
mysql_free_result($result);
mysql_close($link);
// this is the response that the Flex HttpService
// will get, so that the Flex program can inform
// the user of an error if necessary
if ($result) print('<response>success</response>');
else print('<response>failed</response>');
}
function returnError($err)
{
// HTTP-header?
print('<response>failed</response>');
print("<message>$err</message>");
exit();
}
So we have the complete cycle of communication between a Flex program and a
relational database via Http-request and Webserver…
enjoy building your applications!
One Comment, Comment or Ping
Reply to “Flex Data Management 03 - Storing data in a relational DB on a remote server”