iii.Store booking reference in the database

Modify tma02_save-row.php to add the data from the booking reference field to the database.

(8 marks)

Look carefully at how the other data elements are added to the database and reflect that for the booking reference field.

Note carefully that tma02_save-row.php handles two distinct situations; one when the record has been edited and the other when the record is new. Here we are only considering a new record and you need only update that part, leaving the other unchanged.

// For security, required PHP files should "die" if SAFE_TO_RUN is not defined if (!defined('SAFE_TO_RUN')) { // Prevent direct execution - show a warning instead die(basename(__FILE__) . ' cannot be executed directly!'); } ?>

Executing:

Saving data from $data array to row in database table

 $sql ==  

prepare($sql))) { die("Error preparing statement ($sql): $database->error"); }

// TODO: Change bind_param() calls according to the columns you expect if ($id) { // Bind parameters for UPDATE statement ('s' for each column plus 's' for id) if (!$stmt->bind_param('ssss', $data['firstname'], $data['lastname'], $data['email'], $id)) { die("Error binding statement ($sql): $stmt->error"); } } else { // Bind parameters for INSERT statement ('s' for each column) if (!$stmt->bind_param('sss', $data['firstname'], $data['lastname'], $data['email'])) { die("Error binding statement ($sql): $stmt->error"); } }

// Execute statement and count inserted/updated rows if ($stmt->execute()) { $rows = $stmt->affected_rows; } else { die("Error executing statement ($sql): $stmt->error"); }

if ($id and $rows == 0) { echo '

Server message: Row with id=' . _x($id) . ' was not changed - either it does not exist or its values did not change

'; }

if (!$id and $rows == 0) { die("No row was inserted ($sql)"); } ?>

Server message: Completed saving data to row in database table

v.Server-side Validation

Modify tma02_validate.php to provide server-side validation for booking reference field.

(8 marks)

Although the client-side validation checks the correct form of the booking reference, it does not actually check it is a valid booking reference.

For a reference to be valid, the server-side should validate the reference to the same format as the client-side, plus the following additional constraints: the three-letter group must be one of ABC, ACD, BCD. Anything else is invalid.

The next character must be a hyphen. Anything else is invalid.

The first digit may only be 5 or 8. The other digits may be any value between 0 and 9 inclusive.

You need to provide checks and only if all are valid, proceed to write the data to the database. If not, provide feedback to the user that the booking reference is invalid.

Add a comment to your validation code explaining the meaning of each part of your booking reference validation expression.

Again, examine the existing code closely, it will guide you.

The easiest way to test regular expressions is using a free online tool search the web for regex tester to discover these.

// For security, required PHP files should "die" if SAFE_TO_RUN is not defined if (!defined('SAFE_TO_RUN')) { // Prevent direct execution - show a warning instead die(basename(__FILE__) . ' cannot be executed directly!'); } ?>

Executing:

Validating data submitted to the server

// TODO: Change these checks according to the columns/formats you expect

// Reference for preg_match: https://www.w3schools.com/php/func_regex_preg_match.asp // Reference for filter_var: https://www.w3schools.com/php/func_filter_var.asp // Note that preg_match and filter_var take different parameters // Try out regular expressions at e.g. https://regex101.com/

// If you see a "Notice: Undefined index" message, check that each name you validate // in $data has an input with that name (not id) in the HTML data form

$value = $data['firstname']; // ^$ = anchors, [a-zA-Z ] = letters/spaces, {1,30} = 1-30 characters $format = "/^[a-zA-Z ]{1,30}$/"; // If value does NOT match the format then it is invalid if (!preg_match($format, $value)) { $feedback['firstname'] = 'Server feedback: Only 1-30 letters/spaces are permitted'; $valid = false; }

$value = $data['lastname']; // ^$ = anchors, [a-zA-Z ] = letters/spaces, {1,30} = 1-30 characters $format = "/^[a-zA-Z ]{1,30}$/"; // If value does NOT match the format then it is invalid if (!preg_match($format, $value)) { $feedback['lastname'] = 'Server feedback: Only 1-30 letters/spaces are permitted'; $valid = false; }

$value = $data['email']; // If value does NOT match the filter then it is invalid if (!filter_var($value, FILTER_VALIDATE_EMAIL)) { $feedback['email'] = 'Server feedback: Only valid email addresses are permitted'; $valid = false; } // Also check the maximum length for this field as filter_var doesn't do this if (strlen($value) > 50) { $feedback['email'] = 'Server feedback: Email must be 50 characters or less'; $valid = false; }

if (!$valid) { echo '

Server message: Form data is invalid - please check and try again!

'; }