<!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/xhtml"> <!-- Class examples from CS 328 - Week 11 Lecture 1 requires: hum_conn_no_login.php, assumed to be in the same directory Postback PHP to request info for a specific employee, that EITHER: * builds a dynamic select/drop-down form widget of current employees, OR * uses a BIND VARIABLE to more-safely build a dynamic select statement requesting info for a selected employee by: Sharon Tuttle last modified: 2026-04-08 you can run this using the URL: https:/nrs-projects.humboldt.edu/~st10/s26cs328/328lect11-1/328lect11-1.php note: validated by: * getting an .xhtml version of the executed result with the FORM by copying the resulting source from a browser's "show source" for this document with the form and pasting it into a file ending with -1.xhtml on nrs-projects * getting an .xhtml version of the executed result with the FORM's RESPONSE by copying the resulting source from a browser's "show source" for this document with the form's response and pasting it into a file ending with -2.xhtml on nrs-projects * validating those two .xhtml versions using one of our usual validator links --> <head> <title> for CS 328 Week 11 Lecture 1 </title> <meta charset="utf-8" /> <?php // enable error reporting (for now, at least) for this // particular PHP document ini_set('display_errors', 1); error_reporting(E_ALL); // get the function hum_conn_no_login require_once("hum_conn_no_login.php"); ?> <link href="https://nrs-projects.humboldt.edu/~st10/styles/normalize.css" type="text/css" rel="stylesheet" /> </head> <body> <h1> Employee Info Request </h1> <?php // when I first reach this PHP, generate a form // to select an employee if ($_SERVER["REQUEST_METHOD"] == "GET") { ?> <form method="post" action="<?= htmlentities($_SERVER["PHP_SELF"], ENT_QUOTES) ?>"> <label for="empl_choice"> Select an employee: </label> <select name="empl_choice" id="empl_choice"> <?php $conn = hum_conn_no_login(); // remember, if REACH here, connection must have // succeeded // query for current employees $empl_query_str = "select empl_num, empl_last_name from empl order by empl_last_name"; $empl_stmt = oci_parse($conn, $empl_query_str); oci_execute($empl_stmt, OCI_DEFAULT); // build an option element for each employee while (oci_fetch($empl_stmt)) { // EITHER style of oci_result 2nd argument is fine here! // (BUT if giving projected column name, remember // NEEDS to be all-uppercase) $curr_empl_num = strip_tags(oci_result($empl_stmt, 1)); $curr_empl_name = strip_tags(oci_result($empl_stmt, "EMPL_LAST_NAME")); ?> <option value="<?= $curr_empl_num ?>"> <?= $curr_empl_num ?> - <?= $curr_empl_name ?> </option> <?php } // remember to free your statement, and close your connection, // when you are done with them!!!!!!! oci_free_statement($empl_stmt); oci_close($conn); ?> </select> <br /> <input type="submit" /> </form> <?php } // but if request method was "post", assume this is a // form response, and try to CAREFULLY/SAFELY query // info for the selected employee else { // I am assuming no nickname should have tags in it, // and am stripping any out, as well as removing // any leading and trailing blanks $chosen_empl_num = trim(strip_tags($_POST["empl_choice"])); $conn = hum_conn_no_login(); // note use of a BIND VARIABLE :chosen_empl_num, // NOT concatenation, to more SAFELY include the // selected employee's employee number in this // SELECT statement $get_empl_query = "select empl_last_name, job_title, salary from empl where empl_num = :chosen_empl_num"; $empl_info_stmt = oci_parse($conn, $get_empl_query); // need to BIND the bind variable TO a value oci_bind_by_name($empl_info_stmt, ":chosen_empl_num", $chosen_empl_num); // NOW execute! oci_execute($empl_info_stmt, OCI_DEFAULT); // empl_num is empl's primary key, so at MOST one row can result // from this particular query -- no loop needed here, // but DO still need to fetch that row! oci_fetch($empl_info_stmt); // again, demoing both kinds of 2nd argument for oci_result $chosen_empl_name = oci_result($empl_info_stmt, 1); $chosen_empl_job = oci_result($empl_info_stmt, 2); $chosen_empl_salary = oci_result($empl_info_stmt, "SALARY"); ?> <p> For employee <?= $chosen_empl_name ?>: </p> <ul> <li> Employee number: <?= $chosen_empl_num ?> </li> <li> Job title: <?= $chosen_empl_job ?> </li> <li> Salary: $<?= $chosen_empl_salary ?> </li> </ul> <p> <a href="<?= htmlentities($_SERVER["PHP_SELF"], ENT_QUOTES) ?>"> Request another employee's info </a> </p> <?php // remember to free your statement, and close your connection, // when you are done with them!!!!!!! oci_free_statement($empl_info_stmt); oci_close($conn); } ?> <footer> <hr /> <p> Validate by pasting .xhtml copy's URL into<br /> <a href="https://validator.w3.org/nu"> https://validator.w3.org/nu </a> or <a href="https://html5.validator.nu/"> https://html5.validator.nu/ </a> </p> </footer> </body> </html>