patternjavascriptMinor
Restaurant system with JavaScript connecting to PHP
Viewed 0 times
restaurantwithconnectingsystemjavascriptphp
Problem
I'm making a web application for a restaurant kind of type. The idea is to administrate the orders and customers with the functions such as:
I'm doing this by separate PHP files. Here's the example for inserting a new order:
This goes together with the
```
databaseHost, $this->databaseUser, $this->databasePassword, $this->databaseName);
if (mysqli_connect_error()) {
exit('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());
}
parent::set_charset('utf-8');
}
function get_simple_data() {
$query = "SELECT customers.first_name,
customers.last_name,
orders.location,
orders.id,
orders.total_price,
customers.email_adress
FROM customers
INNER JOIN orders ON customers.id = orders.customer_id
ORDER BY orders.id DESC";
return $this->query($query);
}
function get_all_data_by_order_id($order_id) {
$query = "SELECT customers.first_name,
customers.last_name,
customers.email_adress,
customers.customer_info,
orders.order_info,
orders.total_price,
orders.location,
orders.created
FROM customers
INNER JOIN orders ON customers.id = orders.customer_id
WHERE orders.id = {$order_id}";
return $this->query($query);
}
function get_orders_by_customer_id($customer_id) {
$query = "SELECT id, order
- Make a new order
- Delete a order
- View all the orders
- Make a new customer
- Delete a customer
- View all the customers
- Finance overview
I'm doing this by separate PHP files. Here's the example for inserting a new order:
insert_order($customer_id, $order_info, $location);
exit;
} else {
die();
}This goes together with the
Database class:```
databaseHost, $this->databaseUser, $this->databasePassword, $this->databaseName);
if (mysqli_connect_error()) {
exit('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());
}
parent::set_charset('utf-8');
}
function get_simple_data() {
$query = "SELECT customers.first_name,
customers.last_name,
orders.location,
orders.id,
orders.total_price,
customers.email_adress
FROM customers
INNER JOIN orders ON customers.id = orders.customer_id
ORDER BY orders.id DESC";
return $this->query($query);
}
function get_all_data_by_order_id($order_id) {
$query = "SELECT customers.first_name,
customers.last_name,
customers.email_adress,
customers.customer_info,
orders.order_info,
orders.total_price,
orders.location,
orders.created
FROM customers
INNER JOIN orders ON customers.id = orders.customer_id
WHERE orders.id = {$order_id}";
return $this->query($query);
}
function get_orders_by_customer_id($customer_id) {
$query = "SELECT id, order
Solution
It seems like you have your work cut out..
It seems that
Furthermore, if
Finally, given that you do not have full protection for SQL Injection, I am assuming you will also have to read up on Cross Site Scripting.
When you wire the listeners, you can simply provide the functions you wrote, so that this
becomes
Which brings me to the point that JavaScript should really be written in lowerCamelCase so
Other than that, your JavaScript code is clean.
It seems that
get_orders_by_customer_id get_order_items_by_order_id delete_order and delete_all_order_items are vulnerable to SQL Injection.Furthermore, if
orders.id is an auto-increment number, then it seems a simple loop with ajax call in the console can empty your entire orders table. Probably not what you want. It might be more prudent to set a status flag to cancelled so that you recover more easily instead of just deleting data.Finally, given that you do not have full protection for SQL Injection, I am assuming you will also have to read up on Cross Site Scripting.
When you wire the listeners, you can simply provide the functions you wrote, so that this
$("#new-order-btn").click(function () {
new_order();
});
$("#delete-order-btn").click(function () {
delete_order();
});
$("#list tbody tr").click(function () {
select_row(this);
});
$("#submit-order").click(function () {
submit_order(false);
});becomes
$("#new-order-btn").click(new_order);
$("#delete-order-btn").click(delete_order);
//Undefined will translate to falsey, so `submit_order` will work
$("#submit-order").click(submit_order);
//You could do something with `bind` here
$("#list tbody tr").click(function () {
select_row(this);
});Which brings me to the point that JavaScript should really be written in lowerCamelCase so
new_order -> newOrder, submit_order -> submitOrder etc.Other than that, your JavaScript code is clean.
Code Snippets
$("#new-order-btn").click(function () {
new_order();
});
$("#delete-order-btn").click(function () {
delete_order();
});
$("#list tbody tr").click(function () {
select_row(this);
});
$("#submit-order").click(function () {
submit_order(false);
});$("#new-order-btn").click(new_order);
$("#delete-order-btn").click(delete_order);
//Undefined will translate to falsey, so `submit_order` will work
$("#submit-order").click(submit_order);
//You could do something with `bind` here
$("#list tbody tr").click(function () {
select_row(this);
});Context
StackExchange Code Review Q#61086, answer score: 4
Revisions (0)
No revisions yet.