What is Lazy Mofo (LM)?

LM is a class similar to PHPGrid. LM is a sql driven datagrid and form generator for PHP 5 and MySQL 5.
What does LM do?

Renders a datagrid of database results from a table name or SQL statement; grid features include pagination, sorting, search, and inline editing.
Renders forms for inputing and editing data.
Updates, inserts and deletes data.
Handles file uploads and image resizing and cropping. (images are not stored in the database, only filename)

What's Different & Better From other Grids

Define forms and grids purely with SQL statements. Grid and be easily used for reporting too.
Define select, radio, and checkbox inputs with SQL statements.
Grid uses both a count query and limit offset query for efficiency and low memory usage on large datasets.
Upload files, resize and crop images.
Lightweight; a single class.
Open source and free (as in beer and speech).

What's Bad About LM

To identify date, numeric and textarea fields, Lazy Mofo uses PDO getColumnMeta which is an "experimental" function. This can be easily disabled by setting auto_populate_controls = false.
No built-in validation. Server-side validation can be added (see details below).
Lazy Mofo parses and manipulates sql strings which has limitations and is hypothetically exploitable. LM is best suited for admin areas. Complex sql queries may require an additional grid_sql_count query to count results. Also, grid_run_search may need to be disabled, requiring search to be handled manually in the grid_sql statement.

Requirements

PHP 5 and MySQL 5
Magic Quotes should be turned off
PDO MySQL module installed for PHP
Database table must have a primary key identity

Built-In Controller

This class has a built-in controller method to call its methods. Usage of the contoller is optional. form(), grid(), sql_insert(), sql_update(), sql_update_grid(), sql_delete() can all be called manually.

 Example: $lm->run();

Example 1 - Basic Usage

// create LM object, pass in PDO connection
$lm = new lazy_mofo($dbh); 

// table name for updates, inserts and deletes
$lm->table = 'market';

// identity / primary key column name
$lm->identity_name = 'market_id';

// use the lm controller 
$lm->run();

Example 2 - Define Forms and Grid with SQL

// create LM object, pass in PDO connection
$lm = new lazy_mofo($dbh); 


// table name for updates, inserts and deletes
$lm->table = 'market';


// identity / primary key column name
$lm->identity_name = 'market_id';


// make friendly names
$lm->rename = array('country_id' => 'Country');


// define input controls on the form
$lm->form_input_control = array('photo' => '--image', 'is_active' => '--checkbox', 'country_id' => 'select country_id as val, country_name as opt from country; --select');


// define editable input controls on the grid
$lm->grid_input_control = array('is_active' => '--checkbox');


// define output control on the grid; make email clickable and the photo a clickable link
$lm->grid_output_control = array('contact_email' => '--email', 'photo' => '--image');


// query for grid(). if the last column selected is the primary key identity, then the [edit] and [delete] links are displayed
$lm->grid_sql = "select m.market_name, m.photo, m.contact_email, c.country_name, m.is_active, m.create_date, m.notes, m.market_id from market m left join country c on m.country_id = c.country_id";


// query for form()
$lm->form_sql = 'select * from market where market_id = :market_id';
$lm->form_sql_param = array(':market_id' => intval($_REQUEST['market_id']));


// use the lm controller
$lm->run();

Input and Output Controls - define how a field is rendered

Input and Output Controls are associative arrays used to define how to render input or output for a field. Inputs render form inputs like: text, checkbox, radio, etc. Outputs render: text, links, and images.

Define Inputs on form() $lm->form_input_control = array('field_name_1' => '[sql] --command','field_name_2' => '[sql] --command', ...);
Define Inputs on grid() $lm->grid_input_control = array('field_name_1' => '[sql] --command','field_name_2' => '[sql] --command', ...);
Define Output on grid() $lm->grid_output_control = array('field_name_1' => '--command','field_name_2' => '--command', ...);

Example: $lm->form_input_control = array('client_pic' => '--image','pdf' => '--document', 'weird_data' => '--my_user_function', 'will_you_attend' => "select 1 as key, 'Yes' as val union select 0, 'No' union select 3, 'Maybe'; --radio");

Defining Custom Input and Output Controls

User defined functions can be defined to render an input or output control.

Example: $lm->form_input_control['weird_data'] = '--my_user_function';

function my_user_function($column_name, $value, $command, $called_from){

    // $column_name: field name
    // $value: field value  
    // $command: full command as defined in the arrays: form_input_control, grid_input_control or grid_output_control
    // $called_from: which function called this user function; form or grid

    $val = htmlspecialchars($value, ENT_QUOTES, 'UTF-8')
    return "<input type='text' name='$column_name' value='$val' size='100' />";

}

Controls Which Are Automatically Populated

If auto_populate_controls = true, get_columns() will populate form_input_control and grid_output_control with --date, --datetime, --number and --textarea according to meta data.

Input Commands Preceeded by SQL to Populate Data: --select, --checkbox, --radio

--select, --checkbox, --radio can be preceeded by a two column sql statement to popuplate the control. Note: a space required after the sql statement.

Example: $lm->form_input_control = array('country_id' => 'select country_id, country_name from country; --select');

Commands for Input Controls - form_input_control and grid_input_control arrays

Command	Description
--my_input_control	define your own function and return any HTML. example: function my_input_control($column_name, $value, $command, $called_from)
--text	text input (default)
--password	password input
--number	text input for number, when cast numbers are filtered through restricted_numeric_input pattern.
--date	text input, date is formatted according to public $date_format variable
--datetime	text input, date is formatted according to public $date_format variable
--textarea	textarea input
--readonly	plain text (not an input, just displays field)
--image	file input for uploading, if image exists then image is displayed with 'delete' checkbox. This input is not available for use on the grid() at this time.
--document	file input for uploading, if document exists then display link with 'delete' checkbox. This input is not available for use on the grid() at this time.
[sql] --select	select dropdown
[sql] --selectmultiple	select dropdown with multiple options. values are stored in a delimited list.
[sql] --checkbox	input checkboxes. values are stored in a delimited list.
[sql] --radio	radio buttons

Commands for Output Control - grid_output_control arrays

Command	Description
--my_output_control	define your own function and return any HTML. example: function my_output_control($column_name, $value, $command, $called_from)
--text	outputs plain text (default)
--date	outputs date according to date_out setting
--datetime	outputs datetime according to datetime_out setting
--email	outputs a clickable email link
--image	outputs a clickable link to the image, or display image if grid_show_images = true
--document	outputs a clickable link to the document
--html	outputs html without tags or formatting

Adding server-side validation

When using the built-in controller, server-side validation can be added by defining user function names in insert_user_function, and update_user_function, update_grid_user_function.

Example: 

$lm->insert_user_function = 'my_validate';
$lm->update_user_function = 'my_validate';

function my_validate(){

    if($_POST['email'] == '')
        return 'Email is Required';
}

Cross Site Request Forgery - csrf

This script does not validate csrf itself but has a placeholder csrf variable from loaded from $_SESSION['_csrf']. To protect from csrf, validate the csrf on POST commands.

Export to CSV

Output buffering (ob_start) must be used at the beginning of the script for the export to CSV feature to function properly.

Project Sponsored By:

| | |