CSE311L

Lab Manual: Week 5 – Back-End Development (PHP, PHP with MySQL)

1. Introduction

This lab manual is designed to develop proficiency in back-end web development

using PHP and MySQL. The manual will guide students through the process of
creating dynamic, server-side applications and integrating them with a database to
manage, store, and retrieve data.

2. Course Objectives

- Understand the basics of **PHP** for server-side scripting.

- Handle HTML forms and user inputs with PHP.
- Use **MySQL** databases for storing, retrieving, and managing data.
- Integrate **PHP** with **MySQL** to perform CRUD (Create, Read, Update,
Delete) operations.
- Implement dynamic and secure web applications.

Section 1: PHP Basics

- Introduction to PHP:
- PHP is a widely-used, open-source server-side scripting language that enables
the development of dynamic web pages.
- PHP code is executed on the server, and the result is sent back to the browser as
plain HTML.
- PHP Syntax:
- PHP scripts are written inside `<?php ?>` tags within an HTML document.
- Variables in PHP are declared with `$`, and PHP is loosely typed.
- **Control Structures**:
- PHP supports common control structures like `if`, `else`, `for`, `while`, and
`switch`.
- Arrays in PHP can be indexed or associative.
- Functions:
- PHP has built-in functions for handling data, strings, files, and more.
- User-defined functions can be declared using the `function` keyword.
Examples
1.
<?php
echo "Hello, World!";
?>
This script outputs a simple "Hello, World!" message.

2.
<?php
$name = "John Doe";
$colors = ["Red", "Green", "Blue"];
echo "Name: " . $name . "<br>";
echo "Favorite color: " . $colors[1];
?>
Demonstrates PHP variables, arrays, and string concatenation.

3.
<?php
$age = 21;
if ($age >= 18) {
echo "You are an adult.";
} else {
echo "You are a minor.";
}
?>

Demonstrates conditional statements based on a user's age.

4.
<form method="POST" action="process.php">
Name: <input type="text" name="name">
<input type="submit" value="Submit">
</form>
process.php:
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = htmlspecialchars($_POST['name']);
echo "Hello, " . $name;
}
 ?>

Demonstrates form submission and processing using PHP. `htmlspecialchars()` is

used to prevent XSS attacks by escaping special characters.

Problem: Create a contact form for your portfolio website that sends user input
(name, email, message) to the server and displays a success message.
Scope: Design a simple HTML form that submits data to a PHP script. The PHP
script will process the form input and display the result on the same or another
page.

Tasks:
1. Design a contact form with input fields for Name, Email, and Message.
2. Use PHP to validate that all fields are filled out.
3. Display the submitted data on the screen and store it in a variable for later use.
4. Ensure user input is sanitized to prevent security issues Use
`htmlspecialchars()`).

Section 2: PHP and MySQL Integration

 Introduction to MySQL:
o MySQL is a popular open-source relational database management
system.
o It stores data in tables, which consist of rows and columns. SQL
(Structured Query Language) is used to query the database.
 Connecting PHP to MySQL:
o PHP provides multiple ways to connect to a MySQL database, the
most common being mysqli_connect() or PDO (PHP Data Objects).
 CRUD Operations:
o CRUD stands for Create, Read, Update, and Delete. These are the
basic operations used to interact with data stored in a database.
o In PHP, CRUD operations can be performed using SQL queries inside
PHP scripts.

Examples:
1. Connecting to a MySQL Database:
<?php
$conn = new mysqli("localhost", "root", "",
"portfolio");
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
echo "Connected successfully";
?>
Explanation: This script establishes a connection to a MySQL database named
portfolio. It checks for connection errors and prints a success message if
connected.

2. Creating a Database and Table:

CREATE DATABASE portfolio;
USE portfolio;
CREATE TABLE messages (
id INT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(100),
email VARCHAR(100),
message TEXT,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

Explanation: This SQL query creates a portfolio database and a messages table to
store user-submitted messages from the contact form.

3. Inserting Data into the Table:

<?php
$stmt = $conn->prepare("INSERT INTO messages (name,
email, message) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $name, $email, $message);

$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
$stmt->execute();
echo "New record created successfully";
?>
Explanation: This PHP script inserts user-submitted data into the messages table.
It uses prepared statements to prevent SQL injection attacks.

4. Retrieving Data (Reading Records):

<?php
$sql = "SELECT * FROM messages";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo "Name: " . $row["name"]. " - Email: " .
$row["email"]. " - Message: " . $row["message"].
"<br>";
}
} else {
echo "0 results";
}
?>
Explanation: This script retrieves and displays all records from the messages
table.

5. Updating Records:
<?php
$stmt = $conn->prepare("UPDATE messages SET message=?
WHERE id=?");
$stmt->bind_param("si", $message, $id);

$message = "Updated message text";

$id = 1;
$stmt->execute();
?>
Explanation: This script updates a record in the messages table. The message field
for a particular id is updated with new data.

 Problem: Create a complete contact form system that allows users to submit
messages, stores them in a MySQL database, and provides an admin
interface to manage (view, update, delete) the messages.
 Scope: Build a full back-end system for managing contact form submissions
using PHP and MySQL.
 Tasks:
1. Create the messages table: Use the provided SQL query to create the
database and table.
2. Insert form data into the database: Modify your contact.php script
to insert the submitted data into the messages table.
3. Retrieve and display messages: Create an admin page (admin.php)
to retrieve and display all messages from the messages table.
4. Implement update and delete functionality: Add buttons for
updating and deleting messages directly from the admin panel.