Scribd
Upload
3 views

database program

The document consists of two files: Employee.php and Employee.html. Employee.php connects to a MySQL database to retrieve and display employee information based on a name input from the user, while Employee.html provides a user interface with a form to input the employee name and uses AJAX to fetch and display the results dynamically. The code includes measures for sanitizing user input to prevent SQL injection and handles database connection errors.

Uploaded by

Anuja Borate
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
3 views

database program

The document consists of two files: Employee.php and Employee.html. Employee.php connects to a MySQL database to retrieve and display employee information based on a name input from the user, while Employee.html provides a user interface with a form to input the employee name and uses AJAX to fetch and display the results dynamically. The code includes measures for sanitizing user input to prevent SQL injection and handles database connection errors.

Uploaded by

Anuja Borate
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Employee.

php
<?php

// Retrieve the 'txt' parameter from the URL


$name = $_GET['txt'] ?? '';

// Database connection details


$host = "localhost";
$user = "root";
$pass = "";
$db = "employee_db";

// Create a new MySQLi connection


$mysqli = new mysqli($host, $user, $pass, $db);

// Check if connection was successful


if ($mysqli->connect_error) {
die("Database connection error: " . $mysqli->connect_error);
}

// Select the database (optional, as it's already selected in the connection)


$mysqli->select_db($db);

// Check and display the default database


if ($result = $mysqli->query("SELECT DATABASE()")) {
$row = $result->fetch_row();
echo "Default database is: $row[0]<br>";
$result->close();
}
// Sanitize user input to prevent SQL injection
$name = $mysqli->real_escape_string($name);

// Corrected SQL query


$query = "SELECT * FROM employee WHERE emp_name='$name'";

// Execute the query


$result = $mysqli->query($query);

// Check if there are records found


if ($result && $result->num_rows > 0) {
echo "<table border='1'>";
echo "<tr>";
echo "<th>Employee ID</th>";
echo "<th>Employee Name</th>";
echo "<th>Employee Designation</th>";
echo "<th>Employee Salary</th>";
echo "</tr>";

// Fetch and display data


while ($row = $result->fetch_assoc()) {
echo "<tr>";
echo "<td>" . htmlspecialchars($row['emp_id']) . "</td>";
echo "<td>" . htmlspecialchars($row['emp_name']) . "</td>";
echo "<td>" . htmlspecialchars($row['designation']) . "</td>";
echo "<td>" . htmlspecialchars($row['salary']) . "</td>";
echo "</tr>";
}
echo "</table>";

// Free result set


$result->free();
} else {
echo "No records found for the given match.";
}

// Close the database connection


$mysqli->close();

?>
Employee.html
<!DOCTYPE html>
<html>
<head>
<script type="text/javascript">
function display() {
var name = document.forms["f1"]["txt"].value; // Get input value

if (name === "") {


document.getElementById("result").innerHTML = "";
return;
}

var xmlhttp;
if (window.XMLHttpRequest) {
xmlhttp = new XMLHttpRequest();
} else {
xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
}

xmlhttp.onreadystatechange = function () {
if (xmlhttp.readyState == 4 && xmlhttp.status == 200) {
document.getElementById("result").innerHTML = xmlhttp.responseText; //
Fixed response display
}
};

xmlhttp.open("GET", "Employee.php?txt=" + encodeURIComponent(name), true);


xmlhttp.send();
}
</script>
</head>
<body>
<form name="f1">
<label for="txt">Enter Employee Name:</label>
<input type="text" name="txt" id="txt" onkeyup="display()" /><br>
</form>
<div id='result'></div>
</body>
</html>

You might also like