0% found this document useful (0 votes)
32 views37 pages

IP 3 Chapter Edit

Uploaded by

alemunuruhak
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
32 views37 pages

IP 3 Chapter Edit

Uploaded by

alemunuruhak
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 37

Chapter : Three

Manipulating Databases with PHP

3.1. Introduction
• One of the reasons for PHP’s popularity as a Web scripting language is its
(cross-platform, compatible, scalability, Allows for various DBs …. etc)

• Allows for various DB formats (Microsoft SQL Server, IBM DB2,


PostgreSQL, MySQL, and Oracle. )

• Makes it easy for Web developers to create Web applications quickly and
efficiently.
Database Access in PHP

• Database: is a separate application that stores a collection of data.

• Table: is a set of rows and columns. It represents a single concept such as


products.

• Column: a set of data of single data type. Ex. FirstName, LastName,

• Row: single record of data. Ex. “Abebe”, “Kebede”,

• Field: is the intersection of a row and a column. Ex. FirstName: ”Abebe”

• Redundancy: Storing data twice, redundantly to make the system faster.


Cont.…
• Primary Key: is unique a key value can not occur twice in one table.

• Foreign Key: A foreign key is the linking pin between two tables.

• Compound Key: (composite key) is a key that consists of multiple


columns, because one column is not sufficiently unique.

• Referential Integrity: Referential Integrity makes sure that a foreign key


value always points to an existing row.
MySQL Database:

• MySQL is becoming so popular because of many good reasons.


• MySQL works on many operating systems and with many languages including
PHP, PERL, C, C++, JAVA, etc.
• MySQL works very quickly and works well even with large data sets.
• MySQL is very friendly to PHP, the most appreciated language for web
development.
• MySQL supports large databases, up to 50 million rows or more in a table.
• The default file size limit for a table is 4GB, but you can increase this (if your
operating system can handle it) to a theoretical limit of 8 million terabytes (TB).
Database Interactions

 PHP database interactions in five steps:


Create a database connection
Perform Database query
Use returned data if any
Release returned data
Close database connection
Creating a Database Connection:

• Before we enable do anything with database in PHP, we should first connect


to the MySQL server using specific connection variables.

• Connection variables consist of the following common parameters.

• Host name: This is the name of the server. We can change to whatever host
is acting as MySQL server. It is optional (localhost).

• User name: The root user of the system. It is require (root).

• User’s password:-This is encrypted written with the form for security. It is


require (” “);
Cont.…

• The common function in PHP that uses for server connection is


mysql_connect( ) or mysqli_connect() function.

• This function has the following syntax:- mysql_connect ("hostname",


"user", "pass") to connect with MySQL server.

• PHP provides mysql_connect function to open a database connection. This


function can take up to five parameters and returns a MySQL link identifier
on success, or FALSE on failure.

• The five parameters are the three above and the two below options.
Cont.…
• new_link Optional - If a second call is made to mysql_connect() with the same arguments,
no new connection will be established; instead, the identifier of the already opened
connection will be returned.
• client_flags Optional - A combination of the following constants:
MYSQL_CLIENT_SSL - Use SSL encryption
MYSQL_CLIENT_COMPRESS - Use compression protocol
MYSQL_CLIENT_IGNORE_SPACE - Allow space after function names
MYSQL_CLIENT_INTERACTIVE - Allow interactive timeout
seconds of inactivity before closing the connection
• Note: There are more available parameters, but the ones listed above are the
most important.
Databaseconnection.php
• <?php
• $dbhost = “localhost”; Optional – you can placed “”, but you couldn’t placed any
char.
• $dbuser = 'root'; Require, Warning: Access denied for user ''@'localhost' to database “aip”
• $dbpass = “"; Require, Access denied for user 'root'@'localhost' (using password: YES)
• $conn = mysqli_connect($dbhost, $dbuser, $dbpass,“Aip");
• if(! $conn )
• {
• die('Could not connect: ' . mysqli_error()); }
• echo 'Connected successfully';
• mysqli_close($conn);
• ?>
Closing a DB connection
• You can disconnect from MySQL database anytime using another PHP function
mysql_close().

• This function takes a single parameter which is a connection returned by


mysql_connect() function.
Syntax:

mysql_close ( resource $link_identifier );

mysqli_close($conn); or mysql_close($conn);

• This function returns true if it closes connection successfully otherwise it returns


false.
Cont.…
• There are also functions in PHP which have different purposes. For instance,

• mysql_select_db("database name") or
mysqli_select_db(“connection”,"database name") : Equivalent to the
MySQL command USE; makes the selected database the active one.

• mysqli_query("query"): Used to send any type of MySQL command to the


server.

• mysqli_fetch_rows("results variable from query"): Used to return a row of


the entire results of a database query.
Cont.…

• mysqli_affected_rows():Print out affected rows from different queries:

• mysql_fetch_array("results variable from query"): Used to return several


rows of the entire results of a database query.

• mysql_free_result(“result variable from query”): Used to release the


returned results.

• mysql_error(): Shows the error message that has been returned directly from
the MySQL server.
Creating the working Database

• After establishing a MySQL connection with the code above, you then need to
choose which database you will be using with this connection.

• This is done with the mysql_select_db(“database-name”)or


mysqli_select_db(“connection”,”databasename”) function.

• If the database you are looking to work on is not available, you can create it using
mysql_query() or mysqli_query() function together with CREATE command
followed by database name. mysql_query function can take two parameters and
returns TRUE on success or FALSE on failure.

• The parameters are:- sql and connection.


Cont..

• The syntax of the function is:-

• mysql_query(sql, connection variable); or

• mysqli_query(connection variable,sql);

• To create a database uses the following sql syntax:

• CREATE DATABASE database_name

• mysql_query ("create database test”,$connection): told MySQL to create a


database called test.
Cont..
• die(mysql_error()); will print out an error if there is a problem in the
database creation process.

• Closing Query

• When you are finished working with query results retrieved with the
mysql_query() function, use the mysql_free_result() function to close the
resultset

• To close the resultset, pass to the mysql_free_result() function the variable


containing the result pointer from the mysql_query() function
Recommended
• Use database connection and database creation at one file extension.

• Syntax: $sql or $sqli="CREATE DATABASE databasename";

• if ($conn->query($sqli) === TRUE) {

• echo "Database created successfully";

• } else {

• echo "Error creating database: " . mysqli_error();

•}

• mysqli_close($conn);
Cont..
•<?php
•$dbhost = 'localhost'; // can you change the order of parameters during declaration?
• $dbuser = 'root';
•$dbpass = '';
• $conn = mysqli_connect($dbhost, $dbuser, $dbpass);
• if(! $conn )
•{
• die('Could not connect: ' . mysqli_error());
•}
• echo 'Connected successfully';
•//mysqli_close($conn); don’t placed here!!!
Cont..
• // Create database
• $sqli = "CREATE DATABASE TESTTEST";
• if ($conn->query($sqli) === TRUE) {
• echo "Database created successfully";
• } else {
• echo "Error creating database: " . mysqli_error($conn);
•}
• mysqli_close($conn);
• ?>
Create Table MySQL
• Before you enter data (rows) into a table, you must first define what kinds of
data will be stored (columns).This can be done using Create sql statement.

• A database table has its own unique name and consists of columns and rows.

• Syntax:

• CREATE TABLE table_name (column_name1 data_type,column_name2


data_type,....)

• We are now going to design a MySQL query to summon our table from
database test.
Cont..
• <?php
• $dbhost = 'localhost';
• $dbuser = 'root';
• $dbpass = '';
• $conn = mysqli_connect($dbhost, $dbuser, $dbpass,"Aip");
• if(! $conn )
• {
• die('Could not connect: ' . mysqli_error());
• }
• echo 'Connected successfully';
• //mysqli_close($conn);
• // sql to create table
Cont..
• $// sql to create table
• $sqli = "CREATE TABLE Thirdyear2014 (
• Name VARCHAR(50) ,
• Code INT (20) )";
• if (mysqli_query($conn, $sqli)) {
• echo "Table Thirdyear created successfully";
• } else {
• echo "Error creating table: " . mysqli_error($conn);
•}
• mysqli_close($conn);
• ?>
Send/Insert Data to a Database
• When data is put into a MySQL table it is referred to as inserting data. When
inserting data it is important to remember the exact names and types of the
table's columns.

• Syntax:
• INSERT INTO table_name VALUES (value1, value2, value3,...) Or

• INSERT INTO table_name (column1, column2,...) VALUES (value1, value2,...)

• Requirements : form, database connection, the file name which is saved by the
action value(5-ddbb) .
Dbform,php
• <!DOCTYPE html>
• <html>
• <head>
• <title></title>
• </head>
• <body>
• <form action="5-DDBB.php" method="POST">
• name:<input type="text" name="name"><br><br>
• code:<input type="text" name="code"><br><br>
• <input type="submit" name="register" value="Register">
• </form>
• </body>
• </html>
5-DDBB.php
• <?php
• $host="localhost";
• $user="root";
• $pas="";
• $conn=mysqli_connect($host,$user,$pas,"aip");
• if (!$conn)
• {
• die("Could not connect");
•}
• else {
• echo "Database Successfully Connected"."<br>";
•}
Cont..
• if (isset($_POST["register"])) {
• $Name=$_POST["name"];
• $Code=$_POST["code"];
• $sqli="INSERT INTO
exam(Name,Code)values('$Name','$Code')";
• if (mysqli_query($conn,$sqli)) {
• echo "new record inserted successfuly";
• }
• else
• echo "Error".mysqli_error($conn);
•}
• mysqli_close($conn)
• ?>
Retrieve Data from a Database

• In MySQL, data is retrieved with the "SELECT" keyword.

• The SELECT statement is used to select data from a database or we can


use the * character to select ALL columns from a table:
• SELECT * FROM table_name

• Before attempting to retrieve data, be sure that you have created a table
that contains some data.

• Syntax: SELECT column_name(s) FROM table_name


Cont..
• <?php
• $dbhost = 'localhost';
• $dbuser = 'root';
• $dbpass = '';
• $conn = mysqli_connect($dbhost, $dbuser, $dbpass,"aip");
• if(! $conn )
• {
• die('Could not connect: ' . mysqli_error());
• }
• $sqli = "SELECT name, code FROM exam";
• $result = $conn->query($sqli);
Cont..
• if ($result->num_rows > 0) {
• echo "<table border=1> <tr> <th> NAME </th> <th> CODE</th>
</tr>";
• while ( $row=$result->fetch_assoc()) {
• echo "<tr> <td>".$row["name"]."</td>"."<td>".
$row["code"]."</td> </tr>" ;
• }
• echo "</table>";
• } else {
• echo "0 results";
•}
• $conn->close();
• ?>
Select and Filter Data From a MySQL Database

• The WHERE clause is used to filter records.

• The WHERE clause is used to extract only those records that fulfill a specified
condition.

• SELECT column_name(s) FROM table_name WHERE column_name operator


value

• $sqli = "SELECT Name, code FROM exam WHERE Code=30";


Modify/Updating Existing Data
• The UPDATE statement is used to update existing records in a table.

• UPDATE table_name SET column1=value, column2=value2,... WHERE


some_column=some_value

• Let's look at the “exam" table before UPDATE:

$sqli = "UPDATE exam SET Code=60 WHERE Code=30";


Update
<?php
$host="localhost";
$user="root";
$pas="";
$conn=mysqli_connect($host,$user,$pas,"aip");
if(!$conn)
{
die("could not connected".mysqli_error($conn));
}
$sqli = "UPDATE exam SET Code=60 WHERE Code=30";
if ($conn->query($sqli) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $conn->error;
}

$conn->close();
?>
Remove Existing Data
• The DELETE query is very similar to the UPDATE Query.

• We need to choose a table, tell MySQL to perform the deletion, and provide the

requirements that a record must have for it to be deleted.

• Syntax:DELETE from table_name where column_name comparison_operator

value

• Let's look at the “exam" table before DELET:

$sqli = "delete from exam WHERE code=3030";


Delete
• <?php
• $host="localhost";
• $user="root";
• $pas="";
• $conn=mysqli_connect($host,$user,$pas,"aip");
• if(!$conn)
• {
• die("could not connected".mysqli_error($conn));
• }
• $sqli = "delete from exam WHERE code=3030";
• if ($conn->query($sqli) === TRUE) {
• echo "Record Delete successfully";
• } else {
• echo "Error Delete record: " . $conn->error;
• }

• $conn->close();
Data base security using server side scripting

• Nowadays, databases are fundamental components of any web based


application by enabling websites to provide varying dynamic content.

• Since very sensitive or secret information can be stored in a database, you


should strongly consider protecting your databases.

• To retrieve or to store any information you need to connect to the


database, send a legitimate query, fetch the result, and close the
connection.
Encryption in PHP

• Once an attacker gains access to your database directly (bypassing the web
server), stored sensitive data may be exposed or misused, unless the
information is protected by the database itself.

• Encrypting the data is a good way to mitigate this threat, but very few
databases offer this type of data encryption.

• The easiest way to work around this problem is to first create your own
encryption package, and then use it from within your PHP scripts.

• PHP provides different types of encryptions such as: md5, sha1, hash, crypt,
hashed_password etc.
Cont..
Example:
<?php
$pass="12345678";
echo "md5 encryption $pass=".md5($pass)."<br>";
echo "sha1 encryption $pass=".sha1($pass)."<br>";
echo "hash encryption $pass=".hash('sha1',$pass)."<br>";
echo "crypt encryption $pass=".crypt($pass,$salt);
?>
Output:
md5 encryption 12345678=25d55ad283aa400af464c76d713c07ad
sha1 encryption 12345678=7c222fb2927d828af22f592134e8932480637c0d
hash encryption 12345678=7c222fb2927d828af22f592134e8932480637c0d
crypt encryption 12345678=$1$.90.tj5.$CG0sUopGFc1ADWxBqDjPu.
In the above example, the salt parameter is optional. However, crypt () creates a weak password
without the salt. Make sure to specify a strong enough salt for better security.
Thank You!!!

You might also like