LESSON 4:

MYSQL DATABASE

WS101 - WEB SYSTEMS AND TECHNOLOGIES 1

 What is MySQL?

MySQL is the most popular database system used with PHP. It is a

database system that runs on a server that is ideal for both small and
large applications. The data in a MySQL database are stored in tables. A
table is a collection of related data, it consists of columns and rows.

WS101 - WEB SYSTEMS AND TECHNOLOGIES 1

 Database Queries

A query is a question or a request. We can query a database for specific

information and have a set of records returned.

For example:
SELECT LastName FROM employees_tbl

WS101 - WEB SYSTEMS AND TECHNOLOGIES 1

 MySQL Connect MySQLi Procedural

mysqli_connect() is a function in PHP that is used to establish a connection to a

MySQL database. It is part of the MySQLi (MySQL Improved) extension, which is
an enhancement of the original MySQL extension and provides better support for
prepared statements, object-oriented and procedural programming, and more.
Syntax:
mysqli_connect(hostname, username, password, database, port, socket);

WS101 - WEB SYSTEMS AND TECHNOLOGIES 1

 Creating connection
<?php
// Create a connection
$db = mysqli_connect('localhost', 'root', 'password', 'test_db');

// Check if the connection was successful

if (!$db) {
die("Connection failed: " . mysqli_connect_error());
} else {
echo "Connected successfully!";
}

// Close the connection

mysqli_close($db);
?>
WS101 - WEB SYSTEMS AND TECHNOLOGIES 1
 Inserting Data
Let’s create first our table for our users.

CREATE TABLE users (

user_id INT AUTO_INCREMENT PRIMARY KEY,
fullname VARCHAR(255) NOT NULL,
email VARCHAR(255) NOT NULL UNIQUE,
password VARCHAR(255) NOT NULL,
phone_number VARCHAR(15),
date_created TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

WS101 - WEB SYSTEMS AND TECHNOLOGIES 1

 Inserting Data
After a database and a table have been created, we can start adding
data in them.

Here are some syntax rules to follow:

 The SQL query must be quoted in PHP

 String values inside the SQL query must be quoted
 Numeric values must not be quoted
 The word NULL must not be quoted

Syntax:
INSERT INTO table_name (column1, column2, column3,...)
VALUES (value1, value2, value3,...)

WS101 - WEB SYSTEMS AND TECHNOLOGIES 1

 Inserting Data
Example:

INSERT INTO users (fullname, email, password, phone_number) VALUES

('John Doe', '[email protected]', 'hashed_password_here',
'1234567890’);

WS101 - WEB SYSTEMS AND TECHNOLOGIES 1

 Executing queries
There are two ways on how we execute our queries:
1. mysqli_query() - This method directly includes the
data into the query string, making it vulnerable to
SQL injection if user input is not properly
sanitized. You should only use this if you're
sanitizing inputs before running the query.

2. mysqli_prepare() - This is the recommended method.

It uses prepared statements and bound parameters, which
are immune to SQL injection.

WS101 - WEB SYSTEMS AND TECHNOLOGIES 1

 Selecting Data
The SELECT statement is used to select data from one or
more tables.

Syntax:
SELECT column_name(s) FROM table_name

Or we can use the * character to select ALL columns

from a table

Syntax:
SELECT * FROM table_name
WS101 - WEB SYSTEMS AND TECHNOLOGIES 1
 Selecting Data: Using mysqli_query()
<?php
$email = "[email protected]";
$sql = "SELECT * FROM users WHERE email = '$email'";
$result = mysqli_query($conn, $sql);

if (mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_assoc($result)) {
echo "ID: " . $row["user_id"] . " - Name: " . $row["fullname"] .
" - Email: " . $row["email"] . "<br>";
}
} else {
echo "No records found.";
}
mysqli_close($conn);
?>

WS101 - WEB SYSTEMS AND TECHNOLOGIES 1

 Updating Data
The UPDATE statement is used to update existing records in a table:

Syntax:
UPDATE table_name
SET column1=value, column2=value2,...
WHERE some_column=some_value

Note: The WHERE clause specifies which record or records that should
be updated. If you omit the WHERE clause, all records will be
updated!

WS101 - WEB SYSTEMS AND TECHNOLOGIES 1

 Deleting Data
The DELETE statement is used to delete records from a table:

Syntax:
DELETE FROM table_name
WHERE some_column = some_value

Note: he WHERE clause specifies which record or records that should

be deleted. If you omit the WHERE clause, all records will be
deleted!

WS101 - WEB SYSTEMS AND TECHNOLOGIES 1

 Sorting Data
The ORDER BY clause is used to sort the result-set in ascending or descending
order. It sorts the records in ascending order by default. To sort the records in
descending order, use the DESC keyword.

Syntax:
SELECT column_name(s) FROM table_name ORDER BY column_name(s) ASC|
DESC

WS101 - WEB SYSTEMS AND TECHNOLOGIES 1

 EXERCISES

WS101 - WEB SYSTEMS AND TECHNOLOGIES 1

 Exercise 1
 Create `users` table on your database `mydatabase`.
The following are the attributes of the `users` table:
 user_id – Primary Key
 fullname – varchar 255
 user_email – varchar 255
 user_pwd – varchar 255
 user_type – int (1 – admin, 2 – student)
Manually insert 1 value to the database: Administrator, [email protected], admin123, 1
 Create a registration and login page.
 During registration, if all inputs are validated and sanitized, insert it to the users table
then redirect the user to the `index.php` where he will be prompt to login.
 Check the user type, if it is 1, redirect to `dashboard.php`, otherwise redirect to
`home.php`.
WS101 - WEB SYSTEMS AND TECHNOLOGIES 1
 Exercise 2:
On `dashboard.php`, create a CRUD operation for table users.

WS101 - WEB SYSTEMS AND TECHNOLOGIES 1