chapter 4-2 php part 2

8/13/2019 Chapter 4-2 PHP Part 2

1/43

ITCS373/ITCS473: InternetSoftware Development

Chapter 4-2: Server-SideProgramming PHP

Dr. Faisal Al-Qaed


2/43

PHP and MySQL DB

MySQL is a database serverMySQL is ideal for both small and large

applications

MySQL supports standard SQL

MySQL compiles on a number of platformsMySQL is free to download and use

PHP combined with MySQL are cross-platform

(you can develop in Windows and serve on aUnix platform)

PHPMyAdmin: it is a web-based tool that allowyou to administrate your MySQL databases over

the WWW, built using a set of PHP Scripts.


3/43

MySQL DataBase

MySQL is a database. A database is integratedcollection of data. The data in MySQL is stored in database objects called

tables. A table is a collections of related data entries and it

consists of columns and rows. Databases are useful when storing informationcategorically. A company may have a database with thefollowing tables: "Employees", "Products", "Customers"and "Orders".

A database most often contains one or more tables.Each table is identified by a name (e.g. "Customers" or"Orders"). Tables contain records (rows) with data.

A databse query is a question or a request. With MySQL,we can query a database (using Structured QueryLanguage (SQL)) for specific information and have arecordset returned.


4/43

Assume we have Customer Table


5/43

A quick SQL TutorialTo retrieve data from the table, we use select * from

tablename: Select * from Customer Select ID, Name, Age from Customer Select * from Customer where ID=1

Select * from Customer where Age


6/43

SQL Insert

INSERT INTO table_nameVALUES(value1, value2, value3,...)

INSERT INTO Customer VALUES(1,'Nilsen', NN', abc123', 22, Student')


7/43

SQL Update

UPDATE table_name SETcolumn1=value, column2=value2,...WHERE some_column=some_value

UPDATE Customer SET Age=37,Occupation='Student' WHEREName=Noor' OR ID=2


8/43

SQL Delete

DELETE FROM table_name WHEREsome_column=some_value

DELETE FROM Customer WHEREName=Hesham' AND Age>30


9/43

Type in: localhost Click onphpMyAdmin toaccess MySQL

Enter yourusername and

password

(i.e. root andabc123)


10/43

First Step: Create DBEnter DBName andclick create


11/43

Create Table

To create table To add

more fieldsto the table


12/43

Insert Data

Select the table students, click on insert,then type in the values, then finally click ongo button to insert new data into your table


13/43

Browse/Edit/Delete

After inserting data, you can browse thetable by clicking Browse (see Top-Left),and then you will see you table, clicking on

pencil picture will allow you to edit thatrow, or clicking on the X picture will allowyou to delete that record.


14/43

Using SQL

You can use SQL statements to CreateTable, Insert records, browse recordsusing Select, Delete records, etc.

Enter your

SQL here

Executeyour SQL

Fields name


15/43

Allow you toexport DBand import itto different

machine

Allow you to editand deletedatabase


16/43

In the LAB you were given a quick tutorialon using MySQL with PHPMyAdmin and

SQL statements. You should now know:How to create/delete a database?

How to create/delete table?

How to insert/edit/delete a record?How to browse table contents?

How to use SQL to create table,select/update/delete/insert records?

How to import/export your database?


17/43

MySQL database

Connect


18/43

Displaying the data in the table

Select $result = mysql_query("SELECT * FROM Customer");

Display in a table echo "

IDNameAge"; while($row = mysql_fetch_array($result)) { echo ""; echo "" . $row[ID'] . ""; echo "" . $row[Name'] . "";

echo "" . $row[Age'] . ""; echo ""; } echo "";


19/43

Inserting into the table

mysql_query("INSERT INTO CustomerVALUES(10,Ali',un, '23,25,Student )") ordie(mysql_error());


20/43

More Examples

$result = mysql_query("SELECT * FROMCustomer WHERE Age>'18' " );

$result = mysql_query("SELECT * FROMCustomer WHERE Age>'18' ORDER ByName" );

mysql_query("UPDATE Customer SET Age ='36 WHERE Name = Ali' ") ordie(mysql_error());

mysql_query("DELETE FROM CustomerWHERE id='2'") or die(mysql_error());


21/43

ExamplesCreate a database named example

Create a table named customers with the following attributes:

IDtype= int

Nametype= varchar of size 20

Usernametype= varchar of size 20

Passwordtype= varchar of size 20

Agetype= int

Occupationtype= varchar of size 30


22/43

Example 1: Login Verification

Querying a MySQL Database

Username
Password


23/43

e1_select.php


24/43

Example 2: User Sign-Up


25/43

Form.htm

ID:Name:Age:Username:PasswordConfirm Password:Occupation:StudentManager

MessengerTeacher


26/43

e2_insert.php


27/43

Example 3: Update Details Read only


28/43

View.php


29/43

e3_edit.php


30/43

e3_update.php


31/43

Example 4: Delete Users

Note: use the same code as view.php for listing all users but changethe form action to e4_delete


32/43

e4_delete.php


33/43

Required Reading and UsefulFunctions

Part 8: Databases and MySQL

Mysqli [not required]

Useful Functions:

mysql_num_rows()

md5()

mysql_fetch_object() and reading data as

objectmysql_insert_id()

Mini ProjectRead Part 14


34/43

PHP Upload

A very useful aspect of PHP is its ability tomanage file uploads to your server.

However, allowing users to upload a file toyour server opens a whole can of worms,so please be careful when enabling file

uploads.


35/43

HTML Form needed for upload

Choose a file to upload:


36/43

Here is a brief description of the important parts of the above code: enctype="multipart/form-data"- Necessary for our to-be-created

PHP file to function properly. action="uploader.php"- The name of our PHP page that will be

created, shortly.

method="POST"- Informs the browser that we want to sendinformation to the server using POST.

input type="hidden" name="MA...- Sets the maximum allowablefile size, in bytes, that can be uploaded. This safety mechanism iseasily bypassed and we will show a solid backup solution in PHP.We have set the max file size to 100KB in this example.

input name=myFile" - myFile is how we will access the file in our

PHP script.


37/43

When the uploader.phpfile is executed, the uploaded fileexists in a temporary storage area on the server. If thefile is not moved to a different location it will be

destroyed! To save our precious file we are going toneed to make use of the $_FILESassociative array.

The $_FILESarray is where PHP stores all theinformation about files. There are two elements of thisarray that we will need to understand for this example.

myFile- is the reference we assigned in our HTML form. We willneed this to tell the $_FILES array which file we want to playaround with.

$_FILES[myFile']['name']- namecontains the original path ofthe user uploaded file.

$_FILES[myFile']['tmp_name']- tmp_namecontains the pathto the temporary file that resides on the server. The file shouldexist on the server in a temporary directory with a temporaryname.
http://www.tizag.com/phpT/arrays.phphttp://www.tizag.com/phpT/arrays.php


38/43

Simple File Upload Example


39/43

PHP - File Upload: Safe Practices!

Note:This script is for education purposes only.We do not recommend placing this on a webpage viewable to the public.

These few lines of code we have given you willallow anyone to upload data to your server.Because of this, we recommend that you do nothave such a simple file uploader available to the

general public. Otherwise, you might find thatyour server is filled with junk or that your server'ssecurity has been compromised.


40/43

Practical Upload Example

Filename:

l d fil h


41/43

upload_file.php


42/43

List of Mime Types

Pdf = application/pdf Doc = application/msword Css = text/css Bmp = image/bmp

Htm/html = text/html Mov = video/quicktime Mp3 = audio/mpeg3 Mpg = video/mpeg Ppt = application/powerpoint Txt = text/plainFor Complete Reference: check this websitehttp://www.webmaster-toolkit.com/mime-types.shtml
http://www.webmaster-toolkit.com/mime-types.shtmlhttp://www.webmaster-toolkit.com/mime-types.shtmlhttp://www.webmaster-toolkit.com/mime-types.shtmlhttp://www.webmaster-toolkit.com/mime-types.shtmlhttp://www.webmaster-toolkit.com/mime-types.shtmlhttp://www.webmaster-toolkit.com/mime-types.shtml


43/43

PHP what else?

You can still do many many more things withPHP and SS scripts:You can create/manage/delete/rename

directories/files on the server (i.e.

mkdir($dirName,0777);)You can access and manipulate XML data easily.You can interact with networking applications such

as DNS, mail server, ftp, open network sockets etc.PHP also has a great number of functions that will

secure sensitive website data (i.e. encryptions,hash functions, etc.)

PHP regular expression is useful for complex datavalidation

chapter 4-2 php part 2

Documents