Web Database Programming

Connecting Database to Web

Example Design

Customers come to the web site and register. The sales department sets up a list of widgets that customers can order from. A customer makes one or more orders for widgets. When the order is filled the order is removed from the database. Widgets are classified by type.

Cu s tom e rs

N am eU se rN ame

Password t im e

i s su e1 M

W idge tsO rde r in clu de

M 1

n am e

belong

1

Type1

M

price

SQL Query

• SELECT … FROM … WHERE … ORDER BY

• Examples of SQL– SELECT * FROM Customer– SELECT FirstName, LastName

FROM CustomerWHERE FirstName=“Andrew” AND LastName=“Fuller”

– SELECT FirstName AS FName, LastName AS LNameFROM CustomerWHERE LastName=“Fuller” OR (YearOfBirth<"1950” AND Photograph Is Null)ORDER BY LastName

Get a Table and Display it on the Web

• Connect to a database server (get a handle to a connection)– Host– User name– Password

• Select a database• Issue SQL query to get a table• Fetch results row by row

– Display each row• Error checking in every step

Example Code<html><head><title>Customer List</title></head><body><?php

$db = mysql_connect(“db_host”, “db_user”,“db_pwd”)

or die(“cannot connect”);mysql_select_db(“dbname”,$db)

or die(“cannot select db”);$sql = “SELECT FirstName, LastName ”;$sql = $sql.“FROM Customer”;$result = mysql_query($sql,$db)

or die(“query failed: ”.mysql_error());while ($row = mysql_fetch_row($result)){

$fn = $row[“FirstName”]; $ln = $row[“LastName”]; print “<li>$fn $ln</li>”;}

?></body>

Include file

• Put database login information into a separate file– For Portability and security<?php$db_host = “localhost”;$db_user = “instruct”;$db_pwd = “xxxxx”;

?>

• Each database accessing script “include” this file at the beginning (or “require”)include(“db_login.php”);

• Use variables and functions in included file as if it is in this file

Using HTML Forms for Queries

• Example – For a customer table (FirstName, LastName)– Use a page to query the database, find a record,

and display it– Later we will look at other actions you can take

(insert, update, and delete)

• Notice– What happens when the user submits the form– Form display and form processing may be done

with different files

The Form Display Part

• Tags in CustomerSimpleQueryForm.html<form action="FirstNameQuery.php" method=post>

Enter a first name:

<input type=text name="queryFirstName">

<input type=submit value="Query with first name.">

</form• Notes

– The form action is the URL of the file or script that will “handle” the form

– The name of the form input field is used in the action file to identify the corresponding value, I.e. it is the same name in $_POST[‘name’]

The Action

• Query:$sql="SELECT FirstName, LastName from Customer ";

$sql = $sql."WHERE FirstName='$_POST[queryFirstName]'";

$results = mysql_query($sql,$db) or die(“query failed: ”.mysql_error());

• Notes– in SQL, enclose text in single quotes (‘text’) while numbers

do not have them (e.g. 3)– The $sql string can be used for debugging (e.g. print(“sql = $sql”); )

The Output

• PhP Code Fragment

while ($row = mysql_fetch_row($results)){

// print fields one by one // or use a loop

print("<li>$row[0] $row[1]</li>");}

Or:

$count = mysql_num_rows($results);for ($i = 0; $i < $count; $i++){…

• Note– what happens when result set is empty?

Redirect using header()

• The PHP function header() takes over the sending of the “header” to the client

• Example:if (!$_POST[queryFirstName]) {

// there was no id value // so send the user to the add form header(“Location: add.html”);

exit; // and get out of here!}

• Note there can be NO OUTPUT prior to the use of header() – no print statements – not even a blank line (outside of the <?php tag)

Alternate means of doing a Query

• URL parameters– On the URL following ?, and separated by

&– Each value is a name=value pair– For example:

http://host/path/file.php?a=5&b=12&c=yes

• These parameters can be accessed with $_GET[‘name’]