PHP Part 2.

Slides:



Advertisements
Similar presentations
PHP SQL. Connection code:- mysql_connect("server", "username", "password"); Connect to the Database Server with the authorised user and password. Eg $connect.
Advertisements

PHP 5 + MySQL 5 A Perfect 10. Adam Trachtenberg PHP 5 + MySQL 5 = A Perfect mysqli extension i is for improved! All new MySQL extension for PHP.
PHP and MySQL Database. Connecting to MySQL Note: you need to make sure that you have MySQL software properly installed on your computer before you attempt.
Nic Shulver, Introduction to SQL Topics covered Structured Query Language What can it do? Advantages of SQL Why bother with SQL?
What is it? –Large Web sites that support commercial use cannot be written by hand What you’re going to learn –How a Web server and a database can be used.
INTRODUCTION The Group WEB BROWSER FOR RELATION Goals.
Manipulating MySQL Databases with PHP. PHP and mySQL2 Objectives Connect to MySQL from PHP Learn how to handle MySQL errors Execute SQL statements with.
Multiple Tiers in Action
DAT702.  Standard Query Language  Ability to access and manipulate databases ◦ Retrieve data ◦ Insert, delete, update records ◦ Create and set permissions.
PHP & MySQL Mahak Arora Vivek Bangera. Outline How PHP works Basic scripting in PHP Forms in PHP(GET & POST Variables) SQL basics PHP and MySQL connection.
1 CS428 Web Engineering Lecture 23 MySQL Basics (PHP - VI)
What is MySQL? MySQL is a database. The data in MySQL is stored in database objects called tables. A table is a collections of related data entries and.
© Yanbu University College YANBU UNIVERSITY COLLEGE Management Science Department © Yanbu University College Module 6:WEB SERVER AND SERVER SIDE SCRPTING,
1Computer Sciences Department Princess Nourah bint Abdulrahman University.
Server-side Scripting Powering the webs favourite services.
Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.
Advanced Database Management System Lab no. 11. SQL Commands (for MySQL) –Update –Replace –Delete.
 SQL stands for Structured Query Language.  SQL lets you access and manipulate databases.  SQL is an ANSI (American National Standards Institute) standard.
Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 19: Database Support.
1 PHP and MySQL. 2 Topics  Querying Data with PHP  User-Driven Querying  Writing Data with PHP and MySQL PHP and MySQL.
 Mysql – popular open-source database management system  PHP usually works with Mysql for web- based database applications  LAMP applications—Web-based.
Accessing MySQL with PHP IDIA 618 Fall 2014 Bridget M. Blodgett.
What is MySQLi? Since the mid-90s, Mysql extension has served as the major bridge between PHP and MySQL. Although it has performed its duty quite well,
Introduction to MySQL Lab no. 10 Advance Database Management System.
PHP MySQL Introduction. MySQL is the most popular open-source database system. What is MySQL? MySQL is a database. The data in MySQL is stored in database.
Web Scripting [PHP] CIS166AE Wednesdays 6:00pm – 9:50pm Rob Loy.
MySQL Databases & PHP Integration Using PHP to write data to, and retrieve data from, a MySQL database.
SYST Web Technologies SYST Web Technologies Databases & MySQL.
Database Fred Durao What is a database? A database is any organized collection of data. Some examples of databases you may encounter in.
Accessing Your MySQL Database from the Web with PHP (Ch 11) 1.
CHAPTER 9 PHP AND MYSQL. A POSSIBLE SITE CONFIGURATION Application Folder index.php includes (folder)header.phpfooter.phpstyle.cssmodel (folder)mysqli_connect.php.
2010/11 : [1]PHP with MySQLBuilding Web Applications using MySQL and PHP (W1) PHP with MySQL.
Sumanth M Ganesh B CPSC 620.  SQL Injection attacks allow a malicious individual to execute arbitrary SQL code on your server  The attack could involve.
PHP Database connectivity Connecting with RDBMS and editing, adding, and deleting databases therein are all done through PHP functions.
Web Programming Language Week 7 Dr. Ken Cosh PHP and storage.
PHP and Mysql Database. PHP and Database Mysql – popular open-source database management system PHP usually works with Mysql for web-based database applications.
Module Review Basic SQL commands: Create Database, Create Table, Insert and Select 2. Connect an SQL Database to PHP 3. Execute SQL Commands in.
Web Scripting [PHP] CIS166AE Wednesdays 6:00pm – 9:50pm Rob Loy.
NMD202 Web Scripting Week5. What we will cover today PHP & MySQL Displaying Dynamic Pages Exercises Modifying Data PHP Exercises Assignment 1.
WEB SECURITY WEEK 2 Computer Security Group University of Texas at Dallas.
MySQL. Is a SQL (Structured Query Language) database server. Can be accessed using PHP with embedded SQL Queries Supports Large DB’s, 60,000 tables with.
PHP: MySQL. PHP Connect to MySQL PHP 5 and later can work with a MySQL database using: – MySQLi extension (the "i" stands for improved) – PDO (PHP Data.
PHP Database Pemrograman Internet. PHP MySQL Database With PHP, you can connect to and manipulate databases. MySQL is the most popular database system.
Database MySQL Universitas Muhammadiyah Surakarta Yogiek Indra Kurniawan.
LECTURE 3 MYSQL Database. PHP MYSQL CONNECTION MySQL is a database system used on the web MySQL is a database system that runs on a server MySQL is ideal.
Task #1 Create a relational database on computers in computer classroom 308, using MySQL server and any client. Create the same database, using MS Access.
CHAPTER 10 PHP MySQL Database
>> PHP: MySQL & CRUD. R ecall Database Tables Records is composed of Operations (CRUD) Create Retrieve Update Delete DBMS Access Control MySQL phpMyAdmin.
Distribution of Marks For Second Semester Internal Sessional Evaluation External Evaluation Assignment /Project QuizzesClass Attendance Mid-Term Test Total.
DATABASES.
13 – PHP MySQL Connection Informatics Department Parahyangan Catholic University.
 MySQL is a database system used on the web  MySQL is a database system that runs on a server  MySQL is ideal for both small and large applications.
Web Systems & Technologies
PHP (Session 2) INFO 257 Supplement.
Web Systems & Technologies
Introduction to Dynamic Web Programming
CIIT-Human Computer Interaction-CSC456-Fall-2015-Mr
Unix System Administration
Server-Side Application and Data Management IT IS 3105 (FALL 2009)
Introduction to Web programming
ISC440: Web Programming 2 Server-side Scripting PHP 3
Web Systems Development (CSC-215)
Web Browser server client 3-Tier Architecture Apache web server PHP
MySQL Web Application Connecting to a MySQL database
SQL Queries Chapter No 3.
Tutorial 6 PHP & MySQL Li Xu
MySQL Web Application Connecting to a MySQL database
PHP Forms and Databases.
Introduction to Web programming
Presentation transcript:

PHP Part 2

Client – Server Model Client Browser Web Server Process PHP script HTTP Request index.php Process PHP script Render HTML &CSS Run JavaScript HTTP Response

Splitting PHP Code PHP code does not have to be contiguous <?php if ($x<5) { ?> <p>There are less than five items.</p> <?php } This is very powerful, yet can be hard to read

PHP and Databases PHP has built in support for over 20 databases Both SQL and NoSQL http://www.php.net/manual/en/refs.database.vendors.php We’ll be using MySQL an Open Source RDBMS

PHP MySQL Extension MySQL Improved Both procedural and Object Oriented $mysqli = mysqli_connect(“example.com”, “user”, “password”, “database); $res = mysqli_query($mysqli, “SELECT * FROM People”); $mysqli = new mysqli(“example.com”, “user”, “password”, “database); $res = $mysqli->query(“SELECT * FROM People”);

Connecting to DB $mysqli = new mysqli(“localhost”, “user”, “passwd”, “database”); if ($mysqli->connect_errno) { echo “Failed to connect to MySQL: (“ . $mysqli->connect_errno . “) “ . $mysqli->connect_error; }

Executing SQL Statements $res = $mysql->query(SQL); if (!mysqli->query(“DROP TABLE IF EXISTS test”) || !mysqli->query(“CREATE TABLE test(id INT)”) || !mysqli->query(“INSERT INTO test(id) VALUES (1)”)) { echo “Table creation failed: (“ . $mysqli->errno . “) “ . $mysqli->error; } Drops the table test, Creates a table test with one column id, Inserts a row with the value id==1

Important SQL Commands SELECT – extracts data UPDATE – updates data DELETE – deletes data INSERT INTO – inserts new data CREATE DATABASE – creates new database ALTER DATABASE – modifies database CREATE TABLE – creates new table ALTER TABLE – modifies table DROP TABLE – deletes table

PHP Select Query Selects records from a table SELECT col1,col2,… FROM table $res = $mysqli->query(“SELECT name, age FROM People”); while ($row = $res->fetch_assoc()) { echo “Name: “ . $row[‘name’] . “ is “ . $row[‘age’]; } $res->free();

Select Query SELECT col1,col2,… FROM table WHERE col oper value [AND | OR] col oper value Filters the records returned Operators: =, <>, >, <, >=, <=, BETWEEN, LIKE, IN

SELECT ORDER BY Orders the records returned SELECT col1,col2,… FROM table ORDER BY col1,col2,… ASC|DESC $res = $mysqli->query(“SELECT * FROM Persons ORDER BY age”);

INSERT Query Inserts a record into the table INSERT INTO table (col1,col2,…) VALUES (val1,val2,…) Column names are optional Must have a value for each column $res = $mysqli->query(“INSERT INTO test VALUES (1, ‘fred’)”);

UPDATE Query Updates record(s) in the table UPDATE table SET col1=val1,col2=val2,… WHERE some_col=some_val WHERE clause can have AND OR statements WHERE clause chooses which records to change $res = $mysqli->query(“UPDATE test SET name=‘fred’ WHERE id=3”);

DELETE Query Deletes records from a table DELETE FROM table WHERE some_col=some_val $res = $mysqli->query(“DELETE FROM test WHERE name=‘fred’”);

SQL Injection It is common to allow web users to input their own values <?php $stmt = “SELECT * FROM Users WHERE id = “ . $_POST[‘user_id’]; ?> What if they typed ‘3 or 1=1’? SELECT * FROM Users WHERE id = 3 or 1=1 What if they typed ‘5; DROP TABLE Sales’?

Solution Use Prepared Statements Prepared statements have place holders ‘?’ They are bound before execution <?php if(!($stmt = $mysqli->prepare(“INSERT INTO test(id) VALUES (?)”))) { echo “Prepare failed”; } $id = 2; if (!stmt->bind_param(“i”, $id)) { echo “Bind failed”; for($id = 1; $id < 5; $id++) { if (!stmt->execute()) { echo “Execute failed”; $stmt->close(); ?>