Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
47 views11 pages

PHP MySQL Database Operations Guide

The document discusses working with databases using PHP and MySQL. It covers setting up a database connection with phpMyAdmin, and using mysqli functions in PHP to insert, read, update, and delete data from MySQL databases. It emphasizes the importance of escaping user input to prevent SQL injection attacks.

Uploaded by

Neven Vuckovic
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
47 views11 pages

PHP MySQL Database Operations Guide

The document discusses working with databases using PHP and MySQL. It covers setting up a database connection with phpMyAdmin, and using mysqli functions in PHP to insert, read, update, and delete data from MySQL databases. It emphasizes the importance of escaping user input to prevent SQL injection attacks.

Uploaded by

Neven Vuckovic
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

Working With Databases

Christian Wenz
@chwenz
Agenda

 Database Setup With phpMyAdmin

 Inserting Data

 Reading Data

 Updating Data

 Deleting Data
Database Setup

 phpMyAdmin (http://www.phpmyadmin.net/)
Disclaimer

There is more than one way …

Very limited error


handling/detection

Database uses insecure default


settings

It ain’t pretty :-)


Database Connection

$db = mysqli_connect(

"localhost",

"username",

"password",

"database");

// ...

mysqli_close($db);
Inserting Data

mysqli_query(

$db,

"INSERT INTO table (col1, col2)

VALUES ('value1', 'value2')");


Avoiding SQL Injection

$sql = sprintf(

"INSERT INTO table (col1, col2)

VALUES ('%s', '%s')",

mysqli_real_escape_string($db, 'value1'),

mysqli_real_escape_string($db, 'value2'));

mysqli_query($db, $sql);
Reading Data

$result = mysqli_query(

$db, "SELECT * FROM table");

foreach ($result as $row) {

$value1 = $row["col1"];

$value2 = $row["col2"];

}
Updating Data

$sql = sprintf(

"UPDATE table SET col1='%s', col2='%s'

WHERE col3='%s'",

mysqli_real_escape_string($db, 'value1'),

mysqli_real_escape_string($db, 'value2'),

mysqli_real_escape_string($db, 'value3'));

mysqli_query($db, $sql);
Deleting Data

$sql = sprintf(

"DELETE FROM table WHERE col1='%s'",

mysqli_real_escape_string($db, 'value1'));

mysqli_query($db, $sql);
Summary

 Use phpMyAdmin for web-based MySQL administration

 PHP provides mysqli_*() functions to communicate with MySQL

 Avoid SQL Injection by escaping user input before putting it in SQL

 We did not cover the OOP interface (which has the same feature set)

You might also like