I. File Inclusion: Include Include Include
I. File Inclusion: Include Include Include
I. File Inclusion: Include Include Include
I. FILE INCLUSION
INCLUDE
include() function takes all the text in a specified file and copies it into
the file that uses the include function. If there is any problem in
loading a file, then include() function generates a warning but the
script will continue execution.
display.php
<!DOCTYPE html>
index.php <?php
<html>
<head> echo “Hello Im PHP!”;
<title>PHP INCLUDE</title> ?>
</head>
<body>
<?php OR display.php
include(“display.php”);
?> <a href=”www.fb.com”>Facebook</a>
</body> <a href=”www.google.com”>Google</a>
</html> <a href=”www.yahoo.com”>Yahoo</a>
REQUIRE
require() function takes all the text in a specified file and copies it into
the file that uses the include function. If there is any problem in
loading a file, then require() function generates a fatal error and halt
the execution of the script.
display.php
index.php <?php
<!DOCTYPE html>
echo “Hello Im PHP!”;
<html>
?>
<head>
<title>PHP INCLUDE</title>
</head>
OR display.php
<body>
<?php
require(“display.php”); <a href=”www.fb.com”>Facebook</a>
?> <a href=”www.google.com”>Google</a>
</body> <a href=”www.yahoo.com”>Yahoo</a>
</html>
NOTE:
Use require when the file is required by the application.
Use include when the file is not required and application should continue when file is not found.
PDO will work on 12 different database systems, whereas MySQLi will only
work with MySQL databases.
So, if you have to switch your project to use another database, PDO makes
the process easy. You only have to change the connection string and a few
queries. With MySQLi, you will need to rewrite the entire code - queries
included.
Both are object-oriented, but MySQLi also offers a procedural API.
Both support Prepared Statements. Prepared Statements protect from SQL
injection, and are very important for web application security.
tbluseraccounts
user_ID INT(11) PRIMARY KEY AUTO_INCREMENT
username VARCHAR(50) UNIQUE
password VARCHAR(1000)
pass_salt VARCHAR(100)
account_type VARCHAR(50)
SELECT query
Data can be fetched from MySQL tables by executing SQL SELECT
statement through PHP function mysql_query() or query(). You have
several options to fetch data from MySQL.
Use this if you want to get and show all records in this table
PHP Notes
UPDATE query
Data can be updated into MySQL tables by executing SQL UPDATE
statement through PHP function mysql_query() or query().
Below is a simple example to update records into tbluseraccounts. To
update a record in any table it is required to locate that record by using a
conditional clause.
Below example uses unique key to match a record in tbluseraccounts.
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$database = "dbphp";
// Create connection
$conn = new mysqli($servername, $username, $password, $database);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "UPDATE tbluseraccounts SET `account_type` = ‘administrator’ WHERE `username` = ‘admin’ ";
// Check if the query is executed properly
if ($conn->query($sql) === TRUE)
echo "Updated successfully";
else
echo "Error ".$conn->error;
?>
` this is a backtick – use to remove reserved word characteristics from a column name.
DELETE query
Data can be deleted from MySQL tables by executing SQL DELETE
statement through PHP function mysql_query or query().
Following is a simple example to delete records into tbluseraccounts. To
delete a record in any table it is required to locate that record by using a
conditional clause.
Below example uses unique key to match a record in tbluseraccounts.
<?php <?php
$servername = "localhost"; $servername = "localhost";
$username = "username"; $username = "username";
$password = "password"; $password = "password";
$database = "dbphp"; $database = "dbphp";
if ($conn->connect_error) { if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error); die("Connection failed: " . $conn->connect_error);
} }
$sql = "DELETE FROM tbluseraccounts"; $sql = "DELETE FROM tbluseraccounts WHERE username=’admin’";
// Check if the query is executed properly // Check if the query is executed properly
if ($conn->query($sql) === TRUE) if ($conn->query($sql) === TRUE)
echo "Updated successfully"; echo "Updated successfully";
else else
echo "Error ".$conn->error; echo "Error ".$conn->error;
?> ?>
Use this query to delete ALL records from the selected table Use this query to delete specific records from the selected table
PHP Notes
INSERT query
Data can be entered into MySQL tables by executing SQL INSERT
statement through PHP function mysql_query() or query().
Below a simple example to insert a record into tbluseraccounts
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$database = "dbphp";
// Create connection
$conn = new mysqli($servername, $username, $password, $database);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$uname = "webmaster";
$pword = "12345";
$acct = "administrator";
$sql = "INSERT INTO tbluseraccounts(username,password,account_type)VALUES(‘".$uname."’, ‘".$pword."’, ‘".$acct."’)";
// Check if the query is executed properly
if ($conn->query($sql) === TRUE)
echo "New record created successfully";
else
echo "Error ".$conn->error;
?>
Below example is a PROPER user registration with PASSWORD SALT and HASH. This is used to protect accounts from sql injections.
<?php
require_once("Base.php");
$uname = "webmaster";
$pword = "12345";
$acct = "administrator";
$pass_salt = generate_salt();
$password = create_hash($pword . $pass_salt);
<?php Base.php
$conn = new mysqli("localhost", "root", "usbw", "dbphp");
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
function create_hash($value)
{
return hash("sha256", md5($value)); // return combination of numbers and letters from 256 characters
}
function generate_salt()
{
$password_salt = "";
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; // combination of numbers and letters