I. File Inclusion: Include Include Include

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 4

PHP Notes

I. FILE INCLUSION
 INCLUDE
 include() function takes all the text in a specified file and copies it into
the file that uses the include function. If there is any problem in
loading a file, then include() function generates a warning but the
script will continue execution.
display.php
<!DOCTYPE html>
index.php <?php
<html>
<head> echo “Hello Im PHP!”;
<title>PHP INCLUDE</title> ?>
</head>
<body>
<?php OR display.php
include(“display.php”);
?> <a href=”www.fb.com”>Facebook</a>
</body> <a href=”www.google.com”>Google</a>
</html> <a href=”www.yahoo.com”>Yahoo</a>

 REQUIRE
 require() function takes all the text in a specified file and copies it into
the file that uses the include function. If there is any problem in
loading a file, then require() function generates a fatal error and halt
the execution of the script.
display.php

index.php <?php
<!DOCTYPE html>
echo “Hello Im PHP!”;
<html>
?>
<head>
<title>PHP INCLUDE</title>
</head>
OR display.php
<body>
<?php
require(“display.php”); <a href=”www.fb.com”>Facebook</a>
?> <a href=”www.google.com”>Google</a>
</body> <a href=”www.yahoo.com”>Yahoo</a>
</html>

NOTE:
Use require when the file is required by the application.
Use include when the file is not required and application should continue when file is not found.

II. PHP and MySQL


 MySQL Connection
 MySQLi extension (the i stands for improved)
 PDO (PHP Data Objects)
 What to choose PDO or MySQLi?
 It would be whatever you like

 PDO will work on 12 different database systems, whereas MySQLi will only
work with MySQL databases.
 So, if you have to switch your project to use another database, PDO makes
the process easy. You only have to change the connection string and a few
queries. With MySQLi, you will need to rewrite the entire code - queries
included.
 Both are object-oriented, but MySQLi also offers a procedural API.
 Both support Prepared Statements. Prepared Statements protect from SQL
injection, and are very important for web application security.

III. OPEN A CONNECTION USING MySQLi


PHP Notes
 PHP provides new mysqli() function to open a database connection. This function
takes five parameters and returns a MySQL link identifier on success, or FALSE on
failure.

$conn = new mysqli(server,root,password,database);


<?php
$servername = "localhost";
$username = "username"; server
$password = "password"; Optional − The host name running database server. If not
$database = "dbphp"; specified, then
default value is localhost:3306.
// Create connection
$conn = new mysqli($servername, $username, $password, $database); user
Optional − The username accessing the database. If not
specified, then default is the name of the user that owns
// Check connection the server process.
if ($conn->connect_error) { Default value is root
    die("Connection failed: " . $conn->connect_error);
}  password
echo "Connected successfully"; Optional − The password of the user accessing the database.
?> If not specified then default is an empty password.
Default value is 1234 / usbw / blank

tbluseraccounts
user_ID INT(11) PRIMARY KEY AUTO_INCREMENT
username VARCHAR(50) UNIQUE
password VARCHAR(1000)
pass_salt VARCHAR(100)
account_type VARCHAR(50)

 SELECT query
 Data can be fetched from MySQL tables by executing SQL SELECT
statement through PHP function mysql_query() or query(). You have
several options to fetch data from MySQL.

 The most frequently used option is to use function mysql_fetch_array()


or fetch_assoc() . This function returns row as an associative array, a
numeric array, or both. This function returns FALSE if there are no more
rows.
<?php <?php
$servername = "localhost"; $servername = "localhost";
$username = "username"; $username = "username";
$password = "password"; $password = "password";
$database = "dbphp";
$database = "dbphp";
// Create connection
// Create connection $conn = new mysqli($servername, $username, $password, $database);
$conn = new mysqli($servername, $username, $password, $database); if($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
if ($conn->connect_error) { } 
$sql = "SELECT * FROM tbluseraccounts";
    die("Connection failed: " . $conn->connect_error);
// give the output of the query in a variable(result)
}  $result = $conn->query($sql);
if($result->num_rows > 0) // check if the table has records
$sql = "SELECT * FROM tbluseraccounts"; {
// Check if the query is executed properly // give the data of the table in $row in an associative array format
if ($conn->query($sql) === TRUE)  while($row = $result->fetch_assoc())
{
   echo "Record Found!";
echo "User_ID:".$row["user_ID"]; //column name
else  echo "username:".$row["username"] //column name
   echo "Error ".$conn->error; }
?> }
else
{
Use this if you just want to check if the table has records in it. echo "Error ".$conn->error;

?>

Use this if you want to get and show all records in this table
PHP Notes

 UPDATE query
 Data can be updated into MySQL tables by executing SQL UPDATE
statement through PHP function mysql_query() or query().
 Below is a simple example to update records into tbluseraccounts. To
update a record in any table it is required to locate that record by using a
conditional clause.
 Below example uses unique key to match a record in tbluseraccounts.

<?php
$servername = "localhost";
$username = "username";
$password = "password";
$database = "dbphp";

// Create connection
$conn = new mysqli($servername, $username, $password, $database);

if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);

$sql = "UPDATE tbluseraccounts SET `account_type` = ‘administrator’ WHERE `username` = ‘admin’ ";
// Check if the query is executed properly
if ($conn->query($sql) === TRUE) 
   echo "Updated successfully";
else 
   echo "Error ".$conn->error;
?>

` this is a backtick – use to remove reserved word characteristics from a column name.

 DELETE query
 Data can be deleted from MySQL tables by executing SQL DELETE
statement through PHP function mysql_query or query().
 Following is a simple example to delete records into tbluseraccounts. To
delete a record in any table it is required to locate that record by using a
conditional clause.
 Below example uses unique key to match a record in tbluseraccounts.

<?php <?php
$servername = "localhost"; $servername = "localhost";
$username = "username"; $username = "username";
$password = "password"; $password = "password";
$database = "dbphp"; $database = "dbphp";

// Create connection // Create connection


$conn = new mysqli($servername, $username, $password, $database); $conn = new mysqli($servername, $username, $password, $database);

if ($conn->connect_error) { if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);     die("Connection failed: " . $conn->connect_error);
}  } 

$sql = "DELETE FROM tbluseraccounts"; $sql = "DELETE FROM tbluseraccounts WHERE username=’admin’";
// Check if the query is executed properly // Check if the query is executed properly
if ($conn->query($sql) === TRUE)  if ($conn->query($sql) === TRUE) 
   echo "Updated successfully";    echo "Updated successfully";
else  else 
   echo "Error ".$conn->error;    echo "Error ".$conn->error;
?> ?>

Use this query to delete ALL records from the selected table Use this query to delete specific records from the selected table
PHP Notes

 INSERT query
 Data can be entered into MySQL tables by executing SQL INSERT
statement through PHP function mysql_query() or query().
 Below a simple example to insert a record into tbluseraccounts

<?php
$servername = "localhost";
$username = "username";
$password = "password";
$database = "dbphp";

// Create connection
$conn = new mysqli($servername, $username, $password, $database);
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);

$uname = "webmaster";
$pword = "12345";
$acct = "administrator";
$sql = "INSERT INTO tbluseraccounts(username,password,account_type)VALUES(‘".$uname."’, ‘".$pword."’, ‘".$acct."’)";
// Check if the query is executed properly
if ($conn->query($sql) === TRUE) 
   echo "New record created successfully";
else 
   echo "Error ".$conn->error;
?>

Below example is a PROPER user registration with PASSWORD SALT and HASH. This is used to protect accounts from sql injections.

<?php
require_once("Base.php");

$uname = "webmaster";
$pword = "12345";
$acct = "administrator";
$pass_salt = generate_salt();
$password = create_hash($pword . $pass_salt);

$sql = "INSERT INTO tbluseraccounts(username,password,password_salt,account_type)VALUES(‘".$uname."’, ‘".$password."’,’".$pass_salt."’,


‘".$acct."’)";

// Check if the query is executed properly


if ($conn->query($sql) === TRUE) 
   echo "New record created successfully";
else 
   echo "Error ".$conn->error;
?>

<?php Base.php
$conn = new mysqli("localhost", "root", "usbw", "dbphp");
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);

function create_hash($value)
{
return hash("sha256", md5($value)); // return combination of numbers and letters from 256 characters
}

function generate_salt()
{
$password_salt = "";
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; // combination of numbers and letters

for ($counter = 0; $counter < 11; $counter++){


$password_salt .= $characters[rand(0, strlen($characters) - 1)]; // create a combination from $charaters
}

return $password_salt; // return created salt(combination of letters and numbers)

You might also like