CHAPTER 10. Connecting to Databases within PHP

Transcription

1 CHAPTER 10 Connecting to Databases within PHP

2 CHAPTER OBJECTIVES Get a connection to a MySQL database from within PHP Use a particular database Send a query to the database Parse the query results Check for data errors Build HTML output from data results

3 PHP'S MYSQLI EXTENSION The textbook uses PHP's deprecated mysql extension. You may want to use the new mysqli extension. For more information, please see MySQL Improved Extension.

4 THE CS85 USER Download and Install MobaXterm Use a SSH Connection to access the smccs85.com web server command line. To connect to the MySQL server on SMCSCS85.com server, you must use a valid username on that server. Use the username and password provided for this course.

5 CONNECTING TO A DATABASE The mysql_connect function arranges the communication link between MySQL and PHP. Server name. The server name is the name or URL of the MySQL server you want to connect to. Username. The username in MySQL. Password. The password associated with the MySQL user, identified by username.

6 CONNECTING TO MYSQL $dbc = mysqli_connect (hostname, username, password, db_name); mysqli_set_charset($dbc, 'utf8'); $dbc (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) OR die ('Could not connect to MySQL: '. mysqli_connect_error() ); The values are set in MySQL, based upon its access privileges. The value returned by mysqli_connect() should be stored in a variable to be used by other functions. Use an includable file so the entire site can require just the same script.

7 PROTECTING ACCESS some folder mysqli_connect.php index.php htdocs points here register.php header.html includes footer.html style.css Best to store the MySQL connection script outside of the Web root directory.

8 CONNECTING TO A DATABASE The mysql_connect() function returns an integer referring to the database connection. The data connection should be stored in a variable, (i.e. $conn) since many of the other database functions need to access the connection. The or die() portion of the statement is a special function that ends the program with a specific error if something went wrong. MySQL has a different set of error messages than PHP. The mysql_error() function reports the last mysql error.

9 CHOOSING A DATABASE mysql_set_db() function lets you choose a database that the following PHP code will be accessing. The mysql_set_db() function works just like the USE DATABASE; command inside SQL command line.

10 CREATING A QUERY The mysql_query() function allows you to pass an SQL command through a connection to a database. You can send any SQL command to the database with mysql_query(), including table creation statements, updates, and queries. mysql_query() has a lot of potential for error. Use the or die mechanism to get accurate information about what might have gone wrong if the program fails.

11 MYSQL_FETCH_ASSOC() & MYSQLI_FETCH_ASSOC() array mysql_fetch_assoc ( resource $result ) Fetch a result row as an associative array. Returns an associative array that corresponds to the fetched row and moves the internal data pointe ahead. mysql_fetch_assoc() is equivalent to calling mysql_fetch_array() with MYSQL_ASSOC for the optional second parameter. It only returns an associative array.

12 EXECUTING SIMPLE QUERIES result = mysqli_query(dbc, query); $r = mysqli_query($dbc, $q); if ($r) { // Worked! // Do whatever. } else { echo mysqli_error($dbc); } mysqli_close($dbc); Simple queries means those that do not return result sets: INSERT, UPDATE, DELETE. The result is TRUE/FALSE. Remember to print out the values of your queries to confirm what was executed.

13 RETRIEVING THE DATA There are many ways to extract the data from the $result variable. The easiest is to treat the data in the form like an associative array. The mysql_fetch_assoc() command retrieves the next record from the result and stores it in an associative array.

14 RETRIEVING QUERY RESULTS while ($row = mysqli_fetch_array($r)) { } // Do something with $row. mysqli_free_result ($r); Use to handle SELECT queries. Almost always want to use a while loop unless you know there s only one record returned.

15 SQL DEBUGGING These debugging techniques are especially important when PHP is dynamically creating an SQL query. 1. Print out queries from your PHP script 2. Run the query using another interface 3. Rewrite the query more simply and rebuild it in parts until you identify the problem

16 RETRIEVING QUERY RESULTS Constant MYSQLI_ASSOC MYSQLI_NUM MYSQLI_BOTH Example $row['column'] $row[0] $row['column'] or $row[0] while ($row = mysqli_fetch_array($r, MYSQLI_NUM)) { } // Do something with $row[0], $row[1], etc. Use these constants to affect how mysqli_fetch_array() works.

17 GETTING FIELD NAMES: EXAMPLE Retrieve field names to create the table headings. The $field variable is actually an object. It has a number of properties (which can be thought of as field attributes).

18 PARSING THE RESULTS SET The mysql_fetch_assoc() function fetches the next row from a result set. It requires a result pointer as its parameter, and it returns an associative array. If no rows are left in the result set, mysql_fetch_assoc() returns the value FALSE. The mysql_fetch_assoc() function call is often used as a condition in a while loop. You can manipulate this array using a standard foreach loop. I assigned each element to $col and $val variables. Inside the foreach loop, the code prints the current field in a table cell.

19 EXAMPLE: ADVENTURE DATABASE

20 EXAMPLE: ADVENTURE GAMES PAGE: 370 This program is meant to show all the information for one room of the adventure. The room number comes from a previous version of the form. $room value retrieve from form. $root value correspond to ID in database. Retrieve description of the room id specific from the database. Call buildbutton function for each of the directions.

21 EXAMPLE: ADVENTURE GAMES PAGE: 370 Each button is a radio button corresponding to a direction. The radio button will have a value that comes from the corresponding direction value from the current record. If the north field of the current record is 12 (meaning if the user goes North, load the data in record 12), the radio button s value should be 12. The trickier thing is getting the appropriate label. The next room s ID is all that s stored in the current record. If you want to display the room s name, you must make another query to the database.

22 EXAMPLE: ADVENTURE GAMES PAGE: Borrows the $mainrow array (which holds the value of the main record this page is about) and the data connection in $conn. 2. Pulls the ID for this button from the $mainrow array and stores it in a local variable. The buildbutton() function requires a direction name sent as a parameter. This direction should be the field name for one of the direction fields. 3. Repeats the query creation process, building a query that requests only the row associated with the new ID. 4. Pulls the room name from that array. Once that s done, it s easy to build the radio button text. The radio button is called room, so the next time this program is called, the $room variable corresponds to the user-selected radio button.

23 UPDATE DATABASE Constructs an UPDATE SQL statement. Then simply applied the query to the database and checked the result. Run the $sql query. Update will be committed once mysql_query runs.

24 MYSQLI_REAL_ESCAPE_STRING $safe = mysqli_real_escape_string($dbc, data); Escapes special characters in a string for use in an SQL statement, taking into account the current charset of the connection. Prevents SQL injection attacks.

25 CODE EXAMPLES FOR THIS CHAPTER The code examples for this chapter are available on the ciswebs Web server. The two.sql script files in this folder (buildadventure.sql and buildhero.sql) should not be used. See the Chapter 9 examples for these files. All scripts have been modified to run in our ciswebs PHP/MySQL environment. Comments have been added to the source code to explain these mods. Many additional helpful comments have been added to various files to explain how the code works. Additional code has been added for basic error handling. Use the...src.php links to view the PHP source code and to read the comments. ph10withmods.zip is a ZIP folder of the examples, both original and modified versions. Chapter 10 examples