<?php // sqltest.php require_once 'login.php'; $conn = new mysqli($hn, $un, $pw, $db); if ($conn->connect_error) die("Fatal Error"); if (isset($_POST['delete']) && isset($_POST['isbn'])) { $isbn = get_post($conn, 'isbn'); $query = "DELETE FROM classics WHERE isbn='$isbn'"; $result = $conn->query($query); if (!$result) echo "DELETE failed<br><br>"; } if (isset($_POST['author']) && isset($_POST['title']) && isset($_POST['category']) && isset($_POST['year']) && isset($_POST['isbn'])) { $author = get_post($conn, 'author'); $title = get_post($conn, 'title'); $category = get_post($conn, 'category'); $year = get_post($conn, 'year'); $isbn = get_post($conn, 'isbn'); $query = "INSERT INTO classics VALUES" . "('$author', '$title', '$category', '$year', '$isbn')"; $result = $conn->query($query); if (!$result) echo "INSERT failed<br><br>"; } echo <<<_END <form action="sqltest.php" method="post"><pre> Author <input type="text" name="author"> Title <input type="text" name="title"> Category <input type="text" name="category"> Year <input type="text" name="year"> ISBN <input type="text" name="isbn"> <input type="submit" value="ADD RECORD"> </pre></form> _END; $query = "SELECT * FROM classics"; $result = $conn->query($query); if (!$result) die ("Database access failed"); $rows = $result->num_rows; for ($j = 0 ; $j < $rows ; ++$j) { $row = $result->fetch_array(MYSQLI_NUM); $r0 = htmlspecialchars($row[0]); $r1 = htmlspecialchars($row[1]); $r2 = htmlspecialchars($row[2]); $r3 = htmlspecialchars($row[3]); $r4 = htmlspecialchars($row[4]); echo <<<_END <pre> Author $r0 Title $r1 Category $r2 Year $r3 ISBN $r4 </pre> <form action='sqltest.php' method='post'> <input type='hidden' name='delete' value='yes'> <input type='hidden' name='isbn' value='$r4'> <input type='submit' value='DELETE RECORD'></form> _END; } $result->close(); $conn->close(); function get_post($conn, $var) { return $conn->real_escape_string($_POST[$var]); } ?>
<?php require_once 'login.php'; $conn = new mysqli($hn, $un, $pw, $db); if ($conn->connect_error) die("Fatal Error"); $query = "CREATE TABLE cats ( id SMALLINT NOT NULL AUTO_INCREMENT, family VARCHAR(32) NOT NULL, name VARCHAR(32) NOT NULL, age TINYINT NOT NULL, PRIMARY KEY (id) )"; $result = $conn->query($query); if (!$result) die ("Database access failed"); ?>
<?php require_once 'login.php'; $conn = new mysqli($hn, $un, $pw, $db); if ($conn->connect_error) die("Fatal Error"); $query = "DESCRIBE cats"; $result = $conn->query($query); if (!$result) die ("Database access failed"); $rows = $result->num_rows; echo "<table><tr><th>Column</th><th>Type</th><th>Null</th><th>Key</th></tr>"; for ($j = 0 ; $j < $rows ; ++$j) { $row = $result->fetch_array(MYSQLI_NUM); echo "<tr>"; for ($k = 0 ; $k < 4 ; ++$k) echo "<td>" . htmlspecialchars($row[$k]) . "</td>"; echo "</tr>"; } echo "</table>"; ?>
<?php require_once 'login.php'; $conn = new mysqli($hn, $un, $pw, $db); if ($conn->connect_error) die("Fatal Error"); $query = "DROP TABLE cats"; $result = $conn->query($query); if (!$result) die ("Database access failed"); ?>
<?php require_once 'login.php'; $conn = new mysqli($hn, $un, $pw, $db); if ($conn->connect_error) die("Fatal Error"); $query = "INSERT INTO cats VALUES(NULL, 'Lion', 'Leo', 4)"; $result = $conn->query($query); if (!$result) die ("Database access failed"); ?>
<?php require_once 'login.php'; $conn = new mysqli($hn, $un, $pw, $db); if ($conn->connect_error) die("Fatal Error"); $query = "SELECT * FROM cats"; $result = $conn->query($query); if (!$result) die ("Database access failed"); $rows = $result->num_rows; echo "<table><tr> <th>Id</th> <th>Family</th><th>Name</th><th>Age</th></tr>"; for ($j = 0 ; $j < $rows ; ++$j) { $result->data_seek($j); $row = $result->fetch_array(MYSQLI_NUM); echo "<tr>"; for ($k = 0 ; $k < 4 ; ++$k) echo "<td>" . htmlspecialchars($row[$k]) . "</td>"; echo "</tr>"; } echo "</table>"; ?>
<?php require_once 'login.php'; $conn = new mysqli($hn, $un, $pw, $db); if ($conn->connect_error) die("Fatal Error"); $query = "UPDATE cats SET name='Charlie' WHERE name='Charly'"; $result = $conn->query($query); if (!$result) die ("Database access failed"); ?>
<?php require_once 'login.php'; $conn = new mysqli($hn, $un, $pw, $db); if ($conn->connect_error) die("Fatal Error"); $query = "DELETE FROM cats WHERE name='Growler'"; $result = $conn->query($query); if (!$result) die ("Database access failed"); ?>
<?php require_once 'login.php'; $conn = new mysqli($hn, $un, $pw, $db); if ($conn->connect_error) die("Fatal Error"); $query = "INSERT INTO cats VALUES(NULL, 'Lynx', 'Stumpy', 5)"; $result = $conn->query($query); if (!$result) die ("Database access failed"); echo "The Insert ID was: " . $conn->insert_id; ?>
<?php require_once 'login.php'; $conn = new mysqli($hn, $un, $pw, $db); if ($conn->connect_error) die("Fatal Error"); $query = "SELECT * FROM customers"; $result = $conn->query($query); if (!$result) die ("Database access failed"); $rows = $result->num_rows; for ($j = 0 ; $j < $rows ; ++$j) { $row = $result->fetch_array(MYSQLI_NUM); echo htmlspecialchars($row[0]) . " purchased ISBN " . htmlspecialchars($row[1]) . ":<br>"; $subquery = "SELECT * FROM classics WHERE isbn='$row[1]'"; $subresult = $conn->query($subquery); if (!$subresult) die ("Database access failed"); $subrow = $subresult->fetch_array(MYSQLI_NUM); echo " " . htmlspecialchars("'$subrow[1]'") . " by " . htmlspecialchars( $subrow[0]) . "<br><br>"; } ?>
<?php function mysql_fix_string($conn, $string) { if (get_magic_quotes_gpc()) $string = stripslashes($string); return $conn->real_escape_string($string); } ?>
<?php require_once 'login.php'; $conn = new mysqli($hn, $un, $pw, $db); if ($conn->connect_error) die("Fatal Error"); $user = mysql_fix_string($conn, $_POST['user']); $pass = mysql_fix_string($conn, $_POST['pass']); $query = "SELECT * FROM users WHERE user='$user' AND pass='$pass'"; // Etc... function mysql_fix_string($conn, $string) { if (get_magic_quotes_gpc()) $string = stripslashes($string); return $conn->real_escape_string($string); } ?>
PREPARE statement FROM "INSERT INTO classics VALUES(?,?,?,?,?)"; SET @author = "Emily Brontë", @title = "Wuthering Heights", @category = "Classic Fiction", @year = "1847", @isbn = "9780553212587"; EXECUTE statement USING @author,@title,@category,@year,@isbn; DEALLOCATE PREPARE statement;
<?php require_once 'login.php'; $conn = new mysqli($hn, $un, $pw, $db); if ($conn->connect_error) die("Fatal Error"); $stmt = $conn->prepare('INSERT INTO classics VALUES(?,?,?,?,?)'); $stmt->bind_param('sssss', $author, $title, $category, $year, $isbn); $author = 'Emily Brontë'; $title = 'Wuthering Heights'; $category = 'Classic Fiction'; $year = '1847'; $isbn = '9780553212587'; $stmt->execute(); printf("%d Row inserted. ", $stmt->affected_rows); $stmt->close(); $conn->close(); ?>
<?php function mysql_entities_fix_string($conn, $string) { return htmlentities(mysql_fix_string($conn, $string)); } function mysql_fix_string($conn, $string) { if (get_magic_quotes_gpc()) $string = stripslashes($string); return $conn->real_escape_string($string); } ?>
<?php require_once 'login.php'; $conn = new mysqli($hn, $un, $pw, $db); if ($conn->connect_error) die("Fatal Error"); $user = mysql_entities_fix_string($conn, $_POST['user']); $pass = mysql_entities_fix_string($conn, $_POST['pass']); $query = "SELECT * FROM users WHERE user='$user' AND pass='$pass'"; //Etc… function mysql_entities_fix_string($conn, $string) { return htmlentities(mysql_fix_string($conn, $string)); } function mysql_fix_string($conn, $string) { if (get_magic_quotes_gpc()) $string = stripslashes($string); return $conn->real_escape_string($string); } ?>
<?php // login.php // Change these details to suit your installation $hn = 'localhost'; $db = 'publications'; $un = 'root'; $pw = 'mysql'; ?>
<?php // login.php $hn = 'localhost'; $db = 'publications'; $un = 'username'; // Change this $pw = 'password'; // Change this ?>
<?php require_once 'login.php'; $conn = new mysqli($hn, $un, $pw, $db); if ($conn->connect_error) die("Fatal Error"); ?>
<?php $query = "SELECT * FROM classics"; $result = $conn->query($query); if (!$result) die("Fatal Error"); ?>
<?php // query.php require_once 'login.php'; $conn = new mysqli($hn, $un, $pw, $db); if ($conn->connect_error) die("Fatal Error"); $query = "SELECT * FROM classics"; $result = $conn->query($query); if (!$result) die("Fatal Error"); $rows = $result->num_rows; for ($j = 0 ; $j < $rows ; ++$j) { $result->data_seek($j); echo 'Author: ' . htmlspecialchars($result->fetch_assoc()['author']) . '<br>'; $result->data_seek($j); echo 'Title: ' . htmlspecialchars($result->fetch_assoc()['title']) . '<br>'; $result->data_seek($j); echo 'Category: ' . htmlspecialchars($result->fetch_assoc()['category']) . '<br>'; $result->data_seek($j); echo 'Year: ' . htmlspecialchars($result->fetch_assoc()['year']) . '<br>'; $result->data_seek($j); echo 'ISBN: ' . htmlspecialchars($result->fetch_assoc()['isbn']) . '<br><br>'; } $result->close(); $conn->close(); ?>
<?php //fetchrow.php require_once 'login.php'; $conn = new mysqli($hn, $un, $pw, $db); if ($conn->connect_error) die("Fatal Error"); $query = "SELECT * FROM classics"; $result = $conn->query($query); if (!$result) die("Fatal Error"); $rows = $result->num_rows; for ($j = 0 ; $j < $rows ; ++$j) { $row = $result->fetch_array(MYSQLI_ASSOC); echo 'Author: ' . htmlspecialchars($row['author']) . '<br>'; echo 'Title: ' . htmlspecialchars($row['title']) . '<br>'; echo 'Category: ' . htmlspecialchars($row['category']) . '<br>'; echo 'Year: ' . htmlspecialchars($row['year']) . '<br>'; echo 'ISBN: ' . htmlspecialchars($row['isbn']) . '<br><br>'; } $result->close(); $conn->close(); ?>