Uploaded byElieNGOMSEU
PPTX, PDF8 views

php2.pptx

This document provides an overview of PHP classes and accessing a MySQL database using the mysqli class. It discusses defining classes with properties and methods, instantiating class objects, and interacting with class properties and methods. It also covers connecting to a MySQL database using the mysqli class, executing SQL queries to perform CRUD operations, handling query results, and closing database connections. Tips are provided around passing variables to PHP via GET and POST requests, preventing SQL injection and XSS attacks, and additional security practices.

Embed presentation

Download to read offline
PHP (Session 2) INFO 257 Supplement
Outline • PHP Classes (Brief Overview) • Accessing MySQL via the mysqli class
Classes and OOP (Basic Conceptual Overview) Class Definition (Blueprint) class dog{ //properties //methods } Define the blueprint of your own class (object) Instantiate instances of your object and use them in your program $ben = new dog; $sunny = new dog; $sugar = new dog;
Defining Classes class dog { //Properties public $name; public $breed; //Methods public function bark(){ echo $this->name . “ barked… Woof!”; } //Constructor (optional) public __construct($nameOfDog){ $this->name = $nameOfDog; } }
Working with Classes $sugar = new dog(“Sugar”); //pass “Sugar” to constructor $sugar->breed = “German Shepherd”; //set breed property equal to “German Shepherd” echo $sugar->name . “ is a “ . $sugar->breed; >>Sugar is a German Shepherd $sugar->bark(); //call the “bark” method >>sugar barked… Woof!
Mysqli Class The mysqli class is the main class you can use to: • Set up a connection to the MySQL database • Send SQL queries to the MySQL database (CRUD Operations) • Read results (if any) from the query • Check for any error connecting to or executing SQL queries on a MySQL database
Connecting to DB with Mysqli //Instantiate mysqli object & create connection $db = new mysqli(“localhost”, “username”, “password”, “database_name”); //Check for any errors connecting If($db->connect_errorno){ //There was an error connecting to the database. Put code here on what you would like to about it like… echo “Error: ” . $db->connect_error; }
Querying the DB via Mysqli (Single Query) //Construct some query (it’s just a string) $query_noresult = “INSERT INTO …”; $query_result = ‘’SELECT * FROM DIVECUST”; 2 Types of Queries PHP MySQL No Result Queries INSERT, DELETE, CREATE, etc… PHP MySQL Result Queries SELECT
No Result Queries If($db->query($query_noresult) === TRUE){ //Your query worked, yay } Note about INSERT SQL queries • You can use $db->insert_id; to retrieve the AUTO_INCREMENT ID generated for an inserted record. You do NOT need to run a separate query to get that ID value.
Result Queries if($result = $db->query($query_result)){ echo $result->num_rows; while($row = $result->fetch-array()){ echo $row[0] . “ ” . $row[‘Name’]; } $result->free(); } Returns a mysqli_result object Column or Attribute name returned from query Free up the result from memory
Result Modes You can return results in 2 ways (result modes) $db->query($query_result, MYSQLI_STORE_RESULT) • Return entire results to memory • Can use $result->data_seek(index) to jump to different rows in your result set (i.e. after you loop through the results, do $result->data_seek(0); to go to starting point to loop again) • Default (this is the executed mode if you don’t specify a “result mode”) $db->query($query_result, MYSQLI_USE_RESULT) • MySQL “spoon feeds” the rows to server running PHP each time a fetches a row • Useful if expecting a large dataset (too large to put in memory of PHP server) • Must free results in order to run another query ($result->free();)
Closing Connections When you are done using the database, make sure to close the connection… $db->close();
Demo Time DEMO Team team_id name mascot color Player player_id fname lname pic TeamPlayer team_id player_id localhost/sports/teams.php
Passing Variables to PHP (POST) <form method=“post” action=“process.php”> <input type=“text” name=“fname”/> <input type=“text” name=“lname” /> <input type=“submit” value=“Submit”/> </form> HTTP POST Request to process.php fname=Arian lname=Shams <?php $var1 = $_POST[‘fname’]; $var2 = $_POST[‘lname’]; ?> Your form html or php file The process.php file that will process the request (which could be the same as the posting file)
Passing Variable to PHP (GET) www.site.com/index.php?query=ischool&lang=en Start of query string key=value pairs Separator Note- certain characters cannot be put in the URL (such as space character). You will to “URL Encode” those special characters. For example, a space character will show up as a %20 in the URL query string. <?php $var1 = $_GET[‘query’]; $var2 = $_GET[‘lang’]; ?>
Security (SQL Injection and XSS) HTTP POST Request fname=Arian lname=SQL Code In your PHP… $query = “INSERT INTO table (fname, lname)”; $query .= “VALUES (‘{$_POST[‘fname’]}’, ‘{$_POST[‘lname’]}’);” A malicious user can submit (POST or GET) • SQL Code  SQL Injection Attack, or • HTML tags that could be anything from a form to a <script> tag  XSS Attack.
Preventing SQL Injection & XSS To prevent this, you have to sanitize your input variables and make sure you output safe HTML //Sanitize  SQL Injection $sanitized_variable = $db->real_escape_string($_POST[‘lname’]); //Output Safe HTML  XSS echo htmlspecialchars($row[‘lname’]); You can try to sanitize for HTML tags by using strip_tags($_POST[]) before you input the value into the database. Just make sure that is what you want to do…
Additional Security Tip Don’t type out the username and password when instantiating mysqli. Instead, create a special PHP file that defines certain constants outside the root of your website which you can then include and use in your PHP code. define(SQL_PASSWORD, “mypassword”);
Demo Time DEMO Constant Definitions constants.php Use of $_GET localhost/sports/team.php?id=1 Regular Posting localhost/sports/players.php Use of $_POST and INSERT localhost/sports/addPlayer-process.php Multiselect/Array Posting localhost/sports/editRoster.php?id=1 Use of $_POST arrays localhost/sports/editRoster-process.php Deleting localhost/sports/deletePlayer-process.php?id=1
Additional Notes about POSTing • If a checkbox input is not checked, that variable will NOT be passed in the POST (or GET) – Use isset() to see if a variable exists: isset($_POST[]); • POSTing an array of variables to PHP (such as a multiselect) requires you to append brackets to the name of the input type. <select multiple=“multiple” name=“mylist[]”>…
Next Time You Choose the Topic! Email me with PHP and/or database topics you would like to review and I will select the questions that seems like it would benefit the class the most. I will take the first 15 minutes to review the first two sessions but then after that the floor is open to the topics you choose.

More Related Content

PPTX
Php
bysamirlakhanistb
 
PDF
Php summary
byMichelle Darling
 
PPTX
PHP Database Programming Basics -- Northeast PHP
byDave Stokes
 
PPTX
Learn PHP Lacture2
byADARSH BHATT
 
PPTX
Php
bykhushbulakhani1
 
PPTX
7. PHP and gaghhgashgfsgajhfkhshfasMySQL.pptx
byberihun18
 
PPTX
This slide show will brief about database handling
byaverynight005
 
ODP
Php modul-3
byKristophorus Hadiono
 
Php
bysamirlakhanistb
 
Php summary
byMichelle Darling
 
PHP Database Programming Basics -- Northeast PHP
byDave Stokes
 
Learn PHP Lacture2
byADARSH BHATT
 
Php
bykhushbulakhani1
 
7. PHP and gaghhgashgfsgajhfkhshfasMySQL.pptx
byberihun18
 
This slide show will brief about database handling
byaverynight005
 
Php modul-3
byKristophorus Hadiono
 

Similar to php2.pptx

PPT
PHP - Introduction to PHP Date and Time Functions
byVibrant Technologies & Computers
 
PPT
P H P Part I I, By Kian
byphelios
 
PPTX
Database Connectivity in PHP
byTaha Malampatti
 
PPT
Intro to php
bySp Singh
 
PPTX
PHP_Database_Connectivity,connecting to mysql database,executing sql queries ...
byananthabtech2008
 
PPT
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
bywebhostingguy
 
PPT
PHP MySQL
byMd. Sirajus Salayhin
 
PPSX
Php session
byargusacademy
 
PPTX
Note of Web Tech mysql for Bicte third sem.pptx
byericmalla
 
PPT
Download It
bywebhostingguy
 
PPT
Synapse india reviews on php and sql
bysaritasingh19866
 
PPTX
3 php-connect-to-my sql
byAchchuthan Yogarajah
 
PPT
Migrating from PHP 4 to PHP 5
byJohn Coggeshall
 
PPT
Open Source Package Php Mysql 1228203701094763 9
byisadorta
 
PPT
Open Source Package PHP & MySQL
bykalaisai
 
PDF
Php my sql programing - brochure
byZabeel Institute
 
PPTX
3-Chapter-Edit.pptx debre tabour university
byalemunuruhak9
 
PPTX
Php with mysql ppt
byRajamanickam Gomathijayam
 
PDF
Connecting_to_Database(MySQL)_in_PHP (3).pdf
byAaripunishabeeAR
 
PPT
PHP and MySQL
bywebhostingguy
 
PHP - Introduction to PHP Date and Time Functions
byVibrant Technologies & Computers
 
P H P Part I I, By Kian
byphelios
 
Database Connectivity in PHP
byTaha Malampatti
 
Intro to php
bySp Singh
 
PHP_Database_Connectivity,connecting to mysql database,executing sql queries ...
byananthabtech2008
 
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
bywebhostingguy
 
PHP MySQL
byMd. Sirajus Salayhin
 
Php session
byargusacademy
 
Note of Web Tech mysql for Bicte third sem.pptx
byericmalla
 
Download It
bywebhostingguy
 
Synapse india reviews on php and sql
bysaritasingh19866
 
3 php-connect-to-my sql
byAchchuthan Yogarajah
 
Migrating from PHP 4 to PHP 5
byJohn Coggeshall
 
Open Source Package Php Mysql 1228203701094763 9
byisadorta
 
Open Source Package PHP & MySQL
bykalaisai
 
Php my sql programing - brochure
byZabeel Institute
 
3-Chapter-Edit.pptx debre tabour university
byalemunuruhak9
 
Php with mysql ppt
byRajamanickam Gomathijayam
 
Connecting_to_Database(MySQL)_in_PHP (3).pdf
byAaripunishabeeAR
 
PHP and MySQL
bywebhostingguy
 

More from ElieNGOMSEU

PPTX
architecture de l'oridinateur, comprendre le pc
byElieNGOMSEU
 
PDF
comment installer le cms wordpress en details
byElieNGOMSEU
 
PPTX
techniques de routage des reseaux en informatique
byElieNGOMSEU
 
PPTX
Module_1_-_Architecture_Ordinateur_2-2_4.pptx
byElieNGOMSEU
 
PPT
Introduction.ppt
byElieNGOMSEU
 
PPT
Session2.ppt
byElieNGOMSEU
 
PPT
php tutorial.ppt
byElieNGOMSEU
 
PPT
php_postgresql.ppt
byElieNGOMSEU
 
architecture de l'oridinateur, comprendre le pc
byElieNGOMSEU
 
comment installer le cms wordpress en details
byElieNGOMSEU
 
techniques de routage des reseaux en informatique
byElieNGOMSEU
 
Module_1_-_Architecture_Ordinateur_2-2_4.pptx
byElieNGOMSEU
 
Introduction.ppt
byElieNGOMSEU
 
Session2.ppt
byElieNGOMSEU
 
php tutorial.ppt
byElieNGOMSEU
 
php_postgresql.ppt
byElieNGOMSEU
 

Recently uploaded

PPTX
ME3592 - Metrology and Measurements - Unit - 1 - Lecture Notes
bypprakash21252
 
PDF
Microcontroller Notes Final 2016 April june.pdf
bypmuiruri768
 
PPTX
This Bearing Didn’t Fail Suddenly — How Vibration Data Predicts Failure Month...
byMaintWiz Technologies Private Limited
 
PPTX
unit v awp IN ANTENNA AND WAVE PROP IN JNTUH
byTCEKPEDDAPALLI
 
PPTX
Batch-1(End Semester) Student Of Shree Durga Tech. PPT.pptx
byrashesw1122s
 
PPTX
Optimum mesh size for various fishing gears by B2B.pptx
byB. BHASKAR
 
PDF
Role of Training and Development in Enhancing Safety Performance in Opencast ...
byRathin Biswas
 
PDF
Computer Network Lab Manual ssit -kavya r.pdf or Computer Network Lab Manual ...
bykavya R
 
PDF
Rajesh Prasad- Brief Profile with educational, professional highlights
byRajesh Prasad
 
PDF
Microeconomics Theory and Market Structure.pdf
byMahmoodKhalid11
 
PPTX
INTEGRATED COMMUNICATION AND SENSING Presentation.pptx
byNanaAgyeman13
 
PPTX
Why Most SAP PM Implementations Fail — And How High-Reliability Plants Fix It
byMaintWiz Technologies Private Limited
 
PDF
AWS Re:Invent 2025 Recap by FivexL - Guilherme, Vladimir, Andrey
byAndrey Devyatkin
 
PDF
Weak Incentives (WINK): The Agent Definition Layer
byAndrei Savu
 
PDF
PROBLEM SLOVING AND PYTHON PROGRAMMING UNIT 3.pdf
byA R SIVANESH M.E., QIP-PG (Cyber Security)., (Ph.D)
 
PDF
(en/zhTW) Heterogeneous System Architecture: Design & Performance
byDanny Jiang
 
PPTX
Every Plant Has a Weak Link: How AI CMMS Exposes Hidden Reliability Risks
byMaintWiz Technologies Private Limited
 
PDF
Plasticity and Structure of Soil/Atterberg Limits.pdf
byMahmoodKhalid11
 
PDF
NS unit wise unit wise 1 -5 so prepare,.
bykumaransudhan1512
 
PDF
engineering management chapter 5 ppt presentation
byericaangelatoledo06
 
ME3592 - Metrology and Measurements - Unit - 1 - Lecture Notes
bypprakash21252
 
Microcontroller Notes Final 2016 April june.pdf
bypmuiruri768
 
This Bearing Didn’t Fail Suddenly — How Vibration Data Predicts Failure Month...
byMaintWiz Technologies Private Limited
 
unit v awp IN ANTENNA AND WAVE PROP IN JNTUH
byTCEKPEDDAPALLI
 
Batch-1(End Semester) Student Of Shree Durga Tech. PPT.pptx
byrashesw1122s
 
Optimum mesh size for various fishing gears by B2B.pptx
byB. BHASKAR
 
Role of Training and Development in Enhancing Safety Performance in Opencast ...
byRathin Biswas
 
Computer Network Lab Manual ssit -kavya r.pdf or Computer Network Lab Manual ...
bykavya R
 
Rajesh Prasad- Brief Profile with educational, professional highlights
byRajesh Prasad
 
Microeconomics Theory and Market Structure.pdf
byMahmoodKhalid11
 
INTEGRATED COMMUNICATION AND SENSING Presentation.pptx
byNanaAgyeman13
 
Why Most SAP PM Implementations Fail — And How High-Reliability Plants Fix It
byMaintWiz Technologies Private Limited
 
AWS Re:Invent 2025 Recap by FivexL - Guilherme, Vladimir, Andrey
byAndrey Devyatkin
 
Weak Incentives (WINK): The Agent Definition Layer
byAndrei Savu
 
PROBLEM SLOVING AND PYTHON PROGRAMMING UNIT 3.pdf
byA R SIVANESH M.E., QIP-PG (Cyber Security)., (Ph.D)
 
(en/zhTW) Heterogeneous System Architecture: Design & Performance
byDanny Jiang
 
Every Plant Has a Weak Link: How AI CMMS Exposes Hidden Reliability Risks
byMaintWiz Technologies Private Limited
 
Plasticity and Structure of Soil/Atterberg Limits.pdf
byMahmoodKhalid11
 
NS unit wise unit wise 1 -5 so prepare,.
bykumaransudhan1512
 
engineering management chapter 5 ppt presentation
byericaangelatoledo06
 

php2.pptx

  • 1.
  • 2.
    Outline • PHP Classes(Brief Overview) • Accessing MySQL via the mysqli class
  • 3.
    Classes and OOP (BasicConceptual Overview) Class Definition (Blueprint) class dog{ //properties //methods } Define the blueprint of your own class (object) Instantiate instances of your object and use them in your program $ben = new dog; $sunny = new dog; $sugar = new dog;
  • 4.
    Defining Classes class dog{ //Properties public $name; public $breed; //Methods public function bark(){ echo $this->name . “ barked… Woof!”; } //Constructor (optional) public __construct($nameOfDog){ $this->name = $nameOfDog; } }
  • 5.
    Working with Classes $sugar= new dog(“Sugar”); //pass “Sugar” to constructor $sugar->breed = “German Shepherd”; //set breed property equal to “German Shepherd” echo $sugar->name . “ is a “ . $sugar->breed; >>Sugar is a German Shepherd $sugar->bark(); //call the “bark” method >>sugar barked… Woof!
  • 6.
    Mysqli Class The mysqliclass is the main class you can use to: • Set up a connection to the MySQL database • Send SQL queries to the MySQL database (CRUD Operations) • Read results (if any) from the query • Check for any error connecting to or executing SQL queries on a MySQL database
  • 7.
    Connecting to DBwith Mysqli //Instantiate mysqli object & create connection $db = new mysqli(“localhost”, “username”, “password”, “database_name”); //Check for any errors connecting If($db->connect_errorno){ //There was an error connecting to the database. Put code here on what you would like to about it like… echo “Error: ” . $db->connect_error; }
  • 8.
    Querying the DBvia Mysqli (Single Query) //Construct some query (it’s just a string) $query_noresult = “INSERT INTO …”; $query_result = ‘’SELECT * FROM DIVECUST”; 2 Types of Queries PHP MySQL No Result Queries INSERT, DELETE, CREATE, etc… PHP MySQL Result Queries SELECT
  • 9.
    No Result Queries If($db->query($query_noresult)=== TRUE){ //Your query worked, yay } Note about INSERT SQL queries • You can use $db->insert_id; to retrieve the AUTO_INCREMENT ID generated for an inserted record. You do NOT need to run a separate query to get that ID value.
  • 10.
    Result Queries if($result =$db->query($query_result)){ echo $result->num_rows; while($row = $result->fetch-array()){ echo $row[0] . “ ” . $row[‘Name’]; } $result->free(); } Returns a mysqli_result object Column or Attribute name returned from query Free up the result from memory
  • 11.
    Result Modes You canreturn results in 2 ways (result modes) $db->query($query_result, MYSQLI_STORE_RESULT) • Return entire results to memory • Can use $result->data_seek(index) to jump to different rows in your result set (i.e. after you loop through the results, do $result->data_seek(0); to go to starting point to loop again) • Default (this is the executed mode if you don’t specify a “result mode”) $db->query($query_result, MYSQLI_USE_RESULT) • MySQL “spoon feeds” the rows to server running PHP each time a fetches a row • Useful if expecting a large dataset (too large to put in memory of PHP server) • Must free results in order to run another query ($result->free();)
  • 12.
    Closing Connections When youare done using the database, make sure to close the connection… $db->close();
  • 13.
  • 14.
    Passing Variables toPHP (POST) <form method=“post” action=“process.php”> <input type=“text” name=“fname”/> <input type=“text” name=“lname” /> <input type=“submit” value=“Submit”/> </form> HTTP POST Request to process.php fname=Arian lname=Shams <?php $var1 = $_POST[‘fname’]; $var2 = $_POST[‘lname’]; ?> Your form html or php file The process.php file that will process the request (which could be the same as the posting file)
  • 15.
    Passing Variable toPHP (GET) www.site.com/index.php?query=ischool&lang=en Start of query string key=value pairs Separator Note- certain characters cannot be put in the URL (such as space character). You will to “URL Encode” those special characters. For example, a space character will show up as a %20 in the URL query string. <?php $var1 = $_GET[‘query’]; $var2 = $_GET[‘lang’]; ?>
  • 16.
    Security (SQL Injectionand XSS) HTTP POST Request fname=Arian lname=SQL Code In your PHP… $query = “INSERT INTO table (fname, lname)”; $query .= “VALUES (‘{$_POST[‘fname’]}’, ‘{$_POST[‘lname’]}’);” A malicious user can submit (POST or GET) • SQL Code  SQL Injection Attack, or • HTML tags that could be anything from a form to a <script> tag  XSS Attack.
  • 17.
    Preventing SQL Injection& XSS To prevent this, you have to sanitize your input variables and make sure you output safe HTML //Sanitize  SQL Injection $sanitized_variable = $db->real_escape_string($_POST[‘lname’]); //Output Safe HTML  XSS echo htmlspecialchars($row[‘lname’]); You can try to sanitize for HTML tags by using strip_tags($_POST[]) before you input the value into the database. Just make sure that is what you want to do…
  • 18.
    Additional Security Tip Don’ttype out the username and password when instantiating mysqli. Instead, create a special PHP file that defines certain constants outside the root of your website which you can then include and use in your PHP code. define(SQL_PASSWORD, “mypassword”);
  • 19.
    Demo Time DEMO Constant Definitionsconstants.php Use of $_GET localhost/sports/team.php?id=1 Regular Posting localhost/sports/players.php Use of $_POST and INSERT localhost/sports/addPlayer-process.php Multiselect/Array Posting localhost/sports/editRoster.php?id=1 Use of $_POST arrays localhost/sports/editRoster-process.php Deleting localhost/sports/deletePlayer-process.php?id=1
  • 20.
    Additional Notes aboutPOSTing • If a checkbox input is not checked, that variable will NOT be passed in the POST (or GET) – Use isset() to see if a variable exists: isset($_POST[]); • POSTing an array of variables to PHP (such as a multiselect) requires you to append brackets to the name of the input type. <select multiple=“multiple” name=“mylist[]”>…
  • 21.
    Next Time You Choosethe Topic! Email me with PHP and/or database topics you would like to review and I will select the questions that seems like it would benefit the class the most. I will take the first 15 minutes to review the first two sessions but then after that the floor is open to the topics you choose.