fetching_from_database.php
<?php
// connect to the database
//shaun is the username
//test1234 is the password
//ninja_pizza is the databasename
$conn = mysqli_connect('localhost', 'shaun', 'test1234', 'ninja_pizza');
// check connection
if(!$conn){
echo 'Connection error: '. mysqli_connect_error();
}
// write query for all pizzas
$sql = 'SELECT title, ingredients, id FROM pizzas ORDER BY created_at';
// get the result set (set of rows)
$result = mysqli_query($conn, $sql);
// fetch the resulting rows as an array
$pizzas = mysqli_fetch_all($result, MYSQLI_ASSOC);
// free the $result from memory (good practise)
mysqli_free_result($result);
// close connection
mysqli_close($conn);
print_r($pizzas);
?>
sql_injection.php
<?php
$email=mysqli_real_escape_string($conn,$_POST[email]);
$title=mysqli_real_escape_string($conn,$_POST[title]);
$ingredients=mysqli_real_escape_string($conn,$_POST[ingredients]);
insert_operation.php
<?php
include('config/db_connect.php');
$email = $title = $ingredients = '';
$errors = array('email' => '', 'title' => '', 'ingredients' => '');
if(isset($_POST['submit'])){
// check email
if(empty($_POST['email'])){
$errors['email'] = 'An email is required';
} else{
$email = $_POST['email'];
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$errors['email'] = 'Email must be a valid email address';
}
}
// check title
if(empty($_POST['title'])){
$errors['title'] = 'A title is required';
} else{
$title = $_POST['title'];
if(!preg_match('/^[a-zA-Z\s]+$/', $title)){
$errors['title'] = 'Title must be letters and spaces only';
}
}
// check ingredients
if(empty($_POST['ingredients'])){
$errors['ingredients'] = 'At least one ingredient is required';
} else{
$ingredients = $_POST['ingredients'];
if(!preg_match('/^([a-zA-Z\s]+)(,\s*[a-zA-Z\s]*)*$/', $ingredients)){
$errors['ingredients'] = 'Ingredients must be a comma separated list';
}
}
if(array_filter($errors)){
//echo 'errors in form';
} else {
// escape sql chars
$email = mysqli_real_escape_string($conn, $_POST['email']);
$title = mysqli_real_escape_string($conn, $_POST['title']);
$ingredients = mysqli_real_escape_string($conn, $_POST['ingredients']);
// create sql
$sql = "INSERT INTO pizzas(title,email,ingredients) VALUES('$title','$email','$ingredients')";
// save to db and check
if(mysqli_query($conn, $sql)){
// success
header('Location: index.php');
} else {
echo 'query error: '. mysqli_error($conn);
}
}
} // end POST check
?>
send_data_from_via_url.php
<?php
include('config/db_connect.php');
// write query for all pizzas
$sql = 'SELECT title, ingredients, id FROM pizzas ORDER BY created_at';
// get the result set (set of rows)
$result = mysqli_query($conn, $sql);
// fetch the resulting rows as an array
$pizzas = mysqli_fetch_all($result, MYSQLI_ASSOC);
// free the $result from memory (good practise)
mysqli_free_result($result);
// close connection
mysqli_close($conn);
?>
<!DOCTYPE html>
<html>
<?php include('templates/header.php'); ?>
<h4 class="center grey-text">Pizzas!</h4>
<div class="container">
<div class="row">
<?php foreach($pizzas as $pizza): ?>
<div class="col s6 m4">
<div class="card z-depth-0">
<div class="card-content center">
<h6><?php echo htmlspecialchars($pizza['title']); ?></h6>
<ul class="grey-text">
<?php foreach(explode(',', $pizza['ingredients']) as $ing): ?>
<li><?php echo htmlspecialchars($ing); ?></li>
<?php endforeach; ?>
</ul>
</div>
<div class="card-action right-align">
<!-- Here the data from one page is send to another page via url-->
<a class="brand-text" href="details.php?id=<?php echo $pizza['id'] ?>">more info</a>
</div>
</div>
</div>
<?php endforeach; ?>
</div>
</div>
<?php include('templates/footer.php'); ?>
</html>
fetch_single_record.php
<?php
//database conncetion
include('config/db_connect.php');
//check GET Request id parameter
//Here the id was sent from another page via url
//So we can Use GET method to get the id and make query accordingly
if(isset($_GET['id'])){
$id = mysqli_real_escape_string($conn,$_GET['id']);
//make sql
$sql="SELECT * FROM pizzas WHERE id=$id";
//get query result
$result=mysqli_query($conn,$sql);
//fetch result in array format
$pizza=mysqli_fetch_assoc($result);
//free result
mysqli_free_result($result);
//close connection
mysqli_close($conn);
// print_r($pizza);
}
?>
<!DOCTYPE html>
<html lang="en">
<?php include('templates/header.php'); ?>
<h2>Details</h2>
<?php include('templates/footer.php'); ?>
</html>