Mysql数据库php

php
阅读 91 收藏 0 点赞 0 评论 0
fetching_from_database.php 
<?php
    // connect to the database
    //shaun is the username
    //test1234 is the password
    //ninja_pizza is the databasename
    $conn = mysqli_connect('localhost', 'shaun', 'test1234', 'ninja_pizza');
    // check connection
    if(!$conn){
        echo 'Connection error: '. mysqli_connect_error();
    }
    // write query for all pizzas
    $sql = 'SELECT title, ingredients, id FROM pizzas ORDER BY created_at';
    // get the result set (set of rows)
    $result = mysqli_query($conn, $sql);
    // fetch the resulting rows as an array
    $pizzas = mysqli_fetch_all($result, MYSQLI_ASSOC);
    // free the $result from memory (good practise)
    mysqli_free_result($result);
    // close connection
    mysqli_close($conn);
    print_r($pizzas);
?>
sql_injection.php 

<?php
$email=mysqli_real_escape_string($conn,$_POST[email]);
$title=mysqli_real_escape_string($conn,$_POST[title]);
$ingredients=mysqli_real_escape_string($conn,$_POST[ingredients]);
insert_operation.php 
<?php

  include('config/db_connect.php');

  $email = $title = $ingredients = '';
  $errors = array('email' => '', 'title' => '', 'ingredients' => '');

  if(isset($_POST['submit'])){

    // check email
    if(empty($_POST['email'])){
      $errors['email'] = 'An email is required';
    } else{
      $email = $_POST['email'];
      if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
        $errors['email'] = 'Email must be a valid email address';
      }
    }

    // check title
    if(empty($_POST['title'])){
      $errors['title'] = 'A title is required';
    } else{
      $title = $_POST['title'];
      if(!preg_match('/^[a-zA-Z\s]+$/', $title)){
        $errors['title'] = 'Title must be letters and spaces only';
      }
    }

    // check ingredients
    if(empty($_POST['ingredients'])){
      $errors['ingredients'] = 'At least one ingredient is required';
    } else{
      $ingredients = $_POST['ingredients'];
      if(!preg_match('/^([a-zA-Z\s]+)(,\s*[a-zA-Z\s]*)*$/', $ingredients)){
        $errors['ingredients'] = 'Ingredients must be a comma separated list';
      }
    }

    if(array_filter($errors)){
      //echo 'errors in form';
    } else {
      // escape sql chars
      $email = mysqli_real_escape_string($conn, $_POST['email']);
      $title = mysqli_real_escape_string($conn, $_POST['title']);
      $ingredients = mysqli_real_escape_string($conn, $_POST['ingredients']);

      // create sql
      $sql = "INSERT INTO pizzas(title,email,ingredients) VALUES('$title','$email','$ingredients')";

      // save to db and check
      if(mysqli_query($conn, $sql)){
        // success
        header('Location: index.php');
      } else {
        echo 'query error: '. mysqli_error($conn);
      }


    }

  } // end POST check

?>
send_data_from_via_url.php 
<?php

    include('config/db_connect.php');

    // write query for all pizzas
    $sql = 'SELECT title, ingredients, id FROM pizzas ORDER BY created_at';

    // get the result set (set of rows)
    $result = mysqli_query($conn, $sql);

    // fetch the resulting rows as an array
    $pizzas = mysqli_fetch_all($result, MYSQLI_ASSOC);

    // free the $result from memory (good practise)
    mysqli_free_result($result);

    // close connection
    mysqli_close($conn);


?>

<!DOCTYPE html>
<html>

    <?php include('templates/header.php'); ?>

    <h4 class="center grey-text">Pizzas!</h4>

    <div class="container">
        <div class="row">

            <?php foreach($pizzas as $pizza): ?>

                <div class="col s6 m4">
                    <div class="card z-depth-0">
                        <div class="card-content center">
                            <h6><?php echo htmlspecialchars($pizza['title']); ?></h6>
                            <ul class="grey-text">
                                <?php foreach(explode(',', $pizza['ingredients']) as $ing): ?>
                                    <li><?php echo htmlspecialchars($ing); ?></li>
                                <?php endforeach; ?>
                            </ul>
                        </div>
                        <div class="card-action right-align">
                          
                          
                          <!-- Here the data from one page is send to another page via url-->
                          
                          
                            <a class="brand-text" href="details.php?id=<?php echo $pizza['id'] ?>">more info</a>
                            
                            
                            
                            
                            
                            
                            
                        </div>
                    </div>
                </div>

            <?php endforeach; ?>

        </div>
    </div>

    <?php include('templates/footer.php'); ?>

</html>
fetch_single_record.php 
<?php

//database conncetion
include('config/db_connect.php');


//check  GET Request id parameter


//Here the id was sent from another page via url 
//So we can Use GET method to get the id and make query accordingly
if(isset($_GET['id'])){

$id = mysqli_real_escape_string($conn,$_GET['id']);


//make sql
$sql="SELECT * FROM pizzas WHERE id=$id";


//get query result
$result=mysqli_query($conn,$sql);

//fetch result in array format
$pizza=mysqli_fetch_assoc($result);

//free result
mysqli_free_result($result);

//close connection
mysqli_close($conn);


// print_r($pizza);


}


 ?>
 <!DOCTYPE html>
 <html lang="en">
 <?php include('templates/header.php'); ?>

   <h2>Details</h2>

  <?php include('templates/footer.php'); ?>

 </html>
您未登录,请先登录后再评论
评论列表
文章目录


问题


面经


文章

微信
公众号

扫码关注公众号