Unit-5

Database programming with PHP and MySQL

What is a Database?

A database is a separate application that stores a collection of data. Each database has
one or more distinct APIs for creating, accessing, managing, searching, and replicating
the data it holds.

Other kinds of data stores can also be used, such as files on the file system or large hash
tables in memory but data fetching and writing would not be so fast and easy with those
types of systems.

Nowadays, we use relational database management systems (RDBMS) to store and

manage a huge volume of data. This is called a relational database because all the data
is stored into different tables and relations are established using primary keys or other
keys known as Foreign Keys.

A Relational DataBase Management System (RDBMS) is a software that −

● Enables you to implement a database with tables, columns and indexes.

● Guarantees the Referential Integrity between rows of various tables.
● Updates the indexes automatically.
● Interprets an SQL query and combines information from various tables.

RDBMS Terminology

Before we proceed to explain the MySQL database system, let us revise a few
definitions related to the database.

● Database − A database is a collection of tables, with related data.

● Table − A table is a matrix with data. A table in a database looks like a simple
spreadsheet.
● Column − One column (data element) contains data of one and the same kind, for
example the column postcode.
● Row − A row (= tuple, entry or record) is a group of related data, for example the
data of one subscription.
● Redundancy − Storing data twice, redundantly to make the system faster.
Primary Key − A primary key is unique. A key value can not occur twice in onetable.
With a key, you can only find one row.
● Foreign Key − A foreign key is the linking pin between two tables.
● Compound Key − A compound key (composite key) is a key that consists of
multiple columns, because one column is not sufficiently unique.
● Index − An index in a database resembles an index at the back of a book.
● Referential Integrity − Referential Integrity makes sure that a foreign key value
always points to an existing row.

MySQL Database

MySQL is a fast, easy-to-use RDBMS being used for many small and big businesses.
MySQL is developed, marketed and supported by MySQL AB, which is a Swedish
company. MySQL is becoming so popular because of many good reasons −

● MySQL is released under an open-source license. So you have nothing to pay to

use it.
● MySQL is a very powerful program in its own right. It handles a large subset of
the functionality of the most expensive and powerful database packages.
● MySQL uses a standard form of the well-known SQL data language.
● MySQL works on many operating systems and with many languages including
PHP, PERL, C, C++, JAVA, etc.
● MySQL works very quickly and works well even with large data sets.
● MySQL is very friendly to PHP, the most appreciated language for web
development.
● MySQL supports large databases, up to 50 million rows or more in a table. The
default file size limit for a table is 4GB, but you can increase this (if your
operating system can handle it) to a theoretical limit of 8 million terabytes (TB).
● MySQL is customizable. The open-source GPL license allows programmers to
modify the MySQL software to fit their own specific environments.

All downloads for MySQL are located at MySQL Downloads. Pick the version number
of MySQL Community Server which is required along with the platform you will be
running it on.
Installing MySQL on Linux/UNIX

The recommended way to install MySQL on a Linux system is via RPM. MySQL AB
makes the following RPMs available for download on its website −

● MySQL − The MySQL database server manages the databases and tables,
controls user access and processes the SQL queries.
● MySQL-client − MySQL client programs, which make it possible to connect to
and interact with the server.
● MySQL-devel − Libraries and header files that come in handy when compiling
other programs that use MySQL.
● MySQL-shared − Shared libraries for the MySQL client.
● MySQL-bench − Benchmark and performance testing tools for the MySQL
database server.

The MySQL RPMs listed here are all built on a SuSE Linux system, but they will
usually work on other Linux variants with no difficulty.

Now, you will need to adhere to the steps given below, to proceed with the installation
−

● Login to the system using the root user.

● Switch to the directory containing the RPMs.
● Install the MySQL database server by executing the following command.
Remember to replace the filename in italics with the file name of your RPM.
[root@host]# rpm -i MySQL-5.0.9-0.i386.rpm

The above command takes care of installing the MySQL server, creating a user of
MySQL, creating necessary configuration and starting the MySQL server automatically.

You can find all the MySQL related binaries in /usr/bin and /usr/sbin. All the tables and
databases will be created in the /var/lib/mysql directory.

The following code box has an optional but recommended step to install the remaining
RPMs in the same manner −

[root@host]# rpm -i MySQL-client-5.0.9-0.i386.rpm

[root@host]# rpm -i MySQL-devel-5.0.9-0.i386.rpm
[root@host]# rpm -i MySQL-shared-5.0.9-0.i386.rpm
[root@host]# rpm -i MySQL-bench-5.0.9-0.i386.rpm

Installing MySQL on Windows

The default installation on any version of Windows is now much easier than it used to
be, as MySQL now comes neatly packaged with an installer. Simply download the
installer package, unzip it anywhere and run the setup.exe file.

The default installer setup.exe will walk you through the trivial process and by default
will install everything under C:\mysql.

Test the server by firing it up from the command prompt the first time. Go to the location
of the mysqld server which is probably C:\mysql\bin, and type −

mysqld.exe --console

NOTE − If you are on NT, then you will have to use mysqld-nt.exe instead of mysqld.exe

If all went well, you will see some messages about startup and InnoDB. If not, you may
have a permissions issue. Make sure that the directory that holds your data is accessible
to whatever user (probably MySQL) the database processes run under.

MySQL will not add itself to the start menu, and there is no particularly nice GUI way
to stop the server either. Therefore, if you tend to start the server by double clicking the
mysqld executable, you should remember to halt the process by hand by using
mysqladmin, Task List, Task Manager, or other Windows-specific means.

Verifying MySQL Installation

After MySQL has been successfully installed, the base tables have been initialized and
the server has been started: you can verify that everything is working as it should be via
some simple tests.

Use the mysqladmin Utility to Obtain Server Status

Use mysqladmin binary to check the server version. This binary would be available in
/usr/bin on linux and in C:\mysql\bin on windows.

[root@host]# mysqladmin --version

It will produce the following result on Linux. It may vary depending on your
installation −

mysqladmin Ver 8.23 Distrib 5.0.9-0, for redhat-linux-gnu on i386

If you do not get such a message, then there may be some problem in your installation
and you would need some help to fix it.

Execute simple SQL commands using the MySQL Client

You can connect to your MySQL server through the MySQL client and by using the
mysql command. At this moment, you do not need to give any password as by default
it will be set as blank.

You can just use following command −

[root@host]# mysql

It should be rewarded with a mysql> prompt. Now, you are connected to the MySQL
server and you can execute all the SQL commands at the mysql> prompt as follows −

mysql> SHOW DATABASES;

+----------+
| Database |
+----------+
| mysql |
| test |
+----------+
2 rows in set (0.13 sec)

Post-installation Steps

MySQL ships with a blank password for the root MySQL user. As soon as you have
successfully installed the database and the client, you need to set a root password as
given in the following code block −
[root@host]# mysqladmin -u root password "new_password";

Now to make a connection to your MySQL server, you would have to use the
following command −

[root@host]# mysql -u root -p

Enter password:*******

UNIX users will also want to put your MySQL directory in your PATH, so you won't
have to keep typing out the full path everytime you want to use the command-line client.

For bash, it would be something like −

export PATH = $PATH:/usr/bin:/usr/sbin

Running MySQL at Boot Time

If you want to run the MySQL server at boot time, then make sure you have the
following entry in the /etc/rc.local file.

/etc/init.d/mysqld start

Also,you should have the mysqld binary in the /etc/init.d/ directory.

MySQL - Administration

Running and Shutting down MySQL Server

First check if your MySQL server is running or not. You can use the following
command to check it −

ps -ef | grep mysqld

If your MySql is running, then you will see the mysqld process listed out in your result.
If server is not running, then you can start it by using the following command −

root@host# cd /usr/bin
./safe_mysqld &

Now, if you want to shut down an already running MySQL server, then you can do it
by using the following command −

root@host# cd /usr/bin
./mysqladmin -u root -p shutdown
Enter password: ******

Setting Up a MySQL User Account

For adding a new user to MySQL, you just need to add a new entry to the user table in
the database mysql.

The following program is an example of adding a new user guest with SELECT,
INSERT and UPDATE privileges with the password guest123; the SQL query is −

root@host# mysql -u root -p

Enter password:*******
mysql> use mysql;
Database changed

mysql> INSERT INTO user

(host, user, password,
select_priv, insert_priv, update_priv)
VALUES ('localhost', 'guest',
PASSWORD('guest123'), 'Y', 'Y', 'Y');
Query OK, 1 row affected (0.20 sec)

mysql> FLUSH PRIVILEGES;

Query OK, 1 row affected (0.01 sec)

mysql> SELECT host, user, password FROM user WHERE user = 'guest';
+-----------+---------+------------------+
| host | user | password |
+-----------+---------+------------------+
| localhost | guest | 6f8c114b58f2ce9e |
+-----------+---------+------------------+
1 row in set (0.00 sec)

When adding a new user, remember to encrypt the new password using the
PASSWORD() function provided by MySQL. As you can see in the above example, the
password mypass is encrypted to 6f8c114b58f2ce9e.

Notice the FLUSH PRIVILEGES statement. This tells the server to reload the grant tables.
If you don't use it, then you won't be able to connect to MySQL using the new user
account at least until the server is rebooted.

You can also specify other privileges to a new user by setting the values of following
columns in the user table to 'Y' when executing the INSERT query or you can update
them later using an UPDATE query.

● Select_priv
● Insert_priv
● Update_priv
● Delete_priv
● Create_priv
● Drop_priv
● Reload_priv
● Shutdown_priv
● Process_priv
● File_priv
● Grant_priv
● References_priv
● Index_priv
● Alter_priv

Another way of adding a user account is by using GRANT SQL command. The
following example will add user zara with password zara123 for a particular database,
which is named as TUTORIALS.

root@host# mysql -u root -p password;

Enter password:*******
mysql> use mysql;
Database changed

mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP

-> ON TUTORIALS.*
-> TO 'zara'@'localhost'
-> IDENTIFIED BY 'zara123';

This will also create an entry in the MySQL database table called as user.

NOTE − MySQL does not terminate a command until you give a semicolon (;) at the
end of the SQL command.

The /etc/my.cnf File Configuration

In most of the cases, you should not touch this file. By default, it will have the
following entries −

[mysqld]
datadir = /var/lib/mysql
socket = /var/lib/mysql/mysql.sock

[mysql.server]
user = mysql
basedir = /var/lib

[safe_mysqld]
err-log = /var/log/mysqld.log
pid-file = /var/run/mysqld/mysqld.pid

Here, you can specify a different directory for the error log, otherwise you should not
change any entry in this table.

Administrative MySQL Command

Here is the list of the important MySQL commands, which you will use time to time to
work with MySQL database −
 ● USE Databasename − This will be used to select a database in the MySQL work
area.
● SHOW DATABASES − Lists out the databases that are accessible by the MySQL
DBMS.
● SHOW TABLES − Shows the tables in the database once a database has been
selected with the use command.
● SHOW COLUMNS FROM tablename: Shows the attributes, types of attributes,
key information, whether NULL is permitted, defaults, and other information for
a table.
● SHOW INDEX FROM tablename − Presents the details of all indexes on the table,
including the PRIMARY KEY.
● SHOW TABLE STATUS LIKE table name\G − Reports details of the MySQL
DBMS performance and statistics.

MySQL - PHP Syntax

MySQL works very well in combination with various programming languages like
PERL, C, C++, JAVA and PHP. Out of these languages, PHP is the most popular one
because of its web application development capabilities.

PHP provides various functions to access the MySQL database and to manipulate the
data records inside the MySQL database. You would require to call the PHP functions
in the same way you call any other PHP function.

The PHP functions for use with MySQL have the following general format −

mysql_function(value,value,...);

The second part of the function name is specific to the function, usually a word that
describes what the function does. The following are two of the functions, which we will
use in our tutorial −

mysqli_connect($connect);
mysqli_query($connect,"SQL statement");
The following example shows a generic syntax of PHP to call any MySQL function.
<html>
<head>
<title>PHP with MySQL</title>
</head>

<body>
<?php
$retval = mysql_function(value, [value,...]);
if( !$retval ) {
die ( "Error: a related error message" );
}
// Otherwise MySQL or PHP Statements
?>
</body>
</html>

MySQL - Connection

MySQL Connection Using MySQL Binary

You can establish the MySQL database using the mysql binary at the command
prompt.

Example

Here is a simple example to connect to the MySQL server from the command prompt −

[root@host]# mysql -u root -p

Enter password:******

This will give you the mysql> command prompt where you will be able to execute any
SQL command. Following is the result of above command −

The following code block shows the result of above code −

Welcome to the MySQL monitor. Commands end with ; or \g.

Your MySQL connection id is 2854760 to server version: 5.0.9
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

In the above example, we have used root as a user but you can use any other user as
well. Any user will be able to perform all the SQL operations, which are allowed to that
user.

You can disconnect from the MySQL database any time using the exit command at
mysql> prompt.

mysql> exit
Bye

MySQL Connection Using PHP Script

PHP provides mysql_connect() function to open a database connection. This function

takes five parameters and returns a MySQL link identifier on success or FALSE on
failure.

Syntax
connection mysql_connect(server,user,password,new_link,client_flag);

Sr.No. Parameter & Description

1 server

Optional − The host name running the database server. If not specified,
then the default value will be localhost:3306.

2 user

Optional − The username accessing the database. If not specified, then the
default will be the name of the user that owns the server process.
 3 passwd

Optional − The password of the user accessing the database. If not

specified, then the default will be an empty password.

4 new_link

Optional − If a second call is made to mysql_connect() with the same

arguments, no new connection will be established; instead, the identifier of
the already opened connection will be returned.

5 client_flags

Optional − A combination of the following constants −

● MYSQL_CLIENT_SSL − Use SSL encryption.

● MYSQL_CLIENT_COMPRESS − Use compression protocol.
● MYSQL_CLIENT_IGNORE_SPACE − Allow space after function
names.
● MYSQL_CLIENT_INTERACTIVE − Allow interactive timeout
seconds of inactivity before closing the connection.

You can disconnect from the MySQL database anytime using another PHP function
mysql_close(). This function takes a single parameter, which is a connection returned by
the mysql_connect() function.

Syntax
bool mysql_close ( resource $link_identifier );

If a resource is not specified, then the last opened database is closed. This function
returns true if it closes the connection successfully otherwise it returns false.
Example

Try the following example to connect to a MySQL server −

<html>
<head>
<title>Connecting MySQL Server</title>
</head>
<body>
<?php
$dbhost = 'localhost:3306';
$dbuser = 'guest';
$dbpass = 'guest123';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);

if(! $conn ) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_close($conn);
?>
</body>
</html>

MySQL - Create Database

Create Database Using mysqladmin

You would need special privileges to create or to delete a MySQL database. So assuming
you have access to the root user, you can create any database using the mysql
mysqladmin binary.

Example

Here is a simple example to create a database called TUTORIALS −

[root@host]# mysqladmin -u root -p create TUTORIALS

Enter password:******

This will create a MySQL database called TUTORIALS.

Create a Database using PHP Script

PHP uses mysql_query function to create or delete a MySQL database. This function
takes two parameters and returns TRUE on success or FALSE on failure.

Syntax
bool mysql_query( sql, connection );

Sr.No. Parameter & Description

1 sql

Required - SQL query to create or delete a MySQL database

2 connection

Optional - if not specified, then the last opened connection by

mysql_connect will be used.

Example

The following example to create a database −

<html>
<head>
<title>Creating MySQL Database</title>
</head>

<body>
<?php
$dbhost = 'localhost:3036';
$dbuser = 'root';
$dbpass = 'rootpassword';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);

if(! $conn ) {
 die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully<br />';
$sql = 'CREATE DATABASE TUTORIALS';
$retval = mysql_query( $sql, $conn );

if(! $retval ) {
die('Could not create database: ' . mysql_error());
}
echo "Database TUTORIALS created successfully\n";
mysql_close($conn);
?>
</body>
</html>

Drop MySQL Database

Drop a Database using mysqladmin

You would need special privileges to create or to delete a MySQL database. So, assuming
you have access to the root user, you can create any database using the mysql
mysqladmin binary.

Be careful while deleting any database because you will lose all the data available in
your database.

[root@host]# mysqladmin -u root -p drop TUTORIALS

Enter password:******

This will give you a warning and it will confirm if you really want to delete this
database or not.

Dropping the database is potentially a very bad thing to do.

Any data stored in the database will be destroyed.

Do you really want to drop the 'TUTORIALS' database [y/N] y

Database "TUTORIALS" dropped
Drop Database using PHP Script

PHP uses mysql_query function to create or delete a MySQL database. This function
takes two parameters and returns TRUE on success or FALSE on failure.

Syntax
bool mysql_query( sql, connection );

Sr.N Parameter & Description

o

1 sql

Required − SQL query to create or delete a MySQL database

2 connection

Optional − if not specified, then the last opened connection by mysql_connect

will be used.

Example
<html>
<head>
<title>Deleting MySQL Database</title>
</head>

<body>
<?php
$dbhost = 'localhost:3036';
$dbuser = 'root';
$dbpass = 'rootpassword';
 $conn = mysql_connect($dbhost, $dbuser, $dbpass);

if(! $conn ) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully<br />';
$sql = 'DROP DATABASE TUTORIALS';
$retval = mysql_query( $sql, $conn );

if(! $retval ) {
die('Could not delete database: ' . mysql_error());
}
echo "Database TUTORIALS deleted successfully\n";
mysql_close($conn);
?>
</body>
</html>
WARNING − While deleting a database using the PHP script, it does not prompt you
for any confirmation. So be careful while deleting a MySQL database.

Selecting MySQL Database

Once you get connected with the MySQL server, it is required to select a database to
work with. This is because there might be more than one database available with the
MySQL Server.

Selecting MySQL Database from the Command Prompt

It is very simple to select a database from the mysql> prompt. You can use the SQL
command used to select a database.

Example

Here is an example to select a database called TUTORIALS −

[root@host]# mysql -u root -p

Enter password:******
mysql> use TUTORIALS;
Database changed
mysql>

Now, you have selected the TUTORIALS database and all the subsequent operations
will be performed on the TUTORIALS database.

NOTE − All the database names, table names, table fields names are case sensitive. So
you would have to use the proper names while giving any SQL command.

Selecting a MySQL Database Using PHP Script

PHP provides a function mysql_select_db to select a database. It returns TRUE on

success or FALSE on failure.

Syntax
bool mysql_select_db( db_name, connection );

Sr.N Parameter & Description

o.

1 db_name

Required − MySQL Database name to be selected

2 connection

Optional − if not specified, then the last opened connection by mysql_connect

will be used.

Example
<html>
<head>
<title>Selecting MySQL Database</title>
 </head>

<body>
<?php
$dbhost = 'localhost:3036';
$dbuser = 'guest';
$dbpass = 'guest123';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn ) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_select_db( 'TUTORIALS' );
mysql_close($conn);
?>
</body>
</html>
PHP MySQL Create Table

A database table has its own unique name and consists of columns and rows.

Create a MySQL Table Using MySQLi and PDO

The CREATE TABLE statement is used to create a table in MySQL.

We will create a table named "MyGuests", with five columns: "id", "firstname",
"lastname", "email" and "reg_date":

CREATE TABLE MyGuests (

id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
firstname VARCHAR(30) NOT NULL,
lastname VARCHAR(30) NOT NULL,
email VARCHAR(50),
reg_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE
CURRENT_TIMESTAMP
)

After the data type, you can specify other optional attributes for each column:
 ● NOT NULL - Each row must contain a value for that column, null values are not
allowed
● DEFAULT value - Set a default value that is added when no other value is passed
● UNSIGNED - Used for number types, limits the stored data to positive numbers
and zero
● AUTO INCREMENT - MySQL automatically increases the value of the field by 1
each time a new record is added
● PRIMARY KEY - Used to uniquely identify the rows in a table. The column with
PRIMARY KEY setting is often an ID number, and is often used with
AUTO_INCREMENT

Each table should have a primary key column (in this case: the "id" column). Its value
must be unique for each record in the table.

The following examples shows how to create the table in PHP:

Example (MySQLi Object-oriented)

<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}

// sql to create table

$sql = "CREATE TABLE MyGuests (
id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
firstname VARCHAR(30) NOT NULL,
lastname VARCHAR(30) NOT NULL,
email VARCHAR(50),
reg_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE
CURRENT_TIMESTAMP
)";
if ($conn->query($sql) === TRUE) {
echo "Table MyGuests created successfully";
} else {
echo "Error creating table: " . $conn->error;
}

$conn->close();
?>

Example (MySQLi Procedural)

<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";

// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}

// sql to create table

$sql = "CREATE TABLE MyGuests (
id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
firstname VARCHAR(30) NOT NULL,
lastname VARCHAR(30) NOT NULL,
email VARCHAR(50),
reg_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE
CURRENT_TIMESTAMP
)";

if (mysqli_query($conn, $sql)) {
echo "Table MyGuests created successfully";
} else {
echo "Error creating table: " . mysqli_error($conn);
}

mysqli_close($conn);
?>

Example (PDO)
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDBPDO";

try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username,
$password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

// sql to create table

$sql = "CREATE TABLE MyGuests (
id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
firstname VARCHAR(30) NOT NULL,
lastname VARCHAR(30) NOT NULL,
email VARCHAR(50),
reg_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE
CURRENT_TIMESTAMP
)";

// use exec() because no results are returned

$conn->exec($sql);
echo "Table MyGuests created successfully";
} catch(PDOException $e) {
echo $sql . "<br>" . $e->getMessage();
}

$conn = null;
?>
PHP MySQL Insert Data

After a database and a table have been created, we can start adding data in them.

Here are some syntax rules to follow:

● The SQL query must be quoted in PHP

● String values inside the SQL query must be quoted
● Numeric values must not be quoted
● The word NULL must not be quoted

The INSERT INTO statement is used to add new records to a MySQL table:
 INSERT INTO table_name (column1, column2, column3,...)
VALUES (value1, value2, value3,...)

To learn more about SQL, please visit our SQL tutorial.

In the previous chapter we created an empty table named "MyGuests" with five
columns: "id", "firstname", "lastname", "email" and "reg_date". Now, let us fill the table
with data.

Note: If a column is AUTO_INCREMENT (like the "id" column) or TIMESTAMP with

default update of current_timesamp (like the "reg_date" column), it is no need to be
specified in the SQL query; MySQL will automatically add the value.

he following examples add a new record to the "MyGuests" table:

Example (MySQLi Object-oriented)

<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}

$sql = "INSERT INTO MyGuests (firstname, lastname, email)

VALUES ('John', 'Doe', '[email protected]')";

if ($conn->query($sql) === TRUE) {

echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();
?>
 PHP MySQL Select Data

Select Data From a MySQL Database

The SELECT statement is used to select data from one or more tables:

SELECT column_name(s) FROM table_name

or we can use the * character to select ALL columns from a table:

SELECT * FROM table_name

Select Data With MySQLi

The following example selects the id, firstname and lastname columns from the
MyGuests table and displays it on the page:

Example (MySQLi Object-oriented)

<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}

$sql = "SELECT id, firstname, lastname FROM MyGuests";

$result = $conn->query($sql);

if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "id: " . $row["id"]. " - Name: " . $row["firstname"]. " " .
$row["lastname"]. "<br>";
}
} else {
 echo "0 results";
}
$conn->close();
?>

Code lines to explain from the example above:

First, we set up an SQL query that selects the id, firstname and lastname columns from
the MyGuests table. The next line of code runs the query and puts the resulting data
into a variable called $result.

Then, the function num_rows() checks if there are more than zero rows returned.

If there are more than zero rows returned, the function fetch_assoc() puts all the results
into an associative array that we can loop through. The while() loop loops through the
result set and outputs the data from the id, firstname and lastname columns.

PHP MySQL Use The WHERE Clause

Select and Filter Data From a MySQL Database

The WHERE clause is used to filter records.

The WHERE clause is used to extract only those records that fulfill a specified
condition.

SELECT column_name(s) FROM table_name WHERE column_name operator value

Select and Filter Data With MySQLi

The following example selects the id, firstname and lastname columns from the
MyGuests table where the last name is "Doe", and displays it on the page:

Example (MySQLi Object-oriented)

<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}

$sql = "SELECT id, firstname, lastname FROM MyGuests WHERE

lastname='Doe'";
$result = $conn->query($sql);

if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "id: " . $row["id"]. " - Name: " . $row["firstname"]. " " .
$row["lastname"]. "<br>";
}
} else {
echo "0 results";
}
$conn->close();
?>

Code lines to explain from the example above:

First, we set up the SQL query that selects the id, firstname and lastname columns from
the MyGuests table where the last name is "Doe". The next line of code runs the query
and puts the resulting data into a variable called $result.

Then, the function num_rows() checks if there are more than zero rows returned.

If there are more than zero rows returned, the function fetch_assoc() puts all the results
into an associative array that we can loop through. The while() loop loops through the
result set and outputs the data from the id, firstname and lastname columns.

PHP MySQL Update Data

The UPDATE statement is used to update existing records in a table:

UPDATE table_name
 SET column1=value, column2=value2,...
WHERE some_column=some_value
Notice the WHERE clause in the UPDATE syntax: The WHERE clause specifies which
record or records that should be updated. If you omit the WHERE clause, all records
will be updated!

Let's look at the "MyGuests" table:

id firstname lastname email reg_date

1 John Doe [email protected] 2014-10-22 14:26:15

2 Mary Moe [email protected] 2014-10-23 10:22:30

The following examples update the record with id=2 in the "MyGuests" table:

Example (MySQLi Object-oriented)

<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}

$sql = "UPDATE MyGuests SET lastname='Doe' WHERE id=2";

if ($conn->query($sql) === TRUE) {

echo "Record updated successfully";
} else {
echo "Error updating record: " . $conn->error;
}

$conn->close();
?>
 PHP MySQL Delete Data

The DELETE statement is used to delete records from a table:

DELETE FROM table_name

WHERE some_column = some_value
Notice the WHERE clause in the DELETE syntax: The WHERE clause specifies which
record or records that should be deleted. If you omit the WHERE clause, all records will
be deleted!

Let's look at the "MyGuests" table:

id firstname lastname email reg_date

1 John Doe [email protected] 2014-10-22 14:26:15

2 Mary Moe [email protected] 2014-10-23 10:22:30

3 Julie Dooley [email protected] 2014-10-26 10:48:23

The following examples delete the record with id=3 in the "MyGuests" table:

Example (MySQLi Object-oriented)

<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}

// sql to delete a record

$sql = "DELETE FROM MyGuests WHERE id=3";

if ($conn->query($sql) === TRUE) {

 echo "Record deleted successfully";
} else {
echo "Error deleting record: " . $conn->error;
}

$conn->close();
?>
PHP MySQL Prepared Statements

Prepared statements are very useful against SQL injections.

Prepared Statements and Bound Parameters

A prepared statement is a feature used to execute the same (or similar) SQL statements
repeatedly with high efficiency.

Prepared statements basically work like this:

1. Prepare: An SQL statement template is created and sent to the database. Certain
values are left unspecified, called parameters (labeled "?"). Example: INSERT
INTO MyGuests VALUES(?, ?, ?)
2. The database parses, compiles, and performs query optimization on the SQL
statement template, and stores the result without executing it
3. Execute: At a later time, the application binds the values to the parameters, and
the database executes the statement. The application may execute the statement
as many times as it wants with different values

Compared to executing SQL statements directly, prepared statements have three main
advantages:

● Prepared statements reduce parsing time as the preparation on the query is done
only once (although the statement is executed multiple times)
● Bound parameters minimize bandwidth to the server as you need send only the
parameters each time, and not the whole query
● Prepared statements are very useful against SQL injections, because parameter
values, which are transmitted later using a different protocol, need not be
 correctly escaped. If the original statement template is not derived from external
input, SQL injection cannot occur.

Prepared Statements in MySQLi

The following example uses prepared statements and bound parameters in MySQLi:

Example (MySQLi with Prepared Statements)

<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}

// prepare and bind

$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname,
email) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $firstname, $lastname, $email);

// set parameters and execute

$firstname = "John";
$lastname = "Doe";
$email = "[email protected]";
$stmt->execute();

$firstname = "Mary";
$lastname = "Moe";
$email = "[email protected]";
$stmt->execute();

$firstname = "Julie";
$lastname = "Dooley";
$email = "[email protected]";
$stmt->execute();

echo "New records created successfully";

$stmt->close();
$conn->close();
?>

Code lines to explain from the example above:

"INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)"

In our SQL, we insert a question mark (?) where we want to substitute in an integer,
string, double or blob value.

Then, have a look at the bind_param() function:

$stmt->bind_param("sss", $firstname, $lastname, $email);

This function binds the parameters to the SQL query and tells the database what the
parameters are. The "sss" argument lists the types of data that the parameters are. The s
character tells mysql that the parameter is a string.

The argument may be one of four types:

● i - integer
● d - double
● s - string
● b - BLOB

We must have one of these for each parameter.

By telling mysql what type of data to expect, we minimize the risk of SQL injections.

Note: If we want to insert any data from external sources (like user input), it is very
important that the data is sanitized and validated.

Prepared Statements in PDO

The following example uses prepared statements and bound parameters in PDO:
 Example (PDO with Prepared Statements)
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDBPDO";

try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username,
$password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

// prepare sql and bind parameters

$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname,
email)
VALUES (:firstname, :lastname, :email)");
$stmt->bindParam(':firstname', $firstname);
$stmt->bindParam(':lastname', $lastname);
$stmt->bindParam(':email', $email);

// insert a row
$firstname = "John";
$lastname = "Doe";
$email = "[email protected]";
$stmt->execute();

// insert another row

$firstname = "Mary";
$lastname = "Moe";
$email = "[email protected]";
$stmt->execute();

// insert another row

$firstname = "Julie";
$lastname = "Dooley";
$email = "[email protected]";
$stmt->execute();

echo "New records created successfully";

} catch(PDOException $e) {
echo "Error: " . $e->getMessage();
}
$conn = null;
?>