Tutorials

PHP Basic Database Handling

by Crayon Violent on Jun 20, 2008 2:06:06 PM

Views: 97998

"Handling a database with PHP" can be a bit misleading. PHP is not the one responsible for doing anything to your database. All it does is send the query string to your database and your database executes the query.

PHP's job is to build that query string. This can be done statically or dynamically. Static means not changing. Dynamic means changing. A static query string would look something like this:

id is assigned the value of 1. It's hardcoded into the script, no changing that whatsoever, unless for instance you use a variable in place of the value, like this:

Using variables is one of the most basic ways of dynamically building a query string. You can also use variables in place of the column name, or even use conditions to dynamically add pieces to the query string. Your query string is just that - a string - so you can use any string manipulation technique, function, construct, etc.. out there on your query string, as long as the end result produces a valid query for your database.

In our script, we are going to execute a few database queries by using some basic methods of dynamic query string creation. There are, of course, a million and one better ways to do what we want to do in this script, but in my experience, elegant coding does not usually make an elegant tutorial example.

Comments

This is an incredible tutorial, i knew how to handle databases but it was so goood to recap, plus a few little things that i learned, and you have a nice way to explain. I had a great time reading it. Thanks :D

1. fearlex on Jun 27, 2008 3:54:27 PM

We're using ODBC-connect, ODBC_exec, etc. How do I create a new record using ODBC? I don't imagine I can do it with mysql commands?

2. Peter Schulte on Jul 23, 2008 6:36:06 PM

Well I don't really know anything about ODBC but they do have their own database handling functions in PHP that are very similar to all of the mysql_xxx counterparts. Here is a link to the functions php offers for ODBC: PHP ODBC functions

A kind of skimmed over the functions and it looks like all you really need to do is switch out the mysql_xxx functions with their ODBC_xxx counterparts.

All the code for the form and receiving info from the user etc.. would not need to be altered.

3. Crayon Violent on Jul 26, 2008 3:02:30 PM

I knew that how to handle the database through PHP, but after reading this tutorial i think it's more than i think. It's really good. Thanks!

4. deepshah on Aug 11, 2008 2:05:41 AM

I've just started to learn how to use PHP with MySQL so this tutorial has been *very* useful!

I had already put together scripts and an html form to accomplish similar things to those shown in the tutorial but with the scripts in several seperate .php files. Having everything in one file makes much more sense!

Many thanks

5. ma2tt on Aug 16, 2008 10:29:59 AM

Great Job 'Crayon Violent'!

I like the way you presented the information.
Where Can I go from here to learn more things.
Please guide me!

Many Thanks!

6. mahender on Nov 24, 2008 4:06:02 AM

Easy enough :) Thanks for the tutorial. Quick question, are the notices always on?

7. bnther on Jun 7, 2009 12:17:31 PM

Awesome tutorial.. covering all the basics without any of the bad practices that seem to be circulating around. I'm wondering if anyone could help me build upon the DELETE query.

What i'm aiming to do is drag through MULTIPLE variables via the GET method and use them both as conditions in the DELETE query. Somthing along the lines of below:

<?php
include("config.php");

// DELETE: if we have a name to delete...
if($_GET['a_id'] || $_GET['question_id']) { <--------------------------------multiple get variables
// little bit of cleaning...
$a_id = mysql_real_escape_string($_GET['a_id']);
$question_id = mysql_real_escape_string($_GET['question_id']);
// delete name from table
$sql = "DELETE FROM forum_answer WHERE a_id = '$a_id' AND question_id = '$question_id'";
$result = mysql_query($sql, $conn) or trigger_error("SQL", E_USER_ERROR);
} // end if

?>

I'm just clutching at straws with the syntax.... any help or advise would be very much aprreciated!

Thanks :)

8. adamfaux on Jun 12, 2009 11:46:13 AM

Your code looks syntactically correct (assuming you spelled your variable names right), so you must be having issues with the logic of it. Can you be more specific as to what you are wanting to accomplish? Your condition checks if either one exists (so in other words, only 1 has to exist for the rest of the code to execute), but then in your query string you are deleting rows where both exist.

If you are always wanting to only delete rows where both are present, you need to change your if statement to && instead of || . Using || will allow for the query to be executed if both exist, so it will work when you want it to, but it will also execute if only one exists, so you will end up executing for instance:

Beyond that, if you are still having issues, shed some more light on your problem.

Another thing I thought I would mention (which was not mentioned in the tutorial because it's not the scope of the tutorial to mention such things), you really should validate your data before using it in your query. mysql_real_escape_string is a good defense against injection attacks (though it does not stop ALL attacks), but it does nothing to validate format.

So for instance, if your columns are type int or something and all you are doing is escaping the data, well that doesn't stop someone from entering something other than numbers.

To make sure that the data only has numbers, you can for instance use ctype_digit

9. Crayon Violent on Jun 13, 2009 8:18:38 AM
Login or register to post a comment.