|
Quick-links:
Example program connecting to a MySQL database;
and an
Example program connecting to an oracle database.
This chapter will focus on accessing MySql database tables from PHP programs. In DB1, you worked with an Oracle database. For this course, we'll show examples using MySql, for two shallow reasons:
Quick-links:
Example program connecting to a MySQL database;
and an
Example program connecting to an oracle database.
no video: We talked about, in class, the basics of using php to create a string holding your DB query.
$conn = mysqli_connect(hostname, username, password, schemaToUse ); // @param hostname For php.radford.edu, use 'localhost' // @param username the database account, which is the same as your RU userid // @param password the *database* password. // @param schemaToUse your RU userid (again!) -- it's a DB account *and* a DB-schema. |
If the database connection fails, you want to throw an exception:
A common expediency is to crash — by calling die. This is lousy practice — exceptions are explicitly created for this purpose instead! (and it's not any more difficult to do). Some notes:
$connect = mysqli_connect(...) || die('connect failed.'); echo "The connection ", ($connect ? "" : "NOT "), "established.\n"; |
Common strategy: Put your 'connect' statements into a separate, included file. (a) This helps because you'll be re-using this code many times; (b) even if you show_source of the main file, your password is in the other file.
One kludgy way of doing this is to have the include-file store the connection it creates in a special variable — perhaps “theConnection” — and then all your files using the database will all have to remember ot use that one variable (and not to use that variable themselves).
Better, I suggest having that file define a function named something like DB_connect_as_ibarland(), and it returns the database connection. That lets each file use whatever variable it wants to store the result (though yes, each file still needs to not trample on the name of that function.)
It's also possible to simply have the external file define a couple variables (like $dbUserName = … and $dbUserPasswd = …), and keep that file non-public.
$var = 'Amy Johnson'; $qu = "INSERT INTO $tablename (numItems,product,custName) VALUES (17,'abc','$var')"; $allRows = mysqli_query($connect, $qu); |
SELECT -
video via distance section: We talked about this material in class, week of apr.04
$qu = "SELECT * FROM $tablename WHERE (product = 'abc')"; |
while ($oneRow = mysqli_fetch_assoc($allRows)) { # Note use of `=` for assignment *and* return value echo $oneRow['custName'], " bought ", $oneRow['product']; } |
aside: There are a bunch of concepts raised, by the above code.
- What is the abstract type of a database table? What type does php use?
- What's the difference between a set and (say) a list?
- What is the abstract type of a table-row? What type does php use?
- An assignment statement, inside a loop-condition?!
- Is that even allowed? (assignments as expressions)
- Is it good practice? If not, why is it even allowed?
- How does Java's Scanner avoid this, when reading input?
See also: mysqli_fetch_all: it gets the entire table into a single array. What are the efficiency implications of this? (And, do we care?)
You might want to check for an error — something like the database complaining that it wasn't a valid SQL statement, or that the database connection had been lost (after being previously created).
$allRows = mysqli_query($connect, $qry); // A table object (possibly w/ 0 rows); NULL on query-failure. if (!$allRows) echo "query failed -- lost connection?"; |
If you know your query should always return 1 row, so you won't have a loop. Other times, you just want to know whether the query returned 0 or 1 rows (e.g., you queried something like studentID='1234' and libraryFine = 0). In that case, you might have:
$allRows = mysqli_query($connect, $qry); // A table object (possibly w/ 0 rows); NULL on query-failure. if (!$allRows) echo "query failed -- lost connection?"; $topRow = mysqli_fetch_array($allRows); if (!$topRow) { echo "table had 0 rows" } else { echo "table had (at least) 1 row". } |
$allRows = mysqli_query($connect, $qry); // A table object (possibly w/ 0 rows); NULL on query-failure.
if (!$allRows) echo "query failed -- lost connection?";
$numRows = mysqli_num_rows($allRows);
if ($numRows == 0) {
echo "table had 0 rows"
}
else if ($numRows == 1) {
echo "table had exactly 1 row".
$topRow = mysqli_fetch_array($allRows);
}
else {
echo <<<END_OF_MSG
Table had more than 1 row.
If I think my query shouldn't every yield > 1 row,
then I might just have built my query incorrectly.
OR, if I incorporated user-input when building my query,
then my code may have just succumbed to a SQL-injection attack!
Read below, about using mysqli_real_escape_string on user-input,
before splicing it into a SQL query.
END_OF_MSG;
} |
$qu = "DELETE FROM $tablename WHERE (field1 = 'abc')"; |
$qu = "UPDATE $tablename SET $field_name1 = 'abc' , $field_name2 = '$newval' WHERE ($field_name1 = '$var')"; $allRows = mysqli_query($connect, $qu); |
Warning:In order to get a Foreign Key constraint, you must create both tables involved with the Storage Engine option as "InnoDB". (Sadly, on php.radford.edu, this isn't installed, and you have to settle for the MyISAM engine which doesn't allow Foreign Key constraints.)
You can either include the FK constraint with the CREATE TABLE command, or you can create the table (perhaps using the GUI view) and then go back and add the FK constraint one of two ways:
- Via a raw SQL command: In yourTable » SQL, type in the exact SQL command, such as:
-- To create a FK: -- make column `actor` in table `Movies` has to refer to some entry in table `Actors` column `name`: alter table Movies add constraint Movies_actor_FK Foreign key (actor) references Actors(name) -- To delete: alter table Goo drop foreign key Goo_ij_FK -- it seems odd to me, to say 'drop foreign key ...' rather than 'drop constraint ...'.- Via the GUI: In yourTable » Structure » Relation View, in the column to the right of internal, you can set the foreign key. (That column won’t be there if not using InnoDB.) You can't use the GUI approach if your key involves a composite key.
Warning: MySQL ignores check constraints — it lets you specify them, but ignores them w/o letting you know(!).
Rumor: I saw one reasonable-sounding post that claimed that you also have to build an index on both the source and destination key-columns.
tip: If googling problems, stackoverflow tends to have better-curated answers than most sites. (e.g. this one)
$theItem = "coffee"; $theQuery = "SELECT * FROM Inventory WHERE (product = $theItem)"; $results = mysqli_query($connect, $theQuery ); |
This is a very common sort of error, and it can be detected/debugged by printing $theQuery, and running that query on the database by hand to check whether it really is legal SQL.
A2: If somebody had entered the four-character string “M&Ms” we would not want want to look in our database for something including the characters “amp”. (Our database should include the correct name of the product; we'll turn “M&Ms” into “M&Ms” only when we display that on a web page — but not in emails, internal reports, etc..)
A3: What if the user had entered a name that contains a single-quote? Then the string-you-made-and-though-was-valid-SQL suddenly might not be valid SQL any more. See the next lecture, re SQL Injection!
This page licensed CC-BY 4.0 Ian Barland Page last generated | Please mail any suggestions (incl. typos, broken links) to ibarlandradford.edu |