Difference between revisions of "PHP and MySQL"
(Created page with 'MySQL is great, but it's not useful for web applications without a way to integrate it with your application logic. This article discusses how to query MySQL from within PHP. T…') |
|||
| Line 2: | Line 2: | ||
This guide assumes that you already know how SQL queries are structured. If you don't, read [[MySQL Schema and State]] first. This guide also assumes that you have a working copy of MySQL. If you don't, read [[Introduction to MySQL]] also. | This guide assumes that you already know how SQL queries are structured. If you don't, read [[MySQL Schema and State]] first. This guide also assumes that you have a working copy of MySQL. If you don't, read [[Introduction to MySQL]] also. | ||
| + | |||
| + | == PHP Libraries for Database Manipulation == | ||
| + | |||
| + | PHP comes with many different ways of querying databases. This guide instructs you on how to use '''MySQL Improved Prepared Statements''', which is a cleaner, more elegant way to perform queries on your database. | ||
| + | |||
| + | == Connecting to a MySQL Database in PHP == | ||
| + | |||
| + | To connect to a database using the MySQL Improved interface, use the mysqli command: | ||
| + | |||
| + | <source lang="php"> | ||
| + | <?php | ||
| + | $mysqli = new mysqli('localhost', 'username', 'password', 'databasename'); | ||
| + | |||
| + | if(mysqli_connect_errno()) { | ||
| + | echo "Connection Failed: " . mysqli_connect_errno(); | ||
| + | exit; | ||
| + | } | ||
| + | ?> | ||
| + | </source> | ||
| + | |||
| + | You need to run this code before you can perform ''any'' other query on your database. Many PHP web developers put this code in a separate file and '''require''' it into other files that require database access. | ||
| + | |||
| + | You should create a new MySQL user with minimal privileges just for PHP to use. | ||
| + | |||
| + | == Performing INSERT Queries == | ||
| + | |||
| + | The first type of prepared query we will discuss are INSERT queries. | ||
| + | |||
| + | Suppose you had a form that submitted the following information: | ||
| + | |||
| + | * '''first''', the user's first name | ||
| + | * '''last''', the user's last name | ||
| + | * '''dept''', the user's department | ||
| + | |||
| + | You could insert data received from the form into the employees database using the following PHP code: | ||
| + | |||
| + | <source lang="php"> | ||
| + | <?php | ||
| + | require 'database.php'; | ||
| + | |||
| + | $first = $_POST['first']; | ||
| + | $last = $_POST['last']; | ||
| + | $dept = $_POST['dept']; | ||
| + | |||
| + | $stmt = $myqli->prepare("insert into employees (first_name, last_name, department) values (?, ?, ?)"); | ||
| + | if(!$stmt){ | ||
| + | echo "Query Prep Failed: ".$mysqli->error; | ||
| + | exit; | ||
| + | } | ||
| + | |||
| + | $stmt->bind_param('sss', $first, $last, $dept); | ||
| + | |||
| + | $stmt->execute(); | ||
| + | |||
| + | $stmt->close(); | ||
| + | |||
| + | ?> | ||
| + | </source> | ||
| + | |||
| + | The query that will end up being executed by the above code is: | ||
| + | |||
| + | <source lang="mysql"> | ||
| + | insert into employees (first_name, last_name, department) values ('John', 'Deere', 'EECE') | ||
| + | </source> | ||
| + | |||
| + | Notice how the MySQLi interface uses object-oriented PHP. Refer to [[PHP#Object-Oriented PHP|the PHP guide]] if you need a refresher on object-oriented PHP. | ||
| + | |||
| + | === bind_param() === | ||
| + | |||
| + | The most tricky line in the above example is the '''bind_param''' line. Here's how it works. | ||
| + | |||
| + | The first parameter defines the data types of data to be inserted into the query. It is a string with one character per data type. The possible data types are: | ||
| + | |||
| + | * '''i''' - Integer | ||
| + | * '''d''' - Decimal | ||
| + | * '''s''' - String | ||
| + | * '''b''' - Blob | ||
| + | |||
| + | Note that data types in queries are ''not'' the same as data types in schemas. For instance, when saving a date into MySQL, you need to use a string representation of the data (except for timestamp, which uses an integer), so you would use the '''s''' option. | ||
| + | |||
| + | The remaining parameters define values associated with each of the question marks in your query. | ||
| + | |||
| + | In the example above, there are three question marks in the query, all of which are strings, and so the first argument to '''bind_params''' is 'sss'. The remaining three parameters is the information itself to be "injected" into the query. | ||
| + | |||
| + | <source lang="php"> | ||
| + | </source> | ||
| + | |||
| + | <source lang="php"> | ||
| + | </source> | ||
| + | |||
| + | <source lang="php"> | ||
| + | </source> | ||
| + | |||
| + | <source lang="php"> | ||
| + | </source> | ||
[[Category:Module 3]] | [[Category:Module 3]] | ||
Revision as of 05:02, 23 August 2012
MySQL is great, but it's not useful for web applications without a way to integrate it with your application logic. This article discusses how to query MySQL from within PHP.
This guide assumes that you already know how SQL queries are structured. If you don't, read MySQL Schema and State first. This guide also assumes that you have a working copy of MySQL. If you don't, read Introduction to MySQL also.
Contents
PHP Libraries for Database Manipulation
PHP comes with many different ways of querying databases. This guide instructs you on how to use MySQL Improved Prepared Statements, which is a cleaner, more elegant way to perform queries on your database.
Connecting to a MySQL Database in PHP
To connect to a database using the MySQL Improved interface, use the mysqli command:
<?php
$mysqli = new mysqli('localhost', 'username', 'password', 'databasename');
if(mysqli_connect_errno()) {
echo "Connection Failed: " . mysqli_connect_errno();
exit;
}
?>
You need to run this code before you can perform any other query on your database. Many PHP web developers put this code in a separate file and require it into other files that require database access.
You should create a new MySQL user with minimal privileges just for PHP to use.
Performing INSERT Queries
The first type of prepared query we will discuss are INSERT queries.
Suppose you had a form that submitted the following information:
- first, the user's first name
- last, the user's last name
- dept, the user's department
You could insert data received from the form into the employees database using the following PHP code:
<?php
require 'database.php';
$first = $_POST['first'];
$last = $_POST['last'];
$dept = $_POST['dept'];
$stmt = $myqli->prepare("insert into employees (first_name, last_name, department) values (?, ?, ?)");
if(!$stmt){
echo "Query Prep Failed: ".$mysqli->error;
exit;
}
$stmt->bind_param('sss', $first, $last, $dept);
$stmt->execute();
$stmt->close();
?>
The query that will end up being executed by the above code is:
insert into employees (first_name, last_name, department) values ('John', 'Deere', 'EECE')
Notice how the MySQLi interface uses object-oriented PHP. Refer to the PHP guide if you need a refresher on object-oriented PHP.
bind_param()
The most tricky line in the above example is the bind_param line. Here's how it works.
The first parameter defines the data types of data to be inserted into the query. It is a string with one character per data type. The possible data types are:
- i - Integer
- d - Decimal
- s - String
- b - Blob
Note that data types in queries are not the same as data types in schemas. For instance, when saving a date into MySQL, you need to use a string representation of the data (except for timestamp, which uses an integer), so you would use the s option.
The remaining parameters define values associated with each of the question marks in your query.
In the example above, there are three question marks in the query, all of which are strings, and so the first argument to bind_params is 'sss'. The remaining three parameters is the information itself to be "injected" into the query.
