PHP /MySQL Application Development #SECTION 1 Ways of Connecting to MySQL through PHP In order to store or access the data inside a MySQL database, you first need to connect to the MySQL database server. PHP offers two different ways to connect to MySQL server: MySQLi (Improved MySQL) and PDO (PHP Data Objects) extensions. While the PDO extension is more portable and supports more than twelve different databases, MySQLi extension as the name suggests supports MySQL database only. MySQLi extension however provides an easier way to connect to, and execute queries on, a MySQL database server. Both PDO and MySQLi offer an object-oriented API, but MySQLi also offers a procedural API which is relatively easy for beginners to understand. Connecting to MySQL Database Server In PHP you can easily do this using the mysqli_connect() function. All communication between PHP and the MySQL database server takes place through this connection. Here're the basic syntaxes for connecting to MySQL using MySQLi and PDO extensions: Syntax: MySQLi, Procedural way $link = mysqli_connect("hostname", "username", "password", "database"); Syntax: MySQLi, Object Oriented way $mysqli = new mysqli("hostname", "username", "password", "database"); Syntax: PHP Data Objects (PDO) way $pdo = new PDO("mysql:host=hostname;dbname=database", "username", "password"); “$link” is the database connection resource variable. “mysqli_connect(…)” is the function for php database connection “$hostname” is the name or IP address of the server hosting MySQL server. “$username” is a valid user name in MySQL server. “$password” is a valid password associated with a user name in MySQL server. “$database” is a valid database name in MySQL server. The hostname parameter in the above syntax specify the host name (e.g. localhost), or IP address of the MySQL server, whereas the username and password parameters specifies the credentials to access MySQL server, and the database parameter, if provided will specify the default MySQL database to be used when performing queries. The following example shows how to connect to MySQL database server using MySQLi (both procedural and object oriented way) and PDO extension. <?php /* Attempt MySQL server connection. Assuming you are running MySQL server with default setting (user 'root' with no password) */ $link = mysqli_connect("localhost", "root", ""); // Check connection if($link === false){ die("ERROR: Could not connect. " . mysqli_connect_error()); } // Print host information echo "Connect Successfully. Host info: " . mysqli_get_host_info($link); ?> Closing the MySQL Database Server Connection The connection to the MySQL database server will be closed automatically as soon as the execution of the script ends. However, if you want to close it earlier you can do this by simply calling the PHP mysqli_close() function. <?php /* Attempt MySQL server connection. Assuming you are running MySQL server with default setting (user 'root' with no password) */ $link = mysqli_connect("localhost", "root", ""); // Check connection if($link === false){ die("ERROR: Could not connect. " . mysqli_connect_error()); } // Print host information echo "Connect Successfully. Host info: " . mysqli_get_host_info($link); // Close connection mysqli_close($link); ?> NB: Anytime the application needs to interact with the database, a connection has to be set first to the database server. Creating MySQL Database Using PHP Before saving or accessing the data, we need to create a database first. The CREATE DATABASE statement is used to create a new database in MySQL. Let's make a SQL query using the CREATE DATABASE statement, after that we will execute this SQL query through passing it to the PHP mysqli_query() function to finally create our database. The following example creates a database named demo. <?php /* Attempt MySQL server connection. Assuming you are running MySQL server with default setting (user 'root' with no password) */ $link = mysqli_connect("localhost", "root", ""); // Check connection if($link === false){ die("ERROR: Could not connect. " . mysqli_connect_error()); } // Attempt create database query execution $sql = "CREATE DATABASE demo"; if(mysqli_query($link, $sql)){ echo "Database created successfully"; } else{ echo "ERROR: Could not able to execute $sql. " . mysqli_error($link); } // Close connection mysqli_close($link); ?> Creating Tables inside MySQL Database Using PHP In the previous section we’ve learned how to create a database on MySQL server. Now it's time to create some tables inside the database that will actually hold the data. A table organizes the information into rows and columns. The SQL CREATE TABLE statement is used to create a table in database. Let's make a SQL query using the CREATE TABLE statement, after that we will execute this SQL query through passing it to the PHP mysqli_query() function to finally create our table. <?php /* Attempt MySQL server connection. Assuming you are running MySQL server with default setting (user 'root' with no password) The link connection object has been modified to access the specified database demo created using the above script */ $link = mysqli_connect("localhost", "root", "", "demo"); // Check connection if($link === false){ die("ERROR: Could not connect. " . mysqli_connect_error()); } // Attempt create table query execution $sql = "CREATE TABLE persons( id INT NOT NULL PRIMARY KEY AUTO_INCREMENT, first_name VARCHAR(30) NOT NULL, last_name VARCHAR(30) NOT NULL, email VARCHAR(70) NOT NULL UNIQUE )"; if(mysqli_query($link, $sql)){ echo "Table created successfully."; } else{ echo "ERROR: Could not able to execute $sql. " . mysqli_error($link); } // Close connection mysqli_close($link); ?> The PHP code in the above example creates a table named persons with four columns id, first_name, last_name and email inside the demo database. Notice that each field name is followed by a data type declaration; this declaration specifies what type of data the column can hold, whether integer, string, date, etc. There are a few additional constraints (also called modifiers) that are specified after the column name in the preceding SQL statement, like NOT NULL, PRIMARY KEY, AUTO_INCREMENT, etc. Constraints define rules regarding the values allowed in columns. Please refer to MySQL database tutorial attached in the resources folder in piazza. Inserting Data into a MySQL Database Table Now that you've understood how to create database and tables in MySQL, in this section you will learn how to execute SQL query to insert records into a table. The INSERT INTO statement is used to insert new rows in a database table. Let's make a SQL query using the INSERT INTO statement with appropriate values, after that we will execute this insert query through passing it to the PHP mysqli_query() function to insert data in table. Here's an example, which insert a new row to the persons table by specifying values for the first_name, last_name and email fields. <?php /* Attempt MySQL server connection. Assuming you are running MySQL server with default setting (user 'root' with no password) */ $link = mysqli_connect("localhost", "root", "", "demo"); // Check connection if($link === false){ die("ERROR: Could not connect. " . mysqli_connect_error()); } // Attempt insert query execution $sql = "INSERT INTO persons (first_name, last_name, email) VALUES ('Peter', 'Parker', 'peterparker@mail.com')"; if(mysqli_query($link, $sql)){ echo "Records inserted successfully."; } else{ echo "ERROR: Could not able to execute $sql. " . mysqli_error($link); } // Close connection mysqli_close($link); ?> Inserting Multiple Rows into a Table You can also insert multiple rows into a table with a single insert query at once. To do this, include multiple lists of column values within the INSERT INTO statement, where column values for each row must be enclosed within parentheses and separated by a comma. Let's insert few more rows into the persons table, like this: <?php /* Attempt MySQL server connection. Assuming you are running MySQL server with default setting (user 'root' with no password) */ $link = mysqli_connect("localhost", "root", "", "demo"); // Check connection if($link === false){ die("ERROR: Could not connect. " . mysqli_connect_error()); } // Attempt insert query execution $sql = "INSERT INTO persons (first_name, last_name, email) VALUES ('John', 'Rambo', 'johnrambo@mail.com'), ('Clark', 'Kent', 'clarkkent@mail.com'), ('John', 'Carter', 'johncarter@mail.com'), ('Harry', 'Potter', 'harrypotter@mail.com')"; if(mysqli_query($link, $sql)){ echo "Records added successfully."; } else{ echo "ERROR: Could not able to execute $sql. " . mysqli_error($link); } // Close connection mysqli_close($link); ?> Insert Data into a Database from an HTML Form In the previous section, we have learned how to insert data into database from a PHP script. Now, we'll see how we can insert data into database obtained from an HTML form. Let's create an HTML form that can be used to insert new records to persons table. Step 1: Creating the HTML Form Here's a simple HTML form that has three text <input> fields and a submit button. <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Add Record Form</title> </head> <body> <form action="insert.php" method="post"> <p> <label for="firstName">First Name:</label> <input type="text" name="first_name" id="firstName"> </p> <p> <label for="lastName">Last Name:</label> <input type="text" name="last_name" id="lastName"> </p> <p> <label for="emailAddress">Email Address:</label> <input type="text" name="email" id="emailAddress"> </p> <input type="submit" value="Submit"> </form> </body> </html> Step 2: Retrieving and Inserting the Form Data When a user clicks the submit button of the add record HTML form, in the example above, the form data is sent to 'insert.php' file. The 'insert.php' file connects to the MySQL database server, retrieves forms fields using the PHP $_REQUEST variables and finally execute the insert query to ad d the records. Here is the complete code of our 'insert.php' file: NB: You can also get form data values using $_POST or $_GET methods <?php /* Attempt MySQL server connection. Assuming you are running MySQL server with default setting (user 'root' with no password) */ $link = mysqli_connect("localhost", "root", "", "demo"); // Check connection if($link === false){ die("ERROR: Could not connect. " . mysqli_connect_error()); } // Escape user inputs for security $first_name = mysqli_real_escape_string($link, $_REQUEST['first_name']); $last_name = mysqli_real_escape_string($link, $_REQUEST['last_name']); $email = mysqli_real_escape_string($link, $_REQUEST['email']); // Attempt insert query execution $sql = "INSERT INTO persons (first_name, last_name, email) VALUES ('$first_name', '$last_name', '$email')"; if(mysqli_query($link, $sql)){ echo "Records added successfully."; } else{ echo "ERROR: Could not able to execute $sql. " . mysqli_error($link); } // Close connection mysqli_close($link); ?> PHP mysqli_query function The mysqli_query function is used to execute SQL queries. The function can be used to execute the following query types; Insert Select Update delete It has the following syntax. <?php mysqli_query($link,$query) ; ?> HERE, ―mysqli_query(…)‖ is the function that executes the SQL queries. ―$query‖ is the SQL query to be executed ―$link” is used to pass in the server connection link Processing Inputs Received through a Web Form using prepared statement If you remember from the previous section, we've created an HTML form to insert data into database. Here, we're going to extend that example by implementing the prepared statement. You can use the same HTML form to test the following insert script example, but just make sure that you're using the correct file name in the action attribute of the form. Here's the updated PHP code for inserting the data. If you see the example carefully you'll find we didn't use the mysqli_real_escape_string() to escape the user inputs, like we've done in the previous section example. Since in prepared statements, user inputs are never substituted into the query string directly, so they do not need to be escaped correctly. <?php /* Attempt MySQL server connection. Assuming you are running MySQL server with default setting (user 'root' with no password) */ $link = mysqli_connect("localhost", "root", "", "demo"); // Check connection if($link === false){ die("ERROR: Could not connect. " . mysqli_connect_error()); } // Prepare an insert statement $sql = "INSERT INTO persons (first_name, last_name, email) VALUES (?, ?, ?)"; if($stmt = mysqli_prepare($link, $sql)){ // Bind variables to the prepared statement as parameters mysqli_stmt_bind_param($stmt, "sss", $first_name, $last_name, $email); // Set parameters $first_name = $_REQUEST['first_name']; $last_name = $_REQUEST['last_name']; $email = $_REQUEST['email']; // Attempt to execute the prepared statement if(mysqli_stmt_execute($stmt)){ echo "Records inserted successfully."; } else{ echo "ERROR: Could not execute query: $sql. " . mysqli_error($link); } } else{ echo "ERROR: Could not prepare query: $sql. " . mysqli_error($link); } // Close statement mysqli_stmt_close($stmt); // Close connection mysqli_close($link); ?> Selecting Data from Database Tables In PHP, MySQL fetches results can be obtained by the following functions. All of these functions will fetch only one row per function call. If required, we should call such functions with a loop for getting subsequent MySQL fetch results row by row. mysqli_fetch_row() mysqli_fetch_assoc() mysqli_fetch_array() mysqli_fetch_object() mysqli_fetch_lengths() mysqli_fetch_field() mysqli_fetch_row() This function will fetch data about the single row with which the row pointer currently exists. After fetching the entire row details, it will be returned as an array with number indices corresponding to the MySQL field offset. The mysqli_fetch_row() function requires a resource data that is returned by executing query appropriate with MySQL fetch operations. If no results found for the query, then mysqli_fetch_row() will return NULL. Let us consider the Users table, with table data and structure is as follows. The following PHP program is for fetching MySQL data using mysqli_fetch_row(). Before that, the database connections are made with first two lines as usual. <?php $conn = mysqli_connect("localhost", "root", "test", "blog_samples") or die("Connection Error: " . mysqli_error($conn)); $query = "SELECT * from Users"; $result = mysqli_query($conn, $query) or die(mysqli_error($conn)); $row = mysqli_fetch_row($result); print "<pre>"; print_r($row); print "<pre>"; ?> This program will return values of the entire first row since the row pointer is at the beginning. So the output will be as shown below that can be cross checked with the table data shown already. <?php Array ( [0] => [1] => [2] => [3] => ) 1 admin admin123 student ?> If we want to get all the row information, we should do the same process recursively by iterating through a loop until end of the record. For example, <?php while($row = mysqli_fetch_row($result)) { print "<pre>"; print_r($row); print "<pre>"; } ?> mysqli_fetch_assoc() This function is similar to the mysqli_fetch_row(), except that, it will return an array of row information containing column values are indexed with the column name. So the result type is an associative array where each column name and values of a single row are associated together as name, value pairs. Let us replace mysqli_fetch_row() with mysqli_fetch_assoc() in the above program which will return the following array. Array ( [user_id] => 1 [user_name] => admin [password] => admin123 [user_type] => student ) By using this type of MySQL fetch, we can access the data by its name instead of its offset. Since, remembering the order of fields is too tough for a huge list of columns, accessing by field name is easy and there by this function could be preferred in such scenario. mysqli_fetch_array() This MySQL fetch method returns resultant array with both indices, that is, field offset and field name. So, it would be used most probably by having both option of indexing. Unlike above two functions, mysqli_fetch_array() accepts an optional argument for specifying resultant array index type and its possible values are, MYSQLI_BOTH – It is the default value that would be taken if no second argument is provided for this function. It will provide resultant array with both indices. MYSQLI_NUM – With this option, mysqli_fetch_array() will return array with offset indices as same as mysqli_fetch_row(). MYSQLI_ASSOC – With this option, mysqli_fetch_array() will return array with name indices as same as mysqli_fetch_assoc(). By replacing mysqli_fetch_row() with mysqli_fetch_array(), the output array will be, Array ( [0] => 1 [user_id] => 1 [1] => admin [user_name] => admin [2] => admin123 [password] => admin123 [3] => student [user_type] => student ) mysqli_fetch_object() mysqli_fetch_object() function will return MySQL data with same structure as returned by mysqli_fetch_assoc(), but its type is different. mysqli_fetch_object() returns object whereas mysqli_fetch_assoc() returns array. So, the way of accessing these data will also be differed. For example, if we are required to access user_name, after array fetch, it will be done by, echo $row["user_name"]; Or else after object fetch, it would be, echo $row->user_name; mysqli_fetch_lengths() This PHP function is used to return the string length each column value of the recently fetched row. So, before calculating the string length, any one of the above MySQL fetch functions need to be invoked. For example, the following program is to fetch single row data using mysqli_fetch_object() and to print the corresponding length array to the browser. <?php $conn = mysqli_connect("localhost", "root", "test", "blog_samples") or die("Connection Error: " . mysqli_error($conn)); $query = "SELECT * from Users"; $result = mysqli_query($conn, $query) or die(mysqli_error($conn)); $row = mysqli_fetch_object($result); $student_length = mysqli_fetch_lengths($result); print "<pre>"; print_r($row); print_r($student_length); print "<pre>"; ?> And the output is, stdClass Object ( [user_id] => 1 [user_name] => admin [password] => admin123 [user_type] => student ) Array ( [0] => 1 [1] => 5 [2] => 8 [3] => 7 ) Obviously, the object properties array and the length array are returned as shown above that could be cross checked manually to ensure the property value length is correct as expected. mysqli_fetch_field() Unlike above functions, mysqli_fetch_field() is for getting MySQL Database table’s field information instead of record data. And, this function also fetch one field per call and need loop implementation for getting more fields. These information array will be returned as an object which includes properties like, table name, field name, field maximum length, primary key flag offset and etc. For example, the user_id field details of Users table is returned as follows. stdClass Object ( [name] => user_id [table] => Users [def] => [max_length] => 1 [not_null] => 1 [primary_key] => 1 [multiple_key] => 0 [unique_key] => 0 [numeric] => 1 [blob] => 0 [type] => int [unsigned] => 0 [zerofill] => 0 ) So far you have learnt how to create database and table as well as inserting data. Now it's time to retrieve data what have inserted in the preceding tutorial. The SQL SELECT statement is used to select the records from database tables. Its basic syntax is as follows: SELECT column1_name, column2_name, columnN_name FROM table_name; Let's make a SQL query using the SELECT statement, after that we will execute this SQL query through passing it to the PHP mysqli_query() function to retrieve the table data. Consider our persons database table has the following records: +----+------------+-----------+----------------------+ | id | first_name | last_name | email | +----+------------+-----------+----------------------+ | 1 | Peter | Parker | peterparker@mail.com | | 2 | John | Rambo | johnrambo@mail.com | | 3 | Clark | Kent | clarkkent@mail.com | | 4 | John | Carter | johncarter@mail.com | | 5 | Harry | Potter | harrypotter@mail.com | +----+------------+-----------+----------------------+ The PHP code in the following example selects all the data stored in the persons table (using the asterisk character (*) in place of column name selects all the data in the table). <?php /* Attempt MySQL server connection. Assuming you are running MySQL server with default setting (user 'root' with no password) */ $link = mysqli_connect("localhost", "root", "", "demo"); // Check connection if($link === false){ die("ERROR: Could not connect. " . mysqli_connect_error()); } // Attempt select query execution $sql = "SELECT * FROM persons"; if($result = mysqli_query($link, $sql)){ if(mysqli_num_rows($result) > 0){ echo "<table>"; echo "<tr>"; echo "<th>id</th>"; echo "<th>first_name</th>"; echo "<th>last_name</th>"; echo "<th>email</th>"; echo "</tr>"; while($row = mysqli_fetch_array($result)){ echo "<tr>"; echo "<td>" echo "<td>" echo "<td>" echo "<td>" echo "</tr>"; . . . . $row['id'] . "</td>"; $row['first_name'] . "</td>"; $row['last_name'] . "</td>"; $row['email'] . "</td>"; } echo "</table>"; // Free result set mysqli_free_result($result); } else{ echo "No records matching your query were found."; } } else{ echo "ERROR: Could not able to execute $sql. " . mysqli_error($link); } // Close connection mysqli_close($link); ?> Explanation of Code (Procedural style) In the example above, the data returned by the mysqli_query() function is stored in the $result variable. Each time mysqli_fetch_array() is invoked, it returns the next row from the result set as an array. The while loop is used to loops through all the rows in the result set. Finally the value of individual field can be accessed from the row either by passing the field index or field name to the $row variable like $row['id'] or $row[0], $row['first_name'] or $row[1], $row['last_name'] or $row[2], and $row['email'] or $row[3]. Counting Rows Before you can go through the data in your result variable, you must know how many database rows there are. You could, of course, just type this into your code but it is not a very good solution as the whole script would need to be changed every time a new row was added. Instead you can use the command: $num=mysqli_num_rows($result); This will set the value of $num to be the number of rows stored in $result (the output you got from the database). This can then be used in a loop to get all the data and output it on the screen If you want to use the for loop you can obtain the loop counter value or the number of rows returned by the query by passing the $result variable to the mysqli_num_rows() function. This loop counter value determines how many times the loop should run. PHP mysqli_fetch_array function The mysqli_fetch_array function is used fetch row arrays from a query result set. It has the following syntax. <?php mysqli_fetch_array($result); ?> HERE, “mysqli_fetch_array(…)” is the function for fetching row arrays “$result” is the result returned by the mysqli_query function. Filtering the Records The WHERE clause is used to extract only those records that fulfill a specified condition. The basic syntax of the WHERE clause can be given with: SELECT column_name(s) FROM table_name WHERE column_name operator value Let's make a SQL query using the WHERE clause in SELECT statement, after that we'll execute this query through passing it to the PHP mysqli_query() function to get the filtered data. Consider we've a persons table inside the demo database that has following records: +----+------------+-----------+----------------------+ | id | first_name | last_name | email | +----+------------+-----------+----------------------+ | 1 | Peter | Parker | peterparker@mail.com | | 2 | John | Rambo | johnrambo@mail.com | | 3 | Clark | Kent | clarkkent@mail.com | | 4 | John | Carter | johncarter@mail.com | | 5 | Harry | Potter | harrypotter@mail.com | +----+------------+-----------+----------------------+ The following PHP code selects all the rows from the persons table where first_name='john': <?php /* Attempt MySQL server connection. Assuming you are running MySQL server with default setting (user 'root' with no password) */ $link = mysqli_connect("localhost", "root", "", "demo"); // Check connection if($link === false){ die("ERROR: Could not connect. " . mysqli_connect_error()); } // Attempt select query execution $sql = "SELECT * FROM persons WHERE first_name='john'"; if($result = mysqli_query($link, $sql)){ if(mysqli_num_rows($result) > 0){ echo "<table>"; echo "<tr>"; echo "<th>id</th>"; echo "<th>first_name</th>"; echo "<th>last_name</th>"; echo "<th>email</th>"; echo "</tr>"; while($row = mysqli_fetch_array($result)){ echo "<tr>"; echo "<td>" echo "<td>" echo "<td>" echo "<td>" echo "</tr>"; . . . . $row['id'] . "</td>"; $row['first_name'] . "</td>"; $row['last_name'] . "</td>"; $row['email'] . "</td>"; } echo "</table>"; // Close result set mysqli_free_result($result); } else{ echo "No records matching your query were found."; } } else{ echo "ERROR: Could not able to execute $sql. " . mysqli_error($link); } // Close connection mysqli_close($link); ?> After filtration the result set will look something like this: +----+------------+-----------+---------------------+ | id | first_name | last_name | email | +----+------------+-----------+---------------------+ | 2 | John | Rambo | johnrambo@mail.com | | 4 | John | Carter | johncarter@mail.com | +----+------------+-----------+---------------------+ Limiting Result Sets The LIMIT clause is used to constrain the number of rows returned by the SELECT statement. This feature is very helpful for optimizing the page loading time as well as to enhance the readability of a website. For example you can divide the large number of records in multiple pages using pagination, where limited number of records will be loaded on every page from the database when a user request for that page by clicking on pagination link. The basic syntax of the LIMIT clause can be given with: SELECT column_name(s) FROM table_name LIMIT row_offset, row_count; The LIMIT clause accepts one or two parameters which must be a nonnegative integer: When two parameters are specified, the first parameter specifies the offset of the first row to return i.e. the starting point, whereas the second parameter specifies the number of rows to return. The offset of the first row is 0 (not 1). Whereas, when only one parameter is given, it specifies the maximum number of rows to return from the beginning of the result set. For example, to retrieve the first three rows, you can use the following query: SELECT * FROM persons LIMIT 3; To retrieve the rows 2-4 (inclusive) of a result set, you can use the following query: SELECT * FROM persons LIMIT 1, 3; Let's make a SQL query using the LIMIT clause in SELECT statement, after that we will execute this query through passing it to the PHP mysqli_query() function to get the limited number of records. Consider the following persons table inside the demo database: +----+------------+-----------+----------------------+ | id | first_name | last_name | email | +----+------------+-----------+----------------------+ | 1 | Peter | Parker | peterparker@mail.com | | 2 | John | Rambo | johnrambo@mail.com | | 3 | Clark | Kent | clarkkent@mail.com | | 4 | John | Carter | johncarter@mail.com | | 5 | Harry | Potter | harrypotter@mail.com | +----+------------+-----------+----------------------+ The PHP code in the following example will display just three rows from the persons table. <?php /* Attempt MySQL server connection. Assuming you are running MySQL server with default setting (user 'root' with no password) */ $link = mysqli_connect("localhost", "root", "", "demo"); // Check connection if($link === false){ die("ERROR: Could not connect. " . mysqli_connect_error()); } // Attempt select query execution $sql = "SELECT * FROM persons LIMIT 3"; if($result = mysqli_query($link, $sql)){ if(mysqli_num_rows($result) > 0){ echo "<table>"; echo "<tr>"; echo "<th>id</th>"; echo "<th>first_name</th>"; echo "<th>last_name</th>"; echo "<th>email</th>"; echo "</tr>"; while($row = mysqli_fetch_array($result)){ echo "<tr>"; echo "<td>" . $row['id'] . "</td>"; echo "<td>" . $row['first_name'] . "</td>"; echo "<td>" . $row['last_name'] . "</td>"; echo "<td>" . $row['email'] . "</td>"; echo "</tr>"; } echo "</table>"; // Close result set mysqli_free_result($result); } else{ echo "No records matching your query were found."; } } else{ echo "ERROR: Could not able to execute $sql. " . mysqli_error($link); } // Close connection mysqli_close($link); ?> After limiting the result set the output will look something like this: +----+------------+-----------+----------------------+ | id | first_name | last_name | email | +----+------------+-----------+----------------------+ | 1 | Peter | Parker | peterparker@mail.com | | 2 | John | Rambo | johnrambo@mail.com | | 3 | Clark | Kent | clarkkent@mail.com | +----+------------+-----------+----------------------+ Ordering the Result Set The ORDER BY clause can be used in conjugation with the SELECT statement to see the data from a table ordered by a specific field. The ORDER BY clause lets you define the field name to sort against and the sort direction either ascending or descending. The basic syntax of this clause can be given with: SELECT column_name(s) FROM table_name ORDER BY column_name(s) ASC|DESC Let's make a SQL query using the ORDER BY clause in SELECT statement, after that we will execute this query through passing it to the PHP mysqli_query() function to get the ordered data. Consider the following persons table inside the demo database: +----+------------+-----------+----------------------+ | id | first_name | last_name | email | +----+------------+-----------+----------------------+ | 1 | Peter | Parker | peterparker@mail.com | | 2 | John | Rambo | johnrambo@mail.com | | 3 | Clark | Kent | clarkkent@mail.com | | 4 | John | Carter | johncarter@mail.com | | 5 | Harry | Potter | harrypotter@mail.com | +----+------------+-----------+----------------------+ The PHP code in the following example selects all rows from the persons table and sorts the result by the first_name column in the alphabetically ascending order. <?php /* Attempt MySQL server connection. Assuming you are running MySQL server with default setting (user 'root' with no password) */ $link = mysqli_connect("localhost", "root", "", "demo"); // Check connection if($link === false){ die("ERROR: Could not connect. " . mysqli_connect_error()); } // Attempt select query execution with order by clause $sql = "SELECT * FROM persons ORDER BY first_name"; if($result = mysqli_query($link, $sql)){ if(mysqli_num_rows($result) > 0){ echo "<table>"; echo "<tr>"; echo "<th>id</th>"; echo "<th>first_name</th>"; echo "<th>last_name</th>"; echo "<th>email</th>"; echo "</tr>"; while($row = mysqli_fetch_array($result)){ echo "<tr>"; echo "<td>" . $row['id'] . "</td>"; echo "<td>" . $row['first_name'] . "</td>"; echo "<td>" . $row['last_name'] . "</td>"; echo "<td>" . $row['email'] . "</td>"; echo "</tr>"; } echo "</table>"; // Close result set mysqli_free_result($result); } else{ echo "No records matching your query were found."; } } else{ echo "ERROR: Could not able to execute $sql. " . mysqli_error($link); } // Close connection mysqli_close($link); ?> After ordering the result, the result set will look something like this: +----+------------+-----------+----------------------+ | id | first_name | last_name | email | +----+------------+-----------+----------------------+ | 3 | Clark | Kent | clarkkent@mail.com | | 5 | Harry | Potter | harrypotter@mail.com | | 2 | John | Rambo | johnrambo@mail.com | | 4 | John | Carter | johncarter@mail.com | | 1 | Peter | Parker | peterparker@mail.com | +----+------------+-----------+----------------------+ Updating Database Table Data The UPDATE statement is used to change or modify the existing records in a database table. This statement is typically used in conjugation with the WHERE clause to apply the changes to only those records that matches specific criteria. The basic syntax of the UPDATE statement can be given with: UPDATE table_name SET column1=value, column2=value2,... WHERE column_name=some_value Let's make a SQL query using the UPDATE statement and WHERE clause, after that we will execute this query through passing it to the PHP mysqli_query() function to update the tables records. Consider the following persons table inside the demo database: +----+------------+-----------+----------------------+ | id | first_name | last_name | email | +----+------------+-----------+----------------------+ | 1 | Peter | Parker | peterparker@mail.com | | 2 | John | Rambo | johnrambo@mail.com | | 3 | Clark | Kent | clarkkent@mail.com | | 4 | John | Carter | johncarter@mail.com | | 5 | Harry | Potter | harrypotter@mail.com | +----+------------+-----------+----------------------+ The PHP code in the following example will update the email address of a person in the persons table whose id is equal to 1. <?php /* Attempt MySQL server connection. Assuming you are running MySQL server with default setting (user 'root' with no password) */ $link = mysqli_connect("localhost", "root", "", "demo"); // Check connection if($link === false){ die("ERROR: Could not connect. " . mysqli_connect_error()); } // Attempt update query execution $sql = "UPDATE persons SET email='peterparker_new@mail.com' WHERE id=1"; if(mysqli_query($link, $sql)){ echo "Records were updated successfully."; } else { echo "ERROR: Could not able to execute $sql. " . mysqli_error($link); } // Close connection mysqli_close($link); ?> After update the persons table will look something like this: +----+------------+-----------+--------------------------+ | id | first_name | last_name | email | +----+------------+-----------+--------------------------+ | 1 | Peter | Parker | peterparker_new@mail.com | | 2 | John | Rambo | johnrambo@mail.com | | 3 | Clark | Kent | clarkkent@mail.com | | 4 | John | Carter | johncarter@mail.com | | 5 | Harry | Potter | harrypotter@mail.com | +----+------------+-----------+--------------------------+ Deleting Database Table Data Just as you insert records into tables, you can delete records from a table using the SQL DELETE statement. It is typically used in conjugation with the WHERE clause to delete only those records that matches specific criteria or condition. The basic syntax of the DELETE statement can be given with: DELETE FROM table_name WHERE column_name=some_value Let's make a SQL query using the DELETE statement and WHERE clause, after that we will execute this query through passing it to the PHP mysqli_query() function to delete the tables records. Consider the following persons table inside the demo database: +----+------------+-----------+----------------------+ | id | first_name | last_name | email | +----+------------+-----------+----------------------+ | 1 | Peter | Parker | peterparker@mail.com | | 2 | John | Rambo | johnrambo@mail.com | | 3 | Clark | Kent | clarkkent@mail.com | | 4 | John | Carter | johncarter@mail.com | | 5 | Harry | Potter | harrypotter@mail.com | +----+------------+-----------+----------------------+ The PHP code in the following example will delete the records of those persons from the persons table whose first_name is equal to John. <?php /* Attempt MySQL server connection. Assuming you are running MySQL server with default setting (user 'root' with no password) */ $link = mysqli_connect("localhost", "root", "", "demo"); // Check connection if($link === false){ die("ERROR: Could not connect. " . mysqli_connect_error()); } // Attempt delete query execution $sql = "DELETE FROM persons WHERE first_name='John'"; if(mysqli_query($link, $sql)){ echo "Records were deleted successfully."; } else{ echo "ERROR: Could not able to execute $sql. " . mysqli_error($link); } // Close connection mysqli_close($link); ?> After the deletion the persons table will look something like this: +----+------------+-----------+----------------------+ | id | first_name | last_name | email | +----+------------+-----------+----------------------+ | 1 | Peter | Parker | peterparker@mail.com | | 3 | Clark | Kent | clarkkent@mail.com | | 5 | Harry | Potter | harrypotter@mail.com | +----+------------+-----------+----------------------+ As you can see the records has been deleted successfully from the persons table. #SECTION 2 Implementing User Authentication Mechanism User authentication is very common in modern web application. It is a security mechanism that is used to restrict unauthorized access to member-only areas and tools on a site. In this tutorial we'll create a simple registration and login system using the PHP and MySQL. This tutorial is comprised of two parts: in the first part we'll create a user registration form, and in the second part we'll create a login form, as well as a welcome page and a logout script. Building the Registration System In this section we'll build a registration system that allows users to create a new account by filling out a web form. But, first we need to create a table that will hold all the user data. Step 1: Creating the Database Table Execute the following SQL query to create the users table inside your MySQL database. CREATE TABLE users ( id INT NOT NULL PRIMARY KEY AUTO_INCREMENT, username VARCHAR(50) NOT NULL UNIQUE, password VARCHAR(255) NOT NULL, created_at DATETIME DEFAULT CURRENT_TIMESTAMP ); Please check out the tutorial on MySQL Database tutorial file in your resources folder for the detailed information about syntax for creating tables in MySQL database system. Step 2: Creating the Config File After creating the table, we need create a PHP script in order to connect to the MySQL database server. Let's create a file named "config.php" and put the following code inside it. <?php /* Database credentials. Assuming you are running MySQL server with default setting (user 'root' with no password) */ define('DB_SERVER', 'localhost'); define('DB_USERNAME', 'root'); define('DB_PASSWORD', ''); define('DB_NAME', 'demo'); /* Attempt to connect to MySQL database */ $link = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME); // Check connection if($link === false){ die("ERROR: Could not connect. " . mysqli_connect_error()); } ?> Step 3: Creating the Registration Form Let's create another PHP file "register.php" and put the following example code in it. This example code will create a web form that allows user to register themselves. This script will also generate errors if a user tries to submit the form without entering any value, or if username entered by the user is already taken by another user. <?php // Include config file require_once "config.php"; // Define variables and initialize with empty values $username = $password = $confirm_password = ""; $username_err = $password_err = $confirm_password_err = ""; // Processing form data when form is submitted if($_SERVER["REQUEST_METHOD"] == "POST"){ // Validate username if(empty(trim($_POST["username"]))){ $username_err = "Please enter a username."; } elseif(!preg_match('/^[a-zA-Z0-9_]+$/', trim($_POST["username"]))){ $username_err = "Username can only contain letters, numbers, and underscores."; } else{ $username = trim($_POST["username"]); // Prepare a select statement $sql = "SELECT id FROM users WHERE username = '$username'"; $stmt = mysqli_query($link, $sql) or die(mysqli_error($link)); if($stmt){ if(mysqli_num_rows($stmt) == 1){ $username_err = "This username is already taken."; } else{ $username = trim($_POST["username"]); } } else{ echo "Oops! Something went wrong. Please try again later."; } } // Validate password if(empty(trim($_POST["password"]))){ $password_err = "Please enter a password."; } elseif(strlen(trim($_POST["password"])) < 6){ $password_err = "Password must have atleast 6 characters."; } else{ $password = trim($_POST["password"]); } // Validate confirm password if(empty(trim($_POST["confirm_password"]))){ $confirm_password_err = "Please confirm password."; } else{ $confirm_password = trim($_POST["confirm_password"]); if(empty($password_err) && ($password != $confirm_password)){ $confirm_password_err = "Password did not match."; } } // Check input errors before inserting in database if(empty($username_err) && empty($password_err) && empty($confirm_password_err)){ $password=password_hash($password, PASSWORD_DEFAULT); // Prepare an insert statement $sql = "INSERT INTO users (username, password) VALUES ('$username', '$password')"; if($stmt = mysqli_query($link, $sql)){ header("location: login.php"); } else{ echo "Oops! Something went wrong. Please try again later."; } } // Close connection mysqli_close($link); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Sign Up</title> <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.cs s"> <style> body{ font: 14px sans-serif; } .wrapper{ width: 360px; padding: 20px; } </style> </head> <body> <div class="wrapper"> <h2>Sign Up</h2> <p>Please fill this form to create an account.</p> <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post"> <div class="form-group"> <label>Username</label> <input type="text" name="username" class="form-control <?php echo (!empty($username_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $username; ?>"> <span class="invalid-feedback"><?php echo $username_err; ?></span> </div> <div class="form-group"> <label>Password</label> <input type="password" name="password" class="form-control <?php echo (!empty($password_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $password; ?>"> <span class="invalid-feedback"><?php echo $password_err; ?></span> </div> <div class="form-group"> <label>Confirm Password</label> <input type="password" name="confirm_password" class="formcontrol <?php echo (!empty($confirm_password_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $confirm_password; ?>"> <span class="invalid-feedback"><?php echo $confirm_password_err; ?></span> </div> <div class="form-group"> <input type="submit" class="btn btn-primary" value="Submit"> <input type="reset" class="btn btn-secondary ml-2" value="Reset"> </div> <p>Already have an account? <a href="login.php">Login here</a>.</p> </form> </div> </body> </html> The output of the above example (i.e. signup form) will look something like this: From the above example, we have used the PHP's inbuilt password_hash() function to create a password hash from the password string entered by the user (line no-78). This function creates a password hash using a strong one-way hashing algorithm. It also generates and applies a random salt automatically when hashing the password; this basically means that even if two users have the same passwords, their password hashes will be different. At the time of login we'll verify the given password with the password hash stored in the database using the PHP password_verify() function, as demonstrated in the next example. We've used the Bootstrap framework to make the form layouts quickly and beautifully. Please, checkout the Bootstrap tutorial section to learn more about this framework. Building the Login System In this section we'll create a login form where user can enter their username and password. When user submit the form these inputs will be verified against the credentials stored in the database, if the username and password match, the user is authorized and granted access to the site, otherwise the login attempt will be rejected. Step 1: Creating the Login Form Let's create a file named "login.php" and place the following code inside it. <?php // Initialize the session session_start(); // Check if the user is already logged in, if yes then redirect him to welcome page if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){ header("location: welcome.php"); exit; } // Include config file require_once "config.php"; // Define variables and initialize with empty values $username = $password = ""; $username_err = $password_err = $login_err = ""; // Processing form data when form is submitted if($_SERVER["REQUEST_METHOD"] == "POST"){ // Check if username is empty if(empty(trim($_POST["username"]))){ $username_err = "Please enter username."; } else{ $username = trim($_POST["username"]); } // Check if password is empty if(empty(trim($_POST["password"]))){ $password_err = "Please enter your password."; } else{ $password = trim($_POST["password"]); } // Validate credentials if(empty($username_err) && empty($password_err)){ // Prepare a select statement $sql = "SELECT id, username, password FROM users WHERE username = '$username'"; if($stmt = mysqli_query($link, $sql)){ // Check if username exists, if yes then verify password if(mysqli_num_rows($stmt) == 1){ $obj=mysqli_fetch_object($stmt); $hashed_password=$obj->password; if(password_verify($password, $hashed_password)){ // Password is correct, so start a new session session_start(); // Store data in session variables $_SESSION["loggedin"] = true; $_SESSION["id"] = $id; $_SESSION["username"] = $username; // Redirect user to welcome page header("location: welcome.php"); } else{ // Password is not valid, display a generic error message $login_err = "Invalid username or password."; } } else{ // Username doesn't exist, display a generic error message $login_err = "Invalid username or password."; } } else{ echo "Oops! Something went wrong. Please try again later."; } } // Close connection mysqli_close($link); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Login</title> <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.cs s"> <style> body{ font: 14px sans-serif; } .wrapper{ width: 360px; padding: 20px; } </style> </head> <body> <div class="wrapper"> <h2>Login</h2> <p>Please fill in your credentials to login.</p> <?php if(!empty($login_err)){ echo '<div class="alert alert-danger">' . $login_err . '</div>'; } ?> <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post"> <div class="form-group"> <label>Username</label> <input type="text" name="username" class="form-control <?php echo (!empty($username_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $username; ?>"> <span class="invalid-feedback"><?php echo $username_err; ?></span> </div> <div class="form-group"> <label>Password</label> <input type="password" name="password" class="form-control <?php echo (!empty($password_err)) ? 'is-invalid' : ''; ?>"> <span class="invalid-feedback"><?php echo $password_err; ?></span> </div> <div class="form-group"> <input type="submit" class="btn btn-primary" value="Login"> </div> <p>Don't have an account? <a href="register.php">Sign up now</a>.</p> </form> </div> </body> </html> The output of the above example (i.e. login form) will look something like this: Step 2: Creating the Welcome Page Here's the code of our "welcome.php" file, where user is redirected after successful login. <?php // Initialize the session session_start(); // Check if the user is logged in, if not then redirect him to login page if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){ header("location: login.php"); exit; } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Welcome</title> <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.cs s"> <style> body{ font: 14px sans-serif; text-align: center; } </style> </head> <body> <h1 class="my-5">Hi, <b><?php echo htmlspecialchars($_SESSION["username"]); ?></b>. Welcome to our site.</h1> <p> <a href="reset-password.php" class="btn btn-warning">Reset Your Password</a> <a href="logout.php" class="btn btn-danger ml-3">Sign Out of Your Account</a> </p> </body> </html> If data comes from external sources like form filled in by anonymous users, there is a risk that it may contain malicious script indented to launch cross-site scripting (XSS) attacks. Therefore, you must escape this data using the PHP htmlspecialchars() function before displaying it in the browser, so that any HTML tag it contains becomes harmless. For example, after escaping special characters the string <script>alert("XSS")</script> becomes &lt;script&gt;alert("XSS")&lt;/script&gt; which is not executed by the browser. Step 3: Creating the Logout Script Now, let's create a "logout.php" file. When the user clicks on the log out or sign out link, the script inside this file destroys the session and redirect the user back to the login page. <?php // Initialize the session session_start(); // Unset all of the session variables $_SESSION = array(); // Destroy the session. session_destroy(); // Redirect to login page header("location: login.php"); exit; ?> Adding the Password Reset Feature Finally, in this section we will add the password reset utility to our login system. Using this feature logged in users can instantly reset their own password for their accounts. Let's create a file named "reset-password.php" and place the following code inside it. <?php // Initialize the session session_start(); // Check if the user is logged in, otherwise redirect to login page if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){ header("location: login.php"); exit; } // Include config file require_once "config.php"; // Define variables and initialize with empty values $new_password = $confirm_password = ""; $new_password_err = $confirm_password_err = ""; // Processing form data when form is submitted if($_SERVER["REQUEST_METHOD"] == "POST"){ // Validate new password if(empty(trim($_POST["new_password"]))){ $new_password_err = "Please enter the new password."; } elseif(strlen(trim($_POST["new_password"])) < 6){ $new_password_err = "Password must have atleast 6 characters."; } else{ $new_password = trim($_POST["new_password"]); } // Validate confirm password if(empty(trim($_POST["confirm_password"]))){ $confirm_password_err = "Please confirm the password."; } else{ $confirm_password = trim($_POST["confirm_password"]); if(empty($new_password_err) && ($new_password != $confirm_password)){ $confirm_password_err = "Password did not match."; } } // Check input errors before updating the database if(empty($new_password_err) && empty($confirm_password_err)){ $param_password=password_hash($new_password, PASSWORD_DEFAULT); $param_id = $_SESSION["id"]; // Prepare an update statement $sql = "UPDATE users SET password = '$param_password' WHERE id = '$param_id'"; if($stmt = mysqli_query($link, $sql)){ session_destroy(); header("location: login.php"); exit(); } else{ echo "Oops! Something went wrong. Please try again later."; } } // Close connection mysqli_close($link); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Reset Password</title> <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.cs s"> <style> body{ font: 14px sans-serif; } .wrapper{ width: 360px; padding: 20px; } </style> </head> <body> <div class="wrapper"> <h2>Reset Password</h2> <p>Please fill out this form to reset your password.</p> <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post"> <div class="form-group"> <label>New Password</label> <input type="password" name="new_password" class="formcontrol <?php echo (!empty($new_password_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $new_password; ?>"> <span class="invalid-feedback"><?php echo $new_password_err; ?></span> </div> <div class="form-group"> <label>Confirm Password</label> <input type="password" name="confirm_password" class="formcontrol <?php echo (!empty($confirm_password_err)) ? 'is-invalid' : ''; ?>"> <span class="invalid-feedback"><?php echo $confirm_password_err; ?></span> </div> <div class="form-group"> <input type="submit" class="btn btn-primary" value="Submit"> <a class="btn btn-link ml-2" href="welcome.php">Cancel</a> </div> </form> </div> </body> </html> PHP has a rich collection of built-in functions for manipulating MySQL databases, strings, dates etc. #SECTION 3: PHP FILE UPLOAD Server-side file upload can be easily implemented using PHP. There are various ways available to upload files to server and display them on the webpage e.g images, zip files, PDF files, document files, text files, video files, audio files on a remote web server. Generally, in a dynamic web application, the uploaded file is stored in a directory of the server and the file name is inserted in the database. Later, the files are retrieved from the server based on the file name stored in the database and display on the web page. The file can be uploaded directly to the database without storing on the server. But it will increase the database size and web page load time. So, it’s always a good idea to upload images to the server and store file names in the database. In this section, i will show you the entire process to upload and store an image file in MySQL database using PHP. Once the form is submitted information about the uploaded file can be accessed via PHP superglobal array called $_FILES. For example, our upload form contains a file select field called photo (i.e. name="photo")(see below), if any user uploaded a file using this field, we can obtains its details like the name, type, size, temporary name or any error occurred while attempting the upload via the $_FILES["file"] associative array, like this: $_FILES["file"]["name"] — This array value specifies the original name of the file, including the file extension. It doesn't include the file path. $_FILES["file"]["type"] — This array value specifies the MIME type of the file. $_FILES["file"]["size"] — This array value specifies the file size, in bytes. $_FILES["file"]["tmp_name"] — This array value specifies the temporary name including full path that is assigned to the file once it has been uploaded to the server. $_FILES["file"]["error"] — This array value specifies error or status code associated with the file upload, e.g. it will be 0, if there is no error. NB: Before performing file uploads you need to ascertain that your server environment permits file uploads and that you have necessary configurations set in php.ini file. Important configuration items include: max_execution_time, memory_limit, file_uploads, upload_max_filesize ,and max_file_uploads The example code demonstrates the process to implement the file upload functionality in the web application and the following functionality will be implemented. HTML form to upload image. Upload image to server using PHP. Store file name in the database using PHP and MySQL. Retrieve images from the database and display in the web page. Create Database Table To store the image file name a table need to be created in the database. The following SQL creates an images table with some basic fields in the MySQL database. CREATE TABLE `images` ( `id` int(11) NOT NULL AUTO_INCREMENT, `file_name` varchar(255) COLLATE utf8_unicode_ci NOT NULL, `uploaded_on` datetime NOT NULL, `status` enum('1','0') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1', PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; Database Configuration (config.php) The config.php file is used to connect and select the MySQL database. Specify the database hostname (DB_SERVER), username (DB_USERNAME), password (DB_PASSWORD), and name (DB_NAME) as per your MySQL credentials. <?php /* Database credentials. Assuming you are running MySQL server with default setting (user 'root' with no password) */ define('DB_SERVER', 'localhost'); define('DB_USERNAME', 'root'); define('DB_PASSWORD', ''); define('DB_NAME', 'demo'); /* Attempt to connect to MySQL database */ $link = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME); // Check connection if($link === false){ die("ERROR: Could not connect. " . mysqli_connect_error()); } ?> Upload Form HTML Create an HTML form to allow the user to choose a file they want to upload. Make sure <form> tag contains the following attributes. Also, method="post" enctype="multipart/form-data" make sure <input> tag contains type="file" attribute. <form action="upload.php" method="post" enctype="multipart/form-data"> Select Image File to Upload: <input type="file" name="file"> <input type="submit" name="submit" value="Upload"> </form> Output The file upload form will be submitted to the upload.php file to upload image to the server. Upload File to Server and Store in Database (upload.php) The upload.php file handles the image upload functionality and shows the status message to the user. Include the database configuration file to connect and select the MySQL database. Get the file extension using pathinfo() function in PHP and validate the file format to check whether the user selects an image file. Upload image to server using move_uploaded_file() function in PHP. Insert image file name in the MySQL database using PHP. Upload status will be shown to the user. <?php // Include the database configuration file include 'config.php'; $statusMsg = ''; // File upload path $targetDir = "uploads/"; $fileName = basename($_FILES["file"]["name"]); $targetFilePath = $targetDir.$fileName; $fileType = pathinfo($targetFilePath,PATHINFO_EXTENSION); if(isset($_POST["submit"]) && !empty($_FILES["file"]["name"])){ // Allow certain file formats $allowTypes = array('jpg','png','jpeg','gif','pdf'); if(in_array($fileType, $allowTypes)){ // Upload file to server if(move_uploaded_file($_FILES["file"]["tmp_name"], $targetFilePath)){ // Insert image file name into database $insert = mysqli_query($link,"INSERT into images (file_name, uploaded_on) VALUES ('".$fileName."', NOW())"); if($insert){ $statusMsg = "The file ".$fileName. " has been uploaded successfully."; }else{ $statusMsg = "File upload failed, please try again."; } }else{ $statusMsg = "Sorry, there was an error uploading your file."; } }else{ $statusMsg = 'Sorry, only JPG, JPEG, PNG, GIF, & PDF files are allowed to upload.'; } }else{ $statusMsg = 'Please select a file to upload.'; } // Display status message echo $statusMsg; ?> Look at this other example. Create index.php - this is the main file containing user interface. It has an upload form and a HTML table to display the list of uploaded files from database along with 'View' & 'Download' links for them. <?php include_once 'config.php'; // fetch files $sql = "select file_name, uploaded_on from images"; $result = mysqli_query($link, $sql); ?> <!DOCTYPE html> <html> <head> <title>Upload View & Download file in PHP and MySQL | Demo</title> <meta content="width=device-width, initial-scale=1.0" name="viewport" > <link rel="stylesheet" href="css/bootstrap.css" type="text/css" /> </head> <body> <br/> <div class="container"> <div class="row"> <div class="col-xs-8 col-xs-offset-2 well"> <form action="upload.php" method="post" enctype="multipart/formdata"> <legend>Select File to Upload:</legend> <div class="form-group"> <input type="file" name="file" /> </div> <div class="form-group"> <input type="submit" name="submit" value="Upload" class="btn btn-info"/> </div> <?php if(isset($_GET['st'])) { ?> <div class="alert alert-danger text-center"> <?php if ($_GET['st'] == 'success') { echo "File Uploaded Successfully!"; } else { echo 'Invalid File Extension!'; } ?> </div> <?php } ?> </form> </div> </div> <div class="row"> <div class="col-xs-8 col-xs-offset-2"> <table class="table table-striped table-hover"> <thead> <tr> <th>#</th> <th>File Name</th> <th>View</th> <th>Download</th> </tr> </thead> <tbody> <?php $i = 1; while($row = mysqli_fetch_array($result)) { ?> <tr> <td><?php echo $i++; ?></td> <td><?php echo $row['filename']; ?></td> <td><a href="uploads/<?php echo $row['filename']; ?>" target="_blank">View</a></td> <td><a href="uploads/<?php echo $row['filename']; ?>" download>Download</td> </tr> <?php } ?> </tbody> </table> </div> </div> </div> </body> </html> Create the upload.php file to perform the file upload logic <?php include('config.php'); //check if form is submitted if (isset($_POST['submit'])) { $filename = $_FILES['file']['name']; //upload file if($filename != '') { $ext = pathinfo($filename, PATHINFO_EXTENSION); $allowed = ['pdf', 'txt', 'doc', 'docx', 'png', 'jpg', 'jpeg', 'gif']; //check if file type is valid if (in_array($ext, $allowed)) { // get last record id $sql = 'select max(id) as id from images'; $result = mysqli_query($link, $sql); if (count($result) > 0) { $row = mysqli_fetch_array($result); $filename = ($row['id']+1) . '-' . $filename; } else $filename = '1' . '-' . $filename; //set target directory $path = 'uploads/'; $created = @date('Y-m-d H:i:s'); move_uploaded_file($_FILES['file1']['tmp_name'],($path . $filename)); // insert file details into database $sql = "INSERT INTO images(filename, uploaded_on) VALUES('$filename', '$created')"; mysqli_query($link, $sql); header("Location: index.php?st=success"); } else { header("Location: index.php?st=error"); } } else header("Location: index.php"); } ?> Output If file upload logic fails, the following message is returned. Else if, all goes well, the output in figure 2 is shown. Figure 1:Error message Figure 2:Successful file upload #SECTION 4: What is CRUD CRUD is an acronym for Create, Read, Update, and Delete. CRUD operations are basic data manipulation for database. We've already learned how to perform create (i.e. insert), read (i.e. select), update and delete operations in previous sections. In this tutorial we'll create a simple PHP application to perform all these operations on a MySQL database table at one place. Well, let's start by creating the table which we'll use in our entire example. Creating the Database Table Execute the following SQL query to create a table named employees inside your MySQL database. We will use this table for all of our future operations. CREATE TABLE employees ( id INT NOT NULL PRIMARY KEY AUTO_INCREMENT, name VARCHAR(100) NOT NULL, address VARCHAR(255) NOT NULL, salary INT(10) NOT NULL ); Creating the Config File After creating the table, we need create a PHP script in order to connect to the MySQL database server. Let's create a file named "config.php" and put the following code inside it. We'll later include this config file in other pages using the PHP require_once() function. <?php /* Database credentials. Assuming you are running MySQL server with default setting (user 'root' with no password) */ define('DB_SERVER', 'localhost'); define('DB_USERNAME', 'root'); define('DB_PASSWORD', ''); define('DB_NAME', 'demo'); /* Attempt to connect to MySQL database */ $link = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME); // Check connection if($link === false){ die("ERROR: Could not connect. " . mysqli_connect_error()); } ?> Creating the Landing Page First we will create a landing page for our CRUD application that contains a data grid showing the records from the employees database table. It also has action icons for each record displayed in the grid, that you may choose to view its details, update it, or delete it. We'll also add a create button on the top of the data grid that can be used for creating new records in the employees table. Create a file named "index.php" and put the following code in it: <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Dashboard</title> <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.cs s"> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/fontawesome/4.7.0/css/font-awesome.min.css"> <script src="https://code.jquery.com/jquery-3.5.1.min.js"></script> <script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js"></ script> <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"> </script> <style> .wrapper{ width: 600px; margin: 0 auto; } table tr td:last-child{ width: 120px; } </style> <script> $(document).ready(function(){ $('[data-toggle="tooltip"]').tooltip(); }); </script> </head> <body> <div class="wrapper"> <div class="container-fluid"> <div class="row"> <div class="col-md-12"> <div class="mt-5 mb-3 clearfix"> <h2 class="pull-left">Employees Details</h2> <a href="create.php" class="btn btn-success pullright"><i class="fa fa-plus"></i> Add New Employee</a> </div> <?php // Include config file require_once "config.php"; // Attempt select query execution $sql = "SELECT * FROM employees"; if($result = mysqli_query($link, $sql)){ if(mysqli_num_rows($result) > 0){ echo '<table class="table table-bordered tablestriped">'; echo "<thead>"; echo "<tr>"; echo "<th>#</th>"; echo "<th>Name</th>"; echo "<th>Address</th>"; echo "<th>Salary</th>"; echo "<th>Action</th>"; echo "</tr>"; echo "</thead>"; echo "<tbody>"; while($row = mysqli_fetch_array($result)){ echo "<tr>"; echo "<td>" . $row['id'] . "</td>"; echo "<td>" . $row['name'] . "</td>"; echo "<td>" . $row['address'] . "</td>"; echo "<td>" . $row['salary'] . "</td>"; echo "<td>"; echo '<a href="read.php?id='. $row['id'] .'" class="mr-3" title="View Record" data-toggle="tooltip"><span class="fa fa-eye"></span></a>'; echo '<a href="update.php?id='. $row['id'] .'" class="mr-3" title="Update Record" data-toggle="tooltip"><span class="fa fa-pencil"></span></a>'; echo '<a href="delete.php?id='. $row['id'] .'" title="Delete Record" data-toggle="tooltip"><span class="fa fa-trash"></span></a>'; echo "</td>"; echo "</tr>"; } echo "</tbody>"; echo "</table>"; // Free result set mysqli_free_result($result); } else{ echo '<div class="alert alert-danger"><em>No records were found.</em></div>'; } } else{ echo "Oops! Something went wrong. Please try again later."; } // Close connection mysqli_close($link); ?> </div> </div> </div> </div> </body> </html> NB: In our class discussions, we have used a bootstrap admin dashboard, which already have the main structure of our intended Electoral Management System. All required CSS and Javascript libraries required for boostrap framework to work are already included in the package. In the example above, those libraries are obtained externally using link and script elements in the HTML document . Once employees table is populated with some records the landing page i.e. the CRUD data grid may look something like the picture shown below: Assignment Using the above examples and illustrations, You should be able to create a prototype of an electoral management system using the Bootstrap (Front-end) and PHP/MySql (Back -end). Kindly make sure you have captured all relevant information for the voters. You should also be in a position to upload user’s profile photo as part of data that is captured during registration. Refer to PHP_BASICS_LECTURE2_4 file as well as PHP file uploads section [4] for more info. System users: Voters, Admin As per now, we expect that registered voters should be able to login to the system. When a voter logs in to the system, he should be able to see his/her profile information. Once the admin personnel logs in to the system, he/she should as well be able to see his/her profile information. He should also have access to voter’s data management interfaces ie. Registration, Voter listing, and (update and delete) action buttons.