Skip to main content

MYSQLi PHP Basics without prepared statements


MySQLi and PDO are object oriented and support Prepared Statements (also support Transactions, Stored Procedures and more). Prepared Statements are very important for web application security, as they protect from SQL injection. Using Prepared Statements you do not have to escape strings before insert them in Database. Moreover, PDO offers support for many databases (not only MySQL).

Establish a database connection

$DBServer = 'localhost';  // or an IP address
$DBUser   = 'root';
$DBPass   = 'your password';
$DBName   = 'dbname';
 $conn = new mysqli($DBServer, $DBUser, $DBPass, $DBName);

// check connection
if ($conn->connect_error) {
trigger_error('Database connection failed: '  . $conn->connect_error, E_USER_ERROR);
}

//select rows

$sql='SELECT * FROM users';
$rs=$conn->query($sql);
  $rows_returned = $rs->num_rows;
echo $rows_returned;  //returns number of rows

//loop through the records
$rs->data_seek(0);
while($row = $rs->fetch_assoc()){
    echo $row['id'] . '<br>';
}

//insert

$sql="INSERT INTO users VALUES ($id)";
if($conn->query($sql) === false) {
  trigger_error('Wrong SQL: ' . $sql . ' Error: ' . $conn->error, E_USER_ERROR);
} else {
  $last_inserted_id = $conn->insert_id;
  $affected_rows = $conn->affected_rows;
}

//update 

$sql="UPDATE tbl SET col1_varchar=$v1, col2_number=1 WHERE id>10";

if($conn->query($sql) === false) {
  trigger_error('Wrong SQL: ' . $sql . ' Error: ' . $conn->error, E_USER_ERROR);
} else {
  $affected_rows = $conn->affected_rows;
}


//delete

$sql="DELETE FROM tbl WHERE id>10";

if($conn->query($sql) === false) {
  trigger_error('Wrong SQL: ' . $sql . ' Error: ' . $conn->error, E_USER_ERROR);
} else {
  $affected_rows = $conn->affected_rows;
}
Remember to escape_string when inserting since you are not using prepared sql statements.

$conn->real_escape_string('col1_value')
Labels:

Comments

  1. Sinelogix21 July 2020 at 02:12

    Thank you, I appreciate that I getting a lot of good and reliable information from your post. Thanks for sharing such kind of nice and wonderful post.

    Php Web Development Company Bangalore | Website Developer In India | Internet Marketing Company in Bangalore | Hire Magento Developer In India

    ReplyDelete

Post a Comment

Popular posts from this blog

Ten output devices, advantages and disadvantages, inter-site back-up mechanism, Expert systems for medical diagnosis,information systems security

(i)Printer Printer enables us to produce information output on paper. It is one of the most popular computer output devices we often use to get information on paper - called hard copy. Advantage They produce high quality paper output for presentation at a speedy rate. It is also possible to share the printer among different users in a network. Disadvantage The cost for maintenance of the printer equipment as well printing ink is cumulatively high. (ii) Plotters These devices are used to produce graphical outputs on paper. They have automated pens that make line drawings on paper Advantage They can produce neat drawings on a piece of paper based on user commands. In Computer Aided Design (CAD) they are used to produce paper prototypes that aid in design of the final system. Disadvantage They are more expensive than printers. Further, the command based interface is difficult to use. (iii)Monitor It is...
8 comments
Read more

Start Wamp server on windows automatically permanently

For those that have completely refused to use linux platforms for development, you might find this useful. As with all (aspiring) web developers, it’s always important to test your projects locally before putting it out there for the entire web community to see. One must-have developer tool for this purpose is WAMPServer. We’ve all wished it’s automatically up and running when we need it. These easy steps will help you automate WAMPServer to run on system start-up. For those unfamiliar with WAMPServer, it is a development package that lets you run web development projects locally. WAMP stands for Windows, Apache, MySQL, PHP/Perl/Python. It’s basically four programs packaged to work as one. WAMP basically turns any Windows PC into a localized web server. The Linux counterpart is called LAMP, obviously. Once WAMPServer is installed in your PC, you’ll be able to test your web projects before putting it into the live environment. But I always found it a hassle to manually s...
2 comments
Read more

simple basic object oriented java code for employee salary calculation

import java.io.*; import java.util.Scanner; public class Employees {     Scanner scan=new Scanner(System.in);     String Fname;   int EmpID;  int DOB; double Allowance;   double Salary;     public void getDetails(){   System.out.println("Enter the first name");   Fname=scan.next();   System.out.println("Enter the ID number");   EmpID=scan.nextInt();   System.out.println("Enter the date of birth");   DOB=scan.nextInt();   System.out.println("Enter the salary");   Salary=scan.nextDouble();   Allowance=0.6*Salary;     }    public void printReport(){    System.out.println(Fname+"\t"+EmpID+"\t"+calGross()+"\t"+calPayee()+"\t"+calNetIncome());    }    public double calGross(){        return Salary + Allowance;    }    public double calPayee(){     ...
18 comments
Read more