Professional Documents
Culture Documents
Outline
• MySQL • Methods to use
• How it works • Connecting to a database
• Data Types • Querying a database
• Data Definition Language • Exercise
• Data Manipulation Language • Exercise Solution
• MySQL Comments • Prepared Statements
• Where clause • Tips and Tricks
• Comparison Operators • Resources
• ORDER Clause • Course Project
• LIMIT Clause • Assignment
• Escaping Characters
• MySQL Joins
• Using MySQL in PHP
MySQL
MySQL is a Relational Database Management System
(RDBMS) which stores data in a structured way ( in tables ).
It allows for retrieving data using Structured Query Language
(SQL).
Request
Web Server Web Browser
( Apache with PHP ) Response
Result set
Query
MySQL Server
How it works
How tables look like ?
Example :
Examples:
Removing a database:
SELECT statement:
It is used to get data from a table.
Example :
SELECT * FROM employees
The previous statement should select all the data from the employees
table.
SELECT first_name FROM employees
This should return the column “first_name”
Data Manipulation Language
INSERT statements
They are used to insert a new row into a table.
Examples:
Example:
This will update all the rows in the employees table setting
the “first_name” to “Mohamed”
Data Manipulation Language
DELETE statements
These statements are used delete rows from a table.
Example:
Examples:
Examples:
Examples:
Cars Table
id model CC employee_id
1 BMW 1600 1
2 Hyundai 1600 2
3 Honda 1800 3
4 Fiat 1600 4
MySQL Joins
The previous tables are employees and cars tables. Every car
has an owner which is an employee.
If we need to get data from these 2 tables, we will need to
join them like the following :
Result set
name model
Ahmed BMW
Mohamed Hyundai
Sara Honda
Marwa Fiat
Using MySQL in PHP
To achieve dynamism, a connection between a language and
database is essential.
PHP has a great MySQL support. There are various methods/
approaches that we could use to connect to MySQL in PHP.
Methods to use
We have 3 methods of code styles that we can use to
connect to MySQL in PHP.
1- Procedural approach.
2- MySQLi approach.
3- PDO ( PHP Data Objects ) approach.
$dsn = 'mysql:dbname=testdb;host=127.0.0.1';
$user = 'dbuser';
$password = 'dbpass';
try {
$connection = new PDO($dsn, $user, $password);
} catch (PDOException $e) {
echo 'Connection failed: ' . $e->getMessage();
}
?>
Querying a database
Here we will need to display the last name of the people
with first_name = ‘Mohamed’.
<?php
$sql = "SELECT * FROM employees WHERE first_name =
'Mohamed'";
$result = $connection->query($sql);
foreach ($result as $row) {
print $row['last_name'] . "<br/>";
}
?>
Querying a database
Inserting a new row into employees table :
<?php
$sql = “INSERT INTO employees SET first_name = ‘Ahmed’,
last_name = ‘Gamal’, salary = 300";
$connection->query($sql);
?>
Querying a database
Getting the number of rows in the result set:
<?php
$sql = "SELECT * FROM employees WHERE first_name =
'Mohamed'";
$result = $connection->query($sql);
try {
$connection = new PDO($dsn, $user, $password);
$sql = "INSERT INTO employees SET first_name = '" . $connection->quote($_POST['first_name']) . "',
last_name = '" . $connection->quote($_POST['last_name']) . "', salary = " . $connection->quote($_POST['salary'])
. ", dateofbirth = '" . $connection->quote($_POST['dateofbirth']) . "'";
$connection->query($sql);
echo "Record has been added.";
} catch (PDOException $e) {
echo 'Connection failed: ' . $e->getMessage();
}
?>
Escaping values passed to MySQL
It is advised that any values sent to MySQL should be
escaped using the function called “quote” (like the previous
example). In addition to preventing syntax errors in SQL
statements, it is a top security concern ( google “SQL
injection”, for more information about this type of security
issue).
PDO::quote($str);
Prepared statements
Prepared statements are the ability to set up a statement
once, and then execute it many times with different
parameters.
Example :
<?php
$connection = new PDO($dsn, $user, $password);
$sql = "INSERT INTO employees SET first_name = ? , last_name = ?, salary = ?,
dateofbirth = ?";
$sth = $connection->prepare($sql);
$sth->bindParam(1, $_POST['first_name']);
$sth->bindParam(2, $_POST['last_name']);
$sth->bindParam(3, $_POST['salary']);
$sth->bindParam(4, $_POST['dateofbirth']);
$sth->execute()
?>
Prepared statements
2-Named parameters:
<?php
$sql = "INSERT INTO employees SET first_name = :first_name , last_name =
:last_name, salary = :salary, dateofbirth = :dateofbirth";
$sth = $connection->prepare($sql);
$sth->bindParam(':first_name', $_POST['first_name']);
$sth->bindParam(':last_name', $_POST['last_name']);
$sth->bindParam(':salary', $_POST['salary']);
$sth->bindParam(':dateofbirth', $_POST['dateofbirth']);
$sth->execute();
?>
Prepared statements
Why to use prepared statements: