Lihtsaid php ja mysql näiteid
Allpool on näited kasutajana fstudent ja andmebaasiga facebook, 2011 praksis kasuta userit rstudent ja andmebaasi reddit, samuti tee oma tabelid.
Hello world php-s: http://dijkstra.cs.ttu.ee/~tammet/k1.php
Algus.<p> <?php echo '<p>Hello World</p>'; ?> <p>Lopp.
Nii saab uurida PHP settungeid, praksis see otseselt oluline ei ole: http://dijkstra.cs.ttu.ee/~tammet/k2.php
Algus.<p> <?php echo '<p>calling phpinfo():</p>'; phpinfo(); ?> <p>Lopp.
Esimene andmebaasipäring: http://dijkstra.cs.ttu.ee/~tammet/k3.php
Algus.<p>
<?php
$con = mysql_connect("localhost","fstudent","student");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("facebook", $con);
$result = mysql_query("SELECT * FROM users");
while($row = mysql_fetch_array($result)) {
echo $row['username'] . " " . $row['name'];
echo "<br />";
}
mysql_close($con);
?>
<p>Lopp.
Kui $_REQUEST väljadel ei ole väärtust, siis annab PHP rämeda warningu: http://dijkstra.cs.ttu.ee/~tammet/k4.php
<body> Algus. <p> <?php echo "Hi, I'm a <b>PHP</b> script with input a: "; echo $_REQUEST['a']; echo " and input b: "; echo $_REQUEST['b']; ?> <form method="post"> a <input type="text" name="a" autocomplete="off"><br> b <input type="text" name="b" autocomplete="off"><br> <input type="submit"> </form> <p> Lopp. </body>
Warningu vältimiseks on mõistlik kasutada isset kontrollifunktsiooni: http://dijkstra.cs.ttu.ee/~tammet/k5.php
<body>
Algus.
<p>
<?php
if (isset($_REQUEST['a'])) {
echo "<br>input a: ";
echo $_REQUEST['a'];
}
if (isset($_REQUEST['b'])) {
echo "<br>input b: ";
echo $_REQUEST['b'];
}
?>
<form method="post">
a <input type="text" name="a" autocomplete="off"><br>
b <input type="text" name="b" autocomplete="off"><br>
<input type="submit">
</form>
<p>
Lopp.
</body>
Andmebaasipäring, kus me ise paneme kokku sql where tingimuse vastavalt kasutaja antud väärtustele (siin näites ei ole see turvaliselt tehtud, vaata paari järgmist). http://dijkstra.cs.ttu.ee/~tammet/k6.php
<body>
Algus.
<p>
<?php
$con = mysql_connect("localhost","fstudent","student");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
$sex = "X";
mysql_select_db("facebook", $con);
if (isset($_REQUEST['sex'])) {
$sex = $_REQUEST['sex'];
}
$q="SELECT * from users where sex='$sex'";
echo "query: $q <br>";
$result = mysql_query($q);
echo "leitud:<p>";
while($row = mysql_fetch_array($result)) {
echo $row['username'] . " " . $row['name'];
echo "<br />";
}
mysql_close($con);
?>
<form method="post">
sex <input type="text" name="sex" autocomplete="off"><br>
<input type="submit">
</form>
<p>
Lopp.
Veidi keerukama where tingimuse kokkuklopsimine kasutaja antud väärtustest (endiselt ei ole turvaline): http://dijkstra.cs.ttu.ee/~tammet/k7.php
<body>
Algus.
<p>
<?php
$q="";
$c="";
function addcond($fld) {
global $q, $c;
if (isset($_REQUEST[$fld]) && $_REQUEST[$fld]!="") {
if ($c!="") $c=$c . " and ";
$c=$c . " $fld='" . $_REQUEST[$fld] ."' ";
}
}
function main() {
global $q, $c;
$con = mysql_connect("localhost","fstudent","student");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("facebook", $con);
$q="SELECT * from users where ";
$c="";
addcond("username");
addcond("name");
addcond("sex");
if ($c=="") {
echo "<p>palun sisesta midagi otsinguvaljadele!<p>";
} else {
$q=$q . $c;
echo "query: " . $q . "<br>";
$result = mysql_query($q);
echo "leitud:<p>";
while($row = mysql_fetch_array($result)) {
echo $row['username'] . " " . $row['name'];
echo "<br />";
}
}
mysql_close($con);
}
main();
?>
<form method="post">
username <input type="text" name="username" autocomplete="off"><br>
name <input type="text" name="name" autocomplete="off"><br>
sex <input type="text" name="sex" autocomplete="off"><br>
<input type="submit">
</form>
<p>
Lopp.
</body>
Siin paneme juurde esmaselt vajaliku turva (et kasutaja ei saaks sql süntaksit sisestada), selleks on funktsioon mysql_real_escape_string: http://dijkstra.cs.ttu.ee/~tammet/k8.php
<body>
Algus.
<p>
<?php
$q="";
$c="";
function addcond($fld) {
global $q, $c;
if (isset($_REQUEST[$fld]) && $_REQUEST[$fld]!="") {
if ($c!="") $c=$c . " and ";
$c=$c . " $fld='" . mysql_real_escape_string($_REQUEST[$fld]) ."' ";
}
}
function main() {
global $q, $c;
$con = mysql_connect("localhost","fstudent","student");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("facebook", $con);
$q="SELECT * from users where ";
$c="";
addcond("username");
addcond("name");
addcond("sex");
if ($c=="") {
echo "<p>palun sisesta midagi otsinguvaljadele!<p>";
} else {
$q=$q . $c;
echo "query: " . $q . "<br>";
$result = mysql_query($q);
echo "leitud:<p>";
while($row = mysql_fetch_array($result)) {
echo $row['username'] . " " . $row['name'];
echo "<br />";
}
}
mysql_close($con);
}
main();
?>
<form method="post">
username <input type="text" name="username" autocomplete="off"><br>
name <input type="text" name="name" autocomplete="off"><br>
sex <input type="text" name="sex" autocomplete="off"><br>
<input type="submit">
</form>
<p>
Lopp.
</body>
Siin on näide faili uploadimisest, seda aga redditi praksis vaja ei ole: http://dijkstra.cs.ttu.ee/~tammet/k9.php
<body>
Algus.
<p>
<?php
echo "Hi, I'm a <b>PHP</b> script uploading a file: ";
echo '<br> name ' . $_FILES['userfile']['name'];
echo '<br> type ' . $_FILES['userfile']['type'];
echo '<br> size ' . $_FILES['userfile']['size'];
echo '<br> tmp_name ' . $_FILES['userfile']['tmp_name'];
echo '<br> error '. $_FILES['userfile']['error'];
$uploaddir = '/tmp/uploads/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile);
?>
<form enctype="multipart/form-data" method="POST">
<!-- MAX_FILE_SIZE must precede the file input field -->
<input type="hidden" name="MAX_FILE_SIZE" value="30000" />
<!-- Name of input element determines name in $_FILES array -->
Send this file: <input name="userfile" type="file" />
<input type="submit" value="Send File" />
</form>
<p>
Lopp.
</body>
