PHP Tutorials By Kloplop321 » PHPMyAdmin

PHP & MySQL Tutorial 08: Mysql Login system concept

Kloplop321 — Sat, 13 Mar 2010 04:12:20 +0000

This tutorial goes over the concept of a log in system with MySQL with sessions. (The sources are provided after the jump)
One of my viewers sent me a message on youtube requesting this great example

Dear kloplop321,
I really want to make a php, mysql based game. I have an idea about how I am going to do it. I would just really love some help with the SESSION login. There are tutorials on the internet but I find that they don’t show the full code or stuff like that. So if you would please create a tutorial on it I would apprecitate it. Thanks.

This tutorial naturally has the sources provided.

The following videos(2) go over the concept of a login system in PHP while using sessions(to maintain the login status) and MySQL(a database that holds the information). I first go over how to make

the login page
the table in the database
a user through PHPMyAdmin _{[the next tutorial will likely go over registering users]}
code how to validate that user and if they are validated
if so, set the session information
if acceptable, they can go to a “members only” page _{[which only allows identified people in]}
a way to log out

Again: this tutorial is pretty much a walk-through in concept of a mysql login system.

Part 2 (the most important) and the sources after the jump.

And now the sources.
include.php

session_start();//start the session //now to do the MySQL connection. $link = mysql_connect('localhost', 'phpuser', 'phppass'); if (!$link) { die('Could not connect: ' . mysql_error()); } //WE NEED to select the database! mysql_select_db("tutorials_login");

?>

index.php

include("include.php"); //see if the person is trying to log in now.. if(isset($_REQUEST['sub'])){ $username = trim($_REQUEST['username']); $password = trim($_REQUEST['password']); //make it safe to see if in the table $username = mysql_real_escape_string($username); $password = md5($password); //time to query $sql = "SELECT * FROM `users` WHERE username = '$username' AND password = '$password'"; $result = mysql_query($sql); $exists = false; $userid = -1; while($row = mysql_fetch_array($result)){ $exists = true; $userid = (int)$row[0]; break;//get out of the while loop } if($exists){ $_SESSION['isin'] = 1; $_SESSION['userid'] = $userid; }else{ echo "You got something wrong, try again\n"; //echo $sql; } }//chopsuey


//detect if logged in via variable in the session
if($_SESSION['isin'] == 1){
    //we are logged in.
    echo "Hey there, you seem to be logged in,
    Would you like to go to the Members Only area? Or would you want to
    log out?";
}else{
    //show the login prompt
    ?>
    
        Username 
        Password  
        
            
    
    }
?>

logout.php

session_start(); session_destroy(); header("location: index.php"); ?>

membersonly.php

include("include.php"); if($_SESSION['isin'] == 1){ echo "Hey there "; $sql = "SELECT * FROM users WHERE id = ".$_SESSION['userid']; $result = mysql_query($sql); $info = null; while($row = mysql_fetch_array($result)){ $info = $row; } echo $info['username'];//hey there pickles echo " Would you like to go back? "; }else{ //you don't belong here, kick back to the index header("location: index.php"); } ?>

Also a tid bit of information: I did this in Linux, and I recorded it in 1080p HD!

MySQL and PHPMyAdmin Introduction with PHP 07: A basic Guestbook

Kloplop321 — Mon, 15 Feb 2010 16:05:36 +0000

This is pretty much a basic “How to” for making a very basic guestbook that uses a database instead of text. I go over everything from making the database to the table, the html form and actual posting. If you watch this video you will pretty much see the basic idea of what a guestbook is, how they work, and how to make a basic one yourself.

This video has two parts, so to understand fully, please watch both.

Part 2 and the source after the jump

$link = mysql_connect('localhost', 'phpuser', 'phppass');
if (!$link) {
    die('Not connected : ' . mysql_error());
}else{
    //echo "I am connected. ";
}

// make foo the current db
$db_selected = mysql_select_db('guestbook', $link);
if (!$db_selected) {
    die ('Can\'t use guestbook DB : ' . mysql_error());
}
$name = trim($_REQUEST['name']);
$comment = trim($_REQUEST['comment']);
if(strlen($name)> 0){
    if(strlen($comment)> 0){
        $name = mysql_real_escape_string($name);
        $comment = mysql_real_escape_string($comment);

        $sql = "INSERT INTO `guestbook`.`entries` (
`ID` ,
`name` ,
`date` ,
`comment`
)
VALUES (
NULL , '$name', UNIX_TIMESTAMP( ) , '$comment'
);";
mysql_query($sql);
    }else{
        echo "You did not put in a comment.";
    }
}else{
    if(strlen($comment)> 0){
        echo "you got a comment, but not a name;";
    }
}
$sql = "SELECT *
FROM `entries` ORDER BY `ID` DESC
LIMIT 3";
$result = mysql_query($sql);
while($row = mysql_fetch_array($result)){
    echo $row['name']." Said: ".$row['comment']."

";
}
?>
<form action="?" method="post">
Name:
<input type="text" name="name" /><br />
Comment: <br />
<textarea name="comment">textarea><br />
<input type="submit" value="Submit" />
form>

PHP Tutorial: Databases in general

Kloplop321 — Sun, 14 Feb 2010 08:00:16 +0000

Developers often use the handy features included with databases to create solutions in PHP for what ever needs to be satisfied. Databases have functions like quickly matching data to Identifications, searching large sums of data, holding user information and much more that developers can utilize. There are many ways to use a database, or in this case, to interface with a database. Most databases use a rough standard of a Structured Querying Language, which is like code that the SQL server or application interprets. In PHP, developers have the following options to interface with a database:

Some of these methods use the same database type, such as MySQL and Mysqli. However I will only be focusing on the most common methods, which incude MySQL, SQLite, and OBCD.

Most PHP developers use MySQL due to its support, popularity, cross-platform, and universal capabilities. It is not proprietary like Microsoft Access Databases, and it has a really handy tool called PHPMyAdmin.

SQL looks like this

INSERT INTO My_table
(field1, field2, field3)
VALUES
(‘test’, ‘N’, NULL);

In PHP, we can wrap this in double quotes like so

$sql = "INSERT INTO My_table
 (field1, field2, field3)
 VALUES
 ('test', 'N', NULL);";

and then execute it with what ever database method we choose.

MySQL:
mysql_query($sql);
SQLite:
sqlite_query($db,$sql);
OBCD:
odbc_exec($db, $sql);

As I have only had personal experience with two of the above, I will not cover OBCD any more than the above.

Back to MySQL and SQLite:
Both MySQL and SQLite require an initiation at the beginning of each script execution. In MySQL’s case an example would be:

$link = mysql_connect('localhost', 'mysql_user', 'mysql_password'); if (!$link) { die('Could not connect: ' . mysql_error()); } echo 'Connected successfully'; mysql_close($link); ?>

The mysql_connect function is what initiates MySQL for use in future code execution. The $link variable in this example can be used in almost all mysql_* functions in the case of multiple connections (Which I do not recommend). If a developer wants to manually close the connection, they may do so by using mysql_close() which terminates the connection and frees the MySQL server’s resources.

For SQLite, we are using a local file instead of a server. Essentially, PHP, or rather the SQLite plugin for PHP handles the SQL execution and data manipulation. This is a great solution if a developer wants to make backups easily through more direct measures. Also, if a developer is in a situation like I am in with my school’s server, then this is a great solution. If you don’t care to understand my situation, skip to the next paragraph. My situation was where the Web Hoster (will remain un-named, for they do not deserve to be advertised) had it so there was no “localhost” mysql connection, but rather a single server dedicated for MySQL execution. Great idea in theory if you want to make use of idle hardware, but in reality it is horrid. My pages were stuck with a 2(rare) to 40 second (most common in the middle) delay because it had to wait to connect to the central server. This obviously would not do, so I tried to find a file-based solution without having to make my own with CSV and other hacked-up jobs. The result: instant execution, no noticeable delay.

SQLite, as aforementioned, uses a file as the database. SQLite has both its pros and cons.

Pros:

Fast
Simple
Not heavy on server load
Easy to copy

Cons:

People from the “other side” can download it if you put it in a public folder
It can be erased without a trace
it isn’t as flexible as MySQL

I prefer to MySQL because of PHPMyAdmin, but I can deal with SQLite thanks to this conversion code I came up with (Not bi-directional, only MySQL to SQLite)

$link = mysql_connect(‘localhost’, ‘USER’, ‘PASS’);
mysql_selectdb(“DB_NAME”);
$name = “TABLE_NAME”;
$sql = “SELECT *
FROM `$name` LIMIT 1″;
$res = mysql_query($sql);
$row = mysql_fetch_array($res);
$cols = mysql_num_fields($res);
$sql = “SELECT *
FROM `$name`”;
$res = mysql_query($sql);
$rowsdone = 0;
if ($db = sqlite_open(‘SQLITE_FILE_LOCATION’, 0666, $sqliteerror)) {
$res = mysql_query($sql);
while($row = mysql_fetch_array($res)){
$sqli = “INSERT INTO $name VALUES(“;
for($x = 0; $x < $cols; $x++){
$sqli .= “‘”.sqlite_escape_string($row[$x]).”‘”;
if($x != $cols -1){
$sqli .= ” , “;
}
}
$sqli .= “);”;
$result = sqlite_query($db,$sqli);
if(sqlite_last_error($db) != 1){
echo sqlite_error_string(sqlite_last_error($db)).”\n”;
//echo strip_tags($sqli);
echo “
\n “;
}
}
} else {
die ($sqliteerror);
}
?>

The above script is only for transferring rows not for adding the tables to SQLite.

As seen above, in order to “connect” or open the SQLite Database, we use the line:

if ($db = sqlite_open(‘SQLITE_FILE_LOCATION’, 0666, $sqliteerror)) {

0666 being the permissions code (no reference to satanic anything).

One note is that in MySQL, a developer would use mysql_real_escape_string to prepare strings for data entry, however in SQLite, a developer would use sqlite_escape_string (not the missing “real_” as there is no function named that).

A developer can use MySQL SQL in SQLite with a few adaptations:

A developer may not:

use ` in the SQL
use fieldnames that also are keywords like order, by, count, etc…

(I doubt that my suggestion is full and complete)

My method is to make everything through PHPMyAdmin, export it without comments, and use the table creation section in SQLite.

SQLite functions and MySQL functions are nearly interchangeable with just a text replacement and SQL checking, so I will from now on only cover MySQL (with possible exceptions).

A developer can make a database in MySQL with “CREATE DATABASE `DB_NAME_HERE` ;" and then in php select that database for future use through

mysql_selectdb(“DB_NAME_HERE“);

Next, if a developer so desire, he may create a table with SQL like the following

CREATE TABLE `DB_NAME_HERE`.`tablename` (

`id` INT( 8 ) UNSIGNED NOT NULL AUTO_INCREMENT ,
`description` TEXT NOT NULL ,
PRIMARY KEY ( `id` ) ,
INDEX ( `id` )

) ENGINE = MYISAM ;

Now that this intangible developer has a table, he can put information in like so:

INSERT INTO `DB_NAME_HERE`.`tablename` (

`id` ,
`description`

)
VALUES (

NULL , ‘Beans do not taste like fruit.’

);

A developer can use NULL as a value when the field has a default value or has an auto_increment property (like above).

Because I have set the id to be a primary key and index, there can be no duplicate keys(or identifications) in this table. Any developer who tries to force it will get an error.

If a developer is having an error in his code, he may use

echo mysql_error();

to find out what is wrong. In SQLite’s case he would need to use

echo sqlite_error_string(sqlite_last_error($db));

to find out what is wrong. In SQLite it isn’t as descriptive, so it takes more effort to find out what the issue is.

Next, in order to get information, a developer can do

$sql = “SELECT * FROM `TABLE_NAME`”;

$result = mysql_query($sql);

and there are various ways to get the information like

while($row = mysql_fetch_array($result)){

while($row = mysql_fetch_assoc($result)){

Either may be used, but I prefer array to assoc.

Next, the developer can get the information row by row by using the variable $row in this case

while($row = mysql_fetch_array($result)){

print_r($row);

}

The above code will print out the array that the mysql_fetch_array function returns for every row that is in the $result.

A Developer may also update a row by referring to an identification in the SQL as such

UPDATE `DB_NAME`.`tablename` SET `description` = 'Beans do not taste like fruit. Yet they are supposed to be magical...' WHERE `tablename`.`id` =1;

MySQL can also be compounded in terms of having multiple inserts (not selects) and updates, but they must be separated by a “;” and usually a new line.

If a developer would like to know if his current php interpreter has database connection functionality, use phpinfo(); and go to the page in the browser and search for “sql”. In my case, I have “–with-mysql” and “–with-sqlite” in my “Configure Command” section near the top.

This is only an introduction to the core and most useful features of Databases using Sequential Querying Languages. Further reading can be done at mysql.com php mysql sqlite.org and php sqlite.

MySQL and PHPMyAdmin Introduction with PHP 06

Kloplop321 — Wed, 10 Feb 2010 19:51:16 +0000

Want to dump your database? This video goes over the export feature of PHPMyAdmin which allows you to create and save file dumps of your database. You can use these dumps to make a duplicate database or update a pre-existing database. Or simply to backup regularly in case of database failure. I also marginally go over importing and how to import.

MySQL and PHPMyAdmin Introduction with PHP 05

Kloplop321 — Sat, 26 Dec 2009 16:39:58 +0000

In this tutorial I go over deleting rows, not only in PHPMyAdmin, but in PHP as well. Once rows are deleted, they are not coming back. On the side note, it is good to use something that is unique to every row when modifying them or deleting them. Otherwise you can delete anything that matches the name being “orange” and delete two rows. This is why I usually always have an ID field in my rows.
This video tutorial goes over how to select rows from a database in PHPMyAdmin and then in PHP and then process the rows individually. Also this goes over ordering(ORDER) and limitation(LIMIT) in the SQL.
You can find this tutorial video on youtube here.
Source used after the jump;

php
$link = mysql_connect('localhost', 'phpuser', 'phppass');
if (!$link) {
    die('Not connected : ' . mysql_error());
}else{
    //echo "I am connected. ";
}

// make foo the current db
$db_selected = mysql_select_db('test', $link);
if (!$db_selected) {
    die ('Can\'t use test : ' . mysql_error());
}
if(isset($_REQUEST['del'])){
    //DELETE FROM `test`.`tableish` WHERE `tableish`.`ID` = 3
    $id = (int)$_REQUEST['del'];
    $sql = "DELETE FROM `tableish` WHERE `ID` = $id";
    mysql_query($sql);
}
$sql = "SELECT * FROM `tableish` ORDER BY `tableish`.`ID` ASC";
$result = mysql_query($sql, $link);
if(mysql_num_rows($result) > 0){
    while($row = mysql_fetch_array($result)){
        echo $row['name']."\"?del=".$row['ID']."\">Delete this row
\n";
    }
}

?>