Here is the document we were using in class on Jan. 24 (Week 3): MySQL and PHP: Next Steps. To review what we covered:
We downloaded and looked at a gist, read_db.php, which you added to your existing shoutbox project. I explained what all the PHP in the file does and showed you how to alter it so you can change the way the information from the database appears on the web page (in the HTML). All the changes I showed you were in lines 22–37, where a PHP
while loop writes each row from the database query into the HTML. This one file does it all — except that it does REQUIRE the additional file database.php, which you already had from Week 2.
That is all going to be helpful for you in Assignment 2.
We then opened my sockmarket repo and talked about a form page that will write to a database. The HTML is in simple_form.php (see the repo for the file), and the PHP is in another file, simple.php.
As explained in MySQL and PHP: Next Steps, simple_form.php includes some constraints inside the HTML form tags to prevent people from typing more than you want them to type in the form fields. The form includes an HTML form
select menu so that people can’t just type anything in one of the fields (for sock style, e.g. knee-high). Each form field’s tag includes the required attribute so that people must fill it, or else the form cannot be submitted. Making each field required is recommended!
In the file simple.php, we looked at the PHP code that takes the form data after it is submitted and writes it into a new row in the existing table named socks. (The database: sockmarket. The table: socks.) This is also explained in MySQL and PHP: Next Steps.
Exactly like your shoutbox, simple.php relies on database.php (a separate file) to connect to the database (in this case, the database is sockmarket and not shoutbox). Exactly like in your shoutbox, database.php stores the information about the database in a PHP variable named
$conn — and thus a lot of the code is identical if you compare your shoutbox project to my sockmarket project.
Part of your Assignment 2 requirement is to provide a form that lets the user fill the form and add a new row to the database. Together, the sockmarket files simple_form.php and simple.php do that.
The way the file simple.php is set up, SQL prepared statements are NOT used to prevent a SQL injection attack on your databases. It is VERY IMPORTANT to use these correctly to protect your data! We are going to go over the prepared statements when we continue with the document MySQL and PHP: Next Steps next week, starting on page 5 with the file enter.php.
Remember that the good resources to learn more about the
mysqli_ commands are linked under Week 3 on the Course Schedule page, and you should use those resources instead of randomly Googling.
Also remember that lines 9–13 in simple.php depend on the names you used in the HTML tags for your form fields. The text that comes after
$_POST[' must match the name of a particular field in your HTML form.
Here are my two slide decks to review the Khan Academy SQL lessons up to now:
- SQL basics (slides, shown in Week 2)
- More advanced SQL queries (slides, shown in Week 3 — includes a review of Booleans: AND/OR, true/false)