[Tutorial] PHP with MySQL
#1

First of all, I have no clue why my old thread was deleted. I posted it yesterday >.>

Anyways, I'm re-posting it and this is the new version of my newbie "PHP With Mysql" Tut.




In this tutorial I will show you how to make PHP webpages with MySQL.

First off, add the PHP tags:

PHP код:
<?php
?>
Now, Within those tags, connect to MySQL.

PHP код:
<?php
$mysql 
mysql_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD) or die(mysql_error());
mysql_select_db(MYSQL_DATABASE) or die(mysql_error());
//Code will go here.
mysql_close($mysql);
?>
Alright now that we've connected, it's time to do a simple but useful query. Usually people start off with selecting 1 specific thing from a table, I'm going to show you how to make a simple money rank.

PHP код:
<?php
$mysql 
mysql_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD) or die(mysql_error());
mysql_select_db(MYSQL_DATABASE) or die(mysql_error());
$result mysql_query("SELECT `Username`,`Money` FROM `MYSQL_TABLE` ORDER BY `Money` DESC LIMIT 0,10"); //Select what you need to select
while($data mysql_fetch_array($result)) // Make $data an array of the query you just executed.
{
    echo 
"Username: ".$data['Username']" Money: ".$data['Money']."<br>"// Echo the data and add a line after (<br> is a new line)
}
mysql_free_result($result);
mysql_close($mysql);
?>
You can now make a table from that data instead of echoing it.

PHP код:
<?php
$mysql 
mysql_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD) or die(mysql_error());
mysql_select_db(MYSQL_DATABASE) or die(mysql_error());
$result mysql_query("SELECT `Username`,`Money` FROM `MYSQL_TABLE` ORDER BY `Money` DESC LIMIT 0,10"); //Select from database, order by 'Money' and show 0 through 10 results
//Make the table before the results.
echo '
<table border="1">
<tr>
<th>Username</th>
<th>Money</th>
</tr>
'
;
while(
$data mysql_fetch_array($result)) // Make $data an array of the query you just executed.
{
    echo 
"<tr>
    <td>"
.$data['Username']"</td>
    <td>"
.$data['Money']."</td>
    </tr>"
;
}
echo 
"</table>";
mysql_free_result($result);
mysql_close($mysql);
?>
Now maybe your wondering how to make those webpages where you can type your own name, Here's how to do it.

PHP код:
<?php
function Escape($string//Thanks to XFlawless
{
      
$string htmlentities($string);
      
$string stripslashes($string);
      
$string mysql_real_escape_string($string);
      return 
$string;
}
$mysql mysql_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD) or die(mysql_error());
mysql_select_db(MYSQL_DATABASE) or die(mysql_error());
//Make the table before the results.
if(isset($_GET['User'])) // If the PHPFILE has ?User=<texthere>
{
    
$_GET['User'] = Escape($_GET['User']); //Prevent any SQL Injections.
    
$res mysql_query("SELECT `Username` FROM `MYSQL_TABLE` WHERE `Username` LIKE '".$_GET['User']."'");
    if(
mysql_num_rows($res) === 1// Check if there is an account with that username
    
{
        echo 
'User Information for : '.$_GET['User'].'<br><br>';
        echo 
'
        <table border="1">
        <tr>
        <th>Username</th>
        <th>Money</th>
        </tr>
        '
;
        
$result mysql_query("SELECT `Username`,`Money` FROM `MYSQL_TABLE` WHERE `Username` LIKE '".$_GET['User']."'"); //Select Money and Username from the database where username is what's inputted
        
while($data mysql_fetch_array($result)) // Make $data an array of the query you just executed.
        
{
            echo 
"<tr>
            <td>"
.$data['Username']"</td>
            <td>"
.$data['Money']."</td>
            </tr>"
;
        }
        echo 
"</table>";
                
mysql_free_result($result);
        
//I would edit the table a bit and get rid of the Username part.
    
}
    else
    {
        die(
"Error: User does not exist.");
    }
}
else
{
    die(
"Error: You did not enter a Username.");
}
mysql_close($mysql);
?>
In the code above, you must add ?User=namehere to the PHP file (Ex: index.php?User=Coole)


Reply
#2

This is a simple but nice totorial but insecure. Alway's make the connection details in a appart file in a directory that no-one can acces. Else hacking will be just www.thisisyoursite.com/blabla.php > download it read it and get the passwords.
Reply
#3

nielsbon, downloading that file will give you the parsed HTML output
Reply
#4

You cannot see any PHP info from downloading a PHP file, so it is secure. Even if you could download it, you would see the HTML info.

Quote:
Originally Posted by jameskmonger
Посмотреть сообщение
nielsbon, downloading that file will give you the parsed HTML output
He said that seconds before me..


Btw, If you don't know don't speak.
Reply
#5

very nice and usefull
Reply
#6

It is sstill insecure + if you would create something like a php file with the name config.php and would put there the codes in then you can do include_once function. So you dont need to load many times the database connection and shut it down.
Reply
#7

Nielsbon1 you've failed to make a correct statement again, If you load from config file, you cannot close the mysql connection, which is insecure as well.
Reply
#8

PHP код:
$_GET['User'] = mysql_real_escape_string($_GET['User']); //Prevent any SQL Injections. 
This is wrong, hackers can easily implement XSS/CSRF attack into the input.

PHP код:
function Escape($string)
{
      
$string htmlentities($string);
      
$string stripslashes($string);
      
$string mysql_real_escape_string($string);
      return 
$string;

PHP код:
while($data mysql_fetch_array($result)) // Make $data an array of the query you just executed.
{
    echo 
"<tr>
    <td>"
.$data['Username']"</td>
    <td>"
.$data['Money']."</td>
    </tr>"
;

PHP код:
mysql_free_result($result);//Forgot to free the result ? 
PS: This tutorial is full of security holes.
Reply
#9

What will be happened if we do this?

And whats this My SQL as i am a begginer in sa-mp i dont know the meanings i can make some smalll things only.
Reply
#10

Quote:
Originally Posted by coole210
Посмотреть сообщение
Nielsbon1 you've failed to make a correct statement again, If you load from config file, you cannot close the mysql connection, which is insecure as well.
You can always make a "connect.php" and "closeconnection.php" file and then include them.
It's not SA-MP scripting tutorial anyway, like Kwarde pointed out.
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)