Webcodez - The database of web programming tutorials » MySql

PHP Tutorials – The Roundup

antiSigma — Tue, 18 May 2010 16:11:58 +0000

In this article I will speak about PHP programming language and try to make it clear for every newbie which wants to start learning php. But, for beeing able to start learning this computer programming language, you should start by understand what is this and what is doing.

Well, PHP is a server-side programming language : server-side? means that the code is interpreted at level of the PHP engine installed on the web server. PHP is open-source (free at no cost). Beeing free of charge makes it very popular and I would say easy to use.

Where can be used php? Everywhere on the web, and I think desktop application can be coded too with the GTK feature but I dont know much about it so I will stop here talking about this. On the other side, for the web application development, you can build dynamic websites, database driven websites (for example MySQL, PostreSQL, etc.), diverse web forms like a contact form which will insert the infos into database system or send details entered in the form to a specified email address, etc.

How do you start the ball rolling? Well, please start reading introductory tutorials on php official website, then get a project in mind and try finding requirements needed for this project. This is the best way to learn : by practicing, not just reading tons of borring tutorials.

Once you got a project in mind, you will definitely need a php engine to be able to execute the code. How do you make this? Simply install a webserver like apache, add php server to this and mysql database engine. You’ll find a lot of documentation to help you doing this or there are a lot of ready made packs wich includes, php, apache, phpmyadmin, mysql, etc for example easyphp web server or xampp. They’re free and easy to install.

The second thing is to register at specific forums, where you can get support and help from the php gurus, because you really need fast help when errors will occure, and by the way, trust me you’ll encounter a lot of “strange” errors at the begining, which later will become just a routine.

And lastly, do not forget to get a nice code editor with code colloring, code auto-completion feature is very important too which will make developing faster. My tip here is to use Zend IDE (the php company) which is the best and includes mentioned features. Also, Adobe Dreamweaver is not bad, you can use that too which is nice for html/css client side scripting. I assumed that you already know html at least, it is very recommended to know it to make things clear in programming.

And, for the begining this should be enough for a novice to begin to learn php programming language at the basic level. Later, with the time and projects which are mandatory for progress, you’ll get experience and will advance maybe to OOP (object oriented programming) which is another thing important.
Good luck in learning!

Users Online ( Part 1 & Part 2 )

admin — Thu, 21 Jan 2010 14:56:24 +0000

Part 1

In this tutorial we’ll be creating a users online system which shows the current users online on a certain page. This can be done either by using files to save the data in or database. We’ll be using the second method to save the user online data: a database ( -table ). So let’s start by creating the database and table that will contain the users online data. In this example we call the database ‘test’ and the table ‘online’ – this table will require the following fields:

* timestamp – the time in seconds – counted from UNIX timestamp – when the user viewed the page
* IP – the IP of the user that’s online
* username – the username of the user if logged in ( otherwise: guest )
* location – the page the user is viewing
* loc_title – the name of the page the user is viewing

You can create them manually or use this SQL (import):

CREATE TABLE IF NOT EXISTS `online` (
  `timestamp` int(250) NOT NULL,
  `IP` varchar(50) NOT NULL,
  `username` varchar(15) NOT NULL,
  `location` varchar(250) NOT NULL,
  `loc_title` varchar(25) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

Now what we basicly need to do, is add a row to this table each time a user views a page and delete rows that are old ( say from 5 minutes ago ). Then we only show the users that got atleast one row remaining in the ‘online’ table ( unique IP, so it only counts the same user ( same IP ) once ). Therefor we need to set a few variables:

We set a variable $time containing the current timestamp in seconds using the function timestamp. Then we set the variable $timeout to an amount of seconds ( 3000 in this example = 5 min. ) and create a variable $out which contains the current timestamp ( $time ) minus the timeout in seconds ( $timeout ). So in this case it contains the timestamp of 5 minutes ago. We’ll use this to delete all user rows that were created earlier than 5 minutes ago. So we only will keep the users that have still been active in the last 5 minutes. We’ll use a simple mysql query to do this:

"DELETE online WHERE timestamp < '$out' "

We use the DELETE query type to delete the rows of the table 'online'. But only the ones ( WHERE ) with a timestamp smaller than the timestamp in $out ( timestamp < $out ). Which is equal to the timestamp 5 minutes ago. We'll need to make a host and database connection first using mysql_connect and mysql_select_db. Then we'll use mysql_query function to execute our query.

mysql_connect("localhost", "root"); //host, user(, password)
mysql_select_db("test");

mysql_query("DELETE online WHERE timestamp < '$out' ");

Ok so now we know all rows in the table 'online' are from IPs (users) that still have been active in the last 5 minutes ( the timestamp of the rows/userlogs is > timestamp 5 minutes ago ). Now we'll add a row for the user that is currently viewing this page. We'll use a simple INSERT query for this but first we'll need to set the user IP and username. Define it how you want to. We'll take for example that $_SESSION['username'] contains the username of a LOGGED IN user. So we check if it's there, if not: user default 'guest' username.

if($_SESSION['username'] AND !empty($_SESSION['username'])) {

     $username = $_SESSION['username']; //username is the username of user logged in

}else{

     $username = "guest"; //not logged in, so guest

}

The IP of the user is stored inside the SERVER array - variable 'REMOTE_ADDR':


$IP = $_SERVER['REMOTE_ADDR']; //= user IP

Now only last are the location url and name. The location we can simply set to $_SERVER['PHP_SELF'], as used in other tutorials as well. This contains a simple path to the current file been viewed. The location name you can set to anything like: "Homepage", depending on what page you insert this code.

So now we've defined all variables needed to add a new user online log:


if($_SESSION['username'] AND !empty($_SESSION['username'])) {

     $username = $_SESSION['username']; //username is the username of user logged in

}else{

     $username = "guest"; //not logged in, so guest

}

$IP = $_SERVER['REMOTE_ADDR']; //= user IP

$loc = $_SERVER['PHP_SELF'];

$loc_name = "Homepage";

Now we can use a simple INSERT query to make it add the user online log ( row ):

"INSERT INTO online(timestamp, IP, username, location, loc_title)VALUES('$time', '$username', '$IP', '$loc', '$loc_name') "

We simple insert the data: $timestamp for the field 'timestamp', $IP for 'IP', $username for 'username', $loc for 'location' and $loc_name for the field 'loc_title'. Again use the mysql_query function to execute our query:

mysql_query("INSERT INTO online(timestamp, IP, username, location, loc_title)VALUES('$time', '$username', '$IP', '$loc', '$loc_name') ");

Ok, so we're now ready to get all users online/active in the last 5 minutes. We'll use a SELECT query to do this. To select all users we'll need to select all IP addresses but only UNIQUE ones once, so instead of using "SELECT field_name" we use "SELECT DISTINCT(field_name)":

"SELECT DISTINCT(IP) FROM online"

No need to add a WHERE clause part as we are sure all these rows in the table are from users active in the last 5 minutes. W removed old ones and added one for the viewing user. This time we put the query into the mysql_query function but as well in a variable because we'll be using it to count the amount of users online found.

$select_users = mysql_query("SELECT DISTINCT(IP) FROM online");
$users_on = mysql_num_rows($select_users);

We use the mysql_num_rows function to count the rows found by the $select_users query.

So now we can already show how many users are online, great!
We simply display the number of $users_on.

Let's put it all together!

Last but not least we use an if-loop to check if there's only 1 user online. Because if so: we need to use the word 'user' instead of 'users'

That's the end of the simple users online tutorial part 1 , in part 2 we'll be creating a list of the users that are online ( names and link location ).

Part 2

In the previous part we've made a system that shows the current amount of online users:

Now beside showing how many total users are online, we'll also show how many members and how many guests are on. We'll aswel add a list of the members that are online. Let's start with the first thing: showing how many guests and members are online. Therefor we need to change this part of the code:

$select_users = mysql_query("SELECT DISTINCT(IP) FROM online");
 $users_on = mysql_num_rows($select_users);

 if($users_on == 1) {

    echo "1 user online";

 }else{

    echo $users_on." users online";

 }

Which selects all unique users by IP. We could make it 2 queries, where one selects all guests online ( WHERE username = 'guest' ) and the other one selects all members ( WHERE username != 'guest' ). But this way it could select one user double ( as both queries select unique IPs for THEIR query ). For example when a user just logged in, the old userlog row ( when he was 'guest' ) is selected in the first query and the new one ( where he is logged in ) is selected with the second query. So this way it could double select one user. So therefore we'll still use ONE query which can only select one user once ( because of the DISTINCT (IP) in only one query with same where clause (none) ). We'll need to get the data (username) from the query though and we need to select the username therefore as well:

$select_users = mysql_query("SELECT DISTINCT(IP), username FROM online");
$users_on = mysql_fetch_assoc($select_users); //all users
$guests = 0;
$users = 0;

while($user_on = mysql_fetch_assoc($select_users)) {

  if($user_on['username'] == "guest") {
     $guests += 1;
  }else{
     $members += 1;
  }

}

Ok let's go through the code. We start with the variables $guest and $members. These will contain the amount of guests and the amount of members logged in. We use the query now to as well select the username of the logged in users. Then for each logged in user found, the username is stored in $user_on['username']. As we used mysql_fetch_assoc to put the found rows of the query into $users_on['field_name']. For each row. Then inside the while loop we made it check if the username is 'guest' of the found row ( user online ) or not. If it's a guest, the variable $guests ( containing the amount of guests online ) will be increased. Otherwise it's a member who's logged in/online, so the variable $members will be increased by one. Now we can show the amount of members and guests online:

//show total users on:

if($users_on == 1) {
   echo "1 user online: ";
}else{
   echo $users_on." users online: ";
}

//show guests on:

if($guests == 1) {
   echo "1 guest online, ";
}else{
   echo $guests." guests online, ";
}

//show members on:

if($members == 1) {
    echo "1 member online";
}else{
   echo $members.' members online";
}

We done it the same way as before ( when we shown all users online) but now for both the guests and members, and the total users online (which is same as $guests+$members, or just $users_on which we used in the previous script too).

Ok, now we're going to show the USERNAMES of the members online. Therefor we'll need to make another array variable for which we'll add the username into a sub-variable of the array, when a new MEMBER online was found. We need to do this inside the while loop, which handles the data ( IP and username ) of the rows ( users online) found:

$usernames = array(); //array will be containing all usernames online found

while($user_on = mysql_fetch_assoc($select_users)) {

  if($user_on['username'] == "guest") {
     $guests += 1;
  }else{
     $members += 1;
  }

}

We created an array $usernames beforehand which we'll create a sub-variable for each time a new member online was found ( username will be stored ). This is the case when $username != "guest", which is the 'else' part of the loop. We know the data found is put in $user_on['field_name'], so the username would be set in $user_on['username']. So to add the username to our array we simply do this:

$usernames[] = $user_on['username'];

$usernames[] means it automaticly adds a new index ( new sub-variable ) to the array $usernames, and $user_on['username'] contains the username of the member found. As mentioned before we need to add this to the else part of the loop:

$usernames = array(); //array will be containing all usernames online found

while($user_on = mysql_fetch_assoc($select_users)) {

   if($user_on['username'] == "guest") {
      $guests += 1;
   }else{
      $members += 1;
     $usernames[] = $user_on['username'];
   }

 }

Ok, so now we'll have an array $usernames containing all usernames of members online found. The usernames are stored like this:

$usernames[0] = "username of member #1 found";
$usernames[1] = "username of member #2 found";
... etc ...

This is because we used $usernames[] to automaticly number the sub-variable index ( if the previous one was 0, then the next one will be 1 ).

We'll now use a foreach loop to get all values of the sub-variables ( usernames ) in $usernames:

foreach($usernames as $name) {

    echo "

 ".$name." 

 ";

}

What it simply does is for each sub-variable of the array $usernames, it puts the value into $name and shows it. In other words: it shows all usernames found of members online.

Ok let's put it all together!

 ".$name." 

 ";

}

?>

Cheers,
Admin.

Basic Login System

admin — Wed, 20 Jan 2010 14:53:57 +0000

In the previous tutorial we’ve been making a register system. In this tutorial we’ll be creating a login system for it, where members can login to your website and for example get access to a members area of your website. We’ll basicly be using SESSION variables in this tutorial to save the login session of a member but you could also change all sessions into cookies.

Again we start with a form:



... form login fields ...

The form method we use is the same as for the register system: POST. We use the same page to handle the login attempt so we make it go to ( action ) $_SERVER['PHP_SELF'] which equals the current page/file. So all user data will be send into $_POST['field_name'] variables to the same page ( itself ).

Now we’ll add the form fields, which for the login system are just the username and password fields and a submit button.

So once the user submits the form by clicking the submit button, the $_POST array will be created containing:

$_POST['username'] which equals the username filled in
$_POST['password'] which equals the password filled in
($_POST['submit'] which equals ‘log me in!’)

As we’re going to make it handle the login in the same page, we’ll need to make an if loop. This if loop will check if the form has been submitted already ( does $_POST exist? ). If so, it will handle the user filled in data which is stored in this $_POST array as explained above. If not, it will show the form as the user has not submitted it yet.

We can already fill in the form in the else part of the loop ( when $_POST does not exist yet ).

We nicely seperate the HTML code from the PHP code by first closing the php tag ( ?> ) and then re-opening it after the HTML code (

Move on to the part of the if loop that occurs when the user did submit the form. First we need to make it connect to the database. We’ll take as example the database and table we created in the register system tutorial.

mysql_connect('localhost', 'root'); //like: 'host','user','pasword'
mysql_select_db('test'); //'database'

Let’s check whether there the login was valid. To do this we use a mysql_query and a mysql function. We assume there’s a table called ‘accounts’ with the fields id, username, password. It could be called anyhow as long as you’ve created it correctly in the database as well. Have a look at the query first:

"SELECT id FROM accounts WHERE username = '".$_POST['username']."' AND password = '".$_POST['password']."' "

What it simply does ( well, tries to do ) is select a row ( to be exact the field ‘id’, doesn’t really matter what field though ) from the table ‘accounts’ that has the same value for the field ‘username’ and ‘password’ as the user filled in ( $_POST['username'] and $_POST['password'] ). In other words: it tries to select an account with the same username and password the user filled in. We’ll put it into a variable and make it a query using the mysql_query function. Also we’ll use mysql_real_escape_string again to secure the user input.

$check_account = mysql_query("SELECT id FROM accounts WHERE username = '".mysql_real_escape_string($_POST['username'])."' AND password = '".mysql_real_escape_string($_POST['password'])."' ");

Now we aren’t going to actually retrieve the data the mysql query returned ( we aren’t even sure if the account actually exists ). We’ll instead use mysql_num_rows to check if there was any row returned by the query.

$check_account = mysql_query("SELECT id FROM accounts WHERE username = '".mysql_real_escape_string($_POST['username'])."' AND password = '".mysql_real_escape_string($_POST['password'])."' ");

$check_account1 = mysql_num_rows($check_account);

$check_account1 now contains a number indicating the amount of rows it found with the query. When it found any rows ( so when $check_account1 contains a number greater than 0 ) the account exists. It found a row that has the same username and password as the user filled in. If not: there wasn’t any row ( any account in this case ) with the same username and password as the user filled in. So we can just make another if loop which checks if the account exists ( $check_account > 0 ).

 $check_account = mysql_query("SELECT id FROM accounts WHERE username = '".mysql_real_escape_string($_POST['username'])."' AND password = '".mysql_real_escape_string($_POST['password'])."' ");

$check_account1 = mysql_num_rows($check_account);

if ( $check_account > 0 ) {

    echo "Logged in!"; //account exists, show logged in message

}else{

   echo "Invalid login."; //account doesn't exist, show error message

}

Great, now it checks whether an account with the user filled in data exists. But we also want it to remember the user’s login, in a session. We’ll make it create a session called ‘logged’ to do that.

$_SESSION['logged'] = true;

Which contains a boolean value indicating the user is logged in. Though this isn’t enough, we also need to make a session that contains the username or userid of the user logged in. I prefer using the user’s ID to determine what account is logged in as each user account has its own unique ID.
To get the user account’s ID, we’ll use our previous query which actually selected it. However we first used it only to check if it existed. We’ll now actually retrieve the data ( user id ) of the query using the mysql_fetch_assoc function. We don’t need to use a while loop because we know it should be only 1 account that the query selects.

 $user = mysql_fetch_assoc($check_account); //get the row data the query returned
  $userid = $user['id']; //get the value of the field 'id' of the row the query returned
$_SESSION['userid'] = $userid; //put it into a session

And we created all our sessions required to make a user loggin! Let’s put it all together now.

File: login.php

  0 ) {

    echo "Logged in!"; //account exists, show logged in message

   $user = mysql_fetch_assoc($check_account); //get the row data the query returned

   $userid = $user['id']; //get the value of the field 'id' of the row the query returned

   $_SESSION['userid'] = $userid; //put it into a session

}else{

   echo "Invalid login."; //account doesn't exist, show error message

}

 }else{

 ?>

Holdon, you might have noticed we did not use the session_start function yet, so we wouldn’t be able to use our sessions! Added it on the top of the page ( always! ).

Now the basic login page is done. We’ve now come to the part of ‘how to use the login?’. Well, we know that if a user is logged in, a session called ‘logged’ is created and set to true ( ALWAYS, for all users that log in ). So we simply check if this session was created and equal to true, to check if a user is logged in:

file: sample_members_area.php

You could also add this to the login page. Also needed is to use the user id to get all info of the user. To do this we can use another mysql SELECT query just like we done to get the user id, but now for the username, password, email or any other field.

"SELECT username FROM accounts WHERE id = '".$_SESSION['userid']."' "

We now for example select the username of the user account with the id stored in the session ‘userid’, which equals the id of the user logged in.So it selects the username of the logged in user.We can again retrieve the data using mysql_fetch_assoc. Also remember to put the query into the mysql_query function to execute it.

$username = mysql_query("SELECT username FROM accounts WHERE id = '".$_SESSION['userid']."' ");

$username = mysql_fetch_assoc($username);

$username = $username['username']; //yeah bit weird names chosen, I know

So you could greet the user with:

echo "Hi there ".$username."! 
 Long time no see!";

End results:

File: Login.php

   0 ) {

     echo "Logged in!"; //account exists, show logged in message

   $user = mysql_fetch_assoc($check_account); //get the row data the query returned

   $userid = $user['id']; //get the value of the field 'id' of the row the query returned

   $_SESSION['userid'] = $userid; //put it into a session

 }else{

    echo "Invalid login."; //account doesn't exist, show error message

 }

  }else{

  ?>

File: Members_area.php

 Long time no see!";

}else{

   include("login.php"); //include the login page

}

?>

Cheers,
Admin.

Basic Register System

admin — Wed, 20 Jan 2010 14:41:48 +0000

In this tutorial we’ll be creating a register system in which people can create their own account. It’s a basic register system which uses some mysql functions to insert data into the database (create the account), loops and some PHP functions to handle the POST variables. We’ll start creating our register page with a form in which the user can fill in the info for his or her account.

File: Register.php



... form felds ...

We start by creating the form itself. The attributes we set are method and action. Method is used to define how the data (text filled in the form fields) should be transferred. We use the POST method, which will store all data filled in by the user into $_POST variables. The action is set to the page where it should go to when the form is submitted. We set it to $_SERVER['PHP_SELF'], which is equal to the current file. So after the user completes filling in our form fields and submits the form, it will put all filled in data into $_POST variables and send it to itself (go to the same page).

Let’s add some form fields to the form, which the user needs to fill in to complete the registration.



*Username:
 


*Password  :
 


*Repeat Password: 
 


*Email:

We simply added 4 fields using basic HTML input tags and a submit button to submit the form. These four fields need to be filled in by the user in order to create his/her account. They may not be left empty: the username, password and email. We also created a “repeat password” field, which we use to verify the user filled in password. The name we give each input field is important because for each input field, a POST variable will be created once the user submits the form. The POST variable created for a certain field is $_POST['field_name'] and will contain the value the user gave to that field (filled in for that field). In this way all values of the fields will be submitted using POST variables. We will use these variables to check if the user filled in all fields (if they aren’t empty) and if the form has been submitted at all.

To actually create the account we’ll be storing the filled in values for the fields, into a database. Let’s create a database called “test” and a table called “accounts” which contains 4 fields ( equal to the amount of fields that are filled in for the form plus one ID field which is unique for each member ( password and repeat password should contain one and the same value so are of course just stored in one field: password ) ). If you are not sure how to do this you could also import the SQL code :

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
CREATE DATABASE 'test' DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci;
USE 'test';
CREATE TABLE IF NOT EXISTS 'accounts' (
  'id' int(250) NOT NULL AUTO_INCREMENT,
  'username' varchar(20) NOT NULL,
  'password' varchar(20) NOT NULL,
  'email' varchar(50) NOT NULL,
  PRIMARY KEY ('id')
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

Now we’ll create a loop to check if the user has already submitted the form. Which is the case when all fields data have been stored into $_POST variables. In other words: if the $_POST variables exist – the form has been submitted. This doesn’t mean all fields have been filled in though, because the $_POST variables could also be empty, but they are created ( as the user submitted the form).

This is how our loop looks like. Now we can already fill in our form which we just created and to check if the form has been submitted we just check if $_POST variable exists:





*Username:
 


*Password  :
 


*Repeat Password: 
 


*Email:

Only thing last is to check all fields and create the account if valid. As mentioned before, once the form has been submitted, all field values have been stored into $_POST['field_name']. So to check if all fields have been filled in, we just need to check if all $_POST variables aren’t empty. To do this we are going to use a foreach loop to make it easier. We could also just check all $_POST variables like: $_POST['username'] and $_POST['password'], etc.. But this is an inefficient way to do it, as when you add a new form field, you would need to add it to the loop as well ( check that field too ). Beside that it just can be done much easier and faster than checking all fields manually. The foreach loop will check all fields and values the same way. Let’s just have alook at the loop code:

foreach ( $_POST as $key => $value ) {

    if ( empty($value) )

        $errors .= "Field '".$key."' has to be filled in. 
 ";

    }else{

        ... check if filled in values are valid ...

    }

}

Ok, let’s go through this code. What it basicly does is check all sub-variables of the array $_POST ( which are all fields ) and store the name of them in $key and the value of them in $value. As for each field a sub-variable for the array $_POST has been created, it will check each field. $key will contain the name of the field and $value the value ( filled in by the user ). Then we use an if loop to check if the value of the field is empty: we use the function empty to do this. If it’s empty, we’ll add text to a variable called $errors. This variable we use to store all errors into if any. This way we can also check if there are any errors at all by checking if the variable $errors contains anything: if not, the user filled in all fields correctly and we can create the account. Otherwise it should show the errors ( echo $errors ).

Now there’s one more part of the if loop that needs to be done: the part where it checks if the values filled in are actually valid. This part runs when the $value was not empty. We’ll use a function preg_match for this. What we basicly do is check if it contains the characters that are allowed ( which are basicly: numbers, spaces and alphabetical characters ). The function works like this:

preg_match("/[...pattern that needs to be matched...]/", $value_to_check)

In our case the pattern is equal to all numbers, spaces and alphabetical characters as mentioned above. The value to check is the filled in value of the field, which is stored in $value as as well mentioned above. This makes us end up with the following code:

        If ( !preg_match("/[0-9A-Za-z -_]/", $value) )
            $errors .= " Field '".$key."' has been given an invalid value. 
";

All numbers are 0-9, all capital alphabetical characters are A-Z and all normal alphabetical characters are a-z, and we also allow the – and _ symbols to be used. Now we check if the value filled in for the current field ( stored in $value ) does NOT match this pattern . Which is the case when it contains any other symbols/characters than the ones given in the pattern. We use the ! symbol for that, which means simply: NOT. In that case we add an error to the $error variable ( the field is not filled in correctly, using inappropriate characters ).

Let’s put it all together.

 $value ) {

        if ( empty($value) )

            $errors .= " Field '".$key."' has to be filled in. ";

        }else{

            If ( !preg_match("/[0-9A-Za-z -_]/", $value) )
                $errors .= " Field '".$key."' has been given an invalid value. ";

        }

}

    ...  check if the passwords ( normal and repeated ) matched ...

    ... check if username/email does not already exist ...

    ...  check if there were any errors with the filled in fields ...

}else{ //form has not been submitted yet

?>



*Username:
 


*Password  :
 


*Repeat Password: 
 


*Email:

There’s one field that needs to be checked in a different way: the ‘password_rep’ field. Which needs to be equal to the password field. We’ll use another if loop for that (already put into the code above):

        If( $_POST['password_rep'] != $_POST['password'])
            $errors .= " Passwords don't match! 
";

A simple condition checks whether they are not equal to eachother (!=). In that case, an error will be added.

Now there’s a last thing that needs to be checked. We’re going to check if there isn’t already an account on the given username or email. We’ll use a simple mysql SELECT query to do this:

        $check_account = mysql_query("SELECT id
                                                                    FROM accounts
                                                                    WHERE username = '".$_POST['username']."' OR email = '".$_POST['email']."' ");

We select the field ‘id’ from the table ‘accounts’ (we could select any field) from a row where the username or email is equal to what the user filled in as username/email. To make it more secure we can use the mysql_real_escape_string function that escapes all possible harming characters out of the strings.

        $check_account = mysql_query("SELECT id
                                                                     FROM accounts
                                                                     WHERE username = '".mysql_real_escape_string($_POST['username'])."' OR email = '".mysql_real_escape_string($_POST['email'])."' ");

Next, instead of retrieving the rows/results ( as we aren’t sure if there is any row like this already ) we’ll check if the query selected any rows at all. In other words: we’ll check if there is already an account with this username or email as this is the only thing we need to check with this query. We’ll use the function mysql_num_rows to do this.

        $check_account = mysql_query("SELECT id
                                                                    FROM accounts
                                                                    WHERE username = '".mysql_real_escape_string($_POST['username'])."' OR email = '".mysql_real_escape_string($_POST['email'])."' ");

        $check_account = mysql_num_rows($check_account);

$check_account now contains a number of the rows that have the same username or email as the user filled in for his account to register. So if $check_account contains a number greater than 0, this means there’s already 1 or more accounts with this username or email. In that case an error should be added that the username or email already exists for an account.

        $check_account = mysql_query("SELECT id
                                                                    FROM accounts
                                                                    WHERE username = '".mysql_real_escape_string($_POST['username'])."' OR email = '".mysql_real_escape_string($_POST['email'])."' ");

        $check_account = mysql_num_rows($check_account);

        If($check_account > 0)
            $errors .= " An account with the same username or email already exists. 
";

Now we need to create a code to check if there were any errors: in other words if $errors contains text. We’ll again use the empty function. If $errors is empty, we can create the account. Otherwise we show the errors.

Now we checked all possible errors for the user filled in data for his/her account to be created. So let’s put it all together.

 $value ) {

        if ( empty($value) )

            $errors .= " Field '".$key."' has to be filled in. ";

        }else{

            If ( !preg_match("/[0-9A-Za-z -_]/", $value) )
                $errors .= " Field '".$key."' has been given an invalid value. ";

        }

}
        If( $_POST['password_rep'] != $_POST['password'])
            $errors .= " Passwords don't match! ";

        $check_account = mysql_query("SELECT id FROM accounts WHERE username = '".mysql_real_escape_string($_POST['username'])."' OR email = '".mysql_real_escape_string($_POST['email'])."' ");

        $check_account = mysql_num_rows($check_account);

        If($check_account > 0)
            $errors .= " An account with the same username or email already exists. ";

    ...  check if there were any errors with the filled in fields ...

}else{ //form has not been submitted yet

?>



*Username:
 


*Password  :
 


*Repeat Password: 
 


*Email:

If ( empty($errors) OR !isset($errors) ) {

    ... create account ...

}else{

    ... show errors ...

}

Showing the errors is not such a big deal, we just echo the variable $errors which contains all errors. Creating the account isn’t such a big deal either. We’ll be using a few mysql functions & queries. Which we use to insert rows into the database ( create the account ). First we’ll need to connect to the host and database. We’ll use the functions mysql_connect and mysql_select_database.

mysql_connect("host", "user", "pass");
mysql_select_db("database");

We’ll now use a basic mysql_query function to INSERT the values into the database.

mysql_query( ... query ... );

In our case the query is to INSERT all values into the table ‘accounts’.

$query = mysql_query("INSERT INTO accounts(username, password, email)VALUES('".$_POST['username']."', '".$_POST['password']."', '".$_POST['email']."')");

That’s how the query looks like. I think it isn’t that hard so will explain it shortly: we use INSERT INTO to insert data into a table, in our case ‘account’s . Then we need to define which fields we want to insert data into, and put them between brackets after the table: username, password, email in this case. Also we need to give the VALUES for each field, which are stored in $_POST['field_name']. Though, to be sure there won’t be any SQL injections possible, we will still use the mysql_real_escape_string function to handle all filled in values so that they can’t harm the database with any bad codes. Even though we already checked the values, you should never just directly insert user filled in data to the database.

$query = mysql_query("INSERT INTO accounts(username, password, email)VALUES('".mysql_real_escape_string($_POST['username'])."', '".mysql_real_escape_string($_POST['password'])."', '".mysql_real_escape_string($_POST['email'])."')");

Now we need to check if the query was successfully:

If($query) {

    echo "Success! Account created!";

}else{

    echo "There was an error creating the account. Please try again or contact the web administrator";

}

We just use a basic loop to check if the $query variable, which executes the mysql query, was executed successfully.

Now we put it all together!

File: Register.php

 $value ) {

        if ( empty($value) )

            $errors .= " Field '".$key."' has to be filled in. ";

        }else{

            If ( !preg_match("/[0-9A-Za-z -_]/", $value) )
                $errors .= " Field '".$key."' has been given an invalid value. ";

        }

    }

        If( $_POST['password_rep'] != $_POST['password'])
            $errors .= " Passwords don't match! ";

        $check_account = mysql_query("SELECT id FROM accounts WHERE username = '".mysql_real_escape_string($_POST['username'])."' OR email = '".mysql_real_escape_string($_POST['email'])."' ");

        $check_account = mysql_num_rows($check_account);

        If($check_account > 0)
            $errors .= " An account with the same username or email already exists. ";

If ( empty($errors) OR !isset($errors) ) {

mysql_connect(host, user, pass);
mysql_select_db(database);

$query = mysql_query("INSERT INTO accounts(username, password, email)VALUES('".mysql_real_escape_string($_POST['username'])."', '".mysql_real_escape_string($_POST['password'])."', '".mysql_real_escape_string($_POST['email'])."')");

If($query) {

    echo "Success! Account created!";

}else{

    echo "There was an error creating the account. Please try again or contact the web administrator";

}

}else{

    echo $errors;

}

}else{ //form has not been submitted yet

?>



*Username:
 


*Password  :
 


*Repeat Password: 
 


*Email:

And we’ve got our register system in ONE file!

Note: In queries you might have seen a lot of quotes and double quotes. We use ‘”. and .”‘ to separate an array ( like $_POST[] ) from the rest of the query.

Cheers,
Admin.

MySql Basics – Retrieve Data

admin — Tue, 19 Jan 2010 11:23:03 +0000

To retrieve data from a table of the database, we can use the mysql SELECT query. As discussed in the previous chapter, we use the mysql_query function to interactwith the database ( insert/retrieve data ). Although we’re now not going to INSERT data into the database but we’ll be using the SELECT type of query to retrieve data from the database ( from a certain table ). This type of query looks like this (basic structure):

mysql_query("SELECT field_name FROM table_name WHERE clause");

The 2 main things that need to be set are the field(s) you want to select the values of, and from what table you want to do this. Though if you only set these argruments, then it would retrieve the values of the fields in that table ( the fields you set ) for ALL rows it has. So if you only want to get the field(s)’s value of a specific row(s), you can be more specific by adding a ‘WHERE clause’ part. Fill in any condition for the ‘clause’ part. For example:

Example table ‘users’:
[TABLE=2]

Example query:

$usernames = mysql_query("SELECT username FROM users WHERE country = 'USA'");

Say you’ve got a table called ‘users’ which contains all user accounts of a website. A query smilar to this could be used to retrieve the value of the field ‘username’ of all rows ( user accounts in this case ) that have the value ´USA´ for the field ´country´. In other words: in this example it would select all usernames of users who have set their country to ‘USA’.

In this example it would select the first and second row, which have the country set to USA. So it would select the username ‘Admin’ and the username ‘Test2′. Which can be stored into an array using the function mysql_fetch_assoc(mysql query here).

However it only puts one row into an array a time. So it only selects 1 row per time, but say we want to show all rows ( usernames of them ) then we will need to use the while loop and the mysql_fetch_assoc function.

$usernames = mysql_query("SELECT username FROM users WHERE country = 'USA'");

while($user_row = mysql_fetch_assoc($usernames)) {

    echo "Row (user) match found:".$user_row['username']."

";

}

Ok let’s have a look into this loop. What it basicly does, is execute the mysql query in $usernames and retrieve the data of the row it finds ( in this case the value of the field ‘username’ of that certain row it found ). But as it can only select one row a time, it will keep doing it for each row it finds. So when it finds a row that matches the query, it will put the data into the variable $user_row as we called it. Then execute the while loop code ( echo’s some text with the username found ) and repeats it for each row it find.In this case there were 2 rows that matched the query. So for each of the rows the data will be put in the $user_row variable and the while loop will be executed for each row seperated.

When a row is found then the values of the fields it selected in the query ( username only in this case ) will be stored into $user_row['field_name']. In this case we selected the field ‘username’ so the value of it will be stored in the variable $user_row['username']. If you need to select more than one field, for one row each field’s value will be stored into its own sub-variable too like: $user_row['field_name'].

Then we’ve come to the output of this code, which is:

Row (user) match found: Admin
Row (user) match found: Test2

That’s it, hope you learnt something again

Cheers,
Admin.

MySql Basics – Insert Data

admin — Tue, 19 Jan 2010 11:20:45 +0000

To insert data into the database, mysql queries are used. There are multiple types of mysql queries. The one to put data into the database is the INSERT query. This one inserts a new row into the database which requires the fields of a row for that table to be given a value to.

A basic mysql query structure:

mysql_query("...query here..");

A basic INSERT query:

mysql_query("INSERT INTO table_name (field1, field2) VALUES ('value1', 'value2') ");

We could again use the or die(mysql_error()) function to make it show the mysql error message when an error occurs.

So in the above example we made it insert a new row for the table ‘table_name’. For that row we gave field1 the value ‘value1′ and field2 the value ‘value2′.

Let’s have a look at an example of a table containing all user accounts (=rows):

Example table ‘users’:

[TABLE=1]

We already got one row in the table of the database, one user account. To add another one to this table we need to set values for the fields (id, )username, password, email. The ID field usually is auto_increment and primairy key, which means it’s a unique key for each row and automaticly increases for each new row that’s added and so doesn’t need to be set by ourselves. The example query would look like this ( for this table called ‘users’ ):

$new_user = mysql_query("INSERT INTO users (username, password, email) VALUES ('testuser', 'testpassword', 'test.email@hotmail.com') ");

You see we here create a new row using the INSERT query, for the table called ‘users’, giving the value ‘testuser’ to the field ‘username’, ‘testpassword’ to the field ‘passsword’ and ‘test.email@hotmail.com’ to the field ‘email’ for the new row we create ( representing a new user in this case ).

Hope you learnt something, if you have any questions, feel free to ask.

Cheers,
Admin.

MySql Basics – Connect

admin — Tue, 19 Jan 2010 11:17:17 +0000

MySql can be used to interact with databases: insert and retrieve data. It can come very handy when you need to save a collection of the same ‘kind’ ( such as products or forum messages, user accounts, etc. ) and which need to be able to be edited easily. To interact with the database you first need to connect to the host and then select the database you want to interact with. In MySql you can use the functions mysql_connect and mysql_select_db to do so.

mysql_connect("host", "username", "password");
mysql_select_db("database");

mysql_connect is used to connect to the host, which requires a username and a password. When the user for the host requires no password, you can leave out the password. The host is usually just “localhost”, depending on your host (settings). For the username you can often use “root” as default username if there aren’t any other users made for the host.

mysql_select_db is pretty much straight forward I guess. You make it select the database you’re going to use. You can also use the or die(“error message here”) to make it show an error when it fails to connect. There’s a standard mysql error message which can be called by using mysql_error() function.So it’d be:

mysql_connect("localhost", "root", "mypassword")or die(mysql_error());
mysql_select_db("mydatabase")or die(mysql_error());

So when any error occurs while connecting to the host/database, the mysql error message will appear containing the error occured.

You can also manually check whether the connection was successfully by putitng them into variables and checking the variables:

$connect = mysql_connect("localhost", "root", "mypassword");
$db      = mysql_select_db("mydatabase");

if(!$connect) {

     die("Host connection failed");

}

if(!$db) {

    die("Database connection failed");

}

?>

Now you’re ready to use the mysql functions to interact with the database, such as mysql_query, which we’ll be discussing in the next chapter.

Admin.