Posted inParameters in PHP PHP PHP MySql Database Web Application Web Development

Insert update and delete with parameters in php mysql database its also anti SQL injection

October 19, 2017No Comments
Insert update and delete with parameters in php mysql database its also anti SQL injection

How to INSERT, UPDATE, DELETE with PHP MySQL Securely and its also anti SQL injection 

Insert update and delete with parameters in php mysql
First you create a MySQL database in phpmyadmin (testdb)

Insert page :

<?php
@$conn = mysqli_connect(‘localhost’,’root’,”,’testdb’) or die(“Please check your database username and password”)
?>
<!doctype html>
<html>
<head>
<meta charset=”utf-8″>
<title>Insert into table</title>
<meta name=”viewport” content=”width=device-width, initial-scale=1″>
<link rel=”stylesheet” href=”https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css”>
<script src=”https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js”></script>
<script src=”https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js”></script>
<style>
#myform
{
margin:20px;
-webkit-box-shadow: 0px 1px 1px 1px rgba(0,0,0,0.15);
-moz-box-shadow: 0px 1px 1px 1px rgba(0,0,0,0.15);
box-shadow: 0px 1px 1px 1px rgba(0,0,0,0.15);
}
</style>
</head>
<body>
<div id=”myform” class=”panel panel-primary”>
<div class=”panel-heading”>My Secure form</div>
    <div class=”panel-body”>
    <div class=”row”>
    <div class=”col-lg-12″>
    <form method=”post” enctype=”multipart/form-data” action=”?”>
        <div class=”row”>
            <div class=”col-lg-3″>
                <div class=”form-group”>
                <label>Name</label>
                <input type=”text” name=”name” class=”form-control”>
                </div>
            </div>
            <div class=”col-lg-3″>
                <div class=”form-group”>
                <label>Email</label>
                <input type=”text” name=”email” class=”form-control”>
                </div>
            </div>
            <div class=”col-lg-3″>
                <div class=”form-group”>
                <label>Contact Number</label>
                <input type=”text” name=”cnum” class=”form-control”>
                </div>
            </div>
            <div class=”col-lg-3″>
                <div class=”form-group”>
                <label>Address</label>
                <input type=”text” name=”add” class=”form-control”>
                </div>
            </div>
            <div class=”col-lg-12″>
                <div class=”form-group”>
                <button class=”btn btn-primary pull-right” type=”submit” name=”submit”>
                Submit information
                </button>
                </div>
            </div>
          </div>
        </form>
        </div>
     </div>
        <div class=”panel-footer”>
<?php
if(isset($_POST[‘submit’]))
{
$name = mysqli_real_escape_string($conn, $_POST[‘name’]);
$email = mysqli_real_escape_string($conn, $_POST[’email’]);
$contactn = mysqli_real_escape_string($conn, $_POST[‘cnum’]);

$addrs = mysqli_real_escape_string($conn, $_POST[‘add’]);

if($name != “” and  $email != “” and $contactn != “” and $addrs != “”)
{
$insert = “INSERT INTO infotab(name,email,contact,address) VALUES(?,?,?,?)”;
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $insert))
{
echo “Opps Technical Problems….”;
}
else
{
mysqli_stmt_bind_param($stmt, “ssss”, $name, $email, $contactn, $addrs);
mysqli_stmt_execute($stmt);
}
echo “Data Inserted Successfully”;
}
unset($stmt);
}
?>
        </div>
    </div>
</div>

<div class=”panel panel-default” id=”myform”>
<div class=”panel-heading”>My Secure form</div>
    <div class=”panel-body”>
<div class=”row”>
    <div class=”col-lg-12″>
        <table class=”table table-bordered”>
        <thead>
            <tr>
                <th>Name</th>
                    <th>Email</th>
                    <th>Contact Number</th>
                    <th>Address</th>
                    <th>Controls</th>
                </tr>
            </thead>
            <tbody>
            <?php
if($stmt = $conn->
prepare(“SELECT id,name,email,contact,address FROM infotab”))
{
$stmt->execute();
$stmt->bind_result($id,$name,$email,$contact,$address);
while($stmt->fetch())
{
?>
<tr>
                <td><?php echo $name; ?></td>
                    <td><?php echo $email; ?></td>
                    <td><?php echo $contact; ?></td>
                    <td><?php echo $address; ?></td>
                    <td align=”center” width=”200″>
                    <div class=” btn-group btn-group-sm”>
                    <a href=”update.php?update=<?php echo $id; ?>”>
                        <button class=”btn btn-primary”>Update</button>
                        </a>
                        <a href=”delete.php?delete=<?php echo $id; ?>”>
                        <button class=”btn btn-danger”>Delete</button>
                        </a>
                    </div>
                    </td>
                </tr>
                <?php
}
}
?>
            </tbody>
        </table>
        </div>
    </div>
    </div>
</div>
</body>
</html>

Update page :

<?php
@$conn = mysqli_connect(‘localhost’,’root’,”,’testdb’)
or die(“Please check your database username and password”);
?>
<!doctype html>
<html>
<head>
<meta charset=”utf-8″>
<title>Updates Records</title>
<link rel=”stylesheet” href=”https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css”>
<script src=”https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js”></script>
<script src=”https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js”></script>
<style>
#myform
{
margin:20px;
-webkit-box-shadow: 0px 1px 1px 1px rgba(0,0,0,0.15);
-moz-box-shadow: 0px 1px 1px 1px rgba(0,0,0,0.15);
box-shadow: 0px 1px 1px 1px rgba(0,0,0,0.15);
}
</style>
</head>
<body>
<?php
$update = $_GET[‘update’];
if($stmt = $conn->
prepare(“SELECT id,name,email,contact,address FROM infotab WHERE id = ?”))
{
$stmt->bind_param(“s”, $update);
$stmt->execute();
$stmt->bind_result($id,$name,$email,$contact,$address);
$stmt->fetch();
}
?>
<div id=”myform” class=”panel panel-primary”>
<div class=”panel-heading”>My Secure form</div>
    <div class=”panel-body”>
    <div class=”row”>
    <div class=”col-lg-12″>
    <form method=”post” enctype=”multipart/form-data” action=”?”>
        <input type=”hidden” value=”<?php echo $id; ?>” name=”idu”>
        <div class=”row”>
            <div class=”col-lg-3″>
                <div class=”form-group”>
                <label>Name</label>
                <input type=”text” name=”name” class=”form-control” value=”<?php echo $name; ?>”>
                </div>
            </div>
            <div class=”col-lg-3″>
                <div class=”form-group”>
                <label>Email</label>
                <input type=”text” name=”email” class=”form-control” value=”<?php echo $email; ?>”>
                </div>
            </div>
            <div class=”col-lg-3″>
                <div class=”form-group”>
                <label>Contact Number</label>
                <input type=”text” name=”cnum” class=”form-control” value=”<?php echo $contact; ?>”>
                </div>
            </div>
            <div class=”col-lg-3″>
                <div class=”form-group”>
                <label>Address</label>
                <input type=”text” name=”add” class=”form-control” value=”<?php echo $address; ?>”>
                </div>
            </div>
            <div class=”col-lg-12″>
                <div class=”form-group”>
                <button class=”btn btn-primary pull-right” type=”submit” name=”update”>
                Submit information
                </button>
                </div>
            </div>
          </div>
        </form>
        </div>
     </div>
        <div class=”panel-footer”>
<?php
if(isset($_POST[‘update’]))
{
$idu = mysqli_real_escape_string($conn, $_POST[‘idu’]);
$name = mysqli_real_escape_string($conn, $_POST[‘name’]);
$email = mysqli_real_escape_string($conn, $_POST[’email’]);
$contactn = mysqli_real_escape_string($conn, $_POST[‘cnum’]); $addrs = mysqli_real_escape_string($conn, $_POST[‘add’]);
if($name != “” and  $email != “” and $contactn != “” and $addrs != “”)
{
$insert = “UPDATE infotab SET name=?,email=?,contact=?,address=? WHERE id = ‘$idu'”;
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $insert))
{
echo “Opps Technical Problems….”;
}
else
{
mysqli_stmt_bind_param($stmt, “ssss”, $name, $email, $contactn, $addrs);
mysqli_stmt_execute($stmt);
}
echo “Data Inserted Successfully”;
header(“location: insert.php”);
}
unset($stmt);
}
?>
        </div>
    </div>
</div> </body>
</html> 

Dalete page :

<?php
@$conn = mysqli_connect(‘localhost’,’root’,”,’testdb’)
or die(“Please check your database username and password”);
$delete = $_GET[‘delete’];
if($stmt = $conn->
prepare(“DELETE FROM infotab WHERE id=?”))
{
$stmt->bind_param(“s”, $delete);
$stmt->execute();
header(“location: insert.php”);
}
?> 

Last updated on October 27, 2024

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *