Dave Stokes, profile picture
Uploaded byDave Stokes
PPTX, PDF271 views

PHP Database Programming Basics -- Northeast PHP

The document covers the basics of PHP database programming, focusing on MySQL, including client-server models, connection setup, querying data, and data input security. It emphasizes the importance of careful data handling to prevent vulnerabilities like SQL injection and outlines common performance issues, such as the n+1 query problem. Resources for further learning and guidance on database design and programming best practices are also provided.

Downloaded 11 times
Basic PHP Database programming
Hello!I am Dave Stokes MySQl Community Manager FORTRAN, Punch Cards, ‘Personal Home Page’, older than dirt, etc.
22 Years old! MySQL 5.7 relased ~ 2 years ago -- JSON Data Tyoe MySQL 8 Developer Milestone Release -- Available for testing -- Data dictionary -- UTf8MB4 More Plug-in Features -- Group replication -- Document Store Oracle MySQL Cloud -- Enterprise edition of software
1. Basics Client Server Model and simple connections Using MySQL but concepts will transpose over to other Relational Database Management Systems.
● Network – tcp/ip ● Port 3306 ● Windows, Mac, Linux, & source code + containers
To connect you will need 0. Server name or IP address 1. Persmission to connect 2. Account/password 3. (more later)
<?php $mysqli = new mysqli("127.0.0.1", "user", "password", "database"); if ($mysqli->connect_errno) { echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error; } echo $mysqli->host_info . "n"; ?>
<?php $mysqli = new mysqli("127.0.0.1", "user", "password", "database"); Host – 127.0.0.1 (or 192.168.10.11 or db.foobar.com) User – User on the MySQL server (mysql.user table), not OS user Password – Clear text (other options later) -> Security issue Database – Schema to be used. Can be selected/changed later Port (optional) – defaults to 3306
if ($mysqli->connect_errno) { echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error; } If MySQL there is a MySQL connection error then provide details
<?php $dbh = new PDO('mysql:host=localhost;dbname=test', $user, $pass);
● Resource Guide ● Examples ● First place to look for answers
Syntax Programming is hard but the syntactical aspects are usually simple (some times too simple)
2. Get Data After connecting we need to do something
1970’s Disks are expensive and slow Relational Model emerges with goal of efficiency Data Normaliation to berak data in smaller logically consistent groups SQL was designed at IBM to provide efficient access to data via a descriptive language based on relational calulus.
if ($result = $mysqli->query("SELECT * FROM City")) { printf("Select returned %d rows.n", $result->num_rows); /* free result set */ $result->close(); } $mysqli->close(); ?>
SELECT * FROM City • * is a wild card for ‘all column in table • City is the table being queried • SELECT is the action (SELECT, UPDATE, DELETE, etc)
$mysqli = new mysqli(); $result = $mysqli->query(); Do Something with the data in app $result->close(); $mysqli->close(); The basic flow is very simple – connect, query, close. Note: the above is without return codes! Always check return codes!
SELECT * FROM City $result = $mysqli->query("SELECT id, label FROM test WHERE id = 1"); $row = $result->fetch_assoc(); printf("id = %s (%s)n", $row['id'], gettype($row['id'])); printf("label = %s (%s)n", $row['label'], gettype($row['label']));
$row = $result->fetch_assoc(); fetch_assoc -- Fetch a result row as an associative array fetch_array() Fetch a result row as an associative, a numeric array, or both fetch_row() Get a result row as an enumerated array fetch_object() Returns the current row of a result set as an object
Congratulations! You know have the BASICS down. The bad news is that there are are lot of other things to learn.
The longest journey begins with getting up off your backside!!
3. INput Data Here is where being careful pays off
NEVER EVER TRUST data input from a user! Period! EVER!
INTEGERS Check to see if intergers are really integers by casting them! Range check if you can!! STRINGS Check size, filter out junk, and expect the unexpected!! FILES Isolate, scan, and doublecheck. Paranoia in defense of your data is a virtue not a sin
Yes, there are people out there that would love to mess up your work, scramble or delete your data, usurp your server, and in general treat you professional life like a Games of Thrones plot line including a Lannister but you are not a Lannister
$QUERY = “SELECT * FROM PayingCustomers WERE userId = $id”; if (!$mysqli->query($QUERY) { echo “Query failed: (" . $mysqli->errno . ") " . $mysqli->error; } Can you spot TWO PROBLEMS with the above (assume $email is from a form filled in by user) ?
What if $id is = ‘me@mw.com’ or 1 = 1 EVALUATES as TRUE
SELECT * FROM Users WHERE Name ="John Doe" AND Pass ="Pass“ Name and Pass = " or ""=" SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""
SELECT * FROM Users WHERE UserId = $UserId $UserId = 15; DROP TABLE suppliers
if (!($stmt = $mysqli->prepare("INSERT INTO test(id) VALUES (?)"))) { echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error; } $id = 1; if (!$stmt->bind_param("i", $id)) { echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error; } if (!$stmt->execute()) { echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error; }
for ($id = 2; $id < 5; $id++) { if (!$stmt->execute()) { echo "Execute failed:(" . $stmt->errno . ") " . $stmt- >error; } }
4. The dreaded N+1 Problem Killing your database server performance by a thousand cuts
Problem: You need a ride to work tomorrow and need to find an active employee that lives in your city. Query 1 – Find the active employees in your city. Query 2 – Of those employees, find those who have a parking permit. Versus Query1 -- Find employees in your city that have a parking permit
Problem: You need to find all customers with unfulfilled orders over thirty days that are not ready to ship and have already paid. A series of small queries is doing to take more resources and time that one big query. Each dive into the data has a cost – minimize!! Let the database do the ‘heavy lifting’ – that is its purpose!
Every time you connect and send a query to a MySQL server it will check: 1. Is your computer allowed to connect? 2. Is your account/authentication-string valid? 3. Do you have permission to access the data requested? This adds up with small queries
Whew!The is the basic basics!
1. SQL Anti Patterns:SQL Antipatterns: Avoiding the Pitfalls of Database Programming Bill Karwin 2. Database Design and Relational Theory: Normal Forms and All That Jazz CJ Date
THANKS!Any questions? You can find me at @stoker or david.stokes @ oracle.com Elephantdolphin.blogger.com Slideshare.net/davidmstokes https://joind.in/talk/ad37a

More Related Content

PPTX
Php database connectivity
bybaabtra.com - No. 1 supplier of quality freshers
 
PDF
All Things Open 2016 -- Database Programming for Newbies
byDave Stokes
 
PDF
DBIx::Class walkthrough @ bangalore pm
bySheeju Alex
 
PDF
Web2py
byLucas D
 
PDF
Database Wizardry for Legacy Applications
byGabriela Ferrara
 
PDF
Using web2py's DAL in other projects or frameworks
byBruno Rocha
 
PDF
与 PHP 和 Perl 使用 MySQL 数据库
byYUCHENG HU
 
DOCX
Miniproject on Employee Management using Perl/Database.
bySanchit Raut
 
Php database connectivity
bybaabtra.com - No. 1 supplier of quality freshers
 
All Things Open 2016 -- Database Programming for Newbies
byDave Stokes
 
DBIx::Class walkthrough @ bangalore pm
bySheeju Alex
 
Web2py
byLucas D
 
Database Wizardry for Legacy Applications
byGabriela Ferrara
 
Using web2py's DAL in other projects or frameworks
byBruno Rocha
 
与 PHP 和 Perl 使用 MySQL 数据库
byYUCHENG HU
 
Miniproject on Employee Management using Perl/Database.
bySanchit Raut
 

What's hot

PDF
Php 2
bytnngo2
 
PPTX
FYBSC IT Web Programming Unit V Advanced PHP and MySQL
byArti Parab Academics
 
PDF
Tips of CakePHP and MongoDB - Cakefest2011 ichikaway
byichikaway
 
PPTX
Sequelize
byTarek Raihan
 
PDF
Coffeescript a z
byStarbuildr
 
PDF
DataMapper @ RubyEnRails2009
byDirkjan Bussink
 
DOC
Object oriented mysqli connection function
byclickon2010
 
PDF
Hacking Your Way To Better Security - php[tek] 2016
byColin O'Dell
 
PDF
Web2py Code Lab
byColin Su
 
PDF
2014 database - course 3 - PHP and MySQL
byHung-yu Lin
 
PPTX
PHP performance 101: so you need to use a database
byLeon Fayer
 
PDF
Developing applications for performance
byLeon Fayer
 
PDF
Couchdb
byBrian Smith
 
PDF
Rails 3 ActiveRecord
byBlazing Cloud
 
PDF
Web2py tutorial to create db driven application.
byfRui Apps
 
PDF
Jqeury ajax plugins
byInbal Geffen
 
PDF
Getting Creative with WordPress Queries, Again
byDrewAPicture
 
PPTX
Pitfalls to Avoid for Cascade Server Newbies by Lisa Hall
byhannonhill
 
PPTX
MooseX::Datamodel - Barcelona Perl Workshop Lightning talk
byJose Luis Martínez
 
PPTX
PostgreSQL's Secret NoSQL Superpowers
byAmanda Gilmore
 
Php 2
bytnngo2
 
FYBSC IT Web Programming Unit V Advanced PHP and MySQL
byArti Parab Academics
 
Tips of CakePHP and MongoDB - Cakefest2011 ichikaway
byichikaway
 
Sequelize
byTarek Raihan
 
Coffeescript a z
byStarbuildr
 
DataMapper @ RubyEnRails2009
byDirkjan Bussink
 
Object oriented mysqli connection function
byclickon2010
 
Hacking Your Way To Better Security - php[tek] 2016
byColin O'Dell
 
Web2py Code Lab
byColin Su
 
2014 database - course 3 - PHP and MySQL
byHung-yu Lin
 
PHP performance 101: so you need to use a database
byLeon Fayer
 
Developing applications for performance
byLeon Fayer
 
Couchdb
byBrian Smith
 
Rails 3 ActiveRecord
byBlazing Cloud
 
Web2py tutorial to create db driven application.
byfRui Apps
 
Jqeury ajax plugins
byInbal Geffen
 
Getting Creative with WordPress Queries, Again
byDrewAPicture
 
Pitfalls to Avoid for Cascade Server Newbies by Lisa Hall
byhannonhill
 
MooseX::Datamodel - Barcelona Perl Workshop Lightning talk
byJose Luis Martínez
 
PostgreSQL's Secret NoSQL Superpowers
byAmanda Gilmore
 

Similar to PHP Database Programming Basics -- Northeast PHP

PPT
Download It
bywebhostingguy
 
PPTX
lecture 7 - Introduction to MySQL with PHP.pptx
byAOmaAli
 
PPTX
3-Chapter-Edit.pptx debre tabour university
byalemunuruhak9
 
PPTX
CHAPTER six DataBase Driven Websites.pptx
byKelemAlebachew
 
PDF
Php summary
byMichelle Darling
 
PPSX
DIWE - Working with MySQL Databases
byRasan Samarasinghe
 
ODP
Php modul-3
byKristophorus Hadiono
 
PPTX
Database Connectivity MYSQL by Dr.C.R.Dhivyaa Kongu Engineering College
byDhivyaa C.R
 
PPTX
UNIT V (5).pptx
byDrDhivyaaCRAssistant
 
PPTX
3 php-connect-to-my sql
byAchchuthan Yogarajah
 
PPT
Migrating from PHP 4 to PHP 5
byJohn Coggeshall
 
PPT
Php My Sql Security 2007
byAung Khant
 
PPTX
Learn PHP Lacture2
byADARSH BHATT
 
PDF
PHP with MySQL
bywahidullah mudaser
 
PPTX
PHP DATABASE MANAGEMENT.pptx
byCynthiaKendi1
 
PPTX
7. PHP and gaghhgashgfsgajhfkhshfasMySQL.pptx
byberihun18
 
PPTX
MySQL with PHP
byMsSJeyalakshmiVelsUn
 
PPT
Synapse india reviews on php and sql
bysaritasingh19866
 
PDF
Five Database Mistakes and how to fix them -- Confoo Vancouver
byDave Stokes
 
PPTX
Php and database functionality
bySayed Ahmed
 
Download It
bywebhostingguy
 
lecture 7 - Introduction to MySQL with PHP.pptx
byAOmaAli
 
3-Chapter-Edit.pptx debre tabour university
byalemunuruhak9
 
CHAPTER six DataBase Driven Websites.pptx
byKelemAlebachew
 
Php summary
byMichelle Darling
 
DIWE - Working with MySQL Databases
byRasan Samarasinghe
 
Php modul-3
byKristophorus Hadiono
 
Database Connectivity MYSQL by Dr.C.R.Dhivyaa Kongu Engineering College
byDhivyaa C.R
 
UNIT V (5).pptx
byDrDhivyaaCRAssistant
 
3 php-connect-to-my sql
byAchchuthan Yogarajah
 
Migrating from PHP 4 to PHP 5
byJohn Coggeshall
 
Php My Sql Security 2007
byAung Khant
 
Learn PHP Lacture2
byADARSH BHATT
 
PHP with MySQL
bywahidullah mudaser
 
PHP DATABASE MANAGEMENT.pptx
byCynthiaKendi1
 
7. PHP and gaghhgashgfsgajhfkhshfasMySQL.pptx
byberihun18
 
MySQL with PHP
byMsSJeyalakshmiVelsUn
 
Synapse india reviews on php and sql
bysaritasingh19866
 
Five Database Mistakes and how to fix them -- Confoo Vancouver
byDave Stokes
 
Php and database functionality
bySayed Ahmed
 

More from Dave Stokes

PDF
5 Ways to keep your SQL Queries Fresh.pdf
byDave Stokes
 
PDF
Valkey 101 - SCaLE 22x March 2025 Stokes.pdf
byDave Stokes
 
PPTX
Locking Down Your MySQL Database.pptx
byDave Stokes
 
PPTX
Linuxfest Northwest 2022 - MySQL 8.0 Nre Features
byDave Stokes
 
PDF
MySQL Indexes and Histograms - RMOUG Training Days 2022
byDave Stokes
 
PDF
MySQL 8.0 Features -- Oracle CodeOne 2019, All Things Open 2019
byDave Stokes
 
PDF
Windowing Functions - Little Rock Tech fest 2019
byDave Stokes
 
PDF
MySQL Baics - Texas Linxufest beginners tutorial May 31st, 2019
byDave Stokes
 
PPTX
Develop PHP Applications with MySQL X DevAPI
byDave Stokes
 
PDF
MySQL 8 Tips and Tricks from Symfony USA 2018, San Francisco
byDave Stokes
 
PDF
The Proper Care and Feeding of MySQL Databases
byDave Stokes
 
PDF
MySQL without the SQL -- Cascadia PHP
byDave Stokes
 
PDF
MySQL 8 Server Optimization Swanseacon 2018
byDave Stokes
 
PDF
MySQL Without The SQL -- Oh My! PHP[Tek] June 2018
byDave Stokes
 
PDF
Presentation Skills for Open Source Folks
byDave Stokes
 
PPTX
MySQL Without the SQL -- Oh My! Longhorn PHP Conference
byDave Stokes
 
PPTX
MySQL 8 -- A new beginning : Sunshine PHP/PHP UK (updated)
byDave Stokes
 
PPTX
ConFoo MySQL Replication Evolution : From Simple to Group Replication
byDave Stokes
 
PDF
Advanced MySQL Query Optimizations
byDave Stokes
 
PPTX
Making MySQL Agile-ish
byDave Stokes
 
5 Ways to keep your SQL Queries Fresh.pdf
byDave Stokes
 
Valkey 101 - SCaLE 22x March 2025 Stokes.pdf
byDave Stokes
 
Locking Down Your MySQL Database.pptx
byDave Stokes
 
Linuxfest Northwest 2022 - MySQL 8.0 Nre Features
byDave Stokes
 
MySQL Indexes and Histograms - RMOUG Training Days 2022
byDave Stokes
 
MySQL 8.0 Features -- Oracle CodeOne 2019, All Things Open 2019
byDave Stokes
 
Windowing Functions - Little Rock Tech fest 2019
byDave Stokes
 
MySQL Baics - Texas Linxufest beginners tutorial May 31st, 2019
byDave Stokes
 
Develop PHP Applications with MySQL X DevAPI
byDave Stokes
 
MySQL 8 Tips and Tricks from Symfony USA 2018, San Francisco
byDave Stokes
 
The Proper Care and Feeding of MySQL Databases
byDave Stokes
 
MySQL without the SQL -- Cascadia PHP
byDave Stokes
 
MySQL 8 Server Optimization Swanseacon 2018
byDave Stokes
 
MySQL Without The SQL -- Oh My! PHP[Tek] June 2018
byDave Stokes
 
Presentation Skills for Open Source Folks
byDave Stokes
 
MySQL Without the SQL -- Oh My! Longhorn PHP Conference
byDave Stokes
 
MySQL 8 -- A new beginning : Sunshine PHP/PHP UK (updated)
byDave Stokes
 
ConFoo MySQL Replication Evolution : From Simple to Group Replication
byDave Stokes
 
Advanced MySQL Query Optimizations
byDave Stokes
 
Making MySQL Agile-ish
byDave Stokes
 

Recently uploaded

PDF
Advanced Endpoint Protection for Devices
bywaveriserit
 
PDF
Week2 Slide Networking Media pengenalan media jarkom.pdf
bydarthvader121
 
PDF
The Imperfect Architect - How to survive as an architect in the digital age.
byrobincusters
 
PDF
Computer Networks and Communication.pdf
byAliBilal39
 
PPTX
Bài thuyết trình - Elegant Professional Presentation.pptx
byhoangthilinhnga570
 
PPTX
My Honest Paul Hilse Review Freedom Accelerator Student Experience.pptx
byPaul Hilse
 
DOCX
kavachcyber security tips link file 1.docx
byMovies Download Express
 
PDF
CI HUB Connector for WordPress : Seamless Asset Management Made Easy
byCI HUB
 
PDF
Cybersecurity Checklist for E-Commerce Sites
byOne CoreDev IT
 
PDF
Secure Access Made Simple with Identity & Access
bywaveriserit
 
PDF
SEO Guide Keywords & Link Success to Boost your Website Traffic
byBestdesign2hub
 
PDF
Reverse Engineering of Security Products : Developing an Advanced Microsoft ...
byDonato Onofri
 
DOCX
QUIZ MASTER.docxhgbnhghjdkdjdjdkdkdjdjdj
byroutsasmita5689
 
PDF
Website Accessibility—Building Inclusive Digital Spaces and Maintaining ADA/W...
byCreative Force Marketing
 
PDF
Week1 Slide Networking Fundamental-pengenalan jarkom.pdf
bydarthvader121
 
PPTX
New Microsoft PowerPoint Presentation.pptx
byavi080703
 
DOCX
BeeTV APK Firestick – Stream Movies and TV Shows Free
byAmanda Knudson
 
PPTX
Phishing techiques and its protection while on the internet
byssuserdf4e1d
 
PPTX
Innovative-Digital-Transformation-Software-Solution-LA.pptx.pptx
byjameshammermfm
 
PPTX
购买皇后大学毕业证|海牙认证QU成绩单水印学位证范本文凭在读证明可查学历认证
by假成绩单购买拉筹伯大学毕业证【Q微号:1954 292 140】
 
Advanced Endpoint Protection for Devices
bywaveriserit
 
Week2 Slide Networking Media pengenalan media jarkom.pdf
bydarthvader121
 
The Imperfect Architect - How to survive as an architect in the digital age.
byrobincusters
 
Computer Networks and Communication.pdf
byAliBilal39
 
Bài thuyết trình - Elegant Professional Presentation.pptx
byhoangthilinhnga570
 
My Honest Paul Hilse Review Freedom Accelerator Student Experience.pptx
byPaul Hilse
 
kavachcyber security tips link file 1.docx
byMovies Download Express
 
CI HUB Connector for WordPress : Seamless Asset Management Made Easy
byCI HUB
 
Cybersecurity Checklist for E-Commerce Sites
byOne CoreDev IT
 
Secure Access Made Simple with Identity & Access
bywaveriserit
 
SEO Guide Keywords & Link Success to Boost your Website Traffic
byBestdesign2hub
 
Reverse Engineering of Security Products : Developing an Advanced Microsoft ...
byDonato Onofri
 
QUIZ MASTER.docxhgbnhghjdkdjdjdkdkdjdjdj
byroutsasmita5689
 
Website Accessibility—Building Inclusive Digital Spaces and Maintaining ADA/W...
byCreative Force Marketing
 
Week1 Slide Networking Fundamental-pengenalan jarkom.pdf
bydarthvader121
 
New Microsoft PowerPoint Presentation.pptx
byavi080703
 
BeeTV APK Firestick – Stream Movies and TV Shows Free
byAmanda Knudson
 
Phishing techiques and its protection while on the internet
byssuserdf4e1d
 
Innovative-Digital-Transformation-Software-Solution-LA.pptx.pptx
byjameshammermfm
 
购买皇后大学毕业证|海牙认证QU成绩单水印学位证范本文凭在读证明可查学历认证
by假成绩单购买拉筹伯大学毕业证【Q微号:1954 292 140】
 

PHP Database Programming Basics -- Northeast PHP

  • 1.
  • 2.
    Hello!I am DaveStokes MySQl Community Manager FORTRAN, Punch Cards, ‘Personal Home Page’, older than dirt, etc.
  • 3.
    22 Years old! MySQL5.7 relased ~ 2 years ago -- JSON Data Tyoe MySQL 8 Developer Milestone Release -- Available for testing -- Data dictionary -- UTf8MB4 More Plug-in Features -- Group replication -- Document Store Oracle MySQL Cloud -- Enterprise edition of software
  • 4.
    1. Basics Client Server Modeland simple connections Using MySQL but concepts will transpose over to other Relational Database Management Systems.
  • 5.
    ● Network –tcp/ip ● Port 3306 ● Windows, Mac, Linux, & source code + containers
  • 6.
    To connect youwill need 0. Server name or IP address 1. Persmission to connect 2. Account/password 3. (more later)
  • 7.
    <?php $mysqli = newmysqli("127.0.0.1", "user", "password", "database"); if ($mysqli->connect_errno) { echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error; } echo $mysqli->host_info . "n"; ?>
  • 8.
    <?php $mysqli = newmysqli("127.0.0.1", "user", "password", "database"); Host – 127.0.0.1 (or 192.168.10.11 or db.foobar.com) User – User on the MySQL server (mysql.user table), not OS user Password – Clear text (other options later) -> Security issue Database – Schema to be used. Can be selected/changed later Port (optional) – defaults to 3306
  • 9.
    if ($mysqli->connect_errno) { echo"Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error; } If MySQL there is a MySQL connection error then provide details
  • 10.
    <?php $dbh = newPDO('mysql:host=localhost;dbname=test', $user, $pass);
  • 11.
    ● Resource Guide ●Examples ● First place to look for answers
  • 12.
    Syntax Programming is hardbut the syntactical aspects are usually simple (some times too simple)
  • 13.
    2. Get Data After connectingwe need to do something
  • 14.
    1970’s Disks are expensiveand slow Relational Model emerges with goal of efficiency Data Normaliation to berak data in smaller logically consistent groups SQL was designed at IBM to provide efficient access to data via a descriptive language based on relational calulus.
  • 15.
    if ($result =$mysqli->query("SELECT * FROM City")) { printf("Select returned %d rows.n", $result->num_rows); /* free result set */ $result->close(); } $mysqli->close(); ?>
  • 16.
    SELECT * FROMCity • * is a wild card for ‘all column in table • City is the table being queried • SELECT is the action (SELECT, UPDATE, DELETE, etc)
  • 17.
    $mysqli = newmysqli(); $result = $mysqli->query(); Do Something with the data in app $result->close(); $mysqli->close(); The basic flow is very simple – connect, query, close. Note: the above is without return codes! Always check return codes!
  • 18.
    SELECT * FROMCity $result = $mysqli->query("SELECT id, label FROM test WHERE id = 1"); $row = $result->fetch_assoc(); printf("id = %s (%s)n", $row['id'], gettype($row['id'])); printf("label = %s (%s)n", $row['label'], gettype($row['label']));
  • 19.
    $row = $result->fetch_assoc(); fetch_assoc-- Fetch a result row as an associative array fetch_array() Fetch a result row as an associative, a numeric array, or both fetch_row() Get a result row as an enumerated array fetch_object() Returns the current row of a result set as an object
  • 20.
    Congratulations! You knowhave the BASICS down. The bad news is that there are are lot of other things to learn.
  • 21.
    The longest journeybegins with getting up off your backside!!
  • 22.
    3. INput Data Here iswhere being careful pays off
  • 23.
    NEVER EVER TRUST datainput from a user! Period! EVER!
  • 24.
    INTEGERS Check to seeif intergers are really integers by casting them! Range check if you can!! STRINGS Check size, filter out junk, and expect the unexpected!! FILES Isolate, scan, and doublecheck. Paranoia in defense of your data is a virtue not a sin
  • 25.
    Yes, there arepeople out there that would love to mess up your work, scramble or delete your data, usurp your server, and in general treat you professional life like a Games of Thrones plot line including a Lannister but you are not a Lannister
  • 26.
    $QUERY = “SELECT* FROM PayingCustomers WERE userId = $id”; if (!$mysqli->query($QUERY) { echo “Query failed: (" . $mysqli->errno . ") " . $mysqli->error; } Can you spot TWO PROBLEMS with the above (assume $email is from a form filled in by user) ?
  • 27.
    What if $idis = ‘me@mw.com’ or 1 = 1 EVALUATES as TRUE
  • 28.
    SELECT * FROMUsers WHERE Name ="John Doe" AND Pass ="Pass“ Name and Pass = " or ""=" SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""
  • 29.
    SELECT * FROMUsers WHERE UserId = $UserId $UserId = 15; DROP TABLE suppliers
  • 30.
    if (!($stmt =$mysqli->prepare("INSERT INTO test(id) VALUES (?)"))) { echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error; } $id = 1; if (!$stmt->bind_param("i", $id)) { echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error; } if (!$stmt->execute()) { echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error; }
  • 31.
    for ($id =2; $id < 5; $id++) { if (!$stmt->execute()) { echo "Execute failed:(" . $stmt->errno . ") " . $stmt- >error; } }
  • 32.
    4. The dreaded N+1 Problem Killingyour database server performance by a thousand cuts
  • 33.
    Problem: You needa ride to work tomorrow and need to find an active employee that lives in your city. Query 1 – Find the active employees in your city. Query 2 – Of those employees, find those who have a parking permit. Versus Query1 -- Find employees in your city that have a parking permit
  • 34.
    Problem: You needto find all customers with unfulfilled orders over thirty days that are not ready to ship and have already paid. A series of small queries is doing to take more resources and time that one big query. Each dive into the data has a cost – minimize!! Let the database do the ‘heavy lifting’ – that is its purpose!
  • 35.
    Every time youconnect and send a query to a MySQL server it will check: 1. Is your computer allowed to connect? 2. Is your account/authentication-string valid? 3. Do you have permission to access the data requested? This adds up with small queries
  • 36.
    Whew!The is thebasic basics!
  • 37.
    1. SQL AntiPatterns:SQL Antipatterns: Avoiding the Pitfalls of Database Programming Bill Karwin 2. Database Design and Relational Theory: Normal Forms and All That Jazz CJ Date
  • 38.
    THANKS!Any questions? You canfind me at @stoker or david.stokes @ oracle.com Elephantdolphin.blogger.com Slideshare.net/davidmstokes https://joind.in/talk/ad37a