Scribd
Upload
276 views5 pages

Course: Web Programming Code: 15CS52T Study Material

1) The document discusses connecting a MySQL database to a PHP web application using XAMPP. 2) It explains how to create a database using PhpMyAdmin and describes some functions of PhpMyAdmin like creating, dropping, and altering databases. 3) The document also covers potential problems with special characters when inserting database values into HTML and how functions like htmlspecialchars() and magic_quotes_gpc can help address these issues.

Uploaded by

Kekw
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
276 views5 pages

Course: Web Programming Code: 15CS52T Study Material

1) The document discusses connecting a MySQL database to a PHP web application using XAMPP. 2) It explains how to create a database using PhpMyAdmin and describes some functions of PhpMyAdmin like creating, dropping, and altering databases. 3) The document also covers potential problems with special characters when inserting database values into HTML and how functions like htmlspecialchars() and magic_quotes_gpc can help address these issues.

Uploaded by

Kekw
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Department of Collegiate and Technical Education Diploma in CS&E

Course: Web Programming Code: 15CS52T

Study Material

UNIT-V: Database Access through the web

Session No. 01

Database Access with PHP and MYSQL

First, we have to create a MYSQL database using XAMPP. XAMPP is an easy to


install APACHE distribution containing MySQL, PHP and Perl. PhpMyAdmin is a
web based software used for creating and maintaining MySQL databases.
PhpMyAdmin can manage a whole MYSQL server as well as a single database.
PhpMyAdmin can:
• Browse and drop databases, tables, views, fields and indexes.
• Create, copy, drop, rename and alter databases, tables, fields and indexes.
• Maintenance server, databases and tables.
• Execute, edit and bookmark any SQL-statement, even batch-queries.
• Load text files into tables.

With XAMPP installed, we need to do:

1. Open your browser and enter http://localhost/phpmyadmin. This will bring you
to the MYSQL setup page:

[Web Programming-15CS52T] 1
Department of Collegiate and Technical Education Diploma in CS&E

2. Enter a name for the database, then click on the create button. The name must
be 64 characters or less and composed of letters, numbers and underscores.
Avoid using numbers at the start of the name. A good name should indicate
the purpose of the database.

[Web Programming-15CS52T] 2
Department of Collegiate and Technical Education Diploma in CS&E

3.Ensure the database was successfully created:

[Web Programming-15CS52T] 3
Department of Collegiate and Technical Education Diploma in CS&E

Potential Problems with special characters


When a query is made on a database through a browser, the result of the query
must be returned to the browser as HTML. Putting database field data into an
HTML document creates a potential problem.
A field retrieved from the database may contain characters that are special
in HTML, namely &,”,’<or>. PHP include a function called
htmlspecialchars() that replaces all occurrences of these special characters
into their corresponding HTML entities. The translations performed are:
• ‘ & ’(ampersand) becomes ‘&amp;’
• ‘ ” ’(double quote) becomes ‘&quot;’
• ‘ ‘ ‘(single quote)becomes ‘&#039;’
• ‘ < ’(less than)becomes ‘&lt;’
• ‘ > ’(greater than)becomes ‘&gt;’

Example:
<? php
$new= htmlspecialchars (“<a href=’test’>Test</a>”);
echo $new;
?>

Output:
&lt; a href=&#039; test &#039; &gt;Test &lt; /a &gt;

Another problem with special characters is when the PHP scripts get values through
GET, POST, or from Cookie. Strings from these sources could contain quotes, double
quotes, backslashes and null characters all of which could possibly cause problems.
To avoid these problems, PHP has an implicit backslashing function named
magic_quotes_gpc , which can be turned on or off in the PHP.ini file.
Magic quotes , is the process of escaping special characters with a ‘\’ to
allow a string to be entered into a database. If magic_quotes_gpc is turned on, you are
using all GET, POST and Cookies variables(gpc) in PHP will already have special
characters like “,’ and \ escaped so it is safe to put them directly into an SQL query.

[Web Programming-15CS52T] 4
Department of Collegiate and Technical Education Diploma in CS&E

When it is enabled state, all values received in a script from $_POST,$_GET and
$_COOKIE have backslashes implicitly inserted in front of all single quotes, double
quotes, backslashes and null characters.
For example, if the string
John said , It’s a beautiful day outside.
OUTPUT
John said , It\’s a beautiful day outside.
If the string John said, It’s a beautiful day outside is fetched from $_POST it would be
converted by magic_quotes_gpc to John said, It\’s a beautiful day outside.
But this conversion causes other problems. If the script compares the string with the
nonslashed version the comparison will fail. For example, if the query typed in a
textbox is:
Select * from address where name=’john’;
If the name of textbox is myquery, its value can be obtained as:
$query=$_POST[‘myquery’];
The value of $query is converted by magic_quotes_gpc() as:
Select * from address where name=\’john\’;
But this string is not a legal SQL command because of backslashes. If it is sent to
MySQL as a command, it will reject it and displays an error.
To accept SQL command through forms, we have to remove the escaping that magic
quotes puts in. To do this, we have two options :disable magic quotes or strip the
backslashes.
The backslashes can be stripped of using stripslashes() function.
Example:
<? php
$str= “It\’s time to learn PHP”;
echo stripslashes($str);
?>
OUTPUT
It’s time to learn PHP

[Web Programming-15CS52T] 5

You might also like