Php: Main
What is this tutorial about?
I am going to show you how to make a page which pulls data from a database depending on the page ID.
What are the requirements?
A host with Php and Mysql. Although, you can Setup localhost and run the whole thing from your computer. Also a basic php and maybe some sql knowledge would be nice.
Is this secure?
Yes, it should be secure enough. I will be using security techniques like addslashes and mysql_real_escape_string.
Okay, so lets get started!
First of all, make a php file called index.php, or pages.php. Although i will refer to it as index.php throughout this tutorial.
At the very top of this php page, add this code:
<?php
$page = $_GET['page'];
addslashes($page);
$conn = mysql_connect("localhost","Username","Passwor d");
if (!$conn)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("pages", $conn);
?>
I shall now explain this code below.
<?php
$page = $_GET['page'];
addslashes($page);
This gets the page value from the url, for example if you went to index.php?page=LOL it would return LOL into that $page variable. We now apply addslashes() to the $page variable for security reasons, as we are going to be using this in a MySQL query.
$conn = mysql_connect("localhost","Username","Passwor d");
if (!$conn)
{
die('Could not connect: ' . mysql_error());
}
This will connect to the mysql database, and produce a mysql error if it can't connect for any reason. You must fill out your username and password; if your mysql server isn't localhost, you'll also have to change that.
mysql_select_db("pages", $conn);
?>
This code will select the database "pages", which you must either create. Or enter the name of an already made database into there.
Right, that is the connect + select DB script done. Now to make the script that will pull the data down from the database.
But first, we will need to make the table. To do this, execute this sql query in your PhpMyAdmin:
CREATE TABLE pages
(
pageid varchar(30),
content text
)
I'll just briefly explain the above code.
It creates a table in the database called pages. And in this table, it creates two collums: pageid and content. As you can see, pageid is a varchar(30). That means it can be a string of any letters/numbers upto 30 characters. And the text datatype on content means that it is just really long, raw text.
Okay, so we have our table and connect script, just the select script now:
<?php
mysql_real_escape_string($page,$conn);
$sql = "SELECT * FROM pages WHERE pagename = '$page' LIMIT 1";
$result = mysql_query($sql);
$result2 = mysql_fetch_assoc($result);
$content = $result2[content];
if(!$content==""){
echo $content;
}
else{
echo "Either this page doesn't exist, or there was some other error.";
}
?>
I'll now explain the above code.
mysql_real_escape_string($page,$conn);
This is another security feature, we are applying it on the $page variable.
Better explained here.
$sql = "SELECT * FROM pages WHERE pageid = '$page' LIMIT 1";
$result = mysql_query($sql);
$result2 = mysql_fetch_assoc($result);
This code defines the sql query we are going to be using on the database, then executes it in mysql_query as the variable $result. It now applies mysql_fetch_assoc to that result, which returns an associative array of the data we fetched from the database.
$content = $result2[content];
This sets the variable $content to the content part of the row where the pageid is the one that is stored in the $page variable.
if(!$content==""){
echo $content;
}
else{
echo "Either this page doesn't exist, or there was some other error.";
}
This checks if the $content variable contains any data, if it does, it will echo it out. If it doesn't, it will show our error.
Now i'm going to explain the above sql query:
SELECT * FROM pages
This selects all data from the table pages, * is a wildcard.
WHERE pageid = '$page'
This makes it only return data when the pageid is the same as the $page variable, from earlier on in this tutorial.
LIMIT 1
This will make it only return the first row it finds.
-Continued on post 2-
