Upload
emily-wells
View
215
Download
0
Embed Size (px)
Citation preview
Creating Databases for Web Applications
SQL Select extras
Listing [names of] tables
generalized display of recordset
simple password handling
php and other databases
Homework: work on projects, new & old posting assignments
GetImageSize example
• Addition to code shown last time:
$size=GetImageSize($file);
print ("Dimensions are: ".$size[0]." by ".$size[1]." pixels.<br>");
$area = $size[0]*$size[1];
print ("Area is $area pixels.<br>");
results (first part)
uploading file named 91940.jpg
File size is 56866
fullname is: D:\\InetPub\\wwwroot\\users\\jeanine\\\91940.jpg.
Dimensions are: 600 by 393 pixels.
Area is 235800 pixels.
file successfully uploaded.
Select operators
=, >, <, >=, <=, != or ><IS NOT NULL, IS NULLBETWEENIN, NOT INLIKE (has wild card character: %, others)REGEXP
• Also, have DISTINCTSELECT DISTINCT category FROM questions;
Select aggregate functions
• AVG, COUNT, MIN, MAX, STD, SUMSELECT AVG(score) in players;
SELECT COUNT(*) in players WHERE score > 100;
• Get these as 0th field, 0th row of recordset
SELECT AVG(score), MIN(score), MAX(score), STD(score), COUNT(score) in players;
• Get these as 0th, 1st, 2nd, 3rd, 4th, 5th fields of 0th row of recordset
Select control• grouping
SELECT order_id, SUM(quantity) FROM ordereditems GROUP BY order_id;
• limit: SELECT product_id, quantity FROM ordereditems LIMIT 10;
• limit: starting from 1st record fitting conditions and returning 10 recordsSELECT product_name, product_description, product_cost FROM catalog LIMIT 1, 10;
For paging, repeat with variables indicating 1st and last entries:"SELECT product_name, product_description, product_cost FROM catalog LIMIT $FIRST, 10"
SELECT order_id, SUM(quantity) FROM ordereditems GROUP BY
order_id;
Query result:
1 11
2 9
1 1 5
1 2 6
1 4 3
2 2 4
2 3 5
Original data
What are tables in given database<html><head><title>Show table names</title>
</head> <body><?php require("jeanine\quizphp\opendbq.php"); $query="show tables"; $rs=mysql_db_query($DBname, $query, $link);?><table> <tr> <td> Table names </td> </tr><?while ($row=mysql_fetch_array($rs)){ print("<tr> <td>"); print($row[0]); print("</td></tr>"); }print("</table>");?><br> </body> </html>
result
Table names
catalog
customers
history
ordereditems
orders
players
questions
<html><head><title>Show table names and field names</title> </head><body><?php require("jeanine\quizphp\opendbq.php"); $query="show tables"; $rs=mysql_db_query($DBname, $query, $link);?><table border=1> <tr> <th> Table names </th> </tr><?$i = 0;while ($row=mysql_fetch_array($rs)){ print("<tr> <td>");
$tablenames[$i] = $row[0]; $i++; print($row[0]); print("</td></tr>"); }print("</table>");
for ($j=0;$j<$i;$j++) { $query = "describe ".$tablenames[$j]; print ("<p><h2>" . $tablenames[$j]. " table </h2><table border=1>\n "); print ("<th> Field </th> <th> Type </th> <th> Null </th> <th> Key </th> \n "); $rt=mysql_db_query($DBname,$query,$link); while ($fi=mysql_fetch_array($rt)) {
print ("<tr> <td>". $fi['Field'] . "</td>\n ");print ("<td>".$fi['Type'] . "</td>\n ");print ("<td>".$fi['Null'] . " </td>\n ");print ("<td>".$fi['Key'] . " </td>\n ");print ("</tr>");}
print ("</table><p>"); }?></body> </html>
Table of queries• If you have a large set of fixed SQL
queries, you may make a new table:
id description text
1 final diagnosis when presenting signs of appendicitis
Select final.diagnosis from final, initial where initial.temp > 100 AND initial.pain = 'left' AND final.caseno = initial.caseno
2 initial potential ulcer cases Select * from initial where
initial.pain = 'sharp' AND initial.temp < 100
….
Present to user
Pick selection:
description
final diagnosis when presenting signs of appendicitis
initial potential ulcer cases
Don't show the user the messy SQL
Produce responses
• Make the query the SQL corresponding to the user's choice.
• Display recordset in a table– Now, need generalized code that creates
headings for tables and extracts names of fields 'on the fly' based on information in recordset.
• php:– mysql_fetch_field– mysql_fetch_array
<html><head><title>Current Favorites </title> </head> <body> <table><?phprequire("openfirstdb.php"); $query="Select * from favorites";$result=mysql_db_query($DBname, $query, $link); $fieldnames= Array();print ("<table border=1><tr>");$nf = mysql_num_fields($result);for ($i=0; $i<$nf;$i++) {
$fieldobj= mysql_fetch_field($result);$fieldnames[$i]=$fieldobj->name;
print ("<th>".$fieldnames[$i]."</th>"); }print ("</tr>\n");while ($row=mysql_fetch_array($result)) { print ("<tr>");
for ($i=0; $i<$nf; $i++) { print ("<td>".$row[$fieldnames[$i]]."</td>"); } print("</tr>"); } mysql_close($link); ?></table> </body></html>
first for loop to set up headers
Second for loop, in while loop, to extract field data.
asp version
• recordset.fields.count
• recordset.fields(i).Name
<%@ Language=JavaScript %><html><head><title>Input and submit questions to quizasp db </title></head><body><!-- #include file="openfirst.asp" --><table><%var sq ="SELECT * from favorites";rs=Server.CreateObject("ADODB.RecordSet");rs.Open (sq,Conn, 1,3);var fieldnames= new Array();Response.Write ("<table border=1><tr>");var nf = rs.fields.count;var nr=rs.RecordCount;for (i=0; i<nf; i++) {
fieldnames[i]=rs.fields(i).Name;Response.Write("<th>"+ fieldnames[i] +"</th>"); }
Response.Write ("</tr>\n");while(!rs.EOF) { Response.Write("<tr>");
for (j=0; j<nf; j++) { Response.Write ("<td>"+rs.fields.item(fieldnames[j])+"</td>"); } Response.Write("</tr>");
rs.move(1); }%></table> </body></html>
Authentication using passwords
Technique is to establish a table of stored user names and encrypted passwords
• one way encrpytion– php's crypt or MySql's password
• use SQL statement that counts the number of records with the pair of values. If count is greater than 0, then the person is accepted.
• Use session variables or cookies to check that user is 'authenticated'.
• Separate procedure for storing values.
php: crypt
• Can be used with or without a seed:
$cipher = crypt($password,$seed);
• You need to make sure that the seed is the same!
SQL$query = "Select count(*) from passtable where name = '$user' and pass = '$cypher'";
$result=mysql_query($Dbname,$query);
$count = mysql_result($result,0,0);
if ($count>0) {
….okay}
else { …. no good }
calculated value.
recordset has one row, one field
php and other databases• php and MySQL have a special set of
functions. There are also special sets for some other databases. – show some Oracle code
• Alternative is to use a general API (application programming interface). – ODBC: open database connectivity– ADODB: active data object data base– ?
<?php
PutEnv("ORACLE_SID=ORASID");
$connection = Ora_Logon ("username","password"); if ($connection == false){ echo Ora_ErrorCode($connection).": ".Ora_Error($connection)."<BR>"; exit; }
$cursor = Ora_Open ($connection); if ($cursor == false){ echo Ora_ErrorCode($connection).": ".Ora_Error($connection)."<BR>"; exit; }
$query = "select * from email_info"; $result = Ora_Parse ($cursor, $query); if ($result == false){ echo Ora_ErrorCode($cursor).": ".Ora_Error($cursor)."<BR>"; exit; }
$result = Ora_Exec ($cursor); if ($result == false){ echo Ora_ErrorCode($cursor).": ".Ora_Error($cursor)."<BR>"; exit; }
echo "<table border=1>"; echo "<tr><td><b>Full Name</b></td><td> <b>Email Address</b></td></tr>";
while (Ora_Fetch_Into ($cursor, &$values)){ $name = $values[0]; $email = $values[1];
echo "<tr><td>$name</td><td>$email</td></tr>"; }
echo "</table>";
Ora_Close ($cursor); Ora_Logoff ($connection);
?>
ODBC$connect = odbc_connect("firstdb", "", ""); // no user, no password
$query = "SELECT title, description FROM favorites";
$result = odbc_exec($connect, $query);print ("<table>\n");while(odbc_fetch_row($result)){ print ("<tr><td>"); print(odbc_result($result, 1)."</td><td>");
print (odbc_result($result, 2)."</td></tr>"); }
print ("</table>");odbc_close($connect);
DSN
Index starts at 1
ADODB<? include('adodb.inc.php'); $conn = &ADONewConnection('access'); $conn->PConnect('firstdb'); $query = "Select title, description from favorites"; $recordSet = &$conn->Execute($query); while (!$recordSet->EOF) { print $recordSet->fields[0].' '.$recordSet->fields[1].'<BR>'; $recordSet->MoveNext(); } $recordSet->Close(); $conn->Close(); ?>
ADODB needs to be installed
Note -> syntax
Note & syntax
ADODB functions
• Metatypes for handling different names for types (char versus string, others)
• functions for handling dates
• debugging help
• Source:
http://php.weblogs.com/ADODB_manual#install
Homework
• Post constructive comments on other projects (as a reply to posting announcing project).
• Post comments on php versus asp/JavaScript, MySql versus Access, Open Source versus proprietary/Microsoft.
• Finish* projects.