Creating Databases for Web Applications

SQL Select extras

Listing [names of] tables

generalized display of recordset

simple password handling

php and other databases

Homework: work on projects, new & old posting assignments

GetImageSize example

• Addition to code shown last time:

$size=GetImageSize($file);

print ("Dimensions are: ".$size[0]." by ".$size[1]." pixels.<br>");

$area = $size[0]*$size[1];

print ("Area is $area pixels.<br>");

results (first part)

uploading file named 91940.jpg

File size is 56866

fullname is: D:\\InetPub\\wwwroot\\users\\jeanine\\\91940.jpg.

Dimensions are: 600 by 393 pixels.

Area is 235800 pixels.

file successfully uploaded.

Select operators

=, >, <, >=, <=, != or ><IS NOT NULL, IS NULLBETWEENIN, NOT INLIKE (has wild card character: %, others)REGEXP

• Also, have DISTINCTSELECT DISTINCT category FROM questions;

Select aggregate functions

• AVG, COUNT, MIN, MAX, STD, SUMSELECT AVG(score) in players;

SELECT COUNT(*) in players WHERE score > 100;

• Get these as 0th field, 0th row of recordset

SELECT AVG(score), MIN(score), MAX(score), STD(score), COUNT(score) in players;

• Get these as 0th, 1st, 2nd, 3rd, 4th, 5th fields of 0th row of recordset

Select control• grouping

SELECT order_id, SUM(quantity) FROM ordereditems GROUP BY order_id;

• limit: SELECT product_id, quantity FROM ordereditems LIMIT 10;

• limit: starting from 1st record fitting conditions and returning 10 recordsSELECT product_name, product_description, product_cost FROM catalog LIMIT 1, 10;

For paging, repeat with variables indicating 1st and last entries:"SELECT product_name, product_description, product_cost FROM catalog LIMIT $FIRST, 10"

SELECT order_id, SUM(quantity) FROM ordereditems GROUP BY

order_id;

Query result:

1 11

2 9

1 1 5

1 2 6

1 4 3

2 2 4

2 3 5

Original data

What are tables in given database<html><head><title>Show table names</title>

</head> <body><?php require("jeanine\quizphp\opendbq.php"); $query="show tables"; $rs=mysql_db_query($DBname, $query, $link);?><table> <tr> <td> Table names </td> </tr><?while ($row=mysql_fetch_array($rs)){ print("<tr> <td>"); print($row[0]); print("</td></tr>"); }print("</table>");?><br> </body> </html>

result

Table names

catalog

customers

history

ordereditems

orders

players

questions

<html><head><title>Show table names and field names</title> </head><body><?php require("jeanine\quizphp\opendbq.php"); $query="show tables"; $rs=mysql_db_query($DBname, $query, $link);?><table border=1> <tr> <th> Table names </th> </tr><?$i = 0;while ($row=mysql_fetch_array($rs)){ print("<tr> <td>");

$tablenames[$i] = $row[0]; $i++; print($row[0]); print("</td></tr>"); }print("</table>");

for ($j=0;$j<$i;$j++) { $query = "describe ".$tablenames[$j]; print ("<p><h2>" . $tablenames[$j]. " table </h2><table border=1>\n "); print ("<th> Field </th> <th> Type </th> <th> Null </th> <th> Key </th> \n "); $rt=mysql_db_query($DBname,$query,$link); while ($fi=mysql_fetch_array($rt)) {

print ("<tr> <td>". $fi['Field'] . "</td>\n ");print ("<td>".$fi['Type'] . "</td>\n ");print ("<td>".$fi['Null'] . "&nbsp;</td>\n ");print ("<td>".$fi['Key'] . "&nbsp;</td>\n ");print ("</tr>");}

print ("</table><p>"); }?></body> </html>

Table of queries• If you have a large set of fixed SQL

queries, you may make a new table:

id description text

1 final diagnosis when presenting signs of appendicitis

Select final.diagnosis from final, initial where initial.temp > 100 AND initial.pain = 'left' AND final.caseno = initial.caseno

2 initial potential ulcer cases Select * from initial where

initial.pain = 'sharp' AND initial.temp < 100

….

Present to user

Pick selection:

description

final diagnosis when presenting signs of appendicitis

initial potential ulcer cases

Don't show the user the messy SQL

Produce responses

• Make the query the SQL corresponding to the user's choice.

• Display recordset in a table– Now, need generalized code that creates

headings for tables and extracts names of fields 'on the fly' based on information in recordset.

• php:– mysql_fetch_field– mysql_fetch_array

<html><head><title>Current Favorites </title> </head> <body> <table><?phprequire("openfirstdb.php"); $query="Select * from favorites";$result=mysql_db_query($DBname, $query, $link); $fieldnames= Array();print ("<table border=1><tr>");$nf = mysql_num_fields($result);for ($i=0; $i<$nf;$i++) {

$fieldobj= mysql_fetch_field($result);$fieldnames[$i]=$fieldobj->name;

print ("<th>".$fieldnames[$i]."</th>"); }print ("</tr>\n");while ($row=mysql_fetch_array($result)) { print ("<tr>");

for ($i=0; $i<$nf; $i++) { print ("<td>".$row[$fieldnames[$i]]."</td>"); } print("</tr>"); } mysql_close($link); ?></table> </body></html>

first for loop to set up headers

Second for loop, in while loop, to extract field data.

asp version

• recordset.fields.count

• recordset.fields(i).Name

<%@ Language=JavaScript %><html><head><title>Input and submit questions to quizasp db </title></head><body><!-- #include file="openfirst.asp" --><table><%var sq ="SELECT * from favorites";rs=Server.CreateObject("ADODB.RecordSet");rs.Open (sq,Conn, 1,3);var fieldnames= new Array();Response.Write ("<table border=1><tr>");var nf = rs.fields.count;var nr=rs.RecordCount;for (i=0; i<nf; i++) {

fieldnames[i]=rs.fields(i).Name;Response.Write("<th>"+ fieldnames[i] +"</th>"); }

Response.Write ("</tr>\n");while(!rs.EOF) { Response.Write("<tr>");

for (j=0; j<nf; j++) { Response.Write ("<td>"+rs.fields.item(fieldnames[j])+"</td>"); } Response.Write("</tr>");

rs.move(1); }%></table> </body></html>

Authentication using passwords

Technique is to establish a table of stored user names and encrypted passwords

• one way encrpytion– php's crypt or MySql's password

• use SQL statement that counts the number of records with the pair of values. If count is greater than 0, then the person is accepted.

• Use session variables or cookies to check that user is 'authenticated'.

• Separate procedure for storing values.

php: crypt

• Can be used with or without a seed:

$cipher = crypt($password,$seed);

• You need to make sure that the seed is the same!

SQL$query = "Select count(*) from passtable where name = '$user' and pass = '$cypher'";

$result=mysql_query($Dbname,$query);

$count = mysql_result($result,0,0);

if ($count>0) {

….okay}

else { …. no good }

calculated value.

recordset has one row, one field

php and other databases• php and MySQL have a special set of

functions. There are also special sets for some other databases. – show some Oracle code

• Alternative is to use a general API (application programming interface). – ODBC: open database connectivity– ADODB: active data object data base– ?

<?php

PutEnv("ORACLE_SID=ORASID");

$connection = Ora_Logon ("username","password"); if ($connection == false){ echo Ora_ErrorCode($connection).": ".Ora_Error($connection)."<BR>"; exit; }

$cursor = Ora_Open ($connection); if ($cursor == false){ echo Ora_ErrorCode($connection).": ".Ora_Error($connection)."<BR>"; exit; }

$query = "select * from email_info"; $result = Ora_Parse ($cursor, $query); if ($result == false){ echo Ora_ErrorCode($cursor).": ".Ora_Error($cursor)."<BR>"; exit; }

$result = Ora_Exec ($cursor); if ($result == false){ echo Ora_ErrorCode($cursor).": ".Ora_Error($cursor)."<BR>"; exit; }

echo "<table border=1>"; echo "<tr><td><b>Full Name</b></td><td> <b>Email Address</b></td></tr>";

while (Ora_Fetch_Into ($cursor, &$values)){ $name = $values[0]; $email = $values[1];

echo "<tr><td>$name</td><td>$email</td></tr>"; }

echo "</table>";

Ora_Close ($cursor); Ora_Logoff ($connection);

?>

ODBC$connect = odbc_connect("firstdb", "", ""); // no user, no password

$query = "SELECT title, description FROM favorites";

$result = odbc_exec($connect, $query);print ("<table>\n");while(odbc_fetch_row($result)){ print ("<tr><td>"); print(odbc_result($result, 1)."</td><td>");

print (odbc_result($result, 2)."</td></tr>"); }

print ("</table>");odbc_close($connect);

DSN

Index starts at 1

ADODB<? include('adodb.inc.php'); $conn = &ADONewConnection('access'); $conn->PConnect('firstdb'); $query = "Select title, description from favorites"; $recordSet = &$conn->Execute($query); while (!$recordSet->EOF) { print $recordSet->fields[0].' '.$recordSet->fields[1].'<BR>'; $recordSet->MoveNext(); } $recordSet->Close(); $conn->Close(); ?>

ADODB needs to be installed

Note -> syntax

Note & syntax

ADODB functions

• Metatypes for handling different names for types (char versus string, others)

• functions for handling dates

• debugging help

• Source:

http://php.weblogs.com/ADODB_manual#install

Homework

• Post constructive comments on other projects (as a reply to posting announcing project).

• Post comments on php versus asp/JavaScript, MySql versus Access, Open Source versus proprietary/Microsoft.

• Finish* projects.