Skip to main content

Insert update and delete with parameters in php mysql database its also anti SQL injection

How to INSERT, UPDATE, DELETE with PHP MySQL Securely and its also anti SQL injection 

Insert update and delete with parameters in php mysql


First you create a MySQL database in phpmyadmin (testdb)

Insert page :

<?php
@$conn = mysqli_connect('localhost','root','','testdb') or die("Please check your database username and password")
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Insert into table</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
<style>
#myform
{
margin:20px;
-webkit-box-shadow: 0px 1px 1px 1px rgba(0,0,0,0.15);
-moz-box-shadow: 0px 1px 1px 1px rgba(0,0,0,0.15);
box-shadow: 0px 1px 1px 1px rgba(0,0,0,0.15);
}
</style>
</head>
<body>
<div id="myform" class="panel panel-primary">
<div class="panel-heading">My Secure form</div>
    <div class="panel-body">
    <div class="row">
    <div class="col-lg-12">
    <form method="post" enctype="multipart/form-data" action="?">
        <div class="row">
            <div class="col-lg-3">
                <div class="form-group">
                <label>Name</label>
                <input type="text" name="name" class="form-control">
                </div>
            </div>
            <div class="col-lg-3">
                <div class="form-group">
                <label>Email</label>
                <input type="text" name="email" class="form-control">
                </div>
            </div>
            <div class="col-lg-3">
                <div class="form-group">
                <label>Contact Number</label>
                <input type="text" name="cnum" class="form-control">
                </div>
            </div>
            <div class="col-lg-3">
                <div class="form-group">
                <label>Address</label>
                <input type="text" name="add" class="form-control">
                </div>
            </div>
            <div class="col-lg-12">
                <div class="form-group">
                <button class="btn btn-primary pull-right" type="submit" name="submit">
                Submit information
                </button>
                </div>
            </div>
          </div>
        </form>
        </div>
     </div>
        <div class="panel-footer">
<?php
if(isset($_POST['submit']))
{
$name = mysqli_real_escape_string($conn, $_POST['name']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$contactn = mysqli_real_escape_string($conn, $_POST['cnum']);
$addrs = mysqli_real_escape_string($conn, $_POST['add']);
if($name != "" and  $email != "" and $contactn != "" and $addrs != "")
{
$insert = "INSERT INTO infotab(name,email,contact,address) VALUES(?,?,?,?)";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $insert))
{
echo "Opps Technical Problems....";
}
else
{
mysqli_stmt_bind_param($stmt, "ssss", $name, $email, $contactn, $addrs);
mysqli_stmt_execute($stmt);
}
echo "Data Inserted Successfully";
}
unset($stmt);
}
?>
        </div>
    </div>
</div>

<div class="panel panel-default" id="myform">
<div class="panel-heading">My Secure form</div>
    <div class="panel-body">
<div class="row">
    <div class="col-lg-12">
        <table class="table table-bordered">
        <thead>
            <tr>
                <th>Name</th>
                    <th>Email</th>
                    <th>Contact Number</th>
                    <th>Address</th>
                    <th>Controls</th>
                </tr>
            </thead>
            <tbody>
            <?php
if($stmt = $conn->
prepare("SELECT id,name,email,contact,address FROM infotab"))
{
$stmt->execute();
$stmt->bind_result($id,$name,$email,$contact,$address);
while($stmt->fetch())
{
?>
<tr>
                <td><?php echo $name; ?></td>
                    <td><?php echo $email; ?></td>
                    <td><?php echo $contact; ?></td>
                    <td><?php echo $address; ?></td>
                    <td align="center" width="200">
                    <div class=" btn-group btn-group-sm">
                    <a href="update.php?update=<?php echo $id; ?>">
                        <button class="btn btn-primary">Update</button>
                        </a>
                        <a href="delete.php?delete=<?php echo $id; ?>">
                        <button class="btn btn-danger">Delete</button>
                        </a>
                    </div>
                    </td>
                </tr>
                <?php
}
}
?>
            </tbody>
        </table>
        </div>
    </div>
    </div>
</div>
</body>
</html>

Update page :

<?php
@$conn = mysqli_connect('localhost','root','','testdb')
or die("Please check your database username and password");
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Updates Records</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
<style>
#myform
{
margin:20px;
-webkit-box-shadow: 0px 1px 1px 1px rgba(0,0,0,0.15);
-moz-box-shadow: 0px 1px 1px 1px rgba(0,0,0,0.15);
box-shadow: 0px 1px 1px 1px rgba(0,0,0,0.15);
}
</style>
</head>
<body>
<?php
$update = $_GET['update'];
if($stmt = $conn->
prepare("SELECT id,name,email,contact,address FROM infotab WHERE id = ?"))
{
$stmt->bind_param("s", $update);
$stmt->execute();
$stmt->bind_result($id,$name,$email,$contact,$address);
$stmt->fetch();
}
?>
<div id="myform" class="panel panel-primary">
<div class="panel-heading">My Secure form</div>
    <div class="panel-body">
    <div class="row">
    <div class="col-lg-12">
    <form method="post" enctype="multipart/form-data" action="?">
        <input type="hidden" value="<?php echo $id; ?>" name="idu">
        <div class="row">
            <div class="col-lg-3">
                <div class="form-group">
                <label>Name</label>
                <input type="text" name="name" class="form-control" value="<?php echo $name; ?>">
                </div>
            </div>
            <div class="col-lg-3">
                <div class="form-group">
                <label>Email</label>
                <input type="text" name="email" class="form-control" value="<?php echo $email; ?>">
                </div>
            </div>
            <div class="col-lg-3">
                <div class="form-group">
                <label>Contact Number</label>
                <input type="text" name="cnum" class="form-control" value="<?php echo $contact; ?>">
                </div>
            </div>
            <div class="col-lg-3">
                <div class="form-group">
                <label>Address</label>
                <input type="text" name="add" class="form-control" value="<?php echo $address; ?>">
                </div>
            </div>
            <div class="col-lg-12">
                <div class="form-group">
                <button class="btn btn-primary pull-right" type="submit" name="update">
                Submit information
                </button>
                </div>
            </div>
          </div>
        </form>
        </div>
     </div>
        <div class="panel-footer">
<?php
if(isset($_POST['update']))
{
$idu = mysqli_real_escape_string($conn, $_POST['idu']);
$name = mysqli_real_escape_string($conn, $_POST['name']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$contactn = mysqli_real_escape_string($conn, $_POST['cnum']); $addrs = mysqli_real_escape_string($conn, $_POST['add']);
if($name != "" and  $email != "" and $contactn != "" and $addrs != "")
{
$insert = "UPDATE infotab SET name=?,email=?,contact=?,address=? WHERE id = '$idu'";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $insert))
{
echo "Opps Technical Problems....";
}
else
{
mysqli_stmt_bind_param($stmt, "ssss", $name, $email, $contactn, $addrs);
mysqli_stmt_execute($stmt);
}
echo "Data Inserted Successfully";
header("location: insert.php");
}
unset($stmt);
}
?>
        </div>
    </div>
</div> </body>
</html> 

Dalete page :

<?php
@$conn = mysqli_connect('localhost','root','','testdb')
or die("Please check your database username and password");
$delete = $_GET['delete'];
if($stmt = $conn->
prepare("DELETE FROM infotab WHERE id=?"))
{
$stmt->bind_param("s", $delete);
$stmt->execute();
header("location: insert.php");
}
?> 

Labels:

Comments

Post a Comment

Popular posts from this blog

How to Create a secure login panel with PHP & Mysql using parameters and session

Secure Login with PHP & Mysql Download project zip Requirement: you need an Apache and MySQL Server database on your device If your computer has xampp or wamp or mamp  or lamp that's great otherwise you need to install Apache and MySQL server Create a database login Run this query : CREATE TABLE admin ( id INT(6) AUTO_INCREMENT PRIMARY KEY, uname VARCHAR(30) NOT NULL, upass VARCHAR(30) NOT NULL ); INSERT INTO `admin` (`id`, `uname`, `upass`) VALUES (NULL, 'admin', 'admin1993'); That means you set your username =  admin and password = admin1993 Login Page: login.php <!doctype html> <html> <head> <meta charset="utf-8"> <title>Login Getway</title> <link rel="stylesheet" href="http://fontawesome.io/assets/font-awesome/css/font-awesome.css" type="text/css"> <style> * { margin:0px; padding:0px; font-family:ar...
Post a Comment
Read more

Windows all version product key free

Product key for window vista : Vista | Ultimate | Acer | 3YDB8-YY3P4-G7FCW-GJMPG-VK48C Vista | Ultimate | Advent | 39MVW-K8KKQ-BGJ9B-24PMW-RYQMV Vista | Ultimate | Alienware | 7QVFM-MF2DT-WXJ62-XTYX3-P9YTT Vista | Ultimate | Asus | 6F2D7-2PCG6-YQQTB-FWK9V-932CC Vista | Ultimate | Dell | 2QBP3-289MF-9364X-37XGX-24W6P Vista | Ultimate | DixonsXP | 6JPQR-4G364-2B7P7-83FXW-DR8QC Vista | Ultimate | Gateway | 6P8XK-GDDTB-X9PJQ-PYF36-G8WGV Vista | Ultimate | Hedy | 7R2C3-DWCBG-C8G96-MPT8T-K37C7 Vista | Ultimate | HP | 23CM9-P7MYR-VFWRT-JGH7R-R933G Vista | Ultimate | Lenovo | 24J6Q-YJJBG-V4K4Q-2J8HY-8HBQQ Vista | Ultimate | OQO | C4QGV-XHYYT-9PW8R-DCFTQ-FBD6M Vista | Ultimate | Toshiba | 33G3W-JY3XQ-CQQ7C-TG96R-R6J6Q Vista | Ultimate | Sony | 2KKTK-YGJKV-3WMRR-3MDQW-TJP47 Vista | Ultimate | Stone | GVV4P-RQXD7-X9XKB-M2G9H-C93VM Vista | Ultimate | Velocity Micro | 9BKKK-7Y888-MHD67-HHXTB-332K9 Vista | Business | Acer | 2TJTJ-C72D7-7BCYH-FV3HT-JGD4F Vista | Bus...
1 comment
Read more

MYSQLI DELETE table data using Parameters Prepared Statements (PHP)

Select and delete data from MySQL table using PHP help of  Parameters Prepared Statements. The output will be this. Source of  the Main page: <?php @$conn = mysqli_connect('localhost','root','','testdb') or die("Please check your database username and password") ?> <!doctype html> <html> <head> <meta charset="utf-8"> <title>Insert into table</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script> <style> #myform { margin:20px; -webkit-box-shadow: 0px ...
Post a Comment
Read more