Scribd Logo
Upload

Welcome to Scribd!

  • MySQLi Procedural Functions

    Uploaded by

    M M
    63 views6 pages
    This document discusses several common MySQLi procedural functions used for connecting to a MySQL database and executing queries. It describes functions such as mysqli_connect() for establishing a connection, mysqli_query() for executing queries, and mysqli_fetch_array() for retrieving rows from query results. Additional functions covered include mysqli_select_db() for changing the active database, mysqli_close() for closing connections, and mysqli_real_escape_string() for escaping special characters in user inputs to prevent SQL injection attacks. Code examples are provided to demonstrate the basic usage of each function.

    Original Description:

    MySQLi

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses several common MySQLi procedural functions used for connecting to a MySQL database and executing queries. It describes functions such as mysqli_connect() for establishing a connection, mysqli_query() for executing queries, and mysqli_fetch_array() for retrieving rows from query results. Additional functions covered include mysqli_select_db() for changing the active database, mysqli_close() for closing connections, and mysqli_real_escape_string() for escaping special characters in user inputs to prevent SQL injection attacks. Code examples are provided to demonstrate the basic usage of each function.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    63 views6 pages

    MySQLi Procedural Functions

    Uploaded by

    M M
    This document discusses several common MySQLi procedural functions used for connecting to a MySQL database and executing queries. It describes functions such as mysqli_connect() for establishing a connection, mysqli_query() for executing queries, and mysqli_fetch_array() for retrieving rows from query results. Additional functions covered include mysqli_select_db() for changing the active database, mysqli_close() for closing connections, and mysqli_real_escape_string() for escaping special characters in user inputs to prevent SQL injection attacks. Code examples are provided to demonstrate the basic usage of each function.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    MySQLi Procedural Functions

    MySQL Improved Extension (MySQLi) provides a Procedural Interface as well as an Object


    Oriented Interface. In this article we will look into some of the common MySQLi Procedural
    functions.

    mysqli_connect()
    This function is used for connecting to MySQL. Before doing any database operation, you
    need to connect to MySQL. On success, this function returns a link identifier that you can use
    in other MySQLi functions. On failure, it will throw an error.

    Following is how a user named robin with password robin123 need to connect to a database
    called company_db at localhost. User robin should have privileges to access company_db.

    1.$link = mysqli_connect('localhost', 'robin', 'robin123', 'company_db');

    If your MySQL port is different from default one (3308), you need to give the port number as
    the fifth parameter.

    1.$link = mysqli_connect('localhost', 'robin', 'robin123', 'company_db',


    '3800');

    mysqli_connect_error()
    mysqli_connect() throws an error at failure and mysqli_connect_error() stores the error in last
    call to mysqli_connect(). If there is no error, it returns NULL.

    To try out a mysqli_connect() error, stop MySQL server and call to mysqli_connect(). If you
    have enabled PHP errors, you would see an error that includes information like below.
    mysqli_connect_error() would returns the same message.

    Can’t connect to MySQL server on ‘localhost’

    In practice, it’s not good to show error messages like these to the users of your PHP
    application (They may contain sensitive data and they can look too technical).

    Therefore you can use error suspension operator in front of mysqli_connect() to stop it
    throwing errors and use mysqli_connect_error() to log the error for troubleshooting like
    below.

    01.<?php
    02.
    03.$link = @mysqli_connect('localhost', 'robin', 'robin123', 'company_db');
    04.
    05.if (mysqli_connect_error()) {
    06.$logMessage = 'MySQL Error: ' . mysqli_connect_error();
    07.// Call your logger here.
    08.die('Could not connect to the database');
    09.}
    10.
    11.// Rest of the code goes here
    12.
    13.?>

    mysqli_select_db()
    To change the database in use, you can use mysqli_select_db(). For an example think that user
    robin also has privileges for a database called company_new_db then you can change the
    database like below.

    1.$link = @mysqli_connect('localhost', 'robin', 'robin123', 'company_db');


    2.
    3.// Operations on 'company_db'
    4.
    5.mysqli_select_db($link, 'company_new_db');
    6.
    7.// Operations on 'company_new_db'

    You will only need this function if your PHP application deals with more than one database.

    mysqli_close()
    You can use this function to close a MySQL connection. It returns TRUE on success and
    FALSE on failure.

    1.$link = @mysqli_connect('localhost', 'robin', 'robin123', 'company_db');


    2.
    3.// MySQL operations goes here.
    4.
    5.mysqli_close($link);

    PHP will close open connections and release resources at the end of your PHP script. But it’s
    a good practice to explicitly use mysqli_close() at the end of MySQL operations to release
    resources immediately.

    mysqli_query()
    This is the function used for executing MySQL queries. It returns FALSE on failure. For
    SELECT, SHOW, DESCRIBE and EXPLAIN queries (where there is an output), it returns a
    MySQL result set (resource) which can be used in functions like mysqli_fetch_array().

    For all other queries like INSERT, UPDATE and DELETE, it returns TRUE on success.

    01.$link = @mysqli_connect('localhost', 'robin', 'robin123', 'company_db');


    02.
    03.$query = "SELECT * FROM employee";
    04.
    05.if (mysqli_query($link, $query)) {
    06.// Iterate and display result
    07.} else {
    08.// Show error
    09.}
    10.
    11.mysqli_close($link);

    mysqli_fetch_array()
    This function is used for reading data from a MySQL result set (returned by a
    mysqli_query()). It reads and returns one row of data as an array and then moves the pointer
    to next row. When there are no more rows to return, it returns NULL. Because of this
    behavior, it’s often used with a While Loop as below.

    1.while ($row = mysqli_fetch_array($result)) {


    2./* Till there is data, $row will be an array.
    3.* At the end, $row becomes NULL ending the loop.
    4.*/
    5.}

    Let’s assume following employee table is available in our company_db database.

    Below is how we would fetch ID, First Name and Last Name from this table.

    01.<?php
    02.
    03.$link = @mysqli_connect('localhost', 'robin', 'robin123', 'company_db');
    04.
    05.$query = "SELECT `id`, `first_name`, `last_name` FROM `employee`";
    06.
    07.$result = mysqli_query($link, $query);
    08.
    09.while ($row = mysqli_fetch_array($result)) {
    10.echo $row[0] . ': ' . $row[1] . ' ' . $row[2];
    11.echo '<br />';
    12.}
    13.
    14.mysqli_free_result($result);
    15.
    16.mysqli_close($link);
    17.
    18.?>

    When you run, above code will output following content in the web browser.

    1: Robin Jackman
    2: Taylor Edward

    In addition to an Indexed array, mysqli_fetch_array() also returns an Associated array where


    keys are corresponding column names of the table. So, following code segment will produce
    same output.

    1.while ($row = mysqli_fetch_array($result)) {


    2.echo $row['id'] . ': ' . $row['first_name'] . ' ' . $row['last_name'];
    3.echo '<br />';
    4.}

    You can limit which array to return as below.

    1.// Returns only an Indexed array


    2.mysqli_fetch_array($result, MYSQLI_NUM);
    3.
    4.// Returns only an Associated array
    5.mysqli_fetch_array($result, MYSQLI_ASSOC);

    PHP provides two functions that produce same results as you get by passing constants to
    mysqli_fetch_array().

    1.// Same as mysqli_fetch_array($result, MYSQLI_NUM)


    2.mysqli_fetch_row($result);
    3.
    4.// Same as mysqli_fetch_array($result, MYSQLI_ASSOC)
    5.mysqli_fetch_assoc($result);

    mysqli_free_result()
    Immediately after using a result set, you can free the memory used for it as below.

    1.mysqli_free_result($result);

    mysqli_num_rows()
    mysqli_num_rows() returns the number of rows in a result set. Using it, you can take a
    different action when the result set is empty. Provjerava broj redova (num rows) u rezultatu.

    if (mysql_num_rows($result) > 0) {
    echo "Account Exists";
    } else {
    echo "Account does not exist";
    }

    Tj.

    1.if (mysqli_num_rows($result) > 0) {


    2.// Proceed with the $result
    3.} else {
    4.// Show an error message
    5.}

    mysqli_affected_rows()
    This function provides information on last MySQL query executed. For INSERT, UPDATE,
    REPLACE and DELETE, it provides number of rows affected. For SELECT, it returns
    number of rows in the result set as mysqli_num_rows().

    For an example, following is an UPDATE query to update the last name of Taylor in
    employee table. Provided that id field is unique we know that only one row should be affected
    from this query.

    01.$query = "UPDATE `employee` SET `last_name` = 'Adams' WHERE `id` = 2";


    02.
    03.mysqli_query($link, $query);
    04.
    05.if (mysqli_affected_rows($link) == 1) {
    06.// Rest of the code
    07.} else {
    08.// Show an error message
    09.}

    mysqli_error()
    If there was an error in last MySQL query, this function will return the error. If there was no
    error, it would return an empty string.

    1.if (!mysqli_query($link, $query)) {


    2.$logMessage = 'MySQL Error: ' . mysqli_error($link);
    3.// Call your logger here.
    4.die('There was an error in the query');
    5.}

    mysqli_real_escape_string()
    Some characters like single quote has special meaning in SQL statements. For an example,
    single quote is used for wrapping strings. So, if your SQL statement contains these special
    characters, you need to escape them via mysqli_real_escape_string() before sending the query
    to mysqli_query().

    Following call to mysqli_query() returns FALSE since the single quote in O’Neil hasn’t been
    escaped.

    1.$query = "SELECT `id` FROM `employee` WHERE `last_name` = 'O'Neil'";


    2.mysqli_query($link, $query);

    Following call to mysqli_query() would return a proper result set (provided that an employee
    exists with last name O’Neil) since the name is first escaped via mysqli_real_escape_string().

    1.$name = mysqli_real_escape_string($link, "O'Neil");


    2.$query = "SELECT `id` FROM `employee` WHERE `last_name` = '$name'";
    3.mysqli_query($link, $query);

    If your SQL statements are built based on user inputs like below, it’s always a good idea to
    use this function since user input may contain special characters.
    1.$lastName = mysqli_real_escape_string($link, $_POST['lastName']);
    2.$query = "SELECT `id` FROM `employee` WHERE `last_name` = '$lastName'";
    3.mysqli_query($link, $query);

    Another fact is user inputs may contain attempts for security breaches by having special
    characters to execute malicious actions (SQL injection). Escaping user input will reduce the
    risk of SQL injection.

    You might also like