Web penetration of PHP and MySQL interaction

LAMP is a common combination.

The design of BBS.

0x01 PHP interacts with MySQL

Establish a link with MySQL
Execute SQL statement
Operation result set object
Close the link with MySQL

0x02 Establish a link with MySQL

Use the functions provided by PHP directly.

Connect to the specified mysql server

mysqli_connect()

$link=@mysqli_connect($host, $user, $password,$database,$port);
//$host         服务器的地址，一般为127.0.0.1
//$user         数据库的用户名
//$password     数据库的密码
//$database     与MySQL 建立连接时，所选择的数据库名字。[可选]
//$port         连接数据库时，所使用的端口[可选]

If the link is successful, return object(mysqli)1 ; otherwise, returnbool(false)
$link It is a variable of object type, equivalent to a "token".

Prompt when connection error

mysqli_connect_errno();     //返回最后一次连接调用的错误代码
mysqli_connect_error();     //返回一个字符串描述的最后一次连接调用的错误代码

Set the default character encoding

mysqli_set_charset ($link,'utf-8);

Choose a specific database

mysqli_select_db($link,'bbs');

Close the connection to the mysql server

mysqli_close($link);

0x03 execute SQL statement

Execute a SQL statement to the database

$sql = "select message.id,user.username,message.title 
from user,message where message.uid=user.id";
$results = mysqli_query($link,$sql);
var_dump($results); //  object(mysqli_result)#2
//$link                 与mysql 交互的”令牌“
//$sql                  执行的SQL 语句
//$results              结果对象集合

If the SQL statement is executed normally, it will return the object type object(mysqli_result)#2 data; otherwise, it will return bool(false).
For the insert, delete, update and other SQL statement does not return data, while performing no error will be returned true.
The result set object will be returned when the SQL statement that returns data is executed successfully . You can use the function of operating the result set object to get data from it.
MYSQLI_STORE_RESULT And MYSQLI_USE_RESULT determines the way to get the result set between mysqli client and server.
- MYSQLI_STORE_RESULTNext, when SQL is executed, the result set is extracted and returned to the client, and memory is allocated and stored in the user program space. After that, it is mysqli_fetch_array() equivalent to fetching data from the local;
- MYSQLI_USE_RESULTIn the mode, the result line mysqli_fetch_array()must be serverrequested every time .
- MYSQLI_USE_RESULT, server The result set is not retrieved when executing SQL .

SQL statement error

If an error occurs during the execution of the SQL statement, the above two functions will both return false. And you can use the following functions to handle the cause of the error:

die("[".mysqli_errno($link)."]".mysqli_error($link));
//$link         与MySQL 数据库交互的令牌

0x04 Functions for manipulating result set objects

Common functions to parse data from result set objects

Function quick check

Function description mysqli_fetch_row() obtains the data of a record in the form of index array mysqli_fetch_assoc() obtains the data of a record in the form of associative array mysqli_fetch_array() obtains the data of a record in the form of index array or associative array mysqli_fetch_all() uses the index array Or associative array to obtain the data of all records mysqli_num_rows() to obtain the number of rows in the result mysqli_free_result() to release the memory associated with a result set

mysqli_num_rows()

mysqli_num_rows($results);  
//                              4
//$results                      结果集对象

mysqli_fetch_row()

$result = mysqli_fetch_row($results);   //array(3)
$result = mysqli_fetch_row($results);   //array(3)
$result = mysqli_fetch_row($results);   //array(3)
$result = mysqli_fetch_row($results);   //array(3)
$result = mysqli_fetch_row($results);   //null

mysqli_fetch_assoc()

while($result = mysqli_fetch_assoc($results)){
    var_dump($result);
}

Simple application

<?php
<?php
/*
    结果集对象$results 有几条记录
    循环就执行几次
    表格就有几行（除了表头以外）
    就有几个<tr> 标签
    
    每条记录有几个字段
    数组中有多少个元素。
    每一行中就有几个单元格
    就是几个<td> 标签。
*/
while($result = mysqli_fetch_assoc($results)){
    echo "<tr>";
    foreach($result as $k => $v){
        if($k == "title"){
            $html = "
<td>
    <a 
        href = './messageShow.php?id={$result['id']}' 
        target = '_blank'>
        {$v}
    </a>
</td>";
            echo $html; 
        }else{
            echo "<td>";
            echo $v;
            echo "</td>";
        }
    }
    echo "</tr>";
}
?>

0x05 Other commonly used functions

mysqli_real_escape_string()

Escaping special characters used in SQL statements to prevent errors in SQL statements

string mysqli_real_escape_string ( mysqli $link , string $escapestr );