Introduction
What is a Database?
A database is a separate application that stores a collection of data. Each database has one or more distinct APIs for creating, accessing, managing, searching and replicating the data it holds.
Other kinds of data stores can also be used, such as files on the file system or large hash tables in memory but data fetching and writing would not be so fast and easy with those type of systems.
Nowadays, we use relational database management systems (RDBMS) to store and manage huge volume of data. This is called relational database because all the data is stored into different tables and relations are established using primary keys or other keys known as Foreign Keys.
A Relational DataBase Management System (RDBMS) is a software that −
-
Enables you to implement a database with tables, columns and indexes.
-
Guarantees the Referential Integrity between rows of various tables.
-
Updates the indexes automatically.
-
Interprets an SQL query and combines information from various tables.
RDBMS Terminology
Before we proceed to explain the MySQL database system, let us revise a few definitions related to the database.
-
Database − A database is a collection of tables, with related data.
-
Table − A table is a matrix with data. A table in a database looks like a simple spreadsheet.
-
Column − One column (data element) contains data of one and the same kind, for example the column postcode.
-
Row − A row (= tuple, entry or record) is a group of related data, for example the data of one subscription.
-
Redundancy − Storing data twice, redundantly to make the system faster.
-
Primary Key − A primary key is unique. A key value can not occur twice in one table. With a key, you can only find one row.
-
Foreign Key − A foreign key is the linking pin between two tables.
-
Compound Key − A compound key (composite key) is a key that consists of multiple columns, because one column is not sufficiently unique.
-
Index − An index in a database resembles an index at the back of a book.
-
Referential Integrity − Referential Integrity makes sure that a foreign key value always points to an existing row.
MySQL Database
MySQL is a fast, easy-to-use RDBMS being used for many small and big businesses. MySQL is developed, marketed and supported by MySQL AB, which is a Swedish company. MySQL is becoming so popular because of many good reasons −
-
MySQL is released under an open-source license. So you have nothing to pay to use it.
-
MySQL is a very powerful program in its own right. It handles a large subset of the functionality of the most expensive and powerful database packages.
-
MySQL uses a standard form of the well-known SQL data language.
-
MySQL works on many operating systems and with many languages including PHP, PERL, C, C++, JAVA, etc.
-
MySQL works very quickly and works well even with large data sets.
-
MySQL is very friendly to PHP, the most appreciated language for web development.
-
MySQL supports large databases, up to 50 million rows or more in a table. The default file size limit for a table is 4GB, but you can increase this (if your operating system can handle it) to a theoretical limit of 8 million terabytes (TB).
-
MySQL is customizable. The open-source GPL license allows programmers to modify the MySQL software to fit their own specific environments.
Before You Begin
Before you begin this tutorial, you should have a basic knowledge of the information covered in our PHP and HTML tutorials.
This tutorial focuses heavily on using MySQL in a PHP environment. Many examples given in this tutorial will be useful for PHP Programmers.
We recommend you check our PHP Tutorial for your reference.
Installation
All downloads for MySQL are located at MySQL Downloads. Pick the version number of MySQL Community Server which is required along with the platform you will be running it on.
Installing MySQL on Linux/UNIX
The recommended way to install MySQL on a Linux system is via RPM. MySQL AB makes the following RPMs available for download on its website −
-
MySQL − The MySQL database server manages the databases and tables, controls user access and processes the SQL queries.
-
MySQL-client − MySQL client programs, which make it possible to connect to and interact with the server.
-
MySQL-devel − Libraries and header files that come in handy when compiling other programs that use MySQL.
-
MySQL-shared − Shared libraries for the MySQL client.
-
MySQL-bench − Benchmark and performance testing tools for the MySQL database server.
The MySQL RPMs listed here are all built on a SuSE Linux system, but they will usually work on other Linux variants with no difficulty.
Now, you will need to adhere to the steps given below, to proceed with the installation −
-
Login to the system using the root user.
-
Switch to the directory containing the RPMs.
-
Install the MySQL database server by executing the following command. Remember to replace the filename in italics with the file name of your RPM.
[root@host]# rpm -i MySQL-5.0.9-0.i386.rpm
The above command takes care of installing the MySQL server, creating a user of MySQL, creating necessary configuration and starting the MySQL server automatically.
You can find all the MySQL related binaries in /usr/bin and /usr/sbin. All the tables and databases will be created in the /var/lib/mysql directory.
The following code box has an optional but recommended step to install the remaining RPMs in the same manner −
[root@host]# rpm -i MySQL-client-5.0.9-0.i386.rpm [root@host]# rpm -i MySQL-devel-5.0.9-0.i386.rpm [root@host]# rpm -i MySQL-shared-5.0.9-0.i386.rpm [root@host]# rpm -i MySQL-bench-5.0.9-0.i386.rpm
Installing MySQL on Windows
The default installation on any version of Windows is now much easier than it used to be, as MySQL now comes neatly packaged with an installer. Simply download the installer package, unzip it anywhere and run the setup.exe file.
The default installer setup.exe will walk you through the trivial process and by default will install everything under C:\mysql.
Test the server by firing it up from the command prompt the first time. Go to the location of the mysqld server which is probably C:\mysql\bin, and type −
mysqld.exe --console
NOTE − If you are on NT, then you will have to use mysqld-nt.exe instead of mysqld.exe
If all went well, you will see some messages about startup and InnoDB. If not, you may have a permissions issue. Make sure that the directory that holds your data is accessible to whatever user (probably MySQL) the database processes run under.
MySQL will not add itself to the start menu, and there is no particularly nice GUI way to stop the server either. Therefore, if you tend to start the server by double clicking the mysqld executable, you should remember to halt the process by hand by using mysqladmin, Task List, Task Manager, or other Windows-specific means.
Verifying MySQL Installation
After MySQL, has been successfully installed, the base tables have been initialized and the server has been started: you can verify that everything is working as it should be via some simple tests.
Use the mysqladmin Utility to Obtain Server Status
Use mysqladmin binary to check the server version. This binary would be available in /usr/bin on linux and in C:\mysql\bin on windows.
[root@host]# mysqladmin --version
It will produce the following result on Linux. It may vary depending on your installation −
mysqladmin Ver 8.23 Distrib 5.0.9-0, for redhat-linux-gnu on i386
If you do not get such a message, then there may be some problem in your installation and you would need some help to fix it.
Execute simple SQL commands using the MySQL Client
You can connect to your MySQL server through the MySQL client and by using the mysqlcommand. At this moment, you do not need to give any password as by default it will be set as blank.
You can just use following command −
[root@host]# mysql
It should be rewarded with a mysql> prompt. Now, you are connected to the MySQL server and you can execute all the SQL commands at the mysql> prompt as follows −
mysql> SHOW DATABASES; +----------+ | Database | +----------+ | mysql | | test | +----------+ 2 rows in set (0.13 sec)
Post-installation Steps
MySQL ships with a blank password for the root MySQL user. As soon as you have successfully installed the database and the client, you need to set a root password as given in the following code block −
[root@host]# mysqladmin -u root password "new_password";
Now to make a connection to your MySQL server, you would have to use the following command −
[root@host]# mysql -u root -p Enter password:*******
UNIX users will also want to put your MySQL directory in your PATH, so you won't have to keep typing out the full path everytime you want to use the command-line client.
For bash, it would be something like −
export PATH = $PATH:/usr/bin:/usr/sbin
Running MySQL at Boot Time
If you want to run the MySQL server at boot time, then make sure you have the following entry in the /etc/rc.local file.
/etc/init.d/mysqld start
Also,you should have the mysqld binary in the /etc/init.d/ directory.
Administration
Running and Shutting down MySQL Server
First check if your MySQL server is running or not. You can use the following command to check it −
ps -ef | grep mysqld
If your MySql is running, then you will see mysqld process listed out in your result. If server is not running, then you can start it by using the following command −
root@host# cd /usr/bin ./safe_mysqld &
Now, if you want to shut down an already running MySQL server, then you can do it by using the following command −
root@host# cd /usr/bin ./mysqladmin -u root -p shutdown Enter password: ******
Setting Up a MySQL User Account
For adding a new user to MySQL, you just need to add a new entry to the user table in the database mysql.
The following program is an example of adding a new user guest with SELECT, INSERT and UPDATE privileges with the password guest123; the SQL query is −
root@host# mysql -u root -p Enter password:******* mysql> use mysql; Database changed mysql> INSERT INTO user (host, user, password, select_priv, insert_priv, update_priv) VALUES ('localhost', 'guest', PASSWORD('guest123'), 'Y', 'Y', 'Y'); Query OK, 1 row affected (0.20 sec) mysql> FLUSH PRIVILEGES; Query OK, 1 row affected (0.01 sec) mysql> SELECT host, user, password FROM user WHERE user = 'guest'; +-----------+---------+------------------+ | host | user | password | +-----------+---------+------------------+ | localhost | guest | 6f8c114b58f2ce9e | +-----------+---------+------------------+ 1 row in set (0.00 sec)
When adding a new user, remember to encrypt the new password using PASSWORD() function provided by MySQL. As you can see in the above example, the password mypass is encrypted to 6f8c114b58f2ce9e.
Notice the FLUSH PRIVILEGES statement. This tells the server to reload the grant tables. If you don't use it, then you won't be able to connect to MySQL using the new user account at least until the server is rebooted.
You can also specify other privileges to a new user by setting the values of following columns in user table to 'Y' when executing the INSERT query or you can update them later using UPDATE query.
- Select_priv
- Insert_priv
- Update_priv
- Delete_priv
- Create_priv
- Drop_priv
- Reload_priv
- Shutdown_priv
- Process_priv
- File_priv
- Grant_priv
- References_priv
- Index_priv
- Alter_priv
Another way of adding user account is by using GRANT SQL command. The following example will add user zara with password zara123 for a particular database, which is named as TUTORIALS.
root@host# mysql -u root -p password; Enter password:******* mysql> use mysql; Database changed mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP -> ON TUTORIALS.* -> TO 'zara'@'localhost' -> IDENTIFIED BY 'zara123';
This will also create an entry in the MySQL database table called as user.
NOTE − MySQL does not terminate a command until you give a semi colon (;) at the end of the SQL command.
The /etc/my.cnf File Configuration
In most of the cases, you should not touch this file. By default, it will have the following entries −
[mysqld] datadir = /var/lib/mysql socket = /var/lib/mysql/mysql.sock [mysql.server] user = mysql basedir = /var/lib [safe_mysqld] err-log = /var/log/mysqld.log pid-file = /var/run/mysqld/mysqld.pid
Here, you can specify a different directory for the error log, otherwise you should not change any entry in this table.
Administrative MySQL Command
Here is the list of the important MySQL commands, which you will use time to time to work with MySQL database −
-
USE Databasename − This will be used to select a database in the MySQL workarea.
-
SHOW DATABASES − Lists out the databases that are accessible by the MySQL DBMS.
-
SHOW TABLES − Shows the tables in the database once a database has been selected with the use command.
-
SHOW COLUMNS FROM tablename: Shows the attributes, types of attributes, key information, whether NULL is permitted, defaults, and other information for a table.
-
SHOW INDEX FROM tablename − Presents the details of all indexes on the table, including the PRIMARY KEY.
-
SHOW TABLE STATUS LIKE tablename\G − Reports details of the MySQL DBMS performance and statistics.
In the next chapter, we will discuss regarding how PHP Syntax is used in MySQL.
PHP Syntax
MySQL works very well in combination of various programming languages like PERL, C, C++, JAVA and PHP. Out of these languages, PHP is the most popular one because of its web application development capabilities.
This tutorial focuses heavily on using MySQL in a PHP environment. If you are interested in MySQL with PERL, then you can consider reading the PERL Tutorial.
PHP provides various functions to access the MySQL database and to manipulate the data records inside the MySQL database. You would require to call the PHP functions in the same way you call any other PHP function.
The PHP functions for use with MySQL have the following general format −
mysql_function(value,value,...);
The second part of the function name is specific to the function, usually a word that describes what the function does. The following are two of the functions, which we will use in our tutorial −
mysqli_connect($connect); mysqli_query($connect,"SQL statement");
The following example shows a generic syntax of PHP to call any MySQL function.
<html> <head> <title>PHP with MySQL</title> </head> <body> <?php $retval = mysql_function(value, [value,...]); if( !$retval ) { die ( "Error: a related error message" ); } // Otherwise MySQL or PHP Statements ?> </body> </html>
Starting from the next chapter, we will see all the important MySQL functionality along with PHP.
Connection
MySQL Connection Using MySQL Binary
You can establish the MySQL database using the mysql binary at the command prompt.
Example
Here is a simple example to connect to the MySQL server from the command prompt −
[root@host]# mysql -u root -p Enter password:******
This will give you the mysql> command prompt where you will be able to execute any SQL command. Following is the result of above command −
The following code block shows the result of above code −
Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 2854760 to server version: 5.0.9 Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
In the above example, we have used root as a user but you can use any other user as well. Any user will be able to perform all the SQL operations, which are allowed to that user.
You can disconnect from the MySQL database any time using the exit command at mysql> prompt.
mysql> exit Bye
MySQL Connection Using PHP Script
PHP provides mysql_connect() function to open a database connection. This function takes five parameters and returns a MySQL link identifier on success or FALSE on failure.
Syntax
connection mysql_connect(server,user,passwd,new_link,client_flag);
Sr.No. | Parameter & Description |
---|---|
1 |
server Optional − The host name running the database server. If not specified, then the default value will be localhost:3306. |
2 |
user Optional − The username accessing the database. If not specified, then the default will be the name of the user that owns the server process. |
3 |
passwd Optional − The password of the user accessing the database. If not specified, then the default will be an empty password. |
4 |
new_link Optional − If a second call is made to mysql_connect() with the same arguments, no new connection will be established; instead, the identifier of the already opened connection will be returned. |
5 |
client_flags Optional − A combination of the following constants −
|
You can disconnect from the MySQL database anytime using another PHP function mysql_close(). This function takes a single parameter, which is a connection returned by the mysql_connect() function.
Syntax
bool mysql_close ( resource $link_identifier );
If a resource is not specified, then the last opened database is closed. This function returns true if it closes the connection successfully otherwise it returns false.
Example
Try the following example to connect to a MySQL server −
<html> <head> <title>Connecting MySQL Server</title> </head> <body> <?php $dbhost = 'localhost:3306'; $dbuser = 'guest'; $dbpass = 'guest123'; $conn = mysql_connect($dbhost, $dbuser, $dbpass); if(! $conn ) { die('Could not connect: ' . mysql_error()); } echo 'Connected successfully'; mysql_close($conn); ?> </body> </html>
Create Database
Create Database Using mysqladmin
You would need special privileges to create or to delete a MySQL database. So assuming you have access to the root user, you can create any database using the mysql mysqladmin binary.
Example
Here is a simple example to create a database called TUTORIALS −
[root@host]# mysqladmin -u root -p create TUTORIALS Enter password:******
This will create a MySQL database called TUTORIALS.
Create a Database using PHP Script
PHP uses mysql_query function to create or delete a MySQL database. This function takes two parameters and returns TRUE on success or FALSE on failure.
Syntax
bool mysql_query( sql, connection );
Sr.No. | Parameter & Description |
---|---|
1 |
sql Required - SQL query to create or delete a MySQL database |
2 |
connection Optional - if not specified, then the last opened connection by mysql_connect will be used. |
Example
The following example to create a database −
<html> <head> <title>Creating MySQL Database</title> </head> <body> <?php $dbhost = 'localhost:3036'; $dbuser = 'root'; $dbpass = 'rootpassword'; $conn = mysql_connect($dbhost, $dbuser, $dbpass); if(! $conn ) { die('Could not connect: ' . mysql_error()); } echo 'Connected successfully<br />'; $sql = 'CREATE DATABASE TUTORIALS'; $retval = mysql_query( $sql, $conn ); if(! $retval ) { die('Could not create database: ' . mysql_error()); } echo "Database TUTORIALS created successfully\n"; mysql_close($conn); ?> </body> </html>
Drop Database
Drop a Database using mysqladmin
You would need special privileges to create or to delete a MySQL database. So, assuming you have access to the root user, you can create any database using the mysql mysqladmin binary.
Be careful while deleting any database because you will lose your all the data available in your database.
Here is an example to delete a database(TUTORIALS) created in the previous chapter −
[root@host]# mysqladmin -u root -p drop TUTORIALS Enter password:******
This will give you a warning and it will confirm if you really want to delete this database or not.
Dropping the database is potentially a very bad thing to do. Any data stored in the database will be destroyed. Do you really want to drop the 'TUTORIALS' database [y/N] y Database "TUTORIALS" dropped
Drop Database using PHP Script
PHP uses mysql_query function to create or delete a MySQL database. This function takes two parameters and returns TRUE on success or FALSE on failure.
Syntax
bool mysql_query( sql, connection );
Sr.No | Parameter & Description |
---|---|
1 |
sql Required − SQL query to create or delete a MySQL database |
2 |
connection Optional − if not specified, then the last opened connection by mysql_connect will be used. |
Example
Try the following example to delete a database −
<html> <head> <title>Deleting MySQL Database</title> </head> <body> <?php $dbhost = 'localhost:3036'; $dbuser = 'root'; $dbpass = 'rootpassword'; $conn = mysql_connect($dbhost, $dbuser, $dbpass); if(! $conn ) { die('Could not connect: ' . mysql_error()); } echo 'Connected successfully<br />'; $sql = 'DROP DATABASE TUTORIALS'; $retval = mysql_query( $sql, $conn ); if(! $retval ) { die('Could not delete database: ' . mysql_error()); } echo "Database TUTORIALS deleted successfully\n"; mysql_close($conn); ?> </body> </html>
WARNING − While deleting a database using the PHP script, it does not prompt you for any confirmation. So be careful while deleting a MySQL database.
Select Database
Once you get connected with the MySQL server, it is required to select a database to work with. This is because there might be more than one database available with the MySQL Server.
Selecting MySQL Database from the Command Prompt
It is very simple to select a database from the mysql> prompt. You can use the SQL command use to select a database.
Example
Here is an example to select a database called TUTORIALS −
[root@host]# mysql -u root -p Enter password:****** mysql> use TUTORIALS; Database changed mysql>
Now, you have selected the TUTORIALS database and all the subsequent operations will be performed on the TUTORIALS database.
NOTE − All the database names, table names, table fields name are case sensitive. So you would have to use the proper names while giving any SQL command.
Selecting a MySQL Database Using PHP Script
PHP provides function mysql_select_db to select a database. It returns TRUE on success or FALSE on failure.
Syntax
bool mysql_select_db( db_name, connection );
Sr.No. | Parameter & Description |
---|---|
1 |
db_name Required − MySQL Database name to be selected |
2 |
connection Optional − if not specified, then the last opened connection by mysql_connect will be used. |
Example
Here is an example showing you how to select a database.
<html> <head> <title>Selecting MySQL Database</title> </head> <body> <?php $dbhost = 'localhost:3036'; $dbuser = 'guest'; $dbpass = 'guest123'; $conn = mysql_connect($dbhost, $dbuser, $dbpass); if(! $conn ) { die('Could not connect: ' . mysql_error()); } echo 'Connected successfully'; mysql_select_db( 'TUTORIALS' ); mysql_close($conn); ?> </body> </html>
Data Types
Properly defining the fields in a table is important to the overall optimization of your database. You should use only the type and size of field you really need to use. For example, do not define a field 10 characters wide, if you know you are only going to use 2 characters. These type of fields (or columns) are also referred to as data types, after the type of data you will be storing in those fields.
MySQL uses many different data types broken into three categories −
- Numeric
- Date and Time
- String Types.
Let us now discuss them in detail.
Numeric Data Types
MySQL uses all the standard ANSI SQL numeric data types, so if you're coming to MySQL from a different database system, these definitions will look familiar to you.
The following list shows the common numeric data types and their descriptions −
-
INT − A normal-sized integer that can be signed or unsigned. If signed, the allowable range is from -2147483648 to 2147483647. If unsigned, the allowable range is from 0 to 4294967295. You can specify a width of up to 11 digits.
-
TINYINT − A very small integer that can be signed or unsigned. If signed, the allowable range is from -128 to 127. If unsigned, the allowable range is from 0 to 255. You can specify a width of up to 4 digits.
-
SMALLINT − A small integer that can be signed or unsigned. If signed, the allowable range is from -32768 to 32767. If unsigned, the allowable range is from 0 to 65535. You can specify a width of up to 5 digits.
-
MEDIUMINT − A medium-sized integer that can be signed or unsigned. If signed, the allowable range is from -8388608 to 8388607. If unsigned, the allowable range is from 0 to 16777215. You can specify a width of up to 9 digits.
-
BIGINT − A large integer that can be signed or unsigned. If signed, the allowable range is from -9223372036854775808 to 9223372036854775807. If unsigned, the allowable range is from 0 to 18446744073709551615. You can specify a width of up to 20 digits.
-
FLOAT(M,D) − A floating-point number that cannot be unsigned. You can define the display length (M) and the number of decimals (D). This is not required and will default to 10,2, where 2 is the number of decimals and 10 is the total number of digits (including decimals). Decimal precision can go to 24 places for a FLOAT.
-
DOUBLE(M,D) − A double precision floating-point number that cannot be unsigned. You can define the display length (M) and the number of decimals (D). This is not required and will default to 16,4, where 4 is the number of decimals. Decimal precision can go to 53 places for a DOUBLE. REAL is a synonym for DOUBLE.
-
DECIMAL(M,D) − An unpacked floating-point number that cannot be unsigned. In the unpacked decimals, each decimal corresponds to one byte. Defining the display length (M) and the number of decimals (D) is required. NUMERIC is a synonym for DECIMAL.
Date and Time Types
The MySQL date and time datatypes are as follows −
-
DATE − A date in YYYY-MM-DD format, between 1000-01-01 and 9999-12-31. For example, December 30th, 1973 would be stored as 1973-12-30.
-
DATETIME − A date and time combination in YYYY-MM-DD HH:MM:SS format, between 1000-01-01 00:00:00 and 9999-12-31 23:59:59. For example, 3:30 in the afternoon on December 30th, 1973 would be stored as 1973-12-30 15:30:00.
-
TIMESTAMP − A timestamp between midnight, January 1st, 1970 and sometime in 2037. This looks like the previous DATETIME format, only without the hyphens between numbers; 3:30 in the afternoon on December 30th, 1973 would be stored as 19731230153000 ( YYYYMMDDHHMMSS ).
-
TIME − Stores the time in a HH:MM:SS format.
-
YEAR(M) − Stores a year in a 2-digit or a 4-digit format. If the length is specified as 2 (for example YEAR(2)), YEAR can be between 1970 to 2069 (70 to 69). If the length is specified as 4, then YEAR can be 1901 to 2155. The default length is 4.
String Types
Although the numeric and date types are fun, most data you'll store will be in a string format. This list describes the common string datatypes in MySQL.
-
CHAR(M) − A fixed-length string between 1 and 255 characters in length (for example CHAR(5)), right-padded with spaces to the specified length when stored. Defining a length is not required, but the default is 1.
-
VARCHAR(M) − A variable-length string between 1 and 255 characters in length. For example, VARCHAR(25). You must define a length when creating a VARCHAR field.
-
BLOB or TEXT − A field with a maximum length of 65535 characters. BLOBs are "Binary Large Objects" and are used to store large amounts of binary data, such as images or other types of files. Fields defined as TEXT also hold large amounts of data. The difference between the two is that the sorts and comparisons on the stored data are case sensitive on BLOBs and are not case sensitive in TEXT fields. You do not specify a length with BLOB or TEXT.
-
TINYBLOB or TINYTEXT − A BLOB or TEXT column with a maximum length of 255 characters. You do not specify a length with TINYBLOB or TINYTEXT.
-
MEDIUMBLOB or MEDIUMTEXT − A BLOB or TEXT column with a maximum length of 16777215 characters. You do not specify a length with MEDIUMBLOB or MEDIUMTEXT.
-
LONGBLOB or LONGTEXT − A BLOB or TEXT column with a maximum length of 4294967295 characters. You do not specify a length with LONGBLOB or LONGTEXT.
-
ENUM − An enumeration, which is a fancy term for list. When defining an ENUM, you are creating a list of items from which the value must be selected (or it can be NULL). For example, if you wanted your field to contain "A" or "B" or "C", you would define your ENUM as ENUM ('A', 'B', 'C') and only those values (or NULL) could ever populate that field.
In the next chapter, we will discuss how to create tables in MySQL.
Create Table
To begin with, the table creation command requires the following details −
- Name of the table
- Name of the fields
- Definitions for each field
Syntax
Here is a generic SQL syntax to create a MySQL table −
CREATE TABLE table_name (column_name column_type);
Now, we will create the following table in the TUTORIALS database.
create table tutorials_tbl( tutorial_id INT NOT NULL AUTO_INCREMENT, tutorial_title VARCHAR(100) NOT NULL, tutorial_author VARCHAR(40) NOT NULL, submission_date DATE, PRIMARY KEY ( tutorial_id ) );
Here, a few items need explanation −
-
Field Attribute NOT NULL is being used because we do not want this field to be NULL. So, if a user will try to create a record with a NULL value, then MySQL will raise an error.
-
Field Attribute AUTO_INCREMENT tells MySQL to go ahead and add the next available number to the id field.
-
Keyword PRIMARY KEY is used to define a column as a primary key. You can use multiple columns separated by a comma to define a primary key.
Creating Tables from Command Prompt
It is easy to create a MySQL table from the mysql> prompt. You will use the SQL command CREATE TABLE to create a table.
Example
Here is an example, which will create tutorials_tbl −
root@host# mysql -u root -p Enter password:******* mysql> use TUTORIALS; Database changed mysql> CREATE TABLE tutorials_tbl( -> tutorial_id INT NOT NULL AUTO_INCREMENT, -> tutorial_title VARCHAR(100) NOT NULL, -> tutorial_author VARCHAR(40) NOT NULL, -> submission_date DATE, -> PRIMARY KEY ( tutorial_id ) -> ); Query OK, 0 rows affected (0.16 sec) mysql>
NOTE − MySQL does not terminate a command until you give a semicolon (;) at the end of SQL command.
Creating Tables Using PHP Script
To create new table in any existing database you would need to use PHP function mysql_query(). You will pass its second argument with a proper SQL command to create a table.
Example
The following program is an example to create a table using PHP script −
<html> <head> <title>Creating MySQL Tables</title> </head> <body> <?php $dbhost = 'localhost:3036'; $dbuser = 'root'; $dbpass = 'rootpassword'; $conn = mysql_connect($dbhost, $dbuser, $dbpass); if(! $conn ) { die('Could not connect: ' . mysql_error()); } echo 'Connected successfully<br />'; $sql = "CREATE TABLE tutorials_tbl( ". "tutorial_id INT NOT NULL AUTO_INCREMENT, ". "tutorial_title VARCHAR(100) NOT NULL, ". "tutorial_author VARCHAR(40) NOT NULL, ". "submission_date DATE, ". "PRIMARY KEY ( tutorial_id )); "; mysql_select_db( 'TUTORIALS' ); $retval = mysql_query( $sql, $conn ); if(! $retval ) { die('Could not create table: ' . mysql_error()); } echo "Table created successfully\n"; mysql_close($conn); ?> </body> </html>
Drop Table
It is very easy to drop an existing MySQL table, but you need to be very careful while deleting any existing table because the data lost will not be recovered after deleting a table.
Syntax
Here is a generic SQL syntax to drop a MySQL table −
DROP TABLE table_name ;
Dropping Tables from the Command Prompt
To drop tables from the command prompt, we need to execute the DROP TABLE SQL command at the mysql> prompt.
Example
The following program is an example which deletes the tutorials_tbl −
root@host# mysql -u root -p Enter password:******* mysql> use TUTORIALS; Database changed mysql> DROP TABLE tutorials_tbl Query OK, 0 rows affected (0.8 sec) mysql>
Dropping Tables Using PHP Script
To drop an existing table in any database, you would need to use the PHP function mysql_query(). You will pass its second argument with a proper SQL command to drop a table.
Example
<html> <head> <title>Creating MySQL Tables</title> </head> <body> <?php $dbhost = 'localhost:3036'; $dbuser = 'root'; $dbpass = 'rootpassword'; $conn = mysql_connect($dbhost, $dbuser, $dbpass); if(! $conn ) { die('Could not connect: ' . mysql_error()); } echo 'Connected successfully<br />'; $sql = "DROP TABLE tutorials_tbl"; mysql_select_db( 'TUTORIALS' ); $retval = mysql_query( $sql, $conn ); if(! $retval ) { die('Could not delete table: ' . mysql_error()); } echo "Table deleted successfully\n"; mysql_close($conn); ?> </body> </html>
Insert
To insert data into a MySQL table, you would need to use the SQL INSERT INTOcommand. You can insert data into the MySQL table by using the mysql> prompt or by using any script like PHP.
Syntax
Here is a generic SQL syntax of INSERT INTO command to insert data into the MySQL table −
INSERT INTO table_name ( field1, field2,...fieldN ) VALUES ( value1, value2,...valueN );
To insert string data types, it is required to keep all the values into double or single quotes. For example "value".
Inserting Data from the Command Prompt
To insert data from the command prompt, we will use SQL INSERT INTO command to insert data into MySQL table tutorials_tbl.
Example
The following example will create 3 records into tutorials_tbl table −
root@host# mysql -u root -p password; Enter password:******* mysql> use TUTORIALS; Database changed mysql> INSERT INTO tutorials_tbl ->(tutorial_title, tutorial_author, submission_date) ->VALUES ->("Learn PHP", "John Poul", NOW()); Query OK, 1 row affected (0.01 sec) mysql> INSERT INTO tutorials_tbl ->(tutorial_title, tutorial_author, submission_date) ->VALUES ->("Learn MySQL", "Abdul S", NOW()); Query OK, 1 row affected (0.01 sec) mysql> INSERT INTO tutorials_tbl ->(tutorial_title, tutorial_author, submission_date) ->VALUES ->("JAVA Tutorial", "Sanjay", '2007-05-06'); Query OK, 1 row affected (0.01 sec) mysql>
NOTE − Please note that all the arrow signs (->) are not a part of the SQL command. They are indicating a new line and they are created automatically by the MySQL prompt while pressing the enter key without giving a semicolon at the end of each line of the command.
In the above example, we have not provided a tutorial_id because at the time of table creation, we had given AUTO_INCREMENT option for this field. So MySQL takes care of inserting these IDs automatically. Here, NOW() is a MySQL function, which returns the current date and time.
Inserting Data Using a PHP Script
You can use the same SQL INSERT INTO command into the PHP function mysql_query() to insert data into a MySQL table.
Example
This example will take three parameters from the user and will insert them into the MySQL table −
<html> <head> <title>Add New Record in MySQL Database</title> </head> <body> <?php if(isset($_POST['add'])) { $dbhost = 'localhost:3036'; $dbuser = 'root'; $dbpass = 'rootpassword'; $conn = mysql_connect($dbhost, $dbuser, $dbpass); if(! $conn ) { die('Could not connect: ' . mysql_error()); } if(! get_magic_quotes_gpc() ) { $tutorial_title = addslashes ($_POST['tutorial_title']); $tutorial_author = addslashes ($_POST['tutorial_author']); } else { $tutorial_title = $_POST['tutorial_title']; $tutorial_author = $_POST['tutorial_author']; } $submission_date = $_POST['submission_date']; $sql = "INSERT INTO tutorials_tbl ". "(tutorial_title,tutorial_author, submission_date) "."VALUES ". "('$tutorial_title','$tutorial_author','$submission_date')"; mysql_select_db('TUTORIALS'); $retval = mysql_query( $sql, $conn ); if(! $retval ) { die('Could not enter data: ' . mysql_error()); } echo "Entered data successfully\n"; mysql_close($conn); } else { ?> <form method = "post" action = "<?php $_PHP_SELF ?>"> <table width = "600" border = "0" cellspacing = "1" cellpadding = "2"> <tr> <td width = "250">Tutorial Title</td> <td> <input name = "tutorial_title" type = "text" id = "tutorial_title"> </td> </tr> <tr> <td width = "250">Tutorial Author</td> <td> <input name = "tutorial_author" type = "text" id = "tutorial_author"> </td> </tr> <tr> <td width = "250">Submission Date [ yyyy-mm-dd ]</td> <td> <input name = "submission_date" type = "text" id = "submission_date"> </td> </tr> <tr> <td width = "250"> </td> <td> </td> </tr> <tr> <td width = "250"> </td> <td> <input name = "add" type = "submit" id = "add" value = "Add Tutorial"> </td> </tr> </table> </form> <?php } ?> </body> </html>
While doing a data insert, it is best to use the function get_magic_quotes_gpc() to check if the current configuration for magic quote is set or not. If this function returns false, then use the function addslashes() to add slashes before the quotes.
You can put many validations around to check if the entered data is correct or not and can take the appropriate action.
Select
The SQL SELECT command is used to fetch data from the MySQL database. You can use this command at mysql> prompt as well as in any script like PHP.
Syntax
Here is generic SQL syntax of SELECT command to fetch data from the MySQL table −
SELECT field1, field2,...fieldN FROM table_name1, table_name2... [WHERE Clause] [OFFSET M ][LIMIT N]
-
You can use one or more tables separated by comma to include various conditions using a WHERE clause, but the WHERE clause is an optional part of the SELECT command.
-
You can fetch one or more fields in a single SELECT command.
-
You can specify star (*) in place of fields. In this case, SELECT will return all the fields.
-
You can specify any condition using the WHERE clause.
-
You can specify an offset using OFFSET from where SELECT will start returning records. By default, the offset starts at zero.
-
You can limit the number of returns using the LIMIT attribute.
Fetching Data from a Command Prompt
This will use SQL SELECT command to fetch data from the MySQL table tutorials_tbl.
Example
The following example will return all the records from the tutorials_tbl table −
root@host# mysql -u root -p password; Enter password:******* mysql> use TUTORIALS; Database changed mysql> SELECT * from tutorials_tbl +-------------+----------------+-----------------+-----------------+ | tutorial_id | tutorial_title | tutorial_author | submission_date | +-------------+----------------+-----------------+-----------------+ | 1 | Learn PHP | John Poul | 2007-05-21 | | 2 | Learn MySQL | Abdul S | 2007-05-21 | | 3 | JAVA Tutorial | Sanjay | 2007-05-21 | +-------------+----------------+-----------------+-----------------+ 3 rows in set (0.01 sec) mysql>
Fetching Data Using a PHP Script
You can use the same SQL SELECT command into a PHP function mysql_query(). This function is used to execute the SQL command and then later another PHP function mysql_fetch_array() can be used to fetch all the selected data. This function returns the row as an associative array, a numeric array, or both. This function returns FALSE if there are no more rows.
The following program is a simple example which will show how to fetch / display records from the tutorials_tbl table.
Example
The following code block will display all the records from the tutorials_tbl table.
<?php $dbhost = 'localhost:3036'; $dbuser = 'root'; $dbpass = 'rootpassword'; $conn = mysql_connect($dbhost, $dbuser, $dbpass); if(! $conn ) { die('Could not connect: ' . mysql_error()); } $sql = 'SELECT tutorial_id, tutorial_title, tutorial_author, submission_date FROM tutorials_tbl'; mysql_select_db('TUTORIALS'); $retval = mysql_query( $sql, $conn ); if(! $retval ) { die('Could not get data: ' . mysql_error()); } while($row = mysql_fetch_array($retval, MYSQL_ASSOC)) { echo "Tutorial ID :{$row['tutorial_id']} <br> ". "Title: {$row['tutorial_title']} <br> ". "Author: {$row['tutorial_author']} <br> ". "Submission Date : {$row['submission_date']} <br> ". "--------------------------------<br>"; } echo "Fetched data successfully\n"; mysql_close($conn); ?>
The content of the rows is assigned to the variable $row and the values in that row are then printed.
NOTE − Always remember to put curly brackets when you want to insert an array value directly into a string.
In the above example, the constant MYSQL_ASSOC is used as the second argument to the PHP function mysql_fetch_array(), so that it returns the row as an associative array. With an associative array you can access the field by using their name instead of using the index.
PHP provides another function called mysql_fetch_assoc(), which also returns the row as an associative array.
Example
The following example to display all the records from the tutorial_tbl table using mysql_fetch_assoc() function.
<?php $dbhost = 'localhost:3036'; $dbuser = 'root'; $dbpass = 'rootpassword'; $conn = mysql_connect($dbhost, $dbuser, $dbpass); if(! $conn ) { die('Could not connect: ' . mysql_error()); } $sql = 'SELECT tutorial_id, tutorial_title, tutorial_author, submission_date FROM tutorials_tbl'; mysql_select_db('TUTORIALS'); $retval = mysql_query( $sql, $conn ); if(! $retval ) { die('Could not get data: ' . mysql_error()); } while($row = mysql_fetch_assoc($retval)) { echo "Tutorial ID :{$row['tutorial_id']} <br> ". "Title: {$row['tutorial_title']} <br> ". "Author: {$row['tutorial_author']} <br> ". "Submission Date : {$row['submission_date']} <br> ". "--------------------------------<br>"; } echo "Fetched data successfully\n"; mysql_close($conn); ?>
You can also use the constant MYSQL_NUM as the second argument to the PHP function mysql_fetch_array(). This will cause the function to return an array with the numeric index.
Example
Try out the following example to display all the records from tutorials_tbl table using the MYSQL_NUM argument.
<?php $dbhost = 'localhost:3036'; $dbuser = 'root'; $dbpass = 'rootpassword'; $conn = mysql_connect($dbhost, $dbuser, $dbpass); if(! $conn ) { die('Could not connect: ' . mysql_error()); } $sql = 'SELECT tutorial_id, tutorial_title, tutorial_author, submission_date FROM tutorials_tbl'; mysql_select_db('TUTORIALS'); $retval = mysql_query( $sql, $conn ); if(! $retval ) { die('Could not get data: ' . mysql_error()); } while($row = mysql_fetch_array($retval, MYSQL_NUM)) { echo "Tutorial ID :{$row[0]} <br> ". "Title: {$row[1]} <br> ". "Author: {$row[2]} <br> ". "Submission Date : {$row[3]} <br> ". "--------------------------------<br>"; } echo "Fetched data successfully\n"; mysql_close($conn); ?>
All the above three examples will produce the same result.
Releasing Memory
It is a good practice to release cursor memory at the end of each SELECT statement. This can be done by using the PHP function mysql_free_result(). The following program is the example to show how it should be used.
Example
Try out the following example −
<?php $dbhost = 'localhost:3036'; $dbuser = 'root'; $dbpass = 'rootpassword'; $conn = mysql_connect($dbhost, $dbuser, $dbpass); if(! $conn ) { die('Could not connect: ' . mysql_error()); } $sql = 'SELECT tutorial_id, tutorial_title, tutorial_author, submission_date FROM tutorials_tbl'; mysql_select_db('TUTORIALS'); $retval = mysql_query( $sql, $conn ); if(! $retval ) { die('Could not get data: ' . mysql_error()); } while($row = mysql_fetch_array($retval, MYSQL_NUM)) { echo "Tutorial ID :{$row[0]} <br> ". "Title: {$row[1]} <br> ". "Author: {$row[2]} <br> ". "Submission Date : {$row[3]} <br> ". "--------------------------------<br>"; } mysql_free_result($retval); echo "Fetched data successfully\n"; mysql_close($conn); ?>
While fetching data, you can write as complex a code as you like, but the procedure will remain the same as mentioned above.
Update
There may be a requirement where the existing data in a MySQL table needs to be modified. You can do so by using the SQL UPDATE command. This will modify any field value of any MySQL table.
Syntax
The following code block has a generic SQL syntax of the UPDATE command to modify the data in the MySQL table −
UPDATE table_name SET field1 = new-value1, field2 = new-value2 [WHERE Clause]
- You can update one or more field altogether.
- You can specify any condition using the WHERE clause.
- You can update the values in a single table at a time.
The WHERE clause is very useful when you want to update the selected rows in a table.
Updating Data from the Command Prompt
This will use the SQL UPDATE command with the WHERE clause to update the selected data in the MySQL table tutorials_tbl.
Example
The following example will update the tutorial_title field for a record having the tutorial_id as 3.
root@host# mysql -u root -p password; Enter password:******* mysql> use TUTORIALS; Database changed mysql> UPDATE tutorials_tbl -> SET tutorial_title = 'Learning JAVA' -> WHERE tutorial_id = 3; Query OK, 1 row affected (0.04 sec) Rows matched: 1 Changed: 1 Warnings: 0 mysql>
Updating Data Using a PHP Script
You can use the SQL UPDATE command with or without the WHERE CLAUSE into the PHP function – mysql_query(). This function will execute the SQL command in a similar way it is executed at the mysql> prompt.
Example
The following example to update the tutorial_title field for a record having tutorial_id as 3.
<?php $dbhost = 'localhost:3036'; $dbuser = 'root'; $dbpass = 'rootpassword'; $conn = mysql_connect($dbhost, $dbuser, $dbpass); if(! $conn ) { die('Could not connect: ' . mysql_error()); } $sql = 'UPDATE tutorials_tbl SET tutorial_title="Learning JAVA" WHERE tutorial_id=3'; mysql_select_db('TUTORIALS'); $retval = mysql_query( $sql, $conn ); if(! $retval ) { die('Could not update data: ' . mysql_error()); } echo "Updated data successfully\n"; mysql_
Delete
If you want to delete a record from any MySQL table, then you can use the SQL command DELETE FROM. You can use this command at the mysql> prompt as well as in any script like PHP.
Syntax
The following code block has a generic SQL syntax of the DELETE command to delete data from a MySQL table.
DELETE FROM table_name [WHERE Clause]
-
If the WHERE clause is not specified, then all the records will be deleted from the given MySQL table.
-
You can specify any condition using the WHERE clause.
-
You can delete records in a single table at a time.
The WHERE clause is very useful when you want to delete selected rows in a table.
Deleting Data from the Command Prompt
This will use the SQL DELETE command with the WHERE clause to delete selected data into the MySQL table – tutorials_tbl.
Example
The following example will delete a record from the tutorial_tbl whose tutorial_id is 3.
root@host# mysql -u root -p password; Enter password:******* mysql> use TUTORIALS; Database changed mysql> DELETE FROM tutorials_tbl WHERE tutorial_id=3; Query OK, 1 row affected (0.23 sec) mysql>
Deleting Data Using a PHP Script
You can use the SQL DELETE command with or without the WHERE CLAUSE into the PHP function – mysql_query(). This function will execute the SQL command in the same way as it is executed at the mysql> prompt.
Example
Try the following example to delete a record from the tutorial_tbl whose tutorial_id is 3.
<?php $dbhost = 'localhost:3036'; $dbuser = 'root'; $dbpass = 'rootpassword'; $conn = mysql_connect($dbhost, $dbuser, $dbpass); if(! $conn ) { die('Could not connect: ' . mysql_error()); } $sql = 'DELETE FROM tutorials_tbl WHERE tutorial_id = 3'; mysql_select_db('TUTORIALS'); $retval = mysql_query( $sql, $conn ); if(! $retval ) { die('Could not delete data: ' . mysql_error()); } echo "Deleted data successfully\n"; mysql_close($conn); ?>
SQL Injection
If you take user input through a webpage and insert it into a MySQL database, there's a chance that you have left yourself wide open for a security issue known as SQL Injection. This chapter will teach you how to help prevent this from happening and help you secure your scripts and MySQL statements.
The SQL Injection usually occurs when you ask a user for input, like their name and instead of a name they give you a MySQL statement that you will unknowingly run on your database.
Never trust the data provided by a user, process this data only after validation; as a rule, this is done by pattern matching. In the following example, the username is restricted to alphanumerical characters plus underscore and to a length between 8 and 20 characters – modify these rules as needed.
if (preg_match("/^\w{8,20}$/", $_GET['username'], $matches)) { $result = mysql_query("SELECT * FROM users WHERE username = $matches[0]"); } else { echo "username not accepted"; }
To demonstrate this problem, consider the following excerpt.
// supposed input $name = "Qadir'; DELETE FROM users;"; mysql_query("SELECT * FROM users WHERE name = '{$name}'");
The function call is supposed to retrieve a record from the users table, where the name column matches the name specified by the user. Under normal circumstances, $name would only contain alphanumeric characters and perhaps spaces. But here, by appending an entirely new query to $name, the call to the database turns into a disaster. The injected DELETE query removes all the records from users.
Fortunately, if you use MySQL, the mysql_query() function does not permit query stacking or executing multiple queries in a single function call. If you try to stack queries, the call fails.
However, other PHP database extensions, such as SQLite and PostgreSQL, happily perform stacked queries, executing all the queries provided in one string and creating a serious security problem.
Preventing SQL Injection
You can handle all escape characters smartly in scripting languages like PERL and PHP. The MySQL extension for PHP provides the function mysql_real_escape_string() to escape input characters that are special to MySQL.
if (get_magic_quotes_gpc()) { $name = stripslashes($name); } $name = mysql_real_escape_string($name); mysql_query("SELECT * FROM users WHERE name = '{$name}'");
The LIKE Quandary
To address the LIKE quandary, a custom escaping mechanism must convert user-supplied % and _ characters to literals. Use addcslashes(), a function that lets you specify a character range to escape.
$sub = addcslashes(mysql_real_escape_string("%something_"), "%_"); // $sub == \%something\_ mysql_query("SELECT * FROM messages WHERE subject LIKE '{$sub}%'");
Database Information
Obtaining and Using MySQL Metadata
There are three types of information, which you would like to have from MySQL.
-
Information about the result of queries − This includes the number of records affected by any SELECT, UPDATE or DELETE statement.
-
Information about the tables and databases − This includes information pertaining to the structure of the tables and the databases.
-
Information about the MySQL server − This includes the status of the database server, version number, etc.
It is very easy to get all this information at the MySQL prompt, but while using PERL or PHP APIs, we need to call various APIs explicitly to obtain all this information.
Obtaining the Number of Rows Affected by a Query
Let is now see how to obtain this information.
PERL Example
In DBI scripts, the affected row count is returned by the do( ) or by the execute( )command, depending on how you execute the query.
# Method 1 # execute $query using do( ) my $count = $dbh->do ($query); # report 0 rows if an error occurred printf "%d rows were affected\n", (defined ($count) ? $count : 0); # Method 2 # execute query using prepare( ) plus execute( ) my $sth = $dbh->prepare ($query); my $count = $sth->execute ( ); printf "%d rows were affected\n", (defined ($count) ? $count : 0);
PHP Example
In PHP, invoke the mysql_affected_rows( ) function to find out how many rows a query changed.
$result_id = mysql_query ($query, $conn_id); # report 0 rows if the query failed $count = ($result_id ? mysql_affected_rows ($conn_id) : 0); print ("$count rows were affected\n");
Listing Tables and Databases
It is very easy to list down all the databases and the tables available with a database server. Your result may be null if you don't have the sufficient privileges.
Apart from the method which is shown in the following code block, you can use SHOW TABLES or SHOW DATABASES queries to get the list of tables or databases either in PHP or in PERL.
PERL Example
# Get all the tables available in current database. my @tables = $dbh->tables ( ); foreach $table (@tables ){ print "Table Name $table\n"; }
PHP Example
<?php $con = mysql_connect("localhost", "userid", "password"); if (!$con) { die('Could not connect: ' . mysql_error()); } $db_list = mysql_list_dbs($con); while ($db = mysql_fetch_object($db_list)) { echo $db->Database . "<br />"; } mysql_close($con); ?>
Getting Server Metadata
There are a few important commands in MySQL which can be executed either at the MySQL prompt or by using any script like PHP to get various important information about the database server.
Sr.No. | Command & Description |
---|---|
1 |
SELECT VERSION( ) Server version string |
2 |
SELECT DATABASE( ) Current database name (empty if none) |
3 |
SELECT USER( ) Current username |
4 |
SHOW STATUS Server status indicators |
5 |
SHOW VARIABLES Server configuration variables |
0 Comments: