[an error occurred while processing this directive]

<div class="slide titleslide">
	<h1>13.4: Databases and PHP</h1>

	<ul>
		<li>
			13.1: Database Basics
		</li>
		<li>
			13.2: SQL
		</li>
		<li>
			13.3: Multi-table Queries
		</li>
		<li>
			<strong>13.4: Databases and PHP</strong>
		</li>
	</ul>
</div>



<div class="slide">
	<h1>
		Querying a Database in PHP with PDO
	</h1>

	<pre class="syntaxtemplate php">
$<var>name</var> = new PDO(&quot;<var>dbprogram</var>:dbname=<var>database</var>;host=<var>server</var>&quot;, <var>username</var>, <var>password</var>);
$<var>name</var>-&gt;query(&quot;<var>SQL query</var>&quot;);
</pre>

	<pre class="examplecode php">
<span class="comment"># connect to world database on local server</span>
$db = new PDO(&quot;mysql:dbname=world;host=localhost&quot;, &quot;traveler&quot;, &quot;packmybags&quot;);
$db-&gt;query(&quot;SELECT * FROM countries WHERE population &gt; 100000000;&quot;);
</pre>

	<ul>
		<li><a href="http://php.net/manual/en/book.pdo.php">PDO</a> database library allows you to connect to many different database programs
			<ul>
				<li>replaces older, less versatile functions like <code>mysql_connect</code></li>
			</ul>
		</li>
		<li>PDO object's <code>query</code> function returns rows that match a query</li>
	</ul>
</div>



<div class="slide">
	<h1>Result rows: <code>query</code></h1>

	<pre class="syntaxtemplate php">
$db = new PDO(&quot;<var>dbprogram</var>:dbname=<var>database</var>;host=<var>server</var>&quot;, <var>username</var>, <var>password</var>);
<em>$rows =</em> $db-&gt;query(&quot;<var>SQL query</var>&quot;);
<em>foreach ($rows as $row) {</em>
	<var>do something with $row;</var>
<em>}</em>
</pre>

	<ul>
		<li><a href="http://php.net/manual/en/pdo.query.php"><code>query</code></a> returns all result rows
			<ul>
				<li>each row is an associative array of [column name -&gt; value]</li>
				<li>example: <code>$row[&quot;population&quot;]</code> gives the value of the <code>population</code> column</li>
			</ul>
		</li>
	</ul>
</div>



<div class="slide">
	<h1>A complete example</h1>
	
	<div class="example">
		<pre class="examplecode php">
$db = new PDO(&quot;mysql:dbname=imdb_small&quot;, &quot;jessica&quot;, &quot;guinness&quot;);
$rows = <em>$db-&gt;query</em>(&quot;SELECT * FROM actors WHERE last_name LIKE 'Del%'&quot;);
foreach ($rows as $row) {
	?&gt;
	&lt;li&gt; First name: &lt;?= <em>$row[&quot;first_name&quot;]</em> ?&gt;,
	     Last name:  &lt;?= <em>$row[&quot;last_name&quot;]</em>  ?&gt; &lt;/li&gt;
	&lt;?php
}
</pre>	
		
		<div class="exampleoutput">
			<ul>
				<li>First name: Benicio, Last name: Del Toro</li>
				<li>First name: Michael, Last name: Delano</li>
				<li>...</li>
			</ul>
		</div>
	</div>
</div>



<div class="slide">
	<h1>PDO object methods</h1>

	<table class="standard">
		<tr>
			<th>name</th>
			<th>description</th>
		</tr>

		<tr>
			<td>
				<a href="http://php.net/manual/en/pdo.query.php"><code>query</code></a>
			</td>
			<td>
				performs a SQL SELECT query on the database
			</td>
		</tr>

		<tr>
			<td>
				<a href="http://www.php.net/manual/en/pdo.exec.php"><code>exec</code></a>
			</td>
			<td>
				performs a SQL query that modifies the database (INSERT, DELETE, UPDATE, etc.)
			</td>
		</tr>

		<tr>
			<td>
				<a href="http://www.php.net/manual/en/pdo.getattribute.php"><code>getAttribute</code></a>,<br />
				<a href="http://www.php.net/manual/en/pdo.setattribute.php"><code>setAttribute</code></a>
			</td>
			<td>
				get/set various DB connection properties
			</td>
		</tr>

		<tr>
			<td>
				<a href="http://www.php.net/manual/en/pdo.quote.php"><code>quote</code></a>
			</td>
			<td>
				encodes a value for use within a query
			</td>
		</tr>
	</table>
</div>



<div class="slide">
	<h1>
		Including variables in a query
	</h1>

	<pre class="examplecode php badcode">
# get query parameter for name of movie
$title = $_GET[&quot;movietitle&quot;];
$rows = $db-&gt;query(&quot;SELECT year FROM movies WHERE name = <em class="bad">'$title'</em>&quot;);
</pre>

	<ul>
		<li>you should not directly include variables or query parameters in a query</li>
		<li>they might contain illegal characters or SQL syntax to mess up the query</li>
	</ul>
</div>



<div class="slide">
	<h1>
		Quoting variables
	</h1>

	<pre class="examplecode php">
# get query parameter for name of movie
$title = $_GET[&quot;movietitle&quot;];
$title = <em>$db->quote($title)</em>;
$rows = $db-&gt;query(&quot;SELECT year FROM movies WHERE name = <em class="good">$title</em>&quot;);
</pre>

	<ul>
		<li>call PDO's <code>quote</code> method on any variable to be inserted</li>
		<li><code>quote</code> escapes any illegal chars and surrounds the value with <code>'</code> quotes</li>
		<li>prevents bugs and security problems in queries containing user input</li>
	</ul>
</div>



<div class="slide">
	<h1>
		Database/query errors
	</h1>

	<pre class="examplecode php">
$db = new PDO("mysql:dbname=imdb_small", "jessica", "guinness");
$rows = $db->query("<em class="bad">SEEELECT</em> * FROM movies WHERE year = 2000");   <span class="comment"># FALSE</span>
</pre>

	<ul>
		<li>database commands can often fail (invalid query; server not responding; etc.)</li>
		<li>normally, PDO commands fail silently by returning <code>FALSE</code> or <code>NULL</code></li>
		<li>but this makes it hard to notice and handle problems</li>
	</ul>
</div>



<div class="slide">
	<h1>
		Exceptions for errors
	</h1>

	<pre class="examplecode php">
$db = new PDO("mysql:dbname=imdb_small", "jessica", "guinness");
<em>$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);</em>
$rows = $db->query("<em class="bad">SEEELECT</em> * FROM movies WHERE year = 2000");   <span class="comment"># kaboom!</span>
</pre>

	<ul>
		<li>using <code>setAttribute</code>, you can tell PDO to throw (generate) a <code>PDOException</code> when an error occurs</li>
		<li>the exceptions will appear as error messages on the page output</li>
		<li>you can <span class="term">catch</span> the exception to gracefully handle the error</li>
	</ul>
</div>



<div class="slide">
	<h1>
		Catching an exception
	</h1>

	<pre class="syntaxtemplate php">
try {
	<var>statement(s);</var>
} catch (<var>ExceptionType</var> $<var>name</var>) {
	<var>code to handle the error;</var>
}
</pre>

	<ul>
		<li>a <code>try/catch</code> statement attempts to run some code, but if it throws a given kind of exception, the program jumps to the <code>catch</code> block and runs that code to handle the error</li>
	</ul>
</div>



<div class="slide">
	<h1>
		Example with error checking
	</h1>

	<pre class="examplecode php">
<em>try {</em>
	$db = new PDO("mysql:dbname=imdb_small", "jessica", "guinness");
	$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
	$rows = $db->query("<em class="bad">SEEELECT</em> * FROM movies WHERE year = 2000");
	foreach ($rows as row) { ... }
<em>} catch (PDOException $ex) {</em>
	?&gt;
	&lt;p&gt;Sorry, a database error occurred. Please try again later.&lt;/p&gt;
	&lt;p&gt;(Error details: &lt;?= <em>$ex-&gt;getMessage()</em> ?&gt;)&lt;/p&gt;
	&lt;?php
<em>}</em>
</pre>
</div>



<div class="slide">
	<h1>
		<a class="popup" href="http://php.net/manual/en/class.pdostatement.php">PDOStatement</a> methods
	</h1>
	
	<p>
		The <code>$rows</code> variable returned by PDO's <code>query</code> method is technically not an array but an object of type <code>PDOStatement</code>.
		It can be <code>foreach</code>-ed over like an array, but it also has the following methods:
	</p>

	<table class="standard">
		<tr>
			<td>	
				<a href="http://www.php.net/manual/en/pdostatement.columncount.php"><code>columnCount()</code></a>
			</td>
			<td>
				number of columns in the results
			</td>
		</tr>

		<tr>
			<td>	
				<a href="http://www.php.net/manual/en/pdostatement.fetch.php"><code>fetch()</code></a>
			</td>
			<td>
				return the next row from the results
			</td>
		</tr>

		<tr>
			<td>	
				<a href="http://www.php.net/manual/en/pdostatement.fetchcolumn.php"><code>fetchColumn(<var>number</var>)</code></a>
			</td>
			<td>
				return the next column from the results
			</td>
		</tr>

		<tr>
			<td>	
				<a href="http://www.php.net/manual/en/pdostatement.rowcount.php"><code>rowCount()</code></a>
			</td>
			<td>
				number of rows returned by the query
			</td>
		</tr>
	</table>
	
	<pre class="sql">
$rows = $db->query("...");   <span class="comment"># query omitted</span>
if (<em>$rows-&gt;rowCount()</em> &gt; 0) {
	$first_row = <em>$rows-&gt;fetch()</em>;
	...
}
</pre>
</div>



<div class="slide">
	<h1>
		The MySQL console
	</h1>

	<pre class="syntaxtemplate sql">
SHOW DATABASES;
USE <var>database</var>;
SHOW TABLES;
</pre>

	<ul>
		<li>connect to Webster in an SSH program like <a class="popup" href="http://www.putty.org/">PuTTY</a>, then type:</li>
	</ul>

	<pre class="examplecode ssh" style="font-size: smaller">
$ <em>mysql -u <var>yourusername</var> -p</em>
Password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.

mysql> <em>USE world;</em>
Database changed

mysql> <em>SHOW TABLES;</em>
+-----------+
| cities    | 
| countries | 
| languages | 
+-----------+
3 rows in set (0.00 sec)
</pre>

</div>



<div class="slide">
	<h1>SQL console example</h1>

	<pre class="examplecode ssh">
[stepp@webster ~]$ <em>mysql -u <var>myusername</var> -p</em>
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.

mysql> <em>use imdb_small;</em>
Database changed

mysql> <em>select * from actors where first_name like '%mick%';</em>
+--------+------------+-----------+--------+
| id     | first_name | last_name | gender |
+--------+------------+-----------+--------+
|  71699 | Mickey     | Cantwell  | M      | 
| 115652 | Mickey     | Dee       | M      | 
| 470693 | Mick       | Theo      | M      | 
| 716748 | Mickie     | McGowan   | F      | 
+--------+------------+-----------+--------+
4 rows in set (0.01 sec)
</pre>

</div>



[an error occurred while processing this directive]