Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // Public variables -- CONFIGURE ME
- $dbname = "exampledb";
- $dbuser = "exampleuser";
- $dbpass = "examplepassword";
- // Connect to MySQL using PDO
- try {
- $dbh = new PDO('mysql:host=localhost;dbname='.$dbname, $dbuser, $dbpass);
- }
- catch(Exception $e){
- // If there are issues we'll output an error message. Warning, this can be a security risk!
- die("Couldn't connect to the database. <pre>".$e."</pre>");
- }
- // only do processing if the form's been submitted
- if(isset($_POST['submitbutton'])) {
- // Sanitize inputs
- $name = filter_var($_POST['name'], FILTER_SANITIZE_STRING);
- $age = filter_var($_POST['age'], FILTER_SANITIZE_NUMBER_INT);
- // Calculate birth year
- $birthyear = date('Y') - $age;
- // Prepare a statement to insert the sanitized inputs (important that they are sanitized!)
- $stmt = $dbh->prepare("INSERT INTO birthyears (name, birthyear) VALUES (?, ?)");
- // Run the statement in MySQL (grabbing the sanitized inputs above)
- if($stmt->execute(array($name, $birthyear)) == 1) {
- $message = "Created new Birthyear successfully.";
- }
- else {
- $message = "Error creating new Birthyear.";
- }
- }
- // Prepare a query to get all the birthyear data
- $stmt = $dbh->query('SELECT * FROM birthyears');
- // Execute it and store all the results in $results for use later
- $resultrows = $stmt->fetchAll(PDO::FETCH_ASSOC);
- // Close the MySQL connection
- $dbh = null;
- ?><html>
- <head>
- <style type="text/css">
- body { font-family: Arial, Helvetica, sans-serif; }
- p.message { color: green; }
- table { border-collapse: collapse; }
- table, td,th { border: 1px solid black; padding: 0.25em; }
- </style>
- </head>
- <body>
- <?php
- // Time to display the data.
- // First, output any messages. We can include simple variables inside quoted strings for brevity.
- echo "<p class='message'>$message</p>";
- // We're going to show all the birthyear data (if there is any) and ALSO the form to add more.
- // Your choice, but it's good to keep the processing separate from the displaying.
- // We'll start by preparing an HTML table for our data to show up in.
- // The \r\n is a newline, so that we don't end up with all our HTML on the same line.
- echo "<h2>Birthyears</h2>\r\n";
- echo "<table>\r\n";
- echo "<tr><th>Name</th><th>Birth Year</th></tr>\r\n";
- // ForEach is a nice function that takes an array like $resultrows and goes thru it one-by-one, giving us
- // the $row variable to work with. It's like for() except without all the math.
- foreach($resultrows as $row) {
- echo "<tr><td>".$row['name']."</td><td>".$row['birthyear']."</td></tr>\r\n";
- }
- echo "</table>\r\n";
- ?>
- <hr />
- <h3>Add a new Birthyear</h3>
- <!-- The action is set by PHP code that returns the current file path (PHP_SELF) and
- filters it with the htmlentities command for security. -->
- <form method="post" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>">
- <input type="text" name="name" id="name" value="Your Name" />
- <input type="text" name="age" id="age" value="Your Age" />
- <input type="submit" name="submitbutton" id="submitbutton" value="Go!" />
- </form>
- </body>
- </html>
Add Comment
Please, Sign In to add comment