About
News
Downloads
Manual
Support
Examples
Releases
Community
Contact
Blog
Examples - Database Operation
The following example shows simple database operations using Xnyo.
<?php
/**
* File: prepend.php
* Purpose: include this file from all php pages to start Xnyo
**/
/**
* We include Xyno and create an instance (object)
**/
require_once '/path/to/xnyo/xnyo.class.php';
$xnyo = new Xnyo;
/**
* Setup our database stuff
**/
$xnyo->database_type = 'mysql';
$xnyo->db_host = 'localhost';
$xnyo->db_user = 'someuser';
$xnyo->db_passwd = 'somepass';
/**
* Start Xnyo!
**/
$xnyo->start();
?>
/**
* File: display.php
* Purpose: display an entry in the database from the "id" GET variable.
* Note: this is done in the original method of accessing databases.
**/
// include prepend.php
require_once 'prepend.php';
/**
* Alright, so we want to connect to the "example" database, get data from the "stuff" table,
* and display it.
*
* First step, the inbuilt variable filter stops ALL variables from being available in your
* script for security reasons (this can be turned off)
* so we need to tell Xnyo *exactly* what variables we want, and what type they are.
*
* So we want a GET variable called "id", and we want it to be an integer (ie, if they put
* text in to try to "hack" us, it just disappears.)
**/
$xnyo->filter_get_var('id', 'int');
/**
* Create a connection to the database!
**/
$db->select_db('example');
/**
* For simple select's, you can simply use $db->select(), and it will build the query for you.
**/
$db->select('stuff', NULL, array('id' => $_GET['id']));
/**
* Or you can do it yourself like this:
*
* $db->query('SELECT * FROM stuff WHERE id = \''.$_GET['id'].'\'');
*
* Note, we dont need to do any additional security checks, because we know that $_GET['id'] can
* *only* be an integer. To be on the safe side though, you can use $input->sqltext(), which will
* double check to make sure that no quotes (') are out of place and could be used for
* SQL-injection attacks.
**/
/**
* Was that a valid entry?
**/
if (!$db->num_rows())
die('That was not a valid row!');
/**
* Get the database result object (row 0)
**/
$data = $db->fetch(0);
/**
* Now we can simply display the page
**/
?>
<html>
<head>
<title>Xnyo DB Example</title>
</head>
<body>
Information about this user:
<b>Name:</b> <?=$data->name?><br />
<b>Email:</b> <?=$data->email?><br />
<b>ID: </b> <?=$data->id?>
</body>
</html>
/**
* File: add.php
* Purpose: add a new entry to the database.
**/
// include the prepend.php
require_once 'prepend.php';
// are we POSTing data to here?
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
// connect to the database, see display.php for a better description
$db->select_db('examples');
// let all the known variables through the variable filter
$xnyo->filter_post_var('name', 'text');
// special email type checks for a valid domain
$xnyo->filter_post_var('email', 'email');
/**
* You can do your own error checking and what not, see the forms section for
* auto-built-and-checked forms
**/
// create the data array
$data = array
(
'name' => $_POST['name'],
'email' => $_POST['email']
);
// insert it into the db
$db->insert('stuff', $data);
/**
* Alternatively, you can build your own SQL, this is the equivilant of the above statement..
* $db->query('INSERT INTO stuff (name, email) VALUES
* (\''.$input->sqltext($_POST['name']).'\',
\''.$input->sqltext($_POST['email']).'\')');
**/
// did it work?
if (!$db->affected_rows())
$message = 'Couldn\'t Insert, sorry.';
else
{
/**
* lets use the same info to pull the id we just made
* (if you're using ONLY mysql you can use last_insert_id())
**/
$db->select('stuff', array('id'), $data);
header('Location: display.php?id='.$db->fetch(0, 'id'));
}
}
/**
* Display a form thing
**/
?>
<html>
<head>
<title>Xnyo DB Example Add</title>
</head>
<body>
<?=$message?><br />
<form action="<?=$_SERVER['PHP_SELF']?>" method="POST">
Name: <input type="text" name="name" value=""><br />
Email: <input type="text" name="email" value=""><br />
<input type="submit" value="Add">
</form>
</body>