Placeholder Image

字幕列表 影片播放

  • creating these classes requires equipment and service.

  • Is that cost money?

  • If you appreciate this education, please think about going to Eli the computer guy dot com and offering a one time or monthly recurring donation.

  • Welcome back.

  • As you know I am.

  • He lied the computer guy.

  • And in today's class, I'm going to show you how to insert records into your my sequel database tables using simple hyperlinks.

  • So, up until this point, we have been using HTML forms, and we've been using a method called Post to be able to give the variable of values from the HTML forms to your pH.

  • Be script in the near pH.

  • Be script parses the data and is able to insert it into your my sequel database tables.

  • Well, today we're going to using a method called Get So the method, called Get actually passes a full U R L to your PHP script.

  • And within that Earl are the variable names and the values for the variable names.

  • So before were where we were using a dollar sign underscore post In order to recover the value of variables.

  • Now we will use dollar sign, underscore, get to recover those values.

  • We will then turn of those values into PHP.

  • Variables wants their PHP variables Will didn't just simply plug it into an insert sequel statement within our PHP script, and then that will get imported into our my sequel database tables.

  • So it is important to understand, whenever you're dealing with it again, things like my sequel in PHP and all that type of thing that there are multiple different ways to be able to present data to your script so that your scripts are able to parse them.

  • And so using hyperlinks happens to be one of those ways.

  • So the warning warning for the day is simply that you have to look at the situation where you are going to be using the get method to determine if it is appropriate for what you are trying to.

  • D'oh.

  • So the nice thing about a get method versus a post method is, since you're passing of the variables and the values that sit through an actual U R L string, you can in fact bookmark that you are l string right?

  • So if you're gonna be interacting within my sequel database, let's say to get reports right, so Let's say you want to pull a report.

  • You wanna pull the report based off of certain criteria where something is blah, blah, blah, right?

  • Well, if you use a get method in order to pull the report when the nice parts is is you can actually just copy that fool, you are l You can book market, And then whenever you want that specific report, instead of having to go through a form or something else, you can simply click on the earl.

  • You can click on the bookmark it.

  • Whoa, it is there it is right in front of you.

  • And that could be a very valuable thing.

  • On the other hand, if you're going to be doing something like inserting data updating data within your my secret database tables and you're you something something like get get method that could be just an absolutely, utterly ridiculous security Cool, because again, basically sense.

  • You're passing variables and values simply through a you, Earl, you know, that's that's really easy to dork with like like there's bad security.

  • And then there is passing inserts through.

  • You are right.

  • That could be a big problem.

  • On the other hand, though, On the other hand again, a lot of people get really hypercritical.

  • Obama Security said.

  • I would never do that, but something to think about again.

  • The demonstration I'm going to show you today is a simple little voting app.

  • Basically, you can vote Yes, you can vote no where you can vote.

  • Both write something to think about is you may not want to put this kind of voting app into a production environment, right?

  • You don't want tens of thousands of users to be hammering a little voter app like I'm showing you today passing inserts using a hyperlink.

  • But on the other hand, to be thinking about is, you know, if you have a small group, let's say you have a little office group of like 20 people and you're trying to determine, you know, do you want to order sushi today?

  • Do you want to order pizza today, or does the person not care whether you order both?

  • You know this is the type of thing we're literally you can create three hyperlinks.

  • You can email.

  • You can email this basically to everybody in your group and everybody.

  • Your group.

  • You just go click, click, click click, click, click, click, click, click, click, and then you sent there any tally it up.

  • Okay, everybody's eating sushi.

  • So I do really want to reinforce this idea that when you think about security, right, security, to be clear is very important.

  • But you have to think about the situation right?

  • The security than is required when you're going to be putting something, you know, Internet facing for your customers, for your clients, for your users.

  • The security that's required there is entirely different than the security required.

  • If you're just trying to figure out again whether or not you're gonna be ordering sushi or pizza, and this is the type of like a little app literally.

  • I think I wrote this thing in like, four minutes, and that was with me, like coming up with the idea.

  • I came up with the idea I wrote the HTML code around PHP code.

  • I created the database table in four minutes, and that's with me having to pull this out of my butt.

  • So just imagine again, if you're used to doing this type of thing again, using something like these hyperlinks can just be a very easy way to be a insert values into a table.

  • And then again, you just do a little tally script, you know, figure out you know, which is more sushi, pizza or both, and go from there.

  • So that is that is the warning for today.

  • Think about the situation where you're going to be using to get method to get method is really nice.

  • Easy, fast, insecure Ximena again, depending on what you're doing can be utterly insecure as hell.

  • So here we are, back at my lab environment again.

  • I'm using a bunch of desktop 18.4 Lt s But again, anyone to desktop should be fine for you.

  • I'm running with this within a virtual machine within virtual box, and I happen to be using a Mac book pro in order to get the full lamp stack.

  • Lennox unpacking my sequel in PHP, I used a tool called Task Settle Ta s k s E l.

  • That allows you to very easily install the lamp stack.

  • I have not modified any of the default configurations.

  • I have not modified pH Pete and I and II or the V host nor anything else.

  • The only thing that I have done is I have created a PHP folder within the Apache Root Directory.

  • Just give me some place to dump all of my PHP scripts in one place, too, to keep it organized.

  • But no other.

  • No other modifications.

  • In order to create the scripts, I am using the simple G edit text editor that comes with a bun to desktop again.

  • This is similar to know pad and Windows or text edit within the Mac OS Basically again when I'm doing very simple code.

  • I like using a simple text editor just to show you you don't not need a fancy I d.

  • Your script editor or anything like that in order to create these small scripts.

  • That's just my preference.

  • If you want to use an I.

  • D.

  • You know how to use an I.

  • D.

  • E a.

  • Go for the first thing that we're going to d'oh is we're going to go and we're going to take a look at our my secret database again because we always want to understand the environment that we're dealing it.

  • So you go down the left hand corner and clip show applications that you go up type of terminal.

  • You hit Enter and we get to the command problem from here.

  • Of course.

  • You're my sequel.

  • Space hyphen.

  • You use her name of Bob Space.

  • I've peed.

  • Asked password, password.

  • A super secret of 123456 that we hit.

  • Enter.

  • And we under my sequel database From here, we'll do a show.

  • Data bases, Semi colon.

  • Make sure we know what databases are in this particular server on the database that we care about Is this class D B from here?

  • What we're gonna do is going to use class D d B if I spell it class D B.

  • So this will drop us into our class D V database from here.

  • We then do show tables to see what tables we're dealing with here again, remember, remember, computers do not guess what you mean.

  • You either put in there right syntax or it's wrong again, and little things like like for me, like So this is a table that will be dealing with today.

  • So it's the evoked table.

  • And again, things like naming conventions.

  • I'm just like one of those guys, like florals, florals.

  • So you'll notice.

  • Here we have the parts table we have the students table, we have the vendor's table and we have the votes table.

  • I'm a plural kind of guy, right?

  • Eso Whenever I create table, there's most likely going to be an s at the end of it.

  • That's that makes my life easier because I know there's always an s at the end of my tables.

  • Then I note always put an s one of promising unit with sin taxes.

  • Some people put a vote table and some put people create a student stable person, creates a part table and simply not knowing whether there's an S f e and communal pain in the butt.

  • Just come up with some naming committee.

  • I don't care what it is if you like florals, but s is you don't like quarrels.

  • Don't put asses.

  • I'd like my SS from here.

  • We want to describe the votes tables.

  • We know what the boats table looks like.

  • Semi Colin.

  • Of course.

  • So we take a look at this s we have a vote underscore i d.

  • This is an editor is the primary key and that the auto increments basically this gives us a boat idea number basically.

  • So again, every single record is unique.

  • 123456789 10 Then I have a feel for yes, that is an integer Then I have a feel for no, that is also an integer.

  • And then again, I have a time feel that I use is an integer for me, especially in trouble shooting processes.

  • And when I'm building things, I like putting a time field in because it just verifies to me that things are actually updating how they're supposed to like when you hit the refresh right when you hit the refresh.

  • If you don't have anything that's automatic, that's dynamically gonna update you're not really sure if you're refreshing or if you're getting a cash or what exactly is going on.

  • The nice thing with having the time field is at least gives you a time stamp to show you that time is ticking on that.

  • Yes, this is actually clicked over its iterated to the next iteration.

  • It is moving along that just kind of one of my things.

  • So anyway, this is what, uh, the table looks like.

  • And then now would you select oh from votes?

  • I don't think there should be anything in here way.

  • Take a look and we currently have an empathy set.

  • So this is what we're dealing with here.

  • Now let's go over and take a look at the A team out, so we have a vote dot again.

  • For this, it is dot html.

  • So this is an HTML Web page standard HTML Web page.

  • There's actually no PHP.

  • There's no real script in here at all on there.

  • Simply a refs there simply hyperlinks in here.

  • Eso in this, What we have is we open up the HTML tack for nature TML webpage.

  • We opened up the body tactic for the body of the victim On one page, we then just simply type in plain text, vote for something, something, anything.

  • Just vote right within two.

  • A break to go to the next line.

  • We do Then do another break just to give us a little gap between between the title and links and then down here we have three links now again, depending on how you do these hyperlinks, right?

  • Depending on where the Web server is, all of that, you do it.

  • I just plug in the full address here to make my life easier.

  • Make sure there's no errors.

  • So, of course, is http colon slash slash again.

  • 1270.0.

  • Not one.

  • Since this is on the the local machine, that is the loop back address.

  • Then we have the PHP folder.

  • And I said the PHP folder is then the root directory of the Apache.

  • Yes, you may place to dump all the scripts on.

  • And then what we have here is this is where we reference the PHP script that we're going to be sending our valley used to, and they will be recovered by the get method.

  • So there's a script called a P a p a p a link dot PHP from there.

  • What you do is you then put a question mark.

  • So the question mark in says next are the variables.

  • Next other variables on then.

  • Here we have variable name of yes, equals a value of one.

  • So yes is going to equal value of one.

  • Did you have a little?

  • And the symbol here we have and and then we have a variable.

  • No equals a value of zero.

  • Of course.

  • You close the double quotation marks Since this is a hyperlink.

  • So what it's gonna do is going to pass to PHP link dot PHP Eyes going to pass the variable yes, is going to equal one.

  • And the variable know is going to equal zero on then basically, in text is just going to say yes.

  • All right, then we come down.

  • I don't do any break.

  • It's all gonna be on the same line a graft, the exact same aircraft, the exact same script that we're dealing with before PH be linked.

  • PHP Question mark question Mark, variables come next.

  • The first variable is yes.

  • We're going to make that zero and no is going to equal woman.

  • And so this is going before no.

  • Then we're gonna go down again.

  • Same hyperlink.

  • Want my 7001 PHP folder?

  • PH be linked dot PHP is the script.

  • Then we're going to say here again, question mark and then yes, equals one and no equals one.

  • So this will be for both.

  • So basically, this will plug into both columns again If we go over Oh, when we take a look at our our thing here again, we've got yes, and we've got no So when we when we hit yes what'll happen is yes.

  • We'll get iterated for one.

  • No, we'll get zero if we do.

  • No, no, no.

  • We'll get one.

  • Yes, we'll get zero.

  • And if we do both, yes, we'll get input one and no input.

  • And so that's what we're looking at here.

  • Then we close the body and that would close the HTML again.

  • Since we're using to get method, this is not a form.

  • This is simply a hyperlink again.

  • If we go over, we take a look.

  • This is what this Web page is going to look like.

  • So when way do this again, vote for vote for something for something.

  • Break, break, break again.

  • That gives us another line, then yes, no or both.

  • And these again are simply hyperlinks.

  • Then from there, we're going to go and actually take a look at the p a.

  • P a link dot PHP script.

  • Um, this is all pretty simple.

  • That looks a lot like everything we've been dealing with before.

  • So we're gonna open up the pH be script like we normally d'oh on.

  • Then we're going to create the three of variables that will be required in order to insert into this particular table.

  • So we're going to do a dollar sign.

  • Vote Underscore.

  • Yes.

  • So this is the PHP variable for basically vote yes is going to equal.

  • And now it's going to be dollar sign.

  • Underscored gets and then you have the bracket Single quotation mark and then yes, right.

  • So basically, with With this rite is going to grab, it's going to grab the value for yes, we go back.

  • Um, and there are closed bracket.

  • Close everything else.

  • Vote underscore No equals Get again bracket.

  • And then the value for no if we go back basically is going to grab this value here.

  • So now, no matter what script which which hyperlink they click this value will then be dollar sign vote underscore.

  • Yes.

  • In this value here will then go to a dollar sign vote underscore no past that again, as I say, I like dealing with time again.

  • Just especially when you're doing troubleshooting when you're playing around Just having just a time dynamic Time variable.

  • I find it useful.

  • So dollar sign time equals and then this is simply the time function shows us.

  • I think it's the milliseconds since epic, so it's not going to give us a normal time.

  • It's not going to say like Monday, the 26th at 3 30 is just gonna give us a really long number.

  • But that's fine for me, then passed that we're going to go down and we're going to have the connections and everything that we're used to.

  • A server name equals local host because the local host user name is Bob again.