Quick PHP
Posted on October 2, 2021
Tags: javascript
1 Basic PHP SQL
1.1 simple
<?php
<!-- Some server operations happening -->
$ClientCannotSeeThis='AHHHHH';
header("Access-Control-Allow-Origin: *");
echo "<h1>Hi</h1>";
?>- PHP is server side language, meaning when you hit “somewebsite.com/testpage.php”, all you see is “Hi”
BUT you also initated some operation on the server-side.
- This is why you SHOULDNT click PHP links willy-nilly. It can log your information without a trace of you knowing. The client inspect element won’t show anything but the returned echo
1.2 SQL
- apache httpd server will load files from (htdocs or public_html or www) directory
- PDO is just a generic dbdriver that works on sql dbs
<?php
$sqlurl='sql101.XXXXXXX.com';
$port='3306';
$dbname='b17XXXXXXX_hello';
$cpanelusername='b17_XXXXXXX';
$cpanelpassword='root';
try
{
$conn = new PDO("mysql:host={$sqlurl};port={$port};dbname={$dbname}",$cpanelusername,$cpanelpassword);
}catch(Exception $ex){
die($ex->getMessage());
}
var_dump($conn);
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Account Active!</title>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.2.3/css/bootstrap.min.css" integrity="sha512-SbiR/eusphKoMVVXysTKG/7VseWii+Y3FdHrt0EpKgpToZeemhqHeZeLWLhJutz/2ut2Vw1uQEj2MbRF+TVBUA==" crossorigin="anonymous" referrerpolicy="no-referrer" />
<!-- Latest compiled and minified JavaScript -->
<script src="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.2.3/js/bootstrap.min.js" integrity="sha512-1/RvZTcCDEUjY/CypiMz+iqqtaoQfAITmNSJY17Myp4Ms5mdxPS5UV7iOfdZoxcGhzFbOm6sntTKJppjvuhg4g==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
</head>
<body>
<h1>DEMO PAGE</h1>
<form action="db.php" method="post">
<input type="submit">
</form>
<form action="routes.php" method="post">
<input type="submit">
</form>
</body>
</html>submit form should return object(PDO)#1 (0) { } indicated connection successful
2 Request Body and Route variable
How do you get request information or even route variables?
PHP uses predefined variables https://www.php.net/manual/en/reserved.variables.php
3 Example project
<?php
header("Access-Control-Allow-Origin: *");
$sqlurl='sql101.XXXXXx.com';
$port='3306';
$dbname='XXXXXXX';
$cpanelusername='XXXXXXXXXXX';
$cpanelpassword='XXXXXXXX';
function INSERT(&$conn,$mydbname,$myip,$qparam){
$myquery="INSERT INTO {$mydbname} (ip,qparam) VALUES ('{$myip}','{$qparam}');";
$conn -> exec($myquery);
}
function CREATETABLE(&$conn,$newdbname){
$myquery="CREATE TABLE IF NOT EXISTS {$newdbname}(
id INT NOT NULL ,
ip VARCHAR(20) NOT NULL ,
date TIMESTAMP(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6) ,
qparam TEXT NOT NULL ,
PRIMARY KEY (id));";
$conn -> exec($myquery);
}
function READTABLE(&$conn,$newdbname,$colname){
$sql = "SELECT {$colname} FROM {$newdbname};";
$result = $conn->query($sql);
$output = "";
foreach ($conn->query($sql) as $row) {
$output = $output . "<li> {$row["{$colname}"]} </li>" ;
}
$output = "<ul>" . $output . "</ul>";
return $output;
}
try
{
$conn = new PDO("mysql:host={$sqlurl};port={$port};dbname={$dbname}",$cpanelusername,$cpanelpassword);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$ip = isset($_SERVER['HTTP_CLIENT_IP'])
? $_SERVER['HTTP_CLIENT_IP']
: (isset($_SERVER['HTTP_X_FORWARDED_FOR'])
? $_SERVER['HTTP_X_FORWARDED_FOR']
: $_SERVER['REMOTE_ADDR']);
CREATETABLE($conn,"iplog");
INSERT($conn,"iplog",$ip,$_SERVER["QUERY_STRING"]);
}catch(Exception $ex){
die($ex->getMessage());
}
$newdoc = READTABLE($conn,"chatroom","text");
$mydoc= <<<END
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<h1>Stuff</h1><img src=''>
<form action="chatroom.php" method="post">
<input type="text" name="sometext" id="sometext">
<input type="submit" value="share">
</form>
<div>
$newdoc
</div>
</html>
END;
echo $mydoc;
// var_dump($pdo);
?><?php
$sqlurl='sql101.XXXXX.com';
$port='3306';
$dbname='XXXXXXXXXXXXXXX';
$cpanelusername='XXXXX';
$cpanelpassword='XXXXX';
function INSERT(&$conn,$mydbname,$myip,$text){
$myquery="INSERT INTO {$mydbname} (ip,text) VALUES ('{$myip}','{$text}');";
$conn -> exec($myquery);
}
function CREATETABLE(&$conn,$newdbname){
$myquery="CREATE TABLE IF NOT EXISTS {$newdbname}(
id INT NOT NULL AUTO_INCREMENT,
ip VARCHAR(20) NOT NULL ,
date TIMESTAMP(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6) ,
text TEXT NOT NULL ,
PRIMARY KEY (id));";
$conn -> exec($myquery);
}
function READTABLE(&$conn,$newdbname,$colname){
$sql = "SELECT {$colname} FROM {$newdbname};";
$result = $conn->query($sql);
$output = "";
foreach ($conn->query($sql) as $row) {
$output = $output . "<li> {$row["{$colname}"]} </li>" ;
}
$output = "<ul>" . $output . "</ul>";
return $output;
}
try
{
$conn = new PDO("mysql:host={$sqlurl};port={$port};dbname={$dbname}",$cpanelusername,$cpanelpassword);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$ip = isset($_SERVER['HTTP_CLIENT_IP'])
? $_SERVER['HTTP_CLIENT_IP']
: (isset($_SERVER['HTTP_X_FORWARDED_FOR'])
? $_SERVER['HTTP_X_FORWARDED_FOR']
: $_SERVER['REMOTE_ADDR']);
CREATETABLE($conn,"chatroom");
INSERT($conn,"chatroom",$ip,$_POST["sometext"]);
}catch(Exception $ex){
die($ex->getMessage());
}
// // for debugging uncomment below
// $newdoc = READTABLE($conn,"chatroom","text");
$mydoc= <<<END
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<script>
window.location.replace('/index.php');
</script>
<html>
<h2>redirecting</h2>
</html>
END;
echo $mydoc;
?>
