zyphlar/class.php

## class.php
<?php
// Public variables -- CONFIGURE ME
$dbname = "exampledb";
$dbuser = "exampleuser";
$dbpass = "examplepassword";

// Connect to MySQL using PDO
try {
  $dbh = new PDO('mysql:host=localhost;dbname='.$dbname, $dbuser, $dbpass);
}
catch(Exception $e){
  // If there are issues we'll output an error message. Warning, this can be a security risk!
  die("Couldn't connect to the database. <pre>".$e."</pre>");
}

// only do processing if the form's been submitted
if(isset($_POST['submitbutton'])) {

  // Sanitize inputs
  $name = filter_var($_POST['name'], FILTER_SANITIZE_STRING);
  $age = filter_var($_POST['age'], FILTER_SANITIZE_NUMBER_INT);

  // Calculate birth year
  $birthyear = date('Y') - $age;

  // Prepare a statement to insert the sanitized inputs (important that they are sanitized!)
  $stmt = $dbh->prepare("INSERT INTO birthyears (name, birthyear) VALUES (?, ?)");
  // Run the statement in MySQL (grabbing the sanitized inputs above)
  if($stmt->execute(array($name, $birthyear)) == 1) {
    $message = "Created new Birthyear successfully.";
  }
  else {
    $message = "Error creating new Birthyear.";
  }
}

// Prepare a query to get all the birthyear data
$stmt = $dbh->query('SELECT * FROM birthyears');
// Execute it and store all the results in $results for use later
$resultrows = $stmt->fetchAll(PDO::FETCH_ASSOC);

// Close the MySQL connection
$dbh = null;

?><html>
<head>
  <style type="text/css">
    body { font-family: Arial, Helvetica, sans-serif; }
    p.message { color: green; }
    table { border-collapse: collapse; }
    table, td,th { border: 1px solid black; padding: 0.25em; }
  </style>
</head>
<body>
<?php
  // Time to display the data.
  // First, output any messages. We can include simple variables inside quoted strings for brevity.
  echo "<p class='message'>$message</p>";

  // We're going to show all the birthyear data (if there is any) and ALSO the form to add more.
  // Your choice, but it's good to keep the processing separate from the displaying.

  // We'll start by preparing an HTML table for our data to show up in.
  // The \r\n is a newline, so that we don't end up with all our HTML on the same line.
  echo "<h2>Birthyears</h2>\r\n";
  echo "<table>\r\n";
  echo "<tr><th>Name</th><th>Birth Year</th></tr>\r\n";

  // ForEach is a nice function that takes an array like $resultrows and goes thru it one-by-one, giving us
  // the $row variable to work with. It's like for() except without all the math.
  foreach($resultrows as $row) {
    echo "<tr><td>".$row['name']."</td><td>".$row['birthyear']."</td></tr>\r\n";
  }
  echo "</table>\r\n";
?>
  <hr />
  <h3>Add a new Birthyear</h3>
  <!-- The action is set by PHP code that returns the current file path (PHP_SELF) and
       filters it with the htmlentities command for security. -->
  <form method="post" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>">
  <input type="text" name="name" id="name" value="Your Name" />
  <input type="text" name="age" id="age" value="Your Age" />
  <input type="submit" name="submitbutton" id="submitbutton" value="Go!" />
  </form>
</body>
</html>

## install.php
<?php
// Public variables -- CONFIGURE ME
$dbname = "exampledb";
$dbuser = "exampleuser";
$dbpass = "examplepassword";

// Connect to MySQL using PDO
try {
  $dbh = new PDO('mysql:host=localhost;dbname='.$dbname, $dbuser, $dbpass);
}
catch(Exception $e){
  // If there are issues we'll output an error message. Warning, this can be a security risk!
  die("Couldn't connect to the database. <pre>".$e."</pre>");
}

// Create tables and insert first bit of data
$stmt = $dbh->prepare("CREATE TABLE birthyears (id INT, name VARCHAR(99), birthyear INT)");
if($stmt->execute() == 1){

  $stmt = $dbh->prepare("INSERT INTO birthyears (name, birthyear) VALUES (?, ?)");
  if($stmt->execute(array("John Doe", "1984")) == 1) {
    echo "Install successful!";
  }
  else {
    echo "Couldn't insert into the table.";
  }
}
else {
  echo "Couldn't create the table.";
}
	<?php
	// Public variables -- CONFIGURE ME
	$dbname = "exampledb";
	$dbuser = "exampleuser";
	$dbpass = "examplepassword";

	// Connect to MySQL using PDO
	try {
	$dbh = new PDO('mysql:host=localhost;dbname='.$dbname, $dbuser, $dbpass);
	}
	catch(Exception $e){
	// If there are issues we'll output an error message. Warning, this can be a security risk!
	die("Couldn't connect to the database. <pre>".$e."</pre>");
	}

	// only do processing if the form's been submitted
	if(isset($_POST['submitbutton'])) {

	// Sanitize inputs
	$name = filter_var($_POST['name'], FILTER_SANITIZE_STRING);
	$age = filter_var($_POST['age'], FILTER_SANITIZE_NUMBER_INT);

	// Calculate birth year
	$birthyear = date('Y') - $age;

	// Prepare a statement to insert the sanitized inputs (important that they are sanitized!)
	$stmt = $dbh->prepare("INSERT INTO birthyears (name, birthyear) VALUES (?, ?)");
	// Run the statement in MySQL (grabbing the sanitized inputs above)
	if($stmt->execute(array($name, $birthyear)) == 1) {
	$message = "Created new Birthyear successfully.";
	}
	else {
	$message = "Error creating new Birthyear.";
	}
	}

	// Prepare a query to get all the birthyear data
	$stmt = $dbh->query('SELECT * FROM birthyears');
	// Execute it and store all the results in $results for use later
	$resultrows = $stmt->fetchAll(PDO::FETCH_ASSOC);

	// Close the MySQL connection
	$dbh = null;

	?><html>
	<head>
	<style type="text/css">
	body { font-family: Arial, Helvetica, sans-serif; }
	p.message { color: green; }
	table { border-collapse: collapse; }
	table, td,th { border: 1px solid black; padding: 0.25em; }
	</style>
	</head>
	<body>
	<?php
	// Time to display the data.
	// First, output any messages. We can include simple variables inside quoted strings for brevity.
	echo "<p class='message'>$message</p>";

	// We're going to show all the birthyear data (if there is any) and ALSO the form to add more.
	// Your choice, but it's good to keep the processing separate from the displaying.

	// We'll start by preparing an HTML table for our data to show up in.
	// The \r\n is a newline, so that we don't end up with all our HTML on the same line.
	echo "<h2>Birthyears</h2>\r\n";
	echo "<table>\r\n";
	echo "<tr><th>Name</th><th>Birth Year</th></tr>\r\n";

	// ForEach is a nice function that takes an array like $resultrows and goes thru it one-by-one, giving us
	// the $row variable to work with. It's like for() except without all the math.
	foreach($resultrows as $row) {
	echo "<tr><td>".$row['name']."</td><td>".$row['birthyear']."</td></tr>\r\n";
	}
	echo "</table>\r\n";
	?>
	<hr />
	<h3>Add a new Birthyear</h3>
	<!-- The action is set by PHP code that returns the current file path (PHP_SELF) and
	filters it with the htmlentities command for security. -->
	<form method="post" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>">
	<input type="text" name="name" id="name" value="Your Name" />
	<input type="text" name="age" id="age" value="Your Age" />
	<input type="submit" name="submitbutton" id="submitbutton" value="Go!" />
	</form>
	</body>
	</html>