PHP 基礎教學
許桔
建置環境
匯入資料
基礎語法
<html>
<head>
<title>測試文件</title>
<link href="..." rel="stylesheet" >
<script src="..."></script>
</head>
<body>
<p>HTML呈現資料</p>
<p><?php echo "PHP呈現資料"; ?></p>
</body>
</html>PHP 基礎語法
<?php
//直接指定變數的型態
$i = 0;
$str = "單引號和雙引號有差!";
/*
檢視一下變數呈現的方式
*/
?>
<p><?php echo $i; ?></p>
<p><?php echo $str; ?></p>
<p><?php echo '$str'; ?></p>
<p><?php echo "$str"; ?></p>PHP的所有變數都是以$符號開始的
PHP 基礎語法
<?php
$bookname = "PHP入門教學書籍";
$price = 350;
?>
<table border="1">
<tr>
<td> <?php echo "書名"; ?> </td>
<td> <?php echo "價格"; ?> </td>
</tr>
<tr>
<td> <?php echo $bookname; ?> </td>
<td> <?php echo $price; ?> </td>
</tr>
</table>把PHP輸出和HTML輸出區隔開來
PHP 基礎語法
<?php
$bookname = "PHP入門教學書籍";
$price = 350;
echo "<table border='1'><tr><td>";
echo "書名";
echo "</td>";
echo "<td>";
echo "價格";
echo "</td></tr>";
echo "<tr><td>";
echo $bookname;
echo "</td>";
echo "<td>";
echo $price;
echo "</td></tr></table>";
?>PHP 基礎語法
<?php
$bookname="書名";
$value="PHP網頁程式設計入門";
echo $bookname.":".$value;
?>PHP字串的連結,使用.來連接
PHP 基礎語法
<?php
$i=1;
$i++;
echo $i."<br />";
$i = $i+10;
echo $i;
?>PHP的運算子和C一樣
主要注意變數前面要加$就好
PHP 基礎語法
<?php
$i = 10;
if($i<10) {
echo "第一個條件".$i."<10成立";
}
//else if 和 elseif 之間是相同的,但使用上還是建議使用elseif
elseif($i>10) {
echo "第二個條件".$i.">10成立";
}
else {
echo "最後一個條件".$i."=10成立";
}
?>判斷式的邏輯的變化也不大
<?php
$name = array("許桔","怡如","姿伸","敬嘉","佳妤","群仁");
echo "大帥哥".$name[0];
?>陣列
PHP 基礎語法
<b>五人小組</b>
<br /><br />
<b>(For迴圈抓):</b>
<?php
for($i=1; $i<6; $i++) {
echo $name[$i]." ";
}
?>
<br /><br />
<b>(While迴圈):</b>
<?php
$i=1;
while($i<6) {
echo $name[$i]." ";
$i++;
}
?>迴圈(延伸陣列抓取)
PHP 基礎語法
<b>Foreach迴圈抓陣列:</b><br /><br />
<?php
$name = array("許桔","怡如","姿伸","敬嘉","佳妤","群仁");
foreach($name as $num) {
echo $num." <br />";
}
?>
<br />
<?php
foreach($name as $num => $value) {
echo "筆數:".$num.",";
echo "值:".$value."<br />";
}
?>Foreach 迴圈
PHP 基礎語法
<?php
function Callinfo() {
echo "我叫許桔";
}
echo "Hello~";
echo Callinfo();
?>函數
PHP 基礎語法
<?php
function Callinfo($call) {
echo $call.",大家好<br />";
}
echo "Hello~<br />";
echo Callinfo("我叫許桔");
echo Callinfo("我叫怡如");
?>函數-帶參數
PHP 基礎語法
<?php
function sum($x,$y){
$total=$x+$y;
return $total;
}
echo "10 + 20 = ".sum(10,20);
?>函數-帶參數+回傳值
PHP 基礎語法
<?php
include 'yoursite.php';
require 'yoursite.php';
?>引入
透過PHP來跟資料庫溝通
- Connection
- Query
- Insert Into
- Update
- Delete
Connection - 建立PDO連線 db_connection.php
<?php
$config_set['db_connection']['dsn'] = 'mysql:dbname=school;host=127.0.0.1;charset=utf8';
$config_set['db_connection']['user_name'] = 'root';
$config_set['db_connection']['password'] = '';
$dbh = new PDO (
$config_set['db_connection']['dsn'],
$config_set['db_connection']['user_name'],
$config_set['db_connection']['password'],
array (
PDO::ATTR_EMULATE_PREPARES => false,
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
)
);
?>
<?php
//要與資料庫連線,均需使用該以下方式來引入
require('db_connection.php');
?>Try Catch - db_connection.php
<?php
function error_login($log){
echo 'Log:'.$log.'<br />';
}
try{
...
}
catch(PDOException $error){
echo "Something Error!!<br />";
error_login($error->getMessage());
}
?>QUERY
- 透過PHP使用字串方式傳遞SQL語法至資料庫
- 資料庫回傳接收之SQL
<?php
require("db_connection.php");
$sql = $dbh->query("SELECT * FROM student");
foreach($sql as $row) {
echo $row['no'].", ".$row['educational_system'].", ".$row['department'].
", ".$row['class'].", ".$row['num'].", ".$row['name']."<br />";
}
?>
INSERT INTO
<?php
//也可以使用別頁面傳來的資料
$educational_system = $_POST['educational_system'];
$insert = $dbh->prepare("INSERT INTO
`student` (`educational_system`, `department`, `class`, `num`, `name`)
VALUES (:educational_system, :department, :class, :num, :name)
");
$insert->execute(
array(
':educational_system' => $educational_system,
':department' => '資管系',
':class' => '資五甲',
':num' => '12345678',
':name' => '王大明'
)
);
?>UPDATE
<?php
require("db_connection.php");
$educational_system = "test";
$num = "s1803B102";
$update = $dbh->prepare("UPDATE `student`
SET `educational_system` = :educational_system
WHERE `num` = :num
");
$update->execute(
array(
':educational_system' => $educational_system,
':num' => $num
)
);
?>DELETE
<?php
require("db_connection.php");
$educational_system = '四技1'
$delete = $dbh->prepare("DELETE FROM `student`
WHERE `educational_system` = :educational_system
");
$delete->execute(
array(
':educational_system' => $educational_system
)
);
?>建置基礎的後台系統
檔案
會員權限機制
Session
- 存在Server端
- 客戶端看不到
- 由Server控制
Cookie
- 存在客戶端
- 可以直接看見
- 可以偽造
但是Session的使用時機和用法錯誤,還是一樣會有危險
Session
- 記錄較敏感的資料,不能給使用者觀看的
- 例如:登入資訊、驗證碼的答案、流程控管
Cookie
- 不敏感、涉及到安全性的資料
- 例如:佈景主題...等
- 適時的使用Cookie來減少伺服器負擔
使用時機
補充
開 始 製 作
完成之範例檔
建置登入頁 - login.php
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>登入</title>
</head>
<body>
<form method="post" action="login_session.php">
帳號:<input name="id" type="text" placeholder="" />
<br /> <br />
密碼:<input name="psw" type="password" placeholder="" />
<br /> <br />
<button>登入</button>
<a href="register.php">註冊</a>
</form>
</body>
</html>建置檢查帳號頁 - login_session.php
<?php
require('db_connection.php');
$id = $_POST['id'];
$psw = $_POST['psw'];
$sql = $dbh->prepare("SELECT * FROM `member` WHERE `sid` = :sid");
$sql->execute(array(':sid' => $id));
//檢查帳號是否存在
if($sql->rowCount() == 1) {
$user = $sql->fetch();
password_verify($psw, $user['psw']);
$_SESSION['user'] = $user['sid'];
if($user['iden'] == 1) {
$_SESSION['permissions'] = 1;
echo "<script>alert('登入成功!');</script>";
header("refresh:0; url=student.php");
}
else {
echo "<script>alert('登入成功!');</script>";
header("refresh:0; url=teacher.php");
}
}
else {
echo "<script>alert('登入失敗!');</script>";
header("refresh:0; url=login.php");
}
?>整理檢查帳號頁1 - login_session.php
<?php
require('db_connection.php');
function login($dbh, $id, $psw) {
$sql = $dbh->prepare("SELECT * FROM `member` WHERE `sid` = :sid");
$sql->execute(array(':sid' => $id));
//查詢帳號是否存在
if($sql->rowCount() == 1) {
$user = $sql->fetch();
password_verify($psw, $user['psw']);
$_SESSION['user'] = $user['sid'];
if($user['iden'] == 1) {
$_SESSION['permissions'] = 1;
return 1;
}
else {
$_SESSION['permissions'] = 0;
return 2;
}
}
else {
return 0;
}
}
...整理檢查帳號頁2 - login_session.php
...
$id = $_POST['id'];
$psw = $_POST['psw'];
//判斷權限而導入不同頁面
switch (login($dbh, $id, $psw)) {
case '1':
echo "<script>alert('登入成功!');</script>";
header("refresh:0; url=student.php");
break;
case '2':
echo "<script>alert('登入成功!');</script>";
header("refresh:0; url=teacher.php");
break;
case '0':
echo "<script>alert('帳號或密碼錯誤!');</script>";
header("refresh:0; url=login.php");
break;
default:
echo "<script>alert('登入失敗!');</script>";
header("refresh:0; url=login.php");
break;
}
?>建置登出頁面 - logout.php
<?php
session_start();
unset($_SESSION['s_id']);
unset($_SESSION['permissions']);
header("refresh:0; url=index.php");
?>
<scrpit>
alert('登入資訊錯誤,請重新登入!');
</script><?php
session_start();
unset($_SESSION['s_id']);
unset($_SESSION['permissions']);
header("refresh:0; url=index.php");
?>建置錯誤頁面 - error.php
建置學生觀看頁 - student.php ( 原index.php )
//在 <body> 後撰寫判斷SESSION
<?php
if(@isset($_SESSION['user'])) {
echo "<b>Hi " . $_SESSION['user'] .
", <a href='logout.php'>登出</a></b><br /><br />";
$session_user = $_SESSION['user'];
?>
//更改讀取的SQL
$sql = $dbh->query("SELECT * FROM `member`, `student`
WHERE `sid` = `num` AND `sid` = '$session_user'
");
//拿掉刪除的欄位,以及 更改修改的欄位
<form method="post" action="update.php">
<input type="text" name="edit" value="<?php echo $row['num'] ?>" hidden="hidden" />
<button>修改</button>
</form>
//在 </body> 前引入登入錯誤資訊
<?php
}
else {
require('error.php');
}
?>//在 <body> 後撰寫判斷SESSION
<?php
if(@isset($_SESSION['user']) and @$_SESSION['permissions'] == 0) {
echo "<b>Hi " . $_SESSION['user'] .
", <a href='logout.php'>登出</a></b><br /><br />";
$session_user = $_SESSION['user'];
?>
//更改修改的欄位
<form method="post" action="update.php">
<input type="text" name="edit" value="<?php echo $row['num'] ?>" hidden="hidden" />
<button>修改</button>
</form>
//在 </body> 前引入登入錯誤資訊
<?php
}
else {
require('error.php');
}
?>建置學生觀看頁 - teacher.php ( 原index.php )
建置註冊頁 - register.php
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>註冊</title>
</head>
<body>
<form method="post" action="register_session.php">
學號:<input name="id" type="text" placeholder="" />
<br /> <br />
<!--重複輸入密碼的驗證這邊就不做了-->
密碼:<input name="psw" type="password" placeholder="" />
<br /> <br />
學制:<input name="es" type="text" placeholder="" />
<br /> <br />
科系:<input name="dep" type="text" placeholder="" />
<br /> <br />
班級:<input name="cls" type="text" placeholder="" />
<br /> <br />
姓名:<input name="name" type="text" placeholder="" />
<br /> <br />
<button>註冊</button>
</form>
</body>
</html>(原insert.php)
<?php
require('db_connection.php');
$id = $_POST['id'];
//用sha256的方式進行密碼加密
$psw = password_hash($_POST['psw'], PASSWORD_DEFAULT);
$educational_system = $_POST['es'];
$department = $_POST['dep'];
$class = $_POST['cls'];
$name = $_POST['name'];
$sql = $dbh->prepare("SELECT * FROM `member` WHERE `sid` = :sid");
$sql->execute(array(':sid' => $id));
//如果帳號沒有人註冊才可以註冊
if($sql->rowCount() != 1) {
...
}
else {
echo "<script>alert('註冊失敗,該帳號已有人註冊');</script>";
header('refresh:0;url=register.php');
}
?>建置註冊處理 register_session.php
(原insert_fin.php)
//...內,代表帳號沒有存在,因此可以進行新增之動作
$insert = $dbh->prepare("INSERT INTO
`member` (`sid`, `psw` ,`iden`)
VALUES (:sid, :psw, :iden)
");
$insert->execute(array(':sid' => $id, ':psw' => $psw, ':iden' => '1'));
$insert = $dbh->prepare("INSERT INTO
`student` (`educational_system`, `department` ,`class`, `num`, `name`)
VALUES (:educational_system, :department, :class, :num, :name)
");
$insert->execute(
array
(
':educational_system' => $educational_system,
':department' => $department,
':class' => $class,
':num' => $id,
':name' => $name,
)
);建置註冊處理2 register_session.php
<?php
require('db_connection.php');
function check($dbh, $id) {
$sql = $dbh->prepare("SELECT * FROM `member` WHERE `sid` = :sid");
$sql->execute(array(':sid' => $id));
//查詢帳號是否存在
if($sql->rowCount() != 1) {
return 1;
}
else {
return 0;
}
}
$id = $_POST['id'];
$psw = password_hash($_POST['psw'], PASSWORD_DEFAULT);
$educational_system = $_POST['es'];
$department = $_POST['dep'];
$class = $_POST['cls'];
$name = $_POST['name'];
check($dbh, $id);
...整理註冊處理1 - register_session.php
function insert($status, $dbh, $id, $psw, $educational_system, $department, $class, $name) {
if($status == 1) {
$insert = $dbh->prepare("INSERT INTO
`member` (`sid`, `psw` ,`iden`)
VALUES (:sid, :psw, :iden)
");
$insert->execute(array(':sid' => $id, ':psw' => $psw, ':iden' => '1'));
$insert = $dbh->prepare("INSERT INTO
`student` (`educational_system`, `department` ,`class`, `num`, `name`)
VALUES (:educational_system, :department, :class, :num, :name)
");
$insert->execute(
array(
':educational_system' => $educational_system,
':department' => $department,
':class' => $class,
':num' => $id,
':name' => $name,
));
return 1;
}
else {
return 0;
}
}
$status = check($dbh, $id);
$register_status = insert($status, $dbh, $id, $psw, $educational_system, $department, $class, $name);
...整理註冊處理2 - register_session.php
if($register_status == 1) {
echo "<script>alert('註冊成功');</script>";
header('refresh:0;url=login.php');
}
else {
echo "<script>alert('註冊失敗,該帳號已有人註冊');</script>";
header('refresh:0;url=register.php');
}
?>整理註冊處理3 - register_session.php
更改修改頁 - update.php
//sutdent.php 和 teacher.php,兩個頁面共用
//移除GET傳值update的方法、移除no的
//在 <body> 下,新增判斷SESSION存在與否
<?php if(@isset($_SESSION['user'])) { ?>
//更改 讀取資料的方式
<?php
$num = $_POST['edit'];
$sql = $dbh->query("SELECT * FROM student WHERE num = '$num' ");
?>
//在 </body> 前,引入登入錯誤
<?php
}
else {
require('error.php');
}
?><?php
require("db_connection.php");
$session_users = $_SESSION['user'];
$educational_system = $_POST['es'];
$department = $_POST['dep'];
$class = $_POST['cls'];
$num = $_POST['num'];
$name = $_POST['name'];
...更改修改處理1 - update_fin.php
...
$update = $dbh->prepare("UPDATE `student`
SET `educational_system` = :educational_system,
`department` = :department,
`class` = :class,
`name` = :name
WHERE `num` = :session_users
");
$update->execute(
array(
':educational_system' => $educational_system,
':department' => $department,
':class' => $class,
':name' => $name,
':session_users' => $num
)
);
if(@$_SESSION['permissions']==0) {
header('refresh:0;url = teacher.php');
}
else {
header('refresh:0;url = student.php');
}
?>更改修改處理2 - update_fin.php
更改刪除頁 - delete_fin.php
<?php
require('db_connection.php');
if(@isset($_SESSION['user']) and @$_SESSION['permissions'] == 0) {
//改用學號(帳號)驗證
$num = $_GET['del'];
$delete = $dbh->prepare("DELETE FROM `student` WHERE num = :num");
$delete->execute(array(':num' => $num));
$delete = $dbh->prepare("DELETE FROM `member` WHERE sid = :sid");
$delete->execute(array(':sid' => $num));
header('refresh:0;url = teacher.php');
}
else{
require('error.php');
}
?>PHP
By nicky30102
