In: Computer Science
You need to implement a web application that is split in three parts, namely, Webpage, PHP and Database. Each of them will be employed synergically to solve the simple problem described below. Your implementation should be able to resist all the most common security threats.
Webpage: This is the main page of your application. It would contain two sections, ADD and SEARCH: ADD section contains:
-A text box to input an Advisor name
-A text box to input a Student name
-A text box to input the Student ID code
-A text box to input the class code
-A button to allow the user to add the above specified data in the Database
SEARCH section contains: A search box (with corresponding button) that allows the user to query the database for Advisors name
PHP:
-Implement one or more PHP functions that read the inputs from the ADD section of the Webpage and prepare the corresponding query to add the record in the Database.
-Implement one or more PHP functions that read the input from the SEARCH section and prepare the corresponding query for the Database.
-Implement a function that, when a search is made in the SEARCH section, it shows in input the result of the query
Database: You need to create a database that contains at least a table to store the information in input to the webpage.
Database /* Male database "hello", and set user,password in php file*/
CREATE TABLE `data` (
`id` int(11) NOT NULL,
`aname` varchar(50) DEFAULT NULL,
`sname` varchar(50) DEFAULT NULL,
`cno` varchar(50) DEFAULT NULL,
`ccode` varchar(50) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--
-- Indexes for dumped tables
--
--
-- Indexes for table `data`
--
ALTER TABLE `data`
ADD PRIMARY KEY (`id`);
--
-- AUTO_INCREMENT for dumped tables
--
--
-- AUTO_INCREMENT for table `data`
--
ALTER TABLE `data`
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT,
AUTO_INCREMENT=2;
COMMIT;
/* Now copy the below php file */
<?php
$servername = "localhost";
$username = "root";
$password = "";
$db="hello";
$conn = new mysqli($servername, $username, $password,$db);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
echo '<form class="form" method="POST">
<input
type="text" name="aname" placeholder="Advisor Name"
required>
<input
type="text" placeholder="Student Name" name="sname"
required>
<input
type="text" placeholder="Student Id code" name="cno"
required>
<input
type="text" placeholder="Class code" name="ccode"
required>
<button
type="submit" id="login-button" name="submit"
value="submit">Add</button>
</form>
<br><br>
<form class="form" method="POST">
<input
type="text" name="search" placeholder="Search by Student name"
required>
<button
type="submit" id="login-button" name="submit1"
value="Search">Add</button>
</form>';
if(isset($_POST['submit'])){
$aname=mysqli_real_escape_string($conn,$_POST['aname']);
$sname=mysqli_real_escape_string($conn,$_POST['sname']);
$cno=mysqli_real_escape_string($conn,$_POST['cno']);
$ccode=mysqli_real_escape_string($conn,$_POST['ccode']);
$o="INSERT INTO
data(id,aname,sname,cno,ccode)values('','".$aname."','".$sname."','".$cno."','".$ccode."')";
$q=mysqli_query($conn,$o);
}
if(isset($_POST['submit1'])){
$sname=mysqli_real_escape_string($conn,$_POST['search']);
$r="SELECT * FROM data WHERE
sname='".$sname."'";
$q=mysqli_query($conn,$r);
if(mysqli_num_rows($q)>0)
{
echo '<table
border="1"><tr><th>Advisor
Name</th><th>Student Name</th><th>Student
ID</th><th>Class Code</th></tr>';
while($t=mysqli_fetch_assoc($q)){
echo
'<tr><td>'.$t['aname'].'</td><td>'.$t['sname'].'</td><td>'.$t['cno'].'</td><td>'.$t['ccode'].'</td></tr>';
}
echo '</table>';
}
}
?>