Question

You need to implement a web application that is split in three parts, namely, Webpage, PHP and Database. Each of them will be employed synergically to solve the simple problem described below. Your implementation should be able to resist all the most common security threats.

Webpage: This is the main page of your application. It would contain two sections, ADD and SEARCH: ADD section contains:

-A text box to input an Advisor name

-A text box to input a Student name

-A text box to input the Student ID code

-A text box to input the class code

-A button to allow the user to add the above specified data in the Database

SEARCH section contains: A search box (with corresponding button) that allows the user to query the database for Advisors name

PHP:

-Implement one or more PHP functions that read the inputs from the ADD section of the Webpage and prepare the corresponding query to add the record in the Database.

-Implement one or more PHP functions that read the input from the SEARCH section and prepare the corresponding query for the Database.

-Implement a function that, when a search is made in the SEARCH section, it shows in input the result of the query

Database: You need to create a database that contains at least a table to store the information in input to the webpage.

Answer 1

Database /* Male database "hello", and set user,password in php file*/

CREATE TABLE `data` (
`id` int(11) NOT NULL,
`aname` varchar(50) DEFAULT NULL,
`sname` varchar(50) DEFAULT NULL,
`cno` varchar(50) DEFAULT NULL,
`ccode` varchar(50) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

--
-- Indexes for dumped tables
--

--
-- Indexes for table `data`
--
ALTER TABLE `data`
ADD PRIMARY KEY (`id`);

--
-- AUTO_INCREMENT for dumped tables
--

--
-- AUTO_INCREMENT for table `data`
--
ALTER TABLE `data`
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=2;
COMMIT;

/* Now copy the below php file */

<?php
$servername = "localhost";
$username = "root";
$password = "";
$db="hello";
$conn = new mysqli($servername, $username, $password,$db);

if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
echo '<form class="form" method="POST">
           <input type="text" name="aname" placeholder="Advisor Name" required>
           <input type="text" placeholder="Student Name" name="sname" required>
           <input type="text" placeholder="Student Id code" name="cno" required>
           <input type="text" placeholder="Class code" name="ccode" required>
          
           <button type="submit" id="login-button" name="submit" value="submit">Add</button>
       </form>
       <br><br>
<form class="form" method="POST">
           <input type="text" name="search" placeholder="Search by Student name" required>
           <button type="submit" id="login-button" name="submit1" value="Search">Add</button>
       </form>';
if(isset($_POST['submit'])){
   $aname=mysqli_real_escape_string($conn,$_POST['aname']);
   $sname=mysqli_real_escape_string($conn,$_POST['sname']);
   $cno=mysqli_real_escape_string($conn,$_POST['cno']);
   $ccode=mysqli_real_escape_string($conn,$_POST['ccode']);
$o="INSERT INTO data(id,aname,sname,cno,ccode)values('','".$aname."','".$sname."','".$cno."','".$ccode."')";
$q=mysqli_query($conn,$o);
}
if(isset($_POST['submit1'])){
   $sname=mysqli_real_escape_string($conn,$_POST['search']);
   $r="SELECT * FROM data WHERE sname='".$sname."'";
   $q=mysqli_query($conn,$r);
   if(mysqli_num_rows($q)>0)
   {

       echo '<table border="1"><tr><th>Advisor Name</th><th>Student Name</th><th>Student ID</th><th>Class Code</th></tr>';
       while($t=mysqli_fetch_assoc($q)){
           echo '<tr><td>'.$t['aname'].'</td><td>'.$t['sname'].'</td><td>'.$t['cno'].'</td><td>'.$t['ccode'].'</td></tr>';
          
       }
       echo '</table>';
   }
   }
?>